Page MenuHome GnuPG

Release GnuPG 2.2.18
Closed, ResolvedPublic

Description

  • gpg: Changed the way keys are detected on a smartcards; this allows the use of non-OpenPGP cards. In the case of a not very likely regression the new option --use-only-openpgp-card is available. [T4681]
  • gpg: The commands --full-gen-key and --quick-gen-key now allow direct key generation from supported cards. [T4681]
  • gpg: Prepare against chosen-prefix SHA-1 collisions in key signatures. This change removes all SHA-1 based key signature newer than 2019-01-19 from the web-of-trust. Note that this includes all key signature created with dsa1024 keys. The new option --allow-weak-key-signatues can be used to override the new and safer behaviour. [T4755,CVE-2019-14855]
  • gpg: Improve performance for import of large keyblocks. [T4592]
  • gpg: Implement a keybox compression run. [T4644]
  • gpg: Show warnings from dirmngr about redirect and certificate problems (details require --verbose as usual).
  • gpg: Allow to pass the empty string for the passphrase if the '--passphase=' syntax is used. [T4633]
  • gpg: Fix printing of the KDF object attributes.
  • gpg: Avoid surprises with --locate-external-key and certain --auto-key-locate settings. [T4662]
  • gpg: Improve selection of best matching key. [T4713]
  • gpg: Delete key binding signature when deleting a subkey. [T4665,T4457]
  • gpg: Fix a potential loss of key signatures during import with self-sigs-only active. [T4628]
  • gpg: Silence "marked as ultimately trusted" diagnostics if option --quiet is used. [T4634]
  • gpg: Silence some diagnostics during in key listsing even with option --verbose. [T4627]
  • gpg, gpgsm: Change parsing of agent's pkdecrypt results. [T4652]
  • gpgsm: Support AES-256 keys.
  • gpgsm: Fix a bug in triggering a keybox compression run if --faked-system-time is used.
  • dirmngr: System CA certificates are no longer used for the SKS pool if GNUTLS instead of NTBTLS is used as TLS library. [T4594]
  • dirmngr: On Windows detect usability of IPv4 and IPv6 interfaces to avoid long timeouts. [T4165]
  • scd: Fix BWI value for APDU level transfers to make Gemalto Ezio Shield and Trustica Cryptoucan work. [T4654,T4566]
  • wkd: gpg-wks-client --install-key now installs the required policy file.

Related Objects

StatusAssignedTask
Resolved werner
ResolvedNone

Event Timeline

werner raised the priority of this task from Normal to High.Nov 20 2019, 9:00 AM
werner moved this task from For next release to Ready for release on the gnupg (gpg22) board.
werner updated the task description. (Show Details)
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html.Nov 26 2019, 7:26 AM
werner reopened this task as Open.EditedNov 29 2019, 5:01 PM

There is a regression in decryption with hidden recipients; see T4762.
Patch available

.