mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
a6a9181818
Support restriction attribute. Fix utf-8 printing problems. Use AES by default.
635 lines
20 KiB
Plaintext
635 lines
20 KiB
Plaintext
Noteworthy changes in version 2.0.10 (unreleased)
|
|
-------------------------------------------------
|
|
|
|
* New keyserver helper gpg2keys_kdns as generic DNS CERT lookup. Run
|
|
with --help for a short description. Requires the ADNS library.
|
|
|
|
* New mechanisms "local" and "nodefault" for --auto-key-locate [gpg].
|
|
Fixed a few problems with this option.
|
|
|
|
* [W32] Initialized the socket subsystem for all keyserver helpers.
|
|
|
|
* [W32] The sysconf directory has been moved from a subdirectory of
|
|
the installation directory to %CSIDL_COMMON_APPDATA%/GNU/etc/gnupg.
|
|
|
|
* New gpg2 command --locate-keys.
|
|
|
|
* New gpg2 options --with-sig-list and --with-sig-check.
|
|
|
|
* Made gpgsm's --output option work with --export-secret-key-p12.
|
|
|
|
* gpg-connect-agent accepts commands given as command line arguments.
|
|
|
|
* The gpg2 option --fixed-list-mode is now implicitly used and obsolete.
|
|
|
|
* New control statement %ask-passphrase for the unattended key
|
|
generation of gpg2.
|
|
|
|
* gpgsm now uses AES by default.
|
|
|
|
|
|
Noteworthy changes in version 2.0.9 (2008-03-26)
|
|
------------------------------------------------
|
|
|
|
* Gpgsm always tries to locate missing certificates from a running
|
|
Dirmngr's cache.
|
|
|
|
* Tweaks for Windows.
|
|
|
|
* The Admin PIN for OpenPGP cards may now be entered with the pinpad.
|
|
|
|
* Improved certificate chain construction.
|
|
|
|
* Extended the PKITS framework.
|
|
|
|
* Fixed a bug in the ambigious name detection.
|
|
|
|
* Fixed possible memory corruption while importing OpenPGP keys (bug
|
|
introduced with 2.0.8). [CVE-2008-1530]
|
|
|
|
* Minor bug fixes.
|
|
|
|
|
|
Noteworthy changes in version 2.0.8 (2007-12-20)
|
|
------------------------------------------------
|
|
|
|
* Enhanced gpg-connect-agent with a small scripting language.
|
|
|
|
* New option --list-config for gpgconf.
|
|
|
|
* Fixed a crash in gpgconf.
|
|
|
|
* Gpg-agent now supports the passphrase quality bar of the latest
|
|
Pinentry.
|
|
|
|
* The envvars XAUTHORITY and PINENTRY_USER_DATA are now passed to the
|
|
Pinentry.
|
|
|
|
* Fixed the auto creation of the key stub for smartcards.
|
|
|
|
* Fixed a rare bug in decryption using the OpenPGP card.
|
|
|
|
* Creating DSA2 keys is now possible.
|
|
|
|
* New option --extra-digest-algo for gpgsm to allow verification of
|
|
broken signatures.
|
|
|
|
* Allow encryption with legacy Elgamal sign+encrypt keys with option
|
|
--rfc2440.
|
|
|
|
* Windows is now a supported platform.
|
|
|
|
* Made sure that under Windows the file permissions of the socket are
|
|
taken into account. This required a change of our socket emulation
|
|
code and changed the IPC protocol under Windows.
|
|
|
|
|
|
Noteworthy changes in version 2.0.7 (2007-09-10)
|
|
------------------------------------------------
|
|
|
|
* Fixed encryption problem if duplicate certificates are in the
|
|
keybox.
|
|
|
|
* Made it work on Windows Vista. Note that the entire Windows port
|
|
is still considered Beta.
|
|
|
|
* Add new options min-passphrase-nonalpha, check-passphrase-pattern,
|
|
enforce-passphrase-constraints and max-passphrase-days to
|
|
gpg-agent.
|
|
|
|
* Add command --check-components to gpgconf. Gpgconf now uses the
|
|
installed versions of the programs and does not anymore search via
|
|
PATH for them.
|
|
|
|
|
|
Noteworthy changes in version 2.0.6 (2007-08-16)
|
|
------------------------------------------------
|
|
|
|
* GPGSM does now grok --default-key.
|
|
|
|
* GPGCONF is now aware of --default-key and --encrypt-to.
|
|
|
|
* GPGSM does again correctly print the serial number as well the the
|
|
various keyids. This was broken since 2.0.4.
|
|
|
|
* New option --validation-model and support for the chain-model.
|
|
|
|
* Improved Windows support.
|
|
|
|
|
|
Noteworthy changes in version 2.0.5 (2007-07-05)
|
|
------------------------------------------------
|
|
|
|
* Switched license to GPLv3.
|
|
|
|
* Basic support for Windows. Run "./autogen.sh --build-w32" to build
|
|
it. As usual the mingw cross compiling toolchain is required.
|
|
|
|
* Fixed bug when using the --p12-charset without --armor.
|
|
|
|
* The command --gen-key may now be used instead of the
|
|
gpgsm-gencert.sh script.
|
|
|
|
* Changed key generation to reveal less information about the
|
|
machine. Bug fixes for gpg2's card key generation.
|
|
|
|
|
|
Noteworthy changes in version 2.0.4 (2007-05-09)
|
|
------------------------------------------------
|
|
|
|
* The server mode key listing commands are now also working for
|
|
systems without the funopen/fopencookie API.
|
|
|
|
* PKCS#12 import now tries several encodings in case the passphrase
|
|
was not utf-8 encoded. New option --p12-charset for gpgsm.
|
|
|
|
* Improved the libgcrypt logging support in all modules.
|
|
|
|
|
|
Noteworthy changes in version 2.0.3 (2007-03-08)
|
|
------------------------------------------------
|
|
|
|
* By default, do not allow processing multiple plaintexts in a single
|
|
stream. Many programs that called GnuPG were assuming that GnuPG
|
|
did not permit this, and were thus not using the plaintext boundary
|
|
status tags that GnuPG provides. This change makes GnuPG reject
|
|
such messages by default which makes those programs safe again.
|
|
--allow-multiple-messages returns to the old behavior. [CVE-2007-1263].
|
|
|
|
* New --verify-option show-primary-uid-only.
|
|
|
|
* gpgconf may now reads a global configuration file to select which
|
|
options are changeable by a frontend. The new applygnupgdefaults
|
|
tool may be used by an admin to set default options for all users.
|
|
|
|
* The PIN pad of the Cherry XX44 keyboard is now supported. The
|
|
DINSIG and the NKS applications are now also aware of PIN pads.
|
|
|
|
|
|
Noteworthy changes in version 2.0.2 (2007-01-31)
|
|
------------------------------------------------
|
|
|
|
* Fixed a serious and exploitable bug in processing encrypted
|
|
packages. [CVE-2006-6235].
|
|
|
|
* Added --passphrase-repeat to set the number of times GPG will
|
|
prompt for a new passphrase to be repeated. This is useful to help
|
|
memorize a new passphrase. The default is 1 repetition.
|
|
|
|
* Using a PIN pad does now also work for the signing key.
|
|
|
|
* A warning is displayed by gpg-agent if a new passphrase is too
|
|
short. New option --min-passphrase-len defaults to 8.
|
|
|
|
* The status code BEGIN_SIGNING now shows the used hash algorithms.
|
|
|
|
|
|
Noteworthy changes in version 2.0.1 (2006-11-28)
|
|
------------------------------------------------
|
|
|
|
* Experimental support for the PIN pads of the SPR 532 and the Kaan
|
|
Advanced card readers. Add "disable-keypad" scdaemon.conf if you
|
|
don't want it. Does currently only work for the OpenPGP card and
|
|
its authentication and decrypt keys.
|
|
|
|
* Fixed build problems on some some platforms and crashes on amd64.
|
|
|
|
* Fixed a buffer overflow in gpg2. [bug#728,CVE-2006-6169]
|
|
|
|
|
|
Noteworthy changes in version 2.0.0 (2006-11-11)
|
|
------------------------------------------------
|
|
|
|
* First stable version of a GnuPG integrating OpenPGP and S/MIME.
|
|
|
|
|
|
Noteworthy changes in version 1.9.95 (2006-11-06)
|
|
-------------------------------------------------
|
|
|
|
* Minor bug fixes.
|
|
|
|
|
|
Noteworthy changes in version 1.9.94 (2006-10-24)
|
|
-------------------------------------------------
|
|
|
|
* Keys for gpgsm may now be specified using a keygrip. A keygrip is
|
|
indicated by a prefixing it with an ampersand.
|
|
|
|
* gpgconf now supports switching the CMS cipher algo (e.g. to AES).
|
|
|
|
* New command --gpgconf-test for all major tools. This may be used to
|
|
check whether the configuration file is sane.
|
|
|
|
|
|
Noteworthy changes in version 1.9.93 (2006-10-18)
|
|
-------------------------------------------------
|
|
|
|
* In --with-validation mode gpgsm will now also ask whether a root
|
|
certificate should be trusted.
|
|
|
|
* Link to Pth only if really necessary.
|
|
|
|
* Fixed a pubring corruption bug in gpg2 occurring when importing
|
|
signatures or keys with insane lengths.
|
|
|
|
* Fixed v3 keyID calculation bug in gpg2.
|
|
|
|
* More tweaks for certificates without extensions.
|
|
|
|
|
|
Noteworthy changes in version 1.9.92 (2006-10-11)
|
|
-------------------------------------------------
|
|
|
|
* Bug fixes.
|
|
|
|
|
|
Noteworthy changes in version 1.9.91 (2006-10-04)
|
|
-------------------------------------------------
|
|
|
|
* New "relax" flag for trustlist.txt to allow root CA certificates
|
|
without BasicContraints.
|
|
|
|
* [gpg2] Removed the -k PGP 2 compatibility hack. -k is now an
|
|
alias for --list-keys.
|
|
|
|
* [gpg2] Print a warning if "-sat" is used instead of "--clearsign".
|
|
|
|
|
|
Noteworthy changes in version 1.9.90 (2006-09-25)
|
|
-------------------------------------------------
|
|
|
|
* Made readline work for gpg.
|
|
|
|
* Cleanups und minor bug fixes.
|
|
|
|
* Included translations from gnupg 1.4.5.
|
|
|
|
|
|
Noteworthy changes in version 1.9.23 (2006-09-18)
|
|
-------------------------------------------------
|
|
|
|
* Regular man pages for most tools are now build directly from the
|
|
Texinfo source.
|
|
|
|
* The gpg code from 1.4.5 has been fully merged into this release.
|
|
The configure option --enable-gpg is still required to build this
|
|
gpg part. For production use of OpenPGP the gpg version 1.4.5 is
|
|
still recommended. Note, that gpg will be installed under the name
|
|
gpg2 to allow coexisting with an 1.4.x gpg.
|
|
|
|
* API change in gpg-agent's pkdecrypt command. Thus an older gpgsm
|
|
may not be used with the current gpg-agent.
|
|
|
|
* The scdaemon will now call a script on reader status changes.
|
|
|
|
* gpgsm now allows file descriptor passing for "INPUT", "OUTPUT" and
|
|
"MESSAGE".
|
|
|
|
* The gpgsm server may now output a key listing to the output file
|
|
handle. This needs to be enabled using "OPTION list-to-output=1".
|
|
|
|
* The --output option of gpgsm has now an effect on list-keys.
|
|
|
|
* New gpgsm commands --dump-chain and list-chain.
|
|
|
|
* gpg-connect-agent has new options to utilize descriptor passing.
|
|
|
|
* A global trustlist may now be used. See doc/examples/trustlist.txt.
|
|
|
|
* When creating a new pubring.kbx keybox common certificates are
|
|
imported.
|
|
|
|
|
|
Noteworthy changes in version 1.9.22 (2006-07-27)
|
|
-------------------------------------------------
|
|
|
|
* Enhanced pkcs#12 support to allow import from simple keyBags.
|
|
|
|
* Exporting to pkcs#12 now create bag attributes so that Mozilla is
|
|
able to import the files.
|
|
|
|
* Fixed uploading of certain keys to the smart card.
|
|
|
|
|
|
Noteworthy changes in version 1.9.21 (2006-06-20)
|
|
-------------------------------------------------
|
|
|
|
* New command APDU for scdaemon to allow using it for general card
|
|
access. Might be used through gpg-connect-agent by using the SCD
|
|
prefix command.
|
|
|
|
* Support for the CardMan 4040 PCMCIA reader (Linux 2.6.15 required).
|
|
|
|
* Scdaemon does not anymore reset cards at the end of a connection.
|
|
|
|
* Kludge to allow use of Bundesnetzagentur issued X.509 certificates.
|
|
|
|
* Added --hash=xxx option to scdaemon's PKSIGN command.
|
|
|
|
* Pkcs#12 files are now created with a MAC. This is for better
|
|
interoperability.
|
|
|
|
* Collected bug fixes and minor other changes.
|
|
|
|
|
|
Noteworthy changes in version 1.9.20 (2005-12-20)
|
|
-------------------------------------------------
|
|
|
|
* Importing pkcs#12 files created be recent versions of Mozilla works
|
|
again.
|
|
|
|
* Basic support for qualified signatures.
|
|
|
|
* New debug tool gpgparsemail.
|
|
|
|
|
|
Noteworthy changes in version 1.9.19 (2005-09-12)
|
|
-------------------------------------------------
|
|
|
|
* The Belgian eID card is now supported for signatures and ssh.
|
|
Other pkcs#15 cards should work as well.
|
|
|
|
* Fixed bug in --export-secret-key-p12 so that certificates are again
|
|
included.
|
|
|
|
|
|
Noteworthy changes in version 1.9.18 (2005-08-01)
|
|
-------------------------------------------------
|
|
|
|
* [gpgsm] Now allows for more than one email address as well as URIs
|
|
and dnsNames in certificate request generation. A keygrip may be
|
|
given to create a request from an existing key.
|
|
|
|
* A couple of minor bug fixes.
|
|
|
|
|
|
Noteworthy changes in version 1.9.17 (2005-06-20)
|
|
-------------------------------------------------
|
|
|
|
* gpg-connect-agent has now features to handle Assuan INQUIRE
|
|
commands.
|
|
|
|
* Internal changes for OpenPGP cards. New Assuan command WRITEKEY.
|
|
|
|
* GNU Pth is now a hard requirement.
|
|
|
|
* [scdaemon] Support for OpenSC has been removed. Instead a new and
|
|
straightforward pkcs#15 modules has been written. As of now it
|
|
does allows only signing using TCOS cards but we are going to
|
|
enhance it to match all the old capabilities.
|
|
|
|
* [gpg-agent] New option --write-env-file and Assuan command
|
|
UPDATESTARTUPTTY.
|
|
|
|
* [gpg-agent] New option --default-cache-ttl-ssh to set the TTL for
|
|
SSH passphrase caching independent from the other passphrases.
|
|
|
|
|
|
Noteworthy changes in version 1.9.16 (2005-04-21)
|
|
-------------------------------------------------
|
|
|
|
* gpg-agent does now support the ssh-agent protocol and thus allows
|
|
to use the pinentry as well as the OpenPGP smartcard with ssh.
|
|
|
|
* New tool gpg-connect-agent as a general client for the gpg-agent.
|
|
|
|
* New tool symcryptrun as a wrapper for certain encryption tools.
|
|
|
|
* The gpg tool is not anymore build by default because those gpg
|
|
versions available in the gnupg 1.4 series are far more matured.
|
|
|
|
|
|
Noteworthy changes in version 1.9.15 (2005-01-13)
|
|
-------------------------------------------------
|
|
|
|
* Fixed passphrase caching bug.
|
|
|
|
* Better support for CCID readers; the reader from Cherry RS 6700 USB
|
|
does now work.
|
|
|
|
|
|
Noteworthy changes in version 1.9.14 (2004-12-22)
|
|
-------------------------------------------------
|
|
|
|
* [gpg-agent] New option --use-standard-socket to allow the use of a
|
|
fixed socket. gpgsm falls back to this socket if GPG_AGENT_INFO
|
|
has not been set.
|
|
|
|
* Ported to MS Windows with some functional limitations.
|
|
|
|
* New tool gpg-preset-passphrase.
|
|
|
|
|
|
Noteworthy changes in version 1.9.13 (2004-12-03)
|
|
-------------------------------------------------
|
|
|
|
* [gpgsm] New option --prefer-system-dirmngr.
|
|
|
|
* Minor cleanups and debugging aids.
|
|
|
|
|
|
Noteworthy changes in version 1.9.12 (2004-10-22)
|
|
-------------------------------------------------
|
|
|
|
* [scdaemon] Partly rewrote the PC/SC code.
|
|
|
|
* Removed the sc-investigate tool. It is now in a separate package
|
|
available at ftp://ftp.g10code.com/g10code/gscutils/ .
|
|
|
|
* [gpg-agent] Fixed logging problem.
|
|
|
|
|
|
Noteworthy changes in version 1.9.11 (2004-10-01)
|
|
-------------------------------------------------
|
|
|
|
* When using --import along with --with-validation, the imported
|
|
certificates are validated and only imported if they are fully
|
|
valid.
|
|
|
|
* [gpg-agent] New option --max-cache-ttl.
|
|
|
|
* [gpg-agent] When used without --daemon or --server, gpg-agent now
|
|
check whether a agent is already running and usable.
|
|
|
|
* Fixed some i18n problems.
|
|
|
|
|
|
Noteworthy changes in version 1.9.10 (2004-07-22)
|
|
-------------------------------------------------
|
|
|
|
* Fixed a serious bug in the checking of trusted root certificates.
|
|
|
|
* New configure option --enable-agent-pnly allows to build and
|
|
install just the agent.
|
|
|
|
* Fixed a problem with the log file handling.
|
|
|
|
|
|
Noteworthy changes in version 1.9.9 (2004-06-08)
|
|
------------------------------------------------
|
|
|
|
* [gpg-agent] The new option --allow-mark-trusted is now required to
|
|
allow gpg-agent to add a key to the trustlist.txt after user
|
|
confirmation.
|
|
|
|
* Creating PKCS#10 requests does now honor the key usage.
|
|
|
|
|
|
Noteworthy changes in version 1.9.8 (2004-04-29)
|
|
------------------------------------------------
|
|
|
|
* [scdaemon] Overhauled the internal CCID driver.
|
|
|
|
* [scdaemon] Status files named ~/.gnupg/reader_<n>.status are now
|
|
written when using the internal CCID driver.
|
|
|
|
* [gpgsm] New commands --dump-{,secret,external}-keys to show a very
|
|
detailed view of the certificates.
|
|
|
|
* The keybox gets now compressed after 3 hours and ephemeral
|
|
stored certificates are deleted after about a day.
|
|
|
|
* [gpg] Usability fixes for --card-edit. Note, that this has already
|
|
been ported back to gnupg-1.3
|
|
|
|
|
|
Noteworthy changes in version 1.9.7 (2004-04-06)
|
|
------------------------------------------------
|
|
|
|
* Instrumented the modules for gpgconf.
|
|
|
|
* Added support for DINSIG card applications.
|
|
|
|
* Include the smimeCapabilities attribute with signed messages.
|
|
|
|
* Now uses the gettext domain "gnupg2" to avoid conflicts with gnupg
|
|
versions < 1.9.
|
|
|
|
|
|
Noteworthy changes in version 1.9.6 (2004-03-06)
|
|
------------------------------------------------
|
|
|
|
* Code cleanups and bug fixes.
|
|
|
|
|
|
Noteworthy changes in version 1.9.5 (2004-02-21)
|
|
------------------------------------------------
|
|
|
|
* gpg-protect-tool gets now installed into libexec as it ought to be.
|
|
Cleaned up the build system to better comply with the coding
|
|
standards.
|
|
|
|
* [gpgsm] The --import command is now able to autodetect pkcs#12
|
|
files and import secret and private keys from this file format.
|
|
A new command --export-secret-key-p12 is provided to allow
|
|
exporting of secret keys in PKCS\#12 format.
|
|
|
|
* [gpgsm] The pinentry will now present a description of the key for
|
|
whom the passphrase is requested.
|
|
|
|
* [gpgsm] New option --with-validation to check the validity of key
|
|
while listing it.
|
|
|
|
* New option --debug-level={none,basic,advanced,expert,guru} to map
|
|
the debug flags to sensitive levels on a per program base.
|
|
|
|
|
|
Noteworthy changes in version 1.9.4 (2004-01-30)
|
|
------------------------------------------------
|
|
|
|
* Added support for the Telesec NKS 2.0 card application.
|
|
|
|
* Added simple tool addgnupghome to create .gnupg directories from
|
|
/etc/skel/.gnupg.
|
|
|
|
* Various minor bug fixes and cleanups; mainly gpgsm and gpg-agent
|
|
related.
|
|
|
|
|
|
Noteworthy changes in version 1.9.3 (2003-12-23)
|
|
------------------------------------------------
|
|
|
|
* New gpgsm options --{enable,disable}-ocsp to validate keys using
|
|
OCSP. This option requires a not yet released DirMngr version.
|
|
Default is disabled.
|
|
|
|
* The --log-file option may now be used to print logs to a socket.
|
|
Prefix the socket name with "socket://" to enable this. This does
|
|
not work on all systems and falls back to stderr if there is a
|
|
problem with the socket.
|
|
|
|
* The options --encrypt-to and --no-encrypt-to now work the same in
|
|
gpgsm as in gpg. Note, they are also used in server mode.
|
|
|
|
* Duplicated recipients are now silently removed in gpgsm.
|
|
|
|
|
|
Noteworthy changes in version 1.9.2 (2003-11-17)
|
|
------------------------------------------------
|
|
|
|
* On card key generation is no longer done using the --gen-key
|
|
command but from the menu provided by the new --card-edit command.
|
|
|
|
* PINs are now properly cached and there are only 2 PINs visible.
|
|
The 3rd PIN (CHV2) is internally syncronized with the regular PIN.
|
|
|
|
* All kind of other internal stuff.
|
|
|
|
|
|
Noteworthy changes in version 1.9.1 (2003-09-06)
|
|
------------------------------------------------
|
|
|
|
* Support for OpenSC is back. scdaemon supports a --disable-opensc to
|
|
disable OpenSC use at runtime, so that PC/SC or ct-API can still be
|
|
used directly.
|
|
|
|
* Rudimentary support for the SCR335 smartcard reader using an
|
|
internal driver. Requires current libusb from CVS.
|
|
|
|
* Bug fixes.
|
|
|
|
|
|
Noteworthy changes in version 1.9.0 (2003-08-05)
|
|
------------------------------------------------
|
|
|
|
====== PLEASE SEE README-alpha =======
|
|
|
|
* gpg has been renamed to gpg2 and gpgv to gpgv2. This is a
|
|
temporary change to allow co-existing with stable gpg versions.
|
|
|
|
* ~/.gnupg/gpg.conf-1.9.0 is fist tried as config file before the
|
|
usual gpg.conf.
|
|
|
|
* Removed the -k, -kv and -kvv commands. -k is now an alias to
|
|
--list-keys. New command -K as alias for --list-secret-keys.
|
|
|
|
* Removed --run-as-shm-coprocess feature.
|
|
|
|
* gpg does now also use libgcrypt, libgpg-error is required.
|
|
|
|
* New gpgsm commands --call-dirmngr and --call-protect-tool.
|
|
|
|
* Changing a passphrase is now possible using "gpgsm --passwd"
|
|
|
|
* The content-type attribute is now recognized and created.
|
|
|
|
* The agent does now reread certain options on receiving a HUP.
|
|
|
|
* The pinentry is now forked for each request so that clients with
|
|
different environments are supported. When running in daemon mode
|
|
and --keep-display is not used the DISPLAY variable is ignored.
|
|
|
|
* Merged stuff from the newpg branch and started this new
|
|
development branch.
|
|
|
|
|
|
Copyright 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation, Inc.
|
|
|
|
This file is free software; as a special exception the author gives
|
|
unlimited permission to copy and/or distribute it, with or without
|
|
modifications, as long as this notice is preserved.
|
|
|
|
This file is distributed in the hope that it will be useful, but
|
|
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
|
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|