Newer
Older
Release 2.2.40.
+ commit 2e9f8a511dc01ef9ffc59c90f1cb5082e052da06
gpg: For de-vs use AES-128 instead of 3DES as implicit preference.
+ commit 5df1c247be5223343668f9a56eb5f8290c954b6e
* g10/pkclist.c (select_algo_from_prefs): Change implicit cipher
algorithm.
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
2022-10-10 Ingo Klöcker <dev@ingo-kloecker.de>
sm: Fix reporting of bad passphrase error.
+ commit 94092793f6a23bbd93c7a26add4d1a23a6f9acb7
* sm/minip12.c (p12_parse): Set badpass flag to result in ctx.
2022-10-07 Werner Koch <wk@gnupg.org>
wkd: Implement --blacklist option for gpg-wks-client.
+ commit cd020284c9cf352e02e85c52884fc7d56b0f4ec9
* tools/gpg-wks-client.c (blacklist_array, blacklist_array_len): New.
(parse_arguments): Install blacklist.
(read_file): New.
(cmp_blacklist, add_blacklist, is_in_blacklist): New.
(mirror_one_key): Check list.
* tools/gpg-wks.h (opt): Remove field blacklist.
wkd: Restrict gpg-wks-client --mirror to the given domains.
+ commit 88042821d81b93b793ddf67546bb6697d8a6881f
* tools/gpg-wks-client.c (domain_matches_mbox): New.
(mirror_one_key): Skip non-matching domains.
(command_mirror): Change args to allow for several domains.
wkd: Silence gpg-wks-client diagnostics from gpg.
+ commit b18b9b972e2da2fd30c4bfd64c2c6b09213bd1cf
* tools/gpg-wks-client.c (add_user_id): PAss --quiet to gpg unless we
are running in double verbose mode.
(decrypt_stream): Ditto
(encrypt_response): Ditto.
(mirror_one_keys_userid): Ditto.
* tools/wks-util.c (wks_get_key): Ditto.
(wks_list_key): Ditto.
(wks_filter_uid): Ditto.
(cherry picked from commit 4364283f757fceab454d48d461a9f88c31247a07)
wkd: New command --mirror for gpg-wks-client.
+ commit a946343f14752ab06f1a62762e4a5a9203d38d55
* tools/gpg-wks-client.c (aMirror,oBlacklist,oNoAutostart): New.
(opts): Add --mirror, --no-autostart, and --blacklist.
(parse_arguments): Parse new options.
(main): Implement aMirror.
(mirror_one_key_parm): New.
(mirror_one_keys_userid, mirror_one_key): New.
(command_mirror): New.
* tools/gpg-wks.h (struct uidinfo_list_s): Add fields flags.
* tools/wks-util.c (wks_cmd_install_key): Factor some code out to ...
(wks_install_key_core): new.
* tools/call-dirmngr.c (wkd_dirmngr_ks_get): New.
common: Protect against a theoretical integer overflow in tlv.c.
+ commit c300253181cfc591cbcae9251eda5296ed29591b
* common/tlv.c (parse_ber_header): Protect agains integer overflow.
dirmngr: Support paged LDAP mode for KS_GET.
+ commit a70a3204c24a00e688224ee24575be6e523d42ce
* dirmngr/ks-engine-ldap.c (PAGE_SIZE): New.
(struct ks_engine_ldap_local_s): Add several new fields.
(ks_ldap_clear_state): Release them.
(search_and_parse): Factored out from ks_ldap_get and extended to
support the paged mode.
(ks_ldap_get): Implement the pages mode for --first and --next.
* dirmngr/server.c (cmd_ks_get): Provide a dummy passphrase in --first
mode.
* dirmngr/Makefile.am (dirmngr_LDADD): Add LBER_LIBS.
dirmngr: New options --first and --next for KS_GET.
+ commit 20cb9319d998fb4eb3c096ca7d534706d4afc10a
* dirmngr/server.c (cmd_ks_get): Add option --first and --next.
(start_command_handler): Free that new ldap state.
* dirmngr/ks-engine-ldap.c (struct ks_engine_ldap_local_s): New.
(ks_ldap_new_state, ks_ldap_clear_state): New.
(ks_ldap_free_state): New.
(return_one_keyblock): New. Mostly factored out from ....
(ks_ldap_get): here. Implement --first/--next feature.
* dirmngr/ks-action.c (ks_action_get): Rename arg ldap_only to
ks_get_flags.
* dirmngr/ks-engine.h (KS_GET_FLAG_ONLY_LDAP): New.
(KS_GET_FLAG_FIRST): New.
(KS_GET_FLAG_NEXT): New.
* dirmngr/dirmngr.h (struct server_control_s): Add member
ks_get_state.
(struct ks_engine_ldap_local_s): New forward reference.
gpg: Show just keyserver and port with --send-keys.
+ commit 2b2f8a1a0ca12e9903df3f20955f16e206a0c976
* g10/call-dirmngr.c (ks_status_cb): Mangle the keyserver url
dirmngr: Minor fix for baseDN fallback.
+ commit 4cf8dc2d968f966d99ec3db4ee40a1ff5321d5a7
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Avoid passing data
behind the EOS.
(interrogate_ldap_dn): Stylistic change.
2022-10-07 NIIBE Yutaka <gniibe@fsij.org>
dirnmgr: Fix the function prototype.
+ commit 73cc5e073ce9e153cacdb020b15b2abc5e2cf8b2
* dirmngr/ldap-wrapper.c (ldap_wrapper_wait_connections): It's with
no arguments.
dirmngr: Change interrogate_ldap_dn for better memory semantics.
+ commit 98fbac614105b5690d57b4268c6792f4f3538bd5
* dirmngr/ks-engine-ldap.c (interrogate_ldap_dn): Return BASEDN found,
memory allocated.
(my_ldap_connect): Follow the change, removing needless allocation.
2022-10-07 Joey Berkovitz <joeyberkovitz@gmail.com>
dirmngr: Interrogate LDAP server when base DN specified.
+ commit 5516f92224b6baf6d100d58fc273018bdac173f8
* dirmngr/ks-engine-ldap.c (my_ldap_connect): interrogate LDAP
server when basedn specified.
2022-10-07 Werner Koch <wk@gnupg.org>
dirmngr: Support gpgMailbox for mode MAILSUB and MAILEND.
+ commit 615c9717c15a541b212117bfaa88d41ff724127a
* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Use gpgMailbox if
server supports this.
dirmngr: Factor out interrogate_ldap_dn function.
+ commit 44960e702ee3e806331ee63c373c3f7e0931364b
* dirmngr/ks-engine-ldap.c (interrogate_ldap_dn): New.
2022-09-29 Werner Koch <wk@gnupg.org>
gpg: Avoid to emit a compliance mode line if libgcrypt is non-compliant.
+ commit 07c6743148d4abd30fb8bf08b07eb9755fdfff2d
* g10/encrypt.c (check_encryption_compliance): Check gcrypt compliance
before emitting an ENCRYPTION_COMPLIANCE_MODE status.
2022-09-28 Werner Koch <wk@gnupg.org>
dirmngr: Fix lost flags during LDAP upload.
+ commit 32ce7ac0c67489e206544dce93a2364c2f7d9410
* dirmngr/ldapserver.c (ldapserver_parse_one): Turn LINE into a const.
Use strtokenize instead of strtok style parsing.
dirmngr: New server flag "areconly" (A-record-only)
+ commit 6300035ba17b4115df7139926ba55556362038ed
* dirmngr/dirmngr.h (struct ldap_server_s): Add field areconly.
* dirmngr/ldapserver.c (ldapserver_parse_one): Parse "areconly"
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Implement this flag.
* dirmngr/dirmngr_ldap.c: Add option --areconly
(connect_ldap): Implement option.
* dirmngr/ldap.c (run_ldap_wrapper): Add and pass that option.
2022-09-22 Werner Koch <wk@gnupg.org>
gpg: Don't consider unknown keys as non-compliant while decrypting.
+ commit 05b7e4a405c84da14e5f7ee04cfd3de4b0cb8290
* g10/mainproc.c (proc_encrypted): Change compliance logic.
2022-09-16 Werner Koch <wk@gnupg.org>
dirmngr: Fix CRL DP error fallback to other schemes.
+ commit 289fbc550d18a7f9b26c794a2409ba820811f6b3
* dirmngr/crlcache.c (crl_cache_reload_crl): Rework the double loop.
Remove the unused issuername_uri stuff.
2022-09-15 NIIBE Yutaka <gniibe@fsij.org>
build: Update gpg-error.m4.
+ commit ed1264e74b11c4ba7d17e6209ecf55655e2a6027
* m4/gpg-error.m4: Update from libgpg-error.
Release 2.2.39.
+ commit 7c2078a680dde2eaef30a8a6dc49de4540498736
common: Make nvc_lookup more robust.
+ commit 8c22b00268bf5b2374cf7af69465a902b91946aa
* common/name-value.c (nvc_first): Allow for NULL arg.
(nvc_lookup): Allow for PK being NULL.
Release 2.2.38.
+ commit 0b786fde775588413e5c9842bca3a3d8ea06fad5
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
dirmngr: New option --debug-cache-expired-certs.
+ commit ea34325c54a2746bdc2d667a1c98ab07b051cf75
* dirmngr/dirmngr.h (opt): Add debug_cache_expired_certs:
* dirmngr/dirmngr.c (oDebugCacheExpiredCerts): New.
(opts): Add option.
(parse_rereadable_options): Set option.
* dirmngr/certcache.c (put_cert): Handle the option.
common,w32: Fix an encoding problem of the printed timezone.
+ commit 0b91fa0f13fd3644d0be137ed02e006aa05b9501
* common/gettime.c (w32_strftime) [W32]: New function.
(strftime) [W32]: New refinition macro.
gpg: Emit STATUS_FAILURE for --require-compliance errors.
+ commit e05fb5ca3711f02eb562868dc38d30e3cccda270
* g10/misc.c (compliance_failure): Do not fallback to CO_GNUPG. Print
compliance failure error and status for CO_DE_VS.
* g10/mainproc.c (proc_encrypted): Call compliance_failure in the
require-compliance error case.
* g10/encrypt.c (check_encryption_compliance): Ditto.
2022-08-31 NIIBE Yutaka <gniibe@fsij.org>
scd: Add npth_unprotect/npth_protect for blocking operations.
+ commit e1169e8f8ac75ad32fccb7743ffd06803bd50f93
* scd/ccid-driver.c (ccid_open_usb_reader): Name the thread.
(ccid_vendor_specific_setup, ccid_open_usb_reader): Wrap
blocking operations by npth_unprotect/npth_protect.
dirmngr: Reject certificate which is not valid into cache.
+ commit 14ccabe7f82f64bbf84b8a880cd8b4a34cea9061
* dirmngr/certcache.c (put_cert): When PERMANENT, reject the
certificate which is obviously invalid.
2022-08-31 Werner Koch <wk@gnupg.org>
gpg: Fix assertion failure due to errors in encrypt_filter.
+ commit aa0c942521d89f4f0aac90bacaf8a7a7cefc88d8
* common/iobuf.c (iobuf_copy): Use log_assert. Explicitly cast error
return value.
* g10/build-packet.c (do_plaintext): Check for iobuf_copy error.
* g10/encrypt.c (encrypt_filter): Immediately set header_okay.
2022-08-30 Werner Koch <wk@gnupg.org>
gpg: Make --require-compliance work for -se.
+ commit f88cb12f8e3c1234a094d09e2505d3a3eec4cbfe
* g10/encrypt.c (encrypt_crypt, encrypt_filter): Factor common code
out to ...
(create_dek_with_warnings): new
(check_encryption_compliance): and new.
* g10/encrypt.c (encrypt_filter): Add the compliance check.
2022-08-29 Werner Koch <wk@gnupg.org>
gpg: Rename a function.
+ commit 15cf36f6a84deb739bef9944819c5f79f8de3334
* g10/cipher.c (cipher_filter): Rename to cipher_file_cfb.
gpg: Very minor cleanup in decrypt_data.
+ commit 5b24c41ba72c2d06f6acc7c2ad51cf6f384d41d8
* g10/decrypt-data.c (decrypt_data): Show also the aead algo with
--show-session-key. Remove meanwhile superfluous NULL-ptr test.
2022-08-29 Jussi Kivilinna <jussi.kivilinna@iki.fi>
g10/decrypt-data: disable output estream buffering to reduce overhead.
+ commit e92812a4752e56977286f96f7b5064db1e22936d
* g10/decrypt-data.c (decrypt_data): Disable estream buffering for
output file.
2022-08-24 Werner Koch <wk@gnupg.org>
Release 2.2.37.
+ commit 8e60f885713b833dfd8cef7f5b0272df0e48d62f
2022-08-19 Werner Koch <wk@gnupg.org>
gpgsm: New option --compatibility-flags.
+ commit 77b6896f7a85a4b1c9cdd731e1d68d59a0e09950
* sm/gpgsm.c (oCompatibilityFlags): New option.
(compatibility_flags): new.
(main): Parse and print them in verbose mode.
* sm/gpgsm.h (opt): Add field compat_glags.:
(COMPAT_ALLOW_KA_TO_ENCR): New.
* sm/keylist.c (print_capabilities): Take care of the new flag.
* sm/certlist.c (cert_usage_p): Ditto.
* common/miscellaneous.c (parse_compatibility_flags): New.
* common/util.h (struct compatibility_flags_s): New.
2022-08-17 Werner Koch <wk@gnupg.org>
gpgconf: Make --auto-key-import and --include-key-block visible again.
+ commit b356eddf3d7a1ed0fae808b9277134d50f4974af
* tools/gpgconf-comp.c: Add options.
2022-08-16 Werner Koch <wk@gnupg.org>
agent: Fix bug introduced earlier today.
+ commit 3591112fdb013dee1a1a668c9f777d0890520311
* agent/findkey.c (agent_write_private_key): Fix condition.
gpg: Fix "generate" command in --card-edit.
+ commit 914ee7247562dc8f1e4b8503b3b574a5d2749bde
* g10/card-util.c (get_info_for_key_operation): Get the APPTYPE before
testing for it.
* g10/card-util.c (current_card_status): Always try to update the
shadow keys.
* g10/call-agent.c (agent_scd_getattr): Handle $AUTHKEYID.
gpg: Update shadow-keys with --card-status also for non-openpgp cards.
+ commit 2d23a72690b44528783264a93e170585a99cc774
* agent/command.c (cmd_readkey): Also allow for $AUTHKEYID in card
mode.
* g10/call-agent.c (agent_update_shadow_keys): new.
* g10/card-util.c (current_card_status): Call it.
agent: Let READKEY update the display-s/n of the Token entry.
+ commit 755920d4335730fbf25e24342dc9c8a8a772dac3
* agent/findkey.c (agent_write_private_key): Factor file name
generation out to ...
(fname_from_keygrip): new.
(write_extended_private_key): Add and implement new arg MAYBE_UPDATE.
(agent_write_shadow_key): Ditto.
* agent/command.c (cmd_readkey): Update the shadow-key in card mode.
gpg: Fix --card-status to handle lowercase APPTYPEs.
+ commit 8e393e2592646f7d2a11ec32232b8f29eacdce13
* g10/card-util.c (current_card_status): Use ascii_strcasecmp.
2022-08-16 NIIBE Yutaka <gniibe@fsij.org>
gpg: Fix detecting OpenPGP card by serialno.
+ commit 27ae89db6e6901a8fd6f1dce50a25c1a4b845086
* g10/card-util.c (get_info_for_key_operation): Use ->apptype to
determine card's APP.
(current_card_status): Even if its SERIALNO is not like OpenPGP card,
it's OpenPGP card when app says so.
2022-08-16 Werner Koch <wk@gnupg.org>
common: In private key mode write "Key:" always last in name-value.
+ commit 12ad9529782df1eecf628281b8db62cafd775c4f
* common/name-value.c (nvc_write): Take care of Key. Factor some code
out to ...
(write_one_entry): new.
2022-08-15 Werner Koch <wk@gnupg.org>
agent: Create and use Token entries to track the display s/n.
+ commit dc9b2426288e4eb6ab42aa7f731a35bc8d383b46
* agent/divert-scd.c (linefeed_to_percent0A): New.
(ask_for_card): Add arg grip. Read Token and Label items and use
them.
(divert_pksign, divert_pkdecrypt): Pass down grip.
* agent/findkey.c (write_extended_private_key): Add args serialno,
keyref, and dispserialno. Writen Token item.
(agent_write_private_key): Add args serialno, keyref, and
dispserialno.
(read_key_file): Add arg r_keymeta.
(agent_keymeta_from_file): New.
(agent_write_shadow_key): Remove leading spaces from serialno and keyid.
* agent/protect-tool.c (agent_write_private_key): Ditto.
* agent/learncard.c (agent_handle_learn): Get DISPSERIALNO and pass to
agent_write_shadow_key.
* agent/command-ssh.c (card_key_available): Ditto.
common: New function nve_set.
+ commit 706adf669173ec604158e4a2f4337e3da6cb1e45
* common/name-value.c (nve_set): New.
(nvc_set): Use nve_set.
(nvc_delete_named): New.
(nvc_get_string): New.
(nvc_get_boolean): New.
2022-08-04 Werner Koch <wk@gnupg.org>
gpg: Fix wrong error message for keytocard.
+ commit f2a81e3745017072585c9999a129ee5dd0bdc6e6
* g10/call-agent.c (agent_keytocard): Emit SC_OP_FAILURE.
2022-08-03 Werner Koch <wk@gnupg.org>
common: Silence warnings from AllowSetForegroundWindow.
+ commit 6583abedf3f0ffe5cc8283fe683144fc1d5add40
* common/sysutils.c (gnupg_allow_set_foregound_window): Print warning
only with debug flag set.
dirmngr: Fix failed malloc error message.
+ commit 94908857e1f54a3550a3704a5de6bd10b7902169
* dirmngr/ocsp.c (check_signature): Fix error printing of xtrymalloc.
gpgconf: Add config file for Windows Registry dumps.
+ commit ebb736b2c310c8736d1165be9c8e2de413dd0ac6
* tools/gpgconf.c (show_registry_entries_from_file): New.
(show_configs): Call it.
* doc/examples/gpgconf.rnames: New.
* doc/Makefile.am (examples): Add it.
2022-08-02 Werner Koch <wk@gnupg.org>
gpg: Make symmetric + pubkey encryption de-vs compliant.
+ commit e8011a7ceca7d5d9fd703f227e56931a7ea151d6
* g10/mainproc.c (proc_encrypted): Make symmetric + pubkey encryption
de-vs compliant.
* g10/mainproc.c (struct symlist_item): New.
(struct mainproc_context): Add field symenc_list.
(release_list): Free that list.
(proc_symkey_enc): Record infos from symmetric session packet.
(proc_encrypted): Check symkey packet algos
gpgconf: Improve registry dumping.
+ commit 6bc959231802d60694b7677d3537261d9cda1e1d
* common/w32-reg.c (read_w32_registry_string): Map REG_DWORD to a
string.
(read_w32_reg_string): Add arg r_hklm_fallback and change all callers.
(show_configs): Indicate whether the HKLM fallback was used.
* tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin
Registry key. Indicate whether the HKLM fallback was used.
2022-07-28 Werner Koch <wk@gnupg.org>
gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference.
+ commit 890e616593af5d1e0f2eb932768205ef90928e5e
* g10/pkclist.c (select_algo_from_prefs): Change implicit hash
algorithm.
2022-07-27 Werner Koch <wk@gnupg.org>
agent: New option --no-user-trustlist and --sys-trustlist-name.
+ commit d0bd91ba73a7e333e9b5007875c9bd475fb9581e
* agent/gpg-agent.c (oNoUserTrustlist,oSysTrustlistName): New.
(opts): Add new option names.
(parse_rereadable_options): Parse options.
(finalize_rereadable_options): Reset allow-mark-trusted for the new
option.
* agent/agent.h (opt): Add fields no_user_trustlist and
sys_trustlist_name.
* agent/trustlist.c (make_sys_trustlist_name): New.
(read_one_trustfile): Use here.
(read_trustfiles): Use here. Implement --no-user-trustlist. Also
repalce "allow_include" by "systrust" and adjust callers.
2022-07-27 Ingo Klöcker <dev@ingo-kloecker.de>
gpg: Look up user ID to revoke by UID hash.
+ commit abe69b2094dd749fc2f285b672d30a4f1e3f12a7
* g10/keyedit.c (find_userid_by_namehash, find_userid): New.
(keyedit_quick_revuid): Use find_userid() instead of iterating over the
nodes of the keyblock.
* tests/openpgp/quick-key-manipulation.scm: Add test for revoking a
user ID specified by its hash.
2022-07-27 Werner Koch <wk@gnupg.org>
wkd: Bind the address to the nonce.
+ commit 73a98c13969169fee6bf5eaa71507a409eb17caf
* tools/gpg-wks-server.c (make_pending_fname): New.
(store_key_as_pending, check_and_publish): Use here.
(process_new_key): Pass addrspec to store_key_as_pending.
(expire_one_domain): Expire also the new files.
2022-07-26 Ingo Klöcker <dev@ingo-kloecker.de>
dirmngr: Ask keyservers to provide the key fingerprints.
+ commit 22e8dc792702cd485408b5a8212d34a3917851ca
* dirmngr/ks-engine-hkp.c (ks_hkp_search): Add "fingerprint=on" to
request URL.
2022-07-25 Ingo Klöcker <dev@ingo-kloecker.de>
gpg: Request keygrip of key to add via command interface.
+ commit ee8f1c10a7a54714fb2a9ca141d38e666b9a424d
* g10/keygen.c (ask_algo): Request keygrip via cpr_get.
* doc/help.txt (gpg.keygen.keygrip): New help text.
2022-07-25 Werner Koch <wk@gnupg.org>
wkd: Fix path traversal attack on gpg-wks-server.
+ commit c1489ca0e101a81df6f8b1ba8d8a9afd9ebc6412
* tools/gpg-wks-server.c (check_and_publish): Check for invalid
characters in sender controlled data.
* tools/wks-util.c (wks_fname_from_userid): Ditto.
(wks_compute_hu_fname): Ditto.
(ensure_policy_file): Ditto.
2022-07-13 NIIBE Yutaka <gniibe@fsij.org>
scd:openpgp: Fix workaround for Yubikey heuristics.
+ commit 8c9f879d4aa01ad96320869fb3da83a843292504
* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case
of firmware 5.4, too.
scd: Fail when no good algorithm attribute.
+ commit 225c66f13b8700d9d283367705b31070a3d38d93
* scd/app-openpgp.c (parse_algorithm_attribute): Return the error.
(change_keyattr): Follow the change.
(app_select_openpgp): Handle the error of parse_algorithm_attribute.
2022-07-12 NIIBE Yutaka <gniibe@fsij.org>
scd: Don't inhibit SSH authentication for larger data if it can.
+ commit 07e43eda8dc69cecc385a6b3723e155afbc59257
* scd/app-openpgp.c (do_auth): Use command chaining if available.
2022-07-06 Werner Koch <wk@gnupg.org>
Release 2.3.36.
+ commit 491645b50ec97db12520483d347291d660db209c
2022-06-29 Werner Koch <wk@gnupg.org>
gpgconf: New short options -V and -X.
+ commit f357a5f239919de976b86a666410f504682973e4
* tools/gpgconf.c: Assign short options -X and -V
(show_version_gnupg): Print the vsd version if available.
2022-06-24 NIIBE Yutaka <gniibe@fsij.org>
agent: Flush before calling ftruncate.
+ commit 9e2307ddf0c2608e9cfb435f870b75cbb35791d7
* agent/findkey.c (write_extended_private_key): Make sure
it is flushed out.
2022-06-21 Werner Koch <wk@gnupg.org>
sm: Update pkcs#12 module from master.
+ commit 4c14bbf56fb544541bd65f9d6e6e0b81779dcab6
* sm/minip12.c: Update from master.
* sm/import.c (parse_p12): Pass NULL for curve.
2022-06-20 Werner Koch <wk@gnupg.org>
common: Add an easy to use DER builder.
+ commit d21ced1e3596dc9e4fa53995286b4cbbd6e94195
* common/tlv-builder.c: New.
* common/tlv.c: Remove stuff only used by GnuPG 1.
(put_tlv_to_membuf, get_tlv_length): Move to ...
* common/tlv-builder.c: here.
* common/tlv.h (tlv_builder_t): New.
2022-06-14 Werner Koch <wk@gnupg.org>
g10: Fix garbled status messages in NOTATION_DATA.
+ commit 7b1db7192e6e4d0cfc439b23b13831837c85bc21
* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one
2022-06-09 NIIBE Yutaka <gniibe@fsij.org>
agent,scd: Make sure to set CONFIDENTIAL flag in Assuan.
+ commit aeee62593ae9147a38fd79f0782f3fa0e4ac5c4a
* agent/call-scd.c (inq_needpin): Call assuan_begin_confidential
and assuan_end_confidential, and wipe the memory after use.
* agent/command.c (cmd_preset_passphrase): Likewise.
* scd/command.c (pin_cb): Likewise.
2022-06-03 Werner Koch <wk@gnupg.org>
w32: Avoid warning about not including winsock2.h after windows.h.
+ commit dfc01118ce0707c2d920fb31f7731f3a383df761
* common/dynload.h: Include winsock2.h first.
w32: Allow Unicode filenames for iobuf_cancel.
+ commit 10db566489880acd510f8e07dc52a38dd82feafe
* common/iobuf.c (iobuf_cancel): Use gnupg_remove
* common/mischelp.c (same_file_p): Allow for Unicode names.
2022-06-01 Werner Koch <wk@gnupg.org>
scd:p15: Fix accidental commit of debug code.
+ commit e3db6c74a6305e86eaefb0ca8d49d4d9754104ff
* scd/app-p15.c (do_sign): Revert MSE setting.
scd: Shorten cardio debug output for all zeroes.
+ commit 62becf599eb861936faf88b6ec5e0f7b1658b54e
* scd/apdu.c (all_zero_p): New.
(send_le): Use it.
(cherry picked from commit 9b6f574928546e6905a92c3e74d72478f1585c66)
2022-05-17 NIIBE Yutaka <gniibe@fsij.org>
scd: Fix use of SCardListReaders for PC/SC.
+ commit 7bc794c3113400af082b26610d9d1305826be54e
* scd/apdu.c (open_pcsc_reader): Initialize NREADER.
2022-05-10 NIIBE Yutaka <gniibe@fsij.org>
scd: Add workaround for ECC attribute on Yubikey.
+ commit a5217c90003c2e1b9bfb06b58ffc2d0d9164f22a
* scd/app-openpgp.c (parse_algorithm_attribute): Skip possibly bogus
octet in a key attribute.
2022-05-06 Werner Koch <wk@gnupg.org>
scd:p15: Improve the displayed S/N for Technology Nexus cards.
+ commit 91acbdc93c8a6ae06b483a27c8bb7c33a978108d
* scd/app-p15.c (any_control_or_space_mem): New.
(get_dispserialno): Add new code.
scd:p15: Fix the the sanity check of the displayed S/N.
+ commit 8efe738c4a090f523461fa3055da668467715105
* scd/app-p15.c (any_control_or_space): Fix loop.
2022-05-05 Werner Koch <wk@gnupg.org>
scd:p15: Fix reading certificates without length info.
+ commit 7f029eef6ce15be4167f56e7fc07755d189e5e27
* scd/app-p15.c (readcert_by_cdf): Do not use extended mode if the CDF
object has no length info. Add debug output when reading a cert.
(read_p15_info): No more need to disable extended mode for GeNUA cards.
scd: New debug flags "card".
+ commit d60f930d9b000e802dc61c8e8d494a3091dc0437
* scd/scdaemon.c (debug_flags): Add "card".
* scd/scdaemon.h (DBG_CARD_VALUE, DBG_CARD): New.
gpg: Minor robustness fix.
+ commit 36a5509e11c81305c4ded93982fa594bd52555a6
* g10/parse-packet.c (mpi_read_detect_0_removal): Protect agains
failed gcry_mpi_scan.
2022-05-02 NIIBE Yutaka <gniibe@fsij.org>
tests: Add a test for Ed25519 keys for non-protected secret.
+ commit 06e82e997a56406e04113a7f6c1d083e0cc04172
* tests/openpgp/issue5120.scm: New.
2022-04-28 NIIBE Yutaka <gniibe@fsij.org>
gpg: Handle leading-zeros private key for Ed25519.
+ commit 3fcef7371480cce392d690897d42955f1b19c12a
* g10/parse-packet.c (mpi_read_detect_0_removal): New.
(parse_key): Use mpi_read_detect_0_removal for PUBKEY_ALGO_EDDSA
to tweak the checksum.
Revert "gpg: Accept Ed25519 private key in SOS which reserves leading zeros."
+ commit 3192939a10df17cb9666773ed8888627f6d16b8d
This reverts commit 14de7b1e5904e78fcbe413a82d0f19b750bd8830.
Release 2.2.35.
+ commit f7bc6f50496bffc3c377cb4e3e844242a590b5e1
gpg: Avoid NULL ptr access due to corrupted packets.
+ commit 86d84464ae11666b1556e876a41a65cec8daaf18
* g10/parse-packet.c (parse_signature): Do not create an opaque MPI
with NULL and length > 0
(parse_key): Ditto.
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
2022-04-25 NIIBE Yutaka <gniibe@fsij.org>
agent: Not writing password into file.
+ commit 9c0a24b4a55edff3d54cc5e98ba8112714f583e3
* agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke
pattern check program.
2022-04-25 Werner Koch <wk@gnupg.org>
gpg: Emit an ERROR status as hint for a bad passphrase.
+ commit f021ecd57624f09430731f5deee2c4d0712150c8
* g10/mainproc.c (proc_symkey_enc): Issue new error code.
(proc_encrypted): Ditto.
2022-04-20 Werner Koch <wk@gnupg.org>
w32: Do no use Registry item DefaultLogFile for the main tools.
+ commit a5faaf8bee43e1e8d99cf3c08fad8ccce047fc28
* g10/gpg.c (main): Set LOG_NO_REGISTRY.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpgconf.c (main): Ditto.
(show_other_registry_entries): Print "DefaultLogFile".
2022-04-14 Werner Koch <wk@gnupg.org>
gpg: Replace an assert by a log_fatal.
+ commit c8c71fc7161bf6b553bc5b45b2f7a06f8a1a4639
* g10/build-packet.c (do_signature): Use log_fatal.
scd: Minor code reorganization.
+ commit 58532fe56c334d0edc589311e6601fb9da70d9a1
* scd/ccid-driver.c: Move struct defines to the top.
(MAX_DEVICE): Rename to CCID_MAX_DEVICE.
scd: Fix memory leak in ccid-driver.
+ commit c4b14be48fe9b0f52bca9840375eb0eac3cc2432
* scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count.
2022-04-13 Werner Koch <wk@gnupg.org>
scd:p15: Improve the PIN prompt for Genua cards.
+ commit e99670f944bc613d258d0810c5831a2099718d4e
* scd/app-p15.c (CARD_PRODUCT_GENUA): New.
(cardproduct2str): Add it.
(read_p15_info): Detect and set GENUA
(make_pin_prompt): Take holder string from the AODF.
scd:p15: Support for GeNUA cards.
+ commit 44ec383cdec06ee4ac8dbe7b913990bbeeb3d3a3
* scd/app-p15.c (read_p15_info): Disable extended mode for Genua
cards.
scd:p15: Prepare AODF parsing for other authentication types.
+ commit 29fd80581867beeec068b49e8587762394e7d4d1
* scd/app-p15.c (auth_type_t): New.
(struct aodf_object_s): Add field auth_type.
(read_ef_aodf): Distinguish between pin and authkey types. Include
the authtype in the verbose mode diags.
scd:p15: Add basic support for AET JCOP cards.
+ commit 80cf64c65155f718ed7dcee0e6a2aedbd9a2a5b0
* scd/app-p15.c (CARD_TYPE_AET): New.
(cardtype2str): Add string.
(card_atr_list): Add corresponding ATR.
(app_local_s): New flag no_extended_mode. Turn two other flags into
bit flags.
(select_ef_by_path): Hack to handle the 3FFF thing.
(readcert_by_cdf): Do not use extended mode for AET.
(app_select_p15): Set no_extended_mode.
---
(cherry picked from commit 544ec7872aed24c296ea34fac777eca287f7bb47)
2022-03-29 NIIBE Yutaka <gniibe@fsij.org>
common,unix: Backport dotlock changes from GnuPG 2.3.
+ commit d9a8d3353afd669252e25b56ed92f9fb7c0dcc3d
* common/dotlock.c (read_lockfile): Return FD in R_FD.
(dotlock_take_unix): Fix a race condition by new read_lockfile and
checking with fstat. Describe one race condition in comment.
(dotlock_release_unix): Follow the change of read_lockfile.
2022-03-28 Werner Koch <wk@gnupg.org>
dirmngr: Escape more characters in WKD requests.
+ commit 3b251c8366cf7ddf5b82fc2331a8009fa1f2de23
* dirmngr/server.c (proc_wkd_get): Also escape '#' and '+'
2022-03-22 Werner Koch <wk@gnupg.org>
gpgtar: New option --with-log.
+ commit ce69d55f70a18cfe5cf91353efc00ab43ba8fd8b
* tools/gpgtar.c: New option --with-log.
* tools/gpgtar.h (opt): Add field with_log.
* tools/gpgtar-extract.c (gpgtar_extract): Move directory string
building up. Add option --log-file if needed.
* tools/gpgtar-create.c (gpgtar_create): Make tmpbuf static becuase it
is used outside of its scope.
* tools/gpgtar-list.c (gpgtar_list): Ditto.
2022-03-21 Werner Koch <wk@gnupg.org>
dirmngr: Make WKD_GET work even for servers not handling SRV RRs.
+ commit 6d30fb6940d57237392f9196a4de5c7246ffefdf
* dirmngr/server.c (proc_wkd_get): Take care of DNS server failures
gpgtar: Finally use a pipe for decryption.
+ commit d431feb3077f763e37f824026988a10d87c8a5aa
* tools/gpgtar.h (opt): Add new flags.
* tools/gpgtar.c: new options --batch, --yes, --no, --status-fd, and
--require-compliance.
(main): Init signals.
* tools/gpgtar-create.c: Add new header files.
(gpgtar_create): Rework to use a pipe for encryption and signing.
* tools/gpgtar-list.c: Add new header files.
(gpgtar_list): Rework to use a pipe for decryption.
* tools/gpgtar-extract.c: Add new header files.
(gpgtar_extract): Rework to use a pipe for decryption.
2022-03-18 Werner Koch <wk@gnupg.org>
gpg: Print info about the used AEAD algorithm.
+ commit 15eda7ce783a81d2f5911028a4c8c3ce5649edca
* g10/misc.c (openpgp_cipher_algo_mode_name): New.
* g10/decrypt-data.c (decrypt_data): Use function here.
common: New function map_static_strings.
+ commit c1453665491fb6a16883ee5e1828cfb0c28b466a
* common/mapstrings.c (struct intmapping_s): New.
(map_static_strings): New.
* common/stringhelp.c (do_strconcat): Rename to ...
(vstrconcat): this and make global.
* common/t-mapstrings.c (test_map_static_strings): New test.
gpg: Allow decryption of symencr even for non-compliant cipher.
+ commit e081a601f7b31fa278e46de7c6834a756b63cec2
* g10/decrypt-data.c (decrypt_data): Add arg compliance_error. Adjust
all callers. Fail on compliance error only in --require-compliance
mode. Make sure to return an error if the buffer is missing; actually
that should be an assert.
* g10/mainproc.c (proc_encrypted): Delay printing of the compliance
mode status. Consult the compliance error now returned by
decrypt_data.
2022-03-15 Werner Koch <wk@gnupg.org>
common: New flags for gnupg_spawn_process.
+ commit 7ba44d15ca2f800c402a56eb71bb524f91ea2ffa
* common/exechelp.h (GNUPG_SPAWN_KEEP_STDIN): New.
(GNUPG_SPAWN_KEEP_STDOUT): New.
(GNUPG_SPAWN_KEEP_STDERR): New.
* common/exechelp-posix.c (do_exec): Add arg flags and implement new
flags.
* common/exechelp-w32.c (gnupg_spawn_process): Implement new flags.
2022-03-09 Werner Koch <wk@gnupg.org>
gpgconf: Silence warnings from parsing the options files.
+ commit e8b1ab1d2d22f938b3e5991343b7e089d96606a0
* tools/gpgconf-comp.c (retrieve_options_from_program): Set verbose
flag for the arg parser only in --verbose mode.
2022-03-09 NIIBE Yutaka <gniibe@fsij.org>
sm: Fix parsing encrypted data.
+ commit 0c7dffe99d3fded41df87512063515b5ca2da820
* sm/minip12.c (cram_octet_string): Finish when N==0.
(parse_bag_encrypted_data): Support constructed data with multiple
octet strings.
2022-03-08 Werner Koch <wk@gnupg.org>
gpgsm: New option --require-compliance.
+ commit 847d618454e6f8418b169132dbdd0307d9b4d7e0
* sm/gpgsm.c (oRequireCompliance): New.
(opts): Add --require-compliance.
(main): Set option.
* sm/gpgsm.h (opt): Add field require_compliance.
(gpgsm_errors_seen): Declare.
* sm/verify.c (gpgsm_verify): Emit error if non de-vs compliant.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
gpg: New option --require-compliance.
+ commit 17890d43187384d049d80af28a5baea8613ff6ea
* g10/options.h (opt): Add field flags.require_compliance.
* g10/gpg.c (oRequireCompliance): New.
(opts): Add --require-compliance.
(main): Set option.
* g10/mainproc.c (proc_encrypted): Emit error if non de-vs compliant.
(check_sig_and_print): Ditto.
* g10/encrypt.c (encrypt_crypt): Ditto.
gpg: Give Libgcrypt CFLAGS a higher priority than SQlite.
+ commit c11292fe736db6e61fad17d74f65b0b5ad9c2808
* g10/Makefile.am (AM_CFLAGS): Reorder.
2022-03-04 Werner Koch <wk@gnupg.org>
gpgtar,w32: Support file names longer than MAX_PATH.
+ commit 5492079defab85b1ba2c583e32a8feb752314b2e
* tools/gpgtar.c: Replace assert by log_assert.
* tools/gpgtar-extract.c: Ditto.
(extract_regular): Create files with sysopen flag.
* tools/gpgtar-create.c (scan_directory): Use gpgrt_fname_to_wchar.
common,w32: Support file names longer than MAX_PATH in iobuf.
+ commit 4122896a39b7ac5dc071bf4d2e9be0ac8a3e21d7
* common/iobuf.c (direct_open): Use gpgrt_fname_to_wchar.
(any8bitchar): Remove.
2022-02-24 Jussi Kivilinna <jussi.kivilinna@iki.fi>
g10: Avoid extra hash contexts when decrypting MDC input.
+ commit 9116fd1e9a2da9c83f94acfe41fb6e5c6f03e8d1
* g10/mainproc.c (mainproc_context): New member
'seen_pkt_encrypted_mdc'.
(release_list): Clear 'seen_pkt_encrypted_mdc'.
(proc_encrypted): Set 'seen_pkt_encrypted_mdc'.
(have_seen_pkt_encrypted_aead): Rename to...
(have_seen_pkt_encrypted_aead_or_mdc): ...this and add check for
'seen_pkt_encrypted_mdc'.
(proc_plaintext): Do not enable extra hash contexts when decrypting
MDC input.
2022-02-21 Werner Koch <wk@gnupg.org>
scd:p15: Used extended mode already for RSA 2048.
+ commit a2db490de5473af42d7b5a99398c48befe294394
* scd/app-p15.c (do_sign, do_decipher): Replace GT by GE.
2022-02-17 NIIBE Yutaka <gniibe@fsij.org>
tests: Remove a test case with "quiet" option with gpgconf.
+ commit f064d972e38863358a2dd53de43acd66572830c2
* tests/openpgp/gpgconf.scm: Remove "quiet" test.
scd: Use lock_slot for apdu_send_direct.
+ commit 3c3765405de02b9a57fdc9a3cf901f6e3aca8586
* scd/apdu.c (apdu_send_direct): Use lock_slot.
2022-02-09 Werner Koch <wk@gnupg.org>
gpgconf: Do not show "quiet" as option.
+ commit 2f2130ff24faf4507fa5949e834c155b4a8e1525
* tools/gpgconf-comp.c: Remove "quiet" and two unsupported options
Release 2.2.34.
+ commit 04d40a680baa43f9803d0981b1da49144021d723
dirmngr: Changes to the linking order.
+ commit 3c79ff34c417bfc392008eca1970b86bec54d6c3
* dirmngr/Makefile.am: Tweak library order.
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
gpgconf: Make gpgconf --launch dirmngr work again.
+ commit 5a7ed6dd8f1b4e3c2e8f6e82700a86bd886c5f50
* tools/gpgconf.h (gc_component_id_t): Fix the order.
gpgconf: Print the used code pages on Windows with --show-configs.
+ commit 32b364b99b492c580330591640cdaa7407016733
* tools/gpgconf.c (show_configs): Add some code
common: Fix creation of Windows socket directories.
+ commit 7d1215cb9cba258102b91c92e6973783e8d53b07
* common/homedir.c (w32_try_mkdir): Remove.
(standard_homedir): Use gnupg_mkdir instead of w32_try_mkdir.
(_gnupg_socketdir_internal): Ditto.
2022-02-04 Werner Koch <wk@gnupg.org>
m4: Update our library m4 files from master.
+ commit c8cd66ae7e609f221c7dad905e88a206a285ab1c
* m4/gpg-error.m4: Updated
* m4/ksba.m4: Updated
* m4/libassuan.m4: Updated
* m4/libgcrypt.m4: Updated
* m4/npth.m4: Updated
* m4/ntbtls.m4: Updated
2022-02-03 Werner Koch <wk@gnupg.org>
dirmngr: Allow building with non-standard ntbtls location.
+ commit 137590fd8614a69cc60da3226cefc4495502ec26
* dirmngr/Makefile.am: Add missing -L and -I
dirmngr: Simplify --gpgconf-list output.
+ commit 0b76ef48e1df4c210d57f3bf4bc1fe1fa3762408
* dirmngr/dirmngr.c (main): Keep only values with the default flag.
sm: New option --ignore-cert-with-oid.
+ commit bcf446b70ca58ac1497269f047fba9ddb3d62e96
* sm/gpgsm.c (oIgnoreCertWithOID): New.
(opts): Add option.
(main): Store its value.
* sm/call-agent.c (learn_cb): Test against that list.
2022-02-02 Werner Koch <wk@gnupg.org>
gpgconf: Return the compliance_de_vs item.
+ commit e058d15d2d56dfed2723e1a55c75e52db87b2dc2
* tools/gpgconf-comp.c (known_options_gpg): Add missing pseudo option.
2022-02-01 Werner Koch <wk@gnupg.org>
dirmngr: Avoid initial delay on the first keyserver access.
+ commit dde88897e2c5851aab32370ee6c8ace150debb77
* dirmngr/dirmngr.c (dirmngr_never_use_tor_p): New.
* dirmngr/server.c (ensure_keyserver): Don't even test for the Tor
proxy in never-use-tor Mode.
* tools/gpgtar-create.c: Include unistd.h to avoid a warning on
Windows.
gpg: Set --verbose and clear --quiet in debug mode.
+ commit d426ed66ac043e442649a8a2bc7eac6753a5bf58
* g10/gpg.c (set_debug): Tweak options.
2022-01-28 Werner Koch <wk@gnupg.org>
ssh: Fix adding an ed25519 key with a zero length comment.
+ commit 2331900d1cc022c04177272a51c00690229bb989
* agent/command-ssh.c (sexp_key_construct): Do not put an empty string
into an S-expression.
(stream_read_string): Do not not try to a read a zero length block.
2022-01-27 Werner Koch <wk@gnupg.org>
gpgconf: Tweak the use of ldapserver.
+ commit e1fc053dc1ad260922428cf864071e829e6c30f2
* tools/gpgconf-comp.c (known_options_gpgsm): Make "keyserver"
invisible.
(known_options_dirmngr): Add "ldapserver".
* sm/gpgsm.c (oKeyServer_deprecated): New.
(opts): Assign "ldapserver" to the new option and makr it as obsolete.