Page MenuHome GnuPG

Release GnuPG 2.3.5
Closed, ResolvedPublic

Description

Noteworthy changes in version 2.3.5 (2022-04-21)

  • gpg: Up to five times faster verification of detached signatures. Doubled detached signing speed. [T5826,rG4e27b9defc,rGf8943ce098]
  • gpg: Threefold decryption speedup for large files. [T5820,rGab177eed51]
  • gpg: Nearly double the AES256.OCB encryption speed. [rG99e2c178c7]
  • gpg: Removed EAX from the preference list. [rG253fcb9777]
  • gpg: Allow --dearmor to decode all kinds of armor files. [rG34ea19aff9]
  • gpg: Remove restrictions for the name part of a user-id. [rG8945f1aedf]
  • gpg: Allow decryption of symmetric encrypted data even for non-compliant cipher. [rG8631d4cfe2]
  • gpg,gpgsm: New option --require-compliance. [rGee013c5350]
  • gpgsm: New option --ignore-cert-with-oid. [rGe23dc755fa]
  • gpgtar: Create and handle extended headers to support long file names. [T5754]
  • gpgtar: Support file names longer than MAX_PATH on Windows. [rG70b738f93f]
  • gpgtar: Use a pipe for decryption and thus avoid memory exhaustion. [rGe5ef5e3b91]
  • gpgtar: New option --with-log. [rGed53d41b4c]
  • agent: New flag "qual" for the trustlist.txt. [rG7c8c606061]
  • scdaemon: Add support for GeNUA cards. [rG0dcc249852]
  • scdaemon: Add --challenge-response option to PK_AUTH for OpenPGP cards. [T5862]
  • dirmngr: Support the use of ECDSA for CRLs and OCSP. [rGde87c8e1ea,rG890e9849b5]
  • dirmngr: Map all gnupg.net addresses to the Ubuntu keyserver. [T5751]
  • ssh: Return a faked response for the new session-bind extension. [T5931]
  • gpgconf: Add command aliases -L -K -R. [rGec4a1cffb8]
  • gpg: Request keygrip of key to add via command interface. [T5771]
  • gpg: Print Yubikey version correctly. [T5787]
  • gpg: Always use version >= 4 to generate key signature. [T5809]
  • gpg: Fix generating AEAD packet. [T5853]
  • gpg: Fix version on symmetric encrypted AEAD files if the force option is used. [T5856]
  • gpg: Fix adding the list of ultimate trusted keys. [T5742]
  • gpgsm: Fix parsing of certain PKCS#12 files. [T5793]
  • gpgsm: Print diagnostic about CRL problems due to Tor mode. [rG137e59a6a5]
  • agent: Use "Created:" field for creation time. [T5538]
  • scdaemon Fix error handling for a PC/SC reader selected with reader-port. [T5758]
  • scdaemon: Fix DEVINFO with no --watch. [rGc6dd9ff929]
  • scdaemon: Fix socket resource leak on Windwos. [T5029]
  • scdaemon: Use extended mode for pkcs#15 already for rsa2048. [rG597253ca17]
  • scdaemon: Enhance PASSWD command to accept KEYGRIP optionally. [T5862]
  • scdaemon: Fix memory leak in ccid-driver. [rG8ac92f0e80]
  • tpm: Always use hexgrip when storing a key password. [rGaf2fbd9b01]
  • dirmngr: Make WKD lookups work for resolvers not handling SRV records. [T4729]
  • dirmngr: Avoid initial delay on the first keyserver access in presence of --no-use-tor. [rG57d546674d]
  • dirmngr: Workaround for a certain broken LDAP URL. [rG90caa7ad59]
  • dirmngr: Escape more characters in WKD requests. [T5902]
  • dirmngr: Suppress error message on trial reading as PEM format. [T5531]
  • gpgconf: Fix component table when not building without TPM support. [T5701]
  • gpgconf: Silence warnings from parsing the option files. [T5874]
  • gpgconf: Do not list ignored options and mark forced options as read-only. [rG42785d7c8a]
  • gpgconf: Tweak the use of the ldapserver option. [T5801]
  • ssh: Fix adding an ed25519 key with a zero length comment. [T5794]
  • kbx: Fix searching for FPR20 in version 2 blob. [T5888]
  • Fix early homedir creation. [T5895]
  • Improve removing of stale lockfiles under Unix. [T5884]

(prev: T5654 next: T5937)

Related Objects

Mentioned In
T5937: Release GnuPG 2.3.6
T5654: Release GnuPG 2.3.4
Mentioned Here
rG42785d7c8a52: gpgconf: Do not list ignored options and mark forced options as r/o.
rGec4a1cffb865: gpgconf: Add command aliases -L -K -R.
rGaf2fbd9b01a1: agent: always use hexgrip when storing key password
rG34ea19aff99f: gpg: Allow --dearmor to decode all kinds of armor files.
rG57d546674d08: dirmngr: Avoid initial delay on the first keyserver access.
rGe23dc755fa72: sm: New option --ignore-cert-with-oid.
rGab177eed514f: g10/mainproc: avoid extra hash contexts when decrypting MDC input
rG597253ca171a: scd:p15: Used extended mode already for RSA 2048
rG890e9849b58e: dirmngr: Support ECDSA for OCSP.
rGde87c8e1ead7: dirmngr: Support ECDSA for CRLs
rG7c8c6060616a: agent: New flag "qual" for the trustlist.txt.
rG4e27b9defc60: g10/plaintext: do_hash: use iobuf_read for higher performance
rGf8943ce098f6: g10/sign: sign_file: use iobuf_read for higher detached signing speed
rG70b738f93f1a: gpgtar,w32: Support file names longer than MAX_PATH.
rG99e2c178c73c: g10/cipher-aead: add fast path for avoid memcpy when AEAD encrypting
rGee013c5350ce: gpg: New option --require-compliance.
rGc6dd9ff92904: scd: Fix DEVINFO with no --watch.
rG8631d4cfe251: gpg: Allow decryption of symencr even for non-compliant cipher.
rGe5ef5e3b914d: gpgtar: Finally use a pipe for decryption.
rGed53d41b4c46: gpgtar: New option --with-log
rG90caa7ad598b: dirmngr: Workaround for a certain broken LDAP URL
rG253fcb97775b: gpg: Remove EAX from the preference list.
rG8945f1aedfd7: gpg: Remove restrictions for the name part of a user-id.
rG0dcc24985235: scd: Support for GeNUA cards.
rG137e59a6a5c5: sm: Print diagnostic about CRL problems due to Tor mode.
rG8ac92f0e807a: scd: Fix memory leak in ccid-driver.
T4729: WKD via http_proxy does not work if DNS is broken/unavailable
T5029: server socket/pipe handling in GnuPG
T5531: dirmngr --validate broken for DER encoded files
T5538: gpg-agent's keytocard cmd should use a better default creation time.
T5701: Mismatch between enums and config table
T5742: Apparent regressions between 2.2.32 and 2.2.33 of GnuPG
T5751: Please remove pgp.surf.nl from default dirmngr config
T5754: gpgtar needs to support longer filenames.
T5758: scd: loop forever with reader_port, when open_pcsc_reader failed
T5787: GPG 2.3.4, YubiKey - gpg --card-status reports Version 0.0
T5793: gpgsm: Wrong length when parsing octetstring in constructed encoding + definite length
T5794: Cannot add ed25519 SSH key with empty comment
T5801: Kleopatra: Add support for the new dirmngr/ldapserver option to configure X.509 servers
T5809: Expire subkey violates assertion "! sig->hashed"
T5820: Slow symmetric decryption speed
T5826: Improve detached signing and verification speed
T5853: Decrypting OCB encrypted file fails...
T5856: Forcing aead when creating sign & encrypted files creates inconsistent results
T5862: authentication with USB token
T5874: gpgconf has verbose mode enabled by default
T5884: dotlock is not perfect (errornously remove .lock as stale lockfile)
T5888: uid changed from [ultimate] to [ unknown]
T5895: Fix an error in w32_try_mkdir from gnupg-2.3.4
T5902: GnuPG dirmngr sends incorrect l parameter to a WKD server
T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required)
T5937: Release GnuPG 2.3.6
T5654: Release GnuPG 2.3.4

Event Timeline

werner created this task.
werner created this object with edit policy "Administrators".
werner updated the task description. (Show Details)
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2022q2/000472.html.Apr 21 2022, 6:17 PM