"Fossies" - the Fresh Open Source Software Archive

Member "gnupg-2.2.17/ChangeLog" (9 Jul 2019, 1079690 Bytes) of package /linux/misc/gnupg-2.2.17.tar.bz2:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "ChangeLog": 2.2.16_vs_2.2.17.

    1 2019-07-09  Werner Koch  <wk@gnupg.org>
    2 
    3 	Release 2.2.17.
    4 	+ commit 591523ec94b6279b8b39a01501d78cf980de8722
    5 
    6 
    7 2019-07-09  Ineiev  <ineiev@gnu.org>
    8 
    9 	po: Update Russian translation.
   10 	+ commit ad0c61972a413987d2cc8ac8deb6a646b954ae05
   11 
   12 
   13 2019-07-09  Werner Koch  <wk@gnupg.org>
   14 
   15 	gpg: Do not try the import fallback if the options are already used.
   16 	+ commit 3c2cf5ea952015a441ee5701c41dadc63be60d87
   17 	* g10/import.c (import_one): Check options.
   18 
   19 	gpg: Fix regression in option "self-sigs-only".
   20 	+ commit b6effaf4669b2c3707932e3c5f2f57df886d759e
   21 	* g10/import.c (read_block): Make sure KEYID is availabale also on a
   22 	pending packet.
   23 
   24 2019-07-05  Werner Koch  <wk@gnupg.org>
   25 
   26 	gpg: With --auto-key-retrieve prefer WKD over keyservers.
   27 	+ commit 3242837d203a7b90b92952e63ee160a5a41764c0
   28 	* g10/mainproc.c (check_sig_and_print): Print a hint on how to make
   29 	use of the preferred keyserver.  Remove keyserver lookup just by the
   30 	keyid.  Try a WKD lookup before a keyserver lookup.
   31 
   32 	wkd: Change client/server limit back to 64 KiB.
   33 	+ commit 6396f8d115f21ae15571b683e9ac9d1d7e3f44f4
   34 	* tools/wks-receive.c (decrypt_data): Change limit.
   35 
   36 2019-07-04  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
   37 
   38 	dirmngr: fix handling of HTTPS redirections during HKP.
   39 	+ commit efb6e08ea2ca1cf2d39135d94195802cd69b9ea6
   40 	* dirmngr/ks-engine-hkp.c (send_request): Reinitialize HTTP session when
   41 	following a HTTP redirection.
   42 
   43 2019-07-04  Werner Koch  <wk@gnupg.org>
   44 
   45 	gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
   46 	+ commit 2b7151b0a57f5fe7d67fd76dfa1ba7a8731642c6
   47 	* g10/gpg.c (main): Change default.
   48 
   49 	gpg: Avoid printing false AKL error message.
   50 	+ commit 4cbd058a3da9aae74aadab7f260952b9ebb5becf
   51 	* g10/getkey.c (get_pubkey_byname): Add special traeatment for default
   52 	and skipped-local.
   53 
   54 	gpg: New command --locate-external-key.
   55 	+ commit 46f3283b345e1cabca4b0320cf98274ade8ec162
   56 	* g10/gpg.c (aLocateExtKeys): New.
   57 	(opts): Add --locate-external-keys.
   58 	(main): Implement that.
   59 	* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL.
   60 	(get_best_pubkey_byname): Add arg 'mode' and pass on to
   61 	get_pubkey_byname.  Change callers.
   62 	* g10/keylist.c (public_key_list): Add arg 'no_local'.
   63 	(locate_one): Ditto.  Pass on to get_best_pubkey_byname.
   64 
   65 	gpg: Make the get_pubkey_byname interface easier to understand.
   66 	+ commit 11871433436b5b9b9aca46579dd185a9a77674cd
   67 	* g10/keydb.h (enum get_pubkey_modes): New.
   68 	* g10/getkey.c (get_pubkey_byname): Repalce no_akl by a mode arg and
   69 	change all callers.
   70 
   71 2019-07-03  Werner Koch  <wk@gnupg.org>
   72 
   73 	dirmngr: Avoid endless loop in case of HTTP error 503.
   74 	+ commit d2e8d71251813e61b15a07637497fabe823b822c
   75 	* dirmngr/ks-engine-hkp.c (SEND_REQUEST_EXTRA_RETRIES): New.
   76 	(handle_send_request_error): Use it for 503 and 504.
   77 	(ks_hkp_search, ks_hkp_get, ks_hkp_put): Pass a new var for
   78 	extra_tries.
   79 
   80 	dirmngr: Do not rewrite the redirection for the "openpgpkey" subdomain.
   81 	+ commit c9b133a54e93b7f2365b5d6b1c39ec2cc6dac8f9
   82 	* dirmngr/http.c (same_host_p): Consider certain subdomains to be the
   83 	same.
   84 
   85 2019-07-03  Peter Lebbing  <peter@digitalbrains.com>
   86 
   87 	Mention --sender in documentation.
   88 	+ commit 37b549dfe0acd362399debd7c93794eb75937402
   89 
   90 
   91 2019-07-03  Werner Koch  <wk@gnupg.org>
   92 
   93 	dirmngr: Support the new WKD draft with the openpgpkey subdomain.
   94 	+ commit 458973f502b9a43ecf29e804a2c0c86e78f5927a
   95 	* dirmngr/server.c (proc_wkd_get): Implement new openpgpkey subdomain
   96 	method.
   97 
   98 2019-07-02  Werner Koch  <wk@gnupg.org>
   99 
  100 	gpg: Fallback to import with self-sigs-only on too large keyblocks.
  101 	+ commit a1f2f38dfb2ba5ed66d3aef66fc3be9b67f9b800
  102 	* g10/import.c (import_one): Rename to ...
  103 	(import_one_real): this.  Do not print and update stats on keyring
  104 	write errors.
  105 	(import_one): New.  Add fallback code.
  106 
  107 2019-07-01  Werner Koch  <wk@gnupg.org>
  108 
  109 	gpg: New import and keyserver option "self-sigs-only"
  110 	+ commit adb120e663fc5e78f714976c6e42ae233c1990b0
  111 	* g10/options.h (IMPORT_SELF_SIGS_ONLY): New.
  112 	* g10/import.c (parse_import_options): Add option "self-sigs-only".
  113 	(read_block): Handle that option.
  114 
  115 	gpg: Make read_block in import.c more flexible.
  116 	+ commit 15a425a1dfe60bd976b17671aa8e3d9aed12e1c0
  117 	* g10/import.c: Change arg 'with_meta' to 'options'.  Change callers.
  118 
  119 2019-07-01  NIIBE Yutaka  <gniibe@fsij.org>
  120 
  121 	tools: gpgconf: Killing order is children-first.
  122 	+ commit 526714806da4e50c8e683b25d76460916d58ff41
  123 	* tools/gpgconf-comp.c (gc_component_kill): Reverse the order.
  124 
  125 2019-06-24  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
  126 
  127 	spelling: Fix "synchronize"
  128 	+ commit 520f5d70e4128b61c30da2a463f6c34ca24b628e
  129 
  130 
  131 2019-06-03  Werner Koch  <wk@gnupg.org>
  132 
  133 	Return better error code for some getinfo IPC commands.
  134 	+ commit f3251023750d6bd9023dbb8373c804d7d4540a56
  135 	* agent/command.c (cmd_getinfo): Return GPG_ERR_FALSE as boolean False.
  136 	* g13/server.c (cmd_getinfo): Ditto.
  137 	* sm/server.c (cmd_getinfo): Ditto.
  138 
  139 2019-05-29  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
  140 
  141 	doc/wks.texi: fix typo.
  142 	+ commit 175d194b5d6063895ecfcfed6ed2154e4a0d1421
  143 
  144 
  145 2019-05-28  Werner Koch  <wk@gnupg.org>
  146 
  147 	Release GnuPG 2.2.16.
  148 	+ commit 3f2b7a53ddc43b3a349451d28691aaaa116786dc
  149 
  150 
  151 	dirmngr: Allow for other hash algorithms than SHA-1 in OCSP.
  152 	+ commit 5281ecbe3ae8364407d9831243b81d664b040805
  153 	* dirmngr/ocsp.c (do_ocsp_request): Remove arg md.  Add args r_sigval,
  154 	r_produced_at, and r_md.  Get the hash algo from the signature and
  155 	create the context here.
  156 	(check_signature): Allow any hash algo.  Print a diagnostic if the
  157 	signature does not verify.
  158 
  159 2019-05-27  Werner Koch  <wk@gnupg.org>
  160 
  161 	sm: Avoid confusing diagnostic for the default key.
  162 	+ commit 32210e855c460ed60505bf9be9adea33d05c40eb
  163 	* sm/certlist.c (cert_usage_p): Add arg 'silent' and change all
  164 	callers.
  165 	(gpgsm_cert_use_sign_p): Add arg 'silent' and pass to cert_usage_p.
  166 	Change all callers.
  167 	* sm/sign.c (gpgsm_get_default_cert): Set SILENT when calling
  168 	gpgsm_cert_use_sign_p
  169 
  170 	gpg: Fixed i18n markup of some strings.
  171 	+ commit ab5d7142a79e92819f5551cfc424a8ceaf0885fa
  172 	* g10/tofu.c: Removed some translation markups which either make no
  173 	sense or are not possble.
  174 
  175 	gpg: Allow deletion of subkeys with --delete-[secret-]key.
  176 	+ commit d9b31d3a20b89a5ad7e9a2158b6da63a9a37fa8a
  177 	* common/userids.c (classify_user_id): Do not set the EXACT flag in
  178 	the default case.
  179 	* g10/export.c (exact_subkey_match_p): Make static,
  180 	* g10/delkey.c (do_delete_key): Implement subkey only deleting.
  181 
  182 2019-05-27  NIIBE Yutaka  <gniibe@fsij.org>
  183 
  184 	agent: Stop scdaemon after reload when disable_scdaemon.
  185 	+ commit 9ccdd59e4e1e0b0e3b03b288f52f3c71e86a04dd
  186 	* agent/call-scd.c (agent_card_killscd): New.
  187 	* agent/gpg-agent.c (agent_sighup_action): Call agent_card_killscd.
  188 
  189 2019-05-21  Werner Koch  <wk@gnupg.org>
  190 
  191 	gpg: Do not bail on an invalid packet in the local keyring.
  192 	+ commit 30f44957ccd1433846709911798af3da4e437900
  193 	* g10/keydb.c (parse_keyblock_image): Treat invalid packet special.
  194 
  195 	gpg: Do not allow creation of user ids larger than our parser allows.
  196 	+ commit d32963eeb33fd3053d40a4e7071fb0e8b28a8651
  197 	* g10/parse-packet.c: Move max packet lengths constants to ...
  198 	* g10/packet.h: ... here.
  199 	* g10/build-packet.c (do_user_id): Return an error if too data is too
  200 	large.
  201 	* g10/keygen.c (write_uid): Return an error for too large data.
  202 
  203 2019-05-21  NIIBE Yutaka  <gniibe@fsij.org>
  204 
  205 	agent: For SSH key, don't put NUL-byte at the end.
  206 	+ commit 6e39541f4f488fe59eac399bad18c465f373a784
  207 	* agent/command-ssh.c (ssh_key_to_protected_buffer): Update
  208 	the length by the second call of gcry_sexp_sprint.
  209 
  210 2019-05-20  Werner Koch  <wk@gnupg.org>
  211 	    Matheus Afonso Martins Moreira
  212 
  213 	gpg: Do not delete any keys if --dry-run is passed.
  214 	+ commit 5c46c5f74540ad753b925b74593332ca92de47fa
  215 	* g10/delkey.c (do_delete_key): Don't delete the keyblock on dry runs.
  216 	Do not clear the ownertrust.  Do not let the agent delete the key.
  217 
  218 2019-05-17  Werner Koch  <wk@gnupg.org>
  219 
  220 	gpg: Fix using --decrypt along with --use-embedded-filename.
  221 	+ commit 1702179d91b7136661af084d7dab2e50a2857491
  222 	* g10/options.h (opt): Add flags.dummy_outfile.
  223 	* g10/decrypt.c (decrypt_message): Set this global flag instead of the
  224 	fucntion local flag.
  225 	* g10/plaintext.c (get_output_file): Ignore opt.output if that was
  226 	used as a dummy option aslong with --use-embedded-filename.
  227 
  228 	gpg: Improve the photo image viewer selection.
  229 	+ commit cd5f040a5389944dd8a05bc9c938f888581dfc8a
  230 	* g10/exec.c (w32_system): Add "!ShellExecute" special.
  231 	* g10/photoid.c (get_default_photo_command): Use the new ShellExecute
  232 	under Windows and fallbac to 'display' and 'xdg-open' in the Unix
  233 	case.
  234 	(show_photos): Flush stdout so that the output is shown before the
  235 	image pops up.
  236 
  237 2019-05-16  Werner Koch  <wk@gnupg.org>
  238 
  239 	kbx: Fix an endless loop under Windows due to an incomplete fix.
  240 	+ commit 0fff927889b075442ed7130f376118c31fda1f32
  241 	* kbx/keybox-search.c (keybox_search):  We need to seek to the last
  242 	position in all cases not just when doing a NEXT.
  243 
  244 	kbx: Fix deadlock in gpgsm on Windows due to a sharing violation.
  245 	+ commit 6f72aa821407e47ad3963e72e139f2ca2c69d9dd
  246 	* kbx/keybox-init.c (keybox_lock) [W32]: Use _keybox_close_file
  247 	instead of fclose so that a close is done if the file is opened by
  248 	another handle.
  249 	* kbx/keybox-search.c (keybox_search): Remember the last offset and
  250 	use that in NEXT search mode if we had to re-open the file.
  251 
  252 	gpgconf: Before --launch check that the config file is fine.
  253 	+ commit 3a28706cfd960ff84dda9a22aa2f160b4c2efbb5
  254 	* tools/gpgconf-comp.c (gc_component_launch): Check the conf file.
  255 	* tools/gpgconf.c (gpgconf_failure): Call log_flush.
  256 
  257 2019-05-15  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
  258 
  259 	gpg: enable OpenPGP export of cleartext keys with comments.
  260 	+ commit 9c704d9d46338769a66bfc6c378efeda3c4bd9ec
  261 	* g10/export.c (cleartext_secret_key_to_openpgp): ignore trailing
  262 	sublists in private-key S-expression.
  263 
  264 2019-05-15  Werner Koch  <wk@gnupg.org>
  265 
  266 	gpgconf: Support --homedir for --launch.
  267 	+ commit 31e26037bd727a6ee9c96ba168a55c4f9def43b6
  268 	* tools/gpgconf-comp.c (gpg_agent_runtime_change): Simplify because
  269 	gnupg_homedir already returns abd absolute name.
  270 	(scdaemon_runtime_change): Ditto.
  271 	(dirmngr_runtime_change): Ditto.
  272 	(gc_component_launch): Support --homedir.
  273 
  274 2019-05-14  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
  275 
  276 	agent: correct length for uri and comment on 64-bit big-endian platforms
  277 	+ commit 110932925ba8e0169da18d7774440f8d1fd8a344
  278 	* agent/findkey.c (agent_public_key_from_file): pass size_t as int to
  279 	gcry_sexp_build_array's %b.
  280 
  281 2019-05-14  Werner Koch  <wk@gnupg.org>
  282 
  283 	gpg: Do not print a hint to use the deprecated --keyserver option.
  284 	+ commit 8d645f1d1f2b0f4e2d3b72f2a585acac4bdd8846
  285 	* g10/keyserver.c (keyserver_search): Remove a specialized error
  286 	message.
  287 
  288 2019-05-14  NIIBE Yutaka  <gniibe@fsij.org>
  289 
  290 	g10: Fix possible null dereference.
  291 	+ commit 5b22d2c400890fc366ccb7ca74ee886d9cef22a3
  292 	* g10/armor.c (armor_filter): Access ->d in the internal loop.
  293 
  294 	build: Update m4/iconv.m4.
  295 	+ commit cf73c82e95f999bd35636b0cf4e80ed5c33fa7a8
  296 	* m4/iconv.m4: Update from gettext 0.20.1.
  297 
  298 2019-05-13  Werner Koch  <wk@gnupg.org>
  299 
  300 	gpg: Change update_keysig_packet to replace SHA-1 by SHA-256.
  301 	+ commit c1dc7a832921fdf5686d377f33db78707c0345e2
  302 	* g10/sign.c (update_keysig_packet): Convert digest algo when needed.
  303 
  304 2019-05-12  Werner Koch  <wk@gnupg.org>
  305 
  306 	sm: Fix a warning in an es_fopencooie function.
  307 	+ commit 8d0d61aca3d2713df8a33444af3658b859d72be8
  308 	* sm/certdump.c (format_name_writer): Take care of a flush request.
  309 
  310 2019-05-10  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
  311 
  312 	doc: correct documentation for gpgconf --kill.
  313 	+ commit be116f871dbf14dd44d3a7909c2a052f8979c480
  314 	* doc/tools.texi(gpgconf): Correct documentation for gpgconf --kill.
  315 
  316 	(cherry picked from commit 9662538be6afc8beee0f2654f9a8f234c5dac016)
  317 
  318 2019-05-09  Werner Koch  <wk@gnupg.org>
  319 
  320 	build: Sign all Windows binaries.
  321 	+ commit e6901c2bc802996c24335bcb35012ccb74b4ced0
  322 	* build-aux/speedo.mk (AUTHENTICODE_SIGNHOST): New.
  323 	(AUTHENTICODE_TOOL): New.
  324 	(AUTHENTICODE_FILES): New.
  325 	(installer): Sign listed files.
  326 	(AUTHENTICODE_SIGNHOST): New macro.
  327 	(sign-installer): Use that macro instead of direct use of osslsigncode.
  328 
  329 2019-05-03  Werner Koch  <wk@gnupg.org>
  330 
  331 	gpg: Use just the addrspec from the Signer's UID.
  332 	+ commit 05204b72497db093f5d2da4a2446c0264a946296
  333 	* g10/parse-packet.c (parse_signature): Take only the addrspec from a
  334 	Signer's UID subpacket.
  335 
  336 2019-04-23  NIIBE Yutaka  <gniibe@fsij.org>
  337 
  338 	po: Update Japanese Translation.
  339 	+ commit caa61fb7da6b858f038dde948d36fce5c0a85ee5
  340 
  341 
  342 2019-04-18  Andre Heinecke  <aheinecke@intevation.de>
  343 
  344 	g10: Fix double free when locating by mbox.
  345 	+ commit 35899dc2903b118620e6f9f0fa6b21c8568abbf1
  346 	* g10/getkey.c (get_best_pubkey_byname): Set new.uid always
  347 	to NULL after use.
  348 
  349 2019-04-16  NIIBE Yutaka  <gniibe@fsij.org>
  350 
  351 	common: Fix AWK portability.
  352 	+ commit ee766b2b5d646643d66d23eae478f71c0a01a343
  353 	* common/Makefile.am: Use pkg_namespace.
  354 	* common/mkstrtable.awk: Use pkg_namespace.  Regexp fix.
  355 
  356 2019-04-11  Werner Koch  <wk@gnupg.org>
  357 
  358 	gpg: Accept also armored data from the WKD.
  359 	+ commit dc4c7f65e32a0cddc075d06fa0132e099bcb6455
  360 	* g10/keyserver.c (keyserver_import_wkd): Clear NO_ARMOR.
  361 
  362 	gpg: Set a limit of 5 to the number of keys imported from the WKD.
  363 	+ commit e9fcb0361ab4ef1f6fb0ea235f1b15667932aba2
  364 	* g10/import.c (import): Limit the number of considered keys to 5.
  365 	(import_one): Return the first fingerprint in case of WKD.
  366 
  367 2019-04-02  Werner Koch  <wk@gnupg.org>
  368 
  369 	scd: Add dummy option --application-priority.
  370 	+ commit cb2065967465939f82cc585254cae0244ed94eac
  371 
  372 
  373 	dirmngr: Improve domaininfo cache update algorithm.
  374 	+ commit 48e7977709b6a56e8fd8e9f5abb9dba5ea617c33
  375 	* dirmngr/domaininfo.c (struct domaininfo_s): Add field keepmark.
  376 	(insert_or_update): Implement new update algorithm.
  377 
  378 	dirmngr: Better error code for http status 413.
  379 	+ commit 0a30ce036a615bc95382e0640d185b031f8c6a63
  380 	* dirmngr/ks-engine-hkp.c (send_request): New case for 413.
  381 	* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
  382 	* dirmngr/ocsp.c (do_ocsp_request): Ditto.
  383 
  384 2019-04-01  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
  385 
  386 	NEWS: correct typo in header.
  387 	+ commit 5b1b5be65f343d252c865d705d23b55982718f2d
  388 
  389 
  390 2019-03-27  NIIBE Yutaka  <gniibe@fsij.org>
  391 
  392 	g10: Fix symmetric cipher algo constant for ECDH.
  393 	+ commit 38c2a9a644e0bc1e2594ea437a5930982f7b8c4e
  394 	* g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for
  395 	ECC strength 384, according to RFC-6637.
  396 
  397 2019-03-27  Trevor Bentley  <trevor@yubico.com>
  398 
  399 	gpg: Don't use EdDSA algo ID for ECDSA curves.
  400 	+ commit 2f455d18ab99a1d94029d3f607ae918bd5c9fecf
  401 	* g10/keygen.c (ask_curve): Change algo ID to ECDSA if it changed from
  402 	an EdDSA curve.
  403 
  404 2019-03-26  Werner Koch  <wk@gnupg.org>
  405 
  406 	Release 2.2.15.
  407 	+ commit dc93e57226db32d5b90884dcf768d271baa6628a
  408 
  409 
  410 	sm: Allow decryption even if expired other keys are configured.
  411 	+ commit 30972d21824264aef2088d30b4f2e5ce3aca889e
  412 	* sm/gpgsm.c (main): Add special handling for bad keys in decrypt
  413 	mode.
  414 
  415 	agent: Allow other ssh fingerprint algos in KEYINFO.
  416 	+ commit 1c2fa8b6d747aa171bfef35a50754893aa80a562
  417 	* agent/command.c (cmd_keyinfo): Allow for --ssh-fpr=ALGO.  Default to
  418 	the standard algo.
  419 
  420 2019-03-25  Werner Koch  <wk@gnupg.org>
  421 
  422 	wkd: New command --print-wkd-url for gpg-wks-client.
  423 	+ commit 2f3eebf1865a85f8c09a1c052513260ed55acec6
  424 	* tools/gpg-wks-client.c (aPrintWKDURL): New.
  425 	(opts): Add option.
  426 	(main): Implement.
  427 	* tools/wks-util.c (wks_cmd_print_wkd_url): New.
  428 
  429 2019-03-25  NIIBE Yutaka  <gniibe@fsij.org>
  430 
  431 	libdns: Don't use _[A-Z] which are reserved names.
  432 	+ commit a975fd127a5d58bbbb3c585e610a54daeb423af6
  433 	* dirmngr/dns.c: Use the identifiers of "*_instance" instead of
  434 	reserved "_[A-Z]".
  435 
  436 2019-03-25  Werner Koch  <wk@gnupg.org>
  437 
  438 	wkd: New command --print-wkd-hash for gpg-wks-client.
  439 	+ commit 64621f1f40c31c7f453da98efb860ff8cf11edbc
  440 	* tools/gpg-wks-client.c (aPrintWKDHash): New.
  441 	(opts) : Add "--print-wkd-hash".
  442 	(main): Implement that command.
  443 	(proc_userid_from_stdin): New.
  444 	* tools/wks-util.c (wks_fname_from_userid): Add option HASH_ONLY.
  445 	(wks_cmd_print_wkd_hash): New.
  446 
  447 2019-03-25  Andre Heinecke  <aheinecke@gnupg.org>
  448 
  449 	sm, w32: Translate logger and status fd to handles.
  450 	+ commit b9d2759da19cb70c1f6243498480bea1d7ecaa46
  451 	* sm/gpgsm.c (main): Call translate_sys2libc_fd_int to
  452 	convert the FDs.
  453 
  454 2019-03-22  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
  455 
  456 	doc: fix formatting error.
  457 	+ commit 93782de23fe45e7f7f86140fda6de39395c3a9d8
  458 
  459 
  460 2019-03-19  Werner Koch  <wk@gnupg.org>
  461 
  462 	Release 2.2.14.
  463 	+ commit 813de13e73b01409fabff9859f24c4f23b808796
  464 
  465 
  466 2019-03-18  Ineiev  <ineiev@gnu.org>
  467 
  468 	po: Update Russian translation.
  469 	+ commit dc00947b21dcd4417a35da711c884cef5cc9fc7d
  470 
  471 
  472 2019-03-18  Werner Koch  <wk@gnupg.org>
  473 
  474 	gpg: Do not bail out on v5 keys in the local keyring.
  475 	+ commit de70a2f377c1647417fb8a2b6476c3744a901296
  476 	* g10/parse-packet.c (parse_key): Return GPG_ERR_UNKNOWN_VERSION
  477 	instead of invalid packet.
  478 	* g10/keydb.c (parse_keyblock_image): Do not map the unknown version
  479 	error to invalid keyring.
  480 	(keydb_search): Skip unknown version errors simlar to legacy keys.
  481 	* g10/keyring.c (keyring_rebuild_cache): Skip keys with unknown
  482 	versions.
  483 	* g10/import.c (read_block): Handle unknown version.
  484 
  485 	gpg: Allow import of PGP desktop exported secret keys.
  486 	+ commit 0e73214dd208fca4df26ac796416c6f25b3ae50d
  487 	* g10/import.c (NODE_TRANSFER_SECKEY): New.
  488 	(import): Add attic kludge.
  489 	(transfer_secret_keys): Add arg only_marked.
  490 	(resync_sec_with_pub_keyblock): Return removed seckeys via new arg
  491 	r_removedsecs.
  492 	(import_secret_one): New arg r_secattic.  Change to take ownership of
  493 	arg keyblock.  Implement extra secret key import logic.  Factor some
  494 	code out to ...
  495 	(do_transfer): New.
  496 	(import_matching_seckeys): New.
  497 
  498 	gpg: Avoid importing secret keys if the keyblock is not valid.
  499 	+ commit 43b23aa82be7e02414398af506986b812e2b9349
  500 	* g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by
  501 	new field TAG.
  502 	* g10/kbnode.c (alloc_node): Change accordingly.
  503 	* g10/import.c (import_one): Add arg r_valid.
  504 	(sec_to_pub_keyblock): Set tags.
  505 	(resync_sec_with_pub_keyblock): New.
  506 	(import_secret_one): Change return code to gpg_error_t.   Return an
  507 	error code if sec_to_pub_keyblock failed.  Resync secret keyblock.
  508 
  509 	gpg: During secret key import print "sec" instead of "pub".
  510 	+ commit db2d75f1ffede2ea77163b487a15e60249daffa0
  511 	* g10/keyedit.c (show_basic_key_info): New arg 'print_sec'.  Remove
  512 	useless code for "sub" and "ssb".
  513 	* g10/import.c (import_one): Pass FROM_SK to show_basic_key_info.  Do
  514 	not print the first  keyinfo in FROM_SK mode.
  515 	printing.
  516 
  517 	gpg: Simplify an interactive import status line.
  518 	+ commit 184fbf014ae537554d6939a47f07977ef0b0fe9f
  519 	* g10/cpr.c (write_status_printf): Escape CR and LF.
  520 	* g10/import.c (print_import_check): Simplify by using
  521 	write_status_printf and hexfingerprint.
  522 
  523 
  524 	Fixed one conlict in a comment.
  525 
  526 2019-03-07  NIIBE Yutaka  <gniibe@fsij.org>
  527 
  528 	libdns: Avoid using compound literals (8).
  529 	+ commit ee08a15e31284d32fb59774fc15e39107a727072
  530 	* dirmngr/dns.h (dns_quietinit): Remove.
  531 	(dns_hints_i_new): Remove.
  532 
  533 	libdns: Avoid using compound literals (7).
  534 	+ commit 4ab0fef5dc856d1f2747efab584182aa880f631c
  535 	* dirmngr/dns.h (DNS_OPTS_INIT, dns_opts): Remove.
  536 	* dirmngr/dns-stuff.c (libdns_res_open): Use zero-ed, and initialized
  537 	automatic variable for opts.
  538 	* dirmngr/dns.c (send_query, resolve_query, resolve_addrinfo):
  539 	Likewise.
  540 
  541 	libdns: Avoid using compound literals (6).
  542 	+ commit f3af1707690b070b4cbf6d761a9e5dbddbf681e9
  543 	* dirmngr/dns.h (dns_rr_i_new): Remove.
  544 	(dns_rr_i_init): Remove unused second argument.
  545 	* dirmngr/dns.c (dns_p_dump, dns_hints_query, print_packet)
  546 	(parse_packet): Use automatic variable for struct dns_rr_i.
  547 	(dns_d_cname): No need to call dns_rr_i_init after memset 0.
  548 	(dns_rr_i_init): Remove unused second argument.  Return nothing.
  549 	* dirmngr/dns-stuff.c (resolve_addr_libdns, get_dns_cert_libdns)
  550 	(getsrv_libdns): Follow the change of dns_rr_i_init.
  551 
  552 	(cherry picked from commit 6501e59d3685bb58753c9caea729a4b0eca3942a)
  553 
  554 	libdns: Avoid using compound literals (5).
  555 	+ commit 500151e6daf5fc4d6ea382b83aab3cca72b27881
  556 	* dirmngr/dns.h (dns_rr_foreach): Don't use dns_rr_i_new.
  557 	Call dns_rr_grep with NULL.
  558 	* dirmngr/dns.c (dns_rr_grep): Support NULL for error_.
  559 
  560 	libdns: Avoid using compound literals (4).
  561 	+ commit 229302aecf8deea0349e79ca0cc05f32665391b7
  562 	* dirmngr/dns.h (dns_d_new*): Remove.
  563 	* dirmngr/dns.c (parse_packet): Use dns_d_init with automatic
  564 	variable.
  565 	(parse_domain): Likewise.
  566 
  567 	(cherry picked from commit 7313a112f9c7ada61d24285313d2e2d069a672e8)
  568 
  569 	libdns: Avoid using compound literals (3).
  570 	+ commit f0de4fc990767ae5d120a523be51616b0f35f4f6
  571 	* dirmngr/dns.h (dns_p_new): Remove.
  572 	* dirmngr/dns.c (dns_hosts_query): Use dns_p_init with automatic
  573 	variable.
  574 	(dns_hints_query, dns_res_glue, parse_packet, query_hosts)
  575 	(send_query, show_hints, echo_port): Likewise.
  576 
  577 	libdns: Avoid using compound literals (2).
  578 	+ commit ff7d01fc6d396fc3b8d37baa9bd4cdebc8853648
  579 	* dirmngr/dns.h (dns_strsection1, dns_strsection3): Remove.
  580 	(dns_strclass1, dns_strclass3): Remove.
  581 	(dns_strtype1, dns_strtype3): Remove.
  582 	(dns_strsection, dns_strclass, dns_strtype): Directly use the
  583 	function.
  584 	* dirmngr/dns.c (dns_strsection): Use automatic variable.
  585 	(dns_strclass, dns_strtype): Likewise.
  586 
  587 	(cherry picked from commit 455ef62d29a112de05897139716265d07e4c6ae3)
  588 
  589 	libdns: Avoid using compound literals.
  590 	+ commit 1318d1e2d50989c66f496ede906a846859f0cf9f
  591 	* dirmngr/dns.c (dns_inet_pton, dns_so_tcp_keep): Use automatic
  592 	variables.
  593 	(dns_poll, dns_send_nopipe): Likewise, adding const qualifier.
  594 
  595 2019-03-07  Werner Koch  <wk@gnupg.org>
  596 
  597 	dirmngr: Add CSRF protection exception for protonmail.
  598 	+ commit 557c721e787e7e6d311ccb48d8aa677123061cf5
  599 	* dirmngr/http.c (same_host_p): Add exception table.
  600 
  601 	gpgtar: Make option -C work for archive creation.
  602 	+ commit 5d73c231e4f2d5994eb3be48b36517e39d66be96
  603 	* tools/gpgtar-create.c (gpgtar_create): Switch to the -C directory.
  604 
  605 	gpgtar: Improve error messages.
  606 	+ commit 2e4151a3412c3fc553fbb7ad070dfffc68a04b35
  607 	* tools/gpgtar.h (struct tarinfo_s): New.
  608 	* tools/gpgtar.c (cmd, skip_crypto, files_from, null_names): Move
  609 	global vars more to the top.
  610 	(set_cmd): Rename 'cmd' to 'c'.
  611 	* tools/gpgtar-list.c (parse_header): Add arg 'info' and improve error
  612 	messages.
  613 	(read_header): Add arg 'info' and update counter.
  614 	(skip_data): Ditto.
  615 	(gpgtar_list): Pass info object to read functions.
  616 	(gpgtar_read_header): Add arg 'info'.
  617 	* tools/gpgtar-extract.c (gpgtar_extract): add arg 'info' and pass on.
  618 	(extract_regular): Add arg 'info' and update counter.
  619 
  620 	gpg: Make invalid primary key algos obvious in key listings.
  621 	+ commit d2a7f9078a4673ec53733e4f69fd17a8f1ac962d
  622 	* g10/keylist.c (print_key_line): Print a warning for invalid algos.
  623 
  624 	sm: Print Yubikey attestation extensions with --dump-cert.
  625 	+ commit b3c8ce9e4343f1b68b9ba94bdd71b7d8e13b139a
  626 	* sm/keylist.c (oidtranstbl): Add Yubikey OIDs.
  627 	(OID_FLAG_HEX): New.
  628 	(print_hex_extn): New.
  629 	(list_cert_raw): Make use of that flag.
  630 
  631 	(cherry picked from commit 86c241a8c9a952ea8007066b70b04f435e2e483e)
  632 
  633 2019-03-07  NIIBE Yutaka  <gniibe@fsij.org>
  634 
  635 	tests: Add "disable-scdaemon" in gpg-agent.conf.
  636 	+ commit 150d5452318eafa6aa800ff3b87f8f8eb35ed203
  637 	* tests/openpgp/defs.scm: Add "disable-scdaemon".  Remove
  638 	  "scdaemon-program".
  639 	* tests/gpgme/gpgme-defs.scm, tests/gpgsm/gpgsm-defs.scm: Likewise.
  640 	* tests/inittests, tests/pkits/inittests: Add "disable-scdaemon"
  641 
  642 2019-03-07  Werner Koch  <wk@gnupg.org>
  643 
  644 	scd: Fix flushing of CA-FPR data objects.
  645 	+ commit e7eafe10197557ce874db2f049d683f90f26e0bc
  646 	* scd/app-openpgp.c (do_setattr): Add new table item to flush a
  647 	different tag.
  648 
  649 2019-03-07  NIIBE Yutaka  <gniibe@fsij.org>
  650 
  651 	agent: Support --mode=ssh option for CLEAR_PASSPHRASE.
  652 	+ commit 77a285a0a94994ee9b42289897f9bf3075c7192d
  653 	* agent/command.c (cmd_clear_passphrase): Add support for SSH.
  654 
  655 2019-03-07  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
  656 
  657 	gpgv: Improve documentation for keyring choices.
  658 	+ commit a7b2a87f940dba078867c44f1f50d46211d51719
  659 	* doc/gpgv.texi: Improve documentation for keyring choices
  660 
  661 2019-02-28  Werner Koch  <wk@gnupg.org>
  662 
  663 	sm: Don't mark a cert as de-vs compliant if it leads to SHA-1 sigs.
  664 	+ commit be69bf0cbd11cb8c0d452e07066669aacc6caafa
  665 	* sm/keylist.c (print_compliance_flags): Also check the digest_algo.
  666 	Add new arg 'cert'.
  667 
  668 2019-02-28  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
  669 
  670 	gpgsm: default to 3072-bit keys.
  671 	+ commit 121286d9d1506dbaad9ba33bae2e459814fe5849
  672 	* doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update
  673 	default to 3072 bits.
  674 	* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to
  675 	3072 bits.
  676 	* sm/certreqgen.c (proc_parameters): update default to 3072 bits.
  677 	* sm/gpgsm.c (main): print correct default_pubkey_algo.
  678 
  679 2019-02-26  Werner Koch  <wk@gnupg.org>
  680 
  681 	conf: New option --show-socket.
  682 	+ commit 92e26ade5c0d52f2e50eaf338a0bb8006e75711c
  683 	* tools/gpgconf-comp.c (gc_component_t): Move this enum to ...
  684 	* tools/gpgconf.h: here.
  685 	* tools/gpgconf.c (oShowSocket): New.
  686 	(opts): Add new option.
  687 	(main): Implement new option.
  688 
  689 2019-02-25  Werner Koch  <wk@gnupg.org>
  690 
  691 	scd: Don't let the "undefined" app cause a conflict error.
  692 	+ commit 0eb8095626be71160dfa66284a7b0a6a57cb03e3
  693 	* scd/app.c (check_conflict): Ignore "undefined".
  694 
  695 	(cherry picked from commit 5ecc7a02609dde65096ddb12e0ff8f6bce3b774a)
  696 
  697 	sm: Fix certificate creation with key on card.
  698 	+ commit 54c56230e305a38d6fd0c3bf1262172fd5fbcb87
  699 	* sm/certreqgen.c (create_request): Fix for certmode.
  700 
  701 	agent: Fix for suggested Libgcrypt use.
  702 	+ commit 0a95b153811f36739d1b20f23920bad0bb07c68b
  703 	* agent/divert-scd.c (divert_pkdecrypt): Skip a flags parameter.
  704 
  705 2019-02-25  NIIBE Yutaka  <gniibe@fsij.org>
  706 
  707 	gpgscm: Build well even if NDEBUG defined.
  708 	+ commit 8161afb9dddaba839be92fbe9d85c05235eda825
  709 	* gpgscm/scheme.c (gc_reservation_failure): Fix adding ";".
  710 	[!NDEBUG] (scheme_init_custom_alloc): Don't init seserved_lineno.
  711 
  712 2019-02-19  Neal H. Walfield  <neal@g10code.com>
  713 
  714 	gpg: Fix comparison.
  715 	+ commit 14e5435afb50dc9a9243ff3e0aed5030beba2914
  716 	* g10/gpgcompose.c (literal_name): Complain if passed zero arguments,
  717 	not one or fewer.
  718 
  719 2019-02-19  NIIBE Yutaka  <gniibe@fsij.org>
  720 
  721 	agent: Fix cancellation handling for scdaemon.
  722 	+ commit 005e951714ff62087b8c8802e05d14b7998826f3
  723 	* agent/call-scd.c (cancel_inquire): Remove.
  724 	(agent_card_pksign, agent_card_pkdecrypt, agent_card_writekey)
  725 	(agent_card_scd): Don't call cancel_inquire.
  726 
  727 	scd: Distinguish cancel by user and protocol error.
  728 	+ commit 90e5f49b6a2e002d3c67a041a076f07aeb7a7f54
  729 	* scd/apdu.h (SW_HOST_CANCELLED): New.
  730 	* scd/apdu.c (host_sw_string): Support SW_HOST_CANCELLED.
  731 	(pcsc_error_to_sw): Return SW_HOST_CANCELLED for PCSC_E_CANCELLED.
  732 	* scd/iso7816.c (map_sw): Return GPG_ERR_INV_RESPONSE for
  733 	SW_HOST_ABORTED and GPG_ERR_CANCELED for SW_HOST_CANCELLED.
  734 
  735 	common: Fix gnupg_wait_processes.
  736 	+ commit 6e422b5135c71f8fa859a3f4de51bf89e3ff5ac6
  737 	* common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
  738 	even if we already see an error.
  739 
  740 2019-02-14  Ingvar Hagelund  <ingvar@redpill-linpro.com>
  741 
  742 	po: Correct a simple typo in the Norwegian translation.
  743 	+ commit a09bba976d2f5694011a9291189a70a0f3c4caae
  744 
  745 
  746 2019-02-12  Werner Koch  <wk@gnupg.org>
  747 
  748 	Release 2.2.13.
  749 	+ commit 7922e2dd1c7eee48a8a2cf4799827942489ddd0f
  750 
  751 
  752 2019-02-11  Werner Koch  <wk@gnupg.org>
  753 
  754 	sm: In --gen-key with "key from card" show also the algorithm.
  755 	+ commit d1bee9d1efa28fa9d35b7eed1e616c6362fd044e
  756 	* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Get and show algo.
  757 
  758 	common: Provide function to get public key algo names in our format.
  759 	+ commit d29d73264f607642281fb701a17015306c8fc4d7
  760 	* common/sexputil.c (pubkey_algo_string): New.
  761 
  762 	common: New functions get_option_value and ascii_strupr.
  763 	+ commit ee8d1a9e6c09b3ecc4b46f47b79358f78d458916
  764 	* common/server-help.c (get_option_value): New.
  765 	* common/stringhelp.c (ascii_strupr): New.
  766 
  767 	scd: Make app_genkey and supporting ISO function more flexible.
  768 	+ commit 14816c798099925e47908e7ce415412d72fbe28e
  769 	* scd/app.c (app_genkey): Add arg keytype.
  770 	* scd/app-common.h (struct app_ctx_s): Fitto for the genkey member.
  771 	* scd/command.c (cmd_genkey): Adjust for change.
  772 	* scd/iso7816.c (do_generate_keypair): Replace arg read_only by new
  773 	args p1 and p2.
  774 	(iso7816_read_public_key): Adjust for this.
  775 	(iso7816_generate_keypair): Add new args p1 and p2.
  776 	* scd/app-openpgp.c (do_genkey): Adjust for changes.
  777 
  778 	scd: Fix parameter name of app_change_key.
  779 	+ commit c075274aac0ffd388df638548b75a7d90e7e929d
  780 	* scd/app-common.h (APP_GENKEY_FLAG_FORCE): New.
  781 	* scd/app.c (app_change_pin): Rename arg reset_mode to flags and
  782 	change from int to unsigned int.
  783 
  784 	scd: Allow standard keyref scheme for app-openpgp.
  785 	+ commit 6651a0640d0f1b4dd161210dc55974d9b93b7253
  786 	* scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with
  787 	"OPENPGP."
  788 
  789 	gpg: Emit an ERROR status if no key was found with --list-keys.
  790 	+ commit 14ea581a1c040b53b0ad4c51136a7948363b1e4b
  791 	* g10/keylist.c (list_one): Emit status line.
  792 
  793 2019-02-06  NIIBE Yutaka  <gniibe@fsij.org>
  794 
  795 	po: Update Japanese translation.
  796 	+ commit c16685b2f5021105ef0560cb3db68ef43bcdb9c1
  797 
  798 
  799 	agent: Clear bogus pinentry cache, when it causes an error.
  800 	+ commit 9109bb9919f84d5472b7e62e84b961414a79d3c2
  801 	* agent/agent.h (PINENTRY_STATUS_*): Expose to public.
  802 	(struct pin_entry_info_s): Add status.
  803 	* agent/call-pinentry.c (agent_askpin): Clearing the ->status
  804 	before the loop, let the assuan_transact set ->status.  When
  805 	failure with PINENTRY_STATUS_PASSWORD_FROM_CACHE, it returns
  806 	soon.
  807 	* agent/findkey.c (unprotect): Clear the pinentry cache,
  808 	when it causes an error.
  809 
  810 	dirmngr: Fix initialization of assuan's nPth hook.
  811 	+ commit 7f4c3eb0a039621c564b6095ab5f810524843157
  812 	* dirmngr/dirmngr.c (main): Move assuan_set_system_hooks to...
  813 	(thread_init): ... here.
  814 
  815 2019-01-30  Werner Koch  <wk@gnupg.org>
  816 
  817 	gpg: Allow generating Ed25519 key from an existing key.
  818 	+ commit 31d2a1eecaee766919b18bc42b918d9168f601f8
  819 	* g10/misc.c (map_pk_gcry_to_openpgp): Add EdDSA mapping.
  820 
  821 2019-01-29  Werner Koch  <wk@gnupg.org>
  822 
  823 	gpg: Implement searching keys via keygrip.
  824 	+ commit 5e5f3ca0c2e08185a236b4d04b318f81004e3223
  825 	* kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field grip.
  826 	* kbx/keybox-openpgp.c (struct keyparm_s): New.
  827 	(keygrip_from_keyparm): New.
  828 	(parse_key): Compute keygrip.
  829 	* kbx/keybox-search.c (blob_openpgp_has_grip): New.
  830 	(has_keygrip): Call it.
  831 
  832 	common: Provide some convenient OpenPGP related constants.
  833 	+ commit b78f293cf06f447d1d0a5c416ac129a4e1cf9f8c
  834 	* common/openpgpdefs.h (OPENPGP_MAX_NPKEY): New.
  835 	(OPENPGP_MAX_NSKEY): New.
  836 	(OPENPGP_MAX_NSIG): New.
  837 	(OPENPGP_MAX_NENC): New.
  838 	* g10/packet.h: Define PUBKEY_MAX using the new consts.
  839 
  840 	(cherry picked from commit f382984966a31a4cbe572bce5370590c5490ed1e)
  841 
  842 	common: New helper functions for OpenPGP curve OIDs.
  843 	+ commit dddbb26155f292fde2909ecc84b62b693b6dea49
  844 	* common/openpgp-oid.c (openpgp_oidbuf_to_str): Factor most code out
  845 	to ...
  846 	(openpgp_oidbuf_to_str): new.
  847 	(openpgp_oidbuf_is_ed25519): New.
  848 	(openpgp_oidbuf_is_cv25519): New.
  849 
  850 2019-01-22  Werner Koch  <wk@gnupg.org>
  851 
  852 	scd: Add option --clear to PASSWD.
  853 	+ commit d4082ff430afe670510d2c1c7ea66ee9ddcbe505
  854 	* scd/command.c (cmd_passwd): Add option --clear.
  855 	(send_status_printf): New.
  856 	* scd/app-common.h (APP_CHANGE_FLAG_CLEAR): New.
  857 	* scd/app-nks.c (do_change_pin): Return an error if that option is
  858 	used.
  859 	* scd/app-openpgp.c (do_change_pin): Ditto.
  860 
  861 	scd: One new and one improved 7816 function.
  862 	+ commit 9309175de8c76de44021c25c7885355ff1a9b67b
  863 	* scd/apdu.c (apdu_send_direct): New arg R_SW.
  864 	* scd/command.c (cmd_apdu): Ditto.
  865 	* scd/iso7816.c (iso7816_apdu_direct): New arg R_SW.
  866 	(iso7816_general_authenticate): New.
  867 	* scd/app-nks.c (get_chv_status, get_nks_version): Pass NULL for new
  868 	arg.
  869 
  870 	ssh: Simplify the curve name lookup.
  871 	+ commit 11a65159f997ccd69ecb9d867c1f3d0c4d8837d6
  872 	* agent/command-ssh.c (struct ssh_key_type_spec): Add field
  873 	alt_curve_name.
  874 	(ssh_key_types): Add some alternate curve names.
  875 	(ssh_identifier_from_curve_name): Lookup also bey alternative names
  876 	and return the canonical name.
  877 	(ssh_key_to_blob): Simplify the ECDSA case by using gcry_pk_get_curve
  878 	instead of the explicit mapping.
  879 	(ssh_receive_key): Likewise.  Use ssh_identifier_from_curve_name to
  880 	validate the curve name.  Remove the reverse mapping because since
  881 	GnuPG-2.2 Libgcrypt 1.7 is required.
  882 	(ssh_handler_request_identities): Log an error message.
  883 
  884 	gpg: Stop early when trying to create a primary Elgamal key.
  885 	+ commit f5d3b982e44c5cfc60e9936020102a598b635187
  886 	* g10/misc.c (openpgp_pk_test_algo2): Add extra check.
  887 
  888 2019-01-17  NIIBE Yutaka  <gniibe@fsij.org>
  889 
  890 	scd: Fix for USB INTERRUPT transfer.
  891 	+ commit 9dc76d599cd4c86d3c187d078daad1144a92564c
  892 	* scd/ccid-driver.c (intr_cb): When LIBUSB_TRANSFER_NO_DEVICE,
  893 	just handle this event as failure.
  894 
  895 2018-12-19  NIIBE Yutaka  <gniibe@fsij.org>
  896 
  897 	agent: Fix message for ACK button.
  898 	+ commit 80a08b655f8f5e7a7d78b766f1770fd474081a48
  899 	* agent/divert-scd.c (getpin_cb): Display correct message.
  900 
  901 2018-12-18  Werner Koch  <wk@gnupg.org>
  902 
  903 	Silence compiler warnings new with gcc 8.
  904 	+ commit 21fc089148678f59edb02e0e16bed65b709fb972
  905 	* dirmngr/dns.c: Include gpgrt.h.  Silence -Warray-bounds also gcc.
  906 	* tests/gpgscm/scheme.c: Include gpgrt.h.
  907 	(Eval_Cycle): Ignore -Wimplicit-fallthrough.
  908 
  909 	wks: Do not use compression for the encrypted data.
  910 	+ commit 16424d8a34c7f6af1071fd19dfc180cb7d17c052
  911 	* tools/gpg-wks-client.c (encrypt_response): Add arg -z0.
  912 	* tools/gpg-wks-server.c (encrypt_stream): Ditto.
  913 
  914 2018-12-18  NIIBE Yutaka  <gniibe@fsij.org>
  915 
  916 	po: Update Japanese translation.
  917 	+ commit ae9159e0685098ee97d6f526666524423f4a0fff
  918 
  919 
  920 	scd: Support "acknowledge button" feature.
  921 	+ commit ffe31f405f9b5e4929e95c3d66c613052cb7727e
  922 	* scd/apdu.c (set_prompt_cb): New member function.
  923 	(set_prompt_cb_ccid_reader): New function.
  924 	(open_ccid_reader): Initialize with set_prompt_cb_ccid_reader.
  925 	(apdu_set_prompt_cb): New.
  926 	* scd/app.c (lock_app, unlock_app): Add call to apdu_set_prompt_cb.
  927 	* ccid-driver.c (ccid_set_prompt_cb): New.
  928 	(bulk_in): Call ->prompt_cb when timer extension.
  929 	* scd/command.c (popup_prompt): New.
  930 
  931 	agent: Support --ack option for POPUPPINPADPROMPT.
  932 	+ commit e6be36ee8854dc343a5e0f914991da3da360b513
  933 	* agent/divert-scd.c (getpin_cb): Support --ack option.
  934 
  935 2018-12-14  Werner Koch  <wk@gnupg.org>
  936 
  937 	Release 2.2.12.
  938 	+ commit 7d8f4ee7cf56eda988acdc909160cbac71bff18a
  939 
  940 
  941 2018-12-11  Werner Koch  <wk@gnupg.org>
  942 
  943 	agent: Make the S2K calibration time runtime configurable.
  944 	+ commit de29a50e7c8a779ac0832a149bcf3eb2c4191dc9
  945 	* agent/protect.c (s2k_calibration_time): New file global var.
  946 	(calibrate_s2k_count): Use it here.
  947 	(get_calibrated_s2k_count): Replace function static var by ...
  948 	(s2k_calibrated_count): new file global var.
  949 	(set_s2k_calibration_time): New function.
  950 	* agent/gpg-agent.c (oS2KCalibration): New const.
  951 	(opts): New option --s2k-calibration.
  952 	(parse_rereadable_options): Parse that option.
  953 
  954 2018-12-11  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
  955 
  956 	agent: compile-time configuration of s2k calibration.
  957 	+ commit 0cf0f3aaf835d29848f1485df357606254ba6fad
  958 	* configure.ac: add --with-agent-s2k-calibration=MSEC, introduces
  959 	AGENT_S2K_CALIBRATION (measured in milliseconds)
  960 	* agent/protect.c (calibrate_s2k_count): Calibrate based on
  961 	AGENT_S2K_CALIBRATION.
  962 
  963 	(cherry picked from commit 926d07c5fa05de05caef3a72b6fe156606ac0549)
  964 
  965 2018-12-11  Werner Koch  <wk@gnupg.org>
  966 
  967 	dirmngr: Retry another server from the pool on 502, 503, 504.
  968 	+ commit e5abdb6da7fa7cd4d146c7285b160277511bc230
  969 	* dirmngr/ks-engine-hkp.c (handle_send_request_error): Add arg
  970 	http_status and handle it.
  971 	(ks_hkp_search): Get http_status froms end_request and pass on to
  972 	handle_send_request_error.
  973 	(ks_hkp_get): Ditto.
  974 	(ks_hkp_put): Ditto.
  975 
  976 	dirmngr: New function http_status2string.
  977 	+ commit b9d71ea64a694582739c18cfef9621b36d5371e9
  978 	* dirmngr/http.c (http_status2string): New.
  979 
  980 	gpg: In search-keys return "Not found" instead of "No Data".
  981 	+ commit f7ff25edadd474f83fccba6fd3c410eb8358bb22
  982 	* g10/keyserver.c (keyserver_search): Check for NO_DATA.
  983 
  984 2018-12-11  Tomi Leppänen  <tomi.leppanen@jolla.com>
  985 
  986 	tools: Use POSIX compatible arguments for find.
  987 	+ commit dfcc5e6d3ec91f547feb78e442946e729b49878c
  988 	* tools/addgnupghome (filelist): Remove bashism.
  989 
  990 2018-12-06  NIIBE Yutaka  <gniibe@fsij.org>
  991 
  992 	scd: Make "learn" report about KDF data object.
  993 	+ commit d4bc8051525a33b28b1e33daf35d79c1d6cd9c41
  994 	* scd/app-openpgp.c (do_learn_status): Report KDF attr.
  995 	* g10/card-util.c (current_card_status): Output KDF for with_colons.
  996 
  997 	card: Display if KDF is enabled or not.
  998 	+ commit 751ff784e5316470f266750d299ae857ad7840d8
  999 	* g10/call-agent.h (kdf_do_enabled): New field.
 1000 	* g10/call-agent.c (learn_status_cb): Set kdf_do_enabled if available.
 1001 	* g10/card-util.c (current_card_status): Inform the availability.
 1002 
 1003 	g10: Fix memory leak for --card-status.
 1004 	+ commit 293001e2c6f0e228ff7f1b6a3e2606ae1370a5d5
 1005 	* g10/card-util.c (card_status): Release memory of serial number.
 1006 
 1007 2018-12-05  NIIBE Yutaka  <gniibe@fsij.org>
 1008 
 1009 	g10: Fix print_pubkey_info new line output.
 1010 	+ commit c5aba093b86e7d69b34ddcf55130f8f21e889b5c
 1011 	* g10/keylist.c (print_pubkey_info): Reverse the condition.
 1012 
 1013 2018-12-05  Werner Koch  <wk@gnupg.org>
 1014 
 1015 	gpg: New list-option "show-only-fpr-mbox".
 1016 	+ commit 9b538451682c704b4036c0ecdb7e6b0ef8570016
 1017 	* g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox".
 1018 	* g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New.
 1019 	* g10/keylist.c (list_keyblock_simple): New.
 1020 	(list_keyblock): Call it.
 1021 	(list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX
 1022 	mode.
 1023 
 1024 	wks: Fix filter expression syntax flaw.
 1025 	+ commit 80bf1f8901dcbbb2cb6cacc11cca98705ce8f59d
 1026 	* tools/wks-util.c (wks_get_key, wks_filter_uid): The filter
 1027 	expression needs a space before the value.
 1028 	(install_key_from_spec_file): Replace es_getline by es_read_line and
 1029 	remove debug output.
 1030 
 1031 	wks: Allow reading of --install-key arguments from stdin.
 1032 	+ commit b6fd60dfa1709f162c25eb72cf8c45d0ab9bf34f
 1033 	* tools/wks-util.c (install_key_from_spec_file): New.
 1034 	(wks_cmd_install_key): Call it.
 1035 	* tools/gpg-wks-client.c (main): Allow --install-key w/o arguments.
 1036 	* tools/gpg-wks-server.c (main): Ditto.
 1037 
 1038 	(cherry picked from commit ba46a359b9d6549b74ec8401ea39bad434d87564)
 1039 
 1040 	wks: Create sub-directories.
 1041 	+ commit bf29d7c822264a40f1469c7b5024d93b955a3a1e
 1042 	* tools/wks-util.c (wks_compute_hu_fname): Stat and create directory
 1043 	if needed.
 1044 
 1045 	(cherry picked from commit 73e5b0ec9b9ba5e04e55f8c42d81e23df7c3afe0)
 1046 
 1047 	wks: Add new commands --install-key and --remove-key to the client.
 1048 	+ commit 5b4aa8c6d4abfa3135ec3ab23decf9bdd624df3e
 1049 	* tools/gpg-wks-client.c (aInstallKey, aRemoveKey, oDirectory): New.
 1050 	(opts): Add "--install-key", "--remove-key" and "-C".
 1051 	(parse_arguments): Parse them.
 1052 	(main): Check that the given directory exists.  Implement the new
 1053 	commands.
 1054 
 1055 	wks: Move a few server functions to wks-util.
 1056 	+ commit 51b722c6f57b80a3b9caa417b7a74e7fab80043f
 1057 	* tools/gpg-wks-server.c (write_to_file): Move to ...
 1058 	* tools/wks-util.c: here.
 1059 	* tools/gpg-wks-server.c (compute_hu_fname): Move to ...
 1060 	* tools/wks-util.c (wks_compute_hu_fname): here.
 1061 	* tools/gpg-wks-server.c (fname_from_userid): Move to ...
 1062 	* tools/wks-util.c (wks_fname_from_userid): here.
 1063 	* tools/gpg-wks-server.c (command_install_key): Move to ...
 1064 	* tools/wks-util.c (wks_cmd_install_key): here and change caller.
 1065 	* tools/gpg-wks-server.c (command_remove_key): Move to ...
 1066 	* tools/wks-util.c (wks_cmd_remove_key): here and change callers.
 1067 
 1068 	(cherry picked from commit 99094c992c20dd22971beb3527cfda109cd1df89)
 1069 
 1070 2018-12-05  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
 1071 
 1072 	g10/mainproc: disable hash contexts when --skip-verify is used.
 1073 	+ commit 6008410e512cb74a4a2ad3f6e3fce4669e4f7e2c
 1074 	* g10/mainproc.c (proc_plaintext): Do not enable hash contexts when
 1075 	opt.skip_verify is set.
 1076 
 1077 	common/iobuf: fix memory wiping in iobuf_copy.
 1078 	+ commit ebd434a45eefd34bd9d9f875f22a74a47b88dd5f
 1079 	* common/iobuf.c (iobuf_copy): Wipe used area of buffer instead of
 1080 	first sizeof(char*) bytes.
 1081 
 1082 	common: Use platform memory zeroing function for wipememory.
 1083 	+ commit 21fdef6963539680a16b68b7536378bdaa8dea85
 1084 	* common/mischelp.h (wipememory): Replace macro with function
 1085 	prototype.
 1086 	(wipememory2): Remove.
 1087 	* common/mischelp.c (wipememory): New.
 1088 	* configure.ac (AC_CHECK_FUNCS): Check for 'explicit_bzero' and
 1089 	remove duplicated checks.
 1090 
 1091 2018-12-05  Werner Koch  <wk@gnupg.org>
 1092 
 1093 	gpg: Improve error message about failed keygrip computation.
 1094 	+ commit edeebe0a6b9a49d2291d6351d52c5bc688d24cff
 1095 	* g10/keyid.c (keygrip_from_pk): Print the fingerprint on failure.
 1096 
 1097 	(cherry picked from commit cd64af003d4b6b46b69dbd575f73d53359ae0bcc)
 1098 
 1099 2018-11-23  Werner Koch  <wk@gnupg.org>
 1100 
 1101 	dirmngr: Avoid possible CSRF attacks via http redirects.
 1102 	+ commit 4a4bb874f63741026bd26264c43bb32b1099f060
 1103 	* dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path.
 1104 	(http_redir_info_t): New.
 1105 	* dirmngr/http.c (do_parse_uri): Set new fields.
 1106 	(same_host_p): New.
 1107 	(http_prepare_redirect): New.
 1108 	* dirmngr/t-http-basic.c: New test.
 1109 	* dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect
 1110 	instead of the open code.
 1111 	* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
 1112 
 1113 2018-11-12  Andre Heinecke  <aheinecke@intevation.de>
 1114 
 1115 	dirmngr: Add FLUSHCRLs command.
 1116 	+ commit 00321a025f90990a71b60b4689ede1f38fbde347
 1117 	Summary:
 1118 	* dirmngr/crlcache.c (crl_cache_flush): Also deinit the cache.
 1119 	* dirmngr/server.c (hlp_flushcrls, cmd_flushcrls): New.
 1120 	(register_commands): Add FLUSHCRLS.
 1121 
 1122 2018-11-06  Werner Koch  <wk@gnupg.org>
 1123 
 1124 	Release 2.1.11.
 1125 	+ commit cb46b787571ef149856be03b8c3481bb79871698
 1126 
 1127 
 1128 2018-11-06  NIIBE Yutaka  <gniibe@fsij.org>
 1129 
 1130 	g10: Fix print_keygrip for smartcard.
 1131 	+ commit 627839ea88da11a9e8d033e3c91bdf5a048b15c3
 1132 	* g10/card-util.c (print_keygrip): Use tty_fprintf.
 1133 
 1134 2018-11-05  Werner Koch  <wk@gnupg.org>
 1135 
 1136 	wks: New option --with-colons for gpg-wks-client.
 1137 	+ commit 66e0bd37ee3dd5ab534b2664493576ef6ad15a08
 1138 	* tools/gpg-wks.h (opt): Add field with_colons.
 1139 	* tools/gpg-wks-client.c (oWithColons): New const.
 1140 	(opts, parse_arguments): Add option --with-colons.
 1141 	(main): Change aSupported to take several domains in --with-colons
 1142 	mode.
 1143 	(command_send): Factor policy getting code out to ...
 1144 	(get_policy_and_sa): New function.
 1145 	(command_supported): Make use of new function.
 1146 
 1147 	speedo: Remove obsolete configure option of gpgme.
 1148 	+ commit 593895a5e495c4647efa7db164356f3cae3d5759
 1149 	* build-aux/speedo.mk (speedo_pkg_gpgme_configure): Remove
 1150 	--disable-w32-qt option.
 1151 
 1152 	dirmngr: In verbose mode print the OCSP responder id.
 1153 	+ commit 50756927ce6247abc2fadefbc76c58b75c8a7586
 1154 	* dirmngr/ocsp.c (ocsp_isvalid): Print the responder id.
 1155 
 1156 	(cherry picked from commit 0a7f446c189201ca6e527af08b44da756b343209)
 1157 
 1158 	tools: Replace duplicated code in mime-maker.
 1159 	+ commit d5f540e7a9b3a723ba787e3a587fcd1b0948f105
 1160 	* tools/rfc822parse.c (HEADER_NAME_CHARS): New.  Taken from
 1161 	mime-maker.c.
 1162 	(rfc822_valid_header_name_p): New.  Based on code from mime-maker.c.
 1163 	(rfc822_capitalize_header_name): New.  Copied from mime-maker.c.
 1164 	(capitalize_header_name): Remove.  Replace calls by new func.
 1165 	(my_toupper, my_strcasecmp): New.
 1166 	* tools/mime-maker.c: Include rfc822parse.h.
 1167 	(HEADER_NAME_CHARS, capitalize_header_name): Remove.
 1168 	(add_header): Replace check and capitalization by new functions.
 1169 
 1170 	gpg: Don't take the a TOFU trust model from the trustdb,
 1171 	+ commit 82cd7556fdce989aaacf91e0d369a62e4652f224
 1172 	* g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model.
 1173 	(create_version_record): Don't init as TOFU.
 1174 	(tdbio_db_matches_options): Don't indicate a change in case TOFU is
 1175 	stored in an old trustdb file.
 1176 
 1177 	dirmngr: Emit SOURCE status also on NO_DATA.
 1178 	+ commit ab7a907a184f37ddafaa0dc7200c76b735ba4853
 1179 	* dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on
 1180 	NO DATA error.
 1181 	(ks_hkp_get): Ditto.
 1182 	* g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info
 1183 	also on error.
 1184 	(gpg_dirmngr_ks_get): Ditto.
 1185 
 1186 	dirmngr: Fix LDAP port parsing.
 1187 	+ commit 5ab58d3001b0342aecaf691b1af70b1f76426f55
 1188 	* dirmngr/misc.c (host_and_port_from_url): Fix bad port parsing and a
 1189 	segv for a missing slash after the host name.
 1190 
 1191 2018-10-26  Werner Koch  <wk@gnupg.org>
 1192 
 1193 	build: By default build wks-tools on all Unix platforms.
 1194 	+ commit 8a33d5c9c699d2145d39b362d580df67571c5f36
 1195 	(cherry picked from commit b83fed64f8051279a8f36e024c1f12f7f13c4716)
 1196 
 1197 	wkd: Add option --directory to the server.
 1198 	+ commit 839426104a0c829f0182b22048fdc51cf295beb7
 1199 	* tools/gpg-wks-server.c (opts): Add '--directory',
 1200 	(main): Explain how to set correct permissions.
 1201 	(command_list_domains): Create an empty policy file and remove the
 1202 	warning for an empty policy file.
 1203 
 1204 2018-10-25  Werner Koch  <wk@gnupg.org>
 1205 
 1206 	dirmngr: Fix out of scope use of a var in the keyserver LDAP code.
 1207 	+ commit 26ebb15bec897a105b248680c1ddf1806592b1eb
 1208 	* dirmngr/ks-engine-ldap.c (extract_attributes): Don't use a variabale
 1209 	out of scope and cleanup the entire pgpKeySize block.
 1210 
 1211 2018-10-24  Werner Koch  <wk@gnupg.org>
 1212 
 1213 	agent: Fix possible uninitalized use of CTX in simple_pwquery.
 1214 	+ commit e53253485cd7ceb7012505a629d2cd997167ccab
 1215 	* common/simple-pwquery.c (agent_open): Clear CTX even on early error.
 1216 
 1217 	agent: Fix possible release of unitialize var in a genkey error case.
 1218 	+ commit 62c75271173f83c5770576aae7b84f55a9ccbc16
 1219 	* agent/command.c (cmd_genkey): Initialize 'value'.
 1220 
 1221 	ssh: Fix possible infinite loop in case of an read error.
 1222 	+ commit 147e59b7815daafb32b570a96f1d1925d0f37008
 1223 	* agent/command-ssh.c (ssh_handler_add_identity): Handle other errors
 1224 	than EOF.
 1225 
 1226 	tools: Fix FILE memory leak in gpg-connect-agent.
 1227 	+ commit f1561e5196e54f11b18050eeaeda50e786d188c2
 1228 	* tools/gpg-connect-agent.c (do_open): dup the fileno and close the
 1229 	stream.
 1230 
 1231 	(cherry picked from commit 378719f25fe00d46393541f4a4f79e04484c3000)
 1232 
 1233 	sm: Use the correct string in an error message.
 1234 	+ commit 1b9b0fc54b9bcd5eb1e63816bd3222d7ac7572a7
 1235 	* sm/gpgsm.c (main): Fix error message.
 1236 
 1237 2018-10-24  Andre Heinecke  <aheinecke@intevation.de>
 1238 
 1239 	dirmngr: Only print info for no ldapserver file.
 1240 	+ commit 01baee2b0ef4f81ac6ffa55480e91168dd27b430
 1241 	* dirmngr/dirmngr.c (parse_ldapserver_file): Only print info
 1242 	for ENOENT.
 1243 
 1244 2018-10-23  Andre Heinecke  <aheinecke@intevation.de>
 1245 
 1246 	sm: Fix dirmngr loadcrl for intermediate certs.
 1247 	+ commit 6b36c16f77722d17f4f317c788701cbc1e9552b2
 1248 	* sm/call-dirmngr.c (run_command_inq_cb): Support ISTRUSTED.
 1249 	(inq_certificate): Distinguish unsupported inquiry error.
 1250 
 1251 2018-10-22  Werner Koch  <wk@gnupg.org>
 1252 
 1253 	dirmngr: Prepare for updated WKD specs with ?l= param.
 1254 	+ commit a2bd4a64e5b057f291a60a9499f881dd47745e2f
 1255 	* dirmngr/server.c (proc_wkd_get): Tack the raw local address to the
 1256 	request.
 1257 
 1258 	gpg: Fix extra check for sign usage of a data signature.
 1259 	+ commit b0d6e26bf3c8decaa568c9e4a5b2451d9af0b25b
 1260 	* g10/sig-check.c (check_signature_end_simple):
 1261 
 1262 2018-10-15  NIIBE Yutaka  <gniibe@fsij.org>
 1263 
 1264 	scd: Fix signing authentication status.
 1265 	+ commit 7e2b0488d13561be2b754e28801de654747a8dcc
 1266 	* scd/app-openpgp.c (do_sign): Clear DID_CHV1 after signing.
 1267 
 1268 2018-10-02  NIIBE Yutaka  <gniibe@fsij.org>
 1269 
 1270 	common: Fix gnupg_reopen_std.
 1271 	+ commit 8f844ae1cd16e27ad07d45784b1f0ff2917da2b8
 1272 	* common/sysutils.c (gnupg_reopen_std): Use fcntl instead of fstat.
 1273 
 1274 2018-09-10  NIIBE Yutaka  <gniibe@fsij.org>
 1275 
 1276 	common: Use iobuf_get_noeof to avoid undefined behaviors.
 1277 	+ commit 0383e7fed7b2a45c7f0ae4c11415c6a9a3a3ddb7
 1278 	* common/iobuf.c (block_filter): Use iobuf_get_noeof.
 1279 
 1280 	agent: Fix error code check from npth_mutex_init.
 1281 	+ commit 213379debe5591dad6339aa95aa7282e0de620f9
 1282 	* agent/call-pinentry.c (initialize_module_call_pinentry): It's an
 1283 	error when npth_mutex_init returns non-zero.
 1284 
 1285 2018-09-07  NIIBE Yutaka  <gniibe@fsij.org>
 1286 
 1287 	g10: Fix memory leak.
 1288 	+ commit 91f8a9b33a1282cbf00cb4b71b177088f0d923d7
 1289 	* g10/import.c (read_block): Call free_packet to skip the packet.
 1290 
 1291 2018-09-06  NIIBE Yutaka  <gniibe@fsij.org>
 1292 
 1293 	Fix use of strncpy, which is actually good to use memcpy.
 1294 	+ commit f0fdee2e24a25f57a84e1684984ce3921d923e0a
 1295 	* common/ssh-utils.c (get_fingerprint): Use memcpy.
 1296 	* g10/build-packet.c (string_to_notation): Use memcpy.
 1297 
 1298 2018-08-30  Werner Koch  <wk@gnupg.org>
 1299 
 1300 	Release 2.2.10.
 1301 	+ commit 24697074f44c18eeeedbc1e09d35f56504c57a1f
 1302 
 1303 
 1304 2018-08-30  Ineiev  <ineiev@gnu.org>
 1305 
 1306 	po: Update Russian translation.
 1307 	+ commit 2f5ba3a6c19b7a514488be01b7683287d74545d3
 1308 
 1309 
 1310 2018-08-29  Werner Koch  <wk@gnupg.org>
 1311 
 1312 	gpg: Explain error message in key generation with --batch.
 1313 	+ commit a9931b3c052ee9025705a8ef1f0cdd5f20aeda70
 1314 	* g10/keygen.c (generate_keypair): Show more info.
 1315 
 1316 	gpg: Remove unused function get_pubkeys.
 1317 	+ commit 719fc941b6eceb75c2326335d9d73011823ff3f9
 1318 	* g10/getkey.c (get_pubkeys): Remove.
 1319 	(pubkey_free): Remove and use code directly ...
 1320 	(pubkeys_free): ... here.
 1321 
 1322 	(cherry picked from commit ed8fe21e6612401846fc4af8631f0136dc633c67)
 1323 
 1324 	gpg: New option --known-notation.
 1325 	+ commit a59a9962f48f828ea7d22362dfa6d82841551110
 1326 	* g10/gpg.c (oKnownNotation): New const.
 1327 	(opts): Add option --known-notation.
 1328 	(main): Set option.
 1329 	* g10/parse-packet.c (known_notations_list): New local var.
 1330 	(register_known_notation): New.
 1331 	(can_handle_critical_notation): Rewrite to handle the new feature.
 1332 	Also print the name of unknown notations in verbose mode.
 1333 
 1334 2018-08-28  Ineiev  <ineiev@gnu.org>
 1335 
 1336 	po: Update Russian translation.
 1337 	+ commit b02ad56a9041273df58ded4cc70cf5ffa9e58c16
 1338 
 1339 
 1340 2018-08-28  Werner Koch  <wk@gnupg.org>
 1341 
 1342 	assuan: Fix exponential decay for first second.
 1343 	+ commit 38eb7c360bc4867cbaf37e3c2c0865bc6452ba4a
 1344 	* common/asshelp.c (wait_for_sock): Round SECSLEFT.
 1345 	* dirmngr/dirmngr.c (main): Take care of --debug-wait also in dameon
 1346 	mode.
 1347 	* common/sysutils.c (gnupg_usleep) [HAVE_NANOSLEEP]: Fix nanosleep use.
 1348 
 1349 2018-08-28  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 1350 
 1351 	assuan: Use exponential decay for first 1s of spinlock.
 1352 	+ commit 1189df2cd7d4b6896ba22aa204c159ff2a425ead
 1353 	* common/asshelp.c (wait_for_sock): instead of checking the socket
 1354 	every second, we check 10 times in the first second (with exponential
 1355 	decay).
 1356 
 1357 	assuan: Reorganize waiting for socket.
 1358 	+ commit a22a55b994e06dd06157fbdabf5a402d8daf69c2
 1359 	* common/asshelp.c (wait_for_sock): New function, collecting
 1360 	codepaths from...
 1361 	(start_new_gpg_agent) here and...
 1362 	(start_new_dirmngr) here.
 1363 
 1364 2018-08-28  Werner Koch  <wk@gnupg.org>
 1365 
 1366 	gpg: Refresh expired keys originating from the WKD.
 1367 	+ commit 0709f358cd13abc82e0f97f055fcaa712f0fd44f
 1368 	* g10/getkey.c (getkey_ctx_s): New field found_via_akl.
 1369 	(get_pubkey_byname): Set it.
 1370 	(only_expired_enc_subkeys): New.
 1371 	(get_best_pubkey_byname): Add support to refresh expired keys from the
 1372 	WKD.
 1373 
 1374 	gpg: Remove unused arg from a function.
 1375 	+ commit 11a9fe1c5820b97d7e0f4b3e91f016df9dc466a9
 1376 	* g10/getkey.c (get_best_pubkey_byname): Remove unused arg 'no_akl'.
 1377 	Change both callers.
 1378 
 1379 	(cherry picked from commit db67ccb759426c1173761574b14bdfe6a76394c2)
 1380 
 1381 2018-08-10  NIIBE Yutaka  <gniibe@fsij.org>
 1382 
 1383 	g10: Fix undefined behavior when EOF in parsing packet for S2K.
 1384 	+ commit 822c633845066756b6442ca67b93b4b5c4316ca0
 1385 	* g10/parse-packet.c (parse_symkeyenc): Use iobuf_get_noeof.
 1386 	(parse_key): Likewise.
 1387 
 1388 2018-07-29  Werner Koch  <wk@gnupg.org>
 1389 
 1390 	gpg: Set a limit for a WKD import of 256 KiB.
 1391 	+ commit f1c0d9bb6506eee6a3ad93ef432fe6aa5b72aabd
 1392 	* g10/call-dirmngr.c (MAX_WKD_RESULT_LENGTH): New.
 1393 	(gpg_dirmngr_wkd_get): Use it.
 1394 
 1395 	dirmngr: Validate SRV records in WKD queries.
 1396 	+ commit 8a98aa25bb4bdbfe53afd4534f6624454ca01ab0
 1397 	* dirmngr/server.c (proc_wkd_get): Check the returned SRV record names
 1398 	to mitigate rogue DNS servers.
 1399 
 1400 	common: New function to validate domain names.
 1401 	+ commit 4f59187a17f16d559e37a375501a0add1ca7eee8
 1402 	* common/mbox-util.c (is_valid_domain_name): New.
 1403 	* common/t-mbox-util.c (run_dns_test): New test.
 1404 
 1405 	(cherry picked from commit ddee9f9409fb5a089883eab0fadef7b9b7e61e72)
 1406 
 1407 2018-07-29  Jiří Keresteš  <jiri.kerestes@trustica.cz>
 1408 
 1409 	scd: Add support for Trustica Cryptoucan.
 1410 	+ commit d43248af9242d30e95f58285e4f2a2e927aae937
 1411 	(cherry picked from commit 967d3649d24aba623133808e8d01675dff389fbb)
 1412 
 1413 2018-07-12  Werner Koch  <wk@gnupg.org>
 1414 
 1415 	Release 2.2.9.
 1416 	+ commit 2b82db61ccfe57d077dff43e0d732b51c73e1a45
 1417 
 1418 
 1419 2018-07-09  Werner Koch  <wk@gnupg.org>
 1420 
 1421 	gpg: Remove multiple subkey bindings during export-clean.
 1422 	+ commit 61562fe00027a4263f53661ad279072bd0b0133e
 1423 	* g10/key-clean.c (clean_one_subkey_dupsigs): New.
 1424 	(clean_all_subkeys): Call it.
 1425 
 1426 	gpg: Let export-clean remove expired subkeys.
 1427 	+ commit 8055f186a32e628028de897b7ee4705cd8e999b7
 1428 	* g10/key-clean.h (KEY_CLEAN_NONE, KEY_CLEAN_INVALID)
 1429 	(KEY_CLEAN_ENCR, KEY_CLEAN_AUTHENCR, KEY_CLEAN_ALL): New.
 1430 	* g10/key-clean.c (clean_one_subkey): New.
 1431 	(clean_all_subkeys): Add arg CLEAN_LEVEL.
 1432 	* g10/import.c (import_one): Call clean_all_subkeys with
 1433 	KEY_CLEAN_NONE.
 1434 	* g10/export.c (do_export_stream): Call clean_all_subkeys depedning on
 1435 	the export clean options.
 1436 
 1437 	gpg: Split key cleaning function for clarity.
 1438 	+ commit 046276db3a04f1907ddcf77c3771832613918226
 1439 	* g10/key-clean.c (clean_key): Rename to clean_all_uids and split
 1440 	subkey cleaning into ...
 1441 	(clean_all_subkeys): new.  Call that always after the former clean_key
 1442 	invocations.
 1443 
 1444 	gpg: Move key cleaning functions to a separate file.
 1445 	+ commit 40bf383f72b5629de739e30c9c35bbcb628273e8
 1446 	* g10/trust.c (mark_usable_uid_certs, clean_sigs_from_uid)
 1447 	(clean_uid_from_key, clean_one_uid, clean_key): Move to ...
 1448 	* g10/key-clean.c: new file.
 1449 	* g10/key-clean.h: New.
 1450 	* g10/Makefile.am (gpg_sources): Add new files.
 1451 	* g10/export.c, g10/import.c, g10/keyedit.c, g10/trustdb.c: Include
 1452 	new header.
 1453 	* g10/trustdb.h (struct key_item, is_in_klist): Move to ...
 1454 	* g10/keydb.h: here.
 1455 
 1456 2018-07-06  Werner Koch  <wk@gnupg.org>
 1457 
 1458 	gpg: Allow decryption using several passphrases in may cases.
 1459 	+ commit b4599a0449ead7dc5c0d922aa78b6168e625e15e
 1460 	* g10/mainproc.c (symkey_decrypt_seskey): Check for a valid algorithm.
 1461 	(proc_symkey_enc): Clear passpharse on error from above function.
 1462 
 1463 2018-07-05  Werner Koch  <wk@gnupg.org>
 1464 
 1465 	po: Add flag options for xgettext.
 1466 	+ commit 833738a316977ee774399bd658d535216dff22e9
 1467 	* po/Makevars (XGETTEXT_OPTIONS): Add --flag options.
 1468 
 1469 	gpg: Prepare for signatures with ISSUER_FPR but without ISSUER.
 1470 	+ commit 221af19351addcdc28a1cd533c8628cfa3841671
 1471 	* g10/getkey.c (get_pubkey_for_sig): New.
 1472 	(get_pubkeyblock_for_sig): New.
 1473 	* g10/mainproc.c (issuer_fpr_raw): Give global scope.
 1474 	(check_sig_and_print): Use get_pubkeyblock_for_sig.
 1475 	* g10/pkclist.c (check_signatures_trust): Use get_pubkey_for_sig.
 1476 	* g10/sig-check.c (check_signature2): Ditto.
 1477 	(check_signature_over_key_or_uid): Ditto.
 1478 
 1479 2018-07-04  Andre Heinecke  <aheinecke@intevation.de>
 1480 
 1481 	po: Fix bug in german translation.
 1482 	+ commit 063cf45c142f33815bc0f31d0fb3e1b25ca57b8c
 1483 	* po/de.po (decryption forced to fail!): Fix translation.
 1484 
 1485 2018-07-04  Werner Koch  <wk@gnupg.org>
 1486 
 1487 	gpg: Ignore too large user ids during import.
 1488 	+ commit cb6b925f94b42c91fe8a7ed8bb22d98984538efc
 1489 	* g10/import.c (read_block): Add special treatment for bad user ids
 1490 	and comment packets.
 1491 
 1492 	gpg: Extra check for sign usage when verifying a data signature.
 1493 	+ commit ef50fdf82a459894ed3da7b9be83f89658f1eaba
 1494 	* g10/sig-check.c (check_signature_end_simple): Check sign usage.
 1495 
 1496 2018-07-03  Werner Koch  <wk@gnupg.org>
 1497 
 1498 	gpg: Print revocation reason for "rev" records.
 1499 	+ commit 04fb76684d8b2c9cda2e5c35bad6edec521cffa5
 1500 	* g10/main.h: Add prototype.
 1501 	* g10/keylist.c (list_keyblock_print): Print revocation info.
 1502 	(list_keyblock_colon): Ditto.
 1503 
 1504 	* g10/test-stubs.c (get_revocation_reason): New stub.
 1505 	* g10/gpgv.c (get_revocation_reason): New stub.
 1506 
 1507 	gpg: Print revocation reason for "rvs" records.
 1508 	+ commit a8e24addcc4e0fdff7d07acdd7e13bf6febf97d2
 1509 	* g10/import.c (get_revocation_reason): New.
 1510 	(list_standalone_revocation): Extend function.
 1511 
 1512 	gpg: Let --show-keys print revocation certificates.
 1513 	+ commit 5c67ee160d4969b1ef94642ac602e1aed4d9a6d7
 1514 	* g10/import.c (list_standalone_revocation): New.
 1515 	(import_revoke_cert): Call new function.
 1516 
 1517 2018-07-03  NIIBE Yutaka  <gniibe@fsij.org>
 1518 
 1519 	g10: Fix memory leak for PKT_signature.
 1520 	+ commit 2809be1f97a447171a9e8b40079851740b15341a
 1521 	* g10/getkey.c (buf_to_sig): Free by free_seckey_enc.
 1522 	* g10/gpgcompose.c (signature): Likewise.
 1523 	* g10/sign.c (write_signature_packets): Likewise.
 1524 
 1525 2018-07-02  NIIBE Yutaka  <gniibe@fsij.org>
 1526 
 1527 	libdns: For SOCKS connection, just fails.
 1528 	+ commit cca92ca5348999a3564dd54d7b0a103cc9e7640c
 1529 	* dirmngr/dns.c (dns_res_exec): If it's DNS_SO_SOCKS_CONN, don't
 1530 	iterate to other server, but return the error immediately.
 1531 
 1532 2018-06-20  NIIBE Yutaka  <gniibe@fsij.org>
 1533 
 1534 	libdns: Let kernel to decide the local port.
 1535 	+ commit 72a35ffee022f1bf180d02250c5be6a4edb599e7
 1536 	* dirmngr/dns.c (LEAVE_SELECTION_OF_PORT_TO_KERNEL): New.
 1537 	(dns_socket): Don't select ephemeral port in user space.
 1538 
 1539 2018-06-18  NIIBE Yutaka  <gniibe@fsij.org>
 1540 
 1541 	libdns: Fix for non-FQDN hostname.
 1542 	+ commit 87d0ecf8a1b80139a6cab2a79f1ca6e287207999
 1543 	* dirmngr/dns.c (dns_resconf_open): Clear search[0] for non-FQDN
 1544 	hostname.
 1545 
 1546 	libdns: Fix connect and try next nameserver when ECONNREFUSED.
 1547 	+ commit 699fe4b36f62b0f4d4e21a85ee7c9ae13377d6cb
 1548 	* dirmngr/dns.c (dns_so_check): When EINVAL, release the association
 1549 	by connect with AF_UNSPEC and try again.  Also try again for
 1550 	ECONNREFUSED.
 1551 	(dns_res_exec): Try next nameserver when ECONNREFUSED.
 1552 
 1553 	libdns: Clear struct sockaddr_storage by zero.
 1554 	+ commit 0c05b08e8b5c1f120fe5f3ed5c061f034f7496a0
 1555 	* dirmngr/dns.c (dns_resconf_pton): Clear SS.
 1556 	(dns_resconf_setiface): Clear ->IFACE.
 1557 	(dns_hints_root, send_query): Clear SS.
 1558 
 1559 	libdns: Sync to upstream.
 1560 	+ commit 20c289606f89803929948ddd18910acff2acc9eb
 1561 	* dirmngr/dns.c (dns_nssconf_loadfile): Handle exclamation mark.
 1562 
 1563 	dirmngr: Fix recursive resolver mode.
 1564 	+ commit 13320db678675246f4bb5a3fb6ece143f37c34a4
 1565 	* dirmngr/dns-stuff.c (libdns_init): Initialize options.recurse.
 1566 
 1567 2018-06-12  Werner Koch  <wk@gnupg.org>
 1568 
 1569 	gpg: Do not import revocations with --show-keys.
 1570 	+ commit e8f439e0547463c24f3c10008fee73e6c4259f52
 1571 	* g10/import.c (import_revoke_cert): Add arg 'options'.  Take care of
 1572 	IMPORT_DRY_RUN.
 1573 
 1574 2018-06-12  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 1575 
 1576 	gpg: Add new usage option for drop-subkey filters.
 1577 	+ commit 86b64876bef0d8c4be8e309fcf3e2ce21e65a947
 1578 	* g10/import.c (impex_filter_getval): Add new "usage" property for
 1579 	drop-subkey filter.
 1580 
 1581 2018-06-11  Werner Koch  <wk@gnupg.org>
 1582 
 1583 	gpg: Set some list options with --show-keys.
 1584 	+ commit cbb84b3361263504dcb958208bc20177cb97cebd
 1585 	* g10/gpg.c (main): Set some list options.
 1586 
 1587 2018-06-08  Werner Koch  <wk@gnupg.org>
 1588 
 1589 	gpg: Allow building with older libgpg-error.
 1590 	+ commit 18274db32b5dea7fe8db67043a787578c975de4d
 1591 	* g10/mainproc.c (proc_encrypted): Use constant from logging.h
 1592 
 1593 	Release 2.2.8.
 1594 	+ commit cd9aaa7862955846f8adf819cd89d0db33e9c08c
 1595 
 1596 
 1597 2018-06-08  Ineiev  <ineiev@gnu.org>
 1598 
 1599 	po: Update Russian translation.
 1600 	+ commit 77ab99f80a5b0fbc60e05230185a54cd200d5e65
 1601 
 1602 
 1603 2018-06-08  Werner Koch  <wk@gnupg.org>
 1604 
 1605 	gpg: Sanitize diagnostic with the original file name.
 1606 	+ commit 210e402acd3e284b32db1901e43bf1470e659e49
 1607 	* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
 1608 
 1609 2018-06-07  Werner Koch  <wk@gnupg.org>
 1610 
 1611 	gpg: Improve import's repair-key duplicate signature detection.
 1612 	+ commit 6a87a0bd2501d82f4a6263608e4856e841305caf
 1613 	* g10/key-check.c (key_check_all_keysigs): Factor some code out to ...
 1614 	(remove_duplicate_sigs): new.
 1615 	(key_check_all_keysigs): Call remove_duplicate_sigs again after
 1616 	reordering.
 1617 
 1618 	gpg: Fix import's repair-key duplicate signature detection.
 1619 	+ commit cedd754fcb03f6dad6e462efc3d347bcef4ec83a
 1620 	* g10/packet.h (PKG_siganture): Add field 'help_counter'.
 1621 	* g10/key-check.c (sig_comparison): Take care of HELP_COUNTER.
 1622 	(key_check_all_keysigs): De-duplicate on a per-block base.
 1623 
 1624 	gpg: Improve verbose output during import.
 1625 	+ commit 36cc730fa516b3a197f3bb1eb6f3881dd128fbb7
 1626 	* g10/import.c (chk_self_sigs): Print the subkeyid in addition to the
 1627 	keyid.
 1628 	(delete_inv_parts): Ditto.
 1629 
 1630 	(cherry picked from commit 1bc6b5174248ba4d83d648ef6d6f4550540d1f20)
 1631 
 1632 2018-06-06  Werner Koch  <wk@gnupg.org>
 1633 
 1634 	agent: Add DBUS_SESSION_BUS_ADDRESS et al. to the startup list.
 1635 	+ commit c5c8fb1ec7c8690495de6189ec2c3a322db4e881
 1636 	* agent/gpg-agent.c (agent_copy_startup_env): Replace explicit list
 1637 	with the standard list.
 1638 
 1639 	gpg: Also detect a plaintext packet before an encrypted packet.
 1640 	+ commit 054a187f24b19313cec59414fa924640e1b8c79c
 1641 	* g10/mainproc.c (proc_encrypted): Print warning and later force an
 1642 	error.
 1643 
 1644 	gpg: New command --show-keys.
 1645 	+ commit dc87a3341f28ddac1113e90a3861d062be2610e2
 1646 	* g10/gpg.c (aShowKeys): New const.
 1647 	(opts): New command --show-keys.
 1648 	(main): Implement command.
 1649 	* g10/import.c (import_keys_internal): Don't print stats in show-only
 1650 	mode.
 1651 	(import_one): Be silent in show-only mode.
 1652 
 1653 2018-05-31  Werner Koch  <wk@gnupg.org>
 1654 
 1655 	gpg: Print a hint on how to decrypt a non-mdc message anyway.
 1656 	+ commit 825909e9cd5f344ece6c0b0ea3a9475df1d643de
 1657 	* g10/mainproc.c (proc_encrypted): Print a hint for legacy ciphers w/o
 1658 	MDC.  Also print a dedicated status error code
 1659 
 1660 	(cherry picked from commit 874e391665405fc413a69f2ffacdb94bb08da7ff)
 1661 
 1662 	gpg: Detect multiple literal plaintext packets more reliable.
 1663 	+ commit 2f2b1d1da949e8fce28d3c4a934b4097d6f24295
 1664 	* g10/mainproc.c (proc_encrypted): Bump LITERALS_SEEN.
 1665 
 1666 	gpg: Remove MDC options.
 1667 	+ commit 866667765f38bf65b612191209d0f0a87fb16393
 1668 	* g10/gpg.c: Turn options --force-mdc, --no-force-mdc, --disable-mdc
 1669 	and --no-disable-mdc into NOPs.
 1670 	* g10/encrypt.c (use_mdc): Simplify.  MDC is now almost always used.
 1671 	* g10/cipher.c (write_header): Include extra hint and make
 1672 	translatable.
 1673 	* g10/options.h (struct opt): Remove fields force_mdc and disable_mdc.
 1674 
 1675 	gpg: Hard fail on a missing MDC even for legacy algorithms.
 1676 	+ commit 3db1b48a2da42942cb5a57281441167901bdcdc8
 1677 	* g10/mainproc.c (proc_encrypted): Require an MDC or AEAD
 1678 	* tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to
 1679 	allow testing with the current files.
 1680 
 1681 	gpg: Turn --no-mdc-warn into a NOP.
 1682 	+ commit 26c0d3a3fc903c1a0de644ebcc99d3e665a80941
 1683 	* g10/gpg.c (oNoMDCWarn): Remove.
 1684 	(opts): Make --no-mdc-warn a NOP.
 1685 	(main): Don't set var.
 1686 	* g10/options.h (struct opt): Remove 'no_mdc_var'.
 1687 	* g10/cipher-cfb.c (write_header): Assume opt.no_mdc_warn is false.
 1688 	* g10/mainproc.c (proc_encrypted): Ditto.
 1689 
 1690 2018-05-07  Ineiev  <ineiev@gnu.org>
 1691 
 1692 	doc: Update description of displayed trust values.
 1693 	+ commit ed12a1dabaf928e8620fc26ca426c935e1a8a880
 1694 	* doc/trust-values.texi: New file.
 1695 	* doc/Makefile.am (EXTRA_DIST): Add trust-values.texi.
 1696 	* doc/gnupg.texi (Trust Values): New chapter.
 1697 	* doc/gpg.texi (OpenPGP Key Management): Update the description
 1698 	of how trust values are displayed, replace table with a reference
 1699 	to Trust Values.
 1700 	* doc/gpg.texi (GPG Examples): Add @mansect trust values.
 1701 
 1702 2018-05-02  Werner Koch  <wk@gnupg.org>
 1703 
 1704 	Release 2.2.7.
 1705 	+ commit d31d149196832ed6b8849017d8bcd0852c6ca96c
 1706 
 1707 
 1708 	gpg: Fix minor memory leak in the compress filter.
 1709 	+ commit d26363e4f1933781c86cbe87077fbf1b9a2b64d8
 1710 	* g10/compress.c (push_compress_filter2): Return an error if no filter
 1711 	was pushed.
 1712 	(push_compress_filter): Ditto.
 1713 	(handle_compressed): Free CFX if no filter was pushed.
 1714 	* g10/import.c (read_block): Ditto.
 1715 
 1716 	gpg: Fix "Too many open files" when using --multifile.
 1717 	+ commit f7f3043653abe699602f910ddd09c1405675c7f6
 1718 	* common/miscellaneous.c (is_file_compressed): Don't cache the file.
 1719 
 1720 	dirmngr: Implement timeout for dirmngr_ldap under Windows.
 1721 	+ commit 007dde93cc3971cb51d08e8c082e172506ae7f80
 1722 	* dirmngr/dirmngr_ldap.c (alarm_thread) [W32]: New.
 1723 	(set_timeout): Implement for W32.
 1724 
 1725 	build: New configure option to help with nPth debugging.
 1726 	+ commit ddfd39e91a532fd31cd0c20c5d4cf9643acc58bd
 1727 	* configure.ac: Add option --enable-npth-debug
 1728 
 1729 2018-05-02  Andre Heinecke  <aheinecke@intevation.de>
 1730 
 1731 	common,w32: Hide spawned processes by default.
 1732 	+ commit 3bd793256e2e4be52075d50ccf2df70c4a2e1a0f
 1733 	* common/exechelp-w32.c (gnupg_spawn_process): Use SW_HIDE
 1734 	instead of SW_MINIMIZE.
 1735 
 1736 2018-04-30  Werner Koch  <wk@gnupg.org>
 1737 
 1738 	dirmngr: Sleep in the ldap wrapper thread.
 1739 	+ commit a598bbeeafa30f7854230eed212b76d5c5c77f86
 1740 	* dirmngr/ldap-wrapper.c (wrapper_list): Rename to reaper_list.
 1741 	(ldap_reaper_thread): Protect all list modification with a mutex.  Use
 1742 	a condition var to wake up the reaper thread.
 1743 
 1744 2018-04-27  Werner Koch  <wk@gnupg.org>
 1745 
 1746 	dirmngr: Use the LDAP wrapper process also for Windows.
 1747 	+ commit f9fbfc64e402bd41815a68426f55565fa6d5c726
 1748 	* dirmngr/ldap-wrapper.c: Revamp module to make use of es_poll for
 1749 	portability.
 1750 	* configure.ac: Always use the ldap wrapper.
 1751 
 1752 	dirmngr: Silence log output from dirmngr_ldap.
 1753 	+ commit d22506a343cec61b7d1a48c970b63a8458b267ab
 1754 	* dirmngr/dirmngr_ldap.c: Remove assert.h.
 1755 	(main): Replace assert by log_assert.
 1756 	* dirmngr/ldap.c (run_ldap_wrapper): Use debug options to pass
 1757 	verbose options to dirmngr_ldap.
 1758 	(start_cert_fetch_ldap): Ditto.
 1759 
 1760 2018-04-26  Werner Koch  <wk@gnupg.org>
 1761 
 1762 	dirmngr: Lower the dead host resurrection time to 1.5h.
 1763 	+ commit 5789afc840cf79ba2a8cebd9d772ef9c3868c5e9
 1764 	* dirmngr/ks-engine-hkp.c (RESURRECT_INTERVAL): Decrease.
 1765 	(INITIAL_HOSTTABLE_SIZE): Increase because the old values was likely
 1766 	for development.
 1767 
 1768 	dirmngr: Fix handling of CNAMEed keyserver pools.
 1769 	+ commit cc66108253c58583d6bad3d1e2da2b004701d0f0
 1770 	* dirmngr/ks-engine-hkp.c (map_host): Don't use the cname for HTTPHOST.
 1771 	* dirmngr/server.c (make_keyserver_item): Map keys.gnupg.net.
 1772 
 1773 2018-04-25  Werner Koch  <wk@gnupg.org>
 1774 
 1775 	dirmngr: Add the used TLS library to the debug output.
 1776 	+ commit bb8894760fe87cf46a42599f11eab7e7c7a8eb71
 1777 	* dirmngr/http.c (send_request): Print the used TLS library in debug
 1778 	mode.
 1779 
 1780 	dirmngr: Allow redirection from https to http for CRLs.
 1781 	+ commit 1de4462974113ac18cf98f903e97cd1127fa842f
 1782 	* dirmngr/ks-engine.h (KS_HTTP_FETCH_NOCACHE): New flag.
 1783 	(KS_HTTP_FETCH_TRUST_CFG): Ditto.
 1784 	(KS_HTTP_FETCH_NO_CRL): Ditto.
 1785 	(KS_HTTP_FETCH_ALLOW_DOWNGRADE): Ditto.
 1786 	* dirmngr/ks-engine-http.c (ks_http_fetch): Replace args send_no_cache
 1787 	and extra_http_trust_flags by a new flags arg.  Allow redirectiong
 1788 	from https to http it KS_HTTP_FETCH_ALLOW_DOWNGRADE is set.
 1789 	* dirmngr/loadswdb.c (fetch_file): Call with KS_HTTP_FETCH_NOCACHE.
 1790 	* dirmngr/ks-action.c (ks_action_get): Ditto.
 1791 	(ks_action_fetch): Ditto.
 1792 	* dirmngr/crlfetch.c (crl_fetch): Call with the appropriate flags.
 1793 
 1794 	dirmngr: Implement CRL fetching via https.
 1795 	+ commit 705d8e9cf0d109005b3441766270c0e584f7847d
 1796 	* dirmngr/http.h (HTTP_FLAG_TRUST_CFG): New flag.
 1797 	* dirmngr/http.c (http_register_cfg_ca): New.
 1798 	(http_session_new) [HTTP_USE_GNUTLS]: Implement new trust flag.
 1799 	* dirmngr/certcache.c (load_certs_from_dir): Call new function.
 1800 	(cert_cache_deinit): Ditto.
 1801 	* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
 1802 	* dirmngr/ks-engine-http.c (ks_http_fetch): Add new args
 1803 	'send_no_cache' and 'extra_http_trust_flags'.  Change all callers to
 1804 	provide the default value.
 1805 	* dirmngr/crlfetch.c (crl_fetch): Rewrite to make use of
 1806 	ks_http_fetch.
 1807 
 1808 2018-04-25  NIIBE Yutaka  <gniibe@fsij.org>
 1809 
 1810 	g10: Fix printing the keygrip with --card-status.
 1811 	+ commit 71903eee89496e3f1d0a24536bced6ff16df6783
 1812 	* g10/card-util.c (current_card_status): Keygrip for Auth is 3.
 1813 
 1814 2018-04-24  Werner Koch  <wk@gnupg.org>
 1815 
 1816 	dirmngr: Fallback to CRL if no default OCSP responder is configured.
 1817 	+ commit 460e3812be711bd18195053d74aa736215f21eee
 1818 	* dirmngr/server.c (cmd_isvalid): Use option second arg to trigger
 1819 	OCSP checkibng.  Fallback to CRL if no default OCSP responder has been
 1820 	configured.
 1821 	* sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Adjust accordingly.
 1822 
 1823 2018-04-20  Andre Heinecke  <aheinecke@intevation.de>
 1824 
 1825 	dirmngr: More binary I/O on Windows for CRLs.
 1826 	+ commit 64c1fddb253061a9773c6c4ed2a9c5a54702d21b
 1827 	* dirmngr/crlcache.c (lock_db_file, crl_cache_insert): Open cache
 1828 	file in binary mode.
 1829 
 1830 	doc: Remove unneccesary empty flags in vsndf.prf.
 1831 	+ commit a44ed3d9a1ad5bd96694f10ea5523c517982017e
 1832 	* doc/examples/vsnfd.prf (max-cache-ttl): Remove empty flags.
 1833 
 1834 2018-04-16  emma peel  <emma.peel@aktivix.org>
 1835 
 1836 	po: more updates to Spanish translation.
 1837 	+ commit acd6d5ff7436bb7fba171ced3294046a14fb777d
 1838 
 1839 
 1840 	po: correct attribution for Spanish translation.
 1841 	+ commit 21b2e88a7e6c3d7313773c9ffb3e0d1fb2af45df
 1842 
 1843 
 1844 	po: correct label tags in Polish translation.
 1845 	+ commit a5290dace7f85d66272af3e14f9f2bc43d2a4af8
 1846 
 1847 
 1848 	po: correct label tags in Finnish translation.
 1849 	+ commit e12475429578add12a53fb2232cb45dc9e2aae1b
 1850 
 1851 
 1852 2018-04-15  Werner Koch  <wk@gnupg.org>
 1853 
 1854 	build: New target "release" to automate the release process.
 1855 	+ commit 3b1ee413a65bf566aa8e5f29a5a2cd5a94e66faa
 1856 	* Makefile.am (RELEASE_ARCHIVE_DIR): New.
 1857 	(RELEASE_SIGNING_KEY): New.
 1858 	(AM_DISTCHECK_CONFIGURE_FLAGS): Remove removed --enable-gpg2-is-gpg,
 1859 	(RELEASE_NAME, RELEASE_W32_STEM_NAME): New.
 1860 	(release, sign-release): New.
 1861 
 1862 2018-04-13  NIIBE Yutaka  <gniibe@fsij.org>
 1863 
 1864 	g10: Fix memory leak in check_sig_and_print.
 1865 	+ commit f747b8f0734338baa1e608b193b213aca2c577e8
 1866 	* g10/mainproc.c (check_sig_and_print): Free the public key.
 1867 
 1868 	g10: Push compress filter only if compressed.
 1869 	+ commit c31abf84659dbda5503dd9f3aa3449520bcd1b84
 1870 	* g10/compress.c (handle_compressed): Fix memory leak.
 1871 
 1872 2018-04-12  Werner Koch  <wk@gnupg.org>
 1873 
 1874 	gpg: Extend the "sig" record in --list-mode.
 1875 	+ commit 69c3e7acb744e1e5606a4d946e3b948704cfbbae
 1876 	* g10/getkey.c (get_user_id_string): Add arg R_NOUID.  Change call
 1877 	callers.
 1878 	(get_user_id): Add arg R_NOUID.  Change call callers.
 1879 	* g10/mainproc.c (issuer_fpr_string): Make global.
 1880 	* g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key
 1881 	also in --list-mode.  Print the "issuer fpr" field also if there is an
 1882 	issuer fingerprint subpacket.
 1883 
 1884 	gpg: Extend the ERRSIG status line with a fingerprint.
 1885 	+ commit 23a714598c247d78cfda46a6dc338b17e17cc194
 1886 	* g10/mainproc.c (issuer_fpr_raw): New.
 1887 	(issuer_fpr_string): Re-implement using issuer_fpr_rtaw.
 1888 	(check_sig_and_print): Don't free ISSUER_FPR.  Use ISSUER_FPR_RAW.
 1889 	Use write_status_printf.  Extend ERRSIG status.
 1890 
 1891 	gpg: Relax printing of STATUS_FAILURE.
 1892 	+ commit e2bd152a928d79ddfb95fd2f7911c80a1a8d5a21
 1893 	* g10/gpg.c (g10_exit): Print STATUS_FAILURE only based on passed
 1894 	return code and not on the presence of any call to log_error.
 1895 
 1896 	agent,dirmngr: Add "getenv" to the getinfo command.
 1897 	+ commit bbb5bfacc0d1f179cfec94fd32fee01a09df0f1d
 1898 	* agent/command.c (cmd_getinfo): Add sub-command getenv.
 1899 	* dirmngr/server.c (cmd_getinfo): Ditto.
 1900 
 1901 2018-04-12  Andre Heinecke  <aheinecke@intevation.de>
 1902 
 1903 	build: Update getswdb version check to 2.2.
 1904 	+ commit 327fece0aed2c9974659c72304f9fd1f461d460c
 1905 	* build-aux/getswdb.sh: Check for gnupg22_ver gnupg21_ver no
 1906 	longer exists.
 1907 
 1908 2018-04-11  Werner Koch  <wk@gnupg.org>
 1909 
 1910 	gpg: New option --no-symkey-cache.
 1911 	+ commit 789d240cb40ab36406a7c57ad49897e0bafbb41e
 1912 	* g10/gpg.c (oNoSymkeyCache): New.
 1913 	(opts): Add that option.
 1914 	(main): Set var.
 1915 	* g10/options.h (struct opt): New field no_symkey_cache.
 1916 	* g10/passphrase.c (passphrase_to_dek): Implement that feature.
 1917 
 1918 2018-04-10  Werner Koch  <wk@gnupg.org>
 1919 
 1920 	agent: Improve the unknown ssh flag detection.
 1921 	+ commit 9f69dbeb902ac447adbc92937cd451c4e909f234
 1922 	* agent/command-ssh.c (ssh_handler_sign_request): Simplify detection
 1923 	of flags.
 1924 
 1925 2018-04-10  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 1926 
 1927 	agent: unknown flags on ssh signing requests cause an error.
 1928 	+ commit 381c46818ffa4605d0ca39818fe317de445eb6de
 1929 	* agent/command-ssh.c (ssh_handler_sign_request): if a flag is passed
 1930 	during an signature request that we do not know how to apply, return
 1931 	GPG_ERR_UNKNOWN_OPTION.
 1932 
 1933 	agent: change documentation reference for ssh-agent protocol.
 1934 	+ commit 55435cdd4fe4fbfbcba1098bb715ecd6171ba2d8
 1935 	* agent/command-ssh.c: repoint documentation reference.
 1936 
 1937 2018-04-09  Werner Koch  <wk@gnupg.org>
 1938 
 1939 	Release 2.2.6.
 1940 	+ commit 6fbe2ddbaf5123ae444c95fdf8da67840f794c76
 1941 
 1942 
 1943 	gpg,w32: Fix empty homedir when only a drive letter is used.
 1944 	+ commit 6da7aa1e7c80d214bd9dccb21744919ae191f2c8
 1945 	* common/homedir.c (copy_dir_with_fixup): New.
 1946 	(default_homedir): Use here.
 1947 	(gnupg_set_homedir): And here .
 1948 
 1949 	doc: Document --key-edit:change-usage.
 1950 	+ commit a4e26f2ee852003707857ab0635b783acb89a2f8
 1951 	* g10/keyedit.c (menu_changeusage): Make strings translatable.
 1952 
 1953 2018-04-06  Werner Koch  <wk@gnupg.org>
 1954 
 1955 	gpg: Check that a key may do certifications.
 1956 	+ commit 1a5d95e7319e7e6f0dd11064a26cbbc371b05214
 1957 	* g10/sig-check.c (check_signature_end_simple): Check key usage for
 1958 	certifications.
 1959 	(check_signature_over_key_or_uid): Request usage certification.
 1960 
 1961 	gpg: Emit FAILURE stati now in almost all cases.
 1962 	+ commit 0336e5d1a7b9d46e06c838e6a98aecfcc9542882
 1963 	* g10/cpr.c (write_status_failure): Make it print only once.
 1964 	* g10/gpg.c (wrong_args): Bump error counter.
 1965 	(g10_exit): Print a FAILURE status if we ever did a log_error etc.
 1966 	(main): Use log_error instead of log_fatal at one place.  Print a
 1967 	FAILURE status for a bad option.  Ditto for certain exit points so
 1968 	that we can see different error locations.
 1969 
 1970 	gpg: Re-indent sig-check.c and use signature class macros.
 1971 	+ commit 5ba74a134db431530884f03eea5410a68dbfe0f5
 1972 	* g10/keydb.h (IS_BACK_SIG): New.
 1973 	* g10/sig-check.c: Re-indent and use macros.
 1974 
 1975 2018-04-06  NIIBE Yutaka  <gniibe@fsij.org>
 1976 
 1977 	agent: Support SSH signature flags.
 1978 	+ commit 80b775bdbb852aa4a80292c9357e5b1876110c00
 1979 	* agent/command-ssh.c (SSH_AGENT_RSA_SHA2_256): New.
 1980 	(SSH_AGENT_RSA_SHA2_512): New.
 1981 	(ssh_handler_sign_request): Override SPEC when FLAGS
 1982 	is specified.
 1983 
 1984 2018-04-05  NIIBE Yutaka  <gniibe@fsij.org>
 1985 
 1986 	g10: Let card-edit/key-attr show message when change.
 1987 	+ commit 870527df0dd704c994928348c8c2910030776680
 1988 	* g10/card-util.c (ask_card_rsa_keysize): Don't show message here.
 1989 	(ask_card_keyattr): Show message when change, also for ECC.
 1990 
 1991 2018-04-04  NIIBE Yutaka  <gniibe@fsij.org>
 1992 
 1993 	tests: Fix no gpg-agent upon removal of GNUPGHOME.
 1994 	+ commit 83529e1bd14a6d39f2a8ecab9fb6aa4c1f344c73
 1995 	* tests/gpgscm/gnupg.scm (with-ephemeral-home-directory): Add
 1996 	teadown-fn.
 1997 	* tests/gpgsm/export.scm: Use -no-atexit version and stop-agent.
 1998 	* tests/openpgp/decrypt-session-key.scm: Likewise.
 1999 	* tests/openpgp/decrypt-unwrap-verify.scm: Likewise.
 2000 	* tests/openpgp/defs.scm (have-opt-always-trust): Likewise.
 2001 	(setup-environment-no-atexit): New.
 2002 	(start-agent): Support no use of atexit.
 2003 	* tests/gpgsm/gpgsm-defs.scm (setup-gpgsm-environment-no-atexit): New.
 2004 	* tests/migrations/common.scm (untar-armored): Follow the change
 2005 	of with-ephemeral-home-directory.
 2006 
 2007 2018-04-03  NIIBE Yutaka  <gniibe@fsij.org>
 2008 
 2009 	scd: Writing KDF resets auth state.
 2010 	+ commit cb1731c23cddfa524d3f51cfd82029bff853a073
 2011 	* scd/app-openpgp.c (do_setattr): Clear auth state.
 2012 
 2013 2018-04-02  NIIBE Yutaka  <gniibe@fsij.org>
 2014 
 2015 	g10: Fix filtering by PK->REQ_USAGE.
 2016 	+ commit a17d2d1f690ebe5d005b4589a5fe378b6487c657
 2017 	* g10/getkey.c (get_pubkey_byfprint): Filter by PK->REQ_USAGE.
 2018 
 2019 2018-03-30  NIIBE Yutaka  <gniibe@fsij.org>
 2020 
 2021 	g10: Fix card-edit/kdf-setup for single salt.
 2022 	+ commit 130ad98240c066383fa0a99bcf5e0ec72bc0dff9
 2023 	* g10/card-util.c (gen_kdf_data): Use SALT_USER.
 2024 
 2025 	g10,scd: Support single salt for KDF data object.
 2026 	+ commit 0c097575a9cd923f648fb5bb695893d46400c3ad
 2027 	* g10/card-util.c (gen_kdf_data): Support single salt.
 2028 	(kdf_setup): Can have argument for single salt.
 2029 	* scd/app-openpgp.c (pin2hash_if_kdf): Support single salt.
 2030 
 2031 	g10: Add "key-attr" command for --card-edit.
 2032 	+ commit 820380335a20391e0998fb1ba32ebfb9accedc5b
 2033 	* g10/card-util.c (key_attr): New explicit command.
 2034 	(generate_card_keys, card_generate_subkey): Don't ask key attr change.
 2035 	(card_edit): Add for cmdKEYATTR.
 2036 
 2037 	scd: Support changing key attribute back to RSA.
 2038 	+ commit 29692718768c28c524be6306081ab1852e75fe07
 2039 	* scd/app-openpgp.c (change_rsa_keyattr): Try usual RSA.
 2040 
 2041 2018-03-29  NIIBE Yutaka  <gniibe@fsij.org>
 2042 
 2043 	g10: Support key attribute change at --card-edit/generate.
 2044 	+ commit a1515b3bbc10a210040dda3b482bcdb933fa8d7c
 2045 	* g10/card-util.c (ask_card_rsa_keysize): Drop support for magic
 2046 	number 25519 for ed25519/cv25519.  Rename from ask_card_keyattr.
 2047 	(ask_card_keyattr): Support ECC, as well as RSA.
 2048 	(do_change_keyattr): Support ECC dropping magical number 25519.
 2049 	* g10/keygen.c (ask_curve): Allow call from outside, adding last arg
 2050 	of CURRENT.
 2051 	(generate_keypair): Follow the change of ask_curve.
 2052 	(generate_subkeypair): Likewise.
 2053 
 2054 	g10: check_pin_for_key_operation should be just before genkey.
 2055 	+ commit 02d7bb819ff44cc90212568dd6ce24ae1dc5d17f
 2056 	* g10/card-util.c (generate_card_keys): Check PIN later.
 2057 	(card_generate_subkey): Likewise.
 2058 
 2059 2018-03-28  NIIBE Yutaka  <gniibe@fsij.org>
 2060 
 2061 	g10: Change ask_curve so that it can be used outside.
 2062 	+ commit e610d51f0de11154050915b951bcc5c53c940f5e
 2063 	* g10/call-agent.h (struct key_attr): New.
 2064 	* g10/keygen.c (ask_curve): Return const char *.  No allocation.
 2065 	(quick_generate_keypair): Follow the change.
 2066 	(generate_keypair, generate_subkeypair): Likewise.
 2067 	(parse_algo_usage_expire): Return const char *.
 2068 
 2069 2018-03-27  NIIBE Yutaka  <gniibe@fsij.org>
 2070 
 2071 	agent,scd: Use pointer to represent HANDLE.
 2072 	+ commit 96918346beeca7a46de9f03f19502373994c21bc
 2073 	* agent/call-scd.c [HAVE_W32_SYSTEM] (start_scd): Format with %p.
 2074 	* scd/command.c [HAVE_W32_SYSTEM] (option_handler): Use void *.
 2075 
 2076 2018-03-27  Werner Koch  <wk@gnupg.org>
 2077 
 2078 	agent: Make the request origin a part of the cache items.
 2079 	+ commit 02dce8c0cc57deb2095a9b06aeb8f4dea34eef7e
 2080 	* agent/cache.c (agent_put_cache): Add arg 'ctrl' and change all
 2081 	callers to pass it.
 2082 	(agent_get_cache): Ditto.
 2083 
 2084 	* agent/cache.c (struct cache_items_s): Add field 'restricted'.
 2085 	(housekeeping): Adjust debug output.
 2086 	(agent_flush_cache): Ditto.
 2087 	(agent_put_cache): Ditto.  Take RESTRICTED into account.
 2088 	(agent_get_cache): Ditto.
 2089 
 2090 2018-03-26  Werner Koch  <wk@gnupg.org>
 2091 
 2092 	gpg: Auto-fix a broken trustdb with just the version record.
 2093 	+ commit eb68c2d3d1b03a18cd24406fa46d4c30cb13d9f7
 2094 	* g10/tdbio.c (get_trusthashrec): Create hashtable on error.
 2095 
 2096 	gpg: Pass CTRL arg to get_trusthashrec.
 2097 	+ commit a750ebebf35a392f1c72d6aee5618df0d9f25ff7
 2098 	* g10/tdbio.c (get_trusthashrec): Add arg CTRL.
 2099 	(tdbio_search_trust_byfpr): Ditto.
 2100 	(tdbio_search_trust_bypk): Ditto.
 2101 
 2102 	gpg: Return better error codes in case of a too short trustdb.
 2103 	+ commit 403aa70c52e56614d65490dea9344113f9cf3d29
 2104 	* g10/tdbio.c (tdbio_read_record): Return GPG_ERR_EOF.
 2105 	(tdbio_new_recnum): Never return on error.
 2106 	(lookup_hashtable): Print a more descriptive error in case of !TABLE.
 2107 
 2108 	gpg: Fix trustdb updates without lock held.
 2109 	+ commit 456a3a8e93ea14f821e0e98fb515f284ece98685
 2110 	* g10/tdbio.c (is_locked): Turn into a counter.
 2111 	(take_write_lock, release_write_lock): Implement recursive locks.
 2112 
 2113 	gpg: Disable unused code parts in tdbio.c.
 2114 	+ commit 5f00531463ebc0e606c502696962426007545bb7
 2115 	* g10/tdbio.c (in_transaction): Comment this var.
 2116 	(put_record_into_cache): Comment the transaction code.
 2117 	(tdbio_sync): Ditto
 2118 
 2119 2018-03-23  Werner Koch  <wk@gnupg.org>
 2120 
 2121 	sm: Add OPTION request-origin.
 2122 	+ commit 137644c9cb58deaaba6850f2763d9c5f9241cb0b
 2123 	* sm/server.c: Include shareddefs.h.
 2124 	(option_handler): Add option.
 2125 
 2126 	gpg,sm: New option --request-origin.
 2127 	+ commit 2cd35df5db3c4dfe37616dcfb1fcc644959449ef
 2128 	* g10/gpg.c (oRequestOrigin): New const.
 2129 	(opts): New option --request-origin.
 2130 	(main): Parse that option.
 2131 	* g10/options.h (struct opt): Add field request_origin.
 2132 	* g10/call-agent.c (start_agent): Send option to the agent.
 2133 	* sm/gpgsm.c (oRequestOrigin): New const.
 2134 	(opts): New option --request-origin.
 2135 	(main): Parse that option.
 2136 	* sm/gpgsm.h (struct opt): Add field request_origin.
 2137 	* sm/call-agent.c (start_agent): Send option to the agent.
 2138 
 2139 	agent: New OPTION pretend-request-origin.
 2140 	+ commit 05c55ee260edc07cd19da56dfd00347bfe3f529c
 2141 	* common/shareddefs.h (request_origin_t): New.
 2142 	* common/agent-opt.c (parse_request_origin): New.
 2143 	(str_request_origin): New.
 2144 	* agent/command.c (option_handler): Implement new option.
 2145 
 2146 2018-03-23  NIIBE Yutaka  <gniibe@fsij.org>
 2147 
 2148 	build: Fix the manual source field.
 2149 	+ commit 5400a5bb77bddcb14c94d9405312d6181322b090
 2150 
 2151 
 2152 2018-03-22  Werner Koch  <wk@gnupg.org>
 2153 
 2154 	gpg: Implement --dry-run for --passwd.
 2155 	+ commit 165bc38cefbc03515403b60b704cabf4dc0b71f4
 2156 	* g10/keyedit.c (change_passphrase): Take care of --dry-run.
 2157 
 2158 2018-03-22  NIIBE Yutaka  <gniibe@fsij.org>
 2159 
 2160 	scd: Support KDF DO setup.
 2161 	+ commit 0152ba7c987443d641ce1091c79f90ef2cc46498
 2162 	* g10/call-agent.c (learn_status_cb): Parse the capability for KDF.
 2163 	* g10/card-util.c (gen_kdf_data, kdf_setup): New.
 2164 	(card_edit): New admin command cmdKDFSETUP to call kdf_setup.
 2165 	* scd/app-openpgp.c (do_getattr): Emit KDF capability.
 2166 
 2167 2018-03-21  Werner Koch  <wk@gnupg.org>
 2168 
 2169 	gpg: Fix out-of-bound read in subpacket enumeration.
 2170 	+ commit 983f7b2acbd1e7580652bbeb0c3d64f9dd19d9e4
 2171 	* g10/parse-packet.c (enum_sig_subpkt): Check buflen before reading
 2172 	the type octet.  Print diagnostic.
 2173 
 2174 2018-03-19  NIIBE Yutaka  <gniibe@fsij.org>
 2175 
 2176 	scd: signal mask should be set just after npth_init.
 2177 	+ commit 11bbd99477ef5ba5b7db0c17607b10af03c68afb
 2178 	* scd/scdaemon.c (setup_signal_mask): New.
 2179 	(main): Call setup_signal_mask.
 2180 	(handle_connections): Remove signal mask setup.
 2181 
 2182 2018-03-16  NIIBE Yutaka  <gniibe@fsij.org>
 2183 
 2184 	scd: Better user interaction for factory-reset.
 2185 	+ commit 2c85e202bc30231b9555100dec0c490c60d7b88c
 2186 	* g10/card-util.c (factory_reset): Dummy PIN size is now 32-byte.
 2187 	Connect the card again at the last step.
 2188 
 2189 2018-03-15  NIIBE Yutaka  <gniibe@fsij.org>
 2190 
 2191 	scd: Fix suspend/resume handling for CCID driver.
 2192 	+ commit fd23a0524d8060ed12d87c679b7823686614aaee
 2193 	* scd/ccid-driver.c (intr_cb): Try submitting INTERRUPT urb
 2194 	to see if it's suspend/resume.
 2195 
 2196 2018-03-13  NIIBE Yutaka  <gniibe@fsij.org>
 2197 
 2198 	scd: After fatal error, shutdown a reader.
 2199 	+ commit c84bae69e9e02923f7180e09d161cb0b13257436
 2200 	* scd/apdu.c (pcsc_send_apdu): Notify main loop after
 2201 	fatal errors.
 2202 
 2203 	scd: Fix for GNU/Linux suspend/resume.
 2204 	+ commit 71e5282c25ba812c7091e587edd721839bc4c2ac
 2205 	* configure.ac (require_pipe_to_unblock_pselect): Default is "yes".
 2206 	* scd/scdaemon.c (scd_kick_the_loop): Minor clean up.
 2207 
 2208 2018-03-12  NIIBE Yutaka  <gniibe@fsij.org>
 2209 
 2210 	scd: Fix typo in previous commit.
 2211 	+ commit 655f0b9ad0138e6f960bf4befaf0eea569256614
 2212 
 2213 
 2214 2018-03-09  NIIBE Yutaka  <gniibe@fsij.org>
 2215 
 2216 	scd: More fix with PC/SC for Windows.
 2217 	+ commit 1e27c0e04cd3280d498dc8b72d2e410f6287f656
 2218 	* scd/apdu.c (pcsc_get_status): Return status based on CURRENT_STATUS.
 2219 	Add debug log.
 2220 
 2221 2018-03-08  NIIBE Yutaka  <gniibe@fsij.org>
 2222 
 2223 	scd: Fix status check when using PC/SC.
 2224 	+ commit f8b8b6aac2ca1cb34d7a346aee1d874e7650557b
 2225 	* scd/apdu.c (struct reader_table_s): Add field of current_state.
 2226 	(new_reader_slot): Initialize current_state.
 2227 	(pcsc_get_status): Keep the status in READER_TABLE array.
 2228 	Return SW_HOST_NO_READER when PCSC_STATE_CHANGED.
 2229 	* scd/scdaemon.c (handle_connections): Silence a warning.
 2230 
 2231 2018-03-06  Werner Koch  <wk@gnupg.org>
 2232 
 2233 	agent: Also evict cached items via a timer.
 2234 	+ commit f060cb5c63923d6caec784f65f3bb0aadf52f795
 2235 	* agent/cache.c (agent_cache_housekeeping): New func.
 2236 	* agent/gpg-agent.c (handle_tick): Call it.
 2237 
 2238 2018-03-01  Werner Koch  <wk@gnupg.org>
 2239 
 2240 	gpg: Print the keygrip with --card-status.
 2241 	+ commit fd595c9d3642dba437fbe0f6e25d7aaaae095f94
 2242 	* g10/call-agent.h (agent_card_info_s): Add fields grp1, grp2 and
 2243 	grp3.
 2244 	* g10/call-agent.c (unhexify_fpr): Allow for space as delimiter.
 2245 	(learn_status_cb): Parse KEYPARIINFO int the grpX fields.
 2246 	* g10/card-util.c (print_keygrip): New.
 2247 	(current_card_status): Print "grp:" records or with --with-keygrip a
 2248 	human readable keygrip.
 2249 
 2250 2018-02-28  Andre Heinecke  <aheinecke@intevation.de>
 2251 
 2252 	gpgconf, w32: Allow UNC paths.
 2253 	+ commit e43844c3b0b9ec93b7f2a88752bcd6b6244aacfb
 2254 	* tools/gpgconf-comp.c (get_config_filename): Allow UNC paths.
 2255 
 2256 2018-02-22  Michał Górny  <mgorny@gentoo.org>
 2257 
 2258 	dirmngr: Handle failures related to missing IPv6 gracefully.
 2259 	+ commit ecfc4db3a2f8bc2652ba4ac4de5ca1cd13bfcbec
 2260 	* dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle two more
 2261 	error codes.
 2262 
 2263 2018-02-22  Werner Koch  <wk@gnupg.org>
 2264 
 2265 	Release 2.2.5.
 2266 	+ commit 9581a65ccc10daededc05c55391a04022f794a4a
 2267 
 2268 
 2269 	gpg: Don't let gpg return failure on an invalid packet in a keyblock.
 2270 	+ commit b375d50ee4ce52c9b0f0855ec155be027642fb05
 2271 	* g10/keydb.c (parse_keyblock_image): Use log_info instead of
 2272 	log_error for skipped packets.
 2273 	* g10/keyring.c (keyring_get_keyblock): Ditto.
 2274 
 2275 2018-02-22  NIIBE Yutaka  <gniibe@fsij.org>
 2276 
 2277 	g10: Select a secret key by checking availability under gpg-agent.
 2278 	+ commit 88e766d3915c2919e9968148ebb30463d4a673e4
 2279 	* g10/getkey.c (finish_lookup): Add WANT_SECRET argument to confirm
 2280 	by agent_probe_secret_key.
 2281 	(get_pubkey_fromfile, lookup): Supply WANT_SECRET argument.
 2282 
 2283 2018-02-20  Werner Koch  <wk@gnupg.org>
 2284 
 2285 	wks: Add special mode to --install-key.
 2286 	+ commit 685a5e1558b2252ac895637fb857f6f7bb85ea7b
 2287 	* tools/gpg-wks-client.c (get_key_status_parm_s)
 2288 	(get_key_status_cb, get_key): Move to ...
 2289 	* tools/wks-util.c: ...here.
 2290 	(get_key): Rename to wks_get_key.
 2291 	* tools/gpg-wks-server.c: Include userids.h.
 2292 	(command_install_key): Allow use of a fingerprint.
 2293 
 2294 	wks: Implement server command --install-key.
 2295 	+ commit ee474856ec16ff11d922d8503fb3ede77129c4aa
 2296 	* tools/wks-util.c (wks_filter_uid): Add arg 'binary'.
 2297 	* tools/gpg-wks-server.c (main): Expect 2 args for --install-key.
 2298 	(write_to_file): New.
 2299 	(check_and_publish): Factor some code out to ...
 2300 	(compute_hu_fname): ... new.
 2301 	(command_install_key): Implement.
 2302 
 2303 	wks: Support alternative submission address.
 2304 	+ commit 1877603761911ea5b1c15f4aef11a2cf86a8682c
 2305 	* tools/gpg-wks.h (policy_flags_s): Add field 'submission_address'.
 2306 	* tools/wks-util.c (wks_parse_policy): Parse that field.
 2307 	(wks_free_policy): New.
 2308 	* tools/gpg-wks-client.c (command_send): Also try to take the
 2309 	submission-address from the policy file.  Free POLICY.
 2310 	* tools/gpg-wks-server.c (process_new_key): Free POLICYBUF.
 2311 	(command_list_domains): Free POLICY.
 2312 
 2313 2018-02-15  Werner Koch  <wk@gnupg.org>
 2314 
 2315 	kbx: Fix detection of corrupted keyblocks on 32 bit systems.
 2316 	+ commit 5e3679ae395e7a7e44f218f07bbe487429f1b279
 2317 	* kbx/keybox-search.c (blob_cmp_fpr): Avoid overflow in OFF+LEN
 2318 	checking.
 2319 	(blob_cmp_fpr_part): Ditto.
 2320 	(blob_cmp_name): Ditto.
 2321 	(blob_cmp_mail): Ditto.
 2322 	(blob_x509_has_grip): Ditto.
 2323 	(keybox_get_keyblock): Check OFF and LEN using a 64 bit var.
 2324 	(keybox_get_cert): Ditto.
 2325 
 2326 2018-02-15  NIIBE Yutaka  <gniibe@fsij.org>
 2327 
 2328 	gpg: Fix reversed messages for --only-sign-text-ids.
 2329 	+ commit ca138d5bf36accde2fd755249b470a8dc8743c95
 2330 	* g10/keyedit.c (keyedit_menu): Fix messages.
 2331 
 2332 2018-02-14  Katsuhiro Ueno  <uenobk@gmail.com>
 2333 
 2334 	agent: Avoid appending a '\0' byte to the response of READKEY.
 2335 	+ commit df97fe24807826ddc2af0e45e416fb81c5666f88
 2336 	* agent/command.c (cmd_readkey): Set pkbuflen to the length of the output
 2337 	without an extra '\0' byte.
 2338 
 2339 2018-02-14  Werner Koch  <wk@gnupg.org>
 2340 
 2341 	sm: Fix minor memory leak in --export-p12.
 2342 	+ commit 80719612b7e92aff5887f2a68d550a24f350722c
 2343 	* sm/export.c (gpgsm_p12_export): Free KEYGRIP.
 2344 
 2345 2018-02-14  Katsuhiro Ueno  <uenobk@gmail.com>
 2346 
 2347 	sm: Fix a wrong key parameter in an exported private key file.
 2348 	+ commit 29aac7798085ee38da5107698618890ae7593c96
 2349 	* sm/export.c (sexp_to_kparms): Fix the computation of array[6],
 2350 	which must be 'd mod (q-1)' but was 'p mod (q-1)'.
 2351 
 2352 2018-02-14  Werner Koch  <wk@gnupg.org>
 2353 
 2354 	common: Use new function to print status strings.
 2355 	+ commit f19ff78f0fbfc2793d8a9ab0173486bf712871ac
 2356 	* common/asshelp2.c (vprint_assuan_status_strings): New.
 2357 	(print_assuan_status_strings): New.
 2358 	* agent/command.c (agent_write_status): Replace by call to new
 2359 	function.
 2360 	* dirmngr/server.c (dirmngr_status): Ditto.
 2361 	* g13/server.c (g13_status): Ditto.
 2362 	* g13/sh-cmd.c (g13_status): Ditto.
 2363 	* sm/server.c (gpgsm_status2): Ditto.
 2364 	* scd/command.c (send_status_info): Bump up N.
 2365 
 2366 2018-02-13  Arnaud Fontaine  <arnaud.fontaine@ssi.gouv.fr>
 2367 
 2368 	scd: Improve KDF-DO support.
 2369 	+ commit 25f3b69129015c54392636818c8846e236f5cb2c
 2370 	* scd/app-openpgp.c (pin2hash_if_kdf): Check the content of KDF DO.
 2371 
 2372 2018-02-12  NIIBE Yutaka  <gniibe@fsij.org>
 2373 
 2374 	scd: Fix handling for Data Object with no data.
 2375 	+ commit 0a3bec2c2525935362f87dce93d7df2c8d498498
 2376 	* scd/app-openpgp.c (get_cached_data): Return NULL for Data Object
 2377 	with no data.
 2378 
 2379 2018-02-09  Andre Heinecke  <aheinecke@intevation.de>
 2380 
 2381 	doc: Add compliance de-vs to gpgsm in vsnfd.prf.
 2382 	+ commit e0658b19d93b38ed9ebd07734c4678acdde1607d
 2383 	* doc/examples/vsnfd.prf: Set complaince mode for gpgsm.
 2384 
 2385 2018-02-07  NIIBE Yutaka  <gniibe@fsij.org>
 2386 
 2387 	scd: Use pipe to kick the loop on NetBSD.
 2388 	+ commit 015fe1c47b91da340e9df6bed908e0747ae8c60b
 2389 	* configure.ac (HAVE_PSELECT_NO_EINTR): New.
 2390 	* scd/scdaemon.c (scd_kick_the_loop): Write to pipe.
 2391 	(handle_connections): Use pipe.
 2392 
 2393 2018-01-29  NIIBE Yutaka  <gniibe@fsij.org>
 2394 
 2395 	tests: Fix for NetBSD with __func__.
 2396 	+ commit 64aa98c8a05513d9c00f53a2b880d80f9035333e
 2397 	* tests/asschk.c: Don't define __func__ if available.
 2398 
 2399 2018-01-27  Werner Koch  <wk@gnupg.org>
 2400 
 2401 	dirmngr: Improve assuan error comment for cmd keyserver.
 2402 	+ commit f8e868d9dfb6fc1390e421e7993a1d076309ed83
 2403 	* dirmngr/server.c: Add error comment in case --resolve fails in
 2404 	ensure_keyserver.
 2405 
 2406 2018-01-26  NIIBE Yutaka  <gniibe@fsij.org>
 2407 
 2408 	agent: Fix last commit.
 2409 	+ commit d7207b39b71d1b07c4cddac602f29ec583f6d1ad
 2410 	* configure.ac: Check ucred.h as well as sys/ucred.h.
 2411 	* agent/command-ssh.c: Add inclusion of ucred.h.
 2412 
 2413 	agent: More fix for get_client_pid for portability.
 2414 	+ commit 08e686a6a6d5bcb5410228b388745d09686b260c
 2415 	    * configure.ac: Check sys/ucred.h instead of ucred.h.
 2416 	    * agent/command-ssh.c: Include sys/ucred.h.
 2417 
 2418 2018-01-22  NIIBE Yutaka  <gniibe@fsij.org>
 2419 
 2420 	scd: Support KDF Data Object of OpenPGPcard V3.3.
 2421 	+ commit 91303b7df9c3e810cfcd4920f78bac6f8b7df2b2
 2422 	* scd/app-openpgp.c (do_getattr, do_setattr): Add KDF support.
 2423 	(pin2hash_if_kdf): New.
 2424 	(verify_a_chv): Add PINLEN arg.  Use pin2hash_if_kdf.
 2425 	(verify_chv2, do_sign): Follow the change of verify_a_chv.
 2426 	(verify_chv3, do_change_pin): Use pin2hash_if_kdf.
 2427 
 2428 2018-01-18  Werner Koch  <wk@gnupg.org>
 2429 
 2430 	gpg: Fix the use of future-default with --quick-add-key.
 2431 	+ commit e1e35db510c9222e7a7dc208c2e49df556954170
 2432 	* g10/keygen.c (parse_key_parameter_part): Add arg clear_cert.
 2433 	(parse_key_parameter_string): Add arg suggested_use and implement
 2434 	fallback.  Change callers to pass 0 for new arg.
 2435 	(parse_algo_usage_expire): Pass the parsed USAGESTR to
 2436 	parse_key_parameter_string so that it can use it in case a subkey is
 2437 	to be created.
 2438 
 2439 2018-01-09  Andre Heinecke  <aheinecke@intevation.de>
 2440 
 2441 	doc: Note pinentry-mode for passphrase opts.
 2442 	+ commit 6fb5713f4a6976900cc70c140e61043b6ef688d1
 2443 	* doc/gpg.texi (--passphrase, --passphrase-file, --passphrase-fd):
 2444 	Note that pinentry-mode needs to be loopback.
 2445 
 2446 2018-01-08  Werner Koch  <wk@gnupg.org>
 2447 
 2448 	gpg: Print all keys with --decrypt --list-only.
 2449 	+ commit 339b3301ee8410fe3bbdebb66a6e83801d79d40d
 2450 	* g10/mainproc.c (proc_pubkey_enc): Use dedicated error code for
 2451 	list-only and put the key into PKENC_LIST.
 2452 	(print_pkenc_list): Take care of the new error code.
 2453 
 2454 2018-01-01  Werner Koch  <wk@gnupg.org>
 2455 
 2456 	gpg: Allow "futuredefault" as alias for "future-default".
 2457 	+ commit 4d3c500f4793eb263940ff5ef87ec4ead63c9b4b
 2458 	* g10/keygen.c (parse_key_parameter_string): Allow "futuredefault" and
 2459 	use case-insensitive matching
 2460 	(quick_generate_keypair): Ditto.
 2461 	(parse_algo_usage_expire): Ditto.
 2462 
 2463 2017-12-29  Werner Koch  <wk@gnupg.org>
 2464 
 2465 	gpg: Allow the use of "cv25519" and "ed25519" in the keygen parms.
 2466 	+ commit 412bb7a801f242d47a82712080cce6ddbb843166
 2467 	* g10/keygen.c (gen_ecc): Map curve names.
 2468 
 2469 2017-12-27  NIIBE Yutaka  <gniibe@fsij.org>
 2470 
 2471 	scd: Fix for inactive card at start by internal CCID driver.
 2472 	+ commit 4f88b0f56134af2ce56d434b7acd47fcf9b6f7cf
 2473 	* scd/ccid-driver.c (do_close_reader): Set NULL on close.
 2474 	(bulk_in): Move DEBUGOUT and check by EP_INTR.
 2475 	(ccid_get_atr): Clear powered_off flag after initial status check.
 2476 
 2477 2017-12-22  Werner Koch  <wk@gnupg.org>
 2478 
 2479 	kbx: Simplify by removing custom memory functions.
 2480 	+ commit f3ba66781a07af2e32f5887e6e15acdd4822a431
 2481 	* kbx/keybox-util.c (keybox_set_malloc_hooks): Remove.
 2482 	(_keybox_malloc, _keybox_calloc, keybox_realloc)
 2483 	(_keybox_free): Remove.
 2484 	(keybox_file_rename): Remove.  Was not used.
 2485 	* sm/gpgsm.c (main): Remove call to keybox_set_malloc_hooks.
 2486 	* kbx/kbxutil.c (main): Ditto.
 2487 	* kbx/keybox-defs.h: Remove all separate includes.  Include util.h.
 2488 	remove convenience macros.
 2489 	* common/logging.h (return_if_fail): New.  Originally from
 2490 	keybox-defs.h but now using log_debug.
 2491 	(return_null_if_fail): Ditto.
 2492 	(return_val_if_fail): Ditto.
 2493 	(never_reached): Ditto.
 2494 
 2495 2017-12-20  Werner Koch  <wk@gnupg.org>
 2496 
 2497 	common: Use larger buffer for homedir in case of 64 bit UIDs.
 2498 	+ commit 290348e349e8d56a856f187a08e913f2ed525b3c
 2499 	* common/homedir.c (_gnupg_socketdir_internal): Enlarge PREFIX by 6
 2500 	bytes for "/gnupg".
 2501 
 2502 	Release 2.2.4.
 2503 	+ commit 558b17593ae97b8a07d06bf0d6af1a626b304501
 2504 
 2505 
 2506 2017-12-19  Petr Pisar  <petr.pisar@atlas.cz>
 2507 
 2508 	po: Update Czech translation.
 2509 	+ commit 43aaf60449036e870cc25b77fbb7312cf3fb534c
 2510 
 2511 
 2512 2017-12-19  Ineiev  <ineiev@gnu.org>
 2513 
 2514 	po: Update Russian translation.
 2515 	+ commit c7b8ec6c8e57797f0b77dbf7fca85fb600323328
 2516 
 2517 
 2518 2017-12-19  Werner Koch  <wk@gnupg.org>
 2519 
 2520 	wks: New server options --check, --with-dir, with-file.
 2521 	+ commit 7449063b1af2eef73d621a69cdb2fb713ab1ae6c
 2522 	* tools/gpg-wks-server.c (aCheck, oWithDir, oWithFile): New const.
 2523 	(opts): New options --check, --with-dir, and --with-file.
 2524 	(main): Call command_check_key.
 2525 	(command_list_domains): Implement option --with-dir.
 2526 	(fname_from_userid): New.
 2527 	(command_check_key): New.
 2528 	(command_remove_key): Implement existsing command.
 2529 	(command_revoke_key): Call command_remove_key as a simple
 2530 	implementation.
 2531 
 2532 2017-12-18  Werner Koch  <wk@gnupg.org>
 2533 
 2534 	conf: New option --status-fd.
 2535 	+ commit 482e000b8a7e336f342a7fac3b7379257e944b6e
 2536 	* tools/gpgconf.c (oStatusFD): New const.
 2537 	(opts): New option --status-fd.
 2538 	(statusfp): New var.
 2539 	(set_status_fd): New.
 2540 	(gpgconf_write_status): New.
 2541 	(gpgconf_failure): New.
 2542 	(main): Set status fd and replace exit by gpgconf_failure.
 2543 	* tools/gpgconf-comp.c: Repalce exit by gpgconf_failure.
 2544 	(gc_process_gpgconf_conf): Print a few warning status messages.
 2545 
 2546 	gpgconf: Show --compliance in expert mode.
 2547 	+ commit d74c40cef0a97cd98aa05f13b1541a94eda502a6
 2548 	* tools/gpgconf-comp.c (gc_options_gpg): Set compliance to expert.
 2549 	(gc_options_gpgsm): Ditto.
 2550 
 2551 	sm: Allow explicit setting of the default --compliance=gnupg.
 2552 	+ commit 8c878ae4c9dfa9fe26aa15f4f9db3e86833575e9
 2553 	* sm/gpgsm.c (main): Allow setting of the default compliance.
 2554 	* tools/gpgconf-comp.c (gc_options_gpgsm): Add "compliance".
 2555 
 2556 2017-12-18  NIIBE Yutaka  <gniibe@fsij.org>
 2557 
 2558 	po: Update Japanese translation.
 2559 	+ commit e3ddeff66e8c08a37ddf8b6510d69579c245e192
 2560 	* po/ja.po: Fix message with no "%s".
 2561 
 2562 2017-12-13  Werner Koch  <wk@gnupg.org>
 2563 
 2564 	gpg: Print a warning for too much data encrypted with 3DES et al.
 2565 	+ commit 416cf9e9be5d2daf0ef629208031989699b3653f
 2566 	* g10/filter.h (cipher_filter_context_t): Remove unused filed
 2567 	'create_mdc'.  Turn field 'header' into a bit field.  Add new fields
 2568 	'short_blklen_warn' and 'short_blklen_count'.
 2569 	* g10/cipher.c (write_header): Print a warning if MDC is not used.
 2570 	(cipher_filter): Print a warning for long messages encrypted with a
 2571 	short block length algorithm.
 2572 
 2573 	gpg: Simplify cipher:write_header.
 2574 	+ commit b5333e13cbc9db354ed90762190bf70605a02d1f
 2575 	* g10/cipher.c (write_header): Use write_status_printf.
 2576 
 2577 	gpg: Simplify default_recipient().
 2578 	+ commit 9f641430dcdecbd7ee205d407cb19bb4262aa95d
 2579 	* g10/pkclist.c (default_recipient): Use hexfingerprint.
 2580 
 2581 	gpg: Return an error from hexfingerprint on malloc error.
 2582 	+ commit cd26c5482b10bee7658959ae913f2ddb83190587
 2583 	* g10/keyid.c (hexfingerprint): Return NULL on malloc failure.  Chnage
 2584 	all callers.
 2585 
 2586 	gpg: Remove some xmallocs.
 2587 	+ commit 29119a6492eda5dd7920e45e7f2faa043d436591
 2588 	* g10/getkey.c (get_pubkeys): Do not use xmalloc.
 2589 
 2590 2017-12-12  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 2591 
 2592 	gpg: default-preference-list: prefer SHA512.
 2593 	+ commit 8ede3ae29a39641a2f98ad9a4cf61ea99085a892
 2594 	* g10/keygen.c (keygen_set_std_prefs): when producing default internal
 2595 	personal-digest-preferences, keep the same order.  When publishing
 2596 	external preferences, state preference for SHA512 first.
 2597 
 2598 2017-12-12  Werner Koch  <wk@gnupg.org>
 2599 
 2600 	Change backlog from 5 to 64 and provide option --listen-backlog.
 2601 	+ commit c81a447190d2763ac4c64b2e74e22e824da8aba3
 2602 	* agent/gpg-agent.c (oListenBacklog): New const.
 2603 	(opts): New option --listen-backlog.
 2604 	(listen_backlog): New var.
 2605 	(main): Parse new options.
 2606 	(create_server_socket): Use var instead of 5.
 2607 	* dirmngr/dirmngr.c: Likewise.
 2608 	* scd/scdaemon.c: Likewise.
 2609 
 2610 	build: New configure option --enable-run-gnupg-user-socket.
 2611 	+ commit 17efcd2a2acdc3b7f00711272aa51e5be2476921
 2612 	* configure.ac: (USE_RUN_GNUPG_USER_SOCKET): New ac_define.
 2613 	* common/homedir.c (_gnupg_socketdir_internal): Add extra directories.
 2614 
 2615 2017-12-11  Werner Koch  <wk@gnupg.org>
 2616 
 2617 	dirmngr: Check for WKD support at session end.
 2618 	+ commit 20b52be9ca29b0bc843fc68a279cb72728ede72f
 2619 	* dirmngr/domaininfo.c (insert_or_update): Copy the name.
 2620 	* dirmngr/misc.c (copy_stream): Allow arg OUT to be NULL.
 2621 	* dirmngr/server.c (set_error): Protect CTX.
 2622 	(dirmngr_status): Protect against missing ASSUAN_CTX.
 2623 	(dirmngr_status_help): Ditto.
 2624 	(dirmngr_status_printf): Ditto.
 2625 	(cmd_wkd_get): Factor code out to ...
 2626 	(proc_wkd_get): new func.  Support silent operation with no CTX.
 2627 	(task_check_wkd_support): New.
 2628 
 2629 	dirmngr: Add a background task framework.
 2630 	+ commit f2997adee0455c8c0fa391a853ec1b0c9fc43342
 2631 	* dirmngr/workqueue.c: New.
 2632 	* dirmngr/Makefile.am (dirmngr_SOURCES): Add new file.
 2633 	* dirmngr/server.c (server_local_s): New field session_id.
 2634 	(cmd_wkd_get): Add a task.
 2635 	(task_check_wkd_support): New stub function.
 2636 	(cmd_getinfo): New sub-commands "session_id" and "workqueue".
 2637 	(start_command_handler): Add arg session_id and store it in
 2638 	SERVER_LOCAL.
 2639 	(dirmngr_status_helpf): New.
 2640 	* dirmngr/dirmngr.h (wqtask_t): New type.
 2641 	* dirmngr/dirmngr.c (main): Pass 0 as session_id to
 2642 	start_command_handler.
 2643 	(start_connection_thread): Introduce a session_id and pass it to
 2644 	start_command_handler.  Run post session tasks.
 2645 	(housekeeping_thread): Run global workqueue tasks.
 2646 
 2647 	dirmngr: Limit the number of cached domains for WKD.
 2648 	+ commit 7a663c296e687f12ccd9a21d414de780feb4dfcf
 2649 	* dirmngr/domaininfo.c (MAX_DOMAINBUCKET_LEN): New.
 2650 	(insert_or_update): Limit the length of a bucket chain.
 2651 	(domaininfo_print_stats): Print just one summary line.
 2652 
 2653 	(cherry picked from commit 26f08343fbccdbaa177c3507a3c5e24a5cf94a2d)
 2654 
 2655 	dirmngr: Keep track of domains used for WKD queries.
 2656 	+ commit 6c1dcd79cf0977844179d9a7b189c10af5e42a7e
 2657 	* dirmngr/domaininfo.c: New file.
 2658 	* dirmngr/Makefile.am (dirmngr_SOURCES): Add file.
 2659 	* dirmngr/server.c (cmd_wkd_get): Check whether the domain is already
 2660 	known and tell domaininfo about the results.
 2661 
 2662 2017-12-08  NIIBE Yutaka  <gniibe@fsij.org>
 2663 
 2664 	agent: Fix description of shadow format.
 2665 	+ commit 5c121d44443b0a96ec6ea82b90717e3dbafd2cc5
 2666 	* agent/keyformat.txt, agent/protect.c, agent/t-protect.c: Fix.
 2667 
 2668 2017-12-07  Werner Koch  <wk@gnupg.org>
 2669 
 2670 	build: Do not define logging.h constants for libgpg-error dev versions.
 2671 	+ commit 2fedf8583bcc493f587c90bc9632d25dfd10bd10
 2672 	* common/logging.h [GPGRT_LOG_WITH_PREFIX]: Do not define the log
 2673 	constants.
 2674 
 2675 2017-12-07  NIIBE Yutaka  <gniibe@fsij.org>
 2676 
 2677 	agent: Change intialization of assuan socket system hooks.
 2678 	+ commit b9677ba16f6b386896781a751e4b2fc839e3ec81
 2679 	* agent/gpg-agent.c (initialize_modules): Add hook again.
 2680 	(main): Remove setting of the system houk but add scoket system hook
 2681 	setting after assuan initialization.
 2682 
 2683 2017-12-06  NIIBE Yutaka  <gniibe@fsij.org>
 2684 
 2685 	agent: Set assuan system hooks before call of assuan_sock_init.
 2686 	+ commit 1524ba9656f0205d8c6ef504f773b832a7a12ab9
 2687 	* agent/gpg-agent.c (initialize_modules): Move assuan_set_system_hooks.
 2688 	(main): ... here, just before assuan_sock_init.
 2689 
 2690 2017-12-04  NIIBE Yutaka  <gniibe@fsij.org>
 2691 	    Damien Goutte-Gattat  <dgouttegattat@incenp.org>
 2692 
 2693 	g10: Fix regexp sanitization.
 2694 	+ commit 0d0b9eb0d4f99e8d293a4ce4b90921a879905115
 2695 	* g10/trustdb.c (sanitize_regexp): Only escape operators.
 2696 
 2697 2017-11-26  Werner Koch  <wk@gnupg.org>
 2698 
 2699 	gpg: Do not read from uninitialized memory with --list-packets.
 2700 	+ commit 4cf3cc6e3d48c8400466ca29c3f1c22ed2da6c2c
 2701 	* g10/parse-packet.c (parse_plaintext): Fill up the allocated NAME.
 2702 
 2703 2017-11-24  Werner Koch  <wk@gnupg.org>
 2704 
 2705 	agent: New option --auto-expand-secmem.
 2706 	+ commit 18af15249de5f826c3fa8d1d40e876734adcd0cf
 2707 	* agent/gpg-agent.c (oAutoExpandSecmem): New enum value.
 2708 	(opts): New option --auto-expand-secmem.
 2709 	(main): Implement that option.
 2710 
 2711 2017-11-22  Werner Koch  <wk@gnupg.org>
 2712 
 2713 	gpg: Fix memory leaking for long inputs via --command-fd.
 2714 	+ commit ea28ea18f3ee6c9f5e69986f39848398b58e242e
 2715 	* g10/cpr.c (do_get_from_fd): Free the old buffer.
 2716 
 2717 2017-11-21  NIIBE Yutaka  <gniibe@fsij.org>
 2718 
 2719 	scd: Enable card removal check after select_application.
 2720 	+ commit 0bb7fd0cab2d53cd0d44b21301b23edfe817e66b
 2721 	* scd/apdu.c (open_ccid_reader): Fix error handling of ccid_get_atr.
 2722 	* scd/app.c (select_application): Always kick the loop if new APP.
 2723 	* scd/ccid-driver.c (ccid_open_usb_reader): Don't setup at open.
 2724 	(ccid_slot_status): Setup interrupt transfer when !ON_WIRE.
 2725 
 2726 2017-11-20  Werner Koch  <wk@gnupg.org>
 2727 
 2728 	Release 2.2.3.
 2729 	+ commit 97f4feaaca8da4dcf1ca09a2016693155016f06b
 2730 
 2731 
 2732 	build: Use -Werror only for the check.
 2733 	+ commit 04d9833e71cc9d0c087faec091c29b0b6cf69488
 2734 	* configure.ac: Do not add -Werror to mycflags.
 2735 
 2736 	gpg-agent: Avoid getting stuck in shutdown pending state.
 2737 	+ commit 7ffedfab8909a45a4b0347a5f7b52222e8439f1d
 2738 	* agent/gpg-agent.c (handle_connections): Always check inotify fds.
 2739 
 2740 2017-11-20  NIIBE Yutaka  <gniibe@fsij.org>
 2741 
 2742 	agent: Use clock or clock_gettime for calibration.
 2743 	+ commit 760aa8aadafb747f33a1461ab0c2570b5ae43716
 2744 	* agent/protect.c (calibrate_get_time): Use clock or clock_gettime.
 2745 
 2746 	build: Check -Wlogical-op flag availability with -Werror.
 2747 	+ commit 3ecd1a41be7c880976987d13e88342c98f37e064
 2748 	* configure.ac: Use -Werror.
 2749 
 2750 	build: BSD make support for yat2m.
 2751 	+ commit e1984969cac06a88c7e6f5e49e5c3104d10a847d
 2752 	* configure.ac (YAT2M): Only define when found.
 2753 	* doc/Makefile.am: Portability fix.
 2754 
 2755 2017-11-17  Werner Koch  <wk@gnupg.org>
 2756 
 2757 	dirmngr: Fix double free of a hash context in the error case.
 2758 	+ commit 2aa106d6a4e2b09c257e8d769895d93ebb7f7edf
 2759 	* dirmngr/crlcache.c: Clearly document that this fucntions takes
 2760 	ownership of MD.
 2761 	(abort_sig_check): Allow NULL for MD.
 2762 	(crl_parse_insert): Immediately set MD to NULL.  Remove check for md
 2763 	before a calling abort_sig_check.
 2764 
 2765 2017-11-15  Andre Heinecke  <aheinecke@intevation.de>
 2766 
 2767 	w32: Fix default registry path.
 2768 	+ commit 4f5afaf1fdb5cb13859aca390ccb5a1ba1dba00c
 2769 	* configure.ac (GNUPG_REGISTRY_DIR): Remove leading backslash.
 2770 
 2771 	gpgtar: Prefer --set-filename over implicit name.
 2772 	+ commit 878b8bfdcc3a8becfc46b9287a2d14cd3c875f28
 2773 	* tools/gpgtar-extract.c: Prefer opt.filename over filename
 2774 	for the directory prefix.
 2775 
 2776 2017-11-15  Werner Koch  <wk@gnupg.org>
 2777 
 2778 	gpg: Print AKL info only in verbose mode.
 2779 	+ commit b062ea5bc25157c942047b3fe7f5182a06106340
 2780 	* g10/getkey.c (get_pubkey_byname): Print info only in verbose mode.
 2781 
 2782 2017-11-14  Andre Heinecke  <aheinecke@intevation.de>
 2783 
 2784 	sm, w32: Fix initial keybox creation.
 2785 	+ commit 5ecef193bc2144e6d51a6bd5727bfd08a0d28b66
 2786 	* sm/keydb.c (maybe_create_keybox): Open new keybox in bin mode.
 2787 
 2788 2017-11-07  Werner Koch  <wk@gnupg.org>
 2789 
 2790 	Release 2.2.2.
 2791 	+ commit 5bd515005032f9340bd73e4346bbd0aef8518074
 2792 
 2793 
 2794 	dirmngr: Reduce default LDAP timeout to 15 seconds.
 2795 	+ commit 30f21f8b0fa6844a9bba3f24dc41b3ac32170109
 2796 	* dirmngr/dirmngr.c (DEFAULT_LDAP_TIMEOUT): Change to 15.
 2797 	* dirmngr/dirmngr_ldap.c (DEFAULT_LDAP_TIMEOUT): Ditto.
 2798 
 2799 	(cherry picked from commit ab7ac827041b5cd97bbca7a75b0930072dd6611f)
 2800 
 2801 	speedo: Include software versions in the W32 README.
 2802 	+ commit 23bfac6d1a8bd2d0af5a6fac3ba3a6e986d6c9e8
 2803 	(cherry picked from commit f9f72ffbfa9fd7d1a7a1823697d116d76155b407)
 2804 
 2805 2017-11-07  Ineiev  <ineiev@gnu.org>
 2806 
 2807 	po: Update Russian translation.
 2808 	+ commit 1941287c9d2c9e666bad1bd330db169f0e3d6b6c
 2809 
 2810 
 2811 2017-11-07  NIIBE Yutaka  <gniibe@fsij.org>
 2812 
 2813 	po: Update Japanese translation.
 2814 	+ commit 96d441b315ec5c9f329596cfda28ac13a8bfa21a
 2815 
 2816 
 2817 2017-11-06  Werner Koch  <wk@gnupg.org>
 2818 
 2819 	agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".
 2820 	+ commit 3607ab2cf382296cb398a92d5ec792239960bf7b
 2821 	* agent/command.c (cmd_getinfo): New sub-commands.
 2822 	* agent/protect.c (get_standard_s2k_count): Factor some code out to ...
 2823 	(get_calibrated_s2k_count): new.
 2824 	(get_standard_s2k_time): New.
 2825 
 2826 	(cherry picked from commit 52d41c8b0f4af6278d18d8935399ddad16a26856)
 2827 
 2828 	agent: New option --s2k-count.
 2829 	+ commit 78a6d0ce88ae14d8324fbab3aee3286b17e49259
 2830 	* agent/agent.h (opt): New field 's2k_count'.
 2831 	* agent/gpg-agent.c (oS2KCount): New enum value.
 2832 	(opts): New option --s2k-count.
 2833 	(parse_rereadable_options): Set opt.s2k_count.
 2834 
 2835 2017-11-06  NIIBE Yutaka  <gniibe@fsij.org>
 2836 
 2837 	g10: Unattended key generation "Key-Grip" and "Subkey-Grip".
 2838 	+ commit 680161647ad56d1ca92988f80bcc4d6fcb20b1eb
 2839 	* g10/keygen.c (pSUBKEYGRIP): New.
 2840 	(read_parameter_file): Add "Key-Grip" and "Subkey-Grip".
 2841 	(do_generate_keypair): Support pSUBKEYGRIP.
 2842 
 2843 	g10: Simplify "factory-reset" procedure.
 2844 	+ commit f183b9768b42a6792c55a6129488bd8fbf5e8e6d
 2845 	* g10/card-util.c (factory_reset): Simplify.
 2846 
 2847 2017-11-02  Ineiev  <ineiev@gnu.org>
 2848 
 2849 	po: Update Russian translation.
 2850 	+ commit 6070f5a61d4d17ff437c69e1b708d49d107c22dc
 2851 
 2852 
 2853 2017-11-02  Werner Koch  <wk@gnupg.org>
 2854 
 2855 	gpg: Introduce magic value 25519 to switch a card to ECC.
 2856 	+ commit acb300543422c660c87ac2f0211a42f792a65cc4
 2857 	* g10/card-util.c (ask_card_keyattr): Handle special value 25519.
 2858 	(do_change_keyattr): Allow changing to cv25519/ed25519.
 2859 	(generate_card_keys): Ditto.
 2860 	(card_generate_subkey): Ditto.
 2861 
 2862 	gpg: Rename two card related functions in card-util.
 2863 	+ commit de3a740c2e1156e58d2f94faa85c051740c8988e
 2864 	* g10/card-util.c (ask_card_rsa_keysize): Rename to ask_card_keyattr.
 2865 	(do_change_rsa_keysize): Rename to do_change_keyattr.
 2866 
 2867 2017-11-02  NIIBE Yutaka  <gniibe@fsij.org>
 2868 
 2869 	agent: Fix returning GPG_ERR_NOT_FOUND wrongly.
 2870 	+ commit 3da47d19df89d302c0ea25921f4bd8ce55705afe
 2871 	* agent/learncard.c (agent_handle_learn): Find SERIALNO.
 2872 
 2873 2017-11-01  NIIBE Yutaka  <gniibe@fsij.org>
 2874 
 2875 	common: Accept the Z-suffix for yymmddThhmmssZ format.
 2876 	+ commit 0e5bd473a07f188615c4fce26b73bb452d689d68
 2877 	* common/gettime.c (isotime_p): Accept the Z suffix.
 2878 
 2879 2017-10-27  NIIBE Yutaka  <gniibe@fsij.org>
 2880 
 2881 	agent: Clean up pinentry access locking.
 2882 	+ commit 3924e1442c6625a2b57573a1a634a5ec56b09a29
 2883 	* agent/agent.h (struct server_control_s): Rename PINENTRY_ACTIVE.
 2884 	* agent/call-pinentry.c (entry_owner): Remove.
 2885 	(agent_reset_query): Use thread private object of PINENTRY_ACTIVE.
 2886 	(unlock_pinentry): Add CTRL to arguments to access thread private.
 2887 	Check and decrement PINENTRY_ACTIVE for recursive use.
 2888 	(start_pinentry): Check and increment PINENTRY_ACTIVE for recursion.
 2889 	(agent_askpin): Follow the change of unlock_pinentry API.
 2890 	(agent_get_passphrase, agent_get_confirmation): Likewise.
 2891 	(agent_show_message, agent_popup_message_start): Likewise.
 2892 	(agent_popup_message_stop, agent_clear_passphrase): Likewise.
 2893 
 2894 	agent: Allow recursive use of pinentry.
 2895 	+ commit 4738256f2e0d22302377c9ec7b2ae3999338e6c6
 2896 	* agent/agent.h (struct server_control_s): Add pinentry_level.
 2897 	* agent/call-pinentry.c (agent_popup_message_stop): Not clear
 2898 	ENTRY_CTX here.
 2899 	(unlock_pinentry): Handle recursion.  Clear ENTRY_CTX here.
 2900 	(start_pinentry): Allow recursive use.
 2901 
 2902 2017-10-26  NIIBE Yutaka  <gniibe@fsij.org>
 2903 
 2904 	agent, tests: Support --disable-scdaemon build case.
 2905 	+ commit 05cb87276c21c3a47226c75026fa46a955553dd9
 2906 	* agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
 2907 	* tests/openpgp/defs.scm (create-gpghome): Likewise.
 2908 	* tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.
 2909 
 2910 	Fix comment of configure.
 2911 	+ commit b13972dfbf7224478652038725ab0d2cb41b7303
 2912 	* configure.ac (BUILD_WITH_DIRMNGR): Comment fix.
 2913 
 2914 2017-10-24  Werner Koch  <wk@gnupg.org>
 2915 
 2916 	gpg: Avoid superfluous sig check info during import.
 2917 	+ commit 84af859e391a757877c9a1d78e35face983e6d23
 2918 	* g10/key-check.c (print_info): New.
 2919 	(key_check_all_keysigs): Print sig checking results only in debug
 2920 	mode.  Prettify the stats info and suppress them in quiet mode.
 2921 
 2922 	build: New configure option --enable-werror.
 2923 	+ commit 812fe29bff42cf7dbd07e0becc55b2ada340dd97
 2924 	* configure.ac: Implement that option.
 2925 
 2926 	build: Do not mess with CFLAGS in configure.
 2927 	+ commit e417aaf69817fcb4a73c38077853dc940a2deabc
 2928 	* configure.ac: Do not mess with the user provided CFLAGS.
 2929 
 2930 2017-10-24  Rainer Perske  <rainer.perske@uni-muenster.de>
 2931 
 2932 	sm: Do not expect X.509 keyids to be unique.
 2933 	+ commit 1067403c8a7fb51decf30059e46901b5ee9f5b37
 2934 	* sm/certlist.c (gpgsm_find_cert): Add arg allow_ambiguous and use it.
 2935 	* sm/call-dirmngr.c (inq_certificate): Pass true to ALLOW_AMBIGUOUS
 2936 	(run_command_inq_cb): Ditto.
 2937 	* sm/gpgsm.c (main): Pass false.
 2938 	* sm/server.c (cmd_passwd): Pass false.
 2939 
 2940 2017-10-24  Werner Koch  <wk@gnupg.org>
 2941 
 2942 	gpgconf: Ignore non-installed components with --apply-profile.
 2943 	+ commit 6e808ae4700dc5e95bf4cc2d5c063df582c234d0
 2944 	* tools/gpgconf-comp.c (retrieve_options_from_program): Add arg
 2945 	only_installed.
 2946 	(gc_component_retrieve_options): Use this if we want to process all
 2947 	components.
 2948 
 2949 	gpg: Improve the "secret key available" notice in keyedit.c.
 2950 	+ commit 560d85ecff4246133d185dc29395f07c918b5556
 2951 	* g10/keyedit.c (KEYEDIT_NEED_SUBSK): New.
 2952 	(cmds): Add this flag to keytocard, bkuptocard, expire, and passwd.
 2953 	(keyedit_menu): Check whether only subkeys are available and take care
 2954 	of that in the command check and in the HELP listing.  Also print a
 2955 	different notice if only subkeys are available.
 2956 
 2957 	gpg: Remove unused flags from keyedit.c.
 2958 	+ commit 016538d82867c40a21bc7cbf44ec386f4699077f
 2959 	* g10/keyedit.c (KEYEDIT_NOT_SK, KEYEDIT_ONLY_SK): Remove.
 2960 	(cmds): Remove them.
 2961 
 2962 2017-10-19  Werner Koch  <wk@gnupg.org>
 2963 
 2964 	gpg: Fix creating on-disk subkey with on-card primary key.
 2965 	+ commit 44fb3fbc85b32552c91f32f099b6b246c12ce0cc
 2966 	* g10/keygen.c (generate_subkeypair): Ignore error code issued for
 2967 	trying to verify a card based key.
 2968 
 2969 	gpg: Print sec/sbb with --import-option import-show or show-only.
 2970 	+ commit 2c7dccca9b617780a3ea760adf460bb3b77f90f3
 2971 	* g10/import.c (import_one): Pass FROM_SK to list_keyblock_direct.
 2972 
 2973 	gpg: Make --dry-run and show-only work for secret keys.
 2974 	+ commit 68c8619114fd5f24cb6bfb9e0f25c428a8805323
 2975 	* g10/import.c (import_secret_one): Check for dry-run before
 2976 	transferring keys.
 2977 
 2978 2017-10-19  Damien Goutte-Gattat  <dgouttegattat@incenp.org>
 2979 
 2980 	dirmngr: Do not follow https-to-http redirects.
 2981 	+ commit 1ba308aa0356a57c21c4c8c2dac75b4d62b8aac3
 2982 	* dirmngr/ks-engine-http.c (ks_http_fetch): Forbid redirects from
 2983 	a https URI to a http URI.
 2984 
 2985 2017-10-19  NIIBE Yutaka  <gniibe@fsij.org>
 2986 
 2987 	g10: Fix find_and_check_key for multiple keyrings.
 2988 	+ commit d07de3862710d88bc80d6f6c5ca8da5cf38ff0eb
 2989 	* g10/pkclist.c (find_and_check_key): Call get_validity on a specific
 2990 	keyblock.
 2991 
 2992 2017-10-19  Werner Koch  <wk@gnupg.org>
 2993 
 2994 	gpg: Keep a lock during the read-update/insert cycle in import.
 2995 	+ commit 7c73db3d31c6457dfbdc82a8dc89951c023f0603
 2996 	* g10/keydb.c (keydb_handle): New field 'keep_lock'.
 2997 	(keydb_release): Clear that flag.
 2998 	(keydb_lock): New function.
 2999 	(unlock_all): Skip if KEEP_LOCK is set.
 3000 	* g10/getkey.c (get_keyblock_byfprint_fast): Call keep_lock if
 3001 	requested.
 3002 
 3003 	gpg: Improve keydb handling in the main import function.
 3004 	+ commit 8448347b5bdee56e6f9938a93ea92fe4d3c8800c
 3005 	* g10/getkey.c (get_pubkey_byfprint_fast): Factor most code out to ...
 3006 	(get_keyblock_byfprint_fast): .. new function.
 3007 	* g10/import.c (revocation_present): s/int rc/gpg_error_t err/.
 3008 	(import_one): Use get_keyblock_byfprint_fast to get the keyblock and a
 3009 	handle.  Remove the now surplus keyblock fetch in the merge branch.
 3010 
 3011 	gpg: Simplify keydb handling of the main import function.
 3012 	+ commit 752cae6dd2ee8982a34c796a3f168ae538f7938c
 3013 	* g10/import.c (import_keys_internal): Return gpg_error_t instead of
 3014 	int.  Change var names.
 3015 	(import_keys_es_stream): Ditto.
 3016 	(import_one): Ditto.  Use a single keydb_new and simplify the use of
 3017 	of keydb_release.
 3018 
 3019 	sm: Fix colon listing of fields > 12 in crt records.
 3020 	+ commit 1bf5cbd3ef01b7f5fdcfa30c882047b924dcf3f0
 3021 	* sm/keylist.c (print_capabilities): Move colon printing ...
 3022 	(list_cert_colon): to here.
 3023 
 3024 2017-09-28  Werner Koch  <wk@gnupg.org>
 3025 
 3026 	gpg: Workaround for junk after --trusted-key.
 3027 	+ commit b509d81cab030cca6abf0d878e1fc884eda344e6
 3028 	* g10/trust.c (register_trusted_key): Cut off everthing starting as a
 3029 	hash sign.
 3030 
 3031 2017-09-19  Werner Koch  <wk@gnupg.org>
 3032 
 3033 	Release 2.2.1.
 3034 	+ commit 355ca9e9498740fb6294eec451507b4891ae01ec
 3035 
 3036 
 3037 2017-09-18  Werner Koch  <wk@gnupg.org>
 3038 
 3039 	dirmngr: Use system certs if --hkp-cacert is not used.
 3040 	+ commit df692a6167be5486f9a29da003a00292fd895176
 3041 	* dirmngr/certcache.c (any_cert_of_class): New var.
 3042 	(put_cert): Set it.
 3043 	(cert_cache_deinit): Clear it.
 3044 	(cert_cache_any_in_class): New func.
 3045 	* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Add hack to
 3046 	override empty list of HKP certs.
 3047 
 3048 	wks: Create a new user id if provider wants mailbox-only.
 3049 	+ commit 50c8b6c88f5d9f4b6c4e9c03aee31fe29afa94b8
 3050 	* tools/gpg-wks-client.c (get_key): Add arg 'exact'.
 3051 	(add_user_id): New.
 3052 	(command_send): Create new user id.
 3053 
 3054 	wks: Send only the newest UID to the server.
 3055 	+ commit 7f7f5d06fa5aa3a3c5ab8d2e59ee76207bfdeaa0
 3056 	* tools/wks-util.c (list_key_status_cb): Rename to key_status_cb.
 3057 	(wks_filter_uid): New.
 3058 	(wks_list_key): Allow FPR to be NULL.  Return an error if no
 3059 	fingerprint was found.
 3060 	* tools/gpg-wks-server.c (process_new_key)
 3061 	(check_and_publish): Remove now useless extra check for FPR.
 3062 	* tools/gpg-wks-client.c (command_check): Ditto.
 3063 	(command_send): Filter out the newest uid.
 3064 
 3065 	wks: Print the UID creation time with gpg-wks-client --check.
 3066 	+ commit a0035986a8615df056182bb9af775b8b7b22003d
 3067 	* tools/gpg-wks.h (uidinfo_list_s): Add field 'created'.
 3068 	* tools/wks-util.c (append_to_uidinfo_list): Add arf 'created'.
 3069 	(wks_list_key): Pass timestamp to append_to_uidinfo_list.
 3070 	* tools/gpg-wks-client.c (command_check): Print UID creation time.
 3071 
 3072 	wks: Use dedicated type to convey user ids.
 3073 	+ commit 4e0696de897cac6a34d55a69d8889faf26f1a923
 3074 	* tools/gpg-wks.h (uidinfo_list_s, uidinfo_list_t): New.
 3075 	* tools/wks-util.c (append_to_uidinfo_list): New.
 3076 	(free_uidinfo_list): New.
 3077 	(wks_list_key): Change arg r_mboxes to uidinfo_list_t.  Use
 3078 	append_to_uidinfo_list.
 3079 	* tools/gpg-wks-server.c (sserver_ctx_s): Replace strlist_t by
 3080 	uidinfo_list_t.
 3081 	(process_new_key): Ditto.
 3082 	(check_and_publish): Ditto.
 3083 	(command_receive_cb): Replace free_strlist by free_uidinfo_list.
 3084 	* tools/gpg-wks-client.c (command_check): Replace strlist_t by
 3085 	uidinfo_list_t.  Also print user id in verbose mode.
 3086 
 3087 2017-09-13  Werner Koch  <wk@gnupg.org>
 3088 
 3089 	gpgv: Initialize compliance checker.
 3090 	+ commit 006ca124ed95845d43af8c14d7ab2bc085b47b4c
 3091 	* g10/gpgv.c (main): Call gnupg_initialize_compliance.
 3092 
 3093 2017-09-12  Werner Koch  <wk@gnupg.org>
 3094 
 3095 	wks: Add hack for the broken posteo system.
 3096 	+ commit a821b4f5567d02c3329c2b94a73dcbe12e6699a2
 3097 	* tools/gpg-wks-client.c (command_send): Additional hack for posteo.
 3098 	Check the protocol-version flag.
 3099 
 3100 	wks: Add new policy flag protocol-version.
 3101 	+ commit 332c9eaa2a3c7cae90b389cdaa2c149c5595fb4d
 3102 	* tools/gpg-wks.h (policy_flags_s): Add field protocol_version.
 3103 	* tools/wks-util.c (wks_parse_policy): Add new policy flag.
 3104 
 3105 	gpg: Fix "Fix key generation with only an email part".
 3106 	+ commit 8b5a2474f21dd4f1aa2a283e2f57d75e42742af5
 3107 	* g10/keygen.c (proc_parameter_file): Don't check the result of
 3108 	stpcpy.
 3109 
 3110 	wks: Use unencrypted draft-1 mode for posteo.de.
 3111 	+ commit c65a7bba7331975d20910f90cf648b6ecc5410f0
 3112 	* tools/gpg-wks-client.c (command_send): Allow sending in draft-1
 3113 	mode.
 3114 
 3115 	tools: New function mime_maker_add_body_data.
 3116 	+ commit 7d15ee88980f88ca62fc7de9492dd08e54d0f0f1
 3117 	* tools/mime-maker.c (mime_maker_add_body_data): New.
 3118 
 3119 2017-09-11  NIIBE Yutaka  <gniibe@fsij.org>
 3120 
 3121 	tests: Fix a test which specifies expiration date.
 3122 	+ commit a172759b5088ae086c0caa2e7d4d0ea346b28a90
 3123 	* tests/openpgp/quick-key-manipulation.scm: Fix expiration time
 3124 	comparison.
 3125 
 3126 	scd: Fix for large ECC keys.
 3127 	+ commit 827abe01a72a50eab1cdcde78985b42a4a8480fb
 3128 	* scd/app-openpgp.c (do_decipher): Support larger length.
 3129 
 3130 2017-09-11  Werner Koch  <wk@gnupg.org>
 3131 
 3132 	gpg: Fix key generation with only an email part.
 3133 	+ commit 7089dcc54099a4909ce7d386c07ab87e1398e2eb
 3134 	* g10/keygen.c (proc_parameter_file): Special case the email only
 3135 	case.
 3136 
 3137 2017-08-28  Werner Koch  <wk@gnupg.org>
 3138 
 3139 	Release 2.2.0.
 3140 	+ commit 9d80fb8e000189e61c173c39f1e1ca417566a7fc
 3141 
 3142 
 3143 2017-08-27  Werner Koch  <wk@gnupg.org>
 3144 	    Arnaud Fontaine  <arnaud.fontaine@ssi.gouv.fr>
 3145 
 3146 	scd: Convey the correct length for Le.
 3147 	+ commit 45d5f5800afe6613f338a26f361cb5e03e861129
 3148 	* scd/app-openpgp.c (determine_rsa_response): Round bits up.
 3149 
 3150 2017-08-24  Werner Koch  <wk@gnupg.org>
 3151 
 3152 	gpg: Fix memory leak while running --check-trustdb.
 3153 	+ commit 13821e15fb9bdddfce79d88731c0f151724b2371
 3154 	* g10/trustdb.c (update_min_ownertrust): Free PK.
 3155 
 3156 	gpg: Fix memory leak in sig-check.
 3157 	+ commit b065a696344eac3007dbd5642143ecaaeebab43a
 3158 	* g10/sig-check.c (check_signature_over_key_or_uid): Remove useless
 3159 	condition.  Actually free when SIGNER was allocated by us.
 3160 
 3161 	build: Remove obsolete option from autogen.rc.
 3162 	+ commit 02a5df614a369519ad7781f95dc977e24a0d4277
 3163 	* autogen.rc: Remove --enable-gpg2-is-gpg.
 3164 
 3165 2017-08-23  Werner Koch  <wk@gnupg.org>
 3166 
 3167 	gpgconf: Swap "auto-key-retrieve" and "no-auto-key-retrieve".
 3168 	+ commit 565e486b8028f9e3cc51ebc5202666b598042175
 3169 	* g10/gpg.c (gpgconf_list): Announce "auto-key-retrieve".
 3170 	(main): Simplify setting of KEYSERVER_AUTO_KEY_RETRIEVE.
 3171 	* tools/gpgconf-comp.c: Make "no-auto-key-retrieve" invisible.  Make
 3172 	"auto-key-retrieve" an expert option.
 3173 
 3174 	tests: Do not run trust-pgp-4.scm.
 3175 	+ commit b917cb66b79597520788cd9264889942247a3377
 3176 	* tests/openpgp/Makefile.am (XTESTS): Remove test.
 3177 	(EXTRA_DIST): Add test file.
 3178 
 3179 	build: Change SWDB tag "gnupg21" to "gnupg22".
 3180 	+ commit 008ae0bd868cb49ad4d67fc8c71707cd2a162137
 3181 	* configure.ac (GNUPG_SWDB_TAG): New ac_define.  Set it to "gnupg22".
 3182 	* tools/gpgconf.c (query_swdb): Use it.
 3183 	* build-aux/speedo.mk: Change tag "gnupg21" to "gnupg22".
 3184 	* Makefile.am (distcheck-hook): Ditto.
 3185 
 3186 2017-08-23  Åka Sikrom  <a4@hush.com>
 3187 
 3188 	po: Update Norwegian translation.
 3189 	+ commit fd0e5b60bed1cfc2aed7b2e13cc449f355eac051
 3190 
 3191 
 3192 2017-08-23  Andre Heinecke  <aheinecke@intevation.de>
 3193 
 3194 	agent: Fix string translation for Windows.
 3195 	+ commit 6158811304937b592601ef30c29c5a5cdbaa88ea
 3196 	* agent/agent.h (L_): Define agent_Lunderscore when simple
 3197 	gettext is used.
 3198 
 3199 2017-08-22  NIIBE Yutaka  <gniibe@fsij.org>
 3200 
 3201 	po: Update Japanese translation.
 3202 	+ commit e6fa6b0ce823effd721c807b2b292287af91c642
 3203 
 3204 
 3205 2017-08-21  Damien Goutte-Gattat  <dgouttegattat@incenp.org>
 3206 
 3207 	tests: Add tests for the PGP trust model.
 3208 	+ commit c23a69970ba38edae9d3b2603825d18fbb732423
 3209 	* tests/openpgp/trust-pgp-1.scm: New file.
 3210 	* tests/openpgp/trust-pgp-2.scm: New file.
 3211 	* tests/openpgp/trust-pgp-3.scm: New file.
 3212 	* tests/openpgp/trust-pgp-4.scm: New file.
 3213 	* tests/openpgp/trust-pgp/common.scm: New file.
 3214 	* tests/openpgp/trust-pgp/scenario1.asc: New file.
 3215 	* tests/openpgp/trust-pgp/scenario2.asc: New file.
 3216 	* tests/openpgp/trust-pgp/scenario3.asc: New file.
 3217 	* tests/openpgp/trust-pgp/scenario4.asc: New file.
 3218 	* tests/openpgp/trust-pgp/alice.sec.asc: New file.
 3219 	* tests/openpgp/trust-pgp/bobby.sec.asc: New file.
 3220 	* tests/openpgp/trust-pgp/carol.sec.asc: New file.
 3221 	* tests/openpgp/trust-pgp/david.sec.asc: New file.
 3222 	* tests/openpgp/trust-pgp/frank.sec.asc: New file.
 3223 	* tests/openpgp/trust-pgp/grace.sec.asc: New file.
 3224 	* tests/openpgp/trust-pgp/heidi.sec.asc: New file.
 3225 	* tests/openpgp/Makefile.am (XTESTS): Add new tests.
 3226 	(TEST_FILES): Add new files.
 3227 	(EXTRA_DIST): Add new common file.
 3228 
 3229 	tests: Move some functions into a common module.
 3230 	+ commit cbe54b28bf3610204e12c50c0606df37337a1156
 3231 	* tests/openpgp/tofu.scm (gettrust): Moved to the common defs.scm
 3232 	module.
 3233 	(checktrust): Likewise.
 3234 	* tests/openpgp/defs.scm (gettrust): New function.
 3235 	(checktrust): Likewise.
 3236 
 3237 	gpgconf: Make WoT settings configurable by gpgconf.
 3238 	+ commit 0161225457e0609509d0d5f4b80a60a1071b4b48
 3239 	* tools/gpgconf-comp.c (gc_options_gpg): Add max-cert-depth,
 3240 	completes-needed, and marginals-needed options.
 3241 	* g10/gpg.c (gpgconf_list): Likewise.
 3242 
 3243 2017-08-21  Justus Winter  <justus@g10code.com>
 3244 
 3245 	gpgscm: Fix -Wimplicit-fallthrough warnings.
 3246 	+ commit 6e596b2a745ae7a75a69038cf00ab4bbae1cebaa
 3247 	* tests/gpgscm/scheme.c (CASE): Rearrange so that the case statement
 3248 	is at the front.
 3249 	(Eval_Cycle): Improve fallthrough annotations.
 3250 
 3251 2017-08-11  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 3252 
 3253 	gpg: default to --no-auto-key-retrieve.
 3254 	+ commit e6f84116abca2ed49bf14b2e28c3c811a3717227
 3255 	* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
 3256 	default keyserver options.
 3257 	* doc/gpg.texi: document this change.
 3258 
 3259 2017-08-10  Justus Winter  <justus@g10code.com>
 3260 
 3261 	tests: Improve documentation.
 3262 	+ commit 23107ba20f8b4eb5482b480ad6a8af6b39d2bfeb
 3263 	* tests/openpgp/README: Add quickstart instructions, how to use
 3264 	shell.scm, remove no longer used MKDATA.
 3265 
 3266 2017-08-09  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>
 3267 
 3268 	g10: Write status error on error of --quick-revoke-uid.
 3269 	+ commit 977fc5f0eb9fdee19e66bea8cd2eb5414789b485
 3270 	* g10/keyedit.c (keyedit_quick_revuid): Write status error on error.
 3271 
 3272 2017-08-09  Werner Koch  <wk@gnupg.org>
 3273 
 3274 	Release 2.1.23.
 3275 	+ commit e8ffa9a6ca5d76660b67207cd1157068e48483de
 3276 
 3277 
 3278 	po: Update German translation.
 3279 	+ commit 2059dbf201963c6f229698ae80c6c774b1f686c8
 3280 
 3281 
 3282 2017-08-08  Werner Koch  <wk@gnupg.org>
 3283 
 3284 	build: New configure option --enable-all-tests.
 3285 	+ commit fb21aa8b50367e2afa13bad73fc21d6f01a97e18
 3286 	* configure.ac: New option --enable-all-tests.
 3287 	* tests/gpgscm/ffi.c (ffi_init): New gloabl var *run-all-tests*.
 3288 	* tests/openpgp/all-tests.scm (all-tests): Use that var instead
 3289 	of *maintainer-mode*.
 3290 	* Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Add --enable-all-tests.
 3291 
 3292 	gpgscm: Make the test summary stand out.
 3293 	+ commit 0bd19dae1161a71053d794e4f75e66f70445f9f0
 3294 	* tests/gpgscm/tests.scm (test-pool): Add delimiter lines.
 3295 
 3296 	sm: Always print the keygrip in colon mode.
 3297 	+ commit 0a8e20c4c639f0c491e2af5ac5fb97005196422b
 3298 	* sm/keylist.c (list_cert_colon): Always print the keygrip as
 3299 	described in the manual.
 3300 
 3301 2017-08-08  Justus Winter  <justus@g10code.com>
 3302 
 3303 	gpg: Add option '--disable-dirmngr'.
 3304 	+ commit c4506f624ed6854aa0ba1629aa2d1d43eb26900d
 3305 	* doc/gpg.texi: Document new option.
 3306 	* g10/call-dirmngr.c (create_context): Fail if option is given.
 3307 	* g10/gpg.c (cmd_and_opt_values): New value.
 3308 	(opts): New option.
 3309 	(gpgconf_list): Add new option.
 3310 	(main): Handle new option.
 3311 	* g10/options.h (struct opt): New field 'disable_dirmngr'.
 3312 	* tools/gpgconf-comp.c (gc_options_gpg): New option.
 3313 
 3314 2017-08-07  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 3315 
 3316 	systemd-user: Drop redundant After=*.socket.
 3317 	+ commit 81074c3b0211854a2dc94600dc892224201536f5
 3318 	* doc/examples/systemd-user/*.service: Drop redundant After=*.socket
 3319 	directive.
 3320 
 3321 	systemd-user: Drop RefuseManualStart=true.
 3322 	+ commit 407da18254dfebcacfaee16952ef0b617b1626ea
 3323 	* doc/examples/systemd-user/*.service: drop RefuseManualStart=true
 3324 
 3325 2017-08-07  Justus Winter  <justus@g10code.com>
 3326 
 3327 	tests: Do not run all tests unless in maintainer mode.
 3328 	+ commit b0112dbca91e720a4ff622ad0e88d99eba56203a
 3329 	* configure.ac: Leak the maintainer mode flag into 'config.h'.
 3330 	* tests/gpgscm/ffi.c: Pass it into the scheme environment.
 3331 	* tests/openpgp/all-tests.scm: Only run tests against non-default
 3332 	configurations (keyring, extended-key-format) in maintainer mode.
 3333 
 3334 2017-08-07  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 3335 
 3336 	Fix spelling.
 3337 	+ commit a611cba142470c52f3303c512f77ae7d195cc41f
 3338 	* doc/gpg.texi: s/occured/occurred/
 3339 
 3340 	Simple typo fix.
 3341 	+ commit f011d8763a009612c858a287cf7cc6a1f1a6d32a
 3342 	* agent/gpg-agent.c: Correct spelling in comment.
 3343 
 3344 2017-08-05  Werner Koch  <wk@gnupg.org>
 3345 
 3346 	gpg: Install gpg by default under the name gpg.
 3347 	+ commit a69464b0b6dac88b360a13d3faf19dd7f2a0e02b
 3348 	* configure.ac: Remove option --enable-gpg2-is-gpg.  Add option
 3349 	--enable-gpg-is-gpg2.
 3350 	* build-aux/speedo.mk (speedo_pkg_gnupg_configure): Remove
 3351 	--enable-gpg2-is-gpg.
 3352 
 3353 	gpg: gpgconf needs to support the now default --auto-key-retrieve.
 3354 	+ commit 69e97d909d586160cc0631c9a6f4d3f24bb0c682
 3355 	* tools/gpgconf-comp.c (gc_options_gpg): Re-add "auto-key_retrieve".
 3356 
 3357 2017-08-04  Werner Koch  <wk@gnupg.org>
 3358 
 3359 	gpg: Fix memory leak in parse_auto_key_locate.
 3360 	+ commit b70e86fd1050fc6da07a177ed142ae9882b4dd0d
 3361 	* g10/getkey.c (parse_auto_key_locate): Fix freeing of OPTIONS.
 3362 
 3363 	tests: Adjust tests for changed --auto-key-locate default.
 3364 	+ commit 0767eada1479c0fa9d4b75781a8c2afb67bdbf90
 3365 	* tests/openpgp/defs.scm (create-gpghome): Disable new defaults.
 3366 
 3367 	gpg: Make --no-auto-key-retrieve gpgconf-igurable.
 3368 	+ commit 9bb13a0e819334681caca38c9074bd7bfc04e45e
 3369 	* g10/gpg.c (gpgconf_list): Print no-auto-key-retrieve instead of
 3370 	auto-key-retrieve.
 3371 	* tools/gpgconf-comp.c (gc_options_gpg): Replace auto-key-retrieve by
 3372 	no-auto-key-retrieve and chnage level from invisible to advanced.
 3373 
 3374 	gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve.
 3375 	+ commit 7e1fe791d188b078398bf83c9af992cb1bd2a4b3
 3376 	* g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default
 3377 	keyserver options.  Set the default for --auto-key-locate to
 3378 	"local,wkd".  Reset that default iff --auto-key-locate has been given
 3379 	in the option file or in the commandline.
 3380 	* g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg.
 3381 
 3382 	agent: Make --no-grab the default.
 3383 	+ commit 3d78ae4d3de08398fabae5821045a3a1da6dadbe
 3384 	* agent/gpg-agent.c (oGrab): New const.
 3385 	(opts): New option --grab.  Remove description for --no-grab.
 3386 	(parse_rereadable_options): Make --no-grab the default.
 3387 	(finalize_rereadable_options): Allow --grab to override --no-grab.
 3388 	(main) <gpgconflist>: Add "grab".
 3389 	* tools/gpgconf-comp.c (gc_options_gpg_agent): Add "grab".
 3390 
 3391 	gpg: Avoid double fingerprint printing with import-show.
 3392 	+ commit b54d75fb1dcfa2cebb3a2497b81ffb49acac2056
 3393 	* g10/import.c (import_one) <IMPORT_SHOW>: Take care of fingerprint
 3394 	options.
 3395 
 3396 	gpg: New import option show-only.
 3397 	+ commit d9fabcc1989d7235ea0294874803295a30f8711b
 3398 	* g10/options.h (IMPORT_DRY_RUN): New.
 3399 	* g10/import.c (parse_import_options): Add "show-only".
 3400 	(import_one): use that as alternative to opt.dry_run.
 3401 
 3402 2017-08-03  Werner Koch  <wk@gnupg.org>
 3403 
 3404 	wks: Allow gpg-wks-client --supported with just the domain name.
 3405 	+ commit 6cba56d436b56ea5e60042144a8a75a2e80007c8
 3406 	* tools/gpg-wks-client.c (command_supported): Hack for missing local
 3407 	part.
 3408 
 3409 2017-08-02  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>
 3410 
 3411 	g10: Always save standard revocation certificate in file.
 3412 	+ commit dcfb01959802b27869528dda1d9a4f5e79574bb5
 3413 	* g10/revoke.c (gen_standard_revocation): Set opt.outfile to NULL
 3414 	temporarily to create certificate in right place.
 3415 
 3416 2017-08-01  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>
 3417 
 3418 	Revert "g10: Always save standard revocation certificate in file."
 3419 	+ commit 624cd2d0bf6cc6dd1b79654295dc76f5b2d6d70b
 3420 	This reverts commit ebc65ff459e6c228fb7406e375819a9fe5637abe.
 3421 
 3422 	g10: Always save standard revocation certificate in file.
 3423 	+ commit ebc65ff459e6c228fb7406e375819a9fe5637abe
 3424 	* g10/main.h (open_outfile): New parameter NO_OUTFILE.
 3425 	* g10/openfile.c (open_outfile): New parameter NO_OUTFILE.  If given,
 3426 	never use opt.outfile.
 3427 	* g10/revoke.c (create_revocation): If FILENAME is true, also set
 3428 	NO_OUTFILE to true (for standard revocation certificates).
 3429 	* g10/dearmor.c, g10/encrypt.c, g10/export.c, g10/revoke.c,
 3430 	g10/sign.c: Adjust all other callers.
 3431 
 3432 	artwork: Add icons.
 3433 	+ commit a8d0b8d2333ddab703d1e346e06c106eeeedfd53
 3434 	* artwork/icons/index.css: New file.
 3435 	* artwork/icons/index.html: New file.
 3436 	* artwork/icons/lock-12.png: New file.
 3437 	* artwork/icons/lock-128.png: New file.
 3438 	* artwork/icons/lock-16.png: New file.
 3439 	* artwork/icons/lock-24.png: New file.
 3440 	* artwork/icons/lock-256.png: New file.
 3441 	* artwork/icons/lock-32.png: New file.
 3442 	* artwork/icons/lock-48.png: New file.
 3443 	* artwork/icons/lock-64.png: New file.
 3444 	* artwork/icons/lock-wing-12.png: New file.
 3445 	* artwork/icons/lock-wing-128.png: New file.
 3446 	* artwork/icons/lock-wing-16.png: New file.
 3447 	* artwork/icons/lock-wing-24.png: New file.
 3448 	* artwork/icons/lock-wing-256.png: New file.
 3449 	* artwork/icons/lock-wing-32.png: New file.
 3450 	* artwork/icons/lock-wing-48.png: New file.
 3451 	* artwork/icons/lock-wing-64.png: New file.
 3452 	* artwork/icons/lock-wing.svg: New file.
 3453 	* artwork/icons/lock.svg: New file.
 3454 	* artwork/icons/wing-12.png: New file.
 3455 	* artwork/icons/wing-128.png: New file.
 3456 	* artwork/icons/wing-16.png: New file.
 3457 	* artwork/icons/wing-24.png: New file.
 3458 	* artwork/icons/wing-256.png: New file.
 3459 	* artwork/icons/wing-32.png: New file.
 3460 	* artwork/icons/wing-48.png: New file.
 3461 	* artwork/icons/wing-64.png: New file.
 3462 	* artwork/icons/wing.svg: New file.
 3463 
 3464 2017-08-01  Werner Koch  <wk@gnupg.org>
 3465 
 3466 	gpg,sm: Error out on compliance mismatch while decrypting.
 3467 	+ commit 4e117f206beb38287ddcd3251fb7baabadfbddbb
 3468 	* g10/pubkey-enc.c (get_session_key): Bail out if the algo is not
 3469 	allowed in the current compliance mode.
 3470 	* sm/decrypt.c (gpgsm_decrypt): Ditto.
 3471 
 3472 2017-08-01  NIIBE Yutaka  <gniibe@fsij.org>
 3473 
 3474 	Simple typo fix.
 3475 	+ commit fde9a8cc6c849fb21f3e6782dbd5c6bc863357eb
 3476 	* tools/rfc822parse.c: Fix.
 3477 
 3478 	po: Update Japanese translation.
 3479 	+ commit 02b571947b9442604faa7509478cd8577c2c0b9c
 3480 
 3481 
 3482 2017-07-31  Werner Koch  <wk@gnupg.org>
 3483 
 3484 	dirmngr,w32: Fix http connection timeout problem.
 3485 	+ commit 482fd5758c1b7e1b33c4cb50656e586a3ae16815
 3486 	* dirmngr/http.c (connect_with_timeout) [W32]: Take care of EAGAIN.
 3487 
 3488 	Explain the "server is older than xxx warning".
 3489 	+ commit 4ad5bc1b6d72483123963c894ee1412b2ceb99b4
 3490 	* g10/call-agent.c (warn_version_mismatch): Print a note on how to
 3491 	restart the servers.
 3492 	* g10/call-dirmngr.c (warn_version_mismatch): Ditto.
 3493 	* sm/call-agent.c (warn_version_mismatch): Ditto.
 3494 	* sm/call-dirmngr.c (warn_version_mismatch): Ditto.
 3495 
 3496 2017-07-28  Werner Koch  <wk@gnupg.org>
 3497 
 3498 	Release 2.1.22.
 3499 	+ commit 7d335ff496b129ee6f33c4ca25bd7a6631a4b590
 3500 
 3501 
 3502 	po: Update German translation.
 3503 	+ commit 339f672dad94b4e0000fd2d3a1f272a4861c91c3
 3504 
 3505 
 3506 	agent: Make --ssh-fingerprint-digest re-readable.
 3507 	+ commit 6c9899bede6ecb2ccf7336d12724090f36a6aa3d
 3508 	* agent/gpg-agent.c (main): Move oSSHFingerprintDigest to ...
 3509 	(parse_rereadable_options): here.
 3510 	(opts): Change its description.
 3511 	(main) <aGPGConfList>: Include this option.
 3512 	* tools/gpgconf-comp.c (gc_options_gpg_agent): Add option at expert
 3513 	level.
 3514 
 3515 	gpg,sm: String changes for compliance diagnostics.
 3516 	+ commit efe187e8a2b583defdcd9d4b96e3dc83f95bef0d
 3517 
 3518 
 3519 	agent: For OCB key files return Bad Passprase instead of Checksum Error.
 3520 	+ commit 5cf95157c5db88dd599ac4d48f619782179b1438
 3521 	* agent/protect.c (do_decryption): Map error checksum to bad
 3522 	passpharse protection
 3523 
 3524 	* agent/call-pinentry.c (unlock_pinentry): Don't munge the error
 3525 	source for corrupted protection.
 3526 
 3527 	gpg: Minor rework for better readibility of get_best_pubkey_byname.
 3528 	+ commit 1c35e29af95c46475f297d2bd70a5f3bd49d45b1
 3529 	* g10/getkey.c (get_best_pubkey_byname): Change return type to
 3530 	gpg_error_t.  Use var name err instead of rc.  Move a
 3531 	gpg_error_from_syserror closer to the call.
 3532 
 3533 	gpg: Fix segv in get_best_pubkey_byname.
 3534 	+ commit 6496dc1f9d2aef3bf8cf950da2434c96f7a0145c
 3535 	* g10/getkey.c (get_best_pubkey_byname): Init NEW.
 3536 
 3537 	agent: Minor cleanup (mostly for documentation).
 3538 	+ commit 5516ef47a22dfdf9cdf56107f34d2bda9e46deec
 3539 	* agent/command.c (cmd_pksign): Change var name 'rc' to 'err'.
 3540 	* agent/findkey.c (read_key_file): Ditto.  Change return type to
 3541 	gpg_error_t.  On es_fessk failure return a correct error code.
 3542 	(agent_key_from_file): Change var name 'rc' to 'err'.
 3543 	* agent/pksign.c (agent_pksign_do): Ditto.  Change return type to
 3544 	gpg_error_t.  Return a valid erro code on malloc failure.
 3545 	(agent_pksign): Ditto.  Change return type to gpg_error_t.  replace
 3546 	xmalloc by xtrymalloc.
 3547 	* agent/protect.c (calculate_mic): Change return type to gpg_error_t.
 3548 	(do_decryption): Ditto.  Do not init RC.
 3549 	(merge_lists): Change return type to gpg_error_t.
 3550 	(agent_unprotect): Ditto.
 3551 	(agent_get_shadow_info): Ditto.
 3552 
 3553 2017-07-27  Werner Koch  <wk@gnupg.org>
 3554 
 3555 	gpg: Tweak compliance checking for verification.
 3556 	+ commit 6502bb0d2af5784918ebb74242fff6f0a72844bf
 3557 	* common/compliance.c (gnupg_pk_is_allowed): Rework to always allow
 3558 	verification.
 3559 	* g10/mainproc.c (check_sig_and_print): Print a con-compliant warning.
 3560 	* g10/sig-check.c (check_signature2): Use log_error instead of
 3561 	log_info.
 3562 
 3563 	gpg,sm: Allow encryption (with warning) to any key in de-vs mode.
 3564 	+ commit 1bd22a85b4f06324037b3500d2fa8af62733c926
 3565 	* g10/encrypt.c (encrypt_crypt): Do not abort for a non-compliant key.
 3566 	* sm/encrypt.c (gpgsm_encrypt): Ditto.
 3567 
 3568 	gpg,sm: Fix compliance checking for decryption.
 3569 	+ commit a0d0cbee7654ad7582400efaa92d493cd8e669e9
 3570 	* common/compliance.c (gnupg_pk_is_compliant): Remove the Elgamal
 3571 	signing check.  We don't support Elgamal signing at all.
 3572 	(gnupg_pk_is_allowed) <de-vs>: Revert encryption/decryption for RSA.
 3573 	Check the curvenames for ECDH.
 3574 	* g10/pubkey-enc.c (get_session_key): Print only a warning if the key
 3575 	is not compliant.
 3576 	* sm/decrypt.c (gpgsm_decrypt): Ditto.  Use the same string as in gpg
 3577 	so that we have only one translation.
 3578 
 3579 	gpg: Avoid output to the tty during import.
 3580 	+ commit fcb62fe20f45290bf95703ec3bf4d0b361fa4339
 3581 	* g10/key-check.c (key_check_all_keysigs): Add arg mode and change all
 3582 	output calls to use it.
 3583 	* g10/keyedit.c (keyedit_print_one_sig): Add arg fp and chnage all
 3584 	output calls to use it.
 3585 	(keyedit_menu): Adjust for changes.
 3586 	* g10/gpgcompose.c (keyedit_print_one_sig): Add dummy arg fp.
 3587 	* g10/import.c (import_one): Call key_check_all_keysigs with output to
 3588 	the log stream.
 3589 
 3590 2017-07-26  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>
 3591 
 3592 	g10: Make sure exactly one fingerprint is output with --quick-gen-key.
 3593 	+ commit 94eea0ed2c8b47cb0fe02b22cbe668705a5fe0d0
 3594 	* g10/keygen.c (do_generate_keypair): Only set fpr in
 3595 	list_keyblock_direct invocation if neither --fingerprint nor
 3596 	--with-fingerprints are given.
 3597 
 3598 2017-07-26  Werner Koch  <wk@gnupg.org>
 3599 
 3600 	doc: Add man pages form gpg-wks-server and gpg-wks-client.
 3601 	+ commit be636c3cfca178927b09ef4154c3e555d6f5b1c4
 3602 	* doc/wks.texi: New.
 3603 	* doc/gnupg.texi: Include wks.texi.
 3604 	* doc/Makefile.am (gnupg_TEXINFOS): Add wks.texi.
 3605 	(myman_pages): Add new man pages.
 3606 
 3607 	wks: Fix program names in the usage diagnostics.
 3608 	+ commit c76398da5b15df2086f68bc26b7fde75219976c7
 3609 	* tools/gpg-wks-client.c (my_strusage): Add case 12.
 3610 	* tools/gpg-wks-server.c (my_strusage): Add case 12:
 3611 
 3612 2017-07-26  Andre Heinecke  <aheinecke@intevation.de>
 3613 
 3614 	doc: Update vsnfd profile example.
 3615 	+ commit 4f569c69075fddbaea588544a6625c28cb4cb8f4
 3616 	* doc/examples/vsnfd.prf: Use rsa3072
 3617 
 3618 2017-07-26  Werner Koch  <wk@gnupg.org>
 3619 
 3620 	dirmngr: Do not use a blocking connect in Tor mode.
 3621 	+ commit c5e5748480952e5bcedb16f6ce6ef7e435acb3c7
 3622 	* dirmngr/http.c (http_raw_connect): Disable the timeout in Tor mode.
 3623 	(send_request): Ditto.
 3624 
 3625 	dirmngr: Auto-enable Tor on startup or reload.
 3626 	+ commit fd68bdb61ec4f8441da6d3023a8da4315df54cec
 3627 	* dirmngr/dirmngr.c (dirmngr_use_tor): Test for Tor availibility.
 3628 
 3629 	agent,dirmngr: Check for homedir removal also using stat(2).
 3630 	+ commit d50c2eff8d6931586c527edb3dea98dbc6facdec
 3631 	* agent/gpg-agent.c (have_homedir_inotify): New var.
 3632 	(reliable_homedir_inotify): New var.
 3633 	(main):  Set reliable_homedir_inotify.
 3634 	(handle_tick): Call stat on the homedir.
 3635 	(handle_connections): Mark availibility of the inotify watch.
 3636 	* dirmngr/dirmngr.c (handle_tick): Call stat on the homedir.
 3637 	(TIMERTICK_INTERVAL_SHUTDOWN): New.
 3638 	(handle_connections): Depend tick interval on the shutdown state.
 3639 
 3640 	agent: Lengthen timertick interval on Unix to 4 seconds.
 3641 	+ commit f4ec7697a9c2d7587794d3bd75efbb0b51d6562f
 3642 	* agent/gpg-agent.c (TIMERTICK_INTERVAL): Same value for Windows and
 3643 	Unix.
 3644 
 3645 2017-07-25  Werner Koch  <wk@gnupg.org>
 3646 
 3647 	common: Strip trailing slashes from the homedir.
 3648 	+ commit 24c7aa0d58e3768690dd8ebef0e8e01af7e80f83
 3649 	* common/homedir.c (default_homedir): Strip trailing slashes.
 3650 	(gnupg_set_homedir): Ditto.
 3651 
 3652 	w32: Also change the directory on daemon startup.
 3653 	+ commit 0ef50340ef68b2541d9a1aafa71f5400aef4dc7e
 3654 	* agent/gpg-agent.c (main): Always to the chdir.
 3655 	* dirmngr/dirmngr.c (main): Ditto.
 3656 	* scd/scdaemon.c (main): Ditto.
 3657 
 3658 	common: New functions gnupg_daemon_rootdir and gnupg_chdir.
 3659 	+ commit 226f143ca01cf335c7c4e3e94c96fb9d271eccc9
 3660 	* common/sysutils.c (gnupg_chdir): New.
 3661 	* common/homedir.c (gnupg_daemon_rootdir): New.
 3662 	* agent/gpg-agent.c (main): Use these functions instead chdir("/").
 3663 	* dirmngr/dirmngr.c (main): Ditto.
 3664 	* scd/scdaemon.c (main): Ditto.
 3665 
 3666 	gpg: Update key origin info during import merge.
 3667 	+ commit 166d0d7a2439f30c0a250faadc16ce3453447d71
 3668 	* g10/import.c (update_key_origin): New.
 3669 	(merge_blocks): Add arg curtime.
 3670 	(import_one): Pass curtime to merge_blocks.  Call update_key_origin.
 3671 
 3672 	gpg: Store key origin for new userids during import merge.
 3673 	+ commit 84c993d9325fc000acac7950b2dfeefa5976df3b
 3674 	* g10/import.c (apply_meta_data): Rename to ...
 3675 	(insert_key_origin): this.  Factor code out to ...
 3676 	(insert_key_origin_pk, insert_key_origin_uid): new funcs.
 3677 	(import_one): Move insert_key_origin behind clean_key.
 3678 	(merge_blocks): Add args options, origin, and url.
 3679 	(append_uid): Rename to ...
 3680 	(append_new_uid): this.  Add args options, curtime, origin, and url.
 3681 	Call insert_key_origin_uid for new UIDs.
 3682 
 3683 2017-07-25  NIIBE Yutaka  <gniibe@fsij.org>
 3684 
 3685 	dirmngr: Add annotation for fallthrough.
 3686 	+ commit d40b4a41a8d60292fd4b5b951a19883e31090179
 3687 	* dirmngr/dns.c: Add /* FALL THROUGH */ to clarify.
 3688 
 3689 2017-07-24  Werner Koch  <wk@gnupg.org>
 3690 
 3691 	gpg: Extend --key-origin to take an optional URL arg.
 3692 	+ commit 87b5421ca84bbea68217c9ed771ee8c0a98a4d0c
 3693 	* g10/getkey.c (parse_key_origin): Parse appended URL.
 3694 	* g10/options.h (struct opt): Add field 'key_origin_url'.
 3695 	* g10/gpg.c (main) <aImport>: Pass that option to import_keys.
 3696 	* g10/import.c (apply_meta_data): Extend for file and url.
 3697 	* g10/keyserver.c (keyserver_fetch): Pass the url to
 3698 	import_keys_es_stream.
 3699 
 3700 	gpg: Store key origin info for new keys from a keyserver.
 3701 	+ commit 2ca0381d077d766593db26f4215b8eddee8d7963
 3702 	* g10/keyserver.c (keyserver_get_chunk): Use KEYORG_KS if request was
 3703 	done by fingerprint.
 3704 	* g10/import.c (apply_meta_data): Implement that.
 3705 
 3706 	gpg: Store key origin info for new DANE and WKD retrieved keys.
 3707 	+ commit e7068bf92ec5ca5d440346d43a382c1f625b924d
 3708 	* g10/import.c (apply_meta_data): Remove arg 'merge'.  Add arg 'url'.
 3709 	Implement WKD and DANE key origin.
 3710 	(import_keys_internal): Add arg 'url' and change all callers.
 3711 	(import_keys_es_stream): Ditto.
 3712 	(import): Ditto.
 3713 	(import_one): Ditto.
 3714 	* g10/keylist.c (list_keyblock_print): Fix update URL printing.
 3715 	* g10/call-dirmngr.c (gpg_dirmngr_wkd_get): Add arg 'r_url' to return
 3716 	the SOURCE.  Pass ks_status_cb to assuan_transact.
 3717 	* g10/keyserver.c (keyserver_import_wkd): Get that URL and pass it to
 3718 	the import function.
 3719 
 3720 	gpg: Filter keys received via DANE.
 3721 	+ commit f6f0dd4d5ea85e0b16e96d7678b1d508182049a8
 3722 	* g10/keyserver.c (keyserver_import_cert): Use an import filter in
 3723 	DANE mode.
 3724 
 3725 	dirmngr: Print a SOURCE status for WKD requests.
 3726 	+ commit e97548223948222a5c22acdf3775c7f93c1e17a9
 3727 	* dirmngr/server.c (cmd_wkd_get): Print a SOURCE status.
 3728 
 3729 	dirmngr: New function dirmngr_status_printf.
 3730 	+ commit 9b88cfa0962f28894658cff8777fe7a217c6f700
 3731 	* dirmngr/server.c (dirmngr_status_printf): New.
 3732 
 3733 2017-07-24  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>
 3734 
 3735 	g10: Make sure to emit NEED_PASSPHRASE on --import of secret key.
 3736 	+ commit 872137b5921dd297e7d2c1def6e3868b7595feb5
 3737 	* call-agent.h (agent_import_key): Add keyid parameters.
 3738 	* call-agent.c (agent_import_key): Set keyid parameters.
 3739 	* import.c (transfer_secret_keys): Pass keyid parameters.
 3740 
 3741 	w32: Change directory on daemon startup.
 3742 	+ commit 78ebc62604d77600b9865950610717d28c6027a2
 3743 	* agent/gpg-agent.c [HAVE_W32_SYSTEM]: Include <direct.h>.
 3744 	(main) [HAVE_W32_SYSTEM]: Change working directory to \.
 3745 	* dirmngr/dirmngr.c [HAVE_W32_SYSTEM]: Include <direct.h>.
 3746 	(main) [HAVE_W32_SYSTEM]: Change working directory to \.
 3747 	* scd/scdaemon.c [HAVE_W32_SYSTEM]: Include <direct.h>.
 3748 	(main) [HAVE_W32_SYSTEM]: Change working directory to \.
 3749 
 3750 	g10: Make sure to emit NEED_PASSPHRASE on --export-secret-key.
 3751 	+ commit d8e46f10698da0bee4cd58d95f1f9832bdda0c5f
 3752 	* call-agent.h (agent_export_key): Add keyid parameters.
 3753 	* call-agent.c (agent_export_key): Set keyid parameters.
 3754 	* export.c (receive_seckey_from_agent): Pass keyid parameters.
 3755 
 3756 2017-07-24  NIIBE Yutaka  <gniibe@fsij.org>
 3757 
 3758 	scd: Use unsigned int for fields.
 3759 	+ commit 45e40487fb7bb51228c96c8966e38c643a9b9ba5
 3760 	* scd/app-openpgp.c (data_objects): Use unsigned ints.
 3761 
 3762 	dirmngr: More minor fix.
 3763 	+ commit ade4b2744c848e07b87afa4f186256c2a2ef1d13
 3764 	* dirmngr/http.c (send_request): Care the case of !USE_TLS.
 3765 
 3766 	dirmngr: More minor fixes.
 3767 	+ commit 789401e9557db13422f47a8c09e693f3cee0132b
 3768 	* dirmngr/http.c (http_verify_server_credentials): Duplicated const.
 3769 	* dirmngr/ldap.c (parse_one_pattern): Add comment.
 3770 
 3771 	dirmngr: Minor fix for Windows.
 3772 	+ commit 274602820cfbb15c7cdb4525acd9793bdb472e78
 3773 	* dirmngr/http.c (connect_with_timeout): Use FD2INT.
 3774 
 3775 	agent: Minor fix for Windows.
 3776 	+ commit 328fca187253c069e3630bd387a71f6d16e9820a
 3777 	* agent/command-ssh.c (serve_mmapped_ssh_request): Add const
 3778 	qualifier.
 3779 
 3780 2017-07-21  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>
 3781 
 3782 	g10: Avoid caching passphrase for failed symmetric encryption.
 3783 	+ commit e4c720fa3b31ebd3e9d764c6eab02729cf06124c
 3784 	* g10/mainproc.c (proc_encrypted): If error code is GPG_ERR_CIPHER_ALGO,
 3785 	assume the symmetric passphrase was wrong and invalidate the cache.
 3786 
 3787 2017-07-21  Werner Koch  <wk@gnupg.org>
 3788 
 3789 	gpg: Extend --quick-set-expire to allow subkey expiration setting.
 3790 	+ commit b55b72bb815ad5870456b89c3a011fa00991b4a8
 3791 	* g10/keyedit.c (keyedit_quick_set_expire): Add new arg subkeyfprs.
 3792 	(menu_expire): Rename arg force_mainkey to unattended and allow
 3793 	unattended changing of subkey expiration.
 3794 	* g10/gpg.c (main): Extend --quick-set-expire.
 3795 
 3796 	gpg: Fix possible double free of the card serialno.
 3797 	+ commit e888f7af6571ecd3994fd55cc18c9e2df7fd0c60
 3798 	* g10/free-packet.c (copy_public_key): Copy fields serialno and
 3799 	updateurl.
 3800 
 3801 	gpg: Use macros to check the signature class.
 3802 	+ commit 5818ff0ae314af08548fcc23df2b807736144a00
 3803 	* g10/import.c: Use the extistin macros for better readability.
 3804 
 3805 2017-07-21  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>
 3806 
 3807 	g10: Clean keyblock on initial commit.
 3808 	+ commit 609bbdf3614fbadeba7a6cbdfdf5004b23516a64
 3809 	* g10/import.c (import_one): If option import-clean is set,
 3810 	also clean on initial import, not only for merge.
 3811 
 3812 2017-07-21  NIIBE Yutaka  <gniibe@fsij.org>
 3813 
 3814 	scd: Fix SEGV in CCID driver.
 3815 	+ commit d8a55da715ce8447b0686f321fa43d00be34a467
 3816 	* scd/ccid-driver.c (intr_cb): Only kick the loop for removal.
 3817 	(bulk_in): Don't set POWERED_OFF when interrupt transfer is enabled.
 3818 
 3819 	g10: Don't limit at the frontend side for card capability.
 3820 	+ commit a76b6cf9709c0a2a89fa2887075491b80f3d9608
 3821 	* g10/card-util.c (MAX_GET_DATA_FROM_FILE): New.
 3822 	(get_data_from_file): Use MAX_GET_DATA_FROM_FILE.
 3823 	(change_url, change_login, change_private_do): Don't limit.
 3824 
 3825 	scd: Add debug message for v3 card.
 3826 	+ commit 892e86b0dc69193ddff018bf9b3938509dd72cb3
 3827 	* scd/app-openpgp.c (show_caps): Output more messages.
 3828 
 3829 2017-07-20  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>
 3830 
 3831 	doc: Clarify wording of export-attributes.
 3832 	+ commit cea4313644b531ef87b8c8e4bfddde4388cbbe0d
 3833 	* doc/gpg.texi: Clarify wording of export-attributes.
 3834 
 3835 2017-07-20  Werner Koch  <wk@gnupg.org>
 3836 
 3837 	gpg: New option --with-key-origin.
 3838 	+ commit 165cdd8121bbf80bfe2da071539d3578630f198f
 3839 	* g10/getkey.c (parse_key_origin): Factor list out as ...
 3840 	(key_origin_list): new struct.
 3841 	(key_origin_string): New.
 3842 	* g10/gpg.c (oWithKeyOrigin): New const.
 3843 	(opts): New option --with-key-origin.
 3844 	(main): Implement option.
 3845 	* g10/options.h (struct opt): New flag with_key_origin.
 3846 	* g10/keylist.c (list_keyblock_print): Print key origin info.
 3847 	(list_keyblock_colon): Ditto.
 3848 
 3849 	common: New function print_utf9_string.
 3850 	+ commit bddc2e04f1ddc18be20efc0f0508be401b345f42
 3851 	* common/miscellaneous.c (print_utf8_string): New.
 3852 
 3853 	gpg: Make function mk_datestr public.
 3854 	+ commit 3ee314dde16d1d69ddf840cdb8b5aa186c592262
 3855 	* g10/keydb.h (MK_DATESTR_SIZE): New.
 3856 	* g10/keyid.c (mk_datestr): Make public.  Add arg bufsize and use
 3857 	snprintf.  Change arg atime to u32.
 3858 	(datestr_from_pk): Simplify.
 3859 	(datestr_from_sig): Ditto.
 3860 	(expirestr_from_pk): Ditto.
 3861 	(expirestr_from_sig): Ditto.
 3862 	(revokestr_from_pk): Ditto.
 3863 
 3864 2017-07-20  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>
 3865 
 3866 	g10: Return proper error when gpg-agent fails to start during probe.
 3867 	+ commit 9998b162b47931fb8a8ed961d53418d505358888
 3868 	* g10/getkey.c (lookup): Return immediately on any other error than
 3869 	GPG_ERR_NO_SECKEY from agent_probe_any_secret_key.
 3870 
 3871 2017-07-20  NIIBE Yutaka  <gniibe@fsij.org>
 3872 
 3873 	scd: Support longer data length for special DOs for v3 card.
 3874 	+ commit 69614d55018ddb8678d8904a52e648931f480d72
 3875 	* scd/app-openpgp.c (data_objects): Special DOs like "Login Data",
 3876 	"URL", "Private DO N" can be longer size >= 256.
 3877 	(struct app_local_s): Define bits for v3 card.
 3878 	(get_cached_data): Use extcap.max_special_do for special DOs.
 3879 	(app_select_openpgp): Detect if extcap_v3, kdf_do, and other bits.
 3880 
 3881 	common: logstream fix.
 3882 	+ commit 84146b3ec44943f06c66a603de19094b930ad446
 3883 	* common/logging.c (set_file_fd): Don't close es_stderr.
 3884 
 3885 	dnsmngr: Fix use of CPP.
 3886 	+ commit cc12cf386b620e658fa93a0bd40477bc16d85d98
 3887 	* dirmngr/dns.c (HAVE_STATIC_ASSERT, HAVE___ATOMIC_FETCH_ADD)
 3888 	(DNS_HAVE_SOCKADDR_UN, HAVE_SOCK_NONBLOCK): Don't use defined
 3889 	to be expanded for expression evaluation.
 3890 
 3891 2017-07-19  Justus Winter  <justus@g10code.com>
 3892 
 3893 	dirmngr: Forbid redirects from .onion to clearnet URIs.
 3894 	+ commit e7fc6e3bf0eb6ffe53e1f099d28ce45cef4a8a87
 3895 	* dirmngr/ks-engine-hkp.c (send_request): Forbid redirects from .onion
 3896 	to clearnet URIs.
 3897 	* dirmngr/ks-engine-http.c (ks_http_fetch): Likewise.
 3898 
 3899 2017-07-19  Werner Koch  <wk@gnupg.org>
 3900 
 3901 	gpg: Avoid asking by fpr and then by keyid during auto-key-retrieve.
 3902 	+ commit 2e5459457473eb4b3e7b2b14815cb94faa66e8bb
 3903 	* g10/mainproc.c (check_sig_and_print): Track key server request via
 3904 	fingerprint.
 3905 
 3906 2017-07-19  Justus Winter  <justus@g10code.com>
 3907 
 3908 	dirmngr: Implement TLS over http proxies.
 3909 	+ commit da91d2106a17c796ddb066a34db92d33b21c81f7
 3910 	* dirmngr/http.c (send_request): If a http proxy is to be used, and we
 3911 	want to use TLS, try to use the CONNECT method to get a connection to
 3912 	the target server.
 3913 
 3914 	dirmngr: Log http response in debug mode.
 3915 	+ commit e7eabe66b6409c1f5225b751ea5c2d456a3856e6
 3916 	* dirmngr/http.c (parse_response): Log http response in debug mode.
 3917 
 3918 	dirmngr: Amend TLS handling.
 3919 	+ commit 1ba220e68149fdb197accf4a15b0a11126c8b431
 3920 	* dirmngr/http.c (http_wait_response): Get the 'use_tls' flag from the
 3921 	write cookie, not from the URI.
 3922 
 3923 	dirmngr: Fix connecting to http proxies.
 3924 	+ commit 46a4a0c0e77e19f9589088bb87357c33142c3f04
 3925 	* dirmngr/http.c (send_request): Do not use the 'srvtag' intended for
 3926 	the target host to connect to the http proxy.
 3927 
 3928 	dirmngr: Fix handling of proxy URIs.
 3929 	+ commit 73d4781e4595634548269bafe46aeb7674c5b219
 3930 	* dirmngr/http.c (send_request): We do not support socks4.
 3931 
 3932 2017-07-19  NIIBE Yutaka  <gniibe@fsij.org>
 3933 
 3934 	gpgconf: Make vars read-only explicitly.
 3935 	+ commit 99791184ac4c7486ccdefc150b9921cd923428b9
 3936 	* tools/gpgconf-comp.c (gc_backend, gc_arg_type, gc_level, gc_flag)
 3937 	(gc_component): Add const qualifier.
 3938 
 3939 	Fix usage of ARGPARSE_OPTS.
 3940 	+ commit fa63db89f9581186ed758c502d4e69914b774157
 3941 	* agent/gpg-agent.c, agent/preset-passphrase.c,
 3942 	dirmngr/dirmngr-client.c, dirmngr/dirmngr_ldap.c, kbx/kbxutil.c,
 3943 	tools/gpg-check-pattern.c, tools/gpgconf.c, tools/gpgsplit.c,
 3944 	tools/symcryptrun.c: Use ARGPARSE_end.
 3945 
 3946 2017-07-18  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>
 3947 
 3948 	common: Allow abbreviations of standard options.
 3949 	+ commit f17862d47d184d7f6ef883778cf63801365599a0
 3950 	* argparse.h (ARGPARSE_SHORTOPT_HELP, ARGPARSE_SHORTOPT_VERSION,
 3951 	ARGPARSE_SHORTOPT_WARRANTY, ARGPARSE_SHORTOPT_DUMP_OPTIONS): New
 3952 	macros.
 3953 	(ARGPARSE_end): Add some placeholders for standard options.
 3954 	* argparse.c (arg_parse): Fill in missing standard options so
 3955 	default machinery works.  Check for standard options in new way.
 3956 	Do not write out standard options for --dump-options.
 3957 
 3958 2017-07-18  Justus Winter  <justus@g10code.com>
 3959 
 3960 	gpgscm,w32: Fix testing for absolute paths.
 3961 	+ commit 2e1342b78b020f5b28359b08a4f63cf11479602f
 3962 	* tests/gpgscm/main.c (path_absolute_p): New function.
 3963 	(load): Use new function.
 3964 
 3965 	dirmngr: Honor http keyserver URLs.
 3966 	+ commit b231959728a0056094134e0fca8cc916c24ef37e
 3967 	* dirmngr/http.c (parse_uri): Keep an unmodified copy of the URI.
 3968 	* dirmngr/http.h (struct parsed_uri_s): New field 'original'.
 3969 	* dirmngr/ks-action.c (ks_action_get): Properly handle http and https
 3970 	URLs.
 3971 
 3972 	dirmngr: Fix memory leak.
 3973 	+ commit ebb35ed7110d1a29061dfb4ccb9038645b20d7f4
 3974 	* dirmngr/http.c (parse_uri): Properly free partial results.
 3975 
 3976 	dirmngr: Fix memory leak.
 3977 	+ commit 3d670fa973a03ea88b5f9459b3222a951136dd7a
 3978 	* dirmngr/http.c (http_release_parsed_uri): Free 'params'.
 3979 
 3980 2017-07-17  Werner Koch  <wk@gnupg.org>
 3981 
 3982 	gpg,sm: Check compliance of the RNG.
 3983 	+ commit a149afe338d61d86985c533cde5e7dbcd31e8698
 3984 	* common/compliance.c (gnupg_rng_is_compliant): New.
 3985 	* g10/call-agent.c (start_agent) [W32]: Check rng compliance.
 3986 	* sm/call-agent.c (start_agent) [W32]: Ditto.
 3987 	* g10/encrypt.c (encrypt_simple, encrypt_crypt): Check that the RNG is
 3988 	compliant.
 3989 	* sm/encrypt.c (gpgsm_encrypt): Ditto.
 3990 	* g10/sign.c (do_sign): Ditto.
 3991 	* sm/sign.c (gpgsm_sign): Ditto.
 3992 
 3993 	agent: New GETINFO sub-command jent_active.
 3994 	+ commit bbbd0db34b4e387f8dc089fb7d69fdcf2ed91a01
 3995 	* agent/command.c (cmd_getinfo): Implement it for gcrypt >= 1.8.
 3996 
 3997 	common: New function split_fields_colon.
 3998 	+ commit 849467870ee1c10e0a7b1e89cfc9e8214e4963fe
 3999 	* common/stringhelp.c (split_fields_colon): New.
 4000 	* common/t-stringhelp.c (test_split_fields_colon): New test.
 4001 	(main): Call that test.
 4002 
 4003 2017-07-14  Justus Winter  <justus@g10code.com>
 4004 
 4005 	tests: Improve 'shell.scm' script.
 4006 	+ commit 58eafd11ed5501c0b72fcb553eb3e097ad29b3c6
 4007 	* tests/openpgp/defs.scm (create-file): Unlink file first.
 4008 	* tests/openpgp/shell.scm: Ask whether to import legacy test keys or
 4009 	not, and whether to drop 'batch' from the configuration.  Add paths to
 4010 	all the programs to 'PATH'.
 4011 
 4012 	gpgscm: Library improvements.
 4013 	+ commit b4d25082fd4502ec01d511c22fecd60d513b81f4
 4014 	* tests/gpgscm/repl.scm (prompt-yes-no?): New function.
 4015 	* tests/gpgscm/tests.scm (pathsep-split): Likewise.
 4016 	(pathsep-join): Likewise.
 4017 	(with-path): Use the new function.
 4018 
 4019 	gpgscm: Fail early if the test setup fails.
 4020 	+ commit 7a6e6ad2880bbff54a75ff608d0ec97d6c405733
 4021 	* tests/gpgscm/tests.scm (make-environment-cache): Check status code
 4022 	of setup script.
 4023 
 4024 	gpg: Fix importing keys.
 4025 	+ commit 956da89193370d5aa970cff5b77f605534481a02
 4026 	* g10/import.c (import_one): Fix error handling.
 4027 
 4028 2017-07-13  Werner Koch  <wk@gnupg.org>
 4029 
 4030 	gpg: Pass key origin values to import functions.
 4031 	+ commit 330212efb927c119bb5135856f8582c0e4e2e6b7
 4032 	* g10/import.c (import_keys_stream): Remove this unused function.
 4033 	(import_keys_internal): Add arg origin.
 4034 	(import_keys): Ditto.
 4035 	(import_keys_es_stream): Ditto.
 4036 	(import): Ditto.
 4037 	(import_one): Ditto.
 4038 	(apply_meta_data): New stub.
 4039 	(import_secret_one): Pass 0 for ORIGIN.
 4040 	* g10/keyserver.c (keyserver_get_chunk): For now pass 0 for ORIGIN.
 4041 	(keyserver_fetch): Add arg origin.
 4042 	(keyserver_import_cert): Pass KEYORG_DANE for ORIGIN.
 4043 	(keyserver_import_wkd): Pass KEYORG_WKD for ORIGIN.
 4044 	* g10/gpg.c (main): Pass OPT.KEY_ORIGIN to import_keys and
 4045 	keyserver_fetch.
 4046 	* g10/card-util.c (fetch_url): Pass KEYORG_URL for ORIGIN.
 4047 
 4048 	gpg: New option --key-origin.
 4049 	+ commit fa1155e89ebb4b16ee95549b8ab72672df3a0c54
 4050 	* g10/keydb.h (KEYORG_): Rename to KEYORG_.
 4051 	* g10/packet.h (PKT_user_id): Rename field keysrc to keyorg.  Adjust
 4052 	users.
 4053 	(PKT_public_key): Ditto.
 4054 	(PKT_ring_trust): Ditto.
 4055 	* g10/options.h (struct opt): Add field key_origin.
 4056 	* g10/getkey.c (parse_key_origin): New.
 4057 	* g10/gpg.c (oKeyOrigin): New.
 4058 	(opts): Add "keys-origin".
 4059 	(main): Set option.
 4060 
 4061 2017-07-13  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>
 4062 
 4063 	doc: Document gnupg version requirement for gpg-preset-passphrase.
 4064 	+ commit 877a321d011deb3e8501aa9cc5e9f9cd0b19dddf
 4065 
 4066 
 4067 2017-07-13  Justus Winter  <justus@g10code.com>
 4068 
 4069 	gpgscm: Make loading of modules less verbose.
 4070 	+ commit f78fe1a4ec9d343199e1f424dd09e2937c913412
 4071 	* tests/gpgscm/main.c (load): Increase logging threshold.
 4072 
 4073 	gpgscm: Make it impossible to catch '*interpreter-exit*'.
 4074 	+ commit bce02a8b0f0e51775a4ee5536ccf35efc1f15ca6
 4075 	* tests/gpgscm/init.scm (throw'): Make it impossible to catch
 4076 	'*interpreter-exit*'.  This fixes 'exit' (and with it 'fail') inside
 4077 	'catch' statements.
 4078 
 4079 2017-07-10  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>
 4080 
 4081 	tofu: Compare squares instead of square roots.
 4082 	+ commit d24594976686983c7186cbe4e78153888a13b6e4
 4083 	* g10/Makefile.am (tofu_source) [USE_TOFU]: Remove sqrtu32.h and
 4084 	sqrtu32.c.
 4085 	* g10/sqrtu32.h, g10/sqrtu32.c: Removed files.
 4086 	* g10/tofu.c: Compare squares instead of square roots.
 4087 
 4088 	speedo: Provide a vagrantfile to test speedo in an isolated VM.
 4089 	+ commit 1455b406e63dd262938e49da5f83c05c17c60a8d
 4090 	* build-aux/Vagrantfile: New file.
 4091 
 4092 2017-07-06  Neal H. Walfield  <neal@g10code.com>
 4093 
 4094 	doc: Improve TOFU documentation.
 4095 	+ commit 243b2a570c30586e19b8c88e43b282d62d8eb77c
 4096 	* doc/gpg.texi: Improve TOFU documentation.
 4097 
 4098 2017-07-05  Werner Koch  <wk@gnupg.org>
 4099 
 4100 	agent: Use MAX_PASSPHRASE_LEN (255) also for the loopback.
 4101 	+ commit 3681ee7dc1e9d8c94fdb046d7be0bbcfeba1cfe9
 4102 	* agent/call-pinentry.c (agent_get_passphrase): Reduce maximum
 4103 	passphrase length as conveyed to the loopback to MAX_PASSPHRASE_LEN.
 4104 	* agent/genkey.c (agent_ask_new_passphrase): Extend the maximum
 4105 	passphrase as conveyed to the loopback to MAX_PASSPHRASE_LEN.
 4106 
 4107 	doc: Update yat2m to take care of SOURCE_DATE_EPOCH.
 4108 	+ commit 139de02b93773615bdd95e04a7f0c1ad73b4f6fb
 4109 	* doc/yat2m.c (main): Set a default for OPT_DATE.
 4110 
 4111 	doc: Prefer an installed version of yat2m.
 4112 	+ commit f6faa058749846de18cb34f1cc79867bb0029922
 4113 	* configure.ac (YAT2M): Check for tool.
 4114 	* doc/Makefile.am (yat2m-stamp): Use installed tool if possible.
 4115 
 4116 2017-07-01  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>
 4117 
 4118 	doc: Document obsolete option in gpgsm.  Closes T2231.
 4119 	+ commit 7fb724c61655c6f75c61572d65a46e21ae112574
 4120 	* doc/gpgsm.texi: Mark --prefer-system-dirmngr as obsolete.
 4121 
 4122 2017-06-28  Werner Koch  <wk@gnupg.org>
 4123 
 4124 	agent: Fix option --debug-wait.
 4125 	+ commit ecd6c0160f49ae83001dfd150df6b1238fc479d5
 4126 	* agent/gpg-agent.c (opts): Typo fix.
 4127 
 4128 2017-06-26  Justus Winter  <justus@g10code.com>
 4129 
 4130 	agent: Support unprotected ssh keys.
 4131 	+ commit 273964798592cd479c111f47e8ce46d5b1999d6a
 4132 	* agent/command-ssh.c (ssh_key_to_protected_buffer): If the empty
 4133 	passphrase is supplied, do not protect the key.
 4134 
 4135 	tests: Improve test.
 4136 	+ commit b49b1a87ac2695e3892fb001878da59fbc92fa37
 4137 	* tests/openpgp/ssh-export.scm: Split output at any whitespace.
 4138 
 4139 2017-06-23  Werner Koch  <wk@gnupg.org>
 4140 
 4141 	agent: Shutdown on removal of the home directory.
 4142 	+ commit 1ead1ca818bddabc3bca22c195be667993eb3e2e
 4143 	* common/sysutils.c (gnupg_inotify_watch_delete_self): New.
 4144 	* agent/gpg-agent.c (handle_connections): Rename my_inotify_fd to
 4145 	sock_inotify_fd.
 4146 	(handle_connections): Add home_inotify_fd to watch the home directory.
 4147 
 4148 	build: Add missing LIBASSUAN_CFLAGS to dirmngr/.
 4149 	+ commit 815ecdf08a4285c75892cf9ab72feb13f3bcf590
 4150 	* dirmngr/Makefile.am (t_http_CFLAGS): Add LIBASSUAN_CFLAGS.
 4151 	(t_ldap_parse_uri_CFLAGS): Ditto.
 4152 	(t_dns_stuff_CFLAGS): Ditto.
 4153 
 4154 	gpg,gpgsm: Emit status code ENCRYPTION_COMPLIANCE_MODE.
 4155 	+ commit f31dc2540acf7cd7f09fd94658e815822222bfcb
 4156 	* common/status.h (STATUS_ENCRYPTION_COMPLIANCE_MODE): New.
 4157 	* g10/encrypt.c (encrypt_crypt): Emit new status code.
 4158 	* sm/encrypt.c (gpgsm_encrypt): Ditto.
 4159 
 4160 2017-06-21  Justus Winter  <justus@g10code.com>
 4161 
 4162 	gpg: Close cached keydb handle in gpgv.
 4163 	+ commit a68a98233ab83f0c7b90e6e588b882085fe59d91
 4164 	* g10/gpgv.c (main): Close cached handle.
 4165 
 4166 	tests: Add test for gpgv.
 4167 	+ commit 62274d3c309d8948405c2f966bef507638b4d5c6
 4168 	* tests/openpgp/Makefile.am (XTESTS): Add the new test.
 4169 	* tests/openpgp/gpgv.scm: New file.
 4170 	* tests/openpgp/signed-messages.scm: Likewise.
 4171 	* tests/openpgp/verify.scm: Move the signed messages to the new file
 4172 	and load it.
 4173 
 4174 	gpg: Fix printing keyserver URLs and notation data.
 4175 	+ commit 890a3a70f2e1340d90c7f499358467979b182719
 4176 	* g10/keylist.c (show_keyserver_url): Print to 'fp', not to 'stdout'.
 4177 	(show_notation): Likewise.
 4178 
 4179 2017-06-20  Justus Winter  <justus@g10code.com>
 4180 
 4181 	dirmngr: Properly handle SRV records.
 4182 	+ commit 48aae8167dcae80d43b08167a88d9eb170781a04
 4183 	* dirmngr/ks-engine-hkp.c (enum ks_protocol): New type.
 4184 	(struct hostinfo_s): New flags indicating whether we already did a
 4185 	A lookup, or a SRV lookup per protocol.  Turn 'port' into an array.
 4186 	(create_new_hostinfo): Initialize new fields.
 4187 	(add_host): Update the port for the given protocol.
 4188 	(map_host): Simplify hosttable lookup misses.  Check the SRV records
 4189 	for both protocols on demand, do the A lookup just once.  Return the
 4190 	correct port.
 4191 
 4192 	dirmngr: Refactor variable-sized array code.
 4193 	+ commit fc4834d213af031b456c49c1ba5b5ef8873d1f18
 4194 	* dirmngr/ks-engine-hkp.c (struct hostinfo_s): Add explicit length and
 4195 	size fields.
 4196 	(MAX_POOL_SIZE): New macro.
 4197 	(create_new_hostinfo): Initialize new fields.
 4198 	(host_in_pool_p): Adapt.
 4199 	(select_random_host): Likewise.
 4200 	(add_host): Likewise.  Move the resizing logic here.
 4201 	(hostinfo_sort_pool): New function.
 4202 	(map_host): Simplify.  Move the resizing logic away from here.
 4203 	(ks_hkp_mark_host): Adapt.
 4204 	(ks_hkp_print_hosttable): Likewise.
 4205 
 4206 	gpg: Fix error handling.
 4207 	+ commit badc1cdae52bd434e5fac2e4275575afeccc2837
 4208 	* g10/keygen.c (generate_subkeypair): Handle errors from pinentry.
 4209 
 4210 2017-06-19  Werner Koch  <wk@gnupg.org>
 4211 
 4212 	gpg,gpgsm: Fix compliance check for DSA and avoid an assert.
 4213 	+ commit 3621dbe52584bc8b417f61b5370ebaa5598db956
 4214 	* common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA
 4215 	check.  Explicitly check for allowed ECC algos.
 4216 	(gnupg_pk_is_allowed): Swap P and Q for DSA check.
 4217 	* g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check.  Replace
 4218 	assert by debug message.
 4219 
 4220 2017-06-19  Justus Winter  <justus@g10code.com>
 4221 
 4222 	gpgscm: Limit the number of parallel jobs.
 4223 	+ commit 61ef43546ba9f0209692a1569d2f033436566a02
 4224 	* ffi.c (do_wait_processes): Suppress the timeout error.
 4225 	* tests.scm (semaphore): New definition.
 4226 	(test-pool): Only run a bounded number of tests in parallel.
 4227 	(test::started?): New function.
 4228 	(run-tests-parallel): Do not report results, do not start the tests.
 4229 	(run-tests-sequential): Adapt.
 4230 	(run-tests): Parse the number of parallel jobs.
 4231 
 4232 	gpgscm: Improve option parsing.
 4233 	+ commit e555e7ed7de20fbbb1e3b005c32e292f29cc4a58
 4234 	* tests/gpgscm/tests.scm (flag): Accept arguments of the form
 4235 	'--foo=bar'.
 4236 
 4237 	gpgscm: Improve error handling of foreign functions.
 4238 	+ commit 6639aedaee051e8104d7f63b9a5812abf79440ed
 4239 	* tests/gpgscm/ffi.scm (ffi-fail): Do not needlessly join the error
 4240 	message.
 4241 
 4242 	gpgscm: Improve error reporting.
 4243 	+ commit 4c8be58fd46bb16332e84ab8ce978087dc5c68a3
 4244 	* tests/gpgscm/init.scm (throw'): Guard against 'args' being atomic.
 4245 	* tests/gpgscm/scheme.c (Eval_Cycle): Remove any superfluous colons in
 4246 	error messages.
 4247 
 4248 	tests: Run the OpenPGP tests using the new extended key format.
 4249 	+ commit b766d3d1034e6068a91755ada68f7f7dbe2943b6
 4250 	* tests/openpgp/all-tests.scm: Generalize a bit, and also add a
 4251 	variant that uses the new extended key format.
 4252 	* tests/openpgp/defs.scm (create-gpghome): Conditionally enable the
 4253 	new extended key format.
 4254 
 4255 2017-06-19  Werner Koch  <wk@gnupg.org>
 4256 
 4257 	Change license of some files to LGPLv2.1.
 4258 	+ commit 3419a339d9c4e800bf30e9021e05982d8c1021c1
 4259 	* COPYING.LIB: Rename to COPYING.LGPL3.
 4260 	* COPYING.LGPL21: New.
 4261 	* COPYING.GPL2: New.
 4262 	* Makefile.am: Distribute them.
 4263 	* AUTHORS: Update license pointers.  Add BSI as copyright holder.
 4264 	* common/compliance.c, common/compliance.h: Add BSI copyright notice.
 4265 	Break overlong lines.
 4266 	* dirmngr/loadswdb.c: Add BSI copyright notices.
 4267 	* dirmngr/server.c: Ditto.
 4268 	* tools/call-dirmngr.c: Change license to LGPLv2.1.  Add BSI
 4269 	copyright notice.
 4270 	* tools/call-dirmngr.h: Ditto.
 4271 	* tools/gpg-wks-client.c: Ditto.
 4272 	* tools/gpg-wks-server.c: Ditto.
 4273 	* tools/gpg-wks.h: Ditto.
 4274 	* tools/mime-maker.c: Ditto.
 4275 	* tools/mime-maker.h: Ditto.
 4276 	* tools/mime-parser.c: Ditto.
 4277 	* tools/mime-parser.h: Ditto.
 4278 	* tools/send-mail.c: Ditto.
 4279 	* tools/send-mail.h: Ditto.
 4280 	* tools/wks-receive.c: Ditto.
 4281 	* tools/wks-util.c: Ditto.
 4282 	* tools/rfc822parse.c, tools/rfc822parse.h: Change license to LGPLv2.1.
 4283 
 4284 2017-06-19  Justus Winter  <justus@g10code.com>
 4285 
 4286 	gpg: Disable compliance module for other GnuPG components.
 4287 	+ commit 6e23416fe61d4130918f2d1bf6e1f98d102c4610
 4288 	* common/compliance.c (gnupg_{pk,cipher,digest}_is_compliant): Return
 4289 	false if the module is not initialized.
 4290 	(gnupg_{pk,cipher,digest}_is_allowed): Return true if the module is
 4291 	not initialized.
 4292 	(gnupg_status_compliance_flag): Do not assert that the module is
 4293 	initialized.
 4294 	(gnupg_parse_compliance_option): Likewise.
 4295 	(gnupg_compliance_option_string): Likewise.
 4296 
 4297 2017-06-14  Justus Winter  <justus@g10code.com>
 4298 
 4299 	gpg: Check and fix keys on import.
 4300 	+ commit 9b12b45aa5e67d4d422bf75a3879df1d52dbe67f
 4301 	* doc/gpg.texi: Document the new import option.
 4302 	* g10/gpg.c (main): Make the new option default to yes.
 4303 	* g10/import.c (parse_import_options): Parse the new option.
 4304 	(import_one): Act on the new option.
 4305 	* g10/options.h (IMPORT_REPAIR_KEYS): New macro.
 4306 
 4307 	gpg: Refactor key checking and fixing.
 4308 	+ commit 404fa8211b6188a0abe83ef43a4b44d528c0b035
 4309 	* g10/Makefile.am (gpg_sources): Add new files.
 4310 	* g10/gpgcompose.c (keyedit_print_one_sig): New stub.
 4311 	* g10/keyedit.c (sig_comparison): Move to new module.
 4312 	(check_all_keysigs): Likewise.
 4313 	(fix_keyblock): Adapt callsite.
 4314 	(keyedit_menu): Likewise.
 4315 	* g10/key-check.c: New file.
 4316 	* g10/key-check.h: Likewise.
 4317 
 4318 2017-06-13  Justus Winter  <justus@g10code.com>
 4319 
 4320 	gpg: Refactor keyedit module.
 4321 	+ commit 8095d16b3ef6b5f01ec351824855708149f1c1c3
 4322 	* g10/Makefile.am (gpg_SOURCES): Add new file.
 4323 	* g10/keyedit.c (NODFLG_*): Move flags to the new header file.
 4324 	(print_one_sig): Export symbol and rename accordingly.
 4325 	(print_and_check_one_sig): Adapt accordingly.
 4326 	(check_all_keysigs): Likewise.
 4327 	* g10/keyedit.h: New file.
 4328 	* g10/main.h: Drop declarations, include new header.
 4329 
 4330 	dirmngr: Implement querying nameservers over IPv6.
 4331 	+ commit 15d2a009931f44a60b9df6325f837add208459d6
 4332 	* dirmngr/dns.c (dns_so_check): Reinitialize sockets on address family
 4333 	mismatch.
 4334 	(enum dns_res_state): New states for querying over IPv6.
 4335 	(dns_res_exec): Implement the new states by copying and modifying the
 4336 	IPv4 variants.  Branch to their respective counterparts if the current
 4337 	list of resolvers using the current address family is exhausted.
 4338 
 4339 2017-06-13  Werner Koch  <wk@gnupg.org>
 4340 
 4341 	gpg: Disable keydb handle caching only for W32.
 4342 	+ commit e80925171ddb20c7e76c1db88c15ce2d9b09db86
 4343 	* g10/getkey.c (getkey_end) [!W32]: Re-enable caching.
 4344 
 4345 	common: Fix -Wswitch warning.
 4346 	+ commit 7c91b48f0e80266cf7491c2bb7d8aabc12362643
 4347 	* common/compliance.c (gnupg_digest_is_allowed): Don't include
 4348 	GCRY_MD_WHIRLPOOL because it is not a digest_algo_t.
 4349 
 4350 2017-06-11  Neal H. Walfield  <neal@g10code.com>
 4351 
 4352 	gpg: Send gpgcompose --help output to stdout, not stderr.
 4353 	+ commit 7aeac20f12ed257d3d159b304afeeac7f406c9d2
 4354 	* g10/gpgcompose.c (show_help): Send gpgcompose --help output to
 4355 	stdout, not stderr.
 4356 
 4357 	gpg: Improve some output of gpgcompose.
 4358 	+ commit cb0484e0762a1ce05d00d949f4b70162e2f7b82c
 4359 
 4360 
 4361 	gpg: Support 'gpgcompose --encrypted-pop --help'
 4362 	+ commit 4ddf4e114c8df06d89144e857b7601de0b7e5a7c
 4363 	* g10/gpgcompose.c (encrypted_pop_options): New variable.
 4364 	(encrypted_pop): Support the --help option.
 4365 
 4366 	gpg: Remove dead code.
 4367 	+ commit 8a9066865688cf17594b2bdde4b260b0ef36d68e
 4368 	* g10/gpgcompose.c (filter_pop): F->PKTTYPE will never be
 4369 	PKT_ENCRYPTED_MDC.
 4370 	(encrypted_pop): Likewise and there is no option --encrypted-mdc-pop.
 4371 
 4372 2017-06-08  Marcus Brinkmann  <mb@g10code.com>
 4373 
 4374 	artwork: Add new banner.
 4375 	+ commit bc5503b2bf273b51d5dc59617e596f1cfb742fbc
 4376 	* artwork/banner/banner-full.png: New file.
 4377 	* artwork/banner/banner-rectangle.png: New file.
 4378 	* artwork/banner/banner.svg: New file.
 4379 	* artwork/banner/Bungee-Regular.ttf: New file.
 4380 	* artwork/banner/Raleway-license.txt: New file.
 4381 	* artwork/banner/banner-half.png: New file.
 4382 	* artwork/banner/banner-skyscraper.png: New file.
 4383 	* artwork/banner/Bungee-license.txt: New file.
 4384 	* artwork/banner/Raleway-ExtraBold.ttf: New file.
 4385 	* artwork/banner/Raleway-SemiBold.ttf: New file.
 4386 
 4387 2017-06-08  Justus Winter  <justus@g10code.com>
 4388 
 4389 	common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.
 4390 	+ commit a64a55e10420cf11e00062b590dffe5d0c3e8192
 4391 	* common/compliance.c (gnupg_pk_is_allowed): New function.
 4392 	(gnupg_cipher_is_allowed): Likewise.
 4393 	(gnupg_digest_is_allowed): Likewise.
 4394 	* common/compliance.h (enum pk_use_case): New definition.
 4395 	(gnupg_pk_is_allowed): New prototype.
 4396 	(gnupg_cipher_is_allowed): Likewise.
 4397 	(gnupg_digest_is_allowed): Likewise.
 4398 	* g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using
 4399 	the new predicates.
 4400 	* g10/encrypt.c (encrypt_crypt): Likewise.
 4401 	* g10/gpg.c (main): Likewise.
 4402 	* g10/pubkey-enc.c (get_session_key): Likewise.
 4403 	* g10/sig-check.c (check_signature2): Likewise.
 4404 	* g10/sign.c (do_sign): Likewise.
 4405 	* sm/decrypt.c (gpgsm_decrypt): Likewise.
 4406 	* sm/encrypt.c (gpgsm_encrypt): Likewise.
 4407 	* sm/gpgsm.c (main): Likewise.
 4408 	* sm/sign.c (gpgsm_sign): Likewise.
 4409 	* sm/verify.c (gpgsm_verify): Likewise.
 4410 
 4411 	gpg: Fix computation of compliance with CO_DE_VS.
 4412 	+ commit b03fab09e188f7bb10237d4f20455e4026737e4e
 4413 	* g10/mainproc.c (proc_encrypted): Symmetric encryption is also in
 4414 	compliance with CO_DE_VS.
 4415 
 4416 2017-06-08  Werner Koch  <wk@gnupg.org>
 4417 
 4418 	dirmngr: Implement HTTP connect timeouts of 15 or 2 seconds.
 4419 	+ commit 9b43220b8ad1a5c1cd51de3bbfff7ccbcc3fa877
 4420 	* dirmngr/dirmngr.c (oConnectTimeout, oConnectQuickTimeout): New
 4421 	enums.
 4422 	(opts): New options --connect-timeout and --connect-quick-timeout.
 4423 	(DEFAULT_CONNECT_TIMEOUT): New.
 4424 	(DEFAULT_CONNECT_QUICK_TIMEOUT): New.
 4425 	(parse_rereadable_options): Handle new options.
 4426 	(post_option_parsing): New.  Use instead of direct calls to
 4427 	set_debug() and set_tor_mode ().
 4428 	(main): Setup default timeouts.
 4429 	(dirmngr_init_default_ctrl): Set standard connect timeout.
 4430 	* dirmngr/dirmngr.h (opt): New fields connect_timeout and
 4431 	connect_quick_timeout.
 4432 	(server_control_s): New field timeout.
 4433 	* dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass timeout to
 4434 	http_raw_connect.
 4435 	* dirmngr/ks-engine-hkp.c (send_request): Call
 4436 	http_session_set_timeout.
 4437 	* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
 4438 	* dirmngr/server.c (cmd_wkd_get, cmd_ks_search, cmd_ks_get)
 4439 	(cmd_ks_fetch): Implement --quick option.
 4440 
 4441 	dirmngr: Allow a timeout for HTTP and other TCP connects.
 4442 	+ commit 5b9025cfa1f9b1c67ddf2f6bf87d863e780cf157
 4443 	* dirmngr/http.c: Include fcntl.h.
 4444 	(http_session_s): Add field 'connect_timeout'.
 4445 	(http_session_new): Clear that.
 4446 	(http_session_set_timeout): New function.
 4447 	(my_wsagetlasterror) [W32]: New.
 4448 	(connect_with_timeout): New function.
 4449 	(connect_server): Add arg 'timeout' and call connect_with_timeout.
 4450 	(send_request): Add arg 'timeout' and pass it to connect_server.
 4451 	(http_raw_connect): Add arg 'timeout'.
 4452 	(http_open): Pass TIMEOUT from the session to connect_server.
 4453 
 4454 	gpg: Avoid failure exit when scdaemon is disabled but not needed.
 4455 	+ commit 17e5afd80f247c356f03c71e8b61da424ffedabb
 4456 	* g10/call-agent.c (warn_version_mismatch): Use log_info if error is
 4457 	"not supported".
 4458 
 4459 2017-06-07  Justus Winter  <justus@g10code.com>
 4460 
 4461 	common: Add cipher mode to compliance predicate.
 4462 	+ commit e051e396156211449568afa0ca7505dc13eaa3b4
 4463 	* common/compliance.c (gnupg_cipher_is_compliant): Add mode parameter.
 4464 	* common/compliance.h (gnupg_cipher_is_compliant): Likewise.
 4465 	* g10/mainproc.c (proc_encrypted): Adapt callsite.
 4466 	* sm/decrypt.c (gpgsm_decrypt): Likewise.
 4467 
 4468 	common,gpg,sm: Initialize compliance module.
 4469 	+ commit 21fc2508c979a8202dd8ca7fa7b801e0d62a5ceb
 4470 	* common/compliance.c (gnupg_initialize_compliance): New function.
 4471 	* common/compliance.h (gnupg_initialize_compliance): New prototype.
 4472 	* g10/gpg.c (main): Use the new function.
 4473 	* sm/gpgsm.c (main): Likewise.
 4474 
 4475 	common,gpg: Move the compliance option printer.
 4476 	+ commit f440cf73eab0b0e75e3cb2e8c9e70a77f20ef1dc
 4477 	* common/compliance.c (gnupg_compliance_option_string): New function.
 4478 	* common/compliance.h (gnupg_compliance_option_string): New prototype.
 4479 	* g10/encrypt.c (write_pubkey_enc_from_list): Update callsite.
 4480 	* g10/gpg.c (main): Likewise.
 4481 	* g10/keyedit.c (keyedit_menu): Likewise.
 4482 	* g10/pkclist.c (build_pk_list): Likewise.
 4483 	* g10/main.h (compliance_option_string): Remove prototype.
 4484 	* g10/misc.c (compliance_option_string): Remove function.
 4485 
 4486 	common,gpg,sm: Move the compliance option parser.
 4487 	+ commit 842d233d408457cfa9a8473a6748472956f44e84
 4488 	* common/compliance.c (gnupg_parse_compliance_option): New function.
 4489 	* common/compliance.h (struct gnupg_compliance_option): New type.
 4490 	(gnupg_parse_compliance_option): New prototype.
 4491 	* g10/gpg.c (parse_compliance_option): Remove function.
 4492 	(compliance_options): New variable.
 4493 	(main): Adapt callsite.
 4494 	* sm/gpgsm.c (main): Use the new common function.
 4495 	* sm/gpgsm.h (opt): New field 'compliance'.
 4496 
 4497 	gpg: Improve compliance with CO_DE_VS.
 4498 	+ commit 027ce4ba37be1d052bca2f6109fe810ef57f4038
 4499 	* g10/gpg.c (set_compliance_option): The specification, section 4.1.1,
 4500 	forbids the use of encryption without integrity protection.
 4501 
 4502 2017-06-07  Andre Heinecke  <aheinecke@intevation.de>
 4503 
 4504 	speedo: Fix a minor memleak in the installer.
 4505 	+ commit 13dc75a4e7cc2959003c08940fc53c6ece7b77e4
 4506 	* build-aux/speedo/w32/g4wihelp.c (path_remove): Free path_new on
 4507 	early return.
 4508 
 4509 2017-06-06  Andre Heinecke  <aheinecke@intevation.de>
 4510 
 4511 	speedo: Fix source tar call ambiguity.
 4512 	+ commit 96acbdd7265f504d06783adfd6322a6675c41c0a
 4513 	* build-aux/speedo.mk (dist-source): Expand exclude-vc to
 4514 	exclude-vcs.
 4515 
 4516 2017-06-01  Justus Winter  <justus@g10code.com>
 4517 
 4518 	gpg: Report compliance with CO_DE_VS.
 4519 	+ commit be8ca8852629786266db4d3d69b2c2fb03bd6365
 4520 	* common/compliance.c (gnupg_pk_is_compliant): Add DSA with certain
 4521 	parameters.
 4522 	(gnupg_cipher_is_compliant): New function.
 4523 	(gnupg_digest_is_compliant): Likewise.
 4524 	* common/compliance.h (gnupg_cipher_is_compliant): New prototype.
 4525 	(gnupg_digest_is_compliant): Likewise.
 4526 	* common/status.h (STATUS_DECRYPTION_COMPLIANCE_MODE): New status.
 4527 	(STATUS_VERIFICATION_COMPLIANCE_MODE): Likewise.
 4528 	* doc/DETAILS: Document the new status lines.
 4529 	* g10/mainproc.c (proc_encrypted): Compute compliance with CO_DE_VS
 4530 	and report that using the new status line.
 4531 	(check_sig_and_print): Likewise.
 4532 	* sm/decrypt.c (gpgsm_decrypt): Likewise.
 4533 	* sm/verify.c (gpgsm_verify): Likewise.
 4534 
 4535 	common: Improve checking for compliance with CO_DE_VS.
 4536 	+ commit 3b70f62423041e614332b90d782576ee6868a030
 4537 	* common/compliance.c (gnupg_pk_is_compliant): Only certain RSA key
 4538 	sizes are compliant.
 4539 
 4540 	gpg,common: Move the compliance framework.
 4541 	+ commit 8a012280e0f0a462c094d106355aa436fceb1b76
 4542 	* common/Makefile.am (common_sources): Add new files.
 4543 	* common/compliance.c: New file.  Move 'gnupg_pk_is_compliant' here,
 4544 	and tweak it to not rely on types private to gpg.
 4545 	* common/compliance.h: New file.  Move the compliance enum here.
 4546 	* g10/keylist.c (print_compliance_flags): Adapt callsite.
 4547 	* g10/main.h (gnupg_pk_is_compliant): Remove prototype.
 4548 	* g10/misc.c (gnupg_pk_is_compliant): Remove function.
 4549 	* g10/options.h (opt): Use the new compliance enum.
 4550 	* sm/keylist.c (print_compliance_flags): Use the common functions.
 4551 
 4552 2017-05-31  Justus Winter  <justus@g10code.com>
 4553 
 4554 	gpg: Fix compliance computation.
 4555 	+ commit 02af509dfc2b893720aa0c7b380fd7736b2bafd0
 4556 	* g10/misc.c (gnupg_pk_is_compliant): Compare against CO_RFC2440, not
 4557 	RFC2440 which is actually a predicate.
 4558 
 4559 	sm: Simplify code.
 4560 	+ commit f9cb15b385f64f7c9403670f03632f81a874f213
 4561 	* sm/verify.c (gpgsm_verify): Simplify by using a newer gcrypt
 4562 	interface.
 4563 
 4564 	doc: Improve documentation.
 4565 	+ commit 485b5a6e6dfe7aa545afa926e060d516ae911e42
 4566 	* doc/gpgsm.texi: Mention that '--with-key-data' implies
 4567 	'--with-colons'.
 4568 
 4569 2017-05-31  NIIBE Yutaka  <gniibe@fsij.org>
 4570 
 4571 	agent: Fix error from do_encryption.
 4572 	+ commit c03e0eb01dc4632432d0472a6f8051142082bea4
 4573 	* agent/protect.c (do_encryption): Don't mask failure of OUTBUF
 4574 	allocation.
 4575 
 4576 	scd: Fix error code on failure at usb_init.
 4577 	+ commit 8defb21d34410d000c8b776e0e3a1edd04762638
 4578 	* scd/ccid-driver.c (ccid_dev_scan): Return GPG_ERR_ENODEV.
 4579 
 4580 	scd: Handle a failure of libusb_init.
 4581 	+ commit 5c33649782bf255af5a55f16eac5e85f059b00bf
 4582 	* scd/ccid-driver.c (ccid_get_reader_list, ccid_dev_scan): Handle
 4583 	failure.
 4584 
 4585 2017-05-30  Andre Heinecke  <aheinecke@intevation.de>
 4586 
 4587 	gpg: Disable keydb handle caching.
 4588 	+ commit d3d640b9cc98dd0d06b49a2e4d46eb67af96fe29
 4589 	* g10/getkey.c (getkey_end): Disable caching of the open keydb
 4590 	handle.
 4591 
 4592 2017-05-30  NIIBE Yutaka  <gniibe@fsij.org>
 4593 
 4594 	agent: Fix memory leaks.
 4595 	+ commit 996544626ea416c173a940db47f47f9e5cbd844c
 4596 	* agent/divert-scd.c (ask_for_card): Free WANT_KID and WANT_SN_DISP.
 4597 	* agent/gpg-agent.c (create_server_socket): Free UNADDR.
 4598 
 4599 2017-05-25  Werner Koch  <wk@gnupg.org>
 4600 
 4601 	dirmngr: This towel should better detect a changed resolv.conf.
 4602 	+ commit de3a0988ef9addccd6b5c7950fb8797afbc3978d
 4603 	* dirmngr/dns-stuff.c (resolv_conf_changed_p): Fix initialization time
 4604 	issue.
 4605 
 4606 	dirmngr: Re-init libdns resolver on towel change of resolv.conf.
 4607 	+ commit b5f356e9fba2d99909f8f54d7b7e6836bed87b68
 4608 	* dirmngr/dns-stuff.c: Include sys/stat.h.
 4609 	(RESOLV_CONF_NAME): New macro to replace a string.
 4610 	(resolv_conf_changed_p): New.
 4611 	(libdns_init): Call new function
 4612 	(libdns_res_open): Ditto.
 4613 
 4614 2017-05-24  Justus Winter  <justus@g10code.com>
 4615 
 4616 	agent: Make digest algorithms for ssh fingerprints configurable.
 4617 	+ commit 525f2c482abb6bc2002eb878b03558fb43e6b004
 4618 	* agent/agent.h (opt): New field 'ssh_fingerprint_digest'.
 4619 	* agent/command-ssh.c (data_sign, ssh_identity_register): Honor the
 4620 	option for strings used to communicate with the user.
 4621 	* agent/findkey.c (agent_modify_description): Likewise.
 4622 	* agent/gpg-agent.c (cmd_and_opt_values): New value.
 4623 	(opts): New option '--ssh-fingerprint-digest'.
 4624 	(parse_rereadable_options): Set the default to MD5 for now.
 4625 	(main): Handle the new option.
 4626 	* doc/gpg-agent.texi: Document the new option.
 4627 
 4628 	agent: Write both ssh fingerprints to 'sshcontrol' file.
 4629 	+ commit a5f046d99a084b6a95268f03c1b588e8b78083cb
 4630 	* agent/command-ssh.c (add_control_entry): Hand in the key, write both
 4631 	the MD5- and the SHA256-based fingerprint to the 'sshcontrol' file
 4632 	when adding ssh keys.
 4633 	(ssh_identity_register): Adapt callsite.
 4634 
 4635 	common: Correctly render SHA256-based ssh fingerprints.
 4636 	+ commit 3a07a69dfc87b4fff610740d3dde8e23f0d2f8bc
 4637 	* common/ssh-utils.c (dummy_realloc): New function.
 4638 	(dummy_free): Likewise.
 4639 	(get_fingerprint): Prepend the fingerprint with the name of the digest
 4640 	algorithm.  Correctly render SHA256-based ssh fingerprints.
 4641 	* common/t-ssh-utils.c (sample_keys): Add SHA256 hashes for the keys.
 4642 	(main): Add an option to dump the keys to gather fingerprints, also
 4643 	print the SHA256 fingerprint for keys given as arguments, and check
 4644 	the SHA256 fingerprints of the test keys.
 4645 
 4646 	common: Support different digest algorithms for ssh fingerprints.
 4647 	+ commit 3ac1a9d3a018816233a855faff059b4e0657a0f1
 4648 	* common/ssh-utils.c (get_fingerprint): Add and honor 'algo' parameter.
 4649 	(ssh_get_fingerprint{,_string}): Likewise.
 4650 	* common/ssh-utils.h (ssh_get_fingerprint{,_string}): Update prototypes.
 4651 	* common/t-ssh-utils.c (main): Adapt accordingly.
 4652 	* agent/command-ssh.c (agent_raw_key_from_file): Likewise.
 4653 	(ssh_identity_register): Likewise.
 4654 	* agent/command.c (do_one_keyinfo): Likewise.
 4655 	* agent/findkey.c (modify_description): Likewise.
 4656 
 4657 2017-05-22  NIIBE Yutaka  <gniibe@fsij.org>
 4658 
 4659 	agent: Add const qualifier for read-only table.
 4660 	+ commit 509e4a4d7491daf496b21e5892f4f63ab90e8e21
 4661 	* agent/call-pinentry.c (start_pinentry): Add const to tbl.
 4662 	* agent/command-ssh.c (request_specs): Add const.
 4663 	(ssh_key_types): Likewise.
 4664 	(request_spec_lookup): Add const to the return value and SPEC.
 4665 	(ssh_request_process): Likewise.
 4666 	* agent/protect.c (protect_info): Add const.
 4667 	(agent_unprotect): Add const to algotable.
 4668 
 4669 	g10: Fix default-key selection for signing, possibly by card.
 4670 	+ commit fbb2259d22e6c6eadc2af722bdc52922da348677
 4671 	* g10/call-agent.c (warn_version_mismatch): Revert.
 4672 	(start_agent): Suppress version mismatch if relevant.
 4673 	* g10/getkey.c (get_seckey_default_or_card): New.
 4674 	* g10/skclist.c (build_sk_list): Use get_seckey_default_or_card.
 4675 
 4676 2017-05-18  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 4677 
 4678 	doc: Fix spellings.
 4679 	+ commit 3713f67026467f63f80649c92ac4cc7973589855
 4680 
 4681 
 4682 	docs: Point to https://dev.gnupg.org/ .
 4683 	+ commit 705da1eb23aef92c42d6d657b20a0984b104f72f
 4684 	Replace mentions of bugs.gnupg.org with https://dev.gnupg.org/.  Since
 4685 	the project has transitioned to a better workflow for supporting
 4686 	contributions, we should ensure that our documentation points to the
 4687 	right place.
 4688 
 4689 2017-05-17  Justus Winter  <justus@g10code.com>
 4690 
 4691 	gpgscm: Fix checking for opcode arguments.
 4692 	+ commit aae50e0b6a61549e226e0c7785260ad517f0ffff
 4693 	* tests/gpgscm/scheme.c (Eval_Cycle): Update 'pcd' after dispatching
 4694 	an instruction.
 4695 
 4696 	tests: Fix agent teardown in release builds.
 4697 	+ commit 0e1729bb993648deca84a2664ae78edc848d7003
 4698 	* tests/openpgp/defs.scm (start-agent,stop-agent): Use gpg-conf which
 4699 	will properly use the '--build-prefix' argument to make gpgconf use
 4700 	tools from the build directory.
 4701 
 4702 2017-05-17  NIIBE Yutaka  <gniibe@fsij.org>
 4703 
 4704 	g10: Fix gpgcompose.c.
 4705 	+ commit ae95a7f5335e605fcd71fbe4a18ed384c88d590a
 4706 	* g10/gpgcompose.c (show_help): Check return value.
 4707 
 4708 	g10: Suppress error for card availability check.
 4709 	+ commit a8dd96826f8484c0ae93c954035b95c2a75c80f2
 4710 	* g10/call-agent.c (start_agent): Add semantics for card; Suppress
 4711 	error for card check.
 4712 	(warn_version_mismatch): Ignore an error for scdaemon.
 4713 	(agent_scd_serialno): Call start_agent with
 4714 	FLAG_FOR_CARD_SUPPRESS_ERRORS.
 4715 
 4716 2017-05-16  Justus Winter  <justus@g10code.com>
 4717 
 4718 	tests: Configure the environments to use scdaemon from build tree.
 4719 	+ commit 386a7bbb245dd3ab7c4156a554adbe75d82bdf49
 4720 	* tests/gpgme/gpgme-defs.scm: Use the scdaemon from the build tree
 4721 	when writing a 'gpg-agent.conf'.
 4722 	* tests/gpgsm/gpgsm-defs.scm: Likewise.
 4723 	* tests/openpgp/defs.scm: Likewise.
 4724 
 4725 2017-05-15  Werner Koch  <wk@gnupg.org>
 4726 
 4727 	Release 2.1.21.
 4728 	+ commit 9574820329128f0ea8a98f9bfc0e77c73c3e0ec0
 4729 
 4730 
 4731 	po: Update German translation.
 4732 	+ commit 4bd079dbdb44067688377156413dd32a82a89d22
 4733 
 4734 
 4735 	gpg: Do not mark ", " translatable.
 4736 	+ commit 2d381b0f0ba97657e9fb2971eca6648bb77dd2cc
 4737 	* g10/tofu.c (ask_about_binding): Remove useless translation markers.
 4738 
 4739 2017-05-15  Andre Heinecke  <aheinecke@intevation.de>
 4740 
 4741 	dirmngr,w32: Fix ldap crl read on windows.
 4742 	+ commit abe3a9043f86b48b92ddcec47197e032e35a6f4f
 4743 	Summary:
 4744 	* dirmngr/ldap-wrapper-ce.c (outstream_cookie_s): Add buffer_read_pos.
 4745 	(buffer_get_data): Use seperate read pos.
 4746 
 4747 2017-05-15  Werner Koch  <wk@gnupg.org>
 4748 
 4749 	common: Let format_text return an error.
 4750 	+ commit 00b7767bc6fe309aa20375c859ebf708cfc7b9ea
 4751 	* common/stringhelp.c (format_text): Return NULL on error.
 4752 	* common/t-stringhelp.c (test_format_text): Adjust for change.
 4753 	* g10/gpgcompose.c (show_help): Abort on out of core.
 4754 	* g10/tofu.c (ask_about_binding): Abort on format_text error.
 4755 	(show_statistics): Ditto.
 4756 	(show_warning): Ditto.
 4757 
 4758 2017-05-11  Justus Winter  <justus@g10code.com>
 4759 
 4760 	tests: Also run all OpenPGP tests using keyrings.
 4761 	+ commit bc01d62dc5d520e138499df5d80fb50f9e87e3e8
 4762 	* tests/openpgp/all-tests.scm: Run each test twice, once with public
 4763 	keys stored in a keybox, once with a keyring.
 4764 	* tests/openpgp/defs.scm (create-gpghome): Create a public keyring to
 4765 	make GnuPG use that instead of creating a keybox if '--use-keyring' is
 4766 	given.
 4767 	* tests/openpgp/setup.scm: Fix flag handling and usage.
 4768 
 4769 	tests: Make it possible to run all tests using our infrastructure.
 4770 	+ commit f4365790daa1d1400c7f0fe73ac9a6d25f0c6d0a
 4771 	* Makefile.am (TESTS_ENVIRONMENT): New variable.
 4772 	(check-all): New phony target to run all tests.
 4773 	* tests/gpgme/gpgme-defs.scm (have-gpgme?): New function that tests
 4774 	whether the GPGME test suite is available instead of exiting the
 4775 	process.
 4776 	* tests/gpgscm/init.scm (export): New macro.
 4777 	* tests/gpgscm/tests.scm (run-tests): New function.
 4778 	(load-tests): Likewise.
 4779 	* tests/gpgme/run-tests.scm: Simplify and move the parsing of the list
 4780 	of tests to 'all-tests.scm'.
 4781 	* tests/gpgsm/run-tests.scm: Likewise.
 4782 	* tests/migrations/run-tests.scm: Likewise.
 4783 	* tests/openpgp/run-tests.scm: Likewise.
 4784 	* tests/gpgme/Makefile.am: To select the tests to run, use the
 4785 	variable 'TESTS'.  This harmonizes the interface with the automake
 4786 	test suite.
 4787 	* tests/gpgsm/Makefile.am: Likewise.
 4788 	* tests/migrations/Makefile.am: Likewise.
 4789 	* tests/openpgp/Makefile.am: Likewise.
 4790 	* tests/openpgp/README: Likewise.
 4791 	* agent/all-tests.scm: New file.
 4792 	* common/all-tests.scm: Likewise.
 4793 	* g10/all-tests.scm: Likewise.
 4794 	* g13/all-tests.scm: Likewise.
 4795 	* tests/gpgme/all-tests.scm: Likewise.
 4796 	* tests/gpgsm/all-tests.scm: Likewise.
 4797 	* tests/migrations/all-tests.scm: Likewise.
 4798 	* tests/openpgp/all-tests.scm: Likewise.
 4799 	* tests/run-tests.scm: Likewise.
 4800 
 4801 	tests: Move the makefile parser.
 4802 	+ commit 78d6a25a2db22ad2ae30d57ca980c0400cfef726
 4803 	* tests/gpgme/gpgme-defs.scm (parse-makefile, parse-makefile-expand):
 4804 	Move...
 4805 	* tests/gpgscm/makefile.scm: ... here.
 4806 	* tests/gpgscm/Makefile.am (EXTRA_DIST): Add new file.
 4807 
 4808 	gpgscm: Make it possible to set the logfile name.
 4809 	+ commit 29ef34cc4cb23e7b743dbf4cc8e5761f06076b9a
 4810 	* tests/gpgscm/tests.scm (test): Only set the default log filename
 4811 	when it has not been set before.
 4812 
 4813 2017-05-10  NIIBE Yutaka  <gniibe@fsij.org>
 4814 
 4815 	g10, sm, dirmngr, common: Add comment for fall through.
 4816 	+ commit 0ce94a9698104d9bfc73d5a37478189564c96eb4
 4817 	* common/b64dec.c (b64dec_proc): Comment to clarify.
 4818 	* dirmngr/cdblib.c (cdb_make_put): Use same pattern to clarify.
 4819 	* dirmngr/dirmngr-client.c (read_pem_certificate): Likewise.
 4820 	* dirmngr/ks-engine-hkp.c (ks_hkp_get): Likewise.
 4821 	* g10/armor.c (unarmor_pump): Likewise.
 4822 	* g10/gpg.c (main): Likewise.
 4823 	* g10/import.c (read_block): Likewise.
 4824 	* g10/keygen.c (make_backsig): Likewise.
 4825 	* g10/pkclist.c (check_signatures_trust):  Likewise.
 4826 	* sm/gpgsm.c (main): Likewise.
 4827 
 4828 	g10: Stop compiler warning for t-stutter.
 4829 	+ commit 98b759119c81c5b39f34f8a9a7b6a57e91ad6470
 4830 	* g10/t-stutter.c (do_test): Refer current_test_group_failed.
 4831 
 4832 2017-05-08  Justus Winter  <justus@g10code.com>
 4833 
 4834 	gpg: Properly account for ring trust packets.
 4835 	+ commit 22739433e98be80e46fe7d01d52a9627c1aebaae
 4836 	* g10/keyring.c (keyring_get_keyblock): Use the parser's packet count
 4837 	instead of counting ourself.
 4838 	* g10/packet.h (struct parse_packet_ctx_s): New field
 4839 	'n_parsed_packets'.
 4840 	(init_parse_packet): Initialize new field.
 4841 	* g10/parse-packet.c (parse): Count packets.
 4842 
 4843 2017-05-04  Justus Winter  <justus@g10code.com>
 4844 
 4845 	tests: Support tests that are expected to fail.
 4846 	+ commit d6b46462f8c5c705ffb7cf8af03465a926aa11d3
 4847 	* tests/gpgscm/tests.scm (test-pool): Rework reporting.  Filter using
 4848 	the computed test status instead of the return value.  Also print the
 4849 	new categories 'failed expectedly' and 'passed unexpectedly'.
 4850 	(test): If a test ends with a bang (!), it is expected to fail.  Adapt
 4851 	status, status-string, and xml accordingly.
 4852 
 4853 	tests: Add function to dump packets.
 4854 	+ commit eab0138e3179f247180a639a91570e5ee2c6ad0e
 4855 	* tests/openpgp/defs.scm (gpg-dump-packets): New function.
 4856 
 4857 2017-05-03  Andre Heinecke  <aheinecke@intevation.de>
 4858 
 4859 	speedo,w32: Fix silent user mode installation.
 4860 	+ commit d378cc34a8d3d5053cf0c5ac7aa731c1bcefee22
 4861 	* build-aux/speedo/w32/inst.nsi (AddToPath): Move account
 4862 	check here.
 4863 	(PrintNonAdminWarning): Remove is_user_install variable.
 4864 
 4865 2017-05-03  Justus Winter  <justus@g10code.com>
 4866 
 4867 	gpgscm: Create and re-use frame objects.
 4868 	+ commit 8a168a6d4052ec31fed77c79bb96ffdd32bf9646
 4869 	* tests/gpgscm/scheme-private.h (struct scheme): New field
 4870 	'frame_freelist'.
 4871 	* tests/gpgscm/scheme.c (enum scheme_types): New type 'T_FRAME'.
 4872 	(type_to_string): Handle new type.
 4873 	(settype): New macro.
 4874 	(gc_disable): Make sure there is at least one frame in the free list.
 4875 	(mark): Handle frame objects.
 4876 	(finalize_cell): Likewise.
 4877 	(dump_stack_initialize): Initialize free list.
 4878 	(dump_stack_free): Simplify.
 4879 	(frame_length): New variable.
 4880 	(dump_stack_make_frame): New function.
 4881 	(frame_slots): Likewise.
 4882 	(frame_payload): New macro.
 4883 	(dump_stack_allocate_frame): New function.
 4884 	(dump_stack_deallocate_frame): Likewise.
 4885 	(dump_stack_preallocate_frame): Likewise.
 4886 	(_s_return): Unpack frame object and deallocate it.
 4887 	(s_save): Wrap state in an frame object.
 4888 	(dump_stack_mark): Mark the free list.
 4889 
 4890 	gpgscm: Merge opexe_0.
 4891 	+ commit 9c6407d17e0cb9f4a370b1b83e7816577ec7d29d
 4892 	* tests/gpgscm/scheme-private.h (struct scheme): Remove field 'op'.
 4893 	* tests/gpgscm/scheme.c (opexe_0): Inline into 'Eval_Cycle'.
 4894 	(_Error_1): Return the opcode to evaluate next.
 4895 	(Error_1): Do not return, but set the opcode and goto dispatch.
 4896 	(Error_0): Likewise.
 4897 	(s_goto): Likewise.
 4898 	(s_return): Likewise.
 4899 	(s_return_enable_gc): Likewise.
 4900 	(s_thread_to): Remove superfluous cast.
 4901 	(_s_return): Return the opcode to evaluate next.
 4902 	(scheme_init_custom_alloc): Adapt to removal of field 'op'.
 4903 
 4904 2017-05-03  Andre Heinecke  <aheinecke@intevation.de>
 4905 
 4906 	speedo,w32: Allow installation as normal user.
 4907 	+ commit cacfd4bce94704b531f68ee76fb40789e44fde67
 4908 	* build-aux/speedo/w32/g4wihelp.c (ENV_HK_USER, ENV_REG_USER):
 4909 	New defines.
 4910 	(path_add): Handle is_user_install variable. Don't abort
 4911 	if Path reg key does not exist. Fix crash if Path reg key
 4912 	does not contain a semicolon.
 4913 	(path_remove): Handle is_user_install variable. Fix crash
 4914 	if Path reg key does not exist.
 4915 	* build-aux/speedo/w32/inst.nsi: Remove obsolete HAVE_STARTMENU
 4916 	this was double guarded with WITH_GUI. Add Multiuser plugin and
 4917 	defines for this. Use SHCTX instead of HKLM / HKCU.
 4918 	(PrintNonAdminWarning): Only Warn and don't abort.
 4919 
 4920 2017-05-02  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 4921 
 4922 	g10: Remove skeleton options files.
 4923 	+ commit 201f86803017c1db373023f7b506d4a0dc644bbc
 4924 	* build-aux/speed/w32/inst.nsi: stop installing skeleton files.
 4925 	* doc/gpg.texi: stop documenting skeleton files.
 4926 	* g10/Makefile.am: stop installing skeleton files.
 4927 	* g10/openfile.c (copy_options_file): Remove.
 4928 	(try_make_homedir): do not call copy_options_file.
 4929 
 4930 2017-04-27  NIIBE Yutaka  <gniibe@fsij.org>
 4931 
 4932 	g10: For signing, prefer available card key when no -u option.
 4933 	+ commit 97a2394ecafaa6f58e4a1f70ecfd04408dc15606
 4934 	* g10/skclist.c (build_sk_list): Ask gpg-agent if card is available.
 4935 	Then, use the card key if any.
 4936 
 4937 2017-04-26  NIIBE Yutaka  <gniibe@fsij.org>
 4938 
 4939 	g10: Minor clean up.
 4940 	+ commit 2262a80c5f44433a08bc0e21b77d9efe51596f21
 4941 	* g10/main.h (complete_sig): Remove declaration.
 4942 	* g10/sign.c (complete_sig): Make it static.
 4943 
 4944 2017-04-25  NIIBE Yutaka  <gniibe@fsij.org>
 4945 	    Tomas Mraz
 4946 
 4947 	dirmngr: Fix aliasing problem in dns.c.
 4948 	+ commit 247932f367f856e7ce91528e14f0aaf838150857
 4949 	* dirmngr/dns.c (dns_ai_setent): Care about aliasing.
 4950 
 4951 2017-04-25  NIIBE Yutaka  <gniibe@fsij.org>
 4952 
 4953 	tests: Remove *.conf.tmpl from Makefile.
 4954 	+ commit 7851d73fd7f424f9a649690e1cb3055feb792c51
 4955 	* tests/openpgp/Makefile.am (TEST_FILES): Remove gpg.conf.tmpl
 4956 	and gpg-agent.conf.tmpl.
 4957 
 4958 	g10: invalidate the fd cache for keyring.
 4959 	+ commit 116cfd60779fbb3540da629db54dc2e148f4a3a2
 4960 	* g10/keyring.c (keyring_search_reset): Don't keep the FD cache.
 4961 
 4962 2017-04-24  Andre Heinecke  <aheinecke@intevation.de>
 4963 
 4964 	w32: Enable wildcard expansion with mingw-w64.
 4965 	+ commit 2e71bf30f038ca0e142acbb6f650ce029105f8a2
 4966 	* g10/gpg.c: Define _dowildcard = -1;
 4967 
 4968 2017-04-24  Justus Winter  <justus@g10code.com>
 4969 
 4970 	tests: Fix Python detection.
 4971 	+ commit ef1922b3b19df0aa7f8c15d503c603f76fc13f82
 4972 	* tests/gpgme/gpgme-defs.scm (python): Fix Python detection.
 4973 
 4974 	gpgscm: Refactor cell finalization.
 4975 	+ commit d2f6798621d751cd6ae6f091c4a2af4569c5b8aa
 4976 	* tests/gpgscm/scheme.c (finalize_cell): Use switch, return whether
 4977 	the cell may be freed.
 4978 	(gc): Update callsite.
 4979 
 4980 	gpgscm: Tweak error message display.
 4981 	+ commit 78547bfe8a885579438a17abadca02b62cce2844
 4982 	* tests/gpgscm/init.scm (throw'): If the first argument to the error
 4983 	is a string, display it as such.
 4984 
 4985 	tests: Deduplicate and simplify code.
 4986 	+ commit 06a177ceea529269a7404740c60416bd6a4567b1
 4987 	* tests/gpgme/gpgme-defs.scm (create-file): Move...
 4988 	* tests/gpgsm/gpgsm-defs.scm (create-file): ... likewise...
 4989 	* tests/openpgp/defs.scm (create-file): Here.
 4990 	(create-gpghome): Use 'create-file'.
 4991 	* tests/openpgp/gpg-agent.conf.tmpl: Delete file.
 4992 	* tests/openpgp/gpg.conf.tmpl: Likewise.
 4993 
 4994 	gpgscm: Fix test.
 4995 	+ commit 9ae63b9caefdf3e925c5928667fcd9227132d27f
 4996 	* tests/gpgscm/t-child.scm: Use 'string-length' on the string.
 4997 
 4998 	gpgscm: Improve syntax checking.
 4999 	+ commit 4aab0e6ac7f2887a6f38f0cb95365dd7c30b4b18
 5000 	* tests/gpgscm/scheme.c (opexe_0): Make sure closure arguments are
 5001 	symbols.
 5002 
 5003 	gpgscm: Emit JUnit-style XML reports.
 5004 	+ commit ee715201ae784e840b6136393289e6dbd6f4c540
 5005 	* tests/gpgscm/Makefile.am (EXTRA_DIST): Add new file.
 5006 	* tests/gpgscm/lib.scm (string-translate): New function.
 5007 	* tests/gpgscm/main.c (main): Load new file.
 5008 	* tests/gpgscm/tests.scm (dirname): New function.
 5009 	(test-pool): Record execution times, emit XML report.
 5010 	(test): Record execution times, record log file name, emit XML report.
 5011 	(run-tests-parallel): Write XML report.
 5012 	(run-tests-sequential): Likewise.
 5013 	* tests/gpgscm/xml.scm: New file.
 5014 	* tests/gpgme/Makefile.am (CLEANFILES): Add 'report.xml'.
 5015 	* tests/gpgsm/Makefile.am: Likewise.
 5016 	* tests/migrations/Makefile.am: Likewise.
 5017 	* tests/openpgp/Makefile.am: Likewise.
 5018 
 5019 	gpgscm: Make logging less verbose and more useful.
 5020 	+ commit 679920781a25ae5c0e49d4bd78e6926fd661778f
 5021 	* tests/gpgscm/tests.scm (call-with-io): When being verbose, include
 5022 	the pid in the output, and avoid duplicating the command arguments.
 5023 
 5024 	gpgscm: Make test framework less functional.
 5025 	+ commit a71f4142e13e2cc26ef0cd62f56a1ccb7ce678ee
 5026 	* tests/gpgscm/tests.scm (test-pool, tests): Previously, these methods
 5027 	updated objects by creating new updated copies of the object being
 5028 	manipulated.  This made the code awkward without any benefit,
 5029 	therefore I change it to just update the object.
 5030 
 5031 	gpgscm: Move 'trace' and 'stringify'.
 5032 	+ commit f03d6897be904da58cad76b4bd07729922b47616
 5033 	* tests/gpgscm/tests.scm (trace, stringify): Move...
 5034 	* tests/gpgscm/lib.scm: ... here.
 5035 
 5036 	gpgscm: Avoid fruitless garbage collection cycles.
 5037 	+ commit 245860ecaf8b9e82ca577385abd453ac92ffcd26
 5038 	* tests/gpgscm/scheme-private.h (CELL_MINRECOVER): New macro.
 5039 	* tests/gpgscm/scheme.c (_get_cell): Move the heuristic to get more
 5040 	cells...
 5041 	(gc): ... here where every caller benefits from the optimization.
 5042 
 5043 2017-04-20  NIIBE Yutaka  <gniibe@fsij.org>
 5044 
 5045 	g13: Fix for Solaris.
 5046 	+ commit 10519270d36586c536bfb6c4cda8ac17c01f4976
 5047 	* configure.ac: Check sys/mkdev.h.
 5048 	* g13/sh-dmcrypt.c: Include sys/mkdev.h.
 5049 
 5050 2017-04-18  NIIBE Yutaka  <gniibe@fsij.org>
 5051 
 5052 	dirmngr: Fix final close of LISTEN_FD.
 5053 	+ commit 4b2581dc0ea1d03e70023bb0748aa0c21c0a2173
 5054 	* dirmngr/dirmngr.c (handle_connections): Close LISTEN_FD.
 5055 
 5056 	dirmngr: Fix API difference for Windows.
 5057 	+ commit 0d0a7efa8fa0accc1da851917376e2328ef33c96
 5058 	* dirmngr/http.c (read_server, write_server): Use assuan_fd_t.
 5059 	(http_wait_response): Use FD2INT to get unsigned integer fd.
 5060 	(read_server, write_server): Likewise.
 5061 	(simple_cookie_read, simple_cookie_write): Use assuan_fd_t.
 5062 
 5063 2017-04-17  NIIBE Yutaka  <gniibe@fsij.org>
 5064 
 5065 	agent: More minor change.
 5066 	+ commit 9296aed4bd2ad09d23339e658264e557c5312585
 5067 	* agent/command.c (cmd_pksign): Remove redundant assignment.
 5068 
 5069 	agent: Minor cleanup.
 5070 	+ commit 45c52cca1401b930878a8f901b63cfbb22e9e327
 5071 	* agent/command-ssh.c (ssh_key_to_protected_buffer): Not touch ERR.
 5072 	* agent/command.c (cmd_genkey, cmd_import_key): Clean up.
 5073 
 5074 	tests: Minor memory fix.
 5075 	+ commit b9440aa3693a4bb91e1ba8ff09e2d93ff22dd70a
 5076 	* tests/openpgp/fake-pinentry.c (get_passphrase): Free the memory.
 5077 
 5078 	g10: Fix parse_ring_trust.
 5079 	+ commit 256e861bce3dc9aba8fab4df47a40cae3bede175
 5080 	* g10/parse-packet.c (parse_ring_trust): Fix condition.
 5081 
 5082 	g10: Minor fixes.
 5083 	+ commit 0dec0cc281dfa26db89f8cc5ee002dea5c2b2e81
 5084 	* g10/export.c (cleartext_secret_key_to_openpgp): No initialization.
 5085 	(do_export_one_keyblock): Initialize with GPG_ERR_NOT_FOUND.
 5086 	* g10/getkey.c (get_best_pubkey_byname): Add non-null check.
 5087 	* g10/tofu.c (tofu_set_policy): ERR initialize to 0.
 5088 
 5089 	g10: Fix import/export filter property match.
 5090 	+ commit af5f8ecf51f5e1f33e832d4946d02313b78a0536
 5091 	* g10/import.c (impex_filter_getval): Fix to "else if".
 5092 
 5093 2017-04-14  NIIBE Yutaka  <gniibe@fsij.org>
 5094 
 5095 	agent: Clean up error initialize/return.
 5096 	+ commit 36c4e540f1a4992675ee6e0acca1231325457079
 5097 	* agent/call-pinentry.c (start_pinentry): Return RC.
 5098 	* agent/command-ssh.c (ssh_handler_request_identities): Don't set ERR.
 5099 	* agent/findkey.c (try_unprotect_cb): Return ERR.
 5100 	(unprotect): Don't set RC.
 5101 	* agent/gpg-agent.c (handle_connections): Don't set fd.
 5102 
 5103 	dirmngr: More fix for test program.
 5104 	+ commit adb77d095b3958482863a17c83746f33945638dc
 5105 	* dirmngr/t-http.c (main): Care about no TLS.
 5106 
 5107 	dirmngr: More fix for Windows.
 5108 	+ commit 4771bad610eb59e701fe8e53468e2af22d45eeb0
 5109 	* dirmngr/http.c (simple_cookie_read, simple_cookie_write): Only
 5110 	valid with HTTP_USE_NTBTLS.
 5111 	(_my_socket_new): Simply cast to int since it's for debug.
 5112 	(_my_socket_ref, _my_socket_unref): Likewise.
 5113 
 5114 2017-04-13  NIIBE Yutaka  <gniibe@fsij.org>
 5115 
 5116 	dirmngr: Fix http.c for sockaddr_storage.
 5117 	+ commit 86dcb03134fd4957d51ebaa06b7991239f9ee56a
 5118 	dirmngr/http.c (use_socks): Use sockaddr_storage.
 5119 	(my_sock_new_for_addr, connect_server): Likewise.
 5120 
 5121 	dirmngr: Fix alignment of ADDR.
 5122 	+ commit 892b33bb2c57785927ea6652091191da2deed464
 5123 	* dirmngr/dns-stuff.h (dns_addrinfo_s): Use struct sockaddr_storage
 5124 	for size and alignment.
 5125 	* dirmngr/dns-stuff.c (resolve_name_libdns): Follow the change.
 5126 	(resolve_dns_name): Use struct sockaddr_storage.
 5127 	(resolve_addr_standard, resolve_dns_addr): Likewise.
 5128 	(resolve_dns_addr): Likewise.
 5129 
 5130 	dirmngr: Fix thread key type.
 5131 	+ commit 37018adce6ea4920b34d59afcfe4f55f716b3086
 5132 	* dirmngr/dirmngr.c (my_tlskey_current_fd): Use npth_key_t.
 5133 
 5134 	common, g10: Fix enumeration types.
 5135 	+ commit 74258278efacd7069e8c1df8ff6fc3f4675d713e
 5136 	* common/openpgpdefs.h (CIPHER_ALGO_PRIVATE10, PUBKEY_ALGO_PRIVATE10)
 5137 	(DIGEST_ALGO_PRIVATE10, COMPRESS_ALGO_PRIVATE10): New.
 5138 	* g10/misc.c (map_pk_gcry_to_openpgp): Add type conversion.
 5139 	(map_cipher_openpgp_to_gcry, openpgp_cipher_algo_name)
 5140 	(openpgp_pk_test_algo2, map_md_openpgp_to_gcry)
 5141 	(pubkey_get_npkey): Add default handling.
 5142 
 5143 	dirmngr: More fix for Windows.
 5144 	+ commit 5af104b541ed430a54eb0163a1d29e1d043f9377
 5145 	* dirmngr/dns.c (socket_fd_t, STDCALL): New.
 5146 	(dns_te_initname): Use.
 5147 
 5148 2017-04-12  NIIBE Yutaka  <gniibe@fsij.org>
 5149 
 5150 	dirmngr: Fix type of sock.
 5151 	+ commit 6755b3b505f79a5a233b18e85f57a0d3a455e664
 5152 	* dirmngr/http.c (send_request): Use assuan_fd_t for SOCK.
 5153 
 5154 	tools: Fix condition for gpg-connect-agent.
 5155 	+ commit f52f6af834cc488d11612e349e4af023d69a45f4
 5156 	* tools/gpg-connect-agent.c (start_agent): Add paren.
 5157 
 5158 	dirmngr: Fix possible null reference.
 5159 	+ commit 7ae1857c90ab43ad9e31f0fb6dbd37f25cc37278
 5160 	* dirmngr/dns.c (dns_error_t dns_trace_fput): Check NULL.
 5161 
 5162 	common: Simplify format_text.
 5163 	+ commit 7b4edf14bb16fbe786e55b829a208960396ce8df
 5164 	* common/stringhelp.c (format_text): Don't allow IN_PLACE formatting.
 5165 	* common/stringhelp.h: Change the API with no IN_PLACE.
 5166 	* common/t-stringhelp.c (test_format_text): Follow the change.
 5167 	* g10/gpgcompose.c (show_help): Likewise.
 5168 	* g10/tofu.c (format_conflict_msg_part1, ask_about_binding)
 5169 	(show_statistics, show_warning): Likewise.
 5170 
 5171 	gpgscm: Fix test program.
 5172 	+ commit 7f9032d4a8ce53ce1a972bd3c1f8d20b3776756b
 5173 	* tests/gpgscm/t-child.c (main): Fix for setmode.
 5174 
 5175 	dirmngr: Fix plus1_ns.
 5176 	+ commit 60d9a9e6b4ae3af029596d14732c02f49203326d
 5177 	* dirmngr/dns.c (plus1_ns): Fix the initial implementation.
 5178 
 5179 	scd: Handle unexpected suspend/resume by CCID driver.
 5180 	+ commit f053f99ed0b0c6de7b7c4a07cbd7f7d213ddf0db
 5181 	* scd/ccid-driver.c (bulk_in): Handle unexpected failure.
 5182 
 5183 	dirmngr: Fix dns-stuff.c in another way.
 5184 	+ commit bd0c94939faf8ccfc117fb595e9bc0105edcafa4
 5185 	* dirmngr/dns-stuff.c (T_CERT): Define our own.
 5186 
 5187 	Revert "dirmngr: Fix dns-stuff.c."
 5188 	+ commit 0b904ddea8bddaa2fd7893a9dce1df1cb5e36b00
 5189 	This reverts commit 1538523156be568046f632d1775eae30ea8bd556.
 5190 
 5191 	dirmngr: Fix dns-stuff.c.
 5192 	+ commit 1538523156be568046f632d1775eae30ea8bd556
 5193 	* dirmngr/dns-stuff.c: Don't include arpa/nameser.h.
 5194 
 5195 	agent: Simplify stream_read_cstring.
 5196 	+ commit c64763c3a74ecc61c2f6c5edb679a2a3879d79e7
 5197 	* agent/command-ssh.c (stream_read_cstring): Just call
 5198 	stream_read_string.
 5199 
 5200 	dirmngr: Use a function to increment network short.
 5201 	+ commit 64904ce627b6b0661acf15b5b70103c4842bb0f3
 5202 	* dirmngr/dns.c (plus1_ns): New.
 5203 	(dns_p_push): Use it.
 5204 
 5205 	g10: Minor clean up for export.c.
 5206 	+ commit 05218829589f6d4b09933fa19f568c2019367d5c
 5207 	* g10/export.c (export_ssh_key): Check IDENTIFIER for error.
 5208 	Release base64 thing on error of get_membuf.
 5209 
 5210 2017-04-11  NIIBE Yutaka  <gniibe@fsij.org>
 5211 
 5212 	g13: Include sys/sysmacros.h if available.
 5213 	+ commit c3cc9551dcc89cc25c0a0ec16d8eb12c1c221638
 5214 	* configure.ac: Add test for sys/sysmacros.h.
 5215 	* g13/sh-dmcrypt.c: Include sys/sysmacros.h.
 5216 
 5217 2017-04-11  Justus Winter  <justus@g10code.com>
 5218 
 5219 	tests: Fix distcheck.
 5220 	+ commit 00be2a92625e832e8dd621f2a8f72b124c6d50ca
 5221 	* tests/gpgscm/Makefile.am (EXTRA_DIST): Add 'gnupg.scm'.
 5222 
 5223 	tests: Avoid relying on implicit gpg commands.
 5224 	+ commit cde626e7f7349a73d58ec3236ab3b43dec852bb5
 5225 	* tests/openpgp/armdetach.scm: Always use an explicit command instead
 5226 	of relying on gpg to guess what we want.
 5227 	* tests/openpgp/armdetachm.scm: Likewise.
 5228 	* tests/openpgp/armencrypt.scm: Likewise.
 5229 	* tests/openpgp/armencryptp.scm: Likewise.
 5230 	* tests/openpgp/armor.scm: Likewise.
 5231 	* tests/openpgp/armsignencrypt.scm: Likewise.
 5232 	* tests/openpgp/armsigs.scm: Likewise.
 5233 	* tests/openpgp/clearsig.scm: Likewise.
 5234 	* tests/openpgp/compression.scm: Likewise.
 5235 	* tests/openpgp/conventional-mdc.scm: Likewise.
 5236 	* tests/openpgp/conventional.scm: Likewise.
 5237 	* tests/openpgp/decrypt-dsa.scm: Likewise.
 5238 	* tests/openpgp/decrypt.scm: Likewise.
 5239 	* tests/openpgp/detach.scm: Likewise.
 5240 	* tests/openpgp/detachm.scm: Likewise.
 5241 	* tests/openpgp/ecc.scm: Likewise.
 5242 	* tests/openpgp/encrypt-dsa.scm: Likewise.
 5243 	* tests/openpgp/encrypt-multifile.scm: Likewise.
 5244 	* tests/openpgp/encrypt.scm: Likewise.
 5245 	* tests/openpgp/encryptp.scm: Likewise.
 5246 	* tests/openpgp/seat.scm: Likewise.
 5247 	* tests/openpgp/signencrypt-dsa.scm: Likewise.
 5248 	* tests/openpgp/signencrypt.scm: Likewise.
 5249 	* tests/openpgp/sigs-dsa.scm: Likewise.
 5250 	* tests/openpgp/sigs.scm: Likewise.
 5251 
 5252 	tests: Make tests more robust.
 5253 	+ commit 1b28d9dbe0260b2a4645c4b5caae11d9f375c942
 5254 	* tests/openpgp/defs.scm (have-opt-always-trust): Execute in empty
 5255 	ephemeral home directory.  This prevents gpg from picking up the
 5256 	configuration from the current gnupghome (if any).
 5257 	* tests/migrations/common.scm (untar-armored): Likewise.
 5258 
 5259 	tests: Move common functionality.
 5260 	+ commit ccd2187212c12b84c86a10fd4417a16536243179
 5261 	* tests/openpgp/defs.scm (with-home-directory,
 5262 	with-ephemeral-home-directory): Move...
 5263 	* tests/gpgscm/gnupg.scm: ... to this new file.
 5264 	* tests/gpgscm/main.c (main): Load the new file.
 5265 
 5266 2017-04-11  NIIBE Yutaka  <gniibe@fsij.org>
 5267 
 5268 	dirmngr: Fix build for Windows.
 5269 	+ commit 3133402241167ccad70fa888a47ffcbe04e7b4c5
 5270 	* dirmngr/ldap-wrapper-ce.c (outstream_cookie_writer): Use
 5271 	gpgrt_ssize_t.
 5272 
 5273 	g10,tools: Fix bzlib.h include order.
 5274 	+ commit 03d77b60befa4e2f8437a80ac429cca3e54688f8
 5275 	* g10/compress-bz2.c: Include bzlib.h after gcrypt.h.
 5276 	* tools/gpgsplit.c: Likewise.
 5277 
 5278 	g10: Minor clean up for TOFU.
 5279 	+ commit f079822b2ce06c18b7ea45efed2d29b54e38f04d
 5280 	* g10/tofu.c (ask_about_binding): Fix for qualifier.
 5281 
 5282 	common: Portability fix for logging.c.
 5283 	+ commit 456c5cdb2d72bba77e2a30c8fdb1c1cebbe9b1d2
 5284 	* common/logging.c (S_IRGRP, S_IWGRP, S_IROTH, S_IWOTH): Avoid
 5285 	duplicated definition.
 5286 
 5287 	tools: Portability fix for gpgparsemail.
 5288 	+ commit a1446163d584cdc3003c7d5b5fc6d74737c1732d
 5289 	* tools/rfc822parse.c (my_stpcpy): Rename from stpcpy.
 5290 
 5291 2017-04-10  Justus Winter  <justus@g10code.com>
 5292 
 5293 	gpgscm: Fix opcode dispatch.
 5294 	+ commit 1b6adab41d386b587f65e5c6f14a63859ac1226b
 5295 	* tests/gpgscm/scheme.c (opexe_0): Consider 'op', not 'sc->op'.  The
 5296 	former is the opcode we are currently executing.
 5297 
 5298 	gpgscm: Mmap script files.
 5299 	+ commit c7f0d90592fd0348a3818ac897f91e6859584146
 5300 	* tests/gpgscm/main.c (load): Try to mmap the script.
 5301 	* tests/gpgscm/scheme.c (scheme_load_memory): New function, a
 5302 	generalization of 'scheme_load_string'.
 5303 	* tests/gpgscm/scheme.h (scheme_load_memory): New prototype.
 5304 
 5305 	gpgscm: Refactor checking for opcode arguments.
 5306 	+ commit f3d1f6867792deeb9a2a63744ee9b076c41c58f3
 5307 	* tests/gpgscm/scheme.c (op_code_info): Fix type, add forward
 5308 	declaration.
 5309 	(check_arguments): New function.
 5310 	(Eval_cycle): Use the new function.
 5311 
 5312 	gpgscm: Improve syntax dispatch.
 5313 	+ commit b628e62b5b9f7ed5cbb1bfe34727b5ee8129f7d4
 5314 	* tests/gpgscm/scheme.c (assign_syntax): Add opcode parameter, store
 5315 	opcode in the tag.
 5316 	(syntaxnum): Add sc parameter, retrieve opcode from tag.
 5317 	(opexe_0): Adapt callsite.
 5318 	(scheme_init_custom_alloc): Likewise.
 5319 
 5320 	gpgscm: Make tags mandatory.
 5321 	+ commit a1ad5d6a30cf72d9b7e7bb449985dc69d5e01c4b
 5322 	* tests/gpgscm/opdefines.h: Make tags mandatory.
 5323 	* tests/gpgscm/scheme.c: Likewise.
 5324 	* tests/gpgscm/scheme.h: Likewise.
 5325 
 5326 	gpgscm: Add and use opcode for reversing a list in place.
 5327 	+ commit e1bb9326dc381ae2711a81ab621e21a66388bcbd
 5328 	* tests/gpgscm/lib.scm (string-split-pln): Use 'reverse!'.
 5329 	(string-rtrim): Likewise.
 5330 	* tests/gpgscm/opdefines.h (reverse!): New opcode.
 5331 	* tests/gpgscm/scheme.c (opexe_0): Handle new opcode.
 5332 
 5333 	gpgscm: Deduplicate code.
 5334 	+ commit 3e91019a92b9bb3bb5a8cd62336b4cf65964e45b
 5335 	* tests/gpgscm/scheme.c (oblist_add_by_name): Deduplicate.
 5336 	(new_slot_spec_in_env): Likewise.
 5337 
 5338 	gpgscm: Move dispatch table into rodata.
 5339 	+ commit 7dff6248bddd5583988ac562318cf0d76a409d0e
 5340 	* tests/gpgscm/opdefines.h: Use 0 instead of NULL.
 5341 	* tests/gpgscm/scheme.c (op_code_info): Use char arrays instead of
 5342 	pointers, make arity parameters smaller.
 5343 	(INF_ARG): Adapt.
 5344 	(_OP_DEF): Likewise.
 5345 	(dispatch_table): Likewise.
 5346 	(procname): Likewise.
 5347 	(Eval_cycle): Likewise.
 5348 	(scheme_init_custom_alloc): Likewise.
 5349 
 5350 	gpgscm: Use more threaded code.
 5351 	+ commit 6f217d116d1a12c6093bb253dbfa349bc81bc90b
 5352 	* tests/gpgscm/scheme.c (opexe_0): Use 's_thread_to' instead of
 5353 	's_goto' wherever possible.
 5354 
 5355 	gpgscm: Remove now obsolete dispatcher function from the opcodes.
 5356 	+ commit e7ed9822e20ee4bbb4cdd9eca8121b4ade87e5ce
 5357 	* tests/gpgscm/opdefines.h: Remove now obsolete dispatcher function
 5358 	from the opcodes.
 5359 	* tests/gpgscm/scheme-private.h (_OP_DEF): Adapt.
 5360 	* tests/gpgscm/scheme.c (dispatch_func): Remove type declaration.
 5361 	(op_code_info): Remove 'func'.
 5362 	(_OP_DEF): Adapt.
 5363 	(Eval_Cycle): Always call 'opexe_0'.
 5364 
 5365 	gpgscm: Merge 'opexe_6'.
 5366 	+ commit ddf444828b9b3f75d964473a2c0e77f75f094cf4
 5367 	* tests/gpgscm/scheme.c (opexe_6): Merge into 'opexe_0'.
 5368 	* tests/gpgscm/opdefines.h: Adapt.
 5369 
 5370 	gpgscm: Merge 'opexe_5'.
 5371 	+ commit 1379df44537b67b7c2fbc0fb5bc6f7945a5d7ebb
 5372 	* tests/gpgscm/scheme.c (opexe_5): Merge into 'opexe_0'.
 5373 	* tests/gpgscm/opdefines.h: Adapt.
 5374 
 5375 	gpgscm: Merge 'opexe_4'.
 5376 	+ commit 4f835104b9475e7d585d859b85e7d0d4cfe9aab3
 5377 	* tests/gpgscm/scheme.c (opexe_4): Merge into 'opexe_0'.
 5378 	* tests/gpgscm/opdefines.h: Adapt.
 5379 
 5380 	gpgscm: Merge 'opexe_3'.
 5381 	+ commit d591ab65d37ee467ca91ad851ab236f2985c1ee2
 5382 	* tests/gpgscm/scheme.c (opexe_3): Merge into 'opexe_0'.
 5383 	* tests/gpgscm/opdefines.h: Adapt.
 5384 
 5385 	gpgscm: Merge 'opexe_2'.
 5386 	+ commit 6cad38228f6ebfdc8e52960223b492597aff26a0
 5387 	* tests/gpgscm/scheme.c (opexe_2): Merge into 'opexe_0'.
 5388 	* tests/gpgscm/opdefines.h: Adapt.
 5389 
 5390 	gpgscm: Merge 'opexe_1'.
 5391 	+ commit 154af876f05b773bf3a860fcb4cc41066da27beb
 5392 	* tests/gpgscm/scheme.c (opexe_1): Merge into 'opexe_0'.
 5393 	* tests/gpgscm/opdefines.h: Adapt.
 5394 
 5395 2017-04-10  NIIBE Yutaka  <gniibe@fsij.org>
 5396 
 5397 	agent: Use "ll" length specifier when time_t is larger.
 5398 	+ commit 170660ed11b56145dea4865e751ae5aff1681fe2
 5399 	* agent/command.c (cmd_keytocard): Use KEYTOCARD_TIMESTAMP_FORMAT.
 5400 
 5401 	scd: Relax a condition for p15 driver.
 5402 	+ commit 7501f2e9c4e6fd94a191b381d52ec2fe1d103e29
 5403 	* scd/app-p15.c (read_ef_aodf): Fix.
 5404 
 5405 	scd: Relax a condition for p15 driver.
 5406 	+ commit 3c1ad96f1ce838daf2d861b33e6611f6d3043d25
 5407 	* scd/app-p15.c (read_ef_aodf): Remove possibly redundant condition.
 5408 
 5409 	scd: Remove "special transport" support.
 5410 	+ commit 34199ef677bb40eadf0da696a111f7036bc3187e
 5411 	* scd/ccid-driver.c (transports, my_sleep, prepare_special_transport)
 5412 	(writen): Remove.
 5413 	(ccid_dev_scan, ccid_dev_scan_finish, ccid_get_BAI): Only for USB.
 5414 	(ccid_open_reader, do_close_reader, bulk_out, bulk_in, abort_cmd)
 5415 	(ccid_poll, ccid_transceive): Likewise.
 5416 
 5417 2017-04-07  Justus Winter  <justus@g10code.com>
 5418 
 5419 	gpgscm: Allocate small integers in the rodata section.
 5420 	+ commit 8640fa880d7050917f4729f2c0cb506e165ee446
 5421 	* tests/gpgscm/Makefile.am (gpgscm_SOURCES): Add new file.
 5422 	* tests/gpgscm/scheme-private.h (struct cell): Move number to the top
 5423 	of the union so that we can initialize it.
 5424 	(struct scheme): Remove 'integer_segment'.
 5425 	* tests/gpgscm/scheme.c (initialize_small_integers): Remove function.
 5426 	(small_integers): New variable.
 5427 	(MAX_SMALL_INTEGER): Compute.
 5428 	(mk_small_integer): Adapt.
 5429 	(mark): Avoid marking objects already marked.  This allows us to run
 5430 	the algorithm over objects in the rodata section if they are already
 5431 	marked.
 5432 	(scheme_init_custom_alloc): Remove initialization.
 5433 	(scheme_deinit): Remove deallocation.
 5434 	* tests/gpgscm/small-integers.h: New file.
 5435 
 5436 	gpgscm: Make global data constant when possible.
 5437 	+ commit c9c3fe883271868d3b2dd287d295cf6a8f8ffc05
 5438 	* tests/gpgscm/scheme-private.h (struct scheme): Make 'vptr' const.
 5439 	* tests/gpgscm/scheme.c (num_zero): Statically initialize and turn
 5440 	into constant.
 5441 	(num_one): Likewise.
 5442 	(charnames): Change type so that it can be stored in rodata.
 5443 	(is_ascii_name): Adapt slightly.
 5444 	(assign_proc): Make argument const char *.
 5445 	(op_code_info): Make some fields const char *.
 5446 	(tests): Make const.
 5447 	(dispatch_table): Make const.  At least it can be made read-only after
 5448 	relocation.
 5449 	(Eval_Cycle): Adapt slightly.
 5450 	(vtbl): Make const.
 5451 
 5452 	gpgscm: Remove arbitrary limit on number of cell segments.
 5453 	+ commit 56638c28adc1bbe9fc052b92549a50935c0fe99c
 5454 	* tests/gpgscm/scheme-private.h (struct scheme): Remove fixed-size
 5455 	arrays for cell segments, replace them with a pointer to the new
 5456 	'struct cell_segment' instead.
 5457 	* tests/gpgscm/scheme.c (struct cell_segment): New definition.
 5458 	(_alloc_cellseg): Allocate the header within the segment, return a
 5459 	pointer to the header.
 5460 	(_dealloc_cellseg): New function.
 5461 	(alloc_cellseg): Insert the segments into a list.
 5462 	(_get_cell): Allocate a new segment if less than a quarter of
 5463 	CELL_SIGSIZE is recovered during garbage collection.
 5464 	(initialize_small_integers): Adapt callsite.
 5465 	(gc): Walk the list of segments.
 5466 	(scheme_init_custom_alloc): Remove initialization of removed field.
 5467 	(scheme_deinit): Adapt deallocation.
 5468 
 5469 	gpgscm: Fix compact vector encoding.
 5470 	+ commit bf8b5e9042b3d86d419b2ac1987a9298c9d21500
 5471 	* tests/gpgscm/scheme-private.h (struct cell): Use uintptr_t for
 5472 	'_flags'.  This way, '_flags' has the size of a machine word.
 5473 
 5474 2017-04-07  Werner Koch  <wk@gnupg.org>
 5475 
 5476 	gpg: Fix printing of offline taken subkey.
 5477 	+ commit 547bc01d57528ecc27b3b5e16797967a7f88fecf
 5478 	* g10/keylist.c (list_keyblock_print): Set SECRET to 2 and not 0x32.
 5479 
 5480 2017-04-07  NIIBE Yutaka  <gniibe@fsij.org>
 5481 
 5482 	scd: Internal CCID reader cleanup.
 5483 	+ commit cc420d34880e2a050b39f969873974cfc35fa5c3
 5484 	* scd/ccid-reader.c (scan_usb_device): Only for scan mode, so, rename
 5485 	from scan_or_find_usb_device.
 5486 	(scan_devices): Likewise.  Remove support of special transport types.
 5487 	(ccid_get_reader_list): Simplify.
 5488 	(abort_cmd): Fix error return.
 5489 	(send_escape_cmd): Fix for RESULTLEN == NULL.
 5490 	(ccid_transceive_secure): Remove unnecessary var updates.
 5491 
 5492 	scd: Don't keep CCID reader open when card is not available.
 5493 	+ commit 3c93595d701c59cbc9b67a7fd0bcde7ee0fada1a
 5494 	* scd/apdu.c (open_ccid_reader): Fail if no ATR.
 5495 
 5496 	agent: Serialize access to passphrase cache.
 5497 	+ commit ebe12be034f052cdec871f0d8ad1bfab85d7b943
 5498 	* agent/cache.c (encryption_lock): Remove.
 5499 	(cache_lock): New.  Now, we have coarse grain lock to serialize
 5500 	entire cache access.
 5501 	(initialize_module_cache): Use CACHE_LOCK.
 5502 	(init_encryption, new_data): Remove ENCRYPTION_LOCK.
 5503 	(agent_flush_cache, agent_put_cache, agent_get_cache): Lock the cache.
 5504 
 5505 2017-04-06  Justus Winter  <justus@g10code.com>
 5506 
 5507 	gpgscm: Avoid mutating integer.
 5508 	+ commit f1dc34f502a68673e7a29f3fcf57b8dc6a4fac89
 5509 	* tests/gpgscm/scheme.c (opexe_5): Do not modify the integer in-place
 5510 	while printing an vector.  Integer objects may be shared, so they must
 5511 	not be mutated.
 5512 
 5513 	gpgscm: Initialize unused slots in vectors.
 5514 	+ commit b83903f59ec5d49ac579f263da70ebc8dc3645b5
 5515 	* tests/gpgscm/scheme.c (get_vector_object): Initialize unused slots
 5516 	at the end of vectors.
 5517 
 5518 	tests: Fix distcheck.
 5519 	+ commit 23f00f109ddba595db4f73a6182750177c7dd75d
 5520 	* tests/Makefile.am (SUBDIRS): Add 'pkits' again.  Simply dropping it
 5521 	makes 'make distcheck' unhappy.
 5522 	* tests/pkits/Makefile.am (TESTS): Remove all tests.
 5523 
 5524 	tests: Disable 'pkits' test suite.
 5525 	+ commit af1c1a57e46a00a32d83c1a58c5f3ef6f4a1c1d1
 5526 	* tests/Makefile.am (SUBDIRS): Drop 'pkits'.
 5527 	* tests/pkits/common.sh: Fix locating 'PKITS_data.tar.bz2'.
 5528 	* tests/pkits/inittests: Likewise.
 5529 
 5530 	tests: Make test more robust.
 5531 	+ commit 94645311f8a3e9ae33643512f87fbef41bf0556f
 5532 	* tests/openpgp/4gb-packet.scm: Skip if we do not have BZIP2.
 5533 	* tests/openpgp/defs.scm (have-compression-algo?): New function.
 5534 
 5535 2017-04-05  Justus Winter  <justus@g10code.com>
 5536 
 5537 	tests: Fix setup of ephemeral home directories.
 5538 	+ commit 01e84d429aeeb1450012ff0576a6a24de50693c6
 5539 	* tests/openpgp/defs.scm (with-ephemeral-home-directory): Set
 5540 	GNUPGHOME and cwd to the ephemeral directory before calling the setup
 5541 	function.
 5542 
 5543 2017-04-04  Justus Winter  <justus@g10code.com>
 5544 
 5545 	tests: Fix setup of ephemeral home directories.
 5546 	+ commit 32b75fb7743f35936d7014fce33c90ba97dfa374
 5547 	* tests/openpgp/defs.scm (with-ephemeral-home-directory): Create
 5548 	configuration files when we enter the context.
 5549 	* tests/openpgp/setup.scm: Do not use an ephemeral home directory.
 5550 	Tests should always use the cwd.
 5551 	* tests/gpgsm/setup.scm: Likewise.
 5552 	* tests/gpgsm/export.scm: Add explicit constructor function.
 5553 	* tests/openpgp/decrypt-session-key.scm: Likewise.
 5554 	* tests/openpgp/decrypt-unwrap-verify.scm: Likewise.
 5555 
 5556 	gpgscm: Fix copying values.
 5557 	+ commit 6261611d3786f19fd84ccc79f45a89cadac518e8
 5558 	* tests/gpgscm/scheme.c (copy_value): New function.
 5559 	(mk_tagged_value): Use new function.
 5560 	(opexe_4): Likewise for OP_SAVE_FORCED.
 5561 
 5562 	gpgscm: Simplify get-output-string operation.
 5563 	+ commit a80d4a9b50ad47eae1f8c740dd73804311e38783
 5564 	* tests/gpgscm/scheme.c (opexe_4): Simplify 'get-output-string'.
 5565 
 5566 	gpgscm: Simplify substring operation.
 5567 	+ commit d858096c99705ccf2e115475f81c4cf88edbeebf
 5568 	* tests/gpgscm/scheme.c (opexe_2): Simplify 'substring'.
 5569 
 5570 2017-04-04  NIIBE Yutaka  <gniibe@fsij.org>
 5571 
 5572 	agent: Minor fix for get_client_pid.
 5573 	+ commit 5744d2038bd17b8b1be4e73d0ad3bc41772efe96
 5574 	* agent/command-ssh.c (get_client_pid): Use 0 to initialize.
 5575 
 5576 2017-04-03  Werner Koch  <wk@gnupg.org>
 5577 
 5578 	Release 2.1.20.
 5579 	+ commit e7eb9b12deaf7ebe26967bfb56e980b7efeebdc3
 5580 
 5581 
 5582 	dirmngr: New option --disable-ipv6.
 5583 	+ commit 3533b854408fa93734742b2ee12b62aa0d55ff28
 5584 	* dirmngr/dirmngr.h (struct opt): Add field 'disable_ipv6'.
 5585 	* dirmngr/dirmngr.c (oDisableIPv6): New const.
 5586 	(opts): New option --disable-ipv6.
 5587 	(parse_rereadable_options): Set that option.
 5588 	* dirmngr/dns-stuff.c (opt_disable_ipv6): New var.
 5589 	(set_dns_disable_ipv6): New.
 5590 	(resolve_name_standard): Make use of it.
 5591 	* dirmngr/ks-engine-finger.c (ks_finger_fetch): Take care of
 5592 	OPT.DISABLE_IPV6.
 5593 	* dirmngr/ks-engine-hkp.c (map_host): Ditto.
 5594 	(send_request): Ditto.
 5595 	* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
 5596 	* dirmngr/ocsp.c (do_ocsp_request): Ditto.
 5597 
 5598 	dirmngr,w32: Silence the 'certificate already cached' message.
 5599 	+ commit fce36d7ec87be14b874813db277781c87a64ea87
 5600 	* dirmngr/certcache.c (load_certs_from_w32_store): Silenece an info
 5601 	message.
 5602 
 5603 	dirmngr: Handle EIO which is sometimes returned by cookie functions.
 5604 	+ commit cc32ddbcba8c53d3e2cad952d72f62dc73911042
 5605 	* dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle EIO.
 5606 
 5607 	dirmngr: Always print a warning for a missing /etc/hosts.
 5608 	+ commit 35c843c815306f36d1efbc52f5e2f6bac3f67aec
 5609 	* dirmngr/dns-stuff.c (libdns_init): No Windows specific handling of a
 5610 	missing /etc/hosts.
 5611 
 5612 	dirmngr: Do not assume that /etc/hosts exists.
 5613 	+ commit 5d873f288e86edfb684f4dd57ac36466b06494a4
 5614 	* dirmngr/dns-stuff.c (libdns_init): Do not bail out.
 5615 
 5616 	po: Update the German translation.
 5617 	+ commit c7be01dae914c183dd99bd531a388c794d858c61
 5618 
 5619 
 5620 	gpgconf: Add --enable-extended-key-format for the agent.
 5621 	+ commit d23052b04ebb0ac731aa351650c4084f080c640b
 5622 	* tools/gpgconf-conf.c: Add option.
 5623 	* agent/gpg-agent.c (main) <aGPGConfList>: Add option.
 5624 
 5625 2017-04-03  Justus Winter  <justus@g10code.com>
 5626 
 5627 	gpgscm: Slightly improve the procedure dispatch.
 5628 	+ commit 90932bdad607d06f4f040e3457caddba79ba8b7e
 5629 	* tests/gpgscm/scheme.c (procnum): Procedures always have an integer
 5630 	number, so we can safely use the cheaper 'ivalue_unchecked'.
 5631 
 5632 2017-04-03  Werner Koch  <wk@gnupg.org>
 5633 
 5634 	gpg: Handle critical marked 'Reason for Revocation'.
 5635 	+ commit 3f6d949011f485613bb4bd3e06a2643be79cce40
 5636 	* g10/parse-packet.c (can_handle_critical): Add
 5637 	SIGSUBPKT_REVOC_REASON.
 5638 
 5639 2017-04-02  Werner Koch  <wk@gnupg.org>
 5640 
 5641 	agent: Use OCB for key protection with --enable-extended-key-format.
 5642 	+ commit d24375271b97e45deaeb1ef0a8434c64066ba2e8
 5643 	* agent/protect.c (PROT_DEFAULT_TO_OCB): Remove macro.
 5644 	(agent_protect): Make the default protection mode depend on the extend
 5645 	key format option.
 5646 
 5647 2017-04-01  Werner Koch  <wk@gnupg.org>
 5648 
 5649 	kbx: Unify blob reading functions.
 5650 	+ commit 0039d7107bcdfce6f3b02b46ff0495cfba07882a
 5651 	* kbx/keybox-file.c (_keybox_read_blob): Remove.
 5652 	(_keybox_read_blob2): Rename to ....
 5653 	(_keybox_read_blob): this.  Make arg options.  Change all callers.
 5654 	* kbx/keybox-search.c (keybox_search): Factor fopen call out to ...
 5655 	(open_file): new.
 5656 	(keybox_seek): Als use open_file.
 5657 
 5658 2017-03-31  Werner Koch  <wk@gnupg.org>
 5659 
 5660 	gpg: Avoid multiple open calls to the keybox file.
 5661 	+ commit 5556eca5acd46983bff0b38a1ffbc2f07fbaba9f
 5662 	* g10/keydb.h (KEYDB_HANDLE): Move typedef to ...
 5663 	* g10/gpg.h: here.
 5664 	(struct server_control_s): Add field 'cached_getkey_kdb'.
 5665 	* g10/gpg.c (gpg_deinit_default_ctrl): Release that keydb handle.
 5666 	* g10/getkey.c (getkey_end): Cache keydb handle.
 5667 	(get_pubkey): Use cached keydb handle.
 5668 	* kbx/keybox-search.c (keybox_search_reset): Use lseek instead of
 5669 	closing the file.
 5670 
 5671 	gpg: Pass CTRL also to getkey_end.
 5672 	+ commit aca5f494a88776d4974bfa9b0b65cb60c1b42040
 5673 	* g10/getkey.c (getkey_end): Add arg CTRL.  Change all callers.
 5674 
 5675 	gpg: Print more stats for the keydb and the signature cache.
 5676 	+ commit 3a10de3bfd785aefb0150e82b6dbbc7cb9f208c8
 5677 	* g10/sig-check.c (sig_check_dump_stats): New.
 5678 	(cache_stats): New struct.
 5679 	(check_key_signature2): Update stats.
 5680 	* g10/gpg.c (g10_exit): Call new function.
 5681 	* g10/keydb.c (kid_not_found_cache_count): Replace by ...
 5682 	(kid_not_found_stats): ... new struct.  Change users.
 5683 	(keydb_stats): New struct.  Update the counters.
 5684 	(keydb_dump_stats): Print all stats.
 5685 
 5686 	gpg: Assert that an opaque parameter is really what we expect.
 5687 	+ commit 52ba5e67cad4311d0ddbc4f2979e20afd0161d1f
 5688 	* g10/gpg.h (SERVER_CONTROL_MAGIC): New const.
 5689 	(server_control_s): Add field 'magic'.
 5690 	* g10/gpg.c (gpg_init_default_ctrl): Init MAGIC.
 5691 	* g10/import.c (impex_filter_getval): Assert MAGIC.
 5692 
 5693 2017-03-30  Justus Winter  <justus@g10code.com>
 5694 
 5695 	gpg: Consistent use of preprocessor conditionals.
 5696 	+ commit 5e89144cbca36c1e7eb814b3aad4b7c46cd4efbf
 5697 	* g10/parse-packet.c: Use '#if' instead of '#ifdef' when checking
 5698 	DEBUG_PARSE_PACKET.  This fixes the build with '#define
 5699 	DEBUG_PARSE_PACKET 0'.
 5700 
 5701 	common: Avoid undefined behavior.
 5702 	+ commit 214fa9012296d796b78f1a3106d656639cf50aef
 5703 	* common/iobuf.c (iobuf_read_line): Do not consider 'length' if
 5704 	'buffer' is NULL.
 5705 
 5706 2017-03-30  Werner Koch  <wk@gnupg.org>
 5707 
 5708 	gpg: Remove the use of the signature information from a KBX.
 5709 	+ commit a6142dbdbc5783043deb847dc64998c421860941
 5710 	* g10/keydb.c (keyblock_cache): Remove field SIGSTATUS.
 5711 	(keyblock_cache_clear): Adjust for that removal.
 5712 	(parse_keyblock_image): Remove arg SIGSTATUS.  Remove the signature
 5713 	cache setting; this is now done in the parser.
 5714 	(keydb_get_keyblock): Do not set SIGSTATUS.
 5715 	(build_keyblock_image): Remove arg SIGSTATUS and simplify.  Change
 5716 	caller.
 5717 	* kbx/keybox-blob.c: Explain that the signature information is not
 5718 	anymore used.
 5719 	(_keybox_create_openpgp_blob): Remove arg SIGSTATUS and change
 5720 	callers.
 5721 	* kbx/keybox-search.c (keybox_get_keyblock): Remove arg R_SIGSTATUS
 5722 	and change callers.
 5723 	* kbx/keybox-update.c (keybox_insert_keyblock): Likewise.
 5724 
 5725 	gpg: Fix actual leak and possible leaks in the packet parser.
 5726 	+ commit 7bf24e8146116a30c4c9d7b6dbf8bbb27fc35971
 5727 	* g10/packet.h (struct parse_packet_ctx_s): Change LAST_PKT deom a
 5728 	pointer to its struct.
 5729 	(init_parse_packet): Adjust for LAST_PKT not being a pointer.
 5730 	* g10/parse-packet.c (parse): Ditto. Free the last packet before
 5731 	storing a new one in case of a deep link.
 5732 	(parse_ring_trust): Adjust for LAST_PKT not being a pointer.
 5733 	* g10/free-packet.c (free_packet): Ditto.
 5734 	* g10/t-keydb-get-keyblock.c (do_test): Release keyblock.
 5735 
 5736 	gpg: Fix export porting of zero length user ID packets.
 5737 	+ commit 64665404e43051fa50ee030766347e24b7d1e4d5
 5738 	* g10/build-packet.c (do_user_id): Avoid indeterminate length header.
 5739 
 5740 	gpg: Revamp reading and writing of ring trust packets.
 5741 	+ commit a8895c99a7d0750132477d80cd66caaf3a709113
 5742 	* g10/parse-packet.c (parse_trust): Rename to ...
 5743 	(parse_ring_trust): this.  Change args and implement new ring trust
 5744 	packet format.
 5745 	(parse): Add special ring trust packet handling.
 5746 	* g10/packet.h (PKT_user_id): New fields KEYUPDATE, UPDATEURL, and
 5747 	KEYSRC.
 5748 	(PKT_public_key): Ditto.
 5749 	(RING_TRUST_SIG, RING_TRUST_KEY, RING_TRUST_UID): New consts.
 5750 	(PKT_ring_trust): New.
 5751 	(struct packet_struct): Remove member RING_TRUST.
 5752 	(strcu parse_packet_ctx_s): Add field SKIP_META.
 5753 	(init_parse_packet): Init SKIPT_META.
 5754 	* g10/free-packet.c (release_public_key_parts): Free UDPATEURL.
 5755 	(free_user_id): Ditto.
 5756 	* g10/mainproc.c (list_node): Remove printing of non-documented "rtv"
 5757 	lines.
 5758 	* g10/build-packet.c (build_packet_and_meta): New.
 5759 	(do_ring_trust): New.
 5760 	* g10/export.c (write_keyblock_to_output): Use build_packet_and_meta
 5761 	in backup mode.
 5762 	(do_export_one_keyblock): Ditto.
 5763 	* g10/import.c (read_block): Add arg WITH_META.  Skip ring trust
 5764 	packets if that ism not set.
 5765 	(import): Call read_block WITH_META in restore mode.
 5766 	* g10/keydb.h (KEYSRC_UNKNOWN, KEYSRC_FILE, KEYSRC_KS, KEYSRC_PREF_KS)
 5767 	(KEYSRC_WKD, KEYSRC_WKD_SD, KEYSRC_DANE): New constants.  They are not
 5768 	yet used, though.
 5769 	* g10/keydb.c (parse_keyblock_image): Allow ring trust packets.
 5770 	(build_keyblock_image): Ditto.  Use build_packet_and_meta.
 5771 	* g10/keyring.c (keyring_get_keyblock): Remove specila treatment of
 5772 	ring trust packets.
 5773 	(write_keyblock): Use build_packet_and_meta.  Remove special treatment
 5774 	of ring trust packets and initialization of the signature caches.
 5775 
 5776 2017-03-29  Werner Koch  <wk@gnupg.org>
 5777 
 5778 	gpg: Extend free_packet to handle a packet parser context.
 5779 	+ commit afa86809087909a8ba2f9356588bf90cc923529c
 5780 	* g10/packet.h (struct parse_packet_ctx_s): Add fields LAST_PKT and
 5781 	FREE_LAST_PKT.
 5782 	(init_parse_packet): Clear them.
 5783 	(deinit_parse_packet): New macro.  Change all users if
 5784 	init_parse_packet to also call this macro.
 5785 	* g10/free-packet.c (free_packet): Add arg PARSECTX and handle shallow
 5786 	packet copies in the context.  Change all callers.
 5787 	* g10/parse-packet.c (parse): Store certain packets in the parse
 5788 	context.
 5789 
 5790 	gpg: Change parse_packet to take a context.
 5791 	+ commit 0526c99164d3531b5ec763ffc672407eb24b2296
 5792 	* g10/packet.h (struct parse_packet_ctx_s): New.
 5793 	(parse_packet_ctx_t): New type.
 5794 	(init_parse_packet): New macro.
 5795 	* g10/parse-packet.c (parse_packet, dbg_parse_packet): Change to take
 5796 	a parse context.  Change all callers to provide a context instead of
 5797 	directly supplying the input stream.
 5798 	(search_packet, dbg_search_packet): Ditto.
 5799 	(copy_all_packets, dbg_copy_all_packets): Init an use a parse context.
 5800 	(copy_some_packets, dbg_copy_some_packets): Ditto.
 5801 	(skip_some_packets, dbg_skip_some_packets): Ditto.
 5802 
 5803 	gpg: Export ring trust packets in backup mode.
 5804 	+ commit f5b565a5b8de3f2a3d98bc1a655e18333aee223b
 5805 	* g10/export.c (write_keyblock_to_output): Export ring trust packets.
 5806 
 5807 2017-03-28  Justus Winter  <justus@g10code.com>
 5808 
 5809 	tests,w32: Fix importing the extra key for GPGME's keylist test.
 5810 	+ commit b20780658ebb1e1245db18c04db3e815399cf706
 5811 	* tests/gpgme/wrap.scm: Qualify the tests name with the extension for
 5812 	executables (if any).
 5813 
 5814 2017-03-28  Werner Koch  <wk@gnupg.org>
 5815 
 5816 	gpg: Prepare for listing last_update and key origin data.
 5817 	+ commit 4af389c9721fa534ed06a64b80705b631575c775
 5818 	* g10/keylist.c (list_keyblock_colon): Add empty fields 19 and 20.
 5819 
 5820 2017-03-28  Justus Winter  <justus@g10code.com>
 5821 
 5822 	tests: Fix distcheck.
 5823 	+ commit 5128cd74c029d57491a79ca9e918c81facdf1b76
 5824 	* tests/openpgp/Makefile.am (sample_msgs): Add all missing sample
 5825 	messages.
 5826 
 5827 	tests: Add test for '--decrypt --unwrap'.
 5828 	+ commit 211d71f19c24da94f4c58014606125c1a29d86a2
 5829 	* tests/openpgp/Makefile.am (XTESTS): Add new test.
 5830 	* tests/openpgp/decrypt-unwrap-verify.scm: New file.
 5831 
 5832 	g10: Fix memory leak.
 5833 	+ commit 6d3edfd972c1114f43f6b35773dc25e0256f48f4
 5834 	* g10/decrypt-data.c (decrypt_data): Free 'filename'.
 5835 
 5836 2017-03-27  Justus Winter  <justus@g10code.com>
 5837 
 5838 	common: Fix connecting to the agent.
 5839 	+ commit caf00915532e6e8e509738962964edcd14fb0654
 5840 	* common/homedir.c (_gnupg_socketdir_internal): Fix error handling.
 5841 
 5842 2017-03-27  NIIBE Yutaka  <gniibe@fsij.org>
 5843 
 5844 	g10: Support specifying SERIALNO for --card-status.
 5845 	+ commit c1e6302b347caf852a056b9c721469ccb51f44da
 5846 	* g10/gpg.c (main): Allow an argument for --card-status.
 5847 	* g10/card-util.c (current_card_status): Rename from card_status.
 5848 	(card_status): New, which supports multiple cards.
 5849 	(get_one_name): Use current_card_status.
 5850 
 5851 	scd: Change the order of applications when accessed.
 5852 	+ commit d58275703f035e8cfd58cd1c2d0d5ac7dc59e110
 5853 	* scd/app.c (select_application): Move the app to top.
 5854 
 5855 	scd: Fix timeout handling for key generation.
 5856 	+ commit 0848cfcce738150b53bfb65b78efc1e6dc9f3d26
 5857 	* scd/ccid-driver.c (CCID_CMD_TIMEOUT): Back to original value.
 5858 	(CCID_CMD_TIMEOUT_LONGER): New.
 5859 	(ccid_transceive): Add kludge for key generation.
 5860 
 5861 2017-03-24  Werner Koch  <wk@gnupg.org>
 5862 
 5863 	gpg: Improve check for already compressed packets.
 5864 	+ commit 0b3770c421a35b64823a805fa8d49ddd5c653d50
 5865 	* common/miscellaneous.c (is_openpgp_compressed_packet): New.
 5866 	(is_file_compressed): Rerad 2 more bytes and call new function.
 5867 
 5868 	agent: New option --enable-extended-key-format.
 5869 	+ commit 2c237c13628a88ba23742da34ea18d3e205d7c53
 5870 	* agent/gpg-agent.c (oEnableExtendedKeyFormat): New const.
 5871 	(opts): New option --enable-extended-key-format.
 5872 	(parse_rereadable_options): Set option
 5873 	* agent/findkey.c (write_extended_private_key): Add arg 'update'.
 5874 	(agent_write_private_key): Implement new option.
 5875 
 5876 	agent: New option --stub-only for DELETE_KEY.
 5877 	+ commit 6fab7bba879d7794e32112cf3eddd8d87130a5d7
 5878 	* agent/findkey.c (agent_delete_key): Add arg 'only_stubs'.
 5879 	* agent/command.c (cmd_delete_key): Add option --stub-only.
 5880 
 5881 2017-03-23  Werner Koch  <wk@gnupg.org>
 5882 
 5883 	common: Implicitly do a gpgconf --create-socketdir.
 5884 	+ commit 26086b362ff47d21b1abefaf674a6464bf0a8921
 5885 	* common/homedir.c (_gnupg_socketdir_internal): Create the
 5886 	sub-directory.
 5887 
 5888 	tests: Use gpgconf to stop the agent.
 5889 	+ commit 2c9d9ac55ea455a5ec26428989dced0311ed46cc
 5890 	* tests/openpgp/defs.scm (stop-agent): Swap order of actions.  Kill
 5891 	all daemons using gpgconf.
 5892 	* tools/gpgconf.c (main) <aRemoveSocketDir>: Try to remove known
 5893 	socketfails on rmdir failure.  Do no fail for ENONET.
 5894 
 5895 2017-03-23  Justus Winter  <justus@g10code.com>
 5896 
 5897 	gpgscm: Make test cleanup more robust.
 5898 	+ commit 178b6314ab2d2268873067314744c8af74dc331e
 5899 	* tests/gpgscm/tests.scm (mkdtemp-autoremove): New function that
 5900 	cleans up at interpreter shutdown.
 5901 	(run-tests-parallel): Use the new function.
 5902 	(run-tests-sequential): Likewise.
 5903 	(make-environment-cache): Execute setup with an temporary working
 5904 	directory.
 5905 
 5906 2017-03-21  Justus Winter  <justus@g10code.com>
 5907 
 5908 	tests: Test '--quick-set-primary-uid'.
 5909 	+ commit fde885bbc47a4bf14a8570ac62e68adc8cf47a6e
 5910 	* tests/openpgp/quick-key-manipulation.scm: Test
 5911 	'--quick-set-primary-uid'.
 5912 
 5913 	tests,w32: Use GetTempPath to get the path for temporary files.
 5914 	+ commit d17840c3f40111beaf97d96ad3ca52047976e221
 5915 	* tests/gpgscm/ffi.c (do_get_temp_path): New function.
 5916 	(ffi_init): Make function available.
 5917 	* tests/gpgscm/tests.scm (mkdtemp): Use the new function.
 5918 
 5919 2017-03-21  Werner Koch  <wk@gnupg.org>
 5920 
 5921 	gpg: New command --quick-set-primary-uid.
 5922 	+ commit 74c1f30ad6616186f0ab9dbaf34db6c17b1e40c4
 5923 	* g10/gpg.c (aQuickSetPrimaryUid): New const.
 5924 	(opts): New command --quick-set-primary-uid.
 5925 	(main): Implement it.
 5926 	* g10/keyedit.c (keyedit_quick_adduid): Factor some code out to ...
 5927 	(quick_find_keyblock): new func.
 5928 	(keyedit_quick_revuid): Use quick_find_keyblock.
 5929 	(keyedit_quick_set_primary): New.
 5930 
 5931 2017-03-21  Justus Winter  <justus@g10code.com>
 5932 
 5933 	dirmngr: Fix error handling.
 5934 	+ commit 483c1288a8f86dc6bf93d0d3f2865ecc246aecba
 5935 	* dirmngr/dns-stuff.c (libdns_init): Convert error before printing it.
 5936 
 5937 	dirmngr: Load the hosts file into libdns.
 5938 	+ commit 88f1505f0613894d5544290a170119eb538921e5
 5939 	* dirmngr/dns-stuff.c (libdns_init): Actually load the hosts file into
 5940 	libdns.
 5941 
 5942 	tests: Create temporary directories in '/tmp'.
 5943 	+ commit 06f1f163e96f1039304fd3cf565cf9de1ca45849
 5944 	* tests/gpgscm/tests.scm (mkdtemp): Create temporary directories in
 5945 	'/tmp' on UNIX, or in '%Temp' on Windows.
 5946 	* tests/migrations/common.scm (run-test): Turn error into a warning.
 5947 	* tests/openpgp/defs.scm (start-agent): Likewise.
 5948 
 5949 2017-03-20  Justus Winter  <justus@g10code.com>
 5950 
 5951 	tests: Remove debugging remnants.
 5952 	+ commit ceb4b245752bb1fb43fde7e99f8d904ab8a9b5e2
 5953 	* tests/gpgme/gpgme-defs.scm (run-python-tests?): Remove 'trace's.
 5954 
 5955 	tests: Fail if we cannot create the socket directory.
 5956 	+ commit d75d20909d9f60d33ffd210def92278c0f383aad
 5957 	* tests/migrations/common.scm (run-test): Turn warning into an error.
 5958 	* tests/openpgp/defs.scm (start-agent): Likewise.
 5959 
 5960 2017-03-20  Werner Koch  <wk@gnupg.org>
 5961 
 5962 	gpg: Add new field no 18 to the colon listing.
 5963 	+ commit fe0b37e123ded51cc5f4cb5e3547fdfbce37a43e
 5964 	* g10/misc.c (gnupg_pk_is_compliant): New.
 5965 	* g10/keylist.c (print_compliance_flags): New.
 5966 	(list_keyblock_colon): Call it here.
 5967 	* sm/keylist.c (print_compliance_flags): New.
 5968 	(list_cert_colon): Call it here.
 5969 
 5970 	gpg: Remove unused stuff.
 5971 	+ commit e2c63a13e2fa4ce39af8471a34c06d73ff3ee6f6
 5972 	* g10/OPTIONS: Remove.
 5973 	* g10/options.h (struct opt): Remove 'shm_coprocess'.
 5974 
 5975 2017-03-17  Neal H. Walfield  <neal@g10code.com>
 5976 
 5977 	tests: Add test for issue 2959.
 5978 	+ commit fb9d68d636490ca88925051f48b08963c324aed1
 5979 	* tests/openpgp/tofu.scm: Add test for --tofu-default-policy=ask.
 5980 
 5981 	gpg: Make sure the conflict set includes the current key.
 5982 	+ commit b1106b4d640325c60a7212a4a44e4f67c0e3312d
 5983 	* g10/tofu.c (get_trust): Sanity check CONFLICT_SET after calling
 5984 	get_policy.  If POLICY is 'auto' and the default policy is 'ask', make
 5985 	sure CONFLICT_SET includes the current key.
 5986 
 5987 2017-03-17  Werner Koch  <wk@gnupg.org>
 5988 
 5989 	dirmngr: Ignore warning alerts in the GNUTLS handshake.
 5990 	+ commit 69c521df422a6c9a6b0a93e45c9373a8b6ceb28e
 5991 	* dirmngr/http.c (send_request) [GNUTLS]: Don't bail out on warning
 5992 	alerts.
 5993 
 5994 2017-03-17  Justus Winter  <justus@g10code.com>
 5995 
 5996 	gpgscm: Simplify hash tables.
 5997 	+ commit 6a3f857224eab108ae38e6259194b01b0ffdad8b
 5998 	* tests/gpgscm/scheme.c (oblist_add_by_name): We now always get a
 5999 	slot.  Simplify accordingly.
 6000 	(oblist_find_by_name): Always return the slot.
 6001 	(vector_elem_slot): New function.
 6002 	(new_slot_spec_in_env): We now always get a slot.  Remove parameter
 6003 	'env'.  Simplify accordingly.
 6004 	(find_slot_spec_in_env): Always return a slot.
 6005 	(new_slot_in_env): Adapt callsite.
 6006 	(opexe_0): Likewise.
 6007 	(opexe_1): Likewise.
 6008 	(scheme_define): Likewise.
 6009 
 6010 	gpgscm: Remove framework for immediate values.
 6011 	+ commit 38c955599f7c6c20faeec57d8e1df7d2c0eeba18
 6012 	* tests/gpgscm/scheme.c (IMMEDIATE_TAG): Remove macro.
 6013 	(is_immediate): Likewise.
 6014 	(set_immediate): Likewise.
 6015 	(clr_immediate): Likewise.
 6016 	(enum scheme_types): Set the LSB in every value.
 6017 	(fill_vector): Adapt.
 6018 	(vector_elem): Likewise.
 6019 	(set_vector_elem): Likewise.
 6020 	(mark): Likewise.
 6021 	(gc): Test for the LSB to tell typeflags apart from pointers stored in
 6022 	the same memory location.
 6023 
 6024 2017-03-16  NIIBE Yutaka  <gniibe@fsij.org>
 6025 
 6026 	agent,g10: Remove redundant SERIALNO request.
 6027 	+ commit 8c8ce8711d9c938fcb982b0341e6b052742cb887
 6028 	* agent/learncard.c (agent_handle_learn): Don't call
 6029 	agent_card_serialno.  Get the serialno in status response.
 6030 	* g10/call-agent.c (agent_scd_learn): Don't request "SCD SERIALNO".
 6031 	(agent_scd_serialno): New.
 6032 	(card_cardlist_cb, agent_scd_cardlist): New.
 6033 
 6034 2017-03-15  Justus Winter  <justus@g10code.com>
 6035 
 6036 	tests: Fix using tools from the build directory.
 6037 	+ commit a98459d3f4ec3d196fb0adb0e90dadf40abc8c81
 6038 	* tests/openpgp/defs.scm (gpg-conf'): Explicitly pass the build prefix
 6039 	to gpgconf here...
 6040 	(gpg-components): ... instead of only here.
 6041 
 6042 	tests: Dump the tools that the tests are going to use.
 6043 	+ commit c7833eca38fdb8d9ba7b59438ea87d651b8bf7ba
 6044 	* tests/openpgp/setup.scm: Dump the tools that the tests are going to
 6045 	use.  This will help us diagnose problems with the tests picking the
 6046 	wrong paths in the future.
 6047 
 6048 	build: Remove '--disable-tools' configuration option.
 6049 	+ commit 6993e42088c191f18468317ba2b5b8fbc8c3edff
 6050 	* Makefile.am (SUBDIRS): Unconditionally include 'tools'.
 6051 	* configure.ac: Remove '--disable-tools' configuration option.
 6052 
 6053 2017-03-15  NIIBE Yutaka  <gniibe@fsij.org>
 6054 
 6055 	g10: Fix check of serialno.
 6056 	+ commit 61785b679c542bbd789395fa632eb8b5133b01ad
 6057 	* g10/card-util.c (card_status): Fix.
 6058 
 6059 	g10: Remove unused function.
 6060 	+ commit ed3248219e921ee24f6f1b2985abb7e0945d70e9
 6061 	* g10/call-agent.c (select_openpgp): Remove.
 6062 
 6063 	tests: Fix running python condition.
 6064 	+ commit a672ddec03f96475866d712b28be18b3fab43aef
 6065 	* tests/gpgme/gpgme-defs.scm (run-python-tests?): We need Python.
 6066 
 6067 2017-03-14  Justus Winter  <justus@g10code.com>
 6068 
 6069 	tests: Skip Python tests if the bindings are not built.
 6070 	+ commit d82abbb1b6e80d5980e6259ddcfc770e65a6b1b3
 6071 	* tests/gpgme/wrap.scm (python): Move variable...
 6072 	* tests/gpgme/gpgme-defs.scm (python): ... here.
 6073 	(run-python-tests?): New function.
 6074 	* tests/gpgme/run-tests.scm: Only run Python tests if the bindings can
 6075 	be located in GPGME's build directory.
 6076 
 6077 2017-03-13  Werner Koch  <wk@gnupg.org>
 6078 
 6079 	gpg: Flush stdout before printing stats with --check-sigs.
 6080 	+ commit 9a77b3b6e41f97b1209ad61c04b3dd33242ecae8
 6081 	* g10/keylist.c (print_signature_stats): Flush stdout.
 6082 	(list_keyblock_colon): Use es_flush instead of fflush.
 6083 
 6084 2017-03-09  Justus Winter  <justus@g10code.com>
 6085 
 6086 	tests: Run the tests for the Python bindings of GPGME.
 6087 	+ commit 046a15a88c83b40a753b4ad7ecc1456efa5b527f
 6088 	* tests/gpgme/gpgme-defs.scm (create-file): Write lines.
 6089 	(create-gpgmehome): Extend function to create the right environment
 6090 	for the Python tests.
 6091 	* tests/gpgme/run-tests.scm: Make an environment cache for the Python
 6092 	tests and enable them.
 6093 	* tests/gpgme/wrap.scm: Do not hardcode the path of the Python
 6094 	interpreter.
 6095 
 6096 	tests: Rework environment setup.
 6097 	+ commit cca91a3f8f7e3e36b7149fc93f7b6df11d21eb1d
 6098 	* tests/gpgscm/tests.scm (test::scm): Add a setup argument.
 6099 	(test::binary): Likewise.
 6100 	(run-tests-parallel): Remove setup parameter.
 6101 	(run-tests-sequential): Likewise.
 6102 	(make-environment-cache): New function that handles the cache
 6103 	protocol.
 6104 	* tests/gpgme/run-tests.scm: Adapt accordingly.
 6105 	* tests/gpgsm/run-tests.scm: Likewise.
 6106 	* tests/migrations/run-tests.scm: Likewise.
 6107 	* tests/openpgp/run-tests.scm: Likewise.
 6108 
 6109 2017-03-08  Werner Koch  <wk@gnupg.org>
 6110 
 6111 	wks: Put stdout into binary mode for Windows at another place.
 6112 	+ commit ed5575ec550ff16b0b901a23c6aa3eb3d47b0575
 6113 	* tools/wks-util.c (wks_send_mime): Set stdout to binary.
 6114 
 6115 	wks: Put stdout into binary mode for Windows.
 6116 	+ commit 5c83759364272b19ceafbef46d057f0430a12698
 6117 	* tools/send-mail.c (send_mail_to_file): Call es_set_binary.
 6118 
 6119 2017-03-08  Justus Winter  <justus@g10code.com>
 6120 
 6121 	build: Use macOS' compatibility macros to enable all features.
 6122 	+ commit dd60e868d2bf649a33dc96e207ffd3b8ae4d35af
 6123 	* configure.ac: On macOS, use the compatibility macros to expose every
 6124 	feature of the libc.  This is the equivalent of _GNU_SOURCE on GNU
 6125 	libc.
 6126 
 6127 	g10: Move more flags into the flag bitfield.
 6128 	+ commit 2649fdfff5d9e227025956e015b67502fd4962c4
 6129 	* g10/packet.h (PKT_user_id): Move 'is_primary', 'is_revoked', and
 6130 	'is_expired' into the flags bitfield, and drop the prefix.
 6131 	* g10/call-dirmngr.c: Adapt accordingly.
 6132 	* g10/export.c: Likewise.
 6133 	* g10/getkey.c: Likewise.
 6134 	* g10/import.c: Likewise.
 6135 	* g10/kbnode.c: Likewise.
 6136 	* g10/keyedit.c: Likewise.
 6137 	* g10/keylist.c: Likewise.
 6138 	* g10/keyserver.c: Likewise.
 6139 	* g10/mainproc.c: Likewise.
 6140 	* g10/pkclist.c: Likewise.
 6141 	* g10/pubkey-enc.c: Likewise.
 6142 	* g10/tofu.c: Likewise.
 6143 	* g10/trust.c: Likewise.
 6144 	* g10/trustdb.c: Likewise.
 6145 
 6146 2017-03-08  Werner Koch  <wk@gnupg.org>
 6147 
 6148 	dirmngr: Do not put a keyserver into a new dirmngr.conf.
 6149 	+ commit 8f028642239fa992c6c059e3c1b4421a1813c827
 6150 	* g10/dirmngr-conf.skel: Do not define keyservers.
 6151 
 6152 	doc: Add a note to the trust model direct.
 6153 	+ commit f0257b4a86b73f5b956028e68590b6d2a23ea4da
 6154 	* doc/gpg.texi (GPG Configuration Options): Add note.  Chnage Index
 6155 	from trust-mode:foo to trust-model:foo.
 6156 
 6157 2017-03-07  Justus Winter  <justus@g10code.com>
 6158 
 6159 	Revert "build: Improve CFLAGS handling."
 6160 	+ commit b71384c8054ce2f245ccfae02b8ee81e1adfc512
 6161 	This reverts commit 4b57359ef3ce0b87e15889e12ef0fcd23f62dcb4.
 6162 
 6163 	build: Improve CFLAGS handling.
 6164 	+ commit 4b57359ef3ce0b87e15889e12ef0fcd23f62dcb4
 6165 	* configure.ac: Strip any flags matching '-Werror' from CFLAGS before
 6166 	running the tests, and add them back later on.
 6167 
 6168 2017-03-07  Michael Haubenwallner  <michael.haubenwallner@ssi-schaefer.com>
 6169 
 6170 	gpgscm: Use system strlwr if available.
 6171 	+ commit c22a2a89d3bd3d08b3abb8e4e33df32b480338ec
 6172 	* tests/gpgscm/scheme.c: Define local strlwr only when HAVE_STRLWR is
 6173 	not defined in config.h.
 6174 	* tests/gpgscm/scheme-config.h: Remove hack.
 6175 
 6176 2017-03-07  Justus Winter  <justus@g10code.com>
 6177 
 6178 	gpg: Do not allow the user to revoke the last valid UID.
 6179 	+ commit 591b6a9d879cbcabb089d89a26d3c3e0306054e1
 6180 	* g10/keyedit.c (keyedit_quick_revuid): Merge self signatures, then
 6181 	make sure that we do not revoke the last valid UID.
 6182 	(menu_revuid): Make sure that we do not revoke the last valid UID.
 6183 	* tests/openpgp/quick-key-manipulation.scm: Demonstrate that
 6184 	'--quick-revoke-uid' can not be used to revoke the last valid UID.
 6185 
 6186 2017-03-07  NIIBE Yutaka  <gniibe@fsij.org>
 6187 
 6188 	tools: Removal of -Icommon.
 6189 	+ commit 80fb1a8a05b2194af16027555b09bbd5d48ec9ac
 6190 	* tools/gpg-wks-server.c: Follow the change.
 6191 
 6192 	More change for common.
 6193 	+ commit d6c7bf1f8ab8899faba2fb81a35b096921c38f3c
 6194 	* g10, scd, test, tools: Follow the change of removal of -Icommon.
 6195 
 6196 	Remove -I option to common.
 6197 	+ commit 70aca95d6816082b289fceca8eabfcf718a6b701
 6198 	* dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
 6199 	* g10/Makefile.am (AM_CPPFLAGS): Ditto.
 6200 	* g13/Makefile.am (AM_CPPFLAGS): Ditto.
 6201 	* kbx/Makefile.am (AM_CPPFLAGS): Ditto.
 6202 	* scd/Makefile.am (AM_CPPFLAGS): Ditto.
 6203 	* sm/Makefile.am (AM_CPPFLAGS): Ditto.
 6204 	* tools/Makefile.am (AM_CPPFLAGS): Ditto.
 6205 	* Throughout: Follow the change.
 6206 
 6207 2017-03-07  Justus Winter  <justus@g10code.com>
 6208 
 6209 	tests: Avoid overflowing signed 32 bit time_t.
 6210 	+ commit de3838372ae3cdecbd83eea2c53c8e2656d93052
 6211 	* tests/openpgp/quick-key-manipulation.scm: Use expiration times in
 6212 	the year 2038 instead of 2105 to avoid overflowing 32 bit time_t.
 6213 	time_t is used internally to parse the expiraton time from the iso
 6214 	timestamp.
 6215 
 6216 2017-03-07  NIIBE Yutaka  <gniibe@fsij.org>
 6217 
 6218 	agent: Resolve conflict of util.h.
 6219 	+ commit 176e07ce10d892fa7c7b96725b38b2fec9a1f916
 6220 	* agent/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
 6221 	* agent/call-pinentry.c, agent/call-scd.c: Follow the change.
 6222 	* agent/command-ssh.c, agent/command.c, agent/cvt-openpgp.c: Ditto.
 6223 	* agent/divert-scd.c, agent/findkey.c, agent/genkey.c: Ditto.
 6224 	* agent/gpg-agent.c, agent/pksign.c, agent/preset-passphrase.c: Ditto.
 6225 	* agent/protect-tool.c, agent/protect.c, agent/trustlist.c: Ditto.
 6226 	* agent/w32main.c: Ditto.
 6227 
 6228 	agent: Add include files.
 6229 	+ commit bf03925751abb739f2fd9d631694d3dd33decf92
 6230 	* agent/command-ssh.c: Add sys/socket.h and sys/un.h.
 6231 
 6232 	agent: Fix get_client_pid for portability.
 6233 	+ commit f7f806afa5083617f4aba02fc3b285b06a7d73d4
 6234 	* configure.ac: Simply check getpeerucred and ucred.h, and structure
 6235 	members.
 6236 	* agent/command-ssh.c: Include ucred.h.
 6237 	(get_client_pid) [HAVE_STRUCT_SOCKPEERCRED_PID]: Use sockpeercred
 6238 	structure for OpenBSD.
 6239 	[LOCAL_PEERPID]: Use LOCAL_PEERPID for macOS.
 6240 	[LOCAL_PEEREID]: Use LOCAL_PEEREID for NetBSD.
 6241 	[HAVE_GETPEERUCRED]: Use getpeerucred for OpenSolaris.
 6242 
 6243 	common: Fix warning for portability.
 6244 	+ commit b9ab733fc0dd2ca2a7eaac0bde3a817c07af36c5
 6245 	* common/localename.c (do_nl_locale_name): We don't use CATEGORY.
 6246 
 6247 	tools: More portable for openpty use.
 6248 	+ commit ce37ada87139ef418401f9f35439007a8c04a856
 6249 	* configure.ac (AC_CHECK_HEADERS): Add util.h libutil.h and termios.h.
 6250 	* tools/symcryptrun.c: Include those headers.
 6251 
 6252 	scd: Close THE_EVENT handle.
 6253 	+ commit cc933a96f8e83bc66fb69ed33d9593acdd60c929
 6254 	* scd/scdaemon.c (handle_connections): Close the handle.
 6255 
 6256 2017-03-06  Justus Winter  <justus@g10code.com>
 6257 
 6258 	tests: Harmonize temporary and socket directory handling.
 6259 	+ commit 7e19786a5ddef637d1d9d21593fecf5a36b6f372
 6260 	* tests/gpgscm/tests.scm (mkdtemp): Do not magically obey the
 6261 	environment variable 'TMP', make sure to always return an absolute
 6262 	path.
 6263 	* tests/gpgme/Makefile.am (TMP): Drop variable.
 6264 	(TESTS_ENVIRONMENT): Drop 'TMP'.
 6265 	* tests/gpgme/gpgme-defs.scm (create-gpgmehome): Start the agent.  Do
 6266 	not create private key store, the agent does that for us.
 6267 	* tests/gpgsm/Makefile.am (TMP): Drop variable.
 6268 	(TESTS_ENVIRONMENT): Drop 'TMP'.
 6269 	* tests/gpgme/gpgme-defs.scm (create-gpgsmhome): Start the agent.  Do
 6270 	not create private key store, the agent does that for us.
 6271 	* tests/migrations/Makefile.am (TMP): Drop variable.
 6272 	(TESTS_ENVIRONMENT): Drop 'TMP'.
 6273 	* tests/migrations/common.scm (gpgconf): New variable.
 6274 	(run-test): Create and remove socket directory.
 6275 	* tests/migrations/extended-pkf.scm (src-tarball): Remove variable.
 6276 	(setup): Remove function.
 6277 	(trigger-migration): Likewise.
 6278 	Use 'run-test' to execute the test.
 6279 	* tests/migrations/from-classic.scm (src-tarball): Remove variable.
 6280 	(setup): Remove function.
 6281 	Use 'run-test' to execute the tests.
 6282 	* tests/openpgp/Makefile.am (TMP): Drop variable.
 6283 	(TESTS_ENVIRONMENT): Drop 'TMP'.
 6284 	* tests/openpgp/README: Do not mention 'TMP'.
 6285 	* tests/openpgp/defs.scm (with-home-directory): New macro.
 6286 	(create-legacy-gpghome): Do not create private key store, the agent
 6287 	does that for us.
 6288 	(start-agent): Make sure to terminate the right agent with 'atexit'.
 6289 
 6290 	gpgscm: Fix creation of temporary directories.
 6291 	+ commit 171e4314ebd3ff74af3dcdc8bd68e1100e8910ea
 6292 	* tests/gpgscm/ffi.c (do_mkdtemp): Use a larger buffer for the
 6293 	template.
 6294 
 6295 2017-03-06  Werner Koch  <wk@gnupg.org>
 6296 
 6297 	wks: Set published keys world-readable.
 6298 	+ commit e3589110e01dc6ad04463351ec2ce17201556d09
 6299 	* tools/gpg-wks-server.c (check_and_publish): Set the permissions.
 6300 
 6301 	gpg: Fix attempt to double free an UID structure.
 6302 	+ commit 4a130bbc2c2f4be6e8c6357512a943f435ade28f
 6303 	* g10/getkey.c (get_best_pubkey_byname): Set released .UID to NULL.
 6304 
 6305 2017-03-06  NIIBE Yutaka  <gniibe@fsij.org>
 6306 
 6307 	scd: Fix compiler warnings for app-openpgp.c.
 6308 	+ commit e6ca015ae182a6dbb0466441efc17c99683e9375
 6309 	* scd/app-openpgp.c (retrieve_key_material): Remove touching I.
 6310 	(do_change_pin): Make sure going to leave if PINVALUE == 0.
 6311 	(rsa_writekey): Emit simpler log.
 6312 
 6313 	scd: More cleanup of old code.
 6314 	+ commit 9bf39ed75ddbd35908bcd0996f55325ff801619a
 6315 	* scd/app-dinsig.c (do_sign): Remove assignment to HASHALGO.
 6316 	* scd/app-p15.c (parse_keyusage_flags): Remove assign to MASK.
 6317 	(read_ef_aodf): Likewise.
 6318 	(read_ef_cdf): Change the control to parse_error.
 6319 	* scd/app-sc-hsm.c (parse_keyusage_flags): Remove assign to MASK.
 6320 	(read_ef_prkd): Remove assign to S.
 6321 	(read_ef_prkd): Check if PRKDF is not null.
 6322 	(read_ef_cd): Likewise for CDF.
 6323 
 6324 	scd: Clean up old code.
 6325 	+ commit cb6337329d3c858c695a7e56e2fc31d9d50ca3fe
 6326 	* scd/apdu.c (CT_init, CT_data, CT_close): Remove.
 6327 	(ct_error_string, ct_activate_card, close_ct_reader, reset_ct_reader)
 6328 	(ct_get_status, ct_send_apdu, open_ct_reader): Remove.
 6329 	(new_reader_slot) [NEED_PCSC_WRAPPER]: Remove fd and pid handling.
 6330 	(writen, readn): Remove.
 6331 	(pcsc_get_status, pcsc_send_apdu, control_pcsc, close_pcsc_reader)
 6332 	(reset_pcsc_reader, open_pcsc_reader): Only DIRECT version.
 6333 	(apdu_open_one_reader): Remove CT_api handling.
 6334 	(apdu_get_status_internal, send_le): Fix to stop warnings.
 6335 
 6336 	scd: Fix API of select_file/_path.
 6337 	+ commit 0703de01c8fbc417a99ecf8e950fc306b8c8ac9c
 6338 	* scd/iso7816.c (iso7816_select_file, iso7816_select_path): Remove
 6339 	unused arguments.
 6340 	* scd/app-dinsig.c (do_readcert): Follow the change.
 6341 	* scd/app-help.c (app_help_read_length_of_cert): Likewise.
 6342 	* scd/app-nks.c (keygripstr_from_pk_file, do_readcert, do_readkey)
 6343 	(switch_application): Likewise.
 6344 	* scd/app-p15.c (select_and_read_binary, select_ef_by_path)
 6345 	(micardo_mse, app_select_p15): Likewise.
 6346 	* scd/app.c (app_new_register): Likewise.
 6347 
 6348 	agent: For SSH, robustly handling scdaemon's errors.
 6349 	+ commit 4ce4f2f683a17be3ddb93729f3f25014a97934ad
 6350 	* agent/command-ssh.c (card_key_list): Return 0 when
 6351 	agent_card_serialno returns an error.
 6352 	(ssh_handler_request_identities): Handle errors for card listing
 6353 	and proceed to other cases.
 6354 
 6355 2017-03-03  Werner Koch  <wk@gnupg.org>
 6356 
 6357 	dirmngr: Fix commit de6d8313.
 6358 	+ commit 67c203b6bf8d6dd489ceef3391f609986e7b7a49
 6359 	* dirmngr/http-common.c (get_default_keyserver): Fix assert.
 6360 
 6361 2017-03-03  NIIBE Yutaka  <gniibe@fsij.org>
 6362 
 6363 	scd: Fix scd_kick_the_loop.
 6364 	+ commit f9acc7d18bb90f47dafe7e32ae92f567756d6b12
 6365 	* scd/scdaemon.c (notify_fd): Remove.
 6366 	(the_event) [W32]: New.
 6367 	(main_thread_pid) [!W32]: New.
 6368 	(handle_signal): Handle SIGCONT.
 6369 	(scd_kick_the_loop): Use signal on UNIX and event on Windows.
 6370 	(handle_connections): Likewise.
 6371 
 6372 2017-03-03  Werner Koch  <wk@gnupg.org>
 6373 
 6374 	gpg: Fix possible segv when attribute packets are filtered.
 6375 	+ commit 5f6f3f5cae8a95ed469129f9677782c17951dab3
 6376 	* g10/import.c (impex_filter_getval): Handle PKT_ATTRIBUTE the same as
 6377 	PKT_USER_ID
 6378 	(apply_drop_sig_filter): Ditto.
 6379 
 6380 	gpg: Add new variables to the import and export filters.
 6381 	+ commit 1813f3be23bdab5a42070424c47cb8daa9d9e6b7
 6382 	* g10/import.c (impex_filter_getval): Add new variables "expired",
 6383 	"revoked", and "disabled".
 6384 
 6385 2017-03-02  Werner Koch  <wk@gnupg.org>
 6386 
 6387 	tools: Fix compile error with older gcc versions.
 6388 	+ commit b1f48da02b474e985161aa2778d7b602a13c4292
 6389 	* tools/mime-parser.h: Include rfc822parse.h.
 6390 	(struct rfc822parse_context): Remove duplicate definition.
 6391 
 6392 	dirmngr: Rearrange files to fix de6d831.
 6393 	+ commit 1890896fe698c55d15160a53aa6c5c22dc424031
 6394 	* dirmngr/http-common.c: New.
 6395 	* dirmngr/http-common.h: New.
 6396 	* dirmngr/Makefile.am (dirmngr_SOURCES): Add them.
 6397 	(t_http_SOURCES): Add them.
 6398 	(t_ldap_parse_uri_SOURCES): Add them.
 6399 	* dirmngr/misc.c (get_default_keyserver): Move to ...
 6400 	* dirmngr/http-common.c: here.
 6401 	* dirmngr/http.c: Include http-common.h instead of misc.h.
 6402 	* dirmngr/http-ntbtls.c: Ditto.
 6403 
 6404 	dirmngr: Let --gpgconf-list return the default keyserver.
 6405 	+ commit de6d8313f6df32aaa151bee74e1db269ac1e0fed
 6406 	* dirmngr/misc.c (get_default_keyserver): New.
 6407 	* dirmngr/http.c: Include misc.h
 6408 	(http_session_new): Use get_default_keyserver instead of hardwired
 6409 	"hkps.pool.sks-keyservers.net".
 6410 	* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
 6411 	* dirmngr/dirmngr.c (main) <aGPGCongList>: Return default keyserver.
 6412 
 6413 2017-03-02  Justus Winter  <justus@g10code.com>
 6414 
 6415 	gpg: Always initialize the trust db when generating keys.
 6416 	+ commit 0c4d0620d327e8a2069532a5519afefe867a47d6
 6417 	* g10/gpg.c (main): Always initialize the trust db when generating
 6418 	keys.
 6419 	* g10/keygen.c (do_generate_keypair): We can now assume that there is
 6420 	a trust db.
 6421 
 6422 	gpg: Fix (quick) key generation with --always-trust.
 6423 	+ commit 4735ab96aa5577d40ba7b3f72d863057198cc6a7
 6424 	* g10/keygen.c (do_generate_keypair): Only update the ownertrust if we
 6425 	do have a trust database.
 6426 	* g10/trustdb.c (have_trustdb): New function.
 6427 	* g10/trustdb.h (have_trustdb): New prototype.
 6428 	* tests/openpgp/quick-key-manipulation.scm: Remove workaround.
 6429 
 6430 2017-03-02  Werner Koch  <wk@gnupg.org>
 6431 
 6432 	agent: Improve error message for the KEYTOCARD command.
 6433 	+ commit d6f0f368763006abf08818bfefcd32ecedb5c20a
 6434 	* agent/command.c (cmd_keytocard): Always use leave_cmd.  Simplify
 6435 	timestamp checking and do an early test with an appropriate error
 6436 	message.
 6437 
 6438 2017-03-02  Justus Winter  <justus@g10code.com>
 6439 
 6440 	g10: Signal an error when trying to revoke non-existant UID.
 6441 	+ commit 62d21a4ab4029b32ea129f1cf3a0e1f22e2fb7b0
 6442 	* g10/keyedit.c (keyedit_quick_revuid): Signal an error when trying to
 6443 	revoke non-existant UID.
 6444 	* tests/openpgp/quick-key-manipulation.scm: Test that.
 6445 
 6446 	tests: Log information about ssh, add comments to test.
 6447 	+ commit 74cb3b230c1f99afc5fd09bccc24186a63b154b0
 6448 	* tests/openpgp/ssh-import.scm (ssh-version-string): New variable, and
 6449 	log the binary and version used in the test.
 6450 	(ssh-supports?): Document how we test what algorithms are supported by
 6451 	ssh, and log ssh-keygen's replies.
 6452 
 6453 	common,tools: Always escape newlines when escaping data.
 6454 	+ commit e064c75b08a523f738108428fe0c417a46e66238
 6455 	* common/stringhelp.c (do_percent_escape): Always escape newlines.
 6456 	* tools/gpgconf-comp.c (gc_percent_escape): Likewise.
 6457 
 6458 2017-03-01  Werner Koch  <wk@gnupg.org>
 6459 
 6460 	Release 2.1.19.
 6461 	+ commit 4a28c212b35739ce951bd41cfc6ef1a215846b2e
 6462 
 6463 
 6464 	build: Add kludge for "make distcheck" in a release build.
 6465 	+ commit 246b27921b5dc34f367d879402725784aaee2494
 6466 	* configure.ac: New option --enable-gnupg-builddir-envvar.
 6467 	(ENABLE_GNUPG_BUILDDIR_ENVVAR): New ac_define.
 6468 	* common/homedir.c (gnupg_set_builddir_from_env): Consider
 6469 	ENABLE_GNUPG_BUILDDIR_ENVVAR.
 6470 	* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Rename to ...
 6471 	(AM_DISTCHECK_CONFIGURE_FLAGS): this to be future proof.  Add option
 6472 	--enable-gnupg-builddir-envvar.
 6473 
 6474 2017-03-01  Yuri Chornoivan  <yurchor@ukr.net>
 6475 
 6476 	po: Update Ukrainian translation.
 6477 	+ commit c7f2a59833728e99e00449da2ddb10cf66693e7e
 6478 
 6479 
 6480 2017-03-01  Ineiev  <ineiev@gnu.org>
 6481 
 6482 	po: Update Russian translation.
 6483 	+ commit 280c724fe26bfd861ac74abc71e221795d8947f0
 6484 
 6485 
 6486 2017-03-01  Werner Koch  <wk@gnupg.org>
 6487 
 6488 	gpg: Make --export-options work with --export-secret-keys.
 6489 	+ commit 891ab23411b7f20ef37d8bde81d9857b083235df
 6490 	* g10/export.c (export_seckeys): Add arg OPTIONS and pass it to
 6491 	do_export.
 6492 	(export_secsubkeys): Ditto.
 6493 	* g10/gpg.c (main): Pass opt.export_options to export_seckeys and
 6494 	export_secsubkeys
 6495 
 6496 	gpg: Allow creating keys using an existing ECC key.
 6497 	+ commit 2bbdeb8ee87a6c7ec211be16391a11b7c6030bed
 6498 	* common/sexputil.c (get_pk_algo_from_canon_sexp): Remove arg R_ALGO.
 6499 	Change to return the algo id.  Reimplement using get_pk_algo_from_key.
 6500 	* g10/keygen.c (check_keygrip): Adjust for change.
 6501 	* sm/certreqgen-ui.c (check_keygrip): Ditto.
 6502 
 6503 2017-02-28  Werner Koch  <wk@gnupg.org>
 6504 
 6505 	gpg: Do not require a trustdb for decryption.
 6506 	+ commit e182542e90cbeff4f2ac6c8d71061356d7cdcdea
 6507 	* g10/trustdb.c (init_trustdb): Add and implement arg NO_CREATE.
 6508 	Change to return an error code.  Change all callers to to pass False
 6509 	for NO_CREATE.
 6510 	(tdb_get_ownertrust): New arg NO_CREATE.  Call init_trustdb to test
 6511 	for a non-existing trustdb.  Change all callers to to pass False for
 6512 	NO_CREATE.
 6513 	(tdb_get_min_ownertrust): Ditto.
 6514 	* g10/trust.c (get_ownertrust_with_min): Add arg NO_CREATE.  Call
 6515 	init_trustdb for a quick check.
 6516 	(get_ownertrust_info): Add arg NO_CREATE.
 6517 	(get_ownertrust_string): Ditto.
 6518 	* g10/gpgv.c (get_ownertrust_info): Adjust stub.
 6519 	* g10/test-stubs.c (get_ownertrust_info): Ditto.
 6520 	* g10/mainproc.c (list_node): Call get_ownertrust_info with NO_CREATE
 6521 	set.
 6522 	* g10/pubkey-enc.c (get_it): Ditto.
 6523 
 6524 2017-02-28  Justus Winter  <justus@g10code.com>
 6525 
 6526 	gpgscm: Improve parsing.
 6527 	+ commit e4583ae14e52482ab390c102d071755f91ab211d
 6528 	* tests/gpgscm/scheme.c (port_increment_current_line): Avoid creating
 6529 	the same integer if the delta is zero.  This happens a lot during
 6530 	parsing, and puts pressure on the memory allocator.
 6531 
 6532 	gpgscm: Fix calculating the line number.
 6533 	+ commit 058c97f9fc485405246b1adfcc905c1891550652
 6534 	* tests/gpgscm/scheme.c (opexe_5): Only increment the line number on
 6535 	newlines.
 6536 
 6537 	gpg,tools: Make auto-key-retrieve configurable via gpgconf.
 6538 	+ commit d379a0174cca595204b32da9a66c513a1304e6d0
 6539 	* g10/gpg.c (gpgconf_list): Add 'auto-key-retrieve'.
 6540 	* tools/gpgconf-comp.c (gc_options_gpg): Likewise.
 6541 
 6542 	tests: Improve support for gpgconf.
 6543 	+ commit 41900175cf046dd9abe3d7a6805f6a403d68df15
 6544 	* tests/openpgp/defs.scm: Improve high-level inteface to gpgconf.
 6545 	* tests/openpgp/gpgconf.scm: Adapt.
 6546 	* tests/openpgp/tofu.scm: Use it to select the trust model.
 6547 
 6548 	gpg,tools: Make trust-model configurable via gpgconf.
 6549 	+ commit ebeccd73eb85f9027f0985d77dfe901266c6ddef
 6550 	* g10/gpg.c (gpgconf_list): Add 'trust-model'.
 6551 	* tools/gpgconf-comp.c (gc_options_gpg): Likewise.
 6552 
 6553 	gpgscm: Track source locations in every kind of ports.
 6554 	+ commit 7cc57e2c63d0fa97569736419db5c76117e7685b
 6555 	* tests/gpgscm/scheme-private.h (struct port): Move location
 6556 	information out of the union.
 6557 	* tests/gpgscm/scheme.c (mark): All ports need marking now.
 6558 	(gc): Likewise all ports on the load stack.
 6559 	(port_clear_location): Adapt accordingly.  Also, add an empty function
 6560 	for !SHOW_ERROR_LINE.
 6561 	(port_increment_current_line): Likewise.
 6562 	(port_reset_current_line): Drop function in favor of...
 6563 	(port_init_location): ... this new function.
 6564 	(file_push): Simplify.
 6565 	(file_pop): Likewise.
 6566 	(port_rep_from_filename): Likewise.
 6567 	(port_rep_from_file): Likewise.
 6568 	(port_rep_from_string): Also initialize the location.
 6569 	(port_rep_from_scratch): Likewise.
 6570 	(port_close): Simplify and generalize.
 6571 	(skipspace): Likewise.
 6572 	(token): Likewise.
 6573 	(_Error_1): Generalize.
 6574 	(opexe_5): Likewise.
 6575 	(scheme_deinit): Simplify and generalize.
 6576 	(scheme_load_named_file): Likewise.
 6577 	(scheme_load_string): Also initialize the location.
 6578 
 6579 2017-02-28  Werner Koch  <wk@gnupg.org>
 6580 
 6581 	gpgv,w32: Fix --status-fd.
 6582 	+ commit 8a67dc4c4324b617b5a3fea51c59c674488544d6
 6583 	* g10/gpgv.c (main): Use translate_sys2libc_fd_int for --status-fd.
 6584 
 6585 	w32: Make pipes really pollable.
 6586 	+ commit 1192449207f41b26be8950b04df84a52c8a2a886
 6587 	* common/exectool.c (gnupg_exec_tool_stream) [W32]: Use _get_osfhandle
 6588 	to print the fd for the command line.
 6589 	* common/exechelp-w32.c (create_pipe_and_estream): Use es_sysopen so
 6590 	that the streams are actually pollable.
 6591 
 6592 2017-02-26  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 6593 
 6594 	dirmngr: Avoid warnings during non-ntbtls build.
 6595 	+ commit f5782e11a560fd590221042391254c810a42e45f
 6596 	* dirmngr/t-http.c (my_http_tls_verify_cb): Avoid warnings when not
 6597 	using ntbtls.
 6598 
 6599 	trustdb: Respect --quiet during --import-ownertrust.
 6600 	+ commit ddf01a67d6388d988f1db50a06facb21c14d9426
 6601 	* g10/tdbdump.c (import_ownertrust): If opt.quiet is set, do not send
 6602 	log_info messages.
 6603 
 6604 2017-02-26  Manish Goregaokar  <manish@mozilla.com>
 6605 
 6606 	g10: fix typo.
 6607 	+ commit 64ec21bebd3f136722e608649906b59c6add6947
 6608 	I already have copyright assignment with the FSF for GDB. I don't
 6609 	think I'll need to do the DCO thing.
 6610 
 6611 2017-02-24  Werner Koch  <wk@gnupg.org>
 6612 
 6613 	gpgv: New options --log-file and --debug.
 6614 	+ commit 7af5d61c6e210210c777be9e6e87720dd4a055d9
 6615 	* g10/gpgv.c (oLoggerFile, oDebug): New consts.
 6616 	(opts): Add options --log-file and --debug.
 6617 	(main): Implement options.
 6618 
 6619 2017-02-24  Andre Heinecke  <aheinecke@intevation.de>
 6620 
 6621 	speedo,w32: Fix gpg-wks-client installation.
 6622 	+ commit 49b4a676148523b51beca3ae929e9d78ed7ba110
 6623 	* build-aux/speedo/w32/inst.nsi: gpg-wks-client is an exe.
 6624 
 6625 2017-02-23  Werner Koch  <wk@gnupg.org>
 6626 
 6627 	dirmngr: Add new debug flag "extprog"
 6628 	+ commit 22b69b9edfdf6e6172239cbd1075ffe29077d339
 6629 	* dirmngr/dirmngr.h (DBG_EXTPROG_VALUE, DBG_EXTPROG): New macros.
 6630 	* dirmngr/dirmngr.c (debug_flags): Add flag "extprog".
 6631 	(handle_connections): Use a macro instead of -1 for an invalid socket.
 6632 	* dirmngr/loadswdb.c (verify_status_cb): Debug the gpgv call.
 6633 
 6634 	wks: Make sure that the draft 2 request is correctly detected.
 6635 	+ commit d30e17ac62dea8913b7f353971d546b6b1a09bd5
 6636 	* tools/gpg-wks.h (WKS_DRAFT_VERSION): New.
 6637 	* tools/wks-receive.c (new_part): Move test wks draft version to ...
 6638 	(t2body): new callback.
 6639 	(wks_receive): Register this callback.
 6640 	* tools/gpg-wks-server.c (send_confirmation_request): Emit draft
 6641 	version header.
 6642 	(send_congratulation_message): Ditto.
 6643 	* tools/gpg-wks-client.c (decrypt_stream_parm_s): New.
 6644 	(decrypt_stream_status_cb): Check DECRYTPION_KEY status.
 6645 	(decrypt_stream): Get infor from new callback.
 6646 	(process_confirmation_request): New arg 'mainfpr'.  Check that it
 6647 	matches the decryption key.
 6648 	(read_confirmation_request): Check that the decryption key has been
 6649 	generated by us.
 6650 	(command_send): Use macro from draft version header.
 6651 	(send_confirmation_response): Emit draft version header.
 6652 
 6653 	wks: New callback for the mime parser.
 6654 	+ commit a2090250829fe8989be2afc8cf41ba2a022072fc
 6655 	* tools/mime-parser.c (mime_parser_context_s): New field 't2body'.
 6656 	(parse_message_cb): Call that callback.
 6657 	(mime_parser_set_t2body): New.
 6658 
 6659 	gpg: Emit new status DECRYPTION_KEY.
 6660 	+ commit effa80e0b5fd8cf9e31a984afe391c2406edee8b
 6661 	* common/status.h (STATUS_DECRYPTION_KEY): New.
 6662 	* g10/pubkey-enc.c (get_it): Emit that status.
 6663 
 6664 	dirmngr,w32: Make https with ntbtls work.
 6665 	+ commit a42bf00b4edce789999aa3bdfce235cf726463ae
 6666 	* dirmngr/http.c (simple_cookie_functions): New.
 6667 	(send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie.
 6668 	(cookie_read): Factor some code out to ...
 6669 	(read_server): new.
 6670 	(simple_cookie_read, simple_cookie_write) [W32]: New.
 6671 
 6672 2017-02-22  Werner Koch  <wk@gnupg.org>
 6673 
 6674 	scd,agent: Improve the OpenPGP PIN prompt texts.
 6675 	+ commit f98c8cb013033c08e98ebedcc0e084fbd2a85b0c
 6676 	* scd/app-openpgp.c (get_prompt_info): Change texts.
 6677 	* agent/call-pinentry.c (struct entry_features): New.
 6678 	(getinfo_features_cb): New.
 6679 	(start_pinentry): Set new fucntion as status callback.
 6680 	(build_cmd_setdesc): New.  Replace all snprintf for SETDESC by this
 6681 	one.
 6682 
 6683 2017-02-22  Andre Heinecke  <aheinecke@intevation.de>
 6684 
 6685 	scd: Nitpicks on the improved card prompts.
 6686 	+ commit 143ca039e1e81140ae520cc1025f8e25c01acc80
 6687 	* src/app-openpgp.c (get_prompt_info): Change wording and order
 6688 	slightly.
 6689 
 6690 2017-02-22  Werner Koch  <wk@gnupg.org>
 6691 
 6692 	scd: Improve the prompts for OpenPGP cards.
 6693 	+ commit e3944f34e3220f96fb1be449eb6f3d7360bc2d0b
 6694 	* scd/app-openpgp.c (get_disp_name): New.
 6695 	(get_disp_serialno): New.
 6696 	(get_prompt_info): New.
 6697 	(build_enter_admin_pin_prompt): Rework the prompt texts.  Factor some
 6698 	code out to ...
 6699 	(get_remaining_tries): New.
 6700 	(verify_a_chv): Print a remaining counter also for the standard PIN.
 6701 	Rework the prompt texts.
 6702 
 6703 	* agent/divert-scd.c (ask_for_card): Pretty format an OpenPGP serial
 6704 	no.
 6705 
 6706 	agent: Prepend the description to a PIN prompt.
 6707 	+ commit 6488ffb767733a2cf92ca5ba3e61fc0c53e0f673
 6708 	* agent/divert-scd.c (has_percent0A_suffix): New.
 6709 	(getpin_cb): Prepend DESC_TEXT to the prompt.
 6710 	* agent/findkey.c (modify_description): Rename to ...
 6711 	(agent_modify_description): this.  MAke global.  Add kludge to remove
 6712 	empty parentheses from the end.
 6713 	(agent_key_from_file, agent_delete_key): Adjust for above change.
 6714 	* agent/pksign.c (agent_pksign_do): Modify DESC_TEXT also when
 6715 	diverting to a card.
 6716 
 6717 	agent: Prepare to pass an additional parameter to the getpin callback.
 6718 	+ commit 78d875a0f83bc046279b951aea76cd74f3c44fd8
 6719 	* agent/call-scd.c (writekey_parm_s, inq_needpin_s): Merge into ...
 6720 	(inq_needpin_parm_s): new struct.  Add new field 'getpin_cb_desc'.
 6721 	Change users to set all fields.
 6722 	(inq_needpin): Pass GETPIN_CB_DESC to the GETPIN_CB.
 6723 	(agent_card_pksign): Add arg 'desc_text' and change arg 'getpin_cb' to
 6724 	take an additional arg 'desc_text'.
 6725 	(agent_card_pkdecrypt): Ditto.
 6726 	(agent_card_writekey): Change arg 'getpin_cb' to take an additional
 6727 	arg 'desc_text'.
 6728 	(agent_card_scd): Ditto.
 6729 	* agent/divert-scd.c (getpin_cb): Add new arg 'desc_text'.
 6730 	(divert_pksign): Add new arg 'desc_text' and pass is to
 6731 	agent_card_pksign.
 6732 	(divert_pkdecrypt): Add new arg 'desc_text' and pass is to
 6733 	agent_card_pkdecrypt.
 6734 	* agent/pkdecrypt.c (agent_pkdecrypt): Pass DESC_TEXT to
 6735 	divert_pkdecrypt.
 6736 	* agent/pksign.c (agent_pksign_do):  Pass DESC_TEXT to
 6737 	divert_pksign.
 6738 
 6739 2017-02-22  NIIBE Yutaka  <gniibe@fsij.org>
 6740 
 6741 	tests: No spelling fix for test text.
 6742 	+ commit ef424353f342f80ca6d18ede8b63c1b02215d105
 6743 	* tests/openpgp/verify.scm (msg_ed25519_rshort): Revert the spelling
 6744 	fix.
 6745 
 6746 2017-02-21  Werner Koch  <wk@gnupg.org>
 6747 
 6748 	dirmngr: Add special treatment for the standard hkps pool to ntbtls.
 6749 	+ commit 831d014550863026dfefa774c961a21bd20c1e48
 6750 	* dirmngr/validate.h (VALIDATE_FLAG_SYSTRUST): Remove
 6751 	(VALIDATE_FLAG_EXTRATRUST): Remove
 6752 	(VALIDATE_FLAG_TRUST_SYSTEM): New.
 6753 	(VALIDATE_FLAG_TRUST_CONFIG): New.
 6754 	(VALIDATE_FLAG_TRUST_HKP): New.
 6755 	(VALIDATE_FLAG_TRUST_HKPSPOOL): New.
 6756 	(VALIDATE_FLAG_MASK_TRUST): New.
 6757 	* dirmngr/validate.c (check_header_constants): New.
 6758 	(validate_cert_chain): Call new function.  Simplify call to
 6759 	is_trusted_cert.
 6760 	* dirmngr/crlcache.c (crl_parse_insert): Pass
 6761 	VALIDATE_FLAG_TRUST_CONFIG to validate_cert_chain
 6762 	* dirmngr/server.c (cmd_validate): Use VALDIATE_FLAG_TRUST_SYSTEM and
 6763 	VALIDATE_FLAG_TRUST_CONFIG.
 6764 	* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Check provided TLS
 6765 	context.  Set trustclass flags using the new VALIDATE_FLAG_TRUST
 6766 	values.
 6767 
 6768 	* dirmngr/certcache.c (cert_cache_init): Load the standard pool
 6769 	certificate prior to the --hkp-cacerts.
 6770 
 6771 	dirmngr: Load --hkp-cacert values into the certificate cache.
 6772 	+ commit d1625a9a82b1e5d96bbbf2132c49c53108565ae1
 6773 	* dirmngr/dirmngr.c (hkp_cacert_filenames): New var.
 6774 	(parse_rereadable_options): Store filenames from --hkp-cacert in the
 6775 	new var.
 6776 	(main, dirmngr_sighup_action): Pass that var to cert_cache_init.
 6777 	* dirmngr/certcache.c (cert_cache_init): Add arg 'hkp_cacert' and load
 6778 	those certs.
 6779 	(load_certs_from_file): Use autodetect so that PEM and DER encodings
 6780 	are possible.
 6781 
 6782 	dirmngr: Load "sks-keyservers.netCA.pem" into the cache.
 6783 	+ commit 9741aa24d9056b56cd5366ff5379bd8a3e6118df
 6784 	* dirmngr/certcache.c (load_certs_from_file): Always build this
 6785 	function.  Add args 'trustclasses' and 'no_error'.  Pass TRUSTCLASSES
 6786 	to put_cert.
 6787 	(load_certs_from_system): Pass CERTTRUST_CLASS_SYSTEM to
 6788 	load_certs_from_file.
 6789 	(cert_cache_init): Try to load "sks-keyservers.netCA.pem".  Don't make
 6790 	function fail in an out-of-core condition.
 6791 
 6792 	dirmngr: Implement trust classes for the cert cache.
 6793 	+ commit 50b9828eacc39c1ca75cb8313db896e4bdc8b270
 6794 	* dirmngr/certcache.h (CERTTRUST_CLASS_SYSTEM): New.
 6795 	(CERTTRUST_CLASS_CONFIG): New.
 6796 	(CERTTRUST_CLASS_HKP): New.
 6797 	(CERTTRUST_CLASS_HKPSPOOL): New.
 6798 	* dirmngr/certcache.c (MAX_EXTRA_CACHED_CERTS): Rename to ...
 6799 	(MAX_NONPERM_CACHED_CERTS): this.
 6800 	(total_extra_certificates): Rename to ...
 6801 	(total_nonperm_certificates): this.
 6802 	(total_config_certificates): Remove.
 6803 	(total_trusted_certificates): Remove.
 6804 	(total_system_trusted_certificates): Remove.
 6805 	(cert_item_s): Remove field 'flags'.  Add fields 'permanent' and
 6806 	'trustclasses'.
 6807 	(clean_cache_slot): Clear new fields.
 6808 	(put_cert): Change for new cert_item_t structure.
 6809 	(load_certs_from_dir): Rename arg 'are_trusted' to 'trustclass'
 6810 	(load_certs_from_file): Use CERTTRUST_CLASS_ value for put_cert.
 6811 	(load_certs_from_w32_store): Ditto.
 6812 	(cert_cache_init): Ditto.
 6813 	(cert_cache_print_stats): Rewrite.
 6814 	(is_trusted_cert): Replace arg 'with_systrust' by 'trustclasses'.
 6815 	Chnage the test.
 6816 	* dirmngr/validate.c (allowed_ca): Pass CERTTRUST_CLASS_CONFIG to
 6817 	is_trusted_cert.
 6818 	(validate_cert_chain): Pass CERTTRUST_CLASS_ values to
 6819 	is_trusted_cert.
 6820 
 6821 	dirmngr: New Assuan option "http-crl".
 6822 	+ commit 493c142e582ff5ef1b5fdfcb9653715ef43e83e9
 6823 	* dirmngr/dirmngr.h (server_control_s): New flag 'http_no_crl'.
 6824 	* dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set this flag.
 6825 	* dirmngr/server.c (option_handler): New option "http-crl"
 6826 	* dirmngr/http.h (HTTP_FLAG_NO_CRL): New flag.
 6827 	* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Consult this flag.
 6828 	* dirmngr/ks-engine-hkp.c (send_request): Set flag depending on CTRL.
 6829 	* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
 6830 
 6831 	* dirmngr/t-http.c (main): New option --no-crl.
 6832 
 6833 	dirmngr: Add a magic field to the http structs.
 6834 	+ commit 39c745038181edd097e188434b3f9c971ed3987f
 6835 	* dirmngr/http.c (HTTP_SESSION_MAGIC): New.
 6836 	(http_session_s): New field 'magic'.
 6837 	(HTTP_CONTEXT_MAGIC): New.
 6838 	(http_context_s): New field 'magic'.
 6839 	(my_ntbtls_verify_cb): Assert MAGIC.
 6840 	(fp_onclose_notification): Ditto.
 6841 	(session_unref): Ditto.  Reset MAGIC.
 6842 	(http_session_new): Set MAGIC.
 6843 	(http_open): Ditto.
 6844 	(http_raw_connect): Ditto.
 6845 	(http_close): Assert MAGIC.  Reset MAGIC.
 6846 
 6847 	* dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused.
 6848 
 6849 2017-02-21  NIIBE Yutaka  <gniibe@fsij.org>
 6850 
 6851 	g10: Support primary key generation by keygrip.
 6852 	+ commit 3fc69224b7b22ad1df1395ebcb21549384839cd1
 6853 	* g10/keygen.c (para_name): Add pKEYGRIP.
 6854 	(generate_keypair): Use pKEYGRIP for key generation.
 6855 	(do_generate_keypair): Call do_create_from_keygrip with pKEYGRIP.
 6856 
 6857 2017-02-20  Werner Koch  <wk@gnupg.org>
 6858 
 6859 	dirmngr: Setup a log handler for ntbtls.
 6860 	+ commit a022baa4a487eec769411255a64088450c4c8a49
 6861 	* dirmngr/dirmngr.c (my_ntbtls_log_handler) [HTTP_USE_NTBTLS]: New.
 6862 	(main) [HTTP_USE_NTBTLS]: Register log handler.
 6863 
 6864 	common: New function log_logv_with_prefix.
 6865 	+ commit 3e9512e557d95c7dc36835365b127b25f6a5cdd9
 6866 	* common/logging.c (do_logv): Add arg 'prefmt' and print it.  Chnage
 6867 	call callers to pass NULL.
 6868 	(log_logv_with_prefix): New.
 6869 
 6870 	dirmngr.c: Make http.c build without any TLS support.
 6871 	+ commit e174893262d8de0f52faa8abe4fc0402719a35d8
 6872 	* dirmngr/http.c (http_session_new): Remove used of tls_prority.
 6873 
 6874 	 dirmngr: Make t-http.c work again with gnutls - second try.
 6875 	+ commit 81ea24b8637ac08e44e9e44816689413c2ae7e08
 6876 	* dirmngr/t-http.c: Always include ksba.h.
 6877 
 6878 	dirmngr: Make t-http.c work again with gnutls.
 6879 	+ commit f923873863fd863d71349f20f5568f80aecc020b
 6880 	* dirmngr/Makefile.am (t_http_CFLAGS, t_http_LDADD): Add KSBA flags
 6881 	and libs.
 6882 
 6883 2017-02-19  Werner Koch  <wk@gnupg.org>
 6884 
 6885 	dirmngr: First take on ntbtls cert verification.
 6886 	+ commit 64fffd0ce2a4fd9cba152cf07497b585410cc652
 6887 	* dirmngr/http-ntbtls.c: New.
 6888 	* dirmngr/Makefile.am (dirmngr_SOURCES): Add file.
 6889 	* dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New.
 6890 	(server_conrol_s): Add field 'magic',
 6891 	* dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC.
 6892 	(dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef.
 6893 	* dirmngr/http.c (my_ntbtls_verify_cb): New.
 6894 	(http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code.
 6895 	(send_request) [HTTP_USE_NTBTLS]: Set the verify callback.  Do not call
 6896 	the verify callback after the handshake.
 6897 	* dirmngr/ks-engine-hkp.c (send_request): Pass
 6898 	gnupg_http_tls_verify_cb to http_session_new.
 6899 	* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
 6900 
 6901 	* dirmngr/t-http.c (my_http_tls_verify_cb): New.
 6902 	(main): Rename option --gnutls-debug to --tls-debug.
 6903 	(main) [HTTP_USE_NTBTLS]: Create a session.
 6904 
 6905 2017-02-18  Werner Koch  <wk@gnupg.org>
 6906 
 6907 	dirmngr: Add per-session verify callback to http.c.
 6908 	+ commit a74902cccde539ee2bd216caec0da6eb54b67c1b
 6909 	* dirmngr/http.h (http_verify_cb_t): New type.
 6910 	* dirmngr/http.c (http_session_s): Add fields flags, verify_cb, and
 6911 	verify_cb_value.
 6912 	(http_session_new): Remove arg tls_priority.  Add args verify_cb and
 6913 	verify-cb_value.  Store them in the session object.
 6914 	(send_request): Use per-session verify callback.
 6915 	(http_verify_server_credentials) [HTTP_USE_NTBTLS]: Return
 6916 	GPG_ERR_NOT_IMPLEMENTED.
 6917 	* dirmngr/ks-engine-hkp.c (send_request): Adjust for changed
 6918 	http_session_new.
 6919 	* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
 6920 	* dirmngr/t-http.c (main): Ditto.
 6921 
 6922 	* dirmngr/server.c (do_get_cert_local): Replace xmalloc by malloc.
 6923 
 6924 2017-02-17  Werner Koch  <wk@gnupg.org>
 6925 
 6926 	dirmngr: Strip the default https port from the Host: header.
 6927 	+ commit cd32ebd152a522e362469ab969d91f8d49f28a60
 6928 	* dirmngr/http.c (send_request): Strip the default https port.
 6929 
 6930 	dirmngr: Add option --no-crl to the VALIDATE cmd.
 6931 	+ commit f07811ee2c0a8044551e2ec063eda61cff7f6e39
 6932 	* dirmngr/validate.h: Remove enums VALIDATE_MODE_*.
 6933 	(VALIDATE_FLAG_SYSTRUST, VALIDATE_FLAG_EXTRATRUST)
 6934 	(VALIDATE_FLAG_CRL, VALIDATE_FLAG_RECURSIVE)
 6935 	(VALIDATE_FLAG_OCSP, VALIDATE_FLAG_TLS)
 6936 	(VALIDATE_FLAG_NOCRLCHECK): New constants.
 6937 	* dirmngr/validate.c (validate_cert_chain): Change arg 'mode' to
 6938 	'flags'.  Change code accordingly.  Remove NO-CRL in TLS mode kludge.
 6939 	* dirmngr/crlcache.c (crl_parse_insert): Change to use flag values for
 6940 	the validate_cert_chain call.
 6941 	* dirmngr/server.c (cmd_validate): Ditto.  Add new option --no-crl.
 6942 
 6943 	dirmngr: Add options --tls and --systrust to the VALIDATE cmd.
 6944 	+ commit 070211eb990f5ea41271eba432b6a6b485cef7c7
 6945 	* dirmngr/certcache.h (certlist_s, certlist_t): New.
 6946 	* dirmngr/certcache.c (read_certlist_from_stream): New.
 6947 	(release_certlist): New.
 6948 	* dirmngr/server.c (MAX_CERTLIST_LENGTH): New.
 6949 	(cmd_validate): Add options --tls and --systrust.  Implement them
 6950 	using a kludge for now.
 6951 	* dirmngr/validate.c (validate_cert_chain): Support systrust
 6952 	checking.  Add kludge to disable the CRL checking for tls mode.
 6953 
 6954 	dirmngr: Remove use of hardcoded numbers in validate.
 6955 	+ commit ed99af030d19305dd7cd41c41ac581306cb91fd5
 6956 	* dirmngr/validate.c (enum cert_usage_modes): New.
 6957 	(cert_usage_p): Change type of arg MODE.  Use enums instead of
 6958 	hardwired values.  Use a switch instead of tricky bit tests.
 6959 	(cert_use_cert_p, cert_use_ocsp_p, cert_use_crl_p): Adjust.
 6960 
 6961 	* dirmngr/validate.c (cert_usage_p): Rename to check_cert_usage.
 6962 	(cert_use_cert_p): Rename to check_cert_use_cert.
 6963 	(cert_use_ocsp_p): Rename to check_cert_use_ocsp.
 6964 	(cert_use_crl_p): Rename to check_cert_use_crl.
 6965 
 6966 	* dirmngr/validate.h (VALIDATE_MODE_CERT_SYSTRUST): New.
 6967 	(VALIDATE_MODE_TLS, VALIDATE_MODE_TLS_SYSTRUST): New.
 6968 
 6969 2017-02-17  NIIBE Yutaka  <gniibe@fsij.org>
 6970 
 6971 	agent: No cards is not an error.
 6972 	+ commit dea4b3c742acbd195d6ab12b279b4dda315f2582
 6973 	* agent/command-ssh.c (card_key_list): Care the case of no cards.
 6974 
 6975 	agent: Send back all public keys for available cards.
 6976 	+ commit 3f4f64b6ac0d7160fd9e1301f95820894b219c3f
 6977 	* agent/call-scd.c (card_cardlist_cb, agent_card_cardlist): New.
 6978 	* agent/command-ssh.c (card_key_list): New.
 6979 	(ssh_handler_request_identities): Call card_key_list and loop for the
 6980 	list to send public keys for all available cards.
 6981 
 6982 2017-02-17  Justus Winter  <justus@g10code.com>
 6983 
 6984 	gpgscm: Guard use of tagged expressions.
 6985 	+ commit aab6ba0bb60528b9e816e430be51170cf39611b0
 6986 	* tests/gpgscm/init.scm (vm-history-print): Check that the tag added
 6987 	to expressions when parsing source files matches the expected format.
 6988 	* tests/gpgscm/lib.scm (assert): Likewise.
 6989 
 6990 2017-02-17  NIIBE Yutaka  <gniibe@fsij.org>
 6991 
 6992 	scd: Fix RESET command handling (more).
 6993 	+ commit 99d4dfe83661d05ef3a20ed04e6cec5647536738
 6994 	* scd/app-common.h (struct app_ctx_s): Add reset_requested.
 6995 	* scd/app.c (app_reset): Locking APP, set reset_requested.
 6996 	(deallocate_app): Release the lock.
 6997 	(release_application): Add LOCKED_ALREADY argument.
 6998 	(scd_update_reader_status_file): Hold the lock when accessing APP.
 6999 	When reset_requested is set, close the reader and deallocate APP.
 7000 	* scd/command.c (open_card_with_request, cmd_restart): Follow the
 7001 	change of release_application.
 7002 	(send_client_notifications): Here it calls release_application holding
 7003 	the lock.
 7004 
 7005 2017-02-16  Werner Koch  <wk@gnupg.org>
 7006 
 7007 	dirmngr,w32: Load all system provided certificates.
 7008 	+ commit 7006352da773d82c47797bbf11e570ecafac6501
 7009 	* dirmngr/certcache.c (CERTOPENSYSTEMSTORE) [W32]: New type.
 7010 	(CERTENUMCERTIFICATESINSTORE) [W32]: New type.
 7011 	(CERTCLOSESTORE) [W32]: New type.
 7012 	(load_certs_from_file) [W32]: Do not build.
 7013 	(load_certs_from_w32_store) [W32]: New.
 7014 	(load_certs_from_system) [W32]: Call new function.
 7015 
 7016 	dirmngr: Load all system provided certificates.
 7017 	+ commit 9a1a5ca0bc2cfb17ccf632de3e134b6d789c6855
 7018 	* configure.ac: Add option --default-trust-store.
 7019 	(DEFAULT_TRUST_STORE_FILE): New ac_define.
 7020 	* dirmngr/certcache.c: Include ksba-io-support.h.
 7021 	(total_trusted_certificates, total_system_trusted_certificates): New.
 7022 	(put_cert): Manage the new counters.
 7023 	(cert_cache_deinit): Reset them.
 7024 	(cert_cache_print_stats): Print them.
 7025 	(is_trusted_cert): Add arg WITH_SYSTRUST.  Change all callers to pass
 7026 	false.
 7027 	(load_certs_from_file): New.
 7028 	(load_certs_from_system): New.
 7029 	(cert_cache_init): Load system certificates.
 7030 
 7031 	common: Rename remaining symbols in ksba-io-support.
 7032 	+ commit e1dfd862367cf91b66abe86bd73664409354bb14
 7033 	* common/ksba-io-support.c (gpgsm_reader_eof_seen): Rename to ...
 7034 	(gnupg_ksba_reader_eof_seen): this.  Change all callers.
 7035 	(gpgsm_destroy_reader): Rename to ...
 7036 	(gnupg_ksba_destroy_reader): this.  Change all callers.
 7037 	(gpgsm_finish_writer): Rename to ...
 7038 	(gnupg_ksba_finish_writer): this.  Change all callers.
 7039 	(gpgsm_destroy_writer): Rename to ...
 7040 	(gnupg_ksba_destroy_writer): this.  Change all callers.
 7041 	* common/ksba-io-support.c (struct base64_context_s): Rename to ...
 7042 	(gnupg_ksba_io_s): this.
 7043 	* common/ksba-io-support.h (base64_context_s): Ditto.
 7044 	(Base64Context): Rename this typedef to ...
 7045 	(gnupg_ksba_io_t): this.  Change all users.
 7046 
 7047 	common: Remove gpgsm dependencies from ksba-io-support.
 7048 	+ commit 28c31524be84f20b34573c78bd3a94a81e4b1d61
 7049 	* common/ksba-io-support.c: Include ksba-io-support.h instead of
 7050 	../sm/gpgsm.h.  Include util.h.
 7051 	(writer_cb_parm_s): Remove const from 'pem_name'.
 7052 	(gpgsm_destroy_writer): Free 'pem_name'.
 7053 	(gpgsm_create_reader): Rename to ...
 7054 	(gnupg_ksba_create_reader): this.  Replace args CTRL and
 7055 	ALLOW_MULTI_PEM by a new arg FLAGS.  Change the code to evaluate
 7056 	FLAGS.  Change all callers to pass the FLAGS.
 7057 	(gpgsm_create_writer): Rename to ...
 7058 	(gnupg_ksba_create_writer): this.  Replace arg CTRL by new arg FLAGS.
 7059 	Add arg PEM_NAME.  Evaluate FLAGS.  Store a copy of PEM_NAME.  Change
 7060 	all callers to pass the FLAGS and PEM_NAME.
 7061 
 7062 	common: Change license of ksba-io-support.c.
 7063 	+ commit 919e76b407ac557b0f518ec03f3cc59e9e5740c9
 7064 	* common/ksba-io-support.c: Change from GPLv3+ to LGPLv3+/GPLv2+.
 7065 
 7066 	sm,common: Move ksba reader and writer support to common/.
 7067 	+ commit 04bfa6fe6597b8ffcec61cbcacdc7eb137444e80
 7068 	* sm/base64.c: Rename to ...
 7069 	* common/ksba-io-support.c: this.
 7070 	* common/ksba-io-support.h: New.
 7071 	* common/Makefile.am (common_sources): Add new files.
 7072 	* sm/Makefile.am (gpgsm_SOURCES): Remove base64.c
 7073 
 7074 	dirmngr: Prepare certcache for forthcoming changes.
 7075 	+ commit 5c4e67afd6385b48065de6a0f2dd0bfd936ab90b
 7076 	* dirmngr/certcache.c (cert_item_s): Rename 'flags.loaded' to
 7077 	'flags.config'.  Add 'flags.systrust'.
 7078 	(total_loaded_certificates): Rename to total_config_certificates.
 7079 	(put_cert): Rename args for clarity.  Set SYSTRUST flag.
 7080 	(load_certs_from_dir): Make sure put_cert does not set the SYSTRUST
 7081 	flag.
 7082 
 7083 	dirmngr: Replace stpcpy chains by strconcat.
 7084 	+ commit aef60abe6a1772e18634984a94bd70f57d57ccdd
 7085 	* dirmngr/certcache.c (find_cert_bysn): Use strconcat.
 7086 	(find_cert_bysubject): Ditto.
 7087 	* dirmngr/http.c (store_header): Ditto.
 7088 	* dirmngr/ldap.c (make_url): Ditto.
 7089 	* dirmngr/server.c (get_cert_local_ski): Ditto.
 7090 	(do_get_cert_local): Use xstrconcat.
 7091 
 7092 2017-02-16  NIIBE Yutaka  <gniibe@fsij.org>
 7093 
 7094 	scd: Minor fixes to silence compiler warnings.
 7095 	+ commit 7a666ccb44f43c4efbaa51c1ca16fc0b37c3399d
 7096 	* scd/app.c (app_reset): Initialize ERR.
 7097 	* scd/scdaemon.c (scd_kick_the_loop, handle_connections): Catch the
 7098 	return value.
 7099 
 7100 2017-02-15  Werner Koch  <wk@gnupg.org>
 7101 
 7102 	libdns: Workaround for bracketed numerical addresses.
 7103 	+ commit a3509e12b6626a585ce7da6ceed8cfddcba2460f
 7104 	* dirmngr/dns-stuff.c (resolve_name_libdns): Work around an
 7105 	incompatibility between the glibc resolver and libdns.
 7106 
 7107 	dirmngr: Do PTR lookups only for 'keyserver --hosttable'.
 7108 	+ commit a75325faf163275674a91971e75f1018035ca348
 7109 	* dirmngr/ks-engine-hkp.c (hostinfo_s): Remove fields v4addr and
 7110 	v5addr and add fields iporname and iporname_valid.
 7111 	(create_new_hostinfo): Clear them.
 7112 	(add_host): Remove the code to set the v4addr and v6addr fields.
 7113 	(ks_hkp_print_hosttable): Remove printing of the fields.  Compute the
 7114 	iporname field and display it.
 7115 	(ks_hkp_reload): Force re-computing of the iporname field in
 7116 	ks_hkp_print_hosttable.
 7117 
 7118 	dirmngr: Avoid PTR lookup for hosts in a pool.
 7119 	+ commit da2ba20868093e3054d18adc2b1bc56cb23e4ba7
 7120 	* dirmngr/ks-engine-hkp.c (add_host): Don't to a PTR lookup for hosts
 7121 	in a pool.
 7122 
 7123 2017-02-15  Justus Winter  <justus@g10code.com>
 7124 
 7125 	tests,build: Fix distcheck.
 7126 	+ commit 2f7b6cb279ea0ee27364fbb2b12df47e76166a39
 7127 	* tests/gpgscm/Makefile.am (EXTRA_DIST): Add 'time.scm'.
 7128 
 7129 	tests: Test and document other ways to create keys.
 7130 	+ commit 90d383f1eb07fc823518dea10eb15ca390f5cf8e
 7131 	* doc/gpg.texi: Clarify usage and expiration arguments for key
 7132 	generation.
 7133 	* tests/openpgp/quick-key-manipulation.scm: Test all variants.
 7134 
 7135 	tests: Check expiration times of created keys.
 7136 	+ commit 127e1e532da4083ccd3c307555b6177fab16f408
 7137 	* tests/gpgscm/ffi.c (do_get_time): New function.
 7138 	(ffi_init): Expose new function.
 7139 	* tests/gpgscm/ffi.scm (get-time): Document new function.
 7140 	* tests/gpgscm/time.scm: New file.
 7141 	* tests/openpgp/quick-key-manipulation.scm: Use the new facilities to
 7142 	check the expiration times of created keys.
 7143 	* tests/openpgp/tofu.scm: Use the new module.
 7144 
 7145 2017-02-15  NIIBE Yutaka  <gniibe@fsij.org>
 7146 
 7147 	scd: Fix RESET command handling.
 7148 	+ commit e2792813a55e091c51be7b1b089a71beb6466f1d
 7149 	* scd/app.c (release_application_internal): Remove.
 7150 	(release_application): Merge release_application_internal.
 7151 	(app_reset): Kick the loop and let close the reader.  Sleep is
 7152 	required here to wait closing.
 7153 	(scd_update_reader_status_file): When APP is no use, close it.
 7154 
 7155 2017-02-14  Werner Koch  <wk@gnupg.org>
 7156 
 7157 	gpg: Make --export-ssh-key work for the primary key.
 7158 	+ commit b456e5be91dc064fc9509ea86edab113721ed299
 7159 	* g10/export.c (export_ssh_key): Also check the primary key.
 7160 
 7161 2017-02-13  Werner Koch  <wk@gnupg.org>
 7162 
 7163 	dirmngr: Do a DNS lookup even if it is missing from nsswitch.conf.
 7164 	+ commit dee026d761ae3d7594c3dbc5b3fa842df53cc189
 7165 	* dirmngr/dns-stuff.c (libdns_init): Do not print error message for a
 7166 	missing nsswitch.conf.  Make sure that tehre is a DNS entry.
 7167 
 7168 	gpgconf: No ENOENT warning with --change-options et al.
 7169 	+ commit 30dac0486b6357e84fbe79c612eea940b654e4d1
 7170 	* tools/gpgconf-comp.c (retrieve_options_from_program): Check ERRNO
 7171 	before printing a warning.
 7172 
 7173 	gpg: Print a warning if no command has been given.
 7174 	+ commit 810adfd47801fc01e45fb71af9f05c91f7890cdb
 7175 	* g10/gpg.c (main): Print in the default case.
 7176 
 7177 2017-02-13  Justus Winter  <justus@g10code.com>
 7178 
 7179 	g13: Fix build on macOS.
 7180 	+ commit f8ce31a7bf1ee85e5010b628a66e6f69486e5213
 7181 	* g13/Makefile.am (t_common_ldadd): Add iconv.
 7182 
 7183 2017-02-13  NIIBE Yutaka  <gniibe@fsij.org>
 7184 
 7185 	scd: Fix use case of PC/SC.
 7186 	+ commit da4c132cca2c6df81243c9660b7348268a848f88
 7187 	* scd/apdu.c (apdu_open_reader): Add an argument APP_EMPTY.
 7188 	When CCID driver fails to open, try PC/SC if APP is nothing.
 7189 	* scd/app.c (select_application): Supply arg if APP is nothing.
 7190 
 7191 2017-02-10  Werner Koch  <wk@gnupg.org>
 7192 
 7193 	gpg: Fix memory leak in the error case of signature creation.
 7194 	+ commit 5996c7bf99f3a681393fd9589276399ebc956cff
 7195 	* g10/sign.c (write_signature_packets): Free SIG.  Also replace
 7196 	xcalloc by xtrycalloc.
 7197 
 7198 2017-02-08  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 7199 
 7200 	common: Avoid warning about implicit declaration of gnupg_fd_valid.
 7201 	+ commit 8810314e377a9cb6612150a57cf99260ed0bb9f6
 7202 	* common/logging.c: Add #include "sysutils.h".
 7203 
 7204 2017-02-08  Justus Winter  <justus@g10code.com>
 7205 
 7206 	gpg,common: Make sure that all fd given are valid.
 7207 	+ commit 6823ed46584e753de3aba48a00ab738ab009a860
 7208 	* common/sysutils.c (gnupg_fd_valid): New function.
 7209 	* common/sysutils.h (gnupg_fd_valid): New declaration.
 7210 	* common/logging.c (log_set_file): Use the new function.
 7211 	* g10/cpr.c (set_status_fd): Likewise.
 7212 	* g10/gpg.c (main): Likewise.
 7213 	* g10/keylist.c (read_sessionkey_from_fd): Likewise.
 7214 	* g10/passphrase.c (set_attrib_fd): Likewise.
 7215 	* tests/openpgp/Makefile.am (XTESTS): Add the new test.
 7216 	* tests/openpgp/issue2941.scm: New file.
 7217 
 7218 2017-02-07  Justus Winter  <justus@g10code.com>
 7219 
 7220 	tests: Skip key types not supported by OpenSSH.
 7221 	+ commit 56aa85f88f6b35fb03a2dc1a95882d49a74290e3
 7222 	* tests/openpgp/ssh-import.scm (path): New variable.
 7223 	(ssh,ssh-keygen,ssh-version,ssh-supports?): Likewise.
 7224 
 7225 2017-02-07  Werner Koch  <wk@gnupg.org>
 7226 
 7227 	wks: Add WKS-Phase headers to the server messages.
 7228 	+ commit b30ac663cec82c89ca9a3e87e65b36d2552f1533
 7229 	* tools/gpg-wks-server.c (send_confirmation_request): Add custom
 7230 	header.
 7231 	(send_congratulation_message): Ditto.
 7232 
 7233 2017-02-05  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 7234 
 7235 	po: Manual updates of nl translation.
 7236 	+ commit aa3f08794bfc809821e2fc30a09a5ae23925c645
 7237 	* po/nl.po: Apply several minor manual cleanups to nl.po that were
 7238 	previously applied to all the other localizations.
 7239 
 7240 	po: Copied missing nl.po translation from the 2.0 branch.
 7241 	+ commit 8a9d4b55b09d04482b46055f0a60f01b86738df3
 7242 	* po/nl.po: Copy from 2.0 branch.
 7243 
 7244 	gpg: Fix aliases --list-key, --list-sig, and --check-sig.
 7245 	+ commit f31120a5aa40b6e4e89d41d1d5d34e0f7da173b4
 7246 	* g10/gpg.c (opts): Define commands with ARGPARSE_c
 7247 	instead of ARGPARSE_s_n.
 7248 
 7249 2017-02-04  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 7250 
 7251 	doc: Clarify abbreviation of --help.
 7252 	+ commit f2b276dffbe2435b17abf2b3c51684d3636f3f11
 7253 	* doc/gpg.texi: clarify abbreviation of --help.
 7254 
 7255 2017-02-03  Werner Koch  <wk@gnupg.org>
 7256 
 7257 	agent: Tell pinentry the hostname the agent is running on.
 7258 	+ commit 042fe711c76f6377cedb8f83a73ba386cee34bb7
 7259 	* agent/call-pinentry.c [!W32]: Incluse utsname.h
 7260 	(start_pinentry): Pass nodename to OPTION/owner.
 7261 
 7262 	agent: Tell the Pinentry the client's pid.
 7263 	+ commit 309f464a5952c7d7504b875bf4853914b1242346
 7264 	* configure.ac: Check for SO_PEERCRED et al.
 7265 	* agent/agent.h (server_control_s): Add field 'client_pid'.
 7266 	* agent/command.c (start_command_handler): Set CLIENT_PID.
 7267 	* agent/command-ssh.c (get_client_pid): New.
 7268 	(start_command_handler_ssh): Set CLIENT_PID.
 7269 	* agent/call-pinentry.c (start_pinentry): Tell Pinentry the client-pid.
 7270 
 7271 	gpg: More diagnostics for a launched pinentry.
 7272 	+ commit 7052a0d77cf8f3a445b252a809d29be445788625
 7273 	* agent/call-pinentry.c (start_pinentry): Call getinfo/ttyinfo.
 7274 	* g10/server.c (gpg_proxy_pinentry_notify): Simplify the output so
 7275 	that we do not change the code when adding new fields to
 7276 	PINENTRY_LAUNCHED.
 7277 
 7278 2017-02-02  Neal H. Walfield  <neal@g10code.com>
 7279 
 7280 	gpg: Don't assume that strtoul interprets "" as 0.
 7281 	+ commit 407f5f9baea5591f148974240a87dfb43e5efef3
 7282 	* g10/tofu.c (show_statistics): If there are not records, return 0
 7283 	instead of NULL.
 7284 
 7285 	tests: Improve description of test.
 7286 	+ commit 64be8e1e8607944687f3ae45ec64aa30bf4fdf6f
 7287 	* tests/openpgp/issue2929.scm: Improve description of test.
 7288 
 7289 	Revert "Revert "tests: Add test demonstrating issue2929.""
 7290 	+ commit e596b21f4b78dd27489e677699cc4ba648051b3f
 7291 	This reverts commit 59048b0f1aa77313573a1004cd3a9f02692a7521.
 7292 
 7293 	gpg: Ensure TOFU bindings associated with UTKs are registered as usual.
 7294 	+ commit 769272ba87f282a69e8d5f9bb27c86e6bec4496b
 7295 	* g10/tofu.c (get_trust): Call get_policy before short-circuiting the
 7296 	policy lookup for ultimately trusted keys to make sure the binding is
 7297 	added to the bindings table, if necessary.
 7298 
 7299 	gpg: If there is a TOFU conflict, elide the too few message warning.
 7300 	+ commit a08c781739e7561093f32b732c4991f2bd817ec2
 7301 	* g10/tofu.c (tofu_get_validity): If there was a conflict, don't also
 7302 	print out a warning about too few messages.
 7303 
 7304 	gpg: Only print out TOFU statistics for conflicts in interactive mode.
 7305 	+ commit 027b81b35fe36692005b8dba22d9eb2db05e8c80
 7306 	* g10/tofu.c (get_trust): Add arguments POLICYP and CONFLICT_SETP.  If
 7307 	they are not NULL, return the policy and conflict set (if there is
 7308 	one), respectively.  Update callers.  If MAY_ASK is FALSE, don't print
 7309 	out the statistics.
 7310 	(tofu_register_encryption): If there is a conflict and we haven't yet
 7311 	printed the statistics about the conflicting bindings, do so now.
 7312 	(tofu_get_validity): Likewise.
 7313 
 7314 	gpg: Add newline to output.
 7315 	+ commit 74268180e5a3acc827f3a369f1fe5971f3bbe285
 7316 	* g10/tofu.c (ask_about_binding): Add newline to output.
 7317 
 7318 	gpg: Remove period at end of warning.
 7319 	+ commit 6f9d8a956b2ca0f5a0eb7acc656fc17af2f2de47
 7320 	* g10/tofu.c (tofu_register_encryption): Remove period at end of
 7321 	warning.
 7322 
 7323 2017-02-01  Werner Koch  <wk@gnupg.org>
 7324 
 7325 	dirmngr: New option --no-use-tor and internal changes.
 7326 	+ commit 7440119e729d3fdedda8a9b44b70f8959beea8d7
 7327 	* dirmngr/dns-stuff.c (disable_dns_tormode): New.
 7328 	* dirmngr/dirmngr.c (oNoUseTor): New const.
 7329 	(opts): New option --no-use-tor.
 7330 	(tor_mode): New var.
 7331 	(parse_rereadable_options): Change to use TOR_MODE.
 7332 	(dirmngr_use_tor): New.
 7333 	(set_tor_mode): Call disable_dns_tormode.  Implement oNoUseTor.
 7334 	* dirmngr/dirmngr.h (opt): Remove field 'use_tor'.  Replace all
 7335 	references by a call to dirmngr_use_tor().
 7336 	* dirmngr/server.c (cmd_getinfo): Distinguish between default and
 7337 	enforced TOR_MODE.
 7338 
 7339 2017-02-01  NIIBE Yutaka  <gniibe@fsij.org>
 7340 
 7341 	scd: Fix regression tracking the connection count.
 7342 	+ commit 8ddc9268f6aedef0e178b174b89245c33d8189dd
 7343 	* scd/scdaemon.c (get_active_connection_count): New.
 7344 	(start_connection_thread): Bump ACTIVE_CONNECTIONS up and down.
 7345 	* scd/command.c (cmd_getinfo): Add subcommand "connections".
 7346 
 7347 2017-01-31  Justus Winter  <justus@g10code.com>
 7348 
 7349 	gpgscm: Tune the hash tables.
 7350 	+ commit 2e78aa6ff770849415f8eb71ca70c8886e9564c8
 7351 	* tests/gpgscm/scheme.c (oblist_initial_value): Increase the size of
 7352 	the hash table based on the number of symbols used after initializing
 7353 	the interpreter.
 7354 	(new_frame_in_env): Increase the size of the hash table based on the
 7355 	number of variables in the global environement.
 7356 
 7357 	gpgscm: Optimize environment lookups and insertions.
 7358 	+ commit b85d509a8f5c2e6200b8051ca1593c019abce90b
 7359 	* tests/gpgscm/scheme.c (pointercmp): New function.
 7360 	(new_slot_spec_in_env): Add and use slot for insertions.
 7361 	(find_slot_spec_in_env): New variant of 'find_slot_in_env' that
 7362 	returns the slot on failures.
 7363 	(find_slot_in_env): Express using the new function.
 7364 	(new_slot_in_env): Update callsite.
 7365 	(opexe_0): Optimize lookup-or-insert.
 7366 	(opexe_1): Likewise.
 7367 	(scheme_define): Likewise.
 7368 
 7369 	gpgscm: Fix build with list environments.
 7370 	+ commit 874424ee3cc795eae9972b6259a2cc4dcdbb868e
 7371 	* tests/gpgscm/scheme.c (new_slot_spec_in_env): Provide preallocation
 7372 	inforomation if USE_ALIST_ENV.
 7373 
 7374 	gpgscm: Optimize symbol lookups and insertions.
 7375 	+ commit cea6d114b60deaecfbc2eb1aedbdfb7e6700922f
 7376 	* tests/gpgscm/scheme.c (oblist_find_by_name): Keep the list of
 7377 	symbols sorted, return the slot where a new symbol must be inserted on
 7378 	lookup failures.
 7379 	(oblist_add_by_name): Add the new symbol at the given slot.
 7380 	(mk_symbol): Adjust callsite.
 7381 	(gensym): Likewise.
 7382 	(assign_syntax): Likewise.
 7383 
 7384 	gpgscm: Fix build with object list.
 7385 	+ commit 8f0ecb16cbb3798ad18be5f05b826db2aa1aaa00
 7386 	* tests/gpgscm/scheme.c (oblist_add_by_name): Provide preallocation
 7387 	information if USE_OBJECT_LIST.
 7388 
 7389 	gpgscm: Remove unused functions.
 7390 	+ commit 2076cdaf6b93bc73223819895cc7a67323d8cee7
 7391 	* tests/gpgscm/scheme.c (check_cell_alloced): Remove function.
 7392 	(check_range_alloced): Likewise.
 7393 
 7394 2017-01-31  Werner Koch  <wk@gnupg.org>
 7395 
 7396 	dirmngr: Require --allow-version-check even if --use-tor is used.
 7397 	+ commit b0e8376e19072ec3c590273c69ab3e8e5edfdaca
 7398 	* dirmngr/dirmngr.c (housekeeping_thread): Load swdb only if the
 7399 	option is set.
 7400 
 7401 2017-01-31  NIIBE Yutaka  <gniibe@fsij.org>
 7402 
 7403 	scd: Remove --debug-disable-ticker option.
 7404 	+ commit e17fa5c75d76af4d4684ee810cb446ecd5110560
 7405 	* scd/scdaemon.c (ticker_disabled): Remove.
 7406 	(handle_tick, need_tick): Remove.
 7407 	(handle_connections): Don't check ticker_disabled.
 7408 
 7409 	scd: Fix SERIALNO for multiple devices.
 7410 	+ commit f08d37af049bf1718b301644020658dd2bb07638
 7411 	* scd/app.c (select_application): Fix the logic if periodical check is
 7412 	needed.  If it is needed for newly found device(s), kick the loop.
 7413 	(scd_update_reader_status_file): Return value if select(2) should be
 7414 	called with timeout.
 7415 	* scd/ccid-driver.c (ccid_require_get_status): Don't return 0 for
 7416 	token with no interrupt transfer for now.
 7417 	* scd/command.c (open_card_with_request): Fix scan by SERIALNO.
 7418 	* scd/scdaemon.c (update_usb): Remove.
 7419 	(handle_connections): Evaluate need_tick after handle_tick.
 7420 
 7421 2017-01-30  Justus Winter  <justus@g10code.com>
 7422 
 7423 	gpgscm: Use a compact vector representation.
 7424 	+ commit 49e2ae65e892f93be7f87cfaae3392b50a99e4b1
 7425 	* tests/gpgscm/scheme-private.h (struct cell): Add a compact vector
 7426 	representation.
 7427 	* tests/gpgscm/scheme.c (vector_length): Use new representation.
 7428 	(vector_size): New macro.
 7429 	(get_vector_object): Use the new representation.
 7430 	(fill_vector): Likewise.
 7431 	(vector_elem): Likewise.
 7432 	(set_vector_elem): Likewise.
 7433 	(mark): Likewise.
 7434 	(gc): Likewise.  Be careful not to confuse immediate values for type
 7435 	flags.
 7436 	(finalize_cell): Vectors now require finalization.
 7437 
 7438 	gpgscm: Provide framework for immediate values.
 7439 	+ commit e343984fc50e87830905614dc87f83f810551ad1
 7440 	* tests/gpgscm/scheme.c (IMMEDIATE_TAG): New macro.
 7441 	({is,set,clr}_immediate): Likewise.
 7442 	(enum scheme_types): Make type tags disjoint from immediate values.
 7443 	(TYPE_BITS): We need one more bit now.
 7444 	(ADJ,T_MASKTYPE): Compute values.
 7445 
 7446 	gpgscm: Fix setting the line of the first gc reservation.
 7447 	+ commit d27a4435bd8c0f0971d51ddf454422fc77d48271
 7448 	* tests/gpgscm/scheme.c (_gc_disable): Negate guard.
 7449 
 7450 	gpgscm: Introduce macro for the vector length.
 7451 	+ commit 489edf84c9a9c2122cef1b4e678154521525b54a
 7452 	* tests/gpgscm/scheme.c (vector_length): New macro.
 7453 	(get_vector_object): Use the new macro.
 7454 	(oblist_add_by_name): Likewise.
 7455 	(oblist_find_by_name): Likewise.
 7456 	(oblist_all_symbols): Likewise.
 7457 	(mk_vector): Likewise.
 7458 	(mark): Likewise.
 7459 	(new_slot_spec_in_env): Likewise.
 7460 	(find_slot_spec_in_env): Likewise.
 7461 	(opexe_2): Likewise.
 7462 	(opexe_5): Likewise.
 7463 
 7464 	Revert "tests: Add test demonstrating issue2929."
 7465 	+ commit 59048b0f1aa77313573a1004cd3a9f02692a7521
 7466 	This reverts commit 5aafa56dffefe3fac55b9d0555c7c86e8a07f072.
 7467 
 7468 2017-01-30  NIIBE Yutaka  <gniibe@fsij.org>
 7469 
 7470 	scd: Fix GetSlotStatus.
 7471 	+ commit 2a025039c1817c7f75c35a898884849a8e5dc926
 7472 	* scd/apdu.c (get_status_reader): Add ON_WIRE arg, here.
 7473 	(ct_get_status, pcsc_get_status_direct, pcsc_get_status_wrapped)
 7474 	(pcsc_get_status, get_status_ccid, my_rapdu_get_status): Likewise.
 7475 	(reset_pcsc_reader_wrapped, open_pcsc_reader_wrapped): Follow the
 7476 	change.
 7477 	(apdu_get_status_internal): It's lower-level driver which judge
 7478 	it's not needed.  Otherwise, it can't detect the removal.
 7479 	* scd/ccid-driver.c (ccid_slot_status): After the POWERED_OFF check,
 7480 	we can skip sending GetSlotStatus packet on wire, when no need.
 7481 
 7482 	scd: Don't send GET_STATUS packet if not needed.
 7483 	+ commit 7c8eee4d396a751d41fd1ee1e1b87b851fca172a
 7484 	* scd/apdu.c (apdu_get_status_internal): Add ON_WIRE arg.
 7485 	(apdu_connect): Call apdu_get_status_internal with ON_WIRE enabled.
 7486 	(apdu_get_status): For periodical check, call apdu_get_status_internal
 7487 	with ON_WIRE disabled.
 7488 
 7489 	scd: Fix cancel INTERRUPT transfer.
 7490 	+ commit 216afba0d99582d0fbae1d6e925f4ddb349d9de3
 7491 	* scd/ccid-driver.c (do_close_reader): Don't lock events, but check the
 7492 	return value of libusb_cancel_transfer.
 7493 
 7494 2017-01-27  NIIBE Yutaka  <gniibe@fsij.org>
 7495 
 7496 	scd: More changes on watching removal of card/reader.
 7497 	+ commit f3d9b2582bcaa1936b4fed5ec42a889b02df2f42
 7498 	* scd/app-common.h (struct app_ctx_s): Rename field to
 7499 	periodical_check_needed.
 7500 	* scd/scdaemon.c (update_usb): Rename from update_fdset_for_usb.
 7501 	Don't use libusb_get_pollfds any more.
 7502 	(scd_kick_the_loop): New.
 7503 	(need_tick): Follow the rename.
 7504 	(handle_connections): No libusb event handling here.
 7505 	* scd/app.c (app_new_register): Follow the change of rename.
 7506 	(select_application, scd_update_reader_status_file): Likewise.
 7507 	* scd/ccid-driver.c (ccid_usb_thread_is_alive): New.
 7508 	(intr_cb): Call scd_kick_the_loop.
 7509 	(ccid_usb_thread): New.  Thread to invoke INTERRUPT callback.
 7510 	(ccid_open_usb_reader): Add thread invocation.
 7511 	(ccid_require_get_status): Remove
 7512 	LIBUSB_WORKS_EXPECTED_FOR_INTERRUPT_ENDP.
 7513 	(do_close_reader): Carefully handle handle->transfer.
 7514 	(get_escaped_usb_string): Insert npth_unprotect/npth_protect.
 7515 	(do_close_reader, bulk_out, bulk_in, abort_cmd, ccid_slot_status)
 7516 	(ccid_transceive, ccid_transceive_secure): Likewise.
 7517 
 7518 	scd: Fix release of transfer object.
 7519 	+ commit f92fe33f11c44f14fd31682259fcd231e8fa9e75
 7520 	* scd/ccid-driver.c (intr_cb): Handle LIBUSB_TRANSFER_CANCELLED.
 7521 	(do_close_reader): When callback is active, call
 7522 	libusb_cancel_transfer and wait callback is fired off.
 7523 
 7524 	scd: Improve watching USB device removal.
 7525 	+ commit 25cc8575da9a9b8bf60c64c8059cb5f73cc52e1d
 7526 	* scd/apdu.c(struct reader_table_s): Add require_get_status.
 7527 	(apdu_connect): Change return value meaning.  Call apdu_reset here.
 7528 	* scd/app.c (app_new_register): Add require_get_status.
 7529 	(select_application): Use the return value of apdu_connect.
 7530 	(scd_update_reader_status_file): Call update_fdset_for_usb with
 7531 	checking all_have_intr_endp.
 7532 	(app_list_start, app_list_finish): Remove.
 7533 	* scd/ccid-driver.c (struct ccid_driver_s): Add transfer.
 7534 	(intr_cb): Don't call libusb_transfer in this callback.
 7535 	(ccid_require_get_status): New.
 7536 	(do_close_reader): Call libusb_transfer here.
 7537 	* scd/scdaemon.c (update_fdset_for_usb): Remove the first argument.
 7538 
 7539 	scd: Wake up the select when new USB scan.
 7540 	+ commit 031e3fa7b9a6770a4de1a184555250feeba0d26f
 7541 	* scd/scdaemon.c (update_fdset_for_usb): Wake up the select(2).
 7542 	(handle_connections): Use a kind of "self-pipe" technique.
 7543 
 7544 2017-01-26  NIIBE Yutaka  <gniibe@fsij.org>
 7545 
 7546 	scd: Only submit apdu_get_status when needed.
 7547 	+ commit 881dcdfd84ebad36bff20c895e629025bed9d94e
 7548 	* scd/apdu.c (apdu_dev_list_finish): Return Boolean value if
 7549 	all device support INTERRUPT transfer.
 7550 	* scd/ccid-driver.c (ccid_dev_scan_finish): Likewise.
 7551 	* scd/app.c (app_new_register): Fix initial value of card_status.
 7552 	(select_application): Call update_fdset_for_usb.
 7553 	(scd_update_reader_status_file): Ditto.
 7554 	* scd/scdaemon.c (update_fdset_for_usb, need_tick): New.
 7555 	(handle_connections): Call handle_tick when select returns.
 7556 	Let select watch USB file descriptors, too.
 7557 	Call libusb_handle_events_timeout_completed for INTERRUPT transfer.
 7558 
 7559 	scd: Fix APP reference counting.
 7560 	+ commit 9b06633c811e8815c07d744f20b45405cb082367
 7561 	* scd/app.c (scd_update_reader_status_file): Don't call another
 7562 	release_application_internal.
 7563 	* scd/command.c (open_card_with_request): Don't require APPTYPE !=
 7564 	NULL.
 7565 
 7566 	scd: Add INTERRUPT endp support to CCID driver.
 7567 	+ commit bb5ceb78c333129a44c0144f2cf49b17ede898f1
 7568 	* scd/app.c (scd_update_reader_status_file): Fix releas of APP.
 7569 	* scd/ccid-driver.c (struct ccid_driver_s): Add INTR_BUF.
 7570 	(intr_cb, ccid_setup_intr): New.
 7571 	(ccid_open_usb_reader): Call ccid_setup_intr.
 7572 	(ccid_slot_status): Return CCID_DRIVER_ERR_NO_READER when removed.
 7573 
 7574 2017-01-25  Justus Winter  <justus@g10code.com>
 7575 
 7576 	gpg: Fix searching for mail addresses in keyrings.
 7577 	+ commit 3f4f20ee6eff052c88647b820d9ecfdbd8df0f40
 7578 	* g10/keyring.c (compare_name): Fix KEYDB_SEARCH_MODE_MAIL* searches
 7579 	in keyrings when the UID is a plain addr-spec.
 7580 
 7581 	tests,w32: Fix GPGME tests requiring a pinentry.
 7582 	+ commit 02a39f0d1ed717f6fc33392e6ce4ab421c3bcbba
 7583 	* tests/gpgme/gpgme-defs.scm: Use our fake pinentry, and configure it
 7584 	to supply the correct passphrase.
 7585 
 7586 	tests,w32: Fix gpgsm signature verification test.
 7587 	+ commit 7d5a0ed792133d875fcedb6e23a9a3682f1a23f9
 7588 	* tests/gpgsm/verify.scm: Use 'call-with-binary-output-file' to avoid
 7589 	automatic line-ending conversion.
 7590 
 7591 	agent: Fix double free.
 7592 	+ commit e175152ef7515921635bf1e00383e812668d13fc
 7593 	* agent/cache.c (agent_store_cache_hit): Make sure the update is
 7594 	atomic.
 7595 
 7596 	tests: Skip GPGME tests that are not built.
 7597 	+ commit 5f2da5d439debf44615a97de788d8f720b517972
 7598 	* tests/gpgme/wrap.scm: Skip tests that are not built.
 7599 
 7600 	tests,w32: Fix locating GPGME's tests on Windows.
 7601 	+ commit 6ecd8b3e71632bbcca524ad735c83bdc2a4c4a4a
 7602 	* tests/gpgme/run-tests.scm: Qualify the test with the executable
 7603 	extension.
 7604 
 7605 2017-01-24  Werner Koch  <wk@gnupg.org>
 7606 
 7607 	gpg: Print a warning on Tor problems.
 7608 	+ commit 770b75a746836773909af25ccb9b480e61cea677
 7609 	* dirmngr/ks-engine-hkp.c (tor_not_running_p): New.
 7610 	(map_host): Call that to print a warning.
 7611 	(handle_send_request_error): Ditto and avoid marking the host dead.
 7612 	Also print a tor_config_problem warning.  Add arg CTRL; adjust callers
 7613 	to pass that new arg.
 7614 	* g10/call-dirmngr.c (ks_status_cb): Detect and print the new
 7615 	warnings.
 7616 
 7617 	dirmngr: Simplify error returning inside http.c.
 7618 	+ commit 51e5a5e5a46279809848b4ab4419f35045336010
 7619 	* dirmngr/http.c (connect_server): Change to return an gpg_error_t
 7620 	and to store socket at the passed address.
 7621 	(http_raw_connect, send_request): Adjust accordingly.
 7622 
 7623 	dirmngr: New option --disable-ipv4.
 7624 	+ commit 72736af86a501592d974d46ff754a63959e183bd
 7625 	* dirmngr/dirmngr.c (oDisableIPv4): New const.
 7626 	(opts): New option --disable-ipv4.
 7627 	(parse_rereadable_options): Set that option.
 7628 	* dirmngr/dirmngr.h (opt): New field 'disable_ipv4'.
 7629 	* dirmngr/dns-stuff.c (opt_disable_ipv4): bew var.
 7630 	(set_dns_disable_ipv4): New.
 7631 	(resolve_name_standard): Skip v4 addresses when OPT_DISABLE_IPV4 is
 7632 	set.
 7633 	* dirmngr/ks-engine-hkp.c (map_host): Ditto.
 7634 	(send_request): Pass HTTP_FLAG_IGNORE_IPv4 if opt.disable_v4 is set.
 7635 	* dirmngr/crlfetch.c (crl_fetch): Ditto.
 7636 	* dirmngr/ks-engine-finger.c (ks_finger_fetch): Ditto.
 7637 	* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
 7638 	* dirmngr/ocsp.c (do_ocsp_request): Ditto.
 7639 
 7640 2017-01-24  Justus Winter  <justus@g10code.com>
 7641 
 7642 	tools: Use platform abstraction for I/O.
 7643 	+ commit 73d6572bd0f260c5aa1e191a1ba4859ec6fa262c
 7644 	* tools/gpg-connect-agent.c (main): Use a gpgrt_stream_t for
 7645 	'script_fp'.  Adapt accordingly.
 7646 
 7647 	tools: Use platform abstraction for I/O.
 7648 	+ commit 77b8aff4e1bb641f497e63230a5006ab70e6c3a8
 7649 	* tools/gpgconf-comp.c (retrieve_options_from_file): Use a
 7650 	gpgrt_stream_t for 'list_file'.  Adapt accordingly.
 7651 	(copy_file): Likewise for 'src' and 'dst'.
 7652 	(change_options_file): Likewise for 'src_file' and 'dest_file'.
 7653 	(change_options_program): Likewise for 'src_file' and 'dest_file'.
 7654 	(gc_process_gpgconf_conf): Likewise for 'config'.
 7655 
 7656 	tools: Use platform abstraction for renaming files.
 7657 	+ commit bfd75e9492fc4edd86f4049a62304943a7b2a29a
 7658 	* tools/gpgconf-comp.c (gc_component_change_options): Use
 7659 	'gnupg_rename_file'.  Also, block signals across all renames in an
 7660 	attempt to make the whole process atomic.
 7661 
 7662 	tools: Add comments explaining the functions parameters.
 7663 	+ commit 82e309ad06884e54693f4856412984331febdda0
 7664 	* tools/gpgconf-comp.c (change_options_file): Add comments explaining
 7665 	the functions parameters.
 7666 	(change_options_program): Likewise.
 7667 
 7668 	tools: Improve error handling.
 7669 	+ commit b0348fdb26637b0bcbd68a96c1746a1613b309af
 7670 	* tools/gpgconf-comp.c (gp_component_change_options): Improve error
 7671 	handling when reading from stdin.
 7672 
 7673 	tools: Fix memory leak.
 7674 	+ commit 5b28f025085b386e0ec49535d4cd3f875a414eb0
 7675 	* tools/gpgconf-comp.c (change_options_file): Fix leak.
 7676 
 7677 	tests: Add test demonstrating issue2929.
 7678 	+ commit 5aafa56dffefe3fac55b9d0555c7c86e8a07f072
 7679 	* tests/openpgp/Makefile.am (XTESTS): Add new test.
 7680 	* tests/openpgp/issue2929.scm: New file.
 7681 
 7682 	tests: Enable gpgconf test.
 7683 	+ commit 628ff843466b42309f850b8d65b13cf5f586b81f
 7684 	* tests/openpgp/Makefile.am (XTESTS): Re-add gpgconf.scm.
 7685 
 7686 2017-01-23  Werner Koch  <wk@gnupg.org>
 7687 
 7688 	Release 2.1.18.
 7689 	+ commit f8289b1d28f501d2f37bf9ccb5e42f7fb27b4688
 7690 
 7691 
 7692 	build: Change make distcheck configure and temp. remove gpgconf.scm.
 7693 	+ commit 25e029823813e190a18b601af60efcb1fb3b84af
 7694 	* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Also test gpgtar and
 7695 	wks-tools.  Disable ntbtls.
 7696 	* tests/openpgp/Makefile.am (XTESTS): Temporary remove gpgconf.scm.
 7697 
 7698 	Fix format string errors and some missing error case initialization.
 7699 	+ commit af5979a42b9468ffe0f3ac6de5a77d982c5cf8a0
 7700 	* common/logging.c (do_logv): Remove extra parentheses in comparison.
 7701 
 7702 	* dirmngr/dns-stuff.c (resolve_addr_libdns): Init RES so that
 7703 	dns_res_close is given a defined value in the error case.
 7704 
 7705 	* dirmngr/http.c (cookie_read, cookie_write) [HTTP_USE_NTBTLS]: Fix
 7706 	format string char.
 7707 
 7708 	* dirmngr/ks-engine-hkp.c (ks_hkp_help): Remove duplicate "const".
 7709 	* dirmngr/ks-engine-http.c (ks_http_help): Ditto.
 7710 	* dirmngr/ks-engine-kdns.c (ks_kdns_help): Ditto.
 7711 	* dirmngr/ks-engine-ldap.c (ks_ldap_help): Ditto.
 7712 
 7713 	* scd/app-p15.c (send_keypairinfo, do_getattr): Fix format string
 7714 	char.
 7715 	* tools/gpgconf-comp.c (gpg_agent_runtime_change): Init PID for the
 7716 	error case.
 7717 	(scdaemon_runtime_change): Ditto.
 7718 	(dirmngr_runtime_change): Ditto.
 7719 
 7720 	* tools/gpgconf.c (query_swdb): Init VALUE_SIZE_UL.
 7721 
 7722 	dirmngr: On SIGHUP mark all keyservers alive.
 7723 	+ commit 3ca3da8fc4ef802b8cceec5fde398a07b4888848
 7724 	* dirmngr/ks-engine-hkp.c (ks_hkp_reload): New.
 7725 	* dirmngr/dirmngr.c (dirmngr_sighup_action): Call it.
 7726 
 7727 2017-01-23  Gaetan Bisson  <bisson@archlinux.org>
 7728 
 7729 	libdns: Hack to skip negation term.
 7730 	+ commit d4c0187dd93163f12e9f953366adef81ecf526a6
 7731 	* dirmngr/dns.c (dns_nssconf_loadfile): Skip negation terms in
 7732 	nsswitch.conf parser.
 7733 
 7734 2017-01-23  Werner Koch  <wk@gnupg.org>
 7735 
 7736 	dirmngr: Print debug message only with --debug.
 7737 	+ commit 9ae0b81e4ff08712da642456d0164f81924a91e4
 7738 	* dirmngr/dns-stuff.c (libdns_init): Call log_debug only if opt_debug
 7739 	is set.
 7740 
 7741 2017-01-23  Phil Pennock  <gnupg-devel@spodhuis.org>
 7742 
 7743 	dirmngr: Handle missing nsswitch.conf.
 7744 	+ commit 88ade475c56ac3712d6bd6d41ae38e1421dcb320
 7745 	* dirmngr/dns-stuff.c (libdns_init): Fallback to files,dns.
 7746 
 7747 2017-01-23  Damien Goutte-Gattat  <dgouttegattat@incenp.org>
 7748 
 7749 	gpg: Fix misleading log message when checking regexp.
 7750 	+ commit a85731ada2d361eacddc5ae92f80d34792dd4b5e
 7751 	* src/trustdb.c (check_regexp): Correctly print whether the
 7752 	regexp matched or not.
 7753 
 7754 2017-01-23  Werner Koch  <wk@gnupg.org>
 7755 
 7756 	gpg: New export and import options "backup" and "restore".
 7757 	+ commit 953d4ec6afd1b42feb7465ee57e48d72f033019a
 7758 	* g10/export.c (parse_export_options): Add "backup" and its alias
 7759 	"export-backup".
 7760 	(do_export_one_keyblock): Export ring trust packets in backup mode.
 7761 	* g10/import.c (parse_import_options): Add "restore" and its alias
 7762 	"import-restore".
 7763 	(read_block): Import ring trust packets.
 7764 
 7765 2017-01-23  NIIBE Yutaka  <gniibe@fsij.org>
 7766 
 7767 	scd: Fix INTERRUPT transfer.
 7768 	+ commit 21c9ebb908c2ad2e322e7a13e59e5880494c4d67
 7769 	* scd/ccid-driver.c (find_endpoint): Don't return Bulk endpoint as
 7770 	Interrupt endpoint.
 7771 	(ccid_poll): Call libusb_interrupt_transfer.
 7772 
 7773 2017-01-19  Werner Koch  <wk@gnupg.org>
 7774 
 7775 	build: Print a commit id in the generated ChangeLog.
 7776 	+ commit e926f30a1cda75f6334b79c303b5134f0441a3dc
 7777 	* build-aux/gitlog-to-changelog: Print an extra line with the commit
 7778 	id.
 7779 
 7780 	common: Fix buffer copy code again.
 7781 	+ commit e031b3c16cfec583c4322c84d299b355f0849c77
 7782 	* common/exectool.c (my_error_from_errno): Remove.
 7783 	(copy_buffer_do_copy): Do without var RC.
 7784 	(copy_buffer_flush): Ditto.  Use ERRNO instead of es_write return
 7785 	code.
 7786 	(gnupg_exec_tool): Correctly return errors from es_read.
 7787 
 7788 2017-01-19  Damien Goutte-Gattat  <dgouttegattat@incenp.org>
 7789 
 7790 	gpg: Allow to freeze faked system time.
 7791 	+ commit 3daeef702b2e6a42f0f396b828f86ffc3f33fc88
 7792 	* g10/gpg.c (main): If the parameter for --faked-system-time
 7793 	ends with a '!', freeze time at the specified point.
 7794 	* common/gettime.c (gnupg_set_time): Allow to freeze the time
 7795 	at an arbitrary time instead of only the current time.
 7796 	* doc/gpg.texi: Update documentation for --faked-system-time.
 7797 
 7798 2017-01-19  Werner Koch  <wk@gnupg.org>
 7799 
 7800 	common: Clarify use of vars in buffer copy code.
 7801 	+ commit 55c9212a2338bf0b07c8cf3a69bcedaa28d48d43
 7802 	* common/exectool.c (my_error_from_errno): New.
 7803 	(copy_buffer_do_copy): Use separate vars for errno values and
 7804 	gpg-error values for clarity.  s/assert/log_assert/.
 7805 	(copy_buffer_flush): Ditto.
 7806 	(gnupg_exec_tool_stream): Use gpg_err_code when testing.
 7807 
 7808 2017-01-19  NIIBE Yutaka  <gniibe@fsij.org>
 7809 
 7810 	dirmngr: Add setup of CA for NTBTLS.
 7811 	+ commit 367349b4dcc97718f8ae1163d1389d2a46fc3453
 7812 	* dirmngr/http.c [HTTP_USE_NTBTLS] (http_session_new): Add CA by
 7813 	ntbtls_set_ca_chain.
 7814 
 7815 2017-01-18  Justus Winter  <justus@g10code.com>
 7816 
 7817 	common: Fix flushing copy buffers.
 7818 	+ commit 34fa2d79a07a079be472c3ff486debfdac8c6070
 7819 	* common/exectool.c (copy_buffer_flush): Write and flush the data, but
 7820 	do not hide EAGAIN from the caller.
 7821 	(gnupg_exec_tool_stream): Retry on EAGAIN.
 7822 
 7823 2017-01-18  Werner Koch  <wk@gnupg.org>
 7824 
 7825 	agent: Reduce sleep time in the progress callback.
 7826 	+ commit 3d356d165aed7d76a3ea811b1d24ed0a05ac90d4
 7827 	* agent/gpg-agent.c (agent_libgcrypt_progress_cb): Reduce sleep time
 7828 	from 100ms to 1ms or use gpgrt_yield when build against a recent
 7829 	libgpg-error.
 7830 
 7831 	gpgconf: Allow "all" for --launch, --kill, and --reload.
 7832 	+ commit 2312248b2e3adffa52d8a3ac4f24fe2c88f0f569
 7833 	* tools/gpgconf-comp.c (gc_component_launch): Allow -1 for COMPONENT.
 7834 	(gc_component_kill): Ditto.
 7835 	(gc_component_reload): For robustness change the condition to < 0.
 7836 	* tools/gpgconf.c (main) <aLaunch, aKill, aReload>: Support argument
 7837 	"all".
 7838 
 7839 	gpg: Remove unused definitions.
 7840 	+ commit 701f54eccf3da3319dd6d74f46b852c64d90bc52
 7841 	* g10/keydb.h (rt_UNKNOWN, rt_RING): Remove constants.
 7842 	(keyblock_pos_struct, KBPOS): Remove struct and type.
 7843 
 7844 2017-01-18  NIIBE Yutaka  <gniibe@fsij.org>
 7845 
 7846 	scd: Cleanup SERIALNO protocol.
 7847 	+ commit 79cea89774e6327b6785e22b7057f9e3e188ac2b
 7848 	* scd/app.c (app_get_serial_and_stamp): Remove.
 7849 	(app_get_serialno): New.
 7850 	(app_write_learn_status): Use send_status_direct.
 7851 	(app_getattr): Use app_get_serialno for SERIALNO and
 7852 	send with send_status_direct.
 7853 	* scd/app-openpgp.c (do_getattr): Likewise.
 7854 	* scd/command.c (cmd_serialno): Don't send TIMESTAMP of 0.
 7855 	(cmd_learn): Likewise.  Don't inquire with TIMESTAMP of 0.
 7856 
 7857 	scd: Add "card_list" sub command for GETINFO.
 7858 	+ commit 8b1f24a29ebc7651437c01990215a55b1136dae0
 7859 	* scd/app.c (app_send_card_list): New.
 7860 	* scd/command.c (cmd_getinfo): Fix "status" sub command.
 7861 	Add "card_list" sub command.
 7862 
 7863 2017-01-17  Werner Koch  <wk@gnupg.org>
 7864 
 7865 	build: Handle packages with dashes in --find-version.
 7866 	+ commit a09f258b1412209763222e2e81bab79663e4d685
 7867 	* autogen.sh (--find-version): Improve version extraction.
 7868 	* (--help): Extend.
 7869 
 7870 	gpg: Clean bogus subkey binding when cleaning a key.
 7871 	+ commit 356323768a1a29138581d0aceed0336ab8be0d5c
 7872 	* g10/trust.c (clean_key): Also clean bogus subkey bindings.
 7873 
 7874 	gpg: Sync print of additional sig data in --edit-key.
 7875 	+ commit 766c25018b288a7185c6da6adac0dec01a64e94a
 7876 	* g10/keylist.c (show_policy_url): Implement MODE -1.
 7877 	(show_keyserver_url): Ditto.
 7878 	(show_notation): Ditto.
 7879 	* g10/keyedit.c (print_one_sig): Print policy URL, keyserver URL and
 7880 	notation data to the tty.
 7881 
 7882 	common: Remove unused function tty_print_string.
 7883 	+ commit bae42e543799a428e59bad870aed9719dd6e6e45
 7884 	* common/ttyio.c (tty_print_string): Rename to ...
 7885 	(do_print_string): this.  Make local.  Simplify FP case by using
 7886 	print_utf8_buffer.  Change caller.
 7887 
 7888 	gpg: Prepare some key cleaning function for use with secret key packets.
 7889 	+ commit adbfbf608e75cdd72ae7b3a538b91bc0e236a18f
 7890 	* g10/trust.c (mark_usable_uid_certs): Allow use of secret key packets.
 7891 	(clean_sigs_from_uid): Ditto.
 7892 	(clean_uid_from_key): Ditto.
 7893 	(clean_one_uid): Ditto.
 7894 	(clean_key): Ditto.
 7895 
 7896 2017-01-16  Werner Koch  <wk@gnupg.org>
 7897 
 7898 	dirmngr: Implement hkps lookups using literal addresses.
 7899 	+ commit e6aebfe3d0f16c483296fd125b66a44017fe15f4
 7900 	* dirmngr/ks-engine-hkp.c (map_host): For literal addresses do a
 7901 	reverse lookup.
 7902 
 7903 	dirmngr: Allow reverse DNS lookups in Tor-mode.
 7904 	+ commit 9850124c7bdf0a0e7c1866abc85f3437257d7095
 7905 	* dirmngr/dns-stuff.c (resolve_dns_name): Move up in the file.
 7906 	(resolve_addr_libdns): New.
 7907 	(resolve_dns_addr): Divert to resolve_dns_addr.
 7908 
 7909 	dirmngr: Avoid network queries for literal IP addresses.
 7910 	+ commit daae97bc14742c75408c4eb05808a2102cfe2bcf
 7911 	* dirmngr/dns-stuff.c (resolve_name_libdns): USe flags AI_NUMERICHOST
 7912 	for literal IP addresses.
 7913 	(resolve_name_standard): Ditto.
 7914 
 7915 	dirmngr: Fix URL creation for literal IPv6 addresses in HKP.
 7916 	+ commit 82646bbf1a5a7d745da81b239a12667a51703dc1
 7917 	* dirmngr/dns-stuff.c (is_ip_address): Make the return value depend on
 7918 	the address family.
 7919 	* dirmngr/ks-engine-hkp.c (map_host): Rename arg R_POOLNAME to
 7920 	R_HTTPHOST because that is its purpose.  Note that the former
 7921 	behaviour of storing a NULL to indicate that it is not a pool has not
 7922 	been used.
 7923 	(make_host_part): Ditto.
 7924 	(make_host_part): Make sure that literal v6 addresses are correclty
 7925 	marked in the constructed URL.
 7926 
 7927 2017-01-16  Justus Winter  <justus@g10code.com>
 7928 
 7929 	tests: Improve GPGHOME handling.
 7930 	+ commit 8b1611a9605b636db3e07a9d81016a11b318724c
 7931 	* tests/openpgp/defs.scm (GPGHOME): New variable.
 7932 	* tests/openpgp/ssh-import.scm: Remove redundant code, use 'path-join'.
 7933 	* tests/openpgp/tofu.scm: Likewise.
 7934 
 7935 2017-01-16  NIIBE Yutaka  <gniibe@fsij.org>
 7936 
 7937 	agent: Ask specific SERIALNO for pksign/pkdecrypt.
 7938 	+ commit 0801f49b0dc7102943f0e9fa51061f50f5708ca6
 7939 	* agent/call-scd.c (agent_card_serialno): Add DEMAND argument.
 7940 	* agent/command-ssh.c (card_key_available): Follow the change.
 7941 	* agent/learncard.c (agent_handle_learn): Likewise.
 7942 	* agent/divert-scd.c (ask_for_card): Use DEMAND argument.
 7943 
 7944 	scd: Add --demand option for SERIALNO.
 7945 	+ commit 2e6f1c99d4f66a23a752092397e20a84964edf48
 7946 	* scd/app.c (select_application): Add SERIALNO_BIN and SERIALNO_BIN_LEN
 7947 	arguments.  Return matched APP with a serial number when specified.
 7948 	* scd/command.c (open_card): Modify for the implicit open only.
 7949 	(open_card_with_request): New for explicit open and support match with a
 7950 	serial number.
 7951 	(cmd_serialno): Support --demand option.
 7952 	(cmd_learn, cmd_readcert, cmd_readkey, cmd_pksign, cmd_pkauth)
 7953 	(cmd_pkdecrypt, cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
 7954 	(cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_apdu): Follow
 7955 	the change of open_card.
 7956 
 7957 2017-01-12  Werner Koch  <wk@gnupg.org>
 7958 
 7959 	build: Make autogen.sh more POSIX friendly (next try)
 7960 	+ commit 3db76c9277d918dec9721a6439f4db3b3c06aba3
 7961 	* autogen.sh: Fix dd count to 5.
 7962 
 7963 	gpg: Rename a var to avoid a shadowing warning.
 7964 	+ commit c99a09f111c5980ae034faaea61a00d9ad60463c
 7965 	* g10/keygen.c (keygen_set_std_prefs): Rename variable.
 7966 
 7967 	tests: Fix t-gettime for a time_t of 64 and a long of 32 bit.
 7968 	+ commit 5c0777e1ca02ff1767755c417b64d6f78e02f475
 7969 	* configure.ac (AC_CHECK_HEADERS): Add stdint.h.
 7970 	* common/t-gettime.c: Include stdint.h.
 7971 	(UINTMAX_C): Define replacement.
 7972 	(test_isotime2epoch): Use UINTMAX_C for the >32 bit constants.
 7973 
 7974 	build: Make autogen.sh more POSIX friendly.
 7975 	+ commit 3c00b52f7cb0fbd756c0bbe5134b8f2d69c60dd1
 7976 	* autogen.sh: Replace non POSIX "cp -a" and "head -c".
 7977 
 7978 	libdns: Silence -Wstrict-prototypes on some function ptrs.
 7979 	+ commit 97372b39cd9b4c84a083eadbf072fff77799617f
 7980 	* dirmngr/dns.c (dns_rrtype): Ignore -Wstrict-prototypes warning.
 7981 
 7982 	libdns: Provide replacement for EPROTO.
 7983 	+ commit 0fadff9cdde47e42f7e428bc903b3626c67ba9c0
 7984 	* dirmngr/dns.c (EPROTO) ![EPROTO]: Define to EPROTONOSUPPORT.
 7985 
 7986 2017-01-11  Werner Koch  <wk@gnupg.org>
 7987 
 7988 	dirmngr: After a connection failure log a hint if Tor is not running.
 7989 	+ commit 20dfcfe08c618d23134d5d6efef7676b090f30d3
 7990 	* dirmngr/ks-engine-hkp.c (handle_send_request_error): Check whether
 7991 	Tor is running.
 7992 
 7993 	dirmngr: Mark hosts dead on ENETDOWN.
 7994 	+ commit 76fb2febde10da8237bbe7613830b51af2a45139
 7995 	* dirmngr/ks-engine-hkp.c (handle_send_request_error): Take care of
 7996 	ENETDOWN.
 7997 
 7998 	dirmngr: Fix Tor access for v6 addresses.
 7999 	+ commit 09aeac41c97bc8ecb44a09886c7fdbd9a6ec5c7f
 8000 	* dirmngr/http.c (use_socks): New.
 8001 	(my_sock_new_for_addr): New.
 8002 	(connect_server): Replace assuan_sock_new by my_sock_new_for_addr.
 8003 
 8004 	dirmngr: Remove warnings about unused global variables.
 8005 	+ commit 915864e7f0315b0c96315d0bcd48b1b93592353a
 8006 	* dirmngr/crlcache.c (oidstr_issuingDistributionPoint): Comment.
 8007 	* dirmngr/ocsp.c (oidstr_certHash): Comment.
 8008 
 8009 	dirmngr: Implement debug option "network" for http.
 8010 	+ commit da894c48ec3393e7c815f575daa5a52ab37cc102
 8011 	* dirmngr/dirmngr.c (parse_rereadable_options): Set http debugging.
 8012 
 8013 	dirmngr: Add debug code to http.c.
 8014 	+ commit 02ab4b0085f8b4cdfe163d25ddd0fc80753d7f4a
 8015 	* dirmngr/http.c (opt_verbose, opt_debug): New vars.
 8016 	(http_set_verbose): New function.
 8017 	(_my_socket_new): Add debug output.
 8018 	(_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if
 8019 	OPT_DEBUG has ben set to 2 in a debugger.
 8020 	(http_session_new, http_session_ref): Ditto.
 8021 	(send_request, http_start_data): Print debug output for the request.
 8022 	(parse_response): Change to use log_debug_string for the response.
 8023 
 8024 	common: New function log_debug_with_string.
 8025 	+ commit 088d71d3671e74eb088386026f0e439a7e3b5543
 8026 	* common/logging.c (do_logv): Factor some code out to ...
 8027 	(print_prefix): new.
 8028 	(log_logv): Add arg EXTRASTRING and print it.  Change all callers to
 8029 	pass NULL for it.
 8030 	(log_debug_with_string): New.  Uses EXTRASTRING.
 8031 
 8032 2017-01-11  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 8033 
 8034 	common: Avoid unnecessary ambiguity in argparse.
 8035 	+ commit 7249ab0f95d1f6cb8ee61eefedc79801bb56398f
 8036 	* common/argparse.c (find_long_option): Avoid unnecessary ambiguity.
 8037 
 8038 2017-01-10  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 8039 
 8040 	systemd-user: Enable "systemctl --user reload {dirmngr,gpg-agent}"
 8041 	+ commit a20a450ac4ef10847fd59a5fd3acbbd2bfcaa6a2
 8042 	* doc/examples/systemd-user/*.service: Add ExecReload directives to
 8043 	  indicate the canonical way to reload the services.
 8044 
 8045 	GnuPG recommends reloading the agent and dirmngr with "gpgconf
 8046 	--reload".  if anyone is running them as systemd user services, they
 8047 	might ask them to reload in the systemd way, so teach systemd the
 8048 	right thing to do.
 8049 
 8050 2017-01-10  Justus Winter  <justus@g10code.com>
 8051 
 8052 	tests: Improve gpgconf test.
 8053 	+ commit 88e42ef08d65d4d1bc29c6cea48df19ca0d5e2bd
 8054 	* tests/openpgp/defs.scm (valgrind): New variable.
 8055 	(gpg-config): Fix clearing an option.
 8056 	* tests/openpgp/gpgconf.scm: Also toggle 'quiet'.
 8057 
 8058 	tools: Fix memory leaks and improve error handling.
 8059 	+ commit 1f5caf90bfaaaf7b9d8c06c12087aeeae3748032
 8060 	* tools/gpgconf-comp.c (gc_option_free): New function.
 8061 	(gc_components_free): Likewise.
 8062 	(gc_components_init): Likewise.
 8063 	(retrieve_options_from_program): Use 'xfree', fix memory leak.
 8064 	(change_options_program): Improve error handling.
 8065 	(gc_component_change_options): Fix memory leaks.
 8066 	* tools/gpgconf.c (main): Initialize components.
 8067 	* tools/gpgconf.h (gc_components_init): New prototype.
 8068 
 8069 	tests: Add test for gpgconf.
 8070 	+ commit c8cfc62125aceee0ca48aab5c8a9fea1ec1ef652
 8071 	* tests/openpgp/Makefile.am (XTESTS): Add new test.
 8072 	* tests/openpgp/defs.scm (percent-encode): New function.
 8073 	(gpg-conf): Generalize so that we can feed stdin.
 8074 	(gpg-config): New function.
 8075 	* tests/openpgp/gpgconf.scm: New file.
 8076 
 8077 	common: Fix fallback code.
 8078 	+ commit bfd6a490129ffc7c7ac8776bf5a5da3b1ddf6d42
 8079 	* common/logging.c (_log_assert): Fix the variant for compilers that
 8080 	do not support __FUNCTION__.
 8081 	* common/logging.h (_log_assert): Likewise.
 8082 
 8083 2017-01-09  Werner Koch  <wk@gnupg.org>
 8084 
 8085 	dirmngr: Use "pgpkey-hkps" and "pgpkey-hkp" for SRV record lookups.
 8086 	+ commit 0cc975d8a1cd54115938202432e43263b8893ea4
 8087 	* dirmngr/ks-engine-hkp.c (map_host): Chnage arg NO_SRV to SRVTAG.
 8088 	(make_host_part): Rewrite.
 8089 
 8090 	dirmngr: Do not use a SRV record for HKP if a port was specified.
 8091 	+ commit c2cbe2f87c480c62239dc4c2cbb352acd98cd267
 8092 	* dirmngr/http.h (parsed_uri_s): Add field EXPLICIT_PORT.
 8093 	* dirmngr/http.c (do_parse_uri): That it.
 8094 	* dirmngr/ks-engine-hkp.c (map_host): Add arg NO_SRV.
 8095 	(make_host_part): Ditto.
 8096 	(ks_hkp_resolve): Set NO_SRV from EXPLICIT_PORT.
 8097 	(ks_hkp_search): Ditto.
 8098 	(ks_hkp_get): Ditto.
 8099 	(ks_hkp_put): Ditto.
 8100 
 8101 2017-01-08  Werner Koch  <wk@gnupg.org>
 8102 
 8103 	dirmngr: Implement experimental SRV record lookup for WKD.
 8104 	+ commit 88dc3af3d4ae1afe1d5e136bc4c38bc4e7d4cd10
 8105 	* dirmngr/server.c (cmd_wkd_get): Support SRV records.
 8106 
 8107 	dirmngr: Improve debug output for TLS.
 8108 	+ commit 714faea4fa7f30d42e9986358214a99aa8fa57b3
 8109 	* dirmngr/misc.c (dump_cert): Also print SubjectAltNames.
 8110 
 8111 	dirmngr: Change internal SRV lookup API.
 8112 	+ commit 16078f3deea5b82ea26e2f01dbd3ef3a5ce25410
 8113 	* dirmngr/dns-stuff.c (get_dns_srv): Add args SERVICE and PROTO.
 8114 	* dirmngr/http.c (connect_server): Simplify SRV lookup.
 8115 	* dirmngr/ks-engine-hkp.c (map_host): Ditto.
 8116 	* dirmngr/t-dns-stuff.c (main): Adjust for changed get_dns_srv.
 8117 
 8118 	dirmngr: Strip root zone suffix from libdns SRV results.
 8119 	+ commit 9fa94aa10778bbd680315e93b23175423e338c40
 8120 	* dirmngr/dns-stuff.c (getsrv_libdns): Strip trailing dot from the
 8121 	target.
 8122 
 8123 2017-01-06  Werner Koch  <wk@gnupg.org>
 8124 
 8125 	agent,w32: Fix annoying output to DebugView.
 8126 	+ commit 8d774904c8066d8c0f19cfffe2d568979bb8c470
 8127 	* agent/gpg-agent.c (startup_fd_list): Do not define for W32.
 8128 	(main) [W32]: Do not call get_all_open_fds.
 8129 
 8130 2017-01-06  NIIBE Yutaka  <gniibe@fsij.org>
 8131 
 8132 	scd: Fix for --disable-ccid for scdaemon.
 8133 	+ commit 858e14cd794e2a6125d51e652a754bbe26def997
 8134 	* scd/apdu.c (apdu_dev_list_finish): Don't call ccid_dev_scan_finish
 8135 	with no table.
 8136 	(apdu_open_reader): Only increment when it's zero.
 8137 
 8138 	scd: Fix for --disable-ccid-driver.
 8139 	+ commit 62268a2732dddca7a05ca4cf45d0e4338c7dc3c4
 8140 	* scd/apdu.c [HAVE_LIBUSB] (apdu_dev_list_start): Conditionalize.
 8141 	[HAVE_LIBUSB] (apdu_dev_list_finish, apdu_open_reader): Likewise.
 8142 
 8143 	scd: Support multiple readers by CCID driver.
 8144 	+ commit 8a41e73c31adb86d4a7dca4da695e5ad1347811f
 8145 	* scd/apdu.c (new_reader_slot): Lock is now in apdu_dev_list_start.
 8146 	(close_pcsc_reader_direct, close_ccid_reader): RDRNAME is handled...
 8147 	(apdu_close_reader): ... by this function now.
 8148 	(apdu_prepare_exit): Likewise.
 8149 	(open_ccid_reader): Open with dev_list.
 8150 	(apdu_dev_list_start, apdu_dev_list_finish): New.
 8151 	(apdu_open_one_reader): New.
 8152 	(apdu_open_reader): Support multiple readers.
 8153 	* scd/app.c (select_application): With SCAN, opening all readers
 8154 	available, and register as new APP.
 8155 	(app_write_learn_status): app->ref_count == 0 is valid for APP which is
 8156 	not yet used.
 8157 	(app_list_start, app_list_finish): New.
 8158 	* scd/ccid-driver.c (struct ccid_driver_s): Remove RID and BCD_DEVICE.
 8159 	Add BAI.
 8160 	(parse_ccid_descriptor): BCD_DEVICE is now on the arguments.
 8161 	(ccid_dev_scan, ccid_dev_scan_finish): New.
 8162 	(ccid_get_BAI, ccid_compare_BAI, ccid_open_usb_reader): New.
 8163 	(ccid_open_reader): Support multiple readers.
 8164 	(ccid_set_progress_cb, ccid_close_reader): No RID any more.
 8165 
 8166 2017-01-05  Werner Koch  <wk@gnupg.org>
 8167 
 8168 	Silence two -Wlogical-op warnings.
 8169 	+ commit 6170eb809033c9d144abf3b1f31f8b936878cdd4
 8170 	* common/tlv.c (parse_ber_header): Avoid compiler warning about a
 8171 	duplicate condition.
 8172 	* tools/gpgtar-create.c (pattern_valid_p): Likewise.
 8173 
 8174 2017-01-05  Justus Winter  <justus@g10code.com>
 8175 
 8176 	tests: New test for --{show,override}-session-key.
 8177 	+ commit 168c8c9d79a817c1f08a9ef976dab377f8c4c69e
 8178 	* tests/openpgp/Makefile.am (XTESTS): Add new test.
 8179 	* tests/openpgp/decrypt-session-key.scm: New file.
 8180 
 8181 	tests: Fix macro.
 8182 	+ commit 4ded213698123a425393b89a800fda2a4ec5229d
 8183 	* tests/openpgp/defs.scm (with-ephemeral-home-directory): Make
 8184 	hygienic, use define-macro, do not change to the ephemeral home
 8185 	directory.
 8186 	* tests/gpgsm/setup.scm: Change to the ephemeral home directory.
 8187 	* tests/openpgp/setup.scm: Likewise.
 8188 
 8189 2017-01-04  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 8190 
 8191 	g10: avoid warning when --disable-tofu.
 8192 	+ commit 38671cfe5a2a40bb991619f4cb992c42b5f1e8cd
 8193 	If configured with --disable-tofu, we see compiler warnings about an
 8194 	unused variable.  This should remove those warnings.
 8195 
 8196 2017-01-04  Justus Winter  <justus@g10code.com>
 8197 
 8198 	tests,w32: Fix locating the components.
 8199 	+ commit 28e149609da44fab600f6a11b385d1c8ca8e7eb9
 8200 	* tests/openpgp/defs.scm (percent-decode): New function.
 8201 	(bin-prefix): New variable.
 8202 	(installed?): Likewise.
 8203 	(tool-hardcoded): Use the new variables.
 8204 	(gpg-conf): Use the new function to decode the values.
 8205 	(gpg-components): Do not use '--build-prefix' when 'installed?'.
 8206 
 8207 2017-01-03  Werner Koch  <wk@gnupg.org>
 8208 
 8209 	dirmngr: Make sure Tor mode is also set for DNS on SIGHUP.
 8210 	+ commit 969512401603639e4467ede7d892f1b02582c2c9
 8211 	* dirmngr/dns-stuff.c (enable_dns_tormode): Always succeed.
 8212 	(reload_dns_stuff): Reset tor port.
 8213 	* dirmngr/dirmngr.c (set_tor_mode): Also enable Tor mode for DNS.
 8214 	(main): Remove warning that Tor mode may not fully work.
 8215 	* dirmngr/server.c (cmd_dns_cert): Remove explicit Tor for DNS
 8216 	initialization.
 8217 	* dirmngr/t-dns-stuff.c (main): Remove option --new-circuit and error
 8218 	checking for enable_dns_tormode.
 8219 
 8220 	dirmngr: New debug message on correctly initialized libdns.
 8221 	+ commit 0004d52ba2f1245c84f95a151342ad99fd72ca3d
 8222 	* dirmngr/dns-stuff.c (libdns_init): Add debug level diagnostic on
 8223 	success.
 8224 
 8225 2017-01-02  Justus Winter  <justus@g10code.com>
 8226 
 8227 	common: Turn assertions into expressions.
 8228 	+ commit a1e0d4a1e75fc6e6c3392a4e1d1d27005b38d6cc
 8229 	* common/logging.h (log_assert): Turn this into an expression so it
 8230 	can be used in expressions.
 8231 
 8232 	tests: Fix faked time in the TOFU test.
 8233 	+ commit 6d065198337b5242889723481bfa9ce81aa108bb
 8234 	* tests/openpgp/tofu.scm (GPG): Fix time delta.
 8235 
 8236 2017-01-02  Werner Koch  <wk@gnupg.org>
 8237 
 8238 	g13: Improve printing of debug infos.
 8239 	+ commit 5b6ebfb9244602d9de31d61c7eceb0c45ac8aa49
 8240 	* g13/g13tuple.c (all_printable): Make it work.
 8241 
 8242 	Replace use of variable-length-arrays.
 8243 	+ commit 6b84ecbf312d98ac8cce9fe5facdc815bc742fa1
 8244 	* common/t-iobuf.c (main): Replace variable-length-array.
 8245 	* g10/gpgcompose.c (mksubpkt_callback): Ditto.
 8246 	(encrypted): Ditto.
 8247 	* g10/t-stutter.c (log_hexdump): Ditto.
 8248 	(oracle_test): Ditto.
 8249 	* g10/tofu.c (get_policy): Ditto.  Use "%zu" for size_t.
 8250 	* scd/app-openpgp.c (ecc_writekey): Replace variable-length-array.
 8251 	Check for zero length OID_LEN.
 8252 
 8253 2017-01-02  Justus Winter  <justus@g10code.com>
 8254 
 8255 	gpgscm: Fail if too many arguments are given.
 8256 	+ commit b0e14bd6ff8401b12b2b39f75aef94d3ad28017f
 8257 	* tests/gpgscm/scheme.c (opexe_0): Enable check.
 8258 	* tests/gpgscm/tests.scm (test::report): Remove superfluous argument.
 8259 
 8260 	gpgscm: Add 'finally', rework all macros.
 8261 	+ commit b79274a3b7e58f88e9a8c1dc1fb24dd3e983543c
 8262 	* tests/gpgscm/init.scm (finally): New macro.
 8263 	* tests/gpgscm/tests.scm (letfd): Rewrite.
 8264 	(with-working-directory): Likewise.
 8265 	(with-temporary-working-directory): Likewise.
 8266 	(lettmp): Likewise.
 8267 
 8268 	gpgscm: Use boxed values for source locations.
 8269 	+ commit e8b843508dac96e9d0a3140954dd5a3618669cec
 8270 	* tests/gpgscm/scheme-private.h (struct port): Use boxed values for
 8271 	filename and current line.  This allows us to use the same Scheme
 8272 	object for labeling all expressions in a file.
 8273 	* tests/gpgscm/scheme.c (file_push): Use boxed type for filename.
 8274 	(mark): Mark location objects of port objects.
 8275 	(gc): Mark location objects in the load stack.
 8276 	(port_clear_location): New function.
 8277 	(port_reset_current_line): Likewise.
 8278 	(port_increment_current_line): Likewise.
 8279 	(file_pop): Adapt accordingly.
 8280 	(port_rep_from_filename): Likewise.
 8281 	(port_rep_from_file): Likewise.
 8282 	(port_close): Likewise.
 8283 	(skipspace): Likewise.
 8284 	(token): Likewise.
 8285 	(_Error_1): Likewise.
 8286 	(opexe_0): Likewise.
 8287 	(opexe_5): Likewise.
 8288 	(scheme_deinit): Likewise.
 8289 	(scheme_load_file): Likewise.
 8290 	(scheme_load_named_file): Likewise.
 8291 
 8292 2017-01-02  Werner Koch  <wk@gnupg.org>
 8293 
 8294 	dirmngr: Strip root zone suffix from libdns cname results.
 8295 	+ commit b200e636ab20d2aa93d9f71f3789db5a04af0a56
 8296 	* dirmngr/dns-stuff.c (resolve_name_libdns): Strip trailing dot.
 8297 	(get_dns_cname_libdns): Ditto.
 8298 
 8299 2016-12-30  NIIBE Yutaka  <gniibe@fsij.org>
 8300 
 8301 	scd: Fix select_application.
 8302 	+ commit 337690441fcb19343fe56b139f5649bed7d25c83
 8303 	* scd/app.c (select_application): Fix the condition for open.
 8304 
 8305 	scd: Fix card removal monitor.
 8306 	+ commit f300e12a793d59deb1a369713384eaabfa39b3e6
 8307 	* scd/app.c (app_reset): Call send_client_notification with REMOVAL.
 8308 	(scd_update_reader_status_file): Likewise.
 8309 	* scd/command.c (send_client_notifications): Distinguish removal.
 8310 
 8311 2016-12-29  NIIBE Yutaka  <gniibe@fsij.org>
 8312 
 8313 	scd: Improve internal CCID driver.
 8314 	+ commit cdc8d0bd933b958db878861587322bc541b580b3
 8315 	* scd/ccid-driver.c (scan_or_find_usb_device): Don't scan for
 8316 	configuration but use active configuration.  Support alt_setting.
 8317 	(scan_or_find_devices): Support alt_setting.
 8318 	(ccid_open_reader): Support alt_setting.
 8319 
 8320 	scd: Fix a race condition for new_reader_slot.
 8321 	+ commit c48cf7e32ffa02ebdf00265543344c611bef0431
 8322 	* scd/apdu.c (reader_table_lock, apdu_init): New.
 8323 	(new_reader_slot): Serialize by reader_table_lock.
 8324 	* scd/app.c (lock_app, unlock_app, app_new_register): Fix error code
 8325 	usage.
 8326 	(initialize_module_command): Call apdu_init.
 8327 	* scd/scdaemon.c (main): Handle error for initialize_module_command.
 8328 
 8329 2016-12-28  NIIBE Yutaka  <gniibe@fsij.org>
 8330 
 8331 	scd: APP centric approach for device management.
 8332 	+ commit 4cc9fc5eb9bd91d943c185d59da4a2b4cb885ee6
 8333 	* scd/app.c (lock_app): Rename from lock_reader and use internal field
 8334 	of APP.
 8335 	(unlock_app): Likewise.
 8336 	(app_dump_state): Use APP.
 8337 	(application_notify_card_reset): Remove.
 8338 	(check_conflict): Change API for APP, instead of SLOT.
 8339 	(check_application_conflict): Likewise.
 8340 	(release_application_internal): New.
 8341 	(app_reset): New.
 8342 	(app_new_register): New.
 8343 	(select_application): Change API for APP, instead of SLOT.
 8344 	(deallocate_app, release_application): Modify for manage link.
 8345 	(report_change): New.
 8346 	(scd_update_reader_status_file): Moved from command.c and
 8347 	use APP list, instead of VREADER.
 8348 	(initialize_module_command): Moved from command.c.
 8349 
 8350 	* scd/command.c (TEST_CARD_REMOVAL): Remove.
 8351 	(IS_LOCKED): Simplify.
 8352 	(vreader_table): Remove.
 8353 	(vreader_slot, update_card_removed): Remove.
 8354 	(do_reset): Call app_reset.
 8355 	(get_current_reader): Remove.
 8356 	(open_card): Add SCAN arg.
 8357 	(cmd_serialno): No retry, since retry is done in lower layer in apdu.c.
 8358 	No do_reset, since it is done in lower layer.
 8359 	Add clearing card_removed flag.
 8360 	(cmd_disconnect): Call apdu_disconnect.
 8361 	(send_client_notifications): Modify for APP.
 8362 	(update_reader_status_file): Remove.
 8363 
 8364 	scd: Simplify monitoring card removal.
 8365 	+ commit f9882d8336feea96e3b5e250e9093f8cca01e08b
 8366 	* scd/apdu.c (struct reader_table_s): Remove any_status, last_status,
 8367 	status, and change_counter field.
 8368 	(new_reader_slot, dump_reader_status, ct_activate_card, open_ct_reader)
 8369 	(connect_pcsc_card, open_pcsc_reader_direct, open_pcsc_reader_wrapped)
 8370 	(open_ccid_reader, apdu_reset): Follow the change.
 8371 	(ct_dump_reader_status): Remove.
 8372 	(apdu_get_status_internal, apdu_get_status): Remove CHANGED arg.
 8373 	(apdu_connect): Follow the change.
 8374 	* scd/command.c (struct vreader_s): Remove reset_failed, any, and
 8375 	changed field.
 8376 	(cmd_getinfo, update_reader_status_file): Follow the change.
 8377 
 8378 2016-12-27  NIIBE Yutaka  <gniibe@fsij.org>
 8379 
 8380 	scd: Improve internal CCID driver.
 8381 	+ commit c7ec9c42246033e14ebad679d11f3b1fbeed23b7
 8382 	* scd/ccid-driver.c (scan_or_find_usb_device): Fix return value.
 8383 	Support device with multiple CCID interfaces.  Fix the case with
 8384 	READERNO.  Support partial string match of "reader-port" like PC/SC
 8385 	driver.
 8386 
 8387 2016-12-23  NIIBE Yutaka  <gniibe@fsij.org>
 8388 
 8389 	dirmngr: Fix for --disable-libdns usage.
 8390 	+ commit d26c51825e2255fe58305cbc1cd74fa43f80d93e
 8391 	* dirmngr/dns-stuff.c (enable_recursive_resolver, set_dns_nameserver)
 8392 	(reload_dns_stuff): Conditionalize with USE_LIBDNS.
 8393 	(get_h_errno_as_gpg_error): Map HOST_NOT_FOUND to GPG_ERR_NO_NAME.
 8394 
 8395 2016-12-22  Neal H. Walfield  <neal@g10code.com>
 8396 
 8397 	tools: Show a clearer error message if a server doesn't support WKS.
 8398 	+ commit 1909e994cb87d6c6866a465f0c20a456d4df46cc
 8399 	* tools/gpg-wks-client.c (command_send): If we fail to lookup the
 8400 	submission address, print a better error message.  If it is because
 8401 	the corresponding file doesn't exist, provide the hint that the server
 8402 	probably doesn't support WKS.
 8403 
 8404 2016-12-22  Werner Koch  <wk@gnupg.org>
 8405 
 8406 	wks: Let the client ignore missing policy flags.
 8407 	+ commit e917dfcd973a3ebbf5eb584e819ffa89f932bfef
 8408 	* tools/gpg-wks-client.c (command_send): Ignore missing policy flags.
 8409 
 8410 2016-12-22  NIIBE Yutaka  <gniibe@fsij.org>
 8411 
 8412 	scd: Clean up internal API for APP.
 8413 	+ commit 8431f5a7e88e1f42d75c4a4b61f4aa9b35457204
 8414 	* scd/app-common.h (app_readcert, app_readkey, app_setattr, app_sign,
 8415 	app_auth, app_decipher, app_get_challenge, app_check_pin): Add CTRL as
 8416 	the second argument.
 8417 	* scd/app.c: Supply CTRL to lock_reader calls.
 8418 	* scd/command.c (cmd_readcert, cmd_readkey, cmd_pksign, cmd_auth,
 8419 	cmd_pkdecrypt, cmd_setattr, cmd_random, cmd_checkpin): Follow the
 8420 	change.
 8421 
 8422 2016-12-21  Justus Winter  <justus@g10code.com>
 8423 
 8424 	gpgscm: Guard use of union member.
 8425 	+ commit 6e96cdd41a0e55b672309431062f37c4a4a9f485
 8426 	* tests/gpgscm/scheme.c (opexe_5): Check that we have a file port
 8427 	before accessing filename.  Fixes a crash on 32-bit architectures.
 8428 
 8429 2016-12-20  Werner Koch  <wk@gnupg.org>
 8430 
 8431 	tests: Avoid skipping exectool tests.
 8432 	+ commit 6204f8104fea42d706a68e77e2dc0bca4704bddc
 8433 	* common/t-exectool.c (test_executing_true): Try also /usr/bin/true.
 8434 	(test_executing_false): Try also /usr/bin/false.
 8435 
 8436 2016-12-20  Justus Winter  <justus@g10code.com>
 8437 
 8438 	tests: Add test suite for gpgsm.
 8439 	+ commit 36c14139285982def6ad942d4b2d8bef7ed4ea76
 8440 	* configure.ac (AC_CONFIG_FILES): Add new file.
 8441 	* tests/Makefile.am (SUBDIRS): Add new directory.
 8442 	* tests/gpgsm/32100C27173EF6E9C4E9A25D3D69F86D37A4F939: New file.
 8443 	* tests/gpgsm/Makefile.am: Likewise.
 8444 	* tests/gpgsm/cert_dfn_pca01.der: Likewise.
 8445 	* tests/gpgsm/cert_dfn_pca15.der: Likewise.
 8446 	* tests/gpgsm/cert_g10code_test1.der: Likewise.
 8447 	* tests/gpgsm/decrypt.scm: Likewise.
 8448 	* tests/gpgsm/encrypt.scm: Likewise.
 8449 	* tests/gpgsm/export.scm: Likewise.
 8450 	* tests/gpgsm/gpgsm-defs.scm: Likewise.
 8451 	* tests/gpgsm/import.scm: Likewise.
 8452 	* tests/gpgsm/plain-1.cms.asc: Likewise.
 8453 	* tests/gpgsm/plain-2.cms.asc: Likewise.
 8454 	* tests/gpgsm/plain-3.cms.asc: Likewise.
 8455 	* tests/gpgsm/plain-large.cms.asc: Likewise.
 8456 	* tests/gpgsm/run-tests.scm: Likewise.
 8457 	* tests/gpgsm/setup.scm: Likewise.
 8458 	* tests/gpgsm/shell.scm: Likewise.
 8459 	* tests/gpgsm/sign.scm: Likewise.
 8460 	* tests/gpgsm/verify.scm: Likewise.
 8461 
 8462 	tests: Add macro managing ephemeral home directories.
 8463 	+ commit c067a012c764218b94ce8de2914615a895a75f3e
 8464 	* tests/openpgp/defs.scm (with-ephemeral-home-directory): New macro.
 8465 	* tests/openpgp/setup.scm: Use the new macro.
 8466 
 8467 	tests: Move argument parser.
 8468 	+ commit a30c0a6972cabde3858108e9020e900696094843
 8469 	* tests/gpgme/gpgme-defs.scm (flag): Move...
 8470 	* tests/gpgscm/tests.scm: ... over here.
 8471 
 8472 	tests: Add missing encrypted sample, cleanup samples handling.
 8473 	+ commit e2ed3c1597daf3188ddce049cc3c50113d56f1b9
 8474 	* tests/openpgp/Makefile.am (TEST_FILES): Add new file.
 8475 	* tests/openpgp/defs.scm (plain-files): Add 'plain-large'.
 8476 	(all-files): New variable.
 8477 	(create-sample-files): New function.
 8478 	(create-legacy-gpghome): Use new function.
 8479 	* tests/openpgp/plain-large.asc: New file.
 8480 
 8481 2016-12-20  Werner Koch  <wk@gnupg.org>
 8482 
 8483 	Release 2.1.17.
 8484 	+ commit ade32464a25fdb35cc0f39e46d303ceba68ea8f6
 8485 
 8486 
 8487 	sm: Remove wrong example from gpgsm --help.
 8488 	+ commit 13465e708bb67e816e4fb3a37c117ad91dc6383f
 8489 	* sm/gpgsm.c (opts): Remove group 303.
 8490 
 8491 	dirmngr: New option --resolver-timeout.
 8492 	+ commit 81c012787fabf734d9c952c6f18ecac21929d4d8
 8493 	* dirmngr/dns-stuff.c (DEFAULT_TIMEOUT): New.
 8494 	(opt_timeout): New var.
 8495 	(set_dns_timeout): New.
 8496 	(libdns_res_open): Set the default timeout.
 8497 	(libdns_res_wait): Use configurable timeout.
 8498 	(resolve_name_libdns): Ditto.
 8499 
 8500 	* dirmngr/dirmngr.c (oResolverTimeout): New const.
 8501 	(opts): New option --resolver-timeout.
 8502 	(parse_rereadable_options): Set that option.
 8503 	(main) <aGPGConfList>: Add --nameserver and --resolver-timeout.
 8504 	* tools/gpgconf-comp.c (gc_options_dirmngr): Add --resolver-timeout
 8505 	and --nameserver.
 8506 
 8507 	* dirmngr/http.c (connect_server): Fix yesterday introduced bug in
 8508 	error diagnostic.
 8509 
 8510 2016-12-19  Werner Koch  <wk@gnupg.org>
 8511 
 8512 	dirmngr: Fix problems with the getsrv function.
 8513 	+ commit af8b68fae39b1378c769e0de6ba6437ea1aac7e3
 8514 	* dirmngr/dns-stuff.c (opt_debug, opt_verbose): New vars.
 8515 	(set_dns_verbose): New func.
 8516 	(libdns_switch_port_p): Add debug output.
 8517 	(resolve_dns_name): Ditto.
 8518 	(get_dns_cert): Ditto.
 8519 	(get_dns_cname): Ditto.
 8520 	(getsrv_libdns, getsrv_standard): Change SRVCOUNT to an unsigend int.
 8521 	(getsrv): Rename to ...
 8522 	((get_dns_srv): this.  Add arg R_COUNT and return an error.  Add debug
 8523 	output.
 8524 	* dirmngr/http.c: Adjust for chnaged getsrv().
 8525 	* dirmngr/ks-engine-hkp.c (map_host): Ditto.
 8526 	* dirmngr/t-dns-stuff.c (main): Ditto.  Call set_dns_verbose.
 8527 	* dirmngr/dirmngr.c (parse_rereadable_options): Call set_dns_verbose.
 8528 
 8529 	build: Add target to sign the windows installer.
 8530 	+ commit 284ec54495dddc9eb0232e959cf994234097578a
 8531 	* build-aux/speedo.mk (w32-sign-installer): New.
 8532 	(AUTHENTICODE_KEY): New.
 8533 	(installer-from-source): Use cp instead of mv.  Factor code out to ...
 8534 	(MKSWDB_commands): new macro.
 8535 	(sign-installer): New.
 8536 
 8537 2016-12-19  Justus Winter  <justus@g10code.com>
 8538 
 8539 	tests: Use the common test framework for the migration tests.
 8540 	+ commit 65a0d6a24e6299682793f213a9d2bae17c5b12d9
 8541 	* tests/migrations/Makefile.am (reqired_pgms): Add 'gpgscm'.
 8542 	(TESTS_ENVIRONMENT): Populate.
 8543 	(TESTS): Rename to 'XTESTS'.
 8544 	(xcheck): New target.
 8545 	(EXTRA_DIST): Add new files.
 8546 	(CLEANFILES): Remove log files.
 8547 	* tests/migrations/common.scm: Honor 'verbose', fix paths.
 8548 	* tests/migrations/run-tests.scm: New file.
 8549 	* tests/migrations/setup.scm: Likewise.
 8550 
 8551 	tests: Use sequential test runner if only one test is given.
 8552 	+ commit 0bf16d702665a269ce5ef724c927fbbd8f7f1ce9
 8553 	* tests/openpgp/run-tests.scm: Use sequential test runner if only one
 8554 	test is given.
 8555 
 8556 2016-12-19  Werner Koch  <wk@gnupg.org>
 8557 
 8558 	dirmngr,w32: Hack around a select problem.
 8559 	+ commit d51499fdc522a696f23c6776c3ab248742f4e06a
 8560 	* dirmngr/dns.c (FD_SETSIZE): Bump up to 1024.
 8561 	(dns_poll): Return an error instead of hitting an assertion failure.
 8562 
 8563 2016-12-19  Neal H. Walfield  <neal@g10code.com>
 8564 
 8565 	test: Extend TOFU tests to also check the days with signatures.
 8566 	+ commit aec89a7297bae30f79a63fdc830530e82bab6170
 8567 	* tests/openpgp/tofu.scm (GPGTIME): Define the "standard" base time.
 8568 	(faketime): New function.
 8569 	(days->seconds): Likewise.
 8570 	(GPG): Use faketime.
 8571 	(check-counts): Also check the number of expected days with signatures
 8572 	and encryptions.  Update callers.  Extend tests.
 8573 
 8574 2016-12-19  Justus Winter  <justus@g10code.com>
 8575 
 8576 	tests: New test for --delete-[secret-]keys.
 8577 	+ commit a1afc450e182af02ad5e6f6ba79e9dc4332ca2bc
 8578 	* tests/openpgp/Makefile.am (XTESTS): Add new test.
 8579 	* tests/openpgp/defs.scm (keys): New variable.
 8580 	(have-public-key?): New function.
 8581 	(have-secret-key?): Likewise.
 8582 	(have-secret-key-file?): Likewise.
 8583 	* tests/openpgp/delete-keys.scm: New file.
 8584 	* tests/openpgp/quick-key-manipulation.scm: Move the accessors to
 8585 	'defs.scm'.
 8586 
 8587 	gpgscm: Change associativity of ::.
 8588 	+ commit a45dc0849da0d944ec8c759bc8e3e733b1eb0079
 8589 	* tests/gpgscm/scheme.c (mk_atom): Change associativity of the ::
 8590 	infix-operator.  This makes it possible to naturally express accessing
 8591 	nested structures (e.g. a::b::c).
 8592 
 8593 	gpgscm: Display location when assertions fail.
 8594 	+ commit 3949cbd1128585c9b810713aeffaa1455fb5aed9
 8595 	* tests/gpgscm/lib.scm (assert): Use location information if
 8596 	available.
 8597 
 8598 	gpgscm: Make exception handling more robust.
 8599 	+ commit df00745d6eed7034b218a0c482a46d975425798a
 8600 	* tests/gpgscm/init.scm (throw'): Check that args is a list.
 8601 
 8602 2016-12-19  Andre Heinecke  <aheinecke@intevation.de>
 8603 
 8604 	speedo,w32: Use nsExec::ExecToLog to avoid popups.
 8605 	+ commit 026bbf0d5ee4510967e5f1dd3db2dee4687b0612
 8606 	* build-aux/speedo/w32/inst.nsi: Use ExecToLog instead of
 8607 	ExecWait.
 8608 
 8609 2016-12-19  Werner Koch  <wk@gnupg.org>
 8610 
 8611 	Remove unused debug flags and add "dns" and "network".
 8612 	+ commit e384405b6e251629fb36bcbba4f5f9ac15a39d10
 8613 	* g10/options.h (DBG_CARD_IO_VALUE, DBG_CARD_IO): Remove.
 8614 	* g10/gpg.c (debug_flags): Remove "cardio".
 8615 	* agent/agent.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
 8616 	* agent/gpg-agent.c (debug_flags): Remove "command".
 8617 	* scd/scdaemon.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
 8618 	* scd/scdaemon.c (debug_flags): Remove "command".
 8619 	* dirmngr/dirmngr.h (DBG_DNS_VALUE, DBG_DNS): New.
 8620 	(DBG_NETWORK_VALUE, DNG_NETWORK): New.
 8621 	* dirmngr/dirmngr.c (debug_flags): Add "dns" and "network".
 8622 
 8623 2016-12-17  Werner Koch  <wk@gnupg.org>
 8624 
 8625 	dirmngr: Fix setup of libdns for W32.
 8626 	+ commit e77b924fec1082faae48cdd2ff8474874a22bdf7
 8627 	* configure.ac (DNSLIB) {W32]: Add -liphlpapi.
 8628 	* dirmngr/dns-stuff.c [W32]: Include iphlpapi.h and define
 8629 	WIN32_LEAN_AND_MEAN.
 8630 	(libdns_init) [W32]: Use GetNetworkParams to get the nameserver.
 8631 	* dirmngr/t-dns-stuff.c (init_sockets): New.
 8632 	(main): Call it.
 8633 
 8634 2016-12-16  Werner Koch  <wk@gnupg.org>
 8635 
 8636 	dirmngr: Auto-switch from Tor port to Torbrowser port.
 8637 	+ commit 024dbd7162fc1a7694176ebad3c21ee3ea67c024
 8638 	* dirmngr/dns-stuff.c (libdns_tor_port): New var.
 8639 	(set_dns_nameserver): Clear that var.
 8640 	(libdns_init): Init var to the default port.
 8641 	(libdns_switch_port_p): New func.
 8642 	(resolve_dns_name): Use function to switch the port
 8643 	(get_dns_cert): Ditto.
 8644 	(getsrv): Ditto.
 8645 	(get_dns_cname): Ditto.
 8646 
 8647 	dirmngr: Use one context for all libdns queries.
 8648 	+ commit c4e8a3194d6b92f596a6483e486c645de7d2ddd1
 8649 	* dirmngr/dns-stuff.c (libdns_reinit_pending): New var.
 8650 	(enable_recursive_resolver): Set var.
 8651 	(set_dns_nameserver): Ditto.
 8652 	(libdns_init): Avoid double initialization.
 8653 	(libdns_deinit): New.
 8654 	(reload_dns_stuff): New.
 8655 	(libdns_res_open): Act upon LIBDNS_REINIT_PENDING.
 8656 	* dirmngr/t-dns-stuff.c (main): Call reload_dns_stuff to release
 8657 	memory.
 8658 	* dirmngr/dirmngr.c (cleanup): Ditto.
 8659 	(dirmngr_sighup_action): Call reload_dns_stuff to set
 8660 	LIBDNS_REINIT_PENDING.
 8661 
 8662 	dirmngr: Pass Tor credentials to libdns.
 8663 	+ commit ddb48086833f8b86f0f0d69b21a23f245090ea7a
 8664 	* dirmngr/dns-stuff.c (tor_credentials): Replace by ...
 8665 	(tor_socks_user, tor_socks_password): new vars.
 8666 	(enable_dns_tormode): Set these new vars.
 8667 	(libdns_res_open): Tell libdns the socks credentials.
 8668 
 8669 	dirmngr: Factor common libdns code out.
 8670 	+ commit 59d3c3e4baffff52548fb5d1766ebf02dd8e1bec
 8671 	* dirmngr/dns-stuff.c (libdns_res_open): New.  Replace all libdns_init
 8672 	and dns-res_open by a call to this func.
 8673 	(libdns_res_submit): New wrapper.  Replace all dns_res_sumbit calls.
 8674 	(libdns_res_wait): New function.
 8675 	(resolve_name_libdns): Replace loop by libdns_res_wait.
 8676 	(get_dns_cert_libdns): Ditto.
 8677 	(getsrv_libdns): Ditto.
 8678 
 8679 	gpg,sm: A few more option for --gpgconf-list.
 8680 	+ commit 48671f295ff233765689b6a73021f83ab845a28f
 8681 	* g10/gpg.c (gpgconf_list): Add --compliance and
 8682 	--default-new-key-algo.
 8683 	(parse_compliance_option):
 8684 	* sm/gpgsm.c (main) <gpgconf-list>: Add --enable-crl-checks.
 8685 
 8686 	gpgconf: New command --apply-profile.
 8687 	+ commit 76cd64a5baf6057b199c01f7999b327f1f4a87bc
 8688 	* tools/gpgconf.c (aApplyProfile): New.
 8689 	(opts): New command --apply-profile.
 8690 	(main): Implement that command.
 8691 	* tools/gpgconf-comp.c (option_check_validity): Add arg VERBATIM.
 8692 	(change_options_program): Ditto.
 8693 	(change_one_value): Ditto.
 8694 	(gc_component_change_options): Ditto.
 8695 	(gc_apply_profile): New.
 8696 
 8697 	gpgconf: Fix --apply-defaults.
 8698 	+ commit 6ca3c28da46873416822bf6ab7893db6c56a49d6
 8699 	* tools/gpgconf-comp.c: Skip pinentry also in process_all mode.
 8700 
 8701 2016-12-16  Justus Winter  <justus@g10code.com>
 8702 
 8703 	doc: Mention extra information in pinentry status lines.
 8704 	+ commit 12a5265afa7f87ad92fb571e0882e57b07a3c267
 8705 	* doc/DETAILS: Mention that 'PINENTRY_LAUNCHED may carry extra
 8706 	information.
 8707 
 8708 	sm: Fix agent communication.
 8709 	+ commit 3c7d6a1769ed6cc90d86247a814a0dce341512a3
 8710 	* sm/call-agent.c (gpgsm_agent_pksign): Fix passing the control handle
 8711 	to the callback.
 8712 	(gpgsm_scd_pksign): Likewise.
 8713 	(gpgsm_agent_reaedkey): Likewise.
 8714 
 8715 2016-12-16  Neal H. Walfield  <neal@g10code.com>
 8716 
 8717 	doc: Fix manual.
 8718 	+ commit a165fa09be4bfbeb97ebe25d551a9045255e5028
 8719 	* doc/gpg.texi: Remove comment about options being parsed in-order.
 8720 	They aren't.
 8721 
 8722 	g10: Use total days, not total messages to compute TOFU validity.
 8723 	+ commit 4a2c210b75d4266e289712e73a42c286aabb07f0
 8724 	* g10/tofu.c (write_stats_status): Use the number of days with
 8725 	signatures / encryptions to compute the validity, not the total number
 8726 	of signatures / encryptions.
 8727 	(BASIC_TRUST_THRESHOLD): Adjust given the new semantics.
 8728 	(FULL_TRUST_THRESHOLD): Likewise.
 8729 
 8730 	g10: Extend TOFU_STATS to emit <sign-days> and <encyrption-days>
 8731 	+ commit 94f6b9010d2e80a75ccbb21426faf0b30195f1ab
 8732 	* doc/DETAILS: Add SIGN-DAYS and ENCRYPT-DAYS to the TOFU_STATS status
 8733 	line.
 8734 	* g10/tofu.c (write_stats_status): Take additional parameters
 8735 	signature_days and encryption_days.  Update callers.  Include them in
 8736 	the tfs record and TOFU status lines.
 8737 	(show_statistics): Compute the number of days on which we saw a
 8738 	message signed by FINGERPRINT, and the number of days on which we
 8739 	encrypted a message to it.
 8740 
 8741 2016-12-16  Justus Winter  <justus@g10code.com>
 8742 
 8743 	doc: Improve section on unattended key generation.
 8744 	+ commit ca02a8b78fca8815388a859962584d75169ae3ee
 8745 	* doc/gpg.texi: Improve the subsection on unattended key generation by
 8746 	suggesting the quick key manipulation interface as an alternative, and
 8747 	by suggesting alternatives to '%pubring' and '%secring'.  Simplify
 8748 	examples accordingly.
 8749 
 8750 	doc: Add documentation for programmatic use of GnuPG.
 8751 	+ commit 116a78eb869c4c589228bd0d6deff7c7a9f92dfb
 8752 	* doc/gpg.texi: New subsections on programmatic use of GnuPG,
 8753 	ephemeral home directories, and the quick key manipulation interface.
 8754 
 8755 2016-12-16  Neal H. Walfield  <neal@g10code.com>
 8756 
 8757 	g10: On a TOFU conflict, write the conflicting keys to the status fd.
 8758 	+ commit fea9da4a8afab6f3a49cdbbcc4a7a21f27a6d3e8
 8759 	* g10/tofu.c (ask_about_binding): Emit all of the conflicting keys and
 8760 	their statistics on the status fd.
 8761 	(get_trust): Likewise, if we don't call ask_about_binding.
 8762 	(show_statistics): Have the caller pass the policy as returned by
 8763 	get_policy.  Add argument only_status_fd and don't emit any output on
 8764 	stdout if it is set.  Update callers.
 8765 
 8766 	g10: Add missing space.
 8767 	+ commit 6caa2d0ba2bfc0ae93878738b0169483f6b6b462
 8768 	* g10/tofu.c (tofu_register_encryption): Add missing space.
 8769 
 8770 2016-12-15  Justus Winter  <justus@g10code.com>
 8771 
 8772 	g10: Avoid translating simple error messages.
 8773 	+ commit 6b16b02109f4bb5b934e456667ff4c0ba7bc85fd
 8774 	* g10/gpg.c (main): Avoid translating arguments to 'wrong_args'.
 8775 
 8776 	g10: Rework the --quick-* interface.
 8777 	+ commit 41ad04d403de05abe54280d2a84aa51a603194e4
 8778 	* g10/gpg.c (opts): Rename options.
 8779 	(main): Update errors.
 8780 	* doc/gpg.texi: Update accordingly.
 8781 
 8782 	g10: Rename 'card-edit' to 'edit-card'.
 8783 	+ commit 6e4396723e9e5865015ebf7033628fa3919cf7d1
 8784 	* g10/gpg.c (opts): Rename option.
 8785 	* g10/call-agent.c (agent_scd_learn): Update comment.
 8786 	* doc/gpg.texi: Update accordingly.
 8787 
 8788 	g10: Spell out --desig-revoke.
 8789 	+ commit 3c691097ca144e9a1d4c9185636c59a848bec85c
 8790 	* g10/gpg.c (opts): Rename option.
 8791 	* doc/gpg.texi: Update accordingly.
 8792 
 8793 	g10: Shorten unreasonably long option.
 8794 	+ commit c252627c6fd93bc305c5a5a2f013c3de2d45c6b0
 8795 	* g10/gpg.c (opts): Rename 'generate-revocation-certificate' to
 8796 	'generate-revocation'.
 8797 	* doc/gpg.texi: Update accordingly.
 8798 	* po: Update translations.
 8799 
 8800 	doc: Add aliases of all changed options.
 8801 	+ commit bc6b76ef26f31c54ae1c29c761b8ecc437fcf565
 8802 	* doc/gpg.texi: Add the old version of every option that was updated
 8803 	with the last change set.
 8804 	* doc/gpgsm.texi: Likewise.
 8805 
 8806 2016-12-15  Werner Koch  <wk@gnupg.org>
 8807 
 8808 	dirmngr: First patch to re-enable Tor support.
 8809 	+ commit 2d1760ffe2ff46b77bd0f38db8b781d9564ae999
 8810 	* dirmngr/dns-stuff.c (SOCKS_PORT, TOR_PORT, TOR_PORT2): New
 8811 	constants.
 8812 	(libdns_init): Start adding tor support.
 8813 	(resolve_name_libdns): Pass socks hosts to dns_res_open.
 8814 	(get_dns_cert_libdns): Ditto.
 8815 	(getsrv_libdns): Ditto.
 8816 	(get_dns_cname_libdns): Ditto.
 8817 
 8818 2016-12-15  Justus Winter  <justus@g10code.com>
 8819 
 8820 	build: Fix distcheck.
 8821 	+ commit 0e2055c7d30d987a7a74923a7080b80cce470601
 8822 	* tests/gpgme/Makefile.am (CLEANFILES): New variable, clean test logs.
 8823 
 8824 2016-12-14  Justus Winter  <justus@g10code.com>
 8825 
 8826 	tests: Reuse GPGME's tests.
 8827 	+ commit 948cca9c99e701a1668bb5fd6e25f07e35381b4d
 8828 	* configure.ac (AC_CONFIG_FILES): Add new Makefile.
 8829 	* tests/Makefile.am (SUBDIRS): Add new directory.
 8830 	* tests/gpgme/Makefile.am: New file.
 8831 	* tests/gpgme/gpgme-defs.scm: Likewise.
 8832 	* tests/gpgme/run-tests.scm: Likewise.
 8833 	* tests/gpgme/setup.scm: Likewise.
 8834 	* tests/gpgme/wrap.scm: Likewise.
 8835 
 8836 	common: Support locating components in the build tree.
 8837 	+ commit ca1e9749bfb069d90aa44efbf6f3d611b6104c1b
 8838 	* common/homedir.c (gnupg_build_directory): New variable.
 8839 	(gnupg_module_name_called): Likewise.
 8840 	(gnupg_set_builddir): New function.
 8841 	(gnupg_set_builddir_from_env): Likewise.
 8842 	(gnupg_module_name): Support locating components in the build tree.
 8843 	* common/util.h (gnupg_set_builddir): New prototype.
 8844 	* tests/openpgp/defs.scm (tools): Drop 'gpg and 'gpg-agent.
 8845 	(tool): Rename to 'tool-hardcoded.
 8846 	(gpg-conf): New function, with accessors for the results.
 8847 	(gpg-components): New variable.
 8848 	(tool): New function.
 8849 	* tools/gpgconf.c (enum cmd_and_opt_values): New key.
 8850 	(opts): New option '--build-prefix'.
 8851 	(main): Handle new option.
 8852 
 8853 	tests: Rework check for trust models.
 8854 	+ commit 55dc81125abc43cd3cc8db951fc3b8a81767942d
 8855 	* tests/openpgp/defs.scm (gpg-has-option?): New function.
 8856 	(have-opt-always-trust): Use a simpler test for that option.  This way
 8857 	that is less distracting when we run the tests with verbose=3.
 8858 
 8859 2016-12-14  Werner Koch  <wk@gnupg.org>
 8860 
 8861 	dirmngr: New configure option --disable-libdns.
 8862 	+ commit d34a2bb410c7c770d26430d69ff77bd83fc407f1
 8863 	* configure.ac: Add option --disable-libdns
 8864 	(USE_LIBDNS): New ac_subst and am_conditional.
 8865 	(USE_C99_CFLAGS): Set only if libdns is used.
 8866 	* dirmngr/Makefile.am (dirmngr_SOURCES): Move dns.c and dns.h to ...
 8867 	(dirmngr_SOURCES) [USE_LIBDNS0: here.
 8868 	(t_common_src): Ditto.
 8869 	* dirmngr/dirmngr.c (oRecursiveResolver): New constant.
 8870 	(opts): New option "--recursive-resolver".
 8871 	(parse_rereadable_options): Set option.
 8872 	* dirmngr/t-dns-stuff.c (main): Add option --recursive-resolver.
 8873 	* dirmngr/server.c (cmd_getinfo): Depend output of "dnsinfo" on the
 8874 	new variables.
 8875 	* dirmngr/dns-stuff.c: Include dns.h only if USE_DNSLIB is defined.
 8876 	Also build and call dnslib functions only if USE_DNSLIB is defined.
 8877 	(recursive_resolver): New var.
 8878 	(enable_recursive_resolver): New func.
 8879 	(recursive_resolver_p): New func.
 8880 
 8881 	dirmngr: Implement CERT record lookup via libdns.
 8882 	+ commit 3c2a7918eac024b5e1258ea9b272b4e8a1f1af43
 8883 	* dirmngr/dns-stuff.c (get_dns_cert_libdns): New.
 8884 	(get_dns_cert_standard): Fix URL malloc checking.
 8885 
 8886 	dirmngr: Implement CNAME and SRV record lookup via libdns.
 8887 	+ commit 4c13e4e3debe0e55e86ae29c095f2d86eb0a6f11
 8888 	* dirmngr/dns-stuff.c (dns_free): New macro.
 8889 	(libdns): Move var to the top.
 8890 	(libdns_error_to_gpg_error): Map error codes to the new gpg-error
 8891 	codes.
 8892 	(resolve_name_libdns): Restructure code.
 8893 	(getsrv_libdns): New.
 8894 	(get_dns_cname_libdns): New.
 8895 
 8896 	dirmngr: Fix bugs in the standard resolver code.
 8897 	+ commit 4a030f682ef48542ed324b28207f2c2b4847dbef
 8898 	* dirmngr/dns-stuff.c: Include dirmngr-err.h to set the correct error
 8899 	source.
 8900 	(get_h_errno_as_gpg_error): New.
 8901 	(get_dns_cert_libdns): Fix error code.
 8902 	(getsrv_libdns): Add arg R_COUNT and return an error code.
 8903 	(getsrv_standard): Ditto.  Fix handling of res_query errors and
 8904 	provide the correct size for the return buffer.
 8905 	(getsrv): Adjust for changed worker functions.
 8906 	(get_dns_cname_standard): Fix handling of res_query errors and provide
 8907 	the correct size for the return buffer.
 8908 
 8909 	dirmngr: Require a c99 compiler.
 8910 	+ commit 392966aed9b2a5e1456c671e5d13b561a27e4bb2
 8911 	* configure.ac (USE_C99_CFLAGS): New ac_subst.  Set to -std=gnu99 for
 8912 	gcc.
 8913 	* dirmngr/Makefile.am (AM_CFLAGS): Add USE_C99_CFLAGS.
 8914 	(t_http_CFLAGS): Ditto.
 8915 	(t_ldap_parse_uri_CFLAGS): Ditto.
 8916 	(t_dns_stuff_CFLAGS): Ditto.
 8917 
 8918 	doc: Add license notes for libdns.
 8919 	+ commit d84f5a88233c073a82fd47728574b001343784ee
 8920 	* COPYING.other: New.
 8921 	* Makefile.am (EXTRA_DIST): Add it.
 8922 	* AUTHORS: Add info on libdns.
 8923 	* build-aux/speedo/w32/pkg-copyright.txt: Add license terms.
 8924 
 8925 	common: Add replacements for error codes from gpg-error 1.26.
 8926 	+ commit aae68a3ccd3d9870162b3ffd49eae08d5bf1b1e1
 8927 
 8928 
 8929 2016-12-14  Justus Winter  <justus@g10code.com>
 8930 
 8931 	dirmngr: New libdns snapshot.
 8932 	+ commit f8ab2c4c70ad15c4b2e45492606fb94ddaccdac7
 8933 
 8934 
 8935 	dirmngr: Add basic libdns support.
 8936 	+ commit f6acd0426453d3a18536ca69d63baa0d971082ef
 8937 	* dirmngr/dns.c: New file.
 8938 	* dirmngr/dns.h: New file.
 8939 	* dirmngr/Makefile.am (dirmngr_SOURCES): Add new files.
 8940 	* dirmngr/dns-stuff.c: Include dns.h.xxx use libdns
 8941 	(libdns): New global var for the libdns state.
 8942 	(libdns_error_to_gpg_error): New.
 8943 	(libdns_init): New.
 8944 	(resolve_name_libdns): New.
 8945 	(get_dns_cert_libdns): New stub.
 8946 	(getsrv_libdns): New stub.
 8947 	(get_dns_cname_libdns): New stub.
 8948 
 8949 	dirmngr,build: Remove support for ADNS.
 8950 	+ commit 2e734a3ce159de8fb60df2bd5d454f98ca710717
 8951 	* autogen.rc: Remove '--with-adns' argument.
 8952 	* configure.ac: Remove check for ADNS.
 8953 	* dirmngr/dns-stuff.c: Remove all code that uses ADNS.
 8954 	* dirmngr/server.c (cmd_getinfo): Update status line.
 8955 	* doc/dirmngr.texi: Do not mention ADNS.
 8956 
 8957 2016-12-14  NIIBE Yutaka  <gniibe@fsij.org>
 8958 
 8959 	dirmngr: Improve ntbtls support.
 8960 	+ commit 57aa42ce9b28bc17ac24491d595766fbf80762af
 8961 	* dirmngr/http.c [HTTP_USE_NTBTLS] (close_tls_session): Release.
 8962 	(send_request): Call ntbtls_set_transport.
 8963 	(cookie_read, cookie_write): Implement.
 8964 	(cookie_close): Add initial implementation for ntbtls.
 8965 
 8966 2016-12-13  Justus Winter  <justus@g10code.com>
 8967 
 8968 	g10,sm: Spell out --passwd.
 8969 	+ commit c1c35fb887061de05661f3411eda97546e1a52d7
 8970 	* g10/gpg.c (opts): Spell out option.
 8971 	* sm/gpgsm.c (opts): Likewise.
 8972 	* doc/gpg.texi: Update accordingly.
 8973 	* doc/gpgsm.texi: Likewise.
 8974 
 8975 	g10: Spell out --gen-revoke.
 8976 	+ commit ec1bd3ae685e95563e38077ab3c1655fd55dea07
 8977 	* g10/gpg.c (opts): Spell out option.
 8978 	* doc/gpg.texi: Update accordingly.
 8979 	* po: Update translations.
 8980 
 8981 	g10: Spell out --full-gen-key.
 8982 	+ commit 09163a6390bd9713f3a7946de739765b30ef6f64
 8983 	* g10/gpg.c (opts): Spell out option.
 8984 	(main): Likewise.
 8985 	* g10/keygen.c (generate_keypair): Likewise.
 8986 	* doc/gpg.texi: Update accordingly.
 8987 
 8988 	g10,sm: Spell out --gen-key.
 8989 	+ commit 892c827e72b1396e3b58e2f8869cc48328a2b59c
 8990 	* g10/gpg.c (opts): Spell out option.
 8991 	* sm/gpgsm.c (opts): Likewise.
 8992 	* doc/gpg.texi: Update accordingly.
 8993 
 8994 	g10,sm: Spell out --check-sigs.
 8995 	+ commit 9147737f1c6894f38b855f3cf38cd33122a1ae2a
 8996 	* g10/gpg.c (opts): Spell out option.
 8997 	* sm/gpgsm.c (opts): Likewise.
 8998 	* doc/gpg.texi: Update accordingly.
 8999 
 9000 	g10,sm: Spell out --list-sigs.
 9001 	+ commit a6d6e4afe488bc05ee730e85da6a9505c6cd245a
 9002 	* g10/gpg.c (opts): Spell out option.
 9003 	* sm/gpgsm.c (opts): Likewise.
 9004 	* doc/gpg.texi: Update accordingly.
 9005 
 9006 	g10: Hyphenate --clearsign.
 9007 	+ commit 04754ce3a704b1e6d38cb9a28dacf2821dc3f15f
 9008 	* g10/gpg.c (opts): Hyphenate option.
 9009 	* doc/gpg.texi: Update accordingly.
 9010 	* po: Update translations.
 9011 	* tests/openpgp: Update tests.
 9012 
 9013 	g10: Spell out --recv-keys.
 9014 	+ commit ca598152345b40f3a236227dfc63ae04ddf777d7
 9015 	* g10/gpg.c (opts): Spell out option.
 9016 	* doc/gpg.texi: Update accordingly.
 9017 
 9018 	g10: Create expiring keys in quick key generation mode.
 9019 	+ commit dd3dde07a9a46130ac01d849f8edf0566e44f11f
 9020 	* doc/gpg.texi: Document that fact.
 9021 	* g10/keygen.c (quick_generate_keypair): Use a default value.
 9022 	* tests/openpgp/quick-key-manipulation.scm: Test that fact.
 9023 
 9024 	gpgscm: Print failed and skipped tests.
 9025 	+ commit 429891a704057437517cb0b45d11392b40fa1ee8
 9026 	* tests/gpgscm/tests.scm (test-pool::report): Print failed and skipped
 9027 	tests at the end.
 9028 
 9029 	gpgscm: Generalize the test runner.
 9030 	+ commit d43dabf4607d3bcfc217eb9aea34d093f5aa698f
 9031 	* tests/gpgscm/tests.scm (test::scm) Add explicit name argument.
 9032 	(test::binary): Likewise.  Also, add missing unquote.
 9033 	* tests/openpgp/run-tests.scm: Adapt accordingly.
 9034 
 9035 	gpgscm: Move the test runner to the Scheme library.
 9036 	+ commit 1a176b92a8aad42056ed2c4e1f49a5feb40770cf
 9037 	* tests/openpgp/run-tests.scm: Move most of the code...
 9038 	* tests/gpgscm/tests.scm: ... here.
 9039 
 9040 	tests: Refactor test runner.
 9041 	+ commit fe36e63763c9c595bb057ac50160d2aff7c7a63f
 9042 	* tests/openpgp/run-tests.scm (locate-test): New function.
 9043 	(test): Factor-out the code starting the child process.
 9044 	(test::binary): New function.
 9045 
 9046 	gpgscm: Improve library functions.
 9047 	+ commit e3876f16eb237bdeb9f79aca2e7db5e9e2d86686
 9048 	* tests/gpgscm/tests.scm (absolute-path?): New function.
 9049 	(canonical-path): Use the new function.
 9050 	* tests/gpgscm/lib.scm (string-split-pln): New function.
 9051 	(string-indexp, string-splitp): Likewise.
 9052 	(string-splitn): Express using the above function.
 9053 	(string-ltrim, string-rtrim): Fix corner case.
 9054 	(list->string-reversed): New function.
 9055 	(read-line): Fix performance.
 9056 
 9057 2016-12-12  Werner Koch  <wk@gnupg.org>
 9058 
 9059 	gpg: Fix memory leak in ecc key generation.
 9060 	+ commit 98433c70431dfbde99b0e89416856d1eef9ebc88
 9061 	* g10/keygen.c (ecckey_from_sexp): Release curve.
 9062 
 9063 	gpg: Do not use a fixed string for --gpgconf-list:default_pubkey_algo.
 9064 	+ commit f1304ee9b21e6ceac6c13d04ceddd23fadb5c7f1
 9065 	* g10/keygen.c (get_default_pubkey_algo): New.
 9066 	(parse_key_parameter_string): Use it.
 9067 	* g10/gpg.c (gpgconf_list): Take value from new function.
 9068 
 9069 	gpg: Fix algo string parsing of --quick-addkey.
 9070 	+ commit 522e6f798db9f3f3a9e0123fdc389a86ac69dedf
 9071 	* g10/keygen.c (parse_key_parameter_string): Fix handling of PART==1.
 9072 	(parse_key_parameter_part): Use default key size if only "rsa", "dsa",
 9073 	or "elg" is given.
 9074 
 9075 2016-12-09  Justus Winter  <justus@g10code.com>
 9076 
 9077 	g10: Create keys that expire in simple key generation mode.
 9078 	+ commit d568a1561642ed9b7b7b6282b86c56786d10a956
 9079 	* g10/keygen.c (default_expiration_interval): New variable.
 9080 	(generate_keypair): Use the new default.
 9081 
 9082 	tests: Add a test for '--quick-addkey'.
 9083 	+ commit b778d8deedf344c8116362633925b8153c7f1bf1
 9084 	* tests/openpgp/quick-key-manipulation.scm: Test '--quick-addkey'.
 9085 
 9086 	tests: New test using all available compression algorithms.
 9087 	+ commit 59f1562c25119a4fe27411e6350f2149d6147148
 9088 	* tests/openpgp/Makefile.am (XTESTS): Add new test.
 9089 	* tests/openpgp/compression.scm: New file.
 9090 	* tests/openpgp/defs.scm (all-compression-algos): New variable.
 9091 
 9092 	g10: List compression algorithms using human-readable names.
 9093 	+ commit c8100fc0faadf8ba35e4df32b4760cc975e3a83d
 9094 	* g10/gpg.c (list_config): List all enabled compression algorithms
 9095 	under the key 'compressname'.
 9096 
 9097 	g10: Fix memory leak.
 9098 	+ commit 3de9bad359e28ced4a2539e411d222ffd82a4a62
 9099 	* g10/sign.c (do_sign): Release old signature data.
 9100 
 9101 2016-12-08  Werner Koch  <wk@gnupg.org>
 9102 
 9103 	common: Skip the Byte Order Mark in conf files.
 9104 	+ commit 5c7d58222834793629a30248e72b6ea96e832dc4
 9105 	* common/argparse.c (optfile_parse): Detect and skip the UTF-8 BOM.
 9106 
 9107 	Fix 2 compiler warnings.
 9108 	+ commit cb4c7abb774e2d95806d8b0ec6ea5cd130c1b5b8
 9109 	* dirmngr/loadswdb.c: Set ERR on malloc failure.
 9110 	* g10/passphrase.c (passphrase_to_dek): Initialize all fields of
 9111 	HELP_S2K.
 9112 
 9113 	wks: New option --status-fd for gpg-wks-client.
 9114 	+ commit 4a04277ad112e0966296133795f93cf6a3daa48e
 9115 	* tools/wks-util.c: Include status.h.
 9116 	(statusfp): New global var.
 9117 	(wks_set_status_fd): New func.
 9118 	(wks_write_status): New func.
 9119 	* tools/gpg-wks-client.c: Include status.h.
 9120 	(oStatusFD): New constant.
 9121 	(opts): New option --status-fd.
 9122 	(parse_arguments): Handle that option.
 9123 	(main): Return STATUS_SUCCESS or STATUS_FAILURE.
 9124 
 9125 2016-12-08  Justus Winter  <justus@g10code.com>
 9126 
 9127 	gpgscm: Better error reporting.
 9128 	+ commit e7429b1ced0c69fa7901f888f8dc25f00fc346a4
 9129 	* tests/gpgscm/ffi.scm: Move the customized exception handling and
 9130 	atexit logic...
 9131 	* tests/gpgscm/init.scm: ... here.
 9132 	(throw): Record the current history.
 9133 	(throw'): New function that is history-aware.
 9134 	(rethrow): New function.
 9135 	(*error-hook*): Use the new throw'.
 9136 	* tests/gpgscm/main.c (load): Fix error handling.
 9137 	(main): Save and use the 'sc->retcode' as exit code.
 9138 	* tests/gpgscm/repl.scm (repl): Print call history.
 9139 	* tests/gpgscm/scheme.c (_Error_1): Make a snapshot of the history,
 9140 	use it to provide a accurate location of the expression causing the
 9141 	error at runtime, and hand the history trace to the '*error-hook*'.
 9142 	(opexe_5): Tag all lists at parse time with the current location.
 9143 	* tests/gpgscm/tests.scm: Update calls to 'throw', use 'rethrow'.
 9144 
 9145 	gpgscm: Keep a history of calls for error messages.
 9146 	+ commit 404e8a4136bbbab39df7dd5119841e131998cc15
 9147 	* tests/gpgscm/init.scm (vm-history-print): New function.
 9148 	* tests/gpgscm/opdefines.h: New opcodes 'CALLSTACK_POP', 'APPLY_CODE',
 9149 	and 'VM_HISTORY'.
 9150 	* tests/gpgscm/scheme-private.h (struct history): New definition.
 9151 	(struct scheme): New field 'history'.
 9152 	* tests/gpgscm/scheme.c (gc): Mark objects in the history.
 9153 	(history_free): New function.
 9154 	(history_init): Likewise.
 9155 	(history_mark): Likewise.
 9156 	(add_mod): New macro.
 9157 	(sub_mod): Likewise.
 9158 	(tailstack_clear): New function.
 9159 	(callstack_pop): Likewise.
 9160 	(callstack_push): Likewise.
 9161 	(tailstack_push): Likewise.
 9162 	(tailstack_flatten): Likewise.
 9163 	(callstack_flatten): Likewise.
 9164 	(history_flatten): Likewise.
 9165 	(opexe_0): New variable 'callsite', keep track of the expression if it
 9166 	is a call, implement the new opcodes, record function applications in
 9167 	the history.
 9168 	(opexe_6): Implement new opcode.
 9169 	(scheme_init_custom_alloc): Initialize history.
 9170 	(scheme_deinit): Free history.
 9171 	* tests/gpgscm/scheme.h (USE_HISTORY): New macro.
 9172 
 9173 	gpgscm: Add flag TAIL_CONTEXT.
 9174 	+ commit 01256694f006405c54bc2adef63ef0c8f07da9ee
 9175 	* tests/gpgscm/scheme.c (S_FLAG_TAIL_CONTEXT): New macro.  This flag
 9176 	indicates that the interpreter is evaluating an expression in a tail
 9177 	context (see R5RS, section 3.5).
 9178 	(opexe_0): Clear and set the flag according to the rules layed out in
 9179 	R5RS, section 3.5.
 9180 	(opexe_1): Likewise.
 9181 
 9182 	gpgscm: Add flags to the interpreter.
 9183 	+ commit a4a69163d9d7e4d9f3339eb5cda0afb947180b26
 9184 	* tests/gpgscm/scheme-private.h (struct scheme): Add field 'flags'.
 9185 	* tests/gpgscm/scheme.c (S_OP_MASK): New macro.
 9186 	(S_FLAG_MASK, s_set_flag, s_clear_flag, s_get_flag): Likewise.
 9187 	(_s_return): Unpack the encoded opcode and flags.
 9188 	(s_save): Encode the flags along with the opcode.  Use normal
 9189 	integers to encode the result.
 9190 	(scheme_init_custom_alloc): Initialize 'op' and 'flags'.
 9191 
 9192 	gpgscm: Implement tags.
 9193 	+ commit fcf5aea44627def43425d03881e20902e7c0331e
 9194 	* tests/gpgscm/opdefines.h: Add opcodes to create and retrieve tags.
 9195 	* tests/gpgscm/scheme.c (T_TAGGED): New macro.
 9196 	(mk_tagged_value): New function.
 9197 	(has_tag): Likewise.
 9198 	(get_tag): Likewise.
 9199 	(mark): Mark tag.
 9200 	(opexe_4): Implement new opcodes.
 9201 	* tests/gpgscm/scheme.h (USE_TAGS): New macro.
 9202 
 9203 2016-12-08  Werner Koch  <wk@gnupg.org>
 9204 
 9205 	gpg: Fix the fix out-of-bounds access.
 9206 	+ commit a75790b74095828f967c012eff7033f570d93077
 9207 	* g10/tofu.c (build_conflict_set): Revert to int* and fix calloc.
 9208 
 9209 	wks: New option --check for gpg-wks-client.
 9210 	+ commit d8c5e8ccfdb53cc327f7520fc7badc31d0c9c666
 9211 	* tools/call-dirmngr.c (wkd_get_key): New.
 9212 	* tools/gpg-wks-client.c (aCheck): New constant.
 9213 	(opts): New option "--check".
 9214 	(main): Call command_check.
 9215 	(command_check): New.
 9216 
 9217 	tools: Move a function from gpg-wks-server to wks-util.c.
 9218 	+ commit c3138decd77d788906885b638b344d0d1faf32c0
 9219 	* tools/gpg-wks-server.c (list_key_status_cb): Remove.
 9220 	(list_key): Move to ...
 9221 	* tools/wks-util.c (wks_list_key): here and rename.  Add new args
 9222 	R_FPR and R_MBOXES and remove the CTX.
 9223 	(list_key_status_cb): New.
 9224 	* tools/wks-util.c: Include ccparray.h, exectool.h, and mbox-util.h.
 9225 	* tools/gpg-wks-server.c (process_new_key): Replace list_key by
 9226 	wks_list_key.
 9227 	(check_and_publish): Ditto.
 9228 
 9229 2016-12-08  Justus Winter  <justus@g10code.com>
 9230 
 9231 	gpgscm: Generalize 'for-each-p'.
 9232 	+ commit a2bedc8ac6fcdcd1de0a9fa3d540006481387dff
 9233 	* tests/gpgscm/tests.scm (for-each-p): Generalize to N lists like
 9234 	for-each.
 9235 	(for-each-p'): Likewise.
 9236 
 9237 	g10: Fix out-of-bounds access.
 9238 	+ commit 3b5b94ceab7c0ed9501c5cf54b4efa17fcd7300a
 9239 	* g10/tofu.c (build_conflict_set): Use 'char'.
 9240 
 9241 2016-12-08  Werner Koch  <wk@gnupg.org>
 9242 
 9243 	tools: Fix use of uninitialized var in mime-maker.
 9244 	+ commit dd03667ab1062bba3b9413c3f8007d63302d1b31
 9245 	* tools/mime-maker.c (ensure_part): Make sure to set R_PARENT on
 9246 	error.
 9247 	(add_missing_headers): Ensure that ERR is set on success.
 9248 
 9249 	* tools/wks-util.c (wks_parse_policy): Fix indentation.
 9250 
 9251 	tools: Fix memleak in gpgconf.
 9252 	+ commit b265969154741bf9f93167699fe7ddda1d485265
 9253 	* tools/gpgconf.c (main): Free SOCKETDIR.
 9254 
 9255 	gpg: Fix portability problem.
 9256 	+ commit c3008bffac68b6f31e9ae9bad837cdce5de7c0db
 9257 	* g10/tofu.c (build_conflict_set): Replace variable dynamic array.
 9258 
 9259 2016-12-07  Justus Winter  <justus@g10code.com>
 9260 
 9261 	tests: Add test for '--quick-set-expire'.
 9262 	+ commit dec2ae31a46a0f41886c7ad228865cc573f2dea9
 9263 	* tests/openpgp/quick-key-manipulation.scm: Test '--quick-set-expire'.
 9264 
 9265 	tests: Improve quick key manipulation test.
 9266 	+ commit 92df40a3a2ae471fbba00d6d7040230404931fd4
 9267 	* tests/openpgp/quick-key-manipulation.scm: Do not update the trust
 9268 	database, rather be more specific when filtering the user ids.
 9269 
 9270 2016-12-06  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 9271 
 9272 	agent: Respect --enable-large-secmem.
 9273 	+ commit 8636ad5023a1bdc527add40a5508f8c5b7c35221
 9274 	* agent/gpg-agent.c (main): Initialize secmem to the configured buffer
 9275 	size.
 9276 
 9277 2016-12-06  Justus Winter  <justus@g10code.com>
 9278 
 9279 	tests: Add test importing a revocation certificate.
 9280 	+ commit e352ead43fbb0180e1f1c71bf1a000d1954eb777
 9281 	* tests/openpgp/Makefile.am (XTESTS): Add new test.
 9282 	* tests/openpgp/import-revocation-certificate.scm: New file.
 9283 	* tests/openpgp/samplemsgs/revoke-2D727CC768697734.asc: Likewise.
 9284 
 9285 	tests: Rename 'error' to 'fail'.
 9286 	+ commit 5b5d881f47c82f320abf440c20b7a1bac078a987
 9287 	* tests/gpgscm/tests.scm (error): Rename to 'fail'.  'error' is a
 9288 	primitive function (an opcode) of the TinySCHEME vm, and 'error' is
 9289 	also defined by R6RS.  Better avoid redefining that.  Fix all call
 9290 	sites.
 9291 	* tests/openpgp/4gb-packet.scm: Adapt.
 9292 	* tests/openpgp/decrypt-multifile.scm: Likewise.
 9293 	* tests/openpgp/ecc.scm: Likewise.
 9294 	* tests/openpgp/export.scm: Likewise.
 9295 	* tests/openpgp/gpgtar.scm: Likewise.
 9296 	* tests/openpgp/gpgv-forged-keyring.scm: Likewise.
 9297 	* tests/openpgp/import.scm: Likewise.
 9298 	* tests/openpgp/issue2015.scm: Likewise.
 9299 	* tests/openpgp/issue2346.scm: Likewise.
 9300 	* tests/openpgp/issue2419.scm: Likewise.
 9301 	* tests/openpgp/key-selection.scm: Likewise.
 9302 	* tests/openpgp/mds.scm: Likewise.
 9303 	* tests/openpgp/multisig.scm: Likewise.
 9304 	* tests/openpgp/setup.scm: Likewise.
 9305 	* tests/openpgp/signencrypt.scm: Likewise.
 9306 	* tests/openpgp/ssh-import.scm: Likewise.
 9307 	* tests/openpgp/tofu.scm: Likewise.
 9308 	* tests/openpgp/verify.scm: Likewise.
 9309 
 9310 	tests: Remove debugging display.
 9311 	+ commit 89ac071eb4c7539e98c7dc17e11f57c620b54e90
 9312 	* tests/openpgp/tofu.scm: Remove debugging display.
 9313 
 9314 2016-12-06  Neal H. Walfield  <neal@g10code.com>
 9315 
 9316 	tests: Update distributed files.
 9317 	+ commit 87972fdef2cd853fb97624d0765686674a19e3c4
 9318 	* tests/openpgp/Makefile.am (TEST_FILES): Remove tofu-keys.asc,
 9319 	tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and
 9320 	tofu-EE37CF96-1.txt.  Add tofu/conflicting/1C005AF3.gpg,
 9321 	tofu/conflicting/1C005AF3-secret.gpg, tofu/conflicting/1C005AF3-1.txt,
 9322 	tofu/conflicting/1C005AF3-2.txt, tofu/conflicting/1C005AF3-3.txt,
 9323 	tofu/conflicting/1C005AF3-4.txt, tofu/conflicting/1C005AF3-5.txt,
 9324 	tofu/conflicting/B662E42F.gpg, tofu/conflicting/B662E42F-secret.gpg,
 9325 	tofu/conflicting/B662E42F-1.txt, tofu/conflicting/B662E42F-2.txt,
 9326 	tofu/conflicting/B662E42F-3.txt, tofu/conflicting/B662E42F-4.txt,
 9327 	tofu/conflicting/B662E42F-5.txt, tofu/conflicting/BE04EB2B.gpg,
 9328 	tofu/conflicting/BE04EB2B-secret.gpg, tofu/conflicting/BE04EB2B-1.txt,
 9329 	tofu/conflicting/BE04EB2B-2.txt, tofu/conflicting/BE04EB2B-3.txt,
 9330 	tofu/conflicting/BE04EB2B-4.txt, tofu/conflicting/BE04EB2B-5.txt and
 9331 	tofu/conflicting/README.
 9332 
 9333 	doc: Improve the text in the gpg manual.
 9334 	+ commit 7572d270fcda1614648c6f08d711d5096ffebbe6
 9335 	* doc/gpg.texi: Improve the text.
 9336 
 9337 	g10: Avoid a memory leak.
 9338 	+ commit 6102099985c1b82b6c0bba0464c1f913cc673e96
 9339 	* g10/gpg.c (main): Free KB when we're done with it.
 9340 
 9341 	tests: Change (interactive-shell) to start an interactive shell.
 9342 	+ commit db6d8cfdc118131f497596ef1ffc121949377754
 9343 	* tests/gpgscm/tests.scm (interactive-shell): Start an interactive
 9344 	shell.
 9345 
 9346 	tests: Check the signature count in the TOFU TFS record.
 9347 	+ commit 17c717d7c92d9a52101fea7e396fc133322a8786
 9348 	* tests/openpgp/tofu.scm: Check the signature count in the TOFU TFS
 9349 	record.
 9350 
 9351 	tests: Replace data used by the TOFU conflict test.
 9352 	+ commit d5b18d6c55d65e8df2dd112651e3b9b3d9e6e27a
 9353 	* tests/openpgp/tofu-2183839A-1.txt: Remove file.
 9354 	* tests/openpgp/tofu-BC15C85A-1.txt: Remove file.
 9355 	* tests/openpgp/tofu-EE37CF96-1.txt: Remove file.
 9356 	* tests/openpgp/tofu-keys-secret.asc: Remove file.
 9357 	* tests/openpgp/tofu-keys.asc: Remove file.
 9358 	* tests/openpgp/tofu/conflicting/1C005AF3.gpg: New file.
 9359 	* tests/openpgp/tofu/conflicting/1C005AF3-secret.gpg: New file.
 9360 	* tests/openpgp/tofu/conflicting/1C005AF3-1.txt: New file.
 9361 	* tests/openpgp/tofu/conflicting/1C005AF3-2.txt: New file.
 9362 	* tests/openpgp/tofu/conflicting/1C005AF3-3.txt: New file.
 9363 	* tests/openpgp/tofu/conflicting/1C005AF3-4.txt: New file.
 9364 	* tests/openpgp/tofu/conflicting/1C005AF3-5.txt: New file.
 9365 	* tests/openpgp/tofu/conflicting/B662E42F.gpg: New file.
 9366 	* tests/openpgp/tofu/conflicting/B662E42F-secret.gpg: New file.
 9367 	* tests/openpgp/tofu/conflicting/B662E42F-1.txt: New file.
 9368 	* tests/openpgp/tofu/conflicting/B662E42F-2.txt: New file.
 9369 	* tests/openpgp/tofu/conflicting/B662E42F-3.txt: New file.
 9370 	* tests/openpgp/tofu/conflicting/B662E42F-4.txt: New file.
 9371 	* tests/openpgp/tofu/conflicting/B662E42F-5.txt: New file.
 9372 	* tests/openpgp/tofu/conflicting/BE04EB2B.gpg: New file.
 9373 	* tests/openpgp/tofu/conflicting/BE04EB2B-secret.gpg: New file.
 9374 	* tests/openpgp/tofu/conflicting/BE04EB2B-1.txt: New file.
 9375 	* tests/openpgp/tofu/conflicting/BE04EB2B-2.txt: New file.
 9376 	* tests/openpgp/tofu/conflicting/BE04EB2B-3.txt: New file.
 9377 	* tests/openpgp/tofu/conflicting/BE04EB2B-4.txt: New file.
 9378 	* tests/openpgp/tofu/conflicting/BE04EB2B-5.txt: New file.
 9379 	* tests/openpgp/tofu/conflicting/README: New file.
 9380 	* tests/openpgp/tofu.scm: Update accordingly.
 9381 
 9382 	g10: Remove dead code.
 9383 	+ commit bd9ebe1404c1395edd0e029023a9e780c90f6d73
 9384 	* g10/tofu.c (tofu_set_policy_by_keyid): Remove function.
 9385 
 9386 2016-12-05  Werner Koch  <wk@gnupg.org>
 9387 
 9388 	gpg: New option --quick-set-expire.
 9389 	+ commit 41b3d0975de65d1654f5e37c626d7c9b7c9a7a4d
 9390 	* g10/gpg.c (aQuickSetExpire): New.
 9391 	(opts): New option --quick-set-expire.
 9392 	(main): Implement option.
 9393 	* g10/keyedit.c (menu_expire): Add args FORCE_MAINKEY and
 9394 	NEWEXPIRATION.  Change semantics of the return value.  Change caller.
 9395 	(keyedit_quick_set_expire): New.
 9396 
 9397 2016-12-05  Justus Winter  <justus@g10code.com>
 9398 
 9399 	tests: New test for '--enarmor' and '--dearmor'.
 9400 	+ commit fae4d06b0ccaa9803e0c0da56c327b0bcfffcac5
 9401 	* tests/openpgp/Makefile.am (XTESTS): Add new test.
 9402 	* tests/openpgp/enarmor.scm: New file.
 9403 
 9404 2016-12-03  Werner Koch  <wk@gnupg.org>
 9405 
 9406 	gpg: Fix error code arg in ERRSIG status line.
 9407 	+ commit ef10c348bffc7dad19e1832bebc453755d209420
 9408 	* g10/mainproc.c (check_sig_and_print): Use gpg_err_code to return an
 9409 	error code in ERRSIG.
 9410 
 9411 2016-12-02  Werner Koch  <wk@gnupg.org>
 9412 
 9413 	gpg: New option --default-new-key-algo.
 9414 	+ commit ce29272e24e7b718b8fca9b84bc728e65f3dea24
 9415 	* common/openpgp-oid.c (openpgp_is_curve_supported): Add optional arg
 9416 	R_ALGO and change all callers.
 9417 	* common/util.h (GPG_ERR_UNKNOWN_FLAG): New error code.
 9418 	* g10/options.h (struct opt): Add field DEF_NEW_KEY_ALGO.
 9419 	* g10/gpg.c (oDefaultNewKeyAlgo): New enum.
 9420 	(opts): New option "--default-new-key-algo".
 9421 	(main): Set the option.
 9422 	* g10/keygen.c: Remove DEFAULT_STD_ FUTURE_STD_ constants and replace
 9423 	them by ...
 9424 	(DEFAULT_STD_KEY_PARAM, FUTURE_STD_KEY_PARAM): new string constants.
 9425 	(get_keysize_range): Remove arg R_DEF and return that value instead.
 9426 	Change all callers.
 9427 	(gen_rsa): Use get_keysize_range instead of the removed
 9428 	DEFAULT_STD_KEYSIZE.
 9429 	(parse_key_parameter_part): New function.
 9430 	(parse_key_parameter_string): New function.
 9431 	(quick_generate_keypair): Refactor using parse_key_parameter_string.
 9432 	(generate_keypair): Ditto.
 9433 	(parse_algo_usage_expire): Ditto.
 9434 
 9435 2016-12-02  Neal H. Walfield  <neal@g10code.com>
 9436 
 9437 	g10: Improve debugging output.
 9438 	+ commit cd532bb7b866e104304e2443cc942799c385daa5
 9439 	* g10/tofu.c (string_to_long): Improve debugging output.
 9440 	(string_to_ulong): Likewise.
 9441 
 9442 2016-12-01  Neal H. Walfield  <neal@g10code.com>
 9443 
 9444 	g10: In the TOFU module, make strings easier to translate.
 9445 	+ commit bd1a1d8582abcfd7f29812942fa70f88d0aec7cf
 9446 	* g10/tofu.c: Remove dead code.
 9447 	(time_ago_str): Simplify implementation since we only want the most
 9448 	significant unit.
 9449 	(format_conflict_msg_part1): Use ngettext.
 9450 	(ask_about_binding): Likewise and only emit full sentences.
 9451 	(show_statistics): Likewise.
 9452 
 9453 2016-12-01  Werner Koch  <wk@gnupg.org>
 9454 
 9455 	dirmngr: Add option --standard-resolver.
 9456 	+ commit 304566d3327ef0a85188cce3109d46d5ff47177a
 9457 	* dirmngr/dirmngr.c (oStandardResolver): New constant.
 9458 	(opts): New option --standard-resolver.
 9459 	(parse_rereadable_options): Set option.
 9460 	* dirmngr/dns-stuff.c: Refactor all code to support the new option.
 9461 	(standard_resolver): New var.
 9462 	(enable_standard_resolver, standard_resolver_p): New func.
 9463 	* dirmngr/http.c (connect_server): Remove USE_DNS_SRV build
 9464 	conditional.
 9465 	* dirmngr/ks-engine-hkp.c (map_host): Ditto.
 9466 	* dirmngr/server.c (cmd_getinfo) <dnsinfo>: Take care of new option
 9467 	* configure.ac (HAVE_ADNS_IF_TORMODE): Remove var ADNSLIB.  ac_define
 9468 	USE_ADNS in the adns checking code.  Remove options --disable-dns-srv
 9469 	and --disable-dns-cert.  Always look for the system resolver.  Print
 9470 	warning if no system resolver was found.
 9471 	(USE_DNS_CERT, USE_DNS_SRV): Remove ac_defines.
 9472 	(HAVE_SYSTEM_RESOLVER): New ac_define.
 9473 	(USE_DNS_SRV): Remove am_conditional; not used anyway.
 9474 
 9475 	gpg: Let only Dirmngr decide whether CERT is supported.
 9476 	+ commit 86efc3ee53abaf1e22b53c1b360c51829e476115
 9477 	* g10/getkey.c (parse_auto_key_locate): Do not build parts depending
 9478 	on USE_DNS_CERT.
 9479 
 9480 2016-12-01  Justus Winter  <justus@g10code.com>
 9481 
 9482 	tests,build: Fix distcheck.
 9483 	+ commit fbdfe6a514a95fb46f2b811a13709024e2baf252
 9484 	* tests/openpgp/Makefile.am (sample_msgs): Add messages required for
 9485 	the new test 'verify-multifile.scm'.
 9486 
 9487 	tests: Add test for '--verify --multifile'.
 9488 	+ commit 12af8e84a32df728462da09a00a8bec24a487720
 9489 	* tests/openpgp/Makefile.am (XTESTS): Add new test.
 9490 	* tests/openpgp/verify-multifile.scm: New file.
 9491 
 9492 2016-11-30  Justus Winter  <justus@g10code.com>
 9493 
 9494 	tests: Add test for '--encrypt --multifile'.
 9495 	+ commit 3c0569e99498c7470ebdb639b4c5ae829af92761
 9496 	* tests/openpgp/Makefile.am (XTESTS): Add new test.
 9497 	* tests/openpgp/encrypt-multifile.scm: New file.
 9498 
 9499 2016-11-29  Werner Koch  <wk@gnupg.org>
 9500 
 9501 	agent,dirmngr: Tiny restructuring.
 9502 	+ commit aa6ab9e0bc67fe9ce5601047e84ea4a875e8eb64
 9503 	* agent/gpg-agent.c (handle_connections): Add a comment.
 9504 	* dirmngr/dirmngr.c (main): Move assuan_sock_close of the listening
 9505 	socket to ...
 9506 	(handle_connections): here.  Add a comment why we keep the
 9507 	listening socket open during a shutdown.
 9508 
 9509 	agent,dirmngr: Handle corner case in shutdown mode.
 9510 	+ commit 854adc8ae19749e44cb79dfa0c5401f48012b13a
 9511 	* agent/gpg-agent.c (handle_connections): Keep on selecting on the
 9512 	inotify fd even when a shutdown is pending.
 9513 	* dirmngr/dirmngr.c (handle_connections): Ditto.  Also simplifyy the
 9514 	use of the HAVE_INOTIFY_INIT cpp conditional.
 9515 
 9516 	gpgsm: Allow decryption with a card returning a PKCS#1 stripped key.
 9517 	+ commit 8489b12211098ad58c008cfb74b5cb91849cf68d
 9518 	* sm/decrypt.c (prepare_decryption): Handle a 16 byte session key.
 9519 
 9520 	agent,w32: Initialize nPth in server mode.
 9521 	+ commit 81d6e98cdf4caa3aa92398fc3b8bed397b40f58d
 9522 	* agent/gpg-agent.c (main) [W32]: Call initialize_modules in server
 9523 	mode.
 9524 
 9525 	gpg: Make --decrypt with output '-&nnnn' work.
 9526 	+ commit a5910e00ace882b8a17169faf4607163ab454af9
 9527 	* g10/plaintext.c (get_output_file): Check and open special filename
 9528 	before falling back to stdout.
 9529 
 9530 	gpg,sm: Merge the two versions of check_special_filename.
 9531 	+ commit 60b4982836a00ef6b2a97d16f735b3f6b74dce62
 9532 	* sm/gpgsm.c (check_special_filename): Move to ..
 9533 	* common/sysutils.c (check_special_filename): here.  Add arg
 9534 	NOTRANSLATE.
 9535 	(allow_special_filenames): New local var.
 9536 	(enable_special_filenames): New public functions.
 9537 	* sm/gpgsm.c (allow_special_filenames): Remove var.
 9538 	(main): Call enable_special_filenames instead of setting the var.
 9539 	(open_read, open_es_fread, open_es_fwrite): Call
 9540 	check_special_filename with 0 for NOTRANSLATE.
 9541 	* common/iobuf.c (special_names_enabled): Remove var.
 9542 	(iobuf_enable_special_filenames): Remove func.
 9543 	(check_special_filename): Remove func.
 9544 	(iobuf_is_pipe_filename): Call new version of the function with
 9545 	NOTRANSLATE set.
 9546 	(do_open): Ditto.
 9547 	* g10/gpg.c (main): Call enable_special_filenames instead of
 9548 	iobuf_enable_special_filenames.
 9549 	* g10/gpgv.c (main): Ditto.
 9550 
 9551 2016-11-29  Justus Winter  <justus@g10code.com>
 9552 
 9553 	g10: Fix memory leak.
 9554 	+ commit 52385a2ba1bf7e53f500ffde5fd34f28e69cf76b
 9555 	* g10/decrypt.c (decrypt_messages): Properly decrease the reference
 9556 	count of the armor filters after pushing them.
 9557 
 9558 	tools,build: Build WKS tools against libintl.
 9559 	+ commit 9fb5e9c14557f7567cbc7c50b9881b7d7bfa2f12
 9560 	* tools/Makefile.am (gpg_wks_server_LDADD): Link against libintl.
 9561 	(gpg_wks_client_LDADD): Likewise.
 9562 
 9563 2016-11-29  Neal H. Walfield  <neal@g10code.com>
 9564 
 9565 	Improve some comments.
 9566 	+ commit 522f74f7e377135cf098b6b0b9b35284c1dfc963
 9567 
 9568 
 9569 	g10: Extend TOFU_STATS to always show the validity.
 9570 	+ commit 2f27cb12e30c9f6e780354eecc3ff0039ed52c63
 9571 	* doc/DETAILS (TOFU_STATS): Rename the VALIDITY field to SUMMARY.  Add
 9572 	a new field called VALIDITY.
 9573 	* g10/tofu.c (write_stats_status): Update output accordingly.
 9574 
 9575 2016-11-29  Justus Winter  <justus@g10code.com>
 9576 
 9577 	tests: Add test for '--decrypt --multifile'.
 9578 	+ commit bde4fddadc75ad6071e3fc6c0980905de14c03cb
 9579 	* tests/openpgp/Makefile.am (XTESTS): Add new test.
 9580 	* tests/openpgp/decrypt-multifile.scm: New file.
 9581 
 9582 	gpgscm: Avoid truncating pointers.
 9583 	+ commit e062bc4da8062b822ee85096d9adfcbca8dcb56a
 9584 	* tests/gpgscm/scheme.c (_alloc_cellseg): Avoid truncating pointers on
 9585 	systems where sizeof(unsigned long) < sizeof(void *).
 9586 
 9587 2016-11-29  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 9588 
 9589 	dirmngr: Lazily launch ldap reaper thread.
 9590 	+ commit f6728d13e8e544dbd4b9351ed981613e5504293f
 9591 	* dirmngr/dirmngr.c (main): Avoid calling ldap_wrapper_launch_thread()
 9592 	Before we need it.
 9593 	* dirmngr/ldap-wrapper.c (ldap_wrapper): Call
 9594 	ldap_wrapper_launch_thread() just in time (before any attempt to use
 9595 	an ldap subprocess).
 9596 
 9597 2016-11-29  Werner Koch  <wk@gnupg.org>
 9598 
 9599 	build: Remove more keywords from the generated ChangeLog.
 9600 	+ commit ecc126a7cef371e3b88e65715ba37fb77e92ea0f
 9601 	* build-aux/gitlog-to-changelog (parse_amend_file): Generalize keyword
 9602 	removal.
 9603 
 9604 2016-11-28  Justus Winter  <justus@g10code.com>
 9605 
 9606 	tests: Add test for the ssh key export.
 9607 	+ commit 47b8b9e2ce5af7fba117ae0b00e10bec414dcfb0
 9608 	* tests/openpgp/Makefile.am (XTESTS): Add new test.
 9609 	(sample_keys): Add new files.
 9610 	* tests/openpgp/samplekeys/authenticate-only.pub.asc: New file.
 9611 	* tests/openpgp/samplekeys/authenticate-only.sec.asc: Likewise.
 9612 	* tests/openpgp/ssh-export.scm: Likewise.
 9613 
 9614 	g10: Fix iteration over getkey results.
 9615 	+ commit 4db9a425644dccaf81b51ebc97b32a9cc21941a4
 9616 	* g10/getkey.c (getkey_next): Only ask 'lookup' for the exact match if
 9617 	our caller requested the key.  Fixes a crash in 'lookup'.
 9618 
 9619 	tests: Rename ssh test.
 9620 	+ commit cc1d21342659a7def5d662d0547579f9e0d3b109
 9621 	* tests/openpgp/ssh.scm: Rename to 'ssh-import.scm'.
 9622 	* tests/openpgp/Makefile (XTESTS): Likewise.
 9623 
 9624 2016-11-25  NIIBE Yutaka  <gniibe@fsij.org>
 9625 
 9626 	scd: Support OpenPGP card V3 for RSA.
 9627 	+ commit b89e63e5c326af71470124b410e6429cbd2b5c43
 9628 	* scd/app-openpgp.c (struct app_local_s): Remove max_cmd_data and
 9629 	max_rsp_data fields as Extended Capabilities bits are different.
 9630 	(get_cached_data) Use extcap.max_certlen_3.
 9631 	(get_one_do): Don't use exmode=1.
 9632 	(determine_rsa_response): New.
 9633 	(get_public_key, do_genkey): Call determine_rsa_response.
 9634 	(do_sign): Use keyattr[0].rsa.n_bits / 8, instead of max_rsp_data.
 9635 	(do_auth): Use keyattr[2].rsa.n_bits / 8, instead of max_rsp_data.
 9636 	(do_decipher): Likewise with Use keyattr[1].rsa.n_bits / 8.
 9637 	(show_caps): Remove max_cmd_data and max_rsp_data.
 9638 	(app_select_openpgp): Likewise.
 9639 
 9640 2016-11-23  Justus Winter  <justus@g10code.com>
 9641 
 9642 	gpgscm: Make 'reverse' compatible with 'reverse_in_place'.
 9643 	+ commit 005d326d19ba28005182205f25edc4f7499ec0b5
 9644 	* tests/gpgscm/scheme.c (reverse): Update prototype, add terminator
 9645 	argument.
 9646 	(opexe_4): Update callsite.
 9647 
 9648 	gpgscm: Clean sweeped cells.
 9649 	+ commit 3fb9954c43425775a517060959dad01fa00238f7
 9650 	* tests/gpgscm/scheme.c (gc): Zero typeflag and car of free cells.
 9651 
 9652 	gpgscm: Fix initialization of 'sink'.
 9653 	+ commit 7856e3efaad7614979bc0b91379a0a4dcbc739d5
 9654 	* tests/gpgscm/scheme.c (scheme_init_custom_alloc): Also initialize
 9655 	cdr.
 9656 
 9657 2016-11-23  Neal H. Walfield  <neal@g10code.com>
 9658 
 9659 	g10: Avoid gratuitously loading a keyblock when it is already available.
 9660 	+ commit 03a65a53231cc3132a50a1871e81a512c44da169
 9661 	* g10/trust.c (get_validity): Add new, optional parameter KB.  Only
 9662 	load the keyblock if KB is NULL.  Update callers.
 9663 	(get_validity): Likewise.
 9664 	* g10/trustdb.c (tdb_get_validity_core): Likewise.
 9665 
 9666 2016-11-22  Neal H. Walfield  <neal@g10code.com>
 9667 
 9668 	g10: Use es_fopen instead of open.
 9669 	+ commit bfeafe2d3f9bbaa7f11f3ad870a446141c038b0d
 9670 	* g10/tofu.c: Don't include <utime.h>, <fcntl.h> or <unistd.h>.
 9671 	(busy_handler): Replace use of open with es_fopen.
 9672 
 9673 	g10: If the set of UTKs changes, invalidate any changed policies.
 9674 	+ commit 44c17bcb003a3330f595a6ab144e8439b7b630cb
 9675 	* g10/trustdb.c (tdb_utks): New function.
 9676 	* g10/tofu.c (check_utks): New function.
 9677 	(initdb): Call it.
 9678 	* tests/openpgp/tofu.scm: Modify test to check the effective policy of
 9679 	keys whose effective policy changes when we change the set of UTKs.
 9680 
 9681 2016-11-22  NIIBE Yutaka  <gniibe@fsij.org>
 9682 
 9683 	scd: Fix receive buffer size.
 9684 	+ commit 5c2db9dedfe9dbb14ffec24751ca23a69cead94e
 9685 	* scd/apdu.c (send_le): Fix the size, adding two for status
 9686 	bytes to Le.
 9687 
 9688 2016-11-22  Justus Winter  <justus@g10code.com>
 9689 
 9690 	gpgscm: Refactor.
 9691 	+ commit a3b258d1d15953816e0567511ecc527a4ccdd626
 9692 	* tests/gpgscm/scheme.c (opexe_0): Reduce code duplication.
 9693 
 9694 	gpgscm: Fix property lists.
 9695 	+ commit d8df80427238cdbb9ae0f6dae8bc7e9c24f6e265
 9696 	* tests/gpgscm/opdefines.h (put, get): Check arguments.  Also rename
 9697 	to 'set-symbol-property' and 'symbol-property', the names used by
 9698 	Guile, because put and get are too unspecific.
 9699 	* tests/gpgscm/scheme.c (hasprop): Only symbols have property lists.
 9700 	(get_property): New function.
 9701 	(set_property): Likewise.
 9702 	(opexe_4): Use the new functions.
 9703 
 9704 	gpgscm: Fix installation of error handler.
 9705 	+ commit 7b4e2ea274ace22245264f1759279390d0300a62
 9706 	* tests/gpgscm/ffi.scm: Set '*error-hook*' again so that the
 9707 	interpreter will use our function.
 9708 
 9709 	gpgscm: Use a static pool of cells for small integers.
 9710 	+ commit 66834eb838a8892d088f6b7332084a64d9f15008
 9711 	* tests/gpgscm/scheme-private.h (struct scheme): New fields for the
 9712 	static integer cells.
 9713 	* tests/gpgscm/scheme.c (_alloc_cellseg): New function.
 9714 	(alloc_cellseg): Use the new function.
 9715 	(MAX_SMALL_INTEGER): New macro.
 9716 	(initialize_small_integers): New function.
 9717 	(mk_small_integer): Likewise.
 9718 	(mk_integer): Return a small integer if possible.
 9719 	(_s_return): Do not free 'op' if it is a small integer.
 9720 	(s_save): Use a small integer to box the opcode.
 9721 	(scheme_init_custom_alloc): Initialize small integers.
 9722 	(scheme_deinit): Free chunk of small integers.
 9723 	* tests/gpgscm/scheme.h (USE_SMALL_INTEGERS): New macro.
 9724 
 9725 	tests: Delay querying the avaliable algorithms.
 9726 	+ commit 893a3f7fb46021961914a8acdf1292a80e3eba93
 9727 	* tests/openpgp/defs.scm: Set verbosity earlier, turn 'all-*-algos'
 9728 	into promises.
 9729 	* tests/openpgp/conventional-mdc.scm: Force the promises.
 9730 	* tests/openpgp/conventional.scm: Likewise.
 9731 	* tests/openpgp/encrypt-dsa.scm: Likewise.
 9732 	* tests/openpgp/encrypt.scm: Likewise.
 9733 	* tests/openpgp/gpgtar.scm: Likewise.
 9734 	* tests/openpgp/sigs.scm: Likewise.
 9735 
 9736 	g10: Fix memory leak.
 9737 	+ commit 6ce14a805f1da687dfb8535db57730d5c7403db7
 9738 	* g10/tofu.c (tofu_notice_key_changed): Remove spurious duplicate call
 9739 	to 'hexfingerprint'.
 9740 
 9741 2016-11-21  Neal H. Walfield  <neal@g10code.com>
 9742 
 9743 	g10: Cache the effective policy.  Recompute it when required.
 9744 	+ commit 037f9de09298a31026ea2ab5fbd4a599b11cc34f
 9745 	* g10/tofu.c (initdb): Add column effective_policy to the bindings
 9746 	table.
 9747 	(record_binding): New parameters effective_policy and set_conflict.
 9748 	Save the effective policy.  If SET_CONFLICT is set, then set conflict
 9749 	according to CONFLICT.  Otherwise, preserve the current value of
 9750 	conflict.  Update callers.
 9751 	(get_trust): Don't compute the effective policy here...
 9752 	(get_policy): ... do it here, if it was not cached.  Take new
 9753 	parameters, PK, the public key, and NOW, the time that the operation
 9754 	started.  Update callers.
 9755 	(show_statistics): New parameter PK.  Pass it to get_policy.  Update
 9756 	callers.
 9757 	(tofu_notice_key_changed): New function.
 9758 	* g10/gpgv.c (tofu_notice_key_changed): New stub.
 9759 	* g10/import.c (import_revoke_cert): Take additional argument CTRL.
 9760 	Pass it to keydb_update_keyblock.
 9761 	* g10/keydb.c (keydb_update_keyblock): Take additional argument CTRL.
 9762 	Update callers.
 9763 	[USE_TOFU]: Call tofu_notice_key_changed.
 9764 	* g10/test-stubs.c (tofu_notice_key_changed): New stub.
 9765 	* tests/openpgp/tofu.scm: Assume that manually setting a binding's
 9766 	policy to auto does not cause the tofu engine to forget about any
 9767 	conflict.
 9768 
 9769 	g10: Correctly parameterize ngettext.
 9770 	+ commit 182efc5b5d20ac0d43501a22f349a23dc06a27a4
 9771 	* g10/tofu.c (ask_about_binding): Correctly parameterize ngettext.
 9772 
 9773 	g10: Don't use the same variable for multiple SQL compiled statements.
 9774 	+ commit 7142b293c870d73ce0146bfb90e6a556e0079650
 9775 	* g10/tofu.c (struct tofu_dbs_s): Remove unused field
 9776 	record_binding_update2.  Replace register_insert with
 9777 	register_signature and register_encryption.
 9778 	(tofu_register_signature): Don't use dbs->s.register_insert, but
 9779 	dbs->s.register_signature.
 9780 	(tofu_register_encryption): Don't use dbs->s.register_insert, but
 9781 	dbs->s.register_encryption.
 9782 
 9783 	g10: Add a convenience function for checking if a key is a primary key.
 9784 	+ commit 91a0483c5db8ee4510981448a705981ee1cce199
 9785 	* g10/keydb.h (pk_is_primary): New function.
 9786 	* g10/tofu.c (get_trust): Use it.
 9787 	(tofu_register_signature): Likewise.
 9788 	(tofu_register_encryption): Likewise.
 9789 	(tofu_set_policy): Likewise.
 9790 	(tofu_get_policy): Likewise.
 9791 
 9792 2016-11-21  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 9793 
 9794 	doc: Ship example gpg-agent-browser.socket in examples/systemd-user/.
 9795 	+ commit 0540cfbee455b197edd89b602a4b47ebf0be8588
 9796 	* doc/Makefile.am: Ship gpg-agent-browser.socket alongside the other
 9797 	systemd user service example files.
 9798 
 9799 2016-11-21  NIIBE Yutaka  <gniibe@fsij.org>
 9800 
 9801 	agent: Fix npth + daemon mode problem.
 9802 	+ commit 9a707a223a3d45ccf245dee7989ca144e4e6bb49
 9803 	* agent/gpg-agent.c (main): Remove duplicated initialization in daemon
 9804 	mode.
 9805 
 9806 2016-11-18  Werner Koch  <wk@gnupg.org>
 9807 
 9808 	Release 2.1.16.
 9809 	+ commit 0a641ad25d8c3b91dc32bb9f3f1ae49ae539a4f7
 9810 
 9811 
 9812 2016-11-18  Ineiev  <ineiev@gnu.org>
 9813 
 9814 	po: Update Russian translation.
 9815 	+ commit 11aaa9c6d4ed3e47de45b4aee925ab1065120988
 9816 
 9817 
 9818 2016-11-18  NIIBE Yutaka  <gniibe@fsij.org>
 9819 
 9820 	g10: Fix flags to open for lock of ToFU.
 9821 	+ commit 1c0b140cccfb884c6d07785c3284b9df06dccd3c
 9822 	* g10/tofu.c (busy_handler): Fix the flags and utime is not needed.
 9823 
 9824 2016-11-18  Werner Koch  <wk@gnupg.org>
 9825 
 9826 	dirmngr: Use a longer timer tick interval.
 9827 	+ commit 833eef974ad4721b9b3e247bae9c890476a936ce
 9828 	* dirmngr/dirmngr.c (TIMERTICK_INTERVAL): Always use 60 seconds like
 9829 	we did for WindowsCE.
 9830 
 9831 2016-11-18  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 9832 
 9833 	dirmngr: More w32 system daemon cleanup.
 9834 	+ commit b3a917201207898059c048dd101344765201b03c
 9835 	* dirmngr/dirmngr.c (handle_tick): Remove w32 tests for
 9836 	shutdown_pending; no longer needed.
 9837 
 9838 2016-11-18  NIIBE Yutaka  <gniibe@fsij.org>
 9839 
 9840 	g10: Fix creating a lock for ToFU.
 9841 	+ commit b2e1b17efa952afcf7aeec8b15e9d0088dba587a
 9842 	* g10/tofu.c (busy_handler): Add third argument which is mandatory for
 9843 	O_CREATE flag.
 9844 
 9845 	scd: Don't limit to ST-2xxx for PC/SC.
 9846 	+ commit b6066ab18a67195817babaf9eccf896c2b3c7b0e
 9847 	* scd/apdu.c (pcsc_vendor_specific_init): Only check vender ID.
 9848 
 9849 2016-11-17  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 9850 
 9851 	dirmngr: Use a default keyserver if none is explicitly set.
 9852 	+ commit 8fb482252436b3b4b0b33663d95d1d17188ad1d9
 9853 	* configure.ac: Define DIRMNGR_DEFAULT_KEYSERVER.
 9854 	* dirmngr/server.c (ensure_keyserver): Use it if no keyservers are set.
 9855 	* doc/dirmngr.texi: Document this behavior.
 9856 
 9857 	dirmngr: Add system CAs if no hkp-cacert is given.
 9858 	+ commit 7c1613d41566f7d8db116790087de323621205fe
 9859 	* dirmngr/dirmngr.c (http_session_new): If the user isn't talking to
 9860 	the HKPS pool, and they have not specified any hkp-cacert, then we
 9861 	should default to the system CAs, rather than nothing.
 9862 	* doc/dirmngr.texi: Document choice of CAs.
 9863 
 9864 	dirmngr: Register hkp-cacert even if the file doesn't exist yet.
 9865 	+ commit c4e02a3b7ad6ee1da6bfc439921378bdbd5c029c
 9866 	* dirmngr/dirmngr.c (parse_readable_options): If we're unable to turn
 9867 	an argument for hkp-cacert into an absolute filename, terminate
 9868 	completely.
 9869 	* dirmngr/http.c (http_register_tls_ca): Show a warning if file is not
 9870 	immediately accessible, but register it anyway.
 9871 
 9872 2016-11-17  Justus Winter  <justus@g10code.com>
 9873 
 9874 	gpgscm: Re-enable the garbage collector in case of errors.
 9875 	+ commit 4f189325a409bb08f7a8eabfac3f4579288cf5c5
 9876 	* tests/gpgscm/scheme.c (opexe_0): Enable gc before calling 'Error_1'.
 9877 
 9878 	gpgscm: Fix string.
 9879 	+ commit fc53a4d06eaf891143ab4efec9caffe31ebc2bc0
 9880 	* tests/gpgscm/scheme.c (type_to_string): Fix string.
 9881 
 9882 2016-11-17  Werner Koch  <wk@gnupg.org>
 9883 
 9884 	dirmngr: Auto-sownload the swdb.lst.
 9885 	+ commit bd91f92ace09263e3a91177f2a1644379baeb08a
 9886 	* dirmngr/dirmngr.h (struct opt): Add field allow_version_check.
 9887 	* dirmngr/dirmngr.c (oAllowVersionCheck): New.
 9888 	(opts): Add --allow-version-check.
 9889 	(network_activity_seen): New variable.
 9890 	(parse_rereadable_options): Set opt.allow_version_check.
 9891 	(main) <aGPGConfList>: Do not anymore set the no change flag for
 9892 	Windows.  Add allow-version-check.
 9893 	(netactivity_action): Set network_activity_seen.
 9894 	(housekeeping_thread): Call dirmngr_load_swdb.
 9895 	* tools/gpgconf-comp.c (gc_options_dirmngr): Add allow-version-check.
 9896 	Make "use-tor" available at Basic level.
 9897 
 9898 	dirmngr: Improve downloading of swdb.lst.
 9899 	+ commit c45ca316a54665915ae08399484db271566db7c0
 9900 	* dirmngr/loadswdb.c (time_of_saved_swdb): Aslo return the "verified"
 9901 	timestamp.
 9902 	(dirmngr_load_swdb): Avoid unnecessary disk or network access witout
 9903 	FORCE.  Do not update swdb.lst if it did not change.
 9904 
 9905 	gpgconf: Change the displayed names of the components.
 9906 	+ commit d8da5bc50b856db3445435780311c9f8e52a5144
 9907 
 9908 
 9909 2016-11-16  Werner Koch  <wk@gnupg.org>
 9910 
 9911 	dirmngr: Add command to only load the swdb.
 9912 	+ commit 52c10a280af6ce06eb1732ff35b095f2b8d24b9f
 9913 	* dirmngr/loadswdb.c: New.
 9914 	* dirmngr/Makefile.am (dirmngr_SOURCES): Add that file.
 9915 	* dirmngr/server.c: Remove includes cpparray.h and exectool.h.
 9916 	(cmd_loadswdb): New.
 9917 	(parse_version_number,parse_version_string): Remove.
 9918 	(my_mktmpdir, cmp_version): Remove.
 9919 	(fetch_into_tmpdir): Remove.
 9920 	(struct verify_swdb_parm_s): Remove.
 9921 	(verify_swdb_status_cb): Remove.
 9922 	(cmd_versioncheck): Remove.
 9923 	(register_commands): Register LOADSWDB.  Remove VERSIONCHECK.
 9924 
 9925 	scd,dirmngr: Keep the standard fds when daemonizing.
 9926 	+ commit 4839e6d002a8ad1f7d3260792c3c9641e258f342
 9927 	* dirmngr/dirmngr.c (main): Before calling setsid do not close the
 9928 	standard fds but connect them to /dev/null.
 9929 	* scd/scdaemon.c (main): Ditto.  Noet that the old test for a log
 9930 	stream was even reverted.
 9931 
 9932 	common: Rename keybox_file_rename to gnupg_rename_file.
 9933 	+ commit c4506a3f15bba5d257cb4c6738800c5e00ecc9a2
 9934 	* kbx/keybox-util.c (keybox_file_rename): Rename to ...
 9935 	* common/sysutils.c (gnupg_rename_file): this.  Change all callers.
 9936 
 9937 	wks: Always build gpg-wks-client.
 9938 	+ commit c564790df723beef031d83802bd7830737bd330a
 9939 	* tools/Makefile.am (gpg_wks_client): Remove macro.
 9940 	(libexec_PROGRAMS): Add gpg-wks-client.
 9941 
 9942 	gpg: New option --override-session-key-fd.
 9943 	+ commit 43bfaf2c5417ede621c0a07721952ea549a7a139
 9944 	* g10/gpg.c (oOverrideSessionKeyFD): New.
 9945 	(opts): Add option --override-session-key-fd.
 9946 	(main): Handle that option.
 9947 	(read_sessionkey_from_fd): New.
 9948 
 9949 2016-11-15  Werner Koch  <wk@gnupg.org>
 9950 
 9951 	gpgv: New option --enable-special-filenames.
 9952 	+ commit 500e594c2da530e69a63fc1a40d173458682fa0e
 9953 	* g10/gpgv.c (oEnableSpecialFilenames): New.
 9954 	(opts): Add option --enable-special-filenames.
 9955 	(main): Implement that option.
 9956 
 9957 	gpg: Add new compliance mode "de-vs".
 9958 	+ commit b47603a0ac24902c5bb000f8ef27cfb99aceeb81
 9959 	* g10/options.h (CO_DE_VS): New.
 9960 	(GNUPG): Also allow CO_DE_VS.
 9961 	* g10/gpg.c (oDE_VS): New.
 9962 	(parse_compliance_option): Add "de-vs".
 9963 	(set_compliance_option): Set "de-vs".
 9964 	* g10/misc.c (compliance_option_string): Return a description string.
 9965 	(compliance_failure): Ditto.
 9966 	* g10/keygen.c (ask_algo): Take care of CO_DE_VS.
 9967 	(get_keysize_range): Ditto.
 9968 	(ask_curve): Add new field to CURVES and trun flags into bit flags.
 9969 	Allow only Brainpool curves in CO_DE_VS mode.
 9970 
 9971 	gpg: Use usual free semantics for packet structure free functions.
 9972 	+ commit 8ea3b4c4102dc67ed83d4419b7171e422fc01047
 9973 	* g10/free-packet.c (free_attributes): Turn function into a nop for a
 9974 	NULL arg.
 9975 	(free_user_id): Ditto.
 9976 	(free_compressed): Ditto.
 9977 	(free_encrypted): Ditto.
 9978 	(free_plaintext): Ditto.
 9979 	(release_public_key_parts): Avoid extra check for NULL.
 9980 	* g10/getkey.c (get_best_pubkey_byname): Ditto.
 9981 
 9982 2016-11-15  Justus Winter  <justus@g10code.com>
 9983 
 9984 	g10: Optimize key iteration.
 9985 	+ commit 12834e84aca9d74800245f0f2f2e6b5123e76173
 9986 	* g10/getkey.c (get_best_pubkey_byname): Use the node returned by
 9987 	'getkey_next' instead of doing another lookup.
 9988 
 9989 	g10: Fix memory leak.
 9990 	+ commit d20107f6da094edd782947abb357abae5129a12c
 9991 	* g10/getkey.c (finish_lookup): Clarify that we do not return a
 9992 	reference.
 9993 	(lookup): Clarify the relation between RET_KEYBLOCK and RET_FOUND_KEY.
 9994 	Check arguments.  Actually release the node if it is not returned.
 9995 
 9996 	g10: Fix iteration over getkey results.
 9997 	+ commit 1d03cc77e1706f7da653153ad4b58c61e4fd2573
 9998 	* g10/getkey.c (getkey_next): Fix invocation of 'lookup'.  If we want
 9999 	to use RET_FOUND_KEY, RET_KEYBLOCK must be valid.
10000 
10001 	g10: Fix use-after-free.
10002 	+ commit bd60742925414e0ef2a497df827c1913ea211a44
10003 	* g10/getkey.c (pubkey_cmp): Make a copy of the user id.
10004 	(get_best_pubkey_byname): Free the user ids.
10005 
10006 2016-11-15  Werner Koch  <wk@gnupg.org>
10007 
10008 	sm: New stub option --compliance.
10009 	+ commit 26c7c1d72c5f2acb3edb58d610c09a635c87bdbf
10010 	* sm/gpgsm.c (oCompliance): New.
10011 	(opts): Add "--compliance".
10012 	(main): Implement as stub.
10013 
10014 2016-11-15  NIIBE Yutaka  <gniibe@fsij.org>
10015 
10016 	g10: Fix memory leak.
10017 	+ commit 1f7639ebbe58af1b581b0be7809da9ee55482992
10018 	* g10/keyedit.c (menu_adduid): Don't copy 'sig'.
10019 
10020 2016-11-15  Werner Koch  <wk@gnupg.org>
10021 
10022 	gpg: New option --compliance.
10023 	+ commit f86b1a15ad4bb7bcc1e9f7d209aabcb23641f7df
10024 	* g10/gpg.c (oCompliance): New.
10025 	(opts): Add "--compliance".
10026 	(parse_tofu_policy): Use a generic description string for "help".
10027 	(parse_compliance_option): New.
10028 	(main): Add option oCompliance.  Factor out code for compliance
10029 	setting to ...
10030 	(set_compliance_option): new.
10031 
10032 2016-11-15  Justus Winter  <justus@g10code.com>
10033 
10034 	g10: Fix memory leak.
10035 	+ commit 809d67e74014cb563efd965744fd11f87bbae743
10036 	* g10/keyedit.c (menu_adduid): Deallocate 'sig'.
10037 
10038 	gpgscm: Mark cells requiring finalization.
10039 	+ commit 64a58e23c38db8658423bbe26fcd650330e24a88
10040 	* tests/gpgscm/scheme.c (T_FINALIZE): New macro.
10041 	(mk_port): Use the new macro.
10042 	(mk_foreign_object): Likewise.
10043 	(mk_counted_string): Likewise.
10044 	(mk_empty_string): Likewise.
10045 	(gc): Only call 'finalize_cell' for cells with the new flag.
10046 
10047 	gpgscm: Recover more cells.
10048 	+ commit 93cc322ac06d3045a24aece90091f7f80f3dacb8
10049 	* tests/gpgscm/scheme.c (_s_return): Recover the cell holding the
10050 	opcode.
10051 
10052 2016-11-14  Justus Winter  <justus@g10code.com>
10053 
10054 	g10: Fix memory leak.
10055 	+ commit 2cd281c4def1ea881b92b9aba18c1892f89c1870
10056 	* g10/mainproc.c (check_sig_and_print): Free 'pk'.
10057 
10058 	gpgscm: Avoid cell allocation overhead.
10059 	+ commit 83c184a66b73f312425b01008f0495610e5329a4
10060 	* tests/gpgscm/scheme-private.h (struct scheme): New fields
10061 	'inhibit_gc', 'reserved_cells', and 'reserved_lineno'.
10062 	* tests/gpgscm/scheme.c (GC_ENABLED): New macro.
10063 	(USE_GC_LOCKING): Likewise.
10064 	(gc_reservations): Likewise.
10065 	(gc_reservation_failure): New function.
10066 	(_gc_disable): Likewise.
10067 	(gc_disable): New macro.
10068 	(gc_enable): Likewise.
10069 	(gc_enabled): Likewise.
10070 	(gc_consume): Likewise.
10071 	(get_cell_x): Consume reserved cell if garbage collection is disabled.
10072 	(_get_cell): Assert that gc is enabled.
10073 	(get_cell): Only record cell in the list of recently allocated cells
10074 	if gc is enabled.
10075 	(get_vector_object): Likewise.
10076 	(gc): Assert that gc is enabled.
10077 	(s_return): Add comment, adjust call to '_s_return'.
10078 	(s_return_enable_gc): New macro.
10079 	(_s_return): Add flag 'enable_gc' and re-enable gc if set.
10080 	(oblist_add_by_name): Use the new facilities to protect the
10081 	allocations.
10082 	(new_frame_in_env): Likewise.
10083 	(new_slot_spec_in_env): Likewise.
10084 	(s_save): Likewise.
10085 	(opexe_0): Likewise.
10086 	(opexe_1): Likewise.
10087 	(opexe_2): Likewise.
10088 	(opexe_5): Likewise.
10089 	(opexe_6): Likewise.
10090 	(scheme_init_custom_alloc): Initialize the new fields.
10091 
10092 2016-11-14  NIIBE Yutaka  <gniibe@fsij.org>
10093 
10094 	scd: Fix status info encoding.
10095 	+ commit 4ee4d0b02172cf56d9582bb99e32a65c75315b25
10096 	* scd/command.c (send_status_info): Do percent plus encoding correctly.
10097 
10098 2016-11-12  Werner Koch  <wk@gnupg.org>
10099 
10100 	agent: Improve concurrency when Libgcrypt 1.8 is used.
10101 	+ commit 6bf698197222bf6081c249c815aebb075e8ec820
10102 	* agent/gpg-agent.c (thread_init_once): Tell Libgcrypt to reinit the
10103 	system call clamp.
10104 	(agent_libgcrypt_progress_cb): Do not sleep if Libgcrypt is recent
10105 	enough.
10106 
10107 2016-11-11  Werner Koch  <wk@gnupg.org>
10108 
10109 	agent: Kludge to mitigate blocking calls in Libgcrypt.
10110 	+ commit 4473db1ef24031ff4e26c9a9de95dbe898ed2b97
10111 	* agent/gpg-agent.c (agent_libgcrypt_progress_cb): Sleep for 100ms on
10112 	"need_entropy".
10113 
10114 	dirmngr: Prepare to trigger jobs by network activity.
10115 	+ commit 7b04a43c05834b937b32a596f1941e9728add5fa
10116 	* dirmngr/http.c (netactivity_cb): New.
10117 	(http_register_netactivity_cb): New.
10118 	(notify_netactivity): New.
10119 	(connect_server): Call that function.
10120 	* dirmngr/dirmngr.c (main): Call http_register_netactivity_cb.
10121 	(netactivity_action): New stub handler.
10122 
10123 2016-11-11  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
10124 
10125 	agent: Clean up comments.
10126 	+ commit e51912f467fda963c7abcfcd4082d6eb084ba5be
10127 	* agent/agent.h: Clean up comments.
10128 
10129 2016-11-10  Werner Koch  <wk@gnupg.org>
10130 
10131 	gpg,sm: Add STATUS_ERROR keydb_search and keydb_add-resource.
10132 	+ commit 5d13581f4737c18430f6572dd4ef486d1ad80dd1
10133 	* g10/keydb.c (keydb_add_resource): Make ANY_REGISTERED
10134 	file-global.  Write a STATUS_ERROR.
10135 	(maybe_create_keyring_or_box): Check for non-accessible but existant
10136 	file.
10137 	(keydb_search): Write a STATUS_ERROR if no keyring has been registered
10138 	but continue to return NOT_FOUND.
10139 	* sm/keydb.c (keydb_add_resource): Rename ANY_PUBLIC to ANY_REGISTERED
10140 	and make file-global.  Write a STATUS_ERROR.
10141 	(keydb_search): Write a STATUS_ERROR if no keyring has been registered
10142 	but continue to return NOT_FOUND.  Also add new arg CTRL and change
10143 	all callers to pass it down.
10144 
10145 	sm: Remove unused arg SECRET from keydb functions.
10146 	+ commit c8044c6e335f044d7386b9e8869bc4a0d3adff70
10147 	* sm/keydb.c (struct resource_item): Remove field 'secret'.
10148 	(keydb_add_resource): Remove arg 'secret' and change all callers.
10149 	(keydb_new): Ditto.
10150 
10151 2016-11-10  Justus Winter  <justus@g10code.com>
10152 
10153 	gpgscm: Recover cells from the list of recently allocated cells.
10154 	+ commit ee08677d63a900cea85228024861a4f5c5a87c69
10155 	* tests/gpgscm/scheme.c (ok_to_freely_gc): Recover cells.
10156 
10157 	gpgscm: Recover cells used to maintain interpreter state.
10158 	+ commit e0cbd3389e2dd6ec19ee3a4c7bad81fa0f1907f5
10159 	* tests/gpgscm/scheme.c (free_cell): New function.
10160 	(free_cons): Likewise.
10161 	(_s_return): Use the new function to recover cells used to save the
10162 	state of the interpreter in 's_save'.  This reduces the need to do a
10163 	garbage collection considerably.
10164 
10165 	gpgscm: Reduce opcode dispatch overhead.
10166 	+ commit d3a98ff5bc972a4c9b01b9e5338a4a59b5b4ac48
10167 	* tests/gpgscm/scheme.c (s_thread_to): New macro.
10168 	(CASE): Likewise.
10169 	(opexe_[0-6]): Use 'CASE' instead of 'case' statements, replace
10170 	's_goto' with 's_thread_to' where applicable.
10171 
10172 	gpgscm: Make the compile-hook configurable.
10173 	+ commit 568cfcde45a0d6c456d8f8be1ea0e408416badad
10174 	* tests/gpgscm/scheme-private.h (struct scheme): Make field
10175 	'COMPILE_HOOK' optional.
10176 	* tests/gpgscm/scheme.c (opexe_0): Fix guard.
10177 	(scheme_init_custom_alloc): Conditionally initialize 'COMPILE_HOOK'.
10178 	* tests/gpgscm/scheme.h (USE_COMPILE_HOOK): Define to 1 by default.
10179 
10180 	gpgscm: Drop obsolete commented-out code.
10181 	+ commit 9ee184bc0afaea06785d836ed175b851b9ae532f
10182 	* tests/gpgscm/scheme.c (opexe_5): Drop obsolete code.
10183 
10184 	gpgscm: Remove dubious stack implementation.
10185 	+ commit d7c5799c282a03dcce0e3d327075233353cb76cc
10186 	* tests/gpgscm/scheme-private.h (struct scheme): Remove related fields.
10187 	* tests/gpgscm/scheme.c: Drop all !USE_SCHEME_STACK code.
10188 	* tests/gpgscm/scheme.h (USE_SCHEME_STACK): Remove macro.
10189 
10190 2016-11-10  Werner Koch  <wk@gnupg.org>
10191 
10192 	gpg: Improve error message for --quick-gen-key.
10193 	+ commit 088d955bd8a6ec8bbf76c8a4c01eb08499d1d9fa
10194 	* g10/keygen.c (parse_algo_usage_expire): Use a different error
10195 	message for an unknown algorithm name.
10196 
10197 	dirmngr: Improve concurrency in the non-adns case.
10198 	+ commit c7ea98cd3d44abf00e32c081e5049ad1d0b1f12c
10199 	* dirmngr/dns-stuff.c (map_adns_status_to_gpg_error): New.
10200 	(resolve_name_adns, get_dns_cert, get_dns_cname): Use that function.
10201 	(getsrv) [!USE_ADNS]: Call res_query outside of nPth.
10202 
10203 2016-11-08  Justus Winter  <justus@g10code.com>
10204 
10205 	tests: Fix environment setup.
10206 	+ commit 1062953d5132af674aacfc6372e3e9f066c5d145
10207 	* tests/openpgp/defs.scm (setup-legacy-environment): Do not call
10208 	'setup-environment' because that will start the agent, and hence
10209 	register the atexit function twice.
10210 
10211 	Fixes: a55393cb5f4b331cb3a715c7d9a8b91f7606f337
10212 
10213 	tests: Log and display output from tests when run in parallel.
10214 	+ commit 2a7615c48ed79e6b28710cc293ce30c812b2e5b0
10215 	* tests/openpgp/run-tests.scm (test): Add field 'logfd'.
10216 	(test::new, test::set-*): Adapt accordingly.
10217 	(test::set-logfd): New function.
10218 	(test::open-log-file): Likewise.
10219 	(test::run-sync): Use the new function.
10220 	(test::run-async): Likewise.
10221 	(test::report): Replay the log.
10222 	(run-tests-parallel): Reverse the results to restore the original
10223 	order.
10224 
10225 	tests: Simplify test.
10226 	+ commit 4dd4801bfa4c3f7ba279b3d171a8ed299dbffaaa
10227 	* tests/openpgp/issue2417.scm: Simplify.
10228 
10229 	gpgscm: Expose seek and associated constants.
10230 	+ commit 591d61d80f4f81176f7e236df794922df9e001a1
10231 	* tests/gpgscm/ffi.c (do_seek): New function.
10232 	(ffi_init): Expose 'seek' and 'SEEK_{SET,CUR,END}'.
10233 	* tests/gpgscm/lib.scm: Document the new function.
10234 
10235 	gpgscm: Fix error message.
10236 	+ commit d4454837cd60981c2863955b11c9e1cc8f9e3833
10237 	* tests/gpgscm/ffi.c (do_wait_processes): Fix and improve error
10238 	messages.
10239 
10240 	tests,w32: Make cleanup more robust.
10241 	+ commit dd13b2a561e31045fd3d3576bab99543cd4eb6cc
10242 	* tests/openpgp/run-tests.scm (run-tests-parallel): Catch errors when
10243 	removing the working directory.  On Windows this can fail if there is
10244 	still a process using one of the files there.
10245 	(run-tests-sequential): Likewise.
10246 
10247 	common,w32: Simplify locking.
10248 	+ commit 7cbb0803847b8db618d39ff50ae6015e409ab1ae
10249 	* common/asshelp.c (lock_spawning): Use the same code on Windows that
10250 	we use on all other platforms.
10251 	(unlock_spawning): Likewise.
10252 
10253 2016-11-07  Justus Winter  <justus@g10code.com>
10254 
10255 	tests: Write a log file for each test.
10256 	+ commit 26df829fa22f027ca4a5eaf155cdaa2123afbdd5
10257 	* tests/openpgp/Makefile.am (CLEANFILES): Delete logs.
10258 	* tests/openpgp/run-tests.scm (test::run-sync): Write logs.
10259 
10260 	gpgscm: Generalize splice to write to multiple sinks.
10261 	+ commit abe0cc7a21d2b0b5c77cc525b999d1ede2d29185
10262 	* tests/gpgscm/ffi.c (ordinal_suffix): New function.
10263 	(do_splice): Generalize splice to write to multiple sinks.
10264 	* tests/gpgscm/lib.scm (splice): Document this fact.
10265 
10266 	gpgscm: Drop 'len' argument from splice.
10267 	+ commit 4d98a72b88cf167295e1ecd6125b9c7a11b6239f
10268 	* tests/gpgscm/ffi.c (do_splice): Drop 'len' argument, no-one uses it.
10269 	* tests/gpgscm/lib.scm (splice): Document foreign function.
10270 
10271 	tests: Move environment creation and teardown into each test.
10272 	+ commit a55393cb5f4b331cb3a715c7d9a8b91f7606f337
10273 	* tests/gpgscm/tests.scm (log): New function.
10274 	* tests/openpgp/run-tests.scm (run-tests-parallel): Do not run the
10275 	startup and teardown scripts.
10276 	(run-tests-sequential): Likewise.
10277 	* tests/openpgp/setup.scm: Move all functions...
10278 	* tests/openpgp/defs.scm: ... here and make them less verbose.
10279 	(setup-environment): New function.
10280 	(setup-legacy-environment): Likewise.
10281 	(start-agent): Make less verbose, run 'stop-agent' at interpreter
10282 	exit.
10283 	(stop-agent): Make less verbose.
10284 	* tests/openpgp/finish.scm: Drop file.
10285 	* tests/openpgp/Makefile.am (EXTRA_DIST): Drop removed file.
10286 	* tests/openpgp/4gb-packet.scm: Use 'setup-environment' or
10287 	'setup-legacy-environment' as appropriate.
10288 	* tests/openpgp/armdetach.scm: Likewise.
10289 	* tests/openpgp/armdetachm.scm: Likewise.
10290 	* tests/openpgp/armencrypt.scm: Likewise.
10291 	* tests/openpgp/armencryptp.scm: Likewise.
10292 	* tests/openpgp/armor.scm: Likewise.
10293 	* tests/openpgp/armsignencrypt.scm: Likewise.
10294 	* tests/openpgp/armsigs.scm: Likewise.
10295 	* tests/openpgp/clearsig.scm: Likewise.
10296 	* tests/openpgp/conventional-mdc.scm: Likewise.
10297 	* tests/openpgp/conventional.scm: Likewise.
10298 	* tests/openpgp/decrypt-dsa.scm: Likewise.
10299 	* tests/openpgp/decrypt.scm: Likewise.
10300 	* tests/openpgp/default-key.scm: Likewise.
10301 	* tests/openpgp/detach.scm: Likewise.
10302 	* tests/openpgp/detachm.scm: Likewise.
10303 	* tests/openpgp/ecc.scm: Likewise.
10304 	* tests/openpgp/encrypt-dsa.scm: Likewise.
10305 	* tests/openpgp/encrypt.scm: Likewise.
10306 	* tests/openpgp/encryptp.scm: Likewise.
10307 	* tests/openpgp/export.scm: Likewise.
10308 	* tests/openpgp/finish.scm: Likewise.
10309 	* tests/openpgp/genkey1024.scm: Likewise.
10310 	* tests/openpgp/gpgtar.scm: Likewise.
10311 	* tests/openpgp/gpgv-forged-keyring.scm: Likewise.
10312 	* tests/openpgp/import.scm: Likewise.
10313 	* tests/openpgp/issue2015.scm: Likewise.
10314 	* tests/openpgp/issue2417.scm: Likewise.
10315 	* tests/openpgp/issue2419.scm: Likewise.
10316 	* tests/openpgp/key-selection.scm: Likewise.
10317 	* tests/openpgp/mds.scm: Likewise.
10318 	* tests/openpgp/multisig.scm: Likewise.
10319 	* tests/openpgp/quick-key-manipulation.scm: Likewise.
10320 	* tests/openpgp/seat.scm: Likewise.
10321 	* tests/openpgp/shell.scm: Likewise.
10322 	* tests/openpgp/signencrypt-dsa.scm: Likewise.
10323 	* tests/openpgp/signencrypt.scm: Likewise.
10324 	* tests/openpgp/sigs-dsa.scm: Likewise.
10325 	* tests/openpgp/sigs.scm: Likewise.
10326 	* tests/openpgp/ssh.scm: Likewise.
10327 	* tests/openpgp/tofu.scm: Likewise.
10328 	* tests/openpgp/use-exact-key.scm: Likewise.
10329 	* tests/openpgp/verify.scm: Likewise.
10330 	* tests/openpgp/version.scm: Likewise.
10331 	* tests/openpgp/issue2346.scm: Likewise and simplify.
10332 
10333 	tests: Do not allow tests to be run in a shared environment.
10334 	+ commit ac078469cbafe85cf771fca84f376740850d10b0
10335 	* tests/openpgp/README: Update.
10336 	* tests/openpgp/run-tests.scm (run-tests-parallel-shared): Drop
10337 	function.
10338 	(run-tests-parallel-isolated): Rename to 'run-tests-parallel'.
10339 	(run-tests-sequential-shared): Drop function.
10340 	(run-tests-sequential-isolated): Rename to 'run-tests-sequential'.
10341 
10342 	tests: Fix build.
10343 	+ commit 37751d2b194bc33539f5b9ea0e02e9f209d2bcf6
10344 	* tests/openpgp/Makefile.am: Drop dependency on 'mk-tdata'.
10345 
10346 	Fixes: 70215ff470c82d144e872057dfa5a478cc9195f2
10347 
10348 2016-11-07  Werner Koch  <wk@gnupg.org>
10349 
10350 	wks: Encrypt all client mails also the target key,
10351 	+ commit 56e1864aa337f36317534db521fd4434d70e0784
10352 	* tools/gpg-wks-client.c (encrypt_response): Add arg FINGERPRINT.
10353 	(send_confirmation_response): Ditto.
10354 	(process_confirmation_request): Parse out fingerprint and pass
10355 	send_confirmation_response.
10356 
10357 2016-11-07  Justus Winter  <justus@g10code.com>
10358 
10359 	tests,tools: Reimplement 'mk-tdata' in Scheme.
10360 	+ commit 70215ff470c82d144e872057dfa5a478cc9195f2
10361 	* tests/openpgp/defs.scm (tools): Drop 'mk-tdata'.
10362 	* tests/openpgp/setup.scm (make-test-data): New function.
10363 	* tests/openpgp/verify.scm: Avoid 'mk-tdata'.
10364 	* tools/Makefile.am (noinst_PROGRAMS): Drop 'mk-tdata'.
10365 	* tools/mk-tdata.c: Drop file.
10366 
10367 	gpgscm,w32: Provide schemish file handling for binary files.
10368 	+ commit 413cc50345557e0a516f33b98e8aab19bbc8b4fe
10369 	* tests/gpgscm/lib.scm (call-with-binary-input-file): New function.
10370 	(call-with-binary-output-file): Likewise.
10371 
10372 	gpgscm: Add support for pseudo-random numbers.
10373 	+ commit 6e677f9b55fdb610e93134042ee41ee5c641cbdf
10374 	* tests/gpgscm/ffi.c (do_getpid): New function.
10375 	(do_srandom): Likewise.
10376 	(random_scaled): Likewise.
10377 	(do_random): Likewise.
10378 	(do_make_random_string): Likewise.
10379 	(ffi_init): Expose the new functions.
10380 	* tests/gpgscm/lib.scm: Document the new functions.
10381 
10382 	g10: Fix crash.
10383 	+ commit 5840353d8bbcd9e75374f3bdb2547ffa7bbea897
10384 	* g10/getkey.c (get_best_pubkey_byname): If 'get_pubkey_byname' does
10385 	not return a getkey context, then it can return at most one key,
10386 	therefore there is nothing to rank.  Also, always initialize '*retctx'
10387 	to be on the safe side.
10388 
10389 	Fixes: ab89164be02012f1bf159c971853b8610e966301
10390 
10391 2016-11-04  Justus Winter  <justus@g10code.com>
10392 
10393 	gpgscm: Fix printing strings containing zero bytes.
10394 	+ commit 1f45878a72f23d4bae08d73b614096b485f35274
10395 	* tests/gpgscm/scheme.c (atom2str): Fix computing the length of Scheme
10396 	strings.  Scheme strings can contain zero bytes.
10397 
10398 	gpgscm: Implement 'atexit'.
10399 	+ commit 43f8006f5c75e3d15fe200e2fa41587a73bfb07b
10400 	* tests/gpgscm/ffi.scm (throw): Run *run-atexit-handlers* when
10401 	terminating the interpreter.
10402 	(*atexit-handlers*): New variable.
10403 	(*run-atexit-handlers*): New function.
10404 	(atexit): Likewise.
10405 	* tests/gpgscm/main.c (main): Run *run-atexit-handlers* at normal
10406 	interpreter shutdown.
10407 
10408 2016-11-04  NIIBE Yutaka  <gniibe@fsij.org>
10409 
10410 	scd: Fix length error for READKEY.
10411 	+ commit cd00b07ec26c3408e6aee66957b08c6fd319b700
10412 	* scd/app-openpgp.c (do_readkey): Decrement the length.
10413 
10414 	scd: Add --advanced option for READKEY.
10415 	+ commit f9da935c3eb302e75a80def51128fb6f669661d7
10416 	* scd/command.c (cmd_readkey) : Support ADVANCED arg.
10417 	* scd/app.c (app_readcert): Add ADVANCED arg.
10418 	* scd/app-openpgp.c (do_readkey): Implement ADVANCED arg.
10419 	* scd/app-nks.c (do_readkey): Error return with GPG_ERR_NOT_SUPPORTED.
10420 
10421 2016-11-03  Werner Koch  <wk@gnupg.org>
10422 
10423 	agent: Extend the PINENTRY_LAUNCHED inquiry and status.
10424 	+ commit c1ea0b577a468030d2b006317ba27fc1746c4b14
10425 	* agent/call-pinentry.c (start_pinentry): Get flavor and version and
10426 	pass it to agent_inq_pinentry_launched.
10427 	* agent/command.c (agent_inq_pinentry_launched): Add arg EXTRA.
10428 	* g10/server.c (gpg_proxy_pinentry_notify): Print a new diagnostic.
10429 
10430 2016-11-03  Justus Winter  <justus@g10code.com>
10431 
10432 	g10: Improve and unify key selection for -r and --locate-keys.
10433 	+ commit ab89164be02012f1bf159c971853b8610e966301
10434 	* g10/getkey.c (struct pubkey_cmp_cookie): New type.
10435 	(key_is_ok, uid_is_ok, subkey_is_ok): New functions.
10436 	(pubkey_cmp): Likewise.
10437 	(get_best_pubkey_byname): Likewise.
10438 	* g10/keydb.h (get_best_pubkey_byname): New prototype.
10439 	* g10/keylist.c (locate_one): Use the new function.
10440 	* g10/pkclist.c (find_and_check_key): Likewise.
10441 	* tests/openpgp/Makefile.am (XTESTS): Add new test.
10442 	(TEST_FILES): Add new files.
10443 	* tests/openpgp/key-selection.scm: New file.
10444 	* tests/openpgp/key-selection/0.asc: Likewise.
10445 	* tests/openpgp/key-selection/1.asc: Likewise.
10446 	* tests/openpgp/key-selection/2.asc: Likewise.
10447 	* tests/openpgp/key-selection/3.asc: Likewise.
10448 	* tests/openpgp/key-selection/4.asc: Likewise.
10449 
10450 	gpgscm,tests: Add new functions to the test environment.
10451 	+ commit 1ec07cbc209f247fd85704f5701564e31aa56d0b
10452 	* tests/gpgscm/lib.scm (first, last, powerset): New functions.
10453 	* tests/gpgscm/tests.scm (interactive-shell): New function.
10454 	* tests/openpgp/Makefile.am (EXTRA_DIST): Add new file.
10455 	* tests/openpgp/README: Document 'interactive-shell'.
10456 	* tests/openpgp/shell.scm: New file.
10457 
10458 2016-11-03  Werner Koch  <wk@gnupg.org>
10459 
10460 	gpgconf: Add a new field to the --query-swdb output.
10461 	+ commit d10b67b9bc32e8feff1be86e6646fc23e58fe45d
10462 	* tools/gpgconf.c (query_swdb): Insert new field with the installed
10463 	version.  Check that the supplied version does not contain a colon.
10464 
10465 2016-11-02  Werner Koch  <wk@gnupg.org>
10466 
10467 	gpgconf: Add command --query-swdb.
10468 	+ commit 0ed6a6df5aa421a9c5cdb1e63867f0deee79af9e
10469 	* tools/gpgconf.c (aQuerySWDB): New.
10470 	(opts): Add --query-swdb.
10471 	(valid_swdb_name_p): New.
10472 	(query_swdb): New.
10473 	(main): Implement command --query-swdb.
10474 
10475 	common: Improve compare_string_versions.
10476 	+ commit 488b183811fc25c1ae49b4730491accf1adf518e
10477 	* common/stringhelp.c: Include limits.h.
10478 	(compare_version_strings): Change semantics to behave like strcmp.
10479 	Include the patch lebel in the comparison.  Allow checking a single
10480 	version string.
10481 	* common/t-stringhelp.c (test_compare_version_strings): Adjust test
10482 	vectors and a few new vectors.
10483 	* g10/call-agent.c (warn_version_mismatch): Adjust to new sematics.
10484 	* g10/call-dirmngr.c (warn_version_mismatch): Ditto.
10485 	* sm/call-agent.c (warn_version_mismatch): Ditto.
10486 	* sm/call-dirmngr.c (warn_version_mismatch): Ditto.
10487 
10488 2016-11-02  Justus Winter  <justus@g10code.com>
10489 
10490 	gpgscm: Fix inclusion of readline header.
10491 	+ commit 60ad1a7f37ffc10e601e69a3e2d2bb14af510257
10492 	* tests/gpgscm/ffi.c: Define magic macro to prevent the completion
10493 	function from redefined.
10494 
10495 2016-11-02  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
10496 
10497 	build: Fix misspelled dirmngr.
10498 	+ commit 5e693ddfbe44d149ce0d9393d699c613ad5ea706
10499 
10500 
10501 	Spelling: correct spelling of "passphrase".
10502 	+ commit 68b59bbc42ba9ec69496758743924d54a95742f0
10503 	There were several different variant spellings of "passphrase".  This
10504 	should fix them all for all English text.
10505 
10506 	I did notice that po/it.po contains multiple instances of
10507 	"passhprase", which also looks suspect to me, but i do not know
10508 	Italian, so i did not try to correct it.
10509 
10510 2016-11-02  Justus Winter  <justus@g10code.com>
10511 
10512 	g10,w32: Fix build on Windows.
10513 	+ commit 5d4f1408d0dd055d412ae44bb4a0f28f74617f05
10514 	* g10/tofu.c (begin_transaction): Use the new 'gnupg_usleep'.
10515 
10516 2016-10-31  Werner Koch  <wk@gnupg.org>
10517 
10518 	common: New function gnupg_usleep.
10519 	+ commit ad491ceec6145b3781a05dc7b4a36052abeeb4b4
10520 	* configure.ac (HAVE_NANOSLEEP): Test for nanosleep.
10521 	* common/sysutils.c: Always include time.h.
10522 	(gnupg_usleep): New.
10523 
10524 2016-10-31  Andre Heinecke  <aheinecke@intevation.de>
10525 
10526 	w32: Fix PKG_CONFIG_LIBDIR in --build-w32.
10527 	+ commit 3b6b8fe32af7568ff51066d4c2e3679df6dea86f
10528 	* autogen.sh: Point pkg-config to the right location.
10529 
10530 2016-10-31  Neal H. Walfield  <neal@g10code.com>
10531 
10532 	g10: Avoid gratuitious SQLite aborts and starving writers.
10533 	+ commit 7a634e48b13c5d5d295b8fed9b429e1b2109a333
10534 	* g10/tofu.c: Include <time.h>, <utime.h>, <fcntl.h> and <unistd.h>.
10535 	(tofu_dbs_s): Add fields want_lock_file and want_lock_file_ctime.
10536 	(begin_transaction): Only yield if DBS->WANT_LOCK_FILE_CTIME has
10537 	changed since we took the lock.  Don't use gpgrt_yield to yield, but
10538 	sleep for 100ms.  After taking the batch lock, update
10539 	DBS->WANT_LOCK_FILE_CTIME.  Also take the batch lock the first time we
10540 	take the real lock.  When taking the real lock, use immediate not
10541 	deferred mode to avoid gratuitious aborts.
10542 	(end_transaction): When dropping the outermost real lock, drop the
10543 	batch lock.
10544 	(busy_handler): New function.
10545 	(opendbs): Set the busy handler to it when opening the DB.  Initialize
10546 	CTRL->TOFU.DBS->WANT_LOCK_FILE.
10547 	(tofu_closedbs): Free DBS->WANT_LOCK_FILE.
10548 
10549 2016-10-30  Neal H. Walfield  <neal@g10code.com>
10550 
10551 	g10: Avoid reading in keys when possible.
10552 	+ commit eec365a02bd35d2d5c9e4d2c8d18bcd9180cf859
10553 	* g10/tofu.c (build_conflict_set): If CONFLICT_SET contains a single
10554 	element, don't bother to check for cross sigs.  Add parameter PK.
10555 	Update callers.
10556 
10557 	g10: Fix bit setting.
10558 	+ commit 614ca00676bb8ca12b5107fec0e4ef8818445254
10559 	* g10/tofu.c (build_conflict_set): Fix bit setting.
10560 
10561 2016-10-28  Werner Koch  <wk@gnupg.org>
10562 
10563 	gpg: Enable the Issuer Fingerprint from rfc4880bis.
10564 	+ commit b6f08dbb0b45059cdbbb5d9be9725e437f42a8cc
10565 	* g10/build-packet.c (build_sig_subpkt_from_sig): Always write the new
10566 	Issuer Fingerprint sub-packet.
10567 	* g10/mainproc.c (check_sig_and_print): Always consider that
10568 	sub-packet.
10569 
10570 2016-10-27  Werner Koch  <wk@gnupg.org>
10571 
10572 	dirmngr: Fix signature checking.
10573 	+ commit 5a1f6a0062488aaf345b1c73ba98a540e673d619
10574 	* dirmngr/server.c: Include cpparray.h.
10575 	(verify_swdb_parm_s): New.
10576 	(verify_swdb_status_cb): New.
10577 	(cmd_versioncheck): Use gpgv to correclty verify the signature.
10578 	Rename some variable to comply with GNU standards.
10579 
10580 	gpg: Verify multiple detached signatures with different hash algos.
10581 	+ commit 8fced66be35db5ac2a6bfdb9bccb2c0e582d8256
10582 	* g10/mainproc.c (proc_tree): Loose check.  Enable all algos.
10583 
10584 	common: Add GNUPG_MODULE_NAME_GPGV.
10585 	+ commit ece9ade4b44fb3d5d120cfd32b23632e5efd2134
10586 	* common/util.h (GNUPG_MODULE_NAME_GPGV): New.
10587 	* common/homedir.c (gnupg_module_name): Implement.
10588 
10589 2016-10-27  Justus Winter  <justus@g10code.com>
10590 
10591 	g10: Fix iteration over getkey results.
10592 	+ commit 8ea72a776a88f3c851e812d258355be80caa1bc1
10593 	* g10/getkey.c (getkey_next): Return the public key in PK even if
10594 	RET_KEYBLOCK is NULL.
10595 
10596 	g10: Assert preconditions.
10597 	+ commit 66a0091d74768ab3a4a5342d3645e1834c59045a
10598 	* g10/getkey.c (get_pubkey_byname): Assert preconditions.
10599 
10600 2016-10-27  Werner Koch  <wk@gnupg.org>
10601 
10602 	dirmngr: Do not implement --supervised in Windows.
10603 	+ commit cf20b23c146c9e499263654644035796475de097
10604 	* dirmngr/dirmngr.c (opts) [W32]: Remove --supervised.
10605 	(main) [W32]: Ditto.
10606 
10607 	common: Remove debug output from gnupg_get_socket_name.
10608 	+ commit a9c8b5fbe7ae241bf45bdee15884abc7891aedf9
10609 	* common/sysutils.c (gnupg_get_socket_name): Remove debug message and
10610 	use my_error_from_syserror.
10611 
10612 2016-10-27  NIIBE Yutaka  <gniibe@fsij.org>
10613 
10614 	dirmngr: ADNS error handling fix.
10615 	+ commit 45dfc02b47f798f5a3b9973ca6a9f5a907d7e665
10616 	* dirmngr/dns-stuff.c (resolve_name_adns, get_dns_cert, get_dns_cname):
10617 	Use gpg_error and gpg_err_code_from_errno to compose the error value.
10618 
10619 2016-10-27  Werner Koch  <wk@gnupg.org>
10620 
10621 	gpg: Convey --quick option to dirmngr for --auto-key-retrieve.
10622 	+ commit a15ed5a1fd5307b3ec1822daf3b138b187db0b5e
10623 	* g10/call-dirmngr.c (gpg_dirmngr_ks_get): Add arg 'quick'.
10624 	(gpg_dirmngr_wkd_get): Ditto.
10625 	* g10/keyserver.c (keyserver_get): Add arg 'quick'.
10626 	(keyserver_get_chunk): Add arg 'quick'.
10627 	(keyserver_import_fprint): Ditto.  Change callers to pass 0 for it.
10628 	(keyserver_import_keyid): Ditto.
10629 	(keyserver_import_wkd): Ditto.
10630 	* g10/mainproc.c (check_sig_and_print): Call the 3 fucntions with
10631 	QUICK set.
10632 
10633 2016-10-27  NIIBE Yutaka  <gniibe@fsij.org>
10634 
10635 	common: Fix gnupg_inotify_has_name, differently.
10636 	+ commit 8b3d0d1a36cab83dafb98ccb7895144edb95e298
10637 	* common/sysutils.c (gnupg_inotify_has_name): Use void * to stop the
10638 	warning.
10639 
10640 	dirmngr: More ADNS error fix.
10641 	+ commit 6f1d8123d61b3efac94b4c61ee75bd947790ba42
10642 	* dirmngr/dns-stuff.c (get_dns_cert, getsrv, get_dns_cname): Fix return
10643 	value.
10644 
10645 	dirmngr: Fix error return for ADNS.
10646 	+ commit 8a9341b42cd1891090d45cc068bff84b2b3edb50
10647 	* dirmngr/dns-stuff.c (resolve_name_adns): Use RET for return value.
10648 
10649 	g10: Fix ECDH, clarifying the format.
10650 	+ commit ca0ee4e381d0b6a57e4ddc8f4bb2390eb97a2540
10651 	* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Returns error when
10652 	it's short.  Clarify the format.  Handle other prefixes correctly.
10653 
10654 	scd: Add 0x41 prefix for x-coordinate only result.
10655 	+ commit 6bbd97d6c771b2e2c7cfcff6d5a823f0fb44d443
10656 	* scd/app-openpgp.c (do_decipher): When it's x-coordinate only, add the
10657 	prefix 0x41.
10658 
10659 2016-10-27  Arnaud Fontaine  <arnaud.fontaine@ssi.gouv.fr>
10660 
10661 	g10: ECDH shared point format.
10662 	+ commit b648f28f9f8b889f1217a649ded1d45f261bb2bf
10663 	* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Improve handling of
10664 	ECDH shared point format.
10665 
10666 2016-10-27  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
10667 
10668 	dirmngr: Implement --supervised command (for systemd, etc).
10669 	+ commit 75f8aaf5bc2dc7fcffe2987a572d489155c91eb9
10670 	* dirmngr/dirmngr.c (main): Add new --supervised command, which is a
10671 	mode designed for running under a process supervision system like
10672 	systemd or runit.
10673 	* doc/dirmngr.texi: document --supervised option.
10674 
10675 	agent,common: move get_socket_name() into common.
10676 	+ commit 6316b28e896957adb76a61a41d2e1c2a08d9f716
10677 	* agent/gpg-agent.c (get_socket_name): move to ...
10678 	* common/sysutils.c (gnupg_get_socket_name): ... here.
10679 
10680 	dirmngr: report actual socket name.
10681 	+ commit 6bb6ac56cca8135666387a0b9d88dd6b50311418
10682 	* dirmngr/dirmngr.[ch] (dirmngr_get_current_socket_name): new function
10683 	to report known socket name.
10684 	* dirmngr/server.c (cmd_getinfo): use dirmngr_get_current_socket_name
10685 	to report correct socket name.
10686 
10687 2016-10-27  NIIBE Yutaka  <gniibe@fsij.org>
10688 
10689 	common: Fix gnupg_inotify_has_name.
10690 	+ commit bc28f320fa6f5b9fcdb73dba5e6c582daf7992c5
10691 	* common/sysutils.c (gnupg_inotify_has_name): Take care of the
10692 	alignment.
10693 
10694 	dirmngr: Fix help string and argument.
10695 	+ commit 96414baf36b8e6385b71847c789d489ebe176a93
10696 	* dirmngr/server.c (hlp_versioncheck): Add a newline.
10697 	(cmd_versioncheck): Fix argument.
10698 
10699 2016-10-26  Werner Koch  <wk@gnupg.org>
10700 
10701 	dirmngr: Fix hang due to deferred thread initialization.
10702 	+ commit d1ccab5176d7719328b287544b54b85e0277b146
10703 	* dirmngr/dirmngr.c (main): Call ldap_wrapper_launch_thread after
10704 	thread_init.
10705 
10706 	agent: Avoid double error message.
10707 	+ commit b77f95a4a675fd20f6eeb611f4e7b519eceb4ad3
10708 	* agent/gpg-agent.c (map_supervised_sockets): Shorten error message.
10709 	Remove unneeded diagnostic.
10710 
10711 	common: Use GPG_ERR_INV_VALUE instead of GPG_ERR_EINVAL.
10712 	+ commit ece13f177d948013b6f3df926406c0cd947abc25
10713 	* common/sysutils.c (gnupg_inotify_watch_socket): Return
10714 	GPG_ERR_INV_VALUE for a missing socket name and set proper error
10715 	source.
10716 
10717 	tests: Improve portability of fake-pinentry.
10718 	+ commit 21b318452abbfe21c45c2a67dae0e3a81cff1090
10719 	* tests/openpgp/fake-pinentry.c: Make all functions static.
10720 	(get_passphrase): s/unlink/remove/ because that is standard C.
10721 	(spacep): Rename to whitespace and change all callers.
10722 	(main): Move macro out of if-then chain.
10723 
10724 2016-10-26  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
10725 
10726 	agent: --supervised mode improvements.
10727 	+ commit 27f6d5b9f4b6057ddeb9ace87a1e7e61ebac63e6
10728 	* agent/gpg-agent.c (map_supervised_socket): if the agent is running
10729 	  in --supervised mode and is not actually given LISTEN_FDNAMES
10730 	  directives, require at least fd 3 to be open for listening.
10731 
10732 	common: avoid segfault.
10733 	+ commit 3b5f5e0eb02ecbdcf59722755f22a9d2f88de6e6
10734 	* common/sysutils.c (gnupg_inotify_watch_socket): return EINVAL if
10735 	  socket_name is NULL, rather than segfaulting
10736 
10737 2016-10-25  Justus Winter  <justus@g10code.com>
10738 
10739 	agent,tests,w32: Fix relaying pinentry user data, fix fake-pinentry.
10740 	+ commit 852b8f0b89d447536dfdf6cd4ea91615c75491ce
10741 	* agent/call-pinentry.c (start_pinentry): Also send the user data
10742 	using an Assuan 'OPTION' command.
10743 	* tests/openpgp/fake-pinentry.c (get_passphrase): Fix updating
10744 	passphrase file.
10745 	(spacep): Include newline characters.
10746 	(rstrip): New function.
10747 	(main): Handle Windows line endings.  Handle the userdata option, and
10748 	restart with the new options.
10749 
10750 	tests: Do not autostart gpg-agents on teardown.
10751 	+ commit f88f11a25665dca7490a09088aa24edf396e4c40
10752 	* tests/openpgp/defs.c (stop-agent): Use '--no-autostart' when calling
10753 	gpg-connect-agent.
10754 
10755 2016-10-25  Werner Koch  <wk@gnupg.org>
10756 
10757 	dirmngr: Allow command VERSIONCHECK to handle 3 part version numbers.
10758 	+ commit b120f358c25cc846ca9d841d47e71ca1a7fe02e4
10759 	* dirmngr/server.c (parse_version_string): Add arg MICRO and set it.
10760 	(cmp_version): Extend to handle the MICRO part.
10761 	(confucius_mktmpdir): Rename to my_mktmpdir.
10762 	(my_mktmpdir): xstrconcat does not fail; use strconcat.
10763 	(fetch_into_tmpdir): Improve error checking.
10764 
10765 	common: Use strconcat in gnupg_setenv.
10766 	+ commit 7983f8758703071710c11bf2a255efcd71836b65
10767 	* common/sysutils.c (gnupg_setenv): Replace malloc+stpcpy by
10768 	strconcat.  Indent cpp conditionals.
10769 	(gnupg_unsetenv): Indent cpp conditionals.
10770 
10771 2016-10-24  Werner Koch  <wk@gnupg.org>
10772 
10773 	gpg: Replace two sprintf calls.
10774 	+ commit 9d6146d6f9870fbfcec15cdc4becaf094d5a90e0
10775 	* g10/keygen.c (print_status_key_created): Use snprintf for now.
10776 	(ask_expire_interval): Replace xmalloc and sprintf by xasprintf.
10777 
10778 	agent: Minor cleanup for recent change in findkey.c.
10779 	+ commit 8c40b3b98d3ddeda79fde981e6539c5b3b09d9a2
10780 	* agent/findkey.c (agent_write_private_key): Avoid label name error.
10781 
10782 	agent: Slightly change structure of cmd_readkey.
10783 	+ commit fdb653a33ea1a24d1159880624dbbcc0867865b5
10784 	* agent/command.c (cmd_readkey): Avoid a leave label in the middle of
10785 	the code.  Remove the special return.
10786 
10787 2016-10-24  Kai Michaelis  <kai@gnupg.org>
10788 
10789 	dirmngr: Fix segfault in VERSIONCHECK.
10790 	+ commit 5e7dfd979d2d91800d90c3ce9a66755df3217682
10791 	* dirmngr/server.c (cmd_versioncheck): The VERSIONCHECK command crashes
10792 	when called without program version.
10793 
10794 2016-10-24  NIIBE Yutaka  <gniibe@fsij.org>
10795 
10796 	scd: Use canonical curve name of libgcrypt.
10797 	+ commit b1828c17fc475def1ee9e06f083f513f568c241b
10798 	* scd/app-openpgp.c (send_key_attr): Use curve instead of OID.
10799 	(ecdh_params): New.
10800 	(ecc_read_pubkey): Use ecdh_params.  Use curve name.
10801 	(ecc_writekey): Likewise.
10802 	(ecc_curve): Rename from ecc_oid.
10803 	(parse_algorithm_attribute): Use ecc_curve.
10804 	* g10/call-agent.c (learn_status_cb): Use openpgp_is_curve_supported to
10805 	intern the curve name string.
10806 	* g10/card-util.c (card_status): Conver curve name to alias for print.
10807 
10808 	common: Fix openpgp_is_curve_supported.
10809 	+ commit 945e7ab0ddedf5f58afd97d81e101939de5b5d89
10810 	* common/openpgp-oid.c (openpgp_is_curve_supported): Support both of
10811 	canonical name of the curve and alias.
10812 
10813 	g10: Fix card keygen for decryption.
10814 	+ commit acef0951646b47c87ccc1c616f0105a068e7ed86
10815 	* g10/keygen.c (do_generate_keypair): Fix arguments.
10816 
10817 2016-10-22  NIIBE Yutaka  <gniibe@fsij.org>
10818 
10819 	g10: More card key generation change.
10820 	+ commit 987bbb2276aeb6bee2793e8406e223717b605009
10821 	* g10/keygen.c (gen_card_key): Add back ALGO as the second argument.
10822 	Don't get ALGO by KEY-ATTR by this function.  It's caller to provide
10823 	ALGO.  Don't do that by both of caller and callee.
10824 	(generate_keypair): Only put paramerters needed.  Use parameters
10825 	for ALGO to call gen_card_key.
10826 	(generate_card_subkeypair): Get ALGO and call gen_card_key with it.
10827 
10828 2016-10-21  Andre Heinecke  <aheinecke@intevation.de>
10829 
10830 	g10: Write first keybox record in binary mode.
10831 	+ commit f7e50634be71ce3028726f23edf14454109a04a8
10832 	* g10/keydb.c (maybe_create_keyring_or_box): Open in binary mode.
10833 
10834 2016-10-21  NIIBE Yutaka  <gniibe@fsij.org>
10835 
10836 	g10,scd: Fix ECC keygen.
10837 	+ commit d2653b1a6db90aed073194a51fd61023d69773ec
10838 	* g10/keygen.c (generate_keypair): For card key generation, fill
10839 	parameters by KEY-ATTR.
10840 
10841 	* scd/app-openpgp.c (ecc_read_pubkey): OID should be freed at last,
10842 	after its reference by OIDBUF is finished.
10843 	(ecc_writekey): Likewise.
10844 
10845 	scd: Fix segfault changing key attr.
10846 	+ commit 693e657ff04756737dce025203c0deba480ea8de
10847 	* asc/app-openpgp.c (change_keyattr_from_string): Release after
10848 	allocated.
10849 
10850 2016-10-21  NIIBE Yutaka  <gniibe@fsij.org>
10851 	    Arnaud Fontaine  <arnaud.fontaine@ssi.gouv.fr>
10852 
10853 	g10: Don't ask keysize for for non-RSA card.
10854 	+ commit dafce6f698bec6e9d4c0125b90754d0687294e86
10855 	* g10/card-util.c (card_status): Bug fix for keyno.
10856 	(ask_card_rsa_keysize, do_change_rsa_keysize): Rename.
10857 	(generate_card_keys): Only ask keysize when RSA.
10858 	(card_generate_subkey): Likewise.
10859 
10860 	g10: Support ECC for gen_card_key.
10861 	+ commit 161cb22f13bcd8cbdb08558d9926b2168a8297ac
10862 	* g10/keygen.c (gen_card_key): Remove the first argument of ALGO.
10863 	(do_generate_keypair, generate_card_subkeypair): Follow the change.
10864 
10865 2016-10-21  NIIBE Yutaka  <gniibe@fsij.org>
10866 
10867 	Fix use cases of snprintf.
10868 	+ commit 6e85ac77af594035137950d801d8a1bacce548a3
10869 	* agent/call-pinentry.c, agent/call-scd.c, agent/command.c,
10870 	build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c,
10871 	dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c,
10872 	g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c,
10873 	sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99.
10874 
10875 	agent: Fix saving with FORCE=1.
10876 	+ commit 1ffd475f99eaff4e40950eda88702f8db9288eb5
10877 	* agent/findkey.c (agent_write_private_key): Recover from an error of
10878 	GPG_ERR_ENOENT when FORCE=1 and it is opened with "rb+".
10879 
10880 2016-10-20  Justus Winter  <justus@g10code.com>
10881 
10882 	tests: Simplify test.
10883 	+ commit 71158d8d5f823888abc8588caa6497860ce59c06
10884 	* tests/openpgp/quick-key-manipulation.scm: Avoid creating a temporary
10885 	home directory, just make the uids unique.
10886 
10887 	tests: Flush stdout in the fake pinentry.
10888 	+ commit ca9597f080f70a8435daaeb5449bef0462a1402a
10889 	* tests/openpgp/fake-pinentry.c (reply): Flush stdout.
10890 
10891 	common,w32: Fix setting environment variables on Windows.
10892 	+ commit 8c7c4faf3de28ca70a60e6b15f51c1b206e0ddd9
10893 	* common/sysutils.c (gnupg_setenv): Also update the environment block
10894 	maintained by the C runtime.
10895 	(gnupg_unsetenv): Likewise.
10896 	* tests/gpgscm/ffi.c (do_setenv): Fix error handling.
10897 
10898 	tests,w32: Cope with Windows line endings.
10899 	+ commit bf37916a23bd0929fc4a5f28c9a41f43c5a473f6
10900 	* tests/openpgp/issue2015.scm: Rstrip line before comparison.
10901 
10902 	tests: Create and remove socket directories.
10903 	+ commit 2d794779e0fd9d9a1efc98e7bd77a296a25f4293
10904 	* tests/openpgp/defs.scm (start-agent): Move function here and create
10905 	the socket directory prior to starting the agent.
10906 	(stop-agent): Move function here and remove the socket directory.
10907 	* tests/openpgp/finish.scm: Adapt.
10908 	* tests/openpgp/setup.scm: Likewise.
10909 
10910 2016-10-20  NIIBE Yutaka  <gniibe@fsij.org>
10911 
10912 	agent, g10: Fix keygen.
10913 	+ commit 9a34e2142b426b98c73fd888102ea1596bbce62a
10914 	* agent/command.c (cmd_readkey): Get length after card_readkey.
10915 	* g10/keygen.c (gen_card_key): Fix off-by-one error.
10916 
10917 	scd: GENKEY updates the public key in APP.
10918 	+ commit b680f79cc112c4831293e259d7db2921bcd783a4
10919 	* scd/app-openpgp.c (rsa_read_pubkey, ecc_read_pubkey): New.
10920 	(read_public_key): New.
10921 	(get_public_key, do_genkey): Use read_public_key.
10922 
10923 	g10: smartcard keygen change.
10924 	+ commit 980c037bedb968ddf155dd334c0a70b918a17759
10925 	* g10/call-agent.c (scd_genkey_cb_append_savedbytes): Remove.
10926 	(scd_genkey_cb): Only handle KEY-CREATED-AT and PROGRESS.
10927 	(agent_scd_genkey): Remove INFO argument.  CREATETIME is now in/out
10928 	argument.
10929 	(agent_readkey): Use READKEY --card instead of SCD READKEY.
10930 	* g10/keygen.c (gen_card_key): Use READKEY --card command of the agent
10931 	to retrieve public key information from card and let the agent make
10932 	a file for private key with shadow info.
10933 
10934 	agent: Add --card option for READKEY.
10935 	+ commit 82cbab906a3e72a98fdc16096f2f0451465969a2
10936 	* agent/findkey.c (agent_write_shadow_key): New.
10937 	* agent/command-ssh.c (card_key_available): Use agent_write_shadow_key.
10938 	* agent/learncard.c (agent_handle_learn): Likewise.
10939 	* agent/command.c (cmd_readkey): Add --card option.
10940 
10941 2016-10-19  Kai Michaelis  <kai@gnupg.org>
10942 
10943 	dirmngr: improve VERSIONCHECK.
10944 	+ commit 72a99f582dad4cb4c3b05b97c7ebb8d537f10b79
10945 	Replace strtok_r() and code formatting. Use code from libgpg-error for
10946 	version comparison.
10947 
10948 2016-10-18  Justus Winter  <justus@g10code.com>
10949 
10950 	common: Fix copying data to estreams.
10951 	+ commit 8dce5ee55a0268d196023224dcf3020306922490
10952 	* common/exectool.c (copy_buffer_do_copy): Correctly account for
10953 	partially written data in the event of errors.
10954 
10955 	common,w32: Communicate with child in non-blocking mode.
10956 	+ commit 05a1e412332dd980353a4e3e59bc75ba40bae7fc
10957 	* common/exechelp-w32.c (gnupg_spawn_process): Open streams in
10958 	non-blocking mode if requested.
10959 
10960 	common,w32: Extend gnupg_create_inbound_pipe et al.
10961 	+ commit f2d39a6d051413289c717b9cd2dc387a270b8e7c
10962 	* common/exechelp-w32.c (do_create_pipe): Rename, add arguments, and
10963 	create a stream if reqested.
10964 	(gnupg_create_inbound_pipe): Use the extended function to open the
10965 	stream if requested.
10966 	(gnupg_create_outbound_pipe): Likewise.
10967 	(gnupg_create_pipe): Update call site.
10968 
10969 	common,w32: Make use of default_errsource in exechelp.
10970 	+ commit 727ca74bb942464217e678012cccbfc347ae08a5
10971 	* common/exechelp-posix.c (my_error_from_syserror, my_error): New.
10972 	Use them instead of gpg_error and gpg_error_from_syserror.
10973 
10974 2016-10-18  NIIBE Yutaka  <gniibe@fsij.org>
10975 	    Arnaud Fontaine  <arnaud.fontaine@ssi.gouv.fr>
10976 
10977 	scd: Support ECC key generation.
10978 	+ commit 34439da2d62b964a914ace66bae7e38f619582a4
10979 	* scd/app-openpgp.c (get_public_key): Fix a message.
10980 	(change_keyattr_from_string, ecc_writekey): Call mpi_release sooner.
10981 	(do_genkey): Add ECC support.
10982 
10983 2016-10-18  NIIBE Yutaka  <gniibe@fsij.org>
10984 
10985 	scd: minor cleanup to merge other works.
10986 	+ commit f1845f25dbea79c191427710fa56ed01e63a045b
10987 	* scd/iso7816.c (do_generate_keypair): Use const char * for DATA.
10988 	(iso7816_generate_keypair, iso7816_read_public_key): Likewise.
10989 	* scd/app-openpgp.c (get_public_key): Follow the change.
10990 	(do_genkey): Ditto.  Use ERR instead of RC.  Use u32 for CREATED_AT.
10991 
10992 2016-10-17  Justus Winter  <justus@g10code.com>
10993 
10994 	gpgscm: Initialize nesting stack.
10995 	+ commit c2e713d9e25ef8b61e8eeb3c01ee1e31cb70b794
10996 	* tests/gpgscm/scheme.c (scheme_init_custom_alloc): Initialize nesting
10997 	stack.
10998 
10999 2016-10-17  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
11000 
11001 	doc: Document how to manually shut down gpg-agent.
11002 	+ commit 869c06efa791bbc8330becdb3f13f7cf9506257e
11003 	* doc/gpg-agent.texi: document "gpgconf --kill gpg-agent" for manual
11004 	  agent termination.
11005 
11006 	This was requested in a side-comment in https://bugs.debian.org/840669
11007 
11008 	doc: Point gpg-agent(1) at the right gpg manpage in SEE ALSO.
11009 	+ commit c53ce53ab1fa6a328c368f2a15e3ccd803f03ee2
11010 	* doc/gpg-agent.texi (SEE ALSO): refer to @gpgname, instead of
11011 	  hard-coding "gpg2".
11012 
11013 2016-10-17  NIIBE Yutaka  <gniibe@fsij.org>
11014 
11015 	scd: Fix keytocard for ECC.
11016 	+ commit 25428be52168fa9c581b7f11c95a5c63b25343b7
11017 	* scd/app-openpgp.c (build_ecc_privkey_template): Size can be greater
11018 	than 128 when it comes with public key for curve of larger field.
11019 
11020 	gpgconf: Fix for --homedir.
11021 	+ commit 70a8584ec4389209762eb65bb77f20f7881577be
11022 	* tools/gpgconf-comp.c (gpg_agent_runtime_change,
11023 	scdaemon_runtime_change, dirmngr_runtime_change): Provide the homedir
11024 	arguments by --homedir when it's not default.
11025 
11026 2016-10-16  Werner Koch  <wk@gnupg.org>
11027 
11028 	agent: Use straightforward names for the default socket names.
11029 	+ commit 0b0f9a3788cb5d3c26cec16cd24acc973069d280
11030 	* configure.ac (GPG_AGENT_SOCK_NAME): Change name to *.extra.
11031 	(GPG_AGENT_EXTRA_SOCK_NAME): Change name to *browser.
11032 
11033 2016-10-15  Werner Koch  <wk@gnupg.org>
11034 
11035 	agent: Move inotify code to common and improve it.
11036 	+ commit 2f7d4c38c9e7bcc14e6e0bf219d688c40a4afecb
11037 	* common/sysutils.c: Include sys/inotify.h.
11038 	(my_error_from_syserror, my_error): New.
11039 	(gnupg_inotify_watch_socket): New.
11040 	(gnupg_inotify_has_name): New.
11041 	* agent/gpg-agent.c: Do not include sys/inotify.h.
11042 	(my_inotify_is_name): Remove.
11043 	(handle_connections): Remove HAVE_INOTIFY_INIT protected code and use
11044 	the new functions.
11045 
11046 2016-10-14  Kai Michaelis  <kai@gnupg.org>
11047 
11048 	dirmngr: use gnupg_mkdtemp instead of mkstemp.
11049 	+ commit c318561ef4c97f0c2767aef377531d58174060a1
11050 	MinGW on debian does not support mkstemp.
11051 
11052 	dirmngr: add VERSIONCHECK command.
11053 	+ commit f99c5fa1c970dc1122ac62371eb8d758f380ed57
11054 	Given an application name and version VERSIONCHECK fetches the software
11055 	version list from version.gnupg.org, verifies the signature and returns
11056 	whenever the given version is older (UPDATE), current (CURRENT) or newer
11057 	(ROLLBACK).
11058 
11059 2016-10-13  Neal H. Walfield  <neal@g10code.com>
11060 
11061 	tests: Use shorter filenames.
11062 	+ commit 0c56ad5a8d89d69a9ed00571720b3b105f955214
11063 	* tests/openpgp/tofu/cross-sigs/
11064 	  1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg: Rename from this...
11065 	* tests/openpgp/tofu/cross-sigs/EC38277E-1.gpg: .. to this.
11066 	* tests/openpgp/tofu/cross-sigs/
11067 	  1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt: Rename from this...
11068 	* tests/openpgp/tofu/cross-sigs/EC38277E-1.txt: .. to this.
11069 	* tests/openpgp/tofu/cross-sigs/
11070 	  1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg: Rename from this...
11071 	* tests/openpgp/tofu/cross-sigs/EC38277E-2.gpg: .. to this.
11072 	* tests/openpgp/tofu/cross-sigs/
11073 	  1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt: Rename from this...
11074 	* tests/openpgp/tofu/cross-sigs/EC38277E-2.txt: .. to this.
11075 	* tests/openpgp/tofu/cross-sigs/
11076 	  1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt: Rename from this...
11077 	* tests/openpgp/tofu/cross-sigs/EC38277E-3.txt: .. to this.
11078 	* tests/openpgp/tofu/cross-sigs/
11079 	  1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg: Rename from
11080 	  this...
11081 	* tests/openpgp/tofu/cross-sigs/EC38277E-secret.gpg: .. to this.
11082 	* tests/openpgp/tofu/cross-sigs/
11083 	  DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg: Rename from this...
11084 	* tests/openpgp/tofu/cross-sigs/871C2247-1.gpg: .. to this.
11085 	* tests/openpgp/tofu/cross-sigs/
11086 	  DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt: Rename from this...
11087 	* tests/openpgp/tofu/cross-sigs/871C2247-1.txt: .. to this.
11088 	* tests/openpgp/tofu/cross-sigs/
11089 	  DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg: Rename from this...
11090 	* tests/openpgp/tofu/cross-sigs/871C2247-2.gpg: .. to this.
11091 	* tests/openpgp/tofu/cross-sigs/
11092 	  DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt: Rename from this...
11093 	* tests/openpgp/tofu/cross-sigs/871C2247-2.txt: .. to this.
11094 	* tests/openpgp/tofu/cross-sigs/
11095 	  DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg: Rename from this...
11096 	* tests/openpgp/tofu/cross-sigs/871C2247-3.gpg: .. to this.
11097 	* tests/openpgp/tofu/cross-sigs/
11098 	  DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt: Rename from this...
11099 	* tests/openpgp/tofu/cross-sigs/871C2247-3.txt: .. to this.
11100 	* tests/openpgp/tofu/cross-sigs/
11101 	  DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg: Rename from this...
11102 	* tests/openpgp/tofu/cross-sigs/871C2247-4.gpg: .. to this.
11103 	* tests/openpgp/tofu/cross-sigs/
11104 	  DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg: Rename from
11105 	  this...
11106 	* tests/openpgp/tofu/cross-sigs/871C2247-secret.gpg: .. to this.
11107 	* tests/openpgp/Makefile.am (TEST_FILES): Update accordingly.
11108 
11109 	g10: Be more careful when checking if a binding is signed by a UTK.
11110 	+ commit 95d0f3e5eebd85dcf226dca14891a1215bfe93ae
11111 	* g10/tofu.c (signed_by_utk): When checking if a key is signed by an
11112 	ultimately trusted key, only consider the signatures on the specified
11113 	user id.
11114 	* tests/openpgp/tofu.scm: Add test for the above.
11115 
11116 	tests: Add test data to TEST_FILES.
11117 	+ commit d2d936fbe86d61b89cead95df633b2b575690e05
11118 	* tests/openpgp/Makefile.am (TEST_FILES): Add new test data.
11119 
11120 	g10: Be more careful when checking cross signatures.
11121 	+ commit 4c0389f8eb19ae7dfd9c5d784a629b386d93cc5c
11122 	* g10/tofu.c (cross_sigs): When checking cross signatures, only
11123 	consider the signatures on the specified user id.
11124 	* tests/openpgp/tofu.scm: Add test for the above.
11125 	* tests/openpgp/tofu/cross-sigs/
11126 	  1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg:
11127 	  New file.
11128 	* tests/openpgp/tofu/cross-sigs/
11129 	  1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt: New file.
11130 	* tests/openpgp/tofu/cross-sigs/
11131 	  1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg: New file.
11132 	* tests/openpgp/tofu/cross-sigs/
11133 	  1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt: New file.
11134 	* tests/openpgp/tofu/cross-sigs/
11135 	  1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt: New file.
11136 	* tests/openpgp/tofu/cross-sigs/
11137 	  1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg: New file.
11138 	* tests/openpgp/tofu/cross-sigs/
11139 	  DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg: New file.
11140 	* tests/openpgp/tofu/cross-sigs/
11141 	  DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt: New file.
11142 	* tests/openpgp/tofu/cross-sigs/
11143 	  DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg: New file.
11144 	* tests/openpgp/tofu/cross-sigs/
11145 	  DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt: New file.
11146 	* tests/openpgp/tofu/cross-sigs/
11147 	  DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg: New file.
11148 	* tests/openpgp/tofu/cross-sigs/
11149 	  DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt: New file.
11150 	* tests/openpgp/tofu/cross-sigs/
11151 	  DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg: New file.
11152 	* tests/openpgp/tofu/cross-sigs/
11153 	  DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg: New file.
11154 	* tests/openpgp/tofu/cross-sigs/README: New file.
11155 
11156 	g10: Still check if the key is an UTK or cross signed in batch mode.
11157 	+ commit e09166c77273f459c8f87cab9224f85808af2cba
11158 	* g10/tofu.c (get_trust): If POLICY is ask, but we can't ask, don't
11159 	bail immediately.  Instead, check if the key in question is an
11160 	ultimately trusted key or cross signed.
11161 
11162 	g10: If an sqlite operation fails, map the error code to GPG_ERR_GENERAL
11163 	+ commit 5bf92e51dfdfb4f4746ecd817d8d2240ed27ea74
11164 	* g10/tofu.c (get_policy): If an sqlite operation fails, map the error
11165 	  code to GPG_ERR_GENERAL.
11166 	(ask_about_binding): Likewise.
11167 	(build_conflict_set): Likewise.
11168 	(get_trust): Likewise.
11169 	(show_statistics): Likewise.
11170 	(tofu_register_signature): Likewise.
11171 	(tofu_register_encryption): Likewise.
11172 
11173 	tests: Remove support for deprecated functionality.
11174 	+ commit 2282c3b761413dfa894300e70084bbd58908c0b1
11175 	* tests/openpgp/tofu.scm: Don't remove tofu.d.  It's deprecated.
11176 
11177 2016-10-12  Neal H. Walfield  <neal@g10code.com>
11178 
11179 	g10: When changing a TOFU binding's policy, update the conflict info.
11180 	+ commit 3ad17e72fa81d18c95732ddcd4def244f52bb5b1
11181 	* g10/tofu.c (record_binding): Take an additional argument, CONFLICT.
11182 	Set the binding's conflict accordingly.  Update callers.
11183 
11184 	g10: Make a singular string singular.
11185 	+ commit ca84f65c7cf2c6a08a01018519965a82e6c52cac
11186 	* g10/tofu.c (ask_about_binding): Make the singular string singular.
11187 
11188 	g10: Correctly determine whether a binding has a conflict.
11189 	+ commit 6fdf37f0831949cb279de6dc6b247ab2ed53fe5a
11190 	* g10/tofu.c (build_conflict_set): A binding has a conflict is
11191 	conflict is *not* NULL, not if it is NULL.
11192 
11193 	g10: Fix a column's type in TOFU DB.
11194 	+ commit 78eda335fd1c29038b74b9cc912b6a4515fccd9f
11195 	* g10/tofu.c (initdb): Change policy from a boolean to an integer.
11196 
11197 2016-10-07  Justus Winter  <justus@g10code.com>
11198 
11199 	tests: Rework test environment setup.
11200 	+ commit cbbf0a7a8da1757fea29cff0daaa42a6bbb95b26
11201 	* tests/openpgp/setup.scm: Import one keyring at a time.  This works
11202 	around a yet to be investigated hang on Windows.  It is also much
11203 	prettier.
11204 
11205 	tests: Improve handling of Windows newlines.
11206 	+ commit 1f76f8d8bc65fad98927c977baf4d5e36dafe52b
11207 	* tests/gpgscm/lib.scm (string-split-newlines): New function.
11208 	* tests/openpgp/default-key.scm: Use new function.
11209 	* tests/openpgp/defs.scm: Likewise.
11210 	* tests/openpgp/export.scm: Likewise.
11211 	* tests/openpgp/import.scm: Likewise.
11212 
11213 	gpgscm: Improve test of low-level functions.
11214 	+ commit 11eac7eb2fa3392a9aa052f8f5bb9875129ab84b
11215 	* tests/gpgscm/t-child.c: Print large amounts of data.
11216 	* tests/gpgscm/t-child.scm: Test that this works.
11217 
11218 	gpgscm: Improve path handling.
11219 	+ commit dff266059813d22d1e2ba7e77279999cd41ceb75
11220 	* tests/gpgscm/ffi.c (ffi_init): New Scheme variable '*win32*'.
11221 	* tests/gpgscm/tests.scm (canonical-path): Correctly handle paths with
11222 	drive letter on Windows.  Use 'path-join'.
11223 	(path-expand): Use 'path-join'.
11224 
11225 	tools: Fix error handling.
11226 	+ commit 5afbfdfd59540cb882d891ff1f4afa73fe48f99a
11227 	* tools/gpgtar-create.c (gpgtar_create): Do not crash if opening the
11228 	tarball failed.
11229 
11230 2016-10-07  NIIBE Yutaka  <gniibe@fsij.org>
11231 
11232 	agent: Fix get_socket_name.
11233 	+ commit fb3b3e1e7a4219f61a834fd07809898918611c2f
11234 	* agent/gpg-agent.c (get_socket_name): Fix the size of copying.
11235 
11236 2016-10-07  Werner Koch  <wk@gnupg.org>
11237 
11238 	gpg: Put extra parens around bit tests.
11239 	+ commit 5d43d28aa3c44c3a27fde823f467b0c4be1a58c2
11240 	* g10/options.h (DBG_MPI): New.
11241 	* g10/gpg.c (set_debug): Use macro or extra parens for binary operator.
11242 	* g10/parse-packet.c (set_packet_list_mode): Use dbg macro.
11243 
11244 2016-10-07  NIIBE Yutaka  <gniibe@fsij.org>
11245 
11246 	agent, dirmngr, scd: Fix init_common_subsystems.
11247 	+ commit fc0b392e766af8127094e8b529d25abb84ad1d65
11248 	* common/init.c (_init_common_subsystems): Don't call
11249 	gpgrt_set_syscall_clamp in this function.
11250 	* agent/gpg-agent.c, dirmngr/dirmngr.c, scd/scdaemon.c: Call
11251 	gpgrt_set_syscall_clamp after npth_init.
11252 
11253 2016-10-06  Justus Winter  <justus@g10code.com>
11254 
11255 	common: Avoid pointer arithmetic on string literals.
11256 	+ commit 4aadc751f201f8f97c9c1f454e3a29803cce3edb
11257 	* common/gettime.c (rfctimestamp): Use indexing instead.
11258 	* common/signal.c (got_fatal_signal): Likewise.
11259 
11260 	g10: Fix singular term.
11261 	+ commit b0d2526bc4e5c663eeffe04500420c70cee98712
11262 	* g10/tofu.c (ask_about_binding): Fix singular message.
11263 
11264 	g10: Use appropriate variant of 'abs'.
11265 	+ commit 73000d1ce0317210f5a9e5262404cc90258041ff
11266 	* g10/tofu.c (ask_about_binding): Use 'labs' instead of 'abs'.
11267 
11268 	sm: Remove statement without effect.
11269 	+ commit 2d446759bd43ae38fbce9a18c955285ca535bc08
11270 	* sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Remove statement without
11271 	effect.
11272 
11273 	g10: Fix testing for debug flag.
11274 	+ commit 6b626824c8e30b41c47724b5ccbf761937499512
11275 	* g10/parse-packet.c (set_packet_list_mode): Fix testing for debug
11276 	flag.
11277 
11278 	tools: Improve error handling.
11279 	+ commit 32f81f56a8be6d13dea0a64d24f52343c7e72c84
11280 	* tools/gpg-wks-server.c (copy_key_as_binary): Initialize 'argv'.
11281 
11282 	gpgscm: Update callsite of 'gnupg_spawn_process'.
11283 	+ commit 07cfb3b27a77491eae818d57f6eb660e75fa013f
11284 	* tests/gpgscm/ffi.c (do_spawn_process): Adapt to the changes to
11285 	'gnupg_spawn_process'.
11286 
11287 2016-10-05  Werner Koch  <wk@gnupg.org>
11288 
11289 	wks: Send key encrypted as required by draft -02.
11290 	+ commit 8ce800d21919eaaba7ed4f04f712292be310fd66
11291 	* tools/gpg-wks-client.c (get_key): Encrypt.
11292 	(encrypt_response): Take care of --fake-submission-addr.
11293 
11294 	wks: Add option --fake-submission-addr to gpg-wks-client.
11295 	+ commit e514a5b725f0c997cef4362808b2778a3faa9cf8
11296 	* tools/gpg-wks-client.c (oFakeSubmissionAddr): New.
11297 	(opts): Add option --fake-submission-addr.
11298 	(fake_submission_addr): New variable.
11299 	(parse_arguments): Set it.
11300 	(command_send): Use --fake-submission-addr.
11301 
11302 	agent: Another minor fix to map_supervised_sockets.
11303 	+ commit 1cedc32c95c2e3c3ab98af23ddc2845d51e596c1
11304 	* agent/gpg-agent.c (map_supervised_sockets): Remove debug message.
11305 	Provide correct fd in the second error case.
11306 
11307 	agent: Fix npth + supervised mode problem.
11308 	+ commit f57dc2b1e6f28d164f882373535dbcb0d632ca17
11309 	* agent/gpg-agent.c (main): Initialize modules in supervised mode.
11310 
11311 2016-10-05  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
11312 
11313 	agent: Fix error handling in map_supervised_sockets.
11314 	+ commit a2127c71dbf87c1710b43d91a733dd4c9b2953bc
11315 	* agent/gpg-agent.c (map_supervised_sockets): the file descriptor to
11316 	  close on error is fd, not i.
11317 
11318 2016-10-04  Werner Koch  <wk@gnupg.org>
11319 
11320 	agent: Streamline the supervised mode code.
11321 	+ commit 1a9c8d78ece2f31fdb1a8e2be049aa71053061fa
11322 	* agent/gpg-agent.c (get_socket_path): Rename to ...
11323 	(get_socket_name): this.  This is to comply with the GNU coding guide.
11324 	Use xtrymalloc instead of malloc.  Do not build for W32.
11325 	(map_supervised_sockets): Use strtokenize and set the the socket names
11326 	here.
11327 	(main): Adjust for above change.  Do not close the socket.
11328 
11329 	agent: Adjust cleanup for supervised mode.  Fix for W32.
11330 	+ commit afcfae7959f39e7d85309b9496e1f1cf9acd5cc2
11331 	* agent/gpg-agent.c (opts) [W32]: Remove option --supervised.
11332 	(is_supervised): Move from main() to global.
11333 	(inhibit_socket_removal): New.
11334 	(cleanup): Take care of supervise mode and INHIBIT_SOCKET_REMOVAL.
11335 	(check_own_socket_thread): Set INHIBIT_SOCKET_REMOVAL instead of
11336 	seting the socket names to empty.
11337 
11338 	agent: Adjust supervised mode for the new default socket names.
11339 	+ commit dc059af1ff007842e2633e686c87d05daf1d45e3
11340 	* agent/gpg-agent.c (main): In supervised mode do not provide default
11341 	socket names.  Unset DISPLAY and INSIDE_EMACS.  Use log_error and
11342 	agent_exit.
11343 
11344 2016-10-04  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
11345 
11346 	agent: Implement --supervised command (for systemd, etc).
11347 	+ commit 9f92b62a51d2d60f038fdbe01602865c5933fa95
11348 	* agent/gpg-agent.c (get_socket_path): New function for POSIX systems
11349 	to return the path for a provided unix-domain socket.
11350 	(map_supervised_sockets): New function to inspect $LISTEN_FDS and
11351 	$LISTEN_FDNAMES and map them to the specific functionality offered by
11352 	the agent.
11353 	(main): Add --supervised command.  When used, listen on already-open
11354 	file descriptors instead of opening our own.
11355 	* doc/gpg-agent.texi: Document --supervised option.
11356 
11357 2016-10-04  Justus Winter  <justus@g10code.com>
11358 
11359 	build,w32: Unconditionally build tests.
11360 	+ commit 4a232d23a8f51bebf9ee382e480248b4bde30f28
11361 	* configure.ac (run_tests, RUN_TESTS, RUN_GPG_TESTS): Remove
11362 	variables.  They are misleadingly named, as they inhibit building the
11363 	tests.  There is no reason not to build the tests even when
11364 	cross-compiling, as they are only run if one does 'make check'.
11365 	* Makefile: Adapt accordingly.
11366 	* tests/Makefile.am: Adapt accordingly.  Avoid building 'asschk' on
11367 	Windows as it uses non-portable functions.
11368 
11369 	tests,w32: Do not expose 'glob' to gpgscm.
11370 	+ commit 41b510f9c510f8fd1b59eb0c5dd2e2b2deaf0a1b
11371 	* tests/gpgscm/ffi.c (do_glob): Remove function.
11372 	(ffi_init): Likewise.
11373 
11374 	tests,w32: Avoid using 'glob'.
11375 	+ commit 949e70115eb2c04bd09da6477f6c433e6fd9a366
11376 	* tests/openpgp/setup.scm: Avoid 'glob' which is not available on
11377 	mingw.
11378 
11379 	tools: Ignore existing directories in gpgtar.
11380 	+ commit fbc83c0cdd390473c044953fb774571ffc636c6d
11381 	* tools/gpgtar-extract.c (extract_directory): Ignore existing
11382 	directories now that we have '--directory'.
11383 
11384 2016-10-04  NIIBE Yutaka  <gniibe@fsij.org>
11385 
11386 	agent, dirmngr, scd: npth_init must be after fork.
11387 	+ commit eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d
11388 	* agent/gpg-agent.c (thread_init_once, initialize_modules): New.
11389 	(main): Make sure no daemonizing-fork call after npth_init, and no npth
11390 	calls before npth_init, with care of npth calls by assuan hooks.
11391 	* dirmngr/dirmngr.c (thread_init): New.
11392 	(main): Make sure npth_init must not be called before daemonizing fork.
11393 	* scd/scdaemon.c (main): Likewise.
11394 
11395 2016-09-30  Werner Koch  <wk@gnupg.org>
11396 
11397 	agent: Remove the warning for the GKR hijacking.
11398 	+ commit a43739a2456a38c01704d8a52dca441055e29bc6
11399 	* g10/call-agent.c (check_hijacking): Remove.
11400 	(start_agent): Remove call.
11401 
11402 	agent: Create the extra sockets in the standard socket dir.
11403 	+ commit 80cc16e0728256f6b07a12980e1f3512cf2324fa
11404 	* agent/gpg-agent.c (main): Take the socketdir in account for the
11405 	default sockets.
11406 	* tools/gpgconf.c (list_dirs): Add "agent-extra-socket" and
11407 	"agent-browser-socket".
11408 
11409 	agent: Kludge to allow disabling of the extra sockets.
11410 	+ commit 95cf7afff074613825f4442fa131145a2c0d3cf7
11411 	* agent/gpg-agent.c (main): Check for special socket names.
11412 
11413 	wks: Avoid long trustdb checks.
11414 	+ commit de67055aff916455cec89fab1d95177d3b383008
11415 	* tools/wks-receive.c (verify_signature): Use --always-trust.
11416 
11417 2016-09-30  Justus Winter  <justus@g10code.com>
11418 
11419 	build: Fix build against libiconv.
11420 	+ commit 6054e8aaecbd355bb7559697eecaadf2225189b8
11421 	* agent/Makefile.am: Add INCICONV and LIBICONV.
11422 	* common/Makefile.am: Likewise.
11423 	* tools/Makefile.am: Likewise.
11424 
11425 	agent: Enable restricted, browser, and ssh socket by default.
11426 	+ commit e11686f973b35869d7b299ce4726003ac22e2e3a
11427 	* agent/gpg-agent.c (main): Provide defaults for 'extra-socket' and
11428 	'browser-socket', enable ssh socket by default, but do not emit the
11429 	'SSH_AUTH_SOCK' variable unless it has been explicitly requested.
11430 	* configure.ac (GPG_AGENT_{EXTRA,BROWSER}_SOCK_NAME): New definitions.
11431 	* doc/gpg-agent.texi: Update documentation.
11432 
11433 	w32: Fix STARTTLS on LDAP connections.
11434 	+ commit 8d37018050373a47566bf8ea0d894da20ed292c7
11435 	* dirmngr/ks-engine-ldap.c (my_ldap_connect): Fix build against
11436 	<winldap.h>.
11437 
11438 2016-09-29  Werner Koch  <wk@gnupg.org>
11439 
11440 	wks: Partly implement draft-koch-openpgp-webkey-service-02.
11441 	+ commit 33800280da55a859e08dfa57f29144c89dd1bead
11442 	* tools/gpg-wks.h (WKS_RECEIVE_DRAFT2): New.
11443 	* tools/wks-receive.c: Include rfc822parse.h.
11444 	(struct receive_ctx_s): Add fields PARSER, DRAFT_VERSION_2, and
11445 	MULTIPART_MIXED_SEEN.
11446 	(decrypt_data): Add --no-options.
11447 	(verify_signature): Ditto.
11448 	(new_part): Check for Wks-Draft-Version header.  Take care of text
11449 	parts.
11450 	(wks_receive): Set Parser and pass a flag value to RESULT_CB.
11451 	* tools/gpg-wks-client.c (read_confirmation_request): New.
11452 	(main) <aRead>: Call read_confirmation_request instead of
11453 	process_confirmation_request.
11454 	(command_receive_cb): Ditto.  Add arg FLAGS..
11455 	(decrypt_stream_status_cb, decrypt_stream): New.
11456 	(command_send): Set header Wks-Draft-Version.
11457 	* tools/gpg-wks-server.c (struct server_ctx_s): Add field
11458 	DRAFT_VERSION_2.
11459 	(sign_stream_status_cb, sign_stream): New.
11460 	(command_receive_cb): Set draft flag.
11461 	(send_confirmation_request): Rework to implement protocol draft
11462 	version 2.
11463 
11464 	* tools/gpg-wks.h (DBG_MIME_VALUE, DBG_PARSER_VALUE): New.
11465 	(DBG_MIME, DBG_PARSER, DBG_CRYPTO): New.  Use instead of a plain
11466 	opt.debug where useful.
11467 	* tools/gpg-wks-client.c (debug_flags): Add "mime" and "parser".
11468 	* tools/gpg-wks-server.c (debug_flags): Ditto.
11469 
11470 	tools: Convey signeddata also to the part_data callback in mime-parser.
11471 	+ commit c738f92c195d91662ddc7848cc3c92c7f091f1f8
11472 	* tools/mime-parser.c (mime_parser_parse): Factor some code out to ...
11473 	(process_part_data): new.
11474 	((mime_parser_parse): Also call process_part_data for signed data.
11475 
11476 	tools: Allow retrieval of signed data from mime-maker.
11477 	+ commit f776757ea94542e2f425840dddaf3e65b0ff7757
11478 	* tools/mime-maker.c (find_part): New.
11479 	(mime_maker_get_part): New.
11480 
11481 	tools: Change mime-maker to write out CR,LF.
11482 	+ commit 29db3be6e8dbc9b4dd52cd1781106fa9fa3954a5
11483 	* tools/mime-maker.c (struct part_s): Add field PARTID.
11484 	(struct mime_maker_context_s): Add field PARTID_COUNTER.
11485 	(dump_parts): Print part ids.
11486 	(mime_maker_add_header): Assign PARTID.
11487 	(mime_maker_add_container): Ditto.
11488 	(mime_maker_get_partid): New.
11489 	(write_ct_with_boundary): Remove.
11490 	(add_header): Strip trailing white spaces.
11491 	(write_header): Remove trailing spaces trimming.  Add arg BOUNDARY.
11492 	Handle emdedded LFs.
11493 	(write_gap, write_boundary, write_body): New.
11494 	(write_tree): Use new functions.
11495 
11496 	tools: Simplify the mime-maker container creation.
11497 	+ commit 95d60c6ce9e8a7a7741553af957978c1f91547c5
11498 	* tools/mime-maker.c (struct part_s): Remove field MEDIATYPE.
11499 	(release_parts): Ditto.
11500 	(dump_parts): Print a body line only if tehre is a body.
11501 	(mime_maker_add_header): Check for body or container.
11502 	(mime_maker_add_container): Remove arg MEDIATYPE.  Change all callers.
11503 	(mime_maker_end_container): New.
11504 
11505 	tools: Give mime parser callbacks access to the rfc822 parser.
11506 	+ commit 4ac138c84d0f344ca9442f90c96f0e1f76062a4a
11507 	* tools/mime-parser.c (mime_parser_context_s): Add field MSG.
11508 	(parse_message_cb): Set it.
11509 	(mime_parser_rfc822parser): New.
11510 	* tools/mime-parser.h: Declare rfc822parse_t for the new prototype.
11511 
11512 2016-09-29  Justus Winter  <justus@g10code.com>
11513 
11514 	dirmngr: Fix STARTTLS on LDAP connections.
11515 	+ commit 9e6f8a55ed04f876635792125858ee76a948802a
11516 	* dirmngr/ks-engine-ldap.c (my_ldap_connect): Fix unfortunate typo.
11517 
11518 2016-09-28  Werner Koch  <wk@gnupg.org>
11519 
11520 	gpg: Improve WKD by importing only the requested UID.
11521 	+ commit cbf2ac66692daa7a324108724698d60d6c7e473f
11522 	* g10/keyserver.c: Include mbox-util.h.
11523 	(keyserver_import_wkd): Do not use the global import options but
11524 	employ an import filter.
11525 
11526 	gpg: Reject import if an import filter removed all user ids.
11527 	+ commit 80393661bdfa7ae0288644513575e8a5d708b084
11528 	* g10/import.c (any_uid_left): New.
11529 	(import_one): Check that a UID is left.
11530 
11531 	gpg: Make import filter data object more flexible.
11532 	+ commit c9237bf2ba2c49588576dcece756ebf5fe89aada
11533 	* g10/main.h (import_filter_t): New.
11534 	* g10/import.c (struct import_filter_s): Declare struct.
11535 	(import_keep_uid, import_drop_sig): Replace by ...
11536 	(import_filter): new.  Adjust all users.
11537 	(cleanup_import_globals): Move code to ...
11538 	(release_import_filter): new.
11539 	(save_and_clear_import_filter): New.
11540 	(restore_import_filter): New.
11541 
11542 	gpg: Make sure that internal key import is done with a binary stream.
11543 	+ commit 829949f3823c2306022928ce782f9c9d9c5f1cc8
11544 	* g10/import.c (import_keys_internal): Open stream in binary mode.
11545 
11546 2016-09-27  Justus Winter  <justus@g10code.com>
11547 
11548 	build: Do not link gpg-connect-agent against npth.
11549 	+ commit 20a16833ee2bb05f735377f705899302bcf2b4d3
11550 	* tools/Makefile.am: Do not link gpg-connect-agent against npth.
11551 
11552 	build: Fix check for resolver library on macOS.
11553 	+ commit 2e64ccb0f96d615b1eb87e37f230a5d761aa9c36
11554 	* configure.ac: Check for the mangled name of 'dn_skipname' first.
11555 
11556 	common: Correctly handle modules relying on npth.
11557 	+ commit 2b23a321ac0b07beeac1dfa8d71f223e66c49b71
11558 	* common/Makefile.am (common_sources): Drop 'call-gpg.{c,h}'.
11559 	(with_npth_sources): New variable.
11560 	(libcommonpth_a_SOURCES): Use the new variable.
11561 
11562 2016-09-27  NIIBE Yutaka  <gniibe@fsij.org>
11563 
11564 	agent, sm: Set CTX after start_agent.
11565 	+ commit 4e4843e735f32b5e79a51d8062da55bfaab6ad77
11566 	* g10/call-agent.c (agent_keytocard): Assign parm.ctx after start_agent.
11567 	* sm/call-agent.c (gpgsm_agent_pksign, gpgsm_scd_pksign)
11568 	(gpgsm_agent_readkey, gpgsm_agent_scd_serialno)
11569 	(gpgsm_agent_scd_keypairinfo, gpgsm_agent_marktrusted)
11570 	(gpgsm_agent_passwd, gpgsm_agent_get_confirmation)
11571 	(gpgsm_agent_ask_passphrase, gpgsm_agent_keywrap_key)
11572 	(gpgsm_agent_export_key): Likewise.
11573 
11574 	dirmngr: Removal of no-libgcrypt.o.
11575 	+ commit 836b72363168cbb0051fc2356f61788468db211c
11576 	* dirmngr/Makefile.am (dirmngr_ldap_LDADD): Remove no-libgcrypt.o.
11577 
11578 	agent: Allow only specific digest size for ECDSA.
11579 	+ commit 98bc6f480ac973dccce90378dc021a2e24e58704
11580 	* agent/pksign.c (do_encode_dsa): Fix validation of digest size.
11581 
11582 2016-09-22  Neal H. Walfield  <neal@g10code.com>
11583 
11584 	g10: When adding a user id, make sure the keyblock has been prepared.
11585 	+ commit df5353b95eefc13135e7df50a7c197f270d6080d
11586 	* g10/keyedit.c (keyedit_quick_adduid): Call merge_keys_and_selfsig on
11587 	KEYBLOCK before adding the user id.
11588 	* tests/openpgp/quick-key-manipulation.scm: Make sure that the key
11589 	capabilities don't change when adding a user id.
11590 	(key-data): New function.
11591 
11592 2016-09-20  Justus Winter  <justus@g10code.com>
11593 
11594 	tests: Add documentation, make interactive debugging possible.
11595 	+ commit 7e0379a75475abfd15e0623913795779ff0f40d7
11596 	* tests/openpgp/README: Add documentation about debugging and
11597 	interfacing with GnuPG.
11598 	* tests/openpgp/run-tests.scm (test::run-sync): Hand stdin to the
11599 	child so that we can use a repl in the tests.
11600 
11601 	tests: Port the quick key manipulation test to Scheme.
11602 	+ commit 6c4c0e3ac2aeafba7a2b7c2dd92a18be8aec92b1
11603 	* tests/openpgp/Makefile.am (XTESTS): Add new test.
11604 	* tests/openpgp/quick-key-manipulation.scm: New file.
11605 
11606 	tests: Remove list of tests from the test runner.
11607 	+ commit 49fae88fd170f2bdc12a1794a2637260e3c73a73
11608 	* tests/openpgp/run-tests.scm: Drop hardcoded list.
11609 
11610 	tests: Reduce runtime of excessive test.
11611 	+ commit 988a04b98d42ff9cc9e62007ebcc0e4c03f4047d
11612 	* tests/openpgp/conventional-mdc.scm: Use only two plaintexts when
11613 	iterating over all cipher algorithms.
11614 
11615 	dirmngr: Fix type.
11616 	+ commit 285d193f1e1464495bce57bd0f323468515b4513
11617 	* dirmngr/dns-stuff.c (get_dns_cert): Fix type in fallback code.
11618 
11619 2016-09-20  Andre Heinecke  <aheinecke@intevation.de>
11620 
11621 	dirmngr: Open file CRL's in binary mode.
11622 	+ commit 4644c27514f34f5efc555d43672a25088a611a72
11623 	* dirmngr/crlcache.c (crl_cache_load): Open file in binary mode.
11624 
11625 2016-09-20  NIIBE Yutaka  <gniibe@fsij.org>
11626 
11627 	doc: Fix a xref usage.
11628 	+ commit b9b4ff857034df51e055ceddce567ca97e94e075
11629 
11630 
11631 2016-09-20  Ineiev  <ineiev@gnu.org>
11632 
11633 	doc: Do not end section names with "."
11634 	+ commit 8078d8246fa38c3e478fc9a542117468780ace00
11635 
11636 
11637 2016-09-20  NIIBE Yutaka  <gniibe@fsij.org>
11638 
11639 	doc: minor fix for @xref.
11640 	+ commit 9c1b3bc25a1b38c4eda31bf12ccc10d94bb05212
11641 	* doc/yat2m.c (proc_texi_cmd): Captalize "see" for xref.
11642 
11643 2016-09-20  Justus Winter  <justus@g10code.com>
11644 
11645 	doc: Implement simple '@ref'erences.
11646 	+ commit 91d5e6f805aaf24a3f1f03a95998f757dce04cb2
11647 	* doc/yat2m.c (proc_texi_cmd): Handle '@ref'.
11648 
11649 2016-09-20  Ineiev  <ineiev@gnu.org>
11650 
11651 	doc: Fix full stops.
11652 	+ commit 0eaab1af48f600b636183321e4a4e9c6bc361610
11653 	* doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
11654 	doc/instguide.texi, doc/scdaemon.texi, doc/specify-user-id.texi,
11655 	doc/tools.texi: Fix.
11656 
11657 	doc: Fix spacings.
11658 	+ commit 32bcf8b73ede9c8f1469821a54dedc6be75241d2
11659 	* doc/debugging.texi, doc/dirmngr.texi, doc/gpg-agent.texi,
11660 	doc/gpg.texi, doc/tools.texi: Fix.
11661 
11662 	doc: Improve markup.
11663 	+ commit 377624207e9b2895ce00dfc4d1163d72f349841f
11664 	* doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
11665 	doc/howto-create-a-server-cert.texi, doc/scdaemon.texi,
11666 	doc/specify-user-id.texi, doc/tools.texi: Fix.
11667 
11668 	doc: Replace rfc0123 with RFC-0123.
11669 	+ commit 9d2b7bff12b268638465da222ca7cc9042bba072
11670 	* doc/gpg.texi, doc/gpgsm.texi, doc/specify-user-id.texi: Fix.
11671 
11672 	doc: Add missing description of datafile.
11673 	+ commit 789916281c25e737d8fb44add5ca61f8fd25de2f
11674 	* doc/gpg.texi: Fix.
11675 
11676 	doc: Replace UTF8 with UTF-8.
11677 	+ commit 00d6d8bc8772e48b6f200d359e11eb93ab65f51f
11678 	* doc/gpg.texi: Fix.
11679 
11680 	doc: Fix mistakes.
11681 	+ commit f25e04005af5831053ba194a09e3afa48d1e162b
11682 	* doc/dirmngr.texi, doc/gpg.texi, doc/gpgsm.texi,
11683 	doc/howto-create-a-server-cert.texi,
11684 	doc/scdaemon.texi, doc/tools.texi: Fix.
11685 
11686 	doc: Eliminate inconsistent UK English.
11687 	+ commit 825c1dfb3ee4c1704f42eaf064161b9731c20134
11688 	* doc/dirmngr.texi, doc/gpg-agent.texi, doc/scdaemon.texi,
11689 	doc/tools.texi: Fix.
11690 
11691 	doc: Use the right reference commands.
11692 	+ commit f32689f833838a742243e94c900e98f5b59a5811
11693 	* doc/debugging.texi, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
11694 	doc/tools.texi: Fix.
11695 
11696 	doc: Fix "Not(e) that you can(not) abbreviate".
11697 	+ commit 20a27d8a57c4c990fcada4278a1ce2e6fc9043e9
11698 	* doc/dirmngr.texi, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
11699 	doc/scdaemon.texi, doc/tools.texi: Fix.
11700 
11701 	doc: Fix typos.
11702 	+ commit fa346508fe323e61cf157ee30c13301e1d2117c0
11703 	* doc/debugging.texi, doc/dirmngr.texi, doc/glossary.texi
11704 	* doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi
11705 	* doc/instguide.texi, doc/opt-homedir.texi, doc/scdaemon.texi
11706 	* doc/specify-user-id.texi, doc/tools.texi: Fix.
11707 
11708 	doc: Fix Martin Hellman's name.
11709 	+ commit 858af2b3473e436af53470d53cdac334edce9f09
11710 	* doc/contrib.texi: Fix.
11711 
11712 2016-09-19  Justus Winter  <justus@g10code.com>
11713 
11714 	tests: Refine the repl function.
11715 	+ commit 884e78efe1f3ba50513bf81c8b4804d22b25eac4
11716 	* tests/gpgscm/repl.scm (repl): Add an argument 'environment'.
11717 	(interactive-repl): Add an optional argument 'environment'.
11718 
11719 	tests: Implement interpreter shutdown using exceptions.
11720 	+ commit 9a0659a65c52378de1c4736a0eddf8518eb20948
11721 	* tests/gpgscm/ffi.c (ffi_init): Rename 'exit' to '_exit'.
11722 	* tests/gpgscm/ffi.scm (*interpreter-exit*): New variable.
11723 	(throw): New function.
11724 	(exit): New function.
11725 
11726 	tests: Correctly handle exceptions in resource handling macros.
11727 	+ commit 58007e52593e6b0f838de2e464ceeacf22757018
11728 	* tests/gpgscm/tests.scm (letfd): Correctly release resources when an
11729 	exception is thrown.
11730 	(with-working-directory): Likewise.
11731 	(with-temporary-working-directory): Likewise.
11732 	(lettmp): Likewise.
11733 
11734 	tests: Refine exception handling.
11735 	+ commit ab483eff9a8254adf127cdee178e14ba74f0a2b3
11736 	* tests/gpgscm/init.scm (catch): Bind all arguments to '*error*' in
11737 	the error handler, update and fix comment.
11738 	(*error-hook*): Revert to original definition.
11739 	* tests/gpgscm/tests.scm (tr:do): Adapt accordingly.
11740 	* tests/openpgp/issue2419.scm: Likewise.
11741 
11742 	tests: Use descriptive temporary file names.
11743 	+ commit 83a406b38a21d0eeb4963db824a27783c212d2fb
11744 	* tests/gpgscm/ffi.c (do_get_isotime): New function.
11745 	(ffi_init): Add parameter 'scriptname', bind new function and
11746 	scriptname.
11747 	* tests/gpgscm/ffi.h (ffi_init): Update prototype.
11748 	* tests/gpgscm/main.c (main): Hand in the script name.
11749 	* tests/gpgscm/tests.scm (mkdtemp): Use current time and script name
11750 	for the names of temporary directories.
11751 
11752 2016-09-19  Werner Koch  <wk@gnupg.org>
11753 
11754 	gpg: Fix regression in fingerprint printing.
11755 	+ commit 998643666c016dbacf10f813c22efc97deadec65
11756 	* g10/keylist.c (list_keyblock_print): Do not depend calling
11757 	print_fingerprint on opt.keyid_format.
11758 
11759 	dirmngr: Silence diagnostics about starting housekeeping.
11760 	+ commit 5bf1facc973eb6e0bfab0f8f17129534dec56e04
11761 	* dirmngr/dirmngr.c (housekeeping_thread): Print info only in very
11762 	verbose mode.
11763 
11764 2016-09-19  Justus Winter  <justus@g10code.com>
11765 
11766 	g10: Fix memory leak.
11767 	+ commit 086d219d96caa3501048aff82a282481e07c195b
11768 	* g10/tofu.c (build_conflict_set): Free 'kb_all'.
11769 
11770 2016-09-19  Werner Koch  <wk@gnupg.org>
11771 
11772 	doc: Update license information.
11773 	+ commit 3899041cd2877ce9584c7bd149f232f35a07c399
11774 	* tests/fake-pinentries/COPYING: Rename to  ...
11775 	* COPYING.CC0: this.  Add a note on the scope of this license.
11776 	* COPYING.LIB: Add a note on the scope of this license.
11777 	* AUTHORS (License): Mention CC) license.
11778 
11779 	gpgscm: Fix gcrypt version check.
11780 	+ commit 47baeac50ccaaf06dc8b0cebece50f47754de6ca
11781 	* tests/gpgscm/main.c (main): Check against required and not installed
11782 	version.
11783 
11784 	gpg: Avoid malloc failure due to no key signatures.
11785 	+ commit 18bbefa27f9e47e1062ee4d7af09487632795ba7
11786 	* g10/keyedit.c (check_all_keysigs): Check early for no key
11787 	signatures.  Use xtrycalloc.
11788 
11789 2016-09-17  NIIBE Yutaka  <gniibe@fsij.org>
11790 
11791 	Fix comment and format.
11792 	+ commit 7305d27f36148a7fb8c2f4ef5b94774cbd21b18e
11793 	* agent/protect-tool.c (main): Fix comment.
11794 	* doc/DETAILS (colon listings): Fix list.
11795 	* tests/openpgp/multisig.test: Fix comment.
11796 
11797 2016-09-17  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
11798 
11799 	Fix more spelling.
11800 	+ commit 0d67241e317b172a258a910c02d90639e2b08fce
11801 	* NEWS, acinclude.m4, agent/command-ssh.c, agent/command.c,
11802 	  agent/gpg-agent.c, agent/keyformat.txt, agent/protect-tool.c,
11803 	  common/asshelp.c, common/b64enc.c, common/recsel.c, doc/DETAILS,
11804 	  doc/HACKING, doc/Notes, doc/TRANSLATE, doc/dirmngr.texi,
11805 	  doc/faq.org, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
11806 	  doc/instguide.texi, g10/armor.c, g10/gpg.c, g10/keyedit.c,
11807 	  g10/mainproc.c, g10/pkclist.c, g10/tofu.c, g13/sh-cmd.c,
11808 	  g13/sh-dmcrypt.c, kbx/keybox-init.c, m4/pkg.m4, sm/call-dirmngr.c,
11809 	  sm/gpgsm.c, tests/Makefile.am, tests/gpgscm/Manual.txt,
11810 	  tests/gpgscm/scheme.c, tests/openpgp/gpgv-forged-keyring.scm,
11811 	  tests/openpgp/multisig.test, tests/openpgp/verify.scm,
11812 	  tests/pkits/README, tools/applygnupgdefaults,
11813 	  tools/gpg-connect-agent.c, tools/mime-maker.c, tools/mime-parser.c:
11814 	  minor spelling cleanup.
11815 
11816 	move some file encodings to UTF-8.
11817 	+ commit 215180d1ce6c93e2b4969d746c83ac4c055d25ef
11818 	* dirmgnr/cdblib.c: comment used unnecesary hyphenation
11819 	* dirmngr/crlcache.h: comment was iso-8859-1
11820 	* doc/contrib.text: list contributors using UTF-8 (now we can
11821 	  acknowledge many more people using their preferred orthography)
11822 
11823 	At least one other files remains in a non-UTF-8 encoding, which i'm
11824 	not sure what to do with:
11825 
11826 	 - build-aux/speedo/w32/inst.nsi is ISO-8859-1, but maybe Windows needs
11827 	   it that way?
11828 
11829 2016-09-16  Neal H. Walfield  <neal@g10code.com>
11830 
11831 	g10: On failure, propagate the return code.
11832 	+ commit 6e930f0e4077bc7aa3d28b1ba649a82d62427d87
11833 	* g10/tofu.c (tofu_register_encryption): If get_trust fails, set RC.
11834 
11835 	g10: Don't ignore failure.  On failure, rollback.
11836 	+ commit 221b0bd0e5946edaea7135bc3b6f3c5c0fc6dbca
11837 	* g10/tofu.c (tofu_set_policy): If record_binding fails, fail.  If the
11838 	function fails, rollback the transaction.
11839 
11840 	g10: Load the key block if the supplied user id list is NULL.
11841 	+ commit c2e563421e4fd4f0910642aa7b171bcf0b374b01
11842 	* g10/tofu.c (tofu_register_encryption): Load the key block if
11843 	USER_ID_LIST is NULL.
11844 
11845 	g10: Use the accessor functions for accessing and comparing key ids.
11846 	+ commit af196342bf44ce6dc42111d37539dec7ee3b3d82
11847 	* g10/tofu.c (get_trust): Use the pk_main_keyid accessor function.
11848 	(tofu_register_signature): Likewise.
11849 	(tofu_register_encryption): Likewise.
11850 	(tofu_set_policy): Likewise and also use pk_keyid and keyid_cmp.
11851 
11852 2016-09-16  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
11853 
11854 	po: convert localizations to UTF-8.
11855 	+ commit 4ab8107063b641ed74fc4c9bf98304bcea573178
11856 	* po/{it,et,pl,ro,gl,es,el,sk,pt,eo,hu}.po: convert to UTF-8
11857 
11858 	This was an automated conversion process, using:
11859 
11860 	   for x in po/{it,et,pl,ro,gl,es,el,sk,pt,eo,hu}.po; do
11861 	       cs=$(grep charset= $x | cut -f2 -d= | cut -f1 -d\\)
11862 	       iconv -f $cs -t UTF-8 < $x >$x.tmp
11863 	       sed "s/$cs/UTF-8/" < $x.tmp > $x
11864 	       rm -f $x.tmp
11865 	   done
11866 
11867 2016-09-16  NIIBE Yutaka  <gniibe@fsij.org>
11868 
11869 	scd: Add support of ECC pubkey attribute.
11870 	+ commit dd06d33655bc872a6310edac8e448419479d3312
11871 	* scd/app-openpgp.c (ECC_FLAG_PUBKEY): New.
11872 	(send_key_attr, get_public_key, ecc_writekey, do_auth, do_decipher)
11873 	(parse_algorithm_attribute): Check ECC_FLAG_DJB_TWEAK.
11874 	(build_ecc_privkey_template): Add ECC_Q and ECC_Q_LEN.
11875 	Support offering public key when ECC_FLAG_PUBKEY sets.
11876 	(ecc_writekey): Supply ECC_Q and ECC_Q_LEN.
11877 	(parse_algorithm_attribute): Parse pubkey-required byte.
11878 
11879 2016-09-15  Justus Winter  <justus@g10code.com>
11880 
11881 	g10: Add missing header.
11882 	+ commit c0e620cee86b5dacc941964bd187bba0dfa90eea
11883 	* g10/trustdb.c: Include 'mbox-util.h'.
11884 
11885 2016-09-15  Neal H. Walfield  <neal@g10code.com>
11886 
11887 	g10: Only consider bindings matching the signer's user id.
11888 	+ commit 3f7f7447316f57d002d683af4ad30ac5730b9ebe
11889 	* g10/trustdb.c (tdb_get_validity_core): If the signer's user id
11890 	subpacket is present, only consider matching user ids.
11891 
11892 	g10: Don't include the signature when printing a binding's validity.
11893 	+ commit dcc64663051f8af82abc11e2699649c3b35936db
11894 	* g10/mainproc.c (check_sig_and_print): When printing information
11895 	about a binding don't include the current signature.
11896 
11897 2016-09-15  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
11898 
11899 	tests/fake-pinentries: fake pinentries for downstream developers.
11900 	+ commit 3248182d1b5a03098ee797c980fa0f0ec06e716f
11901 	* tests/fake-pinentries/README.txt and
11902 	  tests/fake-pinentries/fake-pinentry.{sh,py,pl,php}}: New public
11903 	  domain (CC0) files to encourage better test suite practices from
11904 	  downstream developers.
11905 	* tests/fake-pinentries/COPYING (new): a copy of
11906 	  https://creativecommons.org/publicdomain/zero/1.0/legalcode.txt
11907 
11908 	spelling: conenction should be connection.
11909 	+ commit 167273ee9d3c04f29835aa2d12fde52eebf61efb
11910 	* dirmngr/server.c, sm/server.c: s/conenction/connection/
11911 
11912 	spelling: correct achived to achieved.
11913 	+ commit 7fafc3c49901c118b47d4d13a41fb3575c1f9e4b
11914 
11915 
11916 2016-09-15  NIIBE Yutaka  <gniibe@fsij.org>
11917 
11918 	tests/gpgscm: Fix use of pointer.
11919 	+ commit 68eb5fbd37c31ed7c0c916656131eea7bb58d13d
11920 	* tests/gpgscm/scheme-private.h (struct scheme): Use (void *) for
11921 	alloc_seg.
11922 	* tests/gpgscm/scheme.c (alloc_cellseg): Use (void *) for cp.  Use
11923 	(void *) for coercion of address calculation.
11924 
11925 2016-09-14  Neal H. Walfield  <neal@g10code.com>
11926 
11927 	g10: Fix whitespace.
11928 	+ commit 9799b5d18f8fd29872b75c4d70d370af2b4e9a89
11929 	* g10/tofu.c (show_statistics): Fix whitespace.
11930 
11931 	g10: Correctly compute the euclidean distance.
11932 	+ commit 05b2b13efd8ecea86d31af863cbf82c8b38dc94f
11933 	* g10/tofu.c (write_stats_status): Correctly compute the euclidean
11934 	distance.
11935 	(show_statistics): Likewise.
11936 
11937 	g10: Change the default TOFU policy for UTKs to good.
11938 	+ commit ca91caabb5798f67c69ee96657c7cb402e7db0df
11939 	* g10/tofu.c (get_trust): Change the default TOFU policy for UTKs to
11940 	good.
11941 
11942 	g10: Add missing static qualifier.
11943 	+ commit 9d62b79e62ef2690e6522fe1621140fbfc10695c
11944 	* g10/tofu.c (cross_sigs): Add missing static qualifier.
11945 
11946 	g10: Default to the "good" TOFU policy for keys signed by a UTK.
11947 	+ commit 8df8aa13c795e400324a782fbaea578c8f2a1398
11948 	* g10/tofu.c (signed_by_utk): New function.
11949 	(get_trust): If a key is signed by an ultimately trusted key, then
11950 	set any bindings to good.
11951 
11952 2016-09-14  Werner Koch  <wk@gnupg.org>
11953 
11954 	gpg: Emit a new error status line in --quick-adduid.
11955 	+ commit f4e11f2e9e8f58fd5f0df3148e6d7ccef0f84232
11956 	* g10/keyedit.c (menu_adduid): Emit an ERROR status for an existsing
11957 	user id.
11958 
11959 	gpg: Allow use of "default" algo for--quick-addkey.
11960 	+ commit 0fd332bc1f6f1f10c96da0cc91203925d3ac81eb
11961 	* g10/keygen.c (quick_generate_keypair): Write a status error.
11962 	(parse_algo_usage_expire): Set a default curve.
11963 
11964 2016-09-13  Werner Koch  <wk@gnupg.org>
11965 
11966 	gpg: Improve usability of --quick-gen-key.
11967 	+ commit 30a011cfd6ec172cc460e59f0904a26fe2d68632
11968 	* g10/keygen.c (FUTURE_STD_): New constants.
11969 	(parse_expire_string): Handle special keywords.
11970 	(parse_algo_usage_expire): Allow "future-default".  Simplify call to
11971 	parse_expire_string.
11972 	(quick_generate_keypair): Always allow an expiration date.  Replace
11973 	former "test-default" by "future-default".
11974 
11975 2016-09-12  Werner Koch  <wk@gnupg.org>
11976 
11977 	gpg: Avoid mixing up status and colon line output.
11978 	+ commit 31fc420727f45dd081f8ad5d056da6675dad29f2
11979 	* g10/keylist.c (list_keyblock_colon): Avoid calling functions which
11980 	trigger a status line output before having printed a LF.
11981 
11982 2016-09-12  Justus Winter  <justus@g10code.com>
11983 
11984 	tests: Simplify tofu test.
11985 	+ commit aa81e32df7189c3eb44d4c602fd63f5b3f6a9e49
11986 	* tests/openpgp/tofu.scm: Simplify now that we only have one db
11987 	format.
11988 
11989 2016-09-10  Ben Kibbey  <bjk@luxsci.net>
11990 
11991 	Portability build fix.
11992 	+ commit eddcba038025cdbd58aaf67cafd6d83f0ea042d5
11993 	* kbx/Makefile.am: Add NETLIBS.
11994 	* dirmngr/Makefile.am: Ditto for dirmngr_ldap.
11995 
11996 	Fix symbol conflict.
11997 	+ commit 937ec53eff290c3d916faebc23218c9272671c02
11998 	* g10/gpgcompose.c: Rename struct siginfo to signinfo.
11999 
12000 2016-09-09  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
12001 
12002 	gpg: print fingerprint regardless of keyid-format.
12003 	+ commit d757009a24eb856770fc3a3729e2f21f54d2a618
12004 	* g10/keylist.c (print_fingerprint): use compact format independent of
12005 	  keyid-format; (print_key_line): always print the fingerprint
12006 
12007 2016-09-08  Werner Koch  <wk@gnupg.org>
12008 
12009 	gpg: Remove option --yes from gpgv.
12010 	+ commit 30a9f53a0f2af6b98c26b8ddc0b4b87c38416f2a
12011 	* g10/gpgv.c (opts): Remove --yes.
12012 	(main): Always set opt.ANSWER_YES.
12013 
12014 	gpg: Add options --output and --yes to gpgv.
12015 	+ commit a8363b7d0bcc77b55226d5fe8f972214c968ddc3
12016 	* g10/gpgv.c (oOutput, oAnswerYes): New.
12017 	(opts): Add --output and --yes.
12018 	(main): Implement options.
12019 
12020 	gpg: Make --output work with --verify.
12021 	+ commit bbe940c095f2bca7a1ca5f8e68ca1af98350a885
12022 	* g10/mainproc.c (proc_plaintext): Handle opt.output.
12023 
12024 2016-09-07  Werner Koch  <wk@gnupg.org>
12025 
12026 	dirmngr: Terminate on deletion of the socket file (Linux only).
12027 	+ commit 6308c300196ae85fd82ed383217219e0206640a4
12028 	* dirmngr/dirmngr.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h.
12029 	(oDisableCheckOwnSocket): New.
12030 	(opts): Add --disable-check-own-socket.
12031 	(disable_check_own_socket): New var.
12032 	(parse_rereadable_options): Set that var.
12033 	(my_inotify_is_name) [HAVE_INOTIFY_INIT]: New.
12034 	(handle_connections) [HAVE_INOTIFY_INIT]: New.
12035 
12036 2016-09-07  Neal H. Walfield  <neal@g10code.com>
12037 
12038 	g10: Use the time a signature was seen, not the embedded time, for stats
12039 	+ commit bde29a46cedbbd2a5dfe7c91a6277c0a4ff50825
12040 	* g10/tofu.c (ask_about_binding): Use the time that a signature was
12041 	seen, not allegedly generated, when generating statistics.
12042 
12043 	tests: Don't use --tofu-db-format.
12044 	+ commit a937eef2d4e80cd43095802176d3db5e7fd94008
12045 	* tests/openpgp/tofu.scm: Remove use of --tofu-db-format, which is
12046 	deprecated.
12047 
12048 	g10: Check for a new binding a bit later.
12049 	+ commit ee06b3f7889bd99c28ac68f4781bda77d67eed00
12050 	* g10/tofu.c (build_conflict_set): Check for the current key after
12051 	looking for conflicts and removing any '!'.
12052 
12053 	g10: Change TOFU code to respect --faked-system-time.
12054 	+ commit 7b3e8572e3bb8a65d20577a48009251fdc7b1910
12055 	* g10/tofu.c (record_binding): New parameter now.  Update callers.
12056 	Don't use SQLite's strftime('%s','now') to get the current time, use
12057 	NOW.
12058 	(ask_about_binding): Likewise.
12059 	(get_trust): New parameter now.  Update callers.
12060 	(show_statistics): Likewise.
12061 	(tofu_register_signature): Don't use SQLite's strftime('%s','now') to
12062 	get the current time, use gnupg_get_time().
12063 	(tofu_register_encryption): Likewise.
12064 
12065 	g10: Use the correct conversion function.
12066 	+ commit 56c18408d4955713d9c4e634367c7912d6564651
12067 	* g10/tofu.c (show_statistics): Use string_to_ulong, not
12068 	string_to_long.
12069 
12070 2016-09-07  Werner Koch  <wk@gnupg.org>
12071 
12072 	gpg: Fix format string issues in tofu.
12073 	+ commit 97a67d42dc946b2d6ed81723d86e37002b5931b3
12074 	* g10/tofu.c (write_stats_status): Use ulong for MESSSAGES.  Fix
12075 	format strings.  Simplify by using the new write_status_printf.
12076 
12077 2016-09-06  Neal H. Walfield  <neal@g10code.com>
12078 
12079 	g10: Make sure some functions are passed a primary key.
12080 	+ commit 13ddc17ddb266d74033d5739fec932034fa85c72
12081 	* g10/tofu.c (get_trust): Make sure the caller provides a primary key.
12082 	(tofu_register_signature): Likewise.
12083 
12084 	g10: Tweak TOFU's verbosity.
12085 	+ commit ee19eacd1d688d3a98cd66e5ef2f42079eb829f1
12086 	* g10/tofu.c (time_ago_str): Only show the most significant unit.
12087 	* g10/tofu.c (show_statistics): Tweak the output.
12088 
12089 	g10: Only show the TOFU warning once per key.
12090 	+ commit 67cef405cbfad2e53fc388dd6591ee4f7cb0d973
12091 	* g10/tofu.c (show_statistics): Return whether to call show_warning.
12092 	Move the warning from here...
12093 	(show_warning): ... to this new function.
12094 	(tofu_get_validity): If show_statistics returns a non-zero value, call
12095 	show_warning.
12096 
12097 	g10: Record and show statistics for encrypted messages when using TOFU.
12098 	+ commit 875ac9216f1383851a82bd240cadb17c7112f6a8
12099 	* g10/tofu.c: Include "sqrtu32.h".
12100 	(struct tofu_dbs_s.s): Rename get_trust_gather_other_keys to
12101 	get_trust_gather_signature_stats.  Add new field
12102 	get_trust_gather_encryption_stats.
12103 	(initdb): Create the encryptions table.
12104 	(ask_about_binding): Show the encryption statistics too.
12105 	(tofu_register): Rename from this...
12106 	(tofu_register_signature): ... to this and update callers.
12107 	(tofu_register_encryption): New function.
12108 	(write_stats_status): Add parameters encryption_count,
12109 	encryption_first_done and encryption_most_recent.  Update callers.
12110 	Compute the trust using the euclidean distance of the signature and
12111 	signature count.  Compare with twice the threshold.  Include
12112 	encryption count information in the TFS and TOFU_STATS lines.
12113 	(show_statistics): Also get information about the encrypted messages.
12114 	* g10/trustdb.c (tdb_get_validity_core): Use it.
12115 
12116 	g10: Simplify the binding statistics shown for a TOFU conflict.
12117 	+ commit a9e6db6c7e23d9f4b8de59f5cabbf9eb6a59e626
12118 	* g10/tofu.c (ask_about_binding): Simplify binding statistics.
12119 
12120 2016-09-06  Justus Winter  <justus@g10code.com>
12121 
12122 	gpgscm: Fix detection of unbalanced parenthesis.
12123 	+ commit f2249b737055f84842778285bbeff5e61fa55225
12124 	* tests/gpgscm/main.c (load): Print error message.
12125 	* tests/gpgscm/scheme.c (opexe_0): Correctly report nesting level when
12126 	loading files.
12127 
12128 	tests: Fix test.
12129 	+ commit 213b3cf465fb091dc0a205d1a08b88b950ffb85f
12130 	* tests/openpgp/multisig.scm: Add missing parenthesis.
12131 
12132 2016-09-06  Werner Koch  <wk@gnupg.org>
12133 
12134 	agent: Terminate on deletion of the socket file (Linux only).
12135 	+ commit 650356148af43ea619bec12e599a4981b147d5f8
12136 	* configure.ac (AC_CHECK_FUNCS): Chec for inotify_init.
12137 	* agent/gpg-agent.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h.
12138 	(my_inotify_is_name) [HAVE_INOTIFY_INIT]: New.
12139 	(handle_connections) [HAVE_INOTIFY_INIT]: New.
12140 
12141 2016-09-05  Justus Winter  <justus@g10code.com>
12142 
12143 	tests: Speed up the test suite.
12144 	+ commit 46c4333c372f0e1ad2aadc411490c2a330b4c5a6
12145 	* tests/openpgp/run-tests.scm (test::run-sync): Pass additional
12146 	arguments to the test.