2026-02-24  Werner Koch  <wk@gnupg.org>

	Release 2.5.18.
	+ commit 1b8362889a522bbcfeb80ef3af61218db216f62b


2026-02-24  NIIBE Yutaka  <gniibe@fsij.org>

	gpg:keygen: Add ECC information for composit keys.
	+ commit d67fa0d6874846f0b0fa055500a72adbc0e29d1a
	* g10/keygen.c (ask_kyber_variant): Show curve information.

2026-02-20  Werner Koch  <wk@gnupg.org>

	gpgsm: New option --assert-validsig.
	+ commit 9500b2c7762b8b91ee5d3a3ed3cdb7f1e4143eef
	* sm/gpgsm.c (oAssertValidsig, oAssertKeyusage): New.
	(opts): Add options --assert0validsig and --assert-keyusage.
	(assert_validsig_true): New global var.
	(main): Set options.
	(gpgsm_exit): Implement --assert-validsig.
	* sm/gpgsm.h (opt): Add fields assert_validsig and assert_keyusage.
	* sm/verify.c (gpgsm_verify): Set assert_validsig_true.

2026-02-20  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Fix armor parsing when no CRC is found.
	+ commit b7aa3f5e320dff0d35ce90c6f6381ee4213b6eb7
	* g10/armor.c (radix64_read): Fix no CRC at the end of armor.

2026-02-19  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Fix debug output for ECC decryption.
	+ commit 463812bfed4ed3074fa6990c89dc6dbbdc9d5837
	* agent/pkdecrypt.c (ecc_extract_pk_from_key): Length fix.

2026-02-17  Daniel Cerqueira  <dan.git@lispclub.com>

	po: Update Portuguese Translation.
	+ commit 6d81e29392ed203dd0445416b1d50f301fe3ec59
	 - change po/pt.po

2026-02-17  Sam James via Gnupg-devel  <gnupg-devel@gnupg.org>

	g10: fix uninit use in aead filter.
	+ commit ac99481ee65a412eb8add995ae338cd7ff52e8ec
	* g10/decrypt-data.c (aead_underflow): Initialize 'err'
	  to 0.

	g10: fix uninit use.
	+ commit 1687dd35ee98e2710b6ac9592eee612e1de4741c
	* g10/encrypt.c (reencrypt_to_new_recipients): Drop first
	  (and uninitialized) use of 'count'.

	g10: check null in assert.
	+ commit 0f5c9c845fda1f8828ff17e5e9d1819813cc8f81
	* g10/keyedit.c (keyedit_quick_revsig): Check 'keyblock' in log_assert.

2026-02-17  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Support deleting a composite secret key in gpg-agent.
	+ commit 49e61332af4912c9234d98710d5bd1eac6e806b0
	* g10/call-agent.c (agent_delete_key): Handle KEYGRIP2 and
	issue another command with it, if any.

2026-02-12  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Fix the regression in pkdecrypt with TPM RSA.
	+ commit 6eed3959303c81c9699fe9273030e480732f72be
	* agent/divert-tpm2.c (divert_tpm2_pkdecrypt): Care about additional
	0x00.

2026-02-11  Werner Koch  <wk@gnupg.org>

	dirmngr: Let KS_SEARCH print all uid records for a key.
	+ commit 2dde9ddf56feb79f9f61225c07abf6e4ef7041e6
	* dirmngr/ks-engine-ldap.c (ks_ldap_search): Use a loop to print all
	  user-ids.

2026-02-10  Werner Koch  <wk@gnupg.org>

	gpgscm: New operator "*long-time-t?" to detect proper time_t systems.
	+ commit 86baca6e62b3323d516056bf6cfbf9014cf3a8ec
	* tests/gpgscm/opdefines.h (OP_LONG_TIME_T): New.
	* tests/gpgscm/scheme.c (Eval_Cycle): Implement it.

	* tests/openpgp/quick-key-manipulation.scm (last-pgp-date): new.
	(last-pgp-date-5min): New.
	(last-pgp-seconds): New.
	(last-pgp-seconds-5min): New.
	("Checking that we can add subkeys..."): Use the new functions instead
	of the year 20238 constants.

2026-02-02  Werner Koch  <wk@gnupg.org>

	gpgconf: Show /proc/self/exe with -V and -X.
	+ commit c86374ea7756984b3673a4c34cb12a808411e5a4
	* common/homedir.c (w32_rootdir): Factor some code out to ...
	(w32_myproc_self): here.
	(unix_rootdir): Factor some code out to ...
	(unix_myproc_self): here.
	(gnupg_myproc_self): New.
	* tools/gpgconf.c (show_version_gnupg): Use new function.

2026-01-30  Mario Haustein  <mario.haustein@hrz.tu-chemnitz.de>

	scd:p15: Add support for D-Trust Card 6.1/6.4.
	+ commit 987c6a398a9505399b2c25a775d4b625753bc962
	* scd/app-p15.c (CARD_TYPE_STARCOS_37): New.
	(CARD_PRODUCT_DTRUST6): New.
	(read_p15_info): Add workaround for wrongly encoded PIN reference in
	EF.AOD
	(prepare_verify_pin): Use select_df_by_path to select application, as
	the card operating system doesn't support path-based selections.
	(do_sign): Support for key reference IDs longer than one byte.

	scd: allow to query FCP when selecting an application.
	+ commit eb4a805de46f2f877861e543e3f563f9b810bb78
	* scd/iso7816.c (iso7816_select_application_ext): Add flag die query FCP
	* scd/iso7816.h: define new response type flags
	* scd/app.c: apply new flags
	* scd/app-piv.c: ditto
	* scd/app-p15.c: query FCI during application selection and fallback to
	  FCP if file ID tag 0x83 is not found.

2026-01-28  philip  <philip.le@gnupg.com>

	tests: Add test for parsing too large signature packets.
	+ commit 0437dfc94b2386aa9b49fca60a02bc7226f53c0f
	* tests/openpgp/issue8049.scm: new

2026-01-27  Werner Koch  <wk@gnupg.org>

	Release 2.5.17.
	+ commit 17b514596f6000ebbffe5ec1101b6818b9c83cfe


2026-01-26  Werner Koch  <wk@gnupg.org>
	    NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Fix possible NULL-deref with overlong signature packets.
	+ commit 11b7e4139e82fcd0cee72f38964444a17c812547
	* g10/parse-packet.c (parse_signature): Retrun an error for overlong
	subpacket area

	tpm: Fix possible buffer overflow in PKDECRYPT.
	+ commit 93fa34d9a346020355cd51d54102d30d4f177323
	* tpm2d/tpm2.c (tpm2_ecc_decrypt): Bail out on too long CIPHERTEXT.
	(tpm2_rsa_decrypt): Ditto.

2026-01-25  Werner Koch  <wk@gnupg.org>

	agent: Add accelerator keys for "Wrong" and "Correct".
	+ commit eba28eeaa1b1f7d08b7bacadba6381a3a06a4715
	* agent/trustlist.c (agent_marktrusted): Use hack for new accel keys.

2026-01-20  Werner Koch  <wk@gnupg.org>

	agent: Fix stack buffer overflow when using gpgsm and KEM.
	+ commit 2438271ab601f6e3d436db11825f2b2df9498e2c
	* agent/pkdecrypt.c (ecc_kem_decrypt): Check sessionkey_len before
	calling gcry_cipher_decrypt.  Always close decryption handle.

2026-01-12  Werner Koch  <wk@gnupg.org>

	gpgsm: Make multiple search patterns work with keyboxd.
	+ commit c7770b0a7068b3f75234db092c0352ca4fe9a770
	* sm/keydb.c (keydb_search): Loop over all descriptions.

	gpg: Remove a dead statement.
	+ commit 71570012ed515f67c5fa65b5808451ea74f63eeb
	* g10/call-keyboxd.c (keydb_search): Remove useless while statement.

2026-01-09  Werner Koch  <wk@gnupg.org>

	gpg: New export-option "keep-expired-subkeys"
	+ commit 0bcd9be9a068f7ef3b1fd8bc1cc9dc574dd2b07f
	* g10/export.c (parse_export_options): Add "keep-expired-subkeys".
	(do_export_stream): With this option only use KEY_CLEAN_INVALID is
	used.

	doc: Improve the "Programmatic use of GnuPG" section.
	+ commit 0e37a6779e566ccd13ea23b73c5ac9617b288621
	* doc/gpg.texi (Programmatic use of GnuPG): Mention --status-fd.

2026-01-05  Werner Koch  <wk@gnupg.org>

	doc: Rename an internal function to clarity the purpose.
	+ commit 5f4ad39b16a43c522dfed8a72891128b60b9b313
	* common/w32-cmdline.c (count_backslashes): Rename to ...
	(count_leading_backslashes): This.

	dirmngr: Help detection of bad keyserver configurations.
	+ commit 8d4fc76677cccc29f67c31c4f06f692261156fe3
	* dirmngr/server.c (count_colons): New.
	(cmd_keyserver): Print a warning status in some cases.

2025-12-30  Werner Koch  <wk@gnupg.org>

	Release 2.5.16.
	+ commit 7d38a23b8fb165792b4515794fa75d7196266e31


2025-12-29  Werner Koch  <wk@gnupg.org>

	Revert "misc: Validate the value on the use of strtol."
	+ commit a9da315fb8d1cb074f97a358c22b72696edc39f6
	* g10/misc.c: No checking for end-of-string after strtol because the
	function is also used for strings with several values.

	Release 2.5.15.
	+ commit 7ee523ac29032292aed46612d80d847234c1afae


	gpg: Deprecate the option --not-dash-escaped.
	+ commit 947ea3c411f0c14ba002612bb4ab500fba105570
	* g10/options.h (COMPAT_ALLOW_NOT_DASH_ESCAPED): new.
	* g10/gpg.c (compatibility_flags): Add "allow-not-dash-escaped".
	(main): Print a deprecation warning.
	* g10/armor.c (parse_header_line): Ignore the NotDashEscaped header.

	* tests/openpgp/clearsig.scm (vectors): Remove test case.

	gpg: Fix for a recently claimed harmless keyboxd change.
	+ commit abe9bddaa72bac34b4ad01367ecf2589d63153af
	* g10/call-keyboxd.c (search_status_cb): Bump up last_pk_no to fix for
	the discrepancy between keyboxd API and out internal use.

2025-12-23  Werner Koch  <wk@gnupg.org>

	keyboxd: Fix database schema migration.
	+ commit 81bb949755ce1344206bb8750185b573bc22bbf4
	* kbx/backend-sqlite.c (migrate_from_v1_to_v2): Explicitly name the
	columns of the new table.

	gpg: Implement skip function for keyboxd to fix a validation bug.
	+ commit 6c1d13ac66d74f3fbe7993811d0ba9d02ff99733
	* kbx/keybox-openpgp.c (_keybox_parse_openpgp): Add flag only_primary.
	Change all callers.
	(kbx_get_first_opgp_keyid): New.
	* kbx/keybox-search-desc.h: Add prototype for this function.
	* g10/call-keyboxd.c (keydb_search): Implement the skip function.

	keybox: Fix the not yet used uid and pk keyblock index return values.
	+ commit 01eaa386ec06df399954694dcf6fc086be399185
	* kbx/backend-sqlite.c (be_sqlite_search): Return pk_no and uid_no
	without an offset of 1.

2025-12-23  Temuri Doghonadze  <temuri.doghonadze@gmail.com>

	po: Update Georgian Translation.
	+ commit c7472b1b9d2f739446efb9c5c72cfb8c495ebbbf


2025-12-10  Werner Koch  <wk@gnupg.org>

	Avoid the function name thread_init.
	+ commit 4350fc192251f668c0ee9a88a8bad574e4fc6ac9
	* agent/gpg-agent.c (thread_init_once): Rename to ...
	(agent_thread_init_once): this.
	* kbx/keyboxd.c (thread_init_once): Rename to ...
	(keyboxd_thread_init_once): this.
	* dirmngr/dirmngr.c (thread_init): Rename to ...
	(dirmngr_thread_init): this.

2025-11-28  Werner Koch  <wk@gnupg.org>

	dirmngr: Add a compatibility flag for use with newer Libksba versions.
	+ commit 674aa54242d121354b5edd066d6753194446cbd7
	* dirmngr/dirmngr.h (COMPAT_OCSP_SHA256_CERTID): New.
	* dirmngr/dirmngr.c (compatibility_flags): Add compat flag.
	(my_ksba_hash_buffer): Support SHA256.
	* dirmngr/ocsp.c (do_ocsp_request): Make use of the flag.

2025-11-25  NIIBE Yutaka  <gniibe@fsij.org>

	common:dotlock: Escalate a warning message up to INFO from DEBUG.
	+ commit 32a3e5f83bbb8c6f21fcc11d28330e136fbe1785
	* common/dotlock.c (dotlock_take): Use my_info_1 when already locked.
	(dotlock_release): Likewise.

	kbx:sqlite: Don't call dotlock_release.
	+ commit aab29b1286936fbddacdc8fffe2f0399fee668d7
	* kbx/backend-sqlite.c (create_or_open_database): Remove call to
	dotlock_release, as dotlock_destroy cares the lock if any.

	common:dotlock: Comment fixes.
	+ commit d4e40e2a8adc7b6278fb7d0923faf88b316f4dc2
	* common/dotlock.h: dotlock_tool is now in gpgconf.
	* common/dotlock.c: Likewise.

	common:dotlock:w32: Minor fixes for Windows.
	+ commit 68dcfec91b9007884e1c46920647007618d402c8
	* common/dotlock.c (any8bitchar): Define under HAVE_DOSISH_SYSTEM.
	(dotlock_create_w32): Add missing call of UNLOCK_all_lockfiles,
	even though it's currently not implemented yet.
	(dotlock_take_w32): Use my_set_errno, like other places.

	commond:dotlock: Remove support of use with glib.
	+ commit e4f20ba10a6a56a7145ed8213d547fd9e85575fe
	* common/dotlock.c [DOTLOCK_GLIB_LOGGING]: Remove.

2025-11-20  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Use SHADOW_INFO to silence warnings.
	+ commit 216a695ced8304d560d587345077a8d0bcfbc5f5
	* agent/agent.h [!HAVE_LIBTSS] (agent_tpm2d_ecc_kem): Add SHADOW_INFO.

	common,agent,dirmngr,kbx:w32: Synchronous spawning daemon process.
	+ commit 57affc4e98ab80d89f636a50bb165f90d233083c
	* common/asshelp.c [HAVE_W32_SYSTEM] (start_new_service): Catch the
	error output when starting daemon and wait until it's ready.
	(w32_ack_to_frontend): New.
	* common/asshelp.h (w32_ack_to_frontend): New.
	* agent/gpg-agent.c [HAVE_W32_SYSTEM] (main): Add w32_ack_to_frontend.
	* dirmngr/dirmngr.c [HAVE_W32_SYSTEM] (main): Ditto.
	* kbx/keyboxd.c [HAVE_W32_SYSTEM] (main): Ditto.

	agent,common,dirmngr,tests: Silence warnings of a compiler.
	+ commit cad79e542d8506942d5b20f544d465cbaf64fd75
	* agent/command.c (cmd_keytocard): Initialize N.
	* common/ksba-io-support.c (bintoasc): Use GPGRT_ATTR_NONSTRING.
	* dirmngr/dns.c (dns_aaaa_arpa): Use GPGRT_ATTR_NONSTRING.
	(dns_sshfp_cmp0): Ditto.
	* tests/gpgscm/scheme.c (scheme_define): Initialize SSLOT.

	misc: Validate the value on the use of strtol.
	+ commit bcd87ea2b2da3ed9fe41341959d9c886029606a9
	* g10/misc.c (string_to_cipher_algo): Use "long"-type variable to
	catch the result of strtol and validate the value.
	(string_to_aead_algo, string_to_digest_algo): Likewise.

2025-11-19  Werner Koch  <wk@gnupg.org>

	Release 2.5.14.
	+ commit 4d993c37d9b0b9262f859c23fea2e8da561f4639


	agent: Minor cleanup of a recent change.
	+ commit 6abe59a7c8db4d2cef85e8630adec8ee2d541324
	* agent/protect.c (protect_info): Remove duplicate line.

	kbx: A minor update of the fingerprint table.
	+ commit 46f4cb66125ee34e87e592cc02d38daead3427af
	* kbx/backend-sqlite.c (table_definitions) <fingerprint>: Add columnt
	'flags'.

2025-11-18  Werner Koch  <wk@gnupg.org>

	gpg: New import option "force-update"
	+ commit f6237ccd313a42c7f3271e0f93c39d43fe16e9f3
	* g10/options.h (IMPORT_FORCE_UPDATE): New.
	* g10/import.c (parse_import_options): Add "force_update".
	(import_one_real): Use force_update.

	kbx: Fix schema of the fingerprint table.
	+ commit 0cc7759ed5a3890b4e28563a6b5e97f3aa551530
	* kbx/backend-sqlite.c (DATABASE_VERSION): Set to 2.
	(DATABASE_VERSION_MAX): New.
	(table_definitions): Rename field special to name and adjust users.
	  <table fingerprint>: Drop the PRIMARY KEY from the fpr column.
	(migrate_from_v1_to_v2): New.
	(create_or_open_database): Detect a bad database version and try to
	migrate it.

	common: New function replace_substr.
	+ commit be9b1404e66157ac00bf3ae488ad2af1becffe25
	* common/stringhelp.c (replace_substr): New.
	* common/t-stringhelp.c (test_replace_substr): New test.

	gpg: Include ADSK keys in a key listing with fingerprints.
	+ commit 5bcf5f57b8632edb7212f0d58d4b752d7627afeb
	* g10/keydb.h (GET_PUBKEYBLOCK_FLAG_ADSK): Remove.
	(GETKEY_ALLOW_ADSK): New.
	* g10/getkey.c (get_pubkeyblock_ext): Use the new flag instead.
	Change the caller using the old flag.
	(key_byname): Support the GETKEY_ALLOW_ADSK flag.
	(getkey_bynames): Change to use aan arg flags instead of want_secret.
	This allows to pass more flag values.  Adjust callers.
	* g10/keylist.c (list_one): Pass GETKEY_ALLOW_ADSK.

	gpg: Cleanup of the local function key_byname.
	+ commit 4f19587b16b0bdd9e9c48e488f150d77e3c3ee52
	* g10/keydb.h (GETKEY_WANT_SECRET): New.
	(GETKEY_WITH_UNUSABLE): New.
	* g10/getkey.c (key_byname): Repalce args want_secret and
	include_unusable by an arg flags.  Change the fucntion and all direc
	callers to use these flags.

2025-11-17  Werner Koch  <wk@gnupg.org>

	gpg: Fix export in mode1003 when cache nonce is used.
	+ commit c254d4fbc6ac444cd089daedeb01392d4d78c4c7
	* g10/call-agent.c (agent_export_key): Add missing space.

	gpg: Support passphrase change for composite keys.
	+ commit 120142c3be532ee8827ac4a33fc4e77bdc225090
	* g10/keyedit.c (change_passphrase): Support composite keys.

2025-11-16  Ingo Klöcker  <dev@ingo-kloecker.de>

	gpgsm: Fix output of card serial number in colon listing.
	+ commit 0947a20c28cf5d5a867e2629415bf47fbcad771f
	* sm/call-agent.c (keyinfo_status_cb): Set S back.

2025-11-16  Werner Koch  <wk@gnupg.org>

	gpg: Allow the import of Kyber secret keys.
	+ commit 47bab26daf035ffdce97e4957bdb6ad12dbea506
	* g10/import.c (transfer_secret_keys): Handle mode 1003.
	* g10/call-agent.c (agent_import_key): Add arg mode1003.
	* common/sexputil.c (make_canon_sexp): Create in secmem when the input
	was in secmem.
	* agent/findkey.c (agent_write_private_key): Add arg 'linkattr' and
	change all callers.
	* agent/command.c (cmd_import_key): Add option '--mode1003'.
	Reorganize code and implement support for composite keys.

2025-11-15  Werner Koch  <wk@gnupg.org>

	gpg: Change the mode1003 format for composite keys.
	+ commit 5d855f76c8af280f0a2b01d64283a9efa0f5d795
	* g10/export.c (secret_key_to_mode1003): Put both parts into one
	container.
	* g10/parse-packet.c (parse_key): Revert to old version.

	gpg: Refactor an import function for better readability.
	+ commit c564a297abd3ad306114a8438de730cbb710d36d
	* g10/import.c (transfer_secret_keys): Factor some code out to ...
	(build_classic_transfer_sexp): new and ..
	(internal_skey_object_to_sexp): new.

2025-11-14  Werner Koch  <wk@gnupg.org>

	gpg: Allow the export of Kyber secret keys.
	+ commit e5473262e88473a101241e7b4860882ebeb1ed97
	* g10/export.c (match_curve_skey_pk): Allow the ECC part of a Kyber
	key.
	(secret_key_to_mode1003): Add arg is_part2.  Add code to allow a
	second call to merge the Kyber part to the secret key s-exp.
	(receive_seckey_from_agent): Add arg is_part2 and forward it.
	(do_export_one_keyblock): Detect a dual key and handle it accordingly.
	* g10/parse-packet.c (parse_key): In the secret key list code also
	print the second s-expr of a dual key.

	agent: Support protection for Kyber keys.
	+ commit aea62817f30030da19fd0aee3a9f65b5c8347b64
	* agent/protect.c (protect_info): Support the Kyber variants.

2025-11-14  NIIBE Yutaka  <gniibe@fsij.org>

	build: Silence automake about escaping #.
	+ commit d1cde3e36463a048364c9cf799684c8f771775c7
	* tests/cms/Makefile.am (CLEANFILE): Use printf to generate 043 char.
	* tests/openpgp/Makefile.am (CLEANFILES): Ditto.
	* tests/pkits/Makefile.am (CLEANFILES): Ditto.

	common: Fix the test of t-stringhelp.
	+ commit 8a95e963d53a7ae1d74926d8d267ddd70dc1fb7c
	* common/t-stringhelp.c (stresc): Don't put newline when escaped.

2025-11-12  Werner Koch  <wk@gnupg.org>

	scd:nks: Make newer TCOS signature cards work.
	+ commit 17596e830f08e601f2ea5142343996d48dd2930b
	* scd/app-nks.c: Make appversion 232 an alias for 15.

2025-11-11  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Fix armored input parsing.
	+ commit 62b8bf2f390533d23e24d27552fecf562752d358
	* g10/armor.c (radix64_read): Fix counting of characters in the
	trailer.

	dirmngr: Fix OCSP check.
	+ commit 9ef87bcdb03490085e2fd16c0e8ee60de7514f28
	* dirmngr/ocsp.c (ocsp_isvalid): Fix the condition, it's wrong
	to require *TMP_TIME is zero.

2025-11-07  Werner Koch  <wk@gnupg.org>

	gpg: Improve --list-packets for algorithm 8.
	+ commit ff916a05c434835cb615b9b889793e6af1a977a5
	* g10/parse-packet.c (parse_key): Tweak list mode and implement
	printing of "kyNNN_foo instead of just the second algos curve.

2025-11-06  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Fix wiping memory in PKDECRYPT command.
	+ commit 12c0b94fcb5fe276ff1b94029828feeac78d73f0
	* agent/pkdecrypt.c (ecc_kem_decrypt): Don't touch the memory when KEK
	is NULL.

2025-11-05  Werner Koch  <wk@gnupg.org>

	gpg: Escape chars with high bit set in NOTATION status lines.
	+ commit 0c3764516228aad4b9c08d62cf4787bcc10147e2
	* g10/cpr.c (write_status_text_and_buffer): Add special handling for
	two status codes.

2025-11-04  Werner Koch  <wk@gnupg.org>

	agent: Accept a trustlist with a missing LF at the end.
	+ commit 1b4ac98de7db6f6828b1b255ad3d4e5e7373666e
	* agent/trustlist.c (read_one_trustfile): Clear error if the last line
	has no LF.

2025-11-04  NIIBE Yutaka  <gniibe@fsij.org>

	agent:ssh: Fix RSA signature handling for newer spec.
	+ commit c7e0ec12609b401ea81c4851522d86eb5ec27170
	* agent/command-ssh.c (SPEC_FLAG_WITH_FIXEDLENGTH): New.
	(struct ssh_key_type_spec): Add keysize field.
	(ssh_signature_encoder_rsa): Support the fixed length signature for
	RSA in RFC-8332.
	(ssh_handler_sign_request): Enable SPEC_FLAG_WITH_FIXEDLENGTH for
	rsa-sha2-256 and rsa-sha2-512.  Set up keysize field for those.

2025-11-03  Werner Koch  <wk@gnupg.org>

	gpg: Print new "pfc" record in --with-colons key listings.
	+ commit 8b44256a55496d598f5b903377ccc0100bc87812
	* g10/keylist.c (show_preferences): Add new mode 2 to print pfc
	records.
	(list_keyblock_colon): Call it with mode 2.

2025-10-27  Werner Koch  <wk@gnupg.org>

	gpg: Do not use a default when asking for another output filename.
	+ commit ad0c6c33c3d6fe7ff7cc8c2e73d02ead5788e5b3
	* g10/options.h (COMPAT_SUGGEST_EMBEDDED_NAME): New.
	* g10/gpg.c (compatibility_flags): New flags "suggest-embedded-name".
	* g10/openfile.c (ask_outfile_name): Do not show a default unless the
	compatibiliy flag is used.

2025-10-24  Werner Koch  <wk@gnupg.org>

	gpg: Improve/relax the checking of preference options.
	+ commit 6570700fddcb92ce08024a651dd6989025fe9e20
	* g10/keygen.c (keygen_set_std_prefs): Add S2 only if available.  Do
	not return an error if one algorithm could be added.

2025-10-23  Werner Koch  <wk@gnupg.org>

	gpg: Fix possible memory corruption in the armor parser.
	+ commit 115d138ba599328005c5321c0ef9f00355838ca9
	* g10/armor.c (armor_filter): Fix faulty double increment.

	* common/iobuf.c (underflow_target): Assert that the filter
	implementations behave well.

2025-10-22  Werner Koch  <wk@gnupg.org>

	Release 2.5.13.
	+ commit b39a0298112de853cc7c0833ed1c366330a225ef


	gpg: Error out on unverified output for non-detached signatures.
	+ commit 8abc320f2a75d6c7339323a3cff8a8489199f49f
	* g10/mainproc.c (do_proc_packets): Never reset the any.data flag.

	gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures.
	+ commit db9705ef594d5a2baf0e95e13cf6170b621dfc51
	* g10/sig-check.c (check_signature_over_key_or_uid): Always initialize
	IS_SELFSIG because it is later used to detect SHA1 non-selfsignatures.

2025-10-22  NIIBE Yutaka  <gniibe@fsij.org>

	gpg,gpgsm: Serialize write access to keybox/keyring to protect.
	+ commit 2d9e1295a1f4a6929efeccfb1d8492eee4ff588b
	* g10/keydb.c (internal_keydb_update_keyblock): Caller should lock the
	resource by keydb_lock, before use of this routine.
	(internal_keydb_insert_keyblock): Likewise.
	(internal_keydb_delete_keyblock): Likewise.
	* g10/delkey.c (do_delete_key): Serialize the access to the resource.
	* g10/import.c (import_revoke_cert): Likewise.
	* g10/keyedit.c (quick_find_keyblock): Likewise.
	* g10/keygen.c (quick_find_keyblock): Likewise.
	* sm/delete.c (delete_one): Lock earlier to protect the resource
	correctly.
	* sm/keydb.c (do_set_flags): Rename from keydb_set_flags.
	(keydb_set_cert_flags): Follow the change.
	(keydb_update_cert): Require locked by caller.
	* sm/keydb.h (keydb_set_flags): Remove.

	gpgsm: Fix delete and store certificate locking glitches.
	+ commit 3db6f9f080bc056b5e8af464eb7a5cc727ae9217
	* sm/keydb.c (do_insert_cert): Rename from keydb_insert_cert.
	Don't call unlock_all.
	(keydb_delete): Don't call unlock_all.
	(keydb_store_cert): Use keydb_lock, instead of internal lock_all
	directly.  Follow the name change of do_insert_cert.

	kbx,gpg,gpgsm: Add FP-close method for keydb to close before unlock.
	+ commit 4a2dda2002c42fa541dacd142093c89476df606d
	* kbx/keybox.h (keybox_fp_close): New.
	* kbx/keybox-init.c (keybox_fp_close): New.
	(keybox_release): Don't close FP here.
	* kbx/keybox-update.c (keybox_compress_when_no_other_users): Use
	keybox_fp_close.
	* kbx/backend-kbx.c (be_kbx_release_kbx_hd): Follow the change.
	* g10/keyring.h (keyring_fp_close): New.
	* g10/keyring.c (keyring_fp_close): New.
	(keyring_release): Don't close IOBUF here.
	(keyring_rebuild_cache): Use keyring_fp_close.
	* g10/keydb.c (do_fp_close): New.
	(unlock_all): Close FP before unlocking.
	* sm/keydb.c  (do_fp_close): New.
	(unlock_all): Close FP before unlocking.

	gpg,gpgsm: No more internal-lock when KEEP_LOCK is enabled.
	+ commit ef42a1e218ce5ba26723e5af0ba16fe0ce7d4b00
	* g10/keydb.c (lock_all): Success when KEEP_LOCK already.
	* sm/keydb.c (lock_all): Ditto.

	kbx,gpg,gpgsm: Introduce keybox_compress_when_no_other_users.
	+ commit a0beed35d6c6be02414bb28fc7fa00758b8f5789
	* kbx/keybox.h (keybox_compress_when_no_other_users): Rename from
	keybox_compress, changing the arguments and the return type.
	* kbx/keybox-update.c (keybox_compress_when_no_other_users): Open the
	HD internally and make sure all resources are closed before unlocking.
	* g10/keydb.c (keydb_add_resource): Simply call
	keybox_compress_when_no_other_users which handles locking internally.
	* sm/keydb.c (keydb_add_resource): Likewise.

2025-10-21  Werner Koch  <wk@gnupg.org>

	dirmngr: New LDAP keyserver flag "upload"
	+ commit 31de5d0d8cd59195bfb57f9ff3b490cd5e30b3ce
	* dirmngr/dirmngr.h (struct ldap_server_s): Add flag "upload".
	* dirmngr/ldapserver.c (ldapserver_parse_one): Parse and set new flag.
	* dirmngr/ks-action.c: Include ldapserver.h
	(ks_action_get): Skip servers with the upload flag set.
	(ks_action_put): Use the first server with the upload flag set if any
	such flag is used.

	w32: When deleting a private key retry up to 400ms.
	+ commit 2b54dd035a32c78e9a5eca56add576a0c33a0532
	* agent/findkey.c (remove_key_file): Wait if needed

2025-10-21  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Minor clean up for keydb_lock API.
	+ commit 4050139d46fba2b50d95cd404ceb39c72efd1bb2
	* g10/keydb-private.h (internal_keydb_lock): Remove.
	* g10/keydb.c (internal_keydb_lock): It's internal function.
	* g10/call-keyboxd.c (keydb_lock): Move to...
	* g10/keydb.c (keydb_lock): ... here.

2025-10-21  Werner Koch  <wk@gnupg.org>

	common,w32: Always use share mode readwrite for the keybox.
	+ commit 9fd630fb23b741bc41c4d3d9e09198da1b4c6470
	* common/iobuf.c (direct_open) [W32]: Always use a share mode read or
	write.
	* kbx/keybox-init.c (_keybox_ll_open): Ditto.  This requires the
	latest gpgrt to work.

2025-10-21  NIIBE Yutaka  <gniibe@fsij.org>

	w32:common: Take care of possible race on startup under Windows.
	+ commit ae431b04370fe3ac3690921548d340b991eea49a
	* common/asshelp.c (start_new_service) [HAVE_W32_SYSTEM]: Remove the
	socket before starting the daemon.

2025-10-21  Werner Koch  <wk@gnupg.org>

	common: New function gnupg_remove_ext.
	+ commit 8a5d2674c3be7a6dfe7f35495af4df9e8be20d13
	* common/sysutils.c (gnupg_rename_file): Factor out the wait function
	to ...
	(w32_wait_when_sharing_violation): New.
	(w32_remove): New.
	(gnupg_remove_ext): New.
	(gnupg_remove): Now a wrapper arounf gnupg_remove_ext.
	(gnupg_rename_file) [W32]: Use 32_remove with indefinite wait for
	sharing violation.

2025-10-21  NIIBE Yutaka  <gniibe@fsij.org>

	build,common,g13,sm,tools: Require GpgRT 1.56.
	+ commit 39cc15029017ba5fd6d04f710e5a3125ed3b30a8
	* configure.ac (NEED_GPGRT_VERSION): Require 1.56.
	* g13/g13.c (main): Remove support of old gpgrt.
	* sm/gpgsm.c (main): Likewise.
	* tools/gpg-wks-client.c (wrong_args, main): Likewise.
	* tools/gpgconf.c (my_read_reg_string): Likewise.
	* common/util.h (GPG_ERR_UNEXPECTED_PACKET): Likewise.
	* common/mapstrings.c (map_static_macro_string): Likewise.

	common,dirmngr:w32: Fix for semi-hosted environment.
	+ commit 61ff3759e827fed5ea47897af1291443aeb5172e
	* common/init.c [HAVE_W32_SYSTEM] (windows_semihosted_by_wine): New.
	(_init_common_subsystems): Initialize the variable.
	* common/stringhelp.c (change_slashes): Don't change slashes
	under semi-hosted environment.
	* common/util.h [HAVE_W32_SYSTEM] (windows_semihosted_by_wine): New.
	* dirmngr/dns-stuff.c [HAVE_W32_SYSTEM] (check_inet_support): Disable
	the check by "..localmachine" under semi-hosted environment.

2025-10-17  NIIBE Yutaka  <gniibe@fsij.org>

	tests:w32: Fix the add-recipeint test for Windows.
	+ commit 89f6537840310c06cacfb1e82b1d9382af830afd
	* tests/openpgp/add-recipient.scm (add-recipient): Use temporary file
	REFERENCE, instead of hard-coded "reference".
	(change-recipient): Likewise.

2025-10-08  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Take care about the prefix for Curve25519 encryption.
	+ commit 973122f54aa37f05d0c76427d29f8be83071afd0
	* g10/pkglue.c (do_encrypt_ecdh): Prepend the prefix when needed.

	agent: Rename the internal function for ECC KEM.
	+ commit 9c61a8cca6b426a26f59b730f0e8d5ce1ffc79d4
	* agent/pkdecrypt.c (ecc_kem_decap): Rename from ecc_pgp_kem_decap,
	since it also handles the CMS case.
	(composite_pgp_kem_decrypt, ecc_kem_decrypt): Follow the change.

	gpgsm: Encrypt with ECC by KEM API.
	+ commit d640e9c95afb21b26ac3207aeaa9717b025a390d
	* sm/encrypt.c (ecdh_encrypt): Use gcry_kem_encap of KEM API to get
	the ephemeral key and the shared secret.

2025-10-07  NIIBE Yutaka  <gniibe@fsij.org>

	gpgsm: Rewrite ecdh_derive_kek with gnupg_ecc_kem_kdf.
	+ commit 5b61280e37afab4f9843d065814d8ac071e1d09e
	* sm/decrypt.c (hash_ecc_cms_shared_info): Remove.
	(ecdh_derive_kek): Simply use build_shared_info and gnupg_ecc_kem_kdf.

	gpgsm: Use KEM API for decryption.
	+ commit 035d0dd4adf345f3e9645545814944bc6041fdef
	* sm/call-agent.c (gpgsm_agent_pkdecrypt): Add USE_KEM argument.
	* sm/decrypt.c (ecdh_decrypt): Remove.
	(determine_wrap_cipher, determine_hashalgo): New.
	(build_shared_info, ecc_kem_pkdecrypt): New.
	(prepare_decryption): Remove NBITS argument.
	Call ecc_kem_pkdecrypt, when it's ECC.
	(gpgsm_decrypt): Follow the removal of NBITS argument.
	* sm/gpgsm.h (gpgsm_agent_pkdecrypt): Add USE_KEM argument.

	gpgsm: Rearrange the cases for decryption.
	+ commit 2a221b83545d84801c25978ab1ed1590731a89e5
	* sm/decrypt.c (prepare_decryption): Sort out different cases.

	agent,common,gpg: Clean up for S/MIME decryption with KEM API.
	+ commit 06f993dc0eceee0f6ec99b9417d4368eee203e6d
	* agent/agent.h (agent_kem_decrypt): Remove OPTION argument.
	* agent/command.c (cmd_pkdecrypt): No option is needed.
	* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use
	gnupg_ecc_kem_simple_kdf.
	(ecc_kem_decrypt): Support the S/MIME case too.  Follow the change of
	gnupg_ecc_kem_kdf.
	(agent_kem_decrypt): Remove OPTION argument.  Also support the S/MIME
	case.
	* common/kem.c (gnupg_ecc_kem_kdf): Support the S/MIME case too.
	Don't support simple ECC part for combined KEM.
	(gnupg_ecc_kem_simple_kdf): New.
	* common/util.h (gnupg_ecc_kem_kdf): Support the S/MIME case too.
	(gnupg_ecc_kem_simple_kdf): New.
	* g10/pkglue.c (do_encrypt_kem): Use gnupg_ecc_kem_simple_kdf.
	Use gnupg_ecc_kem_kdf with IS_GPG=1.

2025-10-02  Werner Koch  <wk@gnupg.org>

	dirmngr: Fix wrong diagnostic "failed to create alarm thread".
	+ commit 3076fe512b3881e3aeba30597e5aa6208e7c51c5
	* dirmngr/dirmngr_ldap.c (set_timeout): Fix bogus error diagnostic.

	scd: Fix an oddity in changing the PIN.
	+ commit f3b70a9352ae16a1ba2b12a7ee216f63ade1ead4
	* scd/app-openpgp.c (do_change_pin): Verify the PIN before sending the
	Change_Reference_Data APDU.

2025-09-26  Werner Koch  <wk@gnupg.org>

	gpg: Revamp structure of PKT_symkey_enc.
	+ commit a966c2ce90802f2fa953b04e69fdc529d61b6f53
	* g10/packet.h (PKT_symkey_enc): Allocate the session key so that we
	have a fixed length for this struct.
	* g10/free-packet.c (free_symkey_enc): Adjust for this change
	* g10/parse-packet.c (parse_symkeyenc): Ditto.
	* g10/encrypt.c (encrypt_simple, write_symkey_enc): Ditto.

	gpg: Rename a struct and some variables for clarity.
	+ commit 344353fbdd80779865170beda44eccb06bcdbd81
	* g10/packet.h (struct pubkey_enc_list): Rename to ...
	(struct seskey_enc_list): ... this and change all users.  Also change
	all names pkenc_list to sesenc_list.

	gpg: Detect duplicate keys with --add-recipients.
	+ commit 600df5259db0b7be25a2e2b06c0c2d13265eceea
	* g10/packet.h (struct pubkey_enc_list): Change to use a union to also
	store symkey_enc data.  Adjust all users accordingly.
	(struct pubkey_enc_info_item): New.
	* g10/free-packet.c (free_pubkey_enc_list): New.
	* g10/mainproc.c (release_list): Use it here.
	* g10/decrypt.c (decrypt_message): and here.

	* g10/encrypt.c (reencrypt_to_new_recipients): Record the used
	pubkey_enc packets and pass them to write_pubkey_enc_from_list.
	(write_pubkey_enc_from_list): Add arg restrict_pk_list and use it to
	skip recipients already used.

2025-09-25  NIIBE Yutaka  <gniibe@fsij.org>

	w32: Fix gnupg_isatty.
	+ commit a4bd829aa6755c1acd32d67d8336023e4e705675
	* common/homedir.c [HAVE_W32_SYSTEM] (gnupg_isatty): New.
	* common/util.h (gnupg_isatty): Make it available on Windows.

	Fix the previous commit.
	+ commit 7846a8f29ce2d48a571591dc178a8aa4107cb122
	* configure.ac: Fix quotation error.

	Fixes for -a and -o for test(1).
	+ commit 7b479ee9faca2215d58d34437ff8b0b7815549bf
	* build-aux/potomo: Avoid using -a and -o for test(1).
	* configure.ac: Likewise.
	* tests/pkits/common.sh: Likewise.
	* tests/tpm2dtests/Makefile.am: Likewise.
	* tools/applygnupgdefaults: Likewise.
	* tools/gpg-authcode-sign.sh: Likewise.
	* tools/mail-signed-keys: Likewise.

2025-09-24  Werner Koch  <wk@gnupg.org>

	dirmngr: Fix assertion failure due to wrong buffer length computation.
	+ commit 7101a06cb9149a080664da4f9d8a791a57a5b83e
	* dirmngr/ks-engine-ldap.c (ks_ldap_put): Chnage to use a string than
	a memory buffer for INFO.

2025-09-23  Joshua Frommholz  <joshua.frommholz1@gmail.com>

	tests: Add checks for change-recipients.
	+ commit 60f5b901178b476447d8a2ece0945bd3696e5ec3
	* tests/openpgp/add-recipient.scm: Added checks for change-recipients

2025-09-16  Joshua Frommholz  <joshua.frommholz1@gmail.com>

	tests: Add first test for --add-recipients.
	+ commit fde7315e33e797443f8bdb2b5d103a952cceb5fc
	* tests/opengpg/add-recipient.scm: New
	* tests/openpgp/Makefile.am (XTESTS): Add new test
	* tests/gpgscm/tests.scm (tr:unlink): New

2025-09-03  Werner Koch  <wk@gnupg.org>

	gpg: Fix de-vs compliance with OCB and additional password.
	+ commit 6771ed4c13226ea8f410d022fa83888930070f70
	* g10/mainproc.c (struct symlist_item): Change flag cfb_mode to a
	general cipher_mode variable.
	(proc_symkey_enc): Set this variable to the used mode.
	(proc_encrypted): Check the symmetric encrypted session keys now also
	with support for OCB.

	gpg: Make OCB mode compliant in de-vs mode.
	+ commit a73c88817ce2dc05d4eefc2a8f31b89504523a9a
	* common/compliance.c (gnupg_cipher_is_compliant): Support OCB for
	gpg.
	(gnupg_cipher_is_allowed): Ditto.
	* g10/mainproc.c (proc_encrypted): Determine cipher mode and pass it
	for the is_compliant test.

2025-09-02  Werner Koch  <wk@gnupg.org>

	Release 2.5.12.
	+ commit 88cd7c10a975d0fca6d0c846a2fb5df6e6e93e56


2025-09-02  NIIBE Yutaka  <gniibe@fsij.org>

	agent:w32: Fix non-release of MAPSID.
	+ commit 106d73de86855db0b39346ee6b65886c0d685c0e
	* agent/gpg-agent.c (putty_message_proc): Don't call xfree with
	MAPSID.  It's a reference to an object inside PSD.

	dirmngr,gpg,scd,sm,tools: Minor fixes for es_free.
	+ commit 1b84d649eacf87ff16289c86939a4846a0d26c12
	* dirmngr/crlfetch.c (fetch_cert_by_url): Use es_free.
	* g10/revoke.c (gen_standard_revoke): Likewise.
	* g10/tofu.c (ask_about_binding): Likewise.
	* scd/command.c (cmd_readkey): Likewise.
	* sm/sign.c (gpgsm_sign): Likewise.
	* tools/gpg-wks-client.c (command_create): Likewise.
	* tools/call-dirmngr.c (wkd_get_policy_flags): Clean up no use of
	BUFFER.

	agent: Minor clean-up for use of es_free.
	+ commit aba5c8f0cc6cb905a999a209f43aef12c15bc494
	* agent/command-ssh.c (sexp_key_construct): Use es_free to release
	memory allocated by es_fclose_snatch.
	(data_sign): Likewise.

2025-08-29  Werner Koch  <wk@gnupg.org>

	gpg: Make --auto-upload also work for the --quick commands.
	+ commit 152e02bd87bbb2f7026eecc4cfdc242f1cfa2756
	* g10/keyedit.c (keyedit_menu): Factor some code out ...
	(maybe_upload_key): New.
	(keyedit_quick_adduid): Call it here.
	(keyedit_quick_revuid): Ditto.
	(keyedit_quick_set_primary): Ditto.
	(keyedit_quick_update_pref): Ditto.
	(keyedit_quick_sign): Ditto.
	(keyedit_quick_revsig): Ditto.
	(keyedit_quick_addkey): Ditto.
	(keyedit_quick_addadsk): Ditto.
	(keyedit_quick_set_expire): Ditto.

	gpg: Add option --no-auto-key-upload.
	+ commit c1056826224a30de55b558594114858fa8f5dd9a
	* g10/gpg.c (oNoAutoKeyUpload): New.
	(opts): Add "no-auto-key-upload".
	(main): Clear the flag.

2025-08-28  Werner Koch  <wk@gnupg.org>

	gpg: Make --auto-upload also work for --edit-key.
	+ commit f64a456271dd0b3e027386de30d734820c878978
	* g10/keyedit.c (keyedit_menu): Add an upload flag and set it as
	needed.  On save upload to the keyserver.

	gpg: New option --auto-key-upload.
	+ commit 48e5282c86c253789e7e4f8bfc0930ce07037acc
	* g10/options.h (opt.flags): Add member auto_key_upload.
	(EXPORT_NO_STATUS): New.
	(KEYSERVER_LDAP_ONLY): New.
	(KEYSERVER_WARN_ONLY): New.
	* g10/gpg.c (oAutoKeyUpload): New.
	(opts): New option --auto-key-upload.
	(main): Set option.
	* g10/keyserver.c (keyserver_export_pubkey): New.
	(keyserver_put): Take care of the WARN_ONLY and LDAP_ONLY options.
	Delay printing of the EXPORTED status.
	* g10/keygen.c (do_generate_keypair): Export new key if option is set.
	* g10/export.c (do_export_one_keyblock): Take care of the NO_STATUS
	option.
	(print_status_exported): Move function to ...
	* g10/cpr.c (write_status_warning): here and make public.

2025-08-27  Werner Koch  <wk@gnupg.org>

	gpg: Change the ADSK key binding time to the current time.
	+ commit 1123be6ad659b24318ec3981c501a3ed2fc1960b
	* g10/keyedit.c (append_adsk_to_key): Add arg sigtimestamp and pass
	that as signing time to make_keysig_packet.
	* g10/keygen.c (append_all_default_adsks): Likewise.
	(do_generate_keypair): Likewise.

	gpg: Avoid second Pinentry pop-up for a configured ADSK during keygen.
	+ commit 84c4a30342ea1afd47ce1602901f96bcd1687aee
	* g10/keyedit.c (append_adsk_to_key): Add arg cache_nonce and pass on
	to make_keysig_packet.
	* g10/keygen.c (do_generate_keypair): Pass cache_nonce to
	append_adsk_to_key.

	agent: Enable "relax" in the trustlist by default and add "norelax"
	+ commit 7b133027ae86a4cd68bc15b02d568f5951942218
	* agent/trustlist.c (read_one_trustfile): Enabled the relax flag be
	default.  Add new keyword "norelax".

	gpgsm: Add option --no-qes-note and trustlist flag "noconsent".
	+ commit 6a05d7f0e87fea373f42317c15df9e1ab59dea3e
	* agent/trustlist.c (struct trustitem_s): Add flag "noconsent".
	(read_one_trustfile): Set flag.
	(istrusted_internal): Emit flag value.
	* sm/call-agent.c (istrusted_status_cb): Parse flag.
	* sm/certchain.c (do_validate_chain): Handle flag by using a different
	true value for an existing variable.
	* sm/sign.c (gpgsm_sign): Consult the new flag.
	* sm/gpgsm.c (enum cmd_and_opt_values): Add oNoQESNote.
	(opts): Add option --no-qes-note.
	* sm/gpgsm.h (opt): Add field no_qes_note.
	(struct rootca_flags_s): Add flag noconsent.
	* sm/sign.c (gpgsm_sign): Take care of the noconsent flag.
	* sm/qualified.c (gpgsm_qualified_consent): Take care of no_qes_note.
	* sm/verify.c (gpgsm_verify): Ditto.

	gpgsm: Change the debug flags used with --debug-level basic to expert.
	+ commit db794de6205212ab22feb5c79cc0f07b312f4043
	* sm/gpgsm.c (set_debug): Do not set the IPC debug flag when using
	some debug-levels.

2025-08-25  Werner Koch  <wk@gnupg.org>

	gpg: Allow to select the Kyber variant with --edit-key,addkey.
	+ commit 459f437c19a6de5b7a205a488ba8a3c0ef8ae919
	* g10/keygen.c (generate_subkeypair): Ask for Kyber variant.

2025-08-22  Werner Koch  <wk@gnupg.org>

	common: Add a wrapper around the W32 OutputDebugString function.
	+ commit 7cf19d055929bbaa37b7195a0abe442a7f20b512
	* common/sysutils.c (output_debug_string): New.

2025-08-21  Werner Koch  <wk@gnupg.org>
[--snip--]
