2022-09-02  Werner Koch  <wk@gnupg.org>

	Release 2.2.39.
	+ commit 7c2078a680dde2eaef30a8a6dc49de4540498736


2022-09-01  Werner Koch  <wk@gnupg.org>

	common: Make nvc_lookup more robust.
	+ commit 8c22b00268bf5b2374cf7af69465a902b91946aa
	* common/name-value.c (nvc_first): Allow for NULL arg.
	(nvc_lookup): Allow for PK being NULL.

	Release 2.2.38.
	+ commit 0b786fde775588413e5c9842bca3a3d8ea06fad5


2022-08-31  Werner Koch  <wk@gnupg.org>

	dirmngr: New option --debug-cache-expired-certs.
	+ commit ea34325c54a2746bdc2d667a1c98ab07b051cf75
	* dirmngr/dirmngr.h (opt): Add debug_cache_expired_certs:
	* dirmngr/dirmngr.c (oDebugCacheExpiredCerts): New.
	(opts): Add option.
	(parse_rereadable_options): Set option.
	* dirmngr/certcache.c (put_cert): Handle the option.

	common,w32: Fix an encoding problem of the printed timezone.
	+ commit 0b91fa0f13fd3644d0be137ed02e006aa05b9501
	* common/gettime.c (w32_strftime) [W32]: New function.
	(strftime) [W32]: New refinition macro.

	gpg: Emit STATUS_FAILURE for --require-compliance errors.
	+ commit e05fb5ca3711f02eb562868dc38d30e3cccda270
	* g10/misc.c (compliance_failure): Do not fallback to CO_GNUPG.  Print
	compliance failure error and status for CO_DE_VS.
	* g10/mainproc.c (proc_encrypted): Call compliance_failure in the
	require-compliance error case.
	* g10/encrypt.c (check_encryption_compliance): Ditto.

2022-08-31  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Add npth_unprotect/npth_protect for blocking operations.
	+ commit e1169e8f8ac75ad32fccb7743ffd06803bd50f93
	* scd/ccid-driver.c (ccid_open_usb_reader): Name the thread.
	(ccid_vendor_specific_setup, ccid_open_usb_reader): Wrap
	blocking operations by npth_unprotect/npth_protect.

	dirmngr: Reject certificate which is not valid into cache.
	+ commit 14ccabe7f82f64bbf84b8a880cd8b4a34cea9061
	* dirmngr/certcache.c (put_cert): When PERMANENT, reject the
	certificate which is obviously invalid.

2022-08-31  Werner Koch  <wk@gnupg.org>

	gpg: Fix assertion failure due to errors in encrypt_filter.
	+ commit aa0c942521d89f4f0aac90bacaf8a7a7cefc88d8
	* common/iobuf.c (iobuf_copy): Use log_assert.  Explicitly cast error
	return value.
	* g10/build-packet.c (do_plaintext): Check for iobuf_copy error.

	* g10/encrypt.c (encrypt_filter): Immediately set header_okay.

2022-08-30  Werner Koch  <wk@gnupg.org>

	gpg: Make --require-compliance work for -se.
	+ commit f88cb12f8e3c1234a094d09e2505d3a3eec4cbfe
	* g10/encrypt.c (encrypt_crypt, encrypt_filter): Factor common code
	out to ...
	(create_dek_with_warnings): new
	(check_encryption_compliance): and new.

	* g10/encrypt.c (encrypt_filter): Add the compliance check.

2022-08-29  Werner Koch  <wk@gnupg.org>

	gpg: Rename a function.
	+ commit 15cf36f6a84deb739bef9944819c5f79f8de3334
	* g10/cipher.c (cipher_filter): Rename to cipher_file_cfb.

	gpg: Very minor cleanup in decrypt_data.
	+ commit 5b24c41ba72c2d06f6acc7c2ad51cf6f384d41d8
	* g10/decrypt-data.c (decrypt_data): Show also the aead algo with
	--show-session-key.  Remove meanwhile superfluous NULL-ptr test.

2022-08-29  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	g10/decrypt-data: disable output estream buffering to reduce overhead.
	+ commit e92812a4752e56977286f96f7b5064db1e22936d
	* g10/decrypt-data.c (decrypt_data): Disable estream buffering for
	output file.

2022-08-24  Werner Koch  <wk@gnupg.org>

	Release 2.2.37.
	+ commit 8e60f885713b833dfd8cef7f5b0272df0e48d62f


2022-08-19  Werner Koch  <wk@gnupg.org>

	gpgsm: New option --compatibility-flags.
	+ commit 77b6896f7a85a4b1c9cdd731e1d68d59a0e09950
	* sm/gpgsm.c (oCompatibilityFlags): New option.
	(compatibility_flags): new.
	(main): Parse and print them in verbose mode.
	* sm/gpgsm.h (opt): Add field compat_glags.:
	(COMPAT_ALLOW_KA_TO_ENCR): New.
	* sm/keylist.c (print_capabilities): Take care of the new flag.
	* sm/certlist.c (cert_usage_p): Ditto.

	* common/miscellaneous.c (parse_compatibility_flags): New.
	* common/util.h (struct compatibility_flags_s): New.

2022-08-17  Werner Koch  <wk@gnupg.org>

	gpgconf: Make --auto-key-import and --include-key-block visible again.
	+ commit b356eddf3d7a1ed0fae808b9277134d50f4974af
	* tools/gpgconf-comp.c: Add options.

2022-08-16  Werner Koch  <wk@gnupg.org>

	agent: Fix bug introduced earlier today.
	+ commit 3591112fdb013dee1a1a668c9f777d0890520311
	* agent/findkey.c (agent_write_private_key): Fix condition.

	gpg: Fix "generate" command in --card-edit.
	+ commit 914ee7247562dc8f1e4b8503b3b574a5d2749bde
	* g10/card-util.c (get_info_for_key_operation): Get the APPTYPE before
	testing for it.

	* g10/card-util.c (current_card_status): Always try to update the
	shadow keys.
	* g10/call-agent.c (agent_scd_getattr): Handle $AUTHKEYID.

	gpg: Update shadow-keys with --card-status also for non-openpgp cards.
	+ commit 2d23a72690b44528783264a93e170585a99cc774
	* agent/command.c (cmd_readkey): Also allow for $AUTHKEYID in card
	mode.
	* g10/call-agent.c (agent_update_shadow_keys): new.
	* g10/card-util.c (current_card_status): Call it.

	agent: Let READKEY update the display-s/n of the Token entry.
	+ commit 755920d4335730fbf25e24342dc9c8a8a772dac3
	* agent/findkey.c (agent_write_private_key): Factor file name
	generation out to ...
	(fname_from_keygrip): new.
	(write_extended_private_key): Add and implement new arg MAYBE_UPDATE.
	(agent_write_shadow_key): Ditto.

	* agent/command.c (cmd_readkey): Update the shadow-key in card mode.

	gpg: Fix --card-status to handle lowercase APPTYPEs.
	+ commit 8e393e2592646f7d2a11ec32232b8f29eacdce13
	* g10/card-util.c (current_card_status): Use ascii_strcasecmp.

2022-08-16  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Fix detecting OpenPGP card by serialno.
	+ commit 27ae89db6e6901a8fd6f1dce50a25c1a4b845086
	* g10/card-util.c (get_info_for_key_operation): Use ->apptype to
	determine card's APP.
	(current_card_status): Even if its SERIALNO is not like OpenPGP card,
	it's OpenPGP card when app says so.

2022-08-16  Werner Koch  <wk@gnupg.org>

	common: In private key mode write "Key:" always last in name-value.
	+ commit 12ad9529782df1eecf628281b8db62cafd775c4f
	* common/name-value.c (nvc_write): Take care of Key. Factor some code
	out to ...
	(write_one_entry): new.

2022-08-15  Werner Koch  <wk@gnupg.org>

	agent: Create and use Token entries to track the display s/n.
	+ commit dc9b2426288e4eb6ab42aa7f731a35bc8d383b46
	* agent/divert-scd.c (linefeed_to_percent0A): New.
	(ask_for_card): Add arg grip.  Read Token and Label items and use
	them.
	(divert_pksign, divert_pkdecrypt): Pass down grip.
	* agent/findkey.c (write_extended_private_key): Add args serialno,
	keyref, and dispserialno.  Writen Token item.
	(agent_write_private_key): Add args serialno, keyref, and
	dispserialno.
	(read_key_file): Add arg r_keymeta.
	(agent_keymeta_from_file): New.
	(agent_write_shadow_key): Remove leading spaces from serialno and keyid.
	* agent/protect-tool.c (agent_write_private_key): Ditto.
	* agent/learncard.c (agent_handle_learn): Get DISPSERIALNO and pass to
	agent_write_shadow_key.
	* agent/command-ssh.c (card_key_available): Ditto.

	common: New function nve_set.
	+ commit 706adf669173ec604158e4a2f4337e3da6cb1e45
	* common/name-value.c (nve_set): New.
	(nvc_set): Use nve_set.
	(nvc_delete_named): New.
	(nvc_get_string): New.
	(nvc_get_boolean): New.

2022-08-04  Werner Koch  <wk@gnupg.org>

	gpg: Fix wrong error message for keytocard.
	+ commit f2a81e3745017072585c9999a129ee5dd0bdc6e6
	* g10/call-agent.c (agent_keytocard): Emit SC_OP_FAILURE.

2022-08-03  Werner Koch  <wk@gnupg.org>

	common: Silence warnings from AllowSetForegroundWindow.
	+ commit 6583abedf3f0ffe5cc8283fe683144fc1d5add40
	* common/sysutils.c (gnupg_allow_set_foregound_window): Print warning
	only with debug flag set.

	dirmngr: Fix failed malloc error message.
	+ commit 94908857e1f54a3550a3704a5de6bd10b7902169
	* dirmngr/ocsp.c (check_signature): Fix error printing of xtrymalloc.

	gpgconf: Add config file for Windows Registry dumps.
	+ commit ebb736b2c310c8736d1165be9c8e2de413dd0ac6
	* tools/gpgconf.c (show_registry_entries_from_file): New.
	(show_configs): Call it.
	* doc/examples/gpgconf.rnames: New.
	* doc/Makefile.am (examples): Add it.

2022-08-02  Werner Koch  <wk@gnupg.org>

	gpg: Make symmetric + pubkey encryption de-vs compliant.
	+ commit e8011a7ceca7d5d9fd703f227e56931a7ea151d6
	* g10/mainproc.c (proc_encrypted): Make symmetric + pubkey encryption
	de-vs compliant.

	* g10/mainproc.c (struct symlist_item): New.
	(struct mainproc_context): Add field symenc_list.
	(release_list): Free that list.
	(proc_symkey_enc): Record infos from symmetric session packet.
	(proc_encrypted): Check symkey packet algos

	gpgconf: Improve registry dumping.
	+ commit 6bc959231802d60694b7677d3537261d9cda1e1d
	* common/w32-reg.c (read_w32_registry_string): Map REG_DWORD to a
	string.
	(read_w32_reg_string): Add arg r_hklm_fallback and change all callers.
	(show_configs): Indicate whether the HKLM fallback was used.
	* tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin
	Registry key.  Indicate whether the HKLM fallback was used.

2022-07-28  Werner Koch  <wk@gnupg.org>

	gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference.
	+ commit 890e616593af5d1e0f2eb932768205ef90928e5e
	* g10/pkclist.c (select_algo_from_prefs): Change implicit hash
	algorithm.

2022-07-27  Werner Koch  <wk@gnupg.org>

	agent: New option --no-user-trustlist and --sys-trustlist-name.
	+ commit d0bd91ba73a7e333e9b5007875c9bd475fb9581e
	* agent/gpg-agent.c (oNoUserTrustlist,oSysTrustlistName): New.
	(opts): Add new option names.
	(parse_rereadable_options): Parse options.
	(finalize_rereadable_options): Reset allow-mark-trusted for the new
	option.
	* agent/agent.h (opt): Add fields no_user_trustlist and
	sys_trustlist_name.
	* agent/trustlist.c (make_sys_trustlist_name): New.
	(read_one_trustfile): Use here.
	(read_trustfiles): Use here.  Implement --no-user-trustlist.  Also
	repalce "allow_include" by "systrust" and adjust callers.

2022-07-27  Ingo Klöcker  <dev@ingo-kloecker.de>

	gpg: Look up user ID to revoke by UID hash.
	+ commit abe69b2094dd749fc2f285b672d30a4f1e3f12a7
	* g10/keyedit.c (find_userid_by_namehash, find_userid): New.
	(keyedit_quick_revuid): Use find_userid() instead of iterating over the
	nodes of the keyblock.
	* tests/openpgp/quick-key-manipulation.scm: Add test for revoking a
	user ID specified by its hash.

2022-07-27  Werner Koch  <wk@gnupg.org>

	wkd: Bind the address to the nonce.
	+ commit 73a98c13969169fee6bf5eaa71507a409eb17caf
	* tools/gpg-wks-server.c (make_pending_fname): New.
	(store_key_as_pending, check_and_publish): Use here.
	(process_new_key): Pass addrspec to store_key_as_pending.
	(expire_one_domain): Expire also the new files.

2022-07-26  Ingo Klöcker  <dev@ingo-kloecker.de>

	dirmngr: Ask keyservers to provide the key fingerprints.
	+ commit 22e8dc792702cd485408b5a8212d34a3917851ca
	* dirmngr/ks-engine-hkp.c (ks_hkp_search): Add "fingerprint=on" to
	request URL.

2022-07-25  Ingo Klöcker  <dev@ingo-kloecker.de>

	gpg: Request keygrip of key to add via command interface.
	+ commit ee8f1c10a7a54714fb2a9ca141d38e666b9a424d
	* g10/keygen.c (ask_algo): Request keygrip via cpr_get.
	* doc/help.txt (gpg.keygen.keygrip): New help text.

2022-07-25  Werner Koch  <wk@gnupg.org>

	wkd: Fix path traversal attack on gpg-wks-server.
	+ commit c1489ca0e101a81df6f8b1ba8d8a9afd9ebc6412
	* tools/gpg-wks-server.c (check_and_publish): Check for invalid
	characters in sender controlled data.
	* tools/wks-util.c (wks_fname_from_userid): Ditto.
	(wks_compute_hu_fname): Ditto.
	(ensure_policy_file): Ditto.

2022-07-13  NIIBE Yutaka  <gniibe@fsij.org>

	scd:openpgp: Fix workaround for Yubikey heuristics.
	+ commit 8c9f879d4aa01ad96320869fb3da83a843292504
	* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case
	of firmware 5.4, too.

	scd: Fail when no good algorithm attribute.
	+ commit 225c66f13b8700d9d283367705b31070a3d38d93
	* scd/app-openpgp.c (parse_algorithm_attribute): Return the error.
	(change_keyattr): Follow the change.
	(app_select_openpgp): Handle the error of parse_algorithm_attribute.

2022-07-12  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Don't inhibit SSH authentication for larger data if it can.
	+ commit 07e43eda8dc69cecc385a6b3723e155afbc59257
	* scd/app-openpgp.c (do_auth): Use command chaining if available.

2022-07-06  Werner Koch  <wk@gnupg.org>

	Release 2.3.36.
	+ commit 491645b50ec97db12520483d347291d660db209c


2022-06-29  Werner Koch  <wk@gnupg.org>

	gpgconf: New short options -V and -X.
	+ commit f357a5f239919de976b86a666410f504682973e4
	* tools/gpgconf.c: Assign short options -X and -V
	(show_version_gnupg): Print the vsd version if available.

2022-06-24  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Flush before calling ftruncate.
	+ commit 9e2307ddf0c2608e9cfb435f870b75cbb35791d7
	* agent/findkey.c (write_extended_private_key): Make sure
	it is flushed out.

2022-06-21  Werner Koch  <wk@gnupg.org>

	sm: Update pkcs#12 module from master.
	+ commit 4c14bbf56fb544541bd65f9d6e6e0b81779dcab6
	* sm/minip12.c: Update from master.
	* sm/import.c (parse_p12): Pass NULL for curve.

2022-06-20  Werner Koch  <wk@gnupg.org>

	common: Add an easy to use DER builder.
	+ commit d21ced1e3596dc9e4fa53995286b4cbbd6e94195
	* common/tlv-builder.c: New.
	* common/tlv.c: Remove stuff only used by GnuPG 1.
	(put_tlv_to_membuf, get_tlv_length): Move to ...
	* common/tlv-builder.c: here.
	* common/tlv.h (tlv_builder_t): New.

2022-06-14  Werner Koch  <wk@gnupg.org>

	g10: Fix garbled status messages in NOTATION_DATA.
	+ commit 7b1db7192e6e4d0cfc439b23b13831837c85bc21
	* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one

2022-06-09  NIIBE Yutaka  <gniibe@fsij.org>

	agent,scd: Make sure to set CONFIDENTIAL flag in Assuan.
	+ commit aeee62593ae9147a38fd79f0782f3fa0e4ac5c4a
	* agent/call-scd.c (inq_needpin): Call assuan_begin_confidential
	and assuan_end_confidential, and wipe the memory after use.
	* agent/command.c (cmd_preset_passphrase): Likewise.
	* scd/command.c (pin_cb): Likewise.

2022-06-03  Werner Koch  <wk@gnupg.org>

	w32: Avoid warning about not including winsock2.h after windows.h.
	+ commit dfc01118ce0707c2d920fb31f7731f3a383df761
	* common/dynload.h: Include winsock2.h first.

	w32: Allow Unicode filenames for iobuf_cancel.
	+ commit 10db566489880acd510f8e07dc52a38dd82feafe
	* common/iobuf.c (iobuf_cancel): Use gnupg_remove
	* common/mischelp.c (same_file_p): Allow for Unicode names.

2022-06-01  Werner Koch  <wk@gnupg.org>

	scd:p15: Fix accidental commit of debug code.
	+ commit e3db6c74a6305e86eaefb0ca8d49d4d9754104ff
	* scd/app-p15.c (do_sign): Revert MSE setting.

	scd: Shorten cardio debug output for all zeroes.
	+ commit 62becf599eb861936faf88b6ec5e0f7b1658b54e
	* scd/apdu.c (all_zero_p): New.
	(send_le): Use it.

	(cherry picked from commit 9b6f574928546e6905a92c3e74d72478f1585c66)

2022-05-17  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix use of SCardListReaders for PC/SC.
	+ commit 7bc794c3113400af082b26610d9d1305826be54e
	* scd/apdu.c (open_pcsc_reader): Initialize NREADER.

2022-05-10  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Add workaround for ECC attribute on Yubikey.
	+ commit a5217c90003c2e1b9bfb06b58ffc2d0d9164f22a
	* scd/app-openpgp.c (parse_algorithm_attribute): Skip possibly bogus
	octet in a key attribute.

2022-05-06  Werner Koch  <wk@gnupg.org>

	scd:p15: Improve the displayed S/N for Technology Nexus cards.
	+ commit 91acbdc93c8a6ae06b483a27c8bb7c33a978108d
	* scd/app-p15.c (any_control_or_space_mem): New.
	(get_dispserialno): Add new code.

	scd:p15: Fix the the sanity check of the displayed S/N.
	+ commit 8efe738c4a090f523461fa3055da668467715105
	* scd/app-p15.c (any_control_or_space): Fix loop.

2022-05-05  Werner Koch  <wk@gnupg.org>

	scd:p15: Fix reading certificates without length info.
	+ commit 7f029eef6ce15be4167f56e7fc07755d189e5e27
	* scd/app-p15.c (readcert_by_cdf): Do not use extended mode if the CDF
	object has no length info.  Add debug output when reading a cert.
	(read_p15_info): No more need to disable extended mode for GeNUA cards.

	scd: New debug flags "card".
	+ commit d60f930d9b000e802dc61c8e8d494a3091dc0437
	* scd/scdaemon.c (debug_flags): Add "card".
	* scd/scdaemon.h (DBG_CARD_VALUE, DBG_CARD): New.

	gpg: Minor robustness fix.
	+ commit 36a5509e11c81305c4ded93982fa594bd52555a6
	* g10/parse-packet.c (mpi_read_detect_0_removal): Protect agains
	failed gcry_mpi_scan.

2022-05-02  NIIBE Yutaka  <gniibe@fsij.org>

	tests: Add a test for Ed25519 keys for non-protected secret.
	+ commit 06e82e997a56406e04113a7f6c1d083e0cc04172
	* tests/openpgp/issue5120.scm: New.

2022-04-28  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Handle leading-zeros private key for Ed25519.
	+ commit 3fcef7371480cce392d690897d42955f1b19c12a
	* g10/parse-packet.c (mpi_read_detect_0_removal): New.
	(parse_key): Use mpi_read_detect_0_removal for PUBKEY_ALGO_EDDSA
	to tweak the checksum.

	Revert "gpg: Accept Ed25519 private key in SOS which reserves leading zeros."
	+ commit 3192939a10df17cb9666773ed8888627f6d16b8d
	This reverts commit 14de7b1e5904e78fcbe413a82d0f19b750bd8830.

2022-04-25  Werner Koch  <wk@gnupg.org>

	Release 2.2.35.
	+ commit f7bc6f50496bffc3c377cb4e3e844242a590b5e1


	gpg: Avoid NULL ptr access due to corrupted packets.
	+ commit 86d84464ae11666b1556e876a41a65cec8daaf18
	* g10/parse-packet.c (parse_signature): Do not create an opaque MPI
	with NULL and length > 0
	(parse_key): Ditto.

2022-04-25  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Not writing password into file.
	+ commit 9c0a24b4a55edff3d54cc5e98ba8112714f583e3
	* agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke
	pattern check program.

2022-04-25  Werner Koch  <wk@gnupg.org>

	gpg: Emit an ERROR status as hint for a bad passphrase.
	+ commit f021ecd57624f09430731f5deee2c4d0712150c8
	* g10/mainproc.c (proc_symkey_enc): Issue new error code.
	(proc_encrypted): Ditto.

2022-04-20  Werner Koch  <wk@gnupg.org>

	w32: Do no use Registry item DefaultLogFile for the main tools.
	+ commit a5faaf8bee43e1e8d99cf3c08fad8ccce047fc28
	* g10/gpg.c (main): Set LOG_NO_REGISTRY.
	* sm/gpgsm.c (main): Ditto.
	* tools/gpg-connect-agent.c (main): Ditto.
	* tools/gpgconf.c (main): Ditto.
	(show_other_registry_entries): Print "DefaultLogFile".

2022-04-14  Werner Koch  <wk@gnupg.org>

	gpg: Replace an assert by a log_fatal.
	+ commit c8c71fc7161bf6b553bc5b45b2f7a06f8a1a4639
	* g10/build-packet.c (do_signature): Use log_fatal.

	scd: Minor code reorganization.
	+ commit 58532fe56c334d0edc589311e6601fb9da70d9a1
	* scd/ccid-driver.c: Move struct defines to the top.
	(MAX_DEVICE): Rename to CCID_MAX_DEVICE.

	scd: Fix memory leak in ccid-driver.
	+ commit c4b14be48fe9b0f52bca9840375eb0eac3cc2432
	* scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count.

2022-04-13  Werner Koch  <wk@gnupg.org>

	scd:p15: Improve the PIN prompt for Genua cards.
	+ commit e99670f944bc613d258d0810c5831a2099718d4e
	* scd/app-p15.c (CARD_PRODUCT_GENUA): New.
	(cardproduct2str): Add it.
	(read_p15_info): Detect and set GENUA
	(make_pin_prompt): Take holder string from the AODF.

	scd:p15: Support for GeNUA cards.
	+ commit 44ec383cdec06ee4ac8dbe7b913990bbeeb3d3a3
	* scd/app-p15.c (read_p15_info): Disable extended mode for Genua
	cards.

	scd:p15: Prepare AODF parsing for other authentication types.
	+ commit 29fd80581867beeec068b49e8587762394e7d4d1
	* scd/app-p15.c (auth_type_t): New.
	(struct aodf_object_s): Add field auth_type.
	(read_ef_aodf): Distinguish between pin and authkey types.  Include
	the authtype in the verbose mode diags.

	scd:p15: Add basic support for AET JCOP cards.
	+ commit 80cf64c65155f718ed7dcee0e6a2aedbd9a2a5b0
	* scd/app-p15.c (CARD_TYPE_AET): New.
	(cardtype2str): Add string.
	(card_atr_list): Add corresponding ATR.
	(app_local_s): New flag no_extended_mode.  Turn two other flags into
	bit flags.
	(select_ef_by_path): Hack to handle the 3FFF thing.
	(readcert_by_cdf): Do not use extended mode for AET.
	(app_select_p15): Set no_extended_mode.
	---
	(cherry picked from commit 544ec7872aed24c296ea34fac777eca287f7bb47)

2022-03-29  NIIBE Yutaka  <gniibe@fsij.org>

	common,unix: Backport dotlock changes from GnuPG 2.3.
	+ commit d9a8d3353afd669252e25b56ed92f9fb7c0dcc3d
	* common/dotlock.c (read_lockfile): Return FD in R_FD.
	(dotlock_take_unix): Fix a race condition by new read_lockfile and
	checking with fstat.  Describe one race condition in comment.
	(dotlock_release_unix): Follow the change of read_lockfile.

2022-03-28  Werner Koch  <wk@gnupg.org>

	dirmngr: Escape more characters in WKD requests.
	+ commit 3b251c8366cf7ddf5b82fc2331a8009fa1f2de23
	* dirmngr/server.c (proc_wkd_get): Also escape '#' and '+'

2022-03-22  Werner Koch  <wk@gnupg.org>

	gpgtar: New option --with-log.
	+ commit ce69d55f70a18cfe5cf91353efc00ab43ba8fd8b
	* tools/gpgtar.c: New option --with-log.
	* tools/gpgtar.h (opt): Add field with_log.
	* tools/gpgtar-extract.c (gpgtar_extract): Move directory string
	building up.  Add option --log-file if needed.
	* tools/gpgtar-create.c (gpgtar_create): Make tmpbuf static becuase it
	is used outside of its scope.
	* tools/gpgtar-list.c (gpgtar_list): Ditto.

2022-03-21  Werner Koch  <wk@gnupg.org>

	dirmngr: Make WKD_GET work even for servers not handling SRV RRs.
	+ commit 6d30fb6940d57237392f9196a4de5c7246ffefdf
	* dirmngr/server.c (proc_wkd_get): Take care of DNS server failures

	gpgtar: Finally use a pipe for decryption.
	+ commit d431feb3077f763e37f824026988a10d87c8a5aa
	* tools/gpgtar.h (opt): Add new flags.
	* tools/gpgtar.c: new options --batch, --yes, --no, --status-fd, and
	--require-compliance.
	(main): Init signals.
	* tools/gpgtar-create.c: Add new header files.
	(gpgtar_create): Rework to use a pipe for encryption and signing.
	* tools/gpgtar-list.c: Add new header files.
	(gpgtar_list): Rework to use a pipe for decryption.
	* tools/gpgtar-extract.c: Add new header files.
	(gpgtar_extract): Rework to use a pipe for decryption.

2022-03-18  Werner Koch  <wk@gnupg.org>

	gpg: Print info about the used AEAD algorithm.
	+ commit 15eda7ce783a81d2f5911028a4c8c3ce5649edca
	* g10/misc.c (openpgp_cipher_algo_mode_name): New.
	* g10/decrypt-data.c (decrypt_data): Use function here.

	common: New function map_static_strings.
	+ commit c1453665491fb6a16883ee5e1828cfb0c28b466a
	* common/mapstrings.c (struct intmapping_s): New.
	(map_static_strings): New.
	* common/stringhelp.c (do_strconcat): Rename to ...
	(vstrconcat): this and make global.

	* common/t-mapstrings.c (test_map_static_strings): New test.

	gpg: Allow decryption of symencr even for non-compliant cipher.
	+ commit e081a601f7b31fa278e46de7c6834a756b63cec2
	* g10/decrypt-data.c (decrypt_data): Add arg compliance_error.  Adjust
	all callers.  Fail on compliance error only in --require-compliance
	mode.  Make sure to return an error if the buffer is missing; actually
	that should be an assert.
	* g10/mainproc.c (proc_encrypted): Delay printing of the compliance
	mode status.  Consult the compliance error now returned by
	decrypt_data.

2022-03-15  Werner Koch  <wk@gnupg.org>

	common: New flags for gnupg_spawn_process.
	+ commit 7ba44d15ca2f800c402a56eb71bb524f91ea2ffa
	* common/exechelp.h (GNUPG_SPAWN_KEEP_STDIN): New.
	(GNUPG_SPAWN_KEEP_STDOUT): New.
	(GNUPG_SPAWN_KEEP_STDERR): New.
	* common/exechelp-posix.c (do_exec): Add arg flags and implement new
	flags.
	* common/exechelp-w32.c (gnupg_spawn_process): Implement new flags.

2022-03-09  Werner Koch  <wk@gnupg.org>

	gpgconf: Silence warnings from parsing the options files.
	+ commit e8b1ab1d2d22f938b3e5991343b7e089d96606a0
	* tools/gpgconf-comp.c (retrieve_options_from_program): Set verbose
	flag for the arg parser only in --verbose mode.

2022-03-09  NIIBE Yutaka  <gniibe@fsij.org>

	sm: Fix parsing encrypted data.
	+ commit 0c7dffe99d3fded41df87512063515b5ca2da820
	* sm/minip12.c (cram_octet_string): Finish when N==0.
	(parse_bag_encrypted_data): Support constructed data with multiple
	octet strings.

2022-03-08  Werner Koch  <wk@gnupg.org>

	gpgsm: New option --require-compliance.
	+ commit 847d618454e6f8418b169132dbdd0307d9b4d7e0
	* sm/gpgsm.c (oRequireCompliance): New.
	(opts): Add --require-compliance.
	(main): Set option.
	* sm/gpgsm.h (opt): Add field require_compliance.
	(gpgsm_errors_seen): Declare.
	* sm/verify.c (gpgsm_verify): Emit error if non de-vs compliant.
	* sm/encrypt.c (gpgsm_encrypt): Ditto.
	* sm/decrypt.c (gpgsm_decrypt): Ditto.

	gpg: New option --require-compliance.
	+ commit 17890d43187384d049d80af28a5baea8613ff6ea
	* g10/options.h (opt): Add field flags.require_compliance.
	* g10/gpg.c (oRequireCompliance): New.
	(opts): Add --require-compliance.
	(main): Set option.
	* g10/mainproc.c (proc_encrypted): Emit error if non de-vs compliant.
	(check_sig_and_print): Ditto.
	* g10/encrypt.c (encrypt_crypt): Ditto.

	gpg: Give Libgcrypt CFLAGS a higher priority than SQlite.
	+ commit c11292fe736db6e61fad17d74f65b0b5ad9c2808
	* g10/Makefile.am (AM_CFLAGS): Reorder.

2022-03-04  Werner Koch  <wk@gnupg.org>

	gpgtar,w32: Support file names longer than MAX_PATH.
	+ commit 5492079defab85b1ba2c583e32a8feb752314b2e
	* tools/gpgtar.c: Replace assert by log_assert.
	* tools/gpgtar-extract.c: Ditto.
	(extract_regular): Create files with sysopen flag.
	* tools/gpgtar-create.c (scan_directory): Use gpgrt_fname_to_wchar.

	common,w32: Support file names longer than MAX_PATH in iobuf.
	+ commit 4122896a39b7ac5dc071bf4d2e9be0ac8a3e21d7
	* common/iobuf.c (direct_open): Use gpgrt_fname_to_wchar.
	(any8bitchar): Remove.

2022-02-24  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	g10: Avoid extra hash contexts when decrypting MDC input.
	+ commit 9116fd1e9a2da9c83f94acfe41fb6e5c6f03e8d1
	* g10/mainproc.c (mainproc_context): New member
	'seen_pkt_encrypted_mdc'.
	(release_list): Clear 'seen_pkt_encrypted_mdc'.
	(proc_encrypted): Set 'seen_pkt_encrypted_mdc'.
	(have_seen_pkt_encrypted_aead): Rename to...
	(have_seen_pkt_encrypted_aead_or_mdc): ...this and add check for
	'seen_pkt_encrypted_mdc'.
	(proc_plaintext): Do not enable extra hash contexts when decrypting
	MDC input.

2022-02-21  Werner Koch  <wk@gnupg.org>

	scd:p15: Used extended mode already for RSA 2048.
	+ commit a2db490de5473af42d7b5a99398c48befe294394
	* scd/app-p15.c (do_sign, do_decipher): Replace GT by GE.

2022-02-17  NIIBE Yutaka  <gniibe@fsij.org>

	tests: Remove a test case with "quiet" option with gpgconf.
	+ commit f064d972e38863358a2dd53de43acd66572830c2
	* tests/openpgp/gpgconf.scm: Remove "quiet" test.

	scd: Use lock_slot for apdu_send_direct.
	+ commit 3c3765405de02b9a57fdc9a3cf901f6e3aca8586
	* scd/apdu.c (apdu_send_direct): Use lock_slot.

2022-02-09  Werner Koch  <wk@gnupg.org>

	gpgconf: Do not show "quiet" as option.
	+ commit 2f2130ff24faf4507fa5949e834c155b4a8e1525
	* tools/gpgconf-comp.c: Remove "quiet" and two unsupported options

2022-02-07  Werner Koch  <wk@gnupg.org>

	Release 2.2.34.
	+ commit 04d40a680baa43f9803d0981b1da49144021d723


	dirmngr: Changes to the linking order.
	+ commit 3c79ff34c417bfc392008eca1970b86bec54d6c3
	* dirmngr/Makefile.am: Tweak library order.

	gpgconf: Make gpgconf --launch dirmngr work again.
	+ commit 5a7ed6dd8f1b4e3c2e8f6e82700a86bd886c5f50
	* tools/gpgconf.h (gc_component_id_t): Fix the order.

	gpgconf: Print the used code pages on Windows with --show-configs.
	+ commit 32b364b99b492c580330591640cdaa7407016733
	* tools/gpgconf.c (show_configs): Add some code

	common: Fix creation of Windows socket directories.
	+ commit 7d1215cb9cba258102b91c92e6973783e8d53b07
	* common/homedir.c (w32_try_mkdir): Remove.
	(standard_homedir): Use gnupg_mkdir instead of w32_try_mkdir.
	(_gnupg_socketdir_internal): Ditto.

2022-02-04  Werner Koch  <wk@gnupg.org>

	m4: Update our library m4 files from master.
	+ commit c8cd66ae7e609f221c7dad905e88a206a285ab1c
	* m4/gpg-error.m4: Updated
	* m4/ksba.m4: Updated
	* m4/libassuan.m4: Updated
	* m4/libgcrypt.m4: Updated
	* m4/npth.m4: Updated
	* m4/ntbtls.m4: Updated

2022-02-03  Werner Koch  <wk@gnupg.org>

	dirmngr: Allow building with non-standard ntbtls location.
	+ commit 137590fd8614a69cc60da3226cefc4495502ec26
	* dirmngr/Makefile.am: Add missing -L and -I

	dirmngr: Simplify --gpgconf-list output.
	+ commit 0b76ef48e1df4c210d57f3bf4bc1fe1fa3762408
	* dirmngr/dirmngr.c (main): Keep only values with the default flag.

	sm: New option --ignore-cert-with-oid.
	+ commit bcf446b70ca58ac1497269f047fba9ddb3d62e96
	* sm/gpgsm.c (oIgnoreCertWithOID): New.
	(opts): Add option.
	(main): Store its value.
	* sm/call-agent.c (learn_cb): Test against that list.

2022-02-02  Werner Koch  <wk@gnupg.org>

	gpgconf: Return the compliance_de_vs item.
	+ commit e058d15d2d56dfed2723e1a55c75e52db87b2dc2
	* tools/gpgconf-comp.c (known_options_gpg): Add missing pseudo option.

2022-02-01  Werner Koch  <wk@gnupg.org>

	dirmngr: Avoid initial delay on the first keyserver access.
	+ commit dde88897e2c5851aab32370ee6c8ace150debb77
	* dirmngr/dirmngr.c (dirmngr_never_use_tor_p): New.
	* dirmngr/server.c (ensure_keyserver): Don't even test for the Tor
	proxy in never-use-tor Mode.

	* tools/gpgtar-create.c: Include unistd.h to avoid a warning on
	Windows.

	gpg: Set --verbose and clear --quiet in debug mode.
	+ commit d426ed66ac043e442649a8a2bc7eac6753a5bf58
	* g10/gpg.c (set_debug): Tweak options.

2022-01-28  Werner Koch  <wk@gnupg.org>

	ssh: Fix adding an ed25519 key with a zero length comment.
	+ commit 2331900d1cc022c04177272a51c00690229bb989
	* agent/command-ssh.c (sexp_key_construct): Do not put an empty string
	into an S-expression.
	(stream_read_string): Do not not try to a read a zero length block.

2022-01-27  Werner Koch  <wk@gnupg.org>

	gpgconf: Tweak the use of ldapserver.
	+ commit e1fc053dc1ad260922428cf864071e829e6c30f2
	* tools/gpgconf-comp.c (known_options_gpgsm): Make "keyserver"
	invisible.
	(known_options_dirmngr): Add "ldapserver".
	* sm/gpgsm.c (oKeyServer_deprecated): New.
	(opts): Assign "ldapserver" to the new option and makr it as obsolete.

2022-01-26  Werner Koch  <wk@gnupg.org>

	gpgconf: Some more fixes for the backported stuff.
	+ commit eefa2d19ee3f359435f0e5324cb5f10f2d8940a5
	* agent/gpg-agent.c (main) <gpgconf_list>: Keep only those option which
	have a default.  Remove runtime flag.
	* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
	* tools/gpgconf-comp.c: here because it is now inetrnal to gpgconf.
	(known_options_gpg_agent): Add a few missing runtime flags.  Remove
	"options".  Add "check-sym-passphrase-pattern".
	(known_options_scdaemon, known_options_gpgsm): Remove "options".
	(dirmngr): Ditto.

	* tools/gpgconf-comp.c (is_known_option): Return only options having a
	value for name.  Thus we list list options from the known_options
	tables.

	gpgconf: Fix --list-options for forced options.
	+ commit 85300587cc8a115c96e812850762090f937ade9b
	* tools/gpgconf-comp.c: Remove assert.h and replace all assert calls
	by log_assert.
	(known_options_gpg): Add "keyserver" as invisible.  Remove "options".
	(known_pseudo_options_gpg, known_pseudo_options_gpgsm): New.
	(gc_component): Add field known_pseudo_options.
	(struct read_line_wrapper_parm_s): New.
	(read_line_wrapper): New.
	(retrieve_options_from_program): Use read_line_wrapper to handle
	pseudo options.
	(retrieve_options_from_program): Ignore to be ignored options.  Add
	failsafe code to avoid calling percent_escape with NULL.

2022-01-25  Werner Koch  <wk@gnupg.org>

	common: Fix returning of option attributes for options with args.
	+ commit d8e6d1e9ed7d181f546426269ab7b04e184bb9a1
	* common/argparse.c (gnupg_argparse): Set attribute flags

	scd: Also prefer Yubikeys if no reader port is given.
	+ commit 38c666ec3fdb0e3a8762889ae99faca4adb68b68
	* scd/apdu.c (select_a_reader): Extend the white list.

2022-01-17  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Fix adding the list of ultimate trusted keys.
	+ commit 4cc724639c012215f59648cbb4b7631b9d352e36
	* g10/keygen.c (do_generate_keypair): Remove call to
	register_trusted_keyid for updating user_utk_list.
	* g10/trust.c (register_trusted_keyid): Remove.
	(update_ownertrust): Add call to tdb_update_utk.
	* g10/trustdb.c (tdb_register_trusted_keyid): Make it internal
	function by adding "static" qualifier.
	Replace calls of register_trusted_keyid to tdb_register_trusted_keyid.
	(tdb_update_utk): New.
	* g10/trustdb.h (tdb_update_utk): New.

2022-01-12  Werner Koch  <wk@gnupg.org>

	gpgconf: Add command aliases -L -K -R.
	+ commit f16c535eee912224a44b5999df7915c69f2d41bc
	* tools/gpgconf.c (enum cmd_and_opt_values): Assign shortcuts.

	common,w32: Improve HKCU->HKLM fallback.
	+ commit 96db487a4da5903b71c64edf7a0ee9c2e01a8762
	* common/w32-reg.c (read_w32_registry_string): Add another fallback.

2022-01-10  Werner Koch  <wk@gnupg.org>

	gpgtar: List and extract using extended headers.
	+ commit bf4cf04a54bb2aa34afdf1d3c814ca4e185bacc8
	* tools/gpgtar.h (TF_EXTHDR, TF_GEXTHDR): New.
	* tools/gpgtar-list.c (parse_header): Set the new type flags.
	(parse_extended_header): New.
	(read_header): Add arg r_extheader and parse extended header.
	(print_header): Consult the extended header.
	(gpgtar_list): Pass an extended header object.
	(gpgtar_read_header): Ditto.
	(gpgtar_print_header): Ditto.
	* tools/gpgtar-extract.c (extract): New arg exthdr and factor name
	checking out to ...
	(check_suspicious_name): new.
	(extract_regular): Add arg exthdr and consult it.
	(extract_directory): Likewise.
	(gpgtar_extract): Provide extheader object.

	gpgtar: Create extended header for long file names.
	+ commit ec69ceab2615758e88c52a1d30c4731b3e71b105
	* tools/gpgtar-create.c (global_header_count): new.
	(myreadlink): New.
	(build_header): New arg r_exthdr.  Detect and store long file and link
	names.  Factor checkum computation out to ...
	(compute_checksum): new.
	(add_extended_header_record): New.
	(write_extended_header): New.
	(write_file): Write extended header.

2021-12-30  Werner Koch  <wk@gnupg.org>

	build: Fixes recent commits to still build with gpgrt 1.27.
	+ commit c4153f7021afafe9ce4459aa08857136b394cce7
	* agent/gpg-agent.c (main): Use gnupg_argparse.
	* tools/gpgconf-comp.c: Use gnupg_opt_t.
	* tools/gpgconf.c (show_version_gnupg): Use strusage.

	gpgconf: Do not list ignored options and mark forced options as r/o.
	+ commit c69c51bce0f07bf1becdb944a422bdc563705dae
	* tools/gpgconf-comp.c (list_one_option): Skip ignored options and set
	the no_change flag for forced options.
	(retrieve_options_from_program): Put the attributes into the option
	table.

2021-12-29  Werner Koch  <wk@gnupg.org>

	gpg: Re-group the options in the --help output.
	+ commit f7bde071ccc8583b58ddaafa42e997e9202b041f
	* g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to
	use ARGPARSE_ignore and remove the code in the option switch.

	agent: Re-group the options in the --help output.
	+ commit 7e535503a9c637007a933a77e4bc674c8fb6dfea
	* agent/gpg-agent.c (oGreeting): Remove non existant dummy option.

	gpgconf: Take care of --homedir when reading/updating options.
	+ commit 5934027115239cb7b39659f14f7a1dfecada6b76
	* tools/gpgconf-comp.c (gpg_agent_runtime_change): Remove unused var.
	(scdaemon_runtime_change): Ditto.
	(dirmngr_runtime_change): Ditto.
	(gc_component_check_options): Pass --homedir if needed.
	(retrieve_options_from_program): Take care of --homedir.

	gpgconf: Rewrite the gpgconf-comp module.
	+ commit 7a3a1ef3707194e1086c452d005319c519905d3e
	* tools/gpgconf.h (gc_component_t): Change type to ...
	(gc_component_id_t): this.
	(GC_COMPONENT_ANY): New, so that we can use that in gpgconf-comp.c
	directly.
	* tools/gpgconf-comp.c: Major rework.

	gpgconf: Support reading global options (part 2).
	+ commit 5f890f417f135e237074c8a454e6a73e66d7b78d
	* tools/gpgconf-comp.c: Remove all regular option descriptions.  They
	are now read in from the component.  Also remove a few meanwhile
	obsolete options.
	* agent/gpg-agent.c: Add option description which were only set in
	gpgconf-comp.c.
	* dirmngr/dirmngr.c: Ditto.
	* scd/scdaemon.c: Ditto.
	* sm/gpgsm.c: Ditto.
	* g10/gpg.c: Ditto.

	gpgconf: Support reading global options (part 1).
	+ commit 7397872445d6d2b8c9ef25e0108e603baa5478de
	* tools/gpgconf.c (main): Set the config directories.
	* tools/gpgconf-comp.c (gc_backend): Change the name of the config
	files.
	(struct gc_option): Add new field 'attr'.
	(retrieve_options_from_program): Rewrite to use gpgrt_argparser.

	common: New function xreallocarray.
	+ commit f0d034ebf4fc299c2a6097248f51c329e65d2976
	* common/miscellaneous.c (gnupg_reallocarray): New.
	(xreallocarray): New.

2021-12-13  Werner Koch  <wk@gnupg.org>

	common,w32: Sync read_w32_registry_string with the gpgrt version.
	+ commit 1af559a9a24fd930094ab7b466ed051cdbc66f99
	* common/w32-reg.c (get_root_key): Add short version of the root
	classes.

2021-12-07  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Accept Ed25519 private key in SOS which reserves leading zeros.
	+ commit 14de7b1e5904e78fcbe413a82d0f19b750bd8830
	* g10/parse-packet.c (sos_read): Backport from 2.3.
	(parse_key): Use sos_read for Ed25519 private key.

2021-11-23  Werner Koch  <wk@gnupg.org>

	Release 2.2.33.
	+ commit 457f6ac1ef6d61ffcc336683a85ffeed3114ae63


