Page MenuHome GnuPG

Release GnuPG 2.2.28
Closed, ResolvedPublic

Description

Noteworthy changes in version 2.2.28 (2021-06-10)

  • gpg: Auto import keys specified with --trusted-keys. [rGe7251be84c79]
  • gpg: Allow decryption w/o public key but with correct card inserted. [rGe53f6037283e]
  • gpg: Allow fingerprint based lookup with --locate-external-key. [rG2af217ecd7e4]
  • gpg: Lookup a missing public key of the current card via LDAP. [rGb59af0e2a05a]
  • gpg: New option --force-sign-key. [T4584]
  • gpg: Use a more descriptive password prompt for symmetric decryption. [rG03f83bcda5d1]
  • gpg: Do not use the self-sigs-only option for LDAP keyserver imports. [T5387]
  • gpg: Keep temp files when opening images via xdg-open. [rG0441ed6e1c]
  • gpg: Fix mailbox based search via AKL keyserver method. [rG22fe23f46d31]
  • gpg: Fix sending an OpenPGP key with umlaut to an LDAP keyserver. [rG7bf8530e75d0]
  • gpg: Allow ECDH with a smartcard returning only the x-coordinate. [rGb203325ce1]
  • gpgsm: New option --ldapserver as an alias for --keyserver. Note that confuring servers in gpgsm and gpg is deprecated; please use the dirmngr configuration options.
  • gpgsm: Support AES-GCM decryption. [rGb722fd755c77]
  • gpgsm: Support decryption of password protected files. [rG6f31acac767f]
  • gpgsm: Lock keyboxes also during a search to fix lockups on Windows. [T4505]
  • agent: Skip unknown unknown ssh curves seen on cards. [rGbbf4bd3bfcb5]
  • scdaemon: New option --pcsc-shared. [rG5eec40f3d827]
  • scdaemon: Backport PKCS#15 card support from GnuPG 2.3 [rG7637d39fe20e]
  • scdaemon: Fix CCID driver for SCM SPR332/SPR532. [T5297]
  • scdaemon: Fix possible PC/SC removed card problem. [rG9d83bfb63968]
  • scdaemon: Fix unblock PIN by a Reset Code with KDF. [T5413]
  • scdaemon: Support compressed points. [rG96577e2e46e4]
  • scdaemon: Prettify S/N for Yubikeys and fix reading for early Yubikey 5 tokens. [rGf8588369bcb0,T5442]
  • dirmngr: New option --ldapserver to avoid the need for the separate dirmngr_ldapservers.conf file.
  • dirmngr: The dirmngr_ldap wrapper has been rewritten to properly support ldap-over-tls and starttls for X.509 certificates and CRLs. [rG39815c023f03]
  • dirmngr: OpenPGP LDAP keyservers may now also be configured using the same syntax as used for X.509 and CRL LDAP servers. This avoids the former cumbersome quoting rules and adds a flexible set of flags to control the connection. [rG2b4cddf9086f]
  • dirmngr: The "ldaps" scheme of an OpenPGP keyserver URL is now interpreted as ldap-with-starttls on port 389. To use the non-standardized ldap-over-tls the new LDAP configuration method of the new attribute "gpgNtds" needs to be used. [rG55f46b33df08]
  • dirmngr: Return the fingerprint as search result also for LDAP OpenPGP keyservers. This requires the modernized LDAP schema. [T5441]
  • dirmngr: An OpenPGP LDAP search by a mailbox now ignores revoked keys. [rGb6f8cd7eef4b]
  • gpgconf: Make runtime changes with non-default homedir work. [rGc8f0b02936c7]
  • gpgconf: Do not translate an empty string to the PO file's meta data. [T5363]
  • gpgconf: Fix argv overflow if --homedir is used. [T5366]
  • gpgconf: Return a new pseudo option "compliance_de_vs". [rG9feffc03f364]
  • gpgtar: Fix file size computation under Windows. [rG198b240b1955]
  • Full Unicode support for the Windows command line. [T4398]
  • Fix problem with Windows Job objects and auto start of our daemons. [T4333]
  • i18n: In German always use "Passwort" instead of "Passphrase" in prompts.

(prev: T5234 next: tbd)

Related Objects

Mentioned Here
T5487: GnuPG 2.2.28 not working with Yubikey NEO
rG55f46b33df08: dirmngr: Support new gpgNtds parameter in LDAP keyserver URLs.
rGf8588369bcb0: scd: Detect Yubikey and provide nicer display-s/n.
rG0441ed6e1c1d: gpg: Keep temp files when opening images via xdg-open
rG9feffc03f364: gpgconf: Return a new pseudo option compliance_de_vs.
rG7637d39fe20e: scd:p15: Update from current GnuPG 2.3
rG96577e2e46e4: scd: Rewrite READKEY to allow for compressed points.
rG5eec40f3d827: scd: New option --pcsc-shared.
rGbbf4bd3bfcb5: agent: Skip unknown unknown ssh curves seen on cards.
rGb59af0e2a05a: gpg: Lookup a missing public key of the current card via LDAP.
rG2af217ecd7e4: gpg: Allow fingerprint based lookup with --locate-external-key.
rGe53f6037283e: gpg: Allow decryption w/o public key but with correct card inserted.
rGe7251be84c79: gpg: Auto import keys specified with --trusted-keys.
rG22fe23f46d31: gpg: Fix mailbox based search via AKL keyserver method.
rG9d83bfb63968: scd: Fix possible PC/SC removed card problem
rGb203325ce112: gpg: Allow ECDH with a smartcard returning just the x-coordinate.
rGb6f8cd7eef4b: dirmngr: LDAP search by a mailbox now ignores revoked keys.
rG6f31acac767f: sm: Support decryption of password based encryption (pwri)
rG03f83bcda5d1: gpg: Use a more descriptive prompt for symmetric decryption.
rG7bf8530e75d0: gpg: Fix sending an OpenPGP key with umlaut to an LDAP keyserver.
rG2b4cddf9086f: dirmngr: Allow for non-URL specified ldap keyservers.
rGc8f0b02936c7: gpgconf: Make runtime changes with different homedir work.
rGb722fd755c77: sm: Support AES-GCM decryption.
rG39815c023f03: dirmngr: Rewrite the LDAP wrapper tool
rG198b240b1955: gpgtar,w32: Fix file size computation
T4333: Job objects on Windows interfere with automatic start of gpg-agent
T4398: Rework Console and command line handling on Windows
T4505: SM, W32: GPGSM hangs up the GnuPG System
T4584: --quick-sign-key offers no way to override a current certification
T5234: Release GnuPG 2.2.27
T5297: SCM SPR332 smartcard reader support broken
T5363: GnuPG 2.3 Windows localized gpgconf output broken
T5366: "*** stack smashing detected ***" in test suite
T5387: Accept key signatures from LDAP servers
T5413: Unblock PIN by Reset Code
T5441: Kleopatra: LDAP Search only shows one key
T5442: Serial number detection of Yubikey 5 (Yubikey 5 doesn't work after updating to GnuPG 2.3.1)

Event Timeline

werner triaged this task as Normal priority.Thu, Jun 10, 5:42 PM
werner created this task.
werner claimed this task.
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2021q2/000460.html.