Page MenuHome GnuPG
Create Task
Maniphest T6578

Release GnuPG 2.4.4
Closed, ResolvedPublic
Actions

Description

Noteworthy changes in version 2.4.4 (2024-01-25)

  • gpg: Do not keep an unprotected smartcard backup key on disk. See https://gnupg.org/blog/20240125-smartcard-backup-key.html for a security advisory. [T6944]
  • gpg: Allow to specify seconds since Epoch beyond 2038 on 32-bit platforms. [T6736]
  • gpg: Fix expiration time when Creation-Date is specified. [T5252]
  • gpg: Add support for Subkey-Expire-Date. [rG96b69c1866]
  • gpg: Add option --with-v5-fingerprint. [T6705]
  • gpg: Add sub-option ignore-attributes to --import-options. [rGd4976e35d2]
  • gpg: Add --list-filter properties sig_expires/sig_expires_d. [rGbf662d0f93af]
  • gpg: Fix validity of re-imported keys. [T6399]
  • gpg: Report BEGIN_ status before examining the input. [T6481]
  • gpg: Don't try to compress a read-only keybox. [T6811]
  • gpg: Choose key from inserted card over a non-inserted card. [T6831]
  • gpg: Allow to create revocations even with non-compliant algos. [T6929]
  • gpg: Fix regression in the Revoker keyword of the parameter file. [T6923]
  • gpg: Improve error message for expired default keys. [T4704]
  • gpgsm: Add --always-trust feature. [T6559]
  • gpgsm: Support ECC certificates in de-vs mode. [T6802]
  • gpgsm: Major rewrite of the PKCS#12 parser. [T6536]
  • gpgsm: No not show the pkcs#12 passphrase in debug output. [T6654]
  • keyboxd: Timeout on failure to get the database lock. [T6838]
  • agent: Update the key stubs only if really modified. [T6829]
  • scd: Add support for certain Starcos 3.2 cards. [rG5304c9b080]
  • scd: Add support for CardOS 5.4 cards. [rG812f988059]
  • scd: Add support for D-Trust 4.1/4.4 cards. [rG0b85a9ac09]
  • scd: Add support for Smartcafe Expert 7.0 cards. [T6919]
  • scd: Add a length check for a new PIN. [T6843]
  • tpm: Fix keytotpm handling in the agent. [rG9909f622f6]
  • tpm: Fixes for the TPM test suite. [T6052]
  • dirmngr: Avoid starting a second instance on Windows via GPGME based launching. [T6833]
  • dirmngr: New option --ignore-crl-extensions. [T6545]
  • dirmngr: Support config value "none" to disable the default keyserver. [T6708]
  • dirmngr: Implement automatic proxy detection on Windows. [T5768]
  • dirmngr: Fix handling of the HTTP Content-Length. [rGa5e33618f4]
  • dirmngr: Add code to support proxy authentication using the Negotiation method on Windows. [T6719]
  • gpgconf: Add commands --lock and --unlock. [rG93b5ba38dc]
  • gpgconf: Add keyword socketdir to gpgconf.ctl. [rG239c1fdc28]
  • gpgconf: Adjust the -X command for the new VERSION file format. [T6918]
  • wkd: Use export-clean for gpg-wks-client's --mirror and --create commands. [rG2c7f7a5a278c]
  • wkd: Make --add-revocs the default in gpg-wks-client. New option --no-add-revocs. [rG10c937ee68]
  • Remove duplicated backslashes when setting the homedir. [T6833]
  • Ignore attempts to remove the /dev/null device. [T6556]
  • Improve advisory file lock retry strategy. [T3380]
  • Improve the speedo build system for Unix. [T6710]

(prev: T6509 next: T6960)

Details

External Link
https://lists.gnupg.org/pipermail/gnupg-announce/2024q1/000481.html
Version
2.4.4

Related Objects

Mentioned In
T6960: Release GnuPG 2.4.5
T6509: Release GnuPG 2.4.3
Mentioned Here
rG2c7f7a5a278c: wks: Use export-clean for --mirror and --create.
rG10c937ee68cb: wks: Make --add-revocs the default.
rG96b69c1866dd: gpg: Add support for Subkey-Expire-Date.
rGbf662d0f93af: gpg: Add --list-filter properties sig_expires/sig_expires_d
rGa5e33618f421: dirmngr: Fix handling of the HTTP Content-Length
rG9909f622f69e: agent: fix tpm2d keytotpm handling
rG5304c9b080b4: scd:p15: Basic support for Starcos 3.2.
rG93b5ba38dc3a: tools: Integrate the dotlock tool into gpgconf.
rG812f9880591e: scd:p15: Add support for CardOS 5.4
rG0b85a9ac09d1: scd:p15: Add support for D-Trust Card 4.1/4.4
rG239c1fdc28dc: common: Add keyword socketdir to gpgconf.ctl
rGd4976e35d2ca: gpg: Add sub-option ignore-attributes to --import-options.
T3380: Use exponential backoff when spawning agent and dirmngr
T4704: Wrong error message when key is expired
T5252: bad expiration value when using --batch Creation-Date/Expire-Date
T5768: Dirmngr: Use windows proxy settings if system proxy settings should be used
T6052: gnupg2 tpm2d tests do not work
T6399: Missing trustdb check on import of certificate
T6481: BEGIN_ENCRYPTION status output happens later in 2.4.1 (breaks Emacs's EasyPG)
T6536: Extend P12 parser for ShroudedKeyBag inside a CertBag
T6545: Support CRL extension issuingDistributionPoint
T6556: gpgtar: Removes existing output file on error
T6559: GPGSM: "always trust like override" or "force" option
T6654: gpgsm: p12 passphrase visible in debug output
T6705: Provide strong v5 fingerprints also for v4 keys
T6708: Allow to inhibit the use of a default PGP keyserver
T6710: Improve Speedo for Linux to set DT_RUNPATH.
T6719: Support Proxy-Authorization: Negotiate on Windows
T6736: Year 2038 issue for key validity date
T6802: Trying to sign with a brainpool X509 key results in non-compliance error
T6811: gpgv: Read-only trustedkeys.kbx should not be compressed
T6829: Kleopatra: Loop reading keys from smartcard
T6831: May chose a signing key from a not inserted card over an inserted one
T6833: Kleopatra: Multiple dirmngr started when searching for keys
T6838: keyboxd hangs on stale locks after changing hostname
T6843: after enable kdf-setup impossible change user/admin pin
T6918: gpgconf parsing of VERSION file broken
T6919: Add support for smartcafe cards
T6923: gpg fails to parse sensitive revokers from param files
T6929: Kleopatra: Allow revocation of RSA 2048 keys
T6944: The default card key generation keeps an unprotected backup of the encryption key on disk
T6960: Release GnuPG 2.4.5
T6509: Release GnuPG 2.4.3

Event Timeline

werner triaged this task as Low priority.Jul 4 2023, 4:43 PM
werner created this task.
werner created this object with edit policy "Administrators".
werner mentioned this in T6509: Release GnuPG 2.4.3.Jul 4 2023, 4:57 PM
thesamesam added a subscriber: thesamesam.Sep 1 2023, 5:14 AM
werner moved this task from Backlog to WiP on the gnupg24 board.Jan 11 2024, 3:35 PM
werner mentioned this in T6960: Release GnuPG 2.4.5.Jan 25 2024, 11:29 AM
werner closed this task as Resolved.Jan 25 2024, 11:37 AM
werner claimed this task.
werner updated the task description. (Show Details)
werner edited projects, added gnupg; removed gnupg24.
werner set Version to 2.4.4.
werner edited projects, added gnupg24; removed gnupg.
werner moved this task from WiP to gnupg-2.4.4 on the gnupg24 board.
werner edited projects, added gnupg24 (gnupg-2.4.4); removed gnupg24.
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2024q1/000481.html.Jan 25 2024, 6:13 PM