mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
doc: Add NEWS with news from the 2.2 series.
--
This commit is contained in:
parent
b770393b76
commit
9235c9b65b
176
NEWS
176
NEWS
@ -1,12 +1,179 @@
|
|||||||
Noteworthy changes in version 2.3.0 (unreleased)
|
Noteworthy changes in version 2.3.0 (unreleased)
|
||||||
------------------------------------------------
|
------------------------------------------------
|
||||||
|
|
||||||
* The legacy key discovory method PKA is no longer supported. The
|
* The legacy key discovery method PKA is no longer supported. The
|
||||||
command --print-pka-records and the PKA related import and export
|
command --print-pka-records and the PKA related import and export
|
||||||
options have been removed.
|
options have been removed.
|
||||||
|
|
||||||
|
* A new experimental key database daemon is provided. To enable it
|
||||||
|
put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored
|
||||||
|
in a SQLite database and make key lookup much faster.
|
||||||
|
|
||||||
|
|
||||||
|
Changes also found in 2.2.27:
|
||||||
|
|
||||||
|
* gpg: Fix regression in 2.2.24 for gnupg_remove function under
|
||||||
|
Windows. [#5230]
|
||||||
|
|
||||||
|
* gpgconf: Fix case with neither local nor global gpg.conf. [9f37d3e6f3]
|
||||||
|
|
||||||
|
* gpgconf: Fix description of two new options. [#5221]
|
||||||
|
|
||||||
|
* Build Windows installer without timestamps. Note that the
|
||||||
|
Authenticode signatures still carry a timestamp.
|
||||||
|
|
||||||
|
Release-info: https://dev.gnupg.org/T5234
|
||||||
|
See-also: gnupg-announce/2021q1/000452.html
|
||||||
|
|
||||||
|
Changes also found in 2.2.26:
|
||||||
|
|
||||||
|
* gpg: New AKL method "ntds". [559efd23e9]
|
||||||
|
|
||||||
|
* gpg: Fix --trusted-key with fingerprint arg. [8a2e5025eb]
|
||||||
|
|
||||||
|
* scd: Fix writing of ECC keys to an OpenPGP card. [#5163]
|
||||||
|
|
||||||
|
* scd: Make an USB error fix specific to SPR532 readers. [#5167]
|
||||||
|
|
||||||
|
* dirmngr: With new LDAP keyservers store the new attributes. Never
|
||||||
|
store the useless pgpSignerID. Fix a long standing bug storing
|
||||||
|
some keys on an ldap server. [0e88c73bc9,e47de85382]
|
||||||
|
|
||||||
|
* dirmngr: Support the new Active Direcory LDAP schema for
|
||||||
|
keyservers. [ac8ece9266]
|
||||||
|
|
||||||
|
* dirmngr: Allow LDAP OpenPGP searches via fingerprint.
|
||||||
|
[c75fd75532]
|
||||||
|
|
||||||
|
* dirmngr: Do not block other threads during keyserver LDAP calls.
|
||||||
|
[15bfd189c0]
|
||||||
|
|
||||||
|
* Support global configuration files. [#4788,a028f24136]
|
||||||
|
|
||||||
|
* Fix the iconv fallback handling to UTF-8. [#5038]
|
||||||
|
|
||||||
|
Release-info: https://dev.gnupg.org/T5153
|
||||||
|
See-also: gnupg-announce/2020q4/000451.html
|
||||||
|
|
||||||
|
Changes also found in 2.2.25:
|
||||||
|
|
||||||
|
* scd: Fix regression in 2.2.24 requiring gpg --card-status before
|
||||||
|
signing or decrypting. [#5065]
|
||||||
|
|
||||||
|
* gpgsm: Using Libksba 1.5.0 signatures with a rarely used
|
||||||
|
combination of attributes can now be verified. [#5146]
|
||||||
|
|
||||||
|
Release-info: https://dev.gnupg.org/T5140
|
||||||
|
See-also: gnupg-announce/2020q4/000450.html
|
||||||
|
|
||||||
|
Changes also found in 2.2.24:
|
||||||
|
|
||||||
|
* Allow Unicode file names on Windows almost everywhere. Note that
|
||||||
|
it is still not possible to use Unicode strings on the command
|
||||||
|
line. This change also fixes a regression in 2.2.22 related to
|
||||||
|
non-ascii file names. [#5098]
|
||||||
|
|
||||||
|
* Fix localized time printing on Windows. [#5073]
|
||||||
|
|
||||||
|
* gpg: New command --quick-revoke-sig. [#5093]
|
||||||
|
|
||||||
|
* gpg: Do not use weak digest algos if selected by recipient
|
||||||
|
preference during sign+encrypt. [4c181d51a6]
|
||||||
|
|
||||||
|
* gpg: Switch to AES256 for symmetric encryption in de-vs mode.
|
||||||
|
[166e779634]
|
||||||
|
|
||||||
|
* gpg: Silence weak digest warnings with --quiet. [#4893]
|
||||||
|
|
||||||
|
* gpg: Print new status line CANCELED_BY_USER for a cancel during
|
||||||
|
symmetric encryption. [f05d1772c4]
|
||||||
|
|
||||||
|
* gpg: Fix the encrypt+sign hash algo preference selection for
|
||||||
|
ECDSA. This is in particular needed for keys created from
|
||||||
|
existing smartcard based keys. [aeed0b93ff]
|
||||||
|
|
||||||
|
* agent: Keep some permissions of private-keys-v1.d. [#2312]
|
||||||
|
|
||||||
|
* dirmngr: Align sks-keyservers.netCA.pem use between ntbtls and
|
||||||
|
gnutls builds. [e4f3b74c91]
|
||||||
|
|
||||||
|
* dirmngr: Fix the pool keyserver case for a single host in the
|
||||||
|
pool. [72e04b03b1a7]
|
||||||
|
|
||||||
|
* scd: Fix the use case of verify_chv2 by CHECKPIN. [61aea64b3c]
|
||||||
|
|
||||||
|
* scd: Various improvements to the ccid-driver. [#4616,#5065]
|
||||||
|
|
||||||
|
* scd: Minor fixes for Yubikey [25bec16d0b]
|
||||||
|
|
||||||
|
* gpgconf: New option --show-versions.
|
||||||
|
|
||||||
|
* w32: Install gpg-check-pattern and example profiles. Install
|
||||||
|
Windows subsystem variant of gpgconf (gpgconf-w32).
|
||||||
|
|
||||||
|
Release-info: https://dev.gnupg.org/T5052
|
||||||
|
See-also: gnupg-announce/2020q4/000449.html
|
||||||
|
|
||||||
|
Changes also found in 2.2.23:
|
||||||
|
|
||||||
|
* gpg: Fix a possible segv in the key cleaning code.
|
||||||
|
|
||||||
|
* gpgsm: Fix a minor RFC2253 parser bug. [#5037]
|
||||||
|
|
||||||
|
* scdaemon: Fix a PIN verify failure on certain OpenPGP card
|
||||||
|
implementations. Regression in 2.2.22. [#5039]
|
||||||
|
|
||||||
|
Release-info: https://dev.gnupg.org/T5045
|
||||||
|
See-also: gnupg-announce/2020q3/000448.html
|
||||||
|
|
||||||
|
Changes also found in 2.2.22:
|
||||||
|
|
||||||
|
* gpg: Change the default key algorithm to rsa3072.
|
||||||
|
|
||||||
|
* gpg: Add regular expression support for Trust Signatures on all
|
||||||
|
platforms. [#4843]
|
||||||
|
|
||||||
|
* gpg: Fix regression in 2.2.21 with non-default --passphrase-repeat
|
||||||
|
option. [#4991]
|
||||||
|
|
||||||
|
* gpg: Ignore --personal-digest-prefs for ECDSA keys. [#5021]
|
||||||
|
|
||||||
|
* gpgsm: Make rsaPSS a de-vs compliant scheme.
|
||||||
|
|
||||||
|
* gpgsm: Show also the SHA256 fingerprint in key listings.
|
||||||
|
|
||||||
|
* gpgsm: Do not require a default keyring for --gpgconf-list. [#4867]
|
||||||
|
|
||||||
|
* gpg-agent: Default to extended key format and record the creation
|
||||||
|
time of keys. Add new option --disable-extended-key-format.
|
||||||
|
|
||||||
|
* gpg-agent: Support the WAYLAND_DISPLAY envvar. [#5016]
|
||||||
|
|
||||||
|
* gpg-agent: Allow using --gpgconf-list even if HOME does not
|
||||||
|
exist. [#4866]
|
||||||
|
|
||||||
|
* gpg-agent: Make the Pinentry work even if the envvar TERM is set
|
||||||
|
to the empty string. [#4137]
|
||||||
|
|
||||||
|
* scdaemon: Add a workaround for Gnuk tokens <= 2.15 which wrongly
|
||||||
|
incremented the error counter when using the "verify" command of
|
||||||
|
"gpg --edit-key" with only the signature key being present.
|
||||||
|
|
||||||
|
* dirmngr: Better handle systems with disabled IPv6. [#4977]
|
||||||
|
|
||||||
|
* gpgpslit: Install tool. It was not installed in the past to avoid
|
||||||
|
conflicts with the version installed by GnuPG 1.4. [#5023]
|
||||||
|
|
||||||
|
* gpgtar: Handle Unicode file names on Windows correctly. [#4083]
|
||||||
|
|
||||||
|
* gpgtar: Make --files-from and --null work as documented. [#5027]
|
||||||
|
|
||||||
|
* Build the Windows installer with the new Ntbtls 0.2.0 so that TLS
|
||||||
|
connections succeed for servers demanding GCM.
|
||||||
|
|
||||||
|
Release-info: https://dev.gnupg.org/T5030
|
||||||
|
See-also: gnupg-announce/2020q3/000447.html
|
||||||
|
|
||||||
Changes also found in 2.2.21:
|
Changes also found in 2.2.21:
|
||||||
|
|
||||||
* gpg: Add option --no-include-key-block. [#4856]
|
* gpg: Add option --no-include-key-block. [#4856]
|
||||||
@ -774,6 +941,13 @@ Noteworthy changes in version 2.3.0 (unreleased)
|
|||||||
Version 2.2.19 (2019-12-07)
|
Version 2.2.19 (2019-12-07)
|
||||||
Version 2.2.20 (2020-03-20)
|
Version 2.2.20 (2020-03-20)
|
||||||
Version 2.2.21 (2020-07-09)
|
Version 2.2.21 (2020-07-09)
|
||||||
|
Version 2.2.22 (2020-08-27)
|
||||||
|
Version 2.2.23 (2020-09-03)
|
||||||
|
Version 2.2.24 (2020-11-17)
|
||||||
|
Version 2.2.25 (2020-11-23)
|
||||||
|
Version 2.2.26 (2020-12-21)
|
||||||
|
Version 2.2.27 (2021-01-11)
|
||||||
|
|
||||||
|
|
||||||
Noteworthy changes in version 2.2.0 (2017-08-28)
|
Noteworthy changes in version 2.2.0 (2017-08-28)
|
||||||
------------------------------------------------
|
------------------------------------------------
|
||||||
|
57
README
57
README
@ -32,7 +32,7 @@
|
|||||||
|
|
||||||
* BUILD INSTRUCTIONS
|
* BUILD INSTRUCTIONS
|
||||||
|
|
||||||
GnuPG 2.2 depends on the following GnuPG related packages:
|
GnuPG 2.3 depends on the following GnuPG related packages:
|
||||||
|
|
||||||
npth (https://gnupg.org/ftp/gcrypt/npth/)
|
npth (https://gnupg.org/ftp/gcrypt/npth/)
|
||||||
libgpg-error (https://gnupg.org/ftp/gcrypt/libgpg-error/)
|
libgpg-error (https://gnupg.org/ftp/gcrypt/libgpg-error/)
|
||||||
@ -43,9 +43,9 @@
|
|||||||
You should get the latest versions of course, the GnuPG configure
|
You should get the latest versions of course, the GnuPG configure
|
||||||
script complains if a version is not sufficient.
|
script complains if a version is not sufficient.
|
||||||
|
|
||||||
For some advanced features several other libraries are required.
|
Several other standard libraries are also required. The configure
|
||||||
The configure script prints diagnostic messages if one of these
|
script prints diagnostic messages if one of these libraries is not
|
||||||
libraries is not available and a feature will not be available..
|
available and a feature will not be available..
|
||||||
|
|
||||||
You also need the Pinentry package for most functions of GnuPG;
|
You also need the Pinentry package for most functions of GnuPG;
|
||||||
however it is not a build requirement. Pinentry is available at
|
however it is not a build requirement. Pinentry is available at
|
||||||
@ -68,9 +68,7 @@
|
|||||||
Before running the "make install" you might need to become root.
|
Before running the "make install" you might need to become root.
|
||||||
|
|
||||||
If everything succeeds, you have a working GnuPG with support for
|
If everything succeeds, you have a working GnuPG with support for
|
||||||
OpenPGP, S/MIME, ssh-agent, and smartcards. Note that there is no
|
OpenPGP, S/MIME, ssh-agent, and smartcards.
|
||||||
binary gpg but a gpg2 so that this package won't conflict with a
|
|
||||||
GnuPG 1.4 installation. gpg2 behaves just like gpg.
|
|
||||||
|
|
||||||
In case of problem please ask on the gnupg-users@gnupg.org mailing
|
In case of problem please ask on the gnupg-users@gnupg.org mailing
|
||||||
list for advise.
|
list for advise.
|
||||||
@ -79,16 +77,11 @@
|
|||||||
doc/HACKING in the section "How to build an installer for Windows".
|
doc/HACKING in the section "How to build an installer for Windows".
|
||||||
This requires some experience as developer.
|
This requires some experience as developer.
|
||||||
|
|
||||||
Note that the PKITS tests are always skipped unless you copy the
|
|
||||||
PKITS test data file into the tests/pkits directory. There is no
|
|
||||||
need to run these test and some of them may even fail because the
|
|
||||||
test scripts are not yet complete.
|
|
||||||
|
|
||||||
You may run
|
You may run
|
||||||
|
|
||||||
gpgconf --list-dirs
|
gpgconf --list-dirs
|
||||||
|
|
||||||
to view the default directories used by GnuPG.
|
to view the directories used by GnuPG.
|
||||||
|
|
||||||
To quickly build all required software without installing it, the
|
To quickly build all required software without installing it, the
|
||||||
Speedo method may be used:
|
Speedo method may be used:
|
||||||
@ -122,28 +115,6 @@
|
|||||||
Add other options as needed.
|
Add other options as needed.
|
||||||
|
|
||||||
|
|
||||||
* MIGRATION from 1.4 or 2.0 to 2.2
|
|
||||||
|
|
||||||
The major change in 2.2 is gpg-agent taking care of the OpenPGP
|
|
||||||
secret keys (those managed by GPG). The former file "secring.gpg"
|
|
||||||
will not be used anymore. Newly generated keys are stored in the
|
|
||||||
agent's key store directory "~/.gnupg/private-keys-v1.d/". The
|
|
||||||
first time gpg needs a secret key it checks whether a "secring.gpg"
|
|
||||||
exists and copies them to the new store. The old secring.gpg is
|
|
||||||
kept for use by older versions of gpg.
|
|
||||||
|
|
||||||
Note that gpg-agent now uses a fixed socket. All tools will start
|
|
||||||
the gpg-agent as needed. The formerly used environment variable
|
|
||||||
GPG_AGENT_INFO is ignored by 2.2. The SSH_AUTH_SOCK environment
|
|
||||||
variable should be set to a fixed value.
|
|
||||||
|
|
||||||
The Dirmngr is now part of GnuPG proper and also used to access
|
|
||||||
OpenPGP keyservers. The directory layout of Dirmngr changed to make
|
|
||||||
use of the GnuPG directories. Dirmngr is started by gpg or gpgsm as
|
|
||||||
needed. There is no more need to install a separate Dirmngr package.
|
|
||||||
|
|
||||||
All changes introduced with GnuPG 2.2 have been developed in the 2.1
|
|
||||||
series of releases. See the respective entries in the file NEWS.
|
|
||||||
|
|
||||||
* RECOMMENDATIONS
|
* RECOMMENDATIONS
|
||||||
|
|
||||||
@ -183,15 +154,14 @@
|
|||||||
is at [[https://gnupg.org/documentation/manuals/gnupg-devel/]] .
|
is at [[https://gnupg.org/documentation/manuals/gnupg-devel/]] .
|
||||||
|
|
||||||
|
|
||||||
* Installing GnuPG 2.2. and GnuPG 1.4
|
* Unsing the legacy version GnuPG 1.4
|
||||||
|
|
||||||
GnuPG 2.2 is a current version of GnuPG with state of the art
|
The 1.4 version of GnuPG is only intended to allow decryption of old
|
||||||
security design and many more features. To install both versions
|
data material using legacy keys which are not anymore supported by
|
||||||
alongside, it is suggested to rename the 1.4 version of "gpg" to
|
GnuPG 2.x. To install both versions alongside, it is suggested to
|
||||||
"gpg1" as well as the corresponding man page. Newer releases of the
|
rename the 1.4 version of "gpg" to "gpg1" as well as the
|
||||||
1.4 branch will likely do this by default. In case this is not
|
corresponding man page. Newer releases of the 1.4 branch will
|
||||||
possible, the 2.2 version can be installed under the name "gpg2"
|
likely do this by default.
|
||||||
using the configure option --enable-gpg-is-gpg2.
|
|
||||||
|
|
||||||
|
|
||||||
* HOW TO GET MORE INFORMATION
|
* HOW TO GET MORE INFORMATION
|
||||||
@ -201,7 +171,6 @@
|
|||||||
"https://gnupg.org/faq/whats-new-in-2.1.html" .
|
"https://gnupg.org/faq/whats-new-in-2.1.html" .
|
||||||
|
|
||||||
The primary WWW page is "https://gnupg.org"
|
The primary WWW page is "https://gnupg.org"
|
||||||
or using Tor "http://ic6au7wa3f6naxjq.onion"
|
|
||||||
The primary FTP site is "https://gnupg.org/ftp/gcrypt/"
|
The primary FTP site is "https://gnupg.org/ftp/gcrypt/"
|
||||||
|
|
||||||
See [[https://gnupg.org/download/mirrors.html]] for a list of
|
See [[https://gnupg.org/download/mirrors.html]] for a list of
|
||||||
|
Loading…
x
Reference in New Issue
Block a user