2019-11-25  Werner Koch  <wk@gnupg.org>

	Release 2.2.18.
	+ commit 82b9e1bdbdd756290b8873b3e244dcc8d1f840fb


	tests: Adjust for now invalid SHA-1 key signatures.
	+ commit 8e49fc7f43ecfe44dac57d97c555e2cbc7eb8e9a
	* tests/openpgp/defs.scm (create-gpghome): Add
	allow-weak-key-signatures.

	agent: Improve --debug-pinentry diagnostics.
	+ commit 96c4943a5bd070772d8be7bb7db8548840af5f8f
	* agent/call-pinentry.c (atfork_cb): Factor code out to ...
	(atfork_core): new.

2019-11-23  Werner Koch  <wk@gnupg.org>

	wkd: Let --install-key write a template policy file.
	+ commit 6e893061b54ddd38e83531f5513e3168d0002e41
	* tools/wks-util.c (ensure_policy_file): New.
	(wks_cmd_install_key): Call it.

2019-11-18  Werner Koch  <wk@gnupg.org>

	dirmngr,gpg: Better diagnostic in case of bad TLS certificates.
	+ commit 3efc94f1eb17eb5c5950c2fab9f701518352ae19
	* doc/DETAILS: Specify new status code "NOTE".
	* dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a
	bad TLS certificate.
	* g10/call-dirmngr.c (ks_status_cb): Detect this status.

	dirmngr: Forward http redirect warnings to gpg.
	+ commit 4dd50991252409eb2023ab8ad11f36a050f421af
	* dirmngr/http.c: Include dirmngr-status.h
	(http_prepare_redirect): Emit WARNING status lines for redirection
	problems.
	* dirmngr/http.h: Include fwddecl.h.
	(struct http_redir_info_s): Add field ctrl.
	* dirmngr/ks-engine-hkp.c (send_request): Set it.
	* dirmngr/ks-engine-http.c (ks_http_fetch): Set it.
	* g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings.

	dirmngr: Factor some prototypes out to dirmngr-status.h.
	+ commit 466bdf7c07f4ebfc69d503f85b9423f2f6440682
	* dirmngr/dirmngr-status.h: New.
	* dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes
	to that file.
	* dirmngr/t-support.c: New.
	* dirmngr/Makefile.am (t_common_src): Add new file.

2019-11-15  NIIBE Yutaka  <gniibe@fsij.org>

	scd,ccid: Add support of GEMPC_EZIO.
	+ commit 9b41f58c8a549055fa6bf7e21e2931b86f4da776
	* scd/ccid-driver.h (GEMPC_EZIO): New.
	* scd/ccid-driver.c (ccid_transceive_secure): Support GEMPC_EZIO.

2019-11-12  Werner Koch  <wk@gnupg.org>

	dirmngr: Use IPv4 or IPv6 interface only if available.
	+ commit 392e068e9f143d41f6350345619543cbcd47380f
	* dirmngr/dns-stuff.c (cached_inet_support): New variable.
	(dns_stuff_housekeeping): New.
	(check_inet_support): New.
	* dirmngr/http.c (connect_server): Use only detected interfaces.
	* dirmngr/dirmngr.c (housekeeping_thread): Flush the new cache.

2019-11-11  Werner Koch  <wk@gnupg.org>

	gpg: Forbid the creation of SHA-1 third-party key signatures.
	+ commit 754a03f5a279964af62025d11d92391e650fddb7
	* g10/sign.c (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): New.
	(do_sign): Add arg signhints and inhibit SHA-1 signatures.  Change
	callers to pass 0.
	(complete_sig): Add arg signhints and pass on.
	(make_keysig_packet, update_keysig_packet): Set signhints.

	gpg: Add option --allow-weak-key-signatures.
	+ commit 3b1fcf65239d9c73cc54760ea52a5749e024fa76
	* g10/gpg.c (oAllowWeakKeySignatures): New.
	(opts): Add --allow-weak-key-signatures.
	(main): Set it.
	* g10/options.h (struct opt): Add flags.allow_weak_key_signatures.
	* g10/misc.c (print_sha1_keysig_rejected_note): New.
	* g10/sig-check.c (check_signature_over_key_or_uid): Print note and
	act on new option.

2019-11-07  Werner Koch  <wk@gnupg.org>

	gpg: Fix a potential loss of key sigs during import with self-sigs-only.
	+ commit 2975868ede40ce8b8a0d20e7f0e4cd687772f9d0
	* g10/import.c (import_one_real): Don't do the final clean in the
	merge case.

2019-10-15  Werner Koch  <wk@gnupg.org>

	gpg: Also delete key-binding signature when deleting a subkey.
	+ commit d8052db74a0d2e6a55cf104e0ecb1868936bd09c
	* g10/delkey.c (do_delete_key): Simplify and correct subkey deletion.

2019-10-15  NIIBE Yutaka  <gniibe@fsij.org>

	Revert "gpg: The first key should be in candidates."
	+ commit 2906636b929f08fdf342560834d920e8e8153458
	This reverts commit 66eb953f43800a91c4280ae8fd49f6dc8cf74578.

2019-10-15  Werner Koch  <wk@gnupg.org>

	gpg: Extend --quick-gen-key for creating keys from a card.
	+ commit 652ca4b2bf985546baa70754f66eab3840cf2820
	* g10/keygen.c (parse_key_parameter_part): Add arg R_KEYGRIP and
	support the special algo "card".
	(parse_key_parameter_string): Add args R_KEYGRIP and R_SUBKEYGRIP.
	Handle the "card" algo.  Adjust callers.
	(parse_algo_usage_expire): Add arg R_KEYGRIP.
	(quickgen_set_para): Add arg KEYGRIP and put it into the parameter
	list.
	(quick_generate_keypair): Handle algo "card".
	(generate_keypair): Also handle the keygrips as returned by
	parse_key_parameter_string.
	(ask_algo): Support ed25519 from a card.

2019-10-15  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit fe02709ffd3c41fe84b90cda96edd12e6b836741


	gpg: The first key should be in candidates.
	+ commit 66eb953f43800a91c4280ae8fd49f6dc8cf74578
	* g10/getkey.c (get_best_pubkey_byname): Handle the first key
	as the initial candidate for the selection.

	gpg: Fix a memory leak in get_best_pubkey_byname.
	+ commit 2924ac374eb8cbf87ed6c9fbbb72c0b8d1d37fa3
	* g10/getkey.c (get_best_pubkey_byname): Free the public key parts.

2019-10-03  Werner Koch  <wk@gnupg.org>

	gpg: Be prepared for chosen-prefix SHA-1 collisions in key signatures.
	+ commit edc36f59fcfcb4b896a53530345d586f7e5df560
	* g10/sig-check.c (check_signature_over_key_or_uid): Reject cewrtain
	SHA-1 based signatures.

2019-09-06  Werner Koch  <wk@gnupg.org>

	gpg: Make --quiet work on --send-keys.
	+ commit de57b5bf91d64f8843a68d1950bd12aecc82f8c1
	* g10/keyserver.c (keyserver_put): Act upon --quiet.

2019-08-23  Werner Koch  <wk@gnupg.org>

	gpg: Implement keybox compression run.
	+ commit b5f7ac6c368a07b3d35191bf56fdf58145c4e44b
	* kbx/keybox-init.c (keybox_lock): Add arg TIMEOUT and change all
	callers to pass -1.
	* g10/keydb.c (keydb_add_resource): Call keybox_compress.

	kbx: Include deleted records into the --stats output.
	+ commit 34f55c5e348d4bf9894c24988e6856b411ba05de
	* kbx/keybox-dump.c (_keybox_dump_file): Take deleted records in
	account.

	kbx: Allow "gpgsm --faked-system-time" to kick off a compression run.
	+ commit e854580fa562c423f3d977318b515fb4d186f99a
	* kbx/keybox-update.c (keybox_compress): Use make_timestamp.

	gpg: Allow --locate-external-key even with --no-auto-key-locate.
	+ commit df6cff8233aa281d150861a26cd262a8a15c73e7
	* g10/getkey.c (akl_empty_or_only_local): New.
	* g10/gpg.c (DEFAULT_AKL_LIST): New.
	(main): Use it here.
	(main) <aLocateExtKeys>: Set default AKL if none is set.

	gpg: Silence some warning messages during -Kv.
	+ commit 589f1187137cb14da1d16be1fdaf8f1ac2c2d436
	* g10/options.h (glo_ctrl): Add flag silence_parse_warnings.
	* g10/keylist.c (list_all): Set that during secret key listsings.
	* g10/parse-packet.c (unknown_pubkey_warning): If new flag is set do
	 not print info message normally emitted inh verbose mode.
	(can_handle_critical_notation, enum_sig_subpkt): Ditto.
	(parse_signature, parse_key, parse_attribute_subpkts): Ditto.

	gpg: Do not show an informational diagnostics with quiet.
	+ commit 215858aba342e6f2b9a7c93f579638279af3a561
	* g10/trustdb.c (verify_own_keys): Silence informational diagnostic.

	gpgconf: Suggest the use of --gpgconf-test on --launch problems.
	+ commit 7c386c5fb5aebbbb36daf61c25d20e6888123994
	* tools/gpgconf-comp.c (gc_component_launch): Change suggestion.

2019-08-21  Werner Koch  <wk@gnupg.org>

	scd:nks: Extend keypairinfo with usage flags.
	+ commit 0a9053eff0406c6799ee201013194200c0ed3487
	* scd/app-nks.c (do_learn_status_core): Return usage.

	scd:openpgp: Extend keypairinfo with usage flags.
	+ commit 6f67abcc0339b42a181285b3416959c39a2d7808
	* scd/app-openpgp.c (send_keypair_info): Return usage.

	sm: Show the usage flags when generating a key from a card.
	+ commit a8aacaf2042a72760e6eaf35e65bfd6d42e642f0
	* g10/call-agent.c (scd_keypairinfo_status_cb): Also store the usage
	flags.
	* sm/call-agent.c (scd_keypairinfo_status_cb): Ditto.
	* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Print the usage flags.

	(cherry picked from commit 9ed1aa56c4bbf44e00b731d6807ada9e95c91bd7)

	gpg: Allow decryption using non-OpenPGP cards.
	+ commit 9a317557c58d2bdcc504b70c366b77f4cac71df7
	* g10/call-agent.c (struct getattr_one_parm_s): New.
	(getattr_one_status_cb): New.
	(agent_scd_getattr_one): New.
	* g10/pubkey-enc.c (get_it): Allow the standard leading zero byte from
	pkcs#1.
	* g10/getkey.c (enum_secret_keys): Move to...
	* g10/skclist.c (enum_secret_keys): here and handle non-OpenPGP cards.

	scd: New standard attributes $ENCRKEYID and $SIGNKEYID.
	+ commit 23784f8bf0ac6d6c52cb2de2f99f46017a92c11a
	* g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo.
	* sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto.
	* scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and
	"$SIGNKEYID".
	* scd/app-nks.c (do_getattr): Add attributes too.

	gpg: Allow direct key generation from card with --full-gen-key.
	+ commit fbed618a3699bea131ce36949387af0fa3cf13f9
	* g10/call-agent.c (agent_scd_readkey): New.
	* g10/keygen.c (ask_key_flags): Factor code out to ..
	(ask_key_flags_with_mask): new.
	(ask_algo): New mode 14.

	common: Extend function pubkey_algo_string.
	+ commit 0353cb0a5edeef07330da1688b7801c073959185
	* common/sexputil.c (pubkey_algo_string): Add arg R_ALGOID.
	* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Adjust.

	(cherry picked from commit f952226043824cbbeb8517126b5266926121c4e8)

	Removed the changes in gpg-card which is not part of 2.2

	gpg: New option --use-only-openpgp-card.
	+ commit c185f6dfbd1bfd809369da789239a371e9d1610e
	* g10/gpg.c (opts): Add option.
	(main): Set flag.
	* g10/options.h: Add flags.use_only_openpgp_card.
	* g10/call-agent.c (start_agent): Implement option.

	gpg: Prepare card code to allow other than OpenPGP cards.
	+ commit fe5c8de862885c51d27c2dc9ea237846c5e57e8a
	* g10/call-agent.c (start_agent): Use card app auto selection.
	* g10/card-util.c (current_card_status): Print the Application type.
	(card_status): Put empty line between card listings.

	(cherry picked from commit e47524c34a2a9f53c2507f67a0b41b460cee78b7)

	gpg: New card function agent_scd_keypairinfo.
	+ commit 768cb6402f2941781262b9cb0a2aeecc89941f0f
	* g10/call-agent.c (scd_keypairinfo_status_cb)
	(agent_scd_keypairinfo): New.  Taken from gpgsm.

	(cherry picked from commit 0fad61de159acf39e38a04f28f162f0beb0e77d6)

	gpg: Remove two unused card related functions.
	+ commit c2f87a936afb7eba288d7e6558c24509cd6ab045
	* g10/call-agent.c (inq_writekey_parms): Remove.
	(agent_scd_writekey): Remove.
	(agent_clear_pin_cache): Remove this stub.

	(cherry picked from commit 334b16b868e771b983263ed20c200869e7e51198)

	gpg: Repurpose the ISO defined DO "sex" to "salutation".
	+ commit d410b5f9309607599c9ff45061fd1f02638a9a88
	* g10/card-util.c (current_card_status): String changes.
	(change_sex): Description change.
	(cmds): Add "salutation"; keep "sex" as an alias.

	gpg: Remove unused arg in a card related function.
	+ commit c66a2cc8d306e7d9d0b4450311f230f182762f93
	* g10/call-agent.c (agent_scd_setattr): Remove unused arg serialno.

	(cherry picked from commit 3a4534d82682f69788da3cf4a445e38fbaf6b98e)

2019-08-12  NIIBE Yutaka  <gniibe@fsij.org>

	common: Fix line break handling, finding a space.
	+ commit 6e6078c8d0d4a2947e2a34f1367e4472f6ae483b
	* common/name-value.c (assert_raw_value): Correctly find a space.

	sm: Support AES-256 key.
	+ commit a9816d5fb13edb30c5d12cf85ae3e1a114fcc2c1
	* sm/decrypt.c (prepare_decryption): Handle a case for AES-256.

	sm: Fix error checking of decryption result.
	+ commit ccf5cc8b0b6cee562f7d5598149abcde17440ed4
	* sm/call-agent.c (gpgsm_agent_pkdecrypt): Fix condition.

2019-08-12  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg,gpgsm: Handle pkdecrypt responses with/without NUL terminators.
	+ commit 64500e7f6dd63c793734e52e270b1ea23cfd1928
	* g10/call-agent.c (agent_pkdecrypt): accept but do not require
	NUL-terminated data from the agent.
	* sm/call-agent.c (gpgsm_agent_pkdecrypt): accept but do not require
	NUL-terminated data from the agent.

2019-08-12  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Handle CCID bwi of time extension.
	+ commit 879660bf4581d902cc1d1244091873c6c0225fa2
	* scd/ccid-driver.c (bulk_in): Increase timeout by the multiplier
	value as defined section 6.2.6 in CCID specification.

	scd: Fix bBWI value.
	+ commit f8961a576d3b5d69bb0e600a64553659ebef8ee7
	* scd/ccid-driver.c (ccid_transceive_apdu_level): Use bBWI=0 for APDU
	level transfer.
	(ccid_transceive): Use bBWI=0 or the value returend by WTX for TPDU
	level transfer.

	card: Fix showing KDF object attribute.
	+ commit 8e01676981206c209c0bfcb92633d9d2f06a2d90
	* g10/call-agent.c (learn_status_cb): Parse the KDF DO.
	* g10/card-util.c (current_card_status): Show it correctly.

2019-07-22  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: The option --passphrase= can be empty.
	+ commit b21133ba80f21ce93d5a4afe48027172d9fc1999
	* g10/gpg.c (opts): Use ARGPARSE_o_s for oPassphrase to allow
	empty string.

2019-07-16  NIIBE Yutaka  <gniibe@fsij.org>

	dirmngr: Don't add system CAs for SKS HKPS pool.
	+ commit 58e234fbeb6cc5908b69a73e50428f02e584e504
	* dirmngr/http.c [HTTP_USE_GNUTLS] (http_session_new): Clear
	add_system_cas.

	gpg: Improve import slowness.
	+ commit eb00a14f6d2de7c53487f39494c5cb9c0598fc96
	* g10/import.c (read_block): Avoid O(N^2) append.
	(sec_to_pub_keyblock): Likewise.

	gpg: Fix keyring retrieval.
	+ commit b7df72d3074b72cf8b537ac87416b6b719c1b1b7
	* g10/keyring.c (keyring_get_keyblock): Avoid O(N^2) append.

2019-07-12  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	doc: fix spelling.
	+ commit d10bb027e481b518e4bf13ba72d14933d6cbb8cb
	* doc/tools.texi: fix a handful of minor spelling errors.

2019-07-09  Werner Koch  <wk@gnupg.org>

	Release 2.2.17.
	+ commit 591523ec94b6279b8b39a01501d78cf980de8722


2019-07-09  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit ad0c61972a413987d2cc8ac8deb6a646b954ae05


2019-07-09  Werner Koch  <wk@gnupg.org>

	gpg: Do not try the import fallback if the options are already used.
	+ commit 3c2cf5ea952015a441ee5701c41dadc63be60d87
	* g10/import.c (import_one): Check options.

	gpg: Fix regression in option "self-sigs-only".
	+ commit b6effaf4669b2c3707932e3c5f2f57df886d759e
	* g10/import.c (read_block): Make sure KEYID is availabale also on a
	pending packet.

2019-07-05  Werner Koch  <wk@gnupg.org>

	gpg: With --auto-key-retrieve prefer WKD over keyservers.
	+ commit 3242837d203a7b90b92952e63ee160a5a41764c0
	* g10/mainproc.c (check_sig_and_print): Print a hint on how to make
	use of the preferred keyserver.  Remove keyserver lookup just by the
	keyid.  Try a WKD lookup before a keyserver lookup.

	wkd: Change client/server limit back to 64 KiB.
	+ commit 6396f8d115f21ae15571b683e9ac9d1d7e3f44f4
	* tools/wks-receive.c (decrypt_data): Change limit.

2019-07-04  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	dirmngr: fix handling of HTTPS redirections during HKP.
	+ commit efb6e08ea2ca1cf2d39135d94195802cd69b9ea6
	* dirmngr/ks-engine-hkp.c (send_request): Reinitialize HTTP session when
	following a HTTP redirection.

2019-07-04  Werner Koch  <wk@gnupg.org>

	gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
	+ commit 2b7151b0a57f5fe7d67fd76dfa1ba7a8731642c6
	* g10/gpg.c (main): Change default.

	gpg: Avoid printing false AKL error message.
	+ commit 4cbd058a3da9aae74aadab7f260952b9ebb5becf
	* g10/getkey.c (get_pubkey_byname): Add special traeatment for default
	and skipped-local.

	gpg: New command --locate-external-key.
	+ commit 46f3283b345e1cabca4b0320cf98274ade8ec162
	* g10/gpg.c (aLocateExtKeys): New.
	(opts): Add --locate-external-keys.
	(main): Implement that.
	* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL.
	(get_best_pubkey_byname): Add arg 'mode' and pass on to
	get_pubkey_byname.  Change callers.
	* g10/keylist.c (public_key_list): Add arg 'no_local'.
	(locate_one): Ditto.  Pass on to get_best_pubkey_byname.

	gpg: Make the get_pubkey_byname interface easier to understand.
	+ commit 11871433436b5b9b9aca46579dd185a9a77674cd
	* g10/keydb.h (enum get_pubkey_modes): New.
	* g10/getkey.c (get_pubkey_byname): Repalce no_akl by a mode arg and
	change all callers.

2019-07-03  Werner Koch  <wk@gnupg.org>

	dirmngr: Avoid endless loop in case of HTTP error 503.
	+ commit d2e8d71251813e61b15a07637497fabe823b822c
	* dirmngr/ks-engine-hkp.c (SEND_REQUEST_EXTRA_RETRIES): New.
	(handle_send_request_error): Use it for 503 and 504.
	(ks_hkp_search, ks_hkp_get, ks_hkp_put): Pass a new var for
	extra_tries.

	dirmngr: Do not rewrite the redirection for the "openpgpkey" subdomain.
	+ commit c9b133a54e93b7f2365b5d6b1c39ec2cc6dac8f9
	* dirmngr/http.c (same_host_p): Consider certain subdomains to be the
	same.

2019-07-03  Peter Lebbing  <peter@digitalbrains.com>

	Mention --sender in documentation.
	+ commit 37b549dfe0acd362399debd7c93794eb75937402


2019-07-03  Werner Koch  <wk@gnupg.org>

	dirmngr: Support the new WKD draft with the openpgpkey subdomain.
	+ commit 458973f502b9a43ecf29e804a2c0c86e78f5927a
	* dirmngr/server.c (proc_wkd_get): Implement new openpgpkey subdomain
	method.

2019-07-02  Werner Koch  <wk@gnupg.org>

	gpg: Fallback to import with self-sigs-only on too large keyblocks.
	+ commit a1f2f38dfb2ba5ed66d3aef66fc3be9b67f9b800
	* g10/import.c (import_one): Rename to ...
	(import_one_real): this.  Do not print and update stats on keyring
	write errors.
	(import_one): New.  Add fallback code.

2019-07-01  Werner Koch  <wk@gnupg.org>

	gpg: New import and keyserver option "self-sigs-only"
	+ commit adb120e663fc5e78f714976c6e42ae233c1990b0
	* g10/options.h (IMPORT_SELF_SIGS_ONLY): New.
	* g10/import.c (parse_import_options): Add option "self-sigs-only".
	(read_block): Handle that option.

	gpg: Make read_block in import.c more flexible.
	+ commit 15a425a1dfe60bd976b17671aa8e3d9aed12e1c0
	* g10/import.c: Change arg 'with_meta' to 'options'.  Change callers.

2019-07-01  NIIBE Yutaka  <gniibe@fsij.org>

	tools: gpgconf: Killing order is children-first.
	+ commit 526714806da4e50c8e683b25d76460916d58ff41
	* tools/gpgconf-comp.c (gc_component_kill): Reverse the order.

2019-06-24  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	spelling: Fix "synchronize"
	+ commit 520f5d70e4128b61c30da2a463f6c34ca24b628e


2019-06-03  Werner Koch  <wk@gnupg.org>

	Return better error code for some getinfo IPC commands.
	+ commit f3251023750d6bd9023dbb8373c804d7d4540a56
	* agent/command.c (cmd_getinfo): Return GPG_ERR_FALSE as boolean False.
	* g13/server.c (cmd_getinfo): Ditto.
	* sm/server.c (cmd_getinfo): Ditto.

2019-05-29  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	doc/wks.texi: fix typo.
	+ commit 175d194b5d6063895ecfcfed6ed2154e4a0d1421


2019-05-28  Werner Koch  <wk@gnupg.org>

	Release GnuPG 2.2.16.
	+ commit 3f2b7a53ddc43b3a349451d28691aaaa116786dc


	dirmngr: Allow for other hash algorithms than SHA-1 in OCSP.
	+ commit 5281ecbe3ae8364407d9831243b81d664b040805
	* dirmngr/ocsp.c (do_ocsp_request): Remove arg md.  Add args r_sigval,
	r_produced_at, and r_md.  Get the hash algo from the signature and
	create the context here.
	(check_signature): Allow any hash algo.  Print a diagnostic if the
	signature does not verify.

2019-05-27  Werner Koch  <wk@gnupg.org>

	sm: Avoid confusing diagnostic for the default key.
	+ commit 32210e855c460ed60505bf9be9adea33d05c40eb
	* sm/certlist.c (cert_usage_p): Add arg 'silent' and change all
	callers.
	(gpgsm_cert_use_sign_p): Add arg 'silent' and pass to cert_usage_p.
	Change all callers.
	* sm/sign.c (gpgsm_get_default_cert): Set SILENT when calling
	gpgsm_cert_use_sign_p

	gpg: Fixed i18n markup of some strings.
	+ commit ab5d7142a79e92819f5551cfc424a8ceaf0885fa
	* g10/tofu.c: Removed some translation markups which either make no
	sense or are not possble.

	gpg: Allow deletion of subkeys with --delete-[secret-]key.
	+ commit d9b31d3a20b89a5ad7e9a2158b6da63a9a37fa8a
	* common/userids.c (classify_user_id): Do not set the EXACT flag in
	the default case.
	* g10/export.c (exact_subkey_match_p): Make static,
	* g10/delkey.c (do_delete_key): Implement subkey only deleting.

2019-05-27  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Stop scdaemon after reload when disable_scdaemon.
	+ commit 9ccdd59e4e1e0b0e3b03b288f52f3c71e86a04dd
	* agent/call-scd.c (agent_card_killscd): New.
	* agent/gpg-agent.c (agent_sighup_action): Call agent_card_killscd.

2019-05-21  Werner Koch  <wk@gnupg.org>

	gpg: Do not bail on an invalid packet in the local keyring.
	+ commit 30f44957ccd1433846709911798af3da4e437900
	* g10/keydb.c (parse_keyblock_image): Treat invalid packet special.

	gpg: Do not allow creation of user ids larger than our parser allows.
	+ commit d32963eeb33fd3053d40a4e7071fb0e8b28a8651
	* g10/parse-packet.c: Move max packet lengths constants to ...
	* g10/packet.h: ... here.
	* g10/build-packet.c (do_user_id): Return an error if too data is too
	large.
	* g10/keygen.c (write_uid): Return an error for too large data.

2019-05-21  NIIBE Yutaka  <gniibe@fsij.org>

	agent: For SSH key, don't put NUL-byte at the end.
	+ commit 6e39541f4f488fe59eac399bad18c465f373a784
	* agent/command-ssh.c (ssh_key_to_protected_buffer): Update
	the length by the second call of gcry_sexp_sprint.

2019-05-20  Werner Koch  <wk@gnupg.org>
	    Matheus Afonso Martins Moreira

	gpg: Do not delete any keys if --dry-run is passed.
	+ commit 5c46c5f74540ad753b925b74593332ca92de47fa
	* g10/delkey.c (do_delete_key): Don't delete the keyblock on dry runs.
	Do not clear the ownertrust.  Do not let the agent delete the key.

2019-05-17  Werner Koch  <wk@gnupg.org>

	gpg: Fix using --decrypt along with --use-embedded-filename.
	+ commit 1702179d91b7136661af084d7dab2e50a2857491
	* g10/options.h (opt): Add flags.dummy_outfile.
	* g10/decrypt.c (decrypt_message): Set this global flag instead of the
	fucntion local flag.
	* g10/plaintext.c (get_output_file): Ignore opt.output if that was
	used as a dummy option aslong with --use-embedded-filename.

	gpg: Improve the photo image viewer selection.
	+ commit cd5f040a5389944dd8a05bc9c938f888581dfc8a
	* g10/exec.c (w32_system): Add "!ShellExecute" special.
	* g10/photoid.c (get_default_photo_command): Use the new ShellExecute
	under Windows and fallbac to 'display' and 'xdg-open' in the Unix
	case.
	(show_photos): Flush stdout so that the output is shown before the
	image pops up.

2019-05-16  Werner Koch  <wk@gnupg.org>

	kbx: Fix an endless loop under Windows due to an incomplete fix.
	+ commit 0fff927889b075442ed7130f376118c31fda1f32
	* kbx/keybox-search.c (keybox_search):  We need to seek to the last
	position in all cases not just when doing a NEXT.

	kbx: Fix deadlock in gpgsm on Windows due to a sharing violation.
	+ commit 6f72aa821407e47ad3963e72e139f2ca2c69d9dd
	* kbx/keybox-init.c (keybox_lock) [W32]: Use _keybox_close_file
	instead of fclose so that a close is done if the file is opened by
	another handle.
	* kbx/keybox-search.c (keybox_search): Remember the last offset and
	use that in NEXT search mode if we had to re-open the file.

	gpgconf: Before --launch check that the config file is fine.
	+ commit 3a28706cfd960ff84dda9a22aa2f160b4c2efbb5
	* tools/gpgconf-comp.c (gc_component_launch): Check the conf file.
	* tools/gpgconf.c (gpgconf_failure): Call log_flush.

2019-05-15  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: enable OpenPGP export of cleartext keys with comments.
	+ commit 9c704d9d46338769a66bfc6c378efeda3c4bd9ec
	* g10/export.c (cleartext_secret_key_to_openpgp): ignore trailing
	sublists in private-key S-expression.

2019-05-15  Werner Koch  <wk@gnupg.org>

	gpgconf: Support --homedir for --launch.
	+ commit 31e26037bd727a6ee9c96ba168a55c4f9def43b6
	* tools/gpgconf-comp.c (gpg_agent_runtime_change): Simplify because
	gnupg_homedir already returns abd absolute name.
	(scdaemon_runtime_change): Ditto.
	(dirmngr_runtime_change): Ditto.
	(gc_component_launch): Support --homedir.

2019-05-14  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	agent: correct length for uri and comment on 64-bit big-endian platforms
	+ commit 110932925ba8e0169da18d7774440f8d1fd8a344
	* agent/findkey.c (agent_public_key_from_file): pass size_t as int to
	gcry_sexp_build_array's %b.

2019-05-14  Werner Koch  <wk@gnupg.org>

	gpg: Do not print a hint to use the deprecated --keyserver option.
	+ commit 8d645f1d1f2b0f4e2d3b72f2a585acac4bdd8846
	* g10/keyserver.c (keyserver_search): Remove a specialized error
	message.

2019-05-14  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix possible null dereference.
	+ commit 5b22d2c400890fc366ccb7ca74ee886d9cef22a3
	* g10/armor.c (armor_filter): Access ->d in the internal loop.

	build: Update m4/iconv.m4.
	+ commit cf73c82e95f999bd35636b0cf4e80ed5c33fa7a8
	* m4/iconv.m4: Update from gettext 0.20.1.

2019-05-13  Werner Koch  <wk@gnupg.org>

	gpg: Change update_keysig_packet to replace SHA-1 by SHA-256.
	+ commit c1dc7a832921fdf5686d377f33db78707c0345e2
	* g10/sign.c (update_keysig_packet): Convert digest algo when needed.

2019-05-12  Werner Koch  <wk@gnupg.org>

	sm: Fix a warning in an es_fopencooie function.
	+ commit 8d0d61aca3d2713df8a33444af3658b859d72be8
	* sm/certdump.c (format_name_writer): Take care of a flush request.

2019-05-10  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	doc: correct documentation for gpgconf --kill.
	+ commit be116f871dbf14dd44d3a7909c2a052f8979c480
	* doc/tools.texi(gpgconf): Correct documentation for gpgconf --kill.

	(cherry picked from commit 9662538be6afc8beee0f2654f9a8f234c5dac016)

2019-05-09  Werner Koch  <wk@gnupg.org>

	build: Sign all Windows binaries.
	+ commit e6901c2bc802996c24335bcb35012ccb74b4ced0
	* build-aux/speedo.mk (AUTHENTICODE_SIGNHOST): New.
	(AUTHENTICODE_TOOL): New.
	(AUTHENTICODE_FILES): New.
	(installer): Sign listed files.
	(AUTHENTICODE_SIGNHOST): New macro.
	(sign-installer): Use that macro instead of direct use of osslsigncode.

2019-05-03  Werner Koch  <wk@gnupg.org>

	gpg: Use just the addrspec from the Signer's UID.
	+ commit 05204b72497db093f5d2da4a2446c0264a946296
	* g10/parse-packet.c (parse_signature): Take only the addrspec from a
	Signer's UID subpacket.

2019-04-23  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese Translation.
	+ commit caa61fb7da6b858f038dde948d36fce5c0a85ee5


2019-04-18  Andre Heinecke  <aheinecke@intevation.de>

	g10: Fix double free when locating by mbox.
	+ commit 35899dc2903b118620e6f9f0fa6b21c8568abbf1
	* g10/getkey.c (get_best_pubkey_byname): Set new.uid always
	to NULL after use.

2019-04-16  NIIBE Yutaka  <gniibe@fsij.org>

	common: Fix AWK portability.
	+ commit ee766b2b5d646643d66d23eae478f71c0a01a343
	* common/Makefile.am: Use pkg_namespace.
	* common/mkstrtable.awk: Use pkg_namespace.  Regexp fix.

2019-04-11  Werner Koch  <wk@gnupg.org>

	gpg: Accept also armored data from the WKD.
	+ commit dc4c7f65e32a0cddc075d06fa0132e099bcb6455
	* g10/keyserver.c (keyserver_import_wkd): Clear NO_ARMOR.

	gpg: Set a limit of 5 to the number of keys imported from the WKD.
	+ commit e9fcb0361ab4ef1f6fb0ea235f1b15667932aba2
	* g10/import.c (import): Limit the number of considered keys to 5.
	(import_one): Return the first fingerprint in case of WKD.

2019-04-02  Werner Koch  <wk@gnupg.org>

	scd: Add dummy option --application-priority.
	+ commit cb2065967465939f82cc585254cae0244ed94eac


	dirmngr: Improve domaininfo cache update algorithm.
	+ commit 48e7977709b6a56e8fd8e9f5abb9dba5ea617c33
	* dirmngr/domaininfo.c (struct domaininfo_s): Add field keepmark.
	(insert_or_update): Implement new update algorithm.

	dirmngr: Better error code for http status 413.
	+ commit 0a30ce036a615bc95382e0640d185b031f8c6a63
	* dirmngr/ks-engine-hkp.c (send_request): New case for 413.
	* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
	* dirmngr/ocsp.c (do_ocsp_request): Ditto.

2019-04-01  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	NEWS: correct typo in header.
	+ commit 5b1b5be65f343d252c865d705d23b55982718f2d


2019-03-27  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix symmetric cipher algo constant for ECDH.
	+ commit 38c2a9a644e0bc1e2594ea437a5930982f7b8c4e
	* g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for
	ECC strength 384, according to RFC-6637.

2019-03-27  Trevor Bentley  <trevor@yubico.com>

	gpg: Don't use EdDSA algo ID for ECDSA curves.
	+ commit 2f455d18ab99a1d94029d3f607ae918bd5c9fecf
	* g10/keygen.c (ask_curve): Change algo ID to ECDSA if it changed from
	an EdDSA curve.

2019-03-26  Werner Koch  <wk@gnupg.org>

	Release 2.2.15.
	+ commit dc93e57226db32d5b90884dcf768d271baa6628a


	sm: Allow decryption even if expired other keys are configured.
	+ commit 30972d21824264aef2088d30b4f2e5ce3aca889e
	* sm/gpgsm.c (main): Add special handling for bad keys in decrypt
	mode.

	agent: Allow other ssh fingerprint algos in KEYINFO.
	+ commit 1c2fa8b6d747aa171bfef35a50754893aa80a562
	* agent/command.c (cmd_keyinfo): Allow for --ssh-fpr=ALGO.  Default to
	the standard algo.

2019-03-25  Werner Koch  <wk@gnupg.org>

	wkd: New command --print-wkd-url for gpg-wks-client.
	+ commit 2f3eebf1865a85f8c09a1c052513260ed55acec6
	* tools/gpg-wks-client.c (aPrintWKDURL): New.
	(opts): Add option.
	(main): Implement.
	* tools/wks-util.c (wks_cmd_print_wkd_url): New.

2019-03-25  NIIBE Yutaka  <gniibe@fsij.org>

	libdns: Don't use _[A-Z] which are reserved names.
	+ commit a975fd127a5d58bbbb3c585e610a54daeb423af6
	* dirmngr/dns.c: Use the identifiers of "*_instance" instead of
	reserved "_[A-Z]".

2019-03-25  Werner Koch  <wk@gnupg.org>

	wkd: New command --print-wkd-hash for gpg-wks-client.
	+ commit 64621f1f40c31c7f453da98efb860ff8cf11edbc
	* tools/gpg-wks-client.c (aPrintWKDHash): New.
	(opts) : Add "--print-wkd-hash".
	(main): Implement that command.
	(proc_userid_from_stdin): New.
	* tools/wks-util.c (wks_fname_from_userid): Add option HASH_ONLY.
	(wks_cmd_print_wkd_hash): New.

2019-03-25  Andre Heinecke  <aheinecke@gnupg.org>

	sm, w32: Translate logger and status fd to handles.
	+ commit b9d2759da19cb70c1f6243498480bea1d7ecaa46
	* sm/gpgsm.c (main): Call translate_sys2libc_fd_int to
	convert the FDs.

2019-03-22  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	doc: fix formatting error.
	+ commit 93782de23fe45e7f7f86140fda6de39395c3a9d8


2019-03-19  Werner Koch  <wk@gnupg.org>

	Release 2.2.14.
	+ commit 813de13e73b01409fabff9859f24c4f23b808796


2019-03-18  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit dc00947b21dcd4417a35da711c884cef5cc9fc7d


2019-03-18  Werner Koch  <wk@gnupg.org>

	gpg: Do not bail out on v5 keys in the local keyring.
	+ commit de70a2f377c1647417fb8a2b6476c3744a901296
	* g10/parse-packet.c (parse_key): Return GPG_ERR_UNKNOWN_VERSION
	instead of invalid packet.
	* g10/keydb.c (parse_keyblock_image): Do not map the unknown version
	error to invalid keyring.
	(keydb_search): Skip unknown version errors simlar to legacy keys.
	* g10/keyring.c (keyring_rebuild_cache): Skip keys with unknown
	versions.
	* g10/import.c (read_block): Handle unknown version.

	gpg: Allow import of PGP desktop exported secret keys.
	+ commit 0e73214dd208fca4df26ac796416c6f25b3ae50d
	* g10/import.c (NODE_TRANSFER_SECKEY): New.
	(import): Add attic kludge.
	(transfer_secret_keys): Add arg only_marked.
	(resync_sec_with_pub_keyblock): Return removed seckeys via new arg
	r_removedsecs.
	(import_secret_one): New arg r_secattic.  Change to take ownership of
	arg keyblock.  Implement extra secret key import logic.  Factor some
	code out to ...
	(do_transfer): New.
	(import_matching_seckeys): New.

	gpg: Avoid importing secret keys if the keyblock is not valid.
	+ commit 43b23aa82be7e02414398af506986b812e2b9349
	* g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by
	new field TAG.
	* g10/kbnode.c (alloc_node): Change accordingly.
	* g10/import.c (import_one): Add arg r_valid.
	(sec_to_pub_keyblock): Set tags.
	(resync_sec_with_pub_keyblock): New.
	(import_secret_one): Change return code to gpg_error_t.   Return an
	error code if sec_to_pub_keyblock failed.  Resync secret keyblock.

	gpg: During secret key import print "sec" instead of "pub".
	+ commit db2d75f1ffede2ea77163b487a15e60249daffa0
	* g10/keyedit.c (show_basic_key_info): New arg 'print_sec'.  Remove
	useless code for "sub" and "ssb".
	* g10/import.c (import_one): Pass FROM_SK to show_basic_key_info.  Do
	not print the first  keyinfo in FROM_SK mode.
	printing.

	gpg: Simplify an interactive import status line.
	+ commit 184fbf014ae537554d6939a47f07977ef0b0fe9f
	* g10/cpr.c (write_status_printf): Escape CR and LF.
	* g10/import.c (print_import_check): Simplify by using
	write_status_printf and hexfingerprint.


	Fixed one conlict in a comment.

2019-03-07  NIIBE Yutaka  <gniibe@fsij.org>

	libdns: Avoid using compound literals (8).
	+ commit ee08a15e31284d32fb59774fc15e39107a727072
	* dirmngr/dns.h (dns_quietinit): Remove.
	(dns_hints_i_new): Remove.

	libdns: Avoid using compound literals (7).
	+ commit 4ab0fef5dc856d1f2747efab584182aa880f631c
	* dirmngr/dns.h (DNS_OPTS_INIT, dns_opts): Remove.
	* dirmngr/dns-stuff.c (libdns_res_open): Use zero-ed, and initialized
	automatic variable for opts.
	* dirmngr/dns.c (send_query, resolve_query, resolve_addrinfo):
	Likewise.

	libdns: Avoid using compound literals (6).
	+ commit f3af1707690b070b4cbf6d761a9e5dbddbf681e9
	* dirmngr/dns.h (dns_rr_i_new): Remove.
	(dns_rr_i_init): Remove unused second argument.
	* dirmngr/dns.c (dns_p_dump, dns_hints_query, print_packet)
	(parse_packet): Use automatic variable for struct dns_rr_i.
	(dns_d_cname): No need to call dns_rr_i_init after memset 0.
	(dns_rr_i_init): Remove unused second argument.  Return nothing.
	* dirmngr/dns-stuff.c (resolve_addr_libdns, get_dns_cert_libdns)
	(getsrv_libdns): Follow the change of dns_rr_i_init.

	(cherry picked from commit 6501e59d3685bb58753c9caea729a4b0eca3942a)

	libdns: Avoid using compound literals (5).
	+ commit 500151e6daf5fc4d6ea382b83aab3cca72b27881
	* dirmngr/dns.h (dns_rr_foreach): Don't use dns_rr_i_new.
	Call dns_rr_grep with NULL.
	* dirmngr/dns.c (dns_rr_grep): Support NULL for error_.

	libdns: Avoid using compound literals (4).
	+ commit 229302aecf8deea0349e79ca0cc05f32665391b7
	* dirmngr/dns.h (dns_d_new*): Remove.
	* dirmngr/dns.c (parse_packet): Use dns_d_init with automatic
	variable.
	(parse_domain): Likewise.

	(cherry picked from commit 7313a112f9c7ada61d24285313d2e2d069a672e8)

	libdns: Avoid using compound literals (3).
	+ commit f0de4fc990767ae5d120a523be51616b0f35f4f6
	* dirmngr/dns.h (dns_p_new): Remove.
	* dirmngr/dns.c (dns_hosts_query): Use dns_p_init with automatic
	variable.
	(dns_hints_query, dns_res_glue, parse_packet, query_hosts)
	(send_query, show_hints, echo_port): Likewise.

	libdns: Avoid using compound literals (2).
	+ commit ff7d01fc6d396fc3b8d37baa9bd4cdebc8853648
	* dirmngr/dns.h (dns_strsection1, dns_strsection3): Remove.
	(dns_strclass1, dns_strclass3): Remove.
	(dns_strtype1, dns_strtype3): Remove.
	(dns_strsection, dns_strclass, dns_strtype): Directly use the
	function.
	* dirmngr/dns.c (dns_strsection): Use automatic variable.
	(dns_strclass, dns_strtype): Likewise.

	(cherry picked from commit 455ef62d29a112de05897139716265d07e4c6ae3)

	libdns: Avoid using compound literals.
	+ commit 1318d1e2d50989c66f496ede906a846859f0cf9f
	* dirmngr/dns.c (dns_inet_pton, dns_so_tcp_keep): Use automatic
	variables.
	(dns_poll, dns_send_nopipe): Likewise, adding const qualifier.

2019-03-07  Werner Koch  <wk@gnupg.org>

	dirmngr: Add CSRF protection exception for protonmail.
	+ commit 557c721e787e7e6d311ccb48d8aa677123061cf5
	* dirmngr/http.c (same_host_p): Add exception table.

	gpgtar: Make option -C work for archive creation.
	+ commit 5d73c231e4f2d5994eb3be48b36517e39d66be96
	* tools/gpgtar-create.c (gpgtar_create): Switch to the -C directory.

	gpgtar: Improve error messages.
	+ commit 2e4151a3412c3fc553fbb7ad070dfffc68a04b35
	* tools/gpgtar.h (struct tarinfo_s): New.
	* tools/gpgtar.c (cmd, skip_crypto, files_from, null_names): Move
	global vars more to the top.
	(set_cmd): Rename 'cmd' to 'c'.
	* tools/gpgtar-list.c (parse_header): Add arg 'info' and improve error
	messages.
	(read_header): Add arg 'info' and update counter.
	(skip_data): Ditto.
	(gpgtar_list): Pass info object to read functions.
	(gpgtar_read_header): Add arg 'info'.
	* tools/gpgtar-extract.c (gpgtar_extract): add arg 'info' and pass on.
	(extract_regular): Add arg 'info' and update counter.

	gpg: Make invalid primary key algos obvious in key listings.
	+ commit d2a7f9078a4673ec53733e4f69fd17a8f1ac962d
	* g10/keylist.c (print_key_line): Print a warning for invalid algos.

	sm: Print Yubikey attestation extensions with --dump-cert.
	+ commit b3c8ce9e4343f1b68b9ba94bdd71b7d8e13b139a
	* sm/keylist.c (oidtranstbl): Add Yubikey OIDs.
	(OID_FLAG_HEX): New.
	(print_hex_extn): New.
	(list_cert_raw): Make use of that flag.

	(cherry picked from commit 86c241a8c9a952ea8007066b70b04f435e2e483e)

2019-03-07  NIIBE Yutaka  <gniibe@fsij.org>

	tests: Add "disable-scdaemon" in gpg-agent.conf.
	+ commit 150d5452318eafa6aa800ff3b87f8f8eb35ed203
	* tests/openpgp/defs.scm: Add "disable-scdaemon".  Remove
	  "scdaemon-program".
	* tests/gpgme/gpgme-defs.scm, tests/gpgsm/gpgsm-defs.scm: Likewise.
	* tests/inittests, tests/pkits/inittests: Add "disable-scdaemon"

2019-03-07  Werner Koch  <wk@gnupg.org>
