From fc8b811283d73251ddc97c649f0babe3005bb20b Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 16 Dec 2022 11:00:16 +0100 Subject: [PATCH] Update NEWS for 2.4.0 --- NEWS | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++- README | 34 ++++++++++++++++++++---- configure.ac | 8 +++--- doc/gpg.texi | 6 +++-- 4 files changed, 109 insertions(+), 12 deletions(-) diff --git a/NEWS b/NEWS index 47142e7e3..ab10c9409 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,69 @@ -Noteworthy changes in version 2.3.9 (unreleased) +Noteworthy changes in version 2.4.0 (unreleased) ------------------------------------------------ + * gpg: New command --quick-update-pref. [rGd40d23b233] + + * gpg: New list-options show-pref and show-pref-verbose. + [rG811cfa34cb] + + * gpg: New option --list-filter to restrict key listings like + gpg -k --list-filter 'select=revoked-f && sub/algostr=ed25519' + [rG1324dc3490] + + * gpg: New --export-filter export-revocs. [rGc985b52e71] + + * gpg: Also import stray revocation certificates. [rG7aaedfb107] + + * gpg: Add a notation to encryption subkeys in de-vs mode. [T6279] + + * gpg: Improve signature verification speed by a factor of more than + four. Double detached signing speed. [T5826] + + * gpg: Allow only OCB for AEAD encryption. [rG5a2cef801d] + + * gpg: Fix trusted introducer for mbox only user-ids. [T6238] + + * gpg: Report an error via status-fd for receiving a key from the + agent. [T5151] + + * gpg: Make --require-compliance work without the --status-fd + option. [rG2aacd843ad] + + * gpg: Fix verification of cleartext signatures with overlong lines. + [T6272] + + * agent: Fix import of protected OpenPGP v5 keys. [T6294] + + * gpgsm: Change the default cipher algorithm from AES128 to AES256. + Also announce support for this in signatures. [rG2d8ac55d26] + + * gpgsm: Always use the chain validation model if the root-CA + requests this. [rG7fa1d3cc82] + + * gpgsm: Print OCSP revocation date and reason in cert listings. + [rGb6abaed2b5] + + * agent: Support Win32-OpenSSH emulation by gpg-agent. [T3883] + + * scd: Support the Telesec Signature Card v2.0. [T6252] + + * scd: Redact --debug cardio output of a VERIFY APDU. [T5085] + + * scd: Skip deleted pkcs#15 records in CARDOS 5. [rG061efac03f] + + * dirmngr: Fix build with no LDAP support. [T6239] + + * dirmngr: Fix verification of ECDSA signed CRLs. [rG868dabb402] + + * wkd: New option --add-revocs for gpg-wks-client. [rGc3f9f2d497] + + * wkd: Ignore expired user-ids in gpg-wks-client. [T6292] + + * card: New commands "gpg" and "gpgsm". [rG9c4691c73e] + + See-also: gnupg-announce/2022q4/000477.html + Release-info: https://dev.gnupg.org/T6303 + Noteworthy changes in version 2.3.8 (2022-10-13) ------------------------------------------------ @@ -61,6 +124,7 @@ Noteworthy changes in version 2.3.8 (2022-10-13) GNUPG_EXEC_DEBUG_FLAGS is used. [rG4ef8516a79] Release-info: https://dev.gnupg.org/T6106 + See-also: gnupg-announce/2022q4/000476.html Noteworthy changes in version 2.3.7 (2022-07-11) @@ -142,6 +206,7 @@ Noteworthy changes in version 2.3.7 (2022-07-11) * gpgconf: New short options -V and -X Release-info: https://dev.gnupg.org/T5947 + See-also: gnupg-announce/2022q3/000474.html Noteworthy changes in version 2.3.6 (2022-04-25) @@ -1469,6 +1534,12 @@ Noteworthy changes in version 2.3.0 (2021-04-07) Release dates of 2.2 versions ----------------------------- +Version 2.2.40 (2022-10-10) https://dev.gnupg.org/T6181 +Version 2.2.39 (2022-09-02) https://dev.gnupg.org/T6175 +Version 2.2.38 (2022-09-01) https://dev.gnupg.org/T6159 +Version 2.2.37 (2022-08-24) https://dev.gnupg.org/T6105 +Version 2.2.36 (2022-07-06) https://dev.gnupg.org/T5949 +Version 2.2.35 (2022-04-25) https://dev.gnupg.org/T5928 Version 2.2.34 (2022-02-07) https://dev.gnupg.org/T5703 Version 2.2.33 (2021-11-23) https://dev.gnupg.org/T5641 Version 2.2.32 (2021-10-06) https://dev.gnupg.org/T5601 diff --git a/README b/README index 299bf1001..3ee5cf454 100644 --- a/README +++ b/README @@ -1,6 +1,6 @@ The GNU Privacy Guard 2 ========================= - Version 2.3 + Version 2.4 Copyright 1997-2019 Werner Koch Copyright 1998-2021 Free Software Foundation, Inc. @@ -27,7 +27,7 @@ * BUILD INSTRUCTIONS - GnuPG 2.3 depends on the following GnuPG related packages: + GnuPG 2.4 depends on the following GnuPG related packages: npth (https://gnupg.org/ftp/gcrypt/npth/) libgpg-error (https://gnupg.org/ftp/gcrypt/libgpg-error/) @@ -74,7 +74,7 @@ You may run - gpgconf --list-dirs + gpgconf -L to view the directories used by GnuPG. @@ -113,6 +113,31 @@ * RECOMMENDATIONS +** Key database daemon + + Since version 2.3.0 it is possible to store the keys in an SQLite + database instead of the keyring.kbx file. This is in particular + useful for large keyrings or if many instances of gpg and gpgsm may + run concurrently. This is implemented using another daemon process, + the "keyboxd". To enable the use of the keyboxd put the option + "use-keyboxd" into the configuration file ~/.gnupg/common.conf or the + global /etc/gnupg/common.conf. See also doc/examples/common.conf. + Only public keys and X.509 certificates are managed by the keyboxd; + private keys are still stored as separate files. + + Note that there is no automatic migration; if the use-keyboxd option + is enabled keys are not taken from pubring.kbx. To migrate existing + keys to the keyboxd do this: + + 1. Disable the keyboxd (remove use-keyboxd from common.conf) + 2. Export all public keys + gpg --export --export-options backup > allkeys.gpg + gpgsm --export --armor > allcerts.gpg + 3. Enable the keyboxd (add use-keyboxd to common.conf) + 4. Import all public keys + gpg --import --import-options restore < allkeys.gpg + gpgsm --import < allcerts.crt + ** Socket directory GnuPG uses Unix domain sockets to connect its components (on Windows @@ -203,8 +228,7 @@ offers see https://gnupg.org/service.html . Maintaining and improving GnuPG requires a lot of time. Since 2001, g10 Code GmbH, a German company owned and headed by GnuPG's principal author Werner - Koch, is bearing the majority of these costs. To keep GnuPG in a - healthy state, they need your support. + Koch, is bearing the majority of these costs. # This file is Free Software; as a special exception the authors gives # unlimited permission to copy and/or distribute it, with or without diff --git a/configure.ac b/configure.ac index 09957465e..099c6a899 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,7 @@ # configure.ac - for GnuPG 2.1 # Copyright (C) 1998-2019 Werner Koch # Copyright (C) 1998-2021 Free Software Foundation, Inc. -# Copyright (C) 2003-2021 g10 Code GmbH +# Copyright (C) 2003-2022 g10 Code GmbH # # This file is part of GnuPG. # @@ -28,8 +28,8 @@ min_automake_version="1.16.3" # another commit and push so that the git magic is able to work. m4_define([mym4_package],[gnupg]) m4_define([mym4_major], [2]) -m4_define([mym4_minor], [3]) -m4_define([mym4_micro], [9]) +m4_define([mym4_minor], [4]) +m4_define([mym4_micro], [0]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release @@ -63,7 +63,7 @@ NEED_LIBASSUAN_API=2 NEED_LIBASSUAN_VERSION=2.5.0 NEED_KSBA_API=1 -NEED_KSBA_VERSION=1.3.4 +NEED_KSBA_VERSION=1.6.3 NEED_NTBTLS_API=1 NEED_NTBTLS_VERSION=0.1.0 diff --git a/doc/gpg.texi b/doc/gpg.texi index a50252d38..804ecf94a 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1754,7 +1754,8 @@ Set what trust model GnuPG should follow. The models are: @item tofu @opindex trust-model:tofu @anchor{trust-model-tofu} - TOFU stands for Trust On First Use. In this trust model, the first + TOFU stands for Trust On First Use. In this experimental trust + model, the first time a key is seen, it is memorized. If later another key with a user id with the same email address is seen, both keys are marked as suspect. In that case, the next time either is used, a warning is @@ -1803,7 +1804,8 @@ Set what trust model GnuPG should follow. The models are: @item tofu+pgp @opindex trust-model:tofu+pgp - This trust model combines TOFU with the Web of Trust. This is done + This experimental trust model combines TOFU with the Web of Trust. + This is done by computing the trust level for each model and then taking the maximum trust level where the trust levels are ordered as follows: @code{unknown < undefined < marginal < fully < ultimate < expired <