- gpg: Changed the way keys are detected on a smartcards; this allows the use of non-OpenPGP cards. In the case of a not very likely regression the new option --use-only-openpgp-card is available. [T4681]
- gpg: The commands --full-gen-key and --quick-gen-key now allow direct key generation from supported cards. [T4681]
- gpg: Prepare against chosen-prefix SHA-1 collisions in key signatures. This change removes all SHA-1 based key signature newer than 2019-01-19 from the web-of-trust. Note that this includes all key signature created with dsa1024 keys. The new option --allow-weak-key-signatues can be used to override the new and safer behaviour. [T4755,CVE-2019-14855]
- gpg: Improve performance for import of large keyblocks. [T4592]
- gpg: Implement a keybox compression run. [T4644]
- gpg: Show warnings from dirmngr about redirect and certificate problems (details require --verbose as usual).
- gpg: Allow to pass the empty string for the passphrase if the '--passphase=' syntax is used. [T4633]
- gpg: Fix printing of the KDF object attributes.
- gpg: Avoid surprises with --locate-external-key and certain --auto-key-locate settings. [T4662]
- gpg: Improve selection of best matching key. [T4713]
- gpg: Delete key binding signature when deleting a subkey. [T4665,T4457]
- gpg: Fix a potential loss of key signatures during import with self-sigs-only active. [T4628]
- gpg: Silence "marked as ultimately trusted" diagnostics if option --quiet is used. [T4634]
- gpg: Silence some diagnostics during in key listsing even with option --verbose. [T4627]
- gpg, gpgsm: Change parsing of agent's pkdecrypt results. [T4652]
- gpgsm: Support AES-256 keys.
- gpgsm: Fix a bug in triggering a keybox compression run if --faked-system-time is used.
- dirmngr: System CA certificates are no longer used for the SKS pool if GNUTLS instead of NTBTLS is used as TLS library. [T4594]
- dirmngr: On Windows detect usability of IPv4 and IPv6 interfaces to avoid long timeouts. [T4165]
- scd: Fix BWI value for APDU level transfers to make Gemalto Ezio Shield and Trustica Cryptoucan work. [T4654,T4566]
- wkd: gpg-wks-client --install-key now installs the required policy file.
|Resolved||werner||T4684 Release GnuPG 2.2.18|
|Resolved||None||T4683 Release Libgcrypt 1.8.5|
- Mentioned In
- T4768: Release GnuPG 2.2.19
T4685: Any plans to make new release?
- Mentioned Here
- T4762: GPG decryption results in error "double free detected in tcache 2"
T4457: Improve deletion of secret subkeys (don't delete primary key when subkey deletion is requested)
T4165: Dirmngr: Ipv6 causes network failure if Ipv6 can't be reached
T4566: dirmngr fails with HTTP 302 redirection to hkps
T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate
T4594: dirmngr appears to unilaterally import system CAs
T4627: "gpg --verbose --list-secret-keys" prints a lot of warning messages unrelated to secret keys
T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned
T4633: gpg argument "--passphrase=" yields 'missing argument for option "--passphrase="'
T4634: "gpg --quiet --quick-gen-key" is not quiet: emits "key $FPR marked as ultimately trusted" to stderr.
T4644: gpg: implement keybox compression run
T4652: avoid unnecessary trailing NUL byte in S-expressions
T4654: Gemalto Ezio Shield (CT710): CCID command failed: Parameter error at offset 7
T4662: --locate-external-keys does not interact well with --no-auto-key-locate
T4665: gpg --delete-key of subkey leaves dangling subkey binding signature
T4681: Allow non-OpenPGP cards with gpg 2.2
T4713: Bug in get_best_pubkey_byname
T4755: WoT forgeries using SHA-1
There is a regression in decryption with hidden recipients; see T4762..
There is a regression in decryption with hidden recipients; see T4762.