2014-06-24 15:43:46 +02:00
|
|
|
Noteworthy changes in version 2.0.25 (unreleased)
|
|
|
|
-------------------------------------------------
|
|
|
|
|
2014-06-24 15:11:12 +02:00
|
|
|
Noteworthy changes in version 2.0.24 (2014-06-24)
|
2014-06-03 11:25:04 +02:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2014-06-24 15:11:12 +02:00
|
|
|
* gpg: Avoid DoS due to garbled compressed data packets.
|
|
|
|
|
|
|
|
* gpg: Screen keyserver responses to avoid importing unwanted keys
|
|
|
|
from rogue servers.
|
|
|
|
|
|
|
|
* gpg: The validity of user ids is now shown by default. To revert
|
|
|
|
this add "list-options no-show-uid-validity" to gpg.conf.
|
|
|
|
|
|
|
|
* gpg: Print more specific reason codes with the INV_RECP status.
|
|
|
|
|
|
|
|
* gpg: Allow loading of a cert only key to an OpenPGP card.
|
|
|
|
|
|
|
|
* gpg-agent: Make ssh support for ECDSA keys work with Libgcrypt 1.6.
|
|
|
|
|
2014-06-03 11:25:04 +02:00
|
|
|
|
2014-06-03 10:02:45 +02:00
|
|
|
Noteworthy changes in version 2.0.23 (2014-06-03)
|
2013-10-04 20:33:14 +02:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2014-06-03 10:02:45 +02:00
|
|
|
* gpg: Reject signatures made using the MD5 hash algorithm unless the
|
|
|
|
new option --allow-weak-digest-algos or --pgp2 are given.
|
2013-10-11 09:25:58 +02:00
|
|
|
|
2014-06-03 10:02:45 +02:00
|
|
|
* gpg: Do not create a trustdb file if --trust-model=always is used.
|
|
|
|
|
|
|
|
* gpg: Only the major version number is by default included in the
|
|
|
|
armored output.
|
|
|
|
|
|
|
|
* gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the
|
|
|
|
communication with the gpg-agent.
|
|
|
|
|
|
|
|
* gpg: The format of the fallback key listing ("gpg KEYFILE") is now more
|
|
|
|
aligned to the regular key listing ("gpg -k").
|
|
|
|
|
|
|
|
* gpg: The option--show-session-key prints its output now before the
|
|
|
|
decryption of the bulk message starts.
|
|
|
|
|
|
|
|
* gpg: New %U expando for the photo viewer.
|
|
|
|
|
|
|
|
* gpgsm: Improved handling of re-issued CA certificates.
|
|
|
|
|
|
|
|
* scdaemon: Various fixes for pinpad equipped card readers.
|
|
|
|
|
|
|
|
* Minor bug fixes.
|
2013-11-27 09:20:02 +01:00
|
|
|
|
2013-10-04 20:33:14 +02:00
|
|
|
|
2013-10-04 19:39:33 +02:00
|
|
|
Noteworthy changes in version 2.0.22 (2013-10-04)
|
2013-08-19 14:32:51 +02:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2013-10-04 19:39:33 +02:00
|
|
|
* Fixed possible infinite recursion in the compressed packet
|
|
|
|
parser. [CVE-2013-4402]
|
|
|
|
|
|
|
|
* Improved support for some card readers.
|
|
|
|
|
|
|
|
* Prepared building with the forthcoming Libgcrypt 1.6.
|
|
|
|
|
|
|
|
* Protect against rogue keyservers sending secret keys.
|
2013-10-02 09:11:43 +02:00
|
|
|
|
2013-08-19 14:32:51 +02:00
|
|
|
|
2013-08-19 13:09:07 +02:00
|
|
|
Noteworthy changes in version 2.0.21 (2013-08-19)
|
2013-04-25 12:00:16 +01:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2013-07-03 15:20:25 +02:00
|
|
|
* gpg-agent: By default the users are now asked via the Pinentry
|
|
|
|
whether they trust an X.509 root key. To prohibit interactive
|
|
|
|
marking of such keys, the new option --no-allow-mark-trusted may
|
|
|
|
be used.
|
|
|
|
|
2013-08-19 13:09:07 +02:00
|
|
|
* gpg-agent: The command KEYINFO has options to add info from
|
|
|
|
sshcontrol.
|
|
|
|
|
2013-07-01 20:49:50 +02:00
|
|
|
* The included ssh agent does now support ECDSA keys.
|
|
|
|
|
2013-08-19 13:09:07 +02:00
|
|
|
* The new option --enable-putty-support allows gpg-agent to act on
|
|
|
|
Windows as a Pageant replacement with full smartcard support.
|
2013-07-03 13:29:47 +02:00
|
|
|
|
2013-08-01 19:50:52 +02:00
|
|
|
* Support installation as portable application under Windows.
|
|
|
|
|
2013-07-01 20:49:50 +02:00
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
Noteworthy changes in version 2.0.20 (2013-05-10)
|
2012-03-27 11:13:50 +02:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2013-04-25 09:33:33 +02:00
|
|
|
* Decryption using smartcards keys > 3072 bit does now work.
|
2012-11-16 10:35:33 +01:00
|
|
|
|
|
|
|
* New meta option ignore-invalid-option to allow using the same
|
|
|
|
option file by other GnuPG versions.
|
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
* gpg: The hash algorithm is now printed for sig records in key listings.
|
|
|
|
|
|
|
|
* gpg: Skip invalid keyblock packets during import to avoid a DoS.
|
|
|
|
|
|
|
|
* gpg: Correctly handle ports from DNS SRV records.
|
2012-11-16 10:35:33 +01:00
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
* keyserver: Improve use of SRV records
|
2012-11-16 10:35:33 +01:00
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
* gpg-agent: Avoid tty corruption when killing pinentry.
|
2012-11-16 10:35:33 +01:00
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
* scdaemon: Improve detection of card insertion and removal.
|
2012-11-16 10:35:33 +01:00
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
* scdaemon: Rename option --disable-keypad to --disable-pinpad.
|
|
|
|
|
|
|
|
* scdaemon: Better support for CCID readers. Now, the internal CCID
|
2012-11-16 10:35:33 +01:00
|
|
|
driver supports readers without the auto configuration feature.
|
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
* scdaemon: Add pinpad input for PC/SC, if your reader has pinpad and
|
|
|
|
it supports variable length PIN input, and you specify
|
scd: Rename 'keypad' to 'pinpad'.
* NEWS: Mention scd changes.
* agent/divert-scd.c (getpin_cb): Change message.
* agent/call-scd.c (inq_needpin): Change the protocol to
POPUPPINPADPROMPT and DISMISSPINPADPROMPT.
* scd/command.c (pin_cb): Likewise.
* scd/apdu.c (struct reader_table_s): Rename member functions.
(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify,
check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad
apdu_pinpad_verify, apdu_pinpad_modify): Rename.
* scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad)
(apdu_pinpad_verify, apdu_pinpad_modify): Rename.
* scd/iso7816.h (iso7816_check_pinpad): Rename.
* scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD.
(iso7816_check_pinpad): Rename.
(iso7816_verify_kp, iso7816_change_reference_data_kp): Follow
the change.
* scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename.
* scd/ccid-driver.c (ccid_transceive_secure): Use it.
* scd/app-dinsig.c (verify_pin): Follow the change.
* scd/app-nks.c (verify_pin): Follow the change.
* scd/app-openpgp.c (check_pinpad_request): Rename.
(parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow
the change.
* scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename.
* scd/scdaemon.h (opt): Rename to disable_pinpad,
enable_pinpad_varlen.
* tools/gpgconf-comp.c (gc_options_scdaemon): Rename to
disable-pinpad.
2013-02-07 10:07:51 +09:00
|
|
|
--enable-pinpad-varlen option.
|
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
* scdaemon: New option --enable-pinpad-varlen.
|
scd: Rename 'keypad' to 'pinpad'.
* NEWS: Mention scd changes.
* agent/divert-scd.c (getpin_cb): Change message.
* agent/call-scd.c (inq_needpin): Change the protocol to
POPUPPINPADPROMPT and DISMISSPINPADPROMPT.
* scd/command.c (pin_cb): Likewise.
* scd/apdu.c (struct reader_table_s): Rename member functions.
(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify,
check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad
apdu_pinpad_verify, apdu_pinpad_modify): Rename.
* scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad)
(apdu_pinpad_verify, apdu_pinpad_modify): Rename.
* scd/iso7816.h (iso7816_check_pinpad): Rename.
* scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD.
(iso7816_check_pinpad): Rename.
(iso7816_verify_kp, iso7816_change_reference_data_kp): Follow
the change.
* scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename.
* scd/ccid-driver.c (ccid_transceive_secure): Use it.
* scd/app-dinsig.c (verify_pin): Follow the change.
* scd/app-nks.c (verify_pin): Follow the change.
* scd/app-openpgp.c (check_pinpad_request): Rename.
(parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow
the change.
* scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename.
* scd/scdaemon.h (opt): Rename to disable_pinpad,
enable_pinpad_varlen.
* tools/gpgconf-comp.c (gc_options_scdaemon): Rename to
disable-pinpad.
2013-02-07 10:07:51 +09:00
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
* scdaemon: Install into libexecdir to avoid accidental execution
|
2012-11-16 10:35:33 +01:00
|
|
|
from the command line.
|
scd: Rename 'keypad' to 'pinpad'.
* NEWS: Mention scd changes.
* agent/divert-scd.c (getpin_cb): Change message.
* agent/call-scd.c (inq_needpin): Change the protocol to
POPUPPINPADPROMPT and DISMISSPINPADPROMPT.
* scd/command.c (pin_cb): Likewise.
* scd/apdu.c (struct reader_table_s): Rename member functions.
(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify,
check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad
apdu_pinpad_verify, apdu_pinpad_modify): Rename.
* scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad)
(apdu_pinpad_verify, apdu_pinpad_modify): Rename.
* scd/iso7816.h (iso7816_check_pinpad): Rename.
* scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD.
(iso7816_check_pinpad): Rename.
(iso7816_verify_kp, iso7816_change_reference_data_kp): Follow
the change.
* scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename.
* scd/ccid-driver.c (ccid_transceive_secure): Use it.
* scd/app-dinsig.c (verify_pin): Follow the change.
* scd/app-nks.c (verify_pin): Follow the change.
* scd/app-openpgp.c (check_pinpad_request): Rename.
(parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow
the change.
* scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename.
* scd/scdaemon.h (opt): Rename to disable_pinpad,
enable_pinpad_varlen.
* tools/gpgconf-comp.c (gc_options_scdaemon): Rename to
disable-pinpad.
2013-02-07 10:07:51 +09:00
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
* Support building using w64-mingw32.
|
|
|
|
|
|
|
|
* Assorted bug fixes.
|
scd: Rename 'keypad' to 'pinpad'.
* NEWS: Mention scd changes.
* agent/divert-scd.c (getpin_cb): Change message.
* agent/call-scd.c (inq_needpin): Change the protocol to
POPUPPINPADPROMPT and DISMISSPINPADPROMPT.
* scd/command.c (pin_cb): Likewise.
* scd/apdu.c (struct reader_table_s): Rename member functions.
(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify,
check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad
apdu_pinpad_verify, apdu_pinpad_modify): Rename.
* scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad)
(apdu_pinpad_verify, apdu_pinpad_modify): Rename.
* scd/iso7816.h (iso7816_check_pinpad): Rename.
* scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD.
(iso7816_check_pinpad): Rename.
(iso7816_verify_kp, iso7816_change_reference_data_kp): Follow
the change.
* scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename.
* scd/ccid-driver.c (ccid_transceive_secure): Use it.
* scd/app-dinsig.c (verify_pin): Follow the change.
* scd/app-nks.c (verify_pin): Follow the change.
* scd/app-openpgp.c (check_pinpad_request): Rename.
(parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow
the change.
* scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename.
* scd/scdaemon.h (opt): Rename to disable_pinpad,
enable_pinpad_varlen.
* tools/gpgconf-comp.c (gc_options_scdaemon): Rename to
disable-pinpad.
2013-02-07 10:07:51 +09:00
|
|
|
|
2012-03-27 11:13:50 +02:00
|
|
|
|
2012-03-27 10:19:40 +02:00
|
|
|
Noteworthy changes in version 2.0.19 (2012-03-27)
|
2011-08-04 17:36:33 +02:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2012-01-31 15:41:29 +01:00
|
|
|
* GPG now accepts a space separated fingerprint as a user ID. This
|
|
|
|
allows to copy and paste the fingerprint from the key listing.
|
|
|
|
|
2012-03-26 15:20:18 +02:00
|
|
|
* GPG now uses the longest key ID available. Removed support for the
|
|
|
|
original HKP keyserver which is not anymore used by any site.
|
2012-01-31 15:41:29 +01:00
|
|
|
|
|
|
|
* Rebuild the trustdb after changing the option --min-cert-level.
|
|
|
|
|
2012-01-31 15:43:33 +01:00
|
|
|
* Ukrainian translation.
|
|
|
|
|
2012-03-26 15:20:18 +02:00
|
|
|
* Honor option --cert-digest-algo when creating a cert.
|
|
|
|
|
|
|
|
* Emit a DECRYPTION_INFO status line.
|
|
|
|
|
|
|
|
* Improved detection of JPEG files.
|
|
|
|
|
2011-08-04 17:36:33 +02:00
|
|
|
|
2011-08-04 16:23:09 +02:00
|
|
|
Noteworthy changes in version 2.0.18 (2011-08-04)
|
2011-01-13 17:04:47 +01:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2011-07-07 11:20:53 +02:00
|
|
|
* Bug fix for newer versions of Libgcrypt.
|
|
|
|
|
2011-08-04 16:23:09 +02:00
|
|
|
* Support the SSH confirm flag and show SSH fingerprints in ssh
|
2011-08-04 14:57:35 +02:00
|
|
|
related pinentries.
|
2011-07-20 20:49:41 +02:00
|
|
|
|
2011-07-21 10:39:38 +02:00
|
|
|
* Improved dirmngr/gpgsm interaction for OCSP.
|
|
|
|
|
2011-08-04 16:23:09 +02:00
|
|
|
* Allow generation of card keys up to 4096 bit.
|
|
|
|
|
2011-01-13 17:04:47 +01:00
|
|
|
|
2011-01-13 16:01:21 +01:00
|
|
|
Noteworthy changes in version 2.0.17 (2011-01-13)
|
2010-08-11 14:17:25 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2011-01-11 19:35:05 +01:00
|
|
|
* Allow more hash algorithms with the OpenPGP v2 card.
|
2010-08-23 16:27:10 +00:00
|
|
|
|
2011-01-11 19:35:05 +01:00
|
|
|
* The gpg-agent now tests for a new gpg-agent.conf on a HUP.
|
2010-09-24 13:06:56 +00:00
|
|
|
|
2011-01-11 19:35:05 +01:00
|
|
|
* Fixed output of "gpgconf --check-options".
|
2010-09-28 08:29:13 +00:00
|
|
|
|
2010-11-11 15:08:48 +00:00
|
|
|
* Fixed a bug where Scdaemon sends a signal to Gpg-agent running in
|
|
|
|
non-daemon mode.
|
|
|
|
|
2011-01-10 15:16:07 +01:00
|
|
|
* Fixed TTY management for pinentries and session variable update
|
|
|
|
problem.
|
|
|
|
|
2010-08-11 14:17:25 +00:00
|
|
|
|
2010-07-19 07:05:30 +00:00
|
|
|
Noteworthy changes in version 2.0.16 (2010-07-19)
|
2010-03-09 12:12:20 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2010-05-04 09:56:42 +00:00
|
|
|
* If the agent's --use-standard-socket option is active, all tools
|
|
|
|
try to start and daemonize the agent on the fly. In the past this
|
|
|
|
was only supported on W32; on non-W32 systems the new configure
|
2010-08-11 14:17:25 +00:00
|
|
|
option --enable-standard-socket may now be used to use this feature
|
|
|
|
by default.
|
2010-05-04 09:56:42 +00:00
|
|
|
|
2010-05-11 17:52:00 +00:00
|
|
|
* The gpg-agent commands KILLAGENT and RELOADAGENT are now available
|
|
|
|
on all platforms.
|
|
|
|
|
2010-05-04 09:56:42 +00:00
|
|
|
* Minor bug fixes.
|
|
|
|
|
2010-03-09 12:12:20 +00:00
|
|
|
|
2010-03-09 10:09:04 +00:00
|
|
|
Noteworthy changes in version 2.0.15 (2010-03-09)
|
2009-12-21 19:17:41 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2010-01-11 16:05:26 +00:00
|
|
|
* New command --passwd for GPG.
|
|
|
|
|
2010-01-26 16:33:58 +00:00
|
|
|
* Fixes a regression in 2.0.14 which prevented unprotection of new
|
|
|
|
or changed gpg-agent passphrases.
|
|
|
|
|
2010-02-18 09:52:28 +00:00
|
|
|
* Make use of libassuan 2.0 which is available as a DSO.
|
|
|
|
|
2009-12-21 19:17:41 +00:00
|
|
|
|
2009-12-21 17:27:28 +00:00
|
|
|
Noteworthy changes in version 2.0.14 (2009-12-21)
|
2009-09-04 17:52:40 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2009-12-03 19:39:39 +00:00
|
|
|
* The default for --include-cert is now to include all certificates
|
2009-10-16 10:56:59 +00:00
|
|
|
in the chain except for the root certificate.
|
|
|
|
|
2009-12-03 19:13:19 +00:00
|
|
|
* Numerical values may now be used as an alternative to the
|
|
|
|
debug-level keywords.
|
|
|
|
|
2009-12-03 19:39:39 +00:00
|
|
|
* The GPGSM --audit-log feature is now more complete.
|
|
|
|
|
2009-12-10 13:00:09 +00:00
|
|
|
* GPG now supports DNS lookups for SRV, PKA and CERT on W32.
|
|
|
|
|
|
|
|
* New GPGSM option --ignore-cert-extension.
|
2009-12-08 12:43:27 +00:00
|
|
|
|
2009-12-21 16:19:09 +00:00
|
|
|
* New and changed passphrases are now created with an iteration count
|
|
|
|
requiring about 100ms of CPU work.
|
2009-12-14 20:18:53 +00:00
|
|
|
|
2009-09-04 17:52:40 +00:00
|
|
|
|
2009-09-04 13:38:16 +00:00
|
|
|
Noteworthy changes in version 2.0.13 (2009-09-04)
|
2009-06-17 11:57:24 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2009-07-09 08:52:31 +00:00
|
|
|
* GPG now generates 2048 bit RSA keys by default. The default hash
|
|
|
|
algorithm preferences has changed to prefer SHA-256 over SHA-1.
|
|
|
|
2048 bit DSA keys are now generated to use a 256 bit hash algorithm
|
|
|
|
|
2009-07-07 10:02:41 +00:00
|
|
|
* The envvars XMODIFIERS, GTK_IM_MODULE and QT_IM_MODULE are now
|
|
|
|
passed to the Pinentry to make SCIM work.
|
2009-07-01 18:30:33 +00:00
|
|
|
|
2009-07-09 08:52:31 +00:00
|
|
|
* The GPGSM command --gen-key features a --batch mode and implements
|
|
|
|
all features of gpgsm-gencert.sh in standard mode.
|
2009-06-17 11:57:24 +00:00
|
|
|
|
2009-07-09 08:52:31 +00:00
|
|
|
* New option --re-import for GPGSM's IMPORT server command.
|
2009-07-07 16:52:12 +00:00
|
|
|
|
2009-07-09 14:54:18 +00:00
|
|
|
* Enhanced writing of existing keys to OpenPGP v2 cards.
|
|
|
|
|
|
|
|
* Add hack to the internal CCID driver to allow the use of some
|
|
|
|
Omnikey based card readers with 2048 bit keys.
|
|
|
|
|
2009-08-11 10:56:44 +00:00
|
|
|
* GPG now repeatly asks the user to insert the requested OpenPGP
|
|
|
|
card. This can be disabled with --limit-card-insert-tries=1.
|
|
|
|
|
2009-07-07 10:02:41 +00:00
|
|
|
* Minor bug fixes.
|
|
|
|
|
2009-06-17 11:57:24 +00:00
|
|
|
|
2009-06-17 11:18:26 +00:00
|
|
|
Noteworthy changes in version 2.0.12 (2009-06-17)
|
2009-03-05 19:19:37 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2009-03-06 17:31:27 +00:00
|
|
|
* GPGSM now always lists ephemeral certificates if specified by
|
|
|
|
fingerprint or keygrip.
|
|
|
|
|
|
|
|
* New command "KEYINFO" for GPG_AGENT. GPGSM now also returns
|
|
|
|
information about smartcards.
|
|
|
|
|
2009-03-19 10:21:51 +00:00
|
|
|
* Made sure not to leak file descriptors if running gpg-agent with a
|
2009-06-17 11:18:26 +00:00
|
|
|
command. Restore the signal mask to solve a problem in Mono.
|
2009-03-19 10:21:51 +00:00
|
|
|
|
|
|
|
* Changed order of the confirmation questions for root certificates
|
2009-06-17 11:18:26 +00:00
|
|
|
and store negative answers in trustlist.txt.
|
2009-03-19 07:09:31 +00:00
|
|
|
|
2009-05-13 17:12:00 +00:00
|
|
|
* Better synchronization of concurrent smartcard sessions.
|
2009-03-24 11:40:57 +00:00
|
|
|
|
2009-05-13 17:12:00 +00:00
|
|
|
* Support 2048 bit OpenPGP cards.
|
|
|
|
|
|
|
|
* Support Telesec Netkey 3 cards.
|
2009-03-26 19:27:04 +00:00
|
|
|
|
2009-04-01 10:51:53 +00:00
|
|
|
* The gpg-protect-tool now uses gpg-agent via libassuan. Under
|
|
|
|
Windows the Pinentry will now be put into the foreground.
|
|
|
|
|
2009-05-19 22:39:45 +00:00
|
|
|
* Changed code to avoid a possible Mac OS X system freeze.
|
|
|
|
|
2009-03-05 19:19:37 +00:00
|
|
|
|
2009-03-03 09:02:58 +00:00
|
|
|
Noteworthy changes in version 2.0.11 (2009-03-03)
|
2009-01-12 10:56:52 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2009-02-27 14:36:59 +00:00
|
|
|
* Fixed a problem in SCDAEMON which caused unexpected card resets.
|
2009-02-09 10:25:41 +00:00
|
|
|
|
|
|
|
* SCDAEMON is now aware of the Geldkarte.
|
|
|
|
|
2009-02-27 14:36:59 +00:00
|
|
|
* The SCDAEMON option --allow-admin is now used by default.
|
|
|
|
|
2009-03-03 09:02:58 +00:00
|
|
|
* GPGCONF now restarts SCdaemon if necessary.
|
|
|
|
|
2009-02-12 17:45:40 +00:00
|
|
|
* The default cipher algorithm in GPGSM is now again 3DES. This is
|
|
|
|
due to interoperability problems with Outlook 2003 which still
|
|
|
|
can't cope with AES.
|
2009-01-28 14:18:40 +00:00
|
|
|
|
2009-01-12 10:56:52 +00:00
|
|
|
|
2009-01-12 09:18:27 +00:00
|
|
|
Noteworthy changes in version 2.0.10 (2009-01-12)
|
2008-03-26 11:01:06 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2008-10-29 17:24:27 +00:00
|
|
|
* [gpg] New keyserver helper gpg2keys_kdns as generic DNS CERT
|
|
|
|
lookup. Run with --help for a short description. Requires the
|
|
|
|
ADNS library.
|
2008-04-08 11:04:16 +00:00
|
|
|
|
2008-09-25 10:06:02 +00:00
|
|
|
* [gpg] New mechanisms "local" and "nodefault" for --auto-key-locate.
|
2008-04-08 11:04:16 +00:00
|
|
|
Fixed a few problems with this option.
|
2008-03-26 11:01:06 +00:00
|
|
|
|
2008-09-25 10:06:02 +00:00
|
|
|
* [gpg] New command --locate-keys.
|
2008-05-07 15:40:36 +00:00
|
|
|
|
2008-09-25 10:06:02 +00:00
|
|
|
* [gpg] New options --with-sig-list and --with-sig-check.
|
2008-05-07 15:40:36 +00:00
|
|
|
|
2008-09-29 15:02:55 +00:00
|
|
|
* [gpg] The option "-sat" is no longer an alias for --clearsign.
|
|
|
|
|
2008-09-25 10:06:02 +00:00
|
|
|
* [gpg] The option --fixed-list-mode is now implicitly used and obsolete.
|
2008-06-11 08:07:54 +00:00
|
|
|
|
2008-09-25 10:06:02 +00:00
|
|
|
* [gpg] New control statement %ask-passphrase for the unattended key
|
|
|
|
generation.
|
2008-06-16 15:48:33 +00:00
|
|
|
|
2008-12-11 17:44:52 +00:00
|
|
|
* [gpg] The algorithm to compute the SIG_ID status has been changed.
|
|
|
|
|
2008-10-29 17:24:27 +00:00
|
|
|
* [gpgsm] Now uses AES by default.
|
2008-06-26 19:09:07 +00:00
|
|
|
|
2008-10-29 17:24:27 +00:00
|
|
|
* [gpgsm] Made --output option work with --export-secret-key-p12.
|
|
|
|
|
|
|
|
* [gpg-agent] Terminate process if the own listening socket is not
|
|
|
|
anymore served by ourself.
|
|
|
|
|
|
|
|
* [scdaemon] Made it more robust on W32.
|
|
|
|
|
|
|
|
* [gpg-connect-agent] Accept commands given as command line arguments.
|
|
|
|
|
|
|
|
* [w32] Initialized the socket subsystem for all keyserver helpers.
|
|
|
|
|
|
|
|
* [w32] The sysconf directory has been moved from a subdirectory of
|
|
|
|
the installation directory to %CSIDL_COMMON_APPDATA%/GNU/etc/gnupg.
|
|
|
|
|
2008-11-11 08:22:06 +00:00
|
|
|
* [w32] The gnupg2.nls directory is not anymore used. The standard
|
2011-07-21 10:39:38 +02:00
|
|
|
locale directory is now used.
|
2008-11-11 08:22:06 +00:00
|
|
|
|
2009-01-12 10:56:52 +00:00
|
|
|
* [w32] Fixed a race condition between gpg and gpgsm in the use of
|
2008-11-20 16:26:40 +00:00
|
|
|
temporary file names.
|
|
|
|
|
2008-12-09 08:58:02 +00:00
|
|
|
* The gpg-preset-passphrase mechanism works again. An arbitrary
|
|
|
|
string may now be used for a custom cache ID.
|
2008-09-03 09:37:32 +00:00
|
|
|
|
2008-09-25 10:06:02 +00:00
|
|
|
* Admin PINs are cached again (bug in 2.0.9).
|
|
|
|
|
|
|
|
* Support for version 2 OpenPGP cards.
|
|
|
|
|
2008-09-29 15:02:55 +00:00
|
|
|
* Libgcrypt 1.4 is now required.
|
|
|
|
|
2008-03-26 11:01:06 +00:00
|
|
|
|
2008-03-26 09:20:40 +00:00
|
|
|
Noteworthy changes in version 2.0.9 (2008-03-26)
|
2008-01-26 22:12:23 +00:00
|
|
|
------------------------------------------------
|
|
|
|
|
2008-02-13 16:47:14 +00:00
|
|
|
* Gpgsm always tries to locate missing certificates from a running
|
|
|
|
Dirmngr's cache.
|
|
|
|
|
2008-02-19 10:33:35 +00:00
|
|
|
* Tweaks for Windows.
|
|
|
|
|
2008-03-26 09:20:40 +00:00
|
|
|
* The Admin PIN for OpenPGP cards may now be entered with the pinpad.
|
|
|
|
|
2008-02-19 10:33:35 +00:00
|
|
|
* Improved certificate chain construction.
|
2008-02-15 09:58:01 +00:00
|
|
|
|
2008-02-19 10:33:35 +00:00
|
|
|
* Extended the PKITS framework.
|
|
|
|
|
2008-03-20 15:31:43 +00:00
|
|
|
* Fixed a bug in the ambigious name detection.
|
|
|
|
|
2008-03-25 19:41:11 +00:00
|
|
|
* Fixed possible memory corruption while importing OpenPGP keys (bug
|
2008-03-28 09:21:59 +00:00
|
|
|
introduced with 2.0.8). [CVE-2008-1530]
|
2008-03-25 08:33:31 +00:00
|
|
|
|
2008-02-19 10:33:35 +00:00
|
|
|
* Minor bug fixes.
|
2008-02-15 09:58:01 +00:00
|
|
|
|
2008-01-26 22:12:23 +00:00
|
|
|
|
2007-12-20 08:52:40 +00:00
|
|
|
Noteworthy changes in version 2.0.8 (2007-12-20)
|
2007-09-10 16:38:04 +00:00
|
|
|
------------------------------------------------
|
|
|
|
|
2007-10-19 14:51:39 +00:00
|
|
|
* Enhanced gpg-connect-agent with a small scripting language.
|
|
|
|
|
2007-10-23 18:13:27 +00:00
|
|
|
* New option --list-config for gpgconf.
|
|
|
|
|
2007-12-20 08:52:40 +00:00
|
|
|
* Fixed a crash in gpgconf.
|
2007-11-19 16:03:50 +00:00
|
|
|
|
2007-12-20 08:52:40 +00:00
|
|
|
* Gpg-agent now supports the passphrase quality bar of the latest
|
|
|
|
Pinentry.
|
|
|
|
|
|
|
|
* The envvars XAUTHORITY and PINENTRY_USER_DATA are now passed to the
|
|
|
|
Pinentry.
|
2007-12-12 10:28:30 +00:00
|
|
|
|
2011-07-21 10:39:38 +02:00
|
|
|
* Fixed the auto creation of the key stub for smartcards.
|
2007-12-12 10:28:30 +00:00
|
|
|
|
|
|
|
* Fixed a rare bug in decryption using the OpenPGP card.
|
|
|
|
|
|
|
|
* Creating DSA2 keys is now possible.
|
|
|
|
|
2007-12-13 15:45:40 +00:00
|
|
|
* New option --extra-digest-algo for gpgsm to allow verification of
|
|
|
|
broken signatures.
|
|
|
|
|
2007-12-20 08:52:40 +00:00
|
|
|
* Allow encryption with legacy Elgamal sign+encrypt keys with option
|
|
|
|
--rfc2440.
|
|
|
|
|
|
|
|
* Windows is now a supported platform.
|
|
|
|
|
|
|
|
* Made sure that under Windows the file permissions of the socket are
|
|
|
|
taken into account. This required a change of our socket emulation
|
|
|
|
code and changed the IPC protocol under Windows.
|
|
|
|
|
2007-09-10 16:38:04 +00:00
|
|
|
|
2007-09-10 15:40:29 +00:00
|
|
|
Noteworthy changes in version 2.0.7 (2007-09-10)
|
2007-08-16 10:57:35 +00:00
|
|
|
------------------------------------------------
|
|
|
|
|
2007-08-24 09:34:39 +00:00
|
|
|
* Fixed encryption problem if duplicate certificates are in the
|
|
|
|
keybox.
|
|
|
|
|
2007-08-27 18:10:27 +00:00
|
|
|
* Made it work on Windows Vista. Note that the entire Windows port
|
|
|
|
is still considered Beta.
|
|
|
|
|
2007-08-28 17:48:13 +00:00
|
|
|
* Add new options min-passphrase-nonalpha, check-passphrase-pattern,
|
|
|
|
enforce-passphrase-constraints and max-passphrase-days to
|
|
|
|
gpg-agent.
|
2007-08-24 09:34:39 +00:00
|
|
|
|
2007-08-29 09:51:37 +00:00
|
|
|
* Add command --check-components to gpgconf. Gpgconf now uses the
|
|
|
|
installed versions of the programs and does not anymore search via
|
|
|
|
PATH for them.
|
|
|
|
|
2007-08-16 10:57:35 +00:00
|
|
|
|
2007-08-16 10:42:06 +00:00
|
|
|
Noteworthy changes in version 2.0.6 (2007-08-16)
|
2007-07-05 20:29:14 +00:00
|
|
|
------------------------------------------------
|
|
|
|
|
2007-08-10 16:52:05 +00:00
|
|
|
* GPGSM does now grok --default-key.
|
|
|
|
|
2011-07-21 10:39:38 +02:00
|
|
|
* GPGCONF is now aware of --default-key and --encrypt-to.
|
2007-07-17 18:11:24 +00:00
|
|
|
|
2007-08-10 16:52:05 +00:00
|
|
|
* GPGSM does again correctly print the serial number as well the the
|
|
|
|
various keyids. This was broken since 2.0.4.
|
2007-07-05 20:29:14 +00:00
|
|
|
|
2007-08-14 16:50:27 +00:00
|
|
|
* New option --validation-model and support for the chain-model.
|
|
|
|
|
2007-08-16 10:42:06 +00:00
|
|
|
* Improved Windows support.
|
2007-08-14 16:50:27 +00:00
|
|
|
|
2011-07-21 10:39:38 +02:00
|
|
|
|
2007-07-05 18:59:50 +00:00
|
|
|
Noteworthy changes in version 2.0.5 (2007-07-05)
|
2007-05-15 16:10:48 +00:00
|
|
|
------------------------------------------------
|
|
|
|
|
2007-07-04 19:49:40 +00:00
|
|
|
* Switched license to GPLv3.
|
|
|
|
|
|
|
|
* Basic support for Windows. Run "./autogen.sh --build-w32" to build
|
|
|
|
it. As usual the mingw cross compiling toolchain is required.
|
2007-05-29 20:11:17 +00:00
|
|
|
|
2007-07-04 19:49:40 +00:00
|
|
|
* Fixed bug when using the --p12-charset without --armor.
|
2007-06-14 17:05:07 +00:00
|
|
|
|
2007-06-21 18:44:48 +00:00
|
|
|
* The command --gen-key may now be used instead of the
|
|
|
|
gpgsm-gencert.sh script.
|
|
|
|
|
2007-07-05 16:58:19 +00:00
|
|
|
* Changed key generation to reveal less information about the
|
|
|
|
machine. Bug fixes for gpg2's card key generation.
|
|
|
|
|
2007-05-15 16:10:48 +00:00
|
|
|
|
2007-05-09 11:01:33 +00:00
|
|
|
Noteworthy changes in version 2.0.4 (2007-05-09)
|
2007-03-08 14:54:33 +00:00
|
|
|
------------------------------------------------
|
|
|
|
|
2007-05-09 11:01:33 +00:00
|
|
|
* The server mode key listing commands are now also working for
|
|
|
|
systems without the funopen/fopencookie API.
|
2007-03-19 14:35:04 +00:00
|
|
|
|
2007-03-19 18:54:34 +00:00
|
|
|
* PKCS#12 import now tries several encodings in case the passphrase
|
2007-03-20 10:00:55 +00:00
|
|
|
was not utf-8 encoded. New option --p12-charset for gpgsm.
|
2007-03-19 18:54:34 +00:00
|
|
|
|
2007-04-20 16:59:37 +00:00
|
|
|
* Improved the libgcrypt logging support in all modules.
|
|
|
|
|
2007-03-08 14:54:33 +00:00
|
|
|
|
2007-03-08 14:16:15 +00:00
|
|
|
Noteworthy changes in version 2.0.3 (2007-03-08)
|
2007-02-26 20:24:29 +00:00
|
|
|
------------------------------------------------
|
|
|
|
|
2007-03-05 14:56:31 +00:00
|
|
|
* By default, do not allow processing multiple plaintexts in a single
|
|
|
|
stream. Many programs that called GnuPG were assuming that GnuPG
|
|
|
|
did not permit this, and were thus not using the plaintext boundary
|
|
|
|
status tags that GnuPG provides. This change makes GnuPG reject
|
|
|
|
such messages by default which makes those programs safe again.
|
2007-03-19 14:35:04 +00:00
|
|
|
--allow-multiple-messages returns to the old behavior. [CVE-2007-1263].
|
2007-03-05 14:56:31 +00:00
|
|
|
|
2011-07-21 10:39:38 +02:00
|
|
|
* New --verify-option show-primary-uid-only.
|
2007-02-26 20:24:29 +00:00
|
|
|
|
2007-03-08 14:16:15 +00:00
|
|
|
* gpgconf may now reads a global configuration file to select which
|
2007-03-07 20:55:14 +00:00
|
|
|
options are changeable by a frontend. The new applygnupgdefaults
|
|
|
|
tool may be used by an admin to set default options for all users.
|
|
|
|
|
|
|
|
* The PIN pad of the Cherry XX44 keyboard is now supported. The
|
|
|
|
DINSIG and the NKS applications are now also aware of PIN pads.
|
2007-03-06 20:44:41 +00:00
|
|
|
|
2007-02-26 20:24:29 +00:00
|
|
|
|
2007-01-31 14:24:41 +00:00
|
|
|
Noteworthy changes in version 2.0.2 (2007-01-31)
|
2006-12-06 10:16:50 +00:00
|
|
|
------------------------------------------------
|
|
|
|
|
|
|
|
* Fixed a serious and exploitable bug in processing encrypted
|
|
|
|
packages. [CVE-2006-6235].
|
|
|
|
|
|
|
|
* Added --passphrase-repeat to set the number of times GPG will
|
|
|
|
prompt for a new passphrase to be repeated. This is useful to help
|
|
|
|
memorize a new passphrase. The default is 1 repetition.
|
|
|
|
|
2007-01-31 14:24:41 +00:00
|
|
|
* Using a PIN pad does now also work for the signing key.
|
2007-01-25 08:30:47 +00:00
|
|
|
|
2007-02-18 13:48:03 +00:00
|
|
|
* A warning is displayed by gpg-agent if a new passphrase is too
|
2007-01-31 14:24:41 +00:00
|
|
|
short. New option --min-passphrase-len defaults to 8.
|
2007-01-25 08:30:47 +00:00
|
|
|
|
2007-01-31 14:24:41 +00:00
|
|
|
* The status code BEGIN_SIGNING now shows the used hash algorithms.
|
2007-02-26 20:24:29 +00:00
|
|
|
|
2006-12-06 10:16:50 +00:00
|
|
|
|
2006-11-28 16:36:02 +00:00
|
|
|
Noteworthy changes in version 2.0.1 (2006-11-28)
|
|
|
|
------------------------------------------------
|
2006-11-11 14:41:22 +00:00
|
|
|
|
2006-11-20 16:49:41 +00:00
|
|
|
* Experimental support for the PIN pads of the SPR 532 and the Kaan
|
|
|
|
Advanced card readers. Add "disable-keypad" scdaemon.conf if you
|
|
|
|
don't want it. Does currently only work for the OpenPGP card and
|
2006-11-28 16:36:02 +00:00
|
|
|
its authentication and decrypt keys.
|
2006-11-20 16:49:41 +00:00
|
|
|
|
2006-11-23 09:53:17 +00:00
|
|
|
* Fixed build problems on some some platforms and crashes on amd64.
|
|
|
|
|
2006-12-06 10:16:50 +00:00
|
|
|
* Fixed a buffer overflow in gpg2. [bug#728,CVE-2006-6169]
|
2006-11-28 16:36:02 +00:00
|
|
|
|
2006-11-11 14:41:22 +00:00
|
|
|
|
2006-11-11 14:17:09 +00:00
|
|
|
Noteworthy changes in version 2.0.0 (2006-11-11)
|
2006-11-28 16:36:02 +00:00
|
|
|
------------------------------------------------
|
2006-11-06 10:26:55 +00:00
|
|
|
|
|
|
|
* First stable version of a GnuPG integrating OpenPGP and S/MIME.
|
|
|
|
|
|
|
|
|
2006-11-06 09:44:28 +00:00
|
|
|
Noteworthy changes in version 1.9.95 (2006-11-06)
|
2006-10-24 15:01:23 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2006-11-06 09:44:28 +00:00
|
|
|
* Minor bug fixes.
|
|
|
|
|
2006-10-24 15:01:23 +00:00
|
|
|
|
2006-10-24 14:45:34 +00:00
|
|
|
Noteworthy changes in version 1.9.94 (2006-10-24)
|
2006-10-19 14:22:06 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2006-10-20 11:38:48 +00:00
|
|
|
* Keys for gpgsm may now be specified using a keygrip. A keygrip is
|
|
|
|
indicated by a prefixing it with an ampersand.
|
|
|
|
|
2006-10-23 14:02:13 +00:00
|
|
|
* gpgconf now supports switching the CMS cipher algo (e.g. to AES).
|
|
|
|
|
|
|
|
* New command --gpgconf-test for all major tools. This may be used to
|
|
|
|
check whether the configuration file is sane.
|
|
|
|
|
2006-10-19 14:22:06 +00:00
|
|
|
|
2006-10-18 17:19:08 +00:00
|
|
|
Noteworthy changes in version 1.9.93 (2006-10-18)
|
2006-10-11 17:52:15 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2006-10-17 14:34:42 +00:00
|
|
|
* In --with-validation mode gpgsm will now also ask whether a root
|
|
|
|
certificate should be trusted.
|
|
|
|
|
|
|
|
* Link to Pth only if really necessary.
|
|
|
|
|
2006-10-18 17:19:08 +00:00
|
|
|
* Fixed a pubring corruption bug in gpg2 occurring when importing
|
|
|
|
signatures or keys with insane lengths.
|
|
|
|
|
|
|
|
* Fixed v3 keyID calculation bug in gpg2.
|
|
|
|
|
|
|
|
* More tweaks for certificates without extensions.
|
|
|
|
|
2006-10-11 17:52:15 +00:00
|
|
|
|
2006-10-11 10:05:03 +00:00
|
|
|
Noteworthy changes in version 1.9.92 (2006-10-11)
|
2006-10-05 11:06:42 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2006-10-11 10:05:03 +00:00
|
|
|
* Bug fixes.
|
|
|
|
|
2006-10-05 11:06:42 +00:00
|
|
|
|
2006-10-04 10:22:56 +00:00
|
|
|
Noteworthy changes in version 1.9.91 (2006-10-04)
|
2006-09-25 18:29:20 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2006-09-26 10:00:12 +00:00
|
|
|
* New "relax" flag for trustlist.txt to allow root CA certificates
|
|
|
|
without BasicContraints.
|
|
|
|
|
2006-10-04 10:22:56 +00:00
|
|
|
* [gpg2] Removed the -k PGP 2 compatibility hack. -k is now an
|
|
|
|
alias for --list-keys.
|
|
|
|
|
|
|
|
* [gpg2] Print a warning if "-sat" is used instead of "--clearsign".
|
|
|
|
|
2006-09-25 18:29:20 +00:00
|
|
|
|
2006-09-25 07:59:34 +00:00
|
|
|
Noteworthy changes in version 1.9.90 (2006-09-25)
|
2006-09-18 14:08:27 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2006-09-22 18:15:18 +00:00
|
|
|
* Made readline work for gpg.
|
|
|
|
|
|
|
|
* Cleanups und minor bug fixes.
|
2006-09-18 14:08:27 +00:00
|
|
|
|
2006-09-25 07:59:34 +00:00
|
|
|
* Included translations from gnupg 1.4.5.
|
|
|
|
|
2006-09-18 14:08:27 +00:00
|
|
|
|
2006-09-18 13:23:18 +00:00
|
|
|
Noteworthy changes in version 1.9.23 (2006-09-18)
|
2006-07-27 14:45:11 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2006-09-13 15:57:30 +00:00
|
|
|
* Regular man pages for most tools are now build directly from the
|
2006-09-14 16:50:33 +00:00
|
|
|
Texinfo source.
|
2006-08-18 13:05:39 +00:00
|
|
|
|
|
|
|
* The gpg code from 1.4.5 has been fully merged into this release.
|
|
|
|
The configure option --enable-gpg is still required to build this
|
|
|
|
gpg part. For production use of OpenPGP the gpg version 1.4.5 is
|
2006-09-18 13:23:18 +00:00
|
|
|
still recommended. Note, that gpg will be installed under the name
|
|
|
|
gpg2 to allow coexisting with an 1.4.x gpg.
|
2006-07-27 14:45:11 +00:00
|
|
|
|
2006-08-29 16:18:30 +00:00
|
|
|
* API change in gpg-agent's pkdecrypt command. Thus an older gpgsm
|
|
|
|
may not be used with the current gpg-agent.
|
|
|
|
|
2006-09-07 15:13:33 +00:00
|
|
|
* The scdaemon will now call a script on reader status changes.
|
|
|
|
|
2006-09-13 15:57:30 +00:00
|
|
|
* gpgsm now allows file descriptor passing for "INPUT", "OUTPUT" and
|
|
|
|
"MESSAGE".
|
|
|
|
|
|
|
|
* The gpgsm server may now output a key listing to the output file
|
|
|
|
handle. This needs to be enabled using "OPTION list-to-output=1".
|
|
|
|
|
|
|
|
* The --output option of gpgsm has now an effect on list-keys.
|
|
|
|
|
|
|
|
* New gpgsm commands --dump-chain and list-chain.
|
|
|
|
|
|
|
|
* gpg-connect-agent has new options to utilize descriptor passing.
|
|
|
|
|
2006-09-15 18:53:37 +00:00
|
|
|
* A global trustlist may now be used. See doc/examples/trustlist.txt.
|
|
|
|
|
2006-09-18 09:28:58 +00:00
|
|
|
* When creating a new pubring.kbx keybox common certificates are
|
|
|
|
imported.
|
|
|
|
|
2006-07-27 14:45:11 +00:00
|
|
|
|
2006-07-27 14:18:55 +00:00
|
|
|
Noteworthy changes in version 1.9.22 (2006-07-27)
|
2006-06-27 14:32:34 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2006-07-21 09:41:11 +00:00
|
|
|
* Enhanced pkcs#12 support to allow import from simple keyBags.
|
|
|
|
|
2006-07-24 11:20:33 +00:00
|
|
|
* Exporting to pkcs#12 now create bag attributes so that Mozilla is
|
|
|
|
able to import the files.
|
|
|
|
|
2006-07-27 14:18:55 +00:00
|
|
|
* Fixed uploading of certain keys to the smart card.
|
|
|
|
|
2006-06-27 14:32:34 +00:00
|
|
|
|
2006-06-20 18:52:43 +00:00
|
|
|
Noteworthy changes in version 1.9.21 (2006-06-20)
|
2005-12-20 11:12:16 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2006-06-20 18:52:43 +00:00
|
|
|
* New command APDU for scdaemon to allow using it for general card
|
|
|
|
access. Might be used through gpg-connect-agent by using the SCD
|
|
|
|
prefix command.
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2006-06-20 18:52:43 +00:00
|
|
|
* Support for the CardMan 4040 PCMCIA reader (Linux 2.6.15 required).
|
2005-12-20 11:12:16 +00:00
|
|
|
|
2011-07-21 10:39:38 +02:00
|
|
|
* Scdaemon does not anymore reset cards at the end of a connection.
|
2006-02-06 18:31:27 +00:00
|
|
|
|
2006-06-20 18:52:43 +00:00
|
|
|
* Kludge to allow use of Bundesnetzagentur issued X.509 certificates.
|
2006-02-09 18:29:31 +00:00
|
|
|
|
2006-06-20 18:52:43 +00:00
|
|
|
* Added --hash=xxx option to scdaemon's PKSIGN command.
|
2006-03-21 09:56:47 +00:00
|
|
|
|
2006-06-20 18:52:43 +00:00
|
|
|
* Pkcs#12 files are now created with a MAC. This is for better
|
|
|
|
interoperability.
|
2006-03-21 12:48:51 +00:00
|
|
|
|
2006-06-20 18:52:43 +00:00
|
|
|
* Collected bug fixes and minor other changes.
|
2006-06-20 17:21:37 +00:00
|
|
|
|
2005-12-20 11:12:16 +00:00
|
|
|
|
2005-12-20 10:26:32 +00:00
|
|
|
Noteworthy changes in version 1.9.20 (2005-12-20)
|
2005-11-28 11:52:25 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2005-12-16 15:52:48 +00:00
|
|
|
* Importing pkcs#12 files created be recent versions of Mozilla works
|
|
|
|
again.
|
|
|
|
|
2005-12-20 10:26:32 +00:00
|
|
|
* Basic support for qualified signatures.
|
|
|
|
|
2011-07-21 10:39:38 +02:00
|
|
|
* New debug tool gpgparsemail.
|
2005-12-20 10:26:32 +00:00
|
|
|
|
2005-11-28 11:52:25 +00:00
|
|
|
|
2005-09-12 08:23:33 +00:00
|
|
|
Noteworthy changes in version 1.9.19 (2005-09-12)
|
2005-08-16 09:15:09 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2005-09-09 11:18:08 +00:00
|
|
|
* The Belgian eID card is now supported for signatures and ssh.
|
2005-09-12 08:23:33 +00:00
|
|
|
Other pkcs#15 cards should work as well.
|
2005-09-06 18:42:13 +00:00
|
|
|
|
2005-09-09 11:18:08 +00:00
|
|
|
* Fixed bug in --export-secret-key-p12 so that certificates are again
|
|
|
|
included.
|
2005-08-16 09:15:09 +00:00
|
|
|
|
2005-09-12 08:23:33 +00:00
|
|
|
|
2005-08-01 16:54:54 +00:00
|
|
|
Noteworthy changes in version 1.9.18 (2005-08-01)
|
2005-06-20 17:52:13 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2005-07-25 14:35:04 +00:00
|
|
|
* [gpgsm] Now allows for more than one email address as well as URIs
|
|
|
|
and dnsNames in certificate request generation. A keygrip may be
|
|
|
|
given to create a request from an existing key.
|
|
|
|
|
2005-08-01 16:54:54 +00:00
|
|
|
* A couple of minor bug fixes.
|
|
|
|
|
2005-06-20 17:52:13 +00:00
|
|
|
|
2005-06-20 17:32:44 +00:00
|
|
|
Noteworthy changes in version 1.9.17 (2005-06-20)
|
2005-04-21 14:59:18 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2005-05-21 18:49:00 +00:00
|
|
|
* gpg-connect-agent has now features to handle Assuan INQUIRE
|
|
|
|
commands.
|
|
|
|
|
|
|
|
* Internal changes for OpenPGP cards. New Assuan command WRITEKEY.
|
|
|
|
|
2005-05-18 10:48:06 +00:00
|
|
|
* GNU Pth is now a hard requirement.
|
|
|
|
|
2005-04-27 12:09:21 +00:00
|
|
|
* [scdaemon] Support for OpenSC has been removed. Instead a new and
|
2005-05-18 10:48:06 +00:00
|
|
|
straightforward pkcs#15 modules has been written. As of now it
|
2005-04-27 12:09:21 +00:00
|
|
|
does allows only signing using TCOS cards but we are going to
|
|
|
|
enhance it to match all the old capabilities.
|
|
|
|
|
2005-06-07 19:09:18 +00:00
|
|
|
* [gpg-agent] New option --write-env-file and Assuan command
|
2005-06-03 13:57:24 +00:00
|
|
|
UPDATESTARTUPTTY.
|
|
|
|
|
2005-06-07 19:09:18 +00:00
|
|
|
* [gpg-agent] New option --default-cache-ttl-ssh to set the TTL for
|
|
|
|
SSH passphrase caching independent from the other passphrases.
|
|
|
|
|
2005-04-21 14:59:18 +00:00
|
|
|
|
2005-04-21 14:39:00 +00:00
|
|
|
Noteworthy changes in version 1.9.16 (2005-04-21)
|
2005-01-13 19:03:37 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2005-04-18 10:44:46 +00:00
|
|
|
* gpg-agent does now support the ssh-agent protocol and thus allows
|
|
|
|
to use the pinentry as well as the OpenPGP smartcard with ssh.
|
|
|
|
|
2005-04-21 14:39:00 +00:00
|
|
|
* New tool gpg-connect-agent as a general client for the gpg-agent.
|
2005-04-18 10:44:46 +00:00
|
|
|
|
|
|
|
* New tool symcryptrun as a wrapper for certain encryption tools.
|
|
|
|
|
2005-04-21 14:39:00 +00:00
|
|
|
* The gpg tool is not anymore build by default because those gpg
|
|
|
|
versions available in the gnupg 1.4 series are far more matured.
|
|
|
|
|
2005-01-13 19:03:37 +00:00
|
|
|
|
2005-01-13 18:00:46 +00:00
|
|
|
Noteworthy changes in version 1.9.15 (2005-01-13)
|
2004-12-22 19:07:46 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2005-01-13 18:00:46 +00:00
|
|
|
* Fixed passphrase caching bug.
|
|
|
|
|
|
|
|
* Better support for CCID readers; the reader from Cherry RS 6700 USB
|
|
|
|
does now work.
|
|
|
|
|
2004-12-22 19:07:46 +00:00
|
|
|
|
2004-12-22 17:55:28 +00:00
|
|
|
Noteworthy changes in version 1.9.14 (2004-12-22)
|
2004-12-03 19:43:11 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2004-12-20 16:17:25 +00:00
|
|
|
* [gpg-agent] New option --use-standard-socket to allow the use of a
|
|
|
|
fixed socket. gpgsm falls back to this socket if GPG_AGENT_INFO
|
|
|
|
has not been set.
|
|
|
|
|
2004-12-22 17:55:28 +00:00
|
|
|
* Ported to MS Windows with some functional limitations.
|
|
|
|
|
|
|
|
* New tool gpg-preset-passphrase.
|
2004-12-20 16:17:25 +00:00
|
|
|
|
2004-12-03 19:43:11 +00:00
|
|
|
|
2004-12-03 17:44:57 +00:00
|
|
|
Noteworthy changes in version 1.9.13 (2004-12-03)
|
2004-10-22 19:57:03 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2004-12-03 17:44:57 +00:00
|
|
|
* [gpgsm] New option --prefer-system-dirmngr.
|
|
|
|
|
2004-12-06 13:49:14 +00:00
|
|
|
* Minor cleanups and debugging aids.
|
2004-12-03 17:44:57 +00:00
|
|
|
|
2004-10-22 19:57:03 +00:00
|
|
|
|
2004-10-22 19:48:12 +00:00
|
|
|
Noteworthy changes in version 1.9.12 (2004-10-22)
|
2004-10-01 13:31:46 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2004-10-20 08:54:45 +00:00
|
|
|
* [scdaemon] Partly rewrote the PC/SC code.
|
|
|
|
|
2004-10-22 16:03:04 +00:00
|
|
|
* Removed the sc-investigate tool. It is now in a separate package
|
|
|
|
available at ftp://ftp.g10code.com/g10code/gscutils/ .
|
|
|
|
|
|
|
|
* [gpg-agent] Fixed logging problem.
|
2004-10-01 13:31:46 +00:00
|
|
|
|
2004-10-15 16:10:50 +00:00
|
|
|
|
2004-10-01 12:54:53 +00:00
|
|
|
Noteworthy changes in version 1.9.11 (2004-10-01)
|
2004-07-22 11:40:17 +00:00
|
|
|
-------------------------------------------------
|
|
|
|
|
2004-08-17 15:26:22 +00:00
|
|
|
* When using --import along with --with-validation, the imported
|
|
|
|
certificates are validated and only imported if they are fully
|
|
|
|
valid.
|
2004-07-22 11:40:17 +00:00
|
|
|
|
2004-09-09 07:27:57 +00:00
|
|
|
* [gpg-agent] New option --max-cache-ttl.
|
|
|
|
|
|
|
|
* [gpg-agent] When used without --daemon or --server, gpg-agent now
|
|
|
|
check whether a agent is already running and usable.
|
|
|
|
|
2004-09-30 21:37:11 +00:00
|
|
|
* Fixed some i18n problems.
|
|
|
|
|
2004-09-09 07:27:57 +00:00
|
|
|
|
2004-07-22 09:37:36 +00:00
|
|
|
Noteworthy changes in version 1.9.10 (2004-07-22)
|
|
|
|
-------------------------------------------------
|
|
|
|
|
|
|
|
* Fixed a serious bug in the checking of trusted root certificates.
|
|
|
|
|
|
|
|
* New configure option --enable-agent-pnly allows to build and
|
|
|
|
install just the agent.
|
|
|
|
|
|
|
|
* Fixed a problem with the log file handling.
|
2004-06-08 19:25:06 +00:00
|
|
|
|
|
|
|
|
2004-06-08 19:10:32 +00:00
|
|
|
Noteworthy changes in version 1.9.9 (2004-06-08)
|
2004-04-29 18:16:44 +00:00
|
|
|
------------------------------------------------
|
|
|
|
|
2004-05-11 09:15:56 +00:00
|
|
|
* [gpg-agent] The new option --allow-mark-trusted is now required to
|
|
|
|
allow gpg-agent to add a key to the trustlist.txt after user
|
|
|
|
confirmation.
|
2004-04-29 18:16:44 +00:00
|
|
|
|
2004-06-06 13:00:59 +00:00
|
|
|
* Creating PKCS#10 requests does now honor the key usage.
|
|
|
|
|
2004-04-29 18:16:44 +00:00
|
|
|
|
2004-04-29 17:32:02 +00:00
|
|
|
Noteworthy changes in version 1.9.8 (2004-04-29)
|
2004-04-06 14:15:47 +00:00
|
|
|
------------------------------------------------
|
|
|
|
|
2004-04-20 16:42:55 +00:00
|
|
|
* [scdaemon] Overhauled the internal CCID driver.
|
|
|
|
|
|
|
|
* [scdaemon] Status files named ~/.gnupg/reader_<n>.status are now
|
|
|
|
written when using the internal CCID driver.
|
|
|
|
|
2004-04-26 08:09:25 +00:00
|
|
|
* [gpgsm] New commands --dump-{,secret,external}-keys to show a very
|
|
|
|
detailed view of the certificates.
|
|
|
|
|
|
|
|
* The keybox gets now compressed after 3 hours and ephemeral
|
|
|
|
stored certificates are deleted after about a day.
|
|
|
|
|
2004-04-29 17:32:02 +00:00
|
|
|
* [gpg] Usability fixes for --card-edit. Note, that this has already
|
|
|
|
been ported back to gnupg-1.3
|
|
|
|
|
2004-04-06 14:15:47 +00:00
|
|
|
|
2004-04-06 11:40:28 +00:00
|
|
|
Noteworthy changes in version 1.9.7 (2004-04-06)
|
2004-03-06 20:42:14 +00:00
|
|
|
------------------------------------------------
|
|
|
|
|
2004-03-16 19:00:00 +00:00
|
|
|
* Instrumented the modules for gpgconf.
|
|
|
|
|
|
|
|
* Added support for DINSIG card applications.
|
|
|
|
|
2004-04-06 07:36:25 +00:00
|
|
|
* Include the smimeCapabilities attribute with signed messages.
|
|
|
|
|
2004-04-06 10:01:04 +00:00
|
|
|
* Now uses the gettext domain "gnupg2" to avoid conflicts with gnupg
|
|
|
|
versions < 1.9.
|
|
|
|
|
2004-03-06 20:42:14 +00:00
|
|
|
|
2004-03-06 20:11:19 +00:00
|
|
|
Noteworthy changes in version 1.9.6 (2004-03-06)
|
2004-02-21 13:35:42 +00:00
|
|
|
------------------------------------------------
|
|
|
|
|
2004-03-06 20:11:19 +00:00
|
|
|
* Code cleanups and bug fixes.
|
2004-02-21 13:35:42 +00:00
|
|
|
|
|
|
|
|
2004-02-21 13:13:35 +00:00
|
|
|
Noteworthy changes in version 1.9.5 (2004-02-21)
|
2004-01-30 10:13:51 +00:00
|
|
|
------------------------------------------------
|
|
|
|
|
2004-02-12 09:25:30 +00:00
|
|
|
* gpg-protect-tool gets now installed into libexec as it ought to be.
|
|
|
|
Cleaned up the build system to better comply with the coding
|
|
|
|
standards.
|
2004-01-30 10:13:51 +00:00
|
|
|
|
2004-02-13 17:06:34 +00:00
|
|
|
* [gpgsm] The --import command is now able to autodetect pkcs#12
|
|
|
|
files and import secret and private keys from this file format.
|
2004-02-19 16:26:32 +00:00
|
|
|
A new command --export-secret-key-p12 is provided to allow
|
|
|
|
exporting of secret keys in PKCS\#12 format.
|
2004-02-13 17:06:34 +00:00
|
|
|
|
2004-02-18 16:57:38 +00:00
|
|
|
* [gpgsm] The pinentry will now present a description of the key for
|
2004-02-21 13:13:35 +00:00
|
|
|
whom the passphrase is requested.
|
2004-02-13 12:40:54 +00:00
|
|
|
|
2004-02-18 16:57:38 +00:00
|
|
|
* [gpgsm] New option --with-validation to check the validity of key
|
|
|
|
while listing it.
|
|
|
|
|
|
|
|
* New option --debug-level={none,basic,advanced,expert,guru} to map
|
|
|
|
the debug flags to sensitive levels on a per program base.
|
|
|
|
|
2004-02-13 12:40:54 +00:00
|
|
|
|
2004-01-30 09:12:36 +00:00
|
|
|
Noteworthy changes in version 1.9.4 (2004-01-30)
|
2003-12-23 11:27:13 +00:00
|
|
|
------------------------------------------------
|
|
|
|
|
2004-01-29 20:16:59 +00:00
|
|
|
* Added support for the Telesec NKS 2.0 card application.
|
|
|
|
|
2004-01-30 09:12:36 +00:00
|
|
|
* Added simple tool addgnupghome to create .gnupg directories from
|
|
|
|
/etc/skel/.gnupg.
|
|
|
|
|
2004-01-29 20:16:59 +00:00
|
|
|
* Various minor bug fixes and cleanups; mainly gpgsm and gpg-agent
|
|
|
|
related.
|
2003-12-23 11:27:13 +00:00
|
|
|
|
2004-01-30 09:12:36 +00:00
|
|
|
|
2003-12-23 11:05:19 +00:00
|
|
|
Noteworthy changes in version 1.9.3 (2003-12-23)
|
2003-11-17 12:56:43 +00:00
|
|
|
------------------------------------------------
|
|
|
|
|
2003-12-17 17:12:14 +00:00
|
|
|
* New gpgsm options --{enable,disable}-ocsp to validate keys using
|
2003-12-23 10:23:16 +00:00
|
|
|
OCSP. This option requires a not yet released DirMngr version.
|
|
|
|
Default is disabled.
|
2003-12-16 11:30:16 +00:00
|
|
|
|
2003-12-16 16:32:02 +00:00
|
|
|
* The --log-file option may now be used to print logs to a socket.
|
|
|
|
Prefix the socket name with "socket://" to enable this. This does
|
|
|
|
not work on all systems and falls back to stderr if there is a
|
|
|
|
problem with the socket.
|
2003-12-01 10:53:40 +00:00
|
|
|
|
2003-12-17 17:12:14 +00:00
|
|
|
* The options --encrypt-to and --no-encrypt-to now work the same in
|
|
|
|
gpgsm as in gpg. Note, they are also used in server mode.
|
|
|
|
|
|
|
|
* Duplicated recipients are now silently removed in gpgsm.
|
|
|
|
|
2003-12-01 10:53:40 +00:00
|
|
|
|
2003-11-17 12:20:11 +00:00
|
|
|
Noteworthy changes in version 1.9.2 (2003-11-17)
|
2003-09-06 13:44:17 +00:00
|
|
|
------------------------------------------------
|
|
|
|
|
2003-10-08 10:46:58 +00:00
|
|
|
* On card key generation is no longer done using the --gen-key
|
|
|
|
command but from the menu provided by the new --card-edit command.
|
|
|
|
|
|
|
|
* PINs are now properly cached and there are only 2 PINs visible.
|
|
|
|
The 3rd PIN (CHV2) is internally syncronized with the regular PIN.
|
2003-09-06 13:44:17 +00:00
|
|
|
|
2003-11-17 12:20:11 +00:00
|
|
|
* All kind of other internal stuff.
|
|
|
|
|
2003-09-06 13:44:17 +00:00
|
|
|
|
2003-09-06 13:23:48 +00:00
|
|
|
Noteworthy changes in version 1.9.1 (2003-09-06)
|
2003-08-05 18:55:40 +00:00
|
|
|
------------------------------------------------
|
|
|
|
|
2003-09-06 13:23:48 +00:00
|
|
|
* Support for OpenSC is back. scdaemon supports a --disable-opensc to
|
2003-08-18 17:34:28 +00:00
|
|
|
disable OpenSC use at runtime, so that PC/SC or ct-API can still be
|
|
|
|
used directly.
|
|
|
|
|
2003-09-06 13:23:48 +00:00
|
|
|
* Rudimentary support for the SCR335 smartcard reader using an
|
|
|
|
internal driver. Requires current libusb from CVS.
|
|
|
|
|
|
|
|
* Bug fixes.
|
|
|
|
|
2003-08-05 18:55:40 +00:00
|
|
|
|
2003-08-05 17:20:18 +00:00
|
|
|
Noteworthy changes in version 1.9.0 (2003-08-05)
|
2002-10-18 10:41:34 +00:00
|
|
|
------------------------------------------------
|
|
|
|
|
2003-08-05 17:20:18 +00:00
|
|
|
====== PLEASE SEE README-alpha =======
|
|
|
|
|
2003-08-05 17:11:04 +00:00
|
|
|
* gpg has been renamed to gpg2 and gpgv to gpgv2. This is a
|
2003-08-05 17:20:18 +00:00
|
|
|
temporary change to allow co-existing with stable gpg versions.
|
2003-08-05 17:11:04 +00:00
|
|
|
|
2003-08-05 17:20:18 +00:00
|
|
|
* ~/.gnupg/gpg.conf-1.9.0 is fist tried as config file before the
|
|
|
|
usual gpg.conf.
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
|
|
* Removed the -k, -kv and -kvv commands. -k is now an alias to
|
|
|
|
--list-keys. New command -K as alias for --list-secret-keys.
|
|
|
|
|
|
|
|
* Removed --run-as-shm-coprocess feature.
|
|
|
|
|
2003-06-27 20:53:09 +00:00
|
|
|
* gpg does now also use libgcrypt, libgpg-error is required.
|
|
|
|
|
2003-01-09 13:15:07 +00:00
|
|
|
* New gpgsm commands --call-dirmngr and --call-protect-tool.
|
1998-01-12 10:18:17 +00:00
|
|
|
|
2003-01-09 13:15:07 +00:00
|
|
|
* Changing a passphrase is now possible using "gpgsm --passwd"
|
2002-06-29 14:15:02 +00:00
|
|
|
|
2003-01-09 13:15:07 +00:00
|
|
|
* The content-type attribute is now recognized and created.
|
|
|
|
|
|
|
|
* The agent does now reread certain options on receiving a HUP.
|
|
|
|
|
|
|
|
* The pinentry is now forked for each request so that clients with
|
|
|
|
different environments are supported. When running in daemon mode
|
|
|
|
and --keep-display is not used the DISPLAY variable is ignored.
|
|
|
|
|
|
|
|
* Merged stuff from the newpg branch and started this new
|
|
|
|
development branch.
|
|
|
|
|
|
|
|
|
2010-03-09 10:09:04 +00:00
|
|
|
Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009,
|
2011-01-11 19:49:08 +01:00
|
|
|
2010, 2011 Free Software Foundation, Inc.
|
2002-06-29 14:15:02 +00:00
|
|
|
|
2002-10-19 07:55:27 +00:00
|
|
|
This file is free software; as a special exception the author gives
|
|
|
|
unlimited permission to copy and/or distribute it, with or without
|
|
|
|
modifications, as long as this notice is preserved.
|
2002-06-29 14:15:02 +00:00
|
|
|
|
2002-10-19 07:55:27 +00:00
|
|
|
This file is distributed in the hope that it will be useful, but
|
|
|
|
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
|
|
|
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|