Noteworthy changes in version 2.2.32 (2021-10-06) ================================================= * dirmngr: Fix Let's Encrypt certificate chain validation. [T5639] (See https://dev/gnupg.org/T5639) * dirmngr: New option --ignore-cert. [323a20399d] * gpg: Fix --list-packets for AEAD packets with unknown key. [T5584] 0453名無しさん@お腹いっぱい。2021/10/13(水) 08:13:42.53 2.3.3
2.2.32と同じくLet's Encryptの証明書周りの問題などを修正
Noteworthy changes in version 2.3.3 (2021-10-12) =============================================== * agent: Fix segv in GET_PASSPHRASE (regression). [#5577] * dirmngr: Fix Let's Encrypt certificate chain validation. [#5639] * gpg: Change default and maximum AEAD chunk size to 4 MiB. [ad3dabc9fb] * gpg: Print a warning when importing a bad cv25519 secret key. [#5464] * gpg: Fix --list-packets for undecryptable AEAD packets. [#5584] * gpg: Verify backsigs for v5 keys correctly. [#5628] * keyboxd: Fix checksum computation for no UBID entry on disk. [#5573] * keyboxd: Fix "invalid object" error with cv448 keys. [#5609] * dirmngr: New option --ignore-cert. [4b3e9a44b5] * agent: Fix calibrate_get_time use of clock_gettime. [#5623] * Silence process spawning diagnostics on Windows. [f2b01025c3] * Support a gpgconf.ctl file under Unix and use this for the regression tests. [#5999] * The Windows installer now also installs the new keyboxd. (Put "use-keyboxd" into common.conf to use a fast SQLite database instead of the pubring.kbx file.) 0454名無しさん@お腹いっぱい。2021/11/24(水) 08:28:45.52 2.2.33
バグ修正と大規模利用向けのオプション追加
Noteworthy changes in version 2.2.33 (2021-11-23) ================================================= * gpg: New option --min-rsa-length. [rG6ee01c1d26] * gpg: New option --forbid-gen-key. [rG985fb25c46] * gpg: New option --override-compliance-check. [T5655] * gpgconf: New command --show-configs. [rG8fe3f57643] * agent,dirmngr: New option --steal-socket. [rG6507c6ab10] * scd: Improve the selection of the default PC/SC reader. [T5644] * gpg: Fix printing of binary notations. [T5667] * gpg: Remove stale ultimately trusted keys from the trustdb. [T5685] * gpgsm: Detect circular chains in --list-chain. [rGc9343bec83] * gpgconf: Create the local option file even if the global file exists. [T5650] * dirmngr: Make reading resolv.conf more robust. [T5657] * gpg-wks-server: Fix created file permissions. [rGf54feb4470] * scd: Support longer data for ssh-agent authentication with openpgp cards. [T5682] * Support gpgconf.ctl for NetBSD and Solaris. [T5656,T5671] * Silence "Garbled console data" warning under Windows in most cases. * Silence warning about the rootdir under Unices w/o a mounted /proc file system. * Fix possible build problems about missing include files. [T5592] * i18n: Replace the term "PIN-Cache" by "Passswort-Cache" in the German translation. [rgf453d52e53] * i18n: Update the Russian translation. 0455名無しさん@お腹いっぱい。2021/12/22(水) 08:18:33.20 2.3.4
Noteworthy changes in version 2.3.4 (2021-12-20) ================================================ * gpg: New option --min-rsa-length. [rG5f39db70c0] * gpg: New option --forbid-gen-key. [rGc397ba3ac0] * gpg: New option --override-compliance-check. [T5655] * gpgconf: New command --show-configs. [rGa0fb78ee0f] * agent,dirmngr,keyboxd: New option --steal-socket. [rGb0079ab39d,rGdd708f60d5] * gpg: Fix printing of binary notations. [T5667] * gpg: Remove stale ultimately trusted keys from the trustdb. [T5685,T5742] * gpg: Fix indentation of --print-mds and --print-md sha512. [T5679] * gpg: Emit gpg 2.2 compatible Ed25519 signature. [T5331] * gpgsm: Detect circular chains in --list-chain. [rG74c5b35062] * dirmngr: Make reading resolv.conf more robust. [T5657] * dirmngr: Ask keyservers to provide the key fingerprints. [T5741] * gpgconf: Allow changing gpg's deprecated keyserver option. [T5462] * gpg-wks-server: Fix created file permissions. [rG60be00b033] * scd: Support longer data for ssh-agent authentication with openpgp cards. [T5682] * scd: Modify DEVINFO behavior to support looping forever. [T5359] * Support gpgconf.ctl for NetBSD and Solaris. [T5656,T5671] * Silence "Garbled console data" warning under Windows in most cases. [rGe293da3b21] * Silence warning about the rootdir under Unices w/o a mounted /proc file system. [T5656] * Fix possible build problems about missing include files. [T5592] Release-info: https://dev.gnupg.org/T56540456名無しさん@お腹いっぱい。2021/12/22(水) 08:20:25.01 Gpg4win 4.0.0 リリース https://files.gpg4win.org/README-4.0.0.en.txt
3.1.6まではGnuPG 2.2系列だったのが4.0.0からは2.3系列にアップグレードされてるので注意 0457名無しさん@お腹いっぱい。2021/12/25(土) 21:34:50.82https://www.gnupg.org/donate/index.html > Fortunately, and this is still not common with free software, we have now established a way of financing the development while keeping all our software free and freely available for everyone. > > Our model is similar to the way RedHat manages RHEL and Fedora: Except for the actual binary of the MSI installer for Windows and client specific configuration files, all the software is available under the GNU GPL and other Open Source licenses. Thus customers may even build and distribute their own version of the software as long as they do not use our trademark GnuPG VS-DesktopR. > > Those with SEPA donations, please cancel them and redirect your funds to other projects which are more in need of financial support. The donations done via Stripe or PayPal have already been canceled. > > All you supporters greatly helped us to keep GnuPG alive and to finally setup a sustainable development model. Stay tuned for a somewhat longer writeup on this.
Noteworthy changes in version 2.2.34 ==================================== * gpgconf: Backport the improved option reading and writing code from 2.3. [rG7a3a1ef370,T4788] * gpgconf: Do not list ignored options and mark forced options as read-only. [T5732] * gpgconf: Correctly show registry entries with --show-configs. [T5724] * gpgconf: Add command aliases -L, -K, and -R. [rGf16c535eee] * gpgconf: Tweak the use of the ldapserver option. [T5801] * gpgconf: Make "--launch gpg-agent" work again. [rG5a7ed6dd8f] * gpg: Accept Ed25519 private keys in modernized encoding. [T5120] * gpg: Fix adding the list of ultimate trusted keys. [T5742] * gpgsm: New option --ignore-cert-with-oid. [rGbcf446b70c] * dirmngr: Avoid initial delay on the first keyserver access in presence of --no-use-tor. [rGdde88897e2] * scdaemon: Also prefer Yubikeys if no reader port is given. [rG38c666ec3f] * agent: Make missing strings translatable and update German and Japanese translations. [T4777] * ssh: Fix adding an ed25519 key with a zero length comment. [T5794] * gpgtar: Create and handle extended headers to support long file names. [T5754] * Fix the creation of socket directories under Windows for non-ascii account names. [rG7d1215cb9c] * Improve the registry HKCU->HKLM fallback. [rG96db487a4d] * Prettify the --help output of most commands.
Noteworthy changes in version 2.3.5 (2022-04-21) ================================================
* gpg: Up to five times faster verification of detached signatures. Doubled detached signing speed. [T5826,rG4e27b9defc,rGf8943ce098] * gpg: Threefold decryption speedup for large files. [T5820,rGab177eed51] * gpg: Nearly double the AES256.OCB encryption speed. [rG99e2c178c7] * gpg: Removed EAX from the preference list. [rG253fcb9777] * gpg: Allow --dearmor to decode all kinds of armor files. [rG34ea19aff9] * gpg: Remove restrictions for the name part of a user-id. [rG8945f1aedf] * gpg: Allow decryption of symmetric encrypted data even for non-compliant cipher. [rG8631d4cfe2] * gpg,gpgsm: New option --require-compliance. [rGee013c5350] * gpgsm: New option --ignore-cert-with-oid. [rGe23dc755fa] * gpgtar: Create and handle extended headers to support long file names. [T5754] * gpgtar: Support file names longer than MAX_PATH on Windows. [rG70b738f93f] * gpgtar: Use a pipe for decryption and thus avoid memory exhaustion. [rGe5ef5e3b91] * gpgtar: New option --with-log. [rGed53d41b4c] * agent: New flag "qual" for the trustlist.txt. [rG7c8c606061] * scdaemon: Add support for GeNUA cards. [rG0dcc249852] * scdaemon: Add --challenge-response option to PK_AUTH for OpenPGP cards. [T5862] * dirmngr: Support the use of ECDSA for CRLs and OCSP. [rGde87c8e1ea,rG890e9849b5] * dirmngr: Map all gnupg.net addresses to the Ubuntu keyserver. [T5751] * ssh: Return a faked response for the new session-bind extension. [T5931] * gpgconf: Add command aliases -L -K -R. [rGec4a1cffb8] * gpg: Request keygrip of key to add via command interface. [T5771] * gpg: Print Yubikey version correctly. [T5787] * gpg: Always use version >= 4 to generate key signature. [T5809] * gpg: Fix generating AEAD packet. [T5853] 0468名無しさん@お腹いっぱい。2022/04/22(金) 10:00:44.55 * gpg: Fix version on symmetric encrypted AEAD files if the force option is used. [T5856] * gpg: Fix adding the list of ultimate trusted keys. [T5742] * gpgsm: Fix parsing of certain PKCS#12 files. [T5793] * gpgsm: Print diagnostic about CRL problems due to Tor mode. [rG137e59a6a5] * agent: Use "Created:" field for creation time. [T5538] * scdaemon Fix error handling for a PC/SC reader selected with reader-port. [T5758] * scdaemon: Fix DEVINFO with no --watch. [rGc6dd9ff929] * scdaemon: Fix socket resource leak on Windwos. [T5029] * scdaemon: Use extended mode for pkcs#15 already for rsa2048. [rG597253ca17] * scdaemon: Enhance PASSWD command to accept KEYGRIP optionally. [T5862] * scdaemon: Fix memory leak in ccid-driver. [rG8ac92f0e80] * tpm: Always use hexgrip when storing a key password. [rGaf2fbd9b01] * dirmngr: Make WKD lookups work for resolvers not handling SRV records. [T4729] * dirmngr: Avoid initial delay on the first keyserver access in presence of --no-use-tor. [rG57d546674d] * dirmngr: Workaround for a certain broken LDAP URL. [rG90caa7ad59] * dirmngr: Escape more characters in WKD requests. [T5902] * dirmngr: Suppress error message on trial reading as PEM format. [T5531] * gpgconf: Fix component table when not building without TPM support. [T5701] * gpgconf: Silence warnings from parsing the option files. [T5874] * gpgconf: Do not list ignored options and mark forced options as read-only. [rG42785d7c8a] * gpgconf: Tweak the use of the ldapserver option. [T5801] * ssh: Fix adding an ed25519 key with a zero length comment. [T5794] * kbx: Fix searching for FPR20 in version 2 blob. [T5888] * Fix early homedir creation. [T5895] * Improve removing of stale lockfiles under Unix. [T5884] Release-info: https://dev.gnupg.org/T57430469名無しさん@お腹いっぱい。2022/04/26(火) 05:18:35.77 GnuPG 2.3.6
2.3.5でのレグレッションの修正など
Noteworthy changes in version 2.3.6 ===================================
* gpg: Fix regression in 2.3.5 importing longer keys. [T5941] * gpg: Emit an ERROR status as hint for a bad passphrase. [T5943] * gpg: Avoid NULL-ptr access due to corrupted packets. [T5940] * gpgsm: Improve the "Certificate not found" error message. [T5821] * agent: Pass pattern directly to gpg-check-pattern. [rGe529c54fe3] * scd: Fix hard-coded constant for RSA authentication key OpenPGP.3. [rG2848fe4c84]
> Highlights in Gpg4win Version 4.0.2 (2022-04-25) > ------------------------------------------- > * GnuPG: Major performance improvements for encryption, verification and signing. Most noticeable when GnuPG is used directly on the command line. > * Kleopatra: Besides accessibility improvements there are many new features regarding revocation. It is now possible to change the primary User ID. > * GpgOL: Bug fixes for improved stability. One random crash after decryption / verification has been fixed.
Noteworthy changes in version 2.2.36 (2022-07-06) -------------------------------------------------
* g10: Fix possibly garbled status messages in NOTATION_DATA. This bug could trick GPGME and other parsers to accept faked status lines. [T6027, CVE-2022-34903] * gpg: Handle leading zeroes in Ed25519 private keys and reverse change regarding Ed25519 SOS encoding as introduced with 2.2.34. [T5120] * gpg: Allow Unicode file names for iobuf_cancel under Windows. * gpgsm: Improve pkcs#12 import. [T6037,T5793,T4921,T4757] * scd,p15: Fix reading certificates w/o length info. * scd,p15: Improve the displayed S/N for Technology Nexus cards. * scd,openpgp: Add workaround for ECC attribute on Yubikey. [T5963] * scd: Fix use of SCardListReaders for PC/SC. [T5979] * gpgconf: New short options -X and -V. * Make sure to always set CONFIDENTIAL flag in Assuan. [T5977]
Noteworthy changes in version 2.3.7 (2022-07-11) ------------------------------------------------
* gpg: Fix possibly garbled status messages in NOTATION_DATA. This bug could trick GPGME and other parsers to accept faked status lines. [T6027, CVE-2022-34903] * gpg: Look up user ID to revoke by UID hash. [T5936] * gpg: Setup the 'usage' filter property for export. [rG7aabd94b81] * gpg,w32: Allow Unicode filenames for iobuf_cancel. [rG4ee2009083] * gpg: Fix reading AEAD preference. [T6019] * gpgsm: New option --compatibility-flags. [rGf0b373cec9] * gpgsm: Rework the PKCS#12 parser to support DFN issued keys. [T6037] * agent: New option --no-user-trustlist and --sys-trustlist-name. [T5990] * agent: Pop up dialog window for confirmation, when specified so. [T5099] * agent: Show "Label:" field of private key when prompt the insertion. [T5986] * agent: Handle USAGE information in KEYINFO. [rG295a6a7591] * agent,ssh: Make not-inserted OpenPGP.3 keys available for SSH. [T5996] * agent,ssh: Support "Use-for-ssh" flag in private key. [T5985] * agent: New field "Prompt" to prevent asking card key insertion. [T5987] * agent: Support --format=ssh option for READKEY. [T6012] * agent: Add KEYATTR command. [T5988] * agent: Flush before calling ftruncate. [T6035] * agent: Do not consider --min-passphrase-len for the magic wand. [rGae2f1f0785] * kbx: Fix a race condition which results no status report. [T5948] * scd:openpgp: Fix a segv for cards supporting unknown curves. [T5963] * scd:p15: Fix reading certificates without length info. * scd:p15: Improve the displayed S/N for Technology Nexus cards. * scd:openpgp: Add workaround for ECC attribute on Yubikey. [T5963] * scd,piv: Fix status report of KEYPAIRINFO. [rG64c8786105] * scd:nks: Support the Telesec ESIGN application. [T5219, T4938] * scd: Fix use of SCardListReaders for PC/SC. [T5979] * scd: Support automatic card selection for READCERT with keygrip. [T6003] * scd: Support specifying keygrip for learn command. [T6002] * dirmngr: Fix for Windows when build against GNUTLS. [T5899] * gpg-connect-agent: Add --unbuffered option. * gpg-connect-agent: Add a way to cancel an INQUIRE. [T6010] * gpgconf: New short options -V and -X 0474名無しさん@お腹いっぱい。2022/07/13(水) 04:42:40.45 Gpg4win 4.0.3
Highlights in Gpg4win Version 4.0.3 (2022-07-12) ------------------------------------------- * GnuPG: Security update to 2.3.7 to fix CVE-2022-34903. 0475名無しさん@お腹いっぱい。2022/08/21(日) 05:55:35.84 なんか変 > gpgme 1.18.0 0476名無しさん@お腹いっぱい。2022/09/09(金) 01:53:54.45 GnuPG 2.2.37
Noteworthy changes in version 2.2.37 (2022-08-24)
* gpg: In de-vs mode use SHA-256 instead of SHA-1 as implicit preference. [T6043] * gpg: Actually show symmetric+pubkey encrypted data as de-vs compliant. Add extra compliance checks for symkey_enc packets. [T6119] * gpg: Request keygrip of key to be added via command-fd interface. [T5771] * gpg: Look up user ID to revoke by UID hash. [T5936] * gpg: Fix wrong error message for "keytocard". [T6122] * gpg: --card-status shows the application type for non-openpgp cards again. [rG8e393e2592] * gpg: The options --auto-key-import and --include-key-block are again listed by gpgconf. [T6138] * gpgsm: New option --compatibility-flags. [rG77b6896f7a] * agent: New options --no-user-trustlist and --sys-trustlist-name. [T5990] * agent: Track and update the Display-S/N of cards so that the "please insert card" prompt may now show more information. Use "gpg --card-status" to update stored card meta data. [T6135] * scd:openpgp: Fix problem with ECC algorithm attributes on Yubikeys. [rG225c66f13b87] * scd:openpgp: Fix problem with Yubikey 5.4 firmware. [T6070] * dirmngr: Ask keyservers to provide the key fingerprints. [T5741] * ssh: Allow authentication as used by OpenSSH's PQ crypto support. [T5935] * wkd: Fix path traversal attack in gpg-wks-server. Add the mail address to the pending request data. [rGc1489ca0e1, T6098] * gpgconf: Improve registry dumping. [rG6bc9592318] * Silence warnings from AllowSetForegroundWindow. [rG6583abedf3] 0477名無しさん@お腹いっぱい。2022/09/09(金) 01:54:39.07 GnuPG 2.2.38
Noteworthy changes in version 2.2.38 (2022-09-01)
* gpg: Fix an encoding problem under Windows in the printed timezone. [T5073] * gpg: Make --require-compliance work for sign+encrypt. [T6174] * gpg: Emit a FAILURE status for --require-compliance errors. [rGe05fb5ca37] * dirmngr: Avoid caching expired certificates. [T6142] 0478名無しさん@お腹いっぱい。2022/09/09(金) 01:55:11.37 GnuPG 2.2.39
Noteworthy changes in version 2.2.39 (2022-09-02)
* agent: Fix regression in 2.2.37 related to non-extended format private keys. [T6176] 0479名無しさん@お腹いっぱい。2022/10/16(日) 19:23:48.43 gpgの2.3以上ってYubikey動かないバグあるのか? gpgアップデートしたらYubikey認識しなくなったんやが 0480名無しさん@お腹いっぱい。2022/10/17(月) 21:57:19.12 セキュリティアップデート
共有ライブラリであるLibksbaに脆弱性
影響があるのは - Libksba 1.6.1 以前を利用するほとんどのソフトウェア - Gpg4win 2.0.0 から 4.0.3 - GnuPG VS-Desktop 3.1.16 から 3.1.24 - GnuPG installers for Windows 2.3.0 から 2.3.7 - GnuPG LTS installers for Windows 2.1.0 から 2.2.39
対処法 Linux, Unix, macOS:Libksbaを1.6.2に更新
Windows - Gpgwin 4.0.4 以降に更新 - GnuPG VS-Desktop 3.1.25 以降に更新 - GnuPG installer for Windows 2.3.8 に更新 - GnuPG LTS installer for Windows 2.2.40 に更新 0481名無しさん@お腹いっぱい。2022/11/26(土) 18:52:37.12>>479 あるよ 俺もそうだけど板がUnix板でスレチ気味だけど mac OS venturaで動かなくなった 暗号化だけしかできなくて復号と署名ができなくなった