Page MenuHome GnuPG

Release GnuPG 2.4.4
Closed, ResolvedPublic


Noteworthy changes in version 2.4.4 (2024-01-25)

  • gpg: Do not keep an unprotected smartcard backup key on disk. See for a security advisory. [T6944]
  • gpg: Allow to specify seconds since Epoch beyond 2038 on 32-bit platforms. [T6736]
  • gpg: Fix expiration time when Creation-Date is specified. [T5252]
  • gpg: Add support for Subkey-Expire-Date. [rG96b69c1866]
  • gpg: Add option --with-v5-fingerprint. [T6705]
  • gpg: Add sub-option ignore-attributes to --import-options. [rGd4976e35d2]
  • gpg: Add --list-filter properties sig_expires/sig_expires_d. [rGbf662d0f93af]
  • gpg: Fix validity of re-imported keys. [T6399]
  • gpg: Report BEGIN_ status before examining the input. [T6481]
  • gpg: Don't try to compress a read-only keybox. [T6811]
  • gpg: Choose key from inserted card over a non-inserted card. [T6831]
  • gpg: Allow to create revocations even with non-compliant algos. [T6929]
  • gpg: Fix regression in the Revoker keyword of the parameter file. [T6923]
  • gpg: Improve error message for expired default keys. [T4704]
  • gpgsm: Add --always-trust feature. [T6559]
  • gpgsm: Support ECC certificates in de-vs mode. [T6802]
  • gpgsm: Major rewrite of the PKCS#12 parser. [T6536]
  • gpgsm: No not show the pkcs#12 passphrase in debug output. [T6654]
  • keyboxd: Timeout on failure to get the database lock. [T6838]
  • agent: Update the key stubs only if really modified. [T6829]
  • scd: Add support for certain Starcos 3.2 cards. [rG5304c9b080]
  • scd: Add support for CardOS 5.4 cards. [rG812f988059]
  • scd: Add support for D-Trust 4.1/4.4 cards. [rG0b85a9ac09]
  • scd: Add support for Smartcafe Expert 7.0 cards. [T6919]
  • scd: Add a length check for a new PIN. [T6843]
  • tpm: Fix keytotpm handling in the agent. [rG9909f622f6]
  • tpm: Fixes for the TPM test suite. [T6052]
  • dirmngr: Avoid starting a second instance on Windows via GPGME based launching. [T6833]
  • dirmngr: New option --ignore-crl-extensions. [T6545]
  • dirmngr: Support config value "none" to disable the default keyserver. [T6708]
  • dirmngr: Implement automatic proxy detection on Windows. [T5768]
  • dirmngr: Fix handling of the HTTP Content-Length. [rGa5e33618f4]
  • dirmngr: Add code to support proxy authentication using the Negotiation method on Windows. [T6719]
  • gpgconf: Add commands --lock and --unlock. [rG93b5ba38dc]
  • gpgconf: Add keyword socketdir to gpgconf.ctl. [rG239c1fdc28]
  • gpgconf: Adjust the -X command for the new VERSION file format. [T6918]
  • wkd: Use export-clean for gpg-wks-client's --mirror and --create commands. [rG2c7f7a5a278c]
  • wkd: Make --add-revocs the default in gpg-wks-client. New option --no-add-revocs. [rG10c937ee68]
  • Remove duplicated backslashes when setting the homedir. [T6833]
  • Ignore attempts to remove the /dev/null device. [T6556]
  • Improve advisory file lock retry strategy. [T3380]
  • Improve the speedo build system for Unix. [T6710]

(prev: T6509 next: T6960)

Related Objects

Mentioned In
T6960: Release GnuPG 2.4.5
T6509: Release GnuPG 2.4.3
Mentioned Here
rG2c7f7a5a278c: wks: Use export-clean for --mirror and --create.
rG10c937ee68cb: wks: Make --add-revocs the default.
rG96b69c1866dd: gpg: Add support for Subkey-Expire-Date.
rGbf662d0f93af: gpg: Add --list-filter properties sig_expires/sig_expires_d
rGa5e33618f421: dirmngr: Fix handling of the HTTP Content-Length
rG9909f622f69e: agent: fix tpm2d keytotpm handling
rG5304c9b080b4: scd:p15: Basic support for Starcos 3.2.
rG93b5ba38dc3a: tools: Integrate the dotlock tool into gpgconf.
rG812f9880591e: scd:p15: Add support for CardOS 5.4
rG0b85a9ac09d1: scd:p15: Add support for D-Trust Card 4.1/4.4
rG239c1fdc28dc: common: Add keyword socketdir to gpgconf.ctl
rGd4976e35d2ca: gpg: Add sub-option ignore-attributes to --import-options.
T3380: Use exponential backoff when spawning agent and dirmngr
T4704: Wrong error message when key is expired
T5252: bad expiration value when using --batch Creation-Date/Expire-Date
T5768: Dirmngr: Use windows proxy settings if system proxy settings should be used
T6052: gnupg2 tpm2d tests do not work
T6399: Missing trustdb check on import of certificate
T6481: BEGIN_ENCRYPTION status output happens later in 2.4.1 (breaks Emacs's EasyPG)
T6536: Extend P12 parser for ShroudedKeyBag inside a CertBag
T6545: Support CRL extension issuingDistributionPoint
T6556: gpgtar: Removes existing output file on error
T6559: GPGSM: "always trust like override" or "force" option
T6654: gpgsm: p12 passphrase visible in debug output
T6705: Provide strong v5 fingerprints also for v4 keys
T6708: Allow to inhibit the use of a default PGP keyserver
T6710: Improve Speedo for Linux to set DT_RUNPATH.
T6719: Support Proxy-Authorization: Negotiate on Windows
T6736: Year 2038 issue for key validity date
T6802: Trying to sign with a brainpool X509 key results in non-compliance error
T6811: gpgv: Read-only trustedkeys.kbx should not be compressed
T6829: Kleopatra: Loop reading keys from smartcard
T6831: May chose a signing key from a not inserted card over an inserted one
T6833: Kleopatra: Multiple dirmngr started when searching for keys
T6838: keyboxd hangs on stale locks after changing hostname
T6843: after enable kdf-setup impossible change user/admin pin
T6918: gpgconf parsing of VERSION file broken
T6919: Add support for smartcafe cards
T6923: gpg fails to parse sensitive revokers from param files
T6929: Kleopatra: Allow revocation of RSA 2048 keys
T6944: The default card key generation keeps an unprotected backup of the encryption key on disk
T6960: Release GnuPG 2.4.5
T6509: Release GnuPG 2.4.3

Event Timeline

werner created this task.
werner created this object with edit policy "Administrators".
werner claimed this task.
werner updated the task description. (Show Details)
werner edited projects, added gnupg; removed gnupg24.
werner set Version to 2.4.4.
werner edited projects, added gnupg24; removed gnupg.
werner moved this task from WiP to gnupg-2.4.4 on the gnupg24 board.
werner edited projects, added gnupg24 (gnupg-2.4.4); removed gnupg24.
werner set External Link to 25 2024, 6:13 PM