2018-04-09  Werner Koch  <wk@gnupg.org>

	Release 2.2.6.
	+ commit 6fbe2ddbaf5123ae444c95fdf8da67840f794c76


	gpg,w32: Fix empty homedir when only a drive letter is used.
	+ commit 6da7aa1e7c80d214bd9dccb21744919ae191f2c8
	* common/homedir.c (copy_dir_with_fixup): New.
	(default_homedir): Use here.
	(gnupg_set_homedir): And here .

	doc: Document --key-edit:change-usage.
	+ commit a4e26f2ee852003707857ab0635b783acb89a2f8
	* g10/keyedit.c (menu_changeusage): Make strings translatable.

2018-04-06  Werner Koch  <wk@gnupg.org>

	gpg: Check that a key may do certifications.
	+ commit 1a5d95e7319e7e6f0dd11064a26cbbc371b05214
	* g10/sig-check.c (check_signature_end_simple): Check key usage for
	certifications.
	(check_signature_over_key_or_uid): Request usage certification.

	gpg: Emit FAILURE stati now in almost all cases.
	+ commit 0336e5d1a7b9d46e06c838e6a98aecfcc9542882
	* g10/cpr.c (write_status_failure): Make it print only once.
	* g10/gpg.c (wrong_args): Bump error counter.
	(g10_exit): Print a FAILURE status if we ever did a log_error etc.
	(main): Use log_error instead of log_fatal at one place.  Print a
	FAILURE status for a bad option.  Ditto for certain exit points so
	that we can see different error locations.

	gpg: Re-indent sig-check.c and use signature class macros.
	+ commit 5ba74a134db431530884f03eea5410a68dbfe0f5
	* g10/keydb.h (IS_BACK_SIG): New.
	* g10/sig-check.c: Re-indent and use macros.

2018-04-06  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Support SSH signature flags.
	+ commit 80b775bdbb852aa4a80292c9357e5b1876110c00
	* agent/command-ssh.c (SSH_AGENT_RSA_SHA2_256): New.
	(SSH_AGENT_RSA_SHA2_512): New.
	(ssh_handler_sign_request): Override SPEC when FLAGS
	is specified.

2018-04-05  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Let card-edit/key-attr show message when change.
	+ commit 870527df0dd704c994928348c8c2910030776680
	* g10/card-util.c (ask_card_rsa_keysize): Don't show message here.
	(ask_card_keyattr): Show message when change, also for ECC.

2018-04-04  NIIBE Yutaka  <gniibe@fsij.org>

	tests: Fix no gpg-agent upon removal of GNUPGHOME.
	+ commit 83529e1bd14a6d39f2a8ecab9fb6aa4c1f344c73
	* tests/gpgscm/gnupg.scm (with-ephemeral-home-directory): Add
	teadown-fn.
	* tests/gpgsm/export.scm: Use -no-atexit version and stop-agent.
	* tests/openpgp/decrypt-session-key.scm: Likewise.
	* tests/openpgp/decrypt-unwrap-verify.scm: Likewise.
	* tests/openpgp/defs.scm (have-opt-always-trust): Likewise.
	(setup-environment-no-atexit): New.
	(start-agent): Support no use of atexit.
	* tests/gpgsm/gpgsm-defs.scm (setup-gpgsm-environment-no-atexit): New.
	* tests/migrations/common.scm (untar-armored): Follow the change
	of with-ephemeral-home-directory.

2018-04-03  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Writing KDF resets auth state.
	+ commit cb1731c23cddfa524d3f51cfd82029bff853a073
	* scd/app-openpgp.c (do_setattr): Clear auth state.

2018-04-02  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix filtering by PK->REQ_USAGE.
	+ commit a17d2d1f690ebe5d005b4589a5fe378b6487c657
	* g10/getkey.c (get_pubkey_byfprint): Filter by PK->REQ_USAGE.

2018-03-30  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix card-edit/kdf-setup for single salt.
	+ commit 130ad98240c066383fa0a99bcf5e0ec72bc0dff9
	* g10/card-util.c (gen_kdf_data): Use SALT_USER.

	g10,scd: Support single salt for KDF data object.
	+ commit 0c097575a9cd923f648fb5bb695893d46400c3ad
	* g10/card-util.c (gen_kdf_data): Support single salt.
	(kdf_setup): Can have argument for single salt.
	* scd/app-openpgp.c (pin2hash_if_kdf): Support single salt.

	g10: Add "key-attr" command for --card-edit.
	+ commit 820380335a20391e0998fb1ba32ebfb9accedc5b
	* g10/card-util.c (key_attr): New explicit command.
	(generate_card_keys, card_generate_subkey): Don't ask key attr change.
	(card_edit): Add for cmdKEYATTR.

	scd: Support changing key attribute back to RSA.
	+ commit 29692718768c28c524be6306081ab1852e75fe07
	* scd/app-openpgp.c (change_rsa_keyattr): Try usual RSA.

2018-03-29  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Support key attribute change at --card-edit/generate.
	+ commit a1515b3bbc10a210040dda3b482bcdb933fa8d7c
	* g10/card-util.c (ask_card_rsa_keysize): Drop support for magic
	number 25519 for ed25519/cv25519.  Rename from ask_card_keyattr.
	(ask_card_keyattr): Support ECC, as well as RSA.
	(do_change_keyattr): Support ECC dropping magical number 25519.
	* g10/keygen.c (ask_curve): Allow call from outside, adding last arg
	of CURRENT.
	(generate_keypair): Follow the change of ask_curve.
	(generate_subkeypair): Likewise.

	g10: check_pin_for_key_operation should be just before genkey.
	+ commit 02d7bb819ff44cc90212568dd6ce24ae1dc5d17f
	* g10/card-util.c (generate_card_keys): Check PIN later.
	(card_generate_subkey): Likewise.

2018-03-28  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Change ask_curve so that it can be used outside.
	+ commit e610d51f0de11154050915b951bcc5c53c940f5e
	* g10/call-agent.h (struct key_attr): New.
	* g10/keygen.c (ask_curve): Return const char *.  No allocation.
	(quick_generate_keypair): Follow the change.
	(generate_keypair, generate_subkeypair): Likewise.
	(parse_algo_usage_expire): Return const char *.

2018-03-27  NIIBE Yutaka  <gniibe@fsij.org>

	agent,scd: Use pointer to represent HANDLE.
	+ commit 96918346beeca7a46de9f03f19502373994c21bc
	* agent/call-scd.c [HAVE_W32_SYSTEM] (start_scd): Format with %p.
	* scd/command.c [HAVE_W32_SYSTEM] (option_handler): Use void *.

2018-03-27  Werner Koch  <wk@gnupg.org>

	agent: Make the request origin a part of the cache items.
	+ commit 02dce8c0cc57deb2095a9b06aeb8f4dea34eef7e
	* agent/cache.c (agent_put_cache): Add arg 'ctrl' and change all
	callers to pass it.
	(agent_get_cache): Ditto.

	* agent/cache.c (struct cache_items_s): Add field 'restricted'.
	(housekeeping): Adjust debug output.
	(agent_flush_cache): Ditto.
	(agent_put_cache): Ditto.  Take RESTRICTED into account.
	(agent_get_cache): Ditto.

2018-03-26  Werner Koch  <wk@gnupg.org>

	gpg: Auto-fix a broken trustdb with just the version record.
	+ commit eb68c2d3d1b03a18cd24406fa46d4c30cb13d9f7
	* g10/tdbio.c (get_trusthashrec): Create hashtable on error.

	gpg: Pass CTRL arg to get_trusthashrec.
	+ commit a750ebebf35a392f1c72d6aee5618df0d9f25ff7
	* g10/tdbio.c (get_trusthashrec): Add arg CTRL.
	(tdbio_search_trust_byfpr): Ditto.
	(tdbio_search_trust_bypk): Ditto.

	gpg: Return better error codes in case of a too short trustdb.
	+ commit 403aa70c52e56614d65490dea9344113f9cf3d29
	* g10/tdbio.c (tdbio_read_record): Return GPG_ERR_EOF.
	(tdbio_new_recnum): Never return on error.
	(lookup_hashtable): Print a more descriptive error in case of !TABLE.

	gpg: Fix trustdb updates without lock held.
	+ commit 456a3a8e93ea14f821e0e98fb515f284ece98685
	* g10/tdbio.c (is_locked): Turn into a counter.
	(take_write_lock, release_write_lock): Implement recursive locks.

	gpg: Disable unused code parts in tdbio.c.
	+ commit 5f00531463ebc0e606c502696962426007545bb7
	* g10/tdbio.c (in_transaction): Comment this var.
	(put_record_into_cache): Comment the transaction code.
	(tdbio_sync): Ditto

2018-03-23  Werner Koch  <wk@gnupg.org>

	sm: Add OPTION request-origin.
	+ commit 137644c9cb58deaaba6850f2763d9c5f9241cb0b
	* sm/server.c: Include shareddefs.h.
	(option_handler): Add option.

	gpg,sm: New option --request-origin.
	+ commit 2cd35df5db3c4dfe37616dcfb1fcc644959449ef
	* g10/gpg.c (oRequestOrigin): New const.
	(opts): New option --request-origin.
	(main): Parse that option.
	* g10/options.h (struct opt): Add field request_origin.
	* g10/call-agent.c (start_agent): Send option to the agent.
	* sm/gpgsm.c (oRequestOrigin): New const.
	(opts): New option --request-origin.
	(main): Parse that option.
	* sm/gpgsm.h (struct opt): Add field request_origin.
	* sm/call-agent.c (start_agent): Send option to the agent.

	agent: New OPTION pretend-request-origin.
	+ commit 05c55ee260edc07cd19da56dfd00347bfe3f529c
	* common/shareddefs.h (request_origin_t): New.
	* common/agent-opt.c (parse_request_origin): New.
	(str_request_origin): New.
	* agent/command.c (option_handler): Implement new option.

2018-03-23  NIIBE Yutaka  <gniibe@fsij.org>

	build: Fix the manual source field.
	+ commit 5400a5bb77bddcb14c94d9405312d6181322b090


2018-03-22  Werner Koch  <wk@gnupg.org>

	gpg: Implement --dry-run for --passwd.
	+ commit 165bc38cefbc03515403b60b704cabf4dc0b71f4
	* g10/keyedit.c (change_passphrase): Take care of --dry-run.

2018-03-22  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Support KDF DO setup.
	+ commit 0152ba7c987443d641ce1091c79f90ef2cc46498
	* g10/call-agent.c (learn_status_cb): Parse the capability for KDF.
	* g10/card-util.c (gen_kdf_data, kdf_setup): New.
	(card_edit): New admin command cmdKDFSETUP to call kdf_setup.
	* scd/app-openpgp.c (do_getattr): Emit KDF capability.

2018-03-21  Werner Koch  <wk@gnupg.org>

	gpg: Fix out-of-bound read in subpacket enumeration.
	+ commit 983f7b2acbd1e7580652bbeb0c3d64f9dd19d9e4
	* g10/parse-packet.c (enum_sig_subpkt): Check buflen before reading
	the type octet.  Print diagnostic.

2018-03-19  NIIBE Yutaka  <gniibe@fsij.org>

	scd: signal mask should be set just after npth_init.
	+ commit 11bbd99477ef5ba5b7db0c17607b10af03c68afb
	* scd/scdaemon.c (setup_signal_mask): New.
	(main): Call setup_signal_mask.
	(handle_connections): Remove signal mask setup.

2018-03-16  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Better user interaction for factory-reset.
	+ commit 2c85e202bc30231b9555100dec0c490c60d7b88c
	* g10/card-util.c (factory_reset): Dummy PIN size is now 32-byte.
	Connect the card again at the last step.

2018-03-15  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix suspend/resume handling for CCID driver.
	+ commit fd23a0524d8060ed12d87c679b7823686614aaee
	* scd/ccid-driver.c (intr_cb): Try submitting INTERRUPT urb
	to see if it's suspend/resume.

2018-03-13  NIIBE Yutaka  <gniibe@fsij.org>

	scd: After fatal error, shutdown a reader.
	+ commit c84bae69e9e02923f7180e09d161cb0b13257436
	* scd/apdu.c (pcsc_send_apdu): Notify main loop after
	fatal errors.

	scd: Fix for GNU/Linux suspend/resume.
	+ commit 71e5282c25ba812c7091e587edd721839bc4c2ac
	* configure.ac (require_pipe_to_unblock_pselect): Default is "yes".
	* scd/scdaemon.c (scd_kick_the_loop): Minor clean up.

2018-03-12  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix typo in previous commit.
	+ commit 655f0b9ad0138e6f960bf4befaf0eea569256614


2018-03-09  NIIBE Yutaka  <gniibe@fsij.org>

	scd: More fix with PC/SC for Windows.
	+ commit 1e27c0e04cd3280d498dc8b72d2e410f6287f656
	* scd/apdu.c (pcsc_get_status): Return status based on CURRENT_STATUS.
	Add debug log.

2018-03-08  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix status check when using PC/SC.
	+ commit f8b8b6aac2ca1cb34d7a346aee1d874e7650557b
	* scd/apdu.c (struct reader_table_s): Add field of current_state.
	(new_reader_slot): Initialize current_state.
	(pcsc_get_status): Keep the status in READER_TABLE array.
	Return SW_HOST_NO_READER when PCSC_STATE_CHANGED.
	* scd/scdaemon.c (handle_connections): Silence a warning.

2018-03-06  Werner Koch  <wk@gnupg.org>

	agent: Also evict cached items via a timer.
	+ commit f060cb5c63923d6caec784f65f3bb0aadf52f795
	* agent/cache.c (agent_cache_housekeeping): New func.
	* agent/gpg-agent.c (handle_tick): Call it.

2018-03-01  Werner Koch  <wk@gnupg.org>

	gpg: Print the keygrip with --card-status.
	+ commit fd595c9d3642dba437fbe0f6e25d7aaaae095f94
	* g10/call-agent.h (agent_card_info_s): Add fields grp1, grp2 and
	grp3.
	* g10/call-agent.c (unhexify_fpr): Allow for space as delimiter.
	(learn_status_cb): Parse KEYPARIINFO int the grpX fields.
	* g10/card-util.c (print_keygrip): New.
	(current_card_status): Print "grp:" records or with --with-keygrip a
	human readable keygrip.

2018-02-28  Andre Heinecke  <aheinecke@intevation.de>

	gpgconf, w32: Allow UNC paths.
	+ commit e43844c3b0b9ec93b7f2a88752bcd6b6244aacfb
	* tools/gpgconf-comp.c (get_config_filename): Allow UNC paths.

2018-02-22  Michał Górny  <mgorny@gentoo.org>

	dirmngr: Handle failures related to missing IPv6 gracefully.
	+ commit ecfc4db3a2f8bc2652ba4ac4de5ca1cd13bfcbec
	* dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle two more
	error codes.

2018-02-22  Werner Koch  <wk@gnupg.org>

	Release 2.2.5.
	+ commit 9581a65ccc10daededc05c55391a04022f794a4a


	gpg: Don't let gpg return failure on an invalid packet in a keyblock.
	+ commit b375d50ee4ce52c9b0f0855ec155be027642fb05
	* g10/keydb.c (parse_keyblock_image): Use log_info instead of
	log_error for skipped packets.
	* g10/keyring.c (keyring_get_keyblock): Ditto.

2018-02-22  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Select a secret key by checking availability under gpg-agent.
	+ commit 88e766d3915c2919e9968148ebb30463d4a673e4
	* g10/getkey.c (finish_lookup): Add WANT_SECRET argument to confirm
	by agent_probe_secret_key.
	(get_pubkey_fromfile, lookup): Supply WANT_SECRET argument.

2018-02-20  Werner Koch  <wk@gnupg.org>

	wks: Add special mode to --install-key.
	+ commit 685a5e1558b2252ac895637fb857f6f7bb85ea7b
	* tools/gpg-wks-client.c (get_key_status_parm_s)
	(get_key_status_cb, get_key): Move to ...
	* tools/wks-util.c: ...here.
	(get_key): Rename to wks_get_key.
	* tools/gpg-wks-server.c: Include userids.h.
	(command_install_key): Allow use of a fingerprint.

	wks: Implement server command --install-key.
	+ commit ee474856ec16ff11d922d8503fb3ede77129c4aa
	* tools/wks-util.c (wks_filter_uid): Add arg 'binary'.
	* tools/gpg-wks-server.c (main): Expect 2 args for --install-key.
	(write_to_file): New.
	(check_and_publish): Factor some code out to ...
	(compute_hu_fname): ... new.
	(command_install_key): Implement.

	wks: Support alternative submission address.
	+ commit 1877603761911ea5b1c15f4aef11a2cf86a8682c
	* tools/gpg-wks.h (policy_flags_s): Add field 'submission_address'.
	* tools/wks-util.c (wks_parse_policy): Parse that field.
	(wks_free_policy): New.
	* tools/gpg-wks-client.c (command_send): Also try to take the
	submission-address from the policy file.  Free POLICY.
	* tools/gpg-wks-server.c (process_new_key): Free POLICYBUF.
	(command_list_domains): Free POLICY.

2018-02-15  Werner Koch  <wk@gnupg.org>

	kbx: Fix detection of corrupted keyblocks on 32 bit systems.
	+ commit 5e3679ae395e7a7e44f218f07bbe487429f1b279
	* kbx/keybox-search.c (blob_cmp_fpr): Avoid overflow in OFF+LEN
	checking.
	(blob_cmp_fpr_part): Ditto.
	(blob_cmp_name): Ditto.
	(blob_cmp_mail): Ditto.
	(blob_x509_has_grip): Ditto.
	(keybox_get_keyblock): Check OFF and LEN using a 64 bit var.
	(keybox_get_cert): Ditto.

2018-02-15  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Fix reversed messages for --only-sign-text-ids.
	+ commit ca138d5bf36accde2fd755249b470a8dc8743c95
	* g10/keyedit.c (keyedit_menu): Fix messages.

2018-02-14  Katsuhiro Ueno  <uenobk@gmail.com>

	agent: Avoid appending a '\0' byte to the response of READKEY.
	+ commit df97fe24807826ddc2af0e45e416fb81c5666f88
	* agent/command.c (cmd_readkey): Set pkbuflen to the length of the output
	without an extra '\0' byte.

2018-02-14  Werner Koch  <wk@gnupg.org>

	sm: Fix minor memory leak in --export-p12.
	+ commit 80719612b7e92aff5887f2a68d550a24f350722c
	* sm/export.c (gpgsm_p12_export): Free KEYGRIP.

2018-02-14  Katsuhiro Ueno  <uenobk@gmail.com>

	sm: Fix a wrong key parameter in an exported private key file.
	+ commit 29aac7798085ee38da5107698618890ae7593c96
	* sm/export.c (sexp_to_kparms): Fix the computation of array[6],
	which must be 'd mod (q-1)' but was 'p mod (q-1)'.

2018-02-14  Werner Koch  <wk@gnupg.org>

	common: Use new function to print status strings.
	+ commit f19ff78f0fbfc2793d8a9ab0173486bf712871ac
	* common/asshelp2.c (vprint_assuan_status_strings): New.
	(print_assuan_status_strings): New.
	* agent/command.c (agent_write_status): Replace by call to new
	function.
	* dirmngr/server.c (dirmngr_status): Ditto.
	* g13/server.c (g13_status): Ditto.
	* g13/sh-cmd.c (g13_status): Ditto.
	* sm/server.c (gpgsm_status2): Ditto.
	* scd/command.c (send_status_info): Bump up N.

2018-02-13  Arnaud Fontaine  <arnaud.fontaine@ssi.gouv.fr>

	scd: Improve KDF-DO support.
	+ commit 25f3b69129015c54392636818c8846e236f5cb2c
	* scd/app-openpgp.c (pin2hash_if_kdf): Check the content of KDF DO.

2018-02-12  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix handling for Data Object with no data.
	+ commit 0a3bec2c2525935362f87dce93d7df2c8d498498
	* scd/app-openpgp.c (get_cached_data): Return NULL for Data Object
	with no data.

2018-02-09  Andre Heinecke  <aheinecke@intevation.de>

	doc: Add compliance de-vs to gpgsm in vsnfd.prf.
	+ commit e0658b19d93b38ed9ebd07734c4678acdde1607d
	* doc/examples/vsnfd.prf: Set complaince mode for gpgsm.

2018-02-07  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Use pipe to kick the loop on NetBSD.
	+ commit 015fe1c47b91da340e9df6bed908e0747ae8c60b
	* configure.ac (HAVE_PSELECT_NO_EINTR): New.
	* scd/scdaemon.c (scd_kick_the_loop): Write to pipe.
	(handle_connections): Use pipe.

2018-01-29  NIIBE Yutaka  <gniibe@fsij.org>

	tests: Fix for NetBSD with __func__.
	+ commit 64aa98c8a05513d9c00f53a2b880d80f9035333e
	* tests/asschk.c: Don't define __func__ if available.

2018-01-27  Werner Koch  <wk@gnupg.org>

	dirmngr: Improve assuan error comment for cmd keyserver.
	+ commit f8e868d9dfb6fc1390e421e7993a1d076309ed83
	* dirmngr/server.c: Add error comment in case --resolve fails in
	ensure_keyserver.

2018-01-26  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Fix last commit.
	+ commit d7207b39b71d1b07c4cddac602f29ec583f6d1ad
	* configure.ac: Check ucred.h as well as sys/ucred.h.
	* agent/command-ssh.c: Add inclusion of ucred.h.

	agent: More fix for get_client_pid for portability.
	+ commit 08e686a6a6d5bcb5410228b388745d09686b260c
	    * configure.ac: Check sys/ucred.h instead of ucred.h.
	    * agent/command-ssh.c: Include sys/ucred.h.

2018-01-22  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Support KDF Data Object of OpenPGPcard V3.3.
	+ commit 91303b7df9c3e810cfcd4920f78bac6f8b7df2b2
	* scd/app-openpgp.c (do_getattr, do_setattr): Add KDF support.
	(pin2hash_if_kdf): New.
	(verify_a_chv): Add PINLEN arg.  Use pin2hash_if_kdf.
	(verify_chv2, do_sign): Follow the change of verify_a_chv.
	(verify_chv3, do_change_pin): Use pin2hash_if_kdf.

2018-01-18  Werner Koch  <wk@gnupg.org>

	gpg: Fix the use of future-default with --quick-add-key.
	+ commit e1e35db510c9222e7a7dc208c2e49df556954170
	* g10/keygen.c (parse_key_parameter_part): Add arg clear_cert.
	(parse_key_parameter_string): Add arg suggested_use and implement
	fallback.  Change callers to pass 0 for new arg.
	(parse_algo_usage_expire): Pass the parsed USAGESTR to
	parse_key_parameter_string so that it can use it in case a subkey is
	to be created.

2018-01-09  Andre Heinecke  <aheinecke@intevation.de>

	doc: Note pinentry-mode for passphrase opts.
	+ commit 6fb5713f4a6976900cc70c140e61043b6ef688d1
	* doc/gpg.texi (--passphrase, --passphrase-file, --passphrase-fd):
	Note that pinentry-mode needs to be loopback.

2018-01-08  Werner Koch  <wk@gnupg.org>

	gpg: Print all keys with --decrypt --list-only.
	+ commit 339b3301ee8410fe3bbdebb66a6e83801d79d40d
	* g10/mainproc.c (proc_pubkey_enc): Use dedicated error code for
	list-only and put the key into PKENC_LIST.
	(print_pkenc_list): Take care of the new error code.

2018-01-01  Werner Koch  <wk@gnupg.org>

	gpg: Allow "futuredefault" as alias for "future-default".
	+ commit 4d3c500f4793eb263940ff5ef87ec4ead63c9b4b
	* g10/keygen.c (parse_key_parameter_string): Allow "futuredefault" and
	use case-insensitive matching
	(quick_generate_keypair): Ditto.
	(parse_algo_usage_expire): Ditto.

2017-12-29  Werner Koch  <wk@gnupg.org>

	gpg: Allow the use of "cv25519" and "ed25519" in the keygen parms.
	+ commit 412bb7a801f242d47a82712080cce6ddbb843166
	* g10/keygen.c (gen_ecc): Map curve names.

2017-12-27  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix for inactive card at start by internal CCID driver.
	+ commit 4f88b0f56134af2ce56d434b7acd47fcf9b6f7cf
	* scd/ccid-driver.c (do_close_reader): Set NULL on close.
	(bulk_in): Move DEBUGOUT and check by EP_INTR.
	(ccid_get_atr): Clear powered_off flag after initial status check.

2017-12-22  Werner Koch  <wk@gnupg.org>

	kbx: Simplify by removing custom memory functions.
	+ commit f3ba66781a07af2e32f5887e6e15acdd4822a431
	* kbx/keybox-util.c (keybox_set_malloc_hooks): Remove.
	(_keybox_malloc, _keybox_calloc, keybox_realloc)
	(_keybox_free): Remove.
	(keybox_file_rename): Remove.  Was not used.
	* sm/gpgsm.c (main): Remove call to keybox_set_malloc_hooks.
	* kbx/kbxutil.c (main): Ditto.
	* kbx/keybox-defs.h: Remove all separate includes.  Include util.h.
	remove convenience macros.
	* common/logging.h (return_if_fail): New.  Originally from
	keybox-defs.h but now using log_debug.
	(return_null_if_fail): Ditto.
	(return_val_if_fail): Ditto.
	(never_reached): Ditto.

2017-12-20  Werner Koch  <wk@gnupg.org>

	common: Use larger buffer for homedir in case of 64 bit UIDs.
	+ commit 290348e349e8d56a856f187a08e913f2ed525b3c
	* common/homedir.c (_gnupg_socketdir_internal): Enlarge PREFIX by 6
	bytes for "/gnupg".

	Release 2.2.4.
	+ commit 558b17593ae97b8a07d06bf0d6af1a626b304501


2017-12-19  Petr Pisar  <petr.pisar@atlas.cz>

	po: Update Czech translation.
	+ commit 43aaf60449036e870cc25b77fbb7312cf3fb534c


2017-12-19  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit c7b8ec6c8e57797f0b77dbf7fca85fb600323328


2017-12-19  Werner Koch  <wk@gnupg.org>

	wks: New server options --check, --with-dir, with-file.
	+ commit 7449063b1af2eef73d621a69cdb2fb713ab1ae6c
	* tools/gpg-wks-server.c (aCheck, oWithDir, oWithFile): New const.
	(opts): New options --check, --with-dir, and --with-file.
	(main): Call command_check_key.
	(command_list_domains): Implement option --with-dir.
	(fname_from_userid): New.
	(command_check_key): New.
	(command_remove_key): Implement existsing command.
	(command_revoke_key): Call command_remove_key as a simple
	implementation.

2017-12-18  Werner Koch  <wk@gnupg.org>

	conf: New option --status-fd.
	+ commit 482e000b8a7e336f342a7fac3b7379257e944b6e
	* tools/gpgconf.c (oStatusFD): New const.
	(opts): New option --status-fd.
	(statusfp): New var.
	(set_status_fd): New.
	(gpgconf_write_status): New.
	(gpgconf_failure): New.
	(main): Set status fd and replace exit by gpgconf_failure.
	* tools/gpgconf-comp.c: Repalce exit by gpgconf_failure.
	(gc_process_gpgconf_conf): Print a few warning status messages.

	gpgconf: Show --compliance in expert mode.
	+ commit d74c40cef0a97cd98aa05f13b1541a94eda502a6
	* tools/gpgconf-comp.c (gc_options_gpg): Set compliance to expert.
	(gc_options_gpgsm): Ditto.

	sm: Allow explicit setting of the default --compliance=gnupg.
	+ commit 8c878ae4c9dfa9fe26aa15f4f9db3e86833575e9
	* sm/gpgsm.c (main): Allow setting of the default compliance.
	* tools/gpgconf-comp.c (gc_options_gpgsm): Add "compliance".

2017-12-18  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit e3ddeff66e8c08a37ddf8b6510d69579c245e192
	* po/ja.po: Fix message with no "%s".

2017-12-13  Werner Koch  <wk@gnupg.org>

	gpg: Print a warning for too much data encrypted with 3DES et al.
	+ commit 416cf9e9be5d2daf0ef629208031989699b3653f
	* g10/filter.h (cipher_filter_context_t): Remove unused filed
	'create_mdc'.  Turn field 'header' into a bit field.  Add new fields
	'short_blklen_warn' and 'short_blklen_count'.
	* g10/cipher.c (write_header): Print a warning if MDC is not used.
	(cipher_filter): Print a warning for long messages encrypted with a
	short block length algorithm.

	gpg: Simplify cipher:write_header.
	+ commit b5333e13cbc9db354ed90762190bf70605a02d1f
	* g10/cipher.c (write_header): Use write_status_printf.

	gpg: Simplify default_recipient().
	+ commit 9f641430dcdecbd7ee205d407cb19bb4262aa95d
	* g10/pkclist.c (default_recipient): Use hexfingerprint.

	gpg: Return an error from hexfingerprint on malloc error.
	+ commit cd26c5482b10bee7658959ae913f2ddb83190587
	* g10/keyid.c (hexfingerprint): Return NULL on malloc failure.  Chnage
	all callers.

	gpg: Remove some xmallocs.
	+ commit 29119a6492eda5dd7920e45e7f2faa043d436591
	* g10/getkey.c (get_pubkeys): Do not use xmalloc.

2017-12-12  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: default-preference-list: prefer SHA512.
	+ commit 8ede3ae29a39641a2f98ad9a4cf61ea99085a892
	* g10/keygen.c (keygen_set_std_prefs): when producing default internal
	personal-digest-preferences, keep the same order.  When publishing
	external preferences, state preference for SHA512 first.

2017-12-12  Werner Koch  <wk@gnupg.org>

	Change backlog from 5 to 64 and provide option --listen-backlog.
	+ commit c81a447190d2763ac4c64b2e74e22e824da8aba3
	* agent/gpg-agent.c (oListenBacklog): New const.
	(opts): New option --listen-backlog.
	(listen_backlog): New var.
	(main): Parse new options.
	(create_server_socket): Use var instead of 5.
	* dirmngr/dirmngr.c: Likewise.
	* scd/scdaemon.c: Likewise.

	build: New configure option --enable-run-gnupg-user-socket.
	+ commit 17efcd2a2acdc3b7f00711272aa51e5be2476921
	* configure.ac: (USE_RUN_GNUPG_USER_SOCKET): New ac_define.
	* common/homedir.c (_gnupg_socketdir_internal): Add extra directories.

2017-12-11  Werner Koch  <wk@gnupg.org>

	dirmngr: Check for WKD support at session end.
	+ commit 20b52be9ca29b0bc843fc68a279cb72728ede72f
	* dirmngr/domaininfo.c (insert_or_update): Copy the name.
	* dirmngr/misc.c (copy_stream): Allow arg OUT to be NULL.
	* dirmngr/server.c (set_error): Protect CTX.
	(dirmngr_status): Protect against missing ASSUAN_CTX.
	(dirmngr_status_help): Ditto.
	(dirmngr_status_printf): Ditto.
	(cmd_wkd_get): Factor code out to ...
	(proc_wkd_get): new func.  Support silent operation with no CTX.
	(task_check_wkd_support): New.

	dirmngr: Add a background task framework.
	+ commit f2997adee0455c8c0fa391a853ec1b0c9fc43342
	* dirmngr/workqueue.c: New.
	* dirmngr/Makefile.am (dirmngr_SOURCES): Add new file.
	* dirmngr/server.c (server_local_s): New field session_id.
	(cmd_wkd_get): Add a task.
	(task_check_wkd_support): New stub function.
	(cmd_getinfo): New sub-commands "session_id" and "workqueue".
	(start_command_handler): Add arg session_id and store it in
	SERVER_LOCAL.
	(dirmngr_status_helpf): New.
	* dirmngr/dirmngr.h (wqtask_t): New type.
	* dirmngr/dirmngr.c (main): Pass 0 as session_id to
	start_command_handler.
	(start_connection_thread): Introduce a session_id and pass it to
	start_command_handler.  Run post session tasks.
	(housekeeping_thread): Run global workqueue tasks.

	dirmngr: Limit the number of cached domains for WKD.
	+ commit 7a663c296e687f12ccd9a21d414de780feb4dfcf
	* dirmngr/domaininfo.c (MAX_DOMAINBUCKET_LEN): New.
	(insert_or_update): Limit the length of a bucket chain.
	(domaininfo_print_stats): Print just one summary line.

	(cherry picked from commit 26f08343fbccdbaa177c3507a3c5e24a5cf94a2d)

	dirmngr: Keep track of domains used for WKD queries.
	+ commit 6c1dcd79cf0977844179d9a7b189c10af5e42a7e
	* dirmngr/domaininfo.c: New file.
	* dirmngr/Makefile.am (dirmngr_SOURCES): Add file.
	* dirmngr/server.c (cmd_wkd_get): Check whether the domain is already
	known and tell domaininfo about the results.

2017-12-08  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Fix description of shadow format.
	+ commit 5c121d44443b0a96ec6ea82b90717e3dbafd2cc5
	* agent/keyformat.txt, agent/protect.c, agent/t-protect.c: Fix.

2017-12-07  Werner Koch  <wk@gnupg.org>

	build: Do not define logging.h constants for libgpg-error dev versions.
	+ commit 2fedf8583bcc493f587c90bc9632d25dfd10bd10
	* common/logging.h [GPGRT_LOG_WITH_PREFIX]: Do not define the log
	constants.

2017-12-07  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Change intialization of assuan socket system hooks.
	+ commit b9677ba16f6b386896781a751e4b2fc839e3ec81
	* agent/gpg-agent.c (initialize_modules): Add hook again.
	(main): Remove setting of the system houk but add scoket system hook
	setting after assuan initialization.

2017-12-06  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Set assuan system hooks before call of assuan_sock_init.
	+ commit 1524ba9656f0205d8c6ef504f773b832a7a12ab9
	* agent/gpg-agent.c (initialize_modules): Move assuan_set_system_hooks.
	(main): ... here, just before assuan_sock_init.

2017-12-04  NIIBE Yutaka  <gniibe@fsij.org>
	    Damien Goutte-Gattat  <dgouttegattat@incenp.org>

	g10: Fix regexp sanitization.
	+ commit 0d0b9eb0d4f99e8d293a4ce4b90921a879905115
	* g10/trustdb.c (sanitize_regexp): Only escape operators.

2017-11-26  Werner Koch  <wk@gnupg.org>

	gpg: Do not read from uninitialized memory with --list-packets.
	+ commit 4cf3cc6e3d48c8400466ca29c3f1c22ed2da6c2c
	* g10/parse-packet.c (parse_plaintext): Fill up the allocated NAME.

2017-11-24  Werner Koch  <wk@gnupg.org>

	agent: New option --auto-expand-secmem.
	+ commit 18af15249de5f826c3fa8d1d40e876734adcd0cf
	* agent/gpg-agent.c (oAutoExpandSecmem): New enum value.
	(opts): New option --auto-expand-secmem.
	(main): Implement that option.

2017-11-22  Werner Koch  <wk@gnupg.org>

	gpg: Fix memory leaking for long inputs via --command-fd.
	+ commit ea28ea18f3ee6c9f5e69986f39848398b58e242e
	* g10/cpr.c (do_get_from_fd): Free the old buffer.

2017-11-21  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Enable card removal check after select_application.
	+ commit 0bb7fd0cab2d53cd0d44b21301b23edfe817e66b
	* scd/apdu.c (open_ccid_reader): Fix error handling of ccid_get_atr.
	* scd/app.c (select_application): Always kick the loop if new APP.
	* scd/ccid-driver.c (ccid_open_usb_reader): Don't setup at open.
	(ccid_slot_status): Setup interrupt transfer when !ON_WIRE.

2017-11-20  Werner Koch  <wk@gnupg.org>

	Release 2.2.3.
	+ commit 97f4feaaca8da4dcf1ca09a2016693155016f06b


	build: Use -Werror only for the check.
	+ commit 04d9833e71cc9d0c087faec091c29b0b6cf69488
	* configure.ac: Do not add -Werror to mycflags.

	gpg-agent: Avoid getting stuck in shutdown pending state.
	+ commit 7ffedfab8909a45a4b0347a5f7b52222e8439f1d
	* agent/gpg-agent.c (handle_connections): Always check inotify fds.

2017-11-20  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Use clock or clock_gettime for calibration.
	+ commit 760aa8aadafb747f33a1461ab0c2570b5ae43716
	* agent/protect.c (calibrate_get_time): Use clock or clock_gettime.

	build: Check -Wlogical-op flag availability with -Werror.
	+ commit 3ecd1a41be7c880976987d13e88342c98f37e064
	* configure.ac: Use -Werror.

	build: BSD make support for yat2m.
	+ commit e1984969cac06a88c7e6f5e49e5c3104d10a847d
	* configure.ac (YAT2M): Only define when found.
	* doc/Makefile.am: Portability fix.

2017-11-17  Werner Koch  <wk@gnupg.org>

	dirmngr: Fix double free of a hash context in the error case.
	+ commit 2aa106d6a4e2b09c257e8d769895d93ebb7f7edf
	* dirmngr/crlcache.c: Clearly document that this fucntions takes
	ownership of MD.
	(abort_sig_check): Allow NULL for MD.
	(crl_parse_insert): Immediately set MD to NULL.  Remove check for md
	before a calling abort_sig_check.

2017-11-15  Andre Heinecke  <aheinecke@intevation.de>

	w32: Fix default registry path.
	+ commit 4f5afaf1fdb5cb13859aca390ccb5a1ba1dba00c
	* configure.ac (GNUPG_REGISTRY_DIR): Remove leading backslash.

	gpgtar: Prefer --set-filename over implicit name.
	+ commit 878b8bfdcc3a8becfc46b9287a2d14cd3c875f28
	* tools/gpgtar-extract.c: Prefer opt.filename over filename
	for the directory prefix.

2017-11-15  Werner Koch  <wk@gnupg.org>

	gpg: Print AKL info only in verbose mode.
	+ commit b062ea5bc25157c942047b3fe7f5182a06106340
	* g10/getkey.c (get_pubkey_byname): Print info only in verbose mode.

2017-11-14  Andre Heinecke  <aheinecke@intevation.de>

	sm, w32: Fix initial keybox creation.
	+ commit 5ecef193bc2144e6d51a6bd5727bfd08a0d28b66
	* sm/keydb.c (maybe_create_keybox): Open new keybox in bin mode.

2017-11-07  Werner Koch  <wk@gnupg.org>

	Release 2.2.2.
	+ commit 5bd515005032f9340bd73e4346bbd0aef8518074


	dirmngr: Reduce default LDAP timeout to 15 seconds.
	+ commit 30f21f8b0fa6844a9bba3f24dc41b3ac32170109
	* dirmngr/dirmngr.c (DEFAULT_LDAP_TIMEOUT): Change to 15.
	* dirmngr/dirmngr_ldap.c (DEFAULT_LDAP_TIMEOUT): Ditto.

	(cherry picked from commit ab7ac827041b5cd97bbca7a75b0930072dd6611f)

	speedo: Include software versions in the W32 README.
	+ commit 23bfac6d1a8bd2d0af5a6fac3ba3a6e986d6c9e8
	(cherry picked from commit f9f72ffbfa9fd7d1a7a1823697d116d76155b407)

2017-11-07  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit 1941287c9d2c9e666bad1bd330db169f0e3d6b6c


2017-11-07  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit 96d441b315ec5c9f329596cfda28ac13a8bfa21a


2017-11-06  Werner Koch  <wk@gnupg.org>

	agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".
	+ commit 3607ab2cf382296cb398a92d5ec792239960bf7b
	* agent/command.c (cmd_getinfo): New sub-commands.
	* agent/protect.c (get_standard_s2k_count): Factor some code out to ...
	(get_calibrated_s2k_count): new.
	(get_standard_s2k_time): New.

	(cherry picked from commit 52d41c8b0f4af6278d18d8935399ddad16a26856)

	agent: New option --s2k-count.
	+ commit 78a6d0ce88ae14d8324fbab3aee3286b17e49259
	* agent/agent.h (opt): New field 's2k_count'.
	* agent/gpg-agent.c (oS2KCount): New enum value.
	(opts): New option --s2k-count.
	(parse_rereadable_options): Set opt.s2k_count.

2017-11-06  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Unattended key generation "Key-Grip" and "Subkey-Grip".
	+ commit 680161647ad56d1ca92988f80bcc4d6fcb20b1eb
	* g10/keygen.c (pSUBKEYGRIP): New.
	(read_parameter_file): Add "Key-Grip" and "Subkey-Grip".
	(do_generate_keypair): Support pSUBKEYGRIP.

	g10: Simplify "factory-reset" procedure.
	+ commit f183b9768b42a6792c55a6129488bd8fbf5e8e6d
	* g10/card-util.c (factory_reset): Simplify.

2017-11-02  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit 6070f5a61d4d17ff437c69e1b708d49d107c22dc


2017-11-02  Werner Koch  <wk@gnupg.org>

	gpg: Introduce magic value 25519 to switch a card to ECC.
	+ commit acb300543422c660c87ac2f0211a42f792a65cc4
	* g10/card-util.c (ask_card_keyattr): Handle special value 25519.
	(do_change_keyattr): Allow changing to cv25519/ed25519.
	(generate_card_keys): Ditto.
	(card_generate_subkey): Ditto.

	gpg: Rename two card related functions in card-util.
	+ commit de3a740c2e1156e58d2f94faa85c051740c8988e
	* g10/card-util.c (ask_card_rsa_keysize): Rename to ask_card_keyattr.
	(do_change_rsa_keysize): Rename to do_change_keyattr.

2017-11-02  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Fix returning GPG_ERR_NOT_FOUND wrongly.
	+ commit 3da47d19df89d302c0ea25921f4bd8ce55705afe
	* agent/learncard.c (agent_handle_learn): Find SERIALNO.

2017-11-01  NIIBE Yutaka  <gniibe@fsij.org>

	common: Accept the Z-suffix for yymmddThhmmssZ format.
	+ commit 0e5bd473a07f188615c4fce26b73bb452d689d68
	* common/gettime.c (isotime_p): Accept the Z suffix.

2017-10-27  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Clean up pinentry access locking.
	+ commit 3924e1442c6625a2b57573a1a634a5ec56b09a29
	* agent/agent.h (struct server_control_s): Rename PINENTRY_ACTIVE.
	* agent/call-pinentry.c (entry_owner): Remove.
	(agent_reset_query): Use thread private object of PINENTRY_ACTIVE.
	(unlock_pinentry): Add CTRL to arguments to access thread private.
	Check and decrement PINENTRY_ACTIVE for recursive use.
	(start_pinentry): Check and increment PINENTRY_ACTIVE for recursion.
	(agent_askpin): Follow the change of unlock_pinentry API.
	(agent_get_passphrase, agent_get_confirmation): Likewise.
	(agent_show_message, agent_popup_message_start): Likewise.
	(agent_popup_message_stop, agent_clear_passphrase): Likewise.

	agent: Allow recursive use of pinentry.
	+ commit 4738256f2e0d22302377c9ec7b2ae3999338e6c6
	* agent/agent.h (struct server_control_s): Add pinentry_level.
	* agent/call-pinentry.c (agent_popup_message_stop): Not clear
	ENTRY_CTX here.
	(unlock_pinentry): Handle recursion.  Clear ENTRY_CTX here.
	(start_pinentry): Allow recursive use.

2017-10-26  NIIBE Yutaka  <gniibe@fsij.org>

	agent, tests: Support --disable-scdaemon build case.
	+ commit 05cb87276c21c3a47226c75026fa46a955553dd9
	* agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
	* tests/openpgp/defs.scm (create-gpghome): Likewise.
	* tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.

	Fix comment of configure.
	+ commit b13972dfbf7224478652038725ab0d2cb41b7303
	* configure.ac (BUILD_WITH_DIRMNGR): Comment fix.

2017-10-24  Werner Koch  <wk@gnupg.org>

	gpg: Avoid superfluous sig check info during import.
	+ commit 84af859e391a757877c9a1d78e35face983e6d23
	* g10/key-check.c (print_info): New.
	(key_check_all_keysigs): Print sig checking results only in debug
	mode.  Prettify the stats info and suppress them in quiet mode.

	build: New configure option --enable-werror.
	+ commit 812fe29bff42cf7dbd07e0becc55b2ada340dd97
	* configure.ac: Implement that option.

	build: Do not mess with CFLAGS in configure.
	+ commit e417aaf69817fcb4a73c38077853dc940a2deabc
	* configure.ac: Do not mess with the user provided CFLAGS.

2017-10-24  Rainer Perske  <rainer.perske@uni-muenster.de>

	sm: Do not expect X.509 keyids to be unique.
	+ commit 1067403c8a7fb51decf30059e46901b5ee9f5b37
	* sm/certlist.c (gpgsm_find_cert): Add arg allow_ambiguous and use it.
	* sm/call-dirmngr.c (inq_certificate): Pass true to ALLOW_AMBIGUOUS
	(run_command_inq_cb): Ditto.
