2017-12-29  Werner Koch  <wk@gnupg.org>

	Release 2.0.31.
	+ commit e6dae418c260592c0860519481b5eb92d14329db


2017-12-18  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit cdbb19e9e6afdd0dd251b2fb0965945ded45d51a
	* po/ja.po: Fix message with no "%s".

2017-12-04  NIIBE Yutaka  <gniibe@fsij.org>
	    Damien Goutte-Gattat  <dgouttegattat@incenp.org>

	g10: Fix regexp sanitization.
	+ commit 9ba0e2c76c0c040e69e50ed9d89eadb3269052f9
	* g10/trustdb.c (sanitize_regexp): Only escape operators.

2017-07-13  Werner Koch  <wk@gnupg.org>

	gpgsm: Allow ciphers AES192 and SERPENT256.
	+ commit 67cd81ed90ad88cbe607b7f7d1a0b1e08b8ac1f1
	* sm/gpgsm.c (main): Add AES192 cipher.  Allow SERPENT256.

2017-03-30  Werner Koch  <wk@gnupg.org>

	gpg: Fix export porting of zero length user ID packets.
	+ commit 2975eee420007557a138445d0505f1d590d88d7e
	* g10/build-packet.c (do_user_id): Avoid indeterminate length header.

2016-11-30  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Support OpenPGP card V3 for RSA.
	+ commit 5c599e4f6edd288f4759c9fc2bcf9fe87dee1836
	* scd/app-openpgp.c (struct app_local_s): Remove max_cmd_data and
	max_rsp_data fields as Extended Capabilities bits are different.
	(get_cached_data) Use extcap.max_certlen_3.
	(get_one_do): Don't use exmode=1.
	(determine_rsa_response): New.
	(get_public_key, do_genkey): Call determine_rsa_response.
	(do_sign): Use keyattr[0].rsa.n_bits / 8, instead of max_rsp_data.
	(do_auth): Use keyattr[2].rsa.n_bits / 8, instead of max_rsp_data.
	(do_decipher): Likewise with Use keyattr[1].rsa.n_bits / 8.
	(show_caps): Remove max_cmd_data and max_rsp_data.
	(app_select_openpgp): Likewise.

	scd: Fix receive buffer size.
	+ commit bb5a153f9dd9497f58935c2a7026220f3a99cffd
	* scd/apdu.c (send_le): Fix the size, adding two for status
	bytes to Le.

	scd: Don't limit to ST-2xxx for PC/SC.
	+ commit 3089c76a4a6a4250489a8ea373e5810bc9593654
	* scd/apdu.c (pcsc_vendor_specific_init): Only check vender ID.

	scd: Fix status info encoding.
	+ commit 354f8119bc24c93b3ead367af7ded8dd271feb3c
	* scd/command.c (send_status_info): Do percent plus encoding correctly.

	scd: minor cleanup to merge other works.
	+ commit 88556386a61f5fa9ce8c5abbe1fd6d66a7723854
	* scd/iso7816.c (do_generate_keypair): Use const char * for DATA.
	(iso7816_generate_keypair, iso7816_read_public_key): Likewise.
	* scd/app-openpgp.c (get_public_key): Follow the change.
	(do_genkey): Ditto.  Use ERR instead of RC.  Use u32 for CREATED_AT.

	scd: Fix an action after card removal.
	+ commit 68d3e461f67404d1b47dfa7b9efdb6ac2c087bb7
	* scd/command.c (update_card_removed): Call apdu_close_reader here.

	scd: Release the card reader after card removal.
	+ commit 710d0ce0fd5ee33b1e57f1ae9aedb90c7f7e234d
	* scd/command.c (update_reader_status_file): Call apdu_close_reader.

	scd: Clean up unused shutdown method.
	+ commit 5acce7060ca48e6c5e06a3918950c4eb83668fda
	* scd/apdu.c (shutdown_ccid_reader, apdu_shutdown_reader): Remove.
	(reset_ccid_reader): Don't set shutdown_reader.
	* scd/ccid-driver.c (ccid_shutdown_reader): Remove.

2016-11-29  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix card removal/reset on multiple contexts.
	+ commit 519c01a0fd6cfc9d4282251e187d45194325c85b
	* scd/app.c (application_notify_card_reset): Add message for debug.
	*scd/command.c (update_card_removed): Call release_application and set
	SLOT -1 here.
	(struct server_local_s): Remove app_ctx_marked_for_release.
	(do_reset): Don't mark release but call release_application here.
	(open_card): Remove app_ctx_marked_for_release handling.
	(update_reader_status_file): Don't set SLOT here, so that it can be
	released the APP by application_notify_card_reset in
	update_card_removed.

	scd: Fix race conditions for release_application.
	+ commit 3b3386a3fd973ed7f388b1356138941c302848f2
	* scd/command.c (do_reset, cmd_restart): Reset app_ctx before calling
	release_application.

2016-11-29  Werner Koch  <wk@gnupg.org>

	scd: Make option --homedir work.
	+ commit f916d5756fae163896715b057a627a5fb58ddd52
	* scd/scdaemon.c (opts): Add --homedir.

2016-11-29  NIIBE Yutaka  <gniibe@fsij.org>

	scd: More fix of error return path.
	+ commit 51464a0eadc82c84780fba08a53163cb6e4da2a4
	* scd/command.c (open_card): Return GPG_ERR_ENODEV on the failure of
	apdu_connect.

2016-11-29  Justus Winter  <justus@g10code.com>

	scd: Improve error handling.
	+ commit d87699597f4b47968902324c90beb3f3c51ff1d7
	* scd/app-openpgp.c (get_public_key): Improve error handling.

2016-11-29  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix error handling with libusb-compat library.
	+ commit d4316d13749bd8662525c2b7c416d39c5d4d8089
	* scd/ccid-driver.c (bulk_out): Use LIBUSB_ERRNO_NO_SUCH_DEVICE.

	scd: Handle error correctly.
	+ commit af7245e9a79d11866aa9c40f8f53291f82dd74b5
	* scd/apdu.c (apdu_connect): Initialize variables and check an error
	of apdu_get_status_internal.

	scd: KEYNO cleanup.
	+ commit a6f7c8d9b70daba319d24d930be056618cbad61b
	* scd/app-openpgp.c (get_public_key, send_keypair_info, do_readkey)
	(change_keyattr, change_keyattr_from_string, ecc_writekey, do_genkey)
	(compare_fingerprint, check_against_given_fingerprint): KEYNO starts
	from 0.

	scd: Use cipher.h for constants.
	+ commit f1b9521fd6bd46547090efb1de78fa46bf2abfd2
	* scd/app-openpgp.c: Include cipher.h.

2016-08-09  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Avoid publishing the GnuPG version by default.
	+ commit cbd0308bc70855a2dd34bda85b9b40a61199678c
	* g10/gpg.c (main): initialize opt.emit_version to 0
	* doc/gpg.texi: document different default for --emit-version

2016-08-04  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix checking key for signature validation.
	+ commit caff669212d2465a3a387571305a7230d394c0e0
	* g10/sig-check.c (signature_check2): Not only subkey, but also primary
	key should have flags.valid=1.

2016-07-09  NIIBE Yutaka  <gniibe@fsij.org>

	gpgv: Tweak default options for extra security.
	+ commit b531f2fd75be3f616073cba714d73324525fd3e4
	* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
	cached status.  Similarly, set opt.flags.require_cross_cert for backsig
	validation for subkey signature.

2016-07-06  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix keysize with --expert.
	+ commit 1c151368956e4558946d29d1698d9ae5028e62a7
	* g10/keygen.c (ask_keysize): It's 768 only for DSA.

2016-06-28  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix --list-packets.
	+ commit 4f336ed780cc2783395f3ff2b12b3ebb8e097f7b
	* g10/gpg.c (main): Call set_packet_list_mode after assignment of
	opt.list_packets.
	* g10/mainproc.c (do_proc_packets): Don't stop processing with
	--list-packets as the comment says.
	* g10/options.h (list_packets): Fix the comment.
	* g10/parse-packet.c: Fix the condition for opt.list_packets.

2016-06-24  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix card-edit/fetch to use keyserver_fetch.
	+ commit fb0e18b38434cbe97dee4c26047a994baf02fe76
	* g10/card-util.c (fetch_url): Call keyserver_fetch instead of
	keyserver_import_fprint.

2016-06-19  Niibe Yutaka  <gniibe@fsij.org>

	scd: Reset nonnull_nad to zero for VENDOR_GEMPC.
	+ commit c68d39f7114623075c0b407b05927b61b190a377
	* (parse_ccid_descriptor): nonnull_nad = 0 for all GEMPC device.

2016-06-15  Niibe Yutaka  <gniibe@fsij.org>

	g10: Fix another race condition for trustdb access.
	+ commit 00d737e3fde84e7df7ba19080c83237b769cd0d0
	* g10/tdbio.c (create_version_record): Call create_hashtable to always
	make hashtable, together with the version record.
	(get_trusthashrec): Remove call to create_hashtable.

2016-03-31  Werner Koch  <wk@gnupg.org>

	Release 2.0.30.
	+ commit 83cae8c0374c1cfccabced789eaa7dddc5183cdd


2016-03-31  Ineiev  <ineiev@gnu.org>

	doc: Update help.ru.text.
	+ commit e2c3ddf46294ccf0ca46ba838285f2d26adcda93


2016-03-31  Werner Koch  <wk@gnupg.org>

	build: Create *.swdb file during make distcheck.
	+ commit 2b8c9181a7668010da7e7ec3031b141a9bdedc6c
	* Makefile.am (distcheck-hook): New.

	gpg: Silence trustdb messages with --quiet.
	+ commit 458c2f2d32e4e784d3ef719a3439acc631c1fc69
	* g10/trustdb.c (validate_keys): Silence messages

2016-03-02  Justus Winter  <justus@g10code.com>

	agent: Do not remove the ssh socket.
	+ commit 3e1b451c5d330b81561436a600bdaa9fbacc1ba1
	* agent/gpg-agent.c (create_server_socket): Also inhibit the removal
	of the ssh socket if another agent process is already running.

	GnuPG modern is not affected.

2016-02-12  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Make sure to have the directory for trustdb.
	+ commit eb7806d63df63663170ba86f0673caa34b944c28
	* g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE.  Check
	the directory and create it if none before calling take_write_lock.

2016-01-15  Werner Koch  <wk@gnupg.org>

	common: Cope with AIX problem on number of open files.
	+ commit 776bee6d370602ff95e93a4aea6a70005dff9ae6
	* common/exechelp.c: Limit returned value for too hight values.

2016-01-13  NIIBE Yutaka  <gniibe@fsij.org>

	Fix to support git worktree.
	+ commit baae8d50d74040bd5a11cd423e04a022af7691e6
	* Makefile.am: Use -e for testing .git.

2015-12-15  NIIBE Yutaka  <gniibe@fsij.org>

	sm: Handle gcry_pk_encrypt return value.
	+ commit b508af2b2c40a715ef5ead4455b466954c2943ee
	* sm/encrypt.c (encrypt_dek): Don't ignore failure of gcry_pk_encrypt.

	scd: Fix commit 9a9bfd77.
	+ commit 8729f35510550495c830fcf54f03da9a42d0a751
	* scd/app.c (check_application_conflict): Get SLOT.

2015-12-15  Daniel Hoffend  <dh@dotlan.net>

	scd: Fix removal of unplugged usb readers on Windows.
	+ commit 904fbdccd65e537206c0b603f9576a07defebb29
	* scd/apdu.c (pcsc_error_to_sw): map PCSC_E_NO_SERVICE and
	PCSC_E_SERVICE_STOPPED to the internal SW_HOST_NO_READER error code.

2015-12-15  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Simplify saving application context.
	+ commit 520c85ed94fa2033e0d2ca5f9a0244b7b290b958
	* scd/app.c (lock_table): Remove LAST_APP field.
	(lock_reader, app_dump_state, application_notify_card_reset)
	(release_application): Follow the change.
	(check_conflict): New.
	(check_application_conflict): Lock the slot and call check_conflict.
	(select_application): Call check_conflict and not use LAST_APP.

	scd: Fix "Conflicting usage" bug.
	+ commit 9934889415d47f691344499972a0b879cf90ff96
	* scd/apdu.c (apdu_close_reader): Call CLOSE_READER method even if we
	  got an error from apdu_disconnect.
	* scd/app-common.h (no_reuse): Remove.
	* scd/app.c (application_notify_card_reset): Deallocate APP here.
	(select_application, release_application): Don't use NO_REUSE.

2015-10-29  NIIBE Yutaka  <gniibe@fsij.org>

	doc: Don't install gpg-zip.1.
	+ commit 01fa4c7b8b821da21a5acdeaeeafdd8c78a7a7cd
	* doc/Makefile.am (myman_pages): Remove gpg-zip.1.
	(DISTCLEANFILES): Add gpg-zip.1.

2015-10-05  Werner Koch  <wk@gnupg.org>

	agent: Fix alignment problem with the second passphrase struct.
	+ commit caa555a5bfaa98f8f630901427a653bd8dc7b95e
	* agent/genkey.c (agent_ask_new_passphrase): Use a separate malloc for
	PI2.  Check return value of the malloc function.
	* agent/command-ssh.c (ssh_identity_register): Use a separate malloc
	for PI2.  Wipe PI2.

2015-10-01  Werner Koch  <wk@gnupg.org>

	gpg: Silence a compiler warning.
	+ commit b1653a4083b91cfa85d90f59612fa1c3f4d51778
	* g10/parse-packet.c (enum_sig_subpkt): Replace hack.

2015-09-29  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Improve 'General key info' line of --card-status.
	+ commit fea9d4354c93b662c75febe020fb799ce4f2ec89
	* g10/keylist.c (print_pubkey_info): Print either "pub" or "sub".

2015-09-22  Werner Koch  <wk@gnupg.org>

	ssh: Fix fingerprint computation for 384 bit ECDSA keys.
	+ commit 47a499eaa2630b331afbf3c56c6ec6e7f300eb8c
	* common/ssh-utils.c (get_fingerprint): Fix hashed string.

2015-09-17  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit bc829bd6af1c3722144cc692289c284e88c59922


	scd: Fix ccid-driver timeout for OpenPGPcard v2.1.
	+ commit a63fddad6808763e2916d0e7e6972ed025a0f336
	* scd/ccid-driver.c (CCID_CMD_TIMEOUT): New.
	(ccid_transceive_apdu_level, ccid_transceive): Use.

2015-09-15  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit d289341371bae6405c2100a0c515c6322a2f0319


2015-09-10  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese Translation.
	+ commit fa3b618216eb155436abf9b80be9975d7334af20


	gpgconf: Fix scdaemon reload.
	+ commit d4a2a070b4b4d30a6bbdd4248421a23cf824d8c0
	* tools/gpgconf-comp.c (scdaemon_runtime_change): Add "scd bye".

2015-09-08  Werner Koch  <wk@gnupg.org>

	Release 2.0.29.
	+ commit 120fc695209fed9b447a72d36a9f7563e7b77a68


	gpg: Print a new FAILURE status after most commands.
	+ commit 77f2964b9602fb463738d14bd957d967a0c1b5ac
	* common/status.h (STATUS_FAILURE): New.
	* g10/cpr.c (write_status_failure): New.
	* g10/gpg.c (main): Call write_status_failure for all commands which
	print an error message here.

	gpg: Avoid cluttering stdout with trustdb info in verbose mode.
	+ commit 0b01bb7f253fc1f9422e59dc475fa86854b46f69
	* g10/trustdb.c (validate_keys): Call dump_key_array only in debug
	mode.

2015-09-01  Werner Koch  <wk@gnupg.org>

	gpg: Obsolete --no-sig-create-check.
	+ commit 60b0403f3ce50ee6f67fa94bf0342fb5b3988e2b
	* g10/gpg.c (opts): Make --no-sig-create-check a NOP.
	* g10/options.h (struct opt): Remove field "no_sig_create_check".
	* g10/sign.c (do_sign): Do not run the create check for Libgcrypt 1.7.

2015-08-12  NIIBE Yutaka  <gniibe@fsij.org>

	g10: fix --card-status creating stub.
	+ commit 80521c3ff900a09a1b382869783187c463144c77
	* g10/getkey.c (get_seckeyblock_byfprint): Require exact match.

2015-07-27  Werner Koch  <wk@gnupg.org>

	sm: Revert to use SHA-1 for CSR generation.
	+ commit 35d3ced4fda90a5410a579850ca92ea6a356b402
	* sm/certreqgen.c (create_request): Revert to use SHA-1 but change to
	set it only at one place.

2015-07-16  Neal H. Walfield  <neal@g10code.com>

	Don't segfault if the first 'auto-key-locate' option is 'clear'.
	+ commit 376417ab63ebb0fd2432ddc0ee1db722ffa1d3d2
	* g10/getkey.c (free_akl): If AKL is NULL, just return.

2015-06-23  NIIBE Yutaka  <gniibe@fsij.org>

	scd: pinpad workaround for PC/SC implementations.
	+ commit 022719695e3900005d78564dfe4b2154fe0537a5
	* scd/adpu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Bigger buffer
	for TPDU card reader.

	scd: Fix Cherry ST-2000 support for pinpad input.
	+ commit 9200bf1babd1398a07202b530a255912d0ffdd71
	* scd/apdu.c (pcsc_vendor_specific_init): Set pinmax to 15.
	* scd/ccid-driver.c (ccid_transceive_secure): Add zero for the
	template of APDU.

2015-06-17  Werner Koch  <wk@gnupg.org>

	gpg: Print PGP-2 fingerprint instead of all zeroes.
	+ commit be348579397797bdf814c41e3cbd086156f77dd6
	* g10/keyid.c (fingerprint_from_pk): Allow PGP-2 fingerprints.
	* g10/keylist.c (print_fingerprint): Print a warning after a PGP-2
	fingerprint.

2015-06-16  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese Translation.
	+ commit e2eba81faea28a775cbd4fadce442f561a4e06a5


2015-06-15  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix a race condition initially creating trustdb.
	+ commit 2371553af156b5f8d6282e42cb8891f0c986d3d3
	* g10/tdbio.c (take_write_lock, release_write_lock): New.
	(put_record_into_cache, tdbio_sync, tdbio_end_transaction): Use
	new lock functions.
	(tdbio_set_dbname): Fix the race.
	(open_db): Don't call create_dotlock.

	po:Update Japanese translation.
	+ commit c30bcdeac0112680a61819c52ab90beb69fdc6c0


2015-06-02  Werner Koch  <wk@gnupg.org>

	gpg: Consider that gcry_mpi_get_opaque may return NULL.
	+ commit 8a2134b8d50bd6a98a0a20fac9c2ac645e554e05
	* g10/seckey-cert.c (do_check): Handle a NULL opaque MPI.

2015-06-02  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Fix segv due to NULL value stored as opaque MPI (BRANCH 2.0)
	+ commit b2d9d105f717dc6c02ac81b5d987851279c4cd97
	* g10/build-packet.c (do_secret_key): Check for NULL return from
	gcry_mpi_get_opaque.
	* g10/keyid.c (hash_public_key): Ditto.

2015-06-02  Werner Koch  <wk@gnupg.org>

	Release 2.0.28.
	+ commit 58126e86eac873735dfed5c64be872a58821bd8a


	agent: Make --allow-external-password-cache work.
	+ commit ef0741ac54c63b9b744de9dec86e82c530f9543a
	* agent/call-pinentry.c (start_pinentry): Remove first instance of
	sending the option.

	agent: Add strings for use by future Pinentry versions.
	+ commit 3d3a58b7962ff9e6ee9ac086711cb5c7d1a599a6
	* agent/call-pinentry.c (start_pinentry): Add more strings.

2015-05-20  Werner Koch  <wk@gnupg.org>

	agent: Cleanup caching code for command GET_PASSPHRASE.
	+ commit 78e0a30fb19010b48efd752e1a73af20f93be533
	* agent/command.c (cmd_get_passphrase): Read from the user cache.

2015-05-19  Neal H. Walfield  <neal@gnu.org>

	agent: Backport changes from 2.1 to support an external password manager.
	+ commit dde8ddffd37c9ef96cae2e2b1317d1dee607fc0b
	* agent/agent.h (agent_askpin): Add arguments keyinfo and cache_mode.
	Update callers.
	(agent_get_passphrase): Likewise.
	(agent_clear_passphrase): New function.
	(opt): Add field allow_external_cache.
	* agent/call-pinentry.c (start_pinentry): Send "OPTION
	allow-external-password-cache" to the pinentry.
	(PINENTRY_STATUS_PASSWORD_FROM_CACHE): New constant.
	(pinentry_status_cb): New function.
	(agent_askpin): Add arguments keyinfo and cache_mode.  If KEYINFO and
	CACHE_MODE describe a cachable key, then send SETKEYINFO to the
	pinentry.  Pass PINENTRY_STATUS_CB to the "GETPIN" invocation.  If the
	passphrase was incorrect and PINENTRY_STATUS_PASSWORD_FROM_CACHE is
	set, decrement PININFO->FAILED_TRIES.
	(agent_get_passphrase): Add arguments keyinfo and cache_mode.  If
	KEYINFO and CACHE_MODE describe a cachable key, then send SETKEYINFO
	to the pinentry.
	(agent_clear_passphrase): New function.
	* agent/call-pinentry.c (start_pinentry): Act upon new var,
	allow_external_cache.
	* agent/command.c (cmd_clear_passphrase): Call agent_clear_passphrase.
	* agent/gpg-agent.c (oNoAllowExternalCache): New.
	(opts): Add option --no-allow-external-cache.
	(parse_rereadable_options): Set this option.

2015-05-19  NIIBE Yutaka  <gniibe@fsij.org>

	g10: detects public key encryption packet error properly.
	+ commit 80b6d614b7b53058da11ae239e8f1c69f167a200
	g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for
	encryption.

	g10: Improve handling of no corresponding public key.
	+ commit 76e2aa739c0c75a9de7059daebdf2823582d8b24
	* g10/getkey.c (get_seckey): Return G10ERR_NO_PUBKEY when it's not
	exact match.

2015-05-11  Werner Koch  <wk@gnupg.org>

	gpg-connect-agent: Fix quoting of internal percent+ function.
	+ commit be136273454532d94a955fbbcfa1544b47cad954
	* tools/gpg-connect-agent.c (get_var_ext) <percent, percent+): Also
	escape '+'.

2015-05-01  NIIBE Yutaka  <gniibe@fsij.org>

	scd: PC/SC reader selection by partial string match.
	+ commit 3f9f33bbcb40146c6f09277a28d499188ed34ef2
	* scd/apdu.c (open_pcsc_reader_direct): Partial string match.
	* scd/pcsc-wrapper.c (handle_open): Likewise.

2015-04-30  NIIBE Yutaka  <gniibe@fsij.org>

	g10: fix cmp_public_key and cmp_secret_keys.
	+ commit 43429c7869152f301157e4b24790b3801dce0f0a
	* g10/free-packet.c (cmp_public_keys, cmp_secret_keys): Compare opaque
	data at the first entry of the array when it's unknown algo.
	* configure.ac (NEED_LIBGCRYPT_VERSION): Require 1.5.0.

2015-04-16  Werner Koch  <wk@gnupg.org>

	gpg: Emit status line NEWSIG before signature verification starts.
	+ commit c8c88bdd98e56d08b1965c620173731d3c6ffd03
	* g10/mainproc.c (check_sig_and_print): Emit STATUS_NEWSIG.

2015-04-15  NIIBE Yutaka  <gniibe@fsij.org>

	scd: better handling of extended APDU.
	+ commit 05f32c702eaf6dc7fd5c0c8c01b4c731ed9a6011
	* scd/apdu.c (send_le): Bug fix for not append Z when lc<0&&le<0.
	* scd/app-common.h (struct app_ctx_s): Use bit fields for flags.
	* scd/ccid-driver.c (CCID_MAX_BUF): New.  Only for OpenPGPcard.
	(struct ccid_driver_s): New field of max_ccid_msglen.
	 Remove ifsd field.
	(parse_ccid_descriptor): Initialize max_ccid_msglen.
	(ccid_transceive_apdu_level): Implement sending extended APDU in
	chain of CCID message.

2015-04-15  Werner Koch  <wk@gnupg.org>

	gpgparsemail: Fix last commit (3f2bdac)
	+ commit 93910b5b8d20c089b2578d757cf06509d7617978
	* tools/rfc822parse.c (parse_field): Replace break by goto.

	gpgparsemail: Fix case of zero length continuation lines.
	+ commit de7f7b98dfeb30675369d0bedc6d639314193e96
	* tools/rfc822parse.c (parse_field): Loop after continuation line.

	agent: Fix length test in sshcontrol parser.
	+ commit a838e8f806693e9403541f482b58b66c606e376b
	* agent/command-ssh.c (ssh_search_control_file): Check S before
	upcasing it.

	scd: Fix possible NULL deref in apdu.c.
	+ commit b4ec909186d0150c835942754283ecc2bdf6e3e0
	* scd/apdu.c (control_pcsc_direct): Take care of BUFLEN being NULL.
	(control_pcsc_wrapped): Ditto.

2015-04-15  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit 067b6360be6733f6faf7a6438f61393fdb7a5fb3


2015-04-05  Werner Koch  <wk@gnupg.org>

	gpg: Fix DoS while parsing mangled secret key packets.
	+ commit 0aac920f23fd07e152fdb7385299c92bb9a4ade3
	* g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read
	et al.

2015-03-25  Werner Koch  <wk@gnupg.org>

	sm: Change default algos to SHA256 (CSR) and AES128 (bulk encryption).
	+ commit bdf439035d123e4751e133ad42982673b0c86b75
	* sm/certreqgen.c (create_request): Change default hash algo.
	* sm/gpgsm.c (main): Change default bulk cipher algo.

2015-03-17  Andre Heinecke  <aheinecke@intevation.de>

	gpgtar: Fix extracting files with !(size % 512)
	+ commit 0ed2cfcf054e286b238d4ddbbb3e929482849a47
	* tools/gpgtar-extract.c (extract_regular): Handle size multiples
	  of RECORDSIZE.

2015-03-11  Werner Koch  <wk@gnupg.org>

	common: Check option arguments for a valid range.
	+ commit 25e2b27b0027af9c1ce0cae0cd549c09ed349811
	* common/argparse.h (ARGPARSE_INVALID_ARG): New.
	* common/argparse.c: Include limits h and errno.h.
	(initialize): Add error strings for new error constant.
	(set_opt_arg): Add range checking.

	gpg: New command --list-gcrypt-config.
	+ commit 2f3de06ff44daefae9857549fc4ab7ae8bf8e70d
	* g10/gpg.c (aListGcryptConfig): New.
	(main): Implement command.

2015-02-26  Werner Koch  <wk@gnupg.org>

	gpg: Remove left-over debug message.
	+ commit 936416690e6c889505d84fe96983a66983beae5e
	* g10/armor.c (check_input): Remove log_debug.

2015-02-18  Werner Koch  <wk@gnupg.org>

	Release 2.0.27.
	+ commit 8d47e6e5235b6ecb41baf52865c5837c1de962b5


	gpg: Remove an unused variable.
	+ commit be91b2f89eae2b6e026182e6dc485206e90a77bb
	* g10/import.c (import): Remove need_armor.

	po: Update German translation.
	+ commit c3bcbe1fb50b3394aec3b407eac8931d3a2833a5


2015-02-18  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	curl-shim: clean up varargs.
	+ commit 839727503d6ec1186ee2e9e65d0f8bc8fcf8c456
	* keyserver/curl-shim.c (curl_easy_setopt) : ensure that va_end is
	  called.

2015-02-18  Werner Koch  <wk@gnupg.org>

	gpg: Print better diagnostics for keyserver operations.
	+ commit 0c3d7645dfad9968d0128fb35a304881121ec61b
	* g10/armor.c (parse_key_failed_line): New.
	(check_input): Watch out for gpgkeys_ error lines.
	* g10/filter.h (armor_filter_context_t): Add field key_failed_code.
	* g10/import.c (import): Add arg r_gpgkeys_err.
	(import_keys_internal): Ditto.
	(import_keys_stream): Ditto.
	* g10/keyserver.c (keyserver_errstr): New.
	(keyserver_spawn): Detect "KEY " lines while sending.  Get gpgkeys_err
	while receiving keys.
	(keyserver_work): Add kludge for better error messages.

2015-02-13  Werner Koch  <wk@gnupg.org>

	keyserver: Show log prefix when not build with cURL.
	+ commit cb2ee2dc50ae2f15022db38214bd820dbea93aaa
	* keyserver/ksutil.c (init_ks_options) [!HAVE_LIBCURL]: Set logging
	prefix.

2015-02-12  Werner Koch  <wk@gnupg.org>

	Use inline functions to convert buffer data to scalars.
	+ commit 3627123dc8fdc551caca1c7944713fbf01feccf6
	* include/host2net.h (buf16_to_ulong, buf16_to_uint): New.
	(buf16_to_ushort, buf16_to_u16): New.
	(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.

	gpg: Prevent an invalid memory read using a garbled keyring.
	+ commit 824d88ac51b4d680f06e68f0879a7c1ec03cb2ba
	* g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet
	types.

	gpg: Fix a NULL-deref in export due to invalid packet lengths.
	+ commit 8da836e76f1349f4587d1bb74864b11dde7b8a39
	* g10/build-packet.c (write_fake_data): Take care of a NULL stored as
	opaque MPI.

	gpg: Fix a NULL-deref due to empty ring trust packets.
	+ commit 7e12ec4c7d6df29a7d7935399fccd2594ebb4a7e
	* g10/parse-packet.c (parse_trust): Always allocate a packet.

2015-02-12  Joshua Rogers  <git@internot.info>

	kbx: Fix resource leak.
	+ commit a55c2125380aa2253ff13ea9b39e53d7b7df3db8
	* kbx/keybox-update.c (blob_filecopy): Fix resource leak.  On error
	return, 'fp' and 'newfp' was never closed.

2015-02-12  Werner Koch  <wk@gnupg.org>

	gpg: Limit the size of key packets to a sensible value.
	+ commit 2b2adb85948ce2c7db727ebc0c99e8ad2c29bf5f
	* g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New.
	(MAX_UID_PACKET_LENGTH): New.
	(MAX_COMMENT_PACKET_LENGTH): New.
	(MAX_ATTR_PACKET_LENGTH): New.
	(parse_key): Limit the size of a key packet to 256k.
	(parse_user_id): Use macro for the packet size limit.
	(parse_attribute): Ditto.
	(parse_comment): Ditto.

	Avoid double-close in unusual dotlock situations.
	+ commit f256bab03e2f191bc2e97fd2cc579d82c440b996
	* jnlib/dotlock.c (create_dotlock): Avoid double close due to EINTR.

2015-01-28  Werner Koch  <wk@gnupg.org>

	gpg: Allow predefined names as answer to the keygen.algo prompt.
	+ commit b2359db21c1eca7441c63b0791f8e3405b42ff83
	* g10/keygen.c (ask_algo): Add list of strings.

2015-01-26  Werner Koch  <wk@gnupg.org>

	gpg: Print a warning if the subkey expiration may not be what you want.
	+ commit 2424028fd9c525d340db461cc19f8e01a13a2395
	* g10/keyedit.c (subkey_expire_warning): New.
	keyedit_menu): Call it when needed.

	build: Update to gettext 0.19.3.
	+ commit 01d69028396a128828f7af015348b0b146a55bfe


	build: Require automake 1.14.
	+ commit c25513cc1b7db57e4e9a0f05547b855b2be94c51
	* Makefile.am (AUTOMAKE_OPTIONS): Move to ...
	* configure.ac (AM_INIT_AUTOMAKE): here.  Add option serial-tests.
	* kbx/Makefile.am (INCLUDES): Remove.  Include ../am/cmacros.

2015-01-26  Jedi Lin  <Jedi@Jedi.org>

	po: Yet another update for Chinese (traditional)
	+ commit 43deed7359a6c12c5dad58c03be206db7baf3c49


2015-01-25  Joshua Rogers  <git@internot.info>

	Remove incorrect expression leading to errors.
	+ commit 3d9f8bf1dc0c7165a5d2a31568ed425d2dc3b91e
	* scd/ccid-driver.c (send_escape_cmd): Fix setting of 'rc'.

2015-01-23  Werner Koch  <wk@gnupg.org>

	gpgconf: Fix validity check for UINT32 values.
	+ commit 068ec6c8ed07268469f33e5b3ba1e094d9bf3394
	* tools/gpgconf-comp.c (option_check_validity): Enable check for
	UINT32.

2015-01-13  Joshua Rogers  <git@internot.info>

	tools: Free variable before return.
	+ commit 1298b14f97efebdd88a9390af3848154dbe0d259
	* tools/gpgconf-comp.c: Free 'dest_filename' before it is returned
	upon error.

2015-01-13  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	sm: Avoid double-free on iconv failure.
	+ commit ced689e12a5037c6aeca62e9eaebdc098bd9c14e
	* sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid
	double-free of pwbuf.

	scd: Avoid double-free on error condition in scd.
	+ commit 0fd4cd8503dfe9c3e6a362003bd647b4cd882363
	* scd/command.c (cmd_readkey): avoid double-free of cert

	avoid future chance of using uninitialized memory.
	+ commit 1fc4dc541af7d4bf4dba6ef37d1d7841498a05c6
	* common/iobuf.c: (iobuf_open): initialize len

	gpgkey2ssh: clean up varargs.
	+ commit f542826b04e35f13a30116564daaf6456440b1d4
	* tools/gpgkey2ssh.c (key_to_blob) : ensure that va_end is called.

2015-01-13  Werner Koch  <wk@gnupg.org>

	doc: Fix memory leak in yat2m.
	+ commit 01b364b6da2fbb8850178674e1534d725cd760c8
	* doc/yat2m.c (write_th): Free NAME.

	gpgsm: Return NULL on fail.
	+ commit 907a9a1e986b8c8266f4f01e8ed82acfc636a519
	* sm/gpgsm.c (parse_keyserver_line): Set SERVER to NULL.

	gpg: Fix possible read of unallocated memory.
	+ commit d2b0e613131d52da54c3dbd72f4bfba8f7b71ad3
	* g10/parse-packet.c (can_handle_critical): Check content length
	before calling can_handle_critical_notation.

2015-01-09  Werner Koch  <wk@gnupg.org>

	scd: Fix possibly inhibited checkpin of the admin pin.
	+ commit d92fe965f3290a200d0a578decdd0867817b3b7b
	* scd/app-openpgp.c (do_check_pin): Do not check a byte of a released
	buffer.

2015-01-08  Joshua Rogers  <git@internot.info>

	scd: fix get_public_key for OpenPGPcard v1.0.
	+ commit 40f476867c5874602da921d48e339ae3612a0dcc
	* scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use.

2014-12-12  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: release DEK soon after its use.
	+ commit 4f0d526b7df871318508f8c3d2f57e7069c47e6f
	* g10/keygen.c (generate_subkeypair): Release DEK soon.

2014-11-26  David Prévot  <taffit@debian.org>

	po: Update French translation.
	+ commit 4e03e2757521ddc39d627712937227b84bf72275


	po: Update Danish translation.
	+ commit 798721f596b69c86d0831447d979b89d4e85b622


2014-11-26  Yuri Chornoivan  <yurchor@ukr.net>

	po: Update Ukrainian translation.
	+ commit e8c3fa77486d162bc63592e87680a82c9810ba48


2014-11-26  Jedi Lin  <Jedi@Jedi.org>

	po: Update Chinese (traditional) translation.
	+ commit 445eabf8f78ec349ba90b38a969b056afb901b11


2014-11-26  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit d084ae8f5302cd4fdcb658179602742847fb468a


2014-11-26  Frans Spiesschaert  <Frans.Spiesschaert@yucom.be>

	po: New Dutch translation.
	+ commit 0f429d553926b49c7851efd4d73ef631e93bdda4
	* po/LINGUAS: Add nl.po.

2014-11-24  Werner Koch  <wk@gnupg.org>

	gpg: Fix use of uninit.value in listing sig subpkts.
	+ commit 1f9dfe1fedad215140011257d9b1bb21bc368179
	* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
	sanitized.

	gpg: Fix off-by-one read in the attribute subpacket parser.
	+ commit 7a068ac50bc48de26e93cfeadf412b37257f97d5
	* g10/parse-packet.c (parse_attribute_subpkts): Check that the
	attribute packet is large enough for the subpacket type.

	gpg: Fix a NULL-deref for invalid input data.
	+ commit 92a7949ae6331b5e188480b76ce29a86ede6e89e
	* g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
	entry.

2014-11-14  Werner Koch  <wk@gnupg.org>

	gpg: Make the use of "--verify FILE" for detached sigs harder.
	+ commit a5ca45e6168e75aa6f3743b764d601ab3df966b7
	* g10/openfile.c (open_sigfile): Factor some code out to ...
	(get_matching_datafile): new function.
	* g10/plaintext.c (hash_datafiles): Do not try to find matching file
	in batch mode.
	* g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
	matching data file is not used by a standard signatures.

2014-11-12  Werner Koch  <wk@gnupg.org>

	gpg: Add import option "keep-ownertrust".
	+ commit da95d0d37841b34e2f3d7047f14ab4d98a7c0c56
	* g10/options.h (IMPORT_KEEP_OWNERTTRUST): New.
	* g10/import.c (parse_import_options): Add "keep-ownertrust".
	(import_one): Act upon new option.

2014-10-11  Werner Koch  <wk@gnupg.org>

	gpg: Show v3 key fingerprints as all zero.
	+ commit eb756e2510bfcae3339e0907a7e4cacdea59b175
	* g10/keyid.c (fingerprint_from_pk): Show v3 fingerprints as all zero.

	gpg: Avoid using cached MD5 signature status.
	+ commit 9112fed78b33faae32d21ab581721758ae2e95f2
	* g10/sig-check.c (check_key_signature2): Avoid using a cached MD5
	signature status.
	* g10/keyring.c (keyring_get_keyblock): Ditto.
	(write_keyblock): Ditto.

	* g10/sig-check.c (do_check): Move reject warning to ...
	* g10/misc.c (print_md5_rejected_note): new.

2014-10-03  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Add build and runtime support for larger RSA keys.
	+ commit f952fe8c6ddf13ecca14ca72a27d1f8da6adc901
	* configure.ac: Added --enable-large-secmem option.
	* g10/options.h: Add opt.flags.large_rsa.
	* g10/gpg.c: Contingent on configure option: adjust secmem size,
	add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
	* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
	* doc/gpg.texi: Document --enable-large-rsa.

2014-10-02  Werner Koch  <wk@gnupg.org>

	build: Update m4 scripts.
	+ commit 39c5d991a8fe9187bfbe71d0ff06630fea36fae0
	* m4/gpg-error.m4: Update from Libgpg-error git master.
	* m4/libgcrypt.m4: Update from Libgcrypt git master.
	* configure.ac: Declare SYSROOT a precious variable.  Add extra error
	message for library configuration mismatches.

2014-10-02  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: --compress-sigs and --compress-keys are not no-ops in 2.0.
	+ commit dcb5fa8747e8fc9f35285f168ee3ae8e6d422293
	* g10/gpg.c: Cleanup argument parsing.

	gpg: Avoid duplicate declaration of {no-,}sk-comments noops.
	+ commit 3e14da863a668fb0ec1a075722bd0f7b47ae4c1b
	* g10/gpg.c: Cleanup argument parsing.

2014-09-27  Werner Koch  <wk@gnupg.org>

	gpg: Default to SHA-256 for all signature types on RSA keys.
	+ commit 36179da032fa43d82042b3d31ed175d17b8e9bc4
	* g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in
	strict RFC or PGP modes.
	* g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for
	RSA key signatures.

2014-09-26  Werner Koch  <wk@gnupg.org>

	gpg: Add shortcut for setting key capabilities.
	+ commit b9b6ac9d26848bfcbd703d7410f066f4aeb9e418
	* g10/keygen.c (ask_key_flags): Add shortcut '='.
	* doc/help.txt (gpg.keygen.flags): New.

2014-09-25  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Warn about (but don't fail) on scdaemon options in gpg.conf.
	+ commit c76117f8b0165fe5cec5e7f234f55f5a4cd7f0ab
	* g10/gpg.c: Add config options that should belong in scdaemon.conf
	* g10/main.h, g10/misc.c (obsolete_scdaemon_option): New.

2014-09-03  Kristian Fiskerstrand  <kf@sumptuouscapital.com>

	gpg: Need to init the trustdb for import.
	+ commit 07006c9916ea194ce6047d252421c08489068c4c
	* g10/trustdb.c (clear_ownertrusts): Init trustdb.

2014-08-26  Werner Koch  <wk@gnupg.org>

	build: Print an error message if zlib is not installed.
	+ commit d91db67e5180fcbda2f3fb7667ffd1b99cac51c6
	* configure.ac (missing_zlib): New.

	gpg: Allow for positional parameters in the passphrase prompt.
	+ commit c45b9819e8f4b35681c91ffb67abdc38dcc32a2a
	* g10/passphrase.c (passphrase_get): Replace sprintf by xasprintf.

2014-08-12  Werner Koch  <wk@gnupg.org>

	Release 2.0.26.
	+ commit 5b2dcdd513ff503bb0bffbe7b9aa6d81d48dfaeb


	sm: Create homedir and lock empty keybox creation.
	+ commit b972ec396689013b884ea80f90d7505682d2fbb8
	* sm/gpgsm.h (opt): Add field "no_homedir_creation".
	* sm/gpgsm.c (main): Set it if --no-options is used.
	* sm/keydb.c: Include fcntl.h.
	(try_make_homedir): New.  Similar to the one from g10/openfile.c
	(maybe_create_keybox): New.  Similar to the one from g10/keydb.c.
	(keydb_add_resource): Replace some code by maybe_create_keybox.

2014-08-08  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit f7eb5be511c48f57ba5d510377f894b78f790f23


2014-08-06  Werner Koch  <wk@gnupg.org>

	gpg: Fix regression due to the keyserver import filter.
	+ commit 088f82c0b5e39687f70e44d3ab719854e808eeb6
	* g10/keyserver.c (keyserver_retrieval_filter): Change args.  Rewrite
	to take subpakets in account.
	* g10/import.c (import_one, import_secret_one): Pass keyblock to
	filter.

	gpg: Add kbnode_t for easier backporting.
	+ commit 25d5480e98068f6dd15c70c9e58236c77037535d
	* g10/gpg.h (kbnode_t): New.

2014-07-21  Simon Josefsson  <simon@josefsson.org>

