xref: /dports/security/gnupg1/gnupg-1.4.23/ChangeLog

2018-06-11  Werner Koch  <wk@gnupg.org>

	Release 1.4.23.
	+ commit 8ae6a246bef5b5eb0684e9fb1c933a4f8441dadd


2018-06-08  Werner Koch  <wk@gnupg.org>

	gpg: Sanitize diagnostic with the original file name.
	+ commit 2326851c60793653069494379b16d84e4c10a0ac
	* g10/mainproc.c (proc_plaintext): Sanitize verbose output.

2018-04-13  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Push compress filter only if compressed.
	+ commit 0f8fd95ab32a6d29dac79e19f0850037c7d0c16f
	* g10/compress.c (handle_compressed): Fix memory leak.

2017-12-18  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit 1338bce5f66a95b53f18c4b54f0e9ac79604500a
	* po/ja.po: Fix message with no "%s".

2017-12-04  NIIBE Yutaka  <gniibe@fsij.org>
	    Damien Goutte-Gattat  <dgouttegattat@incenp.org>

	g10: Fix regexp sanitization.
	+ commit 9441946e1824eb58249c58432ed1f554d0d8a102
	* g10/trustdb.c (sanitize_regexp): Only escape operators.

2017-11-10  Dario Niedermann  <dario@darioniedermann.it>

	Do not use C99 feature.
	+ commit 877e3073d731fec55a88673f91ed646a75e786c8
	* cipher/rsa.c (secret): Move var decl to the beginning.

2017-09-06  Frans Spiesschaert  <Frans.Spiesschaert@yucom.be>

	po: update Dutch translation.
	+ commit aa26eda8ab679a80a7be2c82478cb4440b45ec8c


2017-08-04  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	doc: Remove documentation for future option --faked-system-time.
	+ commit eb15d5ed8e4a765998e9de7698bdc65328bcaaa3
	doc/gpg.texi: Remove documentation for --faked-system-time.

2017-08-02  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	debian: Remove packaging from upstream repository.
	+ commit 9832a4bacfa5232534f2c7fe7655bd0677a41f6e
	Debian packaging for GnuPG is handled in debian git repositories, and
	doesn't belong here in the upstream repository.  The packaging was
	significantly out of date anyway.

	If you're looking for debian packaging for the 1.4 branch of GnuPG,
	please use the following git remote:

	    https://anonscm.debian.org/git/pkg-gnupg/gnupg1.git

2017-08-02  Joe Hansen  <joedalton2@yahoo.dk>

	po: Update Danish translation.
	+ commit 12afc37a946477692257d725acac513f271c4e9e
	Originally reported at:
	http://lists.gnupg.org/pipermail/gnupg-i18n/2014-November/000308.html

2017-08-02  Frans Spiesschaert  <Frans.Spiesschaert@yucom.be>

	po: Update Dutch translation.
	+ commit 6d5c5204d79fa9d01981c0076d3acde18534640a
	Debian-Bug-Id: 845695

2017-08-01  Manuel Venturi Porras Peralta  <venturi@openmailbox.org>

	po: Update Spanish translation.
	+ commit 76239356bcb3bfeec5327637ed87429594868fef
	Debian-Bug-Id: 814541

2017-07-19  Werner Koch  <wk@gnupg.org>

	Release 1.4.22.
	+ commit 6153268aaf04ec960a4e1dcc50434e815a47e0e8


2017-07-19  Åka Sikrom  <a4 -at- hush -dot- com>

	po: Update Norwegian translation.
	+ commit 5f7667eca899952480e066404f1b46eca7fe401f


2017-07-07  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Fix memory leak.
	+ commit 6b4abf1d491d30a6bdaeb2c425c780cacd65bab4
	* g10/textfilter.c (copy_clearsig_text): Free the buffer.

	rsa: Reduce secmem pressure.
	+ commit 1b1f44846b5f21a80ed101f2284ce5f6e8849ee7
	* cipher/rsa.c (secret): Don't keep secmem.

	rsa: Allow different build directory.
	+ commit 994d5b707559a800a650dc7f273372f509d74780
	* cipher/Makefile.am (AM_CPPFLAGS): Add mpi dirs.
	* cipher/rsa.c: Change include file.

2017-07-07  Marcus Brinkmann  <mb@g10code.com>

	rsa: Add exponent blinding.
	+ commit 8fd9f72e1b2e578e45c98c978cab4f6d47683d2c
	* cipher/rsa.c (secret_core_crt): Blind secret D with randomized
	nonce R for mpi_powm computation.

2017-07-07  NIIBE Yutaka  <gniibe@fsij.org>

	mpi: Minor fix for mpi_pow.
	+ commit 554ded4854758bf6ca268432fa087f946932a409
	* mpi/mpi-pow.c (mpi_powm): Fix allocation size.

	mpi: Same computation for square and multiply for mpi_pow.
	+ commit 12029f83fd0ab3e8ad524f6c9135854662fddfd1
	* mpi/mpi-pow.c (_gcry_mpi_powm): Compare msize for max_u_size.  Move
	the assignment to base_u into the loop.  Copy content refered by RP to
	BASE_U except the last of the loop.

	mpi: Simplify mpi_powm.
	+ commit b38f4489f75e6e435886aa885807738a22c7ff60
	* mpi/mpi-pow.c (_gcry_mpi_powm): Simplify the loop.

2017-07-04  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	mpi: Fix ARM assembler in longlong.h.
	+ commit 782f804765b6f4226fd77843e59f57dcca61b6fb
	* mpi/longlong.h [__arm__] (add_ssaaaa, sub_ddmmss): Add __CLOBBER_CC.
	[__arm__][__ARM_ARCH <= 3] (umul_ppmm): Add __AND_CLOBBER_CC.

2017-07-03  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	doc: Fix typo.
	+ commit 7b045f539e5f67c937c18157c26fb3a767c1c7e6


2017-05-10  Ineiev  <ineiev@gnu.org>

	g10: Fix secmem leak.
	+ commit 2c2121ff3c2b90f21b75dd56c981b4d9e6d1c0e2
	* g10/keygen.c (proc_parameter_file): Fix secmem leak.

2017-03-30  Werner Koch  <wk@gnupg.org>

	gpg: Fix exporting of zero length user ID packets.
	+ commit bb61191aad98c3dbb487c1f76dd1552d44a52fe3
	* g10/build-packet.c (do_user_id): Avoid indeterminate length header.

2016-11-02  Neal H. Walfield  <neal@g10code.com>
	    Michael Mönch  <michael.moench@marktjagd.de>

	tools: Fix option parsing for gpg-zip.
	+ commit f2acaa5d785a29eca629c4b3df739bc474249004
	* tools/gpg-zip.in: Correctly set GPG when --gpg is specified.
	Correctly set TAR when --tar is specified.  Pass TAR_ARGS to tar.

	(cherry-picked by dkg from master branch's
	84ebf15b06e435453b2f58775f97a3a1c61a7e55)

2016-08-17  Werner Koch  <wk@gnupg.org>

	Release 1.4.21.
	+ commit 47531220e57bf5093dcf2312884124f0a79e15db


	gpg: Add dummy option --with-subkey-fingerprint.
	+ commit 5e1843fc47457a9a0525ed7d3e55961d342ef1e2
	* g10/gpg.c (opts): Add dummy option.

	build: Create a swdb file during "make distcheck".
	+ commit 56792b1191a31c8409d7dcdb33b87a92f0e65ab2
	* Makefile.am (distcheck-hook): New.

2016-08-17  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit 851a9de23ac0977c66f5ef56f08d8ca5eae92930


2016-08-17  Werner Koch  <wk@gnupg.org>

	random: Hash continuous areas in the csprng pool.
	+ commit c6dbfe89903d0c8191cf50ecf1abb3c8458b427a
	* cipher/random.c (mix_pool): Store the first hash at the end of the
	pool.

	cipher: Improve readability by using a macro.
	+ commit e23eec8c9a602eee0a09851a54db0f5d611f125c
	* cipher/random.c (mix_pool): Use DIGESTLEN instead of 20.

2016-08-09  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Avoid publishing the GnuPG version by default.
	+ commit 61539efc2bc4ba9a9faceaced12660d588c1be7a
	* g10/gpg.c (main): initialize opt.emit_version to 0
	* doc/gpg.texi: document different default for --emit-version

2016-08-04  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	Clean up "allow to"
	+ commit 15d13272344fa0d8753a321c087b30a6d5115dfb
	* README, cipher/cipher.c, cipher/pubkey.c, doc/gpg.texi: replace
	  "allow to" with clearer text

	In standard English, the normal construction is "${XXX} allows ${YYY}
	to" -- that is, the subject (${XXX}) of the sentence is allowing the
	object (${YYY}) to do something.  When the object is missing, the
	phrasing sounds awkward, even if the object is implied by context.
	There's almost always a better construction that isn't as awkward.

	These changes should make the language a bit clearer.

	Fix spelling: "occured" should be "occurred"
	+ commit 1820889e3c4a9a07981951b3e74f722658fb01c5
	* checks/armor.test, cipher/des.c, g10/ccid-driver.c, g10/pkclist.c,
	  util/regcomp.c, util/regex_internal.c: correct the spelling of
	  "occured" to "occurred"

2016-08-04  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix checking key for signature validation.
	+ commit f474b161f6c8c7a3dc0fb90d25ffceacba1ff117
	* g10/sig-check.c (signature_check2): Not only subkey, but also primary
	key should have flags.valid=1.

2016-08-03  Justus Winter  <justus@g10code.com>

	Partially revert "g10: Fix another race condition for trustdb access."
	+ commit 0f6bda4ccd2091e386e78c369131388ae5ebc002
	This amends db246f8b which accidentally included the compiled
	translation files.

2016-07-09  NIIBE Yutaka  <gniibe@fsij.org>

	gpgv: Tweak default options for extra security.
	+ commit cf01cf8b88abb6ed5fea300c28e2a1e6a7c67804
	* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
	cached status.  Similarly, set opt.flags.require_cross_cert for backsig
	validation for subkey signature.

2016-07-06  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix keysize with --expert.
	+ commit ca1fc596267b42a894a3fc85c3733007c672ed1f
	* g10/keygen.c (ask_keysize): It's 768 only for DSA.

2016-06-28  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix --list-packets.
	+ commit 39e32d375ef72874848f138d941d6d17f5aff85c
	* g10/gpg.c (main): Call set_packet_list_mode after assignment of
	opt.list_packets.
	* g10/mainproc.c (do_proc_packets): Don't stop processing with
	--list-packets as the comment says.
	* g10/options.h (list_packets): Fix the comment.
	* g10/parse-packet.c: Fix the condition for opt.list_packets.

2016-06-15  Niibe Yutaka  <gniibe@fsij.org>

	g10: Fix another race condition for trustdb access.
	+ commit db246f8b18b77314938e596b8217bd97223d5aad
	* g10/tdbio.c (create_version_record): Call create_hashtable to always
	make hashtable, together with the version record.
	(get_trusthashrec): Remove call to create_hashtable.

2016-02-12  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Make sure to have the directory for trustdb.
	+ commit d957e4388f72581b1ec801613b5629b5ea3f586d
	* g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE.  Check
	the directory and create it if none before calling take_write_lock.

2016-02-01  Werner Koch  <wk@gnupg.org>

	Fix possible sign extension problem with newer compilers.
	+ commit 22caa5c2d4b65289a0857c36bcded36b34baf4d2
	* cipher/des.c (READ_64BIT_DATA): Cast to u32 before shifting by 24.
	* cipher/blowfish.c (do_encrypt_block): Ditto.
	(do_decrypt_block): Ditto.
	* cipher/camellia.c (CAMELLIA_RR8): Ditto.
	* cipher/cast5.c (do_encrypt_block): Ditto.
	(do_decrypt_block): Ditto.
	(do_cast_setkey): Ditto.
	* cipher/twofish.c (INPACK): Ditto.
	* util/iobuf.c (block_filter): Ditto.

2016-01-26  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix iobuf API of filter function for alignment.
	+ commit aa4a3aa3e7a0c7dc231b90b2958184c7138ccc93
	* include/iobuf.h (struct iobuf_struct): Remove DESC.
	* util/iobuf.c (iobuf_desc): New.
	(print_chain, iobuf_close, iobuf_open, iobuf_fdopen, iobuf_sockopen)
	(iobuf_create, iobuf_append, iobuf_openrw, iobuf_ioctl)
	(iobuf_push_filter2, pop_filter, underflow): Use iobuf_desc.
	(file_filter, sock_filter, block_filter): Fill the description.
	* g10/armor.c, g10/cipher.c, g10/compress-bz2.c, g10/compress.c,
	g10/encode.c, g10/encr-data.c, g10/mdfilter.c, g10/pipemode.c,
	g10/progress.c, g10/textfilter.c: Likewise.

2016-01-15  Werner Koch  <wk@gnupg.org>

	Fix possible AIX problem with sysconf in rndunix.
	+ commit a38dffde7b19bd4881afcd87c23aac2daa5bd52a
	* cipher/rndunix.c [HAVE_STDINT_H]: Include stdint.h.
	(start_gatherer): Detect misbehaving sysconf.

2016-01-13  NIIBE Yutaka  <gniibe@fsij.org>

	Fix to support git worktree.
	+ commit e26706700f6f339891cce924e2a401dfbdba1a0e
	* Makefile.am: Use -e for testing .git.

2015-12-21  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit d908e7d2384b5e742d41d468ad079c99f4b0a625


2015-12-19  Werner Koch  <wk@gnupg.org>

	Release 1.4.20.
	+ commit 19549aec296b4cba825682dbddb1fa4214b05cab


	w32: Avoid warning when using newer mingw versions.
	+ commit 56daf9b6e53b67f75305e7806860a3db94e3be2d
	* g10/tdbio.c (ftruncate): Do not define if already defined.

2015-12-19  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Add option --weak-digest to gpg and gpgv.
	+ commit 924518b10d4d8b39236a829989310a211f739c5b
	* g10/options.h: Add weak_digests linked list to opts.
	* g10/main.h: Declare weakhash linked list struct and
	additional_weak_digest() function to insert newly-declared weak
	digests into opts.
	* g10/misc.c: (additional_weak_digest): New function.
	(print_digest_algo_note): Check for deprecated digests.
	* g10/sig-check.c: (do_check): Reject all weak digests.
	* g10/gpg.c: Add --weak-digest option to gpg.
	* doc/gpg.texi: Document gpg --weak-digest option.
	* g10/gpgv.c: Add --weak-digest option to gpgv.
	* doc/gpgv.texi: Document gpgv --weak-digest option.

2015-12-19  Werner Koch  <wk@gnupg.org>

	gpg: Reject signatures made with MD5.
	+ commit 43e5d28c6dbab9e5bcf652b4051184d409910c69
	* g10/gpg.c: Add option --allow-weak-digest-algos.
	(main): Set option also in PGP2 mode.
	* g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
	* g10/sig-check.c (do_check): Reject MD5 signatures.
	* tests/openpgp/gpg.conf.tmpl: Add allow_weak_digest_algos.

2015-12-17  Werner Koch  <wk@gnupg.org>

	gpg: Change default cipher for --symmetric from CAST5 to AES-128.
	+ commit fc30a414d8d6586207444356ec270bd3fe0f6e68
	* g10/main.h (DEFAULT_CIPHER_ALGO): Change to AES or CAST5 or 3DES
	depending on configure options.
	* g10/gpg.c (main): Set opt.s2k_cipher_algo to DEFAULT_CIPHER_ALGO.

2015-12-17  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	Pass DBUS_SESSION_BUS_ADDRESS for gnome3.
	+ commit 751b287179c3a485261051a8bc838ee9405fa890
	* g10/passphrase.c (stdenvnames): Add DBUS_SESSION_BUS_ADDRESS.

2015-11-20  Werner Koch  <wk@gnupg.org>

	gpg: Avoid cluttering stdout with trustdb info in verbose mode.
	+ commit 8b5cb544a8a1d9274a072990b13bb1d3cb2f6ab2
	* g10/trustdb.c (validate_keys): Call dump_key_array only in debug
	mode.

2015-10-01  Werner Koch  <wk@gnupg.org>

	gpg: Silence a compiler warning.
	+ commit 6db18e29eb81b37ed6feb592add77d492c60fc35
	* g10/parse-packet.c (enum_sig_subpkt): Replace hack.

2015-09-17  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit 9232df23ac545e358d10c5539bdc9de2d05f15e8


2015-09-08  NIIBE Yutaka  <gniibe@fsij.org>

	po: Fix Spanish translation.
	+ commit bd6f80061a7f7dd8831a2ce989bbd47f46a195bc


2015-09-01  Werner Koch  <wk@gnupg.org>

	Obsolete option --no-sig-create-check.
	+ commit ae61f01523fc68fbd3dbac5f2ba761a7b8b117dd
	* cipher/rsa.c (rsa_sign): Verify after sign.
	* g10/gpg.c (opts): Make --no-sig-create-check a NOP.
	* g10/options.h (opt): Remove field "no_sig_create_check".
	* g10/sign.c (do_sign): Do check only for DSA.

2015-06-16  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix a race condition initially creating trustdb.
	+ commit ae38cbbca493725305c4131fbcafa716ae0c6109
	* g10/tdbio.c (take_write_lock, tdbio_set_dbname): Fix message.

2015-06-15  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix a race condition initially creating trustdb.
	+ commit 6f992d94ea708535b2f3a3de22b429401d59fac9
	* g10/tdbio.c (take_write_lock, release_write_lock): New.
	(put_record_into_cache, tdbio_sync, tdbio_end_transaction): Use
	new lock functions.
	(tdbio_set_dbname): Fix the race.
	(open_db): Don't call dotlock_create.

2015-05-19  NIIBE Yutaka  <gniibe@fsij.org>

	g10: detects public key encryption packet error properly.
	+ commit f3b00d88efa25e23f70b757cf99302af77d3d7ae
	g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for
	encryption.

	g10: Improve handling of no corresponding public key.
	+ commit b3fd30451a5464b124b0296afbc341cb98b3977c
	* g10/getkey.c (get_seckey): Return G10ERR_NO_PUBKEY when it's not
	exact match.

2015-04-30  NIIBE Yutaka  <gniibe@fsij.org>

	g10: fix cmp_public_key and cmp_secret_keys.
	+ commit 04667cabef2d6aaa214b288482bb902c891893a5
	* g10/free-packet.c (cmp_public_keys, cmp_secret_keys): Compare opaque
	data at the first entry of the array when it's unknown algo.
	* mpi/mpi-cmp.c (mpi_cmp): Backport libgcrypt 1.5.0's semantics.

2015-04-05  Werner Koch  <wk@gnupg.org>

	gpg: Fix DoS while parsing mangled secret key packets.
	+ commit 506eb6fec67f170827777f2f44ced6f50745a0ad
	* g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read
	et al.

2015-03-28  Werner Koch  <wk@gnupg.org>

	gpg: Remove left-over debug message.
	+ commit f34d88364a984947bcd7c344f9532f683b856353
	* g10/armor.c (check_input): Remove log_debug.

2015-02-27  Werner Koch  <wk@gnupg.org>

	Release 1.4.19.
	+ commit bcf44e2d153792e20036a26126ad77cef79a0304


	po: Update German translation.
	+ commit 47c2369bb723aac85caf848a7b563889e83bc88f


2015-02-26  David Prévot  <taffit@debian.org>

	po: Update French translation.
	+ commit 9dbfca0db80789d8d2020a945de2ccff484abc02


2015-02-26  Roman Pavlik  <rp@tns.cz>

	po: Update Czech translation.
	+ commit bcccd89eb93a413f633570d250b1e004cddef765


2015-02-26  Frans Spiesschaert  <Frans.Spiesschaert@yucom.be>

	po: Update Dutch translation.
	+ commit 0e4a82c59bd087a6099cccec3a4419f8f57bb3c0


2015-02-26  Manuel \"Venturi\" Porras Peralta  <venturi@openmailbox.org>

	po: Update Spanish translation.
	+ commit d27a4779108e265ad08d8f74887d32723cb62197


2015-02-26  Jakub Bogusz  <qboosh@pld-linux.org>

	po: Update Polish translation.
	+ commit 17a2356328d0cdf9ed7fcc3e8f1f3867d3ff611d


2015-02-26  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit 054b2c113ea01ff79dbe8365dba0c239ee4821e2


2015-02-26  Yuri Chornoivan  <yurchor@ukr.net>

	po: Update Ukrainian translation.
	+ commit e5b5f50af74c7a760240c109f2b4c37d92d254b8


2015-02-26  Milo Casagrande  <milo@milo.name>

	po: Update Italian translation.
	+ commit d252043b9b0aac9145f38d184c34cefbf1f9f1c9


2015-02-26  Jedi Lin  <Jedi@Jedi.org>

	Update Chinese (traditional) translation.
	+ commit 4986eddbdf3485452546e9243729522c2c3fef93


2015-02-26  Werner Koch  <wk@gnupg.org>

	Fix for building without DNS support.
	+ commit c43391f96537c304a8fddd2939a8380d8dd13319
	* util/cert.c (get_cert) [!USE_DNS_CERT]: Add want_ipgp.

	po,intl: Update to 0.19.3.
	+ commit 8adbf74b9398813c3e5d07c0789eaf75a6c3d97e


	Switch to a hash and CERT record based PKA system.
	+ commit 52c6c30647a96162a10715e667299167717c58dd
	* util/pka.c: Rewrite.
	(get_pka_info): Add arg fprbuflen.  Change callers to pass this.
	* util/strgutil.c (ascii_strlwr): New.
	* configure.ac: Remove option --disable-dns-pka.
	(USE_DNS_PKA): Remove ac_define.
	* g10/getkey.c (parse_auto_key_locate): Always include PKA.

	Move two functions from g10/ to util/.
	+ commit 240451a26e3e1fdabe0451a33f8918d4adfa852b
	* g10/misc.c (has_invalid_email_chars, is_valid_mailbox): Move to ...
	* util/strgutil.c: here.

	Add new function strconcat.
	+ commit 484d0730582a57808333e6af58d51c471f2b125a
	* include/util.h (GNUPG_GCC_A_SENTINEL): New.
	* util/strgutil.c (do_strconcat, strconcat): New.

	Add convenience function to hash a buffer.
	+ commit 2e7a3ed39007deb561a9175f7fccd52946c85d28
	* cipher/sha1.c (sha1_hash_buffer): New.

	Allow requesting only an IPGP certtype with dns_cert().
	+ commit d2323ce6fdceeba9765f23a1d5b5e4cb127d99ed
	* util/cert.c (get_cert): Add arg want_ipgp.  Change callers.

2015-02-26  NIIBE Yutaka  <gniibe@fsij.org>

	mpi: Avoid data-dependent timing variations in mpi_powm.
	+ commit 6cbc75e71295f23431c4ab95edc7573f2fc28476
	* include/mpi.h, mpi/mpiutils.c (mpi_set_cond): New.
	* mpi/mpi-pow.c (SIZE_PRECOMP): Rename from SIZE_B_2I3.
	(mpi_powm): Access all data in the table and use mpi_set_cond.

2015-02-23  Werner Koch  <wk@gnupg.org>

	Protect against NULL return of mpi_get_opaque.
	+ commit e0c13ad5f290aec05706797b8f6c9e13d613eb66
	* g10/seckey-cert.c (do_check): Call BUG for NULL return of
	get_opaque.

2015-02-23  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Fix segv due to NULL value stored as opaque MPI.
	+ commit 6f032181ba78c5eeb14f9aab4307a75bbaf0b115
	* g10/build-packet.c (do_secret_key): Check for NULL return from
	gcry_mpi_get_opaque.
	* g10/keyid.c (hash_public_key): Ditto.

2015-02-23  Werner Koch  <wk@gnupg.org>

	gpg: Remove an unused variable.
	+ commit a35ed8af41a91a52e1bbf992522a209f9c27dd55
	* g10/import.c (import): Remove need_armor.

	[dkg: rebased to STABLE-BRANCH-1-4]

2015-02-23  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	curl-shim: clean up varargs.
	+ commit 2b2f2767851eccb12e591c7a3fa432e6bf9db8f2
	* keyserver/curl-shim.c (curl_easy_setopt) : ensure that va_end is
	  called.

2015-02-23  Werner Koch  <wk@gnupg.org>

	gpg: Print better diagnostics for keyserver operations.
	+ commit cf8d89b0ce69d4cfaa835fab913cc7c77565a75d
	* g10/armor.c (parse_key_failed_line): New.
	(check_input): Watch out for gpgkeys_ error lines.
	* g10/filter.h (armor_filter_context_t): Add field key_failed_code.
	* g10/import.c (import): Add arg r_gpgkeys_err.
	(import_keys_internal): Ditto.
	(import_keys_stream): Ditto.
	* g10/keyserver.c (keyserver_errstr): New.
	(keyserver_spawn): Detect "KEY " lines while sending.  Get gpgkeys_err
	while receiving keys.
	(keyserver_work): Add kludge for better error messages.

	Use inline functions to convert buffer data to scalars.
	+ commit 57af33d9e7c9b20b413b96882e670e75a67a5e65
	* include/host2net.h (buf16_to_ulong, buf16_to_uint): New.
	(buf16_to_ushort, buf16_to_u16): New.
	(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.

	gpg: Prevent an invalid memory read using a garbled keyring.
	+ commit 81d3e541326e94d26a953aa70afc3cb149d11ebe
	* g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet
	types.

	gpg: Fix a NULL-deref in export due to invalid packet lengths.
	+ commit 68f260f77a9e4f5cacf0a58e4f55ddee125d3f00
	* g10/build-packet.c (write_fake_data): Take care of a NULL stored as
	opaque MPI.

	gpg: Fix a NULL-deref due to empty ring trust packets.
	+ commit 2e8db53854506572e9d5b5908e143b5ca28f30f5
	* g10/parse-packet.c (parse_trust): Always allocate a packet.

	gpg: Limit the size of key packets to a sensible value.
	+ commit 27d7addccf782d5cb0084cb17522d712d4a6d6b6
	* g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New.
	(MAX_UID_PACKET_LENGTH): New.
	(MAX_COMMENT_PACKET_LENGTH): New.
	(MAX_ATTR_PACKET_LENGTH): New.
	(parse_key): Limit the size of a key packet to 256k.
	(parse_user_id): Use macro for the packet size limit.
	(parse_attribute): Ditto.
	(parse_comment): Ditto.

	gpg: Allow predefined names as answer to the keygen.algo prompt.
	+ commit 20e14e331de4a7e9746650f8b39c1a66d2565c9e
	* g10/keygen.c (ask_algo): Add list of strings.

	gpg: Print a warning if the subkey expiration may not be what you want.
	+ commit 8baf452bb308a59478c9148109f4c78941170ecc
	* g10/keyedit.c (subkey_expire_warning): New.
	keyedit_menu): Call it when needed.

2015-02-11  Werner Koch  <wk@gnupg.org>

	Use ciphertext blinding for Elgamal decryption.
	+ commit ff53cf06e966dce0daba5f2c84e03ab9db2c3c8b
	* cipher/elgamal.c (USE_BLINDING): New.
	(decrypt): Rewrite to use ciphertext blinding.

2015-01-19  Werner Koch  <wk@gnupg.org>

	Modernize to automake 1.14.
	+ commit 592e1aa407a021ed8477f82b1291f30c80291086
	* Makefile.am (AUTOMAKE_OPTIONS): Move to ...
	* configure.ac (AM_INIT_AUTOMAKE): here and add serial-tests.

	* keyserver/Makefile.am: Replace INCLUDES by AM_CPPFLAGS.
	* mpi/Makefile.am: Ditto.
	* util/Makefile.am: Ditto.
	* keyserver/Makefile.am: Ditto.  Adjusted other things.

	* m4/intl.m4, m4/po.m4: Use autoconf's AC_PROG_MKDIR_P.

	Fix a problem with select and high fds.
	+ commit 8adb5ff26062f717619aa816de8b27aa7d40d6c8
	* cipher/rndlinux.c (rndlinux_gather_random): Check fd before using
	FD_SET.

2015-01-13  Werner Koch  <wk@gnupg.org>

	doc: Formatting fixes.
	+ commit ed6287d2e1546ee0f4064675270da003f51e1b39
	* doc/gpl.texi: Fix enumerate and re-indent examples.

2015-01-13  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	avoid future chance of using uninitialized memory.
	+ commit e7cbce8fb2b7417fd1048f916b3e3281f5b9dd7b
	* util/iobuf.c: (iobuf_open): initialize len

2015-01-13  Werner Koch  <wk@gnupg.org>

	doc: Fix memory leak in yat2m.
	+ commit e2e822d22526c1545e095bc24173b732137f5737
	* doc/yat2m.c (write_th): Free NAME.

	gpg: Fix possible read of unallocated memory.
	+ commit aab282855ada8dddee99c777c91829344e91f31a
	* g10/parse-packet.c (can_handle_critical): Check content length
	before calling can_handle_critical_notation.

2015-01-09  Werner Koch  <wk@gnupg.org>

	scd: Fix possibly inhibited checkpin of the admin pin.
	+ commit c83e250ef36c28a275de74d96e89898e9f99cb1e
	* scd/app-openpgp.c (do_check_pin): Do not check a byte of a released
	buffer.

2015-01-08  Joshua Rogers  <git@internot.info>

	scd: fix get_public_key for OpenPGPcard v1.0.
	+ commit 3ca1f4098c70d322658cfaaa0d12164e6ac6d5ad
	* scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use.

2014-12-12  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: release DEK soon after its use.
	+ commit da66ad5bba4215b9ddd0cb927a89aa75355632aa
	* g10/keygen.c (generate_subkeypair): Release DEK soon.

2014-11-24  Werner Koch  <wk@gnupg.org>

	gpg: Fix use of uninit.value in listing sig subpkts.
	+ commit 2d359681f08999686734421228cb69893d8a0060
	* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
	sanitized.

	gpg: Fix off-by-one read in the attribute subpacket parser.
	+ commit 2b4809406b6536cbb67a2282bf855710b8454dc2
	* g10/parse-packet.c (parse_attribute_subpkts): Check that the
	attribute packet is large enough for the subpacket type.

	gpg: Fix a NULL-deref for invalid input data.
	+ commit 69767ccf4218d0dc5ef2d7e141be0f14c88fea59
	* g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
	entry.

2014-11-14  Werner Koch  <wk@gnupg.org>

	gpg: Make the use of "--verify FILE" for detached sigs harder.
	+ commit fbb50867f81d790c4bf819dcadcd14be6c3f957b
	* g10/openfile.c (open_sigfile): Factor some code out to ...
	(get_matching_datafile): new function.
	* g10/plaintext.c (hash_datafiles): Do not try to find matching file
	in batch mode.
	* g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
	matching data file is not used by a standard signatures.

2014-11-12  Werner Koch  <wk@gnupg.org>

	gpg: Add import option "keep-ownertrust".
	+ commit 42d2474a02aa46e6fecf0e35c067aa0b6481ffbe
	* g10/options.h (IMPORT_KEEP_OWNERTTRUST): New.
	* g10/import.c (parse_import_options): Add "keep-ownertrust".
	(import_one): Act upon new option.

2014-10-03  Werner Koch  <wk@gnupg.org>

	mpi: Fix compiler warning.
	+ commit f68123551f4d5b286309006da67c57878f6cc619
	* mpi/mpi-inv.c (mpi_invm): Do not return a value.

2014-10-03  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Add build and runtime support for larger RSA keys.
	+ commit 534e2876acc05f9f8d9b54c18511fe768d77dfb5
	* configure.ac: Added --enable-large-secmem option.
	* g10/options.h: Add opt.flags.large_rsa.
	* g10/gpg.c: Contingent on configure option: adjust secmem size,
	add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
	* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
	* doc/gpg.texi: Document --enable-large-rsa.

2014-09-29  Werner Koch  <wk@gnupg.org>

	doc: Final update from master (gnupg 2.1)
	+ commit 3209f270d236fae588edaab3d48fe707eb25641c
	* doc/Makefile.am (sources_from_trunk): Remove.
	(update-source): Make it a dummy.
	* doc/gpg.texi: Update.
	* doc/yat2m.c: Update.

	Allow use of --debug-level=LEVEL without '='.
	+ commit ad30b2a4ae06a51f747bbd8a3c0985333295f8c6
	* g10/gpg.c (opts): Fix "debug-level".

2014-09-11  Werner Koch  <wk@gnupg.org>

	mpi: Improve mpi_invm to detect bad input.
	+ commit cd53cdbc3774fb193bdebcdc5d7019ddebc16dbc
	* mpi/mpi-inv.c (mpi_invm): Return 0 for bad input.

2014-08-20  Werner Koch  <wk@gnupg.org>

	mpi: Suppress set-but-unused-variables warnings.
	+ commit b89f57fe5db364f78154671e1b2fe1ecd1b5c407
	* include/types.h (GNUPG_GCC_ATTR_UNUSED): Define for gcc >= 3.5.
	* mpi/mpih-div.c (mpihelp_divmod_1, mpihelp_mod_1): Mark dummy as
	 unused.
	* mpi/mpi-internal.h (UDIV_QRNND_PREINV): Mark _ql as unused.

	Fix strict-alias warnings for rijndael.c.
	+ commit ecf2728230788f413cf1864c3cbda73d63de8491
	* cipher/rijndael.c (do_setkey, prepare_decryption): Use u32_a_t cast.

	gpg: Allow compressed data with algorithm 0.
	+ commit 45e3b81114f40070dd638ac790f42df01b8c1484
	* g10/mainproc.c (proc_compressed): Remove superfluous check for
	an algorithm number of 0.

2014-08-06  Werner Koch  <wk@gnupg.org>

	gpg: Fix regression due to the keyserver import filter.
	+ commit d58552760b26d840824658814d59c8b1a25a4219
	* g10/keyserver.c (keyserver_retrieval_filter): Change args.  Rewrite
	to take subpakets in account.
	* g10/import.c (import_one, import_secret_one): Pass keyblock to
	filter.

	Add kbnode_t for easier backporting.
	+ commit dcf58b3471b1c9ba87a826aa132033e506664808
	* g10/global.h (kbnode_t): New.

2014-06-30  Werner Koch  <wk@gnupg.org>

	Release 1.4.18.
	+ commit 6a7b763e05d352a08f639d5eef9d0bac01c5c456


	Limit keysize for unattended key generation to useful values.
	+ commit aae7ec516b79e20938c56fd48fc0bc9d2116426c
	* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
	(gen_rsa): Enforce keysize 1024 to 4096.
	(gen_dsa): Enforce keysize 768 to 3072.

	Make screening of keyserver result work with multi-key commands.
	+ commit 955524f4359ba9e9de213f4067c38df9ae4808a8
	* g10/keyserver.c (ks_retrieval_filter_arg_s): new.
	(keyserver_retrieval_filter): Use new struct and check all
	descriptions.
	(keyserver_spawn): Pass filter arg suing the new struct.

2014-06-23  Werner Koch  <wk@gnupg.org>

	Release 1.4.17.
	+ commit 297f2ac6451e638ed96926d06b01189076010823


	doc: Update from master.
	+ commit bfc7893bdaf4dc674799ddddc0cae8f0af642b9d


	Fix syntax error introduced with 60bd6488.
	+ commit 0d0961c483f9cd0e195f88c0c82dbf2c859f88fe
	* g10/apdu.c (pcsc_dword_t): Fix syntax error.

2014-06-23  Stefan Tomanek  <tomanek@internet-sicherheit.de>

	Screen keyserver responses.
	+ commit 5230304349490f31aa64ee2b69a8a2bc06bf7816
	* g10/main.h: Typedef import_filter for filter callbacks.
	* g10/import.c (import): Add filter callbacks to param list.
	(import_one): Ditto.
	(import_secret_one): Ditto.
	(import_keys_internal): Ditto.
	(import_keys_stream): Ditto.
	* g10/keyserver.c (keyserver_retrieval_filter): New.
	(keyserver_spawn): Pass filter to import_keys_stream()

2014-06-23  Werner Koch  <wk@gnupg.org>

	Print hash algorithm in sig records.
	+ commit 8eab483a1c4817a2946624c7305f464089d1875e
	* g10/keylist.c (list_keyblock_colon): Print field 16.

	Remove useless diagnostic in MDC verification.
	+ commit 01bd0558dd2f8b80d2f3b61f91c11a68357c91fd
	* g10/encr-data.c (decrypt_data): Do not distinguish between a bad MDC
	packet header and a bad MDC.

	intl: Fix for uClibc.
	+ commit bb4d5c2d5f20afff4f5382b33e9f530e3352c06f
	* intl/localename.c (gl_locale_name_thread_unsafe): Take care of
	uCLIBC.

	PC/SC cleanup.
	+ commit 60bd6488c06dd849465bfbff518297a24d28ea08
	* g10/apdu.c (pcsc_dword_t): New.  It was named as DWORD (double-word)
	when a word was 16-bit.
	(struct reader_table_s): Fixes for types.
	(struct pcsc_readerstate_s) [__APPLE__]: Enable #pragma pack(1).
	Throughout: Fixes for types.

	gpg: Use more specific reason codes for INV_RECP.
	+ commit 4239780d5a8418d675884309416aa3f71b5b8faa
	* g10/pkclist.c (build_pk_list): Use more specific reasons codes for
	INV_RECP.

	doc: Remove outdated Russian man page.
	+ commit e28cbdc5598d64bd3f87230cc4e9f0e11da3893e
	* configure.ac (DOCBOOK_TO_MAN): Remove.
	* doc/gpg.ru.sgml: Remove.
	* doc/Makefile.am: Remove all gpg.ru related code.

2014-06-20  Werner Koch  <wk@gnupg.org>

	gpg: Avoid infinite loop in uncompressing garbled packets.
	+ commit 11fdfcf82bd8d2b5bc38292a29876e10770f4b0a
	* g10/compress.c (do_uncompress): Limit the number of extra FF bytes.

2014-03-06  Werner Koch  <wk@gnupg.org>

	gpg: Need to init the trustdb for import.
	+ commit 23191d7851eae2217ecdac6484349849a24fd94a
	* g10/trustdb.c (clear_ownertrusts): Init trustdb.

2014-01-23  Werner Koch  <wk@gnupg.org>

	Support building using the latest mingw-w64 toolchain.
	+ commit 24ba0ce93263c42afb9f087ffcf2edda0b433022
	* acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Change mingw detection.

2013-12-13  Werner Koch  <wk@gnupg.org>

	Release 1.4.16.
	+ commit 7cdb86e0ad7a3f452c2f7358e3e830785281addc


2013-12-11  Werner Koch  <wk@gnupg.org>

	Change --show-session-key to print the session key earlier.
	+ commit fa3f555d756be0229ab10516b901e50230b22033
	* g10/mainproc.c (proc_encrypted): Move show_session_key code to ...
	* g10/decrypt-data.c (decrypt_data): here.

2013-12-10  Werner Koch  <wk@gnupg.org>

	Update config.{guess,sub} and some copyright notices.
	+ commit 4466fdba7bb4cac0b5c4a21b98903bb7f27fd9d9
	* scripts/config.guess, scripts/config.sub: Update to version
	2013-11-29.

2013-12-05  Werner Koch  <wk@gnupg.org>

	Prepare for newer automakes which default to parallel tests.
	+ commit 9b516323d7dc3e6103745becb63f5cc9fd8cc606
	* checks/Makefile.am: Add a list of test dependencies.

2013-12-03  Werner Koch  <wk@gnupg.org>

	Normalize the MPIs used as input to secret key functions.
	+ commit d0d72d98f34579213230b3febfebd2fd8dff272b
	* cipher/rsa.c (secret): Normalize the INPUT.
	(rsa_decrypt): Pass reduced data to secret.
	* cipher/elgamal.c (decrypt): Normalize A and B.
	* cipher/dsa.c (sign): Normalize HASH.

	Use blinding for the RSA secret operation.
	+ commit 93a96e3c0c33370248f6570d8285c4e811d305d4
	* cipher/random.c (randomize_mpi): New.
	* g10/gpgv.c (randomize_mpi): New stub.
	* cipher/rsa.c (USE_BLINDING): Define macro.
	(secret): Implement blinding.

2013-11-27  Werner Koch  <wk@gnupg.org>

	gpg: Change armor Version header to emit only the major version.
	+ commit b135372176b29ca985afa18398a455fd4e2a2063
	* g10/options.h (opt): Rename field no_version to emit_version.
	* g10/gpg.c (main): Init opt.emit_vesion to 1.  Change --emit-version
	to bump up opt.emit_version.
	* g10/armor.c (armor_filter): Implement different --emit-version
	values.

2013-10-18  Werner Koch  <wk@gnupg.org>

	mpi: mpi-pow improvements.
	+ commit cad8216f9a0b33c9dc84ecc4f385b00045e7b496
	* mpi/mpi-pow.c (USE_ALGORITHM_SIMPLE_EXPONENTIATION): New.
	(mul_mod) [!USE_ALGORITHM_SIMPLE_EXPONENTIATION]: New.
	(mpi_powm) [!USE_ALGORITHM_SIMPLE_EXPONENTIATION]: New implementation
	of left-to-right k-ary exponentiation.

	Print the keyid for key packets with --list-packets.
	+ commit 0bdf121d1dcf98d7df28af67272caaac07f6f581
	* g10/parse-packet.c (parse_key): Add keyid printing.

2013-10-11  Werner Koch  <wk@gnupg.org>

	mpi: Fix syntax error for mips64 and gcc < 4.4.
	+ commit 9d89564a4255d58b7e26c6845bcea69ec5b0214f
	* mpi/longlong.h [__mips && gcc < 4.4]: Fix cpp syntax error.

	gpg: Do not require a trustdb with --always-trust.
	+ commit 2528178e7e2fac6454dd988121167305db7c71d9
	* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
	* g10/trustdb.c (trustdb_args): Add field no_trustdb.
	(init_trustdb): Set that field.
	(revalidation_mark):  Take care of a nonexistent trustdb file.
	(read_trust_options): Ditto.
	(get_ownertrust): Ditto.
	(get_min_ownertrust): Ditto.
	(update_ownertrust): Ditto.
	(update_min_ownertrust): Ditto.
	(clear_ownertrusts): Ditto.
	(cache_disabled_value): Ditto.
	(check_trustdb_stale): Ditto.
	(get_validity): Ditto.
	* g10/gpg.c (main): Do not create a trustdb with most commands for
	trust-model always.

2013-10-04  Werner Koch  <wk@gnupg.org>

	Release 1.4.15.
	+ commit 8707657fe635b50a5e1a4ed804ea2645c1427ac6


	doc: Update from master.
	+ commit f5c32bd1c6416c97762d7960c94d6f536e259cfa


	gpg: Print a "not found" message for an unknown key in --key-edit.
	+ commit 4a06d9a600def07fdcbb9a6a9500776767d3c2f4
	* g10/keyedit.c (keyedit_menu): Print message.

	gpg: Protect against rogue keyservers sending secret keys.
	+ commit d74dd36c11f1643bd92efb50714e2448cdb885d0
	* g10/options.h (IMPORT_NO_SECKEY): New.
	* g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
	flag.
	* g10/import.c (import_secret_one): Deny import if flag is set.

2013-10-04  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Allow setting of all zero key flags.
	+ commit fe0fb5e6b0bb351eb6244e290e112a22a68472d8
	* g10/keygen.c (do_add_key_flags): Do not check for empty key flags.
	(cherry picked from commit b693ec02c467696bf9d7324dd081e279f9965151)
	(cherry picked from commit dd868acb0d13a9f119c0536777350a6c237a66a1)

2013-10-04  Werner Koch  <wk@gnupg.org>

	gpg: Distinguish between missing and cleared key flags.
	+ commit 27d0f32f77fbef59ddf7c6d79b5b4adee6b2e6ac
	* include/cipher.h (PUBKEY_USAGE_NONE): New.
	* g10/getkey.c (parse_key_usage): Set new flag.

	keyserver: Allow use of cURL's default CA store.
	+ commit 69088ac76fd4b9f303edf3c1453088dda8596399
	* keyserver/gpgkeys_curl.c (main): Set CURLOPT_CAINFO only if a file
	has been given.
	* keyserver/gpgkeys_hkp.c (main): Ditto.

	gpg: Limit the nesting level of I/O filters.
	+ commit f10b184e48015f30849d7611bd9654ed23b91211
	* until/iobuf.c (MAX_NESTING_FILTER): New.
	(iobuf_push_filter2): Limit the nesting level.

2013-10-02  Werner Koch  <wk@gnupg.org>

	gpg: Fix bug with deeply nested compressed packets.
	+ commit d90a1d23404f482cc4a5a2b2ee0f296d67ff2227
	* g10/mainproc.c (MAX_NESTING_DEPTH): New.
	(proc_compressed): Return an error code.
	(check_nesting): New.
	(do_proc_packets): Check packet nesting depth.  Handle errors from
	check_compressed.

2013-09-16  Werner Koch  <wk@gnupg.org>

	Fix bug in mpi_tdiv_q_2exp.
	+ commit 9dc6dd0572102a2fa27df28ba4d66728827eb03d
	* mpi/mpi-internal.h (MPN_COPY_INCR): Make it work.

2013-08-30  Werner Koch  <wk@gnupg.org>

	gpg: Use 2048 as the default keysize in batch mode.
	+ commit 6ed7056197e7ede1305b25457e4633c4ac4301d4
	* g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to
	2048.

2013-08-02  Werner Koch  <wk@gnupg.org>

	gpg: No need to create a trustdb when encrypting with --always-trust.
	+ commit a1a59e6a539e597996976d0afb6aa3062e954188
	* g10/gpg.c (main): Special case setup_trustdb for --encrypt.

2013-07-25  Werner Koch  <wk@gnupg.org>

	Release 1.4.14.
	+ commit fb5c9deaa506249518705846cd9f4c178fe1c4e6


2013-07-25  Jedi Lin  <Jedi@Jedi.org>

	Update Chinese translation.
	+ commit beb6a51df79ce25f16b9b37b25badbc02cb05782


2013-07-25  Werner Koch  <wk@gnupg.org>

	Update to modern beta release numbering scheme.
	+ commit 439999da117d9be9f88bb3e0ce7c444f9484ee2f
	* configure.ac: s/my_/mym4_/.  Add new release building code.

	Prepare for a forthcoming new algorithm id.
	+ commit 801803ab6e954173c2dcb7f0eb6eb8623238e99c
	* include/cipher.h (PUBKEY_ALGO_ECC): New.
	* g10/keyid.c (pubkey_letter): Add letter 'C'.

	Mitigate a flush+reload cache attack on RSA secret exponents.
	+ commit 35646689f4b80955ff7dbe1687bf2c479c53421e
	* mpi/mpi-pow.c (mpi_powm): Always perform the mpi_mul for exponents
	hold in secure memory.

	Fix git revision parsing.
	+ commit fd86f3031161f11c3cbef643a213a04c821364dd
	* configure.ac: Use git rev-parse to retrieve the revision.

2013-07-16  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: fix previous change.
	+ commit f61d8fa5a7591423f5a2ef43725b308acd5f2357
	* g10/gpgv.c: Fix void dotlock_remove_lockfiles.

2013-07-12  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: signal handling fix.
	+ commit 212a325d428e0ab5c51c42a3ea33efb21ad1f79f
	* include/dotlock.h (dotlock_remove_lockfiles_reclaim): New.
	  (dotlock_destroy, dotlock_remove_lockfiles): Add a flag to reclaim
	  memory or not.
	* util/dotlock.c (dotlock_create): Use
	  dotlock_remove_lockfiles_reclaim for atexit.
	  (dotlock_destroy_unix, dotlock_destroy)
	  (dotlock_remove_lockfiles): Add a reclaim flag.
	  (dotlock_remove_lockfiles_reclaim): New.
	* g10/signal.c (got_fatal_signal): Disable flag of reclaim memory to
	  avoid non-async-face call.
	* g10/keydb.c (maybe_create_keyring): Follow the API change.
	* g10/gpgv.c: Follow the API change.

2013-03-03  David Shaw  <dshaw@jabberwocky.com>

	Differentiate between success (full or partial), not-found, and failure.
	+ commit 6f0ec6ab485f48c8079ab2a16ed41ee7859f88ab
	* keyserver/gpgkeys_hkp.c (get_key): Use curl_easy_setinfo to get the
	  HTTP status code so we can tell the difference between a successful
	  retrieval, a partial retrieval, a not-found, or a server failed.

	Emulate curl_easy_getinfo and CURLINFO_RESPONSE_CODE in curl-shim.
	+ commit ca0b94d4d41c81045ed97fad0569ff4b64e5a6fe
	* keyserver/curl-shim.h, keyserver/curl-shim.c (curl_easy_getinfo):
	  New. Return the HTTP status code for the last transfer.

2013-01-30  David Shaw  <dshaw@jabberwocky.com>

	Fix DNS check for recent OS X releases.
	+ commit 1edc1b3751496885b236f5ab1194ad667c96b174
	* configure.ac: OS X now needs BIND_8_COMPAT and -lresolv

2013-01-11  Werner Koch  <wk@gnupg.org>

	Automake 1.13 compatibility fix.
	+ commit b4d4acf491105687c98178b6f4efed2ca9bdc98f
	* configure.ac: s/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/.

	Fix idea.c for big endian CPUs.
	+ commit 37f1a427440b9bb4374bf7d878f17190df75918b
	* cipher/idea.c: Replace use of WORDS_BIGENDIAN by BIG_ENDIAN_HOST.

2013-01-11  Christian Aistleitner  <christian@quelltextlich.at>

	Fix honoring --cert-digest-algo when recreating a cert.
	+ commit ff5cfadc2c402ebc3884ad2575bc5a51f0067f56
	* g10/sign.c (update_keysig_packet): Override original signature's
	digest algo in hashed data.

2012-12-20  Werner Koch  <wk@gnupg.org>

	Release 1.4.13.
	+ commit 0bd168bf8eecf4ec11c147edada0f08bebdc6cc0


	Last fix for the SRV record patches.
	+ commit 2812ab7d6a7f47128edd89c41038c553f7153318
	* keyserver/gpgkeys_hkp.c (srv_replace): Make sure SRVCOUNT is
	always initialized.

	Update manuals from master.
	+ commit 65d6da865ca868781eca386b57d498e6be33e582
	* doc/Makefile.am (update-source): Copy from Git master.
	(update-source-from-gnupg-2): Remove.
	* doc/gpg.texi: Fix minor typos and grammar bugs.
	* doc/yat2m.c: Change diagnostics to updated coding standards.

	Update config.{guess,sub} to version 2012-07-31.
	+ commit cb5f64042054305e3a6ef7030a74a3c88d567185
	* scripts/config.guess, scripts/config.sub: Update.

2012-12-20  Joe Hansen  <joedalton2@yahoo.dk>

	po: Update Danish translation.
	+ commit f464a3d3a83f426e4cacf73d0e676513eabdc52d
	* po/da.po: Update.

2012-12-20  Werner Koch  <wk@gnupg.org>

	gpg: Suppress "public key already present" in quiet mode.
	+ commit 3a4b96e665fa639772854058737ee3d54ba0694e
	* g10/pkclist.c (build_pk_list): Print two diagnostics only in
	non-quiet mode.

	Import only packets which are allowed in a keyblock.
	+ commit f795a0d59e197455f8723c300eebf59e09853efa
	* g10/import.c (valid_keyblock_packet): New.
	(read_block): Store only valid packets.

2012-12-19  David Shaw  <dshaw@jabberwocky.com>

	Issue 1447: Pass proper Host header and SNI when SRV is used with curl.
	+ commit 5c557a51cdf37d9f50b3d5d7e11d17e6ea6bb2b8
	* configure.ac: Check for inet_ntop.

	* m4/libcurl.m4: Provide a #define for the version of the curl
	  library.

	* keyserver/gpgkeys_hkp.c (main, srv_replace): Call getaddrinfo() on
	  each target.  Once we find one that resolves to an address (whether
	  IPv4 or IPv6), pass it into libcurl via CURLOPT_RESOLVE using the
	  SRV name as the "host".  Force the HTTP Host header to be the same.

	Backported from 6b1f71055ebab36989e2089cfde319d2ba40ada7

	* keyserver/gpgkeys_hkp.c (main): Only default try-dns-srv to on if we
	  have SRV support in the first place.

	Backported from 732f3d1d4786239db5f31f82cc04ec79326cc13c

	Part of issue 1447: Pass proper Host header when SRV is used.
	+ commit 6c3a76cca064070d0a9e636fedc824415e710451
	* common/http.c (send_request, connect_server): Set proper Host header
	  (no :port, host is that of the SRV) when SRV is used in the
	  curl-shim.

	Backported from cbe98b2cb1e40ba253300e604996681ae191e363

2012-12-19  Werner Koch  <wk@gnupg.org>

	Fix last commit.
	+ commit 58004340cc8c7124edc3c6866eec5478499b252e
	* util/http.c (connect_server): Bump SRVINDEX and not SRV.

2012-12-19  David Shaw  <dshaw@jabberwocky.com>

	Fix issue 1446: honor ports given in SRV responses.
	+ commit f2f12f41efe5a476833295dc6c44fcd887d0abe6
	* common/http.c (send_request, connect_server, http_open): Use a
	  struct srv instead of a single srvtag so we can pass the chosen host
	  and port back to the caller.
	  (connect_server): Use the proper port in the HAVE_GETADDRINFO case.

	* keyserver/curl-shim.c (curl_easy_perform): Use struct srv and log
	  chosen host and port.

	* keyserver/gpgkeys_hkp.c (main): Properly take the port given by SRV.

	Backported from ba9e974f1fd85b3dbbfb5e26d7a14f71d07c7cf2

2012-12-18  Werner Koch  <wk@gnupg.org>

	Add meta option ignore-invalid-option.
	+ commit 8044a5acea80cb749159cd725e95bad246be5f72
	* util/argparse.c (iio_item_def_s, IIO_ITEM_DEF): New.
	(initialize): Init field IIO_LIST.
	(ignore_invalid_option_p): New.
	(ignore_invalid_option_add): New.
	(ignore_invalid_option_clear): New.
	(optfile_parse): Implement meta option.

2012-12-15  Werner Koch  <wk@gnupg.org>

	Fix potential heap corruption in "gpg -v --version"
	+ commit e33e74e3a4b2b4a0341f933410ddd5db7a12515e
	* g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
	certain locales.
	* util/membuf.c (put_membuf_str): New.
	(get_membuf): Make LEN optional.

2012-12-14  Werner Koch  <wk@gnupg.org>

	Workaround for a gettext problem during "make distcheck".
	+ commit e9385a6651e1c2cc2d5cc9032468d93ce3ef1ea0
	* configure.ac: Add comment string "GNU gnupg".

	gettext: Upgrade to version 0.18.
	+ commit 4032aa8be8ee74d3561dfa6802b977f4586cef53
	* configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.18.
	* po/Makefile.in.in: Upgrade to gettext-0.18.  Keep option --previous
	of msgmerge.
	* intl/: Upgrade to gettext-0.18.
	* m4/gettext.m4: Upgrade to gettext-0.18.1.
	* m4/iconv.m4: Upgrade to gettext-0.18.1.
	* m4/lib-ld.m4: Upgrade to gettext-0.18.1.
	* m4/lib-link.m4: Upgrade to gettext-0.18.1.
	* m4/lib-prefix.m4: Upgrade to gettext-0.18.1.
	* m4/nls.m4: Upgrade to gettext-0.18.1.
	* m4/po.m4: Upgrade to gettext-0.18.1.
	* m4/progtest.m4: Upgrade to gettext-0.18.1.
	* m4/codeset.m4: Upgrade to gettext-0.18.1.
	* m4/fcntl-o.m4: New file, from gettext-0.18.1.
	* m4/glibc2.m4: Upgrade to gettext-0.18.1.
	* m4/glibc21.m4: Upgrade to gettext-0.18.1.
	* m4/intdiv0.m4: Upgrade to gettext-0.18.1.
	* m4/intl.m4: Upgrade to gettext-0.18.1.
	* m4/intldir.m4: Upgrade to gettext-0.18.1.
	* m4/intlmacosx.m4: Upgrade to gettext-0.18.1.
	* m4/intmax.m4: Upgrade to gettext-0.18.1.
	* m4/inttypes_h.m4: Upgrade to gettext-0.18.1.
	* m4/inttypes-pri.m4: Upgrade to gettext-0.18.1.
	* m4/lcmessage.m4: Upgrade to gettext-0.18.1.
	* m4/lock.m4: Upgrade to gettext-0.18.1.
	* m4/longlong.m4: Upgrade to gettext-0.18.1.
	* m4/printf-posix.m4: Upgrade to gettext-0.18.1.
	* m4/size_max.m4: Upgrade to gettext-0.18.1.
	* m4/stdint_h.m4: Upgrade to gettext-0.18.1.
	* m4/threadlib.m4: New file, from gettext-0.18.1.
	* m4/uintmax_t.m4: Upgrade to gettext-0.18.1.
	* m4/visibility.m4: Upgrade to gettext-0.18.1.
	* m4/wchar_t.m4: Upgrade to gettext-0.18.1.
	* m4/wint_t.m4: Upgrade to gettext-0.18.1.
	* m4/xsize.m4: Upgrade to gettext-0.18.1.
	* m4/Makefile.am (EXTRA_DIST): Add the new files.

2012-12-13  Werner Koch  <wk@gnupg.org>

	Support NetBSD m68K ELF targets.
	+ commit 0fee571260e56c11023a998d564bb9c0c1d87d70
	* mpi/config.links (m68k*-*-netbsdelf): New.

2012-12-13  NIIBE Yutaka  <gniibe@fsij.org>

	Card: Fix the process of writing key or generating key.
	+ commit 09dd073096439f6ae0122e57321201f79045d3bc
	* g10/app-openpgp.c (store_fpr): Flush KEY-FPR and KEY-TIME.

2012-11-30  David Shaw  <dshaw@jabberwocky.com>

	Fix mksamplekeys awk to not leave out the whitespace altogether.
	+ commit e71dbf244a2b6e7edcca37ac9544000f0629de0e


	Refresh sample keys.
	+ commit 3ab272086cdd39cc982b6deccd827a3cdb804cf1
	* mksamplekeys: Tweak awk script to not add trailing whitespace to
	  blank lines (makes git pre-commit hook unhappy).

	* samplekeys.asc: Refresh.

2012-11-29  David Shaw  <dshaw@jabberwocky.com>

	The keyserver search menu should honor --keyid-format.
	+ commit d42dcbfa923cc2e97faf588b19c19f63c4db409d
	* keyserver.c (print_keyrec): Honor --keyid-format when getting back
	  full fingerprints from the keyserver (the comment in the code was
	  correct, the code was not).

2012-11-08  Werner Koch  <wk@gnupg.org>

	tests: Skip secret key import check in SELinux mode.
	+ commit 95347cf950e2e26d1726791f9f4278af70dccce9
	* configure.ac (ENABLE_SELINUX_HACKS): New am_conditional.
	* checks/Makefile.am (prepared.stamp): Replace by defs-config.inc.
	(defs-config.inc): Create and set enable_selinux_hacks variable.
	* checks/defs.inc: Include defs-config.inc.

	* checks/armor.test: Do not run the last test in selinux mode.

	de.po: Grammar fix.
	+ commit e3e540604930d06ba23692ae3e4c43ec422a31b9
	* po/de.po: Grammar fix by Daniel Leidert

	Create off-line card encryption key with the right size.
	+ commit 64e7c237db1eb5f463f4b810b09eda232da83676
	* g10/keygen.c (gen_card_key_with_backup): Get the size of the key
	from the card.

	Support the not anymore patented IDEA cipher algorithm.
	+ commit b1eac93431c377805984210a8ef76f5c314c8a5f
	* cipher/idea.c: New.  Take from Libgcrypt master and adjust for
	direct use in GnuPG.
	* cipher/idea-stub.c: Remove.
	* cipher/Makefile.am: Add idea.c and remove idea-stub.c rules.
	* configure.ac: Remove idea-stub code.
	* g10/gpg.c (check_permissions): Remove code path for ITEM==2.
	(main): Make --load-extension a dummy option.
	* g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2
	compatibility mode.
	* g10/misc.c (idea_cipher_warn): Remove.  Also remove all callers.
	* g10/seckey-cert.c (do_check): Remove emitting of STATUS_RSA_OR_IDEA.
	* g10/status.c (get_status_string): Remove STATUS_RSA_OR_IDEA.
	* g10/status.h (STATUS_RSA_OR_IDEA): Remove.

2012-11-07  Werner Koch  <wk@gnupg.org>

	Fix usage of dlerror to conform to POSIX.
	+ commit c3a5448379cdf07b408a265fe8f477901524170d
	* cipher/idea-stub.c: Clear last error before dlsym.

	Improve handling of random_seed read errors.
	+ commit b1abc01d4ad199258b3d2fb579ac06c6fea747fd
	* cipher/random.c (read_seed_file): Distinguish between errors and
	short reads.

2012-11-06  Thomas Klausner  <wiz@NetBSD.org>

	Handle systems which have uint64_t but not the UINT64_C macro.
	+ commit 6a41f385c496c180ee730ce80ff5653746410759
	* include/types.h (U64_C) [!UINT64_C]: Add simple replacement.

2012-11-06  Werner Koch  <wk@gnupg.org>

	Fix extern inline use for gcc > 4.3 in c99 mode.
	+ commit 5093bed27580e608de073bcc5953bd76b6b8b2de
	* mpi/mpi-inline.h [!G10_MPI_INLINE_DECL]: Take care of changed extern
	inline semantics in gcc.

2012-08-24  Werner Koch  <wk@gnupg.org>

	Update translations to adjust for typo fixes.
	+ commit a1856e767ac4cefe3252211a81ef479f6e3e4e5f


2012-08-24  David Prévot  <taffit@debian.org>

	Update French translation.
	+ commit fadb3ca2f680d0ab5de6b64c3f34f3d5a874721b
	* po/fr.po: Update.

2012-08-24  Werner Koch  <wk@gnupg.org>

	Fix typos spotted during translations.
	+ commit a76efe1b05c50bb0688221bccbefaacd6932652d
	* g10/gpg.c: uppercase after Syntax
	* util/secmem.c (print_warn): Update URL.

2012-08-24  David Prévot  <taffit@debian.org>

	Keep previous msgids of translated messages.
	+ commit bc317df59a98daf83a5b69c7f8ad9954180e86b6
	* po/Makefile.in.in: Use option --previous with msgmerge.

2012-04-29  Werner Koch  <wk@gnupg.org>

	With --quiet do not print reading passphrase from fd message.
	+ commit 7a852fba6c3fce4ec6db8ab5287e646249251070
	Fix for bug#1403.
	* g10/passphrase.c (read_passphrase_from_fd): Act on --quiet.

2012-02-01  David Shaw  <dshaw@jabberwocky.com>

	Honor --cert-digest-algo when recreating a cert.
	+ commit 509fe4ce5d50089776b072c33c199798d3defe8c
	* g10/sign.c (update_keysig_packet): Honor --cert-digest-algo when
	  recreating a cert.

	This is used by various things in --edit-key like setpref, primary,
	etc.  Suggested by Christian Aistleitner.

2012-01-30  Werner Koch  <wk@gnupg.org>

	Release 1.4.12.
	+ commit 75b347a2a191ad479123a57f935e27b78e079188


	Fix ChangeLog creation rule.
	+ commit 3165b5cb8348881cfb5a158f5a9f0407f9c6bcba
	* Makefile.am (gen-ChangeLog): Use set -e.  Fixes commit b99e77d5.

	Add Ukrainian translation.
	+ commit 88d8ca22b5af043e7e58dc0f3354ccc78a08a08e
	* po/uk.po: New.
	* po/LINGUAS: Add uk.po.

	Update GNU helper files.
	+ commit e792d82bbaa0f4bc8666af911bf84735179e59be
	* scripts/config.guess, scripts/config.rpath: Update to version
	2012-01-01.
	* scripts/config.rpath, scripts/compile, scripts/depcomp: Update to
	modern version.
	* scripts/texinfo.tex: Update from current gnulib.

	Update documentation.
	+ commit 422774a1d99a2936f292333a25f288c5b274f0cd
	* doc/gpg.texi, doc/specify-user-id.texi, doc/yat2m.c: Update from
	current GnuPG master (commit bdde44a).

	Require gitlog-to-changelog to be installed.
	+ commit b99e77d59cb3def23328426cf92e28967f51b3da
	* Makefile.am (GITLOG_TO_CHANGELOG): New.
	(gen-ChangeLog): Use installed version of gitlog-to-changelog.

2012-01-20  Werner Koch  <wk@gnupg.org>

	Do not copy default merge commit log entries into the ChangeLog.
	+ commit 51c1e84265890b26bf3b6ac0b17fb14c58e6e893
	* scripts/gitlog-to-changelog: Skip merge commits.

2012-01-20  David Shaw  <dshaw@jabberwocky.com>

	Changes to --min-cert-level should cause a trustdb rebuild (issue 1366)
	+ commit f310735975a199f8fde08e7ffeb42412e75daa3c
	* g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level

	* g10/trustdb.c (check_trustdb_stale): Request a rebuild if
	  pending_check_trustdb is true (set when we detect a trustdb
	  parameter has changed).

	* g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons
	  listing for min_cert_level not matching.

	* g10/tdbio.c (tdbio_update_version_record, create_version_record,
	  tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record,
	  tdbio_write_record): Add a byte for min_cert_level in the tdbio
	  version record.

2012-01-16  Werner Koch  <wk@gnupg.org>

	w32: Always build with -fno-omit-frame-pointer.
	+ commit eb1c9a44c352ded1bcb9316f5fa0752b61abbb10
	This is required due to a bug in the mingw32 runtime.
	* configure.ac (HAVE_W32_SYSTEM): Force use of -fno-omit-frame-pointer.

	w32: Allow passing a relative name for the tarball.
	+ commit 9b16cd09d127a46f8772a2a2ec426767356d1ae2
	* scripts/mk-w32-dist: Prepend PWD to TARBALL.

	Automate W32 installer building.
	+ commit 81839d286137b9804aa2f5b943b51663f3c172b6
	* doc/README.W32: Document new installer build procedure.
	* scripts/autogen.sh: Pass all args to the installer (regression fix).
	* scripts/conf-w32/README: Remove from repo.
	* scripts/conf-w32/bzip2-1.diff: Remove from repo.
	* scripts/mk-w32-dist: Rewrite.
	* scripts/w32installer.nsi [WITH_PATCHES]: Use constant patch file
	name.

2012-01-13  Werner Koch  <wk@gnupg.org>

	Add a DECRYPTION_INFO status.
	+ commit cfb193a1de2f0553ee65a19a417a885938539225
	* g10/status.h (STATUS_DECRYPTION_INFO): New.
	* g10/status.c (get_status_string): Add new status string.
	* g10/encr-data.c: Include status.h.
	(decrypt_data): Print STATUS_DECRYPTION_INFO.

	Include bzip2 code to ease building for W32.
	+ commit 1575678710588986275f3f820961b3418e81fc62
	* bzlib/: Include bzip2 code.
	* configure.ac [W32]: Force use of included bzip2 code.
	* scripts/autogen.sh <--build-w32>: Do not pass --with-bzip option.
	* Makefile.am (SUBDIRS): Add bzip.  Use it only under W32.

2012-01-12  Werner Koch  <wk@gnupg.org>

	Allow building with the 32 bit mingw-w64 toolchain.
	+ commit 3a22b622c89ae87c4d557ab71c619803a4fed8ed
	* scripts/autogen.sh <--build-w32>: Support i686-w64-mingw32 and use
	it by default if installed.
	* keyserver/gpgkeys_ldap.c (my_ldap_start_tls_s): Define macro
	depending on compiler version.
	(main): Use new macro.
	* util/miscutil.c [!HAVE_TIMEGM]: Add prototype for the timegm
	autoconf replacement function.

	gpg: Remove unused fields from a trust data structure.
	+ commit 02f282368e6e68ac1c8dffcfd6e772ec4ff356f8
	The functions tdbio_read_record and tdbio_write_record control the
	actual on-disk format.  Thus there is no need to keep reserved fields
	in the internal data structure.

	* g10/tdbio.h (struct trust_record): Remove reserved fields.

	Typo fixes and comment re-formatting.
	+ commit 16c90b2175c92c0698172b547b90f5325bb9ab17


2012-01-11  David Shaw  <dshaw@jabberwocky.com>

	Distribute dotlock.h.
	+ commit cb8ebf792e919b1797bf16b6606427d77c45c947


2012-01-10  David Shaw  <dshaw@jabberwocky.com>

	Refresh sample keys.
	+ commit 174d2f80bf40c9ae18fcd9fa834092ca2517e977


2012-01-10  Werner Koch  <wk@gnupg.org>

	Allow use of a standard space separated fingerprint.
	+ commit 9b2a98ea148f768ef334f1baf640d8f7c6a813fb
	We allow a single or a double space in the middle of the fingerprint
	to help with c+p fingerprints from an HTML pages which are not being
	enclosed in a "pre" tag.
	* g10/getkey.c (classify_user_id): Check for space separated GPG
	fingerprint.

	Replace file locking by the new portable dotlock code.
	+ commit b9333cd890a85cae5064ff2b0b97c4ba2afc1a99
	* include/dotlock.h: New.  From current gnupg master.
	* util/dotlock.c: Ditto.  Include util.h.  The major changes done in
	master are: Factor Unix and W32 specific code out into specific
	functions.  Define HAVE_POSIX_SYSTEM.  Rearrange some functions.
	(disable_dotlock): Rename to dotlock_disable.
	(create_dotlock): Rename to dotlock_create and add a dummy arg.
	(destroy_dotlock): Rename to dotlock_destroy.
	(make_dotlock): Rename to dotlock_take.
	(release_dotlock): Rename to dotlock_release.
	(remove_lockfiles): Rename to dotlock_remove_lockfiles.

	Update copyright years.
	+ commit dccdcef319014d3a0ec43c77017cd65a09240f0c
	* util/argparse.c (default_strusage): Update printed copyright year.

	Use gcc pragmas to suppress some warnings.
	+ commit 667ba59ec52d169902d7ef244cdcdde1bcc30681
	* configure.ac (AH_BOTTOM): Add GNUPG_GCC_VERSION macro.
	* util/estream-printf.c (pr_float): Use new gcc pragma to ignore a
	warning about a non-literal format.
	* util/miscutil.c (asctimestamp): Ditto.
	* cipher/md.c (md_stop_debug): Use new gcc pragme to ignore a warning
	* about a set but unused variable.

	Update gitlog-to-changelog.
	+ commit b5b6cb57db47dc892b74c9e24caae7099b274a9f
	* scripts/gitlog-to-changelog: Update from gnupg master.
	* Makefile.am (gen-ChangeLog): Add new options.
	* scripts/autogen.sh: Fix typo in URL.  Reported by Gilles Espinasse.

2011-12-28  David Shaw  <dshaw@jabberwocky.com>

	Use the longest key ID available when talking to a HKP server.
	+ commit 6fe25e5602fabe92c68e5ba30e4777221e8612df
	This is issue 1340.  Now that PKSD is dead, and SKS supports long key
	IDs, this is safe to do.  Patch from Daniel Kahn Gillmor
	<dkg@fifthhorseman.net>.

2011-12-02  Werner Koch  <wk@gnupg.org>

	Generate the ChangeLog from commit logs.
	+ commit 120b0ce1362a3d77955c10a0374d6cc99e885c86
	* scripts/gitlog-to-changelog: New script.  Taken from gnulib.
	* scripts/git-log-fix: New file.
	* scripts/git-log-footer: New file.
	* scripts/git-hooks/commit-msg: New script.
	* autogen.sh: Install commit-msg hook for git.
	* doc/HACKING: Describe the ChangeLog policy.
	* Makefile.am (EXTRA_DIST): Add new files.
	(gen-ChangeLog): New.
	(dist-hook): Run gen-ChangeLog.

	Rename all ChangeLog files to ChangeLog-2011.
	+ commit 76b73caf91b4631c282c4b744900a0d873c4ccf0
	* ChangeLog: New file.

2011-12-01  Werner Koch  <wk@gnupg.org>

	NB: Changes done before December 1st, 2011 are described in
	per directory files named ChangeLog-2011.  See doc/HACKING for
	details.

        -----
	Copyright (C) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
	              2006, 2007, 2008, 2009, 2010, 2011,
	              2012 Free Software Foundation, Inc.

	Copying and distribution of this file and/or the original GIT
	commit log messages, with or without modification, are
	permitted provided the copyright notice and this notice are
	preserved.