2020-11-23  Werner Koch  <wk@gnupg.org>

	Release 2.2.25.
	+ commit 40f75823d25548abbc52dd6121963a55d99b1230


2020-11-19  Werner Koch  <wk@gnupg.org>

	gpgconf: Also print revision of libksba.
	+ commit 6594dc31f58916b6f8b31de070e85d56221e3b94
	* dirmngr/dirmngr.c (get_revision_from_blurb): Fix detection of empty
	string.
	(gpgconf_versions): Print ksba revision.

2020-11-19  Jakub Bogusz  <qboosh@pld-linux.org>

	po: Update Polish translation.
	+ commit f7cbf68fdd1e42cdbabec7e06f2149f6b3f1d1dc


2020-11-19  NIIBE Yutaka  <gniibe@fsij.org>

	scd:openpgp: Public keys should be available for check_keyidstr.
	+ commit 84020385be19556800b22cc5b0ce098acd424298
	* scd/app-openpgp.c (check_keyidstr): Call get_public_key.

2020-11-17  Werner Koch  <wk@gnupg.org>

	Release 2.2.24.
	+ commit 5751c48035764d938ae0459fcecd37194133bfb7


2020-11-16  Werner Koch  <wk@gnupg.org>
	    NIIBE Yutaka  <gniibe@fsij.org>

	scd:openpgp: Allow keygrip to be used to reference a key.
	+ commit 1049f06c6d2e1a833af4c73ea67a05417bbd0967
	* scd/app-openpgp.c (struct app_local_s): Add keygrip_str.
	(store_keygrip): New.
	(read_public_key): Store the keygrip.
	(get_public_key): Sitto.
	(send_keypair_info): USe the stored keygrip.
	(check_keyidstr): New.  Factored out from other functions and
	extended.
	(do_sign): Use check_keyidstr.
	(do_auth): Ditto.
	(do_decipher): Ditto.
	(do_check_pin): Ditto.

2020-11-13  Werner Koch  <wk@gnupg.org>

	gpg: Provide better diagnostic for replaced card keys.
	+ commit 5d98f95aa90c290a88ce97525d9f98f0aaf9e5aa
	* agent/divert-scd.c (divert_pksign): Add arg 'grip'.  Replace OPENPGP
	key reference to keygrips.
	(divert_pkdecrypt): Ditto.
	* agent/protect.c (parse_shadow_info): Trim spaces.
	* agent/pkdecrypt.c (agent_pkdecrypt): Pass the keygrip.
	* agent/pksign.c (agent_pksign_do): Ditto.

	* g10/mainproc.c (print_pkenc_list): Print extra info for an invalid
	id error.
	* g10/sign.c (do_sign): Ditto.

	gpg: Fix the encrypt+sign hash algo preference selection for ECDSA.
	+ commit aeed0b93ff660fe271d8f98f8d5ce60aa5bf3ebe
	* g10/keydb.h (pref_hint): Change from union to struct and add field
	'exact'.  Adjust callers.
	* g10/pkclist.c (algo_available): Take care of the exact hint.
	* g10/sign.c (sign_file): Fix indentation.  Rework the hash from
	recipient prefs.

2020-11-12  Werner Koch  <wk@gnupg.org>

	gpgconf: Yet another fix for --apply-profile.
	+ commit f400ff4e7dfb424fbfcf7dfc5f80d89757ece5ab
	* tools/gpgconf.c (main): Use gnupg_homedir instead of
	default_homedir.  Check for existance of the directory.

	scd: Skip unknown options in command SERIALNO.
	+ commit 7076f6cafbac0cfbb3ab11e0f27c5d04ca956e8f
	* scd/command.c (cmd_serialno): Skip options.

2020-11-11  Werner Koch  <wk@gnupg.org>

	gpg: Support brainpool keygen with "key from card".
	+ commit 966fe1e9d98a0345da9b506ce9be0ad398f12d43
	* g10/keygen.c (ask_algo): Add brainpool hack in the same as for Nist
	curves.

2020-11-10  Werner Koch  <wk@gnupg.org>

	w32: Support Unicode also for config files etc.
	+ commit 163e4ff1959788781403ddf85f808054de414fd6
	* common/sysutils.c (gnupg_fopen) [W32]: Use _wfopen if needed.   Use
	new function in most places where fopen is used.

	w32: Support utf8 for getcwd even if build with gpgrt < 1.40.
	+ commit 9188a3c6b7eb871f711a0979620ca72f99522d53
	* common/sysutils.c (gnupg_getcwd) [W32]: Use Unicode version.

2020-11-09  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Internal CCID driver: Fix a race condition on close.
	+ commit 8e206c1721564c91dd05ea46b5262670011155ab
	* scd/ccid-driver.c (ccid_require_get_status): For VENDOR_SCM reader,
	return 0 only at the initial call.
	(bulk_in): Don't detect an error for VENDOR_SCM reader, just kicking
	the loop, to invoke scd_update_reader_status_file, which calls
	ccid_slot_status again.
	(ccid_slot_status): Move the call of ccid_vendor_specific_setup to...
	(ccid_get_atr): ... here.

2020-11-09  Werner Koch  <wk@gnupg.org>

	card: Run factory-reset in locked stated.
	+ commit 7f765a98fd662f345baf30d93392103e5f85ace1
	* scd/command.c (reset_notify): Add option --keep-lock.
	(do_reset): Add arg keep_lock.
	(cmd_lock): Send progress status.
	* g10/call-agent.c (agent_scd_apdu): Add more pseudo APDUs.
	* g10/card-util.c (send_apdu): Ditto.
	(factory_reset): Use lock commands.

	gpg: Fix recent commit for weak digest algos and smartcards.
	+ commit 21d5323f5d029758fd55eae1dfdfb88b718ceada
	* g10/sign.c (sign_file): Fix condition.

	Require libksba 1.3.5.
	+ commit 549dc8cfe9a44fe7eb8a6a90662d4cbb1958a556
	* configure.ac (NEED_KSBA_VERSION): Set to 1.3.5.

	Require Libgpg-error 1.27.
	+ commit fc01ae50718b4030fbfdf3ca65ddb3e3107eacda
	* configure.ac (NEED_GPG_ERROR_VERSION): Require 1.27
	* common/util.h: Remove compatibility macros.

	Require Libgcrypt 1.8.
	+ commit 99ab3aed15c8a84347e39fbe49bd5748aeefe31a
	* configure.ac (NEED_LIBGCRYPT_VERSION): Require 1.8.
	* tools/gpgconf.c (show_version_libgcrypt): Remove conditional case
	for Libgcrypt < 1.8.
	* common/compliance.c (gnupg_rng_is_compliant): Ditto.
	* agent/pksign.c: Ditto.
	* agent/gpg-agent.c (thread_init_once): Ditto.
	(agent_libgcrypt_progress_cb): Ditto.
	* agent/command.c (cmd_getinfo): Ditto.

2020-11-09  Ben Kibbey  <bjk@luxsci.net>

	gpg: Add canceled status message.
	+ commit f05d1772c47b71cf77f79519b8edbc682002d303
	* common/status.h (STATUS_CANCELED_BY_USER): New.
	* g10/passphrase.c (passphrase_to_dek): Send STATUS_CANCELED_BY_USER
	instead of STATUS_MISSING_PASSPHRASE when canceled is set.

2020-11-09  Werner Koch  <wk@gnupg.org>

	gpg: Do not print rejected digest algo notes with --quiet.
	+ commit c373735e79a1b6240e9eca972c2bbb0c9f3247c4
	* g10/misc.c (print_digest_rejected_note): Do not print in quiet mode.
	(print_sha1_keysig_rejected_note): Ditto.

2020-11-04  Werner Koch  <wk@gnupg.org>

	speedo,w32: Install gpg-check-pattern and example profiles.
	+ commit a4fa4b5d4ba38e51436914505af1a8f3483ed945
	* doc/examples/vsnfd.prf: Rename to VS-NfD.prf.
	* doc/examples/Automatic.prf: New.
	* doc/Makefile.am (examples): Adjust.
	* build-aux/speedo/w32/inst.nsi: Install gpg-check-pattern.exe and 3
	example files.
	* build-aux/speedo/w32/wixlib.wxs: Add new files.

	g13: Include a now missing header file.
	+ commit d4089b04a5f15c1cc1a4809cb8f0d59fc1cdf564
	* g13/create.c: Include sysutuls.h
	* g13/sh-dmcrypt.c: Ditto.

	gpgconf: Make sure the homedir exists for --apply-profile.
	+ commit 1fbf085bc8b4a92772d1da8bfea507f4f97434b1
	* tools/gpgconf.c (main) <aApplyDefaults, aApplyProfile>: Create the
	standard home directory.

	common: Fix duplicate implementation of try_make_homedir.
	+ commit 6fe5c8c06e8cd162913ee5b0eb741eb4beebf44a
	* g10/openfile.c (try_make_homedir): Move core of the code to ...
	* common/homedir.c (gnupg_maybe_make_homedir): new.
	* sm/keydb.c (try_make_homedir): Implement using new function.

	* common/homedir.c: Include i18n.h.
	* po/POTFILES.in: Add common/homedir.c.

2020-11-04  Andre Heinecke  <aheinecke@gnupg.org>

	w32: Add another pinentry search path.
	+ commit b4cb91d5fbe2b8917d76d12eb72aaac0d97ed596
	* common/homedir.c (get_default_pinentry_name): Try ../bin/pinentry.exe

	w32: Add windows subsystem variant of gpgconf.
	+ commit c366e04958481382c3f7b50f169120053186069b
	* tools/Makefile.am (gpgconf-w32): New target. Builds gpgconf with
	subsystem windows.
	* build-aux/speedo/w32/wixlib.wxs: Package it.

2020-11-03  Werner Koch  <wk@gnupg.org>

	w32: Fix strftime problem on Windows.
	+ commit d633e92233f4a4afc82d3d9282220f303974525b
	* common/gettime.c: Include locale.h.
	(asctimestamp): Increase buffer.  On Windows use setlocale.

	gpg: Switch to AES256 for symmetric encryption in de-vs mode.
	+ commit 166e779634ea5fe2a7beeb186807e3a81128c717
	* g10/gpg.c (set_compliance_option): For AES256 and SHA256 in de-vs
	mode.
	* g10/encrypt.c (setup_symkey): Add extra compliance check.
	(encrypt_simple): Avoid printing a second error oncplinace failure.

2020-11-03  Andre Heinecke  <aheinecke@gnupg.org>

	po: Major update of italian translation.
	+ commit ccecdc1f34a973dcd8d00b6ee9c830e0ddc8d08b
	* po/it.po: Update to a recent 2.2 version.

2020-11-02  Werner Koch  <wk@gnupg.org>

	gpg: Allow setting notations with the empty string as value.
	+ commit f007d79533e638e395e1a3cf99233fd900cc805c
	* g10/misc.c (pct_expando): Catch special case of the empty string.
	Also map a NULL to the empty string.
	* g10/photoid.c (show_photos): Make an empty string used as command
	fail.

	gpg: Do not use weak digest algos if selected by recipient prefs.
	+ commit 4c181d51a6f1fd05b7f190a18769ba5e9f892f6a
	* g10/misc.c (is_weak_digest): New.
	(print_digest_algo_note): Use it here.
	* g10/sig-check.c (check_signature_end_simple): Use it.
	* g10/sign.c (hash_for): Do not use recipient_digest_algo if it is in
	the least of weak digest algorithm.

2020-10-30  Ingo Klöcker  <dev@ingo-kloecker.de>

	gpg: Fix iteration over signatures.
	+ commit 8a941428086bc173a65d4e8687308ca923394738
	* g10/keyedit.c (keyedit_quick_revsig): Take signature of correct node

2020-10-30  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Fix secret key import for Ed25519.
	+ commit ba321b60bc3bfc29dfc6fa325dcabad4fac29f9c
	* agent/cvt-openpgp.c (convert_secret_key): Avoid adding 0x00 at the
	beginning of MPI.

2020-10-28  Werner Koch  <wk@gnupg.org>

	gpg: New command --quick-revoke-sig.
	+ commit 7ec56b033647a1b14d56f771d51c563dbd25f1b7
	* g10/gpg.c (enum cmd_and_opt_values): Add aQuickRevSig.
	(opts): Add --quick-revoke-sig.
	(main): Implement.
	* g10/keyedit.c (quick_find_keyblock): Add arg 'want_secret' and
	adjust all callers.
	(keyedit_quick_revsig): new.
	* g10/revoke.c (get_default_sig_revocation_reason): New.
	* g10/keylist.c (cmp_signodes): New.

2020-10-26  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Internal CCID driver thing only for SPR532.
	+ commit 38040ffee81e3c7a6972c9eae42af44eaaeb6ce6
	* scd/ccid-driver.c (ccid_vendor_specific_setup): New.  Limit
	only for SPR532, excluding other readers by SCM.
	(ccid_slot_status): Use ccid_vendor_specific_setup.

	scd: Internal CCID driver limiting only for SPR532.
	+ commit d1c9cc3ca03d2134a0feecab6db3c4af308c7fa7
	* scd/ccid-driver.c (ccid_vendor_specific_init): Only do that for
	SPR532.

2020-10-23  Werner Koch  <wk@gnupg.org>

	common: New functions gnupg_opendir et al.
	+ commit 5f8123df7856b724a062177026fe669ae49be263
	* common/sysutils.h (struct gnupg_dirent_s): New.
	* common/sysutils.c: Include dirent.h.
	(struct gnupg_dir_s): New.
	(gnupg_opendir, gnupg_readdir, gnupg_closedir): New.  Change all
	callers of opendir, readdir, and closedir to use these functions.

	w32: Make gnupg_remove and gnupg_rename_file Unicode aware.
	+ commit 4252cd7b18b41a0d91076e46df9ba857e743406b
	* common/sysutils.c (w32_rename): New.
	(gnupg_rename_file) [W32]: Support Unicode.
	(gnupg_remove) [W32]: Support Unicode.  Drop Windows-CE support.

	Replace all calls to stat by gnupg_stat.
	+ commit 157030271f2d88d0756788a60c43e455870ec124
	* common/sysutils.c (gnupg_stat): New.
	* common/sysutils.h: Include sys/stat.h.

	Replace most calls to open by a new wrapper.
	+ commit 86e52e3c33843f67a7972181ccbf33b48a40e557
	* common/sysutils.c (any8bitchar) [W32]: New.
	(gnupg_open): New.  Replace most calls to open by this.
	* common/iobuf.c (any8bitchar) [W32]: New.
	(direct_open) [W32]: Use CreateFileW if needed.

2020-10-21  Werner Koch  <wk@gnupg.org>

	w32: Allow Unicode filenames for dotlock.
	+ commit d65ea29683eeecfcf12e74744a490e8acfc1a5cf
	* common/dotlock.c (any8bitchar) [W32]: New.
	(dotlock_create_w32): Use strconcat and CreateFileW.

	* common/t-dotlock.c: Source include dotlock.c and modify to allow
	manual testing on Windows.

	Replace all calls to access by gnupg_access.
	+ commit dd5fd4a760b8cf6ae05ff878bcf36cf2465e744c
	* common/sysutils.c (gnupg_access): New.  Replace all calls to access
	by this wrapper.
	* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
	directory name.
	(standard_homedir): Adjust for change.
	(w32_commondir, gnupg_cachedir): Ditto.

2020-10-06  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Add a workaround for Yubikey.
	+ commit 25bec16d0bdcb9829a7b35c403cbb778b3b0c097
	* scd/app-openpgp.c (get_public_key): Handle wrong code for Yubikey.

	scd: Silence compiler warning.
	+ commit 0f4c956a76614bebf0f86bef79eba0e850e23df4
	* scd/app-openpgp.c (build_ecc_privkey_template): Fix allocation size.

	scd: Report any error for LEARN command.
	+ commit 7c8823bf82daade7417aeaebc34fefe3aa7c1856
	* scd/app-openpgp.c (do_learn_status): Report any error.

	scd: Internal CCID driver: More fix for SPR532.
	+ commit 1f1b68eef72bed9bb7ac1eb8102f6f51d587dbc0
	* scd/ccid-driver.c (bulk_in): Handle the case of missing intr_cb.

	scd: Internal CCID driver fix.
	+ commit 33a2d4bd7ffc6ad10d7ddb0f29fe4e21609806f7
	* scd/ccid-driver.c (intr_cb): More useful debug output.
	(ccid_slot_status): Remove redundant condition.

	scd: Internal CCID driver: Call libusb_clear_halt at ccid_setup_intr.
	+ commit 48565e7a08d64e3628da8baa80541841af0a6166
	* scd/ccid-driver.c (ccid_setup_intr): Reset the endpoint.
	(ccid_vendor_specific_init): Don't call libusb_clear_halt.

	scd: Internal CCID driver: Fix a failure path.
	+ commit 30693dfb6fe970dba195bf00a77d854e6fbc1ed0
	* scd/ccid-driver.c (ccid_open_usb_reader): On error, call
	libusb_release_interface.

	scd: Internal CCID: Handle LIBUSB_ERROR_TIMEOUT at ccid_get_atr.
	+ commit 498cd38019b8122824d69fd194675ab532501423
	* scd/ccid-driver.c (ccid_slot_status): Handle LIBUSB_ERROR_TIMEOUT.

	scd: Change handling of SPR532 card reader.
	+ commit 7db836c0e9223a4d5f30636e35e18156a97e6b91
	* scd/ccid-driver.c (ccid_vendor_specific_init): Put some workaround
	for SPR532 initialization.
	(ccid_slot_status): Send ESCape command after GetSlotStatus.

	scd: For SPR532, submit the ESCape command at initialization.
	+ commit 11d8d1e0505645f7d14bcc1c01d17a566e033705
	* scd/ccid-driver.c (ccid_vendor_specific_init): Submit the ESC
	command for VENDOR_SCM.
	(ccid_transceive_secure): Don't submit the ESC command every time.

	scd: Fix CCID internal driver for interrupt transfer.
	+ commit dd7cc24d5f9274579f0966de3be7ae8b0c19bacd
	* scd/ccid-driver.c (intr_cb): Handle the case of multiple messages.

	scd: Better handling of timeout and time extension.
	+ commit 186d11896ca2751eac8a7f54845ec71cc7f6fcc3
	* scd/ccid-driver.c (CCID_CMD_TIMEOUT_LONGER): Remove.
	(ccid_transceive): Don't use x4 blindly for bBWI, but use dynamically
	determined value.  Use value from variable wait_more for bulk_in.
	Set wait_more by the value of time extension request.

	scd: Fix internal CCID driver, so that -DTEST works.
	+ commit 60af035c22b9fbdc10c8c0a69399c46908801c66
	* scd/ccid-driver.c: Support a test program by ccid-driver.

	scd: ccid-driver: Initial getting ATR more robustly.
	+ commit 165312dca90a198ebc0be4ed6b0791297c90b085
	* scd/ccid-driver.c (send_power_off): New.
	(do_close_reader): Use send_power_off.
	(ccid_get_atr): Add error recovery.

	scd: Clean up the structure for future fix of PC/SC.
	+ commit 1efc01ff987dde4adf6777d4df44b5a00f6f0d8d
	* scd/apdu.c (struct dev_list): Rename from ccid_table, with void*.
	(open_ccid_reader): Follow the change.
	(apdu_dev_list_start, apdu_dev_list_finish): Likewise.
	(apdu_open_reader): Likewise.
	* scd/ccid-driver.c (ccid_dev_scan): Use void *.
	(ccid_dev_scan_finish, ccid_get_BAI, ccid_open_usb_reader): Likewise.
	* scd/ccid-driver.h: Change the APIs.

2020-10-06  Werner Koch  <wk@gnupg.org>

	scd: Map some error codes from libusb to ccid-driver error codes.
	+ commit 5b985b026418213a4c75291cb041ca8aa798cec3
	* scd/ccid-driver.h (CCID_DRIVER_ERR_USB_*): New error codes.
	* scd/apdu.h: New SW_HOST error codes.
	* scd/apdu.c (host_sw_string): Print them
	* scd/ccid-driver.c (map_libusb_error): New.
	(ccid_open_usb_reader, bulk_in, abort_cmd): Map libusb error codes.
	* scd/iso7816.c (map_sw): Map new codes to gpg-error.

2020-10-06  NIIBE Yutaka  <gniibe@fsij.org>

	scd: internal driver: Submit SET_INTERFACE control transfer.
	+ commit cccdca61a841228475da573aab8b57c659a9631a
	* scd/ccid-driver.c (ccid_open_usb_reader): Alway submit SET_INTERFACE
	control transfer.

	scd: Internal CCID driver: Clean up backport from master.
	+ commit 7b531fe5801b0ad47414c4a6ed961665ba5a2541
	    * scd/ccid-driver.c (print_error) [TEST]: Add missing break.  Note
	    that this is anyway an impossible case.

2020-10-05  Werner Koch  <wk@gnupg.org>

	dirmngr: Minor cleanup for better readability.
	+ commit ffbef54d36d4c2c150b63a57c79872d2e1f2a68e
	* dirmngr/ldap.c (start_default_fetch_ldap): Rename to
	start_cacert_fetch_ldap and remove arg attr.  Instead use
	"cACertificate" directly.
	* dirmngr/crlfetch.c (ca_cert_fetch): Change the only caller.
	(start_cert_fetch_ldap): Rename arg for clarity.

2020-10-04  Werner Koch  <wk@gnupg.org>

	build: Fix SENDMAIL define for a PATH with spaces.
	+ commit 77e416741abb0a871733bd46cbc81329859de96e
	* configure.ac: Fix use of $PATH

2020-10-02  Werner Koch  <wk@gnupg.org>

	gpgconf,w32: Add manifest so we get the correct windows version.
	+ commit 239e60a37f63d3880d1107b6981a964f437761ae
	* common/w32info-rc.h.in: Update copyright info.
	* tools/gpg-connect-agent-w32info.rc: Tweak file info.
	* tools/gpgconf-w32info.rc: New.
	* tools/gpgconf.w32-manifest.in: New.
	* configure.ac: Add new .in file.
	* tools/Makefile.am (EXTRA_DIST): Add them.
	(gpg_connect_agent_robjs, gpgconf_robjs): New.
	(gpgconf_LDADD): Add resource file.
	(gpg_connect_agent_LDADD): Change name of resource macro.

	gpgconf: New option --show-versions.
	+ commit a298ba02ee76a9291ef5cec1a3564d8e254b9ca7
	* tools/gpgconf.c: Include exechelp.h.  New option --show-versions.
	(get_revision_from_blurb): New.
	(show_version_gnupg): New.
	(show_version_libgcrypt): New.
	(show_version_gpgrt): New.
	(show_versions_via_dirmngr): New.
	(show_versions): New.
	* dirmngr/dirmngr.c (main): New internal option --gpgconf-versions.
	(get_revision_from_blurb): New.
	(gpgconf_versions): New.

2020-10-01  Andre Heinecke  <aheinecke@gnupg.org>

	doc: Remove enable-extended-key-format in vsnfd.
	+ commit d833030f8cf646b5de83d01fc3e412ad77ec4b1c
	* doc/examples/vsnfd.prf: Remove enable-extended-key-format

2020-09-22  Werner Koch  <wk@gnupg.org>

	kbx: Add bounds check to detect corrupt keyboxes.
	+ commit be8b30f8ebf637a7e476ff8902349a56924bf20f
	* kbx/keybox-dump.c (_keybox_dump_blob): Fix the fixmes.  Add support
	for 32 byte fingerprints.

2020-09-16  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix the use case of verify_chv2 by CHECKPIN.
	+ commit 61aea64b3c1717a7e304c82cda92e08ce5a6c533
	* scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1
	when needed.

2020-09-10  Werner Koch  <wk@gnupg.org>

	gpg-connect-agent: Catch signals so that SIGPIPE is ignored.
	+ commit a084924d07be16dbbbf4b34d463c67c8d4c117be
	* dirmngr/server.c (cmd_killdirmngr): Return 0.
	* tools/gpg-connect-agent.c (main): Catch signals.

	dirmngr: Fix the pool keyserver case for a single host in the pool.
	+ commit 72e04b03b1a7aee5521156c6d549ca10a81ac529
	* dirmngr/ks-engine-hkp.c (map_host): Set R_HOSTNAME also for
	localhost and if there is no pool.

	dirmngr: Align the gnutls use of CAs with the ntbtls code.
	+ commit e4f3b74c91063d83395ba0bc37f67cb22d47ca8f
	* dirmngr/http.c (http_session_new) <gnutls>: Use only the special
	pool certificate for the default keyserver.

	agent: Keep some permissions of private-keys-v1.d.
	+ commit 7de9ed521e516879a72ec6ff6400aed4bdce5920
	* common/sysutils.c (modestr_to_mode): Re-implement.
	(gnupg_chmod): Support keeping of permissions.

2020-09-04  Werner Koch  <wk@gnupg.org>

	gpg: Initialize a parameter to silence valgrind.
	+ commit 6ce8fdc4b2a05bb2c1cf2aa9faa76f1c7a4fdb28
	* g10/keygen.c (read_parameter_file): Initialize nline.
	* g10/textfilter.c (copy_clearsig_text): Initialize bufsize.

2020-09-03  Werner Koch  <wk@gnupg.org>

	Release 2.2.23.
	+ commit e234d04c3c91cd4e84cb5790a131bf6a8b6733c4


	gpg: Fix AEAD preference list overflow.
	+ commit aeb8272ca8aad403a4baac33b8d5673719cfd8f0
	* g10/getkey.c (fixup_uidnode): Increase size of prefs array.

2020-09-02  Werner Koch  <wk@gnupg.org>

	gpg: Fix segv importing certain keys.
	+ commit 896c528ba0555443cca81b3f091f761e70c698cd
	* g10/key-check.c (key_check_all_keysigs): Initialize issuer.

2020-09-01  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix a regression for OpenPGP card.
	+ commit 0a9665187a7cbf68933b7162fb5f974177684a50
	* scd/app-openpgp.c (verify_chv2): Make sure loading keys.

2020-08-28  Werner Koch  <wk@gnupg.org>

	sm: Fix a bug in the rfc2253 parser.
	+ commit d2fe2ffd753706d07b26fbe22b17a561a2e535fc
	* sm/certdump.c (parse_dn_part): Fix parser flaw.

2020-08-27  Werner Koch  <wk@gnupg.org>

	Release 2.2.22.
	+ commit f9c120a29986e82d1179b38167ef2696dd0cc10a


	dirmngr: Print the last alert message returned by NTBTLS.
	+ commit 45499b2ca3e8f3466e725dbc381757c89a7c39bf
	* dirmngr/http.c (send_request): Print the last TLS alert.

2020-08-27  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Add condition for VERIFY with 0x82.
	+ commit d2f1a0a791db3eb03c003365cbcd010bd8066edb
	* scd/app-openpgp.c (verify_chv2): Check availability of keys in
	question.

2020-08-26  Werner Koch  <wk@gnupg.org>

	build: Silence gcc warning -Wformat-zero-length.
	+ commit 0be5decc097286e3502b6a12e019d40b8caf27b4
	* configure.ac: Avoid useless gcc warning.  We use an empty string
	quite often, for example in log_printhex.

2020-08-26  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Allow TERM="".
	+ commit 4c8d5eb0bdd380c412c5f5fbc2b92fe6bcea825d
	* agent/call-pinentry.c (start_pinentry): When TERM is none,
	don't send OPTION ttytype to pinentry.

2020-08-25  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit 00ac538e928076e1879366cdce0e57be41f6c8fb


2020-08-25  Werner Koch  <wk@gnupg.org>

	gpg: Set default keysize to rsa3072.
	+ commit 60f08969e13b2bb7f194eff80c3a275d444dc6b7
	* g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change.
	(gen_rsa): Set fallback to 3072.
	(get_keysize_range): Set default to 3072.
	* doc/examples/vsnfd.prf: No more need for default-new-key-algo.

	sm: Do not require a default keyring for --gpgconf-list.
	+ commit 0847133e4cafa214c8129c245194d97c1e192cd5
	* sm/gpgsm.c (main): No default keyring for gpgconf mode.

	agent: Allow using --gogconf-list even if HOME does not exist.
	+ commit adea5ba7e75261705ba6e9c2456207e9455677f3
	* agent/gpg-agent.c (main): Do not create directories in gpgconf mode.

2020-08-23  Werner Koch  <wk@gnupg.org>

	gpg,gpgsm: Record the creation time of a private key.
	+ commit 5ac0cf1b8198dcaac7e7abaf05c28dd413f38cad
	* sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option.
	(gpgsm_agent_import_key): Ditto.
	* g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on.
	(agent_import_key): Ditto.
	* g10/import.c (transfer_secret_keys): Pass the creation date to the
	agent.
	* g10/keygen.c (common_gen): Ditto.

	agent: Allow to pass a timestamp to genkey and import.
	+ commit 051830d7b4862b6eca6c18c9fd53b51fa1158c34
	* agent/command.c (cmd_genkey): Add option --timestamp.
	(cmd_import_key): Ditto.
	* agent/genkey.c (store_key): Add arg timestamp and change callers.
	(agent_genkey): Ditto.
	* agent/findkey.c (write_extended_private_key): Add args timestamp and
	newkey to write a Created line.
	(agent_write_private_key): Add arg timestamp.
	(agent_write_shadow_key): Ditto.
	* agent/protect-tool.c (agent_write_private_key): Ditto as dummy arg.

2020-08-22  Werner Koch  <wk@gnupg.org>

	agent: Default to extended key format.
	+ commit 5b927b7b27bddc8ee70176414690d8ca8d879b54
	* agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New.
	(opts): Make --enable-extended-key-format a dummy option.  Add
	disable-extended-key-format.
	(parse_rereadable_options): Implement oDisableExtendedKeyFormat.
	* agent/protect.c (agent_protect): Be safe and set use_ocb either to
	to 1 or 0.

	gpgtar,w32: Handle Unicode file names.
	+ commit 843890663b6c68b4361ccfbeb11a50b02d5cc13f
	* tools/gpgtar.c (oUtf8Strings): New.
	(opts): Add option --utf8-strings.
	(parse_arguments): Set option.
	* tools/gpgtar.h (opt): Add field utf8strings.
	* tools/gpgtar-create.c (name_to_utf8): New.
	(fillup_entry_w32): Use that.
	(scan_directory): Ditto.
	(scan_directory) [W32]: Convert file name to utf8.
	(gpgtar_create): Convert pattern.

	common: Use gpgrt functions for mkdir and chdir if available.
	+ commit 364cef997c0ac5632152acfb7ab2330c4f289a9a
	* common/sysutils.c (gnupg_mkdir): Divert to gpgrt_mkdir.
	(gnupg_chdir): Divert to gpgrt_chdir

	common,w32: Do not assume the ANSI codepage during string conversion.
	+ commit bef68efd8da92115142005d22e9336ff798dcf4b
	* common/utf8conv.c (get_w32_codepage): New.
	(wchar_to_native): Use instead oc CP_ACP.
	(native_to_wchar): Ditto.

	common: Strip trailing CR,LF from w32_strerror.
	+ commit 73b0fdabdb108880034b7730d04614d8a7cf943a
	* common/stringhelp.c (w32_strerror): Strip trailing CR,LF.
	* common/iobuf.c (iobuf_get_filelength): Use -1 and not 0 for the
	arg to w32_strerror.

2020-08-20  Werner Koch  <wk@gnupg.org>

	gpgtar: Make --files-from and --null work as described.
	+ commit 1efe99f3d9e3c6d5733cf512b7e494284a445bfa
	* tools/gpgtar-create.c (gpgtar_create): Add args files_from and
	null_names.  Improve reading from a file.
	* tools/gpgtar.c: Make global vars static.
	(main): Remove tests for --files-from and --null option combinations.
	Pass option variables to gpgtar_create.

	build: New configure option --disable-tests.
	+ commit 829bc3bc60da134841705f7d701b0870e1629b38
	* configure.ac: Add option --disable-tests.  Print warnings in the
	summary.
	(DISABLE_TESTS): New am_conditional.

	gpg: Fix regression for non-default --passphrase-repeat option.
	+ commit a4d73b1c8e2a312e78831843aa04364d7d3c8e6f
	* agent/command.c (cmd_get_passphrase): Take care of --repeat with
	--newsymkey.

2020-08-13  Werner Koch  <wk@gnupg.org>

	gpg: Ignore personal_digest_prefs for ECDSA keys.
	+ commit f0f8b124f0d2332e1c0b496df5e5f9c4b3db6bc3
	* g10/sign.c (hash_for): Simplify hash algo selection for ECDSA.

2020-08-12  Werner Koch  <wk@gnupg.org>

	common: Pass the WAYLAND_DISPLAY envvar along.
	+ commit 3cf920a1e353ceec7a3d854d5b509be417e4c801
	* common/session-env.c (stdenvnames): Add WAYLAND_DISPLAY.

2020-08-04  Werner Koch  <wk@gnupg.org>

	sm: Also show the SHA-256 fingerprint.
	+ commit 9c57de75cf36cfcf408eda1b59a0362a061517ce
	* sm/keylist.c (list_cert_colon): Emit a new "fp2" record.
	(list_cert_raw): Print the SHA2 fingerprint.
	(list_cert_std): Ditto.

2020-07-30  NIIBE Yutaka  <gniibe@fsij.org>

	w32: More adding NETLIBS.
	+ commit 8d9ce32c30db2bba5736fff5f56b7c145aaec42c
	* common/Makefile.am (t_common_ldadd): Add $(NETLIBS).

	w32: Add link to $(NETLIB) for -lws2_32.
	+ commit f95d923090e119a7a05eef13bbbc108ed98e513a
	* dirmngr/Makefile.am (dirmngr_LDADD): Add $(NETLIBS).
	* sm/Makefile.am (gpgsm_LDADD): Ditto.
	* tools/Makefile.am (gpg_wks_client_LDADD): Ditto.

2020-07-16  Werner Koch  <wk@gnupg.org>

	gpg: Do not close stdout after --export-ssh-key.
	+ commit 970e43130506186c82d528d0a4fe34725e3c8e6b
	* g10/export.c (export_ssh_key): Do not close stdout.

2020-07-15  NIIBE Yutaka  <gniibe@fsij.org>

	tools: Use internal regexp routines.
	+ commit b4cbb5f58a00fa5ac9f1282664c0adb7ecfa9e57
	* tools/gpg-check-pattern.c: Use jimregexp.h.

	regexp: Import change from JimTcl.
	+ commit 1d1f2aa94370dcb715f6ae02ea5e14eb7ec5fa98
	* regexp/jimregexp.h, regexp/jimregexp.c: Fix from JimTcl.

	regexp: Fix generation of _unicode_mapping.c.
	+ commit 8904b18822fc2203ed667844cc3885dc459dbfef
	* configure.ac (AWK_HEX_NUMBER_OPTION): Detect GNU Awk.
	* regexp/Makefile.am: Use AWK_HEX_NUMBER_OPTION.
	* regexp/parse-unidata.awk: Don't use strtonum.

	gpg: Add regular expression support.
	+ commit 199309190a0b9966445bc386747c433949d3b81e
	* AUTHORS, COPYING.other: Update.
	* Makefile.am (SUBDIRS): Add regexp sub directory.
	* configure.ac (DISABLE_REGEX): Remove.
	* g10/Makefile.am (needed_libs): Add libregexp.a.
	* g10/trustdb.c: Remove DISABLE_REGEX support.
	* regexp/LICENSE, regexp/jimregexp.c, regexp/jimregexp.h,
	  regexp/utf8.c, regexp/utf8.h: New from Jim Tcl.
	* regexp/UnicodeData.txt: New from Unicode.
	* regexp/Makefile.am, regexp/parse-unidata.awk: New.
	* tests/openpgp/Makefile.am: Remove DISABLE_REGEX support.
	* tools/Makefile.am: Remove DISABLE_REGEX support.

2020-07-13  Werner Koch  <wk@gnupg.org>

	agent: Fix regression with --newsymkey in loopback mode.
	+ commit d9ea47f702840c87431df984b9b3f7e60c9ea815
	* agent/command.c (cmd_get_passphrase): Never repeat in loopback mode;
	same as with !OPT_NEWSYMKEY.

2020-07-13  NIIBE Yutaka  <gniibe@fsij.org>

	dirmngr: Handle EAFNOSUPPORT at connect_server.
	+ commit ce793fc2f838a97cb1e92b3060337b8052f3dc3a
	* dirmngr/http.c (connect_server): Skip server with EAFNOSUPPORT.

2020-07-09  Werner Koch  <wk@gnupg.org>

	Release 2.2.21.
	+ commit be6fc39ed9b4ffd56d960e20499599c851c17b44


2020-07-08  Werner Koch  <wk@gnupg.org>

	Do not use the pinentry's qualitybar.
	+ commit b451c4f5ea672c9915e28d8dde30abc675060f06
	* agent/genkey.c (agent_ask_new_passphrase): No qualitybar.
	* g10/call-agent.c (agent_get_passphrase): Ditto.
	* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.

	gpg: Use integrated passphrase repeat entry also for -c.
	+ commit ae8b88c635424ef36f024d0016949d11187dc21e
	* g10/call-agent.c (agent_get_passphrase): Add arg newsymkey.
	* g10/passphrase.c (passphrase_get): Add arg newsymkey.
	(passphrase_to_dek): Pass it on.

	agent: New option --newsymkey for GET_PASSPHRASE.
	+ commit d9e2dfa4c585de7c261fde13c18bd0f82415d6c3
	* agent/call-pinentry.c (do_getpin): New.
	(agent_askpin): Use do_getpin.
	(agent_get_passphrase): Add arg pininfo.  Use do_getpin.
	* agent/genkey.c (check_passphrase_constraints): New arg no_empty.
	* agent/command.c (reenter_passphrase_cmp_cb): New.
	(cmd_get_passphrase): Add option --newsymkey.

2020-07-07  Werner Koch  <wk@gnupg.org>

	gpg: Fix flaw in symmetric algorithm selection in mixed mode.
	+ commit 7b6071a45fbf14219b6aca4fff8fa0eaf6c6dd8e
	* g10/encrypt.c (setup_symkey): Use default_cipher_algo function
	instead of the fallback s2k_cipher_algo.  Fix error code.
	(encrypt_simple): Use setup_symkey.

2020-07-03  Werner Koch  <wk@gnupg.org>

	sm: Exclude rsaPSS from de-vs compliance mode.
	+ commit 4a36adaa64311a42eb78d9e52390df489454cafb
	* common/compliance.h (PK_ALGO_FLAG_RSAPSS): New.
	* common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and
	test rsaPSS.  Adjust all callers.
	* common/util.c (pubkey_algo_to_string): New.
	(gnupg_pk_is_allowed): Ditto.
	* sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function.
	(gpgsm_get_hash_algo_from_sigval): New.
	* sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval
	arg.  Add arg pkalgoflags.  Use the PK_ALGO_FLAG_RSAPSS.
	* sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to
	also get the algo flags.  Pass algo flags along.  Change some of the
	info output to be more like current master.

2020-07-02  Werner Koch  <wk@gnupg.org>

	dirmngr: Silence annoying warning for missing default ldap server file.
	+ commit daca1a011b0e4ae888fd6b11253993cb3537990f
	* dirmngr/dirmngr.c (parse_ldapserver_file): Add arg ignore_enoent.
	(main): Use that arg for the default file.

	dirmngr: Fix case handling of "ldapi" scheme.
	+ commit 0795ab1c8f95831c15d4ae36d197805a26f8c899
	* dirmngr/ldap-parse-uri.c (ldap_uri_p): s/'i'/'I'.

2020-06-26  Werner Koch  <wk@gnupg.org>

	sm: Print the serial number of a cert also in decimal.
	+ commit ad6bf5d67f58dcdd76b621e77b81efa7b41ca885
	* sm/certdump.c: Include membuf.h.
	(gpgsm_print_serial_decimal): New.
	* sm/keylist.c (list_cert_raw): Print s/n also in decimal
	(list_cert_std): Ditto.

2020-06-03  Werner Koch  <wk@gnupg.org>

	doc: Minor enhancement for reproducibility.
	+ commit 5ade2b68db231c78d8ecca0eb21db2153da958d2
	* doc/Makefile.am (defsincdate): In no repo mode and with
	SOURCE_DATE_EPOCH set, use that instead of blanking the date.

	common: Add missing error code GPG_ERR_WRONG_NAME.
	+ commit 381c54179c2adefd558035f573a2029de2e1a2f7
	* configure.ac: Require libgpg-error 1.25.
	* common/util.h: Define some extra error codes.

2020-05-29  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix condition for C5 data object for newer Yubikey.
	+ commit e285b1197b93e5114679b2ece9f10743abc715ef
	* scd/app-openpgp.c (compare_fingerprint): Relax the condition.

2020-05-21  NIIBE Yutaka  <gniibe@fsij.org>

	dirmngr: dns: Fix allocation of string buffer in stack.
	+ commit ab724d3206c8d3500ab2d982c98bad93ee550e42
	* dirmngr/dns.h (dns_strsection, dns_strclass)
	(dns_strtype): Change APIs.
	* dirmngr/dns.c (dns_p_lines): Use __dst for dns_strsection.
	(dns_rr_print): Use __dst for dns_strclass and dns_strtype.
	(dns_trace_dump): Likewise.
	(dns_ai_print): Use __dst for dns_strtype.
	(dns_strsection): Add an argument __dst for storage.
	(dns_strclass, dns_strtype): Likewise.
	(parse_packet): Use __dst for dns_strsection.
	(send_query): Use __dst for dns_strtype.
	(isection): Use __dst for dns_strsection.
	(iclass): Use __dst for dns_strclass.
	(itype): Use __dst for dns_strtype.

2020-05-12  Werner Koch  <wk@gnupg.org>

	common: Change argument order of log_printhex.
	+ commit c6324ee07a9ff2a626d6dfcc094a67b62628d42e
	* common/logging.c (log_printhex): Chnage order of args.  Make it
	printf alike.  Change all callers.
	* configure.ac: Add -Wno-format-zero-length

2020-04-16  Werner Koch  <wk@gnupg.org>

	sm: Always allow authorityInfoAccess lookup if CRLs are also enabled.
	+ commit aec7d136e4bdfd53709dc04e3e92f4c50135d368
	* sm/certchain.c (find_up): Disable external lookups in offline mode.
	Always allow AKI lookup if CRLs are also enabled.

	sm: Lookup missing issuers first using authorityInfoAccess.
	+ commit d57209553da7da85a369cd362aabeaef07e0bc26
	* sm/call-dirmngr.c (gpgsm_dirmngr_lookup): Add optional arg URL and
	adjust all callers.
	* sm/certchain.c (oidstr_caIssuers): New.
	(struct find_up_store_certs_s): Add additional fields.
	(find_up_store_certs_cb): Store the fingerprint.
	(find_up_via_auth_info_access): New.
	(find_up): Try the AIA URI first.

	dirmngr: Allow http URLs with "LOOKUP --url"
	+ commit 3b27c26241ee25cf75555e11d9bb463faac8237d
	* dirmngr/crlfetch.c (read_cert_via_http): New.
	(fetch_cert_by_url): Implement http scheme.

	gpg: Add missing options --no-include-key-block.
	+ commit 7dbfd92b3e231cfe111c8832ff1048305c8d2d92
	* g10/gpg.c (opts): Add it.

	gpg: Make AEAD modes subject to compliance checks.
	+ commit 37b116db20080f6e1c6ca1dec79014fecf2c3248
	* g10/decrypt-data.c (decrypt_data): Move aead algo detection up.

	gpg: Show AEAD preferences.
	+ commit ab7a0b07024c432233e691b5e4be7e32baf8d80f
	* g10/packet.h (preftype_t): Add PREFTYPE_AEAD.
	* g10/keyedit.c (show_prefs): Print AEAD preferences.
	* g10/getkey.c (fixup_uidnode): Set AEAD flags.
	(merge_selfsigs): Ditto.

	gpg: Support decryption of the new AEAD packet.
	+ commit 1dfe71c62b184c84723c5f926f2596f46ee967cf
	* common/openpgpdefs.h (aead_algo_t): New.
	(pkttype_t): Add PKT_ENCRYPTED_AEAD.
	* g10/decrypt-data.c (struct decode_filter_context_s): Add fields for
	AEAD.
	(aead_set_nonce_and_ad): New.
	(aead_checktag): New.
	(decrypt_data): Support AEAD.
	(aead_underflow): New.
	(aead_decode_filter): New.
	* g10/dek.h (DEK): Add field use_aead.  Turn use_mdc,
	algo_info_printed, and symmetric into bit flags.
	* g10/mainproc.c (struct mainproc_context): Add field
	seen_pkt_encrypted_aead.
	(release_list): Clear it.
	(have_seen_pkt_encrypted_aead): New.
	(symkey_decrypt_seskey): Support AEAD.
	(proc_symkey_enc): Ditto.
	(proc_encrypted): Ditto.
	(proc_plaintext): Ditto.
	* g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
	(openpgp_aead_test_algo): New.
	(openpgp_aead_algo_name): New.
	(openpgp_aead_algo_info): New.
	* g10/packet.h (PKT_symkey_enc): Add field use_aead.
	(PKT_user_id): Add field flags.aead
	(PKT_public_key): Ditto.
	(PKT_encrypted): Add fields for AEAD.
	* g10/parse-packet.c (parse): Handle PKT_ENCRYPTED_AEAD.
	(parse_symkeyenc): Support AEAD.
	(parse_encrypted): Ditto.
	(dump_sig_subpkt): Dump AEAD preference packet.
	(parse_encrypted_aead): New.

2020-04-15  Werner Koch  <wk@gnupg.org>

	gpg: Improve symmetric decryption speed by about 25%
	+ commit 144b95cc9d0f03a2fe5d91120f6b4b30f4bb8f71
	* g10/decrypt-data.c (mdc_decode_filter, decode_filter): Fatcor buffer
	filling code out to ...
	(fill_buffer): new.

	gpg: Reformat parts of decrypt-data.c.
	+ commit 2f39e00b6b7d2aa57cd268c579127947042a0fcf
	* g10/decrypt-data.c (struct decode_filter_context_s): Rename 'defer'
	to 'holdback' and 'defer_filled' to 'holdbacklen'.  Increase size of
	holdback to allow for future AEAD decryption.  Turn 'partial' and
	'eof_seen' into bit fields.
	(decrypt_data): Replace write_status_text by write_Status_printf.
	Indent parts of the code.

	sm,dirmngr: Restrict allowed parameters used with rsaPSS.
	+ commit ddc74f50d42370421b4802dc13df88f0ca2fcee5
	* sm/certcheck.c (extract_pss_params): Check the used PSS params.
	* dirmngr/crlcache.c (finish_sig_check): Ditto.
	* dirmngr/validate.c (check_cert_sig): Ditto.

	sm: Support rsaPSS verification also for CMS signatures.
	+ commit 24d563749f50f51841b3fd00eb615a871e45bb28
	* sm/certcheck.c (gpgsm_check_cert_sig): Factor PSS parsing out to ...
	(extract_pss_params): new.
	(gpgsm_check_cms_signature): Implement PSS.

	dirmngr: Support rsaPSS also in the general validate module.
	+ commit 8bf17eb94d0d85f34477ec0c2c0514000b6aa045
	* dirmngr/validate.c (hash_algo_from_buffer): New.
	(uint_from_buffer): New.
	(check_cert_sig): Support rsaPSS.
	* sm/certcheck.c (gpgsm_check_cert_sig): Fix small memory leak on
	error.

	sm,dirmngr: Support rsaPSS signature verification.
	+ commit 0626cc8fed340deb36f0c10e7a68afc287d0f626
