Page MenuHome GnuPG

Release GnuPG 2.3.7
Closed, ResolvedPublic


Noteworthy changes in version 2.3.7 (2022-07-11)

  • gpg: Fix possibly garbled status messages in NOTATION_DATA. This bug could trick GPGME and other parsers to accept faked status lines. [T6027, CVE-2022-34903]
  • gpg: Look up user ID to revoke by UID hash. [T5936]
  • gpg: Setup the 'usage' filter property for export. [rG7aabd94b81]
  • gpg,w32: Allow Unicode filenames for iobuf_cancel. [rG4ee2009083]
  • gpg: Fix reading AEAD preference. [T6019]
  • gpgsm: New option --compatibility-flags. [rGf0b373cec9]
  • gpgsm: Rework the PKCS#12 parser to support DFN issued keys. [T6037]
  • agent: New option --no-user-trustlist and --sys-trustlist-name. [T5990]
  • agent: Pop up dialog window for confirmation, when specified so. [T5099]
  • agent: Show "Label:" field of private key when prompt the insertion. [T5986]
  • agent: Handle USAGE information in KEYINFO. [rG295a6a7591]
  • agent,ssh: Make not-inserted OpenPGP.3 keys available for SSH. [T5996]
  • agent,ssh: Support "Use-for-ssh" flag in private key. [T5985]
  • agent: New field "Prompt" to prevent asking card key insertion. [T5987]
  • agent: Support --format=ssh option for READKEY. [T6012]
  • agent: Add KEYATTR command. [T5988]
  • agent: Flush before calling ftruncate. [T6035]
  • agent: Do not consider --min-passphrase-len for the magic wand. [rGae2f1f0785]
  • kbx: Fix a race condition which results no status report. [T5948]
  • scd:openpgp: Fix a segv for cards supporting unknown curves. [T5963]
  • scd:p15: Fix reading certificates without length info.
  • scd:p15: Improve the displayed S/N for Technology Nexus cards.
  • scd:openpgp: Add workaround for ECC attribute on Yubikey. [T5963]
  • scd,piv: Fix status report of KEYPAIRINFO. [rG64c8786105]
  • scd:nks: Support the Telesec ESIGN application. [T5219, T4938]
  • scd: Fix use of SCardListReaders for PC/SC. [T5979]
  • scd: Support automatic card selection for READCERT with keygrip. [T6003]
  • scd: Support specifying keygrip for learn command. [T6002]
  • dirmngr: Fix for Windows when build against GNUTLS. [T5899]
  • gpg-connect-agent: Add --unbuffered option.
  • gpg-connect-agent: Add a way to cancel an INQUIRE. [T6010]
  • gpgconf: New short options -V and -X

(prev: T5937 next: T6106)



Related Objects

Mentioned In
T6106: Release GnuPG 2.3.8
T5937: Release GnuPG 2.3.6
Mentioned Here
rG64c878610568: scd,piv: Fix status report of KEYPAIRINFO.
rG295a6a759197: agent: Handle USAGE information in KEYINFO.
rG7aabd94b8103: gpg: Setup the 'usage' filter property for export.
rG4ee2009083cb: w32: Allow Unicode filenames for iobuf_cancel.
rGf0b373cec93b: gpgsm: New option --compatibility-flags.
rGae2f1f0785e4: agent: Do not consider --min-passphrase-len for the magic wand.
T4938: Support Signature Card V2.0 (NKS15)
T5099: Confirmation dialog for remote access (restricted extra socket)
T5219: scd: Generating CSR for SigG NetKey card key fails
T5899: Fix compilation of dirmngr with's MinGW
T5936: gpg: Support specifiying user ID to revoke as UID hash for --quick-revoke-uid
T5937: Release GnuPG 2.3.6
T5948: Flaky test (<keyboxd>tests/openpgp/use-exact-key.scm) failure with gnupg 2.3.5, 2.3.6
T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys
T5979: SCardListReaders: Conditional jump or move depends on uninitialised value(s)
T5985: private-key: Support "Use-for-ssh" flag
T5986: card: Show "Label:" when prompting the insertion of a card
T5987: card: New field to specify refusing operations when card/token is not available
T5988: agent: Add new command to update private key fields
T5990: Option to ignore the user trustlist.txt
T5996: ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available
T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP
T6003: card: READCERT with KEYGRIP
T6010: gpg-connect-agent: /definqprog semantics enhancement
T6012: gpg-agent: Add --format=ssh option for READKEY
T6019: Parsing AEAD preference string parsing causes reads uninitialized memory
T6027: Revisit write_status_text_and buffer
T6035: Portability issue: ftruncate
T6037: Allow import of nwer DFN generated P12 files
T6106: Release GnuPG 2.3.8

Event Timeline

werner created this task.
werner created this object with edit policy "Administrators".
werner added a project: CVE.
werner set Version to 2.3.7.

As 2.3.7 was released on the 11th of July, see
I guess that this issue should be closed and some issues moved to one with 2.3.8.

werner claimed this task.