2017-07-19  Werner Koch  <wk@gnupg.org>

	Release 1.4.22.
	+ commit 6153268aaf04ec960a4e1dcc50434e815a47e0e8


2017-07-19  Åka Sikrom  <a4 -at- hush -dot- com>

	po: Update Norwegian translation.
	+ commit 5f7667eca899952480e066404f1b46eca7fe401f


2017-07-07  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Fix memory leak.
	+ commit 6b4abf1d491d30a6bdaeb2c425c780cacd65bab4
	* g10/textfilter.c (copy_clearsig_text): Free the buffer.

	rsa: Reduce secmem pressure.
	+ commit 1b1f44846b5f21a80ed101f2284ce5f6e8849ee7
	* cipher/rsa.c (secret): Don't keep secmem.

	rsa: Allow different build directory.
	+ commit 994d5b707559a800a650dc7f273372f509d74780
	* cipher/Makefile.am (AM_CPPFLAGS): Add mpi dirs.
	* cipher/rsa.c: Change include file.

2017-07-07  Marcus Brinkmann  <mb@g10code.com>

	rsa: Add exponent blinding.
	+ commit 8fd9f72e1b2e578e45c98c978cab4f6d47683d2c
	* cipher/rsa.c (secret_core_crt): Blind secret D with randomized
	nonce R for mpi_powm computation.

2017-07-07  NIIBE Yutaka  <gniibe@fsij.org>

	mpi: Minor fix for mpi_pow.
	+ commit 554ded4854758bf6ca268432fa087f946932a409
	* mpi/mpi-pow.c (mpi_powm): Fix allocation size.

	mpi: Same computation for square and multiply for mpi_pow.
	+ commit 12029f83fd0ab3e8ad524f6c9135854662fddfd1
	* mpi/mpi-pow.c (_gcry_mpi_powm): Compare msize for max_u_size.  Move
	the assignment to base_u into the loop.  Copy content refered by RP to
	BASE_U except the last of the loop.

	mpi: Simplify mpi_powm.
	+ commit b38f4489f75e6e435886aa885807738a22c7ff60
	* mpi/mpi-pow.c (_gcry_mpi_powm): Simplify the loop.

2017-07-04  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	mpi: Fix ARM assembler in longlong.h.
	+ commit 782f804765b6f4226fd77843e59f57dcca61b6fb
	* mpi/longlong.h [__arm__] (add_ssaaaa, sub_ddmmss): Add __CLOBBER_CC.
	[__arm__][__ARM_ARCH <= 3] (umul_ppmm): Add __AND_CLOBBER_CC.

2017-07-03  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	doc: Fix typo.
	+ commit 7b045f539e5f67c937c18157c26fb3a767c1c7e6


2017-05-10  Ineiev  <ineiev@gnu.org>

	g10: Fix secmem leak.
	+ commit 2c2121ff3c2b90f21b75dd56c981b4d9e6d1c0e2
	* g10/keygen.c (proc_parameter_file): Fix secmem leak.

2017-03-30  Werner Koch  <wk@gnupg.org>

	gpg: Fix exporting of zero length user ID packets.
	+ commit bb61191aad98c3dbb487c1f76dd1552d44a52fe3
	* g10/build-packet.c (do_user_id): Avoid indeterminate length header.

2016-11-02  Neal H. Walfield  <neal@g10code.com>
	    Michael Mönch  <michael.moench@marktjagd.de>

	tools: Fix option parsing for gpg-zip.
	+ commit f2acaa5d785a29eca629c4b3df739bc474249004
	* tools/gpg-zip.in: Correctly set GPG when --gpg is specified.
	Correctly set TAR when --tar is specified.  Pass TAR_ARGS to tar.

	(cherry-picked by dkg from master branch's
	84ebf15b06e435453b2f58775f97a3a1c61a7e55)

2016-08-17  Werner Koch  <wk@gnupg.org>

	Release 1.4.21.
	+ commit 47531220e57bf5093dcf2312884124f0a79e15db


	gpg: Add dummy option --with-subkey-fingerprint.
	+ commit 5e1843fc47457a9a0525ed7d3e55961d342ef1e2
	* g10/gpg.c (opts): Add dummy option.

	build: Create a swdb file during "make distcheck".
	+ commit 56792b1191a31c8409d7dcdb33b87a92f0e65ab2
	* Makefile.am (distcheck-hook): New.

2016-08-17  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit 851a9de23ac0977c66f5ef56f08d8ca5eae92930


2016-08-17  Werner Koch  <wk@gnupg.org>

	random: Hash continuous areas in the csprng pool.
	+ commit c6dbfe89903d0c8191cf50ecf1abb3c8458b427a
	* cipher/random.c (mix_pool): Store the first hash at the end of the
	pool.

	cipher: Improve readability by using a macro.
	+ commit e23eec8c9a602eee0a09851a54db0f5d611f125c
	* cipher/random.c (mix_pool): Use DIGESTLEN instead of 20.

2016-08-09  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Avoid publishing the GnuPG version by default.
	+ commit 61539efc2bc4ba9a9faceaced12660d588c1be7a
	* g10/gpg.c (main): initialize opt.emit_version to 0
	* doc/gpg.texi: document different default for --emit-version

2016-08-04  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	Clean up "allow to"
	+ commit 15d13272344fa0d8753a321c087b30a6d5115dfb
	* README, cipher/cipher.c, cipher/pubkey.c, doc/gpg.texi: replace
	  "allow to" with clearer text

	In standard English, the normal construction is "${XXX} allows ${YYY}
	to" -- that is, the subject (${XXX}) of the sentence is allowing the
	object (${YYY}) to do something.  When the object is missing, the
	phrasing sounds awkward, even if the object is implied by context.
	There's almost always a better construction that isn't as awkward.

	These changes should make the language a bit clearer.

	Fix spelling: "occured" should be "occurred"
	+ commit 1820889e3c4a9a07981951b3e74f722658fb01c5
	* checks/armor.test, cipher/des.c, g10/ccid-driver.c, g10/pkclist.c,
	  util/regcomp.c, util/regex_internal.c: correct the spelling of
	  "occured" to "occurred"

2016-08-04  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix checking key for signature validation.
	+ commit f474b161f6c8c7a3dc0fb90d25ffceacba1ff117
	* g10/sig-check.c (signature_check2): Not only subkey, but also primary
	key should have flags.valid=1.

2016-08-03  Justus Winter  <justus@g10code.com>

	Partially revert "g10: Fix another race condition for trustdb access."
	+ commit 0f6bda4ccd2091e386e78c369131388ae5ebc002
	This amends db246f8b which accidentally included the compiled
	translation files.

2016-07-09  NIIBE Yutaka  <gniibe@fsij.org>

	gpgv: Tweak default options for extra security.
	+ commit cf01cf8b88abb6ed5fea300c28e2a1e6a7c67804
	* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
	cached status.  Similarly, set opt.flags.require_cross_cert for backsig
	validation for subkey signature.

2016-07-06  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix keysize with --expert.
	+ commit ca1fc596267b42a894a3fc85c3733007c672ed1f
	* g10/keygen.c (ask_keysize): It's 768 only for DSA.

2016-06-28  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix --list-packets.
	+ commit 39e32d375ef72874848f138d941d6d17f5aff85c
	* g10/gpg.c (main): Call set_packet_list_mode after assignment of
	opt.list_packets.
	* g10/mainproc.c (do_proc_packets): Don't stop processing with
	--list-packets as the comment says.
	* g10/options.h (list_packets): Fix the comment.
	* g10/parse-packet.c: Fix the condition for opt.list_packets.

2016-06-15  Niibe Yutaka  <gniibe@fsij.org>

	g10: Fix another race condition for trustdb access.
	+ commit db246f8b18b77314938e596b8217bd97223d5aad
	* g10/tdbio.c (create_version_record): Call create_hashtable to always
	make hashtable, together with the version record.
	(get_trusthashrec): Remove call to create_hashtable.

2016-02-12  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Make sure to have the directory for trustdb.
	+ commit d957e4388f72581b1ec801613b5629b5ea3f586d
	* g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE.  Check
	the directory and create it if none before calling take_write_lock.

2016-02-01  Werner Koch  <wk@gnupg.org>

	Fix possible sign extension problem with newer compilers.
	+ commit 22caa5c2d4b65289a0857c36bcded36b34baf4d2
	* cipher/des.c (READ_64BIT_DATA): Cast to u32 before shifting by 24.
	* cipher/blowfish.c (do_encrypt_block): Ditto.
	(do_decrypt_block): Ditto.
	* cipher/camellia.c (CAMELLIA_RR8): Ditto.
	* cipher/cast5.c (do_encrypt_block): Ditto.
	(do_decrypt_block): Ditto.
	(do_cast_setkey): Ditto.
	* cipher/twofish.c (INPACK): Ditto.
	* util/iobuf.c (block_filter): Ditto.

2016-01-26  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix iobuf API of filter function for alignment.
	+ commit aa4a3aa3e7a0c7dc231b90b2958184c7138ccc93
	* include/iobuf.h (struct iobuf_struct): Remove DESC.
	* util/iobuf.c (iobuf_desc): New.
	(print_chain, iobuf_close, iobuf_open, iobuf_fdopen, iobuf_sockopen)
	(iobuf_create, iobuf_append, iobuf_openrw, iobuf_ioctl)
	(iobuf_push_filter2, pop_filter, underflow): Use iobuf_desc.
	(file_filter, sock_filter, block_filter): Fill the description.
	* g10/armor.c, g10/cipher.c, g10/compress-bz2.c, g10/compress.c,
	g10/encode.c, g10/encr-data.c, g10/mdfilter.c, g10/pipemode.c,
	g10/progress.c, g10/textfilter.c: Likewise.

2016-01-15  Werner Koch  <wk@gnupg.org>

	Fix possible AIX problem with sysconf in rndunix.
	+ commit a38dffde7b19bd4881afcd87c23aac2daa5bd52a
	* cipher/rndunix.c [HAVE_STDINT_H]: Include stdint.h.
	(start_gatherer): Detect misbehaving sysconf.

2016-01-13  NIIBE Yutaka  <gniibe@fsij.org>

	Fix to support git worktree.
	+ commit e26706700f6f339891cce924e2a401dfbdba1a0e
	* Makefile.am: Use -e for testing .git.

2015-12-21  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit d908e7d2384b5e742d41d468ad079c99f4b0a625


2015-12-19  Werner Koch  <wk@gnupg.org>

	Release 1.4.20.
	+ commit 19549aec296b4cba825682dbddb1fa4214b05cab


	w32: Avoid warning when using newer mingw versions.
	+ commit 56daf9b6e53b67f75305e7806860a3db94e3be2d
	* g10/tdbio.c (ftruncate): Do not define if already defined.

2015-12-19  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Add option --weak-digest to gpg and gpgv.
	+ commit 924518b10d4d8b39236a829989310a211f739c5b
	* g10/options.h: Add weak_digests linked list to opts.
	* g10/main.h: Declare weakhash linked list struct and
	additional_weak_digest() function to insert newly-declared weak
	digests into opts.
	* g10/misc.c: (additional_weak_digest): New function.
	(print_digest_algo_note): Check for deprecated digests.
	* g10/sig-check.c: (do_check): Reject all weak digests.
	* g10/gpg.c: Add --weak-digest option to gpg.
	* doc/gpg.texi: Document gpg --weak-digest option.
	* g10/gpgv.c: Add --weak-digest option to gpgv.
	* doc/gpgv.texi: Document gpgv --weak-digest option.

2015-12-19  Werner Koch  <wk@gnupg.org>

	gpg: Reject signatures made with MD5.
	+ commit 43e5d28c6dbab9e5bcf652b4051184d409910c69
	* g10/gpg.c: Add option --allow-weak-digest-algos.
	(main): Set option also in PGP2 mode.
	* g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
	* g10/sig-check.c (do_check): Reject MD5 signatures.
	* tests/openpgp/gpg.conf.tmpl: Add allow_weak_digest_algos.

2015-12-17  Werner Koch  <wk@gnupg.org>

	gpg: Change default cipher for --symmetric from CAST5 to AES-128.
	+ commit fc30a414d8d6586207444356ec270bd3fe0f6e68
	* g10/main.h (DEFAULT_CIPHER_ALGO): Change to AES or CAST5 or 3DES
	depending on configure options.
	* g10/gpg.c (main): Set opt.s2k_cipher_algo to DEFAULT_CIPHER_ALGO.

2015-12-17  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	Pass DBUS_SESSION_BUS_ADDRESS for gnome3.
	+ commit 751b287179c3a485261051a8bc838ee9405fa890
	* g10/passphrase.c (stdenvnames): Add DBUS_SESSION_BUS_ADDRESS.

2015-11-20  Werner Koch  <wk@gnupg.org>

	gpg: Avoid cluttering stdout with trustdb info in verbose mode.
	+ commit 8b5cb544a8a1d9274a072990b13bb1d3cb2f6ab2
	* g10/trustdb.c (validate_keys): Call dump_key_array only in debug
	mode.

2015-10-01  Werner Koch  <wk@gnupg.org>

	gpg: Silence a compiler warning.
	+ commit 6db18e29eb81b37ed6feb592add77d492c60fc35
	* g10/parse-packet.c (enum_sig_subpkt): Replace hack.

2015-09-17  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit 9232df23ac545e358d10c5539bdc9de2d05f15e8


2015-09-08  NIIBE Yutaka  <gniibe@fsij.org>

	po: Fix Spanish translation.
	+ commit bd6f80061a7f7dd8831a2ce989bbd47f46a195bc


2015-09-01  Werner Koch  <wk@gnupg.org>

	Obsolete option --no-sig-create-check.
	+ commit ae61f01523fc68fbd3dbac5f2ba761a7b8b117dd
	* cipher/rsa.c (rsa_sign): Verify after sign.
	* g10/gpg.c (opts): Make --no-sig-create-check a NOP.
	* g10/options.h (opt): Remove field "no_sig_create_check".
	* g10/sign.c (do_sign): Do check only for DSA.

2015-06-16  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix a race condition initially creating trustdb.
	+ commit ae38cbbca493725305c4131fbcafa716ae0c6109
	* g10/tdbio.c (take_write_lock, tdbio_set_dbname): Fix message.

2015-06-15  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix a race condition initially creating trustdb.
	+ commit 6f992d94ea708535b2f3a3de22b429401d59fac9
	* g10/tdbio.c (take_write_lock, release_write_lock): New.
	(put_record_into_cache, tdbio_sync, tdbio_end_transaction): Use
	new lock functions.
	(tdbio_set_dbname): Fix the race.
	(open_db): Don't call dotlock_create.

2015-05-19  NIIBE Yutaka  <gniibe@fsij.org>

	g10: detects public key encryption packet error properly.
	+ commit f3b00d88efa25e23f70b757cf99302af77d3d7ae
	g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for
	encryption.

	g10: Improve handling of no corresponding public key.
	+ commit b3fd30451a5464b124b0296afbc341cb98b3977c
	* g10/getkey.c (get_seckey): Return G10ERR_NO_PUBKEY when it's not
	exact match.

2015-04-30  NIIBE Yutaka  <gniibe@fsij.org>

	g10: fix cmp_public_key and cmp_secret_keys.
	+ commit 04667cabef2d6aaa214b288482bb902c891893a5
	* g10/free-packet.c (cmp_public_keys, cmp_secret_keys): Compare opaque
	data at the first entry of the array when it's unknown algo.
	* mpi/mpi-cmp.c (mpi_cmp): Backport libgcrypt 1.5.0's semantics.

2015-04-05  Werner Koch  <wk@gnupg.org>

	gpg: Fix DoS while parsing mangled secret key packets.
	+ commit 506eb6fec67f170827777f2f44ced6f50745a0ad
	* g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read
	et al.

2015-03-28  Werner Koch  <wk@gnupg.org>

	gpg: Remove left-over debug message.
	+ commit f34d88364a984947bcd7c344f9532f683b856353
	* g10/armor.c (check_input): Remove log_debug.

2015-02-27  Werner Koch  <wk@gnupg.org>

	Release 1.4.19.
	+ commit bcf44e2d153792e20036a26126ad77cef79a0304


	po: Update German translation.
	+ commit 47c2369bb723aac85caf848a7b563889e83bc88f


2015-02-26  David Prévot  <taffit@debian.org>

	po: Update French translation.
	+ commit 9dbfca0db80789d8d2020a945de2ccff484abc02


2015-02-26  Roman Pavlik  <rp@tns.cz>

	po: Update Czech translation.
	+ commit bcccd89eb93a413f633570d250b1e004cddef765


2015-02-26  Frans Spiesschaert  <Frans.Spiesschaert@yucom.be>

	po: Update Dutch translation.
	+ commit 0e4a82c59bd087a6099cccec3a4419f8f57bb3c0


2015-02-26  Manuel \"Venturi\" Porras Peralta  <venturi@openmailbox.org>

	po: Update Spanish translation.
	+ commit d27a4779108e265ad08d8f74887d32723cb62197


2015-02-26  Jakub Bogusz  <qboosh@pld-linux.org>

	po: Update Polish translation.
	+ commit 17a2356328d0cdf9ed7fcc3e8f1f3867d3ff611d


2015-02-26  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit 054b2c113ea01ff79dbe8365dba0c239ee4821e2


2015-02-26  Yuri Chornoivan  <yurchor@ukr.net>

	po: Update Ukrainian translation.
	+ commit e5b5f50af74c7a760240c109f2b4c37d92d254b8


2015-02-26  Milo Casagrande  <milo@milo.name>

	po: Update Italian translation.
	+ commit d252043b9b0aac9145f38d184c34cefbf1f9f1c9


2015-02-26  Jedi Lin  <Jedi@Jedi.org>

	Update Chinese (traditional) translation.
	+ commit 4986eddbdf3485452546e9243729522c2c3fef93


2015-02-26  Werner Koch  <wk@gnupg.org>

	Fix for building without DNS support.
	+ commit c43391f96537c304a8fddd2939a8380d8dd13319
	* util/cert.c (get_cert) [!USE_DNS_CERT]: Add want_ipgp.

	po,intl: Update to 0.19.3.
	+ commit 8adbf74b9398813c3e5d07c0789eaf75a6c3d97e


	Switch to a hash and CERT record based PKA system.
	+ commit 52c6c30647a96162a10715e667299167717c58dd
	* util/pka.c: Rewrite.
	(get_pka_info): Add arg fprbuflen.  Change callers to pass this.
	* util/strgutil.c (ascii_strlwr): New.
	* configure.ac: Remove option --disable-dns-pka.
	(USE_DNS_PKA): Remove ac_define.
	* g10/getkey.c (parse_auto_key_locate): Always include PKA.

	Move two functions from g10/ to util/.
	+ commit 240451a26e3e1fdabe0451a33f8918d4adfa852b
	* g10/misc.c (has_invalid_email_chars, is_valid_mailbox): Move to ...
	* util/strgutil.c: here.

	Add new function strconcat.
	+ commit 484d0730582a57808333e6af58d51c471f2b125a
	* include/util.h (GNUPG_GCC_A_SENTINEL): New.
	* util/strgutil.c (do_strconcat, strconcat): New.

	Add convenience function to hash a buffer.
	+ commit 2e7a3ed39007deb561a9175f7fccd52946c85d28
	* cipher/sha1.c (sha1_hash_buffer): New.

	Allow requesting only an IPGP certtype with dns_cert().
	+ commit d2323ce6fdceeba9765f23a1d5b5e4cb127d99ed
	* util/cert.c (get_cert): Add arg want_ipgp.  Change callers.

2015-02-26  NIIBE Yutaka  <gniibe@fsij.org>

	mpi: Avoid data-dependent timing variations in mpi_powm.
	+ commit 6cbc75e71295f23431c4ab95edc7573f2fc28476
	* include/mpi.h, mpi/mpiutils.c (mpi_set_cond): New.
	* mpi/mpi-pow.c (SIZE_PRECOMP): Rename from SIZE_B_2I3.
	(mpi_powm): Access all data in the table and use mpi_set_cond.

2015-02-23  Werner Koch  <wk@gnupg.org>

	Protect against NULL return of mpi_get_opaque.
	+ commit e0c13ad5f290aec05706797b8f6c9e13d613eb66
	* g10/seckey-cert.c (do_check): Call BUG for NULL return of
	get_opaque.

2015-02-23  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Fix segv due to NULL value stored as opaque MPI.
	+ commit 6f032181ba78c5eeb14f9aab4307a75bbaf0b115
	* g10/build-packet.c (do_secret_key): Check for NULL return from
	gcry_mpi_get_opaque.
	* g10/keyid.c (hash_public_key): Ditto.

2015-02-23  Werner Koch  <wk@gnupg.org>

	gpg: Remove an unused variable.
	+ commit a35ed8af41a91a52e1bbf992522a209f9c27dd55
	* g10/import.c (import): Remove need_armor.

	[dkg: rebased to STABLE-BRANCH-1-4]

2015-02-23  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	curl-shim: clean up varargs.
	+ commit 2b2f2767851eccb12e591c7a3fa432e6bf9db8f2
	* keyserver/curl-shim.c (curl_easy_setopt) : ensure that va_end is
	  called.

2015-02-23  Werner Koch  <wk@gnupg.org>

	gpg: Print better diagnostics for keyserver operations.
	+ commit cf8d89b0ce69d4cfaa835fab913cc7c77565a75d
	* g10/armor.c (parse_key_failed_line): New.
	(check_input): Watch out for gpgkeys_ error lines.
	* g10/filter.h (armor_filter_context_t): Add field key_failed_code.
	* g10/import.c (import): Add arg r_gpgkeys_err.
	(import_keys_internal): Ditto.
	(import_keys_stream): Ditto.
	* g10/keyserver.c (keyserver_errstr): New.
	(keyserver_spawn): Detect "KEY " lines while sending.  Get gpgkeys_err
	while receiving keys.
	(keyserver_work): Add kludge for better error messages.

	Use inline functions to convert buffer data to scalars.
	+ commit 57af33d9e7c9b20b413b96882e670e75a67a5e65
	* include/host2net.h (buf16_to_ulong, buf16_to_uint): New.
	(buf16_to_ushort, buf16_to_u16): New.
	(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.

	gpg: Prevent an invalid memory read using a garbled keyring.
	+ commit 81d3e541326e94d26a953aa70afc3cb149d11ebe
	* g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet
	types.

	gpg: Fix a NULL-deref in export due to invalid packet lengths.
	+ commit 68f260f77a9e4f5cacf0a58e4f55ddee125d3f00
	* g10/build-packet.c (write_fake_data): Take care of a NULL stored as
	opaque MPI.

	gpg: Fix a NULL-deref due to empty ring trust packets.
	+ commit 2e8db53854506572e9d5b5908e143b5ca28f30f5
	* g10/parse-packet.c (parse_trust): Always allocate a packet.

	gpg: Limit the size of key packets to a sensible value.
	+ commit 27d7addccf782d5cb0084cb17522d712d4a6d6b6
	* g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New.
	(MAX_UID_PACKET_LENGTH): New.
	(MAX_COMMENT_PACKET_LENGTH): New.
	(MAX_ATTR_PACKET_LENGTH): New.
	(parse_key): Limit the size of a key packet to 256k.
	(parse_user_id): Use macro for the packet size limit.
	(parse_attribute): Ditto.
	(parse_comment): Ditto.

	gpg: Allow predefined names as answer to the keygen.algo prompt.
	+ commit 20e14e331de4a7e9746650f8b39c1a66d2565c9e
	* g10/keygen.c (ask_algo): Add list of strings.

	gpg: Print a warning if the subkey expiration may not be what you want.
	+ commit 8baf452bb308a59478c9148109f4c78941170ecc
	* g10/keyedit.c (subkey_expire_warning): New.
	keyedit_menu): Call it when needed.

2015-02-11  Werner Koch  <wk@gnupg.org>

	Use ciphertext blinding for Elgamal decryption.
	+ commit ff53cf06e966dce0daba5f2c84e03ab9db2c3c8b
	* cipher/elgamal.c (USE_BLINDING): New.
	(decrypt): Rewrite to use ciphertext blinding.

2015-01-19  Werner Koch  <wk@gnupg.org>

	Modernize to automake 1.14.
	+ commit 592e1aa407a021ed8477f82b1291f30c80291086
	* Makefile.am (AUTOMAKE_OPTIONS): Move to ...
	* configure.ac (AM_INIT_AUTOMAKE): here and add serial-tests.

	* keyserver/Makefile.am: Replace INCLUDES by AM_CPPFLAGS.
	* mpi/Makefile.am: Ditto.
	* util/Makefile.am: Ditto.
	* keyserver/Makefile.am: Ditto.  Adjusted other things.

	* m4/intl.m4, m4/po.m4: Use autoconf's AC_PROG_MKDIR_P.

	Fix a problem with select and high fds.
	+ commit 8adb5ff26062f717619aa816de8b27aa7d40d6c8
	* cipher/rndlinux.c (rndlinux_gather_random): Check fd before using
	FD_SET.

2015-01-13  Werner Koch  <wk@gnupg.org>

	doc: Formatting fixes.
	+ commit ed6287d2e1546ee0f4064675270da003f51e1b39
	* doc/gpl.texi: Fix enumerate and re-indent examples.

2015-01-13  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	avoid future chance of using uninitialized memory.
	+ commit e7cbce8fb2b7417fd1048f916b3e3281f5b9dd7b
	* util/iobuf.c: (iobuf_open): initialize len

2015-01-13  Werner Koch  <wk@gnupg.org>

	doc: Fix memory leak in yat2m.
	+ commit e2e822d22526c1545e095bc24173b732137f5737
	* doc/yat2m.c (write_th): Free NAME.

	gpg: Fix possible read of unallocated memory.
	+ commit aab282855ada8dddee99c777c91829344e91f31a
	* g10/parse-packet.c (can_handle_critical): Check content length
	before calling can_handle_critical_notation.

2015-01-09  Werner Koch  <wk@gnupg.org>

	scd: Fix possibly inhibited checkpin of the admin pin.
	+ commit c83e250ef36c28a275de74d96e89898e9f99cb1e
	* scd/app-openpgp.c (do_check_pin): Do not check a byte of a released
	buffer.

2015-01-08  Joshua Rogers  <git@internot.info>

	scd: fix get_public_key for OpenPGPcard v1.0.
	+ commit 3ca1f4098c70d322658cfaaa0d12164e6ac6d5ad
	* scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use.

2014-12-12  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: release DEK soon after its use.
	+ commit da66ad5bba4215b9ddd0cb927a89aa75355632aa
	* g10/keygen.c (generate_subkeypair): Release DEK soon.

2014-11-24  Werner Koch  <wk@gnupg.org>

	gpg: Fix use of uninit.value in listing sig subpkts.
	+ commit 2d359681f08999686734421228cb69893d8a0060
	* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
	sanitized.

	gpg: Fix off-by-one read in the attribute subpacket parser.
	+ commit 2b4809406b6536cbb67a2282bf855710b8454dc2
	* g10/parse-packet.c (parse_attribute_subpkts): Check that the
	attribute packet is large enough for the subpacket type.

	gpg: Fix a NULL-deref for invalid input data.
	+ commit 69767ccf4218d0dc5ef2d7e141be0f14c88fea59
	* g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
	entry.

2014-11-14  Werner Koch  <wk@gnupg.org>

	gpg: Make the use of "--verify FILE" for detached sigs harder.
	+ commit fbb50867f81d790c4bf819dcadcd14be6c3f957b
	* g10/openfile.c (open_sigfile): Factor some code out to ...
	(get_matching_datafile): new function.
	* g10/plaintext.c (hash_datafiles): Do not try to find matching file
	in batch mode.
	* g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
	matching data file is not used by a standard signatures.

2014-11-12  Werner Koch  <wk@gnupg.org>

	gpg: Add import option "keep-ownertrust".
	+ commit 42d2474a02aa46e6fecf0e35c067aa0b6481ffbe
	* g10/options.h (IMPORT_KEEP_OWNERTTRUST): New.
	* g10/import.c (parse_import_options): Add "keep-ownertrust".
	(import_one): Act upon new option.

2014-10-03  Werner Koch  <wk@gnupg.org>

	mpi: Fix compiler warning.
	+ commit f68123551f4d5b286309006da67c57878f6cc619
	* mpi/mpi-inv.c (mpi_invm): Do not return a value.

2014-10-03  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Add build and runtime support for larger RSA keys.
	+ commit 534e2876acc05f9f8d9b54c18511fe768d77dfb5
	* configure.ac: Added --enable-large-secmem option.
	* g10/options.h: Add opt.flags.large_rsa.
	* g10/gpg.c: Contingent on configure option: adjust secmem size,
	add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
	* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
	* doc/gpg.texi: Document --enable-large-rsa.

2014-09-29  Werner Koch  <wk@gnupg.org>

	doc: Final update from master (gnupg 2.1)
	+ commit 3209f270d236fae588edaab3d48fe707eb25641c
	* doc/Makefile.am (sources_from_trunk): Remove.
	(update-source): Make it a dummy.
	* doc/gpg.texi: Update.
	* doc/yat2m.c: Update.

	Allow use of --debug-level=LEVEL without '='.
	+ commit ad30b2a4ae06a51f747bbd8a3c0985333295f8c6
	* g10/gpg.c (opts): Fix "debug-level".

2014-09-11  Werner Koch  <wk@gnupg.org>

	mpi: Improve mpi_invm to detect bad input.
	+ commit cd53cdbc3774fb193bdebcdc5d7019ddebc16dbc
	* mpi/mpi-inv.c (mpi_invm): Return 0 for bad input.

2014-08-20  Werner Koch  <wk@gnupg.org>

	mpi: Suppress set-but-unused-variables warnings.
	+ commit b89f57fe5db364f78154671e1b2fe1ecd1b5c407
	* include/types.h (GNUPG_GCC_ATTR_UNUSED): Define for gcc >= 3.5.
	* mpi/mpih-div.c (mpihelp_divmod_1, mpihelp_mod_1): Mark dummy as
	 unused.
	* mpi/mpi-internal.h (UDIV_QRNND_PREINV): Mark _ql as unused.

	Fix strict-alias warnings for rijndael.c.
	+ commit ecf2728230788f413cf1864c3cbda73d63de8491
	* cipher/rijndael.c (do_setkey, prepare_decryption): Use u32_a_t cast.

	gpg: Allow compressed data with algorithm 0.
	+ commit 45e3b81114f40070dd638ac790f42df01b8c1484
	* g10/mainproc.c (proc_compressed): Remove superfluous check for
	an algorithm number of 0.

2014-08-06  Werner Koch  <wk@gnupg.org>

	gpg: Fix regression due to the keyserver import filter.
	+ commit d58552760b26d840824658814d59c8b1a25a4219
	* g10/keyserver.c (keyserver_retrieval_filter): Change args.  Rewrite
	to take subpakets in account.
	* g10/import.c (import_one, import_secret_one): Pass keyblock to
	filter.

	Add kbnode_t for easier backporting.
	+ commit dcf58b3471b1c9ba87a826aa132033e506664808
	* g10/global.h (kbnode_t): New.

2014-06-30  Werner Koch  <wk@gnupg.org>

	Release 1.4.18.
	+ commit 6a7b763e05d352a08f639d5eef9d0bac01c5c456


	Limit keysize for unattended key generation to useful values.
	+ commit aae7ec516b79e20938c56fd48fc0bc9d2116426c
	* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
	(gen_rsa): Enforce keysize 1024 to 4096.
	(gen_dsa): Enforce keysize 768 to 3072.

	Make screening of keyserver result work with multi-key commands.
	+ commit 955524f4359ba9e9de213f4067c38df9ae4808a8
	* g10/keyserver.c (ks_retrieval_filter_arg_s): new.
	(keyserver_retrieval_filter): Use new struct and check all
	descriptions.
	(keyserver_spawn): Pass filter arg suing the new struct.

2014-06-23  Werner Koch  <wk@gnupg.org>

	Release 1.4.17.
	+ commit 297f2ac6451e638ed96926d06b01189076010823


	doc: Update from master.
	+ commit bfc7893bdaf4dc674799ddddc0cae8f0af642b9d


	Fix syntax error introduced with 60bd6488.
	+ commit 0d0961c483f9cd0e195f88c0c82dbf2c859f88fe
	* g10/apdu.c (pcsc_dword_t): Fix syntax error.

2014-06-23  Stefan Tomanek  <tomanek@internet-sicherheit.de>

	Screen keyserver responses.
	+ commit 5230304349490f31aa64ee2b69a8a2bc06bf7816
	* g10/main.h: Typedef import_filter for filter callbacks.
	* g10/import.c (import): Add filter callbacks to param list.
	(import_one): Ditto.
	(import_secret_one): Ditto.
	(import_keys_internal): Ditto.
	(import_keys_stream): Ditto.
	* g10/keyserver.c (keyserver_retrieval_filter): New.
	(keyserver_spawn): Pass filter to import_keys_stream()

2014-06-23  Werner Koch  <wk@gnupg.org>

	Print hash algorithm in sig records.
	+ commit 8eab483a1c4817a2946624c7305f464089d1875e
	* g10/keylist.c (list_keyblock_colon): Print field 16.

	Remove useless diagnostic in MDC verification.
	+ commit 01bd0558dd2f8b80d2f3b61f91c11a68357c91fd
	* g10/encr-data.c (decrypt_data): Do not distinguish between a bad MDC
	packet header and a bad MDC.

	intl: Fix for uClibc.
	+ commit bb4d5c2d5f20afff4f5382b33e9f530e3352c06f
	* intl/localename.c (gl_locale_name_thread_unsafe): Take care of
	uCLIBC.

	PC/SC cleanup.
	+ commit 60bd6488c06dd849465bfbff518297a24d28ea08
	* g10/apdu.c (pcsc_dword_t): New.  It was named as DWORD (double-word)
	when a word was 16-bit.
	(struct reader_table_s): Fixes for types.
	(struct pcsc_readerstate_s) [__APPLE__]: Enable #pragma pack(1).
	Throughout: Fixes for types.

	gpg: Use more specific reason codes for INV_RECP.
	+ commit 4239780d5a8418d675884309416aa3f71b5b8faa
	* g10/pkclist.c (build_pk_list): Use more specific reasons codes for
	INV_RECP.

	doc: Remove outdated Russian man page.
	+ commit e28cbdc5598d64bd3f87230cc4e9f0e11da3893e
	* configure.ac (DOCBOOK_TO_MAN): Remove.
	* doc/gpg.ru.sgml: Remove.
	* doc/Makefile.am: Remove all gpg.ru related code.

2014-06-20  Werner Koch  <wk@gnupg.org>

	gpg: Avoid infinite loop in uncompressing garbled packets.
	+ commit 11fdfcf82bd8d2b5bc38292a29876e10770f4b0a
	* g10/compress.c (do_uncompress): Limit the number of extra FF bytes.

2014-03-06  Werner Koch  <wk@gnupg.org>

	gpg: Need to init the trustdb for import.
	+ commit 23191d7851eae2217ecdac6484349849a24fd94a
	* g10/trustdb.c (clear_ownertrusts): Init trustdb.

2014-01-23  Werner Koch  <wk@gnupg.org>

	Support building using the latest mingw-w64 toolchain.
	+ commit 24ba0ce93263c42afb9f087ffcf2edda0b433022
	* acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Change mingw detection.

2013-12-13  Werner Koch  <wk@gnupg.org>

	Release 1.4.16.
	+ commit 7cdb86e0ad7a3f452c2f7358e3e830785281addc


2013-12-11  Werner Koch  <wk@gnupg.org>

	Change --show-session-key to print the session key earlier.
	+ commit fa3f555d756be0229ab10516b901e50230b22033
	* g10/mainproc.c (proc_encrypted): Move show_session_key code to ...
	* g10/decrypt-data.c (decrypt_data): here.

2013-12-10  Werner Koch  <wk@gnupg.org>

	Update config.{guess,sub} and some copyright notices.
	+ commit 4466fdba7bb4cac0b5c4a21b98903bb7f27fd9d9
	* scripts/config.guess, scripts/config.sub: Update to version
	2013-11-29.

2013-12-05  Werner Koch  <wk@gnupg.org>

	Prepare for newer automakes which default to parallel tests.
	+ commit 9b516323d7dc3e6103745becb63f5cc9fd8cc606
	* checks/Makefile.am: Add a list of test dependencies.

2013-12-03  Werner Koch  <wk@gnupg.org>

	Normalize the MPIs used as input to secret key functions.
	+ commit d0d72d98f34579213230b3febfebd2fd8dff272b
	* cipher/rsa.c (secret): Normalize the INPUT.
	(rsa_decrypt): Pass reduced data to secret.
	* cipher/elgamal.c (decrypt): Normalize A and B.
	* cipher/dsa.c (sign): Normalize HASH.

	Use blinding for the RSA secret operation.
	+ commit 93a96e3c0c33370248f6570d8285c4e811d305d4
	* cipher/random.c (randomize_mpi): New.
	* g10/gpgv.c (randomize_mpi): New stub.
	* cipher/rsa.c (USE_BLINDING): Define macro.
	(secret): Implement blinding.

2013-11-27  Werner Koch  <wk@gnupg.org>

	gpg: Change armor Version header to emit only the major version.
	+ commit b135372176b29ca985afa18398a455fd4e2a2063
	* g10/options.h (opt): Rename field no_version to emit_version.
	* g10/gpg.c (main): Init opt.emit_vesion to 1.  Change --emit-version
	to bump up opt.emit_version.
	* g10/armor.c (armor_filter): Implement different --emit-version
	values.

2013-10-18  Werner Koch  <wk@gnupg.org>

	mpi: mpi-pow improvements.
	+ commit cad8216f9a0b33c9dc84ecc4f385b00045e7b496
	* mpi/mpi-pow.c (USE_ALGORITHM_SIMPLE_EXPONENTIATION): New.
	(mul_mod) [!USE_ALGORITHM_SIMPLE_EXPONENTIATION]: New.
	(mpi_powm) [!USE_ALGORITHM_SIMPLE_EXPONENTIATION]: New implementation
	of left-to-right k-ary exponentiation.

	Print the keyid for key packets with --list-packets.
	+ commit 0bdf121d1dcf98d7df28af67272caaac07f6f581
	* g10/parse-packet.c (parse_key): Add keyid printing.

2013-10-11  Werner Koch  <wk@gnupg.org>

	mpi: Fix syntax error for mips64 and gcc < 4.4.
	+ commit 9d89564a4255d58b7e26c6845bcea69ec5b0214f
	* mpi/longlong.h [__mips && gcc < 4.4]: Fix cpp syntax error.

	gpg: Do not require a trustdb with --always-trust.
	+ commit 2528178e7e2fac6454dd988121167305db7c71d9
	* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
	* g10/trustdb.c (trustdb_args): Add field no_trustdb.
	(init_trustdb): Set that field.
	(revalidation_mark):  Take care of a nonexistent trustdb file.
	(read_trust_options): Ditto.
	(get_ownertrust): Ditto.
	(get_min_ownertrust): Ditto.
	(update_ownertrust): Ditto.
	(update_min_ownertrust): Ditto.
	(clear_ownertrusts): Ditto.
	(cache_disabled_value): Ditto.
	(check_trustdb_stale): Ditto.
	(get_validity): Ditto.
	* g10/gpg.c (main): Do not create a trustdb with most commands for
	trust-model always.

2013-10-04  Werner Koch  <wk@gnupg.org>

	Release 1.4.15.
	+ commit 8707657fe635b50a5e1a4ed804ea2645c1427ac6


	doc: Update from master.
	+ commit f5c32bd1c6416c97762d7960c94d6f536e259cfa


	gpg: Print a "not found" message for an unknown key in --key-edit.
	+ commit 4a06d9a600def07fdcbb9a6a9500776767d3c2f4
	* g10/keyedit.c (keyedit_menu): Print message.

	gpg: Protect against rogue keyservers sending secret keys.
	+ commit d74dd36c11f1643bd92efb50714e2448cdb885d0
	* g10/options.h (IMPORT_NO_SECKEY): New.
	* g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
	flag.
	* g10/import.c (import_secret_one): Deny import if flag is set.

2013-10-04  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Allow setting of all zero key flags.
	+ commit fe0fb5e6b0bb351eb6244e290e112a22a68472d8
	* g10/keygen.c (do_add_key_flags): Do not check for empty key flags.
	(cherry picked from commit b693ec02c467696bf9d7324dd081e279f9965151)
	(cherry picked from commit dd868acb0d13a9f119c0536777350a6c237a66a1)

2013-10-04  Werner Koch  <wk@gnupg.org>

	gpg: Distinguish between missing and cleared key flags.
	+ commit 27d0f32f77fbef59ddf7c6d79b5b4adee6b2e6ac
	* include/cipher.h (PUBKEY_USAGE_NONE): New.
	* g10/getkey.c (parse_key_usage): Set new flag.

	keyserver: Allow use of cURL's default CA store.
	+ commit 69088ac76fd4b9f303edf3c1453088dda8596399
	* keyserver/gpgkeys_curl.c (main): Set CURLOPT_CAINFO only if a file
	has been given.
	* keyserver/gpgkeys_hkp.c (main): Ditto.

	gpg: Limit the nesting level of I/O filters.
	+ commit f10b184e48015f30849d7611bd9654ed23b91211
	* until/iobuf.c (MAX_NESTING_FILTER): New.
	(iobuf_push_filter2): Limit the nesting level.

2013-10-02  Werner Koch  <wk@gnupg.org>

	gpg: Fix bug with deeply nested compressed packets.
	+ commit d90a1d23404f482cc4a5a2b2ee0f296d67ff2227
	* g10/mainproc.c (MAX_NESTING_DEPTH): New.
	(proc_compressed): Return an error code.
	(check_nesting): New.
	(do_proc_packets): Check packet nesting depth.  Handle errors from
	check_compressed.

2013-09-16  Werner Koch  <wk@gnupg.org>

	Fix bug in mpi_tdiv_q_2exp.
	+ commit 9dc6dd0572102a2fa27df28ba4d66728827eb03d
	* mpi/mpi-internal.h (MPN_COPY_INCR): Make it work.

2013-08-30  Werner Koch  <wk@gnupg.org>

	gpg: Use 2048 as the default keysize in batch mode.
	+ commit 6ed7056197e7ede1305b25457e4633c4ac4301d4
	* g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to
	2048.

2013-08-02  Werner Koch  <wk@gnupg.org>

	gpg: No need to create a trustdb when encrypting with --always-trust.
	+ commit a1a59e6a539e597996976d0afb6aa3062e954188
	* g10/gpg.c (main): Special case setup_trustdb for --encrypt.

2013-07-25  Werner Koch  <wk@gnupg.org>

	Release 1.4.14.
	+ commit fb5c9deaa506249518705846cd9f4c178fe1c4e6


2013-07-25  Jedi Lin  <Jedi@Jedi.org>

	Update Chinese translation.
	+ commit beb6a51df79ce25f16b9b37b25badbc02cb05782


2013-07-25  Werner Koch  <wk@gnupg.org>

	Update to modern beta release numbering scheme.
	+ commit 439999da117d9be9f88bb3e0ce7c444f9484ee2f
	* configure.ac: s/my_/mym4_/.  Add new release building code.

	Prepare for a forthcoming new algorithm id.
	+ commit 801803ab6e954173c2dcb7f0eb6eb8623238e99c
	* include/cipher.h (PUBKEY_ALGO_ECC): New.
	* g10/keyid.c (pubkey_letter): Add letter 'C'.

	Mitigate a flush+reload cache attack on RSA secret exponents.
	+ commit 35646689f4b80955ff7dbe1687bf2c479c53421e
	* mpi/mpi-pow.c (mpi_powm): Always perform the mpi_mul for exponents
	hold in secure memory.

	Fix git revision parsing.
	+ commit fd86f3031161f11c3cbef643a213a04c821364dd
	* configure.ac: Use git rev-parse to retrieve the revision.

2013-07-16  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: fix previous change.
	+ commit f61d8fa5a7591423f5a2ef43725b308acd5f2357
	* g10/gpgv.c: Fix void dotlock_remove_lockfiles.

2013-07-12  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: signal handling fix.
	+ commit 212a325d428e0ab5c51c42a3ea33efb21ad1f79f
	* include/dotlock.h (dotlock_remove_lockfiles_reclaim): New.
	  (dotlock_destroy, dotlock_remove_lockfiles): Add a flag to reclaim
	  memory or not.
	* util/dotlock.c (dotlock_create): Use
	  dotlock_remove_lockfiles_reclaim for atexit.
	  (dotlock_destroy_unix, dotlock_destroy)
	  (dotlock_remove_lockfiles): Add a reclaim flag.
	  (dotlock_remove_lockfiles_reclaim): New.
	* g10/signal.c (got_fatal_signal): Disable flag of reclaim memory to
	  avoid non-async-face call.
	* g10/keydb.c (maybe_create_keyring): Follow the API change.
	* g10/gpgv.c: Follow the API change.

2013-03-03  David Shaw  <dshaw@jabberwocky.com>

	Differentiate between success (full or partial), not-found, and failure.
	+ commit 6f0ec6ab485f48c8079ab2a16ed41ee7859f88ab
	* keyserver/gpgkeys_hkp.c (get_key): Use curl_easy_setinfo to get the
	  HTTP status code so we can tell the difference between a successful
	  retrieval, a partial retrieval, a not-found, or a server failed.

	Emulate curl_easy_getinfo and CURLINFO_RESPONSE_CODE in curl-shim.
	+ commit ca0b94d4d41c81045ed97fad0569ff4b64e5a6fe
	* keyserver/curl-shim.h, keyserver/curl-shim.c (curl_easy_getinfo):
	  New. Return the HTTP status code for the last transfer.

2013-01-30  David Shaw  <dshaw@jabberwocky.com>

	Fix DNS check for recent OS X releases.
	+ commit 1edc1b3751496885b236f5ab1194ad667c96b174
	* configure.ac: OS X now needs BIND_8_COMPAT and -lresolv

2013-01-11  Werner Koch  <wk@gnupg.org>

	Automake 1.13 compatibility fix.
	+ commit b4d4acf491105687c98178b6f4efed2ca9bdc98f
	* configure.ac: s/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/.

	Fix idea.c for big endian CPUs.
	+ commit 37f1a427440b9bb4374bf7d878f17190df75918b
	* cipher/idea.c: Replace use of WORDS_BIGENDIAN by BIG_ENDIAN_HOST.

2013-01-11  Christian Aistleitner  <christian@quelltextlich.at>

	Fix honoring --cert-digest-algo when recreating a cert.
	+ commit ff5cfadc2c402ebc3884ad2575bc5a51f0067f56
	* g10/sign.c (update_keysig_packet): Override original signature's
	digest algo in hashed data.

2012-12-20  Werner Koch  <wk@gnupg.org>

	Release 1.4.13.
	+ commit 0bd168bf8eecf4ec11c147edada0f08bebdc6cc0


	Last fix for the SRV record patches.
	+ commit 2812ab7d6a7f47128edd89c41038c553f7153318
	* keyserver/gpgkeys_hkp.c (srv_replace): Make sure SRVCOUNT is
	always initialized.

	Update manuals from master.
	+ commit 65d6da865ca868781eca386b57d498e6be33e582
	* doc/Makefile.am (update-source): Copy from Git master.
	(update-source-from-gnupg-2): Remove.
	* doc/gpg.texi: Fix minor typos and grammar bugs.
	* doc/yat2m.c: Change diagnostics to updated coding standards.

	Update config.{guess,sub} to version 2012-07-31.
	+ commit cb5f64042054305e3a6ef7030a74a3c88d567185
	* scripts/config.guess, scripts/config.sub: Update.

2012-12-20  Joe Hansen  <joedalton2@yahoo.dk>

	po: Update Danish translation.
	+ commit f464a3d3a83f426e4cacf73d0e676513eabdc52d
	* po/da.po: Update.

2012-12-20  Werner Koch  <wk@gnupg.org>

	gpg: Suppress "public key already present" in quiet mode.
	+ commit 3a4b96e665fa639772854058737ee3d54ba0694e
	* g10/pkclist.c (build_pk_list): Print two diagnostics only in
	non-quiet mode.

	Import only packets which are allowed in a keyblock.
	+ commit f795a0d59e197455f8723c300eebf59e09853efa
	* g10/import.c (valid_keyblock_packet): New.
	(read_block): Store only valid packets.

2012-12-19  David Shaw  <dshaw@jabberwocky.com>

	Issue 1447: Pass proper Host header and SNI when SRV is used with curl.
	+ commit 5c557a51cdf37d9f50b3d5d7e11d17e6ea6bb2b8
	* configure.ac: Check for inet_ntop.

	* m4/libcurl.m4: Provide a #define for the version of the curl
	  library.

	* keyserver/gpgkeys_hkp.c (main, srv_replace): Call getaddrinfo() on
	  each target.  Once we find one that resolves to an address (whether
	  IPv4 or IPv6), pass it into libcurl via CURLOPT_RESOLVE using the
	  SRV name as the "host".  Force the HTTP Host header to be the same.

	Backported from 6b1f71055ebab36989e2089cfde319d2ba40ada7

	* keyserver/gpgkeys_hkp.c (main): Only default try-dns-srv to on if we
	  have SRV support in the first place.

	Backported from 732f3d1d4786239db5f31f82cc04ec79326cc13c

	Part of issue 1447: Pass proper Host header when SRV is used.
	+ commit 6c3a76cca064070d0a9e636fedc824415e710451
	* common/http.c (send_request, connect_server): Set proper Host header
	  (no :port, host is that of the SRV) when SRV is used in the
	  curl-shim.

	Backported from cbe98b2cb1e40ba253300e604996681ae191e363

2012-12-19  Werner Koch  <wk@gnupg.org>

	Fix last commit.
	+ commit 58004340cc8c7124edc3c6866eec5478499b252e
	* util/http.c (connect_server): Bump SRVINDEX and not SRV.

2012-12-19  David Shaw  <dshaw@jabberwocky.com>

	Fix issue 1446: honor ports given in SRV responses.
	+ commit f2f12f41efe5a476833295dc6c44fcd887d0abe6
	* common/http.c (send_request, connect_server, http_open): Use a
	  struct srv instead of a single srvtag so we can pass the chosen host
	  and port back to the caller.
	  (connect_server): Use the proper port in the HAVE_GETADDRINFO case.

	* keyserver/curl-shim.c (curl_easy_perform): Use struct srv and log
	  chosen host and port.

	* keyserver/gpgkeys_hkp.c (main): Properly take the port given by SRV.

	Backported from ba9e974f1fd85b3dbbfb5e26d7a14f71d07c7cf2

2012-12-18  Werner Koch  <wk@gnupg.org>

	Add meta option ignore-invalid-option.
	+ commit 8044a5acea80cb749159cd725e95bad246be5f72
	* util/argparse.c (iio_item_def_s, IIO_ITEM_DEF): New.
	(initialize): Init field IIO_LIST.
	(ignore_invalid_option_p): New.
	(ignore_invalid_option_add): New.
	(ignore_invalid_option_clear): New.
	(optfile_parse): Implement meta option.

2012-12-15  Werner Koch  <wk@gnupg.org>

	Fix potential heap corruption in "gpg -v --version"
	+ commit e33e74e3a4b2b4a0341f933410ddd5db7a12515e
	* g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
	certain locales.
	* util/membuf.c (put_membuf_str): New.
	(get_membuf): Make LEN optional.

2012-12-14  Werner Koch  <wk@gnupg.org>

	Workaround for a gettext problem during "make distcheck".
	+ commit e9385a6651e1c2cc2d5cc9032468d93ce3ef1ea0
	* configure.ac: Add comment string "GNU gnupg".

	gettext: Upgrade to version 0.18.
	+ commit 4032aa8be8ee74d3561dfa6802b977f4586cef53
	* configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.18.
	* po/Makefile.in.in: Upgrade to gettext-0.18.  Keep option --previous
	of msgmerge.
	* intl/: Upgrade to gettext-0.18.
	* m4/gettext.m4: Upgrade to gettext-0.18.1.
	* m4/iconv.m4: Upgrade to gettext-0.18.1.
	* m4/lib-ld.m4: Upgrade to gettext-0.18.1.
	* m4/lib-link.m4: Upgrade to gettext-0.18.1.
	* m4/lib-prefix.m4: Upgrade to gettext-0.18.1.
	* m4/nls.m4: Upgrade to gettext-0.18.1.
	* m4/po.m4: Upgrade to gettext-0.18.1.
	* m4/progtest.m4: Upgrade to gettext-0.18.1.
	* m4/codeset.m4: Upgrade to gettext-0.18.1.
	* m4/fcntl-o.m4: New file, from gettext-0.18.1.
	* m4/glibc2.m4: Upgrade to gettext-0.18.1.
	* m4/glibc21.m4: Upgrade to gettext-0.18.1.
	* m4/intdiv0.m4: Upgrade to gettext-0.18.1.
	* m4/intl.m4: Upgrade to gettext-0.18.1.
	* m4/intldir.m4: Upgrade to gettext-0.18.1.
	* m4/intlmacosx.m4: Upgrade to gettext-0.18.1.
	* m4/intmax.m4: Upgrade to gettext-0.18.1.
	* m4/inttypes_h.m4: Upgrade to gettext-0.18.1.
	* m4/inttypes-pri.m4: Upgrade to gettext-0.18.1.
	* m4/lcmessage.m4: Upgrade to gettext-0.18.1.
	* m4/lock.m4: Upgrade to gettext-0.18.1.
	* m4/longlong.m4: Upgrade to gettext-0.18.1.
	* m4/printf-posix.m4: Upgrade to gettext-0.18.1.
	* m4/size_max.m4: Upgrade to gettext-0.18.1.
	* m4/stdint_h.m4: Upgrade to gettext-0.18.1.
	* m4/threadlib.m4: New file, from gettext-0.18.1.
	* m4/uintmax_t.m4: Upgrade to gettext-0.18.1.
	* m4/visibility.m4: Upgrade to gettext-0.18.1.
	* m4/wchar_t.m4: Upgrade to gettext-0.18.1.
	* m4/wint_t.m4: Upgrade to gettext-0.18.1.
	* m4/xsize.m4: Upgrade to gettext-0.18.1.
	* m4/Makefile.am (EXTRA_DIST): Add the new files.

2012-12-13  Werner Koch  <wk@gnupg.org>

	Support NetBSD m68K ELF targets.
	+ commit 0fee571260e56c11023a998d564bb9c0c1d87d70
	* mpi/config.links (m68k*-*-netbsdelf): New.

2012-12-13  NIIBE Yutaka  <gniibe@fsij.org>

	Card: Fix the process of writing key or generating key.
	+ commit 09dd073096439f6ae0122e57321201f79045d3bc
	* g10/app-openpgp.c (store_fpr): Flush KEY-FPR and KEY-TIME.

2012-11-30  David Shaw  <dshaw@jabberwocky.com>

	Fix mksamplekeys awk to not leave out the whitespace altogether.
	+ commit e71dbf244a2b6e7edcca37ac9544000f0629de0e


	Refresh sample keys.
	+ commit 3ab272086cdd39cc982b6deccd827a3cdb804cf1
	* mksamplekeys: Tweak awk script to not add trailing whitespace to
	  blank lines (makes git pre-commit hook unhappy).

	* samplekeys.asc: Refresh.

2012-11-29  David Shaw  <dshaw@jabberwocky.com>

	The keyserver search menu should honor --keyid-format.
	+ commit d42dcbfa923cc2e97faf588b19c19f63c4db409d
	* keyserver.c (print_keyrec): Honor --keyid-format when getting back
	  full fingerprints from the keyserver (the comment in the code was
	  correct, the code was not).

2012-11-08  Werner Koch  <wk@gnupg.org>

	tests: Skip secret key import check in SELinux mode.
	+ commit 95347cf950e2e26d1726791f9f4278af70dccce9
	* configure.ac (ENABLE_SELINUX_HACKS): New am_conditional.
	* checks/Makefile.am (prepared.stamp): Replace by defs-config.inc.
	(defs-config.inc): Create and set enable_selinux_hacks variable.
	* checks/defs.inc: Include defs-config.inc.

	* checks/armor.test: Do not run the last test in selinux mode.

	de.po: Grammar fix.
	+ commit e3e540604930d06ba23692ae3e4c43ec422a31b9
	* po/de.po: Grammar fix by Daniel Leidert

	Create off-line card encryption key with the right size.
	+ commit 64e7c237db1eb5f463f4b810b09eda232da83676
	* g10/keygen.c (gen_card_key_with_backup): Get the size of the key
	from the card.

	Support the not anymore patented IDEA cipher algorithm.
	+ commit b1eac93431c377805984210a8ef76f5c314c8a5f
	* cipher/idea.c: New.  Take from Libgcrypt master and adjust for
	direct use in GnuPG.
	* cipher/idea-stub.c: Remove.
	* cipher/Makefile.am: Add idea.c and remove idea-stub.c rules.
	* configure.ac: Remove idea-stub code.
	* g10/gpg.c (check_permissions): Remove code path for ITEM==2.
	(main): Make --load-extension a dummy option.
	* g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2
	compatibility mode.
	* g10/misc.c (idea_cipher_warn): Remove.  Also remove all callers.
	* g10/seckey-cert.c (do_check): Remove emitting of STATUS_RSA_OR_IDEA.
	* g10/status.c (get_status_string): Remove STATUS_RSA_OR_IDEA.
	* g10/status.h (STATUS_RSA_OR_IDEA): Remove.

2012-11-07  Werner Koch  <wk@gnupg.org>

	Fix usage of dlerror to conform to POSIX.
	+ commit c3a5448379cdf07b408a265fe8f477901524170d
	* cipher/idea-stub.c: Clear last error before dlsym.

	Improve handling of random_seed read errors.
	+ commit b1abc01d4ad199258b3d2fb579ac06c6fea747fd
	* cipher/random.c (read_seed_file): Distinguish between errors and
	short reads.

2012-11-06  Thomas Klausner  <wiz@NetBSD.org>

	Handle systems which have uint64_t but not the UINT64_C macro.
	+ commit 6a41f385c496c180ee730ce80ff5653746410759
	* include/types.h (U64_C) [!UINT64_C]: Add simple replacement.

2012-11-06  Werner Koch  <wk@gnupg.org>

	Fix extern inline use for gcc > 4.3 in c99 mode.
	+ commit 5093bed27580e608de073bcc5953bd76b6b8b2de
	* mpi/mpi-inline.h [!G10_MPI_INLINE_DECL]: Take care of changed extern
	inline semantics in gcc.

2012-08-24  Werner Koch  <wk@gnupg.org>

	Update translations to adjust for typo fixes.
	+ commit a1856e767ac4cefe3252211a81ef479f6e3e4e5f


2012-08-24  David Prévot  <taffit@debian.org>

	Update French translation.
	+ commit fadb3ca2f680d0ab5de6b64c3f34f3d5a874721b
	* po/fr.po: Update.

2012-08-24  Werner Koch  <wk@gnupg.org>

	Fix typos spotted during translations.
	+ commit a76efe1b05c50bb0688221bccbefaacd6932652d
	* g10/gpg.c: uppercase after Syntax
	* util/secmem.c (print_warn): Update URL.

2012-08-24  David Prévot  <taffit@debian.org>

	Keep previous msgids of translated messages.
	+ commit bc317df59a98daf83a5b69c7f8ad9954180e86b6
	* po/Makefile.in.in: Use option --previous with msgmerge.

2012-04-29  Werner Koch  <wk@gnupg.org>

	With --quiet do not print reading passphrase from fd message.
	+ commit 7a852fba6c3fce4ec6db8ab5287e646249251070
	Fix for bug#1403.
	* g10/passphrase.c (read_passphrase_from_fd): Act on --quiet.

2012-02-01  David Shaw  <dshaw@jabberwocky.com>

	Honor --cert-digest-algo when recreating a cert.
	+ commit 509fe4ce5d50089776b072c33c199798d3defe8c
	* g10/sign.c (update_keysig_packet): Honor --cert-digest-algo when
	  recreating a cert.

	This is used by various things in --edit-key like setpref, primary,
	etc.  Suggested by Christian Aistleitner.

2012-01-30  Werner Koch  <wk@gnupg.org>

	Release 1.4.12.
	+ commit 75b347a2a191ad479123a57f935e27b78e079188


	Fix ChangeLog creation rule.
	+ commit 3165b5cb8348881cfb5a158f5a9f0407f9c6bcba
	* Makefile.am (gen-ChangeLog): Use set -e.  Fixes commit b99e77d5.

	Add Ukrainian translation.
	+ commit 88d8ca22b5af043e7e58dc0f3354ccc78a08a08e
	* po/uk.po: New.
	* po/LINGUAS: Add uk.po.

	Update GNU helper files.
	+ commit e792d82bbaa0f4bc8666af911bf84735179e59be
	* scripts/config.guess, scripts/config.rpath: Update to version
	2012-01-01.
	* scripts/config.rpath, scripts/compile, scripts/depcomp: Update to
	modern version.
	* scripts/texinfo.tex: Update from current gnulib.

	Update documentation.
	+ commit 422774a1d99a2936f292333a25f288c5b274f0cd
	* doc/gpg.texi, doc/specify-user-id.texi, doc/yat2m.c: Update from
	current GnuPG master (commit bdde44a).

	Require gitlog-to-changelog to be installed.
	+ commit b99e77d59cb3def23328426cf92e28967f51b3da
	* Makefile.am (GITLOG_TO_CHANGELOG): New.
	(gen-ChangeLog): Use installed version of gitlog-to-changelog.

2012-01-20  Werner Koch  <wk@gnupg.org>

	Do not copy default merge commit log entries into the ChangeLog.
	+ commit 51c1e84265890b26bf3b6ac0b17fb14c58e6e893
	* scripts/gitlog-to-changelog: Skip merge commits.

2012-01-20  David Shaw  <dshaw@jabberwocky.com>

	Changes to --min-cert-level should cause a trustdb rebuild (issue 1366)
	+ commit f310735975a199f8fde08e7ffeb42412e75daa3c
	* g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level

	* g10/trustdb.c (check_trustdb_stale): Request a rebuild if
	  pending_check_trustdb is true (set when we detect a trustdb
	  parameter has changed).

	* g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons
	  listing for min_cert_level not matching.

	* g10/tdbio.c (tdbio_update_version_record, create_version_record,
	  tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record,
	  tdbio_write_record): Add a byte for min_cert_level in the tdbio
	  version record.

2012-01-16  Werner Koch  <wk@gnupg.org>

	w32: Always build with -fno-omit-frame-pointer.
	+ commit eb1c9a44c352ded1bcb9316f5fa0752b61abbb10
	This is required due to a bug in the mingw32 runtime.
	* configure.ac (HAVE_W32_SYSTEM): Force use of -fno-omit-frame-pointer.

	w32: Allow passing a relative name for the tarball.
	+ commit 9b16cd09d127a46f8772a2a2ec426767356d1ae2
	* scripts/mk-w32-dist: Prepend PWD to TARBALL.

	Automate W32 installer building.
	+ commit 81839d286137b9804aa2f5b943b51663f3c172b6
	* doc/README.W32: Document new installer build procedure.
	* scripts/autogen.sh: Pass all args to the installer (regression fix).
	* scripts/conf-w32/README: Remove from repo.
	* scripts/conf-w32/bzip2-1.diff: Remove from repo.
	* scripts/mk-w32-dist: Rewrite.
	* scripts/w32installer.nsi [WITH_PATCHES]: Use constant patch file
	name.

2012-01-13  Werner Koch  <wk@gnupg.org>

	Add a DECRYPTION_INFO status.
	+ commit cfb193a1de2f0553ee65a19a417a885938539225
	* g10/status.h (STATUS_DECRYPTION_INFO): New.
	* g10/status.c (get_status_string): Add new status string.
	* g10/encr-data.c: Include status.h.
	(decrypt_data): Print STATUS_DECRYPTION_INFO.

	Include bzip2 code to ease building for W32.
	+ commit 1575678710588986275f3f820961b3418e81fc62
	* bzlib/: Include bzip2 code.
	* configure.ac [W32]: Force use of included bzip2 code.
	* scripts/autogen.sh <--build-w32>: Do not pass --with-bzip option.
	* Makefile.am (SUBDIRS): Add bzip.  Use it only under W32.

2012-01-12  Werner Koch  <wk@gnupg.org>

	Allow building with the 32 bit mingw-w64 toolchain.
	+ commit 3a22b622c89ae87c4d557ab71c619803a4fed8ed
	* scripts/autogen.sh <--build-w32>: Support i686-w64-mingw32 and use
	it by default if installed.
	* keyserver/gpgkeys_ldap.c (my_ldap_start_tls_s): Define macro
	depending on compiler version.
	(main): Use new macro.
	* util/miscutil.c [!HAVE_TIMEGM]: Add prototype for the timegm
	autoconf replacement function.

	gpg: Remove unused fields from a trust data structure.
	+ commit 02f282368e6e68ac1c8dffcfd6e772ec4ff356f8
	The functions tdbio_read_record and tdbio_write_record control the
	actual on-disk format.  Thus there is no need to keep reserved fields
	in the internal data structure.

	* g10/tdbio.h (struct trust_record): Remove reserved fields.

	Typo fixes and comment re-formatting.
	+ commit 16c90b2175c92c0698172b547b90f5325bb9ab17


2012-01-11  David Shaw  <dshaw@jabberwocky.com>

	Distribute dotlock.h.
	+ commit cb8ebf792e919b1797bf16b6606427d77c45c947


2012-01-10  David Shaw  <dshaw@jabberwocky.com>

	Refresh sample keys.
	+ commit 174d2f80bf40c9ae18fcd9fa834092ca2517e977


2012-01-10  Werner Koch  <wk@gnupg.org>

	Allow use of a standard space separated fingerprint.
	+ commit 9b2a98ea148f768ef334f1baf640d8f7c6a813fb
	We allow a single or a double space in the middle of the fingerprint
	to help with c+p fingerprints from an HTML pages which are not being
	enclosed in a "pre" tag.
	* g10/getkey.c (classify_user_id): Check for space separated GPG
	fingerprint.

	Replace file locking by the new portable dotlock code.
	+ commit b9333cd890a85cae5064ff2b0b97c4ba2afc1a99
	* include/dotlock.h: New.  From current gnupg master.
	* util/dotlock.c: Ditto.  Include util.h.  The major changes done in
	master are: Factor Unix and W32 specific code out into specific
	functions.  Define HAVE_POSIX_SYSTEM.  Rearrange some functions.
	(disable_dotlock): Rename to dotlock_disable.
	(create_dotlock): Rename to dotlock_create and add a dummy arg.
	(destroy_dotlock): Rename to dotlock_destroy.
	(make_dotlock): Rename to dotlock_take.
	(release_dotlock): Rename to dotlock_release.
	(remove_lockfiles): Rename to dotlock_remove_lockfiles.

	Update copyright years.
	+ commit dccdcef319014d3a0ec43c77017cd65a09240f0c
	* util/argparse.c (default_strusage): Update printed copyright year.

	Use gcc pragmas to suppress some warnings.
	+ commit 667ba59ec52d169902d7ef244cdcdde1bcc30681
	* configure.ac (AH_BOTTOM): Add GNUPG_GCC_VERSION macro.
	* util/estream-printf.c (pr_float): Use new gcc pragma to ignore a
	warning about a non-literal format.
	* util/miscutil.c (asctimestamp): Ditto.
	* cipher/md.c (md_stop_debug): Use new gcc pragme to ignore a warning
	* about a set but unused variable.

	Update gitlog-to-changelog.
	+ commit b5b6cb57db47dc892b74c9e24caae7099b274a9f
	* scripts/gitlog-to-changelog: Update from gnupg master.
	* Makefile.am (gen-ChangeLog): Add new options.
	* scripts/autogen.sh: Fix typo in URL.  Reported by Gilles Espinasse.

2011-12-28  David Shaw  <dshaw@jabberwocky.com>

	Use the longest key ID available when talking to a HKP server.
	+ commit 6fe25e5602fabe92c68e5ba30e4777221e8612df
	This is issue 1340.  Now that PKSD is dead, and SKS supports long key
	IDs, this is safe to do.  Patch from Daniel Kahn Gillmor
	<dkg@fifthhorseman.net>.

2011-12-02  Werner Koch  <wk@gnupg.org>

	Generate the ChangeLog from commit logs.
	+ commit 120b0ce1362a3d77955c10a0374d6cc99e885c86
	* scripts/gitlog-to-changelog: New script.  Taken from gnulib.
	* scripts/git-log-fix: New file.
	* scripts/git-log-footer: New file.
	* scripts/git-hooks/commit-msg: New script.
	* autogen.sh: Install commit-msg hook for git.
	* doc/HACKING: Describe the ChangeLog policy.
	* Makefile.am (EXTRA_DIST): Add new files.
	(gen-ChangeLog): New.
	(dist-hook): Run gen-ChangeLog.

	Rename all ChangeLog files to ChangeLog-2011.
	+ commit 76b73caf91b4631c282c4b744900a0d873c4ccf0
	* ChangeLog: New file.

2011-12-01  Werner Koch  <wk@gnupg.org>

	NB: Changes done before December 1st, 2011 are described in
	per directory files named ChangeLog-2011.  See doc/HACKING for
	details.

        -----
	Copyright (C) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
	              2006, 2007, 2008, 2009, 2010, 2011,
	              2012 Free Software Foundation, Inc.

	Copying and distribution of this file and/or the original GIT
	commit log messages, with or without modification, are
	permitted provided the copyright notice and this notice are
	preserved.
