mirror of
git://git.gnupg.org/gnupg.git
synced 2024-11-09 21:28:51 +01:00
b861561e47
g10/ * passphrase.c (passphrase_get): Set the cancel flag on all error from the agent. Fixes a bug reported by Tom Duerbusch. sm/ * gpgsm.c (main): Let --gen-key print a more informative error message.
467 lines
14 KiB
Plaintext
467 lines
14 KiB
Plaintext
Noteworthy changes in version 2.0.2 (2007-01-31)
|
|
------------------------------------------------
|
|
|
|
* Fixed a serious and exploitable bug in processing encrypted
|
|
packages. [CVE-2006-6235].
|
|
|
|
* Added --passphrase-repeat to set the number of times GPG will
|
|
prompt for a new passphrase to be repeated. This is useful to help
|
|
memorize a new passphrase. The default is 1 repetition.
|
|
|
|
* Using a PIN pad does now also work for the signing key.
|
|
|
|
* A warning is displayed bu gpg-agent if a new passphrase is too
|
|
short. New option --min-passphrase-len defaults to 8.
|
|
|
|
* The status code BEGIN_SIGNING now shows the used hash algorithms.
|
|
|
|
|
|
Noteworthy changes in version 2.0.1 (2006-11-28)
|
|
------------------------------------------------
|
|
|
|
* Experimental support for the PIN pads of the SPR 532 and the Kaan
|
|
Advanced card readers. Add "disable-keypad" scdaemon.conf if you
|
|
don't want it. Does currently only work for the OpenPGP card and
|
|
its authentication and decrypt keys.
|
|
|
|
* Fixed build problems on some some platforms and crashes on amd64.
|
|
|
|
* Fixed a buffer overflow in gpg2. [bug#728,CVE-2006-6169]
|
|
|
|
|
|
Noteworthy changes in version 2.0.0 (2006-11-11)
|
|
------------------------------------------------
|
|
|
|
* First stable version of a GnuPG integrating OpenPGP and S/MIME.
|
|
|
|
|
|
Noteworthy changes in version 1.9.95 (2006-11-06)
|
|
-------------------------------------------------
|
|
|
|
* Minor bug fixes.
|
|
|
|
|
|
Noteworthy changes in version 1.9.94 (2006-10-24)
|
|
-------------------------------------------------
|
|
|
|
* Keys for gpgsm may now be specified using a keygrip. A keygrip is
|
|
indicated by a prefixing it with an ampersand.
|
|
|
|
* gpgconf now supports switching the CMS cipher algo (e.g. to AES).
|
|
|
|
* New command --gpgconf-test for all major tools. This may be used to
|
|
check whether the configuration file is sane.
|
|
|
|
|
|
Noteworthy changes in version 1.9.93 (2006-10-18)
|
|
-------------------------------------------------
|
|
|
|
* In --with-validation mode gpgsm will now also ask whether a root
|
|
certificate should be trusted.
|
|
|
|
* Link to Pth only if really necessary.
|
|
|
|
* Fixed a pubring corruption bug in gpg2 occurring when importing
|
|
signatures or keys with insane lengths.
|
|
|
|
* Fixed v3 keyID calculation bug in gpg2.
|
|
|
|
* More tweaks for certificates without extensions.
|
|
|
|
|
|
Noteworthy changes in version 1.9.92 (2006-10-11)
|
|
-------------------------------------------------
|
|
|
|
* Bug fixes.
|
|
|
|
|
|
Noteworthy changes in version 1.9.91 (2006-10-04)
|
|
-------------------------------------------------
|
|
|
|
* New "relax" flag for trustlist.txt to allow root CA certificates
|
|
without BasicContraints.
|
|
|
|
* [gpg2] Removed the -k PGP 2 compatibility hack. -k is now an
|
|
alias for --list-keys.
|
|
|
|
* [gpg2] Print a warning if "-sat" is used instead of "--clearsign".
|
|
|
|
|
|
Noteworthy changes in version 1.9.90 (2006-09-25)
|
|
-------------------------------------------------
|
|
|
|
* Made readline work for gpg.
|
|
|
|
* Cleanups und minor bug fixes.
|
|
|
|
* Included translations from gnupg 1.4.5.
|
|
|
|
|
|
Noteworthy changes in version 1.9.23 (2006-09-18)
|
|
-------------------------------------------------
|
|
|
|
* Regular man pages for most tools are now build directly from the
|
|
Texinfo source.
|
|
|
|
* The gpg code from 1.4.5 has been fully merged into this release.
|
|
The configure option --enable-gpg is still required to build this
|
|
gpg part. For production use of OpenPGP the gpg version 1.4.5 is
|
|
still recommended. Note, that gpg will be installed under the name
|
|
gpg2 to allow coexisting with an 1.4.x gpg.
|
|
|
|
* API change in gpg-agent's pkdecrypt command. Thus an older gpgsm
|
|
may not be used with the current gpg-agent.
|
|
|
|
* The scdaemon will now call a script on reader status changes.
|
|
|
|
* gpgsm now allows file descriptor passing for "INPUT", "OUTPUT" and
|
|
"MESSAGE".
|
|
|
|
* The gpgsm server may now output a key listing to the output file
|
|
handle. This needs to be enabled using "OPTION list-to-output=1".
|
|
|
|
* The --output option of gpgsm has now an effect on list-keys.
|
|
|
|
* New gpgsm commands --dump-chain and list-chain.
|
|
|
|
* gpg-connect-agent has new options to utilize descriptor passing.
|
|
|
|
* A global trustlist may now be used. See doc/examples/trustlist.txt.
|
|
|
|
* When creating a new pubring.kbx keybox common certificates are
|
|
imported.
|
|
|
|
|
|
Noteworthy changes in version 1.9.22 (2006-07-27)
|
|
-------------------------------------------------
|
|
|
|
* Enhanced pkcs#12 support to allow import from simple keyBags.
|
|
|
|
* Exporting to pkcs#12 now create bag attributes so that Mozilla is
|
|
able to import the files.
|
|
|
|
* Fixed uploading of certain keys to the smart card.
|
|
|
|
|
|
Noteworthy changes in version 1.9.21 (2006-06-20)
|
|
-------------------------------------------------
|
|
|
|
* New command APDU for scdaemon to allow using it for general card
|
|
access. Might be used through gpg-connect-agent by using the SCD
|
|
prefix command.
|
|
|
|
* Support for the CardMan 4040 PCMCIA reader (Linux 2.6.15 required).
|
|
|
|
* Scdaemon does not anymore reset cards at the end of a connection.
|
|
|
|
* Kludge to allow use of Bundesnetzagentur issued X.509 certificates.
|
|
|
|
* Added --hash=xxx option to scdaemon's PKSIGN command.
|
|
|
|
* Pkcs#12 files are now created with a MAC. This is for better
|
|
interoperability.
|
|
|
|
* Collected bug fixes and minor other changes.
|
|
|
|
|
|
Noteworthy changes in version 1.9.20 (2005-12-20)
|
|
-------------------------------------------------
|
|
|
|
* Importing pkcs#12 files created be recent versions of Mozilla works
|
|
again.
|
|
|
|
* Basic support for qualified signatures.
|
|
|
|
* New debug tool gpgparsemail.
|
|
|
|
|
|
Noteworthy changes in version 1.9.19 (2005-09-12)
|
|
-------------------------------------------------
|
|
|
|
* The Belgian eID card is now supported for signatures and ssh.
|
|
Other pkcs#15 cards should work as well.
|
|
|
|
* Fixed bug in --export-secret-key-p12 so that certificates are again
|
|
included.
|
|
|
|
|
|
Noteworthy changes in version 1.9.18 (2005-08-01)
|
|
-------------------------------------------------
|
|
|
|
* [gpgsm] Now allows for more than one email address as well as URIs
|
|
and dnsNames in certificate request generation. A keygrip may be
|
|
given to create a request from an existing key.
|
|
|
|
* A couple of minor bug fixes.
|
|
|
|
|
|
Noteworthy changes in version 1.9.17 (2005-06-20)
|
|
-------------------------------------------------
|
|
|
|
* gpg-connect-agent has now features to handle Assuan INQUIRE
|
|
commands.
|
|
|
|
* Internal changes for OpenPGP cards. New Assuan command WRITEKEY.
|
|
|
|
* GNU Pth is now a hard requirement.
|
|
|
|
* [scdaemon] Support for OpenSC has been removed. Instead a new and
|
|
straightforward pkcs#15 modules has been written. As of now it
|
|
does allows only signing using TCOS cards but we are going to
|
|
enhance it to match all the old capabilities.
|
|
|
|
* [gpg-agent] New option --write-env-file and Assuan command
|
|
UPDATESTARTUPTTY.
|
|
|
|
* [gpg-agent] New option --default-cache-ttl-ssh to set the TTL for
|
|
SSH passphrase caching independent from the other passphrases.
|
|
|
|
|
|
Noteworthy changes in version 1.9.16 (2005-04-21)
|
|
-------------------------------------------------
|
|
|
|
* gpg-agent does now support the ssh-agent protocol and thus allows
|
|
to use the pinentry as well as the OpenPGP smartcard with ssh.
|
|
|
|
* New tool gpg-connect-agent as a general client for the gpg-agent.
|
|
|
|
* New tool symcryptrun as a wrapper for certain encryption tools.
|
|
|
|
* The gpg tool is not anymore build by default because those gpg
|
|
versions available in the gnupg 1.4 series are far more matured.
|
|
|
|
|
|
Noteworthy changes in version 1.9.15 (2005-01-13)
|
|
-------------------------------------------------
|
|
|
|
* Fixed passphrase caching bug.
|
|
|
|
* Better support for CCID readers; the reader from Cherry RS 6700 USB
|
|
does now work.
|
|
|
|
|
|
Noteworthy changes in version 1.9.14 (2004-12-22)
|
|
-------------------------------------------------
|
|
|
|
* [gpg-agent] New option --use-standard-socket to allow the use of a
|
|
fixed socket. gpgsm falls back to this socket if GPG_AGENT_INFO
|
|
has not been set.
|
|
|
|
* Ported to MS Windows with some functional limitations.
|
|
|
|
* New tool gpg-preset-passphrase.
|
|
|
|
|
|
Noteworthy changes in version 1.9.13 (2004-12-03)
|
|
-------------------------------------------------
|
|
|
|
* [gpgsm] New option --prefer-system-dirmngr.
|
|
|
|
* Minor cleanups and debugging aids.
|
|
|
|
|
|
Noteworthy changes in version 1.9.12 (2004-10-22)
|
|
-------------------------------------------------
|
|
|
|
* [scdaemon] Partly rewrote the PC/SC code.
|
|
|
|
* Removed the sc-investigate tool. It is now in a separate package
|
|
available at ftp://ftp.g10code.com/g10code/gscutils/ .
|
|
|
|
* [gpg-agent] Fixed logging problem.
|
|
|
|
|
|
Noteworthy changes in version 1.9.11 (2004-10-01)
|
|
-------------------------------------------------
|
|
|
|
* When using --import along with --with-validation, the imported
|
|
certificates are validated and only imported if they are fully
|
|
valid.
|
|
|
|
* [gpg-agent] New option --max-cache-ttl.
|
|
|
|
* [gpg-agent] When used without --daemon or --server, gpg-agent now
|
|
check whether a agent is already running and usable.
|
|
|
|
* Fixed some i18n problems.
|
|
|
|
|
|
Noteworthy changes in version 1.9.10 (2004-07-22)
|
|
-------------------------------------------------
|
|
|
|
* Fixed a serious bug in the checking of trusted root certificates.
|
|
|
|
* New configure option --enable-agent-pnly allows to build and
|
|
install just the agent.
|
|
|
|
* Fixed a problem with the log file handling.
|
|
|
|
|
|
Noteworthy changes in version 1.9.9 (2004-06-08)
|
|
------------------------------------------------
|
|
|
|
* [gpg-agent] The new option --allow-mark-trusted is now required to
|
|
allow gpg-agent to add a key to the trustlist.txt after user
|
|
confirmation.
|
|
|
|
* Creating PKCS#10 requests does now honor the key usage.
|
|
|
|
|
|
Noteworthy changes in version 1.9.8 (2004-04-29)
|
|
------------------------------------------------
|
|
|
|
* [scdaemon] Overhauled the internal CCID driver.
|
|
|
|
* [scdaemon] Status files named ~/.gnupg/reader_<n>.status are now
|
|
written when using the internal CCID driver.
|
|
|
|
* [gpgsm] New commands --dump-{,secret,external}-keys to show a very
|
|
detailed view of the certificates.
|
|
|
|
* The keybox gets now compressed after 3 hours and ephemeral
|
|
stored certificates are deleted after about a day.
|
|
|
|
* [gpg] Usability fixes for --card-edit. Note, that this has already
|
|
been ported back to gnupg-1.3
|
|
|
|
|
|
Noteworthy changes in version 1.9.7 (2004-04-06)
|
|
------------------------------------------------
|
|
|
|
* Instrumented the modules for gpgconf.
|
|
|
|
* Added support for DINSIG card applications.
|
|
|
|
* Include the smimeCapabilities attribute with signed messages.
|
|
|
|
* Now uses the gettext domain "gnupg2" to avoid conflicts with gnupg
|
|
versions < 1.9.
|
|
|
|
|
|
Noteworthy changes in version 1.9.6 (2004-03-06)
|
|
------------------------------------------------
|
|
|
|
* Code cleanups and bug fixes.
|
|
|
|
|
|
Noteworthy changes in version 1.9.5 (2004-02-21)
|
|
------------------------------------------------
|
|
|
|
* gpg-protect-tool gets now installed into libexec as it ought to be.
|
|
Cleaned up the build system to better comply with the coding
|
|
standards.
|
|
|
|
* [gpgsm] The --import command is now able to autodetect pkcs#12
|
|
files and import secret and private keys from this file format.
|
|
A new command --export-secret-key-p12 is provided to allow
|
|
exporting of secret keys in PKCS\#12 format.
|
|
|
|
* [gpgsm] The pinentry will now present a description of the key for
|
|
whom the passphrase is requested.
|
|
|
|
* [gpgsm] New option --with-validation to check the validity of key
|
|
while listing it.
|
|
|
|
* New option --debug-level={none,basic,advanced,expert,guru} to map
|
|
the debug flags to sensitive levels on a per program base.
|
|
|
|
|
|
Noteworthy changes in version 1.9.4 (2004-01-30)
|
|
------------------------------------------------
|
|
|
|
* Added support for the Telesec NKS 2.0 card application.
|
|
|
|
* Added simple tool addgnupghome to create .gnupg directories from
|
|
/etc/skel/.gnupg.
|
|
|
|
* Various minor bug fixes and cleanups; mainly gpgsm and gpg-agent
|
|
related.
|
|
|
|
|
|
Noteworthy changes in version 1.9.3 (2003-12-23)
|
|
------------------------------------------------
|
|
|
|
* New gpgsm options --{enable,disable}-ocsp to validate keys using
|
|
OCSP. This option requires a not yet released DirMngr version.
|
|
Default is disabled.
|
|
|
|
* The --log-file option may now be used to print logs to a socket.
|
|
Prefix the socket name with "socket://" to enable this. This does
|
|
not work on all systems and falls back to stderr if there is a
|
|
problem with the socket.
|
|
|
|
* The options --encrypt-to and --no-encrypt-to now work the same in
|
|
gpgsm as in gpg. Note, they are also used in server mode.
|
|
|
|
* Duplicated recipients are now silently removed in gpgsm.
|
|
|
|
|
|
Noteworthy changes in version 1.9.2 (2003-11-17)
|
|
------------------------------------------------
|
|
|
|
* On card key generation is no longer done using the --gen-key
|
|
command but from the menu provided by the new --card-edit command.
|
|
|
|
* PINs are now properly cached and there are only 2 PINs visible.
|
|
The 3rd PIN (CHV2) is internally syncronized with the regular PIN.
|
|
|
|
* All kind of other internal stuff.
|
|
|
|
|
|
Noteworthy changes in version 1.9.1 (2003-09-06)
|
|
------------------------------------------------
|
|
|
|
* Support for OpenSC is back. scdaemon supports a --disable-opensc to
|
|
disable OpenSC use at runtime, so that PC/SC or ct-API can still be
|
|
used directly.
|
|
|
|
* Rudimentary support for the SCR335 smartcard reader using an
|
|
internal driver. Requires current libusb from CVS.
|
|
|
|
* Bug fixes.
|
|
|
|
|
|
Noteworthy changes in version 1.9.0 (2003-08-05)
|
|
------------------------------------------------
|
|
|
|
====== PLEASE SEE README-alpha =======
|
|
|
|
* gpg has been renamed to gpg2 and gpgv to gpgv2. This is a
|
|
temporary change to allow co-existing with stable gpg versions.
|
|
|
|
* ~/.gnupg/gpg.conf-1.9.0 is fist tried as config file before the
|
|
usual gpg.conf.
|
|
|
|
* Removed the -k, -kv and -kvv commands. -k is now an alias to
|
|
--list-keys. New command -K as alias for --list-secret-keys.
|
|
|
|
* Removed --run-as-shm-coprocess feature.
|
|
|
|
* gpg does now also use libgcrypt, libgpg-error is required.
|
|
|
|
* New gpgsm commands --call-dirmngr and --call-protect-tool.
|
|
|
|
* Changing a passphrase is now possible using "gpgsm --passwd"
|
|
|
|
* The content-type attribute is now recognized and created.
|
|
|
|
* The agent does now reread certain options on receiving a HUP.
|
|
|
|
* The pinentry is now forked for each request so that clients with
|
|
different environments are supported. When running in daemon mode
|
|
and --keep-display is not used the DISPLAY variable is ignored.
|
|
|
|
* Merged stuff from the newpg branch and started this new
|
|
development branch.
|
|
|
|
|
|
Copyright 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
|
|
|
|
This file is free software; as a special exception the author gives
|
|
unlimited permission to copy and/or distribute it, with or without
|
|
modifications, as long as this notice is preserved.
|
|
|
|
This file is distributed in the hope that it will be useful, but
|
|
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
|
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|