Page MenuHome GnuPG

Release GnuPG 2.3.2
Closed, ResolvedPublic

Description

Noteworthy changes in version 2.3.2 (2021-08-24)

  • gpg: Allow fingerprint based lookup with --locate-external-key. [rGec36eca08c]
  • gpg: Allow decryption w/o public key but with correct card inserted. [rG50293ec2eb]
  • gpg: Auto import keys specified with --trusted-keys. [rG100037ac0f]
  • gpg: Do not use import-clean for LDAP keyserver imports. [T5387]
  • gpg: Fix mailbox based search via AKL keyserver method. [rG4fcfac6feb]
  • gpg: Fix memory corruption with --clearsign introduced with 2.3.1. [T5430]
  • gpg: Use a more descriptive prompt for symmetric decryption. [rG6dfae2f402]
  • gpg: Improve speed of secret key listing. [rG40da61b89b]
  • gpg: Support keygrip search with traditional keyring. [T5469]
  • gpg: Let --fetch-key return an exit code on failure. [T5376]
  • gpg: Emit the NO_SECKEY status again for decryption. [T5562]
  • gpgsm: Support decryption of password based encryption (pwri). [rGeeb65d3bbd]
  • gpgsm: Support AES-GCM decryption. [rG4980fb3c6d]
  • gpgsm: Let --dump-cert --show-cert also print an OpenPGP fingerprint. [rG52bbdc731f]
  • gpgsm: Fix finding of issuer in use-keyboxd mode. [rG6b76693ff5]
  • gpgsm: New option --ldapserver as an alias for --keyserver. [rG89df86157e]
  • agent: Use SHA-256 for SSH fingerprint by default. [T5434]
  • agent: Fix calling handle_pincache_put. [T5436]
  • agent: Fix importing protected secret key. [T5122]
  • agent: Fix a regression in agent_get_shadow_info_type. [T5393]
  • agent: Add translatable text for Caps Lock hint. [T4950]
  • agent: New option --pinentry-formatted-passphrase. [T5517]
  • agent: Add checkpin inquiry for pinentry. [T5517,T5532]
  • agent: New option --check-sym-passphrase-pattern. [T5517]
  • agent: Use the sysconfdir for a pattern file.
  • agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pinentry. [rG1305baf099]
  • dirmngr: LDAP search by a mailbox now ignores revoked keys. [rG1406f551f1]
  • dirmngr: For KS_SEARCH return the fingerprint also with LDAP. [T5441]
  • dirmngr: Allow for non-URL specified ldap keyservers. [T5452]
  • dirmngr: New option --ldapserver. [rG52cf32ce2f]
  • dirmngr: Fix regression in KS_GET for mail address pattern. [T5497]
  • card: New option --shadow for the list command. [rG2fce99d73a]
  • tests: Make sure the built keyboxd is used. [T5406]
  • scd: Fix computing shared secrets for 512 bit curves. [rG9e24f2a45c]
  • scd: Fix unblock PIN by a Reset Code with KDF. [T5413]
  • scd: Fix PC/SC removed card problem. [rG8d81fd7c01]
  • scd: Recover the partial match for PORTSTR for PC/SC. [rG53bdc6288f]
  • scd: Make sure to release the PC/SC context. [T5416]
  • scd: Fix zero-byte handling in ECC. [T5163]
  • scd: Fix serial number detection for Yubikey 5. [T5442]
  • scd: Add basic support for AET JCOP cards. [rG544ec7872a]
  • scd: Detect external interference when --pcsc-shared is in use. [T5484]
  • scd: Fix access to the list of cards. [T5524]
  • gpgconf: Do not list a disabled tpm2d. [T5408]
  • gpgconf: Make runtime changes with different homedir work. [rG31c0aa2ff3]
  • keyboxd: Fix searching for exact mail adddress. [rGf79e9540ca]
  • keyboxd: Fix searching with multiple patterns. [rG101ba4f18a]
  • gpgtar: Fix file size computation under Windows. [rG14e36bdbe1]
  • tools: Extend gpg-check-pattern. [rG73c03e0232]
  • wkd: Fix client issue with leading or trailing spaces in user-ids. [rGb4345f7521]
  • Under Windows add a fallback in case the console can't cope with Unicode. [T5491]
  • Under Windows use LOCAL_APPDATA for the socket directory. [T5537]
  • Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to Pinentry. [T3659]
  • Change the default keyserver to keyserver.ubuntu.com. This is a temporary change due to the shutdown of the SKS keyserver pools. [rG55b5928099]

(prev: T5386 next: T5565)

Details

Version
2.3.1

Related Objects

Mentioned In
T5565: Release GnuPG 2.3.3
T5386: Release GnuPG 2.3.1
Mentioned Here
T5452: Please provide an option to test the LDAP keyserver connection
T5532: pinentry: Add support for checking passphrase constraints to pinentry-qt
rGf79e9540ca64: keyboxd: Fix searching for exact mail addresses.
rGec36eca08cdb: gpg: Allow fingerprint based lookup with --locate-external-key.
rG2fce99d73a6a: card: New option --shadow for command list.
rG9e24f2a45ce8: scd: Fix PSO_CSV for 512 bit curves
rG50293ec2ebf2: gpg: Allow decryption w/o public key but with correct card inserted.
rG100037ac0f55: gpg: Auto import keys specified with --trusted-keys.
rG4fcfac6feb2a: gpg: Fix mailbox based search via AKL keyserver method.
rG8d81fd7c01e8: scd: Fix PC/SC removed card problem
rG53bdc6288f9b: scd: Recover the partial match for PORTSTR for PC/SC.
rGeeb65d3bbd7d: sm: Ask for the password for password based decryption (pwri)
rG1406f551f1e0: dirmngr: LDAP search by a mailbox now ignores revoked keys.
rG6dfae2f402a7: gpg: Use a more descriptive prompt for symmetric decryption.
rG40da61b89b62: gpg: Improve speed of secret key listing.
rG52bbdc731fd5: sm: Let --dump-cert --show-cert also print an OpenPGP fingerprint.
rG31c0aa2ff37f: gpgconf: Make runtime changes with different homedir work.
rG4980fb3c6dde: sm: Support AES-GCM decryption.
rG14e36bdbe1c3: gpgtar,w32: Fix file size computation
rG6b76693ff542: sm: Fix finding of issuer in use-keyboxd mode.
rG52cf32ce2f90: dirmngr: New option --ldapserver
rG89df86157e35: sm: New option --ldapserver as an alias for --keyserver.
rG544ec7872aed: scd:p15: Add basic support for AET JCOP cards.
rG101ba4f18ace: kbx: Fix keyboxd searching with multiple patterns.
rG73c03e023228: tools: Extend gpg-check-pattern.
rG1305baf09940: agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pient
rGb4345f7521cb: wkd: Fix client issue with leading or trailing spaces in user-ids.
rG55b5928099ba: dirmngr: Change the default keyserver.
T3659: pinentry falls back to curses on wayland
T4950: pinentry: Add warning when capslock is on
T5122: Importing secret key with wrong passphrase may result GPG_ERR_MISSING_VALUE (should be able to be tried 3 times)
T5163: Cannot import NIST-P521 key to OpenPGP v3.3 smart card
T5376: gpg --fetch-keys no longer returns non 0 exit status on failure
T5393: gnupg coverity static analysis reports
T5406: gnupg-2.3.1: 'make check' on all tests tries to use installed 'keyboxd'
T5408: gpgconf should? not list disabled components
T5413: Unblock PIN by Reset Code
T5416: [windows] Smartcards are less reliable under 2.3.1 (requires restarting gpg-agent.exe)
T5430: "free(): invalid pointer" from --clearsign
T5434: gpg-agent should not use MD5 fingerprint for ssh keys
T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations
T5441: Kleopatra: LDAP Search only shows one key
T5442: Serial number detection of Yubikey 5 (Yubikey 5 doesn't work after updating to GnuPG 2.3.1)
T5469: GnuPG 2.3 regression: keydb_search failed: Invalid argument
T5484: SCDaemon Not reselect applet and reauthenticate when the card send Security Not Sastisfied
T5491: Console output failure with no-unicode font: GnuPG 2.2.28 is not working with »encrypt-to« in gpg.conf without specifying another recipient.
T5497: v2.2.28 fails to locate-key from keyserver by email: Invalid user ID
T5517: Improvements for symmetric encryption
T5524: scd: serialize access of ctrl->card_ctx
T5537: Use CSIDL_LOCAL_APPDATA for the socketdir
T5562: GnuPG behaves inconsistently across versions when a secret key is not found during decryption
T5565: Release GnuPG 2.3.3
rGd7e707170fbe: gpg: Lookup a missing public key of the current card via LDAP.
rG93c88d0af36b: build: Allow selection of TSS library.
rG51419d63415a: sm: New command --show-certs
T5297: SCM SPR332 smartcard reader support broken
T5387: Accept key signatures from LDAP servers
T5389: gnupg 2.3 missing libassuan include directory in CFLAGS for several targets
T5400: 2.3.0 build issue on macOS - missing LIBICONV in sm/Makefile.am and ctype.h in tools/gpg-card.c
T5386: Release GnuPG 2.3.1

Event Timeline

werner triaged this task as Normal priority.Apr 20 2021, 3:06 PM
werner created this task.
werner updated the task description. (Show Details)
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2021q2/000459.html.
werner set Version to 2.3.1.
werner updated the task description. (Show Details)
werner removed External Link.
werner changed the edit policy from "All Users" to "Contributor (Project)".
werner added subscribers: jace888, werner.
werner changed the edit policy from "Contributor (Project)" to "Administrators".
werner claimed this task.

The new bugs have been fixed in 2.3.3; see T5565.