Opened 11 days ago
Closed 11 days ago
New point version
We are pleased to announce the availability of a new GnuPG LTS release:
version 2.2.28. This release brings a couple of new features and fixes
the usual bugs. The new features have been backported from the stable
Note that it mentions 2.3 is "Stable" now, while 2.2.x is LTS.
Noteworthy changes in version 2.2.28 (2021-06-10)
* gpg: Auto import keys specified with --trusted-keys.
* gpg: Allow decryption w/o public key but with correct card
* gpg: Allow fingerprint based lookup with --locate-external-key.
* gpg: Lookup a missing public key of the current card via LDAP.
* gpg: New option --force-sign-key. [#4584]
* gpg: Use a more descriptive password prompt for symmetric
* gpg: Do not use the self-sigs-only option for LDAP keyserver
* gpg: Keep temp files when opening images via xdg-open.
* gpg: Fix mailbox based search via AKL keyserver method.
* gpg: Fix sending an OpenPGP key with umlaut to an LDAP keyserver.
* gpg: Allow ECDH with a smartcard returning only the x-coordinate.
* gpgsm: New option --ldapserver as an alias for --keyserver. Note
that configuring servers in gpgsm and gpg is deprecated; please
use the dirmngr configuration options.
* gpgsm: Support AES-GCM decryption. [b722fd755c77]
* gpgsm: Support decryption of password protected files.
* gpgsm: Lock keyboxes also during a search to fix lockups on
* agent: Skip unknown unknown ssh curves seen on
* scdaemon: New option --pcsc-shared. [5eec40f3d827]
* scdaemon: Backport PKCS#15 card support from GnuPG 2.3
* scdaemon: Fix CCID driver for SCM SPR332/SPR532. [#5297]
* scdaemon: Fix possible PC/SC removed card problem. [9d83bfb63968]
* scdaemon: Fix unblock PIN by a Reset Code with KDF. [#5413]
* scdaemon: Support compressed points. [96577e2e46e4]
* scdaemon: Prettify S/N for Yubikeys and fix reading for early
Yubikey 5 tokens. [f8588369bcb0,#5442]
* dirmngr: New option --ldapserver to avoid the need for the
separate dirmngr_ldapservers.conf file.
* dirmngr: The dirmngr_ldap wrapper has been rewritten to properly
support ldap-over-tls and starttls for X.509 certificates and
* dirmngr: OpenPGP LDAP keyservers may now also be configured using
the same syntax as used for X.509 and CRL LDAP servers. This
avoids the former cumbersome quoting rules and adds a flexible set
of flags to control the connection. [2b4cddf9086f]
* dirmngr: The "ldaps" scheme of an OpenPGP keyserver URL is now
interpreted as ldap-with-starttls on port 389. To use the
non-standardized ldap-over-tls the new LDAP configuration method
of the new attribute "gpgNtds" needs to be used. [55f46b33df08]
* dirmngr: Return the fingerprint as search result also for LDAP
OpenPGP keyservers. This requires the modernized LDAP schema.
* dirmngr: An OpenPGP LDAP search by a mailbox now ignores revoked
* gpgconf: Make runtime changes with non-default homedir work.
* gpgconf: Do not translate an empty string to the PO file's meta
* gpgconf: Fix argv overflow if --homedir is used. [#5366]
* gpgconf: Return a new pseudo option "compliance_de_vs".
* gpgtar: Fix file size computation under Windows. [198b240b1955]
* Full Unicode support for the Windows command line. [#4398]
* Fix problem with Windows Job objects and auto start of our
* i18n: In German always use "Passwort" instead of "Passphrase" in
Fixed at 28152d6c31418d595f32f971ec3ea7add0a175e5
Powered by Trac 1.5.3.dev0
By Edgewall Software
© 1998-2021 Gerard Beekmans.