1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-17 14:07:03 +01:00

Update NEWS for 2.4.0

This commit is contained in:
Werner Koch 2022-12-16 11:00:16 +01:00
parent 25bef01e7a
commit fc8b811283
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 109 additions and 12 deletions

73
NEWS
View File

@ -1,6 +1,69 @@
Noteworthy changes in version 2.3.9 (unreleased) Noteworthy changes in version 2.4.0 (unreleased)
------------------------------------------------ ------------------------------------------------
* gpg: New command --quick-update-pref. [rGd40d23b233]
* gpg: New list-options show-pref and show-pref-verbose.
[rG811cfa34cb]
* gpg: New option --list-filter to restrict key listings like
gpg -k --list-filter 'select=revoked-f && sub/algostr=ed25519'
[rG1324dc3490]
* gpg: New --export-filter export-revocs. [rGc985b52e71]
* gpg: Also import stray revocation certificates. [rG7aaedfb107]
* gpg: Add a notation to encryption subkeys in de-vs mode. [T6279]
* gpg: Improve signature verification speed by a factor of more than
four. Double detached signing speed. [T5826]
* gpg: Allow only OCB for AEAD encryption. [rG5a2cef801d]
* gpg: Fix trusted introducer for mbox only user-ids. [T6238]
* gpg: Report an error via status-fd for receiving a key from the
agent. [T5151]
* gpg: Make --require-compliance work without the --status-fd
option. [rG2aacd843ad]
* gpg: Fix verification of cleartext signatures with overlong lines.
[T6272]
* agent: Fix import of protected OpenPGP v5 keys. [T6294]
* gpgsm: Change the default cipher algorithm from AES128 to AES256.
Also announce support for this in signatures. [rG2d8ac55d26]
* gpgsm: Always use the chain validation model if the root-CA
requests this. [rG7fa1d3cc82]
* gpgsm: Print OCSP revocation date and reason in cert listings.
[rGb6abaed2b5]
* agent: Support Win32-OpenSSH emulation by gpg-agent. [T3883]
* scd: Support the Telesec Signature Card v2.0. [T6252]
* scd: Redact --debug cardio output of a VERIFY APDU. [T5085]
* scd: Skip deleted pkcs#15 records in CARDOS 5. [rG061efac03f]
* dirmngr: Fix build with no LDAP support. [T6239]
* dirmngr: Fix verification of ECDSA signed CRLs. [rG868dabb402]
* wkd: New option --add-revocs for gpg-wks-client. [rGc3f9f2d497]
* wkd: Ignore expired user-ids in gpg-wks-client. [T6292]
* card: New commands "gpg" and "gpgsm". [rG9c4691c73e]
See-also: gnupg-announce/2022q4/000477.html
Release-info: https://dev.gnupg.org/T6303
Noteworthy changes in version 2.3.8 (2022-10-13) Noteworthy changes in version 2.3.8 (2022-10-13)
------------------------------------------------ ------------------------------------------------
@ -61,6 +124,7 @@ Noteworthy changes in version 2.3.8 (2022-10-13)
GNUPG_EXEC_DEBUG_FLAGS is used. [rG4ef8516a79] GNUPG_EXEC_DEBUG_FLAGS is used. [rG4ef8516a79]
Release-info: https://dev.gnupg.org/T6106 Release-info: https://dev.gnupg.org/T6106
See-also: gnupg-announce/2022q4/000476.html
Noteworthy changes in version 2.3.7 (2022-07-11) Noteworthy changes in version 2.3.7 (2022-07-11)
@ -142,6 +206,7 @@ Noteworthy changes in version 2.3.7 (2022-07-11)
* gpgconf: New short options -V and -X * gpgconf: New short options -V and -X
Release-info: https://dev.gnupg.org/T5947 Release-info: https://dev.gnupg.org/T5947
See-also: gnupg-announce/2022q3/000474.html
Noteworthy changes in version 2.3.6 (2022-04-25) Noteworthy changes in version 2.3.6 (2022-04-25)
@ -1469,6 +1534,12 @@ Noteworthy changes in version 2.3.0 (2021-04-07)
Release dates of 2.2 versions Release dates of 2.2 versions
----------------------------- -----------------------------
Version 2.2.40 (2022-10-10) https://dev.gnupg.org/T6181
Version 2.2.39 (2022-09-02) https://dev.gnupg.org/T6175
Version 2.2.38 (2022-09-01) https://dev.gnupg.org/T6159
Version 2.2.37 (2022-08-24) https://dev.gnupg.org/T6105
Version 2.2.36 (2022-07-06) https://dev.gnupg.org/T5949
Version 2.2.35 (2022-04-25) https://dev.gnupg.org/T5928
Version 2.2.34 (2022-02-07) https://dev.gnupg.org/T5703 Version 2.2.34 (2022-02-07) https://dev.gnupg.org/T5703
Version 2.2.33 (2021-11-23) https://dev.gnupg.org/T5641 Version 2.2.33 (2021-11-23) https://dev.gnupg.org/T5641
Version 2.2.32 (2021-10-06) https://dev.gnupg.org/T5601 Version 2.2.32 (2021-10-06) https://dev.gnupg.org/T5601

34
README
View File

@ -1,6 +1,6 @@
The GNU Privacy Guard 2 The GNU Privacy Guard 2
========================= =========================
Version 2.3 Version 2.4
Copyright 1997-2019 Werner Koch Copyright 1997-2019 Werner Koch
Copyright 1998-2021 Free Software Foundation, Inc. Copyright 1998-2021 Free Software Foundation, Inc.
@ -27,7 +27,7 @@
* BUILD INSTRUCTIONS * BUILD INSTRUCTIONS
GnuPG 2.3 depends on the following GnuPG related packages: GnuPG 2.4 depends on the following GnuPG related packages:
npth (https://gnupg.org/ftp/gcrypt/npth/) npth (https://gnupg.org/ftp/gcrypt/npth/)
libgpg-error (https://gnupg.org/ftp/gcrypt/libgpg-error/) libgpg-error (https://gnupg.org/ftp/gcrypt/libgpg-error/)
@ -74,7 +74,7 @@
You may run You may run
gpgconf --list-dirs gpgconf -L
to view the directories used by GnuPG. to view the directories used by GnuPG.
@ -113,6 +113,31 @@
* RECOMMENDATIONS * RECOMMENDATIONS
** Key database daemon
Since version 2.3.0 it is possible to store the keys in an SQLite
database instead of the keyring.kbx file. This is in particular
useful for large keyrings or if many instances of gpg and gpgsm may
run concurrently. This is implemented using another daemon process,
the "keyboxd". To enable the use of the keyboxd put the option
"use-keyboxd" into the configuration file ~/.gnupg/common.conf or the
global /etc/gnupg/common.conf. See also doc/examples/common.conf.
Only public keys and X.509 certificates are managed by the keyboxd;
private keys are still stored as separate files.
Note that there is no automatic migration; if the use-keyboxd option
is enabled keys are not taken from pubring.kbx. To migrate existing
keys to the keyboxd do this:
1. Disable the keyboxd (remove use-keyboxd from common.conf)
2. Export all public keys
gpg --export --export-options backup > allkeys.gpg
gpgsm --export --armor > allcerts.gpg
3. Enable the keyboxd (add use-keyboxd to common.conf)
4. Import all public keys
gpg --import --import-options restore < allkeys.gpg
gpgsm --import < allcerts.crt
** Socket directory ** Socket directory
GnuPG uses Unix domain sockets to connect its components (on Windows GnuPG uses Unix domain sockets to connect its components (on Windows
@ -203,8 +228,7 @@
offers see https://gnupg.org/service.html . Maintaining and offers see https://gnupg.org/service.html . Maintaining and
improving GnuPG requires a lot of time. Since 2001, g10 Code GmbH, improving GnuPG requires a lot of time. Since 2001, g10 Code GmbH,
a German company owned and headed by GnuPG's principal author Werner a German company owned and headed by GnuPG's principal author Werner
Koch, is bearing the majority of these costs. To keep GnuPG in a Koch, is bearing the majority of these costs.
healthy state, they need your support.
# This file is Free Software; as a special exception the authors gives # This file is Free Software; as a special exception the authors gives
# unlimited permission to copy and/or distribute it, with or without # unlimited permission to copy and/or distribute it, with or without

View File

@ -1,7 +1,7 @@
# configure.ac - for GnuPG 2.1 # configure.ac - for GnuPG 2.1
# Copyright (C) 1998-2019 Werner Koch # Copyright (C) 1998-2019 Werner Koch
# Copyright (C) 1998-2021 Free Software Foundation, Inc. # Copyright (C) 1998-2021 Free Software Foundation, Inc.
# Copyright (C) 2003-2021 g10 Code GmbH # Copyright (C) 2003-2022 g10 Code GmbH
# #
# This file is part of GnuPG. # This file is part of GnuPG.
# #
@ -28,8 +28,8 @@ min_automake_version="1.16.3"
# another commit and push so that the git magic is able to work. # another commit and push so that the git magic is able to work.
m4_define([mym4_package],[gnupg]) m4_define([mym4_package],[gnupg])
m4_define([mym4_major], [2]) m4_define([mym4_major], [2])
m4_define([mym4_minor], [3]) m4_define([mym4_minor], [4])
m4_define([mym4_micro], [9]) m4_define([mym4_micro], [0])
# To start a new development series, i.e a new major or minor number # To start a new development series, i.e a new major or minor number
# you need to mark an arbitrary commit before the first beta release # you need to mark an arbitrary commit before the first beta release
@ -63,7 +63,7 @@ NEED_LIBASSUAN_API=2
NEED_LIBASSUAN_VERSION=2.5.0 NEED_LIBASSUAN_VERSION=2.5.0
NEED_KSBA_API=1 NEED_KSBA_API=1
NEED_KSBA_VERSION=1.3.4 NEED_KSBA_VERSION=1.6.3
NEED_NTBTLS_API=1 NEED_NTBTLS_API=1
NEED_NTBTLS_VERSION=0.1.0 NEED_NTBTLS_VERSION=0.1.0

View File

@ -1754,7 +1754,8 @@ Set what trust model GnuPG should follow. The models are:
@item tofu @item tofu
@opindex trust-model:tofu @opindex trust-model:tofu
@anchor{trust-model-tofu} @anchor{trust-model-tofu}
TOFU stands for Trust On First Use. In this trust model, the first TOFU stands for Trust On First Use. In this experimental trust
model, the first
time a key is seen, it is memorized. If later another key with a time a key is seen, it is memorized. If later another key with a
user id with the same email address is seen, both keys are marked as user id with the same email address is seen, both keys are marked as
suspect. In that case, the next time either is used, a warning is suspect. In that case, the next time either is used, a warning is
@ -1803,7 +1804,8 @@ Set what trust model GnuPG should follow. The models are:
@item tofu+pgp @item tofu+pgp
@opindex trust-model:tofu+pgp @opindex trust-model:tofu+pgp
This trust model combines TOFU with the Web of Trust. This is done This experimental trust model combines TOFU with the Web of Trust.
This is done
by computing the trust level for each model and then taking the by computing the trust level for each model and then taking the
maximum trust level where the trust levels are ordered as follows: maximum trust level where the trust levels are ordered as follows:
@code{unknown < undefined < marginal < fully < ultimate < expired < @code{unknown < undefined < marginal < fully < ultimate < expired <