Page MenuHomeSolus

Update gnupg to 2.2.17

Authored by kyrios123 on Jul 10 2019, 4:17 PM.


  • gpg: Ignore all key-signatures received from keyservers.
  • gpg: If an imported keyblocks is too large to be stored in the keybox (pubring.kbx) do not error out but fallback to an import using the options "self-sigs-only,import-clean".
  • gpg: New command --locate-external-key which can be used to refresh keys from the Web Key Directory or via other methods configured with --auto-key-locate.
  • gpg: New import option "self-sigs-only".
  • gpg: In --auto-key-retrieve prefer WKD over keyservers.
  • dirmngr: Support the "openpgpkey" subdomain feature from draft-koch-openpgp-webkey-service-07.
  • dirmngr: Add an exception for the "openpgpkey" subdomain to the CSRF protection.
  • dirmngr: Fix endless loop due to http errors 503 and 504.
  • dirmngr: Fix TLS bug during redirection of HKP requests.
  • gpgconf: Fix a race condition when killing components.
  • gpg: Allow deletion of subkeys with --delete-key. This finally makes the bang-suffix work as expected for that command.
  • gpg: Replace SHA-1 by SHA-256 in self-signatures when updating them with --quick-set-expire or --quick-set-primary-uid.
  • gpg: Improve the photo image viewer selection.
  • gpg: Fix decryption with --use-embedded-filename.
  • gpg: Remove hints on using the --keyserver option.
  • gpg: Fix export of certain secret keys with comments.
  • gpg: Reject too long user-ids in --quick-gen-key.
  • gpg: Fix a double free in the best key selection code.
  • gpg: Fix the key generation dialog for switching back from EdDSA to ECDSA.
  • gpg: Use AES-192 with SHA-384 to comply with RFC-6637.
  • gpg: Use only the addrspec from the Signer's UID subpacket to mitigate a problem with another implementation.
  • gpg: Skip invalid packets during a keyring listing and sync diagnostics with the output.
  • gpgsm: Avoid confusing diagnostic when signing with the default key.
  • agent: Do not delete any secret key in --dry-run mode.
  • agent: Fix failures on 64 bit big-endian boxes related to URIs in a keyfile.
  • agent: Stop scdaemon after a reload with disable-scdaemon newly configured.
  • dirmngr: Improve caching algorithm for WKD domains.
  • dirmngr: Support other hash algorithms than SHA-1 for OCSP.
  • gpgconf: Make --homedir work for --launch.
  • gpgconf: Before --launch check for a valid config file.
  • wkd: Do not import more than 5 keys from one WKD address.
  • wkd: Accept keys which are stored in armored format in the directory.

Signed-off-by: Pierre-Yves <>

Test Plan
  • Unit tests are OK
  • This commit is signed with this version of GnuPG

Diff Detail

R1025 gnupg
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

kyrios123 created this revision.Jul 10 2019, 4:17 PM
kyrios123 requested review of this revision.Jul 10 2019, 4:17 PM
JoshStrobl accepted this revision.Jul 11 2019, 12:30 PM
JoshStrobl added a subscriber: JoshStrobl.

LGTM, thanks!

This revision is now accepted and ready to land.Jul 11 2019, 12:30 PM
This revision was automatically updated to reflect the committed changes.