- New upstream v1.4.20 (#1293112)
- Reject signatures made using the MD5 hash algorithm unless the new option --allow-weak-digest-algos or --pgp2 are given.
- New option --weak-digest to specify hash algorithms which should be considered weak.
- Changed default cipher for symmetric-only encryption to AES-128.
- Fix for DoS when importing certain garbled secret keys.
- Improved error reporting for secret subkey w/o corresponding public subkey.
- Improved error reporting in decryption due to wrong algorithm.
- Fix cluttering of stdout with trustdb info in double verbose mode.
- Pass a DBUS envvar to gpg-agent for use by gnome-keyring.