2017-09-19  Werner Koch  <wk@gnupg.org>

	Release 2.2.1.
	+ commit 355ca9e9498740fb6294eec451507b4891ae01ec


2017-09-18  Werner Koch  <wk@gnupg.org>

	dirmngr: Use system certs if --hkp-cacert is not used.
	+ commit df692a6167be5486f9a29da003a00292fd895176
	* dirmngr/certcache.c (any_cert_of_class): New var.
	(put_cert): Set it.
	(cert_cache_deinit): Clear it.
	(cert_cache_any_in_class): New func.
	* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Add hack to
	override empty list of HKP certs.

	wks: Create a new user id if provider wants mailbox-only.
	+ commit 50c8b6c88f5d9f4b6c4e9c03aee31fe29afa94b8
	* tools/gpg-wks-client.c (get_key): Add arg 'exact'.
	(add_user_id): New.
	(command_send): Create new user id.

	wks: Send only the newest UID to the server.
	+ commit 7f7f5d06fa5aa3a3c5ab8d2e59ee76207bfdeaa0
	* tools/wks-util.c (list_key_status_cb): Rename to key_status_cb.
	(wks_filter_uid): New.
	(wks_list_key): Allow FPR to be NULL.  Return an error if no
	fingerprint was found.
	* tools/gpg-wks-server.c (process_new_key)
	(check_and_publish): Remove now useless extra check for FPR.
	* tools/gpg-wks-client.c (command_check): Ditto.
	(command_send): Filter out the newest uid.

	wks: Print the UID creation time with gpg-wks-client --check.
	+ commit a0035986a8615df056182bb9af775b8b7b22003d
	* tools/gpg-wks.h (uidinfo_list_s): Add field 'created'.
	* tools/wks-util.c (append_to_uidinfo_list): Add arf 'created'.
	(wks_list_key): Pass timestamp to append_to_uidinfo_list.
	* tools/gpg-wks-client.c (command_check): Print UID creation time.

	wks: Use dedicated type to convey user ids.
	+ commit 4e0696de897cac6a34d55a69d8889faf26f1a923
	* tools/gpg-wks.h (uidinfo_list_s, uidinfo_list_t): New.
	* tools/wks-util.c (append_to_uidinfo_list): New.
	(free_uidinfo_list): New.
	(wks_list_key): Change arg r_mboxes to uidinfo_list_t.  Use
	append_to_uidinfo_list.
	* tools/gpg-wks-server.c (sserver_ctx_s): Replace strlist_t by
	uidinfo_list_t.
	(process_new_key): Ditto.
	(check_and_publish): Ditto.
	(command_receive_cb): Replace free_strlist by free_uidinfo_list.
	* tools/gpg-wks-client.c (command_check): Replace strlist_t by
	uidinfo_list_t.  Also print user id in verbose mode.

2017-09-13  Werner Koch  <wk@gnupg.org>

	gpgv: Initialize compliance checker.
	+ commit 006ca124ed95845d43af8c14d7ab2bc085b47b4c
	* g10/gpgv.c (main): Call gnupg_initialize_compliance.

2017-09-12  Werner Koch  <wk@gnupg.org>

	wks: Add hack for the broken posteo system.
	+ commit a821b4f5567d02c3329c2b94a73dcbe12e6699a2
	* tools/gpg-wks-client.c (command_send): Additional hack for posteo.
	Check the protocol-version flag.

	wks: Add new policy flag protocol-version.
	+ commit 332c9eaa2a3c7cae90b389cdaa2c149c5595fb4d
	* tools/gpg-wks.h (policy_flags_s): Add field protocol_version.
	* tools/wks-util.c (wks_parse_policy): Add new policy flag.

	gpg: Fix "Fix key generation with only an email part".
	+ commit 8b5a2474f21dd4f1aa2a283e2f57d75e42742af5
	* g10/keygen.c (proc_parameter_file): Don't check the result of
	stpcpy.

	wks: Use unencrypted draft-1 mode for posteo.de.
	+ commit c65a7bba7331975d20910f90cf648b6ecc5410f0
	* tools/gpg-wks-client.c (command_send): Allow sending in draft-1
	mode.

	tools: New function mime_maker_add_body_data.
	+ commit 7d15ee88980f88ca62fc7de9492dd08e54d0f0f1
	* tools/mime-maker.c (mime_maker_add_body_data): New.

2017-09-11  NIIBE Yutaka  <gniibe@fsij.org>

	tests: Fix a test which specifies expiration date.
	+ commit a172759b5088ae086c0caa2e7d4d0ea346b28a90
	* tests/openpgp/quick-key-manipulation.scm: Fix expiration time
	comparison.

	scd: Fix for large ECC keys.
	+ commit 827abe01a72a50eab1cdcde78985b42a4a8480fb
	* scd/app-openpgp.c (do_decipher): Support larger length.

2017-09-11  Werner Koch  <wk@gnupg.org>

	gpg: Fix key generation with only an email part.
	+ commit 7089dcc54099a4909ce7d386c07ab87e1398e2eb
	* g10/keygen.c (proc_parameter_file): Special case the email only
	case.

2017-08-28  Werner Koch  <wk@gnupg.org>

	Release 2.2.0.
	+ commit 9d80fb8e000189e61c173c39f1e1ca417566a7fc


2017-08-27  Werner Koch  <wk@gnupg.org>
	    Arnaud Fontaine  <arnaud.fontaine@ssi.gouv.fr>

	scd: Convey the correct length for Le.
	+ commit 45d5f5800afe6613f338a26f361cb5e03e861129
	* scd/app-openpgp.c (determine_rsa_response): Round bits up.

2017-08-24  Werner Koch  <wk@gnupg.org>

	gpg: Fix memory leak while running --check-trustdb.
	+ commit 13821e15fb9bdddfce79d88731c0f151724b2371
	* g10/trustdb.c (update_min_ownertrust): Free PK.

	gpg: Fix memory leak in sig-check.
	+ commit b065a696344eac3007dbd5642143ecaaeebab43a
	* g10/sig-check.c (check_signature_over_key_or_uid): Remove useless
	condition.  Actually free when SIGNER was allocated by us.

	build: Remove obsolete option from autogen.rc.
	+ commit 02a5df614a369519ad7781f95dc977e24a0d4277
	* autogen.rc: Remove --enable-gpg2-is-gpg.

2017-08-23  Werner Koch  <wk@gnupg.org>

	gpgconf: Swap "auto-key-retrieve" and "no-auto-key-retrieve".
	+ commit 565e486b8028f9e3cc51ebc5202666b598042175
	* g10/gpg.c (gpgconf_list): Announce "auto-key-retrieve".
	(main): Simplify setting of KEYSERVER_AUTO_KEY_RETRIEVE.
	* tools/gpgconf-comp.c: Make "no-auto-key-retrieve" invisible.  Make
	"auto-key-retrieve" an expert option.

	tests: Do not run trust-pgp-4.scm.
	+ commit b917cb66b79597520788cd9264889942247a3377
	* tests/openpgp/Makefile.am (XTESTS): Remove test.
	(EXTRA_DIST): Add test file.

	build: Change SWDB tag "gnupg21" to "gnupg22".
	+ commit 008ae0bd868cb49ad4d67fc8c71707cd2a162137
	* configure.ac (GNUPG_SWDB_TAG): New ac_define.  Set it to "gnupg22".
	* tools/gpgconf.c (query_swdb): Use it.
	* build-aux/speedo.mk: Change tag "gnupg21" to "gnupg22".
	* Makefile.am (distcheck-hook): Ditto.

2017-08-23  Åka Sikrom  <a4@hush.com>

	po: Update Norwegian translation.
	+ commit fd0e5b60bed1cfc2aed7b2e13cc449f355eac051


2017-08-23  Andre Heinecke  <aheinecke@intevation.de>

	agent: Fix string translation for Windows.
	+ commit 6158811304937b592601ef30c29c5a5cdbaa88ea
	* agent/agent.h (L_): Define agent_Lunderscore when simple
	gettext is used.

2017-08-22  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit e6fa6b0ce823effd721c807b2b292287af91c642


2017-08-21  Damien Goutte-Gattat  <dgouttegattat@incenp.org>

	tests: Add tests for the PGP trust model.
	+ commit c23a69970ba38edae9d3b2603825d18fbb732423
	* tests/openpgp/trust-pgp-1.scm: New file.
	* tests/openpgp/trust-pgp-2.scm: New file.
	* tests/openpgp/trust-pgp-3.scm: New file.
	* tests/openpgp/trust-pgp-4.scm: New file.
	* tests/openpgp/trust-pgp/common.scm: New file.
	* tests/openpgp/trust-pgp/scenario1.asc: New file.
	* tests/openpgp/trust-pgp/scenario2.asc: New file.
	* tests/openpgp/trust-pgp/scenario3.asc: New file.
	* tests/openpgp/trust-pgp/scenario4.asc: New file.
	* tests/openpgp/trust-pgp/alice.sec.asc: New file.
	* tests/openpgp/trust-pgp/bobby.sec.asc: New file.
	* tests/openpgp/trust-pgp/carol.sec.asc: New file.
	* tests/openpgp/trust-pgp/david.sec.asc: New file.
	* tests/openpgp/trust-pgp/frank.sec.asc: New file.
	* tests/openpgp/trust-pgp/grace.sec.asc: New file.
	* tests/openpgp/trust-pgp/heidi.sec.asc: New file.
	* tests/openpgp/Makefile.am (XTESTS): Add new tests.
	(TEST_FILES): Add new files.
	(EXTRA_DIST): Add new common file.

	tests: Move some functions into a common module.
	+ commit cbe54b28bf3610204e12c50c0606df37337a1156
	* tests/openpgp/tofu.scm (gettrust): Moved to the common defs.scm
	module.
	(checktrust): Likewise.
	* tests/openpgp/defs.scm (gettrust): New function.
	(checktrust): Likewise.

	gpgconf: Make WoT settings configurable by gpgconf.
	+ commit 0161225457e0609509d0d5f4b80a60a1071b4b48
	* tools/gpgconf-comp.c (gc_options_gpg): Add max-cert-depth,
	completes-needed, and marginals-needed options.
	* g10/gpg.c (gpgconf_list): Likewise.

2017-08-21  Justus Winter  <justus@g10code.com>

	gpgscm: Fix -Wimplicit-fallthrough warnings.
	+ commit 6e596b2a745ae7a75a69038cf00ab4bbae1cebaa
	* tests/gpgscm/scheme.c (CASE): Rearrange so that the case statement
	is at the front.
	(Eval_Cycle): Improve fallthrough annotations.

2017-08-11  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: default to --no-auto-key-retrieve.
	+ commit e6f84116abca2ed49bf14b2e28c3c811a3717227
	* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
	default keyserver options.
	* doc/gpg.texi: document this change.

2017-08-10  Justus Winter  <justus@g10code.com>

	tests: Improve documentation.
	+ commit 23107ba20f8b4eb5482b480ad6a8af6b39d2bfeb
	* tests/openpgp/README: Add quickstart instructions, how to use
	shell.scm, remove no longer used MKDATA.

2017-08-09  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	g10: Write status error on error of --quick-revoke-uid.
	+ commit 977fc5f0eb9fdee19e66bea8cd2eb5414789b485
	* g10/keyedit.c (keyedit_quick_revuid): Write status error on error.

2017-08-09  Werner Koch  <wk@gnupg.org>

	Release 2.1.23.
	+ commit e8ffa9a6ca5d76660b67207cd1157068e48483de


	po: Update German translation.
	+ commit 2059dbf201963c6f229698ae80c6c774b1f686c8


2017-08-08  Werner Koch  <wk@gnupg.org>

	build: New configure option --enable-all-tests.
	+ commit fb21aa8b50367e2afa13bad73fc21d6f01a97e18
	* configure.ac: New option --enable-all-tests.
	* tests/gpgscm/ffi.c (ffi_init): New gloabl var *run-all-tests*.
	* tests/openpgp/all-tests.scm (all-tests): Use that var instead
	of *maintainer-mode*.
	* Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Add --enable-all-tests.

	gpgscm: Make the test summary stand out.
	+ commit 0bd19dae1161a71053d794e4f75e66f70445f9f0
	* tests/gpgscm/tests.scm (test-pool): Add delimiter lines.

	sm: Always print the keygrip in colon mode.
	+ commit 0a8e20c4c639f0c491e2af5ac5fb97005196422b
	* sm/keylist.c (list_cert_colon): Always print the keygrip as
	described in the manual.

2017-08-08  Justus Winter  <justus@g10code.com>

	gpg: Add option '--disable-dirmngr'.
	+ commit c4506f624ed6854aa0ba1629aa2d1d43eb26900d
	* doc/gpg.texi: Document new option.
	* g10/call-dirmngr.c (create_context): Fail if option is given.
	* g10/gpg.c (cmd_and_opt_values): New value.
	(opts): New option.
	(gpgconf_list): Add new option.
	(main): Handle new option.
	* g10/options.h (struct opt): New field 'disable_dirmngr'.
	* tools/gpgconf-comp.c (gc_options_gpg): New option.

2017-08-07  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	systemd-user: Drop redundant After=*.socket.
	+ commit 81074c3b0211854a2dc94600dc892224201536f5
	* doc/examples/systemd-user/*.service: Drop redundant After=*.socket
	directive.

	systemd-user: Drop RefuseManualStart=true.
	+ commit 407da18254dfebcacfaee16952ef0b617b1626ea
	* doc/examples/systemd-user/*.service: drop RefuseManualStart=true

2017-08-07  Justus Winter  <justus@g10code.com>

	tests: Do not run all tests unless in maintainer mode.
	+ commit b0112dbca91e720a4ff622ad0e88d99eba56203a
	* configure.ac: Leak the maintainer mode flag into 'config.h'.
	* tests/gpgscm/ffi.c: Pass it into the scheme environment.
	* tests/openpgp/all-tests.scm: Only run tests against non-default
	configurations (keyring, extended-key-format) in maintainer mode.

2017-08-07  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	Fix spelling.
	+ commit a611cba142470c52f3303c512f77ae7d195cc41f
	* doc/gpg.texi: s/occured/occurred/

	Simple typo fix.
	+ commit f011d8763a009612c858a287cf7cc6a1f1a6d32a
	* agent/gpg-agent.c: Correct spelling in comment.

2017-08-05  Werner Koch  <wk@gnupg.org>

	gpg: Install gpg by default under the name gpg.
	+ commit a69464b0b6dac88b360a13d3faf19dd7f2a0e02b
	* configure.ac: Remove option --enable-gpg2-is-gpg.  Add option
	--enable-gpg-is-gpg2.
	* build-aux/speedo.mk (speedo_pkg_gnupg_configure): Remove
	--enable-gpg2-is-gpg.

	gpg: gpgconf needs to support the now default --auto-key-retrieve.
	+ commit 69e97d909d586160cc0631c9a6f4d3f24bb0c682
	* tools/gpgconf-comp.c (gc_options_gpg): Re-add "auto-key_retrieve".

2017-08-04  Werner Koch  <wk@gnupg.org>

	gpg: Fix memory leak in parse_auto_key_locate.
	+ commit b70e86fd1050fc6da07a177ed142ae9882b4dd0d
	* g10/getkey.c (parse_auto_key_locate): Fix freeing of OPTIONS.

	tests: Adjust tests for changed --auto-key-locate default.
	+ commit 0767eada1479c0fa9d4b75781a8c2afb67bdbf90
	* tests/openpgp/defs.scm (create-gpghome): Disable new defaults.

	gpg: Make --no-auto-key-retrieve gpgconf-igurable.
	+ commit 9bb13a0e819334681caca38c9074bd7bfc04e45e
	* g10/gpg.c (gpgconf_list): Print no-auto-key-retrieve instead of
	auto-key-retrieve.
	* tools/gpgconf-comp.c (gc_options_gpg): Replace auto-key-retrieve by
	no-auto-key-retrieve and chnage level from invisible to advanced.

	gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve.
	+ commit 7e1fe791d188b078398bf83c9af992cb1bd2a4b3
	* g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default
	keyserver options.  Set the default for --auto-key-locate to
	"local,wkd".  Reset that default iff --auto-key-locate has been given
	in the option file or in the commandline.
	* g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg.

	agent: Make --no-grab the default.
	+ commit 3d78ae4d3de08398fabae5821045a3a1da6dadbe
	* agent/gpg-agent.c (oGrab): New const.
	(opts): New option --grab.  Remove description for --no-grab.
	(parse_rereadable_options): Make --no-grab the default.
	(finalize_rereadable_options): Allow --grab to override --no-grab.
	(main) <gpgconflist>: Add "grab".
	* tools/gpgconf-comp.c (gc_options_gpg_agent): Add "grab".

	gpg: Avoid double fingerprint printing with import-show.
	+ commit b54d75fb1dcfa2cebb3a2497b81ffb49acac2056
	* g10/import.c (import_one) <IMPORT_SHOW>: Take care of fingerprint
	options.

	gpg: New import option show-only.
	+ commit d9fabcc1989d7235ea0294874803295a30f8711b
	* g10/options.h (IMPORT_DRY_RUN): New.
	* g10/import.c (parse_import_options): Add "show-only".
	(import_one): use that as alternative to opt.dry_run.

2017-08-03  Werner Koch  <wk@gnupg.org>

	wks: Allow gpg-wks-client --supported with just the domain name.
	+ commit 6cba56d436b56ea5e60042144a8a75a2e80007c8
	* tools/gpg-wks-client.c (command_supported): Hack for missing local
	part.

2017-08-02  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	g10: Always save standard revocation certificate in file.
	+ commit dcfb01959802b27869528dda1d9a4f5e79574bb5
	* g10/revoke.c (gen_standard_revocation): Set opt.outfile to NULL
	temporarily to create certificate in right place.

2017-08-01  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	Revert "g10: Always save standard revocation certificate in file."
	+ commit 624cd2d0bf6cc6dd1b79654295dc76f5b2d6d70b
	This reverts commit ebc65ff459e6c228fb7406e375819a9fe5637abe.

	g10: Always save standard revocation certificate in file.
	+ commit ebc65ff459e6c228fb7406e375819a9fe5637abe
	* g10/main.h (open_outfile): New parameter NO_OUTFILE.
	* g10/openfile.c (open_outfile): New parameter NO_OUTFILE.  If given,
	never use opt.outfile.
	* g10/revoke.c (create_revocation): If FILENAME is true, also set
	NO_OUTFILE to true (for standard revocation certificates).
	* g10/dearmor.c, g10/encrypt.c, g10/export.c, g10/revoke.c,
	g10/sign.c: Adjust all other callers.

	artwork: Add icons.
	+ commit a8d0b8d2333ddab703d1e346e06c106eeeedfd53
	* artwork/icons/index.css: New file.
	* artwork/icons/index.html: New file.
	* artwork/icons/lock-12.png: New file.
	* artwork/icons/lock-128.png: New file.
	* artwork/icons/lock-16.png: New file.
	* artwork/icons/lock-24.png: New file.
	* artwork/icons/lock-256.png: New file.
	* artwork/icons/lock-32.png: New file.
	* artwork/icons/lock-48.png: New file.
	* artwork/icons/lock-64.png: New file.
	* artwork/icons/lock-wing-12.png: New file.
	* artwork/icons/lock-wing-128.png: New file.
	* artwork/icons/lock-wing-16.png: New file.
	* artwork/icons/lock-wing-24.png: New file.
	* artwork/icons/lock-wing-256.png: New file.
	* artwork/icons/lock-wing-32.png: New file.
	* artwork/icons/lock-wing-48.png: New file.
	* artwork/icons/lock-wing-64.png: New file.
	* artwork/icons/lock-wing.svg: New file.
	* artwork/icons/lock.svg: New file.
	* artwork/icons/wing-12.png: New file.
	* artwork/icons/wing-128.png: New file.
	* artwork/icons/wing-16.png: New file.
	* artwork/icons/wing-24.png: New file.
	* artwork/icons/wing-256.png: New file.
	* artwork/icons/wing-32.png: New file.
	* artwork/icons/wing-48.png: New file.
	* artwork/icons/wing-64.png: New file.
	* artwork/icons/wing.svg: New file.

2017-08-01  Werner Koch  <wk@gnupg.org>

	gpg,sm: Error out on compliance mismatch while decrypting.
	+ commit 4e117f206beb38287ddcd3251fb7baabadfbddbb
	* g10/pubkey-enc.c (get_session_key): Bail out if the algo is not
	allowed in the current compliance mode.
	* sm/decrypt.c (gpgsm_decrypt): Ditto.

2017-08-01  NIIBE Yutaka  <gniibe@fsij.org>

	Simple typo fix.
	+ commit fde9a8cc6c849fb21f3e6782dbd5c6bc863357eb
	* tools/rfc822parse.c: Fix.

	po: Update Japanese translation.
	+ commit 02b571947b9442604faa7509478cd8577c2c0b9c


2017-07-31  Werner Koch  <wk@gnupg.org>

	dirmngr,w32: Fix http connection timeout problem.
	+ commit 482fd5758c1b7e1b33c4cb50656e586a3ae16815
	* dirmngr/http.c (connect_with_timeout) [W32]: Take care of EAGAIN.

	Explain the "server is older than xxx warning".
	+ commit 4ad5bc1b6d72483123963c894ee1412b2ceb99b4
	* g10/call-agent.c (warn_version_mismatch): Print a note on how to
	restart the servers.
	* g10/call-dirmngr.c (warn_version_mismatch): Ditto.
	* sm/call-agent.c (warn_version_mismatch): Ditto.
	* sm/call-dirmngr.c (warn_version_mismatch): Ditto.

2017-07-28  Werner Koch  <wk@gnupg.org>

	Release 2.1.22.
	+ commit 7d335ff496b129ee6f33c4ca25bd7a6631a4b590


	po: Update German translation.
	+ commit 339f672dad94b4e0000fd2d3a1f272a4861c91c3


	agent: Make --ssh-fingerprint-digest re-readable.
	+ commit 6c9899bede6ecb2ccf7336d12724090f36a6aa3d
	* agent/gpg-agent.c (main): Move oSSHFingerprintDigest to ...
	(parse_rereadable_options): here.
	(opts): Change its description.
	(main) <aGPGConfList>: Include this option.
	* tools/gpgconf-comp.c (gc_options_gpg_agent): Add option at expert
	level.

	gpg,sm: String changes for compliance diagnostics.
	+ commit efe187e8a2b583defdcd9d4b96e3dc83f95bef0d


	agent: For OCB key files return Bad Passprase instead of Checksum Error.
	+ commit 5cf95157c5db88dd599ac4d48f619782179b1438
	* agent/protect.c (do_decryption): Map error checksum to bad
	passpharse protection

	* agent/call-pinentry.c (unlock_pinentry): Don't munge the error
	source for corrupted protection.

	gpg: Minor rework for better readibility of get_best_pubkey_byname.
	+ commit 1c35e29af95c46475f297d2bd70a5f3bd49d45b1
	* g10/getkey.c (get_best_pubkey_byname): Change return type to
	gpg_error_t.  Use var name err instead of rc.  Move a
	gpg_error_from_syserror closer to the call.

	gpg: Fix segv in get_best_pubkey_byname.
	+ commit 6496dc1f9d2aef3bf8cf950da2434c96f7a0145c
	* g10/getkey.c (get_best_pubkey_byname): Init NEW.

	agent: Minor cleanup (mostly for documentation).
	+ commit 5516ef47a22dfdf9cdf56107f34d2bda9e46deec
	* agent/command.c (cmd_pksign): Change var name 'rc' to 'err'.
	* agent/findkey.c (read_key_file): Ditto.  Change return type to
	gpg_error_t.  On es_fessk failure return a correct error code.
	(agent_key_from_file): Change var name 'rc' to 'err'.
	* agent/pksign.c (agent_pksign_do): Ditto.  Change return type to
	gpg_error_t.  Return a valid erro code on malloc failure.
	(agent_pksign): Ditto.  Change return type to gpg_error_t.  replace
	xmalloc by xtrymalloc.
	* agent/protect.c (calculate_mic): Change return type to gpg_error_t.
	(do_decryption): Ditto.  Do not init RC.
	(merge_lists): Change return type to gpg_error_t.
	(agent_unprotect): Ditto.
	(agent_get_shadow_info): Ditto.

2017-07-27  Werner Koch  <wk@gnupg.org>

	gpg: Tweak compliance checking for verification.
	+ commit 6502bb0d2af5784918ebb74242fff6f0a72844bf
	* common/compliance.c (gnupg_pk_is_allowed): Rework to always allow
	verification.
	* g10/mainproc.c (check_sig_and_print): Print a con-compliant warning.
	* g10/sig-check.c (check_signature2): Use log_error instead of
	log_info.

	gpg,sm: Allow encryption (with warning) to any key in de-vs mode.
	+ commit 1bd22a85b4f06324037b3500d2fa8af62733c926
	* g10/encrypt.c (encrypt_crypt): Do not abort for a non-compliant key.
	* sm/encrypt.c (gpgsm_encrypt): Ditto.

	gpg,sm: Fix compliance checking for decryption.
	+ commit a0d0cbee7654ad7582400efaa92d493cd8e669e9
	* common/compliance.c (gnupg_pk_is_compliant): Remove the Elgamal
	signing check.  We don't support Elgamal signing at all.
	(gnupg_pk_is_allowed) <de-vs>: Revert encryption/decryption for RSA.
	Check the curvenames for ECDH.
	* g10/pubkey-enc.c (get_session_key): Print only a warning if the key
	is not compliant.
	* sm/decrypt.c (gpgsm_decrypt): Ditto.  Use the same string as in gpg
	so that we have only one translation.

	gpg: Avoid output to the tty during import.
	+ commit fcb62fe20f45290bf95703ec3bf4d0b361fa4339
	* g10/key-check.c (key_check_all_keysigs): Add arg mode and change all
	output calls to use it.
	* g10/keyedit.c (keyedit_print_one_sig): Add arg fp and chnage all
	output calls to use it.
	(keyedit_menu): Adjust for changes.
	* g10/gpgcompose.c (keyedit_print_one_sig): Add dummy arg fp.
	* g10/import.c (import_one): Call key_check_all_keysigs with output to
	the log stream.

2017-07-26  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	g10: Make sure exactly one fingerprint is output with --quick-gen-key.
	+ commit 94eea0ed2c8b47cb0fe02b22cbe668705a5fe0d0
	* g10/keygen.c (do_generate_keypair): Only set fpr in
	list_keyblock_direct invocation if neither --fingerprint nor
	--with-fingerprints are given.

2017-07-26  Werner Koch  <wk@gnupg.org>

	doc: Add man pages form gpg-wks-server and gpg-wks-client.
	+ commit be636c3cfca178927b09ef4154c3e555d6f5b1c4
	* doc/wks.texi: New.
	* doc/gnupg.texi: Include wks.texi.
	* doc/Makefile.am (gnupg_TEXINFOS): Add wks.texi.
	(myman_pages): Add new man pages.

	wks: Fix program names in the usage diagnostics.
	+ commit c76398da5b15df2086f68bc26b7fde75219976c7
	* tools/gpg-wks-client.c (my_strusage): Add case 12.
	* tools/gpg-wks-server.c (my_strusage): Add case 12:

2017-07-26  Andre Heinecke  <aheinecke@intevation.de>

	doc: Update vsnfd profile example.
	+ commit 4f569c69075fddbaea588544a6625c28cb4cb8f4
	* doc/examples/vsnfd.prf: Use rsa3072

2017-07-26  Werner Koch  <wk@gnupg.org>

	dirmngr: Do not use a blocking connect in Tor mode.
	+ commit c5e5748480952e5bcedb16f6ce6ef7e435acb3c7
	* dirmngr/http.c (http_raw_connect): Disable the timeout in Tor mode.
	(send_request): Ditto.

	dirmngr: Auto-enable Tor on startup or reload.
	+ commit fd68bdb61ec4f8441da6d3023a8da4315df54cec
	* dirmngr/dirmngr.c (dirmngr_use_tor): Test for Tor availibility.

	agent,dirmngr: Check for homedir removal also using stat(2).
	+ commit d50c2eff8d6931586c527edb3dea98dbc6facdec
	* agent/gpg-agent.c (have_homedir_inotify): New var.
	(reliable_homedir_inotify): New var.
	(main):  Set reliable_homedir_inotify.
	(handle_tick): Call stat on the homedir.
	(handle_connections): Mark availibility of the inotify watch.
	* dirmngr/dirmngr.c (handle_tick): Call stat on the homedir.
	(TIMERTICK_INTERVAL_SHUTDOWN): New.
	(handle_connections): Depend tick interval on the shutdown state.

	agent: Lengthen timertick interval on Unix to 4 seconds.
	+ commit f4ec7697a9c2d7587794d3bd75efbb0b51d6562f
	* agent/gpg-agent.c (TIMERTICK_INTERVAL): Same value for Windows and
	Unix.

2017-07-25  Werner Koch  <wk@gnupg.org>

	common: Strip trailing slashes from the homedir.
	+ commit 24c7aa0d58e3768690dd8ebef0e8e01af7e80f83
	* common/homedir.c (default_homedir): Strip trailing slashes.
	(gnupg_set_homedir): Ditto.

	w32: Also change the directory on daemon startup.
	+ commit 0ef50340ef68b2541d9a1aafa71f5400aef4dc7e
	* agent/gpg-agent.c (main): Always to the chdir.
	* dirmngr/dirmngr.c (main): Ditto.
	* scd/scdaemon.c (main): Ditto.

	common: New functions gnupg_daemon_rootdir and gnupg_chdir.
	+ commit 226f143ca01cf335c7c4e3e94c96fb9d271eccc9
	* common/sysutils.c (gnupg_chdir): New.
	* common/homedir.c (gnupg_daemon_rootdir): New.
	* agent/gpg-agent.c (main): Use these functions instead chdir("/").
	* dirmngr/dirmngr.c (main): Ditto.
	* scd/scdaemon.c (main): Ditto.

	gpg: Update key origin info during import merge.
	+ commit 166d0d7a2439f30c0a250faadc16ce3453447d71
	* g10/import.c (update_key_origin): New.
	(merge_blocks): Add arg curtime.
	(import_one): Pass curtime to merge_blocks.  Call update_key_origin.

	gpg: Store key origin for new userids during import merge.
	+ commit 84c993d9325fc000acac7950b2dfeefa5976df3b
	* g10/import.c (apply_meta_data): Rename to ...
	(insert_key_origin): this.  Factor code out to ...
	(insert_key_origin_pk, insert_key_origin_uid): new funcs.
	(import_one): Move insert_key_origin behind clean_key.
	(merge_blocks): Add args options, origin, and url.
	(append_uid): Rename to ...
	(append_new_uid): this.  Add args options, curtime, origin, and url.
	Call insert_key_origin_uid for new UIDs.

2017-07-25  NIIBE Yutaka  <gniibe@fsij.org>

	dirmngr: Add annotation for fallthrough.
	+ commit d40b4a41a8d60292fd4b5b951a19883e31090179
	* dirmngr/dns.c: Add /* FALL THROUGH */ to clarify.

2017-07-24  Werner Koch  <wk@gnupg.org>

	gpg: Extend --key-origin to take an optional URL arg.
	+ commit 87b5421ca84bbea68217c9ed771ee8c0a98a4d0c
	* g10/getkey.c (parse_key_origin): Parse appended URL.
	* g10/options.h (struct opt): Add field 'key_origin_url'.
	* g10/gpg.c (main) <aImport>: Pass that option to import_keys.
	* g10/import.c (apply_meta_data): Extend for file and url.
	* g10/keyserver.c (keyserver_fetch): Pass the url to
	import_keys_es_stream.

	gpg: Store key origin info for new keys from a keyserver.
	+ commit 2ca0381d077d766593db26f4215b8eddee8d7963
	* g10/keyserver.c (keyserver_get_chunk): Use KEYORG_KS if request was
	done by fingerprint.
	* g10/import.c (apply_meta_data): Implement that.

	gpg: Store key origin info for new DANE and WKD retrieved keys.
	+ commit e7068bf92ec5ca5d440346d43a382c1f625b924d
	* g10/import.c (apply_meta_data): Remove arg 'merge'.  Add arg 'url'.
	Implement WKD and DANE key origin.
	(import_keys_internal): Add arg 'url' and change all callers.
	(import_keys_es_stream): Ditto.
	(import): Ditto.
	(import_one): Ditto.
	* g10/keylist.c (list_keyblock_print): Fix update URL printing.
	* g10/call-dirmngr.c (gpg_dirmngr_wkd_get): Add arg 'r_url' to return
	the SOURCE.  Pass ks_status_cb to assuan_transact.
	* g10/keyserver.c (keyserver_import_wkd): Get that URL and pass it to
	the import function.

	gpg: Filter keys received via DANE.
	+ commit f6f0dd4d5ea85e0b16e96d7678b1d508182049a8
	* g10/keyserver.c (keyserver_import_cert): Use an import filter in
	DANE mode.

	dirmngr: Print a SOURCE status for WKD requests.
	+ commit e97548223948222a5c22acdf3775c7f93c1e17a9
	* dirmngr/server.c (cmd_wkd_get): Print a SOURCE status.

	dirmngr: New function dirmngr_status_printf.
	+ commit 9b88cfa0962f28894658cff8777fe7a217c6f700
	* dirmngr/server.c (dirmngr_status_printf): New.

2017-07-24  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	g10: Make sure to emit NEED_PASSPHRASE on --import of secret key.
	+ commit 872137b5921dd297e7d2c1def6e3868b7595feb5
	* call-agent.h (agent_import_key): Add keyid parameters.
	* call-agent.c (agent_import_key): Set keyid parameters.
	* import.c (transfer_secret_keys): Pass keyid parameters.

	w32: Change directory on daemon startup.
	+ commit 78ebc62604d77600b9865950610717d28c6027a2
	* agent/gpg-agent.c [HAVE_W32_SYSTEM]: Include <direct.h>.
	(main) [HAVE_W32_SYSTEM]: Change working directory to \.
	* dirmngr/dirmngr.c [HAVE_W32_SYSTEM]: Include <direct.h>.
	(main) [HAVE_W32_SYSTEM]: Change working directory to \.
	* scd/scdaemon.c [HAVE_W32_SYSTEM]: Include <direct.h>.
	(main) [HAVE_W32_SYSTEM]: Change working directory to \.

	g10: Make sure to emit NEED_PASSPHRASE on --export-secret-key.
	+ commit d8e46f10698da0bee4cd58d95f1f9832bdda0c5f
	* call-agent.h (agent_export_key): Add keyid parameters.
	* call-agent.c (agent_export_key): Set keyid parameters.
	* export.c (receive_seckey_from_agent): Pass keyid parameters.

2017-07-24  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Use unsigned int for fields.
	+ commit 45e40487fb7bb51228c96c8966e38c643a9b9ba5
	* scd/app-openpgp.c (data_objects): Use unsigned ints.

	dirmngr: More minor fix.
	+ commit ade4b2744c848e07b87afa4f186256c2a2ef1d13
	* dirmngr/http.c (send_request): Care the case of !USE_TLS.

	dirmngr: More minor fixes.
	+ commit 789401e9557db13422f47a8c09e693f3cee0132b
	* dirmngr/http.c (http_verify_server_credentials): Duplicated const.
	* dirmngr/ldap.c (parse_one_pattern): Add comment.

	dirmngr: Minor fix for Windows.
	+ commit 274602820cfbb15c7cdb4525acd9793bdb472e78
	* dirmngr/http.c (connect_with_timeout): Use FD2INT.

	agent: Minor fix for Windows.
	+ commit 328fca187253c069e3630bd387a71f6d16e9820a
	* agent/command-ssh.c (serve_mmapped_ssh_request): Add const
	qualifier.

2017-07-21  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	g10: Avoid caching passphrase for failed symmetric encryption.
	+ commit e4c720fa3b31ebd3e9d764c6eab02729cf06124c
	* g10/mainproc.c (proc_encrypted): If error code is GPG_ERR_CIPHER_ALGO,
	assume the symmetric passphrase was wrong and invalidate the cache.

2017-07-21  Werner Koch  <wk@gnupg.org>

	gpg: Extend --quick-set-expire to allow subkey expiration setting.
	+ commit b55b72bb815ad5870456b89c3a011fa00991b4a8
	* g10/keyedit.c (keyedit_quick_set_expire): Add new arg subkeyfprs.
	(menu_expire): Rename arg force_mainkey to unattended and allow
	unattended changing of subkey expiration.
	* g10/gpg.c (main): Extend --quick-set-expire.

	gpg: Fix possible double free of the card serialno.
	+ commit e888f7af6571ecd3994fd55cc18c9e2df7fd0c60
	* g10/free-packet.c (copy_public_key): Copy fields serialno and
	updateurl.

	gpg: Use macros to check the signature class.
	+ commit 5818ff0ae314af08548fcc23df2b807736144a00
	* g10/import.c: Use the extistin macros for better readability.

2017-07-21  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	g10: Clean keyblock on initial commit.
	+ commit 609bbdf3614fbadeba7a6cbdfdf5004b23516a64
	* g10/import.c (import_one): If option import-clean is set,
	also clean on initial import, not only for merge.

2017-07-21  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix SEGV in CCID driver.
	+ commit d8a55da715ce8447b0686f321fa43d00be34a467
	* scd/ccid-driver.c (intr_cb): Only kick the loop for removal.
	(bulk_in): Don't set POWERED_OFF when interrupt transfer is enabled.

	g10: Don't limit at the frontend side for card capability.
	+ commit a76b6cf9709c0a2a89fa2887075491b80f3d9608
	* g10/card-util.c (MAX_GET_DATA_FROM_FILE): New.
	(get_data_from_file): Use MAX_GET_DATA_FROM_FILE.
	(change_url, change_login, change_private_do): Don't limit.

	scd: Add debug message for v3 card.
	+ commit 892e86b0dc69193ddff018bf9b3938509dd72cb3
	* scd/app-openpgp.c (show_caps): Output more messages.

2017-07-20  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	doc: Clarify wording of export-attributes.
	+ commit cea4313644b531ef87b8c8e4bfddde4388cbbe0d
	* doc/gpg.texi: Clarify wording of export-attributes.

2017-07-20  Werner Koch  <wk@gnupg.org>

	gpg: New option --with-key-origin.
	+ commit 165cdd8121bbf80bfe2da071539d3578630f198f
	* g10/getkey.c (parse_key_origin): Factor list out as ...
	(key_origin_list): new struct.
	(key_origin_string): New.
	* g10/gpg.c (oWithKeyOrigin): New const.
	(opts): New option --with-key-origin.
	(main): Implement option.
	* g10/options.h (struct opt): New flag with_key_origin.
	* g10/keylist.c (list_keyblock_print): Print key origin info.
	(list_keyblock_colon): Ditto.

	common: New function print_utf9_string.
	+ commit bddc2e04f1ddc18be20efc0f0508be401b345f42
	* common/miscellaneous.c (print_utf8_string): New.

	gpg: Make function mk_datestr public.
	+ commit 3ee314dde16d1d69ddf840cdb8b5aa186c592262
	* g10/keydb.h (MK_DATESTR_SIZE): New.
	* g10/keyid.c (mk_datestr): Make public.  Add arg bufsize and use
	snprintf.  Change arg atime to u32.
	(datestr_from_pk): Simplify.
	(datestr_from_sig): Ditto.
	(expirestr_from_pk): Ditto.
	(expirestr_from_sig): Ditto.
	(revokestr_from_pk): Ditto.

2017-07-20  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	g10: Return proper error when gpg-agent fails to start during probe.
	+ commit 9998b162b47931fb8a8ed961d53418d505358888
	* g10/getkey.c (lookup): Return immediately on any other error than
	GPG_ERR_NO_SECKEY from agent_probe_any_secret_key.

2017-07-20  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Support longer data length for special DOs for v3 card.
	+ commit 69614d55018ddb8678d8904a52e648931f480d72
	* scd/app-openpgp.c (data_objects): Special DOs like "Login Data",
	"URL", "Private DO N" can be longer size >= 256.
	(struct app_local_s): Define bits for v3 card.
	(get_cached_data): Use extcap.max_special_do for special DOs.
	(app_select_openpgp): Detect if extcap_v3, kdf_do, and other bits.

	common: logstream fix.
	+ commit 84146b3ec44943f06c66a603de19094b930ad446
	* common/logging.c (set_file_fd): Don't close es_stderr.

	dnsmngr: Fix use of CPP.
	+ commit cc12cf386b620e658fa93a0bd40477bc16d85d98
	* dirmngr/dns.c (HAVE_STATIC_ASSERT, HAVE___ATOMIC_FETCH_ADD)
	(DNS_HAVE_SOCKADDR_UN, HAVE_SOCK_NONBLOCK): Don't use defined
	to be expanded for expression evaluation.

2017-07-19  Justus Winter  <justus@g10code.com>

	dirmngr: Forbid redirects from .onion to clearnet URIs.
	+ commit e7fc6e3bf0eb6ffe53e1f099d28ce45cef4a8a87
	* dirmngr/ks-engine-hkp.c (send_request): Forbid redirects from .onion
	to clearnet URIs.
	* dirmngr/ks-engine-http.c (ks_http_fetch): Likewise.

2017-07-19  Werner Koch  <wk@gnupg.org>

	gpg: Avoid asking by fpr and then by keyid during auto-key-retrieve.
	+ commit 2e5459457473eb4b3e7b2b14815cb94faa66e8bb
	* g10/mainproc.c (check_sig_and_print): Track key server request via
	fingerprint.

2017-07-19  Justus Winter  <justus@g10code.com>

	dirmngr: Implement TLS over http proxies.
	+ commit da91d2106a17c796ddb066a34db92d33b21c81f7
	* dirmngr/http.c (send_request): If a http proxy is to be used, and we
	want to use TLS, try to use the CONNECT method to get a connection to
	the target server.

	dirmngr: Log http response in debug mode.
	+ commit e7eabe66b6409c1f5225b751ea5c2d456a3856e6
	* dirmngr/http.c (parse_response): Log http response in debug mode.

	dirmngr: Amend TLS handling.
	+ commit 1ba220e68149fdb197accf4a15b0a11126c8b431
	* dirmngr/http.c (http_wait_response): Get the 'use_tls' flag from the
	write cookie, not from the URI.

	dirmngr: Fix connecting to http proxies.
	+ commit 46a4a0c0e77e19f9589088bb87357c33142c3f04
	* dirmngr/http.c (send_request): Do not use the 'srvtag' intended for
	the target host to connect to the http proxy.

	dirmngr: Fix handling of proxy URIs.
	+ commit 73d4781e4595634548269bafe46aeb7674c5b219
	* dirmngr/http.c (send_request): We do not support socks4.

2017-07-19  NIIBE Yutaka  <gniibe@fsij.org>

	gpgconf: Make vars read-only explicitly.
	+ commit 99791184ac4c7486ccdefc150b9921cd923428b9
	* tools/gpgconf-comp.c (gc_backend, gc_arg_type, gc_level, gc_flag)
	(gc_component): Add const qualifier.

	Fix usage of ARGPARSE_OPTS.
	+ commit fa63db89f9581186ed758c502d4e69914b774157
	* agent/gpg-agent.c, agent/preset-passphrase.c,
	dirmngr/dirmngr-client.c, dirmngr/dirmngr_ldap.c, kbx/kbxutil.c,
	tools/gpg-check-pattern.c, tools/gpgconf.c, tools/gpgsplit.c,
	tools/symcryptrun.c: Use ARGPARSE_end.

2017-07-18  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	common: Allow abbreviations of standard options.
	+ commit f17862d47d184d7f6ef883778cf63801365599a0
	* argparse.h (ARGPARSE_SHORTOPT_HELP, ARGPARSE_SHORTOPT_VERSION,
	ARGPARSE_SHORTOPT_WARRANTY, ARGPARSE_SHORTOPT_DUMP_OPTIONS): New
	macros.
	(ARGPARSE_end): Add some placeholders for standard options.
	* argparse.c (arg_parse): Fill in missing standard options so
	default machinery works.  Check for standard options in new way.
	Do not write out standard options for --dump-options.

2017-07-18  Justus Winter  <justus@g10code.com>

	gpgscm,w32: Fix testing for absolute paths.
	+ commit 2e1342b78b020f5b28359b08a4f63cf11479602f
	* tests/gpgscm/main.c (path_absolute_p): New function.
	(load): Use new function.

	dirmngr: Honor http keyserver URLs.
	+ commit b231959728a0056094134e0fca8cc916c24ef37e
	* dirmngr/http.c (parse_uri): Keep an unmodified copy of the URI.
	* dirmngr/http.h (struct parsed_uri_s): New field 'original'.
	* dirmngr/ks-action.c (ks_action_get): Properly handle http and https
	URLs.

	dirmngr: Fix memory leak.
	+ commit ebb35ed7110d1a29061dfb4ccb9038645b20d7f4
	* dirmngr/http.c (parse_uri): Properly free partial results.

	dirmngr: Fix memory leak.
	+ commit 3d670fa973a03ea88b5f9459b3222a951136dd7a
	* dirmngr/http.c (http_release_parsed_uri): Free 'params'.

2017-07-17  Werner Koch  <wk@gnupg.org>

	gpg,sm: Check compliance of the RNG.
	+ commit a149afe338d61d86985c533cde5e7dbcd31e8698
	* common/compliance.c (gnupg_rng_is_compliant): New.
	* g10/call-agent.c (start_agent) [W32]: Check rng compliance.
	* sm/call-agent.c (start_agent) [W32]: Ditto.
	* g10/encrypt.c (encrypt_simple, encrypt_crypt): Check that the RNG is
	compliant.
	* sm/encrypt.c (gpgsm_encrypt): Ditto.
	* g10/sign.c (do_sign): Ditto.
	* sm/sign.c (gpgsm_sign): Ditto.

	agent: New GETINFO sub-command jent_active.
	+ commit bbbd0db34b4e387f8dc089fb7d69fdcf2ed91a01
	* agent/command.c (cmd_getinfo): Implement it for gcrypt >= 1.8.

	common: New function split_fields_colon.
	+ commit 849467870ee1c10e0a7b1e89cfc9e8214e4963fe
	* common/stringhelp.c (split_fields_colon): New.
	* common/t-stringhelp.c (test_split_fields_colon): New test.
	(main): Call that test.

2017-07-14  Justus Winter  <justus@g10code.com>

	tests: Improve 'shell.scm' script.
	+ commit 58eafd11ed5501c0b72fcb553eb3e097ad29b3c6
	* tests/openpgp/defs.scm (create-file): Unlink file first.
	* tests/openpgp/shell.scm: Ask whether to import legacy test keys or
	not, and whether to drop 'batch' from the configuration.  Add paths to
	all the programs to 'PATH'.

	gpgscm: Library improvements.
	+ commit b4d25082fd4502ec01d511c22fecd60d513b81f4
	* tests/gpgscm/repl.scm (prompt-yes-no?): New function.
	* tests/gpgscm/tests.scm (pathsep-split): Likewise.
	(pathsep-join): Likewise.
	(with-path): Use the new function.

	gpgscm: Fail early if the test setup fails.
	+ commit 7a6e6ad2880bbff54a75ff608d0ec97d6c405733
	* tests/gpgscm/tests.scm (make-environment-cache): Check status code
	of setup script.

	gpg: Fix importing keys.
	+ commit 956da89193370d5aa970cff5b77f605534481a02
	* g10/import.c (import_one): Fix error handling.

2017-07-13  Werner Koch  <wk@gnupg.org>

	gpg: Pass key origin values to import functions.
