1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

doc: Add NEWS with news from the 2.2 series.

--
This commit is contained in:
Werner Koch 2021-02-11 12:53:28 +01:00
parent b770393b76
commit 9235c9b65b
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 188 additions and 45 deletions

176
NEWS
View File

@ -1,12 +1,179 @@
Noteworthy changes in version 2.3.0 (unreleased) Noteworthy changes in version 2.3.0 (unreleased)
------------------------------------------------ ------------------------------------------------
* The legacy key discovory method PKA is no longer supported. The * The legacy key discovery method PKA is no longer supported. The
command --print-pka-records and the PKA related import and export command --print-pka-records and the PKA related import and export
options have been removed. options have been removed.
* A new experimental key database daemon is provided. To enable it
put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored
in a SQLite database and make key lookup much faster.
Changes also found in 2.2.27:
* gpg: Fix regression in 2.2.24 for gnupg_remove function under
Windows. [#5230]
* gpgconf: Fix case with neither local nor global gpg.conf. [9f37d3e6f3]
* gpgconf: Fix description of two new options. [#5221]
* Build Windows installer without timestamps. Note that the
Authenticode signatures still carry a timestamp.
Release-info: https://dev.gnupg.org/T5234
See-also: gnupg-announce/2021q1/000452.html
Changes also found in 2.2.26:
* gpg: New AKL method "ntds". [559efd23e9]
* gpg: Fix --trusted-key with fingerprint arg. [8a2e5025eb]
* scd: Fix writing of ECC keys to an OpenPGP card. [#5163]
* scd: Make an USB error fix specific to SPR532 readers. [#5167]
* dirmngr: With new LDAP keyservers store the new attributes. Never
store the useless pgpSignerID. Fix a long standing bug storing
some keys on an ldap server. [0e88c73bc9,e47de85382]
* dirmngr: Support the new Active Direcory LDAP schema for
keyservers. [ac8ece9266]
* dirmngr: Allow LDAP OpenPGP searches via fingerprint.
[c75fd75532]
* dirmngr: Do not block other threads during keyserver LDAP calls.
[15bfd189c0]
* Support global configuration files. [#4788,a028f24136]
* Fix the iconv fallback handling to UTF-8. [#5038]
Release-info: https://dev.gnupg.org/T5153
See-also: gnupg-announce/2020q4/000451.html
Changes also found in 2.2.25:
* scd: Fix regression in 2.2.24 requiring gpg --card-status before
signing or decrypting. [#5065]
* gpgsm: Using Libksba 1.5.0 signatures with a rarely used
combination of attributes can now be verified. [#5146]
Release-info: https://dev.gnupg.org/T5140
See-also: gnupg-announce/2020q4/000450.html
Changes also found in 2.2.24:
* Allow Unicode file names on Windows almost everywhere. Note that
it is still not possible to use Unicode strings on the command
line. This change also fixes a regression in 2.2.22 related to
non-ascii file names. [#5098]
* Fix localized time printing on Windows. [#5073]
* gpg: New command --quick-revoke-sig. [#5093]
* gpg: Do not use weak digest algos if selected by recipient
preference during sign+encrypt. [4c181d51a6]
* gpg: Switch to AES256 for symmetric encryption in de-vs mode.
[166e779634]
* gpg: Silence weak digest warnings with --quiet. [#4893]
* gpg: Print new status line CANCELED_BY_USER for a cancel during
symmetric encryption. [f05d1772c4]
* gpg: Fix the encrypt+sign hash algo preference selection for
ECDSA. This is in particular needed for keys created from
existing smartcard based keys. [aeed0b93ff]
* agent: Keep some permissions of private-keys-v1.d. [#2312]
* dirmngr: Align sks-keyservers.netCA.pem use between ntbtls and
gnutls builds. [e4f3b74c91]
* dirmngr: Fix the pool keyserver case for a single host in the
pool. [72e04b03b1a7]
* scd: Fix the use case of verify_chv2 by CHECKPIN. [61aea64b3c]
* scd: Various improvements to the ccid-driver. [#4616,#5065]
* scd: Minor fixes for Yubikey [25bec16d0b]
* gpgconf: New option --show-versions.
* w32: Install gpg-check-pattern and example profiles. Install
Windows subsystem variant of gpgconf (gpgconf-w32).
Release-info: https://dev.gnupg.org/T5052
See-also: gnupg-announce/2020q4/000449.html
Changes also found in 2.2.23:
* gpg: Fix a possible segv in the key cleaning code.
* gpgsm: Fix a minor RFC2253 parser bug. [#5037]
* scdaemon: Fix a PIN verify failure on certain OpenPGP card
implementations. Regression in 2.2.22. [#5039]
Release-info: https://dev.gnupg.org/T5045
See-also: gnupg-announce/2020q3/000448.html
Changes also found in 2.2.22:
* gpg: Change the default key algorithm to rsa3072.
* gpg: Add regular expression support for Trust Signatures on all
platforms. [#4843]
* gpg: Fix regression in 2.2.21 with non-default --passphrase-repeat
option. [#4991]
* gpg: Ignore --personal-digest-prefs for ECDSA keys. [#5021]
* gpgsm: Make rsaPSS a de-vs compliant scheme.
* gpgsm: Show also the SHA256 fingerprint in key listings.
* gpgsm: Do not require a default keyring for --gpgconf-list. [#4867]
* gpg-agent: Default to extended key format and record the creation
time of keys. Add new option --disable-extended-key-format.
* gpg-agent: Support the WAYLAND_DISPLAY envvar. [#5016]
* gpg-agent: Allow using --gpgconf-list even if HOME does not
exist. [#4866]
* gpg-agent: Make the Pinentry work even if the envvar TERM is set
to the empty string. [#4137]
* scdaemon: Add a workaround for Gnuk tokens <= 2.15 which wrongly
incremented the error counter when using the "verify" command of
"gpg --edit-key" with only the signature key being present.
* dirmngr: Better handle systems with disabled IPv6. [#4977]
* gpgpslit: Install tool. It was not installed in the past to avoid
conflicts with the version installed by GnuPG 1.4. [#5023]
* gpgtar: Handle Unicode file names on Windows correctly. [#4083]
* gpgtar: Make --files-from and --null work as documented. [#5027]
* Build the Windows installer with the new Ntbtls 0.2.0 so that TLS
connections succeed for servers demanding GCM.
Release-info: https://dev.gnupg.org/T5030
See-also: gnupg-announce/2020q3/000447.html
Changes also found in 2.2.21: Changes also found in 2.2.21:
* gpg: Add option --no-include-key-block. [#4856] * gpg: Add option --no-include-key-block. [#4856]
@ -774,6 +941,13 @@ Noteworthy changes in version 2.3.0 (unreleased)
Version 2.2.19 (2019-12-07) Version 2.2.19 (2019-12-07)
Version 2.2.20 (2020-03-20) Version 2.2.20 (2020-03-20)
Version 2.2.21 (2020-07-09) Version 2.2.21 (2020-07-09)
Version 2.2.22 (2020-08-27)
Version 2.2.23 (2020-09-03)
Version 2.2.24 (2020-11-17)
Version 2.2.25 (2020-11-23)
Version 2.2.26 (2020-12-21)
Version 2.2.27 (2021-01-11)
Noteworthy changes in version 2.2.0 (2017-08-28) Noteworthy changes in version 2.2.0 (2017-08-28)
------------------------------------------------ ------------------------------------------------

57
README
View File

@ -32,7 +32,7 @@
* BUILD INSTRUCTIONS * BUILD INSTRUCTIONS
GnuPG 2.2 depends on the following GnuPG related packages: GnuPG 2.3 depends on the following GnuPG related packages:
npth (https://gnupg.org/ftp/gcrypt/npth/) npth (https://gnupg.org/ftp/gcrypt/npth/)
libgpg-error (https://gnupg.org/ftp/gcrypt/libgpg-error/) libgpg-error (https://gnupg.org/ftp/gcrypt/libgpg-error/)
@ -43,9 +43,9 @@
You should get the latest versions of course, the GnuPG configure You should get the latest versions of course, the GnuPG configure
script complains if a version is not sufficient. script complains if a version is not sufficient.
For some advanced features several other libraries are required. Several other standard libraries are also required. The configure
The configure script prints diagnostic messages if one of these script prints diagnostic messages if one of these libraries is not
libraries is not available and a feature will not be available.. available and a feature will not be available..
You also need the Pinentry package for most functions of GnuPG; You also need the Pinentry package for most functions of GnuPG;
however it is not a build requirement. Pinentry is available at however it is not a build requirement. Pinentry is available at
@ -68,9 +68,7 @@
Before running the "make install" you might need to become root. Before running the "make install" you might need to become root.
If everything succeeds, you have a working GnuPG with support for If everything succeeds, you have a working GnuPG with support for
OpenPGP, S/MIME, ssh-agent, and smartcards. Note that there is no OpenPGP, S/MIME, ssh-agent, and smartcards.
binary gpg but a gpg2 so that this package won't conflict with a
GnuPG 1.4 installation. gpg2 behaves just like gpg.
In case of problem please ask on the gnupg-users@gnupg.org mailing In case of problem please ask on the gnupg-users@gnupg.org mailing
list for advise. list for advise.
@ -79,16 +77,11 @@
doc/HACKING in the section "How to build an installer for Windows". doc/HACKING in the section "How to build an installer for Windows".
This requires some experience as developer. This requires some experience as developer.
Note that the PKITS tests are always skipped unless you copy the
PKITS test data file into the tests/pkits directory. There is no
need to run these test and some of them may even fail because the
test scripts are not yet complete.
You may run You may run
gpgconf --list-dirs gpgconf --list-dirs
to view the default directories used by GnuPG. to view the directories used by GnuPG.
To quickly build all required software without installing it, the To quickly build all required software without installing it, the
Speedo method may be used: Speedo method may be used:
@ -122,28 +115,6 @@
Add other options as needed. Add other options as needed.
* MIGRATION from 1.4 or 2.0 to 2.2
The major change in 2.2 is gpg-agent taking care of the OpenPGP
secret keys (those managed by GPG). The former file "secring.gpg"
will not be used anymore. Newly generated keys are stored in the
agent's key store directory "~/.gnupg/private-keys-v1.d/". The
first time gpg needs a secret key it checks whether a "secring.gpg"
exists and copies them to the new store. The old secring.gpg is
kept for use by older versions of gpg.
Note that gpg-agent now uses a fixed socket. All tools will start
the gpg-agent as needed. The formerly used environment variable
GPG_AGENT_INFO is ignored by 2.2. The SSH_AUTH_SOCK environment
variable should be set to a fixed value.
The Dirmngr is now part of GnuPG proper and also used to access
OpenPGP keyservers. The directory layout of Dirmngr changed to make
use of the GnuPG directories. Dirmngr is started by gpg or gpgsm as
needed. There is no more need to install a separate Dirmngr package.
All changes introduced with GnuPG 2.2 have been developed in the 2.1
series of releases. See the respective entries in the file NEWS.
* RECOMMENDATIONS * RECOMMENDATIONS
@ -183,15 +154,14 @@
is at [[https://gnupg.org/documentation/manuals/gnupg-devel/]] . is at [[https://gnupg.org/documentation/manuals/gnupg-devel/]] .
* Installing GnuPG 2.2. and GnuPG 1.4 * Unsing the legacy version GnuPG 1.4
GnuPG 2.2 is a current version of GnuPG with state of the art The 1.4 version of GnuPG is only intended to allow decryption of old
security design and many more features. To install both versions data material using legacy keys which are not anymore supported by
alongside, it is suggested to rename the 1.4 version of "gpg" to GnuPG 2.x. To install both versions alongside, it is suggested to
"gpg1" as well as the corresponding man page. Newer releases of the rename the 1.4 version of "gpg" to "gpg1" as well as the
1.4 branch will likely do this by default. In case this is not corresponding man page. Newer releases of the 1.4 branch will
possible, the 2.2 version can be installed under the name "gpg2" likely do this by default.
using the configure option --enable-gpg-is-gpg2.
* HOW TO GET MORE INFORMATION * HOW TO GET MORE INFORMATION
@ -201,7 +171,6 @@
"https://gnupg.org/faq/whats-new-in-2.1.html" . "https://gnupg.org/faq/whats-new-in-2.1.html" .
The primary WWW page is "https://gnupg.org" The primary WWW page is "https://gnupg.org"
or using Tor "http://ic6au7wa3f6naxjq.onion"
The primary FTP site is "https://gnupg.org/ftp/gcrypt/" The primary FTP site is "https://gnupg.org/ftp/gcrypt/"
See [[https://gnupg.org/download/mirrors.html]] for a list of See [[https://gnupg.org/download/mirrors.html]] for a list of