aboutsummaryrefslogtreecommitdiffstats
path: root/NEWS (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Post release updates.Werner Koch2015-09-101-0/+4
| | | | --
* Release 2.1.8.gnupg-2.1.8Werner Koch2015-09-101-1/+24
|
* Post release updates.Werner Koch2015-08-111-0/+4
| | | | --
* Release 2.1.7gnupg-2.1.7Werner Koch2015-08-111-2/+22
|
* drop long-deprecated gpgsm-gencert.shDaniel Kahn Gillmor2015-07-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * tools/gpgsm-gencert.sh: remove deprecated script entirely. It is fully replaced by gpgsm --gen-key * doc/tools.texi: remove gpgsm-gencert.sh documentation * .gitignore: no longer ignore gpgsm-gencert.sh manpage * doc/Makefile.am: quit making the manpage * tools/Makefile.am: quit distributing the script * doc/howto-create-a-server-cert.texi: overhaul documentation to use gpgsm --gen-key and tweak explanations -- The commit deprecating gpgsm-gencert.sh (81972ca7d53ff1996e0086702a09d4405bdc2a7e) dates back exactly 6 years. https://codesearch.debian.net/results/gpgsm-gencert.sh suggests that in all of debian it is only referenced in documentation (for poldi and scute) and example files (libept), and isn't actually used directly anywhere. Furthermore, trying to use gpgsm-gencert.sh to make a simple webserver certificate-signing request failed for me, following the examples in doc/howto-create-a-server-cert.texi exactly. It's time we ripped off this band-aid :) Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* Post release updatesWerner Koch2015-07-011-0/+4
| | | | --
* Release 2.1.6gnupg-2.1.6Werner Koch2015-07-011-1/+27
|
* Added release date of older versions to NEWS.Werner Koch2015-06-151-2/+1496
| | | | --
* Post release updates.Werner Koch2015-06-111-0/+4
| | | | --
* Release 2.1.5gnupg-2.1.5Werner Koch2015-06-111-1/+11
|
* build: Make --disable-gpgsm work.Werner Koch2015-05-151-2/+2
| | | | | | | | | | * Makefile.am: Always build kbx/ * g10/Makefile.am (AM_CFLAGS): Include KSBA_CFLAGS. -- Note that "make check" still prints a warning. Signed-off-by: Werner Koch <[email protected]>
* Post release updates.Werner Koch2015-05-121-0/+4
| | | | --
* Release 2.1.4gnupg-2.1.4Werner Koch2015-05-121-1/+22
|
* Post release updates.Werner Koch2015-04-111-0/+4
| | | | --
* Release 2.1.3.gnupg-2.1.3Werner Koch2015-04-111-1/+30
|
* dirmngr: Initialize cache from sysconfig dirAndre Heinecke2015-02-121-0/+3
| | | | | | | | | | | | | | | | | | | * dirmngr/certcache.c (cert_cache_init): Load certificates from sysconfig dir instead of the homeidr. * dirmngr/dirmngr.c (main): Removed parsing of obsolete homedir_data option. * dirmngr/dirmngr.h (opt): Removed homedir_data. * doc/dirmngr.texi: Update and clarify certs directory doc. -- Using the homedir for extra-certs and trusted-certs makes little sense when dirmngr is used with a caller that manages it's own store of certificates and can provide those through the SENDCERT command. You can use trusted-certs and extra-certs to provide users with a base of locally available certificates that are not already in store of the applications.
* Post release updates.Werner Koch2015-02-111-0/+4
| | | | --
* Release 2.1.2gnupg-2.1.2Werner Koch2015-02-111-4/+25
|
* gpg: Support --passphrase with --quick-gen-key.Werner Koch2015-01-211-0/+3
| | | | | | | | | * g10/keygen.c: Include shareddefs.h. (quick_generate_keypair): Support static passphrase. (get_parameter_passphrase): New. (do_generate_keypair): Use it. Signed-off-by: Werner Koch <[email protected]>
* gpg: Re-enable the "Passphrase" parameter for batch key generation.Werner Koch2015-01-211-0/+3
| | | | | | | | | | | | | * agent/command.c (cmd_genkey): Add option --inq-passwd. * agent/genkey.c (agent_genkey): Add new arg override_passphrase. * g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword. (agent_genkey): Add arg optional arg "passphrase". * g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc) (gen_rsa, do_create): Add arg "passphrase" and pass it through. (do_generate_keypair): Make use of pPASSPHRASE. (release_parameter_list): Wipe out a passphrase parameter. Signed-off-by: Werner Koch <[email protected]>
* agent: Make sure --max-cache-ttl is >= --default-cache-ttl.Werner Koch2014-12-191-0/+4
| | | | | | | | | | * agent/gpg-agent.c (finalize_rereadable_options): New. (main, reread_configuration): Call it. -- This change should help to avoid surprising behaviour. Signed-off-by: Werner Koch <[email protected]>
* Post release updatesWerner Koch2014-12-161-0/+3
| | | | --
* Release 2.1.1gnupg-2.1.1Werner Koch2014-12-161-4/+25
|
* gpg: Allow import of large keys.Werner Koch2014-12-041-0/+2
| | | | | | | | | | | | | * g10/import.c (import): Skip too large keys. * kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 2MB to 5MB. -- The key which triggered the problem was 0x57930DAB0B86B067. With this patch it can be imported. Keys larger than the now increased limit of 5MB will are skipped and the already existing not_imported counter is bumped up. Signed-off-by: Werner Koch <[email protected]>
* gpg: Remove option aliases --[no-]throw-keyid and --notation-data.Werner Koch2014-12-031-0/+3
| | | | | | | | | * g10/gpg.c (opts): Remove them. * g10/options.h (opt): s/throw_keyid/throw_keyids/ and change users. -- See mails starting http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029128.html
* Update NEWSWerner Koch2014-11-211-0/+22
| | | | --
* Post release updates.Werner Koch2014-11-051-0/+4
| | | | --
* Change a couple of files to use abbreviated copyright notes.Werner Koch2014-11-041-6/+8
| | | | | | | | | -- Also fixed some of my own copyright notices due to the termination of my assignment. The one displayed by --version is kept at FSF because we had contributors in 2014 with FSF assignments and it gives the FSF some visibility.
* gpg: Fix --rebuild-keydb-caches.Werner Koch2014-10-311-1/+2
| | | | | | | | | | | | | | * g10/parse-packet.c (parse_key): Store even unsupported packet versions. * g10/keyring.c (keyring_rebuild_cache): Do not copy keys with versions less than 4. -- That function, which is implicitly called while checking the keydb, led to corruption of v3 key packets in the keyring which would later spit out "packet(6)too short" messages. Signed-off-by: Werner Koch <[email protected]>
* doc: Re-formated some NEWS entries and added update notes to some.Werner Koch2014-10-261-91/+95
| | | | --
* Update NEWS.gnupg-2.1.0-beta895Werner Koch2014-10-261-0/+8
| | | | --
* dirmngr: Allow building without LDAP support.Werner Koch2014-10-171-0/+2
| | | | | | | | | | | | * configure.ac: Add option --disable-ldap. (USE_LDAP): New ac_define and am_conditional. * dirmngr/Makefile.am: Take care of USE_LDAP. * dirmngr/dirmngr.c (!USE_LDAP): Make all ldap options dummy options and do not call any ldap function. * dirmngr/server.c (!USE_LDAP): Do not call any ldap function. * dirmngr/crlfetch.c (!USE_LDAP): Ditto. Signed-off-by: Werner Koch <[email protected]>
* doc: Minor fix.Werner Koch2014-10-031-1/+8
| | | | | | | | | | | | | | | | -- Due to todays reminder: On Tue 2014-04-22 18:46:15 -0400, Daniel Kahn Gillmor wrote: > With --trust-model=always, all keys and user IDs are considered > automatically valid; they are not automatically trusted (setting > universal ownertrust to anything other than "ultimate" would be > insufficient to acheive the effect of --trust-model=always, due to > --max-cert-depth and certificate path reachability). > > Thanks to Nicolai Josuttis for pointing out this documentation error.
* Release 2.1.0-beta864.gnupg-2.1.0-beta864Werner Koch2014-10-031-1/+18
|
* Post beta release update.Werner Koch2014-09-181-0/+4
| | | | --
* Release 2.1.0-beta834.gnupg-2.1.0-beta834Werner Koch2014-09-181-1/+17
|
* Post beta release update.Werner Koch2014-08-141-1/+5
| | | | --
* Release 2.1.0-beta783gnupg-2.1.0-beta783Werner Koch2014-08-141-4/+26
|
* gpg: Remove options --pgp2 and --rfc1991.Werner Koch2014-08-141-0/+3
| | | | | | | | | | | | | | * g10/gpg.c (oRFC1991, oPGP2): Remove (opts): Remove --pgp2 and --rfc1991. * g10/options.h (CO_PGP2, CO_RFC1991): Remove. Remove all users. (RFC2440, PGP2): Remove. Remove all code only enabled by these conditions. * tests/openpgp/clearsig.test: Remove --rfc1991 test. -- The use of PGP 2.c is considered insecure for quite some time now (e.g. due to the use of MD5). Thus we remove all support for _creating_ PGP 2 compatible messages.
* Post beta release updateWerner Koch2014-07-031-0/+4
| | | | --
* Release 2.1.0-beta751gnupg-2.1.0-beta751Werner Koch2014-07-031-2/+31
|
* Post beta release update.Werner Koch2014-06-051-0/+4
| | | | | | -- 656fef6454972cb91741c37a0fd19cd9ade9db9c gnupg-2.1.0-beta442.tar.bz2
* Release 2.1.0-beta442.gnupg-2.1.0-beta442Werner Koch2014-06-051-2/+2
| | | | | | | | | | | | | | -- This beta is small contribution for today's Reset The Net campaign. It is a crying shame that the government of my country is not willing to offer Edward Snowden asylum and protect him from the evil institutions of those allies who once thankfully kicked out the most evil German powers. Back in these dark years, many people had to ask for asylum over there and it was granted. Now we have to fear their Blockwarts who are listening to the entire world. It would be more than justified for us to help that brave guy.
* Update README file.Werner Koch2014-06-051-27/+60
| | | | | | | -- The copyright list in AUTHORS as been compiled from a distribution tarball.
* Add new option --with-secret.Werner Koch2014-06-031-0/+2
| | | | | | | | | | | | | | | | | | | * g10/gpg.c: Add option --with-secret. * g10/options.h (struct opt): Add field with_secret. * g10/keylist.c (public_key_list): Pass opt.with_secret to list_all and list_one. (list_all, list_one): Add arg mark_secret. (list_keyblock_colon): Add arg has_secret. * sm/gpgsm.c: Add option --with-secret. * sm/server.c (option_handler): Add option "with-secret". * sm/gpgsm.h (server_control_s): Add field with_secret. * sm/keylist.c (list_cert_colon): Take care of with_secret. Also move the token string from the wrong field 14 to 15. -- This option is useful for key managers which need to know whether a key has a secret key. This change allows to collect this information in one pass.
* gpgsm: New commands --export-secret-key-{p8,raw}Werner Koch2014-06-031-0/+3
| | | | | | | | | * sm/gpgsm.c: Add new commands. * sm/minip12.c (build_key_sequence): Add arg mode. (p12_raw_build): New. * sm/export.c (export_p12): Add arg rawmode. Call p12_raw_build. (gpgsm_p12_export): Ditto. (print_short_info): Print the keygrip.
* gpg: Do not require a trustdb with --always-trust.Werner Koch2014-03-071-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE. * g10/trustdb.c (trustdb_args): Add field no_trustdb. (init_trustdb): Set that field. (revalidation_mark): Take care of a nonexistent trustdb file. (read_trust_options): Ditto. (tdb_get_ownertrust): Ditto. (tdb_get_min_ownertrust): Ditto. (tdb_update_ownertrust): Ditto. (update_min_ownertrust): Ditto. (tdb_clear_ownertrusts): Ditto. (tdb_cache_disabled_value): Ditto. (tdb_check_trustdb_stale): Ditto. (tdb_get_validity_core): Ditto. * g10/gpg.c (main): Do not create a trustdb with most commands for trust-model always. -- This slightly changes the semantics of most commands in that they won't create a trustdb if --trust-model=always is used. It just does not make sense to create a trustdb if there is no need for it. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 1a0eeaacd1bf09fe5125dbc3f56016bc20f3512e) Resolved conflicts: NEWS g10/trustdb.c: Manually apply changes due to changed function names. Note that this also includes the fix for clear_ownertrust, see GnuPG-bug-id: 1622.
* agent: Make --allow-mark-trusted the default.Werner Koch2014-03-071-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (opts, main): Add option --no-allow-mark-trusted. Put this option into the gpgconf-list. (main): Enable opt.allow_mark_trusted by default. * tools/gpgconf-comp.c (gc_options_gpg_agent): Replace allow-mark-trusted by no-allow-mark-trusted. * agent/trustlist.c (agent_marktrusted): Always set the "relax" flag. -- These changes have been in effect for the Gpg4win Windows version since 2011-01-24 and thus first released with Gpg4win 2.1.0. Given the current state of PKIX it does not make any sense to lure the Unix user into false security by making it harder to trust self-signed or CAcert certificates. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 90b419f3e9d05e509348d047e05fcc79e87be6cf) Resolved conflicts: NEWS agent/gpg-agent.c
* ssh: Add support for Putty.Werner Koch2014-03-071-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c [W32]: Include Several Windows header. (opts): Change help text for enable-ssh-support. (opts, main): Add option --enable-putty-support (putty_support, PUTTY_IPC_MAGIC, PUTTY_IPC_MAXLEN): New for W32. (agent_init_default_ctrl): Add and asssert call. (putty_message_proc, putty_message_thread): New. (handle_connections) [W32]: Start putty message thread. * common/sysutils.c (w32_get_user_sid): New for W32 only * tools/gpgconf-comp.c (gc_options_gpg_agent): Add --enable-ssh-support and --enable-putty-support. Make the configuration group visible at basic level. * agent/command-ssh.c (serve_mmapped_ssh_request): New for W32 only. -- This patch enables support for Putty. It has been tested with Putty 0.62 using an Unix created ssh key copied to the private-keys-v1.d directory on Windows and with a manually crafted sshcontrol file. It also works with a smartcard key. May thanks to gniibe who implemented a proxy in Python to test the putty/gpg-agent communication. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 9f32499f99a0817f63f7a73b09bdcebe60d4775d) Resolved conflicts: NEWS agent/agent.h agent/gpg-agent.c: Convert from pth to npth. common/sysutils.c common/sysutils.h
* gpg: Change armor Version header to emit only the major version.Werner Koch2013-11-271-0/+3
| | | | | | | | | | | | * g10/options.h (opt): Rename field no_version to emit_version. * g10/gpg.c (main): Init opt.emit_vesion to 1. Change --emit-version to bump up opt.emit_version. * g10/armor.c (armor_filter): Implement different --emit-version values. -- GnuPG-bug-id: 1572 Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-12 00:43:25 +0000