2021-11-23  Werner Koch  <wk@gnupg.org>

	Release 2.2.33.
	+ commit 457f6ac1ef6d61ffcc336683a85ffeed3114ae63


2021-11-23  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit 007fea8ce9af97f36b48253c6be764dcd35fdd9e


2021-11-22  Werner Koch  <wk@gnupg.org>

	gpg: New option --forbid-gen-key.
	+ commit 985fb25c46eafc811e7a07597591ede0cf89a921
	* g10/gpg.c (oForbidGenKey, opts): New option.
	(mopt): New local struct
	(gen_key_forbidden): New.
	(main): Set and handle the option.

2021-11-19  Werner Koch  <wk@gnupg.org>

	gpgconf: Include output of --list-dirs in --show-configs.
	+ commit 40d2c931652777509aba35d48b5d193a7e208780
	* tools/gpgconf.c (list_dirs): Add arg special.
	(show_other_registry_entries): Print the Homedir.
	(show_configs): List directories.

2021-11-18  Werner Koch  <wk@gnupg.org>

	gpgconf: --show-configs now prints a bunch of Registry entries.
	+ commit 7f31891ab1e51c00dd42232d3c286df519c2cdb8
	* tools/gpgconf.c (show_other_registry_entries): New.
	(show_configs): Call it.  Minor reformatting.

	gpgconf: Extend --show-config to show envvars.
	+ commit 58652f4c0b3a5e9fb6de54d802173bc52c798134
	* tools/gpgconf.c (my_copy_file): Add arg LISTP and record certain
	things.
	(show_configs_one_file): New arg LISTP to be passed thru.
	(show_configs): Show envars and regisiry values.

	common,w32: New function read_w32_reg_string.
	+ commit 6c6c404883e52545ed38293384c95fdacb7227c4
	* common/w32-reg.c (read_w32_reg_string): New.

	* common/t-w32-reg.c (test_read_registry): Add another test.

	gpg,gpgsm: Add option --min-rsa-length.
	+ commit 6ee01c1d26cae0415a3eec7f067cff7c324cb9c1
	* common/compliance.c (min_compliant_rsa_length): New.
	(gnupg_pk_is_compliant): Take in account.
	(gnupg_pk_is_allowed): Ditto.
	(gnupg_set_compliance_extra_info): New.
	* g10/gpg.c (oMinRSALength): New.
	(opts): Add --min-rsa-length.
	(main): Set value.
	* g10/options.h (opt): Add field min_rsa_length.
	* sm/gpgsm.c (oMinRSALength): New.
	(opts): Add --min-rsa-length.
	(main): Set value.
	* sm/gpgsm.h (opt): Add field min_rsa_length.

2021-11-15  Werner Koch  <wk@gnupg.org>

	sm: Detect circular chains in --list-chain.
	+ commit c9343bec83e2c2a14b564b8a13998806eab1ae9f
	* sm/keylist.c (list_cert_chain): Break loop for a too long chain.

2021-11-15  NIIBE Yutaka  <gniibe@fsij.org>
	    Klas Lindfors

	scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE.
	+ commit b6b735edab036e4992872ef3d44b357fb9281ca8
	* scd/app-openpgp.c (do_auth): Use extended Lc, when supported.

2021-11-14  Ingo Klöcker  <dev@ingo-kloecker.de>

	build: Fix several "include file not found" problems.
	+ commit 027e34235bc576e1523566bf98b2b795d3dc7967
	* dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add KSBA_CFLAGS.
	* kbx/Makefile.am (libkeybox_a_CFLAGS, libkeybox509_a_CFLAGS): Add
	NPTH_CFLAGS.
	* tools/Makefile.am (gpgtar_CFLAGS, gpg_wks_server_CFLAGS,
	gpg_wks_client_CFLAGS, gpg_pair_tool_CFLAGS): Add LIBGCRYPT_CFLAGS.

2021-11-14  Werner Koch  <wk@gnupg.org>

	agent: Print the non-option warning earlier.
	+ commit a43efc9294d158c62a3a04396fa3fe6c77090ba8
	* agent/gpg-agent.c (main): Move detection up.

2021-11-13  Werner Koch  <wk@gnupg.org>

	gpg: Remove stale ultimately trusted keys from the trustdb.
	+ commit bc6d56282ec998e4b2d13c522316348b5058fc3f
	* g10/tdbdump.c (export_ownertrust): Skip records marked with the
	option --trusted-key.
	(import_ownertrust): Clear the trusted-key flag.
	* g10/tdbio.h (struct trust_record): Add field flags.
	* g10/tdbio.c (tdbio_dump_record): Improve output.
	(tdbio_read_record, tdbio_write_record): Handle flags.
	* g10/trustdb.c (verify_own_keys): Clear stale trusted-keys and set
	the flag for new --trusted-keys.
	(tdb_update_ownertrust): Add arg as_trusted_key.  Update callers.

	gpgconf: New command --show-configs.
	+ commit 8fe3f57643479b8cb2e9e10fa2069c415c47d0af
	* tools/gpgconf.c (aShowConfigs): New.
	(opts): Add --show-configs.
	(CUTLINE_FMT): New.
	(show_version_gnupg): Add arg "prefix" and adjust caller.
	(my_copy_file): New.
	(show_configs_one_file): New.New.
	(show_configs): New.
	(main): Call show_configs.

	agent,dirmngr: New option --steal-socket.
	+ commit 6507c6ab101e61fc5a3472497d258a0109257a47
	* agent/gpg-agent.c (oStealSocket): New.
	(opts): Add option.
	(steal_socket): New file global var.
	(main): Set option.
	(create_server_socket): Implement option.

	* dirmngr/dirmngr.c (oStealSocket): New.
	(opts): Add option.
	(steal_socket): New file global var.
	(main): Set option.  Add comment to eventually implement it.

2021-11-10  NIIBE Yutaka  <gniibe@fsij.org>

	scd: More conservative selection of a card reader.
	+ commit 0982c6cb19da689ae84ad25b6db12bf30ac75030
	* scd/apdu.c (select_a_reader): Only SPRx32 is in the white list.

2021-11-09  Bernhard M. Wiedemann  <bwiedemann@suse.de>

	wks: Do not mark key files as executable.
	+ commit 46ada6a9bd83daa9e5f064adfea1bb6ccdba5dcb


	wks: Allow access to newly created dirs.
	+ commit f54feb44700062fd3f4ca2d5e6d4e203e74d94ea


2021-11-02  Werner Koch  <wk@gnupg.org>

	common: Support MYPROC_SELF_EXE for Solaris.
	+ commit 006131f6289cd0e03a470c77795ad50a4bf9e269
	* common/homedir.c (MYPROC_SELF_EXE): Add case for SunOS.

	common: Silence warning from unix_rootdir on systems w/o /proc.
	+ commit bcd8f0239dfc36f99fbbb8ee309828ccee8974c0
	* common/homedir.c (unix_rootdir): Silence diagnostic in the common
	case.
	(MYPROC_SELF_EXE): Support NetBSD.

2021-11-02  Ingo Klöcker  <dev@ingo-kloecker.de>

	common: Respect gpgconf.ctl when looking up translations.
	+ commit 947fedf0e7d95571abd039e827c401ebc64a8abb
	* common/i18n.c (i18n_init): Use gnupg_localedir() instead of LOCALEDIR.
	(i18n_localegettext): Ditto.
	* tools/gpgconf-comp.c (my_dgettext): Ditto.

2021-11-02  Werner Koch  <wk@gnupg.org>

	common: Support gpgconf.ctl also for BSDs.
	+ commit 49d589c409cc1813a48fecaf3fb5772e6febe281
	* common/homedir.c (MYPROC_SELF_EXE): New.
	(unix_rootdir): Use it here.  Also support GNUPG_BUILD_ROOT as
	fallback.

	common: Add keyword sysconfdir to the optional gpgconf.ctl file.
	+ commit 3828dd7a4067db2911caebde324053b4e354a486
	* common/homedir.c (unix_rootdir): Add arg want_sysconfdir.
	(gnupg_sysconfdir): Return it.

	common: Support a gpgconf.ctl file under Unix.
	+ commit 82328165cf4be4771674b703c1e15178f87530e2
	* common/homedir.c (unix_rootdir): New.
	(gnupg_bindir): Use it.
	(gnupg_libexecdir): Use it.
	(gnupg_libdir): Use it.
	(gnupg_datadir): Use it.
	(gnupg_localedir): Use it.

	common: New function substitute_envvars.
	+ commit f0162afb6b6f8ac1a993452643d8cb64fb3f2953
	* common/stringhelp.c (substitute_envvars): New.  Based on code in
	gpg-connect-agent.
	* common/t-stringhelp.c: Include sysutils.h.
	(test_substitute_envvars): New.

	common,w32: Do not always print "Garbled console data" warning.
	+ commit a756a61f19ce44958f93757894f65b09cebd484a
	* common/init.c (_init_common_subsystems): Silence message.

2021-11-02  NIIBE Yutaka  <gniibe@fsij.org>

	dns: Make reading resolv.conf more robust.
	+ commit 152f0281552f6a8e4bc082f3aaeec17c84001cfe
	* dirmngr/dns.c (dns_resconf_loadfile): Skip "search" which
	begins with '.'.

2021-10-22  Werner Koch  <wk@gnupg.org>

	gpg: Fix printing of binary notations.
	+ commit 918e9218002b2b0d455a8df86a63c9187cf6fdf4
	* g10/keylist.c (show_notation): Print binary notation from BDAT.

	gpgconf: create local option file even if a global file exists.
	+ commit 5e3eea4b738cc3e8e257635b7cb53dcf43c07f79
	* tools/gpgconf-comp.c (munge_config_filename): New.
	(change_options_program): Call it.

2021-10-22  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Select a reader for PC/SC.
	+ commit 752422a792cecf459b37f517d634bcf272292b14
	* scd/apdu.c (select_a_reader): New.
	(open_pcsc_reader): Use select_a_reader.

2021-10-13  Werner Koch  <wk@gnupg.org>

	gpg: New option --override-compliance-check.
	+ commit 773b8fbbe915449c723302f5268d7906b40d84d3
	* g10/gpg.c (oOverrideComplianceCheck): New.
	(opts): Add new option.
	(main): Set option and add check for batch mode.
	* g10/options.h (opt): Add flags.override_compliance_check.

	* g10/sig-check.c (check_signature2): Factor complaince checking out
	to ...
	(check_key_verify_compliance): new.  Turn error into a warning in
	override mode.

2021-10-06  Werner Koch  <wk@gnupg.org>

	Release 2.2.32.
	+ commit 476096099db9ea3f66581fa3ca8724291e3a5c80


2021-10-06  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Skip the packet when not used for AEAD.
	+ commit a17f1b607473f5aae081ffe22381dda2b54a7a6a
	* g10/free-packet.c (free_packet): Add the case for case
	PKT_ENCRYPTED_AEAD.

2021-10-06  Werner Koch  <wk@gnupg.org>

	dirmngr: New option --ignore-cert.
	+ commit 323a20399d905e8ae1cc0d71846c298116460464
	* dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen.
	(opt): Add field ignored_certs.
	* dirmngr/dirmngr.c: Add option --ignore-cert
	(parse_rereadable_options): Handle that option.
	(parse_ocsp_signer): Rename to ...
	(parse_fingerprint_item): this and add two args.
	* dirmngr/certcache.c (put_cert): Ignore all to be igored certs.
	Change callers to handle the new error return.

	dirmngr: Fix Let's Encrypt certificate chain validation.
	+ commit 341ab0123a8fa386565ecf13f6462a73a137e6a4
	* dirmngr/certcache.c (find_cert_bysubject): Return the first trusted
	certififcate if any.

2021-09-15  Werner Koch  <wk@gnupg.org>

	Release 2.2.31.
	+ commit ecf4c2f611238799a3af6369a64e418a77ab9dd6


2021-09-14  Werner Koch  <wk@gnupg.org>

	scd: Remove context reference counting from pc/sc.
	+ commit 67e1834ad402e86906429ba0e2bf7ebd72de2450
	* scd/apdu.c (pcsc): Add flag context_valid, remove count.
	(close_pcsc_reader): Use new flag instead of looking at magic context
	value.
	(pcsc_init): Set new flag.
	(open_pcsc_reader): Use new flag.
	(apdu_init): Clear new flag.

	* scd/apdu.c: Remove assert.h.  Replace all assert by log_assert.

2021-09-13  Werner Koch  <wk@gnupg.org>

	common: New envvar GNUPG_EXEC_DEBUG_FLAGS.
	+ commit 117afec018911a3b0187f15c8559f811a72ddb79
	* common/exechelp-w32.c (gnupg_spawn_process_detached): Silence
	breakaway messages and turn them again into debug messages.

2021-09-08  Werner Koch  <wk@gnupg.org>

	scd: Support PC/SC for "getinfo reader_list".
	+ commit f32994b0bf07d62bf596cc8bb6ec3c3a5f133ac4
	* scd/apdu.c: Include membuf.h.
	(pcsc): Add reader_list field.
	(open_pcsc_reader): Fill that field.
	(apdu_get_reader_list): New.
	* scd/command.c: Remove header ccid-driver.h.
	(pretty_assuan_send_data): New.
	(cmd_getinfo): Print all reader names.

2021-09-07  Werner Koch  <wk@gnupg.org>

	scd: Fix possible assertion in close_pcsc_reader.
	+ commit 192113552faa98f40cc91fe014ec55861474626c
	* scd/apdu.c (close_pcsc_reader): Don't ref-count if the context is
	invalid.
	(open_pcsc_reader): Compare the context against -1 which is our
	indicator for an invalid context.

	agent: Fix segv in GET_PASSPHRASE (regression)
	+ commit 4b2cfec2dc2fd524a4fed6c17bb11e6a7baf15f2
	* agent/command.c (cmd_get_passphrase): Do not deref PI.  PI is always
	NULL.

2021-08-27  NIIBE Yutaka  <gniibe@fsij.org>

	common: Fix put_membuf.
	+ commit 7e431e009e479e63f0996a612e12fb9d8b209ab9
	* common/membuf.c (put_membuf): Allow NULL for the second arg.

	build: Fix removal of AC_TYPE_SIGNAL.
	+ commit 0ca84cbdf0a5a956f4de80f874f8a3b495cfab20
	* configure.ac: AC_TYPE_SIGNAL is still needed.

	common: Fix get_signal_name for GNU/Linux.
	+ commit d5f9481186eaf2ff28d7ab04fd36f0bbd1c9714d
	* common/signal.c (get_signal_name): Use sigdescr_np if available.
	* configure.ac: Check the function.

2021-08-26  Werner Koch  <wk@gnupg.org>

	Release 2.2.30.
	+ commit d583e750a668f82bdaa1d0f7c4ffc68c35ed4ca6


2021-08-20  Werner Koch  <wk@gnupg.org>

	wkd: Properly unescape the user-id from a key listing.
	+ commit 2b65f4e953806977490b11cb4739c22ab94e0030
	* tools/wks-util.c (append_to_uidinfo_list): Unescape UID.

	common: New function decode_c_string.
	+ commit 17e2ec488f662059df0fd2d3b777aa51eab5c0cc
	* common/miscellaneous.c (decode_c_string): New.

	agent: Use the sysconfdir for a pattern file.
	+ commit 5ed8e598faaffa9aec43fc70199ed7f57560c2ba
	* agent/genkey.c (do_check_passphrase_pattern): Use make_filename.

	agent: Ignore passphrase constraints for a generated passphrase.
	+ commit db5dc7a91af3774cfbce0bc533e0f0b5498402fe
	* agent/agent.h (PINENTRY_STATUS_PASSWORD_GENERATED): New.
	(MAX_GENPIN_TRIES): Remove.
	* agent/call-pinentry.c (struct entry_parm_s):
	(struct inq_cb_parm_s): Add genpinhash and genpinhas_valid.
	(is_generated_pin): New.
	(inq_cb): Suppress constraints checking for a generated passphrase.
	No more need for several tries to generate the passphrase.
	(do_getpin): Store a generated passphrase/pin in the status field.
	(agent_askpin): Suppress constraints checking for a generated
	passphrase.
	(agent_get_passphrase): Ditto.
	* agent/command.c (cmd_get_passphrase): Ditto.

	wkd: Fix client issue with leading or trailing spaces in user-ids.
	+ commit 576e429d41a144ff4f0c00e8722da2f92ae17d9a
	* common/recsel.c (recsel_parse_expr): Add flag -t.
	* common/stringhelp.c (strtokenize): Factor code out to
	do_strtokenize.
	(strtokenize_nt): New.
	(do_strtokenize): Add arg trim to support the strtokenize_nt.
	* common/t-stringhelp.c (test_strtokenize_nt): New test cases.

	* tools/wks-util.c (wks_list_key): Use strtokenize_nt and the recsel
	flag -t.

	gpg: Return SUCCESS/FAILURE status also for --card-edit/name.
	+ commit 6685696adafba104072303507dedbbd45731d326
	* g10/card-util.c (change_name): Call write_sc_op_status.

2021-08-18  Werner Koch  <wk@gnupg.org>

	agent: Improve the GENPIN callback.
	+ commit 2e69ce878f893de0830317f94c51fdce70e1e540
	* agent/call-pinentry.c (DEFAULT_GENPIN_BYTES): Replace by  ...
	(DEFAULT_GENPIN_BITS): this and increase to 150.
	(generate_pin): Make sure that we use at least 128 bits.

	agent: Fix for zero length help string in pinentry hints.
	+ commit 4855888c0a56a50be6085476f5767d0c62722f2d
	* agent/call-pinentry.c: Remove unused assert.h.
	(inq_cb): Fix use use of assuan_end_confidential in case of nested
	use.
	(do_getpin): Ditto.
	(setup_formatted_passphrase): Escape the help string.
	(setup_enforced_constraints): Ignore empty help strings.

	common,w32: Replace log_debug by log_info for InProcessJobs.
	+ commit ec2f1b38980a1b60624a35707ccebb05c5524d2f
	* common/exechelp-w32.c (gnupg_spawn_process_detached): Use log_info.

2021-08-17  Werner Koch  <wk@gnupg.org>

	w32: Move socketdir to LOCAL_APPDATA.
	+ commit 4dfa951a0a631d5e0e44ff5fb8fb74adb651190c
	* common/homedir.c (is_gnupg_default_homedir): Use standard_homedir
	instead of the constant which makes a difference on Windows.
	(_gnupg_socketdir_internal) [W32]: Move the directory to LOCAL_APPDATA.
	(gnupg_cachedir): Remove unsued function.

	* common/sysutils.c (gnupg_rmdir): New.
	* tools/gpgconf.c (main): s/rmdir/gnupg_rmdir/.

	gpgconf,w32: Print more registry diagnostics with --list-dirs.
	+ commit 013f2e4672b1565002700e307d3bb95d9352c4d5
	* tools/gpgconf.c (list_dirs): Figure out classes with the key.

	agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pient.
	+ commit 455ba49071dea7588c9de11785b3092e45e4560b
	* agent/call-pinentry.c (atfork_core): Pass DISPLAY.

	agent: New option --check-sym-passphrase-pattern.
	+ commit c6a4a660fdb977713a1e6c0dd4dae97ddffbe376
	* agent/gpg-agent.c (oCheckSymPassphrasePattern): New.
	(opts): Add --check-sym-passphrase-pattern.
	(parse_rereadable_options): Set option.
	(main): Return option info.
	* tools/gpgconf-comp.c: Add new option.
	* agent/agent.h (opt): Add var check_sym_passphrase_pattern.
	(struct pin_entry_info_s): Add var constraints_flags.
	(CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1.
	(CHECK_CONSTRAINTS_NEW_SYMKEY): New.
	* agent/genkey.c (check_passphrase_pattern): Rename to ...
	(do_check_passphrase_pattern): this to make code reading
	easier. Handle the --check-sym-passphrase-pattern option.
	(check_passphrase_constraints): Replace arg no_empty by a generic
	flags arg.  Also handle --check-sym-passphrase-pattern here.
	* agent/command.c (cmd_get_passphrase): In --newsymkey mode pass
	CHECK_CONSTRAINTS_NEW_SYMKEY flag.
	* agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags.
	(struct inq_cb_parm_s): New.
	(inq_cb): Use new struct for parameter passing.  Pass flags to teh
	constraints checking.
	(do_getpin): Pass constraints flag down.
	(agent_askpin): Take constraints flag from the supplied pinentry
	struct.

2021-08-17  Ingo Klöcker  <dev@ingo-kloecker.de>

	agent: Add checkpin inquiry for pinentry.
	+ commit 9832566e4512ab7cb90aa0b7f769792f5c123ed4
	* agent/call-pinentry.c: Include zb32.
	(MAX_GENPIN_TRIES): New.
	(DEFAULT_GENPIN_BYTES): New.
	(generate_pin): New.
	(setup_genpin): New.
	(inq_quality): Rename to ...
	(inq_cb): this.  Handle checkpin inquiry.
	(setup_enforced_constraints): New.
	(agent_get_passphrase): Call sertup_genpin.  Call
	setup_enforced_constraints if new passphrase is requested.

2021-08-16  Ingo Klöcker  <dev@ingo-kloecker.de>

	agent: New option --pinentry-formatted-passphrase.
	+ commit 32fbdddf8b4729d9a54a7751c0b5e406a470657f
	* agent/agent.h (opt): Add field pinentry_formatted_passphrase.
	* agent/call-pinentry.c (setup_formatted_passphrase): New.
	(agent_get_passphrase): Pass option to pinentry.
	* agent/gpg-agent.c (oPinentryFormattedPassphrase): New.
	(opts): Add option.
	(parse_rereadable_options): Set option.

	common: Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to pinentry.
	+ commit 8fff61de9433e9293712a1dd21dfbe12f951eff9
	* common/session-env.c (stdenvnames): Add XDG_SESSION_TYPE and
	QT_QPA_PLATFORM.

2021-08-16  Werner Koch  <wk@gnupg.org>

	tools: Extend gpg-check-pattern.
	+ commit 5ca15e58b241901cc46fd9fad4db3bbb9e321988
	* tools/gpg-check-pattern.c: Major rewrite.

2021-07-04  Werner Koch  <wk@gnupg.org>

	Release 2.2.29.
	+ commit 695a879af81e895741109874b9ac0712e1afc994


2021-06-25  Werner Koch  <wk@gnupg.org>

	dirmngr: Change the default keyserver.
	+ commit 47c4e3e00a7ef55f954c14b3c237496e54a853c1
	* configure.ac (DIRMNGR_DEFAULT_KEYSERVER): Change to
	keyserver.ubuntu.com.

	* dirmngr/certcache.c (cert_cache_init): Disable default pool cert.
	* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
	* dirmngr/http.c (http_session_new): Ditto.

	* dirmngr/server.c (make_keyserver_item): Use a different mapping for
	the gnupg.net names.

	gpg: Let --fetch-key return an exit code on failure.
	+ commit 5fe4b978875271fb55f1f674ab545bed2b97a7a8
	* g10/keyserver.c (keyserver_fetch): Return an error code.
	* g10/gpg.c (main) <aFetchKeys>: Return 1 in case of no data.

2021-06-23  NIIBE Yutaka  <gniibe@fsij.org>

	scd:ccid: Handle LIBUSB_TRANSFER_OVERFLOW interrupt transfer.
	+ commit b90c55fa66db254da98958de10e1287c39a4322a
	* scd/ccid-driver.c (intr_cb): Ignore LIBUSB_TRANSFER_OVERFLOW.

	scd:ccid:spr532: Extend abort_cmd for initialization time.
	+ commit 8e941e19b08785e5e709943765548d4f9f9f57a3
	* scd/ccid-driver.c (abort_cmd): Add INIT argument to support
	synchronize until success, even ignoring timeout.
	(bulk_in): Normal use case of abort_cmd.
	(ccid_vendor_specific_init): Initial use case of abort_cmd.

2021-06-22  Werner Koch  <wk@gnupg.org>

	tests: Cope with broken Libgcrypt versions.
	+ commit af2fd9f0af25e1f95d9484f7d2125cd9888aa308
	* common/t-sexputil.c (test_ecc_uncompress): Ignore unknwon curve
	errors.

	w32: Add fallback in case the Windows console can't cope with Unicode.
	+ commit e94dfa21d2c17b590122d55468f68e8ab72e4193
	* common/ttyio.c (w32_write_console): Fallback to WriteConsoleA on
	error.

2021-06-21  Werner Koch  <wk@gnupg.org>

	dirmngr: Fix regression in KS_GET for mail address pattern.
	+ commit adf7bfba5ddce9faadff959369ba2271cdd36825
	* dirmngr/ks-engine-hkp.c (ks_hkp_search): Munge mail address pattern.
	(ks_hkp_get): Allow for mail addresses.
	-

	Before the keyserver changes in 2.2.28 gpg passed dirmngr a pail
	address as an exact pattern (e.g. "=foo@example.org").  Since 2.2.28
	the mail address is detected gpg gpg and we see for example
	"<foo@example.org>".  This patch fixes this to turn a mail address
	into an exact match again.

2021-06-14  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Error code map fix for older Yubikey.
	+ commit 01a413d5235f1bbd00f83fb86d0e183d8f0b1a57
	* scd/iso7816.c (map_sw): Recognize 6A86.

2021-06-11  NIIBE Yutaka  <gniibe@fsij.org>

	dirmngir: Fix build with --disable-ldap.
	+ commit c8b2162c0e7eb42b74811b7ed225fa0f56be4083
	* dirmngr/dirmngr.c (parse_rereadable_options) [USE_LDAP]:
	Conditionalize.

	dirmngr: Remove use of USE_LDAPWRAPPER.
	+ commit 8ee4c8d1e0d7677d4f8b9538c12b32bb6393c2c5
	* configure.ac (USE_LDAPWRAPPER): Remove.
	* dirmngr/Makefile.am: Use USE_LDAP instead of USE_LDAPWRAPPER.
	* dirmngr/ldap-wrapper-ce.c: Remove.
	* dirmngr/ldap-wrapper.h, dirmngr/ldap-wrapper.c: Remove
	USE_LDAPWRAPPER things.

2021-06-10  Werner Koch  <wk@gnupg.org>

	Release 2.2.28.
	+ commit 9f6076868ecd313e832c112ea79cfcffed3dc342


	gpg: Partial fix for Unicode problem in output files.
	+ commit 845711d1420cc01289c15ba49deb03200a5cd102
	* g10/openfile.c (overwrite_filep): Use gnupg_access.

	scd: Fix serial number detection for Yubikey 5.
	+ commit c2f02797cdefdce5afd8b29bb8e51d4515a70a96
	* scd/app.c (app_new_register): Handle serial number correctly.

2021-06-09  Werner Koch  <wk@gnupg.org>

	gpgtar,w32: Fix file size computation.
	+ commit 198b240b195596974e8b61e2b79fb6e8dc78f89a
	* tools/gpgtar-create.c (fillup_entry_w32): Move parentheses.

	sm: New option --ldapserver as an alias for --keyserver.
	+ commit d6df1bf84969bf5f5781e33bc1c2f6cb2aee0093
	* sm/gpgsm.c (opts): Add option --ldapserver and make --keyserver an
	alias.

	dirmngr: Allow to pass no filter args to dirmngr_ldap.
	+ commit f6e45671aa26f3e7abb968a876de7bbdb4fca3f1
	* dirmngr/dirmngr_ldap.c (main): Handle no args case.

2021-06-08  Werner Koch  <wk@gnupg.org>

	w32: Change spawn functions to use Unicode version of CreateProcess.
	+ commit 7a98e45e74ec2883c24689964d6119796da0969f
	* common/exechelp-w32.c (gnupg_spawn_process): Change to use
	CreateProcessW.
	(gnupg_spawn_process_fd): Ditto.
	(gnupg_spawn_process_detached): Ditto.
	* g10/exec.c (w32_system): Ditto.

2021-06-08  Andre Heinecke  <aheinecke@gnupg.org>

	common,w32: Breakaway detached childs when in job.
	+ commit f20e9a464487443552b6cbdf918c6448d3cb643f
	* common/exechelp-w32.c (gnupg_spawn_process_detached): Add
	CREATE_BREAKAWAY_FROM_JOB creation flag if required.

2021-06-08  Werner Koch  <wk@gnupg.org>

	w32: Always use Unicode for console input and output.
	+ commit b912f07cdf00043b97fca54e4113fab277726e03
	* common/init.c (_init_common_subsystems) [W32]: Set the codepage to
	UTF-8 for input and putput.  Switch gettext to UTF-8.
	* g10/gpg.c (utf8_strings) [W32]: Make sure this is always set.

	w32: Free memory allocated by new function w32_write_console.
	+ commit ebdb62a98a6e917bafb795b5f50483a95790e739
	* common/ttyio.c (w32_write_console): Free buffer.

	common,w32: Allow Unicode input and output with the console.
	+ commit 90aadf69f730ff1bd053abcd6cc8bc67518ecf4b
	* common/ttyio.c (do_get) [W32]: Use ReadConsoleW.
	(w32_write_console): New.
	(tty_printf, tty_fprintf) [W32]: Use new function.

	common: Re-indent ttyio.c and remove EMX, RISCOS, and CE support.
	+ commit 521e176a605e6b6229825761906005b05608daf5
	* common/ttyio.c: Remove cruft like EMX and RISCOS support.  Translate
	a few strings.  Re-indent.

	common: Rename w32-misc.c to w32-cmdline.c.
	+ commit d7d9a5ba3cbf9cf7e22a8871474032b525825eed
	* common/w32-misc.c: Rename to ....
	* common/w32-cmdline.c: this.
	* common/Makefile.am: Adjust.

	common,w32: Implement globing of command line args.
	+ commit 09f49b4c9aae46c40a189b1270e215bc978dbc3c
	* common/w32-misc.c [W32]: Include windows.h
	(struct add_arg_s): New.
	(add_arg): New.
	(glob_arg): New.
	(parse_cmdstring): Add arg argvflags and set it.
	(w32_parse_commandline): Add arg r_itemsalloced.  Add globing.

	* common/init.c (prepare_w32_commandline): Mark glob created items as
	leaked.

	* common/t-w32-cmdline.c : Include windows.h
	(test_all): Add simple glob test for Unix.
	(main): Add manual test mode for Windows.

	* common/xasprintf.c (xtryreallocarray): New.

	common,w32: Refine the command line parsing for \ in quotes.
	+ commit 4d6807b215e7541fd52caf7e4adc40d77670f99f
	* common/t-w32-cmdline.c (test_all): Add new test cases.
	* common/w32-misc.c (strip_one_arg): Add arg endquote.
	(parse_cmdstring): Take care of backslashes in quotes.

	common: First take on handling Unicode command line args.
	+ commit 90ddd1cf13cd6bb88d5bb8c1846d7297ca8ac81c
	* common/w32-misc.c: New.
	* common/t-w32-cmdline.c: New.
	* common/init.c: Include w32help.h.
	(prepare_w32_commandline): New.
	(_init_common_subsystems) [W32]: Call prepare_w32_commandline.

	* common/Makefile.am (common_sources) [W32]: Add w32-misc.c
	(module_tests): Add t-w32-cmdline
	(t_w32_cmdline_LDADD): New.

	gpg: Prepare for globing with UTF-8.
	+ commit 1f59c4c8e2cfa2b111f0798212546864668383f9
	* g10/gpg.c (_dowildcard): Remove.
	(my_strusage): Enable wildcards using our new system.

	dirmngr: Rewrite the LDAP wrapper tool.
	+ commit 39815c023f0371dea01f7c51469b19c06ad18718
	* dirmngr/ldap-misc.c: New.
	* dirmngr/ldap-misc.h: New.
	* dirmngr/ks-engine-ldap.c: Include ldap-misc.h.
	(ldap_err_to_gpg_err, ldap_to_gpg_err): Move to ldap-misc.c.
	* dirmngr/ldap-wrapper.c (ldap_wrapper): Print list of args in debug
	mode.
	* dirmngr/server.c (lookup_cert_by_pattern): Handle GPG_ERR_NOT_FOUND
	the saqme as GPG_ERR_NO_DATA.
	* dirmngr/ldap.c (run_ldap_wrapper): Add args tls_mode and ntds.
	Remove arg url.  Adjust for changes in dirmngr_ldap.
	(url_fetch_ldap): Remove args host and port.  Parse the URL and use
	these values to call run_ldap_wrapper.
	(attr_fetch_ldap): Pass tls flags to run_ldap_wrapper.
	(rfc2254_need_escape, rfc2254_escape): New.
	(extfilt_need_escape, extfilt_escape): New.
	(parse_one_pattern): Rename to ...
	(make_one_filter): this.  Change for new dirmngr_ldap calling
	convention.  Make issuer DN searching partly work.
	(escape4url, make_url): Remove.
	(start_cert_fetch_ldap): Change for new dirmngr_ldap calling
	convention.
	* dirmngr/dirmngr_ldap.c: Major rewrite.

	* dirmngr/t-ldap-misc.c: New.
	* dirmngr/t-support.h (DIM, DIMof): New.
	* dirmngr/Makefile.am (dirmngr_ldap_SOURCES): Add ldap-misc.c
	(module_tests) [USE_LDAP]: Add t-ldap-misc.
	(t_ldap_parse_uri_SOURCES): Ditto.
	(t_ldap_misc_SOURCES): New.

2021-06-08  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Appropriate error code for importing key with no passwd.
	+ commit 2f98d8a0f92dc991bff406e159690a111202fcb4
	* agent/cvt-openpgp.c (convert_from_openpgp_main): Return
	GPG_ERR_BAD_SECKEY.

2021-06-04  Werner Koch  <wk@gnupg.org>

	dirmngr: Remove useless code.
	+ commit 8bd5172539e1399b407aa2a9d56fa51b8e040ae3
	* dirmngr/ks-engine-ldap.c (my_ldap_connect): Remove the
	password_param thing because we set the password directly without an
	intermediate var.

2021-06-02  Werner Koch  <wk@gnupg.org>

	sm: Support AES-GCM decryption.
	+ commit b722fd755c77cbba12478f6de8913c73213d78ee
	* sm/gpgsm.c (main): Use gpgrt_fcancel on decryption error if gpgrt
	supports this.
	* sm/decrypt.c (decrypt_gcm_filter): New.
	(gpgsm_decrypt): Use this filter if requested.  Check authtag.
	* common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm
	in consumer (decrypt) de-vs mode.

2021-05-28  Werner Koch  <wk@gnupg.org>

	gpgconf: Make runtime changes with different homedir work.
	+ commit c8f0b02936c73b6ef3c99a1bea9ae63f74da0768
	* tools/gpgconf-comp.c (dirmngr_runtime_change): Pass --homedir
	first.  Remove unused variable.

	dirmngr: Fix default port for our redefinition of ldaps.
	+ commit 8de9d54ac83fa20cb52b847b643311841be4d6dc
	* dirmngr/server.c (make_keyserver_item): Fix default port for ldaps.
	Move a tmpstr out of the blocks.
	* dirmngr/ks-engine-ldap.c (my_ldap_connect): Improve diagnostics.

2021-05-27  NIIBE Yutaka  <gniibe@fsij.org>

	build: _DARWIN_C_SOURCE should be 1.
	+ commit 40b2890b4349781ddb0330193aed0286b1d23dad
	* configure.ac (*-apple-darwin*): Set _DARWIN_C_SOURCE 1.

2021-05-26  Werner Koch  <wk@gnupg.org>

	dirmngr: Use --ldaptimeout for OpenPGP LDAP keyservers.
	+ commit 317d5947b84ae2707e46b89fb0d8318c07174e13
	* dirmngr/ks-engine-ldap.c (my_ldap_connect): Use LDAP_OPT_TIMEOUT.

	* dirmngr/dirmngr.c (main): Move --ldaptimeout setting to ...
	(parse_rereadable_options): here.

	dirmngr: New option --ldapserver.
	+ commit ff17aee5d10c8c5ab902253fb4332001c3fc3701
	* dirmngr/dirmngr.c (opts): Add option --ldapserver.
	(ldapserver_list_needs_reset): New var.
	(parse_rereadable_options): Implement option.
	(main): Ignore dirmngr_ldapservers.conf if no --ldapserver is used.

	* dirmngr/server.c (cmd_ldapserver): Add option --clear and list
	configured servers if none are given.

	dirmngr: Allow for non-URL specified ldap keyservers.
	+ commit 2b4cddf9086faaf5b35f64a7db97a5ce8804c05b
	* dirmngr/server.c (cmd_ldapserver): Strip an optional prefix.
	(make_keyserver_item): Handle non-URL ldap specs.
	* dirmngr/dirmngr.h (struct ldap_server_s): Add fields starttls,
	ldap_over_tls, and ntds.

	* dirmngr/ldapserver.c (ldapserver_parse_one): Add for an empty host
	string.  Improve error messages for the non-file case.  Support flags.
	* dirmngr/ks-action.c (ks_action_help): Handle non-URL ldap specs.
	(ks_action_search, ks_action_get, ks_action_put): Ditto.
	* dirmngr/ks-engine-ldap.c: Include ldapserver.h.
	(ks_ldap_help): Handle non-URL ldap specs.
	(my_ldap_connect): Add args r_host and r_use_tls.  Rewrite to support
	URLs and non-URL specified keyservers.
	(ks_ldap_get): Adjust for changes in my_ldap_connect.
	(ks_ldap_search): Ditto.
	(ks_ldap_put): Ditto.

	gpg,sm: Simplify keyserver spec parsing.
	+ commit 9f586700ec4ceac97fd47cd799878a8847342ffa
	* common/keyserver.h: Remove.
	* sm/gpgsm.h (struct keyserver_spec): Remove.
	(opt): Change keyserver to a strlist_t.
	* sm/gpgsm.c (keyserver_list_free): Remove.
	(parse_keyserver_line): Remove.
	(main): Store keyserver in an strlist.
	* sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist.  Avoid
	an ambiguity in dirmngr by adding a prefix if needed.

	* g10/options.h (struct keyserver_spec): Move definition from
	keyserver.h to here.  Remove most fields.
	* g10/keyserver.c (free_keyserver_spec): Adjust.
	(cmp_keyserver_spec): Adjust.
	(parse_keyserver_uri): Simplify.
	(keyidlist): Remove fakev3 arg which does not make any sense because
	we don't even support v3 keys.

	dirmngr: Support pseudo URI scheme "opaque".
	+ commit 72124fadafde153f8ac89a70202006d831829d06
	* dirmngr/http.h (HTTP_PARSE_NO_SCHEME_CHECK): New.
	* dirmngr/http.c (http_parse_uri): Use this flag.  Change all callers
	to use the new macro for better readability.
	(do_parse_uri): Add pseudo scheme "opaque".
	(uri_query_value): New.

2021-05-21  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Release memory for RDRNAME.
	+ commit 5be0d075b1ad03a46a6169bf16cd3ee6102e1358
	* scd/apdu.c (apdu_close_reader): Free RDRNAME field.

2021-05-20  Jakub Jelen  <jjelen@redhat.com>

	scd: avoid memory leaks.
	+ commit 678e1b20d3531e642fa8871ea56c6c7d5c208fbe
	* scd/app-p15.c (send_certinfo): free labelbuf
	  (do_sign): goto leave instead of return
	* scd/command.c (cmd_genkey): goto leave instead of return

	common: Avoid double-free.
	+ commit 4dc4b025d6dd194a96b11ccfd64d763d2c902a91
	* common/name-value.c (do_nvc_parse): reset to null after ownership
	change

2021-05-19  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit 17b7048732e265450323cc3e01a48c9d492edf0c


2021-05-19  Werner Koch  <wk@gnupg.org>

	dirmngr: For KS_SEARCH return the fingerprint also with LDAP.
	+ commit f0e538619d5079fcd87c31e853e6deb28564a321
	* dirmngr/ks-engine-ldap.c (extract_keys): Return the fingerprint if
	available.
	(ks_ldap_search): Ditto.
	(extract_keys): Make sure to free the ldap values also in corner
	cases.
	(my_ldap_value_free): New.
	(ks_ldap_get): Ditto.
	(ks_ldap_search): Ditto.
	(my_ldap_connect): Ditto.

2021-05-18  Werner Koch  <wk@gnupg.org>

	gpg: Fix sending an OpenPGP key with umlaut to an LDAP keyserver.
	+ commit 7bf8530e75d05a712d00a333d59b0a8cf663b9cb
	* g10/call-dirmngr.c (record_output): Rewrite.

2021-05-18  Ingo Klöcker  <dev@ingo-kloecker.de>

	scd:p15: Fix logic for appending product name to MANUFACTURER.
	+ commit aa6288140481bccc366e87fcdc6781dc82d0af31
	* scd/app-p15.c (do_getattr): Append product name to MANUFACTURER if
	manufacturer_id does not already contain a bracket and if we have a
	product name.

2021-05-17  Werner Koch  <wk@gnupg.org>

	gpg: Use a more descriptive prompt for symmetric decryption.
	+ commit 03f83bcda5d1f8d8246bcc1afc603b7f74d0626b
	* g10/keydb.h (GETPASSWORD_FLAG_SYMDECRYPT): New.
	(passphrase_to_dek_ext): Remove this obsolete prototype.
	* g10/passphrase.c (passphrase_get): Add arg flags.  Use new flag
	value.
	(passphrase_to_dek): Add arg flags and pass it on.
	* g10/mainproc.c (proc_symkey_enc): Use new flag.

	sm: Ask for the password for password based decryption (pwri)
	+ commit 50ea1b67e8260aaebbeba0c4cd73e21443a74636
	* sm/decrypt.c (pwri_decrypt): Add arg ctrl.  Ask for passphrase.

	* sm/export.c (export_p12): Mark string as translatable.
	* sm/import.c (parse_p12): Ditto.

	sm: Support decryption of password based encryption (pwri)
	+ commit 6f31acac767f2ec67729c0491f29061b26fe14b9
	* sm/decrypt.c (string_from_gcry_buffer): New.
	(pwri_parse_pbkdf2): New.
	(pwri_decrypt): New.
	(prepare_decryption): Support pwri.
	(gpgsm_decrypt): Test for PWRI.  Move IS_DE_VS flag to DFPARM.

	* common/sexputil.c (cipher_mode_to_string): New.

	dirmngr: LDAP search by a mailbox now ignores revoked keys.
	+ commit b6f8cd7eef4b00a2c6ccaac743382f1dd83bde6a
	* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Ignore revoked
	and disable keys in mail mode.

2021-05-07  NIIBE Yutaka  <gniibe@fsij.org>

	scd,pcsc: Use a single context.
	+ commit 987b8168602286d06debbbc8d4deebd35f454e29
	* scd/apdu.c (pcsc): New variable.
	(struct reader_table_s): Remove pcsc.context from member.
	(pcsc_get_status, connect_pcsc_card): Use pcsc.context.
	(close_pcsc_reader): Release pcsc.context here with reference count.
	(apdu_open_one_reader): Move API loading to ...
	(pcsc_init): new.
	(apdu_open_one_reader): Remove.
	(apdu_open_reader): Call open_pcsc_reader instead of
	apdu_open_one_reader.
	(open_pcsc_reader): Call pcsc_init if needed.  Call close_pcsc_reader
	instead of pcsc_release_context.  Make reader parsing more robust.
	(apdu_init): Initialize pcsc.count and pcsc.context.

2021-05-04  Werner Koch  <wk@gnupg.org>

	gpg: Allow ECDH with a smartcard returning just the x-coordinate.
	+ commit b203325ce112c223a5164081cecd14744a01ff69
	* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Factor extraction
	part out to  ...
	(extract_secret_x): new.  Allow for x-only coordinate.
	(pk_ecdh_encrypt_with_shared_point): Change arg shared_mpi
	to (shared,nshared).  Move param check to the top.  Add extra safety
	check.
	(pk_ecdh_decrypt): Adjust for change.
	* g10/pkglue.c (get_data_from_sexp): New.
	(pk_encrypt): Use it for "s" and adjusted for changed
	pk_ecdh_encrypt_with_shared_point.
	* g10/pubkey-enc.c (get_it): Remove conversion to an MPI and call
	pk_ecdh_decrypt with the frame buffer.

	scd: Fix possible PC/SC removed card problem.
	+ commit 9d83bfb639680d3bc756fcfe2b7f83b18bed8dff
	* scd/apdu.c (pcsc_cancel): New.
	(pcsc_init): Load new function.
	(connect_pcsc_card): Use it after a removed card error.

	scd: Add string for another PC/SC error code.
	+ commit a475bb725be7e275a06e0625b0088f607f36634c
	* scd/apdu.c (PCSC_E_NO_READERS_AVAILABLE): New.
	(pcsc_error_string): Add a description for this.
	* scd/scdaemon.c (scd_kick_the_loop): Fix diagnostic.

2021-05-04  Kirill Elagin  <kirelagin@gmail.com>

	scd: Fix unblock PIN by a Reset Code with KDF.
	+ commit 6c4216094ef4771d1d5011b7aee35f241e3bcc4d
	* scd/app-openpgp.c (do_change_pin): Use correct CHVNO=1 for
	pin2hash_if_kdf, for user's PIN.

2021-05-04  Werner Koch  <wk@gnupg.org>

	gpg: Fix mailbox based search via AKL keyserver method.
	+ commit 22fe23f46d3179cb0a68f58bf6f722b89c0c4d9c
	* g10/keyserver.c (keyserver_import_name): Rename to ...
	(keyserver_import_mbox): this.  And use mail search mode.
	* g10/getkey.c (get_pubkey_byname): Change the two callers.

	gpg: Auto import keys specified with --trusted-keys.
	+ commit e7251be84c797ddbc3f0a5212886761666e3aa33
	* g10/getkey.c (get_pubkey_with_ldap_fallback): New.
	* g10/trustdb.c (verify_own_keys): Use it.

	(cherry picked from commit 100037ac0f558e8959fc065d4703c85c2962489e)

	gpg: Allow decryption w/o public key but with correct card inserted.
	+ commit e53f6037283e1a4f18b1c5d66d2678888c701cea
	* agent/command.c (cmd_readkey): Add option --no-data and special
	handling for $SIGNKEYID and $AUTHKEYID.
	* g10/call-agent.c (agent_scd_getattr): Create shadow keys for KEY-FPR
	output.
	* g10/skclist.c (enum_secret_keys): Automagically get a missing public
	key for the current card.

	agent: Silence error messages for READKEY --card.
	+ commit aa612d752ebb1851f23184df084aed5314b72e3a
