2018-06-11  Werner Koch  <wk@gnupg.org>

	Release 1.4.23.
	+ commit 8ae6a246bef5b5eb0684e9fb1c933a4f8441dadd


2018-06-08  Werner Koch  <wk@gnupg.org>

	gpg: Sanitize diagnostic with the original file name.
	+ commit 2326851c60793653069494379b16d84e4c10a0ac
	* g10/mainproc.c (proc_plaintext): Sanitize verbose output.

2018-04-13  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Push compress filter only if compressed.
	+ commit 0f8fd95ab32a6d29dac79e19f0850037c7d0c16f
	* g10/compress.c (handle_compressed): Fix memory leak.

2017-12-18  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit 1338bce5f66a95b53f18c4b54f0e9ac79604500a
	* po/ja.po: Fix message with no "%s".

2017-12-04  NIIBE Yutaka  <gniibe@fsij.org>
	    Damien Goutte-Gattat  <dgouttegattat@incenp.org>

	g10: Fix regexp sanitization.
	+ commit 9441946e1824eb58249c58432ed1f554d0d8a102
	* g10/trustdb.c (sanitize_regexp): Only escape operators.

2017-11-10  Dario Niedermann  <dario@darioniedermann.it>

	Do not use C99 feature.
	+ commit 877e3073d731fec55a88673f91ed646a75e786c8
	* cipher/rsa.c (secret): Move var decl to the beginning.

2017-09-06  Frans Spiesschaert  <Frans.Spiesschaert@yucom.be>

	po: update Dutch translation.
	+ commit aa26eda8ab679a80a7be2c82478cb4440b45ec8c


2017-08-04  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	doc: Remove documentation for future option --faked-system-time.
	+ commit eb15d5ed8e4a765998e9de7698bdc65328bcaaa3
	doc/gpg.texi: Remove documentation for --faked-system-time.

2017-08-02  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	debian: Remove packaging from upstream repository.
	+ commit 9832a4bacfa5232534f2c7fe7655bd0677a41f6e
	Debian packaging for GnuPG is handled in debian git repositories, and
	doesn't belong here in the upstream repository.  The packaging was
	significantly out of date anyway.

	If you're looking for debian packaging for the 1.4 branch of GnuPG,
	please use the following git remote:

	    https://anonscm.debian.org/git/pkg-gnupg/gnupg1.git

2017-08-02  Joe Hansen  <joedalton2@yahoo.dk>

	po: Update Danish translation.
	+ commit 12afc37a946477692257d725acac513f271c4e9e
	Originally reported at:
	http://lists.gnupg.org/pipermail/gnupg-i18n/2014-November/000308.html

2017-08-02  Frans Spiesschaert  <Frans.Spiesschaert@yucom.be>

	po: Update Dutch translation.
	+ commit 6d5c5204d79fa9d01981c0076d3acde18534640a
	Debian-Bug-Id: 845695

2017-08-01  Manuel Venturi Porras Peralta  <venturi@openmailbox.org>

	po: Update Spanish translation.
	+ commit 76239356bcb3bfeec5327637ed87429594868fef
	Debian-Bug-Id: 814541

2017-07-19  Werner Koch  <wk@gnupg.org>

	Release 1.4.22.
	+ commit 6153268aaf04ec960a4e1dcc50434e815a47e0e8


2017-07-19  Åka Sikrom  <a4 -at- hush -dot- com>

	po: Update Norwegian translation.
	+ commit 5f7667eca899952480e066404f1b46eca7fe401f


2017-07-07  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Fix memory leak.
	+ commit 6b4abf1d491d30a6bdaeb2c425c780cacd65bab4
	* g10/textfilter.c (copy_clearsig_text): Free the buffer.

	rsa: Reduce secmem pressure.
	+ commit 1b1f44846b5f21a80ed101f2284ce5f6e8849ee7
	* cipher/rsa.c (secret): Don't keep secmem.

	rsa: Allow different build directory.
	+ commit 994d5b707559a800a650dc7f273372f509d74780
	* cipher/Makefile.am (AM_CPPFLAGS): Add mpi dirs.
	* cipher/rsa.c: Change include file.

2017-07-07  Marcus Brinkmann  <mb@g10code.com>

	rsa: Add exponent blinding.
	+ commit 8fd9f72e1b2e578e45c98c978cab4f6d47683d2c
	* cipher/rsa.c (secret_core_crt): Blind secret D with randomized
	nonce R for mpi_powm computation.

2017-07-07  NIIBE Yutaka  <gniibe@fsij.org>

	mpi: Minor fix for mpi_pow.
	+ commit 554ded4854758bf6ca268432fa087f946932a409
	* mpi/mpi-pow.c (mpi_powm): Fix allocation size.

	mpi: Same computation for square and multiply for mpi_pow.
	+ commit 12029f83fd0ab3e8ad524f6c9135854662fddfd1
	* mpi/mpi-pow.c (_gcry_mpi_powm): Compare msize for max_u_size.  Move
	the assignment to base_u into the loop.  Copy content refered by RP to
	BASE_U except the last of the loop.

	mpi: Simplify mpi_powm.
	+ commit b38f4489f75e6e435886aa885807738a22c7ff60
	* mpi/mpi-pow.c (_gcry_mpi_powm): Simplify the loop.

2017-07-04  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	mpi: Fix ARM assembler in longlong.h.
	+ commit 782f804765b6f4226fd77843e59f57dcca61b6fb
	* mpi/longlong.h [__arm__] (add_ssaaaa, sub_ddmmss): Add __CLOBBER_CC.
	[__arm__][__ARM_ARCH <= 3] (umul_ppmm): Add __AND_CLOBBER_CC.

2017-07-03  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	doc: Fix typo.
	+ commit 7b045f539e5f67c937c18157c26fb3a767c1c7e6


2017-05-10  Ineiev  <ineiev@gnu.org>

	g10: Fix secmem leak.
	+ commit 2c2121ff3c2b90f21b75dd56c981b4d9e6d1c0e2
	* g10/keygen.c (proc_parameter_file): Fix secmem leak.

2017-03-30  Werner Koch  <wk@gnupg.org>

	gpg: Fix exporting of zero length user ID packets.
	+ commit bb61191aad98c3dbb487c1f76dd1552d44a52fe3
	* g10/build-packet.c (do_user_id): Avoid indeterminate length header.

2016-11-02  Neal H. Walfield  <neal@g10code.com>
	    Michael Mönch  <michael.moench@marktjagd.de>

	tools: Fix option parsing for gpg-zip.
	+ commit f2acaa5d785a29eca629c4b3df739bc474249004
	* tools/gpg-zip.in: Correctly set GPG when --gpg is specified.
	Correctly set TAR when --tar is specified.  Pass TAR_ARGS to tar.

	(cherry-picked by dkg from master branch's
	84ebf15b06e435453b2f58775f97a3a1c61a7e55)

2016-08-17  Werner Koch  <wk@gnupg.org>

	Release 1.4.21.
	+ commit 47531220e57bf5093dcf2312884124f0a79e15db


	gpg: Add dummy option --with-subkey-fingerprint.
	+ commit 5e1843fc47457a9a0525ed7d3e55961d342ef1e2
	* g10/gpg.c (opts): Add dummy option.

	build: Create a swdb file during "make distcheck".
	+ commit 56792b1191a31c8409d7dcdb33b87a92f0e65ab2
	* Makefile.am (distcheck-hook): New.

2016-08-17  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit 851a9de23ac0977c66f5ef56f08d8ca5eae92930


2016-08-17  Werner Koch  <wk@gnupg.org>

	random: Hash continuous areas in the csprng pool.
	+ commit c6dbfe89903d0c8191cf50ecf1abb3c8458b427a
	* cipher/random.c (mix_pool): Store the first hash at the end of the
	pool.

	cipher: Improve readability by using a macro.
	+ commit e23eec8c9a602eee0a09851a54db0f5d611f125c
	* cipher/random.c (mix_pool): Use DIGESTLEN instead of 20.

2016-08-09  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Avoid publishing the GnuPG version by default.
	+ commit 61539efc2bc4ba9a9faceaced12660d588c1be7a
	* g10/gpg.c (main): initialize opt.emit_version to 0
	* doc/gpg.texi: document different default for --emit-version

2016-08-04  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	Clean up "allow to"
	+ commit 15d13272344fa0d8753a321c087b30a6d5115dfb
	* README, cipher/cipher.c, cipher/pubkey.c, doc/gpg.texi: replace
	  "allow to" with clearer text

	In standard English, the normal construction is "${XXX} allows ${YYY}
	to" -- that is, the subject (${XXX}) of the sentence is allowing the
	object (${YYY}) to do something.  When the object is missing, the
	phrasing sounds awkward, even if the object is implied by context.
	There's almost always a better construction that isn't as awkward.

	These changes should make the language a bit clearer.

	Fix spelling: "occured" should be "occurred"
	+ commit 1820889e3c4a9a07981951b3e74f722658fb01c5
	* checks/armor.test, cipher/des.c, g10/ccid-driver.c, g10/pkclist.c,
	  util/regcomp.c, util/regex_internal.c: correct the spelling of
	  "occured" to "occurred"

2016-08-04  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix checking key for signature validation.
	+ commit f474b161f6c8c7a3dc0fb90d25ffceacba1ff117
	* g10/sig-check.c (signature_check2): Not only subkey, but also primary
	key should have flags.valid=1.

2016-08-03  Justus Winter  <justus@g10code.com>

	Partially revert "g10: Fix another race condition for trustdb access."
	+ commit 0f6bda4ccd2091e386e78c369131388ae5ebc002
	This amends db246f8b which accidentally included the compiled
	translation files.

2016-07-09  NIIBE Yutaka  <gniibe@fsij.org>

	gpgv: Tweak default options for extra security.
	+ commit cf01cf8b88abb6ed5fea300c28e2a1e6a7c67804
	* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
	cached status.  Similarly, set opt.flags.require_cross_cert for backsig
	validation for subkey signature.

2016-07-06  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix keysize with --expert.
	+ commit ca1fc596267b42a894a3fc85c3733007c672ed1f
	* g10/keygen.c (ask_keysize): It's 768 only for DSA.

2016-06-28  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix --list-packets.
	+ commit 39e32d375ef72874848f138d941d6d17f5aff85c
	* g10/gpg.c (main): Call set_packet_list_mode after assignment of
	opt.list_packets.
	* g10/mainproc.c (do_proc_packets): Don't stop processing with
	--list-packets as the comment says.
	* g10/options.h (list_packets): Fix the comment.
	* g10/parse-packet.c: Fix the condition for opt.list_packets.

2016-06-15  Niibe Yutaka  <gniibe@fsij.org>

	g10: Fix another race condition for trustdb access.
	+ commit db246f8b18b77314938e596b8217bd97223d5aad
	* g10/tdbio.c (create_version_record): Call create_hashtable to always
	make hashtable, together with the version record.
	(get_trusthashrec): Remove call to create_hashtable.

2016-02-12  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Make sure to have the directory for trustdb.
	+ commit d957e4388f72581b1ec801613b5629b5ea3f586d
	* g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE.  Check
	the directory and create it if none before calling take_write_lock.

2016-02-01  Werner Koch  <wk@gnupg.org>

	Fix possible sign extension problem with newer compilers.
	+ commit 22caa5c2d4b65289a0857c36bcded36b34baf4d2
	* cipher/des.c (READ_64BIT_DATA): Cast to u32 before shifting by 24.
	* cipher/blowfish.c (do_encrypt_block): Ditto.
	(do_decrypt_block): Ditto.
	* cipher/camellia.c (CAMELLIA_RR8): Ditto.
	* cipher/cast5.c (do_encrypt_block): Ditto.
	(do_decrypt_block): Ditto.
	(do_cast_setkey): Ditto.
	* cipher/twofish.c (INPACK): Ditto.
	* util/iobuf.c (block_filter): Ditto.

2016-01-26  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix iobuf API of filter function for alignment.
	+ commit aa4a3aa3e7a0c7dc231b90b2958184c7138ccc93
	* include/iobuf.h (struct iobuf_struct): Remove DESC.
	* util/iobuf.c (iobuf_desc): New.
	(print_chain, iobuf_close, iobuf_open, iobuf_fdopen, iobuf_sockopen)
	(iobuf_create, iobuf_append, iobuf_openrw, iobuf_ioctl)
	(iobuf_push_filter2, pop_filter, underflow): Use iobuf_desc.
	(file_filter, sock_filter, block_filter): Fill the description.
	* g10/armor.c, g10/cipher.c, g10/compress-bz2.c, g10/compress.c,
	g10/encode.c, g10/encr-data.c, g10/mdfilter.c, g10/pipemode.c,
	g10/progress.c, g10/textfilter.c: Likewise.

2016-01-15  Werner Koch  <wk@gnupg.org>

	Fix possible AIX problem with sysconf in rndunix.
	+ commit a38dffde7b19bd4881afcd87c23aac2daa5bd52a
	* cipher/rndunix.c [HAVE_STDINT_H]: Include stdint.h.
	(start_gatherer): Detect misbehaving sysconf.

2016-01-13  NIIBE Yutaka  <gniibe@fsij.org>

	Fix to support git worktree.
	+ commit e26706700f6f339891cce924e2a401dfbdba1a0e
	* Makefile.am: Use -e for testing .git.

2015-12-21  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit d908e7d2384b5e742d41d468ad079c99f4b0a625


2015-12-19  Werner Koch  <wk@gnupg.org>

	Release 1.4.20.
	+ commit 19549aec296b4cba825682dbddb1fa4214b05cab


	w32: Avoid warning when using newer mingw versions.
	+ commit 56daf9b6e53b67f75305e7806860a3db94e3be2d
	* g10/tdbio.c (ftruncate): Do not define if already defined.

2015-12-19  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Add option --weak-digest to gpg and gpgv.
	+ commit 924518b10d4d8b39236a829989310a211f739c5b
	* g10/options.h: Add weak_digests linked list to opts.
	* g10/main.h: Declare weakhash linked list struct and
	additional_weak_digest() function to insert newly-declared weak
	digests into opts.
	* g10/misc.c: (additional_weak_digest): New function.
	(print_digest_algo_note): Check for deprecated digests.
	* g10/sig-check.c: (do_check): Reject all weak digests.
	* g10/gpg.c: Add --weak-digest option to gpg.
	* doc/gpg.texi: Document gpg --weak-digest option.
	* g10/gpgv.c: Add --weak-digest option to gpgv.
	* doc/gpgv.texi: Document gpgv --weak-digest option.

2015-12-19  Werner Koch  <wk@gnupg.org>

	gpg: Reject signatures made with MD5.
	+ commit 43e5d28c6dbab9e5bcf652b4051184d409910c69
	* g10/gpg.c: Add option --allow-weak-digest-algos.
	(main): Set option also in PGP2 mode.
	* g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
	* g10/sig-check.c (do_check): Reject MD5 signatures.
	* tests/openpgp/gpg.conf.tmpl: Add allow_weak_digest_algos.

2015-12-17  Werner Koch  <wk@gnupg.org>

	gpg: Change default cipher for --symmetric from CAST5 to AES-128.
	+ commit fc30a414d8d6586207444356ec270bd3fe0f6e68
	* g10/main.h (DEFAULT_CIPHER_ALGO): Change to AES or CAST5 or 3DES
	depending on configure options.
	* g10/gpg.c (main): Set opt.s2k_cipher_algo to DEFAULT_CIPHER_ALGO.

2015-12-17  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	Pass DBUS_SESSION_BUS_ADDRESS for gnome3.
	+ commit 751b287179c3a485261051a8bc838ee9405fa890
	* g10/passphrase.c (stdenvnames): Add DBUS_SESSION_BUS_ADDRESS.

2015-11-20  Werner Koch  <wk@gnupg.org>

	gpg: Avoid cluttering stdout with trustdb info in verbose mode.
	+ commit 8b5cb544a8a1d9274a072990b13bb1d3cb2f6ab2
	* g10/trustdb.c (validate_keys): Call dump_key_array only in debug
	mode.

2015-10-01  Werner Koch  <wk@gnupg.org>

	gpg: Silence a compiler warning.
	+ commit 6db18e29eb81b37ed6feb592add77d492c60fc35
	* g10/parse-packet.c (enum_sig_subpkt): Replace hack.

2015-09-17  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit 9232df23ac545e358d10c5539bdc9de2d05f15e8


2015-09-08  NIIBE Yutaka  <gniibe@fsij.org>

	po: Fix Spanish translation.
	+ commit bd6f80061a7f7dd8831a2ce989bbd47f46a195bc


2015-09-01  Werner Koch  <wk@gnupg.org>

	Obsolete option --no-sig-create-check.
	+ commit ae61f01523fc68fbd3dbac5f2ba761a7b8b117dd
	* cipher/rsa.c (rsa_sign): Verify after sign.
	* g10/gpg.c (opts): Make --no-sig-create-check a NOP.
	* g10/options.h (opt): Remove field "no_sig_create_check".
	* g10/sign.c (do_sign): Do check only for DSA.

2015-06-16  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix a race condition initially creating trustdb.
	+ commit ae38cbbca493725305c4131fbcafa716ae0c6109
	* g10/tdbio.c (take_write_lock, tdbio_set_dbname): Fix message.

2015-06-15  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix a race condition initially creating trustdb.
	+ commit 6f992d94ea708535b2f3a3de22b429401d59fac9
	* g10/tdbio.c (take_write_lock, release_write_lock): New.
	(put_record_into_cache, tdbio_sync, tdbio_end_transaction): Use
	new lock functions.
	(tdbio_set_dbname): Fix the race.
	(open_db): Don't call dotlock_create.

2015-05-19  NIIBE Yutaka  <gniibe@fsij.org>

	g10: detects public key encryption packet error properly.
	+ commit f3b00d88efa25e23f70b757cf99302af77d3d7ae
	g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for
	encryption.

	g10: Improve handling of no corresponding public key.
	+ commit b3fd30451a5464b124b0296afbc341cb98b3977c
	* g10/getkey.c (get_seckey): Return G10ERR_NO_PUBKEY when it's not
	exact match.

2015-04-30  NIIBE Yutaka  <gniibe@fsij.org>

	g10: fix cmp_public_key and cmp_secret_keys.
	+ commit 04667cabef2d6aaa214b288482bb902c891893a5
	* g10/free-packet.c (cmp_public_keys, cmp_secret_keys): Compare opaque
	data at the first entry of the array when it's unknown algo.
	* mpi/mpi-cmp.c (mpi_cmp): Backport libgcrypt 1.5.0's semantics.

2015-04-05  Werner Koch  <wk@gnupg.org>

	gpg: Fix DoS while parsing mangled secret key packets.
	+ commit 506eb6fec67f170827777f2f44ced6f50745a0ad
	* g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read
	et al.

2015-03-28  Werner Koch  <wk@gnupg.org>

	gpg: Remove left-over debug message.
	+ commit f34d88364a984947bcd7c344f9532f683b856353
	* g10/armor.c (check_input): Remove log_debug.

2015-02-27  Werner Koch  <wk@gnupg.org>

	Release 1.4.19.
	+ commit bcf44e2d153792e20036a26126ad77cef79a0304


	po: Update German translation.
	+ commit 47c2369bb723aac85caf848a7b563889e83bc88f


2015-02-26  David Prévot  <taffit@debian.org>

	po: Update French translation.
	+ commit 9dbfca0db80789d8d2020a945de2ccff484abc02


2015-02-26  Roman Pavlik  <rp@tns.cz>

	po: Update Czech translation.
	+ commit bcccd89eb93a413f633570d250b1e004cddef765


2015-02-26  Frans Spiesschaert  <Frans.Spiesschaert@yucom.be>

	po: Update Dutch translation.
	+ commit 0e4a82c59bd087a6099cccec3a4419f8f57bb3c0


2015-02-26  Manuel \"Venturi\" Porras Peralta  <venturi@openmailbox.org>

	po: Update Spanish translation.
	+ commit d27a4779108e265ad08d8f74887d32723cb62197


2015-02-26  Jakub Bogusz  <qboosh@pld-linux.org>

	po: Update Polish translation.
	+ commit 17a2356328d0cdf9ed7fcc3e8f1f3867d3ff611d


2015-02-26  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit 054b2c113ea01ff79dbe8365dba0c239ee4821e2


2015-02-26  Yuri Chornoivan  <yurchor@ukr.net>

	po: Update Ukrainian translation.
	+ commit e5b5f50af74c7a760240c109f2b4c37d92d254b8


2015-02-26  Milo Casagrande  <milo@milo.name>

	po: Update Italian translation.
	+ commit d252043b9b0aac9145f38d184c34cefbf1f9f1c9


2015-02-26  Jedi Lin  <Jedi@Jedi.org>

	Update Chinese (traditional) translation.
	+ commit 4986eddbdf3485452546e9243729522c2c3fef93


2015-02-26  Werner Koch  <wk@gnupg.org>

	Fix for building without DNS support.
	+ commit c43391f96537c304a8fddd2939a8380d8dd13319
	* util/cert.c (get_cert) [!USE_DNS_CERT]: Add want_ipgp.

	po,intl: Update to 0.19.3.
	+ commit 8adbf74b9398813c3e5d07c0789eaf75a6c3d97e


	Switch to a hash and CERT record based PKA system.
	+ commit 52c6c30647a96162a10715e667299167717c58dd
	* util/pka.c: Rewrite.
	(get_pka_info): Add arg fprbuflen.  Change callers to pass this.
	* util/strgutil.c (ascii_strlwr): New.
	* configure.ac: Remove option --disable-dns-pka.
	(USE_DNS_PKA): Remove ac_define.
	* g10/getkey.c (parse_auto_key_locate): Always include PKA.

	Move two functions from g10/ to util/.
	+ commit 240451a26e3e1fdabe0451a33f8918d4adfa852b
	* g10/misc.c (has_invalid_email_chars, is_valid_mailbox): Move to ...
	* util/strgutil.c: here.

	Add new function strconcat.
	+ commit 484d0730582a57808333e6af58d51c471f2b125a
	* include/util.h (GNUPG_GCC_A_SENTINEL): New.
	* util/strgutil.c (do_strconcat, strconcat): New.

	Add convenience function to hash a buffer.
	+ commit 2e7a3ed39007deb561a9175f7fccd52946c85d28
	* cipher/sha1.c (sha1_hash_buffer): New.

	Allow requesting only an IPGP certtype with dns_cert().
	+ commit d2323ce6fdceeba9765f23a1d5b5e4cb127d99ed
	* util/cert.c (get_cert): Add arg want_ipgp.  Change callers.

2015-02-26  NIIBE Yutaka  <gniibe@fsij.org>

	mpi: Avoid data-dependent timing variations in mpi_powm.
	+ commit 6cbc75e71295f23431c4ab95edc7573f2fc28476
	* include/mpi.h, mpi/mpiutils.c (mpi_set_cond): New.
	* mpi/mpi-pow.c (SIZE_PRECOMP): Rename from SIZE_B_2I3.
	(mpi_powm): Access all data in the table and use mpi_set_cond.

2015-02-23  Werner Koch  <wk@gnupg.org>

	Protect against NULL return of mpi_get_opaque.
	+ commit e0c13ad5f290aec05706797b8f6c9e13d613eb66
	* g10/seckey-cert.c (do_check): Call BUG for NULL return of
	get_opaque.

2015-02-23  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Fix segv due to NULL value stored as opaque MPI.
	+ commit 6f032181ba78c5eeb14f9aab4307a75bbaf0b115
	* g10/build-packet.c (do_secret_key): Check for NULL return from
	gcry_mpi_get_opaque.
	* g10/keyid.c (hash_public_key): Ditto.

2015-02-23  Werner Koch  <wk@gnupg.org>

	gpg: Remove an unused variable.
	+ commit a35ed8af41a91a52e1bbf992522a209f9c27dd55
	* g10/import.c (import): Remove need_armor.

	[dkg: rebased to STABLE-BRANCH-1-4]

2015-02-23  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	curl-shim: clean up varargs.
	+ commit 2b2f2767851eccb12e591c7a3fa432e6bf9db8f2
	* keyserver/curl-shim.c (curl_easy_setopt) : ensure that va_end is
	  called.

2015-02-23  Werner Koch  <wk@gnupg.org>

	gpg: Print better diagnostics for keyserver operations.
	+ commit cf8d89b0ce69d4cfaa835fab913cc7c77565a75d
	* g10/armor.c (parse_key_failed_line): New.
	(check_input): Watch out for gpgkeys_ error lines.
	* g10/filter.h (armor_filter_context_t): Add field key_failed_code.
	* g10/import.c (import): Add arg r_gpgkeys_err.
	(import_keys_internal): Ditto.
	(import_keys_stream): Ditto.
	* g10/keyserver.c (keyserver_errstr): New.
	(keyserver_spawn): Detect "KEY " lines while sending.  Get gpgkeys_err
	while receiving keys.
	(keyserver_work): Add kludge for better error messages.

	Use inline functions to convert buffer data to scalars.
	+ commit 57af33d9e7c9b20b413b96882e670e75a67a5e65
	* include/host2net.h (buf16_to_ulong, buf16_to_uint): New.
	(buf16_to_ushort, buf16_to_u16): New.
	(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.

	gpg: Prevent an invalid memory read using a garbled keyring.
	+ commit 81d3e541326e94d26a953aa70afc3cb149d11ebe
	* g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet
	types.

	gpg: Fix a NULL-deref in export due to invalid packet lengths.
	+ commit 68f260f77a9e4f5cacf0a58e4f55ddee125d3f00
	* g10/build-packet.c (write_fake_data): Take care of a NULL stored as
	opaque MPI.

	gpg: Fix a NULL-deref due to empty ring trust packets.
	+ commit 2e8db53854506572e9d5b5908e143b5ca28f30f5
	* g10/parse-packet.c (parse_trust): Always allocate a packet.

	gpg: Limit the size of key packets to a sensible value.
	+ commit 27d7addccf782d5cb0084cb17522d712d4a6d6b6
	* g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New.
	(MAX_UID_PACKET_LENGTH): New.
	(MAX_COMMENT_PACKET_LENGTH): New.
	(MAX_ATTR_PACKET_LENGTH): New.
	(parse_key): Limit the size of a key packet to 256k.
	(parse_user_id): Use macro for the packet size limit.
	(parse_attribute): Ditto.
	(parse_comment): Ditto.

	gpg: Allow predefined names as answer to the keygen.algo prompt.
	+ commit 20e14e331de4a7e9746650f8b39c1a66d2565c9e
	* g10/keygen.c (ask_algo): Add list of strings.

	gpg: Print a warning if the subkey expiration may not be what you want.
	+ commit 8baf452bb308a59478c9148109f4c78941170ecc
	* g10/keyedit.c (subkey_expire_warning): New.
	keyedit_menu): Call it when needed.

2015-02-11  Werner Koch  <wk@gnupg.org>

	Use ciphertext blinding for Elgamal decryption.
	+ commit ff53cf06e966dce0daba5f2c84e03ab9db2c3c8b
	* cipher/elgamal.c (USE_BLINDING): New.
	(decrypt): Rewrite to use ciphertext blinding.

2015-01-19  Werner Koch  <wk@gnupg.org>

	Modernize to automake 1.14.
	+ commit 592e1aa407a021ed8477f82b1291f30c80291086
	* Makefile.am (AUTOMAKE_OPTIONS): Move to ...
	* configure.ac (AM_INIT_AUTOMAKE): here and add serial-tests.

	* keyserver/Makefile.am: Replace INCLUDES by AM_CPPFLAGS.
	* mpi/Makefile.am: Ditto.
	* util/Makefile.am: Ditto.
	* keyserver/Makefile.am: Ditto.  Adjusted other things.

	* m4/intl.m4, m4/po.m4: Use autoconf's AC_PROG_MKDIR_P.

	Fix a problem with select and high fds.
	+ commit 8adb5ff26062f717619aa816de8b27aa7d40d6c8
	* cipher/rndlinux.c (rndlinux_gather_random): Check fd before using
	FD_SET.

2015-01-13  Werner Koch  <wk@gnupg.org>

	doc: Formatting fixes.
	+ commit ed6287d2e1546ee0f4064675270da003f51e1b39
	* doc/gpl.texi: Fix enumerate and re-indent examples.

2015-01-13  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	avoid future chance of using uninitialized memory.
	+ commit e7cbce8fb2b7417fd1048f916b3e3281f5b9dd7b
	* util/iobuf.c: (iobuf_open): initialize len

2015-01-13  Werner Koch  <wk@gnupg.org>

	doc: Fix memory leak in yat2m.
	+ commit e2e822d22526c1545e095bc24173b732137f5737
	* doc/yat2m.c (write_th): Free NAME.

	gpg: Fix possible read of unallocated memory.
	+ commit aab282855ada8dddee99c777c91829344e91f31a
	* g10/parse-packet.c (can_handle_critical): Check content length
	before calling can_handle_critical_notation.

2015-01-09  Werner Koch  <wk@gnupg.org>

	scd: Fix possibly inhibited checkpin of the admin pin.
	+ commit c83e250ef36c28a275de74d96e89898e9f99cb1e
	* scd/app-openpgp.c (do_check_pin): Do not check a byte of a released
	buffer.

2015-01-08  Joshua Rogers  <git@internot.info>

	scd: fix get_public_key for OpenPGPcard v1.0.
	+ commit 3ca1f4098c70d322658cfaaa0d12164e6ac6d5ad
	* scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use.

2014-12-12  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: release DEK soon after its use.
	+ commit da66ad5bba4215b9ddd0cb927a89aa75355632aa
	* g10/keygen.c (generate_subkeypair): Release DEK soon.

2014-11-24  Werner Koch  <wk@gnupg.org>

	gpg: Fix use of uninit.value in listing sig subpkts.
	+ commit 2d359681f08999686734421228cb69893d8a0060
	* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
	sanitized.

	gpg: Fix off-by-one read in the attribute subpacket parser.
	+ commit 2b4809406b6536cbb67a2282bf855710b8454dc2
	* g10/parse-packet.c (parse_attribute_subpkts): Check that the
	attribute packet is large enough for the subpacket type.

	gpg: Fix a NULL-deref for invalid input data.
	+ commit 69767ccf4218d0dc5ef2d7e141be0f14c88fea59
	* g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
	entry.

2014-11-14  Werner Koch  <wk@gnupg.org>

	gpg: Make the use of "--verify FILE" for detached sigs harder.
	+ commit fbb50867f81d790c4bf819dcadcd14be6c3f957b
	* g10/openfile.c (open_sigfile): Factor some code out to ...
	(get_matching_datafile): new function.
	* g10/plaintext.c (hash_datafiles): Do not try to find matching file
	in batch mode.
	* g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
	matching data file is not used by a standard signatures.

2014-11-12  Werner Koch  <wk@gnupg.org>

	gpg: Add import option "keep-ownertrust".
	+ commit 42d2474a02aa46e6fecf0e35c067aa0b6481ffbe
	* g10/options.h (IMPORT_KEEP_OWNERTTRUST): New.
	* g10/import.c (parse_import_options): Add "keep-ownertrust".
	(import_one): Act upon new option.

2014-10-03  Werner Koch  <wk@gnupg.org>

	mpi: Fix compiler warning.
	+ commit f68123551f4d5b286309006da67c57878f6cc619
	* mpi/mpi-inv.c (mpi_invm): Do not return a value.

2014-10-03  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Add build and runtime support for larger RSA keys.
	+ commit 534e2876acc05f9f8d9b54c18511fe768d77dfb5
	* configure.ac: Added --enable-large-secmem option.
	* g10/options.h: Add opt.flags.large_rsa.
	* g10/gpg.c: Contingent on configure option: adjust secmem size,
	add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
	* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
	* doc/gpg.texi: Document --enable-large-rsa.

2014-09-29  Werner Koch  <wk@gnupg.org>

	doc: Final update from master (gnupg 2.1)
	+ commit 3209f270d236fae588edaab3d48fe707eb25641c
	* doc/Makefile.am (sources_from_trunk): Remove.
	(update-source): Make it a dummy.
	* doc/gpg.texi: Update.
	* doc/yat2m.c: Update.

	Allow use of --debug-level=LEVEL without '='.
	+ commit ad30b2a4ae06a51f747bbd8a3c0985333295f8c6
	* g10/gpg.c (opts): Fix "debug-level".

2014-09-11  Werner Koch  <wk@gnupg.org>

	mpi: Improve mpi_invm to detect bad input.
	+ commit cd53cdbc3774fb193bdebcdc5d7019ddebc16dbc
	* mpi/mpi-inv.c (mpi_invm): Return 0 for bad input.

2014-08-20  Werner Koch  <wk@gnupg.org>

	mpi: Suppress set-but-unused-variables warnings.
	+ commit b89f57fe5db364f78154671e1b2fe1ecd1b5c407
	* include/types.h (GNUPG_GCC_ATTR_UNUSED): Define for gcc >= 3.5.
	* mpi/mpih-div.c (mpihelp_divmod_1, mpihelp_mod_1): Mark dummy as
	 unused.
	* mpi/mpi-internal.h (UDIV_QRNND_PREINV): Mark _ql as unused.

	Fix strict-alias warnings for rijndael.c.
	+ commit ecf2728230788f413cf1864c3cbda73d63de8491
	* cipher/rijndael.c (do_setkey, prepare_decryption): Use u32_a_t cast.

	gpg: Allow compressed data with algorithm 0.
	+ commit 45e3b81114f40070dd638ac790f42df01b8c1484
	* g10/mainproc.c (proc_compressed): Remove superfluous check for
	an algorithm number of 0.

2014-08-06  Werner Koch  <wk@gnupg.org>

	gpg: Fix regression due to the keyserver import filter.
	+ commit d58552760b26d840824658814d59c8b1a25a4219
	* g10/keyserver.c (keyserver_retrieval_filter): Change args.  Rewrite
	to take subpakets in account.
	* g10/import.c (import_one, import_secret_one): Pass keyblock to
	filter.

	Add kbnode_t for easier backporting.
	+ commit dcf58b3471b1c9ba87a826aa132033e506664808
	* g10/global.h (kbnode_t): New.

2014-06-30  Werner Koch  <wk@gnupg.org>

	Release 1.4.18.
	+ commit 6a7b763e05d352a08f639d5eef9d0bac01c5c456


	Limit keysize for unattended key generation to useful values.
	+ commit aae7ec516b79e20938c56fd48fc0bc9d2116426c
	* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
	(gen_rsa): Enforce keysize 1024 to 4096.
	(gen_dsa): Enforce keysize 768 to 3072.

	Make screening of keyserver result work with multi-key commands.
	+ commit 955524f4359ba9e9de213f4067c38df9ae4808a8
	* g10/keyserver.c (ks_retrieval_filter_arg_s): new.
	(keyserver_retrieval_filter): Use new struct and check all
	descriptions.
	(keyserver_spawn): Pass filter arg suing the new struct.

2014-06-23  Werner Koch  <wk@gnupg.org>

	Release 1.4.17.
	+ commit 297f2ac6451e638ed96926d06b01189076010823


	doc: Update from master.
	+ commit bfc7893bdaf4dc674799ddddc0cae8f0af642b9d


	Fix syntax error introduced with 60bd6488.
	+ commit 0d0961c483f9cd0e195f88c0c82dbf2c859f88fe
	* g10/apdu.c (pcsc_dword_t): Fix syntax error.

2014-06-23  Stefan Tomanek  <tomanek@internet-sicherheit.de>

	Screen keyserver responses.
	+ commit 5230304349490f31aa64ee2b69a8a2bc06bf7816
	* g10/main.h: Typedef import_filter for filter callbacks.
	* g10/import.c (import): Add filter callbacks to param list.
	(import_one): Ditto.
	(import_secret_one): Ditto.
	(import_keys_internal): Ditto.
	(import_keys_stream): Ditto.
	* g10/keyserver.c (keyserver_retrieval_filter): New.
	(keyserver_spawn): Pass filter to import_keys_stream()

2014-06-23  Werner Koch  <wk@gnupg.org>

	Print hash algorithm in sig records.
	+ commit 8eab483a1c4817a2946624c7305f464089d1875e
	* g10/keylist.c (list_keyblock_colon): Print field 16.

	Remove useless diagnostic in MDC verification.
	+ commit 01bd0558dd2f8b80d2f3b61f91c11a68357c91fd
	* g10/encr-data.c (decrypt_data): Do not distinguish between a bad MDC
	packet header and a bad MDC.

	intl: Fix for uClibc.
	+ commit bb4d5c2d5f20afff4f5382b33e9f530e3352c06f
	* intl/localename.c (gl_locale_name_thread_unsafe): Take care of
	uCLIBC.

	PC/SC cleanup.
	+ commit 60bd6488c06dd849465bfbff518297a24d28ea08
	* g10/apdu.c (pcsc_dword_t): New.  It was named as DWORD (double-word)
	when a word was 16-bit.
	(struct reader_table_s): Fixes for types.
	(struct pcsc_readerstate_s) [__APPLE__]: Enable #pragma pack(1).
	Throughout: Fixes for types.

	gpg: Use more specific reason codes for INV_RECP.
	+ commit 4239780d5a8418d675884309416aa3f71b5b8faa
	* g10/pkclist.c (build_pk_list): Use more specific reasons codes for
	INV_RECP.

	doc: Remove outdated Russian man page.
	+ commit e28cbdc5598d64bd3f87230cc4e9f0e11da3893e
	* configure.ac (DOCBOOK_TO_MAN): Remove.
	* doc/gpg.ru.sgml: Remove.
	* doc/Makefile.am: Remove all gpg.ru related code.

2014-06-20  Werner Koch  <wk@gnupg.org>

	gpg: Avoid infinite loop in uncompressing garbled packets.
	+ commit 11fdfcf82bd8d2b5bc38292a29876e10770f4b0a
	* g10/compress.c (do_uncompress): Limit the number of extra FF bytes.

2014-03-06  Werner Koch  <wk@gnupg.org>

	gpg: Need to init the trustdb for import.
	+ commit 23191d7851eae2217ecdac6484349849a24fd94a
	* g10/trustdb.c (clear_ownertrusts): Init trustdb.

2014-01-23  Werner Koch  <wk@gnupg.org>

	Support building using the latest mingw-w64 toolchain.
	+ commit 24ba0ce93263c42afb9f087ffcf2edda0b433022
	* acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Change mingw detection.

2013-12-13  Werner Koch  <wk@gnupg.org>

	Release 1.4.16.
	+ commit 7cdb86e0ad7a3f452c2f7358e3e830785281addc


2013-12-11  Werner Koch  <wk@gnupg.org>

	Change --show-session-key to print the session key earlier.
	+ commit fa3f555d756be0229ab10516b901e50230b22033
	* g10/mainproc.c (proc_encrypted): Move show_session_key code to ...
	* g10/decrypt-data.c (decrypt_data): here.

2013-12-10  Werner Koch  <wk@gnupg.org>

	Update config.{guess,sub} and some copyright notices.
	+ commit 4466fdba7bb4cac0b5c4a21b98903bb7f27fd9d9
	* scripts/config.guess, scripts/config.sub: Update to version
	2013-11-29.

2013-12-05  Werner Koch  <wk@gnupg.org>

	Prepare for newer automakes which default to parallel tests.
	+ commit 9b516323d7dc3e6103745becb63f5cc9fd8cc606
	* checks/Makefile.am: Add a list of test dependencies.

2013-12-03  Werner Koch  <wk@gnupg.org>

	Normalize the MPIs used as input to secret key functions.
	+ commit d0d72d98f34579213230b3febfebd2fd8dff272b
	* cipher/rsa.c (secret): Normalize the INPUT.
	(rsa_decrypt): Pass reduced data to secret.
	* cipher/elgamal.c (decrypt): Normalize A and B.
	* cipher/dsa.c (sign): Normalize HASH.

	Use blinding for the RSA secret operation.
	+ commit 93a96e3c0c33370248f6570d8285c4e811d305d4
	* cipher/random.c (randomize_mpi): New.
	* g10/gpgv.c (randomize_mpi): New stub.
	* cipher/rsa.c (USE_BLINDING): Define macro.
	(secret): Implement blinding.

2013-11-27  Werner Koch  <wk@gnupg.org>

	gpg: Change armor Version header to emit only the major version.
	+ commit b135372176b29ca985afa18398a455fd4e2a2063
	* g10/options.h (opt): Rename field no_version to emit_version.
	* g10/gpg.c (main): Init opt.emit_vesion to 1.  Change --emit-version
	to bump up opt.emit_version.
	* g10/armor.c (armor_filter): Implement different --emit-version
	values.

2013-10-18  Werner Koch  <wk@gnupg.org>

	mpi: mpi-pow improvements.
	+ commit cad8216f9a0b33c9dc84ecc4f385b00045e7b496
	* mpi/mpi-pow.c (USE_ALGORITHM_SIMPLE_EXPONENTIATION): New.
	(mul_mod) [!USE_ALGORITHM_SIMPLE_EXPONENTIATION]: New.
	(mpi_powm) [!USE_ALGORITHM_SIMPLE_EXPONENTIATION]: New implementation
	of left-to-right k-ary exponentiation.

	Print the keyid for key packets with --list-packets.
	+ commit 0bdf121d1dcf98d7df28af67272caaac07f6f581
	* g10/parse-packet.c (parse_key): Add keyid printing.

2013-10-11  Werner Koch  <wk@gnupg.org>

	mpi: Fix syntax error for mips64 and gcc < 4.4.
	+ commit 9d89564a4255d58b7e26c6845bcea69ec5b0214f
	* mpi/longlong.h [__mips && gcc < 4.4]: Fix cpp syntax error.

	gpg: Do not require a trustdb with --always-trust.
	+ commit 2528178e7e2fac6454dd988121167305db7c71d9
	* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
	* g10/trustdb.c (trustdb_args): Add field no_trustdb.
	(init_trustdb): Set that field.
[--snip--]
