2019-03-19  Werner Koch  <wk@gnupg.org>

	Release 2.2.14.
	+ commit 813de13e73b01409fabff9859f24c4f23b808796


2019-03-18  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit dc00947b21dcd4417a35da711c884cef5cc9fc7d


2019-03-18  Werner Koch  <wk@gnupg.org>

	gpg: Do not bail out on v5 keys in the local keyring.
	+ commit de70a2f377c1647417fb8a2b6476c3744a901296
	* g10/parse-packet.c (parse_key): Return GPG_ERR_UNKNOWN_VERSION
	instead of invalid packet.
	* g10/keydb.c (parse_keyblock_image): Do not map the unknown version
	error to invalid keyring.
	(keydb_search): Skip unknown version errors simlar to legacy keys.
	* g10/keyring.c (keyring_rebuild_cache): Skip keys with unknown
	versions.
	* g10/import.c (read_block): Handle unknown version.

	gpg: Allow import of PGP desktop exported secret keys.
	+ commit 0e73214dd208fca4df26ac796416c6f25b3ae50d
	* g10/import.c (NODE_TRANSFER_SECKEY): New.
	(import): Add attic kludge.
	(transfer_secret_keys): Add arg only_marked.
	(resync_sec_with_pub_keyblock): Return removed seckeys via new arg
	r_removedsecs.
	(import_secret_one): New arg r_secattic.  Change to take ownership of
	arg keyblock.  Implement extra secret key import logic.  Factor some
	code out to ...
	(do_transfer): New.
	(import_matching_seckeys): New.

	gpg: Avoid importing secret keys if the keyblock is not valid.
	+ commit 43b23aa82be7e02414398af506986b812e2b9349
	* g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by
	new field TAG.
	* g10/kbnode.c (alloc_node): Change accordingly.
	* g10/import.c (import_one): Add arg r_valid.
	(sec_to_pub_keyblock): Set tags.
	(resync_sec_with_pub_keyblock): New.
	(import_secret_one): Change return code to gpg_error_t.   Return an
	error code if sec_to_pub_keyblock failed.  Resync secret keyblock.

	gpg: During secret key import print "sec" instead of "pub".
	+ commit db2d75f1ffede2ea77163b487a15e60249daffa0
	* g10/keyedit.c (show_basic_key_info): New arg 'print_sec'.  Remove
	useless code for "sub" and "ssb".
	* g10/import.c (import_one): Pass FROM_SK to show_basic_key_info.  Do
	not print the first  keyinfo in FROM_SK mode.
	printing.

	gpg: Simplify an interactive import status line.
	+ commit 184fbf014ae537554d6939a47f07977ef0b0fe9f
	* g10/cpr.c (write_status_printf): Escape CR and LF.
	* g10/import.c (print_import_check): Simplify by using
	write_status_printf and hexfingerprint.


	Fixed one conlict in a comment.

2019-03-07  NIIBE Yutaka  <gniibe@fsij.org>

	libdns: Avoid using compound literals (8).
	+ commit ee08a15e31284d32fb59774fc15e39107a727072
	* dirmngr/dns.h (dns_quietinit): Remove.
	(dns_hints_i_new): Remove.

	libdns: Avoid using compound literals (7).
	+ commit 4ab0fef5dc856d1f2747efab584182aa880f631c
	* dirmngr/dns.h (DNS_OPTS_INIT, dns_opts): Remove.
	* dirmngr/dns-stuff.c (libdns_res_open): Use zero-ed, and initialized
	automatic variable for opts.
	* dirmngr/dns.c (send_query, resolve_query, resolve_addrinfo):
	Likewise.

	libdns: Avoid using compound literals (6).
	+ commit f3af1707690b070b4cbf6d761a9e5dbddbf681e9
	* dirmngr/dns.h (dns_rr_i_new): Remove.
	(dns_rr_i_init): Remove unused second argument.
	* dirmngr/dns.c (dns_p_dump, dns_hints_query, print_packet)
	(parse_packet): Use automatic variable for struct dns_rr_i.
	(dns_d_cname): No need to call dns_rr_i_init after memset 0.
	(dns_rr_i_init): Remove unused second argument.  Return nothing.
	* dirmngr/dns-stuff.c (resolve_addr_libdns, get_dns_cert_libdns)
	(getsrv_libdns): Follow the change of dns_rr_i_init.

	(cherry picked from commit 6501e59d3685bb58753c9caea729a4b0eca3942a)

	libdns: Avoid using compound literals (5).
	+ commit 500151e6daf5fc4d6ea382b83aab3cca72b27881
	* dirmngr/dns.h (dns_rr_foreach): Don't use dns_rr_i_new.
	Call dns_rr_grep with NULL.
	* dirmngr/dns.c (dns_rr_grep): Support NULL for error_.

	libdns: Avoid using compound literals (4).
	+ commit 229302aecf8deea0349e79ca0cc05f32665391b7
	* dirmngr/dns.h (dns_d_new*): Remove.
	* dirmngr/dns.c (parse_packet): Use dns_d_init with automatic
	variable.
	(parse_domain): Likewise.

	(cherry picked from commit 7313a112f9c7ada61d24285313d2e2d069a672e8)

	libdns: Avoid using compound literals (3).
	+ commit f0de4fc990767ae5d120a523be51616b0f35f4f6
	* dirmngr/dns.h (dns_p_new): Remove.
	* dirmngr/dns.c (dns_hosts_query): Use dns_p_init with automatic
	variable.
	(dns_hints_query, dns_res_glue, parse_packet, query_hosts)
	(send_query, show_hints, echo_port): Likewise.

	libdns: Avoid using compound literals (2).
	+ commit ff7d01fc6d396fc3b8d37baa9bd4cdebc8853648
	* dirmngr/dns.h (dns_strsection1, dns_strsection3): Remove.
	(dns_strclass1, dns_strclass3): Remove.
	(dns_strtype1, dns_strtype3): Remove.
	(dns_strsection, dns_strclass, dns_strtype): Directly use the
	function.
	* dirmngr/dns.c (dns_strsection): Use automatic variable.
	(dns_strclass, dns_strtype): Likewise.

	(cherry picked from commit 455ef62d29a112de05897139716265d07e4c6ae3)

	libdns: Avoid using compound literals.
	+ commit 1318d1e2d50989c66f496ede906a846859f0cf9f
	* dirmngr/dns.c (dns_inet_pton, dns_so_tcp_keep): Use automatic
	variables.
	(dns_poll, dns_send_nopipe): Likewise, adding const qualifier.

2019-03-07  Werner Koch  <wk@gnupg.org>

	dirmngr: Add CSRF protection exception for protonmail.
	+ commit 557c721e787e7e6d311ccb48d8aa677123061cf5
	* dirmngr/http.c (same_host_p): Add exception table.

	gpgtar: Make option -C work for archive creation.
	+ commit 5d73c231e4f2d5994eb3be48b36517e39d66be96
	* tools/gpgtar-create.c (gpgtar_create): Switch to the -C directory.

	gpgtar: Improve error messages.
	+ commit 2e4151a3412c3fc553fbb7ad070dfffc68a04b35
	* tools/gpgtar.h (struct tarinfo_s): New.
	* tools/gpgtar.c (cmd, skip_crypto, files_from, null_names): Move
	global vars more to the top.
	(set_cmd): Rename 'cmd' to 'c'.
	* tools/gpgtar-list.c (parse_header): Add arg 'info' and improve error
	messages.
	(read_header): Add arg 'info' and update counter.
	(skip_data): Ditto.
	(gpgtar_list): Pass info object to read functions.
	(gpgtar_read_header): Add arg 'info'.
	* tools/gpgtar-extract.c (gpgtar_extract): add arg 'info' and pass on.
	(extract_regular): Add arg 'info' and update counter.

	gpg: Make invalid primary key algos obvious in key listings.
	+ commit d2a7f9078a4673ec53733e4f69fd17a8f1ac962d
	* g10/keylist.c (print_key_line): Print a warning for invalid algos.

	sm: Print Yubikey attestation extensions with --dump-cert.
	+ commit b3c8ce9e4343f1b68b9ba94bdd71b7d8e13b139a
	* sm/keylist.c (oidtranstbl): Add Yubikey OIDs.
	(OID_FLAG_HEX): New.
	(print_hex_extn): New.
	(list_cert_raw): Make use of that flag.

	(cherry picked from commit 86c241a8c9a952ea8007066b70b04f435e2e483e)

2019-03-07  NIIBE Yutaka  <gniibe@fsij.org>

	tests: Add "disable-scdaemon" in gpg-agent.conf.
	+ commit 150d5452318eafa6aa800ff3b87f8f8eb35ed203
	* tests/openpgp/defs.scm: Add "disable-scdaemon".  Remove
	  "scdaemon-program".
	* tests/gpgme/gpgme-defs.scm, tests/gpgsm/gpgsm-defs.scm: Likewise.
	* tests/inittests, tests/pkits/inittests: Add "disable-scdaemon"

2019-03-07  Werner Koch  <wk@gnupg.org>

	scd: Fix flushing of CA-FPR data objects.
	+ commit e7eafe10197557ce874db2f049d683f90f26e0bc
	* scd/app-openpgp.c (do_setattr): Add new table item to flush a
	different tag.

2019-03-07  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Support --mode=ssh option for CLEAR_PASSPHRASE.
	+ commit 77a285a0a94994ee9b42289897f9bf3075c7192d
	* agent/command.c (cmd_clear_passphrase): Add support for SSH.

2019-03-07  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpgv: Improve documentation for keyring choices.
	+ commit a7b2a87f940dba078867c44f1f50d46211d51719
	* doc/gpgv.texi: Improve documentation for keyring choices

2019-02-28  Werner Koch  <wk@gnupg.org>

	sm: Don't mark a cert as de-vs compliant if it leads to SHA-1 sigs.
	+ commit be69bf0cbd11cb8c0d452e07066669aacc6caafa
	* sm/keylist.c (print_compliance_flags): Also check the digest_algo.
	Add new arg 'cert'.

2019-02-28  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpgsm: default to 3072-bit keys.
	+ commit 121286d9d1506dbaad9ba33bae2e459814fe5849
	* doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update
	default to 3072 bits.
	* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to
	3072 bits.
	* sm/certreqgen.c (proc_parameters): update default to 3072 bits.
	* sm/gpgsm.c (main): print correct default_pubkey_algo.

2019-02-26  Werner Koch  <wk@gnupg.org>

	conf: New option --show-socket.
	+ commit 92e26ade5c0d52f2e50eaf338a0bb8006e75711c
	* tools/gpgconf-comp.c (gc_component_t): Move this enum to ...
	* tools/gpgconf.h: here.
	* tools/gpgconf.c (oShowSocket): New.
	(opts): Add new option.
	(main): Implement new option.

2019-02-25  Werner Koch  <wk@gnupg.org>

	scd: Don't let the "undefined" app cause a conflict error.
	+ commit 0eb8095626be71160dfa66284a7b0a6a57cb03e3
	* scd/app.c (check_conflict): Ignore "undefined".

	(cherry picked from commit 5ecc7a02609dde65096ddb12e0ff8f6bce3b774a)

	sm: Fix certificate creation with key on card.
	+ commit 54c56230e305a38d6fd0c3bf1262172fd5fbcb87
	* sm/certreqgen.c (create_request): Fix for certmode.

	agent: Fix for suggested Libgcrypt use.
	+ commit 0a95b153811f36739d1b20f23920bad0bb07c68b
	* agent/divert-scd.c (divert_pkdecrypt): Skip a flags parameter.

2019-02-25  NIIBE Yutaka  <gniibe@fsij.org>

	gpgscm: Build well even if NDEBUG defined.
	+ commit 8161afb9dddaba839be92fbe9d85c05235eda825
	* gpgscm/scheme.c (gc_reservation_failure): Fix adding ";".
	[!NDEBUG] (scheme_init_custom_alloc): Don't init seserved_lineno.

2019-02-19  Neal H. Walfield  <neal@g10code.com>

	gpg: Fix comparison.
	+ commit 14e5435afb50dc9a9243ff3e0aed5030beba2914
	* g10/gpgcompose.c (literal_name): Complain if passed zero arguments,
	not one or fewer.

2019-02-19  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Fix cancellation handling for scdaemon.
	+ commit 005e951714ff62087b8c8802e05d14b7998826f3
	* agent/call-scd.c (cancel_inquire): Remove.
	(agent_card_pksign, agent_card_pkdecrypt, agent_card_writekey)
	(agent_card_scd): Don't call cancel_inquire.

	scd: Distinguish cancel by user and protocol error.
	+ commit 90e5f49b6a2e002d3c67a041a076f07aeb7a7f54
	* scd/apdu.h (SW_HOST_CANCELLED): New.
	* scd/apdu.c (host_sw_string): Support SW_HOST_CANCELLED.
	(pcsc_error_to_sw): Return SW_HOST_CANCELLED for PCSC_E_CANCELLED.
	* scd/iso7816.c (map_sw): Return GPG_ERR_INV_RESPONSE for
	SW_HOST_ABORTED and GPG_ERR_CANCELED for SW_HOST_CANCELLED.

	common: Fix gnupg_wait_processes.
	+ commit 6e422b5135c71f8fa859a3f4de51bf89e3ff5ac6
	* common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
	even if we already see an error.

2019-02-14  Ingvar Hagelund  <ingvar@redpill-linpro.com>

	po: Correct a simple typo in the Norwegian translation.
	+ commit a09bba976d2f5694011a9291189a70a0f3c4caae


2019-02-12  Werner Koch  <wk@gnupg.org>

	Release 2.2.13.
	+ commit 7922e2dd1c7eee48a8a2cf4799827942489ddd0f


2019-02-11  Werner Koch  <wk@gnupg.org>

	sm: In --gen-key with "key from card" show also the algorithm.
	+ commit d1bee9d1efa28fa9d35b7eed1e616c6362fd044e
	* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Get and show algo.

	common: Provide function to get public key algo names in our format.
	+ commit d29d73264f607642281fb701a17015306c8fc4d7
	* common/sexputil.c (pubkey_algo_string): New.

	common: New functions get_option_value and ascii_strupr.
	+ commit ee8d1a9e6c09b3ecc4b46f47b79358f78d458916
	* common/server-help.c (get_option_value): New.
	* common/stringhelp.c (ascii_strupr): New.

	scd: Make app_genkey and supporting ISO function more flexible.
	+ commit 14816c798099925e47908e7ce415412d72fbe28e
	* scd/app.c (app_genkey): Add arg keytype.
	* scd/app-common.h (struct app_ctx_s): Fitto for the genkey member.
	* scd/command.c (cmd_genkey): Adjust for change.
	* scd/iso7816.c (do_generate_keypair): Replace arg read_only by new
	args p1 and p2.
	(iso7816_read_public_key): Adjust for this.
	(iso7816_generate_keypair): Add new args p1 and p2.
	* scd/app-openpgp.c (do_genkey): Adjust for changes.

	scd: Fix parameter name of app_change_key.
	+ commit c075274aac0ffd388df638548b75a7d90e7e929d
	* scd/app-common.h (APP_GENKEY_FLAG_FORCE): New.
	* scd/app.c (app_change_pin): Rename arg reset_mode to flags and
	change from int to unsigned int.

	scd: Allow standard keyref scheme for app-openpgp.
	+ commit 6651a0640d0f1b4dd161210dc55974d9b93b7253
	* scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with
	"OPENPGP."

	gpg: Emit an ERROR status if no key was found with --list-keys.
	+ commit 14ea581a1c040b53b0ad4c51136a7948363b1e4b
	* g10/keylist.c (list_one): Emit status line.

2019-02-06  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit c16685b2f5021105ef0560cb3db68ef43bcdb9c1


	agent: Clear bogus pinentry cache, when it causes an error.
	+ commit 9109bb9919f84d5472b7e62e84b961414a79d3c2
	* agent/agent.h (PINENTRY_STATUS_*): Expose to public.
	(struct pin_entry_info_s): Add status.
	* agent/call-pinentry.c (agent_askpin): Clearing the ->status
	before the loop, let the assuan_transact set ->status.  When
	failure with PINENTRY_STATUS_PASSWORD_FROM_CACHE, it returns
	soon.
	* agent/findkey.c (unprotect): Clear the pinentry cache,
	when it causes an error.

	dirmngr: Fix initialization of assuan's nPth hook.
	+ commit 7f4c3eb0a039621c564b6095ab5f810524843157
	* dirmngr/dirmngr.c (main): Move assuan_set_system_hooks to...
	(thread_init): ... here.

2019-01-30  Werner Koch  <wk@gnupg.org>

	gpg: Allow generating Ed25519 key from an existing key.
	+ commit 31d2a1eecaee766919b18bc42b918d9168f601f8
	* g10/misc.c (map_pk_gcry_to_openpgp): Add EdDSA mapping.

2019-01-29  Werner Koch  <wk@gnupg.org>

	gpg: Implement searching keys via keygrip.
	+ commit 5e5f3ca0c2e08185a236b4d04b318f81004e3223
	* kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field grip.
	* kbx/keybox-openpgp.c (struct keyparm_s): New.
	(keygrip_from_keyparm): New.
	(parse_key): Compute keygrip.
	* kbx/keybox-search.c (blob_openpgp_has_grip): New.
	(has_keygrip): Call it.

	common: Provide some convenient OpenPGP related constants.
	+ commit b78f293cf06f447d1d0a5c416ac129a4e1cf9f8c
	* common/openpgpdefs.h (OPENPGP_MAX_NPKEY): New.
	(OPENPGP_MAX_NSKEY): New.
	(OPENPGP_MAX_NSIG): New.
	(OPENPGP_MAX_NENC): New.
	* g10/packet.h: Define PUBKEY_MAX using the new consts.

	(cherry picked from commit f382984966a31a4cbe572bce5370590c5490ed1e)

	common: New helper functions for OpenPGP curve OIDs.
	+ commit dddbb26155f292fde2909ecc84b62b693b6dea49
	* common/openpgp-oid.c (openpgp_oidbuf_to_str): Factor most code out
	to ...
	(openpgp_oidbuf_to_str): new.
	(openpgp_oidbuf_is_ed25519): New.
	(openpgp_oidbuf_is_cv25519): New.

2019-01-22  Werner Koch  <wk@gnupg.org>

	scd: Add option --clear to PASSWD.
	+ commit d4082ff430afe670510d2c1c7ea66ee9ddcbe505
	* scd/command.c (cmd_passwd): Add option --clear.
	(send_status_printf): New.
	* scd/app-common.h (APP_CHANGE_FLAG_CLEAR): New.
	* scd/app-nks.c (do_change_pin): Return an error if that option is
	used.
	* scd/app-openpgp.c (do_change_pin): Ditto.

	scd: One new and one improved 7816 function.
	+ commit 9309175de8c76de44021c25c7885355ff1a9b67b
	* scd/apdu.c (apdu_send_direct): New arg R_SW.
	* scd/command.c (cmd_apdu): Ditto.
	* scd/iso7816.c (iso7816_apdu_direct): New arg R_SW.
	(iso7816_general_authenticate): New.
	* scd/app-nks.c (get_chv_status, get_nks_version): Pass NULL for new
	arg.

	ssh: Simplify the curve name lookup.
	+ commit 11a65159f997ccd69ecb9d867c1f3d0c4d8837d6
	* agent/command-ssh.c (struct ssh_key_type_spec): Add field
	alt_curve_name.
	(ssh_key_types): Add some alternate curve names.
	(ssh_identifier_from_curve_name): Lookup also bey alternative names
	and return the canonical name.
	(ssh_key_to_blob): Simplify the ECDSA case by using gcry_pk_get_curve
	instead of the explicit mapping.
	(ssh_receive_key): Likewise.  Use ssh_identifier_from_curve_name to
	validate the curve name.  Remove the reverse mapping because since
	GnuPG-2.2 Libgcrypt 1.7 is required.
	(ssh_handler_request_identities): Log an error message.

	gpg: Stop early when trying to create a primary Elgamal key.
	+ commit f5d3b982e44c5cfc60e9936020102a598b635187
	* g10/misc.c (openpgp_pk_test_algo2): Add extra check.

2019-01-17  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix for USB INTERRUPT transfer.
	+ commit 9dc76d599cd4c86d3c187d078daad1144a92564c
	* scd/ccid-driver.c (intr_cb): When LIBUSB_TRANSFER_NO_DEVICE,
	just handle this event as failure.

2018-12-19  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Fix message for ACK button.
	+ commit 80a08b655f8f5e7a7d78b766f1770fd474081a48
	* agent/divert-scd.c (getpin_cb): Display correct message.

2018-12-18  Werner Koch  <wk@gnupg.org>

	Silence compiler warnings new with gcc 8.
	+ commit 21fc089148678f59edb02e0e16bed65b709fb972
	* dirmngr/dns.c: Include gpgrt.h.  Silence -Warray-bounds also gcc.
	* tests/gpgscm/scheme.c: Include gpgrt.h.
	(Eval_Cycle): Ignore -Wimplicit-fallthrough.

	wks: Do not use compression for the encrypted data.
	+ commit 16424d8a34c7f6af1071fd19dfc180cb7d17c052
	* tools/gpg-wks-client.c (encrypt_response): Add arg -z0.
	* tools/gpg-wks-server.c (encrypt_stream): Ditto.

2018-12-18  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit ae9159e0685098ee97d6f526666524423f4a0fff


	scd: Support "acknowledge button" feature.
	+ commit ffe31f405f9b5e4929e95c3d66c613052cb7727e
	* scd/apdu.c (set_prompt_cb): New member function.
	(set_prompt_cb_ccid_reader): New function.
	(open_ccid_reader): Initialize with set_prompt_cb_ccid_reader.
	(apdu_set_prompt_cb): New.
	* scd/app.c (lock_app, unlock_app): Add call to apdu_set_prompt_cb.
	* ccid-driver.c (ccid_set_prompt_cb): New.
	(bulk_in): Call ->prompt_cb when timer extension.
	* scd/command.c (popup_prompt): New.

	agent: Support --ack option for POPUPPINPADPROMPT.
	+ commit e6be36ee8854dc343a5e0f914991da3da360b513
	* agent/divert-scd.c (getpin_cb): Support --ack option.

2018-12-14  Werner Koch  <wk@gnupg.org>

	Release 2.2.12.
	+ commit 7d8f4ee7cf56eda988acdc909160cbac71bff18a


2018-12-11  Werner Koch  <wk@gnupg.org>

	agent: Make the S2K calibration time runtime configurable.
	+ commit de29a50e7c8a779ac0832a149bcf3eb2c4191dc9
	* agent/protect.c (s2k_calibration_time): New file global var.
	(calibrate_s2k_count): Use it here.
	(get_calibrated_s2k_count): Replace function static var by ...
	(s2k_calibrated_count): new file global var.
	(set_s2k_calibration_time): New function.
	* agent/gpg-agent.c (oS2KCalibration): New const.
	(opts): New option --s2k-calibration.
	(parse_rereadable_options): Parse that option.

2018-12-11  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	agent: compile-time configuration of s2k calibration.
	+ commit 0cf0f3aaf835d29848f1485df357606254ba6fad
	* configure.ac: add --with-agent-s2k-calibration=MSEC, introduces
	AGENT_S2K_CALIBRATION (measured in milliseconds)
	* agent/protect.c (calibrate_s2k_count): Calibrate based on
	AGENT_S2K_CALIBRATION.

	(cherry picked from commit 926d07c5fa05de05caef3a72b6fe156606ac0549)

2018-12-11  Werner Koch  <wk@gnupg.org>

	dirmngr: Retry another server from the pool on 502, 503, 504.
	+ commit e5abdb6da7fa7cd4d146c7285b160277511bc230
	* dirmngr/ks-engine-hkp.c (handle_send_request_error): Add arg
	http_status and handle it.
	(ks_hkp_search): Get http_status froms end_request and pass on to
	handle_send_request_error.
	(ks_hkp_get): Ditto.
	(ks_hkp_put): Ditto.

	dirmngr: New function http_status2string.
	+ commit b9d71ea64a694582739c18cfef9621b36d5371e9
	* dirmngr/http.c (http_status2string): New.

	gpg: In search-keys return "Not found" instead of "No Data".
	+ commit f7ff25edadd474f83fccba6fd3c410eb8358bb22
	* g10/keyserver.c (keyserver_search): Check for NO_DATA.

2018-12-11  Tomi Leppänen  <tomi.leppanen@jolla.com>

	tools: Use POSIX compatible arguments for find.
	+ commit dfcc5e6d3ec91f547feb78e442946e729b49878c
	* tools/addgnupghome (filelist): Remove bashism.

2018-12-06  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Make "learn" report about KDF data object.
	+ commit d4bc8051525a33b28b1e33daf35d79c1d6cd9c41
	* scd/app-openpgp.c (do_learn_status): Report KDF attr.
	* g10/card-util.c (current_card_status): Output KDF for with_colons.

	card: Display if KDF is enabled or not.
	+ commit 751ff784e5316470f266750d299ae857ad7840d8
	* g10/call-agent.h (kdf_do_enabled): New field.
	* g10/call-agent.c (learn_status_cb): Set kdf_do_enabled if available.
	* g10/card-util.c (current_card_status): Inform the availability.

	g10: Fix memory leak for --card-status.
	+ commit 293001e2c6f0e228ff7f1b6a3e2606ae1370a5d5
	* g10/card-util.c (card_status): Release memory of serial number.

2018-12-05  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix print_pubkey_info new line output.
	+ commit c5aba093b86e7d69b34ddcf55130f8f21e889b5c
	* g10/keylist.c (print_pubkey_info): Reverse the condition.

2018-12-05  Werner Koch  <wk@gnupg.org>

	gpg: New list-option "show-only-fpr-mbox".
	+ commit 9b538451682c704b4036c0ecdb7e6b0ef8570016
	* g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox".
	* g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New.
	* g10/keylist.c (list_keyblock_simple): New.
	(list_keyblock): Call it.
	(list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX
	mode.

	wks: Fix filter expression syntax flaw.
	+ commit 80bf1f8901dcbbb2cb6cacc11cca98705ce8f59d
	* tools/wks-util.c (wks_get_key, wks_filter_uid): The filter
	expression needs a space before the value.
	(install_key_from_spec_file): Replace es_getline by es_read_line and
	remove debug output.

	wks: Allow reading of --install-key arguments from stdin.
	+ commit b6fd60dfa1709f162c25eb72cf8c45d0ab9bf34f
	* tools/wks-util.c (install_key_from_spec_file): New.
	(wks_cmd_install_key): Call it.
	* tools/gpg-wks-client.c (main): Allow --install-key w/o arguments.
	* tools/gpg-wks-server.c (main): Ditto.

	(cherry picked from commit ba46a359b9d6549b74ec8401ea39bad434d87564)

	wks: Create sub-directories.
	+ commit bf29d7c822264a40f1469c7b5024d93b955a3a1e
	* tools/wks-util.c (wks_compute_hu_fname): Stat and create directory
	if needed.

	(cherry picked from commit 73e5b0ec9b9ba5e04e55f8c42d81e23df7c3afe0)

	wks: Add new commands --install-key and --remove-key to the client.
	+ commit 5b4aa8c6d4abfa3135ec3ab23decf9bdd624df3e
	* tools/gpg-wks-client.c (aInstallKey, aRemoveKey, oDirectory): New.
	(opts): Add "--install-key", "--remove-key" and "-C".
	(parse_arguments): Parse them.
	(main): Check that the given directory exists.  Implement the new
	commands.

	wks: Move a few server functions to wks-util.
	+ commit 51b722c6f57b80a3b9caa417b7a74e7fab80043f
	* tools/gpg-wks-server.c (write_to_file): Move to ...
	* tools/wks-util.c: here.
	* tools/gpg-wks-server.c (compute_hu_fname): Move to ...
	* tools/wks-util.c (wks_compute_hu_fname): here.
	* tools/gpg-wks-server.c (fname_from_userid): Move to ...
	* tools/wks-util.c (wks_fname_from_userid): here.
	* tools/gpg-wks-server.c (command_install_key): Move to ...
	* tools/wks-util.c (wks_cmd_install_key): here and change caller.
	* tools/gpg-wks-server.c (command_remove_key): Move to ...
	* tools/wks-util.c (wks_cmd_remove_key): here and change callers.

	(cherry picked from commit 99094c992c20dd22971beb3527cfda109cd1df89)

2018-12-05  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	g10/mainproc: disable hash contexts when --skip-verify is used.
	+ commit 6008410e512cb74a4a2ad3f6e3fce4669e4f7e2c
	* g10/mainproc.c (proc_plaintext): Do not enable hash contexts when
	opt.skip_verify is set.

	common/iobuf: fix memory wiping in iobuf_copy.
	+ commit ebd434a45eefd34bd9d9f875f22a74a47b88dd5f
	* common/iobuf.c (iobuf_copy): Wipe used area of buffer instead of
	first sizeof(char*) bytes.

	common: Use platform memory zeroing function for wipememory.
	+ commit 21fdef6963539680a16b68b7536378bdaa8dea85
	* common/mischelp.h (wipememory): Replace macro with function
	prototype.
	(wipememory2): Remove.
	* common/mischelp.c (wipememory): New.
	* configure.ac (AC_CHECK_FUNCS): Check for 'explicit_bzero' and
	remove duplicated checks.

2018-12-05  Werner Koch  <wk@gnupg.org>

	gpg: Improve error message about failed keygrip computation.
	+ commit edeebe0a6b9a49d2291d6351d52c5bc688d24cff
	* g10/keyid.c (keygrip_from_pk): Print the fingerprint on failure.

	(cherry picked from commit cd64af003d4b6b46b69dbd575f73d53359ae0bcc)

2018-11-23  Werner Koch  <wk@gnupg.org>

	dirmngr: Avoid possible CSRF attacks via http redirects.
	+ commit 4a4bb874f63741026bd26264c43bb32b1099f060
	* dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path.
	(http_redir_info_t): New.
	* dirmngr/http.c (do_parse_uri): Set new fields.
	(same_host_p): New.
	(http_prepare_redirect): New.
	* dirmngr/t-http-basic.c: New test.
	* dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect
	instead of the open code.
	* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.

2018-11-12  Andre Heinecke  <aheinecke@intevation.de>

	dirmngr: Add FLUSHCRLs command.
	+ commit 00321a025f90990a71b60b4689ede1f38fbde347
	Summary:
	* dirmngr/crlcache.c (crl_cache_flush): Also deinit the cache.
	* dirmngr/server.c (hlp_flushcrls, cmd_flushcrls): New.
	(register_commands): Add FLUSHCRLS.

2018-11-06  Werner Koch  <wk@gnupg.org>

	Release 2.1.11.
	+ commit cb46b787571ef149856be03b8c3481bb79871698


2018-11-06  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix print_keygrip for smartcard.
	+ commit 627839ea88da11a9e8d033e3c91bdf5a048b15c3
	* g10/card-util.c (print_keygrip): Use tty_fprintf.

2018-11-05  Werner Koch  <wk@gnupg.org>

	wks: New option --with-colons for gpg-wks-client.
	+ commit 66e0bd37ee3dd5ab534b2664493576ef6ad15a08
	* tools/gpg-wks.h (opt): Add field with_colons.
	* tools/gpg-wks-client.c (oWithColons): New const.
	(opts, parse_arguments): Add option --with-colons.
	(main): Change aSupported to take several domains in --with-colons
	mode.
	(command_send): Factor policy getting code out to ...
	(get_policy_and_sa): New function.
	(command_supported): Make use of new function.

	speedo: Remove obsolete configure option of gpgme.
	+ commit 593895a5e495c4647efa7db164356f3cae3d5759
	* build-aux/speedo.mk (speedo_pkg_gpgme_configure): Remove
	--disable-w32-qt option.

	dirmngr: In verbose mode print the OCSP responder id.
	+ commit 50756927ce6247abc2fadefbc76c58b75c8a7586
	* dirmngr/ocsp.c (ocsp_isvalid): Print the responder id.

	(cherry picked from commit 0a7f446c189201ca6e527af08b44da756b343209)

	tools: Replace duplicated code in mime-maker.
	+ commit d5f540e7a9b3a723ba787e3a587fcd1b0948f105
	* tools/rfc822parse.c (HEADER_NAME_CHARS): New.  Taken from
	mime-maker.c.
	(rfc822_valid_header_name_p): New.  Based on code from mime-maker.c.
	(rfc822_capitalize_header_name): New.  Copied from mime-maker.c.
	(capitalize_header_name): Remove.  Replace calls by new func.
	(my_toupper, my_strcasecmp): New.
	* tools/mime-maker.c: Include rfc822parse.h.
	(HEADER_NAME_CHARS, capitalize_header_name): Remove.
	(add_header): Replace check and capitalization by new functions.

	gpg: Don't take the a TOFU trust model from the trustdb,
	+ commit 82cd7556fdce989aaacf91e0d369a62e4652f224
	* g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model.
	(create_version_record): Don't init as TOFU.
	(tdbio_db_matches_options): Don't indicate a change in case TOFU is
	stored in an old trustdb file.

	dirmngr: Emit SOURCE status also on NO_DATA.
	+ commit ab7a907a184f37ddafaa0dc7200c76b735ba4853
	* dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on
	NO DATA error.
	(ks_hkp_get): Ditto.
	* g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info
	also on error.
	(gpg_dirmngr_ks_get): Ditto.

	dirmngr: Fix LDAP port parsing.
	+ commit 5ab58d3001b0342aecaf691b1af70b1f76426f55
	* dirmngr/misc.c (host_and_port_from_url): Fix bad port parsing and a
	segv for a missing slash after the host name.

2018-10-26  Werner Koch  <wk@gnupg.org>

	build: By default build wks-tools on all Unix platforms.
	+ commit 8a33d5c9c699d2145d39b362d580df67571c5f36
	(cherry picked from commit b83fed64f8051279a8f36e024c1f12f7f13c4716)

	wkd: Add option --directory to the server.
	+ commit 839426104a0c829f0182b22048fdc51cf295beb7
	* tools/gpg-wks-server.c (opts): Add '--directory',
	(main): Explain how to set correct permissions.
	(command_list_domains): Create an empty policy file and remove the
	warning for an empty policy file.

2018-10-25  Werner Koch  <wk@gnupg.org>

	dirmngr: Fix out of scope use of a var in the keyserver LDAP code.
	+ commit 26ebb15bec897a105b248680c1ddf1806592b1eb
	* dirmngr/ks-engine-ldap.c (extract_attributes): Don't use a variabale
	out of scope and cleanup the entire pgpKeySize block.

2018-10-24  Werner Koch  <wk@gnupg.org>

	agent: Fix possible uninitalized use of CTX in simple_pwquery.
	+ commit e53253485cd7ceb7012505a629d2cd997167ccab
	* common/simple-pwquery.c (agent_open): Clear CTX even on early error.

	agent: Fix possible release of unitialize var in a genkey error case.
	+ commit 62c75271173f83c5770576aae7b84f55a9ccbc16
	* agent/command.c (cmd_genkey): Initialize 'value'.

	ssh: Fix possible infinite loop in case of an read error.
	+ commit 147e59b7815daafb32b570a96f1d1925d0f37008
	* agent/command-ssh.c (ssh_handler_add_identity): Handle other errors
	than EOF.

	tools: Fix FILE memory leak in gpg-connect-agent.
	+ commit f1561e5196e54f11b18050eeaeda50e786d188c2
	* tools/gpg-connect-agent.c (do_open): dup the fileno and close the
	stream.

	(cherry picked from commit 378719f25fe00d46393541f4a4f79e04484c3000)

	sm: Use the correct string in an error message.
	+ commit 1b9b0fc54b9bcd5eb1e63816bd3222d7ac7572a7
	* sm/gpgsm.c (main): Fix error message.

2018-10-24  Andre Heinecke  <aheinecke@intevation.de>

	dirmngr: Only print info for no ldapserver file.
	+ commit 01baee2b0ef4f81ac6ffa55480e91168dd27b430
	* dirmngr/dirmngr.c (parse_ldapserver_file): Only print info
	for ENOENT.

2018-10-23  Andre Heinecke  <aheinecke@intevation.de>

	sm: Fix dirmngr loadcrl for intermediate certs.
	+ commit 6b36c16f77722d17f4f317c788701cbc1e9552b2
	* sm/call-dirmngr.c (run_command_inq_cb): Support ISTRUSTED.
	(inq_certificate): Distinguish unsupported inquiry error.

2018-10-22  Werner Koch  <wk@gnupg.org>

	dirmngr: Prepare for updated WKD specs with ?l= param.
	+ commit a2bd4a64e5b057f291a60a9499f881dd47745e2f
	* dirmngr/server.c (proc_wkd_get): Tack the raw local address to the
	request.

	gpg: Fix extra check for sign usage of a data signature.
	+ commit b0d6e26bf3c8decaa568c9e4a5b2451d9af0b25b
	* g10/sig-check.c (check_signature_end_simple):

2018-10-15  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix signing authentication status.
	+ commit 7e2b0488d13561be2b754e28801de654747a8dcc
	* scd/app-openpgp.c (do_sign): Clear DID_CHV1 after signing.

2018-10-02  NIIBE Yutaka  <gniibe@fsij.org>

	common: Fix gnupg_reopen_std.
	+ commit 8f844ae1cd16e27ad07d45784b1f0ff2917da2b8
	* common/sysutils.c (gnupg_reopen_std): Use fcntl instead of fstat.

2018-09-10  NIIBE Yutaka  <gniibe@fsij.org>

	common: Use iobuf_get_noeof to avoid undefined behaviors.
	+ commit 0383e7fed7b2a45c7f0ae4c11415c6a9a3a3ddb7
	* common/iobuf.c (block_filter): Use iobuf_get_noeof.

	agent: Fix error code check from npth_mutex_init.
	+ commit 213379debe5591dad6339aa95aa7282e0de620f9
	* agent/call-pinentry.c (initialize_module_call_pinentry): It's an
	error when npth_mutex_init returns non-zero.

2018-09-07  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix memory leak.
	+ commit 91f8a9b33a1282cbf00cb4b71b177088f0d923d7
	* g10/import.c (read_block): Call free_packet to skip the packet.

2018-09-06  NIIBE Yutaka  <gniibe@fsij.org>

	Fix use of strncpy, which is actually good to use memcpy.
	+ commit f0fdee2e24a25f57a84e1684984ce3921d923e0a
	* common/ssh-utils.c (get_fingerprint): Use memcpy.
	* g10/build-packet.c (string_to_notation): Use memcpy.

2018-08-30  Werner Koch  <wk@gnupg.org>

	Release 2.2.10.
	+ commit 24697074f44c18eeeedbc1e09d35f56504c57a1f


2018-08-30  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit 2f5ba3a6c19b7a514488be01b7683287d74545d3


2018-08-29  Werner Koch  <wk@gnupg.org>

	gpg: Explain error message in key generation with --batch.
	+ commit a9931b3c052ee9025705a8ef1f0cdd5f20aeda70
	* g10/keygen.c (generate_keypair): Show more info.

	gpg: Remove unused function get_pubkeys.
	+ commit 719fc941b6eceb75c2326335d9d73011823ff3f9
	* g10/getkey.c (get_pubkeys): Remove.
	(pubkey_free): Remove and use code directly ...
	(pubkeys_free): ... here.

	(cherry picked from commit ed8fe21e6612401846fc4af8631f0136dc633c67)

	gpg: New option --known-notation.
	+ commit a59a9962f48f828ea7d22362dfa6d82841551110
	* g10/gpg.c (oKnownNotation): New const.
	(opts): Add option --known-notation.
	(main): Set option.
	* g10/parse-packet.c (known_notations_list): New local var.
	(register_known_notation): New.
	(can_handle_critical_notation): Rewrite to handle the new feature.
	Also print the name of unknown notations in verbose mode.

2018-08-28  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit b02ad56a9041273df58ded4cc70cf5ffa9e58c16


2018-08-28  Werner Koch  <wk@gnupg.org>

	assuan: Fix exponential decay for first second.
	+ commit 38eb7c360bc4867cbaf37e3c2c0865bc6452ba4a
	* common/asshelp.c (wait_for_sock): Round SECSLEFT.
	* dirmngr/dirmngr.c (main): Take care of --debug-wait also in dameon
	mode.
	* common/sysutils.c (gnupg_usleep) [HAVE_NANOSLEEP]: Fix nanosleep use.

2018-08-28  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	assuan: Use exponential decay for first 1s of spinlock.
	+ commit 1189df2cd7d4b6896ba22aa204c159ff2a425ead
	* common/asshelp.c (wait_for_sock): instead of checking the socket
	every second, we check 10 times in the first second (with exponential
	decay).

	assuan: Reorganize waiting for socket.
	+ commit a22a55b994e06dd06157fbdabf5a402d8daf69c2
	* common/asshelp.c (wait_for_sock): New function, collecting
	codepaths from...
	(start_new_gpg_agent) here and...
	(start_new_dirmngr) here.

2018-08-28  Werner Koch  <wk@gnupg.org>

	gpg: Refresh expired keys originating from the WKD.
	+ commit 0709f358cd13abc82e0f97f055fcaa712f0fd44f
	* g10/getkey.c (getkey_ctx_s): New field found_via_akl.
	(get_pubkey_byname): Set it.
	(only_expired_enc_subkeys): New.
	(get_best_pubkey_byname): Add support to refresh expired keys from the
	WKD.

	gpg: Remove unused arg from a function.
	+ commit 11a9fe1c5820b97d7e0f4b3e91f016df9dc466a9
	* g10/getkey.c (get_best_pubkey_byname): Remove unused arg 'no_akl'.
	Change both callers.

	(cherry picked from commit db67ccb759426c1173761574b14bdfe6a76394c2)

2018-08-10  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix undefined behavior when EOF in parsing packet for S2K.
	+ commit 822c633845066756b6442ca67b93b4b5c4316ca0
	* g10/parse-packet.c (parse_symkeyenc): Use iobuf_get_noeof.
	(parse_key): Likewise.

2018-07-29  Werner Koch  <wk@gnupg.org>

	gpg: Set a limit for a WKD import of 256 KiB.
	+ commit f1c0d9bb6506eee6a3ad93ef432fe6aa5b72aabd
	* g10/call-dirmngr.c (MAX_WKD_RESULT_LENGTH): New.
	(gpg_dirmngr_wkd_get): Use it.

	dirmngr: Validate SRV records in WKD queries.
	+ commit 8a98aa25bb4bdbfe53afd4534f6624454ca01ab0
	* dirmngr/server.c (proc_wkd_get): Check the returned SRV record names
	to mitigate rogue DNS servers.

	common: New function to validate domain names.
	+ commit 4f59187a17f16d559e37a375501a0add1ca7eee8
	* common/mbox-util.c (is_valid_domain_name): New.
	* common/t-mbox-util.c (run_dns_test): New test.

	(cherry picked from commit ddee9f9409fb5a089883eab0fadef7b9b7e61e72)

2018-07-29  Jiří Keresteš  <jiri.kerestes@trustica.cz>

	scd: Add support for Trustica Cryptoucan.
	+ commit d43248af9242d30e95f58285e4f2a2e927aae937
	(cherry picked from commit 967d3649d24aba623133808e8d01675dff389fbb)

2018-07-12  Werner Koch  <wk@gnupg.org>

	Release 2.2.9.
	+ commit 2b82db61ccfe57d077dff43e0d732b51c73e1a45


2018-07-09  Werner Koch  <wk@gnupg.org>

	gpg: Remove multiple subkey bindings during export-clean.
	+ commit 61562fe00027a4263f53661ad279072bd0b0133e
	* g10/key-clean.c (clean_one_subkey_dupsigs): New.
	(clean_all_subkeys): Call it.

	gpg: Let export-clean remove expired subkeys.
	+ commit 8055f186a32e628028de897b7ee4705cd8e999b7
	* g10/key-clean.h (KEY_CLEAN_NONE, KEY_CLEAN_INVALID)
	(KEY_CLEAN_ENCR, KEY_CLEAN_AUTHENCR, KEY_CLEAN_ALL): New.
	* g10/key-clean.c (clean_one_subkey): New.
	(clean_all_subkeys): Add arg CLEAN_LEVEL.
	* g10/import.c (import_one): Call clean_all_subkeys with
	KEY_CLEAN_NONE.
	* g10/export.c (do_export_stream): Call clean_all_subkeys depedning on
	the export clean options.

	gpg: Split key cleaning function for clarity.
	+ commit 046276db3a04f1907ddcf77c3771832613918226
	* g10/key-clean.c (clean_key): Rename to clean_all_uids and split
	subkey cleaning into ...
	(clean_all_subkeys): new.  Call that always after the former clean_key
	invocations.

	gpg: Move key cleaning functions to a separate file.
	+ commit 40bf383f72b5629de739e30c9c35bbcb628273e8
	* g10/trust.c (mark_usable_uid_certs, clean_sigs_from_uid)
	(clean_uid_from_key, clean_one_uid, clean_key): Move to ...
	* g10/key-clean.c: new file.
	* g10/key-clean.h: New.
	* g10/Makefile.am (gpg_sources): Add new files.
	* g10/export.c, g10/import.c, g10/keyedit.c, g10/trustdb.c: Include
	new header.
	* g10/trustdb.h (struct key_item, is_in_klist): Move to ...
	* g10/keydb.h: here.

2018-07-06  Werner Koch  <wk@gnupg.org>

	gpg: Allow decryption using several passphrases in may cases.
	+ commit b4599a0449ead7dc5c0d922aa78b6168e625e15e
