2022-07-06  Werner Koch  <wk@gnupg.org>

	Release 2.3.36.
	+ commit 491645b50ec97db12520483d347291d660db209c


2022-06-29  Werner Koch  <wk@gnupg.org>

	gpgconf: New short options -V and -X.
	+ commit f357a5f239919de976b86a666410f504682973e4
	* tools/gpgconf.c: Assign short options -X and -V
	(show_version_gnupg): Print the vsd version if available.

2022-06-24  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Flush before calling ftruncate.
	+ commit 9e2307ddf0c2608e9cfb435f870b75cbb35791d7
	* agent/findkey.c (write_extended_private_key): Make sure
	it is flushed out.

2022-06-21  Werner Koch  <wk@gnupg.org>

	sm: Update pkcs#12 module from master.
	+ commit 4c14bbf56fb544541bd65f9d6e6e0b81779dcab6
	* sm/minip12.c: Update from master.
	* sm/import.c (parse_p12): Pass NULL for curve.

2022-06-20  Werner Koch  <wk@gnupg.org>

	common: Add an easy to use DER builder.
	+ commit d21ced1e3596dc9e4fa53995286b4cbbd6e94195
	* common/tlv-builder.c: New.
	* common/tlv.c: Remove stuff only used by GnuPG 1.
	(put_tlv_to_membuf, get_tlv_length): Move to ...
	* common/tlv-builder.c: here.
	* common/tlv.h (tlv_builder_t): New.

2022-06-14  Werner Koch  <wk@gnupg.org>

	g10: Fix garbled status messages in NOTATION_DATA.
	+ commit 7b1db7192e6e4d0cfc439b23b13831837c85bc21
	* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one

2022-06-09  NIIBE Yutaka  <gniibe@fsij.org>

	agent,scd: Make sure to set CONFIDENTIAL flag in Assuan.
	+ commit aeee62593ae9147a38fd79f0782f3fa0e4ac5c4a
	* agent/call-scd.c (inq_needpin): Call assuan_begin_confidential
	and assuan_end_confidential, and wipe the memory after use.
	* agent/command.c (cmd_preset_passphrase): Likewise.
	* scd/command.c (pin_cb): Likewise.

2022-06-03  Werner Koch  <wk@gnupg.org>

	w32: Avoid warning about not including winsock2.h after windows.h.
	+ commit dfc01118ce0707c2d920fb31f7731f3a383df761
	* common/dynload.h: Include winsock2.h first.

	w32: Allow Unicode filenames for iobuf_cancel.
	+ commit 10db566489880acd510f8e07dc52a38dd82feafe
	* common/iobuf.c (iobuf_cancel): Use gnupg_remove
	* common/mischelp.c (same_file_p): Allow for Unicode names.

2022-06-01  Werner Koch  <wk@gnupg.org>

	scd:p15: Fix accidental commit of debug code.
	+ commit e3db6c74a6305e86eaefb0ca8d49d4d9754104ff
	* scd/app-p15.c (do_sign): Revert MSE setting.

	scd: Shorten cardio debug output for all zeroes.
	+ commit 62becf599eb861936faf88b6ec5e0f7b1658b54e
	* scd/apdu.c (all_zero_p): New.
	(send_le): Use it.

	(cherry picked from commit 9b6f574928546e6905a92c3e74d72478f1585c66)

2022-05-17  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix use of SCardListReaders for PC/SC.
	+ commit 7bc794c3113400af082b26610d9d1305826be54e
	* scd/apdu.c (open_pcsc_reader): Initialize NREADER.

2022-05-10  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Add workaround for ECC attribute on Yubikey.
	+ commit a5217c90003c2e1b9bfb06b58ffc2d0d9164f22a
	* scd/app-openpgp.c (parse_algorithm_attribute): Skip possibly bogus
	octet in a key attribute.

2022-05-06  Werner Koch  <wk@gnupg.org>

	scd:p15: Improve the displayed S/N for Technology Nexus cards.
	+ commit 91acbdc93c8a6ae06b483a27c8bb7c33a978108d
	* scd/app-p15.c (any_control_or_space_mem): New.
	(get_dispserialno): Add new code.

	scd:p15: Fix the the sanity check of the displayed S/N.
	+ commit 8efe738c4a090f523461fa3055da668467715105
	* scd/app-p15.c (any_control_or_space): Fix loop.

2022-05-05  Werner Koch  <wk@gnupg.org>

	scd:p15: Fix reading certificates without length info.
	+ commit 7f029eef6ce15be4167f56e7fc07755d189e5e27
	* scd/app-p15.c (readcert_by_cdf): Do not use extended mode if the CDF
	object has no length info.  Add debug output when reading a cert.
	(read_p15_info): No more need to disable extended mode for GeNUA cards.

	scd: New debug flags "card".
	+ commit d60f930d9b000e802dc61c8e8d494a3091dc0437
	* scd/scdaemon.c (debug_flags): Add "card".
	* scd/scdaemon.h (DBG_CARD_VALUE, DBG_CARD): New.

	gpg: Minor robustness fix.
	+ commit 36a5509e11c81305c4ded93982fa594bd52555a6
	* g10/parse-packet.c (mpi_read_detect_0_removal): Protect agains
	failed gcry_mpi_scan.

2022-05-02  NIIBE Yutaka  <gniibe@fsij.org>

	tests: Add a test for Ed25519 keys for non-protected secret.
	+ commit 06e82e997a56406e04113a7f6c1d083e0cc04172
	* tests/openpgp/issue5120.scm: New.

2022-04-28  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Handle leading-zeros private key for Ed25519.
	+ commit 3fcef7371480cce392d690897d42955f1b19c12a
	* g10/parse-packet.c (mpi_read_detect_0_removal): New.
	(parse_key): Use mpi_read_detect_0_removal for PUBKEY_ALGO_EDDSA
	to tweak the checksum.

	Revert "gpg: Accept Ed25519 private key in SOS which reserves leading zeros."
	+ commit 3192939a10df17cb9666773ed8888627f6d16b8d
	This reverts commit 14de7b1e5904e78fcbe413a82d0f19b750bd8830.

2022-04-25  Werner Koch  <wk@gnupg.org>

	Release 2.2.35.
	+ commit f7bc6f50496bffc3c377cb4e3e844242a590b5e1


	gpg: Avoid NULL ptr access due to corrupted packets.
	+ commit 86d84464ae11666b1556e876a41a65cec8daaf18
	* g10/parse-packet.c (parse_signature): Do not create an opaque MPI
	with NULL and length > 0
	(parse_key): Ditto.

2022-04-25  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Not writing password into file.
	+ commit 9c0a24b4a55edff3d54cc5e98ba8112714f583e3
	* agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke
	pattern check program.

2022-04-25  Werner Koch  <wk@gnupg.org>

	gpg: Emit an ERROR status as hint for a bad passphrase.
	+ commit f021ecd57624f09430731f5deee2c4d0712150c8
	* g10/mainproc.c (proc_symkey_enc): Issue new error code.
	(proc_encrypted): Ditto.

2022-04-20  Werner Koch  <wk@gnupg.org>

	w32: Do no use Registry item DefaultLogFile for the main tools.
	+ commit a5faaf8bee43e1e8d99cf3c08fad8ccce047fc28
	* g10/gpg.c (main): Set LOG_NO_REGISTRY.
	* sm/gpgsm.c (main): Ditto.
	* tools/gpg-connect-agent.c (main): Ditto.
	* tools/gpgconf.c (main): Ditto.
	(show_other_registry_entries): Print "DefaultLogFile".

2022-04-14  Werner Koch  <wk@gnupg.org>

	gpg: Replace an assert by a log_fatal.
	+ commit c8c71fc7161bf6b553bc5b45b2f7a06f8a1a4639
	* g10/build-packet.c (do_signature): Use log_fatal.

	scd: Minor code reorganization.
	+ commit 58532fe56c334d0edc589311e6601fb9da70d9a1
	* scd/ccid-driver.c: Move struct defines to the top.
	(MAX_DEVICE): Rename to CCID_MAX_DEVICE.

	scd: Fix memory leak in ccid-driver.
	+ commit c4b14be48fe9b0f52bca9840375eb0eac3cc2432
	* scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count.

2022-04-13  Werner Koch  <wk@gnupg.org>

	scd:p15: Improve the PIN prompt for Genua cards.
	+ commit e99670f944bc613d258d0810c5831a2099718d4e
	* scd/app-p15.c (CARD_PRODUCT_GENUA): New.
	(cardproduct2str): Add it.
	(read_p15_info): Detect and set GENUA
	(make_pin_prompt): Take holder string from the AODF.

	scd:p15: Support for GeNUA cards.
	+ commit 44ec383cdec06ee4ac8dbe7b913990bbeeb3d3a3
	* scd/app-p15.c (read_p15_info): Disable extended mode for Genua
	cards.

	scd:p15: Prepare AODF parsing for other authentication types.
	+ commit 29fd80581867beeec068b49e8587762394e7d4d1
	* scd/app-p15.c (auth_type_t): New.
	(struct aodf_object_s): Add field auth_type.
	(read_ef_aodf): Distinguish between pin and authkey types.  Include
	the authtype in the verbose mode diags.

	scd:p15: Add basic support for AET JCOP cards.
	+ commit 80cf64c65155f718ed7dcee0e6a2aedbd9a2a5b0
	* scd/app-p15.c (CARD_TYPE_AET): New.
	(cardtype2str): Add string.
	(card_atr_list): Add corresponding ATR.
	(app_local_s): New flag no_extended_mode.  Turn two other flags into
	bit flags.
	(select_ef_by_path): Hack to handle the 3FFF thing.
	(readcert_by_cdf): Do not use extended mode for AET.
	(app_select_p15): Set no_extended_mode.
	---
	(cherry picked from commit 544ec7872aed24c296ea34fac777eca287f7bb47)

2022-03-29  NIIBE Yutaka  <gniibe@fsij.org>

	common,unix: Backport dotlock changes from GnuPG 2.3.
	+ commit d9a8d3353afd669252e25b56ed92f9fb7c0dcc3d
	* common/dotlock.c (read_lockfile): Return FD in R_FD.
	(dotlock_take_unix): Fix a race condition by new read_lockfile and
	checking with fstat.  Describe one race condition in comment.
	(dotlock_release_unix): Follow the change of read_lockfile.

2022-03-28  Werner Koch  <wk@gnupg.org>

	dirmngr: Escape more characters in WKD requests.
	+ commit 3b251c8366cf7ddf5b82fc2331a8009fa1f2de23
	* dirmngr/server.c (proc_wkd_get): Also escape '#' and '+'

2022-03-22  Werner Koch  <wk@gnupg.org>

	gpgtar: New option --with-log.
	+ commit ce69d55f70a18cfe5cf91353efc00ab43ba8fd8b
	* tools/gpgtar.c: New option --with-log.
	* tools/gpgtar.h (opt): Add field with_log.
	* tools/gpgtar-extract.c (gpgtar_extract): Move directory string
	building up.  Add option --log-file if needed.
	* tools/gpgtar-create.c (gpgtar_create): Make tmpbuf static becuase it
	is used outside of its scope.
	* tools/gpgtar-list.c (gpgtar_list): Ditto.

2022-03-21  Werner Koch  <wk@gnupg.org>

	dirmngr: Make WKD_GET work even for servers not handling SRV RRs.
	+ commit 6d30fb6940d57237392f9196a4de5c7246ffefdf
	* dirmngr/server.c (proc_wkd_get): Take care of DNS server failures

	gpgtar: Finally use a pipe for decryption.
	+ commit d431feb3077f763e37f824026988a10d87c8a5aa
	* tools/gpgtar.h (opt): Add new flags.
	* tools/gpgtar.c: new options --batch, --yes, --no, --status-fd, and
	--require-compliance.
	(main): Init signals.
	* tools/gpgtar-create.c: Add new header files.
	(gpgtar_create): Rework to use a pipe for encryption and signing.
	* tools/gpgtar-list.c: Add new header files.
	(gpgtar_list): Rework to use a pipe for decryption.
	* tools/gpgtar-extract.c: Add new header files.
	(gpgtar_extract): Rework to use a pipe for decryption.

2022-03-18  Werner Koch  <wk@gnupg.org>

	gpg: Print info about the used AEAD algorithm.
	+ commit 15eda7ce783a81d2f5911028a4c8c3ce5649edca
	* g10/misc.c (openpgp_cipher_algo_mode_name): New.
	* g10/decrypt-data.c (decrypt_data): Use function here.

	common: New function map_static_strings.
	+ commit c1453665491fb6a16883ee5e1828cfb0c28b466a
	* common/mapstrings.c (struct intmapping_s): New.
	(map_static_strings): New.
	* common/stringhelp.c (do_strconcat): Rename to ...
	(vstrconcat): this and make global.

	* common/t-mapstrings.c (test_map_static_strings): New test.

	gpg: Allow decryption of symencr even for non-compliant cipher.
	+ commit e081a601f7b31fa278e46de7c6834a756b63cec2
	* g10/decrypt-data.c (decrypt_data): Add arg compliance_error.  Adjust
	all callers.  Fail on compliance error only in --require-compliance
	mode.  Make sure to return an error if the buffer is missing; actually
	that should be an assert.
	* g10/mainproc.c (proc_encrypted): Delay printing of the compliance
	mode status.  Consult the compliance error now returned by
	decrypt_data.

2022-03-15  Werner Koch  <wk@gnupg.org>

	common: New flags for gnupg_spawn_process.
	+ commit 7ba44d15ca2f800c402a56eb71bb524f91ea2ffa
	* common/exechelp.h (GNUPG_SPAWN_KEEP_STDIN): New.
	(GNUPG_SPAWN_KEEP_STDOUT): New.
	(GNUPG_SPAWN_KEEP_STDERR): New.
	* common/exechelp-posix.c (do_exec): Add arg flags and implement new
	flags.
	* common/exechelp-w32.c (gnupg_spawn_process): Implement new flags.

2022-03-09  Werner Koch  <wk@gnupg.org>

	gpgconf: Silence warnings from parsing the options files.
	+ commit e8b1ab1d2d22f938b3e5991343b7e089d96606a0
	* tools/gpgconf-comp.c (retrieve_options_from_program): Set verbose
	flag for the arg parser only in --verbose mode.

2022-03-09  NIIBE Yutaka  <gniibe@fsij.org>

	sm: Fix parsing encrypted data.
	+ commit 0c7dffe99d3fded41df87512063515b5ca2da820
	* sm/minip12.c (cram_octet_string): Finish when N==0.
	(parse_bag_encrypted_data): Support constructed data with multiple
	octet strings.

2022-03-08  Werner Koch  <wk@gnupg.org>

	gpgsm: New option --require-compliance.
	+ commit 847d618454e6f8418b169132dbdd0307d9b4d7e0
	* sm/gpgsm.c (oRequireCompliance): New.
	(opts): Add --require-compliance.
	(main): Set option.
	* sm/gpgsm.h (opt): Add field require_compliance.
	(gpgsm_errors_seen): Declare.
	* sm/verify.c (gpgsm_verify): Emit error if non de-vs compliant.
	* sm/encrypt.c (gpgsm_encrypt): Ditto.
	* sm/decrypt.c (gpgsm_decrypt): Ditto.

	gpg: New option --require-compliance.
	+ commit 17890d43187384d049d80af28a5baea8613ff6ea
	* g10/options.h (opt): Add field flags.require_compliance.
	* g10/gpg.c (oRequireCompliance): New.
	(opts): Add --require-compliance.
	(main): Set option.
	* g10/mainproc.c (proc_encrypted): Emit error if non de-vs compliant.
	(check_sig_and_print): Ditto.
	* g10/encrypt.c (encrypt_crypt): Ditto.

	gpg: Give Libgcrypt CFLAGS a higher priority than SQlite.
	+ commit c11292fe736db6e61fad17d74f65b0b5ad9c2808
	* g10/Makefile.am (AM_CFLAGS): Reorder.

2022-03-04  Werner Koch  <wk@gnupg.org>

	gpgtar,w32: Support file names longer than MAX_PATH.
	+ commit 5492079defab85b1ba2c583e32a8feb752314b2e
	* tools/gpgtar.c: Replace assert by log_assert.
	* tools/gpgtar-extract.c: Ditto.
	(extract_regular): Create files with sysopen flag.
	* tools/gpgtar-create.c (scan_directory): Use gpgrt_fname_to_wchar.

	common,w32: Support file names longer than MAX_PATH in iobuf.
	+ commit 4122896a39b7ac5dc071bf4d2e9be0ac8a3e21d7
	* common/iobuf.c (direct_open): Use gpgrt_fname_to_wchar.
	(any8bitchar): Remove.

2022-02-24  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	g10: Avoid extra hash contexts when decrypting MDC input.
	+ commit 9116fd1e9a2da9c83f94acfe41fb6e5c6f03e8d1
	* g10/mainproc.c (mainproc_context): New member
	'seen_pkt_encrypted_mdc'.
	(release_list): Clear 'seen_pkt_encrypted_mdc'.
	(proc_encrypted): Set 'seen_pkt_encrypted_mdc'.
	(have_seen_pkt_encrypted_aead): Rename to...
	(have_seen_pkt_encrypted_aead_or_mdc): ...this and add check for
	'seen_pkt_encrypted_mdc'.
	(proc_plaintext): Do not enable extra hash contexts when decrypting
	MDC input.

2022-02-21  Werner Koch  <wk@gnupg.org>

	scd:p15: Used extended mode already for RSA 2048.
	+ commit a2db490de5473af42d7b5a99398c48befe294394
	* scd/app-p15.c (do_sign, do_decipher): Replace GT by GE.

2022-02-17  NIIBE Yutaka  <gniibe@fsij.org>

	tests: Remove a test case with "quiet" option with gpgconf.
	+ commit f064d972e38863358a2dd53de43acd66572830c2
	* tests/openpgp/gpgconf.scm: Remove "quiet" test.

	scd: Use lock_slot for apdu_send_direct.
	+ commit 3c3765405de02b9a57fdc9a3cf901f6e3aca8586
	* scd/apdu.c (apdu_send_direct): Use lock_slot.

2022-02-09  Werner Koch  <wk@gnupg.org>

	gpgconf: Do not show "quiet" as option.
	+ commit 2f2130ff24faf4507fa5949e834c155b4a8e1525
	* tools/gpgconf-comp.c: Remove "quiet" and two unsupported options

2022-02-07  Werner Koch  <wk@gnupg.org>

	Release 2.2.34.
	+ commit 04d40a680baa43f9803d0981b1da49144021d723


	dirmngr: Changes to the linking order.
	+ commit 3c79ff34c417bfc392008eca1970b86bec54d6c3
	* dirmngr/Makefile.am: Tweak library order.

	gpgconf: Make gpgconf --launch dirmngr work again.
	+ commit 5a7ed6dd8f1b4e3c2e8f6e82700a86bd886c5f50
	* tools/gpgconf.h (gc_component_id_t): Fix the order.

	gpgconf: Print the used code pages on Windows with --show-configs.
	+ commit 32b364b99b492c580330591640cdaa7407016733
	* tools/gpgconf.c (show_configs): Add some code

	common: Fix creation of Windows socket directories.
	+ commit 7d1215cb9cba258102b91c92e6973783e8d53b07
	* common/homedir.c (w32_try_mkdir): Remove.
	(standard_homedir): Use gnupg_mkdir instead of w32_try_mkdir.
	(_gnupg_socketdir_internal): Ditto.

2022-02-04  Werner Koch  <wk@gnupg.org>

	m4: Update our library m4 files from master.
	+ commit c8cd66ae7e609f221c7dad905e88a206a285ab1c
	* m4/gpg-error.m4: Updated
	* m4/ksba.m4: Updated
	* m4/libassuan.m4: Updated
	* m4/libgcrypt.m4: Updated
	* m4/npth.m4: Updated
	* m4/ntbtls.m4: Updated

2022-02-03  Werner Koch  <wk@gnupg.org>

	dirmngr: Allow building with non-standard ntbtls location.
	+ commit 137590fd8614a69cc60da3226cefc4495502ec26
	* dirmngr/Makefile.am: Add missing -L and -I

	dirmngr: Simplify --gpgconf-list output.
	+ commit 0b76ef48e1df4c210d57f3bf4bc1fe1fa3762408
	* dirmngr/dirmngr.c (main): Keep only values with the default flag.

	sm: New option --ignore-cert-with-oid.
	+ commit bcf446b70ca58ac1497269f047fba9ddb3d62e96
	* sm/gpgsm.c (oIgnoreCertWithOID): New.
	(opts): Add option.
	(main): Store its value.
	* sm/call-agent.c (learn_cb): Test against that list.

2022-02-02  Werner Koch  <wk@gnupg.org>

	gpgconf: Return the compliance_de_vs item.
	+ commit e058d15d2d56dfed2723e1a55c75e52db87b2dc2
	* tools/gpgconf-comp.c (known_options_gpg): Add missing pseudo option.

2022-02-01  Werner Koch  <wk@gnupg.org>

	dirmngr: Avoid initial delay on the first keyserver access.
	+ commit dde88897e2c5851aab32370ee6c8ace150debb77
	* dirmngr/dirmngr.c (dirmngr_never_use_tor_p): New.
	* dirmngr/server.c (ensure_keyserver): Don't even test for the Tor
	proxy in never-use-tor Mode.

	* tools/gpgtar-create.c: Include unistd.h to avoid a warning on
	Windows.

	gpg: Set --verbose and clear --quiet in debug mode.
	+ commit d426ed66ac043e442649a8a2bc7eac6753a5bf58
	* g10/gpg.c (set_debug): Tweak options.

2022-01-28  Werner Koch  <wk@gnupg.org>

	ssh: Fix adding an ed25519 key with a zero length comment.
	+ commit 2331900d1cc022c04177272a51c00690229bb989
	* agent/command-ssh.c (sexp_key_construct): Do not put an empty string
	into an S-expression.
	(stream_read_string): Do not not try to a read a zero length block.

2022-01-27  Werner Koch  <wk@gnupg.org>

	gpgconf: Tweak the use of ldapserver.
	+ commit e1fc053dc1ad260922428cf864071e829e6c30f2
	* tools/gpgconf-comp.c (known_options_gpgsm): Make "keyserver"
	invisible.
	(known_options_dirmngr): Add "ldapserver".
	* sm/gpgsm.c (oKeyServer_deprecated): New.
	(opts): Assign "ldapserver" to the new option and makr it as obsolete.

2022-01-26  Werner Koch  <wk@gnupg.org>

	gpgconf: Some more fixes for the backported stuff.
	+ commit eefa2d19ee3f359435f0e5324cb5f10f2d8940a5
	* agent/gpg-agent.c (main) <gpgconf_list>: Keep only those option which
	have a default.  Remove runtime flag.
	* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
	* tools/gpgconf-comp.c: here because it is now inetrnal to gpgconf.
	(known_options_gpg_agent): Add a few missing runtime flags.  Remove
	"options".  Add "check-sym-passphrase-pattern".
	(known_options_scdaemon, known_options_gpgsm): Remove "options".
	(dirmngr): Ditto.

	* tools/gpgconf-comp.c (is_known_option): Return only options having a
	value for name.  Thus we list list options from the known_options
	tables.

	gpgconf: Fix --list-options for forced options.
	+ commit 85300587cc8a115c96e812850762090f937ade9b
	* tools/gpgconf-comp.c: Remove assert.h and replace all assert calls
	by log_assert.
	(known_options_gpg): Add "keyserver" as invisible.  Remove "options".
	(known_pseudo_options_gpg, known_pseudo_options_gpgsm): New.
	(gc_component): Add field known_pseudo_options.
	(struct read_line_wrapper_parm_s): New.
	(read_line_wrapper): New.
	(retrieve_options_from_program): Use read_line_wrapper to handle
	pseudo options.
	(retrieve_options_from_program): Ignore to be ignored options.  Add
	failsafe code to avoid calling percent_escape with NULL.

2022-01-25  Werner Koch  <wk@gnupg.org>

	common: Fix returning of option attributes for options with args.
	+ commit d8e6d1e9ed7d181f546426269ab7b04e184bb9a1
	* common/argparse.c (gnupg_argparse): Set attribute flags

	scd: Also prefer Yubikeys if no reader port is given.
	+ commit 38c666ec3fdb0e3a8762889ae99faca4adb68b68
	* scd/apdu.c (select_a_reader): Extend the white list.

2022-01-17  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Fix adding the list of ultimate trusted keys.
	+ commit 4cc724639c012215f59648cbb4b7631b9d352e36
	* g10/keygen.c (do_generate_keypair): Remove call to
	register_trusted_keyid for updating user_utk_list.
	* g10/trust.c (register_trusted_keyid): Remove.
	(update_ownertrust): Add call to tdb_update_utk.
	* g10/trustdb.c (tdb_register_trusted_keyid): Make it internal
	function by adding "static" qualifier.
	Replace calls of register_trusted_keyid to tdb_register_trusted_keyid.
	(tdb_update_utk): New.
	* g10/trustdb.h (tdb_update_utk): New.

2022-01-12  Werner Koch  <wk@gnupg.org>

	gpgconf: Add command aliases -L -K -R.
	+ commit f16c535eee912224a44b5999df7915c69f2d41bc
	* tools/gpgconf.c (enum cmd_and_opt_values): Assign shortcuts.

	common,w32: Improve HKCU->HKLM fallback.
	+ commit 96db487a4da5903b71c64edf7a0ee9c2e01a8762
	* common/w32-reg.c (read_w32_registry_string): Add another fallback.

2022-01-10  Werner Koch  <wk@gnupg.org>

	gpgtar: List and extract using extended headers.
	+ commit bf4cf04a54bb2aa34afdf1d3c814ca4e185bacc8
	* tools/gpgtar.h (TF_EXTHDR, TF_GEXTHDR): New.
	* tools/gpgtar-list.c (parse_header): Set the new type flags.
	(parse_extended_header): New.
	(read_header): Add arg r_extheader and parse extended header.
	(print_header): Consult the extended header.
	(gpgtar_list): Pass an extended header object.
	(gpgtar_read_header): Ditto.
	(gpgtar_print_header): Ditto.
	* tools/gpgtar-extract.c (extract): New arg exthdr and factor name
	checking out to ...
	(check_suspicious_name): new.
	(extract_regular): Add arg exthdr and consult it.
	(extract_directory): Likewise.
	(gpgtar_extract): Provide extheader object.

	gpgtar: Create extended header for long file names.
	+ commit ec69ceab2615758e88c52a1d30c4731b3e71b105
	* tools/gpgtar-create.c (global_header_count): new.
	(myreadlink): New.
	(build_header): New arg r_exthdr.  Detect and store long file and link
	names.  Factor checkum computation out to ...
	(compute_checksum): new.
	(add_extended_header_record): New.
	(write_extended_header): New.
	(write_file): Write extended header.

2021-12-30  Werner Koch  <wk@gnupg.org>

	build: Fixes recent commits to still build with gpgrt 1.27.
	+ commit c4153f7021afafe9ce4459aa08857136b394cce7
	* agent/gpg-agent.c (main): Use gnupg_argparse.
	* tools/gpgconf-comp.c: Use gnupg_opt_t.
	* tools/gpgconf.c (show_version_gnupg): Use strusage.

	gpgconf: Do not list ignored options and mark forced options as r/o.
	+ commit c69c51bce0f07bf1becdb944a422bdc563705dae
	* tools/gpgconf-comp.c (list_one_option): Skip ignored options and set
	the no_change flag for forced options.
	(retrieve_options_from_program): Put the attributes into the option
	table.

2021-12-29  Werner Koch  <wk@gnupg.org>

	gpg: Re-group the options in the --help output.
	+ commit f7bde071ccc8583b58ddaafa42e997e9202b041f
	* g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to
	use ARGPARSE_ignore and remove the code in the option switch.

	agent: Re-group the options in the --help output.
	+ commit 7e535503a9c637007a933a77e4bc674c8fb6dfea
	* agent/gpg-agent.c (oGreeting): Remove non existant dummy option.

	gpgconf: Take care of --homedir when reading/updating options.
	+ commit 5934027115239cb7b39659f14f7a1dfecada6b76
	* tools/gpgconf-comp.c (gpg_agent_runtime_change): Remove unused var.
	(scdaemon_runtime_change): Ditto.
	(dirmngr_runtime_change): Ditto.
	(gc_component_check_options): Pass --homedir if needed.
	(retrieve_options_from_program): Take care of --homedir.

	gpgconf: Rewrite the gpgconf-comp module.
	+ commit 7a3a1ef3707194e1086c452d005319c519905d3e
	* tools/gpgconf.h (gc_component_t): Change type to ...
	(gc_component_id_t): this.
	(GC_COMPONENT_ANY): New, so that we can use that in gpgconf-comp.c
	directly.
	* tools/gpgconf-comp.c: Major rework.

	gpgconf: Support reading global options (part 2).
	+ commit 5f890f417f135e237074c8a454e6a73e66d7b78d
	* tools/gpgconf-comp.c: Remove all regular option descriptions.  They
	are now read in from the component.  Also remove a few meanwhile
	obsolete options.
	* agent/gpg-agent.c: Add option description which were only set in
	gpgconf-comp.c.
	* dirmngr/dirmngr.c: Ditto.
	* scd/scdaemon.c: Ditto.
	* sm/gpgsm.c: Ditto.
	* g10/gpg.c: Ditto.

	gpgconf: Support reading global options (part 1).
	+ commit 7397872445d6d2b8c9ef25e0108e603baa5478de
	* tools/gpgconf.c (main): Set the config directories.
	* tools/gpgconf-comp.c (gc_backend): Change the name of the config
	files.
	(struct gc_option): Add new field 'attr'.
	(retrieve_options_from_program): Rewrite to use gpgrt_argparser.

	common: New function xreallocarray.
	+ commit f0d034ebf4fc299c2a6097248f51c329e65d2976
	* common/miscellaneous.c (gnupg_reallocarray): New.
	(xreallocarray): New.

2021-12-13  Werner Koch  <wk@gnupg.org>

	common,w32: Sync read_w32_registry_string with the gpgrt version.
	+ commit 1af559a9a24fd930094ab7b466ed051cdbc66f99
	* common/w32-reg.c (get_root_key): Add short version of the root
	classes.

2021-12-07  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Accept Ed25519 private key in SOS which reserves leading zeros.
	+ commit 14de7b1e5904e78fcbe413a82d0f19b750bd8830
	* g10/parse-packet.c (sos_read): Backport from 2.3.
	(parse_key): Use sos_read for Ed25519 private key.

2021-11-23  Werner Koch  <wk@gnupg.org>

	Release 2.2.33.
	+ commit 457f6ac1ef6d61ffcc336683a85ffeed3114ae63


2021-11-23  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit 007fea8ce9af97f36b48253c6be764dcd35fdd9e


2021-11-22  Werner Koch  <wk@gnupg.org>

	gpg: New option --forbid-gen-key.
	+ commit 985fb25c46eafc811e7a07597591ede0cf89a921
	* g10/gpg.c (oForbidGenKey, opts): New option.
	(mopt): New local struct
	(gen_key_forbidden): New.
	(main): Set and handle the option.

2021-11-19  Werner Koch  <wk@gnupg.org>

	gpgconf: Include output of --list-dirs in --show-configs.
	+ commit 40d2c931652777509aba35d48b5d193a7e208780
	* tools/gpgconf.c (list_dirs): Add arg special.
	(show_other_registry_entries): Print the Homedir.
	(show_configs): List directories.

2021-11-18  Werner Koch  <wk@gnupg.org>

	gpgconf: --show-configs now prints a bunch of Registry entries.
	+ commit 7f31891ab1e51c00dd42232d3c286df519c2cdb8
	* tools/gpgconf.c (show_other_registry_entries): New.
	(show_configs): Call it.  Minor reformatting.

	gpgconf: Extend --show-config to show envvars.
	+ commit 58652f4c0b3a5e9fb6de54d802173bc52c798134
	* tools/gpgconf.c (my_copy_file): Add arg LISTP and record certain
	things.
	(show_configs_one_file): New arg LISTP to be passed thru.
	(show_configs): Show envars and regisiry values.

	common,w32: New function read_w32_reg_string.
	+ commit 6c6c404883e52545ed38293384c95fdacb7227c4
	* common/w32-reg.c (read_w32_reg_string): New.

	* common/t-w32-reg.c (test_read_registry): Add another test.

	gpg,gpgsm: Add option --min-rsa-length.
	+ commit 6ee01c1d26cae0415a3eec7f067cff7c324cb9c1
	* common/compliance.c (min_compliant_rsa_length): New.
	(gnupg_pk_is_compliant): Take in account.
	(gnupg_pk_is_allowed): Ditto.
	(gnupg_set_compliance_extra_info): New.
	* g10/gpg.c (oMinRSALength): New.
	(opts): Add --min-rsa-length.
	(main): Set value.
	* g10/options.h (opt): Add field min_rsa_length.
	* sm/gpgsm.c (oMinRSALength): New.
	(opts): Add --min-rsa-length.
	(main): Set value.
	* sm/gpgsm.h (opt): Add field min_rsa_length.

2021-11-15  Werner Koch  <wk@gnupg.org>

	sm: Detect circular chains in --list-chain.
	+ commit c9343bec83e2c2a14b564b8a13998806eab1ae9f
	* sm/keylist.c (list_cert_chain): Break loop for a too long chain.

2021-11-15  NIIBE Yutaka  <gniibe@fsij.org>
	    Klas Lindfors

	scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE.
	+ commit b6b735edab036e4992872ef3d44b357fb9281ca8
	* scd/app-openpgp.c (do_auth): Use extended Lc, when supported.

2021-11-14  Ingo Klöcker  <dev@ingo-kloecker.de>

	build: Fix several "include file not found" problems.
	+ commit 027e34235bc576e1523566bf98b2b795d3dc7967
	* dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add KSBA_CFLAGS.
	* kbx/Makefile.am (libkeybox_a_CFLAGS, libkeybox509_a_CFLAGS): Add
	NPTH_CFLAGS.
	* tools/Makefile.am (gpgtar_CFLAGS, gpg_wks_server_CFLAGS,
	gpg_wks_client_CFLAGS, gpg_pair_tool_CFLAGS): Add LIBGCRYPT_CFLAGS.

2021-11-14  Werner Koch  <wk@gnupg.org>

	agent: Print the non-option warning earlier.
	+ commit a43efc9294d158c62a3a04396fa3fe6c77090ba8
	* agent/gpg-agent.c (main): Move detection up.

2021-11-13  Werner Koch  <wk@gnupg.org>

	gpg: Remove stale ultimately trusted keys from the trustdb.
	+ commit bc6d56282ec998e4b2d13c522316348b5058fc3f
	* g10/tdbdump.c (export_ownertrust): Skip records marked with the
	option --trusted-key.
	(import_ownertrust): Clear the trusted-key flag.
	* g10/tdbio.h (struct trust_record): Add field flags.
	* g10/tdbio.c (tdbio_dump_record): Improve output.
	(tdbio_read_record, tdbio_write_record): Handle flags.
	* g10/trustdb.c (verify_own_keys): Clear stale trusted-keys and set
	the flag for new --trusted-keys.
	(tdb_update_ownertrust): Add arg as_trusted_key.  Update callers.

	gpgconf: New command --show-configs.
	+ commit 8fe3f57643479b8cb2e9e10fa2069c415c47d0af
	* tools/gpgconf.c (aShowConfigs): New.
	(opts): Add --show-configs.
	(CUTLINE_FMT): New.
	(show_version_gnupg): Add arg "prefix" and adjust caller.
	(my_copy_file): New.
	(show_configs_one_file): New.New.
	(show_configs): New.
	(main): Call show_configs.

	agent,dirmngr: New option --steal-socket.
	+ commit 6507c6ab101e61fc5a3472497d258a0109257a47
	* agent/gpg-agent.c (oStealSocket): New.
	(opts): Add option.
	(steal_socket): New file global var.
	(main): Set option.
	(create_server_socket): Implement option.

	* dirmngr/dirmngr.c (oStealSocket): New.
	(opts): Add option.
	(steal_socket): New file global var.
	(main): Set option.  Add comment to eventually implement it.

2021-11-10  NIIBE Yutaka  <gniibe@fsij.org>

	scd: More conservative selection of a card reader.
	+ commit 0982c6cb19da689ae84ad25b6db12bf30ac75030
	* scd/apdu.c (select_a_reader): Only SPRx32 is in the white list.

2021-11-09  Bernhard M. Wiedemann  <bwiedemann@suse.de>

	wks: Do not mark key files as executable.
	+ commit 46ada6a9bd83daa9e5f064adfea1bb6ccdba5dcb


	wks: Allow access to newly created dirs.
	+ commit f54feb44700062fd3f4ca2d5e6d4e203e74d94ea


2021-11-02  Werner Koch  <wk@gnupg.org>

	common: Support MYPROC_SELF_EXE for Solaris.
	+ commit 006131f6289cd0e03a470c77795ad50a4bf9e269
	* common/homedir.c (MYPROC_SELF_EXE): Add case for SunOS.

	common: Silence warning from unix_rootdir on systems w/o /proc.
	+ commit bcd8f0239dfc36f99fbbb8ee309828ccee8974c0
	* common/homedir.c (unix_rootdir): Silence diagnostic in the common
	case.
	(MYPROC_SELF_EXE): Support NetBSD.

2021-11-02  Ingo Klöcker  <dev@ingo-kloecker.de>

	common: Respect gpgconf.ctl when looking up translations.
	+ commit 947fedf0e7d95571abd039e827c401ebc64a8abb
	* common/i18n.c (i18n_init): Use gnupg_localedir() instead of LOCALEDIR.
	(i18n_localegettext): Ditto.
	* tools/gpgconf-comp.c (my_dgettext): Ditto.

2021-11-02  Werner Koch  <wk@gnupg.org>

	common: Support gpgconf.ctl also for BSDs.
	+ commit 49d589c409cc1813a48fecaf3fb5772e6febe281
	* common/homedir.c (MYPROC_SELF_EXE): New.
	(unix_rootdir): Use it here.  Also support GNUPG_BUILD_ROOT as
	fallback.

	common: Add keyword sysconfdir to the optional gpgconf.ctl file.
	+ commit 3828dd7a4067db2911caebde324053b4e354a486
	* common/homedir.c (unix_rootdir): Add arg want_sysconfdir.
	(gnupg_sysconfdir): Return it.

	common: Support a gpgconf.ctl file under Unix.
	+ commit 82328165cf4be4771674b703c1e15178f87530e2
	* common/homedir.c (unix_rootdir): New.
	(gnupg_bindir): Use it.
	(gnupg_libexecdir): Use it.
	(gnupg_libdir): Use it.
	(gnupg_datadir): Use it.
	(gnupg_localedir): Use it.

	common: New function substitute_envvars.
	+ commit f0162afb6b6f8ac1a993452643d8cb64fb3f2953
	* common/stringhelp.c (substitute_envvars): New.  Based on code in
	gpg-connect-agent.
	* common/t-stringhelp.c: Include sysutils.h.
	(test_substitute_envvars): New.

	common,w32: Do not always print "Garbled console data" warning.
	+ commit a756a61f19ce44958f93757894f65b09cebd484a
	* common/init.c (_init_common_subsystems): Silence message.

2021-11-02  NIIBE Yutaka  <gniibe@fsij.org>

	dns: Make reading resolv.conf more robust.
	+ commit 152f0281552f6a8e4bc082f3aaeec17c84001cfe
	* dirmngr/dns.c (dns_resconf_loadfile): Skip "search" which
	begins with '.'.

2021-10-22  Werner Koch  <wk@gnupg.org>

	gpg: Fix printing of binary notations.
	+ commit 918e9218002b2b0d455a8df86a63c9187cf6fdf4
	* g10/keylist.c (show_notation): Print binary notation from BDAT.

	gpgconf: create local option file even if a global file exists.
	+ commit 5e3eea4b738cc3e8e257635b7cb53dcf43c07f79
	* tools/gpgconf-comp.c (munge_config_filename): New.
	(change_options_program): Call it.

2021-10-22  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Select a reader for PC/SC.
	+ commit 752422a792cecf459b37f517d634bcf272292b14
	* scd/apdu.c (select_a_reader): New.
	(open_pcsc_reader): Use select_a_reader.

2021-10-13  Werner Koch  <wk@gnupg.org>

	gpg: New option --override-compliance-check.
	+ commit 773b8fbbe915449c723302f5268d7906b40d84d3
	* g10/gpg.c (oOverrideComplianceCheck): New.
	(opts): Add new option.
	(main): Set option and add check for batch mode.
	* g10/options.h (opt): Add flags.override_compliance_check.

	* g10/sig-check.c (check_signature2): Factor complaince checking out
	to ...
	(check_key_verify_compliance): new.  Turn error into a warning in
	override mode.

2021-10-06  Werner Koch  <wk@gnupg.org>

	Release 2.2.32.
	+ commit 476096099db9ea3f66581fa3ca8724291e3a5c80


2021-10-06  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Skip the packet when not used for AEAD.
	+ commit a17f1b607473f5aae081ffe22381dda2b54a7a6a
	* g10/free-packet.c (free_packet): Add the case for case
	PKT_ENCRYPTED_AEAD.

2021-10-06  Werner Koch  <wk@gnupg.org>

	dirmngr: New option --ignore-cert.
	+ commit 323a20399d905e8ae1cc0d71846c298116460464
	* dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen.
	(opt): Add field ignored_certs.
	* dirmngr/dirmngr.c: Add option --ignore-cert
	(parse_rereadable_options): Handle that option.
	(parse_ocsp_signer): Rename to ...
	(parse_fingerprint_item): this and add two args.
	* dirmngr/certcache.c (put_cert): Ignore all to be igored certs.
	Change callers to handle the new error return.

	dirmngr: Fix Let's Encrypt certificate chain validation.
	+ commit 341ab0123a8fa386565ecf13f6462a73a137e6a4
	* dirmngr/certcache.c (find_cert_bysubject): Return the first trusted
	certififcate if any.

2021-09-15  Werner Koch  <wk@gnupg.org>

	Release 2.2.31.
	+ commit ecf4c2f611238799a3af6369a64e418a77ab9dd6


2021-09-14  Werner Koch  <wk@gnupg.org>

	scd: Remove context reference counting from pc/sc.
	+ commit 67e1834ad402e86906429ba0e2bf7ebd72de2450
	* scd/apdu.c (pcsc): Add flag context_valid, remove count.
	(close_pcsc_reader): Use new flag instead of looking at magic context
	value.
	(pcsc_init): Set new flag.
	(open_pcsc_reader): Use new flag.
	(apdu_init): Clear new flag.

	* scd/apdu.c: Remove assert.h.  Replace all assert by log_assert.

2021-09-13  Werner Koch  <wk@gnupg.org>

	common: New envvar GNUPG_EXEC_DEBUG_FLAGS.
	+ commit 117afec018911a3b0187f15c8559f811a72ddb79
	* common/exechelp-w32.c (gnupg_spawn_process_detached): Silence
	breakaway messages and turn them again into debug messages.

2021-09-08  Werner Koch  <wk@gnupg.org>

	scd: Support PC/SC for "getinfo reader_list".
	+ commit f32994b0bf07d62bf596cc8bb6ec3c3a5f133ac4
	* scd/apdu.c: Include membuf.h.
	(pcsc): Add reader_list field.
	(open_pcsc_reader): Fill that field.
	(apdu_get_reader_list): New.
	* scd/command.c: Remove header ccid-driver.h.
	(pretty_assuan_send_data): New.
	(cmd_getinfo): Print all reader names.

2021-09-07  Werner Koch  <wk@gnupg.org>

	scd: Fix possible assertion in close_pcsc_reader.
	+ commit 192113552faa98f40cc91fe014ec55861474626c
	* scd/apdu.c (close_pcsc_reader): Don't ref-count if the context is
	invalid.
	(open_pcsc_reader): Compare the context against -1 which is our
	indicator for an invalid context.

	agent: Fix segv in GET_PASSPHRASE (regression)
	+ commit 4b2cfec2dc2fd524a4fed6c17bb11e6a7baf15f2
	* agent/command.c (cmd_get_passphrase): Do not deref PI.  PI is always
	NULL.

2021-08-27  NIIBE Yutaka  <gniibe@fsij.org>

	common: Fix put_membuf.
	+ commit 7e431e009e479e63f0996a612e12fb9d8b209ab9
	* common/membuf.c (put_membuf): Allow NULL for the second arg.

	build: Fix removal of AC_TYPE_SIGNAL.
	+ commit 0ca84cbdf0a5a956f4de80f874f8a3b495cfab20
	* configure.ac: AC_TYPE_SIGNAL is still needed.

	common: Fix get_signal_name for GNU/Linux.
	+ commit d5f9481186eaf2ff28d7ab04fd36f0bbd1c9714d
	* common/signal.c (get_signal_name): Use sigdescr_np if available.
	* configure.ac: Check the function.

