-Noteworthy changes in version 1.1.92
+Noteworthy changes in version 1.3.93
-------------------------------------------------
+
+Noteworthy changes in version 1.3.92 (2004-10-28)
+-------------------------------------------------
+
+ * Added Russian man page. Thanks to Pawel I. Shajdo.
+
+ * libiconv is now used to support other character sets other than
+ UTF-8, Latin-1,-2 and KOI8-2. The W32 version will only work
+ correctly when iconv.dll is installed on the system. A binary
+ version is available at all GNU mirror sites under libiconv.
+
+ * gettext for Windows has been simplified. The MO files are now
+ distributed UTF-8 encoded and gpg translates on the fly.
+
+
+Noteworthy changes in version 1.3.91 (2004-10-15)
+-------------------------------------------------
+
+ * A new configure option --enable-selinux-support disallows
+ processing of confidential files used by gpg (e.g. secring.gpg).
+ This helps writing ACLs for the SELinux kernel.
+
+ * Support for fetching keys via finger has been added. This is
+ useful for setting a preferred keyserver URL like
+ "finger:wk@g10code.com".
+
+ * Timeout support has been added to the keyserver helpers. This
+ allows users to set an upper limit on how long to wait for the
+ keyserver before giving up.
+
+ * New "direct" trust model where users can set key validity
+ directly if they do not want to participate in the web of trust.
+
+ * Minor bug fixes, code and string cleanups.
+
+
+Noteworthy changes in version 1.3.90 (2004-10-01)
+-------------------------------------------------
+
+ * Readline support at all prompts is now available if the systems
+ provides a readline library. The build time option
+ --without-readline may be used to disable this feature.
+
+ * Support for the OpenPGP smartcard is now enabled by default.
+ Use the option --disable-card-support to build without support
+ for smartcards.
+
+ * New command "addcardkey" in the key edit menu to add subkeys to
+ a smartcard. New command "keytocard" to transfer a key to a smartcard.
+ The serial number of the card is show in secret key listings.
+
+ * -K may now be used as an alias for --list-secret-keys.
+
+ * HTTP Basic authentication is now supported for all HKP and HTTP
+ keyserver functions, either through a proxy or via direct
+ access.
+
+
+Noteworthy changes in version 1.3.6 (2004-05-22)
+------------------------------------------------
+
+ * New --keyid-format option that selects short (99242560), long
+ (DB698D7199242560), 0xshort (0x99242560), or 0xlong
+ (0xDB698D7199242560) keyid displays. This lets users tune the
+ display to what they prefer.
+
+ * The --list-options and --verify-options option
+ "show-long-keyids" has been removed since --keyid-format
+ obviates the need for them.
+
+ * Support for the old quasi-1991 partial length encoding has been
+ removed.
+
+ * The --export-all and --export-options include-non-rfc options
+ have been removed as superfluous since nonstandard V3 Elgamal
+ sign+encrypt keys have been removed.
+
+ * Preferred keyserver support has been added. Users may set a
+ preferred keyserver via the --edit-key command "keyserver". If
+ the --keyserver-option honor-keyserver-url is set (and it is by
+ default), then the preferred keyserver is used when refreshing
+ that key.
+
+ * The --sig-keyserver-url option can be used to inform signature
+ recipients where the signing key can be downloaded. When
+ verifying the signature, if the signing key is not present, and
+ the keyserver options honor-keyserver-url and auto-key-retrieve
+ are set, this URL will be used to retrieve the key.
+
+ * Support for fetching keys via HTTP has been added. This is
+ mainly useful for setting a preferred keyserver URL like
+ "http://www.jabberwocky.com/key.asc".
+
+ * New --ask-cert-level/--no-ask-cert-level option to turn on and
+ off the prompt for signature level when signing a key. Defaults
+ to off.
+
+ * New --gpgconf-list command for internal use by the gpgconf
+ utility from gnupg 1.9.x.
+
+
+Noteworthy changes in version 1.3.5 (2004-02-26)
+------------------------------------------------
+
+ * New --min-cert-level option to disregard key signatures that are
+ under a specified level. Defaults to 2 (i.e. discard 0x11
+ signatures).
+
+ * New --max-output option to limit the amount of plaintext output
+ generated by GnuPG. This option can be used by programs which
+ call GnuPG to process messages that may result in plaintext
+ larger than the calling program is prepared to handle. This is
+ sometimes called a "Decompression Bomb".
+
+ * New --list-config command for frontends and other programs that
+ call GnuPG. See doc/DETAILS for the specifics of this.
+
+ * Some performance improvements with large keyrings. See the
+ build time option --enable-key-cache=SIZE in the README file for
+ details.
+
+ * Some portability fixes for the OpenBSD/i386, HPPA, and AIX
+ platforms.
+
+ * New keyserver-option "http-proxy" to specify which proxy to use
+ in the config file without using environment variables.
+
+ * Added support for storing, retrieving, and searching for keys in
+ LDAP servers. Note that this is different than the "LDAP
+ keyserver" which was already (and remains) supported.
+
+ * Added support for TLS and LDAPS session encryption for LDAP.
+
+ * --show-session-key/--override-session-key now works with
+ --symmetric messages.
+
+ * The configure options --enable-rsa and --disable-rsa can now be
+ used to enable or disable the RSA algorithm. This can be useful
+ for embedded use where space is tight. --enable-minimal
+ includes --disable-rsa. RSA is enabled by default.
+
+ * The last support for Elgamal sign+encrypt keys has been removed.
+
+
+Noteworthy changes in version 1.3.4 (2003-11-27)
+------------------------------------------------
+
+ * Added support for BZIP2 compression. This should be considered
+ experimental, and is only available if the libbzip2 library
+ <http://sources.redhat.com/bzip2/> is installed.
+
+ * Added the ability to handle messages that can be decrypted with
+ either a passphrase or a secret key. These messages may be
+ generated with --symmetric --encrypt or --symmetric --sign
+ --encrypt.
+
+ * The config file search has been enhanced to try for less
+ specific filename matches before giving up. For example,
+ version 1.3.4 will try for gpg.conf-1.3.4, gpg.conf-1.3, and
+ gpg.conf-1 before falling back to the regular gpg.conf file.
+
+ * Fixed a format string bug in the HKP keyserver handler.
+
+ * Support for Elgamal sign+encrypt keys has been removed. Old
+ signatures may still be verified, and existing encrypted
+ messages may still be decrypted, but no new signatures may be
+ issued by, and no new messages will be encrypted to, these keys.
+
+
+Noteworthy changes in version 1.3.3 (2003-10-10)
+------------------------------------------------
+
+ * Basic support for the OpenPGP card. New commands --card-status,
+ --card-edit, --change-pin and the configuration options
+ --reader-port, --ctapi-driver, --pcsc-driver, and --disable-ccid.
+
+ * Full (read/write) support for the SHA-256 hash has been added.
+
+ * Support for the TIGER/192 hash has been dropped. This should
+ not be interpreted as a statement as to the strength of
+ TIGER/192 - rather, the upcoming revision to the OpenPGP
+ standard removes support for several unused (or mostly unused)
+ hashes.
+
+ * Revoked or expired user IDs are now skipped when selecting keys
+ for encryption. Specifying a key by the key ID overrides this
+ check and allows the selection of any key.
+
+ * Note that --no-mangle-dos-filenames is now the default. If you
+ are upgrading from a 1.2.x version of GnuPG, and are running a
+ very old version of Windows that has the 8.3 filename limit, you
+ may need to change this.
+
+ * Multiple "Comment:" lines in armored output are now allowed.
+
+ * New --list-options option. This option takes a list of
+ arguments that allows the user to customize exactly what key
+ listings (including the --edit-key listing) look like, enabling
+ or disabling things such as photo display, policy URL, preferred
+ keyserver URL, or notation display, long or short keyIDs,
+ calculated validity for each user ID, etc. See the manual for
+ the complete list of list-options.
+
+ * New --verify-options option. This option takes a list of
+ arguments that allows the user to customize exactly what happens
+ during signature verification, enabling or disabling things such
+ as photo display, policy URL, preferred keyserver URL, or
+ notation display, long or short keyIDs, calculated validity for
+ each user ID, etc. See the manual for the complete list of
+ verify-options.
+
+ * New --sig-keyserver-url to embed a "where to get my key"
+ subpacket into a signature.
+
+ * The options --show-photos, --show-policy-url, --show-notation,
+ and --show-keyring are all deprecated in favor of those
+ arguments to --list-options and --verify-options. The new
+ method is more flexible since a user can specify (for example)
+ showing photos during sig verification, but not in key listings.
+
+ * The complete fingerprint of the key that made a given key
+ certification is now available in the --with-colons output. For
+ technical reasons, this is only available when running with
+ --no-sig-cache set. See doc/DETAILS for the specifics of this.
+
+ * IPv6 support for HKP keyserver access. IPv6 for LDAP keyserver
+ access is also supported, but is dependent on the LDAP library
+ used.
+
+ * To simplify running both the stable (1.2.x) and development
+ (1.3.x) versions of GnuPG, the development version will try to
+ load the options file gpg.conf-VERSION (e.g. gpg.conf-1.3.3 for
+ this release) before falling back to the regular gpg.conf file.
+
+ * Two new %-expandos for use in notation and policy URLs. "%g"
+ expands to the fingerprint of the key making the signature
+ (which might be a subkey), and "%p" expands to the fingerprint
+ of the primary key that owns the key making the signature.
+
+ * New "tru" record in --with-colons --list-keys listings. It
+ shows the status of the trust database that was used to
+ calculate the key validity in the listings. See doc/DETAILS for
+ the specifics of this.
+
+ * New REVKEYSIG status tag for --status-fd. It indicates a valid
+ signature that was issued by a revoked key. See doc/DETAILS for
+ the specifics of this.
+
+ * A number of portability changes to make building GnuPG on
+ less-common platforms easier.
+
+
+Noteworthy changes in version 1.3.2 (2003-05-27)
+------------------------------------------------
+
+ * New "--gnupg" option (set by default) that disables --openpgp,
+ and the various --pgpX emulation options. This replaces
+ --no-openpgp, and --no-pgpX, and also means that GnuPG has
+ finally grown a --gnupg option to make GnuPG act like GnuPG.
+
+ * A bug in key validation has been fixed. This bug only affects
+ keys with more than one user ID (photo IDs do not count here),
+ and results in all user IDs on a given key being treated with
+ the validity of the most-valid user ID on that key.
+
+ * Notation names that do not contain a '@' are no longer allowed
+ unless --expert is set. This is to help prevent pollution of
+ the (as yet unused) IETF notation namespace.
+
+ * Multiple trust models are now supported via the --trust-model
+ option. The options are "pgp" (web-of-trust plus trust
+ signatures), "classic" (web-of-trust only), and "always"
+ (identical to the --always-trust option).
+
+ * The --personal-{cipher|digest|compression}-preferences are now
+ consulted to get default algorithms before resorting to the
+ last-ditch defaults of --s2k-cipher-algo, SHA1, and ZIP
+ respectively. This allows a user to set algorithms to use in a
+ safe manner so they are used when legal to do so, without
+ forcing them on for all messages.
+
+ * New --primary-keyring option to designate the keyring that the
+ user wants new keys imported into.
+
+ * --s2k-digest-algo is now used for all password mangling.
+ Earlier versions used both --s2k-digest-algo and --digest-algo
+ for passphrase mangling.
+
+ * Handling of --hidden-recipient or --throw-keyid messages is now
+ easier - the user only needs to give their passphrase once, and
+ GnuPG will try it against all of the available secret keys.
+
+ * Care is taken to prevent compiler optimization from removing
+ memory wiping code.
+
+ * New option --no-mangle-dos-filenames so that filenames are not
+ truncated in the W32 version.
+
+ * A "convert-from-106" script has been added. This is a simple
+ script that automates the conversion from a 1.0.6 or earlier
+ version of GnuPG to a 1.0.7 or later version.
+
+ * Disabled keys are now skipped when selecting keys for
+ encryption. If you are using the --with-colons key listings to
+ detect disabled keys, please see doc/DETAILS for a minor format
+ change in this release.
+
+ * Minor trustdb changes to make the trust calculations match
+ common usage.
+
+ * New command "revuid" in the --edit-key menu to revoke a user ID.
+ This is a simpler interface to the old method (which still
+ works) of revoking the user ID self-signature.
+
+ * Status VALIDSIG does now also print the primary key's
+ fingerprint, as well as the signature version, pubkey algorithm,
+ hash algorithm, and signature class.
+
+ * Add read-only support for the SHA-256 hash, and optional
+ read-only support for the SHA-384 and SHA-512 hashes.
+
+ * New option --enable-progress-filter for use with frontends.
+
+ * DNS SRV records are used in HKP keyserver lookups to allow
+ administrators to load balance and select keyserver ports
+ automatically. This is as specified in
+ draft-shaw-openpgp-hkp-00.txt.
+
+ * When using the "keyid!" syntax during a key export, only that
+ specified key is exported. If the key in question is a subkey,
+ the primary key plus only that subkey is exported.
+
+ * configure --disable-xxx options to disable individual algorithms
+ at build time. This can be used to build a smaller gpg binary
+ for embedded uses where space is tight. See the README file for
+ the algorithms that can be used with this option, or use
+ --enable-minimal to build the smallest gpg possible (disables
+ all optional algorithms, disables keyserver access, and disables
+ photo IDs).
+
+ * The keyserver no-modify flag on a key can now be displayed and
+ modified.
+
+ * Note that the TIGER/192 digest algorithm is in the process of
+ being dropped from the OpenPGP standard. While this release of
+ GnuPG still contains it, it is disabled by default. To ensure
+ you will still be able to use your messages with future versions
+ of GnuPG and other OpenPGP programs, please do not use this
+ algorithm.
+
+
+Noteworthy changes in version 1.3.1 (2002-11-12)
+------------------------------------------------
+
+ * Trust signature support. This is based on the Maurer trust
+ model where a user can specify the trust level along with the
+ signature with multiple levels so users can delegate
+ certification ability to other users, possibly restricted by a
+ regular expression on the user ID. Note that full trust
+ signature support requires a regular expression parsing library.
+ The regexp code from glibc 2.3.1 is included for those platforms
+ that don't have working regexp functions available. The
+ configure option --disable-regex may be used to disable any
+ regular expression code, which will make GnuPG ignore any trust
+ signature with a regular expression included.
+
+ * Two new commands --hidden-recipient (-R) and --hidden-encrypt-to
+ encrypt to a user, but hide the identity of that user. This is
+ the same functionality as --throw-keyid, but can be used on a
+ per-user basis.
+
+ * Full algorithm names (e.g. "3DES", "SHA1", "ZIP") can now be
+ used interchangeably with the short algorithm names (e.g. "S2",
+ "H2", "Z1") anywhere algorithm names are used in GnuPG.
+
+
+Noteworthy changes in version 1.3.0 (2002-10-18)
+------------------------------------------------
+
+ * The last piece of internal keyserver support has been removed,
+ and now all keyserver access is done via the keyserver plugins.
+ There is also a newer keyserver protocol used between GnuPG and
+ the plugins, so plugins from earlier versions of GnuPG may not
+ work properly.
+
+ * The HKP keyserver plugin supports the new machine-readable key
+ listing format for those keyservers that provide it.
+
+ * When using a HKP keyserver with multiple DNS records (such as
+ wwwkeys.pgp.net which has the addresses of multiple servers
+ around the world), try all records until one succeeds. Note
+ that it depends on the LDAP library used whether the LDAP
+ keyserver plugin does this as well.
+
+ * The library dependencies for OpenLDAP seem to change fairly
+ frequently, and GnuPG's configure script cannot guess all the
+ combinations. Use ./configure LDAPLIBS="-L libdir -l libs" to
+ override the script and use the libraries selected.
+
+ * Secret keys generated with --export-secret-subkeys are now
+ indicated in key listings with a '#' after the "sec", and in
+ --with-colons listings by showing no capabilities (no lowercase
+ characters).
+
+ * --trusted-key has been un-obsoleted, as it is useful for adding
+ ultimately trusted keys from the config file. It is identical
+ to using --edit and "trust" to change a key to ultimately
+ trusted.
+
+ * Translations other than de are no longer distributed with the
+ development branch. This is due to the frequent text changes
+ during development, which cause the translations to rapidly go
+ out of date.
+
+
+Noteworthy changes in version 1.1.92 (2002-09-11)
+-------------------------------------------------
+
+ * [IMPORTANT] The default configuration file is now
+ ~/.gnupg/gpg.conf. If an old ~/.gnupg/options is found it will
+ still be used. This change is required to have a more
+ consistent naming scheme with forthcoming tools.
+
+ * The use of MDCs have increased. A MDC will be used if the
+ recipients directly request it, if the recipients have AES,
+ AES192, AES256, or TWOFISH in their cipher preferences, or if
+ the chosen cipher has a blocksize not equal to 64 bits
+ (currently this is also AES, AES192, AES256, and TWOFISH).
+
+ * GnuPG will no longer automatically disable compression when
+ processing an already-compressed file unless a MDC is being
+ used. This is to give the message a certain amount of
+ resistance to the chosen-ciphertext attack while communicating
+ with other programs (most commonly PGP earlier than version 7.x)
+ that do not support MDCs.
+
+ * The option --interactive now has the desired effect when
+ importing keys.
+
* The file permission and ownership checks on files have been
clarified. Specifically, the homedir (usually ~/.gnupg) is
checked to protect everything within it. If the user specifies
extension specified with --load-extension are checked, along
with their enclosing directories.
- * The default configuration file is now ~/.gnupg/gpg.conf. If an
- old ~/.gnupg/options is found it will still be used. This
- change is required to have more consistent naming scheme with
- forthcoming tool.
+ * The configure option --with-static-rnd=auto allows to build gpg
+ with all available entropy gathering modules included. At
+ runtime the best usable one will be selected from the list
+ linux, egd, unix. This is also the default for systems lacking
+ a /dev/random device.
+
+ * The default character set is now taken from the current locale;
+ it can still be overridden by the --charset option. Using the
+ option -vvv shows the used character set.
+
+ * [REMOVED] --emulate-checksum-bug and --emulate-3des-s2k-bug have
+ been removed.
Noteworthy changes in version 1.1.91 (2002-08-04)
option is in general not useful anymore. The only exception is
to specify the deprecated idea cipher.
+ * The IDEA plugin has changed. Previous versions of the IDEA
+ plugin will no longer work with GnuPG. However, the current
+ version of the plugin will work with earlier GnuPG versions.
+
* When using --batch with one of the --delete-key commands, the
key must be specified by fingerprint. See the man page for
details.
/usr/[local/]libexec/gnupg by default. If you are upgrading
from 1.0.7, you might want to delete your old copies in
/usr/[local/]bin. If you use an OS that does not use libexec
- for whatever reason, use --libexecdir=/usr/local/lib to place
- the keyserver helpers there.
+ for whatever reason, use configure --libexecdir=/usr/local/lib
+ to place the keyserver helpers there.
* The LDAP keyserver handler now works properly with very old
(version 1) LDAP keyservers.
+
Noteworthy changes in version 1.1.90 (2002-07-01)
-------------------------------------------------
is generated on a system without a good random number generator.
-Copyright 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
+Copyright 1998, 1999, 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
projects / gnupg.git / blobdiff