Change Details

**Noteworthy changes in version 2.5.0** (2024-07-05) //First release of a version leading to the next stable series 2.6.// * gpg: Support composite Kyber+ECC public key algorithms. This is experimental due to the yet outstanding FIPS-203 specification. [T6815] * gpg: Allow algo string "pqc" for --quick-gen-key. [rG12ac129a70] * gpg: New option --show-only-session-key. [rG1695cf267e] * gpg: Print designated revokers also in non-colon listing mode. [rG9d618d1273] * gpg: Make --with-sig-check work with --show-key in non-colon listing mode. [rG0c34edc443] * tpm: Rework error handling and fix key import [T7129, T7186] * Varous fixes to improve robustness on 64 bit Windows. [T7139] Changes also found in 2.4.6: * gpg: New command --quick-set-ownertrust. [rG967678d972] * gpg: Indicate disabled keys in key listings and add list option "show-ownertrust". [rG2a0a706eb2] * gpg: Make sure a DECRYPTION_OKAY is never issued for a bad OCB tag. [T7042] * gpg: Do not allow to accidently set the RENC usage. [T7072] * gpg: Accept armored files without CRC24 checksum. [T7071] * gpg: New --import-option "only-pubkeys". [T7146] * gpg: Repurpose the AKL mechanism "ldap" to work like the keyserver mechnism but only for LDAP keyservers. [rG068ebb6f1e] * gpg: ADSKs are now configurable for new keys. [T6882] * gpgsm: Emit user IDs with an empty Subject also in colon mode. [T7171] * agent: Consider an empty pattern file as valid. [rGc27534de95] * agent: Fix error handling of READKEY. [T6012] * agent: Avoid random errors when storing key in ephemeral mode. [T7129, rGfdc5003956] * agent: Make "SCD DEVINFO --watch" more robust. [T7151] * scd: Improve KDF data object handling for OpenPGP cards. [T7058] * scd: Avoid buffer overrun with more than 16 PC/SC readers. [T7129, rG4c1b007035] * scd: Fix how the scdaemon on its pipe connection finishes. [T7160] * gpgconf: Check readability of some files with -X and change its output format. [rG98e287ba6d] * gpg-mail-tube: New tool to apply PGP/MIME encryption to a mail. [rG28a080bc9f] * Fix some uninitialized variables and double frees in error code paths. [T7129] Changes also found in 2.4.5: * gpg,gpgv: New option --assert-pubkey-algo. [T6946] * gpg: Emit status lines for errors in the compression layer. [T6977] * gpg: Fix invocation with --trusted-keys and --no-options. [T7025] * gpgsm: Allow for a longer salt in PKCS#12 files. [T6757] * gpgtar: Make --status-fd=2 work on Windows. [T6961] * scd: Support for the ACR-122U NFC reader. [rG1682ca9f01] * scd: Suport D-TRUST ECC cards. [T7000,T7001] * scd: Allow auto detaching of kernel drivers; can be disabled with the new compatibility-flag ccid-no-auto-detach. [rGa1ea3b13e0] * scd: Allow setting a PIN length of 6 also with a reset code for openpgp cards. [T6843] * agent: Allow GET_PASSPHRASE in restricted mode. [rGadf4db6e20] * dirmngr: Trust system's root CAs for checking CRL issuers. [T6963] * dirmngr: Fix regression in 2.4.4 in fetching keys via hkps. [T6997] * gpg-wks-client: Make option --mirror work properly w/o specifying domains. [rG37cc255e49] * g13,gpg-wks-client: Allow command style options as in "g13 mount foo". [rGa09157ccb2] * Allow tilde expansion for the foo-program options. [T7017] * Make the getswdb.sh tool usable outside the GnuPG tree. Changes also found in 2.4.4: * gpg: Do not keep an unprotected smartcard backup key on disk. See https://gnupg.org/blog/20240125-smartcard-backup-key.html for a security advisory. [T6944] * gpg: Allow to specify seconds since Epoch beyond 2038 on 32-bit platforms. [T6736] * gpg: Fix expiration time when Creation-Date is specified. [T5252] * gpg: Add support for Subkey-Expire-Date. [rG96b69c1866] * gpg: Add option --with-v5-fingerprint. [T6705] * gpg: Add sub-option ignore-attributes to --import-options. [rGd4976e35d2] * gpg: Add --list-filter properties sig_expires/sig_expires_d. [rGbf662d0f93af] * gpg: Fix validity of re-imported keys. [T6399] * gpg: Report BEGIN_ status before examining the input. [T6481] * gpg: Don't try to compress a read-only keybox. [T6811] * gpg: Choose key from inserted card over a non-inserted card. [T6831] * gpg: Allow to create revocations even with non-compliant algos. [T6929] * gpg: Fix regression in the Revoker keyword of the parameter file. [T6923] * gpg: Improve error message for expired default keys. [T4704] * gpgsm: Add --always-trust feature. [T6559] * gpgsm: Support ECC certificates in de-vs mode. [T6802] * gpgsm: Major rewrite of the PKCS#12 parser. [T6536] * gpgsm: No not show the pkcs#12 passphrase in debug output. [T6654] * keyboxd: Timeout on failure to get the database lock. [T6838] * agent: Update the key stubs only if really modified. [T6829] * scd: Add support for certain Starcos 3.2 cards. [rG5304c9b080] * scd: Add support for CardOS 5.4 cards. [rG812f988059] * scd: Add support for D-Trust 4.1/4.4 cards. [rG0b85a9ac09] * scd: Add support for Smartcafe Expert 7.0 cards. [T6919] * scd: Add a length check for a new PIN. [T6843] * tpm: Fix keytotpm handling in the agent. [rG9909f622f6] * tpm: Fixes for the TPM test suite. [T6052] * dirmngr: Avoid starting a second instance on Windows via GPGME based launching. [T6833] * dirmngr: New option --ignore-crl-extensions. [T6545] * dirmngr: Support config value "none" to disable the default keyserver. [T6708] * dirmngr: Implement automatic proxy detection on Windows. [T5768] * dirmngr: Fix handling of the HTTP Content-Length. [rGa5e33618f4] * dirmngr: Add code to support proxy authentication using the Negotiation method on Windows. [T6719] * gpgconf: Add commands --lock and --unlock. [rG93b5ba38dc] * gpgconf: Add keyword socketdir to gpgconf.ctl. [rG239c1fdc28] * gpgconf: Adjust the -X command for the new VERSION file format. [T6918] * wkd: Use export-clean for gpg-wks-client's --mirror and --create commands. [rG2c7f7a5a278c] * wkd: Make --add-revocs the default in gpg-wks-client. New option --no-add-revocs. [rG10c937ee68] * Remove duplicated backslashes when setting the homedir. [T6833] * Ignore attempts to remove the /dev/null device. [T6556] * Improve advisory file lock retry strategy. [T3380] * Improve the speedo build system for Unix. [T6710] Changes also found in 2.4.3: * gpg: Set default expiration date to 3 years. [T2701] * gpg: Add --list-filter properties "key_expires" and "key_expires_d". [T6529] * gpg: Emit status line and proper diagnostics for write errors. [T6528] * gpg: Make progress work for large files on Windows. [T6534] * gpg: New option --no-compress as alias for -z0. * gpg: Show better error messages for blocked PINs. [T6425] * gpgsm: Print PROGRESS status lines. Add new --input-size-hint. [T6534] * gpgsm: Support SENDCERT_SKI for --call-dirmngr. [rG701a8b30f0] * gpgsm: Major rewrite of the PKCS#12 parser. [T6536] * gpgtar: New option --no-compress. * dirmngr: Extend the AD_QUERY command. [rG207c99567c] * dirmngr: Disable the HTTP redirect rewriting. [T6477] * dirmngr: New option --compatibility-flags. [rGbf04b07327] * dirmngr: New option --ignore-crl-extensions. [T6545] * dirmngr: Support config value "none" to disable the default keyserver. [T6708] * wkd: Use export-clean for gpg-wks-client's --mirror and --create commands. [rG2c7f7a5a27] * wkd: Make --add-revocs the default in gpg-wks-client. New option --no-add-revocs. [rG10c937ee68] * scd: Make signing work for Nexus cards. [rGb83d86b988] * scd: Fix authentication with Administration Key for PIV. [rG25b59cf6ce] * Fix garbled time output in non-English Windows. [T6741] Changes also found in 2.4.2: * gpg: Print a warning if no more encryption subkeys are left over after changing the expiration date. [rGef2c3d50fa] * gpg: Fix searching for the ADSK key when adding an ADSK. [T6504] * gpgsm: Speed up key listings on Windows. [rG08ff55bd44] * gpgsm: Reduce the number of "failed to open policy file" diagnostics. [rG68613a6a9d] * agent: Make updating of private key files more robust and track display S/N. [T6135] * keyboxd: Avoid longish delays on Windows when listing keys. [rG6944aefa3c] * gpgtar: Emit extra status lines to help GPGME. [T6497] * w32: Avoid using the VirtualStore. [T6403] ----- //(prev: T6454)//

**Noteworthy changes in version 2.5.0** (2024-07-05) //First release of a version leading to the next stable series 2.6.// * gpg: Support composite Kyber+ECC public key algorithms. This is experimental due to the yet outstanding FIPS-203 specification. [T6815] * gpg: Allow algo string "pqc" for --quick-gen-key. [rG12ac129a70] * gpg: New option --show-only-session-key. [rG1695cf267e] * gpg: Print designated revokers also in non-colon listing mode. [rG9d618d1273] * gpg: Make --with-sig-check work with --show-key in non-colon listing mode. [rG0c34edc443] * tpm: Rework error handling and fix key import [T7129, T7186] * Varous fixes to improve robustness on 64 bit Windows. [T7139] Changes also found in 2.4.6: * gpg: New command --quick-set-ownertrust. [rG967678d972] * gpg: Indicate disabled keys in key listings and add list option "show-ownertrust". [rG2a0a706eb2] * gpg: Make sure a DECRYPTION_OKAY is never issued for a bad OCB tag. [T7042] * gpg: Do not allow to accidently set the RENC usage. [T7072] * gpg: Accept armored files without CRC24 checksum. [T7071] * gpg: New --import-option "only-pubkeys". [T7146] * gpg: Repurpose the AKL mechanism "ldap" to work like the keyserver mechnism but only for LDAP keyservers. [rG068ebb6f1e] * gpg: ADSKs are now configurable for new keys. [T6882] * gpgsm: Emit user IDs with an empty Subject also in colon mode. [T7171] * agent: Consider an empty pattern file as valid. [rGc27534de95] * agent: Fix error handling of READKEY. [T6012] * agent: Avoid random errors when storing key in ephemeral mode. [T7129, rGfdc5003956] * agent: Make "SCD DEVINFO --watch" more robust. [T7151] * scd: Improve KDF data object handling for OpenPGP cards. [T7058] * scd: Avoid buffer overrun with more than 16 PC/SC readers. [T7129, rG4c1b007035] * scd: Fix how the scdaemon on its pipe connection finishes. [T7160] * gpgconf: Check readability of some files with -X and change its output format. [rG98e287ba6d] * gpg-mail-tube: New tool to apply PGP/MIME encryption to a mail. [rG28a080bc9f] * Fix some uninitialized variables and double frees in error code paths. [T7129] Changes also found in 2.4.5: * gpg,gpgv: New option --assert-pubkey-algo. [T6946] * gpg: Emit status lines for errors in the compression layer. [T6977] * gpg: Fix invocation with --trusted-keys and --no-options. [T7025] * gpgsm: Allow for a longer salt in PKCS#12 files. [T6757] * gpgtar: Make --status-fd=2 work on Windows. [T6961] * scd: Support for the ACR-122U NFC reader. [rG1682ca9f01] * scd: Suport D-TRUST ECC cards. [T7000,T7001] * scd: Allow auto detaching of kernel drivers; can be disabled with the new compatibility-flag ccid-no-auto-detach. [rGa1ea3b13e0] * scd: Allow setting a PIN length of 6 also with a reset code for openpgp cards. [T6843] * agent: Allow GET_PASSPHRASE in restricted mode. [rGadf4db6e20] * dirmngr: Trust system's root CAs for checking CRL issuers. [T6963] * dirmngr: Fix regression in 2.4.4 in fetching keys via hkps. [T6997] * gpg-wks-client: Make option --mirror work properly w/o specifying domains. [rG37cc255e49] * g13,gpg-wks-client: Allow command style options as in "g13 mount foo". [rGa09157ccb2] * Allow tilde expansion for the foo-program options. [T7017] * Make the getswdb.sh tool usable outside the GnuPG tree. Changes also found in 2.4.4: * gpg: Do not keep an unprotected smartcard backup key on disk. See https://gnupg.org/blog/20240125-smartcard-backup-key.html for a security advisory. [T6944] * gpg: Allow to specify seconds since Epoch beyond 2038 on 32-bit platforms. [T6736] * gpg: Fix expiration time when Creation-Date is specified. [T5252] * gpg: Add support for Subkey-Expire-Date. [rG96b69c1866] * gpg: Add option --with-v5-fingerprint. [T6705] * gpg: Add sub-option ignore-attributes to --import-options. [rGd4976e35d2] * gpg: Add --list-filter properties sig_expires/sig_expires_d. [rGbf662d0f93af] * gpg: Fix validity of re-imported keys. [T6399] * gpg: Report BEGIN_ status before examining the input. [T6481] * gpg: Don't try to compress a read-only keybox. [T6811] * gpg: Choose key from inserted card over a non-inserted card. [T6831] * gpg: Allow to create revocations even with non-compliant algos. [T6929] * gpg: Fix regression in the Revoker keyword of the parameter file. [T6923] * gpg: Improve error message for expired default keys. [T4704] * gpgsm: Add --always-trust feature. [T6559] * gpgsm: Support ECC certificates in de-vs mode. [T6802] * gpgsm: Major rewrite of the PKCS#12 parser. [T6536] * gpgsm: No not show the pkcs#12 passphrase in debug output. [T6654] * keyboxd: Timeout on failure to get the database lock. [T6838] * agent: Update the key stubs only if really modified. [T6829] * scd: Add support for certain Starcos 3.2 cards. [rG5304c9b080] * scd: Add support for CardOS 5.4 cards. [rG812f988059] * scd: Add support for D-Trust 4.1/4.4 cards. [rG0b85a9ac09] * scd: Add support for Smartcafe Expert 7.0 cards. [T6919] * scd: Add a length check for a new PIN. [T6843] * tpm: Fix keytotpm handling in the agent. [rG9909f622f6] * tpm: Fixes for the TPM test suite. [T6052] * dirmngr: Avoid starting a second instance on Windows via GPGME based launching. [T6833] * dirmngr: New option --ignore-crl-extensions. [T6545] * dirmngr: Support config value "none" to disable the default keyserver. [T6708] * dirmngr: Implement automatic proxy detection on Windows. [T5768] * dirmngr: Fix handling of the HTTP Content-Length. [rGa5e33618f4] * dirmngr: Add code to support proxy authentication using the Negotiation method on Windows. [T6719] * gpgconf: Add commands --lock and --unlock. [rG93b5ba38dc] * gpgconf: Add keyword socketdir to gpgconf.ctl. [rG239c1fdc28] * gpgconf: Adjust the -X command for the new VERSION file format. [T6918] * wkd: Use export-clean for gpg-wks-client's --mirror and --create commands. [rG2c7f7a5a278c] * wkd: Make --add-revocs the default in gpg-wks-client. New option --no-add-revocs. [rG10c937ee68] * Remove duplicated backslashes when setting the homedir. [T6833] * Ignore attempts to remove the /dev/null device. [T6556] * Improve advisory file lock retry strategy. [T3380] * Improve the speedo build system for Unix. [T6710] Changes also found in 2.4.3: * gpg: Set default expiration date to 3 years. [T2701] * gpg: Add --list-filter properties "key_expires" and "key_expires_d". [T6529] * gpg: Emit status line and proper diagnostics for write errors. [T6528] * gpg: Make progress work for large files on Windows. [T6534] * gpg: New option --no-compress as alias for -z0. * gpg: Show better error messages for blocked PINs. [T6425] * gpgsm: Print PROGRESS status lines. Add new --input-size-hint. [T6534] * gpgsm: Support SENDCERT_SKI for --call-dirmngr. [rG701a8b30f0] * gpgsm: Major rewrite of the PKCS#12 parser. [T6536] * gpgtar: New option --no-compress. * dirmngr: Extend the AD_QUERY command. [rG207c99567c] * dirmngr: Disable the HTTP redirect rewriting. [T6477] * dirmngr: New option --compatibility-flags. [rGbf04b07327] * dirmngr: New option --ignore-crl-extensions. [T6545] * dirmngr: Support config value "none" to disable the default keyserver. [T6708] * wkd: Use export-clean for gpg-wks-client's --mirror and --create commands. [rG2c7f7a5a27] * wkd: Make --add-revocs the default in gpg-wks-client. New option --no-add-revocs. [rG10c937ee68] * scd: Make signing work for Nexus cards. [rGb83d86b988] * scd: Fix authentication with Administration Key for PIV. [rG25b59cf6ce] * Fix garbled time output in non-English Windows. [T6741] Changes also found in 2.4.2: * gpg: Print a warning if no more encryption subkeys are left over after changing the expiration date. [rGef2c3d50fa] * gpg: Fix searching for the ADSK key when adding an ADSK. [T6504] * gpgsm: Speed up key listings on Windows. [rG08ff55bd44] * gpgsm: Reduce the number of "failed to open policy file" diagnostics. [rG68613a6a9d] * agent: Make updating of private key files more robust and track display S/N. [T6135] * keyboxd: Avoid longish delays on Windows when listing keys. [rG6944aefa3c] * gpgtar: Emit extra status lines to help GPGME. [T6497] * w32: Avoid using the VirtualStore. [T6403] ----- //(prev: T6454 next: T7191)//

**Noteworthy changes in version 2.5.0** (2024-07-05) //First release of a version leading to the next stable series 2.6.// * gpg: Support composite Kyber+ECC public key algorithms. This is experimental due to the yet outstanding FIPS-203 specification. [T6815] * gpg: Allow algo string "pqc" for --quick-gen-key. [rG12ac129a70] * gpg: New option --show-only-session-key. [rG1695cf267e] * gpg: Print designated revokers also in non-colon listing mode. [rG9d618d1273] * gpg: Make --with-sig-check work with --show-key in non-colon listing mode. [rG0c34edc443] * tpm: Rework error handling and fix key import [T7129, T7186] * Varous fixes to improve robustness on 64 bit Windows. [T7139] Changes also found in 2.4.6: * gpg: New command --quick-set-ownertrust. [rG967678d972] * gpg: Indicate disabled keys in key listings and add list option "show-ownertrust". [rG2a0a706eb2] * gpg: Make sure a DECRYPTION_OKAY is never issued for a bad OCB tag. [T7042] * gpg: Do not allow to accidently set the RENC usage. [T7072] * gpg: Accept armored files without CRC24 checksum. [T7071] * gpg: New --import-option "only-pubkeys". [T7146] * gpg: Repurpose the AKL mechanism "ldap" to work like the keyserver mechnism but only for LDAP keyservers. [rG068ebb6f1e] * gpg: ADSKs are now configurable for new keys. [T6882] * gpgsm: Emit user IDs with an empty Subject also in colon mode. [T7171] * agent: Consider an empty pattern file as valid. [rGc27534de95] * agent: Fix error handling of READKEY. [T6012] * agent: Avoid random errors when storing key in ephemeral mode. [T7129, rGfdc5003956] * agent: Make "SCD DEVINFO --watch" more robust. [T7151] * scd: Improve KDF data object handling for OpenPGP cards. [T7058] * scd: Avoid buffer overrun with more than 16 PC/SC readers. [T7129, rG4c1b007035] * scd: Fix how the scdaemon on its pipe connection finishes. [T7160] * gpgconf: Check readability of some files with -X and change its output format. [rG98e287ba6d] * gpg-mail-tube: New tool to apply PGP/MIME encryption to a mail. [rG28a080bc9f] * Fix some uninitialized variables and double frees in error code paths. [T7129] Changes also found in 2.4.5: * gpg,gpgv: New option --assert-pubkey-algo. [T6946] * gpg: Emit status lines for errors in the compression layer. [T6977] * gpg: Fix invocation with --trusted-keys and --no-options. [T7025] * gpgsm: Allow for a longer salt in PKCS#12 files. [T6757] * gpgtar: Make --status-fd=2 work on Windows. [T6961] * scd: Support for the ACR-122U NFC reader. [rG1682ca9f01] * scd: Suport D-TRUST ECC cards. [T7000,T7001] * scd: Allow auto detaching of kernel drivers; can be disabled with the new compatibility-flag ccid-no-auto-detach. [rGa1ea3b13e0] * scd: Allow setting a PIN length of 6 also with a reset code for openpgp cards. [T6843] * agent: Allow GET_PASSPHRASE in restricted mode. [rGadf4db6e20] * dirmngr: Trust system's root CAs for checking CRL issuers. [T6963] * dirmngr: Fix regression in 2.4.4 in fetching keys via hkps. [T6997] * gpg-wks-client: Make option --mirror work properly w/o specifying domains. [rG37cc255e49] * g13,gpg-wks-client: Allow command style options as in "g13 mount foo". [rGa09157ccb2] * Allow tilde expansion for the foo-program options. [T7017] * Make the getswdb.sh tool usable outside the GnuPG tree. Changes also found in 2.4.4: * gpg: Do not keep an unprotected smartcard backup key on disk. See https://gnupg.org/blog/20240125-smartcard-backup-key.html for a security advisory. [T6944] * gpg: Allow to specify seconds since Epoch beyond 2038 on 32-bit platforms. [T6736] * gpg: Fix expiration time when Creation-Date is specified. [T5252] * gpg: Add support for Subkey-Expire-Date. [rG96b69c1866] * gpg: Add option --with-v5-fingerprint. [T6705] * gpg: Add sub-option ignore-attributes to --import-options. [rGd4976e35d2] * gpg: Add --list-filter properties sig_expires/sig_expires_d. [rGbf662d0f93af] * gpg: Fix validity of re-imported keys. [T6399] * gpg: Report BEGIN_ status before examining the input. [T6481] * gpg: Don't try to compress a read-only keybox. [T6811] * gpg: Choose key from inserted card over a non-inserted card. [T6831] * gpg: Allow to create revocations even with non-compliant algos. [T6929] * gpg: Fix regression in the Revoker keyword of the parameter file. [T6923] * gpg: Improve error message for expired default keys. [T4704] * gpgsm: Add --always-trust feature. [T6559] * gpgsm: Support ECC certificates in de-vs mode. [T6802] * gpgsm: Major rewrite of the PKCS#12 parser. [T6536] * gpgsm: No not show the pkcs#12 passphrase in debug output. [T6654] * keyboxd: Timeout on failure to get the database lock. [T6838] * agent: Update the key stubs only if really modified. [T6829] * scd: Add support for certain Starcos 3.2 cards. [rG5304c9b080] * scd: Add support for CardOS 5.4 cards. [rG812f988059] * scd: Add support for D-Trust 4.1/4.4 cards. [rG0b85a9ac09] * scd: Add support for Smartcafe Expert 7.0 cards. [T6919] * scd: Add a length check for a new PIN. [T6843] * tpm: Fix keytotpm handling in the agent. [rG9909f622f6] * tpm: Fixes for the TPM test suite. [T6052] * dirmngr: Avoid starting a second instance on Windows via GPGME based launching. [T6833] * dirmngr: New option --ignore-crl-extensions. [T6545] * dirmngr: Support config value "none" to disable the default keyserver. [T6708] * dirmngr: Implement automatic proxy detection on Windows. [T5768] * dirmngr: Fix handling of the HTTP Content-Length. [rGa5e33618f4] * dirmngr: Add code to support proxy authentication using the Negotiation method on Windows. [T6719] * gpgconf: Add commands --lock and --unlock. [rG93b5ba38dc] * gpgconf: Add keyword socketdir to gpgconf.ctl. [rG239c1fdc28] * gpgconf: Adjust the -X command for the new VERSION file format. [T6918] * wkd: Use export-clean for gpg-wks-client's --mirror and --create commands. [rG2c7f7a5a278c] * wkd: Make --add-revocs the default in gpg-wks-client. New option --no-add-revocs. [rG10c937ee68] * Remove duplicated backslashes when setting the homedir. [T6833] * Ignore attempts to remove the /dev/null device. [T6556] * Improve advisory file lock retry strategy. [T3380] * Improve the speedo build system for Unix. [T6710] Changes also found in 2.4.3: * gpg: Set default expiration date to 3 years. [T2701] * gpg: Add --list-filter properties "key_expires" and "key_expires_d". [T6529] * gpg: Emit status line and proper diagnostics for write errors. [T6528] * gpg: Make progress work for large files on Windows. [T6534] * gpg: New option --no-compress as alias for -z0. * gpg: Show better error messages for blocked PINs. [T6425] * gpgsm: Print PROGRESS status lines. Add new --input-size-hint. [T6534] * gpgsm: Support SENDCERT_SKI for --call-dirmngr. [rG701a8b30f0] * gpgsm: Major rewrite of the PKCS#12 parser. [T6536] * gpgtar: New option --no-compress. * dirmngr: Extend the AD_QUERY command. [rG207c99567c] * dirmngr: Disable the HTTP redirect rewriting. [T6477] * dirmngr: New option --compatibility-flags. [rGbf04b07327] * dirmngr: New option --ignore-crl-extensions. [T6545] * dirmngr: Support config value "none" to disable the default keyserver. [T6708] * wkd: Use export-clean for gpg-wks-client's --mirror and --create commands. [rG2c7f7a5a27] * wkd: Make --add-revocs the default in gpg-wks-client. New option --no-add-revocs. [rG10c937ee68] * scd: Make signing work for Nexus cards. [rGb83d86b988] * scd: Fix authentication with Administration Key for PIV. [rG25b59cf6ce] * Fix garbled time output in non-English Windows. [T6741] Changes also found in 2.4.2: * gpg: Print a warning if no more encryption subkeys are left over after changing the expiration date. [rGef2c3d50fa] * gpg: Fix searching for the ADSK key when adding an ADSK. [T6504] * gpgsm: Speed up key listings on Windows. [rG08ff55bd44] * gpgsm: Reduce the number of "failed to open policy file" diagnostics. [rG68613a6a9d] * agent: Make updating of private key files more robust and track display S/N. [T6135] * keyboxd: Avoid longish delays on Windows when listing keys. [rG6944aefa3c] * gpgtar: Emit extra status lines to help GPGME. [T6497] * w32: Avoid using the VirtualStore. [T6403] ----- //(prev: T6454 next: T7191)//