login signup
GnuPG 2.5.19-freepg has been released Andrew Gallagher 30 Apr 2026 22:10 UTC 
Hi, all.

GnuPG 2.5.19-freepg has been released.

It contains all the latest bug fixes from upstream GnuPG, plus the usual
FreePG patches.

Note that the FreePG project considers the 2.5.x branch to be
experimental, and does not enable non-standard OpenPGP algorithms unless
“--compliance=gnupg” is explicitly set.

Release Notes
=============

Noteworthy changes in version 2.5.19-freepg (2026-04-30)
-------------------------------------------------

* No FreePG-specific changes.

https://gitlab.com/freepg/gnupg/-/releases/gnupg-2.5.19-freepg

Upstream's release notes follow.

-----

Noteworthy changes in version 2.5.19 (2026-04-24)
-------------------------------------------------

  * New and extended features:

    - gpg: New option --use-ocb-sym.  [rGccdcdfbb37]

    - gpg: New options --show-[only-]session-hash.  [rGecd0f7afa1]

    - gpgsm: Allow cipher mode to be part of the algo given to the
      --cipher-algo option.  [T3979]

    - gpgsm: Emit more details when failing to check a crlDP.  [T8221]

    - agent: Improve pinentry behavior and texts in smartcard context.
      [T6425]

    - dirmngr: New keyword "clear" for --keyserver.  [rG2ab4cba36c]

  * Bug fixes:

    - gpg: Fix edge case in --refresh-keys.  [T8197]

    - gpg: Don't call gcry_kdf_derive with empty passphrase.  [T7739]

    - gpgsm: Skip the optional PKCS#12 PBES2 keyLength parameter to
      allow import of recently issued certificates by the German
      Telekom.  [rGc8c9604bba]

    - gpgsm: Fix a bug so that a certificate can be signed using a
      different algo.  [rG66fdafab3c]

    - gpgsm: Make GCM fully compliant in de-vs mode.  [rG04fd775fce]

    - gpgsm: Add a certificate chain check for de-vs compliance.
      [T8188]

    - gpgsm: Show rsaPSS certificates as de-vs compliant in listings.
      [T8222]

    - agent: Rework the trustlist reading code to finally allow a
      trustlist.txt with a missing trailing LF.  [T8078]

    - ssh: Fix RSA padding in signature handling.  [T7882,T8202]

    - gpgtar: Fix -C (--directory) to check the output directory.
      [T8159]

  * Other changes:

    - agent: Raise an error when p >= q for RSA keys to detect
      incorrect generated *PGP keys.  [T8171]

  Release-info: https://dev.gnupg.org/T7998