2025-01-09  Werner Koch  <wk@gnupg.org>

	Release 2.5.3.
	+ commit cc3e34b82a9b55dea3e2d812eb5b117b3ff1a550


2025-01-08  Werner Koch  <wk@gnupg.org>

	Remove the default keyserver.
	+ commit a2f2523b99ff0ce27bd83558db40496b0528ecf6


	Stronger deprecate the --supervised option.
	+ commit a019a0fcd8dfb9d1eae5bc991fdd54b7cf55641e
	* agent/gpg-agent.c (opts): Rename option supervised.
	* dirmngr/dirmngr.c (opts): Ditto.

	gpg: Print a warning if the card backup key could not be written.
	+ commit b9028f869da4e2d211f0bdd4bba784d27bfc60eb
	* g10/keygen.c (card_write_key_to_backup_file): Fix error handing by
	removing the RC variable.  Add warning note.

2025-01-06  Damien Goutte-Gattat via Gnupg-devel  <gnupg-devel@gnupg.org>

	gpg: Force the use of AES-256 in some cases.
	+ commit 72e3fddbfe7b9f8e691076dbeea5588b9f20cc2f
	* g10/encrypt.c (create_dek_with_warnings): Forcefully use AES-256 if
	PQC encryption was required or if all recipient keys are Kyber keys.

	gpg: Allow smaller session keys with Kyber.
	+ commit 80828512b6ec8ad610bf3d1d40ae09d0c2ad8c58
	* g10/pubkey-enc.c (get_it): Do not error out when decrypting a session
	key of less than 32 octets encrypted to a Kyber key.

2024-12-20  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Use gpgrt_spawn_actions_set_env_rev to have clean semantics.
	+ commit ab8a2408a3908693cd8fa9a21bb60efdb245e03a
	* scd/app.c (report_change): Use gpgrt_spawn_actions_set_env_rev.

2024-12-16  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Clean up for the refactoring.
	+ commit 893e5e7c6f4c5a8948c272a819ff7b2c7c927f71
	* agent/call-scd.c (agent_card_pkdecrypt): Remove unused variables.

	gpg: Fix key generation with existing key from card.
	+ commit aa36f6ae8bae13b75ba28761ed215f48333f06b9
	* g10/keygen.c (ask_algo): Fix condition.  Continue the loop when
	failure.

2024-12-09  Werner Koch  <wk@gnupg.org>

	gpg: Allow for longer signature subpackets.
	+ commit 36dbca3e6944d13e75e96eace634e58a7d7e201d
	* g10/parse-packet.c (parse_signature): Increase the cap for hashed
	subpackets to 30000.  Print the value in the error message.  Do not
	return an error but skip a too long signature.

2024-12-06  Werner Koch  <wk@gnupg.org>

	speedo: Change the default to build a 64 bit version.
	+ commit 4c830b240c5f4ac9cdd7ba0eb72b96a79acde96f
	* build-aux/speedo.mk (W32VERSION): Default to 64 bit.
	* build-aux/speedo/w32/inst.nsi: Remove the doc dir.

2024-12-05  Werner Koch  <wk@gnupg.org>

	gpg: Silence expired trusted-key diagnostics in quiet mode.
	+ commit 7b2748c6d8fb33e390a3bec9ae9da7679fb59aa6
	* g10/trustdb.c (validate_keys): Take care of --quiet.

	Release 2.5.2.
	+ commit 84e1781201489e50888c9415bb2625f9dd27cb8a


2024-12-05  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Use SETDATA --apend for larger data to communicate scdaemon.
	+ commit fe147645d2397dd77b646a253965c5994f360f26
	* agent/call-scd.c (prepare_setdata): New.
	(agent_card_pksign): Use prepare_setdata for SETDATA.
	(agent_card_pkdecrypt): Likewise.

2024-12-04  Werner Koch  <wk@gnupg.org>

	Require gpgrt 1.51.
	+ commit c3bab200d97460028d842d76484b4c08fb947fef
	* configure.ac (NEED_GPGRT_VERSION): Bump to 1.51.

	* g10/keydb.c (internal_keydb_update_keyblock) [!USE_TOFU]: Mark an
	arg unused.
	* common/homedir.c (create_common_conf) [!BUILD_WITH_KEYBOXD]: Mark an
	arg unused.

	w32: Introduce Registry key GNUPG_ASSUME_COMPLIANCE.
	+ commit 7b0be541a994c3cb109f671632c24140edc715ae
	* common/compliance.c (get_assumed_de_vs_compliance): Also consider a
	registry entry.

2024-12-02  Daniel Cerqueira  <dan.git@lispclub.com>

	po: Update Portuguese Translation.
	+ commit 7b0d49785d0ea7838b2a1031e2860ba224f64fd5


2024-11-25  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Fix modifying signature data by pk_verify for Ed25519.
	+ commit 52616ae81d803f5a86c1d2155a1b7a521037e8f3
	* g10/pkglue.c (pk_verify): When fixing R and S, make sure those are
	copies.

2024-11-25  Werner Koch  <wk@gnupg.org>

	common: Change daemon startup timeout from 5 to 8 seconds.
	+ commit 73f3d98444af66569294bf5d7c6b725c39a2f884
	* common/asshelp.c (SECS_TO_WAIT_FOR_AGENT): Change from 5 to 8
	seconds.
	(SECS_TO_WAIT_FOR_KEYBOXD): Ditto.
	(SECS_TO_WAIT_FOR_DIRMNGR): Ditto.

2024-11-22  Werner Koch  <wk@gnupg.org>

	gpg: Fix comparing ed448 vs ed25519 with --assert-pubkey-algo.
	+ commit bb6b38c24010258c7cb2da840d0a088fe43393b3
	* g10/keyid.c (extra_algo_strength_offset): New.
	(compare_pubkey_string_part): Use the mapping.

2024-11-18  NIIBE Yutaka  <gniibe@fsij.org>

	scd: No hard lock-up when apdu_connect never returns.
	+ commit 261a08566e38faa49fd72b4440c4421622c57e06
	* scd/app.c (new_card_lock): New.
	(select_application): Scanning is serialized by NEW_CARD_LOCK.
	For app_new_register, we hold the W-lock.
	(initialize_module): Initialize NEW_CARD_LOCK.

2024-11-15  Werner Koch  <wk@gnupg.org>

	gpgconf: Include a minimal secure version in the --query-swdb output.
	+ commit 17b766b0a3d82b92bd02fce5b65ef02a801eafc7
	* tools/gpgconf.c (query_swdb): Parse the new minver tag.

2024-11-14  Werner Koch  <wk@gnupg.org>

	gpg: Consider Kyber to be de-vs compliant.
	+ commit e5f450f3bb83f80c37cbc6cc9bbe19cbd3359eba
	* common/compliance.c (gnupg_pk_is_compliant) <CO_DE_VS>: Consider
	Brainpool Kyber variants compliant.
	(gnupg_pk_is_allowed): Ditto.
	(assumed_de_vs_compliance): Remove variable.
	(get_assumed_de_vs_compliance): New.
	(get_compliance_cache): Use new accessor.
	(gnupg_status_compliance_flag): Ditto.

	gpg: Allow "Kyber" as algorithm for the Subkey-Type keyword.
	+ commit 996e8ae3cb0908f2b9eca0d8cbac9e972e355a5a
	* g10/keygen.c (get_parameter_algo): Make "KYBER" to
	PUBKEY_ALGO_KYBER.

	gpg: For composite algos add the algo string to the colons listings.
	+ commit 7e066f614a60c1f6bea601f72a330a57474d088c
	* g10/keylist.c (list_keyblock_colon): Put the algo string into the
	curve field for Kyber.

2024-11-13  Werner Koch  <wk@gnupg.org>

	gpg: Add option to create Kyber with --full-gen-key.
	+ commit 6b02292d315d829bc05816dac7975a94aaeae718
	* g10/keygen.c (PQC_STD_KEY_PARAM_PRI, PQC_STD_KEY_PARAM_SUB): New.
	(PQC_STD_KEY_PARAM): Construct from above.
	(gen_kyber): Allow short curve names.
	(ask_algo): Add Entry for ecc+kyber.
	(ask_kyber_variant): New.
	(generate_keypair): Generate ECC primary and Kyber sub.

2024-11-12  Werner Koch  <wk@gnupg.org>

	gpgconf: Show also the used nPth version with -V.
	+ commit d54db0ac42bc3ffdcfab416b187b271aa9e8b2c0
	* dirmngr/dirmngr.c (gpgconf_versions): Get and show nPth version.

	gpg-mail-tube: Fix content type for an attached non-plaintext.
	+ commit 813bd4f3d258ac3f32382070dd2370ba4cd19d55
	* tools/gpg-mail-tube.c (mail_tube_encrypt): Fix content type for an
	attached message.

2024-11-12  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Clean up app_send_active_apps and app_send_card_list.
	+ commit d994ffc56a0221051a7e3dae2fe649d3819c534a
	* scd/app.c (send_card_and_app_list): Only handle the case with
	WANTCARD=NULL.
	(app_send_card_list): Follow the change.
	(app_send_active_apps): Factor out the case with WANTCARD!=NULL.

2024-11-11  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix a memory leak.
	+ commit 2f6b479919f98daf11cdea0b71e2e1ea5c4792dc
	* scd/app-help.c (app_help_read_length_of_cert): Free the BUFFER.

	scd: Fix resource leaks on error paths.
	+ commit b1f2695d24a8ab341d71b8cf65351b7ceed16e1b
	* scd/app-dinsig.c (do_readcert): Don't return directly but care about
	releasing memory.
	* scd/app-nks.c (readcert_from_ef): Likewise.

2024-11-08  Werner Koch  <wk@gnupg.org>

	gpg: Improve wording for only-pubkeys.
	+ commit d37971b45f7dbb311a7e5d3358afc617fd39ce74
	* g10/import.c (parse_import_options): Add a description to
	only-pubkeys.

2024-11-07  Werner Koch  <wk@gnupg.org>

	gpgtar: Make sure to create upper directories for regular files.
	+ commit 74e81f830dc26aa09f6ed3254f965d50c7f31d02
	* tools/gpgtar-extract.c (extract_directory): Factor parent directory
	creation out to ..
	(try_mkdir_p): new.
	(extract_regular): Create directory on ENOENT.

	* g10/pubkey-enc.c (get_it): Use log_info instead of log_error if the
	public key was not found for preference checking.

	gpg-mail-type: Assume text/plain for missing content-type.
	+ commit 567fb6eaa037cc3fea46452e58cd720d77d7235d
	* tools/gpg-mail-tube.c (mail_tube_encrypt): Rename var ct_text for
	clarity.  Replace debug diagnostic by log_info. Assume text/plain for
	missing content-type.

	gpgtar: Use log-file from common.conf only in --batch mode.
	+ commit b389e04ef5260628bfd8002e20873114a3d4fa4b
	* tools/gpgtar.c (main): Do it.

2024-11-07  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix getinfo active_apps.
	+ commit 8359f2e498953ba4714ff894cbbcb14457e8986e
	* scd/app.c (send_card_and_app_list): Avoid locking recursively.

2024-11-06  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Serialize CARD access for send_card_and_app_list.
	+ commit 25a140542a9186a27b7df9cd3ca3d478b59cbf1b
	* scd/app.c (send_card_and_app_list): Lock the CARD.

2024-10-31  Werner Koch  <wk@gnupg.org>

	gpg: Allow the use of an ADSK subkey as ADSK subkey.
	+ commit d30e345692440b9c6677118c1d20b9d17d80f873
	* g10/packet.h (PKT_public_key): Increased size of req_usage to 16.
	* g10/getkey.c (key_byname): Set allow_adsk in the context if ir was
	requested via req_usage.
	(finish_lookup): Allow RENC usage matching.
	* g10/keyedit.c (append_adsk_to_key): Adjust the assert.
	* g10/keygen.c (prepare_adsk): Also allow to find an RENC subkey.

2024-10-31  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Fix status output for LISTTRUSTED.
	+ commit a7c81efe51872122df20a970012af67b0c7dc466
	* agent/trustlist.c (istrusted_internal): When LISTMODE is enabled,
	TRUSTLISTFPR status output should be done.

2024-10-30  Werner Koch  <wk@gnupg.org>

	gpg: Do not fail with an error for a "Note:" diagnostic.
	+ commit 48aa9e82657902ceb7ef081c6c55adbea5dd0217
	* g10/trustdb.c (validate_keys): Use log_info instead of log_error for
	not found or expired UTKs.

2024-10-29  Werner Koch  <wk@gnupg.org>

	speedo: Enable additional runtime protections on Windows.
	+ commit 39aa206dc51d1d90e301a3b19a0b549b811f0cd2
	* build-aux/speedo.mk (speedo_w32_cflags): Remove -mms-bitfields
	because it is for a long time the gcc default.  Enable control flow
	protection.

2024-10-23  Werner Koch  <wk@gnupg.org>

	gpgsm: Terminate key listing on output write error.
	+ commit 18081e2ecf43de2be6ad5a7ca3384e1e2b66914d
	* sm/keylist.c (list_internal_keys): Detect write errors to the output
	stream.

	* sm/server.c (any_failure_printed): New var.
	(gpgsm_status2): Handle new var.  Move statusfp init to ...
	(gpgsm_init_statusfp): new function.
	(gpgsm_exit_failure_status): New.
	* sm/gpgsm.c (main): Explicit statusfp init.
	(gpgsm_exit): Print failure status on error.

2024-10-22  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Fix resource leak for PRIMARY_CTX.
	+ commit 40707c8bff49f106f8b0c09fee1af08467448bfc
	* agent/call-daemon.c (wait_child_thread): Call assuan_release for
	PRIMARY_CTX when it's kept for reuse.

2024-10-21  Werner Koch  <wk@gnupg.org>

	common: Fix test for the assumed compliance.
	+ commit 51b7bb9106587c2129dca3e4f3a1ec6225c64cfb
	* common/compliance.c (gnupg_status_compliance_flag): Fix test.

2024-10-16  NIIBE Yutaka  <gniibe@fsij.org>

	build: Don't remove --disable-endian-check.
	+ commit 347ab07c6245bbd65797b6712bebdb8f13a2b61c
	* configure.ac (WORDS_BIGENDIAN): Use the autoconf macro,
	instead of our own BIG_ENDIAN_HOST.
	(DISABLED_ENDIAN_CHECK): Keep --disable-endian-check supported.
	* g10/rmd160.c (transform): Use WORDS_BIGENDIAN.

	common: Fix a race condition in creating socketdir.
	+ commit 71840b57f48680b7555451a29026d9c6de4fe2bc
	* common/homedir.c (_gnupg_socketdir_internal): Check return code
	of gnupg_mkdir and handle the case of GPG_ERR_EEXIST.

2024-10-15  Werner Koch  <wk@gnupg.org>

	gpgsm: Fix cached istrusted lookup.
	+ commit 374195e741cf1c52daad6c07799d308c8a9f73e3
	* sm/call-agent.c (gpgsm_agent_istrusted): Actually set istrusted
	list.

2024-10-14  Werner Koch  <wk@gnupg.org>

	dirmngr: Print a brief list of URLs with LISTCRLS.
	+ commit f8b1b7b4df86de86c28721aef2b2b70b79c6df91
	* dirmngr/crlcache.c (crl_cache_list): Print a summary of URLs.

	* sm/call-dirmngr.c (gpgsm_dirmngr_run_command): Print a notice to
	stdout if the dirmngr has been disabled.

2024-10-11  NIIBE Yutaka  <gniibe@fsij.org>

	build: Use AC_C_BIGENDIAN for detecting endian.
	+ commit f8bf5e01f76620cc550253cc2575754872cf64aa
	* acinclude.m4 (GNUPG_CHECK_ENDIAN): Remove.
	* configure.ac (BIG_ENDIAN_HOST): Use AC_C_BIGENDIAN
	to detect endian and set BIG_ENDIAN_HOST.

2024-10-08  NIIBE Yutaka  <gniibe@fsij.org>

	common,gpg,scd,sm: Fix for Curve25519 OID supporting new and old.
	+ commit 57dce1ee62c2b900b852877c1c9754126b87ed0f
	* common/util.h (openpgp_curve_to_oid): Add new argument to select OID
	by OpenPGP version.
	* common/openpgp-oid.c (openpgp_curve_to_oid): Implement returning
	selected OID for Curve25519.
	* common/openpgp-fpr.c (compute_openpgp_fpr_ecc): Follow the change,
	selecting by the version.
	* g10/export.c (match_curve_skey_pk): Likewise.
	(transfer_format_to_openpgp): Likewise.
	* g10/gpg.c (list_config): Likewise, print new OID.
	* g10/keygen.c (ecckey_from_sexp): Likewise, selecting by the version.
	* sm/encrypt.c (ecdh_encrypt): Likewise, don't care.
	* sm/minip12.c (build_ecc_key_sequence): Likewise, new OID.
	* scd/app-openpgp.c (ecdh_params, gen_challenge): Likewise, don't
	care.
	(ecc_read_pubkey, change_keyattr_from_string, ecc_writekey): Likewise,
	old OID.

	common,gpg,scd,sm: Use openpgp_oid_or_name_to_curve to get curve.
	+ commit f5703994d4692fc310292a93296626f484936b16
	* common/sexputil.c (pubkey_algo_string): Use
	openpgp_oid_or_name_to_curve.
	* g10/card-util.c (current_card_status, ask_card_keyattr): Likewise.
	* scd/app-piv.c (writekey_ecc): Likewise.
	* sm/fingerprint.c (gpgsm_get_key_algo_info): Likewise.

2024-10-07  Werner Koch  <wk@gnupg.org>

	Implement GNUPG_ASSUME_COMPLIANCE envvar for testing.
	+ commit b287fb577587655559fefb90f7ed90c9a15dc6a3
	* common/compliance.c (assumed_de_vs_compliance): New.
	(get_compliance_cache): Check envvar and fake compliance.
	(gnupg_status_compliance_flag): Return 2023 for de-vs if in faked
	mode.
	* g10/gpg.c (gpgconf_list): For compliance_de_vs return 23 or 2023.

	gpg: Emit status error for an invalid ADSK.
	+ commit e8858807bcafea9f996dae260443df41e7c8ac11
	* g10/keygen.c (prepare_adsk): Emit status error.

2024-10-04  Werner Koch  <wk@gnupg.org>

	gpgsm: Add compatibility flag no-keyinfo-cache.
	+ commit f8f6c6c7616662a6748d0a9cc19532d48e502d62
	* sm/gpgsm.c (compatibility_flags): Add flag.
	* sm/gpgsm.h (COMPAT_NO_KEYINFO_CACHE): New.
	* sm/call-agent.c (gpgsm_agent_istrusted): Act upon it.
	(gpgsm_agent_keyinfo): Ditto.

2024-10-02  Werner Koch  <wk@gnupg.org>

	gpgsm: Implement a cache for the KEYINFO queries.
	+ commit 241971fac0fc52efc87ed5753a01d18b0672d900
	* sm/gpgsm.h (struct keyinfo_cache_item_s): New.
	(struct server_control_s): Add keyinfo_cache and keyinfo_cache_valid.
	* sm/call-agent.c (keyinfo_cache_disabled): New flag.
	(release_a_keyinfo_cache): New.
	(gpgsm_flush_keyinfo_cache): New.
	(struct keyinfo_status_parm_s): New.
	(keyinfo_status_cb): Implement a fill mode.
	(gpgsm_agent_keyinfo): Implement a cache.
	* sm/server.c (reset_notify): Flush the cache.
	* sm/gpgsm.c (gpgsm_deinit_default_ctrl): Ditto.

	gpgsm: Use a cache for ISTRUSTED queries.
	+ commit ef2be95258d2e02659e96f6c4df5a9a1a233c8fd
	* sm/call-agent.c (struct istrusted_cache_s): New.
	(istrusted_cache, istrusted_cache_valid): New.
	(istrusted_cache_disabled): New.
	(flush_istrusted_cache): New.
	(struct istrusted_status_parm_s): New.
	(istrusted_status_cb): Fill the cache.
	(gpgsm_agent_istrusted): Implement a cache.

2024-10-01  Werner Koch  <wk@gnupg.org>

	agent: Add option --status to the LISTRUSTED command.
	+ commit 4275d5fa7a51731544d243ba16628a9958ffe3ce
	* agent/trustlist.c (istrusted_internal): Add arg listmode and print
	new status line in this mode.  Adjust callers.
	(agent_listtrusted): Add new args ctrl and status_mode.  Get all
	trusted keys and then call is_trusted_internal for all of them.

	* agent/command.c (cmd_listtrusted): Add new option --status.

	gpgsm: Possible improvement for some rare P12 files.
	+ commit f50dde6269bd1da5da8776fc9d9f4e66d898f58d
	* sm/minip12.c (parse_shrouded_key_bag): Increase size of salt buffer.

	gpgconf: Add list flag to trusted-key et al.
	+ commit f197fe34f22beb66e5115f7a38c915d89259b363
	* tools/gpgconf-comp.c (known_options_gpg): Add list flag to sume
	options.

2024-10-01  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Robust error handling for SCD READKEY.
	+ commit e7891225788ab5f6d050a06643b1f488c227771f
	* g10/keygen.c (ask_algo): List the card key only when it's valid.

2024-09-30  Werner Koch  <wk@gnupg.org>

	gpgsm: Silence messages about dirmngr cache lookup failed.
	+ commit 0e283a0ebcce17bf13b9d685fa73c75ee50fb16d
	* sm/certchain.c (find_up_dirmngr): Skip if we know that there is no
	dirmngr.

	gpgsm: Silence the fingerprint output in quiet mode.
	+ commit 819085364238b2d078580068b92b477a3c0d3e9a
	* sm/certchain.c (ask_marktrusted): Avoid fingerprint printing in
	quiet mode

	gpgsm: Use a cache to speed up parent certificate lookup.
	+ commit ce0580a599ec759ec6e21378193a995b55fce6cf
	* sm/gpgsm.h (COMPAT_NO_CHAIN_CACHE): New.
	(struct cert_cache_item_s, cert_cache_item_t): New.
	(struct server_control_s): Add parent_cert_cache.
	* sm/gpgsm.c (compatibility_flags): Add "no-chain-cache".
	(parent_cache_stats): New.
	(gpgsm_exit): Print the stats with --debug=memstat.
	(gpgsm_deinit_default_ctrl): Release the cache.
	* sm/certchain.c (gpgsm_walk_cert_chain): Cache the certificates.
	(do_validate_chain): Ditto.

2024-09-27  Werner Koch  <wk@gnupg.org>

	sm: Optmize clearing of the ephemeral flag.
	+ commit cb6c506e4e41e174411669c880eedc8a8790430c
	* kbx/keybox-search.c (keybox_get_cert): Store the blob clags in the
	cert object.
	* sm/certchain.c (do_validate_chain): Skip clearing of the ephemeral
	flag if we know that it is not set.

	agent: Replace hack for old Libgcrypt versions for auto-expand-secmem.
	+ commit ca953ae5f768fc2a8d1afe9804f10b6551793b12
	* agent/gpg-agent.c (main) <oAutoExpandSecmem>: Use Libgcrypt const.

	agent: Better diagnostic for a failed key unprotection.
	+ commit 19871fa08c65bfef2298c1d77a326dcd554685cc
	* agent/findkey.c (unprotect): Print a diagnostic if unprotection
	failed.

2024-09-25  Werner Koch  <wk@gnupg.org>

	gpg: Exclude expired trusted keys from the key validation process.
	+ commit 19f2f00bfd30ca2389318d11047346a5ade95e75
	* g10/trustdb.c (copy_key_item): New.
	(validate_keys): Use a stripped down UTK list w/o expired keys.

	gpg: Validate the trustdb after the import of a trusted key.
	+ commit a0aea092647c1d96ec94e5e524adc855f6466799
	* g10/import.c (import_one_real): Rename non_self to non_self_or_utk.
	If not set after chk_self_sigs check whether the imported key is an
	ultimately trusted key.

	gpg: Remove useless variable in validate_keys.
	+ commit c59eeda3c42954b3da0476b815d8438c6a744a3d
	* g10/trustdb.c (store_validation_status): Remove arg  'stored'.
	(validate_keys): Remove keyhashtable 'stored' which was never used.

2024-09-25  NIIBE Yutaka  <gniibe@fsij.org>

	common: Fix gnupg_exec_tool_stream for INEXTRA==NULL.
	+ commit a269a27c4ce5d4be8129c9d2c6252d3158e3683d
	* common/exectool.c (gnupg_exec_tool_stream): Initialize extrapipe.

2024-09-24  Ingo Klöcker  <dev@ingo-kloecker.de>

	gpg: Fix --quick-set-expire for V5 subkey fingerprints.
	+ commit 79298e87d8436bf0b0bd07c2c1513d10a7eb5823
	* g10/keyedit.c (keyedit_quick_set_expire): Use actual size of
	fingerprint.

2024-09-24  Werner Koch  <wk@gnupg.org>

	common: Add debug code to gnupg_exec_tool_stream.
	+ commit 11387b24a5de76b2dff1a142c9a897519d5bf24d
	* common/exectool.c (gnupg_exec_tool_stream): Add diagnostic.

2024-09-20  Werner Koch  <wk@gnupg.org>

	w32: Fix last commit to build on Windows.
	+ commit 6ed2857d5406d8f1dcca9ec83ee24e5ececc44f9
	* scd/app.c (struct mrsw_lock): Move notify_watchers out of the system
	specific condition.

2024-09-20  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix DEVINFO, allowing no clients which watch the change.
	+ commit 0a94582af5b1ed263db00dfeb26585f8dcd88a73
	* scd/app.c [POSIX] (struct mrsw_lock): Add notify_watchers.
	(card_list_signal): Only when watchers wait, kick by write(2).
	(card_list_wait): Increment/decrement notify_watchers field.

2024-09-19  Werner Koch  <wk@gnupg.org>

	speedo: Make use of wget more robust.
	+ commit 8c0ac05f0602b8281eed04ba0ef5b82637663d27
	* build-aux/getswdb.sh: Add option --wgetopt.
	* build-aux/speedo.mk (WGETOPT): New.
	(getswdb_options): Pass to getswdb.
	(unpack): Use wget with new options.

	gpg: Avoid wrong decryption_failed for signed+OCB msg w/o pubkey.
	+ commit 2770efa75b7666ac57cc29089ab988f61cd246c3
	* g10/decrypt-data.c (struct decode_filter_context_s): Add flag
	checktag_failed.
	(aead_checktag): Set flag.
	(decrypt_data): Initially clear that flag and check the flag after the
	decryption.
	* g10/mainproc.c (proc_encrypted): Revert the log_get_errorcount based
	check.

	agent: Fix detection of the trustflag de-vs.
	+ commit 6432d17385d04a3e1d50bd8aa2007025e4a1b871
	* agent/trustlist.c (read_one_trustfile): Fix comparison.

2024-09-19  NIIBE Yutaka  <gniibe@fsij.org>

	kbx: Fix a race condition on DATABASE_HD.
	+ commit b804378f183f7845dcdef8a953833f62684edfa7
	* kbx/backend-sqlite.c (create_or_open_database): Protect
	the access to DATABASE_HD.

2024-09-18  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix DEVINFO to allow multiple clients.
	+ commit fc30f7059650da44e2c67c3db0e1468776380a0d
	* scd/app.c (initialize_module_command): Use O_NONBLOCK for pipe.

2024-09-13  NIIBE Yutaka  <gniibe@fsij.org>

	tests:gpgscm: Raise an error correctly for process spawning.
	+ commit b08d990607b667e3115bdec24217570b7234b09b
	* tests/gpgscm/ffi.c (do_process_spawn_io): Handle ERR.
	(do_process_spawn_fd): Likewise.

2024-09-12  Werner Koch  <wk@gnupg.org>

	Release 2.5.1.
	+ commit 72ef316aab22cf9ec22c432747564cba7120ac86


2024-09-11  Werner Koch  <wk@gnupg.org>

	tools: Fix recent regressions in gpg-authcode-sign.sh.
	+ commit e5e3e225fe98b5960286f58feb878ec404ca0963
	* tools/gpg-authcode-sign.sh (cleanup): Fix syntax error.
	(trap): Remove bashism.

	gpgsm: New option --assert-signer.
	+ commit 33e571a74a7d6153ba65aeecc72539a10f1f0ae4
	* sm/gpgsm.c (oAssertSigner, oNoop): New.
	(opts): Add option --assert-signer.
	(assert_signer_true): New var.
	(main): Set new option.
	(gpgsm_exit): Handle assert_signer_true.
	* sm/gpgsm.h (opt): Add field assert_signer_list.
	* sm/verify.c (is_x509_fingerprint): New.
	(check_assert_signer_list): New.
	(gpgsm_verify): Handle option.

	build: Remove configure option --enable-gpg-is-gpg2.
	+ commit 2125f228d36c0882a87bce433a18253154653d50
	* configure.ac (--enable-gpg-is-gpg2): Remove option.
	(USE_GPG2_HACK): Remove var.
	* common/homedir.c (gnupg_module_name): Remove code for gpg2
	installation option.
	* g10/keygen.c (generate_keypair): Ditto.
	* g10/Makefile.am (noinst_PROGRAMS): Ditto.
	* doc/gpg.texi: Ditto.
	* doc/gpgv.texi: Ditto.

	build: Also cleanup generated html file in a make distcheck.
	+ commit 51bccae1680d0aa6893cdd950e06594faadeab3a
	* doc/Makefile.am (myman_pages): Add gpg and gpgv.
	(USE_GPG2_HACK): Remove conditional.
	(myhtmlman_pages): New.
	(DISTCLEANFILES): Add html pages.

2024-09-11  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Fix getting key by IPGP.
	+ commit 7e321c2c2a15858b6d27acd8fa11963761bcc2d0
	* g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Check if DATA for key.

2024-09-09  Werner Koch  <wk@gnupg.org>

	gpg: New commands --add-recipients and --change-recipients.
	+ commit d528d0b065334b4c8c52e66441160e308b51d24f
	* g10/gpg.c (aAddRecipients, aChangeRecipients): New consts.
	(opts): Add --add-recipients and --change-recipients.
	(main): Handle them.
	* g10/gpg.h (struct server_control_s): Add fields modify_recipients,
	clear_recipients, and last_read_ctb.
	* g10/armor.c (was_armored): New.
	* g10/decrypt.c (decrypt_message): Add optional arg 'remusr'.  Handle
	re-encryption if desired.
	* g10/encrypt.c (write_pubkey_enc): Factor info printing out to ...
	(show_encrypted_for_user_info): new.
	(reencrypt_to_new_recipients): New.
	* g10/packet.h (struct parse_packet_ctx_s): Add fields only_fookey_enc
	and last_ctb.
	(init_parse_packet): Clear them.
	* g10/parse-packet.c (parse): Store CTB in the context.  Early return
	on pubkey_enc and symkey_enc packets if requested.
	* g10/mainproc.c (proc_encrypted): Allow for PKT being NULL.  Return
	early in modify-recipients mode.
	(proc_encryption_packets): Add two optional args 'r_dek' and 'r_list'.
	Adjust callers.  Call do_proc_packets in modify-recipients mode
	depending on the optional args.
	(do_proc_packets): Add arg 'keep_dek_and_list'.  Adjust callers.  Save
	the last read CTB in CTRL and return after the last fooenc_enc
	packets.

2024-09-06  Werner Koch  <wk@gnupg.org>

	gpg: Improve detection of input data read errors.
	+ commit 2cc340eca04dba31167435cada20a9198f953e30
	* g10/build-packet.c (do_plaintext): Better error checking for
	iobuf_copy.

	gpg: Make --no-literal work again for -c and --store.
	+ commit 9a741aba3d9040d2bb367db79e9021ba6abc12dd
	* g10/dearmor.c (dearmor_file): Check for errors of iobuf_copy.
	(enarmor_file): Ditto.
	* g10/encrypt.c (encrypt_simple): Fix error check of iobuf_copy
	(encrypt_crypt): Use iobuf_copy.

	gpg: Simplify the pubkey_enc_list object.
	+ commit 1eaf1e236e6056a2b96d7fea7eeb7a5eadee7742
	* g10/packet.h (struct pubkey_enc_list): Replace most by a
	PKT_pubkey_enc member.
	* g10/free-packet.c (free_pubkey_enc): Factor most stuff out to ...
	(release_pubkey_enc_parts): new.
	(copy_pubkey_enc_parts): New.
	* g10/mainproc.c (release_list): Adjust for above change.
	(proc_pubkey_enc): Ditto.
	(print_pkenc_list): Ditto.
	(proc_encrypted): Ditto.

	gpg: remove workaround for Libgcrypt < 1.8.6.
	+ commit 1e2515726676b05ddae37f2306806928870fd12a
	* g10/free-packet.c (is_mpi_copy_broken): Remove.

2024-09-06  NIIBE Yutaka  <gniibe@fsij.org>

	scd:w32: Fix for setting an environment block with GNUPGHOME.
	+ commit 412e183e55c5b8b4aab30ec9a144c8c4c69d41c8
	* scd/app.c (report_change): It's ASCII or multi-byte encoded string.
	It's gpgrt's spawn function which converts it to wide char string
	internally if needed.

2024-09-05  NIIBE Yutaka  <gniibe@fsij.org>

	scd:w32: Export GNUPGHOME for scd-event.
	+ commit c9677e9501709944e43c88b1af36a74377afa834
	* scd/app.c (report_change): Set up GNUPGHOME.

2024-09-03  Werner Koch  <wk@gnupg.org>

	gpgconf: Add missing linefeed to the -X output.
	+ commit aac5a8f0083d640c574c16ea94051f0c8b55d678
	* tools/gpgconf.c (show_registry_entries_from_file): Add missing LF.

2024-09-03  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Fix KEYTOCARD for the use case with loopback pinentry.
	+ commit 4a4c1efac59f92b318b350265d1cc7b8365fcbdf
	* agent/command.c (cmd_keytocard): Copy LINE.

2024-08-29  Werner Koch  <wk@gnupg.org>

	gpg-mail-tube: New feature --as-attach.
	+ commit 4511997e9e1b31c8985405bb6087c3378bb09668
	* tools/gpg-mail-tube.c (oAsAttach): NEw.
	(opts): Add --as-attach.
	(opt): Add .as_attach.
	(parse_arguments): Set it.
	(mail_tube_encrypt): Detect plain text and hhandle new option.

	tools: Improve rfc822parse to allow access to headers for longer.
	+ commit ac30449867320bd59e2158722ce47e4b62ae54b0
	* tools/rfc822parse.c (struct rfc822parse_context): Add field
	this_part.
	(release_handle_data): Clear this_part.
	(rfc822parse_open): Set this_part.
	(set_current_part_to_parent): Ditto.
	(insert_header): Ditto.
	(rfc822parse_enum_header_lines): Replace current_part by this_part.
	(find_header): Ditto.

	* tools/rfc822parse.c (my_strcasecmp): Remove.
	(same_header_name): New.
	(rfc822_capitalize_header_name): Use new function instead.

2024-08-27  Werner Koch  <wk@gnupg.org>

	gpg: Switch Kyber to the final algo id and add it to the menu.
	+ commit 8896bbd0f99c09f34ff44c62a48bdf5023da8a98
	* common/openpgpdefs.h (pubkey_algo_t): Switch algo id for Kyber to 8.
	* g10/keygen.c (do_generate_keypair): Remove the experimental algo
	note ...
	(write_keybinding): and the experimental notation data.
	(ask_algo): Add a mode 16 for a Kyber subkey.
	(generate_subkeypair): Set parameters for mode 16.

2024-08-23  Werner Koch  <wk@gnupg.org>

	gpg: New option --proc-all-sigs.
	+ commit 1eb382fb1f431575872b47dc160807858b7df3e5
	* g10/options.h (flags): Add proc_all_sigs.
	* g10/mainproc.c (proc_tree): Do not stop signature checking if this
	new option is used.
	* g10/gpg.c (oProcAllSigs): New.
	(opts): Add "proc-all-sigs".
	(main): Set it.

	gpg: Warn if a keyring is specified along with --use-keyboxd.
	+ commit 3171ca9b949b0412433f1f4afd3a85d1a955d91b
	* g10/gpg.c (main): Print the warning.

2024-08-22  Werner Koch  <wk@gnupg.org>

	common: Do not call the agent with the obsolete --use-standard-socket.
	+ commit 41b06b5579f2a43499c840a227b033f9f5302ec5
	* common/asshelp.c (start_new_service): Drop that option.

2024-08-19  Werner Koch  <wk@gnupg.org>

	doc: Remove included yat2m and build HTML versions of the man pages.
	+ commit 60c541f5880e8c603ca9372d3ca8b7ad68b97018
	* configure.ac (YAT2M): Use standard detection.
	* doc/Makefile.am (EXTRA_DIST): Remove yat2m.c.
	(CLEANFILES): Ditto.
	(yat2m): Remove targets.
	(yat2m-stamp): Also build html versions.

	gpg: Minor fix when building with --disable-exec.
	+ commit 8bef1e28217d316aa79128b2bbc8497ce9f00009
	* g10/photoid.c (show_photo): No return for a void function.

2024-08-15  Andre Heinecke  <aheinecke@gnupg.org>

	build-aux: Add PKCS#8 authenticode key support.
	+ commit 3d015d106f4e718a12cb660c2269df1bfc9e1bec
	* tools/gpg-authcode-sign.sh: Assume PKCS#8 if the key file
	does not end with .p12 or .pfx.

	build-aux: Add cleanup to gpg-authcode-sign.sh.
	+ commit 536fc8d33db571108459493d1881cdfc8371d3cc
	* tools/gpg-authcode-sign.sh (cleanup): New.

2024-08-13  Andre Heinecke  <aheinecke@gnupg.org>

	speedo,w32: Install ntbtls as a library.
	+ commit d80345244c104306d66f21a46aadbd3ba060ba2b
	* build-aux/speedo.mk (AUTHENTICODE_FILES): Sign ntbtls files.
	(speedo_pkg_ntbtls_configure): Remove duplicated
	32 bit entry.
	* build-aux/speedo/w32/inst.nsi,
	build-aux/speedo/w32/wixlib.wxs: Package ntblts dll.

2024-08-12  Werner Koch  <wk@gnupg.org>

	gpg: Improve decryption diagnostic for an ADSK key.
	+ commit 882ab7fef9bf4440900c32d7463469307224f11a
	* g10/keydb.h (GET_PUBKEYBLOCK_FLAG_ADSK): New constant.
	* g10/packet.h (PUBKEY_USAGE_XENC_MASK): New constant.
	* g10/pubkey-enc.c (get_session_key): Consider an ADSK also as "marked
	for encryption use".
	(get_it): Print a note if an ADSK key was used.  Use the new
	get_pubkeyblock flag.
	* g10/getkey.c (struct getkey_ctx_s): Add field allow_adsk.
	(get_pubkeyblock): Factor all code out to ...
	(get_pubkeyblock_ext): new.
	(finish_lookup): Add new arg allow_adsk and make use of it.

2024-08-09  Werner Koch  <wk@gnupg.org>

	agent: When diverting to a card show the name of unsupported algos.
	+ commit 1d18c143f496be6af20cdf415b88ba85bef1f5e7
	* agent/divert-scd.c (divert_pkdecrypt): Improve error message.

	gpg: New debug flag "keydb".
	+ commit 8735b87411ffc84b148874b4fc886af79aafddeb
	* g10/options.h (DBG_KEYDB_VALUE): New.
	* g10/gpg.c (debug_flags): Add it.
	* g10/keydb.c: Replace all DBG_LOOKUP by DBG_KEYDB.
	* g10/keyring.c: Ditto.
	* g10/call-keyboxd.c: Ditto.

2024-08-08  Werner Koch  <wk@gnupg.org>

	gpg: Increase compress buffer size.
	+ commit 7d82fca43d3a009442a740af2b52396b586afed5
	* g10/compress.c (init_compress): Increase buffersize.

2024-08-08  Andre Heinecke  <aheinecke@gnupg.org>

	speedo,w32: Update libassuan dll name in wxs.
	+ commit 9e2633937c0cd5c62ac1a1a0c2dc3472d7636c16
	* build-aux/speedo/w32/wixlib.wxs: Update name and UID for
	libassuan

	speedo,w32: Fix check for gpg-authcode-sign.sh.
	+ commit fd90013a12681320054334c87b33597321ec02e3
	* build-aux/speedo.mk (AUTHENTICODE_sign): Do version check
	in subshell to get the return code.

2024-08-06  Werner Koch  <wk@gnupg.org>

	sm: More improvements for PKCS#12 parsing for latest IVBB changes.
	+ commit 690fd61a0cf2b4b51ee64811656692eb644d2918
	* common/tlv.h (TLV_PARSER_FLAG_T5793): New.
	(tlv_parser_new): New macro.  Rename function with an underscore.
	(tlv_next_with_flag): New.
	* common/tlv-parser.c (struct tlv_parser_s): Remove const from buffer.
	Add fields crammed, lasttlv, and origoff.  Remove bufferlist ands ist
	definition.
	(dump_to_file): New but disabled debug helper.
	(parse_tag): Print more info on error.
	(_tlv_parser_new): Add args lasttlv and LNO.  Take a copy of the data.
	(_tlv_parser_release): Free the copy of the buffer and return the
	recorded TLV object from tlv_parser_new.
	(_tlv_peek, tlv_parser_peek, _tlv_parser_peek_null): Remove.
	(_tlv_push): Record crammed length.
	(_tlv_pop): Restore crammed length.
	(_tlv_parser_next): Add arg flags.  More debug output.  Handle cramming
	here.  Take care of cramming here.
	(tlv_expect_object): Simplify to adjust for changes in _tlv_parser_next.
	(tlv_expect_octet_string): Remove arg encapsulates.  Adjust for
	changes in _tlv_parser_next.  Change all allers.
	(tlv_expect_null): New.
	(cram_octet_string): Rewrite.
	(need_octet_string_cramming): Remove.

	* sm/minip12.c (dump_to_file): New.  Enablein debug mode and if a
	envvar ist set.  Replace all explict but disabled dumping to call this
	function.
	(parse_bag_encrypted_data): Replace tlv_peek_null and a peeking for an
	optional SET by non-peeking code.
	(parse_cert_bag): Ditto.
	(parse_shrouded_key_bag): Replace tlv_peek_null by non-peeking code.
	(parse_bag_encrypted_data): Use the new TLV_PARSER_FLAG_T5793 to
	enable the Mozilla workaround.
	(parse_bag_encrypted_data): Replace the 'renewed_tlv' code by the new
	tlv_parser_release semantics.
	(parse_shrouded_key_bag): Ditto.
	(parse_shrouded_key_bag): Create a new context instead of using the
	former encapsulated mechanism for tlv_expect_octet_string.
	(parse_bag_data): Ditto.
	(p12_parse): Ditto.

	sm: Add a debug helper command to t-minip12.c.
	+ commit 5409b273a6ccad2a712f8836746b40e9755dedfd
	* sm/t-minip12.c (cram_file): New.
	(main): Add option --cram.

2024-08-05  Werner Koch  <wk@gnupg.org>

	scd: New getinfo subcommand "manufacturer"
	+ commit a8cef7ebc2b8c3aa1477b61fecfaa8e5d63446d7
	* scd/command.c (cmd_getinfo): Add subcommand "manufacturer".
	* scd/app-openpgp.c (get_manufacturer): Rename to ...
	(app_openpgp_manufacturer): this and make global.

2024-08-02  Werner Koch  <wk@gnupg.org>

	scd: New getinfo subcommand "dump_state".
	+ commit f1e3a23d9e9014eb1f4322146a51f16793ded44a
	* scd/command.c (cmd_getinfo): Add subcommand.  Always init CTRL for
	simplicity.

	keyboxd: New getinfo subcommand "connections".
	+ commit fa2c15634ca2c5f1c3f0483f1c74c76374e52da4
	* kbx/kbxserver.c (cmd_getinfo): Add subcommand.

2024-07-31  Werner Koch  <wk@gnupg.org>

	gpg-mail-tube: Make sure GNUPGHOME is set in vsd mode.
	+ commit a4eefb271f40807c0d1eb30267f826cd5fb253e6
	* tools/gpg-mail-tube.c (main): Set GNUPGGHOME.
	(start_gpg_encrypt): Improve the "statrt gpg" diagnostic.
	(prepare_for_appimage): Start with cleared GNUPGHOME.

2024-07-22  Jakub Jelen  <jjelen@redhat.com>

	agent: Avoid memory leak when handling ssh keys.
	+ commit dd23441938d1eb749f734777c292188585fc0b5e
	* agent/command-ssh.c (ssh_send_available_keys): Close file and
	directory on error paths.

	agent: Avoid memory leak when handling tpm2.
	+ commit be40a33419c88b1b1e2424914edf2d1e0b675ed0
	* agent/divert-tpm2.c (agent_write_tpm2_shadow_key): Free memory on
	errors.

	dotlock: Avoid leaking directory handle.
	+ commit 4bdd43fdca20c5162e0cb297f287d9235f151c43
	* common/dotlock.c (dotlock_detect_tname): Close directory on errors.

	export_secret_ssh_key: Avoid memory leak.
	+ commit f66e9356f89213f28aa7a6da8ae93a14291570cf
	* g10/export.c (export_secret_ssh_key): Free memory on errrors.

	scd: Avoid memory leak.
	+ commit b1029031d473944063dd2fe22fcbe7202a76fb86
	* scd/app-p15.c (do_sign): Free allocated memory on error.

	tools: Avoid memory leaks.
	+ commit e8c8068decb3351046d30ea45913f831414eb8c0
	* tools/gpg-auth.c (ssh_authorized_keys): Free list on error.
	* tools/gpgtar-extract.c (gpgtar_extract): Free memory on error.

2024-07-14  Andre Heinecke  <aheinecke@gnupg.org>

	speedo,w32: Fix InstallDir usage and x64 install.
	+ commit 3caf26f324d3d568d6f69158c2a98dbe7a7f3493
	* build-aux/speedo/w32/inst.nsi (InstallDir): Move to the
	MUI definitions for clarity.
	(MULTIUSER_INSTALLMODE_INSTDIR): Use pretty name.
	(-gnupginst): Handle regviews and upgrades

	speedo,w32: Remove share/doc subdir.
	+ commit 8e5571392190151318927c59a7690ff2d46b38ac
	* build-aux/speedo/w32/inst.nsi (-un.gnupg): Remove additional
	dir.

	speedo,w32: Fix a nsi translation.
	+ commit ed0d61df58faf58081c98c223db770e85d3f4685
	* speedo/w32/inst.nsi: Remove superflous brace.

	speedo,w32: configure --libdir for w32 builds.
	+ commit 26ee947dfdba00d9657b1fa83f3d714932087111
	* build-aux/speedo.mk (SETVARS): Set --libdir when cross
	compiling.

	speedo: Add VERBOSE variable.
	+ commit 0311239d7b41f9b66498f0dc50a35b5d4bf65360
	* build-aux/speedo.mk (VERBOSE): New variable.

	speedo: Use remote gitrep if local does not exist.
	+ commit 7a9214b0d41ecf1aacada79a850da05d558320ff
	* build-aux/speedo.mk (gitrep): If the local path is not
	a directory. Use the remote repo as fallback.

	speedo: Use nproc if available for make jobs.
	+ commit 23df03faa033e350f63b2e26f970cb2bf6594ed9
