doc: Add NEWS with news from the 2.2 series.

--

2 files changed, 188 insertions, 45 deletions

diff --git a/NEWS b/NEWS
index 22f1fd053..2a917cd5b 100644
--- a/NEWS
+++ b/NEWS
@@ -1,12 +1,179 @@
 Noteworthy changes in version 2.3.0 (unreleased)
 ------------------------------------------------
 
-  * The legacy key discovory method PKA is no longer supported.  The
+  * The legacy key discovery method PKA is no longer supported.  The
     command --print-pka-records and the PKA related import and export
     options have been removed.
 
+  * A new experimental key database daemon is provided.  To enable it
+    put "use-keyboxd" into gpg.conf and gpgsm.conf.  Keys are stored
+    in a SQLite database and make key lookup much faster.
 
 
+  Changes also found in 2.2.27:
+
+  * gpg: Fix regression in 2.2.24 for gnupg_remove function under
+    Windows.  [#5230]
+
+  * gpgconf: Fix case with neither local nor global gpg.conf.  [9f37d3e6f3]
+
+  * gpgconf: Fix description of two new options.  [#5221]
+
+  * Build Windows installer without timestamps.  Note that the
+    Authenticode signatures still carry a timestamp.
+
+  Release-info: https://dev.gnupg.org/T5234
+  See-also: gnupg-announce/2021q1/000452.html
+
+  Changes also found in 2.2.26:
+
+  * gpg: New AKL method "ntds".  [559efd23e9]
+
+  * gpg: Fix --trusted-key with fingerprint arg.  [8a2e5025eb]
+
+  * scd: Fix writing of ECC keys to an OpenPGP card.  [#5163]
+
+  * scd: Make an USB error fix specific to SPR532 readers.  [#5167]
+
+  * dirmngr: With new LDAP keyservers store the new attributes.  Never
+    store the useless pgpSignerID.  Fix a long standing bug storing
+    some keys on an ldap server.  [0e88c73bc9,e47de85382]
+
+  * dirmngr: Support the new Active Direcory LDAP schema for
+    keyservers.  [ac8ece9266]
+
+  * dirmngr: Allow LDAP OpenPGP searches via fingerprint.
+    [c75fd75532]
+
+  * dirmngr: Do not block other threads during keyserver LDAP calls.
+    [15bfd189c0]
+
+  * Support global configuration files.  [#4788,a028f24136]
+
+  * Fix the iconv fallback handling to UTF-8.  [#5038]
+
+  Release-info: https://dev.gnupg.org/T5153
+  See-also: gnupg-announce/2020q4/000451.html
+
+  Changes also found in 2.2.25:
+
+  * scd: Fix regression in 2.2.24 requiring gpg --card-status before
+    signing or decrypting.  [#5065]
+
+  * gpgsm: Using Libksba 1.5.0 signatures with a rarely used
+    combination of attributes can now be verified.  [#5146]
+
+  Release-info: https://dev.gnupg.org/T5140
+  See-also: gnupg-announce/2020q4/000450.html
+
+  Changes also found in 2.2.24:
+
+  * Allow Unicode file names on Windows almost everywhere.  Note that
+    it is still not possible to use Unicode strings on the command
+    line.  This change also fixes a regression in 2.2.22 related to
+    non-ascii file names.  [#5098]
+
+  * Fix localized time printing on Windows.  [#5073]
+
+  * gpg: New command --quick-revoke-sig.  [#5093]
+
+  * gpg: Do not use weak digest algos if selected by recipient
+    preference during sign+encrypt.  [4c181d51a6]
+
+  * gpg: Switch to AES256 for symmetric encryption in de-vs mode.
+    [166e779634]
+
+  * gpg: Silence weak digest warnings with --quiet.  [#4893]
+
+  * gpg: Print new status line CANCELED_BY_USER for a cancel during
+    symmetric encryption.  [f05d1772c4]
+
+  * gpg: Fix the encrypt+sign hash algo preference selection for
+    ECDSA.  This is in particular needed for keys created from
+    existing smartcard based keys.  [aeed0b93ff]
+
+  * agent: Keep some permissions of private-keys-v1.d.  [#2312]
+
+  * dirmngr: Align sks-keyservers.netCA.pem use between ntbtls and
+    gnutls builds.  [e4f3b74c91]
+
+  * dirmngr: Fix the pool keyserver case for a single host in the
+    pool.  [72e04b03b1a7]
+
+  * scd: Fix the use case of verify_chv2 by CHECKPIN.  [61aea64b3c]
+
+  * scd: Various improvements to the ccid-driver.  [#4616,#5065]
+
+  * scd: Minor fixes for Yubikey [25bec16d0b]
+
+  * gpgconf: New option --show-versions.
+
+  * w32: Install gpg-check-pattern and example profiles.  Install
+    Windows subsystem variant of gpgconf (gpgconf-w32).
+
+  Release-info: https://dev.gnupg.org/T5052
+  See-also: gnupg-announce/2020q4/000449.html
+
+  Changes also found in 2.2.23:
+
+  * gpg: Fix a possible segv in the key cleaning code.
+
+  * gpgsm: Fix a minor RFC2253 parser bug.  [#5037]
+
+  * scdaemon: Fix a PIN verify failure on certain OpenPGP card
+    implementations.  Regression in 2.2.22.  [#5039]
+
+  Release-info: https://dev.gnupg.org/T5045
+  See-also: gnupg-announce/2020q3/000448.html
+
+  Changes also found in 2.2.22:
+
+  * gpg: Change the default key algorithm to rsa3072.
+
+  * gpg: Add regular expression support for Trust Signatures on all
+    platforms.  [#4843]
+
+  * gpg: Fix regression in 2.2.21 with non-default --passphrase-repeat
+    option.  [#4991]
+
+  * gpg: Ignore --personal-digest-prefs for ECDSA keys.  [#5021]
+
+  * gpgsm: Make rsaPSS a de-vs compliant scheme.
+
+  * gpgsm: Show also the SHA256 fingerprint in key listings.
+
+  * gpgsm: Do not require a default keyring for --gpgconf-list.  [#4867]
+
+  * gpg-agent: Default to extended key format and record the creation
+    time of keys.  Add new option --disable-extended-key-format.
+
+  * gpg-agent: Support the WAYLAND_DISPLAY envvar.  [#5016]
+
+  * gpg-agent: Allow using --gpgconf-list even if HOME does not
+    exist.  [#4866]
+
+  * gpg-agent: Make the Pinentry work even if the envvar TERM is set
+    to the empty string.  [#4137]
+
+  * scdaemon: Add a workaround for Gnuk tokens <= 2.15 which wrongly
+    incremented the error counter when using the "verify" command of
+    "gpg --edit-key" with only the signature key being present.
+
+  * dirmngr: Better handle systems with disabled IPv6.  [#4977]
+
+  * gpgpslit: Install tool.  It was not installed in the past to avoid
+    conflicts with the version installed by GnuPG 1.4.  [#5023]
+
+  * gpgtar: Handle Unicode file names on Windows correctly. [#4083]
+
+  * gpgtar: Make --files-from and --null work as documented.  [#5027]
+
+  * Build the Windows installer with the new Ntbtls 0.2.0 so that TLS
+    connections succeed for servers demanding GCM.
+
+  Release-info: https://dev.gnupg.org/T5030
+  See-also: gnupg-announce/2020q3/000447.html
+
   Changes also found in 2.2.21:
 
   * gpg: Add option --no-include-key-block. [#4856]
@@ -774,6 +941,13 @@ Noteworthy changes in version 2.3.0 (unreleased)
   Version 2.2.19 (2019-12-07)
   Version 2.2.20 (2020-03-20)
   Version 2.2.21 (2020-07-09)
+  Version 2.2.22 (2020-08-27)
+  Version 2.2.23 (2020-09-03)
+  Version 2.2.24 (2020-11-17)
+  Version 2.2.25 (2020-11-23)
+  Version 2.2.26 (2020-12-21)
+  Version 2.2.27 (2021-01-11)
+
 
 Noteworthy changes in version 2.2.0 (2017-08-28)
 ------------------------------------------------
diff --git a/README b/README
index 3d8505e44..56695e793 100644
--- a/README
+++ b/README
@@ -32,7 +32,7 @@
 
 * BUILD INSTRUCTIONS
 
-  GnuPG 2.2 depends on the following GnuPG related packages:
+  GnuPG 2.3 depends on the following GnuPG related packages:
 
     npth         (https://gnupg.org/ftp/gcrypt/npth/)
     libgpg-error (https://gnupg.org/ftp/gcrypt/libgpg-error/)
@@ -43,9 +43,9 @@
   You should get the latest versions of course, the GnuPG configure
   script complains if a version is not sufficient.
 
-  For some advanced features several other libraries are required.
-  The configure script prints diagnostic messages if one of these
-  libraries is not available and a feature will not be available..
+  Several other standard libraries are also required.  The configure
+  script prints diagnostic messages if one of these libraries is not
+  available and a feature will not be available..
 
   You also need the Pinentry package for most functions of GnuPG;
   however it is not a build requirement.  Pinentry is available at
@@ -68,9 +68,7 @@
   Before running the "make install" you might need to become root.
 
   If everything succeeds, you have a working GnuPG with support for
-  OpenPGP, S/MIME, ssh-agent, and smartcards.  Note that there is no
-  binary gpg but a gpg2 so that this package won't conflict with a
-  GnuPG 1.4 installation.  gpg2 behaves just like gpg.
+  OpenPGP, S/MIME, ssh-agent, and smartcards.
 
   In case of problem please ask on the gnupg-users@gnupg.org mailing
   list for advise.
@@ -79,16 +77,11 @@
   doc/HACKING in the section "How to build an installer for Windows".
   This requires some experience as developer.
 
-  Note that the PKITS tests are always skipped unless you copy the
-  PKITS test data file into the tests/pkits directory.  There is no
-  need to run these test and some of them may even fail because the
-  test scripts are not yet complete.
-
   You may run
 
     gpgconf --list-dirs
 
-  to view the default directories used by GnuPG.
+  to view the directories used by GnuPG.
 
   To quickly build all required software without installing it, the
   Speedo method may be used:
@@ -122,28 +115,6 @@
   Add other options as needed.
 
 
-* MIGRATION from 1.4 or 2.0 to 2.2
-
-  The major change in 2.2 is gpg-agent taking care of the OpenPGP
-  secret keys (those managed by GPG).  The former file "secring.gpg"
-  will not be used anymore.  Newly generated keys are stored in the
-  agent's key store directory "~/.gnupg/private-keys-v1.d/".  The
-  first time gpg needs a secret key it checks whether a "secring.gpg"
-  exists and copies them to the new store.  The old secring.gpg is
-  kept for use by older versions of gpg.
-
-  Note that gpg-agent now uses a fixed socket.  All tools will start
-  the gpg-agent as needed.  The formerly used environment variable
-  GPG_AGENT_INFO is ignored by 2.2.  The SSH_AUTH_SOCK environment
-  variable should be set to a fixed value.
-
-  The Dirmngr is now part of GnuPG proper and also used to access
-  OpenPGP keyservers.  The directory layout of Dirmngr changed to make
-  use of the GnuPG directories.  Dirmngr is started by gpg or gpgsm as
-  needed. There is no more need to install a separate Dirmngr package.
-
-  All changes introduced with GnuPG 2.2 have been developed in the 2.1
-  series of releases.  See the respective entries in the file NEWS.
 
 * RECOMMENDATIONS
 
@@ -183,15 +154,14 @@
   is at [[https://gnupg.org/documentation/manuals/gnupg-devel/]] .
 
 
-* Installing GnuPG 2.2. and GnuPG 1.4
+* Unsing the legacy version GnuPG 1.4
 
-  GnuPG 2.2 is a current version of GnuPG with state of the art
-  security design and many more features.  To install both versions
-  alongside, it is suggested to rename the 1.4 version of "gpg" to
-  "gpg1" as well as the corresponding man page.  Newer releases of the
-  1.4 branch will likely do this by default.  In case this is not
-  possible, the 2.2 version can be installed under the name "gpg2"
-  using the configure option --enable-gpg-is-gpg2.
+  The 1.4 version of GnuPG is only intended to allow decryption of old
+  data material using legacy keys which are not anymore supported by
+  GnuPG 2.x.  To install both versions alongside, it is suggested to
+  rename the 1.4 version of "gpg" to "gpg1" as well as the
+  corresponding man page.  Newer releases of the 1.4 branch will
+  likely do this by default.
 
 
 * HOW TO GET MORE INFORMATION
@@ -201,7 +171,6 @@
   "https://gnupg.org/faq/whats-new-in-2.1.html" .
 
   The primary WWW page is "https://gnupg.org"
-             or using Tor "http://ic6au7wa3f6naxjq.onion"
   The primary FTP site is "https://gnupg.org/ftp/gcrypt/"
 
   See [[https://gnupg.org/download/mirrors.html]] for a list of