2017-12-29  Werner Koch  <wk@gnupg.org>

	Release 2.0.31.
	+ commit e6dae418c260592c0860519481b5eb92d14329db


2017-12-18  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit cdbb19e9e6afdd0dd251b2fb0965945ded45d51a
	* po/ja.po: Fix message with no "%s".

2017-12-04  NIIBE Yutaka  <gniibe@fsij.org>
	    Damien Goutte-Gattat  <dgouttegattat@incenp.org>

	g10: Fix regexp sanitization.
	+ commit 9ba0e2c76c0c040e69e50ed9d89eadb3269052f9
	* g10/trustdb.c (sanitize_regexp): Only escape operators.

2017-07-13  Werner Koch  <wk@gnupg.org>

	gpgsm: Allow ciphers AES192 and SERPENT256.
	+ commit 67cd81ed90ad88cbe607b7f7d1a0b1e08b8ac1f1
	* sm/gpgsm.c (main): Add AES192 cipher.  Allow SERPENT256.

2017-03-30  Werner Koch  <wk@gnupg.org>

	gpg: Fix export porting of zero length user ID packets.
	+ commit 2975eee420007557a138445d0505f1d590d88d7e
	* g10/build-packet.c (do_user_id): Avoid indeterminate length header.

2016-11-30  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Support OpenPGP card V3 for RSA.
	+ commit 5c599e4f6edd288f4759c9fc2bcf9fe87dee1836
	* scd/app-openpgp.c (struct app_local_s): Remove max_cmd_data and
	max_rsp_data fields as Extended Capabilities bits are different.
	(get_cached_data) Use extcap.max_certlen_3.
	(get_one_do): Don't use exmode=1.
	(determine_rsa_response): New.
	(get_public_key, do_genkey): Call determine_rsa_response.
	(do_sign): Use keyattr[0].rsa.n_bits / 8, instead of max_rsp_data.
	(do_auth): Use keyattr[2].rsa.n_bits / 8, instead of max_rsp_data.
	(do_decipher): Likewise with Use keyattr[1].rsa.n_bits / 8.
	(show_caps): Remove max_cmd_data and max_rsp_data.
	(app_select_openpgp): Likewise.

	scd: Fix receive buffer size.
	+ commit bb5a153f9dd9497f58935c2a7026220f3a99cffd
	* scd/apdu.c (send_le): Fix the size, adding two for status
	bytes to Le.

	scd: Don't limit to ST-2xxx for PC/SC.
	+ commit 3089c76a4a6a4250489a8ea373e5810bc9593654
	* scd/apdu.c (pcsc_vendor_specific_init): Only check vender ID.

	scd: Fix status info encoding.
	+ commit 354f8119bc24c93b3ead367af7ded8dd271feb3c
	* scd/command.c (send_status_info): Do percent plus encoding correctly.

	scd: minor cleanup to merge other works.
	+ commit 88556386a61f5fa9ce8c5abbe1fd6d66a7723854
	* scd/iso7816.c (do_generate_keypair): Use const char * for DATA.
	(iso7816_generate_keypair, iso7816_read_public_key): Likewise.
	* scd/app-openpgp.c (get_public_key): Follow the change.
	(do_genkey): Ditto.  Use ERR instead of RC.  Use u32 for CREATED_AT.

	scd: Fix an action after card removal.
	+ commit 68d3e461f67404d1b47dfa7b9efdb6ac2c087bb7
	* scd/command.c (update_card_removed): Call apdu_close_reader here.

	scd: Release the card reader after card removal.
	+ commit 710d0ce0fd5ee33b1e57f1ae9aedb90c7f7e234d
	* scd/command.c (update_reader_status_file): Call apdu_close_reader.

	scd: Clean up unused shutdown method.
	+ commit 5acce7060ca48e6c5e06a3918950c4eb83668fda
	* scd/apdu.c (shutdown_ccid_reader, apdu_shutdown_reader): Remove.
	(reset_ccid_reader): Don't set shutdown_reader.
	* scd/ccid-driver.c (ccid_shutdown_reader): Remove.

2016-11-29  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix card removal/reset on multiple contexts.
	+ commit 519c01a0fd6cfc9d4282251e187d45194325c85b
	* scd/app.c (application_notify_card_reset): Add message for debug.
	*scd/command.c (update_card_removed): Call release_application and set
	SLOT -1 here.
	(struct server_local_s): Remove app_ctx_marked_for_release.
	(do_reset): Don't mark release but call release_application here.
	(open_card): Remove app_ctx_marked_for_release handling.
	(update_reader_status_file): Don't set SLOT here, so that it can be
	released the APP by application_notify_card_reset in
	update_card_removed.

	scd: Fix race conditions for release_application.
	+ commit 3b3386a3fd973ed7f388b1356138941c302848f2
	* scd/command.c (do_reset, cmd_restart): Reset app_ctx before calling
	release_application.

2016-11-29  Werner Koch  <wk@gnupg.org>

	scd: Make option --homedir work.
	+ commit f916d5756fae163896715b057a627a5fb58ddd52
	* scd/scdaemon.c (opts): Add --homedir.

2016-11-29  NIIBE Yutaka  <gniibe@fsij.org>

	scd: More fix of error return path.
	+ commit 51464a0eadc82c84780fba08a53163cb6e4da2a4
	* scd/command.c (open_card): Return GPG_ERR_ENODEV on the failure of
	apdu_connect.

2016-11-29  Justus Winter  <justus@g10code.com>

	scd: Improve error handling.
	+ commit d87699597f4b47968902324c90beb3f3c51ff1d7
	* scd/app-openpgp.c (get_public_key): Improve error handling.

2016-11-29  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix error handling with libusb-compat library.
	+ commit d4316d13749bd8662525c2b7c416d39c5d4d8089
	* scd/ccid-driver.c (bulk_out): Use LIBUSB_ERRNO_NO_SUCH_DEVICE.

	scd: Handle error correctly.
	+ commit af7245e9a79d11866aa9c40f8f53291f82dd74b5
	* scd/apdu.c (apdu_connect): Initialize variables and check an error
	of apdu_get_status_internal.

	scd: KEYNO cleanup.
	+ commit a6f7c8d9b70daba319d24d930be056618cbad61b
	* scd/app-openpgp.c (get_public_key, send_keypair_info, do_readkey)
	(change_keyattr, change_keyattr_from_string, ecc_writekey, do_genkey)
	(compare_fingerprint, check_against_given_fingerprint): KEYNO starts
	from 0.

	scd: Use cipher.h for constants.
	+ commit f1b9521fd6bd46547090efb1de78fa46bf2abfd2
	* scd/app-openpgp.c: Include cipher.h.

2016-08-09  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Avoid publishing the GnuPG version by default.
	+ commit cbd0308bc70855a2dd34bda85b9b40a61199678c
	* g10/gpg.c (main): initialize opt.emit_version to 0
	* doc/gpg.texi: document different default for --emit-version

2016-08-04  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix checking key for signature validation.
	+ commit caff669212d2465a3a387571305a7230d394c0e0
	* g10/sig-check.c (signature_check2): Not only subkey, but also primary
	key should have flags.valid=1.

2016-07-09  NIIBE Yutaka  <gniibe@fsij.org>

	gpgv: Tweak default options for extra security.
	+ commit b531f2fd75be3f616073cba714d73324525fd3e4
	* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
	cached status.  Similarly, set opt.flags.require_cross_cert for backsig
	validation for subkey signature.

2016-07-06  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix keysize with --expert.
	+ commit 1c151368956e4558946d29d1698d9ae5028e62a7
	* g10/keygen.c (ask_keysize): It's 768 only for DSA.

2016-06-28  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix --list-packets.
	+ commit 4f336ed780cc2783395f3ff2b12b3ebb8e097f7b
	* g10/gpg.c (main): Call set_packet_list_mode after assignment of
	opt.list_packets.
	* g10/mainproc.c (do_proc_packets): Don't stop processing with
	--list-packets as the comment says.
	* g10/options.h (list_packets): Fix the comment.
	* g10/parse-packet.c: Fix the condition for opt.list_packets.

2016-06-24  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix card-edit/fetch to use keyserver_fetch.
	+ commit fb0e18b38434cbe97dee4c26047a994baf02fe76
	* g10/card-util.c (fetch_url): Call keyserver_fetch instead of
	keyserver_import_fprint.

2016-06-19  Niibe Yutaka  <gniibe@fsij.org>

	scd: Reset nonnull_nad to zero for VENDOR_GEMPC.
	+ commit c68d39f7114623075c0b407b05927b61b190a377
	* (parse_ccid_descriptor): nonnull_nad = 0 for all GEMPC device.

2016-06-15  Niibe Yutaka  <gniibe@fsij.org>

	g10: Fix another race condition for trustdb access.
	+ commit 00d737e3fde84e7df7ba19080c83237b769cd0d0
	* g10/tdbio.c (create_version_record): Call create_hashtable to always
	make hashtable, together with the version record.
	(get_trusthashrec): Remove call to create_hashtable.

2016-03-31  Werner Koch  <wk@gnupg.org>

	Release 2.0.30.
	+ commit 83cae8c0374c1cfccabced789eaa7dddc5183cdd


2016-03-31  Ineiev  <ineiev@gnu.org>

	doc: Update help.ru.text.
	+ commit e2c3ddf46294ccf0ca46ba838285f2d26adcda93


2016-03-31  Werner Koch  <wk@gnupg.org>

	build: Create *.swdb file during make distcheck.
	+ commit 2b8c9181a7668010da7e7ec3031b141a9bdedc6c
	* Makefile.am (distcheck-hook): New.

	gpg: Silence trustdb messages with --quiet.
	+ commit 458c2f2d32e4e784d3ef719a3439acc631c1fc69
	* g10/trustdb.c (validate_keys): Silence messages

2016-03-02  Justus Winter  <justus@g10code.com>

	agent: Do not remove the ssh socket.
	+ commit 3e1b451c5d330b81561436a600bdaa9fbacc1ba1
	* agent/gpg-agent.c (create_server_socket): Also inhibit the removal
	of the ssh socket if another agent process is already running.

	GnuPG modern is not affected.

2016-02-12  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Make sure to have the directory for trustdb.
	+ commit eb7806d63df63663170ba86f0673caa34b944c28
	* g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE.  Check
	the directory and create it if none before calling take_write_lock.

2016-01-15  Werner Koch  <wk@gnupg.org>

	common: Cope with AIX problem on number of open files.
	+ commit 776bee6d370602ff95e93a4aea6a70005dff9ae6
	* common/exechelp.c: Limit returned value for too hight values.

2016-01-13  NIIBE Yutaka  <gniibe@fsij.org>

	Fix to support git worktree.
	+ commit baae8d50d74040bd5a11cd423e04a022af7691e6
	* Makefile.am: Use -e for testing .git.

2015-12-15  NIIBE Yutaka  <gniibe@fsij.org>

	sm: Handle gcry_pk_encrypt return value.
	+ commit b508af2b2c40a715ef5ead4455b466954c2943ee
	* sm/encrypt.c (encrypt_dek): Don't ignore failure of gcry_pk_encrypt.

	scd: Fix commit 9a9bfd77.
	+ commit 8729f35510550495c830fcf54f03da9a42d0a751
	* scd/app.c (check_application_conflict): Get SLOT.

2015-12-15  Daniel Hoffend  <dh@dotlan.net>

	scd: Fix removal of unplugged usb readers on Windows.
	+ commit 904fbdccd65e537206c0b603f9576a07defebb29
	* scd/apdu.c (pcsc_error_to_sw): map PCSC_E_NO_SERVICE and
	PCSC_E_SERVICE_STOPPED to the internal SW_HOST_NO_READER error code.

2015-12-15  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Simplify saving application context.
	+ commit 520c85ed94fa2033e0d2ca5f9a0244b7b290b958
	* scd/app.c (lock_table): Remove LAST_APP field.
	(lock_reader, app_dump_state, application_notify_card_reset)
	(release_application): Follow the change.
	(check_conflict): New.
	(check_application_conflict): Lock the slot and call check_conflict.
	(select_application): Call check_conflict and not use LAST_APP.

	scd: Fix "Conflicting usage" bug.
	+ commit 9934889415d47f691344499972a0b879cf90ff96
	* scd/apdu.c (apdu_close_reader): Call CLOSE_READER method even if we
	  got an error from apdu_disconnect.
	* scd/app-common.h (no_reuse): Remove.
	* scd/app.c (application_notify_card_reset): Deallocate APP here.
	(select_application, release_application): Don't use NO_REUSE.

2015-10-29  NIIBE Yutaka  <gniibe@fsij.org>

	doc: Don't install gpg-zip.1.
	+ commit 01fa4c7b8b821da21a5acdeaeeafdd8c78a7a7cd
	* doc/Makefile.am (myman_pages): Remove gpg-zip.1.
	(DISTCLEANFILES): Add gpg-zip.1.

2015-10-05  Werner Koch  <wk@gnupg.org>

	agent: Fix alignment problem with the second passphrase struct.
	+ commit caa555a5bfaa98f8f630901427a653bd8dc7b95e
	* agent/genkey.c (agent_ask_new_passphrase): Use a separate malloc for
	PI2.  Check return value of the malloc function.
	* agent/command-ssh.c (ssh_identity_register): Use a separate malloc
	for PI2.  Wipe PI2.

2015-10-01  Werner Koch  <wk@gnupg.org>

	gpg: Silence a compiler warning.
	+ commit b1653a4083b91cfa85d90f59612fa1c3f4d51778
	* g10/parse-packet.c (enum_sig_subpkt): Replace hack.

2015-09-29  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Improve 'General key info' line of --card-status.
	+ commit fea9d4354c93b662c75febe020fb799ce4f2ec89
	* g10/keylist.c (print_pubkey_info): Print either "pub" or "sub".

2015-09-22  Werner Koch  <wk@gnupg.org>

	ssh: Fix fingerprint computation for 384 bit ECDSA keys.
	+ commit 47a499eaa2630b331afbf3c56c6ec6e7f300eb8c
	* common/ssh-utils.c (get_fingerprint): Fix hashed string.

2015-09-17  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit bc829bd6af1c3722144cc692289c284e88c59922


	scd: Fix ccid-driver timeout for OpenPGPcard v2.1.
	+ commit a63fddad6808763e2916d0e7e6972ed025a0f336
	* scd/ccid-driver.c (CCID_CMD_TIMEOUT): New.
	(ccid_transceive_apdu_level, ccid_transceive): Use.

2015-09-15  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit d289341371bae6405c2100a0c515c6322a2f0319


2015-09-10  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese Translation.
	+ commit fa3b618216eb155436abf9b80be9975d7334af20


	gpgconf: Fix scdaemon reload.
	+ commit d4a2a070b4b4d30a6bbdd4248421a23cf824d8c0
	* tools/gpgconf-comp.c (scdaemon_runtime_change): Add "scd bye".

2015-09-08  Werner Koch  <wk@gnupg.org>

	Release 2.0.29.
	+ commit 120fc695209fed9b447a72d36a9f7563e7b77a68


	gpg: Print a new FAILURE status after most commands.
	+ commit 77f2964b9602fb463738d14bd957d967a0c1b5ac
	* common/status.h (STATUS_FAILURE): New.
	* g10/cpr.c (write_status_failure): New.
	* g10/gpg.c (main): Call write_status_failure for all commands which
	print an error message here.

	gpg: Avoid cluttering stdout with trustdb info in verbose mode.
	+ commit 0b01bb7f253fc1f9422e59dc475fa86854b46f69
	* g10/trustdb.c (validate_keys): Call dump_key_array only in debug
	mode.

2015-09-01  Werner Koch  <wk@gnupg.org>

	gpg: Obsolete --no-sig-create-check.
	+ commit 60b0403f3ce50ee6f67fa94bf0342fb5b3988e2b
	* g10/gpg.c (opts): Make --no-sig-create-check a NOP.
	* g10/options.h (struct opt): Remove field "no_sig_create_check".
	* g10/sign.c (do_sign): Do not run the create check for Libgcrypt 1.7.

2015-08-12  NIIBE Yutaka  <gniibe@fsij.org>

	g10: fix --card-status creating stub.
	+ commit 80521c3ff900a09a1b382869783187c463144c77
	* g10/getkey.c (get_seckeyblock_byfprint): Require exact match.

2015-07-27  Werner Koch  <wk@gnupg.org>

	sm: Revert to use SHA-1 for CSR generation.
	+ commit 35d3ced4fda90a5410a579850ca92ea6a356b402
	* sm/certreqgen.c (create_request): Revert to use SHA-1 but change to
	set it only at one place.

2015-07-16  Neal H. Walfield  <neal@g10code.com>

	Don't segfault if the first 'auto-key-locate' option is 'clear'.
	+ commit 376417ab63ebb0fd2432ddc0ee1db722ffa1d3d2
	* g10/getkey.c (free_akl): If AKL is NULL, just return.

2015-06-23  NIIBE Yutaka  <gniibe@fsij.org>

	scd: pinpad workaround for PC/SC implementations.
	+ commit 022719695e3900005d78564dfe4b2154fe0537a5
	* scd/adpu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Bigger buffer
	for TPDU card reader.

	scd: Fix Cherry ST-2000 support for pinpad input.
	+ commit 9200bf1babd1398a07202b530a255912d0ffdd71
	* scd/apdu.c (pcsc_vendor_specific_init): Set pinmax to 15.
	* scd/ccid-driver.c (ccid_transceive_secure): Add zero for the
	template of APDU.

2015-06-17  Werner Koch  <wk@gnupg.org>

	gpg: Print PGP-2 fingerprint instead of all zeroes.
	+ commit be348579397797bdf814c41e3cbd086156f77dd6
	* g10/keyid.c (fingerprint_from_pk): Allow PGP-2 fingerprints.
	* g10/keylist.c (print_fingerprint): Print a warning after a PGP-2
	fingerprint.

2015-06-16  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese Translation.
	+ commit e2eba81faea28a775cbd4fadce442f561a4e06a5


2015-06-15  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix a race condition initially creating trustdb.
	+ commit 2371553af156b5f8d6282e42cb8891f0c986d3d3
	* g10/tdbio.c (take_write_lock, release_write_lock): New.
	(put_record_into_cache, tdbio_sync, tdbio_end_transaction): Use
	new lock functions.
	(tdbio_set_dbname): Fix the race.
	(open_db): Don't call create_dotlock.

	po:Update Japanese translation.
	+ commit c30bcdeac0112680a61819c52ab90beb69fdc6c0


2015-06-02  Werner Koch  <wk@gnupg.org>

	gpg: Consider that gcry_mpi_get_opaque may return NULL.
	+ commit 8a2134b8d50bd6a98a0a20fac9c2ac645e554e05
	* g10/seckey-cert.c (do_check): Handle a NULL opaque MPI.

2015-06-02  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Fix segv due to NULL value stored as opaque MPI (BRANCH 2.0)
	+ commit b2d9d105f717dc6c02ac81b5d987851279c4cd97
	* g10/build-packet.c (do_secret_key): Check for NULL return from
	gcry_mpi_get_opaque.
	* g10/keyid.c (hash_public_key): Ditto.

2015-06-02  Werner Koch  <wk@gnupg.org>

	Release 2.0.28.
	+ commit 58126e86eac873735dfed5c64be872a58821bd8a


	agent: Make --allow-external-password-cache work.
	+ commit ef0741ac54c63b9b744de9dec86e82c530f9543a
	* agent/call-pinentry.c (start_pinentry): Remove first instance of
	sending the option.

	agent: Add strings for use by future Pinentry versions.
	+ commit 3d3a58b7962ff9e6ee9ac086711cb5c7d1a599a6
	* agent/call-pinentry.c (start_pinentry): Add more strings.

2015-05-20  Werner Koch  <wk@gnupg.org>

	agent: Cleanup caching code for command GET_PASSPHRASE.
	+ commit 78e0a30fb19010b48efd752e1a73af20f93be533
	* agent/command.c (cmd_get_passphrase): Read from the user cache.

2015-05-19  Neal H. Walfield  <neal@gnu.org>

	agent: Backport changes from 2.1 to support an external password manager.
	+ commit dde8ddffd37c9ef96cae2e2b1317d1dee607fc0b
	* agent/agent.h (agent_askpin): Add arguments keyinfo and cache_mode.
	Update callers.
	(agent_get_passphrase): Likewise.
	(agent_clear_passphrase): New function.
	(opt): Add field allow_external_cache.
	* agent/call-pinentry.c (start_pinentry): Send "OPTION
	allow-external-password-cache" to the pinentry.
	(PINENTRY_STATUS_PASSWORD_FROM_CACHE): New constant.
	(pinentry_status_cb): New function.
	(agent_askpin): Add arguments keyinfo and cache_mode.  If KEYINFO and
	CACHE_MODE describe a cachable key, then send SETKEYINFO to the
	pinentry.  Pass PINENTRY_STATUS_CB to the "GETPIN" invocation.  If the
	passphrase was incorrect and PINENTRY_STATUS_PASSWORD_FROM_CACHE is
	set, decrement PININFO->FAILED_TRIES.
	(agent_get_passphrase): Add arguments keyinfo and cache_mode.  If
	KEYINFO and CACHE_MODE describe a cachable key, then send SETKEYINFO
	to the pinentry.
	(agent_clear_passphrase): New function.
	* agent/call-pinentry.c (start_pinentry): Act upon new var,
	allow_external_cache.
	* agent/command.c (cmd_clear_passphrase): Call agent_clear_passphrase.
	* agent/gpg-agent.c (oNoAllowExternalCache): New.
	(opts): Add option --no-allow-external-cache.
	(parse_rereadable_options): Set this option.

2015-05-19  NIIBE Yutaka  <gniibe@fsij.org>

	g10: detects public key encryption packet error properly.
	+ commit 80b6d614b7b53058da11ae239e8f1c69f167a200
	g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for
	encryption.

	g10: Improve handling of no corresponding public key.
	+ commit 76e2aa739c0c75a9de7059daebdf2823582d8b24
	* g10/getkey.c (get_seckey): Return G10ERR_NO_PUBKEY when it's not
	exact match.

2015-05-11  Werner Koch  <wk@gnupg.org>

	gpg-connect-agent: Fix quoting of internal percent+ function.
	+ commit be136273454532d94a955fbbcfa1544b47cad954
	* tools/gpg-connect-agent.c (get_var_ext) <percent, percent+): Also
	escape '+'.

2015-05-01  NIIBE Yutaka  <gniibe@fsij.org>

	scd: PC/SC reader selection by partial string match.
	+ commit 3f9f33bbcb40146c6f09277a28d499188ed34ef2
	* scd/apdu.c (open_pcsc_reader_direct): Partial string match.
	* scd/pcsc-wrapper.c (handle_open): Likewise.

2015-04-30  NIIBE Yutaka  <gniibe@fsij.org>

	g10: fix cmp_public_key and cmp_secret_keys.
	+ commit 43429c7869152f301157e4b24790b3801dce0f0a
	* g10/free-packet.c (cmp_public_keys, cmp_secret_keys): Compare opaque
	data at the first entry of the array when it's unknown algo.
	* configure.ac (NEED_LIBGCRYPT_VERSION): Require 1.5.0.

2015-04-16  Werner Koch  <wk@gnupg.org>

	gpg: Emit status line NEWSIG before signature verification starts.
	+ commit c8c88bdd98e56d08b1965c620173731d3c6ffd03
	* g10/mainproc.c (check_sig_and_print): Emit STATUS_NEWSIG.

2015-04-15  NIIBE Yutaka  <gniibe@fsij.org>

	scd: better handling of extended APDU.
	+ commit 05f32c702eaf6dc7fd5c0c8c01b4c731ed9a6011
	* scd/apdu.c (send_le): Bug fix for not append Z when lc<0&&le<0.
	* scd/app-common.h (struct app_ctx_s): Use bit fields for flags.
	* scd/ccid-driver.c (CCID_MAX_BUF): New.  Only for OpenPGPcard.
	(struct ccid_driver_s): New field of max_ccid_msglen.
	 Remove ifsd field.
	(parse_ccid_descriptor): Initialize max_ccid_msglen.
	(ccid_transceive_apdu_level): Implement sending extended APDU in
	chain of CCID message.

2015-04-15  Werner Koch  <wk@gnupg.org>

	gpgparsemail: Fix last commit (3f2bdac)
	+ commit 93910b5b8d20c089b2578d757cf06509d7617978
	* tools/rfc822parse.c (parse_field): Replace break by goto.

	gpgparsemail: Fix case of zero length continuation lines.
	+ commit de7f7b98dfeb30675369d0bedc6d639314193e96
	* tools/rfc822parse.c (parse_field): Loop after continuation line.

	agent: Fix length test in sshcontrol parser.
	+ commit a838e8f806693e9403541f482b58b66c606e376b
	* agent/command-ssh.c (ssh_search_control_file): Check S before
	upcasing it.

	scd: Fix possible NULL deref in apdu.c.
	+ commit b4ec909186d0150c835942754283ecc2bdf6e3e0
	* scd/apdu.c (control_pcsc_direct): Take care of BUFLEN being NULL.
	(control_pcsc_wrapped): Ditto.

2015-04-15  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit 067b6360be6733f6faf7a6438f61393fdb7a5fb3


2015-04-05  Werner Koch  <wk@gnupg.org>

	gpg: Fix DoS while parsing mangled secret key packets.
	+ commit 0aac920f23fd07e152fdb7385299c92bb9a4ade3
	* g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read
	et al.

2015-03-25  Werner Koch  <wk@gnupg.org>

	sm: Change default algos to SHA256 (CSR) and AES128 (bulk encryption).
	+ commit bdf439035d123e4751e133ad42982673b0c86b75
	* sm/certreqgen.c (create_request): Change default hash algo.
	* sm/gpgsm.c (main): Change default bulk cipher algo.

2015-03-17  Andre Heinecke  <aheinecke@intevation.de>

	gpgtar: Fix extracting files with !(size % 512)
	+ commit 0ed2cfcf054e286b238d4ddbbb3e929482849a47
	* tools/gpgtar-extract.c (extract_regular): Handle size multiples
	  of RECORDSIZE.

2015-03-11  Werner Koch  <wk@gnupg.org>

	common: Check option arguments for a valid range.
	+ commit 25e2b27b0027af9c1ce0cae0cd549c09ed349811
	* common/argparse.h (ARGPARSE_INVALID_ARG): New.
	* common/argparse.c: Include limits h and errno.h.
	(initialize): Add error strings for new error constant.
	(set_opt_arg): Add range checking.

	gpg: New command --list-gcrypt-config.
	+ commit 2f3de06ff44daefae9857549fc4ab7ae8bf8e70d
	* g10/gpg.c (aListGcryptConfig): New.
	(main): Implement command.

2015-02-26  Werner Koch  <wk@gnupg.org>

	gpg: Remove left-over debug message.
	+ commit 936416690e6c889505d84fe96983a66983beae5e
	* g10/armor.c (check_input): Remove log_debug.

2015-02-18  Werner Koch  <wk@gnupg.org>

	Release 2.0.27.
	+ commit 8d47e6e5235b6ecb41baf52865c5837c1de962b5


	gpg: Remove an unused variable.
	+ commit be91b2f89eae2b6e026182e6dc485206e90a77bb
	* g10/import.c (import): Remove need_armor.

	po: Update German translation.
	+ commit c3bcbe1fb50b3394aec3b407eac8931d3a2833a5


2015-02-18  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	curl-shim: clean up varargs.
	+ commit 839727503d6ec1186ee2e9e65d0f8bc8fcf8c456
	* keyserver/curl-shim.c (curl_easy_setopt) : ensure that va_end is
	  called.

2015-02-18  Werner Koch  <wk@gnupg.org>

	gpg: Print better diagnostics for keyserver operations.
	+ commit 0c3d7645dfad9968d0128fb35a304881121ec61b
	* g10/armor.c (parse_key_failed_line): New.
	(check_input): Watch out for gpgkeys_ error lines.
	* g10/filter.h (armor_filter_context_t): Add field key_failed_code.
	* g10/import.c (import): Add arg r_gpgkeys_err.
	(import_keys_internal): Ditto.
	(import_keys_stream): Ditto.
	* g10/keyserver.c (keyserver_errstr): New.
	(keyserver_spawn): Detect "KEY " lines while sending.  Get gpgkeys_err
	while receiving keys.
	(keyserver_work): Add kludge for better error messages.

2015-02-13  Werner Koch  <wk@gnupg.org>

	keyserver: Show log prefix when not build with cURL.
	+ commit cb2ee2dc50ae2f15022db38214bd820dbea93aaa
	* keyserver/ksutil.c (init_ks_options) [!HAVE_LIBCURL]: Set logging
	prefix.

2015-02-12  Werner Koch  <wk@gnupg.org>

	Use inline functions to convert buffer data to scalars.
	+ commit 3627123dc8fdc551caca1c7944713fbf01feccf6
	* include/host2net.h (buf16_to_ulong, buf16_to_uint): New.
	(buf16_to_ushort, buf16_to_u16): New.
	(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.

	gpg: Prevent an invalid memory read using a garbled keyring.
	+ commit 824d88ac51b4d680f06e68f0879a7c1ec03cb2ba
	* g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet
	types.

	gpg: Fix a NULL-deref in export due to invalid packet lengths.
	+ commit 8da836e76f1349f4587d1bb74864b11dde7b8a39
	* g10/build-packet.c (write_fake_data): Take care of a NULL stored as
	opaque MPI.

	gpg: Fix a NULL-deref due to empty ring trust packets.
	+ commit 7e12ec4c7d6df29a7d7935399fccd2594ebb4a7e
	* g10/parse-packet.c (parse_trust): Always allocate a packet.

2015-02-12  Joshua Rogers  <git@internot.info>

	kbx: Fix resource leak.
	+ commit a55c2125380aa2253ff13ea9b39e53d7b7df3db8
	* kbx/keybox-update.c (blob_filecopy): Fix resource leak.  On error
	return, 'fp' and 'newfp' was never closed.

2015-02-12  Werner Koch  <wk@gnupg.org>

	gpg: Limit the size of key packets to a sensible value.
	+ commit 2b2adb85948ce2c7db727ebc0c99e8ad2c29bf5f
	* g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New.
	(MAX_UID_PACKET_LENGTH): New.
	(MAX_COMMENT_PACKET_LENGTH): New.
	(MAX_ATTR_PACKET_LENGTH): New.
	(parse_key): Limit the size of a key packet to 256k.
	(parse_user_id): Use macro for the packet size limit.
	(parse_attribute): Ditto.
	(parse_comment): Ditto.

	Avoid double-close in unusual dotlock situations.
	+ commit f256bab03e2f191bc2e97fd2cc579d82c440b996
	* jnlib/dotlock.c (create_dotlock): Avoid double close due to EINTR.

2015-01-28  Werner Koch  <wk@gnupg.org>

	gpg: Allow predefined names as answer to the keygen.algo prompt.
	+ commit b2359db21c1eca7441c63b0791f8e3405b42ff83
	* g10/keygen.c (ask_algo): Add list of strings.

2015-01-26  Werner Koch  <wk@gnupg.org>

	gpg: Print a warning if the subkey expiration may not be what you want.
	+ commit 2424028fd9c525d340db461cc19f8e01a13a2395
	* g10/keyedit.c (subkey_expire_warning): New.
	keyedit_menu): Call it when needed.

	build: Update to gettext 0.19.3.
	+ commit 01d69028396a128828f7af015348b0b146a55bfe


	build: Require automake 1.14.
	+ commit c25513cc1b7db57e4e9a0f05547b855b2be94c51
	* Makefile.am (AUTOMAKE_OPTIONS): Move to ...
	* configure.ac (AM_INIT_AUTOMAKE): here.  Add option serial-tests.
	* kbx/Makefile.am (INCLUDES): Remove.  Include ../am/cmacros.

2015-01-26  Jedi Lin  <Jedi@Jedi.org>

	po: Yet another update for Chinese (traditional)
	+ commit 43deed7359a6c12c5dad58c03be206db7baf3c49


2015-01-25  Joshua Rogers  <git@internot.info>

	Remove incorrect expression leading to errors.
	+ commit 3d9f8bf1dc0c7165a5d2a31568ed425d2dc3b91e
	* scd/ccid-driver.c (send_escape_cmd): Fix setting of 'rc'.

2015-01-23  Werner Koch  <wk@gnupg.org>

	gpgconf: Fix validity check for UINT32 values.
	+ commit 068ec6c8ed07268469f33e5b3ba1e094d9bf3394
	* tools/gpgconf-comp.c (option_check_validity): Enable check for
	UINT32.

2015-01-13  Joshua Rogers  <git@internot.info>

	tools: Free variable before return.
	+ commit 1298b14f97efebdd88a9390af3848154dbe0d259
	* tools/gpgconf-comp.c: Free 'dest_filename' before it is returned
	upon error.

2015-01-13  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	sm: Avoid double-free on iconv failure.
	+ commit ced689e12a5037c6aeca62e9eaebdc098bd9c14e
	* sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid
	double-free of pwbuf.

	scd: Avoid double-free on error condition in scd.
	+ commit 0fd4cd8503dfe9c3e6a362003bd647b4cd882363
	* scd/command.c (cmd_readkey): avoid double-free of cert

	avoid future chance of using uninitialized memory.
	+ commit 1fc4dc541af7d4bf4dba6ef37d1d7841498a05c6
	* common/iobuf.c: (iobuf_open): initialize len

	gpgkey2ssh: clean up varargs.
	+ commit f542826b04e35f13a30116564daaf6456440b1d4
	* tools/gpgkey2ssh.c (key_to_blob) : ensure that va_end is called.

2015-01-13  Werner Koch  <wk@gnupg.org>

	doc: Fix memory leak in yat2m.
	+ commit 01b364b6da2fbb8850178674e1534d725cd760c8
	* doc/yat2m.c (write_th): Free NAME.

	gpgsm: Return NULL on fail.
	+ commit 907a9a1e986b8c8266f4f01e8ed82acfc636a519
	* sm/gpgsm.c (parse_keyserver_line): Set SERVER to NULL.

	gpg: Fix possible read of unallocated memory.
	+ commit d2b0e613131d52da54c3dbd72f4bfba8f7b71ad3
	* g10/parse-packet.c (can_handle_critical): Check content length
	before calling can_handle_critical_notation.

2015-01-09  Werner Koch  <wk@gnupg.org>

	scd: Fix possibly inhibited checkpin of the admin pin.
	+ commit d92fe965f3290a200d0a578decdd0867817b3b7b
	* scd/app-openpgp.c (do_check_pin): Do not check a byte of a released
	buffer.

2015-01-08  Joshua Rogers  <git@internot.info>

	scd: fix get_public_key for OpenPGPcard v1.0.
	+ commit 40f476867c5874602da921d48e339ae3612a0dcc
	* scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use.

2014-12-12  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: release DEK soon after its use.
	+ commit 4f0d526b7df871318508f8c3d2f57e7069c47e6f
	* g10/keygen.c (generate_subkeypair): Release DEK soon.

2014-11-26  David Prévot  <taffit@debian.org>

	po: Update French translation.
	+ commit 4e03e2757521ddc39d627712937227b84bf72275


	po: Update Danish translation.
	+ commit 798721f596b69c86d0831447d979b89d4e85b622


2014-11-26  Yuri Chornoivan  <yurchor@ukr.net>

	po: Update Ukrainian translation.
	+ commit e8c3fa77486d162bc63592e87680a82c9810ba48


2014-11-26  Jedi Lin  <Jedi@Jedi.org>

	po: Update Chinese (traditional) translation.
	+ commit 445eabf8f78ec349ba90b38a969b056afb901b11


2014-11-26  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit d084ae8f5302cd4fdcb658179602742847fb468a


2014-11-26  Frans Spiesschaert  <Frans.Spiesschaert@yucom.be>

	po: New Dutch translation.
	+ commit 0f429d553926b49c7851efd4d73ef631e93bdda4
	* po/LINGUAS: Add nl.po.

2014-11-24  Werner Koch  <wk@gnupg.org>

	gpg: Fix use of uninit.value in listing sig subpkts.
	+ commit 1f9dfe1fedad215140011257d9b1bb21bc368179
	* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
	sanitized.

	gpg: Fix off-by-one read in the attribute subpacket parser.
	+ commit 7a068ac50bc48de26e93cfeadf412b37257f97d5
	* g10/parse-packet.c (parse_attribute_subpkts): Check that the
	attribute packet is large enough for the subpacket type.

	gpg: Fix a NULL-deref for invalid input data.
	+ commit 92a7949ae6331b5e188480b76ce29a86ede6e89e
	* g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
	entry.

2014-11-14  Werner Koch  <wk@gnupg.org>

	gpg: Make the use of "--verify FILE" for detached sigs harder.
	+ commit a5ca45e6168e75aa6f3743b764d601ab3df966b7
	* g10/openfile.c (open_sigfile): Factor some code out to ...
	(get_matching_datafile): new function.
	* g10/plaintext.c (hash_datafiles): Do not try to find matching file
	in batch mode.
	* g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
	matching data file is not used by a standard signatures.

2014-11-12  Werner Koch  <wk@gnupg.org>

	gpg: Add import option "keep-ownertrust".
	+ commit da95d0d37841b34e2f3d7047f14ab4d98a7c0c56
	* g10/options.h (IMPORT_KEEP_OWNERTTRUST): New.
	* g10/import.c (parse_import_options): Add "keep-ownertrust".
	(import_one): Act upon new option.

2014-10-11  Werner Koch  <wk@gnupg.org>

	gpg: Show v3 key fingerprints as all zero.
	+ commit eb756e2510bfcae3339e0907a7e4cacdea59b175
	* g10/keyid.c (fingerprint_from_pk): Show v3 fingerprints as all zero.

	gpg: Avoid using cached MD5 signature status.
	+ commit 9112fed78b33faae32d21ab581721758ae2e95f2
	* g10/sig-check.c (check_key_signature2): Avoid using a cached MD5
	signature status.
	* g10/keyring.c (keyring_get_keyblock): Ditto.
	(write_keyblock): Ditto.

	* g10/sig-check.c (do_check): Move reject warning to ...
	* g10/misc.c (print_md5_rejected_note): new.

2014-10-03  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Add build and runtime support for larger RSA keys.
	+ commit f952fe8c6ddf13ecca14ca72a27d1f8da6adc901
	* configure.ac: Added --enable-large-secmem option.
	* g10/options.h: Add opt.flags.large_rsa.
	* g10/gpg.c: Contingent on configure option: adjust secmem size,
	add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
	* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
	* doc/gpg.texi: Document --enable-large-rsa.

2014-10-02  Werner Koch  <wk@gnupg.org>

	build: Update m4 scripts.
	+ commit 39c5d991a8fe9187bfbe71d0ff06630fea36fae0
	* m4/gpg-error.m4: Update from Libgpg-error git master.
	* m4/libgcrypt.m4: Update from Libgcrypt git master.
	* configure.ac: Declare SYSROOT a precious variable.  Add extra error
	message for library configuration mismatches.

2014-10-02  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: --compress-sigs and --compress-keys are not no-ops in 2.0.
	+ commit dcb5fa8747e8fc9f35285f168ee3ae8e6d422293
	* g10/gpg.c: Cleanup argument parsing.

	gpg: Avoid duplicate declaration of {no-,}sk-comments noops.
	+ commit 3e14da863a668fb0ec1a075722bd0f7b47ae4c1b
	* g10/gpg.c: Cleanup argument parsing.

2014-09-27  Werner Koch  <wk@gnupg.org>

	gpg: Default to SHA-256 for all signature types on RSA keys.
	+ commit 36179da032fa43d82042b3d31ed175d17b8e9bc4
	* g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in
	strict RFC or PGP modes.
	* g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for
	RSA key signatures.

2014-09-26  Werner Koch  <wk@gnupg.org>

	gpg: Add shortcut for setting key capabilities.
	+ commit b9b6ac9d26848bfcbd703d7410f066f4aeb9e418
	* g10/keygen.c (ask_key_flags): Add shortcut '='.
	* doc/help.txt (gpg.keygen.flags): New.

2014-09-25  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Warn about (but don't fail) on scdaemon options in gpg.conf.
	+ commit c76117f8b0165fe5cec5e7f234f55f5a4cd7f0ab
	* g10/gpg.c: Add config options that should belong in scdaemon.conf
	* g10/main.h, g10/misc.c (obsolete_scdaemon_option): New.

2014-09-03  Kristian Fiskerstrand  <kf@sumptuouscapital.com>

	gpg: Need to init the trustdb for import.
	+ commit 07006c9916ea194ce6047d252421c08489068c4c
	* g10/trustdb.c (clear_ownertrusts): Init trustdb.

2014-08-26  Werner Koch  <wk@gnupg.org>

	build: Print an error message if zlib is not installed.
	+ commit d91db67e5180fcbda2f3fb7667ffd1b99cac51c6
	* configure.ac (missing_zlib): New.

	gpg: Allow for positional parameters in the passphrase prompt.
	+ commit c45b9819e8f4b35681c91ffb67abdc38dcc32a2a
	* g10/passphrase.c (passphrase_get): Replace sprintf by xasprintf.

2014-08-12  Werner Koch  <wk@gnupg.org>

	Release 2.0.26.
	+ commit 5b2dcdd513ff503bb0bffbe7b9aa6d81d48dfaeb


	sm: Create homedir and lock empty keybox creation.
	+ commit b972ec396689013b884ea80f90d7505682d2fbb8
	* sm/gpgsm.h (opt): Add field "no_homedir_creation".
	* sm/gpgsm.c (main): Set it if --no-options is used.
	* sm/keydb.c: Include fcntl.h.
	(try_make_homedir): New.  Similar to the one from g10/openfile.c
	(maybe_create_keybox): New.  Similar to the one from g10/keydb.c.
	(keydb_add_resource): Replace some code by maybe_create_keybox.

2014-08-08  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit f7eb5be511c48f57ba5d510377f894b78f790f23


2014-08-06  Werner Koch  <wk@gnupg.org>

	gpg: Fix regression due to the keyserver import filter.
	+ commit 088f82c0b5e39687f70e44d3ab719854e808eeb6
	* g10/keyserver.c (keyserver_retrieval_filter): Change args.  Rewrite
	to take subpakets in account.
	* g10/import.c (import_one, import_secret_one): Pass keyblock to
	filter.

	gpg: Add kbnode_t for easier backporting.
	+ commit 25d5480e98068f6dd15c70c9e58236c77037535d
	* g10/gpg.h (kbnode_t): New.

2014-07-21  Simon Josefsson  <simon@josefsson.org>

	Add OpenPGP card manufacturer Yubico (6).
	+ commit 4500d3cb6dd3525a835c251e6104f500050cf075


2014-07-21  Andreas Schwier  <andreas.schwier@cardcontact.de>

	scd: Allow for certificates > 1024 with PC/SC.
	+ commit 5798673156a66f4c39e1d34e358b03539194d57c
	* scd/pcsc-wrapper.c (handle_transmit): Enlarge buffer to 4096 too
	allow for larger certificates.

2014-07-21  Werner Koch  <wk@gnupg.org>

	gpg: Cap size of attribute packets at 16MB.
	+ commit 9a1e195348daa9f719d34fdf4e4d6bfce4c8fb3e
	* g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap
	size of packet.

2014-06-30  Werner Koch  <wk@gnupg.org>

	Release 2.0.25.
	+ commit 621aa6bb4887b479ca62ea6ed769f89b5346da39


	estream: Fix minor glitch in "%.*s" format.
	+ commit 998f08529775138ee081cc702ab12a92f74526a2
	* common/estream-printf.c (pr_string): Take care of non-nul terminated
	strings.

2014-06-27  Werner Koch  <wk@gnupg.org>

	scd: Support reader Gemalto IDBridge CT30.
	+ commit 505f0a642f899ede411837ad69a442b0d4f427fa
	* scd/ccid-driver.c (parse_ccid_descriptor): Add quirk for that
	reader.
	(GEMPC_CT30): New product id.

	gpg: Limit keysize for unattended key generation to useful values.
	+ commit 48d92bcc8870f5750fb66351f3623f9d874d08fa
	* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
	(gen_rsa): Enforce keysize 1024 to 4096.
	(gen_dsa): Enforce keysize 768 to 3072.

2014-06-25  Werner Koch  <wk@gnupg.org>

	agent: Let gpg-protect-tool pass envvars to pinentry.
	+ commit 045c979a7673112bdb4e04f1bc7d3d4afbc775f8
	* agent/protect-tool.c (opt_session_env): New.
	(main): Pass session environment object to
	gnupg_prepare_get_passphrase.

	gpg: Make screening of keyserver result work with multi-key commands.
	+ commit 044847a0e2013a2833605c1a9f80cfa6ef353309
	* g10/keyserver.c (ks_retrieval_filter_arg_s): new.
	(keyserver_retrieval_filter): Use new struct and check all
	descriptions.
	(keyserver_spawn): Pass filter arg suing the new struct.

2014-06-24  Werner Koch  <wk@gnupg.org>

	Release 2.0.24.
	+ commit 41dcd32218b9baf0c417090e6968dd2d250e751b


2014-06-24  Kristian Fiskerstrand  <kf@sumptuouscapital.com>

	gpg: Fix a couple of spelling errors.
	+ commit 1242a72923db810f7e5fd36269c72b14cb19f60f


2014-06-24  Werner Koch  <wk@gnupg.org>

	gpg: Do not link gpgv against libassuan.
	+ commit 8e39fe810d951c2fef4c22246440a5944a89a18c
	* g10/Makefile.am (gpgv2_LDADD): Remove LIBASSUAN_LIBS.

	po: Update de.po.
	+ commit fb274a3cf3295dbd509494338bd6a16c8069176a


	common: Fix commit ceef5568 so that it builds with libgcrypt < 1.6.
	+ commit a37f63d7b86b467df82ac77cfa5a75bfb1c77b7c
	* common/ssh-utils.c (get_fingerprint): Use GCRY_PK_ECC only if
	defined.

	Remove thread callbacks for libgcrypt >= 1.6.
	+ commit aacb43a730a6f52c1ac91131afed73ae6ef25416
	* agent/gpg-agent.c (GCRY_THREAD_OPTION_PTH_IMPL): Do not use with
	libgcrypt >= 1.6.
	(main): Ditto.
	* scd/scdaemon.c (GCRY_THREAD_OPTION_PTH_IMPL): Ditto.
	(main): Ditto.

	gpg: Use more specific reason codes for INV_RECP.
	+ commit 76b0b076d0dfc1c0b011b9fd458a5158c189ebb4
	* g10/pkclist.c (build_pk_list): Use more specific reasons codes for
	INV_RECP.

	gpg: Make show-uid-validity the default.
	+ commit 9607bc0b9fce1f7853eee6591b44e35deed4a66c


2014-06-24  Stefan Tomanek  <tomanek@internet-sicherheit.de>

	gpg: Screen keyserver responses.
	+ commit 5e933008beffbeae7255ece02383606481f9c169
	* g10/main.h (import_filter_t): New.
	* g10/import.c (import): Add filter callbacks to param list.
	(import_one): Ditto.
	(import_secret_one): Ditto.
	(import_keys_internal): Ditto.
	(import_keys_stream): Ditto.
	* g10/keyserver.c (keyserver_retrieval_filter): New.
	(keyserver_spawn): Pass filter to import_keys_stream()

2014-06-24  Werner Koch  <wk@gnupg.org>

	gpg: Allow key-to-card upload for cert-only keys.
	+ commit e790671cb3a35f3042558224e915b6f74ebc2251
	* g10/card-util.c (card_store_subkey): Allo CERT usage for key 0.

2014-06-23  Werner Koch  <wk@gnupg.org>

	ssh: Fix for newer Libgcrypt versions.
	+ commit ceef5568d53b286efe639c6fd1d37f154be133ef
	* common/ssh-utils.c (get_fingerprint): Add GCRY_PK_ECC case.

2014-06-20  Werner Koch  <wk@gnupg.org>

	gpg: Avoid infinite loop in uncompressing garbled packets.
	+ commit 014b2103fcb12f261135e3954f26e9e07b39e342
	* g10/compress.c (do_uncompress): Limit the number of extra FF bytes.

2014-06-03  Werner Koch  <wk@gnupg.org>

	doc: Update for modern makeinfo.
	+ commit 52b96ef6b81951ddacf146a74e88e5512efd03a0
	* doc/texi.css: Remove.
	* doc/Makefile.am (AM_MAKEINFOFLAGS): Use --css-ref.

	Release 2.0.23.
	+ commit 6209c6d9ad00a17bef4780ff22f0e9f588343c00


	doc: Adjust Makefile for fixed yat2m.
	+ commit 71b0cd534ba3843e1a56f5c1b0a34e45a008ae42
	* doc/Makefile.am (yat2m-stamp): Remove dirmngr-client hack.

	gpg: New %U expando for the photo viewer.
	+ commit d7750a15d594f6d621e21d57fd5d45d6573870e0
	* g10/photoid.c (show_photos): Set namehash.
	* g10/misc.c (pct_expando): Add "%U" expando.

	common: Add z-base-32 encoder.
	+ commit 2a415c47eaf65c47edbd98440f37b2c46354fd02
	* common/zb32.c: New.
	* common/t-zb32.c: New.
	* common/Makefile.am (common_sources): Add zb82.c

	gpg: Reject signatures made with MD5.
	+ commit 8a4bd132f73aaf1588fb03340392fe22dd8e18ed
	* g10/gpg.c: Add option --allow-weak-digest-algos.
	(main): Set option also in PGP2 mode.
	* g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
	* g10/sig-check.c (do_check): Reject MD5 signatures.
	* tests/openpgp/gpg.conf.tmpl: Add allow_weak_digest_algos.

	gpg: Remove useless diagnostic in MDC verification.
	+ commit 3d4a36c8c98a15a4c5237fe2d10475a14b4c170a
	* g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad
	MDC packer header and a bad MDC.

	gpg: Fix glitch entering a full expiration time.
	+ commit 3c3d1ab35d17bce46dac8f806a8ce2dc90ac06ee
	* g10/keygen.c (ask_expire_interval): Get the current time after the
	prompt.

2014-06-02  Werner Koch  <wk@gnupg.org>

	gpg: Graceful skip reading of corrupt MPIs.
	+ commit 6af194038aebac71d539b3aa40465c8110591829
	* g10/parse-packet.c (mpi_read): Change error message on overflow.

	gpg: Simplify default key listing.
	+ commit ce989354fb7813022139838c26684a8db6d79ccf
	* g10/mainproc.c (list_node): Rework.

	gpgsm: Handle re-issued CA certificates in a better way.
	+ commit 684b0bd4bfb846d03a531385e2d1251391dee1f5
	* sm/certchain.c (find_up_search_by_keyid): Consider all matching
	certificates.
	(find_up): Add some debug messages.

	gpgsm: Add a way to save a found state.
	+ commit 3121c4b6c17b19cbf2119d2658d69ce4cca908c6
	* kbx/keybox-defs.h (keybox_found_s): New.
	(keybox_handle): Factor FOUND out to above.  Add saved_found.
	* kbx/keybox-init.c (keybox_release): Release saved_found.
	(keybox_push_found_state, keybox_pop_found_state): New.

	* sm/keydb.c (keydb_handle): Add field saved_found.
	(keydb_new): Init it.
	(keydb_push_found_state, keydb_pop_found_state): New.

	gpg: Fix bug parsing a zero length user id.
	+ commit 88ac9568364b399b896de2d6f2432b1cb73415a8
	* g10/getkey.c (get_user_id): Do not call xmalloc with 0.

	* common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to
	pass 0 to the arguments.

2014-04-22  Werner Koch  <wk@gnupg.org>

	gpg: Print a warning if GKR has hijacked gpg-agent.
	+ commit b896fccaada0caf1987eb95ac99dd6b4ca609c4b
	* g10/call-agent.c (check_hijacking): New.
	(start_agent): Call it.
	(membuf_data_cb, default_inq_cb): Move more to the top.

2014-04-16  Werner Koch  <wk@gnupg.org>

	gpg: Fix use of deprecated RSA_E and RSA_E with newer libgcrypts.
	+ commit efecbb7a3f0c32ea40db3a050c89f288550b05c2
	* g10/misc.c (pubkey_get_npkey): Map RSA_E and RSA_S to RSA.
	(pubkey_get_nskey): Ditto.
	(pubkey_get_nsig): Ditto.
	(pubkey_get_nenc): Ditto.
	(pubkey_nbits): Take care of RSA_E and RSA_S.

2014-03-12  Werner Koch  <wk@gnupg.org>

	scd: Skip S/N reading for the "undefined" application.
	+ commit dc941bdaec29d2fc60e2bddf85e11568367f531c
	* scd/app.c (select_application): Skip serial number reading.

2013-12-11  Werner Koch  <wk@gnupg.org>

	gpg: Change --show-session-key to print the session key earlier.
	+ commit 3ae90ff28c500967cb90b1176299d2ca01ef450f
	* g10/cpr.c (write_status_strings): New.
	(write_status_text): Replace code by a call to write_status_strings.
	* g10/mainproc.c (proc_encrypted): Remove show_session_key code.
	* g10/decrypt-data.c (decrypt_data): Add new show_session_key code.

2013-11-27  Werner Koch  <wk@gnupg.org>

	Silence annoying ABI change warning.
	+ commit d04399a6a8b36a7fea92c304aa7309956a2e352b
	* configure.ac [GCC]: Pass -Wno-psabi for gcc >= 4.6.  Avoid some gcc
	option tests for gcc >= 4.6

	scd: Fix two compiler warnings.
	+ commit 66585314e37ffb4d29d62bd51953a679d1b89ce3
	* scd/apdu.c (pcsc_vendor_specific_init): Add suggested parens.
	* scd/ccid-driver.c (ccid_get_atr): Cast DEBUGOUT_1 arg to int.

	gpg: Change armor Version header to emit only the major version.
	+ commit fd5f45249602863a4c54cd724fa6ed57e0a239c2
	* g10/options.h (opt): Rename field no_version to emit_version.
	* g10/gpg.c (main): Init opt.emit_vesion to 1.  Change --emit-version
	to bump up opt.emit_version.
	* g10/armor.c (armor_filter): Implement different --emit-version
	values.

2013-11-15  Werner Koch  <wk@gnupg.org>

	common: Fix build problem with Sun Studio compiler.
	+ commit 571bcd4662a351cfa55bbf1a79ed1bc26da5780f
	* common/estream.c (ESTREAM_MUTEX_UNLOCK): Use int dummy dummy
	functions.
	(ESTREAM_MUTEX_INITIALIZE): Ditto.

2013-11-13  NIIBE Yutaka  <gniibe@fsij.org>

	scd: more pinpad input fix for PC/SC.
	+ commit f72d9a5cf69c3e719979547a5f7a37efe49bd642
	* scd/apdu.c (check_pcsc_pinpad): Set default values here.
	(pcsc_pinpad_verify, pcsc_pinpad_modify): Remove setting default
	values, as it's too late.

2013-11-11  NIIBE Yutaka  <gniibe@fsij.org>

	scd: more pinpad fix.
	+ commit 07d7015e4dcb8a2439ed781928495632ec0b4fa3
	* scd/apdu.c (check_pcsc_pinpad): Set ->minlen and ->maxlen only when
	those are specified.
	(pcsc_pinpad_modify): Remove old check code.

2013-10-29  NIIBE Yutaka  <gniibe@fsij.org>

	scd: pinpad fix for PC/SC on Windows.
	+ commit 04e5feea8b62e866520b2d24b6d2fa076bf2b286
	* scd/apdu.c (SCARD_CTL_CODE): Fix for Windows.

2013-10-25  NIIBE Yutaka  <gniibe@fsij.org>

	scd: fix pinpad input on Windows.
	+ commit 2b92007aba5f1ee0ca99466b16698ecffb435b6f
	* scd/apdu.c (open_pcsc_reader_direct): Don't call
	pcsc_vendor_specific_init here, but...
	(connect_pcsc_card): Call it here.

2013-10-23  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit 4413e8c6ecb154bea62cc42ec434ac528d8cb209


2013-10-16  NIIBE Yutaka  <gniibe@fsij.org>

	scd: add pinpad readers information for PC/SC service.
	+ commit 9625e7c75a98ed44af66e886569b1d87a697ef24
	* scd/apdu.c (pcsc_vendor_specific_init): Add information for Cherry
	ST-2xxx, Reiner cyberJack, Vasco DIGIPASS, FSIJ Gnuk Token, and KAAN
	Advance.

2013-10-15  NIIBE Yutaka  <gniibe@fsij.org>

	scd: remove pin length check.
	+ commit b624677f7359c25873ee3e468c99d1319e6d2308
	* scd/apdu.c (pcsc_pinpad_verify): Remove old check code for pin
	length.

2013-10-11  Werner Koch  <wk@gnupg.org>

	gpg: Do not require a trustdb with --always-trust.
	+ commit 1a0eeaacd1bf09fe5125dbc3f56016bc20f3512e
	* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
	* g10/trustdb.c (trustdb_args): Add field no_trustdb.
	(init_trustdb): Set that field.
	(revalidation_mark):  Take care of a nonexistent trustdb file.
	(read_trust_options): Ditto.
	(get_ownertrust): Ditto.
	(get_min_ownertrust): Ditto.
	(update_ownertrust): Ditto.
	(update_min_ownertrust): Ditto.
	(clear_ownertrusts): Ditto.
	(cache_disabled_value): Ditto.
	(check_trustdb_stale): Ditto.
	(get_validity): Ditto.
	* g10/gpg.c (main): Do not create a trustdb with most commands for
	trust-model always.

	gpg: Fix --version output and explicitly disable ECC.
	+ commit 6286d01ba33b963be30fbb4fba6f35f1b05acd17
	* g10/misc.c (openpgp_pk_algo_name): New.  Replace all calls in g10/
	to gcry_pk_algo_name by a call to this function.
	(map_pk_openpgp_to_gcry): Map algo PUBKEY_ALGO_ELGAMAL_E to GCRY_PK_ELG.
	(openpgp_pk_test_algo): Use PUBKEY_ALGO_ELGAMAL_E instead of
	GCRY_PK_ELG_E.  Return an error for ECC algos.
	(openpgp_pk_test_algo2):  Return an error for ECC algos.
	* g10/gpg.c (build_list): Avoid printing ECC two times.
	* include/cipher.h: Do not use GCRY_PK_* macros for PUBKEY_ALGO_*.

2013-10-04  Werner Koch  <wk@gnupg.org>

	Release 2.0.22.
	+ commit 210546ff68c2f0d35ac4c18b9ebc6bc1fdfe73de


	doc: Update from master.
	+ commit a4b7e2e44816e93633c08f379862165ae9a034ed


	gpg: Print a "not found" message for an unknown key in --key-edit.
	+ commit 0bf54e60d31389812d05c3fd29bece876204561d
	* g10/keyedit.c (keyedit_menu): Print message.

	gpg: Kludge not to bail out on ECC if build with Libgcrypt 1.6.
	+ commit 1f842011f611625c8a5fd852d5a2b4bd13e4b563
	* g10/misc.c (print_pubkey_algo_note): Map the algo.
	(openpgp_pk_test_algo, openpgp_pk_test_algo2): Ditto.
	(pubkey_get_npkey, pubkey_get_nskey, pubkey_get_nsig)
	(pubkey_get_nenc): Return 0 for ECC algorithms.

	po: Update Czech translation.
	+ commit 7cae002b0c94c80ac8fefb55295819716f312094


	gpg: Protect against rogue keyservers sending secret keys.
	+ commit e7abed3448c1c1a4e756c12f95b665b517d22ebe
	* g10/options.h (IMPORT_NO_SECKEY): New.
	* g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
	flag.
	* g10/import.c (import_secret_one): Deny import if flag is set.

2013-10-04  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Allow setting of all zero key flags.
	+ commit dd868acb0d13a9f119c0536777350a6c237a66a1
	* g10/keygen.c (do_add_key_flags): Do not check for empty key flags.
	(cherry picked from commit b693ec02c467696bf9d7324dd081e279f9965151)

2013-10-04  Werner Koch  <wk@gnupg.org>

	gpg: Distinguish between missing and cleared key flags.
	+ commit 0a805ed1604ef3e9b27f3e22a936a2d439300e9f
	* include/cipher.h (PUBKEY_USAGE_NONE): New.
	* g10/getkey.c (parse_key_usage): Set new flag.

	keyserver: Allow use of cURL's default CA store.
	+ commit e957b9b3f408491f36660499b215aebcf2633a95
	* keyserver/gpgkeys_curl.c (main): Set CURLOPT_CAINFO only if a file
	has been given.
	* keyserver/gpgkeys_hkp.c (main): Ditto.

	gpg: Limit the nesting level of I/O filters.
	+ commit 35e40e2d514223c950c2f6d1214e02e92d87e997
	* common/iobuf.c (MAX_NESTING_FILTER): New.
	(iobuf_push_filter2): Limit the nesting level.

	* g10/mainproc.c (mainproc_context): New field ANY.  Change HAVE_DATA
	and ANY_SIG_SIGN to bit fields of ANY.  Add bit field
	UNCOMPRESS_FAILED.
	(proc_compressed): Avoid printing multiple Bad Data messages.
	(check_nesting): Return GPG_ERR_BAD_DATA instead of UNEXPECTED_DATA.

2013-10-02  Werner Koch  <wk@gnupg.org>

	gpg: Fix bug with deeply nested compressed packets.
	+ commit cd1b696b282361d76f4477d80872ed73d33bb1b6
	* g10/mainproc.c (MAX_NESTING_DEPTH): New.
	(proc_compressed): Return an error code.
	(check_nesting): New.
	(do_proc_packets): Check packet nesting depth.  Handle errors from
	check_compressed.

2013-09-18  Marcus Brinkmann  <mb@g10code.com>

	2009-11-10  Marcus Brinkmann  <marcus@g10code.de>
	+ commit 801ea11f21e4c29ab7220b0741691c1964b76854
		* server.c (cmd_getauditlog): Don't dup FD for es_fdopen_nc as
		this leaks the FD here.

	(cherry picked from commit b3cda3f45cdbf3c66538589c7e108cbf73adc850)

	Resolved Conflicts:
		sm/ChangeLog-2011 - Removed.

2013-08-30  Werner Koch  <wk@gnupg.org>

	gpg: Use 2048 as the default keysize in batch mode.
	+ commit 0f18295ac83e0533f30b65a14bb04bd94f1627fe
	* g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to
	2048.

	gpgtar: Fix building for systems with a separate libintl.
	+ commit 4d93e5e3cfb5e017bcdf58e8e9ecce11a2870192
	* tools/Makefile.am (gpgtar_LDADD): Add LIBINTL.

2013-08-30  NIIBE Yutaka  <gniibe@fsij.org>

	scd: PC/SC pinpad input improvement.
	+ commit 755f92e2afaa7be32e4d60253971724639b99c16
	* scd/apdu.c (struct reader_table_s): Add members: PINMIN, PINMAX, and
	PINPAD_VERLEN_SUPPORTED.
	(CM_IOCTL_VENDOR_IFD_EXCHANGE, FEATURE_GET_TLV_PROPERTIES,
	PCSCv2_PART10_PROPERTY_*): New.
	(new_reader_slot): Initialize pinpad_varlen_supported, pinmin, pinmax.
	(pcsc_vendor_specific_init): New.
	(open_pcsc_reader_direct, open_pcsc_reader_wrapped): Call
	pcsc_vendor_specific_init.
	(check_pcsc_pinpad): Not detect here but use the result of
	pcsc_vendor_specific_init.
	(pcsc_pinpad_verify, pcsc_pinpad_modify): Specify bNumberMessage.

2013-08-29  Jonas Borgström  <jonas@borgstrom.se>

	scd: add support for RSA_CRT and RSA_CRT_N key import.
	+ commit 6acb1d06f02ced837b423c725943c73f7d6f428a
	* scd/app-openpgp.c (do_writekey): Added RSA_CRT and RSA_CRT_N support.

2013-08-27  NIIBE Yutaka  <gniibe@fsij.org>

	scd: fix parsing login-data DO.
	+ commit 9158f58822a9258390b857aee5bf9751328793bb
	* scd/app-openpgp.c (parse_login_data): Release RELPTR.  Fix parsing.

	scd: fix Vega for Alpha reader.
	+ commit 6d8f36a0458a50685e130c55018e0d941101d952
	* scd/ccid-driver.c (ccid_vendor_specific_init): Fix error handling
	and size of command.

2013-08-21  Werner Koch  <wk@gnupg.org>

	scd: Make SPRx32 pinpad work with PC/SC on Windows.
	+ commit b63717031d8ee3f9ded44a182516158f8a349bd1
	* scd/apdu.c (CM_IOCTL_GET_FEATURE_REQUEST): Use SCARD_CTL_CODE.
	(SCARD_CTL_CODE): Define if not defined.
	(reader_table_s): Add is_spr532.
	(new_reader_slot): Clear it.
	(check_pcsc_pinpad): Set it.
	(pcsc_pinpad_verify, pcsc_pinpad_modify): Add fix for SPR532.

	(cherry picked from commit 5c5e52df4b92e23045ac87abac09357de58920d4)

	scd: Improve --enable-pinpad-varlen.
	+ commit 43e85d7bee4644ca84ef0ab0c3b08b2d02e4a699
	* tools/gpgconf-comp.c (gc_options_scdaemon): Add
	enable-pinpad-varlen.
	* scd/apdu.c (check_pcsc_pinpad): Detect SPRx32 reader.

	(cherry picked from commit 7bde2bf3b0ddb5d3515a44879e1a7ddb581a5c0b)

2013-08-19  Werner Koch  <wk@gnupg.org>

	Release 2.0.21.
	+ commit 9cf37aa69051d08c738dff355bac593aba4bdbb4


	Require libgpg-error 1.11.
	+ commit 2d360a96375843c437680b28a4f96f176d70a7c1
	* configure.ac (NEED_GPG_ERROR_VERSION): Set to 1.11.
	* common/util.h: Remove GPG_ERR_ replacements.

2013-08-19  Jakub Bogusz  <qboosh@pld-linux.org>

	Update the Polish translation.
	+ commit bffd8128bfd4d7e5aca046e2a9af5cbc5158e01d


2013-08-19  Werner Koch  <wk@gnupg.org>

	agent: Fix UPDATESTARTUPTTY for ssh.
	+ commit 9f5578c29adba6d4f7d3650121d07322c2f8d254
	* agent/command-ssh.c (setup_ssh_env): Fix env setting.

	tests: Make sure not to create files outside the build directory.
	+ commit 0c5d3da96a72ab399a8ea6d21a292875980dfac0
	* tests/openpgp/Makefile.am (./gpg_dearmor): Add option --homedir.

	gpgv: Init Libgcrypt to avoid syslog warning.
	+ commit 3966eb244518d5612385d35a5149f7164a9fb707
	* g10/gpgv.c (main): Check libgcrypt version and disable secure
	memory.

2013-08-08  Werner Koch  <wk@gnupg.org>

	agent: Extend cmd KEYINFO to return data from sshcontrol.
	+ commit 88914a9e24a8a116508d5b7d52b76b947e4d21a6
	* agent/command-ssh.c (struct control_file_s): Rename to
	ssh_control_file_s.
	(ssh_open_control_file, ssh_close_control_file)
	(ssh_read_control_file, ssh_search_control_file): New.
	(control_file_t):  Rename and move to ...
	* agent/agent.h (ssh_control_file_t): here.
	* agent/command.c (do_one_keyinfo): Add args is_ssh, ttl, disabled,
	and confirm. Rename unknown keytype indicator from '-' to 'X'.  Extend
	output.
	(cmd_keyinfo): Add options --ssh-list and --with-ssh.

2013-08-06  Werner Koch  <wk@gnupg.org>

	Improve libcurl detection.
	+ commit 110b52fffa77b339e6d59eba939408f7e87e7138
	* m4/libcurl.m4: Do not use AC_PATH_PROG if --with-libcurl as been
	given.  Suggested by John Marshall.

	gpg: Remove legacy keyserver examples from the template conf file.
	+ commit f3c5cc8bcd37e38b5d65db6a50466e22d03d1f0c
	* g10/options.skel: Update.

2013-08-02  Werner Koch  <wk@gnupg.org>

	gpg: No need to create a trustdb when encrypting with --always-trust.
	+ commit 7c028efc182234cd28bbfbeccff0107f334064f2
	* g10/gpg.c (main): Special case setup_trustdb for --encrypt.

2013-08-01  Werner Koch  <wk@gnupg.org>

	w32: Add code to support a portable use of GnuPG.
	+ commit 4f90c7b914693b72341fa1e93dda7e075f9717c0
	* common/homedir.c (w32_bin_is_bin, w32_portable_app) [W32]: New.
	(check_portable_app) [W32]: New.
	(standard_homedir, default_homedir) [W32]: Support the portable flag.
	(w32_rootdir, w32_commondir) [W32]: Ditto.
	(gnupg_bindir) [W32]: Ditto.

	w32: Always require libiconv.
	+ commit aff557409cde6ee38ac086046d9bb5eb2dc5c95b
	* configure.ac (missing_iconv): Set and die if we have no libiconv.
	* m4/iconv.m4: Update from libiconv 1.14.
	* tools/Makefile.am (gpgtar_LDADD): Add LIBICONV.
	* jnlib/utf8conv.c: Always include iconv.h
	(load_libiconv): Remove this w32 only function.
	(iconv_open, iconv, iconv_close): Remove W32 function pointer.
	(set_native_charset): Do not call load_libiconv.
	(jnlib_iconv_open, jnlib_iconv, jnlib_iconv_close): Ditto.

	w32: Remove unused code.
	+ commit 1b89863ec195dbfdbc33432569a7b2e7f0f83821
	* jnlib/w32-reg.c (write_w32_registry_string): Remove.

2013-07-03  Werner Koch  <wk@gnupg.org>

	Update the German translation.
	+ commit ebbce67489b8d0eded74be66cbd6bf42f5147725


	agent: Make --allow-mark-trusted the default.
	+ commit 90b419f3e9d05e509348d047e05fcc79e87be6cf
	* agent/gpg-agent.c (opts, main): Add option --no-allow-mark-trusted.
	Put this option into the gpgconf-list.
	(main): Enable opt.allow_mark_trusted by default.
	* tools/gpgconf-comp.c (gc_options_gpg_agent): Replace
	allow-mark-trusted by no-allow-mark-trusted.

	* agent/trustlist.c (agent_marktrusted): Always set the "relax" flag.

	Update the German translation.
	+ commit 0c01a0436961af5b427a8ace8e57d12be22dbc96


	ssh: Add support for Putty.
	+ commit 9f32499f99a0817f63f7a73b09bdcebe60d4775d
	* agent/gpg-agent.c [W32]: Include Several Windows header.
	(opts): Change help text for enable-ssh-support.
	(opts, main): Add option --enable-putty-support
	(putty_support, PUTTY_IPC_MAGIC, PUTTY_IPC_MAXLEN): New for W32.
	(agent_init_default_ctrl): Add and asssert call.
	(putty_message_proc, putty_message_thread): New.
	(handle_connections) [W32]: Start putty message thread.
	* common/sysutils.c (w32_get_user_sid): New for W32 only
	* tools/gpgconf-comp.c (gc_options_gpg_agent): Add
	--enable-ssh-support and --enable-putty-support.  Make the
	configuration group visible at basic level.
	* agent/command-ssh.c (serve_mmapped_ssh_request): New for W32 only.

	agent: Fix binary vs. text mode problem in ssh.
	+ commit ed056d67c7c93306b68829f83a2565e978dcfd9b
	* agent/command-ssh.c (file_to_buffer)
	(ssh_handler_request_identities): Open streams in binary mode.
	(start_command_handler_ssh): Factor some code out to ..
	(setup_ssh_env): new function.

	Silence deprecated warnings from gcc 4.6.3.
	+ commit 27e403bff7a6e46a390ae5f3d63ea63701d1435d
	* configure.ac (AH_BOTTOM): Define GCRYPT_NO_DEPRECATED.

	estream: Backport es_fopemem_init from master.
	+ commit 9b8518ffc97696634cd6d493fed872a512993c52
	* common/estream.c (es_fopenmem_init): New.

2013-07-01  Werner Koch  <wk@gnupg.org>

	ssh: Mark unused arg.
	+ commit e0659690186f833e0e91b0a1cfef655c2d10ed87
	* agent/command-ssh.c (ssh_signature_encoder_ecdsa): Cast spec to
	void.

	ssh: Support ECDSA keys.
	+ commit b4cb20cfc3fe2296a163355f386544096e48c147
	* agent/command-ssh.c (SPEC_FLAG_IS_ECDSA): New.
	(struct ssh_key_type_spec): Add fields CURVE_NAME and HASH_ALGO.
	(ssh_key_types): Add types ecdsa-sha2-nistp{256,384,521}.
	(ssh_signature_encoder_t): Add arg spec and adjust all callers.
	(ssh_signature_encoder_ecdsa): New.
	(sexp_key_construct, sexp_key_extract, ssh_receive_key)
	(ssh_convert_key_to_blob): Support ecdsa.
	(ssh_identifier_from_curve_name): New.
	(ssh_send_key_public): Retrieve and pass the curve_name.
	(key_secret_to_public): Ditto.
	(data_sign): Add arg SPEC and change callers to pass it.
	(ssh_handler_sign_request): Get the hash algo from SPEC.
	* common/ssh-utils.c (get_fingerprint): Support ecdsa.

	* agent/protect.c (protect_info): Add flag ECC_HACK.
	(agent_protect): Allow the use of the "curve" parameter.
	* agent/t-protect.c (test_agent_protect): Add a test case for ecdsa.

	* agent/command-ssh.c (ssh_key_grip): Print a better error code.

	estream: New function es_fclose_snatch.
	+ commit 4b4df62eaf7f46f83540536bfa373e78be2a6d7d
	* common/estream.c (cookie_ioctl_function_t): New type.
	(es_fclose_snatch): New function.
	(COOKIE_IOCTL_SNATCH_BUFFER): New constant.
	(struct estream_internal): Add field FUNC_IOCTL.
	(es_initialize): Clear FUNC_IOCTL.
	(es_func_mem_ioctl): New function.
	(es_fopenmem): Init FUNC_IOCTL.

	ssh: Rewrite a function for better maintainability.
	+ commit cf7f9303272db65465ff45348cf18f7298e41e30
	* agent/command-ssh.c (ssh_signature_encoder_dsa): Rewrite.

	ssh: Improve key lookup for many keys.
	+ commit 901162579119585ebd3df9001b0370e6d32934ab
	* agent/command-ssh.c: Remove dirent.h.
	(control_file_s): Add struct item.
	(rewind_control_file): New.
	(search_control_file): Factor code out to ...
	(read_control_file_item): New.
	(ssh_handler_request_identities): Change to iterate over entries in
	sshcontrol.

	ssh: Cleanup sshcontrol file access code.
	+ commit 336112e519079f43278a8ca8c2937417bc667d8f
	* agent/command-ssh.c (SSH_CONTROL_FILE_NAME): New macro to replace
	the direct use of the string.
	(struct control_file_s, control_file_t): New.
	(open_control_file, close_control_file): New.  Use them instead of
	using fopen/fclose directly.

	ssh: Do not look for a card based ssh key if scdaemon is disabled.
	+ commit fc7d033d8e62f6a289fdf7dba26af076accb5fd2
	* agent/command-ssh.c (ssh_handler_request_identities): Do not call
	card_key_available if the scdaemon is disabled.

	ssh: Make the mode extension "x" portable by a call to es_fopen.
	+ commit 7ce72c97bfe1ab2f58248a6afe629aafa20d058b
	* agent/command-ssh.c (open_control_file): Use_es_fopen to support
	the "wx" mode flag.

2013-05-11  Werner Koch  <wk@gnupg.org>

	Fix syntax error for building on APPLE.
	+ commit 8ddf604659b93754ffa6dea295678a8adc293f90
	* scd/pcsc-wrapper.c [__APPLE__]: Fix syntax error.

2013-05-10  Werner Koch  <wk@gnupg.org>

	Release 2.0.20.
	+ commit 11ce4c79bb953ae3a20f6de609655f6949017c54


	Update gpg-error, libgcrypt, and ksba m4 scripts.
	+ commit 3f79a0b4b4bffa6b04ec7fb0eb82c3bb3ae70d16
	* m4/gpg-error.m4: Update from libgpg-error repo.
	* m4/ksba.m4: Likewise.
	* m4/libgcrypt.m4: Likewise.

2013-05-10  Yuri Chornoivan  <yurchor@ukr.net>

	Update Ukrainian translation.
	+ commit 0a9a4a38df0a5d6a84302154470904b9ec8014f5


2013-05-07  Werner Koch <wk@gnupg.org>

	w32: Add icons and version information.
	+ commit 049b3d9ca0285d15c00c215ac9b533c994196ca4
	* common/gnupg.ico: New.  Take from artwork/gnupg-favicon-1.ico.
	* agent/gpg-agent-w32info.rc: New.
	* g10/gpg-w32info.rc: New.
	* scd/scdaemon-w32info.rc: New.
	* sm/gpgsm-w32info.rc: New.
	* tools/gpg-connect-agent-w32info.rc: New.
	* common/w32info-rc.h.in: New.
	* configure.ac (BUILD_REVISION, BUILD_FILEVERSION, BUILD_TIMESTAMP)
	(BUILD_HOSTNAME): New.
	(AC_CONFIG_FILES): Add w32info-rc.h.
	* am/cmacros.am (.rc.o): New rule.
	* agent/Makefile.am, common/Makefile.am, g10/Makefile.am
	* scd/Makefile.am, sm/Makefile.am, tools/Makefile.am: Add stuff to
	build resource files.

2013-05-07  Ian Abbott  <abbotti@mev.co.uk>

	doc: fix some Texinfo warnings.
	+ commit 4d67f59a336bfa0ff19fc23209940724196fd886
	* doc/gpg.texi: Fix syntax and add missing menu entries.
	* doc/gpgsm.texi: Fix subsectioning.

2013-04-24  Jedi  <jedi@jedi.org>

	Update helper scripts.
	+ commit e94aee4b77810c58834589b70507e19e341c3c0f
	* compile, config.guess, config.rpath, config.sub, depcomp,
	* install-sh, mdate-sh, mkinstalldirs: Update to Feb 25 versions from
	gnulib.

2013-04-24  Joe Hansen  <joedalton2@yahoo.dk>

	Update Danish translation.
	+ commit de61e33e4acf80583e23a839bc69aeb9c1504f4d
	* po/da.po: Update.

2013-04-24  Jaime Suarez  <jaime.suma@gmail.com>

	Update Spanish translation.
	+ commit e4fea6f8ae98052a6f361f70891770bc702719de


2013-04-24  Werner Koch  <wk@gnupg.org>

	Update de.po and fr.po for keypad->pinpad change.
	+ commit 798b4b3d3fa2fa4c01b96bf428c4c5b34cf098f9


2013-04-24  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Add pinpad support for REINER SCT cyberJack go.
	+ commit 145d672fbf6d528f57cc3987238e380a9acbbd20
	* scd/ccid-driver.c (VENDOR_REINER, CYBERJACK_GO): New.
	(ccid_transceive_secure): Handle the case for VENDOR_REINER.
	Original work was by Alina Friedrichsen (tiny change).

2013-04-23  Werner Koch  <wk@gnupg.org>

	Allow building gpgkeys_ldap with the 32 bit mingw-w64 toolchain.
	+ commit a557a74615774b228dae14cf83a92ec26e2b03b5
	* keyserver/gpgkeys_ldap.c (my_ldap_start_tls_s): Define macro
	depending on compiler version.
	(main): Use new macro.

2013-04-22  Werner Koch  <wk@gnupg.org>

	Fix potential heap corruption in "gpg -v --version".
	+ commit 3402a84720e7d8c6ad04fc50eacb338a8ca05ca1
	* g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
	certain locales.

	Switch to the new automagic beta numbering scheme.
	+ commit 18ae751f28ac7f4be4049f5f83a7d4615c054fb2
	* configure.ac: Add all the required m4 magic.

	Update docs from master.
	+ commit 681338bfd344f6928e1e3037c948c46c2e589bd3
	* doc/gpg-agent.texi: Update from master.
	* doc/gpg.texi: Ditto.
	* doc/gpgsm.texi: Ditto.
	* doc/gpl.texi: Ditto.
	* doc/yat2m.c: Ditto.

	Ignore obsolete option --disable-keypad.
	+ commit e24e92d7e244edd578c0c1f0fba6e0070cb5f104
	* scd/scdaemon.c (opts): Ignore --disable-keypad.

	Allow marking options as ignored.
	+ commit 54c54e2824aab5716a187bbbf6dff8860d6a6056
	* jnlib/argparse.h (ARGPARSE_OPT_IGNORE): New.
	(ARGPARSE_TYPE_MASK): New, for internal use.
	(ARGPARSE_ignore): New.
	* jnlib/argparse.c (optfile_parse, arg_parse): Replace remaining
	constants by macros.
	(optfile_parse): Implement ARGPARSE_OPT_IGNORE.
	(arg_parse): Exclide ignore options from --dump-options.

	Do not mix test result with progress lines.
	+ commit da0925973ef38e1ba82dbc19d829fb11677efc74
	This makes parsing of the results easier.  Fixes bug#1400.

	* tests/openpgp/defs.inc (progress_cancel, progress_end)
	(progress_new): New.
	* tests/openpgp/conventional-mdc.test: Use progress functions
	* tests/openpgp/conventional.test: Ditto.
	* tests/openpgp/encrypt-dsa.test: Ditto.
	* tests/openpgp/encrypt.test: Ditto.
	* tests/openpgp/sigs.test: Ditto.

2013-04-01  NIIBE Yutaka  <gniibe@fsij.org>

	scd: move SCDaemon to libexecdir.
	+ commit 79d7e1d86bbd658c14a2f9cf3b7b4b5562df17c3
	* common/homedir.c (gnupg_module_name): It's now libexecdir.
	* scd/Makefile.am (libexec_PROGRAMS): Add scdaemon
	(bin_PROGRAMS): Remove scdaemon.

2013-03-26  NIIBE Yutaka  <gniibe@fsij.org>

	scd: PC/SC status fix.
	+ commit c3495209ee6bdac6d6c631ded632fd540596f6e4
	* scd/apdu.c (pcsc_get_status_direct): Check PCSC_STATE_MUTE only when
	PCSC_STATE_PRESENT.

	* scd/pcsc-wrapper.c (handle_status): Ditto.

	scd: PC/SC cleanup (more).
	+ commit 247bec6a6f6a3358b38818a972430c7329f5b0d9
	* scd/apdu.c (control_pcsc_direct, control_pcsc_wrapped, control_pcsc)
	(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify): Use
	pcsc_dword_t.

	scd: call update_card_removed only when detecting removal.
	+ commit ed0328d49ad7d3361e608330205c92a06a508d06
	* scd/command.c (update_reader_status_file): Add condition
	ss->status == 0.

2013-03-22  NIIBE Yutaka  <gniibe@fsij.org>

	scd: PC/SC cleanup.
	+ commit ae22d629b6028aa994ff09f012e1cb029575eeae
	* scd/apdu.c (pcsc_dword_t): New.  It was named as DWORD (double-word)
	when a word was 16-bit.
	(struct reader_table_s): Fixes for types.
	(struct pcsc_readerstate_s) [__APPLE__]: Enable #pragma pack(1).
	Throughout: Fixes for types.

	* scd/pcsc-wrapper.c: Likewise.

2013-03-21  NIIBE Yutaka  <gniibe@fsij.org>

	scd: change default value of pinpad maxlen.
	+ commit 33d276791c8169063b22fde96a1760f9f5ef1e63
	* scd/apdu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Default value
	of maxlen for pinpad input is now 15 (was: 25).

	* scd/ccid-driver.c (ccid_transceive_secure): Likewise.

2013-03-15  NIIBE Yutaka  <gniibe@fsij.org>

	scd: ccid-driver supporting larger APDU.
	+ commit 91423a826e3cefd78fc0006e65b56559dd578784
	* scd/ccid-driver.c (ccid_transceive_apdu_level): Support larger
	APDU.

2013-03-03  David Shaw  <dshaw@jabberwocky.com>

	Differentiate between success (full or partial), not-found, and failure.
	+ commit 6d0e41815a726ad4b170ed18cc772a1817559299
	* keyserver/gpgkeys_hkp.c (get_key): Use curl_easy_setinfo to get the
	  HTTP status code so we can tell the difference between a successful
	  retrieval, a partial retrieval, a not-found, or a server failed.

	Emulate curl_easy_getinfo and CURLINFO_RESPONSE_CODE in curl-shim.
	+ commit 7808e4a763692b8bcd95264d39caf85fad32f0bd
	* keyserver/curl-shim.h, keyserver/curl-shim.c (curl_easy_getinfo):
	  New. Return the HTTP status code for the last transfer.

2013-02-28  David Shaw  <dshaw@jabberwocky.com>

	Bring the fix for bug 739 on 1.4 over to 2.0 (bug 1479)
	+ commit fe85638284880805b80778fe87ae551d3de0ca32
	* http.h, http.c (http_wait_response, main): Remove
	  HTTP_FLAG_NO_SHUTDOWN.

2013-02-12  NIIBE Yutaka  <gniibe@fsij.org>

	Japanese: minor doc update.
	+ commit 815d01fceb56bc03cb0df0826a9a8438970dbda4
	* doc/help.ja.txt: Update.

	Japanese: updated po and doc.
	+ commit 1f187000c4676129fdcaaacdcf4f959131ddd448
	* doc/help.ja.txt, po/ja.po: Updated.

2013-02-08  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Rename 'keypad' to 'pinpad'.
	+ commit c2744e97c85d04452f3d7bfe30e1da294c636a4f
	* NEWS: Mention scd changes.

	* agent/divert-scd.c (getpin_cb): Change message.

	* agent/call-scd.c (inq_needpin): Change the protocol to
	POPUPPINPADPROMPT and DISMISSPINPADPROMPT.
	* scd/command.c (pin_cb): Likewise.

	* scd/apdu.c (struct reader_table_s): Rename member functions.
	(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify,
	check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad
	apdu_pinpad_verify, apdu_pinpad_modify): Rename.

	* scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad)
	(apdu_pinpad_verify, apdu_pinpad_modify): Rename.

	* scd/iso7816.h (iso7816_check_pinpad): Rename.

	* scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD.
	(iso7816_check_pinpad): Rename.
	(iso7816_verify_kp, iso7816_change_reference_data_kp): Follow
	the change.

	* scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename.
	* scd/ccid-driver.c (ccid_transceive_secure): Use it.

	* scd/app-dinsig.c (verify_pin): Follow the change.
	* scd/app-nks.c (verify_pin): Follow the change.

	* scd/app-openpgp.c (check_pinpad_request): Rename.
	(parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow
	the change.

	* scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename.

	* scd/scdaemon.h (opt): Rename to disable_pinpad,
	enable_pinpad_varlen.

	* tools/gpgconf-comp.c (gc_options_scdaemon): Rename to
	disable-pinpad.

2013-02-05  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix check_keypad_request.
	+ commit 9fec82a30bec953b09548840dac4e8999310498e
	* scd/app-openpgp.c (check_keypad_request): 0 means not to use pinpad.

	scd: Clean up.
	+ commit 4a2f1e51339df469cf2284ab342ea23e3921ec9f
	* apdu.h (apdu_send_simple_kp): Remove.
	* apdu.c (apdu_send_simple_kp): Remove.

	SCD: Add vendor specific initalization.
	+ commit c3070705a4060694bfe5112fa9c1edc9f5479bf4
	* scd/ccid-driver.c (ccid_vendor_specific_init): New.
	(ccid_open_reader): Call ccid_vendor_specific_init.

	SCD: Support P=N format for login data.
	+ commit 031f783d8a3d242085985b6afb2d67e49e6a1454
	* scd/app-openpgp.c (parse_login_data): Support P=N format.

	SCD: Better interoperability.
	+ commit eec69e5366e00d958f3204eb1aad6871e976293f
	* scd/apdu.c: Fill bTeoPrologue[2] field.

	SCD: Defaults to use pinpad if the reader has the capability.
	+ commit 1788aad9c1a6a68a5ae841c8746aabf76e8a9c65
	* scd/app-openpgp.c (struct app_local_s): Remove VARLEN.
	(parse_login_data): "P=0" means to disable pinpad.
	(check_keypad_request): Default is to use pinpad if available.

	SCD: handle keypad request on the card.
	+ commit 85bd703e78768ae5290a64c405f3c9fed46ecff2
	* scd/app-openpgp.c: Add 2013.
	(struct app_local_s): Add keypad structure.
	(parse_login_data): Add parsing keypad request on the card.
	(check_keypad_request): New.
	(verify_a_chv, verify_chv3, do_change_pin): Call check_keypad_request
	to determine use of keypad.

	SCD: Minor fix of ccid-driver.
	+ commit d1d51464d2db60a801f8f252c4a3386493989b31
	* scd/ccid-driver.c (VENDOR_VEGA): Fix typo.

	SCD: Add support of Covadis VEGA_ALPHA reader.
	+ commit daafc1c8fdee0e0387dff6f42cfc3b01046480d4
	* scd/ccid-driver.c: Add 2013.
	(VENDER_VEGA, VEGA_ALPHA):New.
	(ccid_transceive_secure): VEGA_ALPHA is same firmware as GEMPC_PINPAD.
	Change bNumberMessage to 0x01, as it works better (was: 0xff).

	SCD: Support fixed length PIN input for keypad (PC/SC).
	+ commit 15bf5a10d47ae288fc4174424551e2e19e6b7b6a
	* scd/apdu.c (pcsc_keypad_verify): SUpport fixed length PIN input for
	keypad.
	(pcsc_keypad_modify): Likewise.
	* scd/ccid-driver.c (ccid_transceive_secure): Clean up.

	SCD: Support fixed length PIN input for keypad.
	+ commit 15200f7001ce591233e4f266428d97c7e1ee29f1
	* scd/iso7816.h (struct pininfo_s): Remove MODE and add FIXEDLEN.
	* scd/app-dinsig.c (verify_pin): Initialize FIXEDLEN to unknown.
	* scd/app-nks.c (verify_pin): Likewise.
	* scd/app-openpgp.c (verify_a_chv, verify_chv3, do_change_pin):
	Likewise.
	* scd/apdu.c (check_pcsc_keypad): Add comment.
	(pcsc_keypad_verify, pcsc_keypad_modify): PC/SC driver only support
	readers with the feature of variable length input (yet).
	(apdu_check_keypad): Set FIXEDLEN.
	* scd/ccid-driver.c (ccid_transceive_secure): Add GEMPC_PINPAD
	specific settings.
	Support fixed length PIN input for keypad.

	SCD: API cleanup for keypad handling.
	+ commit 4fe024cf33fcb1c0c789b548de39da2f61154cb9
	* scd/iso7816.h (struct pininfo_s): Rename from iso7816_pininfo_s.
	Change meaning of MODE.
	(pininfo_t): Rename from iso7816_pininfo_t.
	* scd/sc-copykeys.c: Include "iso7816.h".
	* scd/scdaemon.c, scd/command.c: Likewise.
	* scd/ccid-driver.c: Include "scdaemon.h" and "iso7816.h".
	(ccid_transceive_secure): Follow the change of PININFO_T.
	* scd/app.c: Include "apdu.h" after "iso7816.h".
	* scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
	(iso7816_change_reference_data_kp): Follow the change of API.
	* scd/apdu.c (struct reader_table_s): Change API of CHECK_KEYPAD,
	KEYPAD_VERIFY, KEYPAD_MODIFY to have arg of PININFO_T.
	(check_pcsc_keypad, check_ccid_keypad): Likewise.
	(apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify): Likewise.
	(pcsc_keypad_verify, pcsc_keypad_modify, ct_send_apdu)
	(pcsc_send_apdu_direct,  pcsc_send_apdu_wrapped, pcsc_send_apdu)
	(send_apdu_ccid, ccid_keypad_operation, my_rapdu_send_apdu, send_apdu)
	(send_le): Follow the change of API.
	* scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
	(apdu_keypad_modify): Change the API.
	* scd/app-dinsig.c, scd/app-nks.c, scd/app-openpgp.c: Follow the
	change.

	SCD: Clean up.  Remove PADLEN for keypad input.
	+ commit 3d863c298b5914958ef1462409dc097b4a076b52
	* scd/apdu.c (struct pininfo_s): Use iso7816_pininfo_s.
	(struct reader_table_s): Remove last arg from check_keypad method.
	(check_pcsc_keypad, check_pcsc_keypad): Remove PIN_PADLEN.
	(pcsc_keypad_verify, pcsc_keypad_modify): Don't check PIN_PADLEN.
	(send_apdu_ccid, ccid_keypad_operation): Remove PIN_PADLEN.
	(apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify):
	Likewise.

	* scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
	(apdu_keypad_modify): Remove PIN_PADLEN.

	* scd/ccid-driver.c (ccid_transceive_secure): Remove PIN_PADLEN.

	* scd/ccid-driver.h (ccid_transceive_secure): Remove PIN_PADLEN.

	* scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
	(iso7816_change_reference_data_kp): Remove PADLEN.

	* scd/iso7816.h (struct iso7816_pininfo_s): Remove PADLEN, PADCHAR.

	SCD: Add option enable-keypad-varlen and support for GEMPC_PINPAD.
	+ commit 7c110e997adda6252dbc7c2ff3fce1db3edaff94
	* scd/scdaemon.h (opt): Add enable_keypad_varlen.
	* scd/scdaemon.c (cmd_and_opt_values): Add oEnableKeypadVarlen.
	(opts, main): Add oEnableKeypadVarlen.
	* scd/ccid-driver.c (GEMPC_PINPAD): New.
	(ccid_transceive_secure): Add enable_varlen handling.
	Enable GEMPC_PINPAD.

	SCD: Support not-so-smart card readers.
	+ commit 2dbd347fbe9765e72041857a5922390e01cf95f1
	* scd/ccid-driver.c (struct ccid_driver_s): Add auto_voltage,
	auto_param, and auto_pps.
	(parse_ccid_descriptor): Set auto_voltage, auto_param, and auto_pps.
	Support non-autoconf readers.
	(update_param_by_atr): New.
	(ccid_get_atr): Use 5V for PowerOn when auto_voltage is not supported.
	Use 0x10 when nonnull_nad for SetParameters.
	Call update_param_by_atr for parsing ATR, and use param for
	SetParameters.
	Send PPS if reader requires it and card is negotiable.
	When bNadValue in the return values of SetParameters == 0,
	clear handle->nonnull_nad flag.

2013-02-04  NIIBE Yutaka  <gniibe@fsij.org>

	SCD: Hold lock for pinpad input.
	+ commit e8ea10990d9b860d9f2863928887811f86c304b6
	* scd/apdu.c (apdu_check_keypad, apdu_keypad_verify)
	(apdu_keypad_modify): Hold lock to serialize communication.

	agent: kill pinentry by SIGINT, fixing a bug to be killed by SIGINT.
	+ commit 42dd3956cc59297585c161ff735d89387a34d147
	* agent/call-pinentry.c (atfork_cb): Reset signal mask and signal
	handler for child process.
	(agent_popup_message_stop): Send SIGINT (was: SIGKILL).

2013-01-11  Christian Aistleitner  <christian@quelltextlich.at>

	gpg: Fix honoring --cert-digest-algo when recreating a cert.
	+ commit 3cfe527fa57167d0477c0f6250ca28e8f4dd1b0e
	* g10/sign.c (update_keysig_packet): Override original signature's
	digest algo in hashed data and for hash computation.

2013-01-07  NIIBE Yutaka  <gniibe@fsij.org>

	Update Japanese Translation.
	+ commit 00c908263206f65a59a4f3e525d716888be132b9
	* po/ja.po: Fix wrong translations for designated revocation.
	Reported by Hideki Saito.

2013-01-03  Werner Koch  <wk@gnupg.org>

	gpg: Detect Keybox files and print a diagnostic.
	+ commit f395a3e7ef78e93084a572cf39c1bb2d85ce5f45
	* g10/keydb.c (KEYDB_RESOURCE_TYPE_KEYBOX): New.
	(keydb_add_resource): Handle scheme "gnupg-kbx:".  Detect Keybox
	magic.  Print wanrning note for Keybox.
	(keydb_new, keydb_release, keydb_get_resource_name)
	(lock_all, unlock_all, keydb_get_keyblock)
	(keydb_update_keyblock, keydb_insert_keyblock, keydb_delete_keyblock)
	(keydb_locate_writable, keydb_rebuild_caches, keydb_search_reset)
	(keydb_search2): Ignore Keybox type in switches.
	* g10/gpg.h (G10ERR_UNSUPPORTED): Map to correct gpg-error value.

2012-12-29  NIIBE Yutaka  <gniibe@fsij.org>

	Update Japanese Translation.
	+ commit f484d8b28bccce7652362fa7940e53af04a412c8
	* po/ja.po: Fix terms and expressions.

	Update Japanese Translation.
	+ commit b87265cd30e24dc8c196331175b2838caf767cdc
	* po/ja.po: Translate all untranslated messages.

2012-12-27  NIIBE Yutaka  <gniibe@fsij.org>

	Update Japanese Translation.
	+ commit e2c939d570b8eda411be13978ae6a45c0cc1e4ca
	* po/ja.po: Fix all fuzzy translations.  Fill some of unstanslated
	messages.

	Update Japanese Translation.
	+ commit ec008b94f3161a1b39b2295475ffae061d902bed
	* po/ja.po: Remove old entries.

	Update Japanese Translation.
	+ commit 7baae3e09527861e15b8f145146911b35b2ca725
	* po/ja.po: Fix headers.  Update by msgmerge -U ja.po gnupg2.pot.

	Update Japanese tranlation.
	+ commit da0ee97cbc3ebabed19bd794875dd3b7dc20bbfd
	* po/ja.po: Change the encoding to UTF-8 (was: EUC-JP).

2012-12-21  David Shaw  <dshaw@jabberwocky.com>

	Make sure srvcount is initialized.
	+ commit 8c32d4de57b8b0b5e1be3022d4056a854c568745
	* keyserver/gpgkeys_hkp.c (srv_replace): Initialize srvcount.

2012-12-20  Werner Koch  <wk@gnupg.org>

	gpg: Import only packets which are allowed in a keyblock.
	+ commit 498882296ffac7987c644aaf2a0aa108a2925471
	* g10/import.c (valid_keyblock_packet): New.
	(read_block): Store only valid packets.

2012-12-19  Werner Koch  <wk@gnupg.org>

	gpg: Make commit 258192d4 actually work.
	+ commit d23ec86095714d388acac14b515445fe69f019e9
	* g10/sign.c (update_keysig_packet): Use digest_algo.

	gpg: Suppress "public key already present" in quiet mode.
	+ commit 75404e2dad668a4bad3c0f06515197bcc90e9503
	* g10/pkclist.c (build_pk_list): Print two diagnostics only in
	non-quiet mode.

2012-12-18  Werner Koch  <wk@gnupg.org>

	jnlib: Add meta option ignore-invalid-option.
	+ commit 8ea49cf513e1fb47913473ec8bf22ff832878506
	* jnlib/argparse.c (iio_item_def_s, IIO_ITEM_DEF): New.
	(initialize): Init field IIO_LIST.
	(ignore_invalid_option_p): New.
	(ignore_invalid_option_add): New.
	(ignore_invalid_option_clear): New.
	(optfile_parse): Implement meta option.

2012-12-18  David Shaw  <dshaw@jabberwocky.com>

	No point in defaulting try-dns-srv to on if we don't have SRV support.
	+ commit 732f3d1d4786239db5f31f82cc04ec79326cc13c
	* keyserver/gpgkeys_hkp.c (main): Only default try-dns-srv to on if we
	  have SRV support in the first place.

	Issue 1447: Pass proper Host header and SNI when SRV is used with curl.
	+ commit 6b1f71055ebab36989e2089cfde319d2ba40ada7
	* configure.ac: Check for inet_ntop.

	* m4/libcurl.m4: Provide a #define for the version of the curl
	  library.

	* keyserver/gpgkeys_hkp.c (main, srv_replace): Call getaddrinfo() on
	  each target.  Once we find one that resolves to an address (whether
	  IPv4 or IPv6), pass it into libcurl via CURLOPT_RESOLVE using the
	  SRV name as the "host".  Force the HTTP Host header to be the same.

2012-12-15  David Shaw  <dshaw@jabberwocky.com>

	Part of issue 1447: Pass proper Host header when SRV is used.
	+ commit cbe98b2cb1e40ba253300e604996681ae191e363
	* common/http.c (send_request, connect_server): Set proper Host header
	  (no :port, host is that of the SRV) when SRV is used in the
	  curl-shim.

	Fix issue 1446: honor ports given in SRV responses.
	+ commit ba9e974f1fd85b3dbbfb5e26d7a14f71d07c7cf2
	* common/http.c (send_request, connect_server, http_open): Use a
	  struct srv instead of a single srvtag so we can pass the chosen host
	  and port back to the caller.
	  (connect_server): Use the proper port in the HAVE_GETADDRINFO case.

	* keyserver/curl-shim.c (curl_easy_perform): Use struct srv and log
	  chosen host and port.

	* keyserver/gpgkeys_hkp.c (main): Properly take the port given by SRV.

2012-12-13  NIIBE Yutaka  <gniibe@fsij.org>

	SCD: Fix the process of writing key or generating key.
	+ commit 3e7cc25d4a574d27e08322d9e82915ddcb8416f1
	* scd/app-openpgp.c (store_fpr): Flush KEY-FPR and KEY-TIME.

2012-12-07  NIIBE Yutaka  <gniibe@fsij.org>

	Revert SCD changes of 2010-05-03 (scd/ChangeLog 2010-03-17).
	+ commit 0d7cf7bb0669ca280e6259a9c34612a8ff56acda
	* scd/apdu.c (pcsc_no_service): Remove.
	(open_pcsc_reader_direct, open_pcsc_reader_wrapped): Remove
	pcsc_no_service support.
	(apdu_open_reader): Remove R_NO_SERVICE.
	* scd/apdu.h (apdu_open_reader): Remove R_NO_SERVICE.
	* scd/command.c (reader_disabled): Remove.
	(get_reader_slot): Follow the change of R_NO_SERVICE.
	(open_card, cmd_serialno, scd_command_handler): Remove reader_disabled
	support.
	* scd/sc-copykeys.c (main): Follow the change of R_NO_SERVICE.

	Don't keep opening unavailable card reader.
	+ commit 9afd2bb7fb9067eb8c753a5e5f672a36e93b2474
	* scd/command.c (update_reader_status_file): Don't call
	get_reader_slot.

2012-11-30  David Shaw  <dshaw@jabberwocky.com>

	Update sample keys.
	+ commit 2ee9fe4bc25df7966df759895b996206d3cf7a02


2012-11-29  David Shaw  <dshaw@jabberwocky.com>

	The keyserver search menu should honor --keyid-format.
	+ commit 3d0c386011efcf7064ff0e7bf0be3f0c2316be67
	* keyserver.c (print_keyrec): Honor --keyid-format when getting back
	  full fingerprints from the keyserver (the comment in the code was
	  correct, the code was not).

2012-11-27  Werner Koch  <wk@gnupg.org>

	Fix printing of ECC algo names in hkp keyserver listings.
	+ commit 978878b1be0be5bdce7b1bbc7dc9fa39ce8aa402
	* g10/misc.c (map_pk_openpgp_to_gcry): New.
	* g10/keyserver.c (print_keyrec): Map OpenPGP algorithm ids.

2012-11-06  Werner Koch  <wk@gnupg.org>

	Allow decryption with card keys > 3072 bit.
	+ commit ab4ea45f54006eba55db11263431c4c0c4f557dc
	* scd/command.c (MAXLEN_SETDATA): New.
	(cmd_setdata): Add option --append.
	* g10/call-agent.c (agent_scd_pkdecrypt): Use new option for long data

	* scd/app-openpgp.c (struct app_local_s): Add field manufacturer.
	(app_select_openpgp): Store manufacturer.
	(do_decipher): Print a note for broken cards.

2012-11-02  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Fix wrong use of gcry_sexp_build_array.
	+ commit d5c46ac6f447e92722fd7e904bf520b1265a0ce0
	* findkey.c (agent_public_key_from_file): Fix use of
	gcry_sexp_build_array.

2012-10-31  NIIBE Yutaka  <gniibe@fsij.org>

	SCD: Upon error, open_pcsc_reader_wrapped does same as _direct.
	+ commit 80a34c0b5008c59979561dcee40536d7e25246f6
	* scd/apdu.c (PCSC_E_NO_SERVICE): New.
	(open_pcsc_reader_direct): Use PCSC_E_NO_SERVICE.
	(open_pcsc_reader_wrapped): Set pcsc_no_service.

2012-08-24  Werner Koch  <wk@gnupg.org>

	Update French translation.
	+ commit 51a4df9d4a16c9e3a7b9dedffda6f9628edc8b27
	* po/fr.po: Update.

2012-08-24  David Prévot  <taffit@debian.org>

	Fix typos spotted during translations.
	+ commit 1c2f80cf1b8ae3dcf6b30810220ba04fcd1f23ad
	agent/genkey.c: s/to to/to/
	sm/*.c: s/failed to allocated/failed to allocate/
	sm/certlist.c: s/should have not/should not have/

	Consistency fix:

	* g10/gpg.c, kbx/kbxutil.c, sm/gpgsm.c: uppercase after Syntax

	Actually show translators comments in PO files.
	+ commit bc95b352890a6a3e8e359fab5b67131fa8abf6a5


	Keep previous msgids of translated messages.
	+ commit 5ae8ecd21f2f4ea904ae770f26f0018db92e1241
	* po/Makefile.in.in: Use --previous with msgmerge.

2012-07-20  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Add forgotten VENDOR_FSIJ to ccid-driver.
	+ commit b6b08b6b93886ee8f466aea37da83286447992cb
	* scd/ccid-driver.c (ccid_transceive_secure): Handle VENDOR_FSIJ.

2012-06-25  NIIBE Yutaka  <gniibe@fsij.org>

	scd: handle reader/token removal. * scd/apdu.c (pcsc_error_to_sw): PCSC_E_UNKNOWN_READER means SW_HOST_NO_READER.
	+ commit 34b78c7d82f3923052e36d405ba403787ae9df16


	scd: Fix updating slot status. * scd/comman.c (do_reset): Let clear card_removed flag.
	+ commit 8db2e4039f75cb5ea00616f6d9fe262938609055


	scd: acquire lock in new_reader_slot.
	+ commit 4f557cb9c2ebe274d6aacc60a09cd919055d01ed
	* scd/apdu.c (new_reader_slot): Acquire lock.
	  (open_ct_reader, open_pcsc_reader_direct, open_pcsc_reader_wrapped)
	  (open_ccid_reader, open_rapdu_reader): Release lock.

	scd: move lock_slot, trylock_slot, unlock_slot functions.
	+ commit 233b5ab1ad90588e7a40d2009b9f10d91e3b0c7d
	* scd/apdu.c (lock_slot, trylock_slot, unlock_slot): Move.

	scd: Fix merge mistake. * scd/iso7816.c (iso7816_reset_retry_counter): Implement.
	+ commit 8cb0209022afa92b39d3a6e82be69a5211b79623


2012-06-25  Werner Koch  <wk@gnupg.org>

	scd: Prefer application Geldkarte over DINSIG.
	+ commit d7fd48db180def404ee7d2b764d1568b8e956908
	* scd/app.c (select_application): Reorder application tests.

2012-06-25  Werner Koch  <wk@gnupg.org>
	    Ben Kibbey  <bjk@luxsci.net>

	scd: Fix for card change returning GPG_ERR_CARD_RESET.
	+ commit 8b07012f60aeca6fb9c94285443287fc024fe78a
	* scd/apdu.c (apdu_connect): Do not test for zero atrlen.

2012-06-25  NIIBE Yutaka  <gniibe@fsij.org>

	Merge ccid_driver_improvement branch. (backport)
	+ commit 262a3b2336c226b473d15ef80f7b51d44437d899
	* scd/apdu.c (ccid_keypad_operation): Rename from ccid_keypad_verify.
	(open_ccid_reader): Use ccid_keypad_operation for verify and modify.

	* scd/ccid-driver.c (VENDOR_VASCO, VASCO_920): New.
	(ccid_transceive_apdu_level): Permit sending packet where
	apdulen <= 289.  Support receiving packets in a chain.
	(ccid_transceive_secure): Maximum is 15 for VASCO DIGIPASS 920.
	Support keypad_modify method such as CHANGE_REFERENCE_DATA: 0x24.

	Add error log and debug log for pcsc_keypad_verify and pcsc_keypad_modify.
	+ commit 2f90d099020bcb07a7464a7dd0bbdcc4f73177f7
	* scd/apdu.c (pcsc_keypad_verify): Add debug log and error log.
	(pcsc_keypad_modify): Likewise.

	Fix pinpad input support for passphrase modification. (backport)
	+ commit 196a60078ba244d52219a5dc3acde1156d134290
	* apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0.
	(pcsc_keypad_modify): Likewise.
	(pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA.
	bConfirmPIN value is determined by the parameter p0.

	* app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when
	reset_mode is on, or resetcode is on.  use_keypad only makes sense for
	iso7816_change_reference_data_kp.

	* iso7816.h (iso7816_put_data_kp): Remove.
	(iso7816_reset_retry_counter_kp): Remove.
	(iso7816_reset_retry_counter_with_rc_kp): Remove.
	(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.

	* iso7816.c (iso7816_put_data_kp): Remove.
	(iso7816_reset_retry_counter_kp): Remove.
	(iso7816_reset_retry_counter_with_rc_kp): Remove.
	(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.

	scd: Fix pinpad input support (backport from master)
	+ commit 056e1329b0938de75dbfeb3c60ed20c038086906
	* app-openpgp.c (do_change_pin): Fix pincb messages when
	use_keypad == 1.

	scd: PC/SC pinpad support (pinpad input for modify pass phrase). (backport)
	+ commit f98a5e8480b7dea6cc7ec3386a7bad74f3974871
	* iso7816.h (iso7816_change_reference_data_kp): Remove arguments
	of OLDCHV, OLDCHVLEN, NEWCHV, and NEWCHVLEN.

	* iso7816.c (iso7816_change_reference_data_kp): Call
	apdu_keypad_modify.
	(iso7816_change_reference_data): Don't call
	iso7816_change_reference_data_kp.

	* apdu.h (apdu_keypad_modify): New.

	* apdu.c (pcsc_keypad_modify, apdu_keypad_modify): New.
	(struct reader_table_s): New memeber function keypad_modify.
	(new_reader_slot, open_ct_reader, open_ccid_reader)
	(open_rapdu_reader): Initialize keypad_modify.

	* app-openpgp.c (do_change_pin): Handle keypad and call
	iso7816_change_reference_data_kp if it is the case.

	scd: PC/SC pinpad support.  (Backported from master.)
	+ commit c2525d507d802e43861f3361ff58be4f41da27df
	* iso7816.h (iso7816_verify_kp): Remove arguments of CHV and CHVLEN.

	* iso7816.c (iso7816_verify_kp): Call apdu_keypad_verify. Only
	handle thecase with PININFO.
	(iso7816_verify): Call apdu_send_simple.

	* app-openpgp.c (verify_a_chv, verify_chv3): Follow the change of
	iso7816_verify_kp.

	* app-nks.c (verify_pin): Likewise.

	* app-dinsig.c (verify_pin): Likewise.

	* apdu.c: Include "iso7816.h".
	(struct reader_table_s): New memeber function keypad_verify.
	Add fields verify_ioctl and modify_ioctl in pcsc.
	(CM_IOCTL_GET_FEATURE_REQUEST, FEATURE_VERIFY_PIN_DIRECT)
	(FEATURE_MODIFY_PIN_DIRECT): New.
	(pcsc_control): New.
	(control_pcsc_direct, control_pcsc_wrapped, control_pcsc)
	(check_pcsc_keypad, pcsc_keypad_verify): New.
	(ccid_keypad_verify, apdu_keypad_verify): New.
	(new_reader_slot): Initialize with check_pcsc_keypad,
	pcsc_keypad_verify, verify_ioctl and modify_ioctl.
	(open_ct_reader): Initialize keypad_verify with NULL.
	(open_ccid_reader): Initialize keypad_verify.
	(open_rapdu_reader): Initialize keypad_verify with NULL.
	(apdu_open_reader): Initialize pcsc_control.

	* pcsc-wrapper.c (load_pcsc_driver): Initialize pcsc_control.
	(handle_control): New.
	(main): Handle the case 6 of handle_control.

	scd fixes on error.
	+ commit 03be1a059b129a0a6f9079f84dad60593e9c4519
	* scd/apdu.c (open_pcsc_reader_wrapped): Show error number.

	* scd/command.c (get_reader_slot): Return -1 on error.

	scd: Fix the changes of scd/command.c.
	+ commit c86e9bd1bced85dc72701bb0ab409d5f02b112d1
	* scd/command.c (do_reset): Assign slot after setting slot_table.

2012-06-25  Werner Koch  <wk@gnupg.org>

	scd: Fix resetting and closing of the reader.  (Backported by gniibe)
	+ commit 5c1eb6dba87281a7f8a09ef04cc8ea876094e9da
	* scd/command.c (update_card_removed): Do no act on an invalid VRDR.
	(do_reset): Ignore apdu_reset error codes for no and inactive card.
	Close the reader before setting the slot to -1.
	(update_reader_status_file): Notify the application before closing the
	reader.

	scd: Retry command SERIALNO for an inactive card.
	+ commit 2d052240fb521ed92b6a2526dd5627621800d194
	* scd/command.c (cmd_serialno): Retry once for an inactive card.

	Fix detection of card removal and insertion.
	+ commit 1e0a9498fee878fef5b7ee68cdaa5473a2584cea
	* scd/apdu.c (apdu_connect): Return status codes for no card available
	and inactive card.
	* scd/command.c (TEST_CARD_REMOVAL): Also test for GPG_ERR_CARD_RESET.
	(open_card): Map apdu_connect status to GPG_ERR_CARD_RESET.

	Support the Cherry ST-2000 card reader.
	+ commit 8dff0096132fff70a5ee29a50222aebcd9b41ec7
	* scd/ccid-driver.c (SCM_SCR331, SCM_SCR331DI, SCM_SCR335)
	(SCM_SCR3320, SCM_SPR532, CHERRY_ST2000): New constants.
	(parse_ccid_descriptor): Use them.
	(scan_or_find_usb_device, ccid_transceive_secure): Handle Cherry
	ST-2000.  Suggested by Matthias-Christian Ott.

2012-06-25  NIIBE Yutaka  <gniibe@fsij.org>

	fix wLangId in ccid-driver.c.
	+ commit d9d98c510b936d48755f8c01165d7efa32502d24


2012-05-24  Werner Koch  <wk@gnupg.org>

	Add provisions to build with Libgcrypt 1.6.
	+ commit b8d7b33d69e54feb1fcd2e87b8ffc260b0ba81e4
	Replace gcry_md_start_debug by gcry_md_debug in all files.

	* agent/gpg-agent.c (fixed_gcry_pth_init): Use only if
	GCRY_THREAD_OPTION_VERSION is 0
	* scd/scdaemon.c (fixed_gcry_pth_init): Ditto.

	Print the hash algorithm in colon mode key listing.
	+ commit a4b22d8edf31feb2cd09805a36ec662d8c6e0a09
	* g10/keylist.c (list_keyblock_colon): Print digest_algo.

2012-05-08  Werner Koch  <wk@gnupg.org>

	common: Remove generated files only during maintainer-clean.
	+ commit 3f75b9ca00fc24e35bd16e91b7b1b18616447ff2
	* common/Makefile.am (CLEANFILES): Rename to MAINTAINERCLEANFILES.

	Fix copyright years.
	+ commit c08546d602e3abf47c4daffe6e7ddf4afec69214
	* scripts/git-log-footer: Add more years; we actually published the
	first code in 1997.

2012-03-30  Werner Koch  <wk@gnupg.org>

	Cast second value of a ?: to void in estream.c.
	+ commit 1731ed88491559aca395bc0596cdc0ee3ea1fa3e
	* common/estream.c (ESTREAM_MUTEX_LOCK): Cast pth_mutex_acquire result
	to void.  Some compilers choke on mixing void and int in an
	conditional operator.  Reported by Nelson H. F. Beebe.

2012-03-27  Werner Koch  <wk@gnupg.org>

	Release 2.0.19.
	+ commit 539073d0f5d1a039827670c722dfd6d99f39880f


	Update zh_TW translation.
	+ commit f7ad5cb3c668731364ea06077dbbe15cedce6dd1


	Update config.{sub,guess} to version 2012-02-10.
	+ commit 3bd5000c85fa962973ada0bf47aa6a1625d84d3f
	* scripts/config.guess, scripts/config.sub: Update.

	Update texinfo source from master.
	+ commit e23ca51ba0eb7bb274eb7373d379c2c7b1bcbe6a
	* doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi
	* doc/scdaemon.texi,  doc/tools.texi: Update.
	* doc/yat2m.c: Update.

	Add target to update the texinfo files from master.
	+ commit cc4de72e7d8ef91142e6850ed9f859d426766045
	* doc/Makefile.am (update-source): New.

2012-03-26  Werner Koch  <wk@gnupg.org>

	Fix make rules for audit-events.h et al.
	+ commit e1367da57f805857f82e60dfb34563ce6cd41efd
	* common/Makefile.am (audit-events.h, status-codes.h): Fix target file
	name.

	Update samplekeys and NEWS.
	+ commit 8e183f41ff401464a8eac6577f9534768bf20993
	* doc/samplekeys.asc: Update.

	Allow compressed data with algorithm 0.
	+ commit 88633bf3d417aeb5ea0f75508aba8e32adc8acef
	* g10/mainproc.c (proc_compressed): Remove superfluous check for
	an algorithm number of 0.  This is bug#1326.

2012-02-01  David Shaw  <dshaw@jabberwocky.com>

	Honor --cert-digest-algo when recreating a cert.
	+ commit 258192d4d453e27c4c54dbeefaae901ef94b5f4b
	* g10/sign.c (update_keysig_packet): Honor --cert-digest-algo when
	  recreating a cert.

	This is used by various things in --edit-key like setpref, primary,
	etc.  Suggested by Christian Aistleitner.

2012-01-31  Werner Koch  <wk@gnupg.org>

	Update copyright year.
	+ commit 4a9d69ca87d4e21b015b7ceab6b2b6ba3809ec22


	Require an installed gitlog_to_changelog for make dist.
	+ commit 92844f475ba7989772c407fbced3229379053cf4
	* scripts/gitlog-to-changelog: Remove.
	* Makefile.am (GITLOG_TO_CHANGELOG): New.
	(gen-ChangeLog): Use it.  Add set -e.

	Add Ukrainian translation.
	+ commit a4b3a420a16a5d3b900ce6c7c06e00a83fee4953
	* po/uk.po: New.
	* po/LINGUAS: Add uk.po.

	estream: Avoid printing leading zeroes by %p on 32 bit systems.
	+ commit 582857b6da3950a15d5e47698849f2d3be8acc2e
	* common/estream-printf.c (pr_pointer): Synchronize definition of
	AULONG with its use.

	gpg: Add a DECRYPTION_INFO status.
	+ commit f772757ea1b10b34e418f6a3ed672b0dc05f779c
	* common/status.h (STATUS_DECRYPTION_INFO): New.
	* g10/encr-data.c: Include status.h.
	(decrypt_data): Emit STATUS_DECRYPTION_INFO line.

2012-01-20  Werner Koch  <wk@gnupg.org>

	Do not copy default merge commit log entries into the ChangeLog.
	+ commit 66e93807a9fc7e72d7a6458711104d32342e4283
	* scripts/gitlog-to-changelog: Skip merge commits.

	Add files to .gitignore.
	+ commit 4e7ec0bb838623ffb88faee99ba029a8b66b80c0


2012-01-20  David Shaw  <dshaw@jabberwocky.com>

	Changes to --min-cert-level should cause a trustdb rebuild (issue 1366)
	+ commit 333b870929b9f6f65d9b229d301c0b38719da430
	* g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level

	* g10/trustdb.c (check_trustdb_stale): Request a rebuild if
	  pending_check_trustdb is true (set when we detect a trustdb
	  parameter has changed).

	* g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons
	  listing for min_cert_level not matching.

	* g10/tdbio.c (tdbio_update_version_record, create_version_record,
	  tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record,
	  tdbio_write_record): Add a byte for min_cert_level in the tdbio
	  version record.

2012-01-11  David Shaw  <dshaw@jabberwocky.com>

	Refresh sample keys.
	+ commit 27a1e8d62014ba4550b9cfaff9e01267bce60ad5


2012-01-03  Werner Koch  <wk@gnupg.org>

	Terminate csh commands with a semicolon.
	+ commit 217d2ec8af3aedb49e87ccccf93775617f00e0ca
	Fixes bug#1386.

	* agent/gpg-agent.c (main): Terminate csh style output with a semicolon.
	* scd/scdaemon.c: Ditto.

2011-12-28  David Shaw  <dshaw@jabberwocky.com>

	Use the longest key ID available when talking to a HKP server.
	+ commit 3005b0a6f43e53bed2f9b6fba7ad1205bdb29bc5
	This is issue 1340.  Now that PKSD is dead, and SKS supports long key
	IDs, this is safe to do.  Patch from Daniel Kahn Gillmor
	<dkg@fifthhorseman.net>.

2011-12-15  David Shaw  <dshaw@jabberwocky.com>

	Merge fix for issue 1331 from 1.4.
	+ commit 5a0ed4a2cc809b8595c8907e91649987775731d2
	* photoid.c (generate_photo_id): Check for the JPEG magic numbers
	instead of JFIF since some programs generate an EXIF header first.

2011-12-02  Werner Koch  <wk@gnupg.org>

	Generate the ChangeLog from commit logs.
	+ commit 28c6cef128219ffdf548d6f5acf819aa2303fe0d
	* scripts/gitlog-to-changelog: New script.  Taken from gnulib.
	* scripts/git-log-fix: New file.
	* scripts/git-log-footer: New file.
	* scripts/git-hooks/commit-msg: New script.
	* autogen.sh: Install commit-msg hook for git.
	* doc/HACKING: Describe the ChangeLog policy.
	* ChangeLog: New file.
	* Makefile.am (EXTRA_DIST): Add new files.
	(gen-ChangeLog): New.
	(dist-hook): Run gen-ChangeLog.

	Rename all ChangeLog files to ChangeLog-2011.

2011-12-01  Werner Koch  <wk@gnupg.org>

	NB: Changes done before December 1st, 2011 are described in
	per directory files named ChangeLog-2011.  See doc/HACKING for
	details.

        -----
	Copyright (C) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
                      2005, 2006, 2007, 2008, 2009, 2010, 2011,
                      2012 Free Software Foundation, Inc.

	Copying and distribution of this file and/or the original GIT
	commit log messages, with or without modification, are
	permitted provided the copyright notice and this notice are
	preserved.
