| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: gpg2 | Distribution: openSUSE Leap 15.2 |
| Version: 2.2.5 | Vendor: openSUSE |
| Release: lp152.9.3.1 | Build date: Thu Jun 10 18:15:58 2021 |
| Group: Productivity/Networking/Security | Build host: obs-power9-07 |
| Size: 10341690 | Source RPM: gpg2-2.2.5-lp152.9.3.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: http://www.gnupg.org/aegypten2/ | |
| Summary: File encryption, decryption, signature creation and verification utility | |
GnuPG is a hybrid-encryption software program; it uses a combination of symmetric-key and public-key cryptography to encrypt/decrypt messages and/or to sign and verify them. gpg2 provides GPGSM, gpg-agent, and a keybox library.
GPL-3.0+
* Thu May 21 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Fix warning: agent returned different signature type ssh-rsa
* The gpg-agent's ssh-agent does not handle flags in signing
requests properly [bsc#1161268, bsc#1172308]
* Add gnupg-gpg-agent-ssh-agent.patch
* Wed Oct 02 2019 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Remove self-buildrequire [bsc#1152755]
* Mon Jul 22 2019 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Security fix: [bsc#1141093, CVE-2019-13050]
* Denial of service attacks via big keys
* Added patches:
- gnupg-CVE-2019-13050_0_of_5.patch
- gnupg-CVE-2019-13050_1_of_5.patch
- gnupg-CVE-2019-13050_2_of_5.patch
- gnupg-CVE-2019-13050_3_of_5.patch
- gnupg-CVE-2019-13050_4_of_5.patch
- gnupg-CVE-2019-13050_5_of_5.patch
* Mon Apr 29 2019 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Allow coredumps in X11 desktop sessions (bsc#1124847)
* Added gnupg-gpg-agent-ulimit.patch
* Wed Jan 02 2019 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Security fix: [bsc#1120346, CVE-2018-1000858]
* Cross Site Request Forgery (CSRF) vulnerability in dirmngr that
can result in Attacker controlled CSRF.
* Added patches:
- gnupg-CRL-fetching-via-https.patch
- gnupg-Allow-redirection-from-https-to-http-for-CRLs.patch
- gnupg-CVE-2018-1000858.patch
* Fri Jun 08 2018 kbabioch@suse.com
- Added gnupg-CVE-2018-12020.patch: Sanitize the diagnostic output of the
original file name in verbose mode (bsc#1096745, CVE-2018-12020).
* Thu Apr 05 2018 kbabioch@suse.com
- Added gnupg-CVE-2018-9234.patch: Enforce that key certification
can only be done with the master key, and not a signing subkey.
(bnc#1088255 CVE-2018-9234)
* Sun Feb 25 2018 astieger@suse.com
- GnuPG 2.2.5:
* gpg: Allow the use of the "cv25519" and "ed25519" short names
in addition to the canonical curve names in --batch --gen-key
* gpg: Make sure to print all secret keys with option --list-only
and --decrypt
* gpg: Fix the use of future-default with --quick-add-key for
signing keys
* gpg: Select a secret key by checking availability under
gpg-agent
* gpg: Fix reversed prompt texts for --only-sign-text-ids
* gpg,gpgsm: Fix detection of bogus keybox blobs on 32 bit
systems
* gpgsm: Fix regression since 2.1 in --export-secret-key-raw
which got $d mod (q-1)$ wrong
* scd: Support the KDF Data Object of the OpenPGP card 3.3
* scd: Fix a regression in the internal CCID driver for certain
card readers
* dirmngr: Improve returned error description on failure of DNS
resolving
* wks: Implement command --install-key for gpg-wks-server.
* Thu Feb 22 2018 fvogt@suse.com
- Use %license (boo#1082318)
* Thu Dec 21 2017 astieger@suse.com
- GnuPG 2.2.4:
* gpg: Change default preferences to prefer SHA512.
* gpg: Print a warning when more than 150 MiB are encrypted using
a cipher with 64 bit block size.
* gpg: Print a warning if the MDC feature has not been used for a
message.
* gpg: Fix regular expression of domain addresses in trust
signatures
* agent: New option --auto-expand-secmem to help with high
numbers of concurrent connections. Requires libgcrypt 1.8.2
for having an effect.
* dirmngr: Cache responses of WKD queries.
* gpgconf: Add option --status-fd.
* wks: Add commands --check and --remove-key to gpg-wks-server
* Increase the backlog parameter of the daemons to 64 and add
option --listen-backlog.
- Not enabled features:
* New configure option --enable-run-gnupg-user-socket to first
try a socket directory which is not removed by systemd at
session end.
* Tue Nov 21 2017 astieger@suse.com
- GnuPG 2.2.3:
* dirmngr: Fix crash in case of a CRL loading error
* gpgtar: Fix wrong behaviour of --set-filename
* gpg: Silence AKL retrieval messages
* agent: Use clock or clock_gettime for calibration
* agent: Improve robustness of the shutdown pending state
* Tue Nov 07 2017 astieger@suse.com
- GnuPG 2.2.2:
* gpg: Avoid duplicate key imports by concurrently running gpg
processes
* gpg: Fix creating on-disk subkey with on-card primary key
* gpg: Fix validity retrieval for multiple keyrings
* gpg: Fix --dry-run and import option show-only for secret keys
* gpg: Print "sec" or "sbb" for secret keys with import option
import-show
* gpg: Make import less verbose
* gpg: Add alias "Key-Grip" for parameter "Keygrip" and new
parameter "Subkey-Grip" to unattended key generation
* gpg: Improve "factory-reset" command for OpenPGP cards
* gpg: Ease switching Gnuk tokens into ECC mode by using the magic
keysize value 25519
* gpgsm: Fix --with-colon listing in crt records for fields > 12.
* gpgsm: Do not expect X.509 keyids to be unique
* agent: Fix stucked Pinentry when using --max-passphrase-days
* agent: New option --s2k-count
* dirmngr: Do not follow https-to-http redirects
* dirmngr: Reduce default LDAP timeout from 100 to 15 seconds
* gpgconf: Ignore non-installed components for commands
- -apply-profile and --apply-defaults
* Add configure option --enable-werror
* Tue Sep 19 2017 astieger@suse.com
- GnuPG 2.2.1:
* gpg: Fix formatting of the user id in batch mode key generation
if only "name-email" is given.
* gpgv: Fix annoying "not suitable for" warnings.
* wks: Convey only the newest user id to the provider. This is
the case if different names are used with the same addr-spec.
* wks: Create a complying user id for provider policy mailbox-only.
* wks: Add workaround for posteo.de.
* scd: Fix the use of large ECC keys with an OpenPGP card.
* dirmngr: Use system provided root certificates if no specific
HKP certificates are configured. If bu
* Mon Aug 28 2017 astieger@suse.com
- GnuPG 2.2.0:
* New long term stable branch, replacing the 2.0.x series
* gpg: Reverted change in 2.1.23 so that --no-auto-key-retrieve
is again the default boo#1054088
* Fixed a few minor bugs
* Sat Aug 12 2017 astieger@suse.com
- GnuPG 2.1.23:
* gpg: Options --auto-key-retrieve and --auto-key-locate "local,wkd"
are now used by default. Note: this enables keyserver and Web Key
Directory operators to notice when a signature from a locally
non-available key is being verified for the first time or when
you intend to encrypt to a mail address without having the key
locally. This new behaviour will eventually make key discovery
much easier and mostly automatic. Disable this by adding
no-auto-key-retrieve
auto-key-locate local
to your gpg.conf.
* agent: Option --no-grab is now the default. The new option --grab
allows to revert this.
* gpg: New import option "show-only".
* gpg: New option --disable-dirmngr to entirely disable network
access for gpg.
* gpg,gpgsm: Tweaked DE-VS compliance behaviour.
* New configure flag --enable-all-tests to run more extensive tests
during "make check".
* gpgsm: The keygrip is now always printed in colon mode as
documented in the man page.
* Fri Jul 28 2017 astieger@suse.com
- GnuPG 2.1.22:
* gpg: Extend command --quick-set-expire to allow for setting the
expiration time of subkeys.
* gpg: By default try to repair keys during import. New sub-option
no-repair-keys for --import-options.
* gpg,gpgsm: Improved checking and reporting of DE-VS compliance.
* gpg: New options --key-origin and --with-key-origin. Store the
time of the last key update from keyservers, WKD, or DANE.
* agent: New option --ssh-fingerprint-digest.
* dimngr: Lower timeouts on keyserver connection attempts and made
it configurable.
* dirmngr: Tor will now automatically be detected and used. The
option --no-use-tor disables Tor detection.
* dirmngr: Now detects a changed /etc/resolv.conf.
* agent,dirmngr: Initiate shutdown on removal of the GnuPG home
directory.
* gpg: Avoid caching passphrase for failed symmetric encryption.
* agent: Support for unprotected ssh keys.
* dirmngr: Fixed name resolving on systems using only v6
nameservers.
* dirmngr: Allow the use of TLS over http proxies.
* wks: New man pages for client and server.
* Fri May 19 2017 marco.strigl@suse.com
- GnuPG 2.1.21:
* modified gnupg-2.0.18-files-are-digests.patch to work with
obs-sign again bsc#1039899
* Mon May 15 2017 astieger@suse.com
- GnuPG 2.1.21:
* gpg,gpgsm: Fix corruption of old style keyring.gpg files,
regression in 2.1.20
* gpg,dirmngr: Removed the skeleton config file support
New installations no longer generate a configuration file.
In the absence of a file, SHA-2 family hashes are used.
Existing configurations are not touched.
drop gnupg-2.1.19-stronger-defaults.patch FATE#323084
* gpg: Fixed import filter property match bug.
* scd: Removed Linux support for Cardman 4040 PCMCIA reader.
* scd: Fixed some corner case bugs in resume/suspend handling.
* Many minor bug fixes and code cleanup.
* Tue Apr 04 2017 astieger@suse.com
- GnuPG 2.1.20:
* gpg: New properties 'expired', 'revoked', and 'disabled' for the
import and export filters.
* gpg: New command --quick-set-primary-uid.
* gpg: New compliance field for the --with-colon key listing.
* gpg: Changed the key parser to generalize the processing of local
meta data packets.
* gpg: Fixed assertion failure in the TOFU trust model.
* gpg: Fixed exporting of zero length user ID packets.
* scd: Improved support for multiple readers.
* scd: Fixed timeout handling for key generation.
* agent: New option --enable-extended-key-format.
* dirmngr: Do not add a keyserver to a new dirmngr.conf. Dirmngr
uses a default keyserver.
* dimngr: Do not treat TLS warning alerts as severe error when
building with GNUTLS.
* dirmngr: Actually take /etc/hosts in account.
* wks: Fixed client problems on Windows. Published keys are now set
to world-readable.
* tests: Fixed creation of temporary directories.
* A socket directory for a non standard GNUGHOME is now created on
the fly under /run/user. Thus "gpgconf --create-socketdir" is now
optional. The use of "gpgconf --remove-socketdir" to clean up
obsolete socket directories is however recommended to avoid
cluttering /run/user with useless directories.
* Fixed build problems on some platforms.
* Tue Mar 14 2017 astieger@suse.com
- Use stronger defaults for new users, using SHA-2 digest family
for certificates and message signatures - FATE#323084
adding gnupg-2.1.19-stronger-defaults.patch
* Tue Mar 07 2017 astieger@suse.com
- GnuPG 2.1.19:
* gpg: Print a warning if Tor mode is requested but the Tor
daemon is not running.
* gpg: New status code DECRYPTION_KEY to print the actual private
key used for decryption.
* gpgv: New options --log-file and --debug.
* gpg-agent: Revamp the prompts to ask for card PINs.
* scd: Support for multiple card readers.
* scd: Removed option --debug-disable-ticker. Ticker is used
only when it is required to watch removal of device/card.
* scd: Improved detection of card inserting and removal.
* dirmngr: New option --disable-ipv4.
* dirmngr: New option --no-use-tor to explicitly disable the use
of Tor.
* dirmngr: The option --allow-version-check is now required even
if the option --use-tor is also used.
* dirmngr: Handle a missing nsswitch.conf gracefully.
* dirmngr: Avoid PTR lookups for keyserver pools. The are only
done for the debug command "keyserver --hosttable".
* dirmngr: Rework the internal certificate cache to support
classes of certificates. Load system provided certificates on
startup.
* Add options --tls, --no-crl, and --systrust to the "VALIDATE"
command.
* dirmngr: Add support for the ntbtls library.
* wks: Create mails with a "WKS-Phase" header. Fix detection of
Draft-2 mode.
* Many other bug fixes and new regression tests.
- dirmngr: use system certificate store
* Thu Mar 02 2017 jengelh@inai.de
- Rewrite descriptions
* Tue Jan 24 2017 astieger@suse.com
- GnuPG 2.1.18:
* gpg: Remove bogus subkey signature while cleaning a key (with
export-clean, import-clean, or --edit-key's sub-command clean)
* gpg: Allow freezing the clock with --faked-system-time.
* gpg: New --export-option flag "backup", new --import-option flag
"restore".
* gpg-agent: Fixed long delay due to a regression in the progress
callback code.
* scd: Lots of code cleanup and internal changes.
* scd: Improved the internal CCID driver.
* dirmngr: Fixed problem with the DNS glue code (removal of the
trailing dot in domain names).
* dirmngr: Make sure that Tor is actually enabled after changing the
conf file and sending SIGHUP or "gpgconf --reload dirmngr".
* dirmngr: Fixed Tor access to IPv6 addresses. Note that current
versions of Tor may require that the flag "IPv6Traffic" is used
with the option "SocksPort" in torrc to actually allow IPv6
traffic.
* dirmngr: Fixed HKP for literally given IPv6 addresses.
* dirmngr: Enabled reverse DNS lookups via Tor.
* dirmngr: Added experimental SRV record lookup for WKD.
See commit 88dc3af3d4ae1afe1d5e136bc4c38bc4e7d4cd10 for details.
* dirmngr: For HKP use "pgpkey-hkps" and "pgpkey-hkp" in SRV record
lookups. Avoid SRV record lookup when a port is explicitly
specified. This fixes a regression from the 1.4 and 2.0 behavior.
* dirmngr: Gracefully handle a missing /etc/nsswitch.conf. Ignore
negation terms (e.g. "[!UNAVAIL=return]" instead of bailing out.
* dirmngr: Better debug output for flags "dns" and "network".
* dirmngr: On reload mark all known HKP servers alive.
* gpgconf: Allow keyword "all" for --launch, --kill, and --reload.
* tools: gpg-wks-client now ignores a missing policy file on the
server.
* Avoid unnecessary ambiguity error message in the option parsing.
* Further improvements of the regression test suite.
* Fixed building with --disable-libdns configure option.
* Fixed a crash running the tests on 32 bit architectures.
* Fixed spurious failures on BSD system in the spawn functions.
This affected for example gpg-wks-client and gpgconf.
* Mon Jan 09 2017 tchvatal@suse.com
- Remove the fixme, condition around fdupes
* Sun Dec 25 2016 astieger@suse.com
- add runtime dependency to match runtime version check for libksba
* Tue Dec 20 2016 astieger@suse.com
- GnuPG 2.1.17:
* gpg: By default new keys expire after 2 years.
* gpg: New command --quick-set-expire to conveniently change the
expiration date of keys.
* gpg: Option and command names have been changed for easier
comprehension. The old names are still available as aliases.
* gpg: Improved the TOFU trust model.
* gpg: New option --default-new-key-algo.
* scd: Support OpenPGP card V3 for RSA.
* dirmngr: Support for the ADNS library has been removed. Now using
bundled libdns, enabling Tor support on all platforms.
New option --standard-resolver can be used to disable this code
at runtime.
* dirmngr: Lazily launch ldap reaper thread.
* tools: New options --check and --status-fd for gpg-wks-client.
* The UTF-8 byte order mark is now skipped when reading conf files.
* Fixed many bugs and regressions.
* Major improvements to the test suite. For example it is possible
to run the external test suite of GPGME.
* Sat Nov 19 2016 astieger@suse.com
- GnuPG 2.1.16:
* gpg: New algorithm for selecting the best ranked public key when
using a mail address with -r, -R, or --locate-key.
* gpg: New option --with-tofu-info to print a new "tfs" record in
colon formatted key listings.
* gpg: New option --compliance as an alternative way to specify
options like --rfc2440, --rfc4880, et al.
* gpg: Many changes to the TOFU implementation.
* gpg: Improve usability of --quick-gen-key.
* gpg: In --verbose mode print a diagnostic when a pinentry is
launched.
* gpg: Remove code which warns for old versions of gnome-keyring.
* gpg: New option --override-session-key-fd.
* gpg: Option --output does now work with --verify.
* gpgv: New option --output to allow saving the verified data.
* gpgv: New option --enable-special-filenames.
* agent, dirmngr: New --supervised mode for use by systemd and alike.
* agent: By default listen on all available sockets using standard
names.
* agent: Invoke scdaemon with --homedir.
* dirmngr: On Linux now detects the removal of its own socket and
terminates.
* scd: Support ECC key generation.
* scd: Support more card readers.
* dirmngr: New option --allow-version-check to download a software
version database in the background.
* dirmngr: Use system provided CAs if no --hkp-cacert is given.
* dirmngr: Use a default keyserver if none is explicitly set
* gpgconf: New command --query-swdb to check software versions
against an copy of an online database.
* gpgconf: Print the socket directory with --list-dirs.
* tools: The WKS tools now support draft version -02.
* tools: Always build gpg-wks-client and install under libexec.
* tools: New option --supported for gpg-wks-client.
* The log-file option now accepts a value "socket://" to log to the
socket named "S.log" in the standard socket directory.
* Provide fake pinentries for use by tests cases of downstream
developers.
* Fixed many bugs and regressions.
* Many changes and improvements for the test suite.
- drop upstreamed patches:
* 0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch
* gnupg-2.1.15-bsc993324-status-output.patch
* Tue Sep 13 2016 astieger@suse.com
- avoid mixing up status and colon line output - bsc#993324
add gnupg-2.1.15-bsc993324-status-output.patch
* Thu Sep 01 2016 astieger@suse.com
- enable web key discovery tools
* Wed Aug 31 2016 astieger@suse.com
- Add an explicit runtime dependency on libgcrypt >= 1.7.0 to
match runtime version check
* Fri Aug 19 2016 astieger@suse.com
- GnuPG 2.1.15:
* gpg: Remove the --tofu-db-format option and support for the
split TOFU database.
* gpg: Add option --sender to prepare for coming features.
* gpg: Add option --input-size-hint to help progress indicators.
* gpg: Extend the PROGRESS status line with the counted unit.
* gpg: Avoid publishing the GnuPG version by default with --armor.
* gpg: Properly ignore legacy keys in the keyring cache.
* gpg: Always print fingerprint records in --with-colons mode.
* gpg: Make sure that keygrips are printed for each subkey in
- -with-colons mode.
* gpg: New import filter "drop-sig".
* gpgsm: Fix a bug in the machine-readable key listing.
* gpg,gpgsm: Block signals during keyring updates to limits the
effects of a Ctrl-C at the wrong time.
* g13: Add command --umount and other fixes for dm-crypt.
* agent: Fix regression in SIGTERM handling.
* agent: Cleanup of the ssh-agent code.
* agent: Allow import of overly long keys.
* scd: Fix problems with card removal.
* dirmngr: Remove all code for running as a system service.
* tools: Make gpg-wks-client conforming to the specs.
* tests: Improve the output of the new regression test tool.
* tests: Distribute the standalone test runner.
* tests: Run each test in a clean environment.
* Spelling and grammar fixes.
- fix build error, adding
0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch
* Sun Aug 14 2016 astieger@suse.com
- GnuPG 2.1.14:
* gpg: Removed options --print-dane-records and --print-pka-records.
The new export options "export-pka" and "export-dane" can instead
be used with the export command.
* gpg: New options --import-filter and --export-filter.
* gpg: New import options "import-show" and "import-export".
* gpg: New option --no-keyring.
* gpg: New command --quick-revuid.
* gpg: New options -f/--recipient-file and -F/--hidden-recipient-file
to directly specify encryption keys.
* gpg: New option --mimemode to indicate that the content is a MIME
part. Does only enable --textmode right now.
* gpg: New option --rfc4880bis to allow experiments with proposed
changes to the current OpenPGP specs.
* gpg: Fix regression in the "fetch" sub-command of --card-edit.
* gpg: Fix regression since 2.1 in option --try-all-secrets.
* gpgv: Change default options for extra security.
* gpgsm: No more root certificates are installed by default.
* agent: "updatestartuptty" does now affect more environment
variables.
* scd: The option --homedir does now work with scdaemon.
* scd: Support some more GEMPlus card readers.
* gpgtar: Fix handling of '-' as file name.
* gpgtar: New commands --create and --extract.
* gpgconf: Tweak for --list-dirs to better support shell scripts.
* tools: Add programs gpg-wks-client and gpg-wks-server to implement
a Web Key Service. The configure option --enable-wks-tools is
required to build them; they should be considered Beta software.
* tests: Complete rework of the openpgp part of the test suite. The
test scripts have been changed from Bourne shell scripts to Scheme
programs. A customized scheme interpreter (gpgscm) is included.
This change was triggered by the need to run the test suite on
non-Unix platforms.
* The rendering of the man pages has been improved.
- drop upstream gnupg-make_--try-all-secrets_work.patch
* Thu Aug 04 2016 tchvatal@suse.com
- Fix date call as the curlified parameter for sure are not parsed
correctly by escaping it with %
* Wed Aug 03 2016 astieger@suse.com
- Fix upstream bug 1985: --try-all-secrets doesn't work when
decrypting messages encrypted with --hidden-recipient, fixes unit
tests of the duplicity package.
Adding gnupg-make_--try-all-secrets_work.patch
- record the fact that gpg-error 1.21 is required
* Thu Jun 16 2016 astieger@suse.com
- GnuPG 2.1.13:
* gpg: New command --quick-addkey. Extend the --quick-gen-key
command.
* gpg: New --keyid-format "none" which is now also the default.
* gpg: New option --with-subkey-fingerprint.
* gpg: Include Signer's UID subpacket in signatures if the secret key
has been specified using a mail address and the new option
- -disable-signer-uid is not used.
* gpg: Allow unattended deletion of a secret key.
* gpg: Allow export of non-passphrase protected secret keys.
* gpg: New status lines KEY_CONSIDERED and NOTATION_FLAGS.
* gpg: Change status line TOFU_STATS_LONG to use '~' as
a non-breaking-space character.
* gpg: Speedup key listings in Tofu mode.
* gpg: Make sure that the current and total values of a PROGRESS
status line are small enough.
* gpgsm: Allow the use of AES192 and SERPENT ciphers.
* dirmngr: Adjust WKD lookup to current specs.
* dirmngr: Fallback to LDAP v3 if v2 is is not supported.
* gpgconf: New commands --create-socketdir and --remove-socketdir,
new option --homedir.
* If a /run/user/$UID directory exists, that directory is now used
for IPC sockets instead of the GNUPGHOME directory. This fixes
problems with NFS and too long socket names and thus avoids the
need for redirection files.
* Speedup fd closing after a fork.
- drop upstreamed gnupg-fix-signature-checking.patch
* Thu Jun 02 2016 pjanouch@suse.de
- add gnupg-fix-signature-checking.patch (bsc#981020)
https://bugs.gnupg.org/gnupg/issue2351
* Wed May 04 2016 astieger@suse.com
- GnuPG 2.1.12:
* gpg: New --edit-key sub-command "change-usage" for testing
purposes.
* gpg: Out of order key-signatures are now systematically detected
and fixed by --edit-key.
* gpg: Improved detection of non-armored messages.
* gpg: Removed the extra prompt needed to create Curve25519 keys.
* gpg: Improved user ID selection for --quick-sign-key.
* gpg: Use the root CAs provided by the system with --fetch-key.
* gpg: Add support for the experimental Web Key Directory key
location service.
* gpg: Improve formatting of Tofu messages and emit new Tofu specific
status lines.
* gpgsm: Add option --pinentry-mode to support a loopback pinentry.
* gpgsm: A new pubring.kbx is now created with the header blob so
that gpg can detect that the keybox format needs to be used.
* agent: Add read support for the new private key protection format
openpgp-s2k-ocb-aes.
* agent: Add read support for the new extended private key format.
* agent: Default to --allow-loopback-pinentry and add option
- -no-allow-loopback-pinentry.
* scd: Changed to use the new libusb 1.0 API for the internal CCID
driver.
* dirmngr: The dirmngr-client does now auto-detect the PEM format.
* g13: Add experimental support for dm-crypt.
* The man pages for gpg and gpgv are now installed under the correct
name (gpg2 or gpg - depending on a configure option).
* Sun Mar 06 2016 astieger@suse.com
- GnuPG 2.1.11:
* gpg: New command --export-ssh-key to replace the gpgkey2ssh tool.
* gpg: Allow to generate mail address only keys with --gen-key.
* gpg: "--list-options show-usage" is now the default.
* gpg: Make lookup of DNS CERT records holding an URL work.
* gpg: Emit PROGRESS status lines during key generation.
* gpg: Don't check for ambigious or non-matching key specification in
the config file or given to --encrypt-to. This feature will return
in 2.3.x.
* gpg: Lock keybox files while updating them.
* gpg: Fix possible keyring corruption. (bug#2193)
* gpg: Fix regression of "bkuptocard" sub-command in --edit-key and
remove "checkbkupkey" sub-command introduced with 2.1. (bug#2169)
* gpg: Fix internal error in gpgv when using default keyid-format.
* gpg: Fix --auto-key-retrieve to work with dirmngr.conf configured
keyservers. (bug#2147).
* agent: New option --pinentry-timeout.
* scd: Fix regression for generating RSA keys on card.
* dirmmgr: All configured keyservers are now searched.
* dirmngr: Install CA certificate for hkps.pool.sks-keyservers.net.
Use this certiticate even if --hkp-cacert is not used.
* gpgtar: Add actual encryption code. gpgtar does now fully replace
gpg-zip.
* gpgtar: Fix filename encoding problem on Windows.
* Print a warning if a GnuPG component is using an older version of
gpg-agent, dirmngr, or scdaemon.
- disable running test which no longer work
- remove 0001-gpg-Improve-the-keyblock-cache-s-transparency.patch
is now upstream
- the PIE options are implemented in the upstream build, and spec
code broke the build. The only remaining broken executable was
gpgsplit, which was removed from the package
* Tue Jan 26 2016 astieger@suse.com
- add g13, an experimental tool for accessing encrypted storage
with with GnuPG (cards)
* Tue Jan 19 2016 vcizek@suse.com
- fix fingerprint ambiguity (bsc#958891)
* https://bugs.gnupg.org/gnupg/issue2198
* add 0001-gpg-Improve-the-keyblock-cache-s-transparency.patch
* Sun Dec 06 2015 p.drouand@gmail.com
- Move to pkgconfig() packaging style
* Fri Dec 04 2015 astieger@suse.com
- GnuPG 2.1.10 adds TOFU (Trust-On-First-USe) and anonymous key
retrival via Tor.
* gpg: New trust models "tofu" and "tofu+pgp".
* gpg: New command --tofu-policy. New options --tofu-default-policy
and --tofu-db-format.
* gpg: New option --weak-digest to specify hash algorithms which
should be considered weak.
* gpg: Allow the use of multiple --default-key options; take the last
available key.
* gpg: New option --encrypt-to-default-key.
* gpg: New option --unwrap to only strip the encryption layer.
* gpg: New option --only-sign-text-ids to exclude photo IDs from key
signing.
* gpg: Check for ambigious or non-matching key specification in the
config file or given to --encrypt-to.
* gpg: Show the used card reader with --card-status.
* gpg: Print export statistics and an EXPORTED status line.
* gpg: Allow selecting subkeys by keyid in --edit-key.
* gpg: Allow updating the expiration time of multiple subkeys at
once.
* dirmngr: New option --use-tor. For full support this requires
libassuan version 2.4.2 and a patched version of libadns
(e.g. adns-1.4-g10-7 as used by the standard Windows installer).
* dirmngr: New option --nameserver to specify the nameserver used in
Tor mode.
* dirmngr: Keyservers may again be specified by IP address.
* dirmngr: Fixed problems in resolving keyserver pools.
* dirmngr: Fixed handling of premature termination of TLS streams so
that large numbers of keys can be refreshed via hkps.
* gpg: Fixed a regression in --locate-key [since 2.1.9].
* gpg: Fixed another bug for keyrings with legacy keys.
* gpgsm: Allow combinations of usage flags in --gen-key.
* Make tilde expansion work with most options.
* Many other cleanups and bug fixes.
* Tue Nov 24 2015 vcizek@suse.com
- enable tests for PPC64 again,
the problem from bsc#935887 went away
* Fri Nov 20 2015 astieger@suse.com
- Improve upgrade to gpg2 from security:privacy w.r.t. libassuan
run-time dependencies (boo#955982)
* Sat Oct 10 2015 astieger@suse.com
- GnuPG 2.1.9:
* gpg: Allow fetching keys via OpenPGP DANE (--auto-key-locate).\
New option --print-dane-records.
* gpg: Fix for a problem with PGP-2 keys in a keyring.
* gpg: Fail with an error instead of a warning if a modern cipher
algorithm is used without a MDC.
* agent: New option --pinentry-invisible-char.
* agent: Always do a RSA signature verification after creation.
* agent: Fix a regression in ssh-add-ing Ed25519 keys.
* agent: Fix ssh fingerprint computation for nistp384 and EdDSA.
* agent: Fix crash during passprase entry on some platforms.
* scd: Change timeout to fix problems with some 2.1 cards.
* dirmngr: Displayed name is now Key Acquirer.
* dirmngr: Add option --keyserver. Deprecate that option for gpg.
Install a dirmngr.conf file from a skeleton for new installations.
- update gnupg-add_legacy_FIPS_mode_option.patch for context change
* Fri Sep 11 2015 astieger@suse.com
- GnuPG 2.1.8:
* gpg: Sending very large keys to the keyservers works again.
* gpg: Validity strings in key listings are now again translatable.
* gpg: Emit FAILURE status lines to help GPGME.
* gpg: Does not anymore link to Libksba to reduce dependencies.
* gpgsm: Export of secret keys via Assuan is now possible.
* agent: Raise the maximum passphrase length from 100 to 255 bytes.
* agent: Fix regression using EdDSA keys with ssh.
* Does not anymore use a build timestamp by default.
* The fallback encoding for broken locale settings changed
from Latin-1 to UTF-8.
* Many code cleanups and improved internal documentation.
* Various minor bug fixes.
* Wed Aug 12 2015 astieger@suse.com
- GnuPG 2.1.7:
* gpg: Support encryption with Curve25519 if Libgcrypt 1.7 is used.
* gpg: In the --edit-key menu: Removed the need for "toggle", changed
how secret keys are indicated, new commands "fpr *" and "grip".
* gpg: More fixes related to legacy keys in a keyring.
* gpgv: Does now also work with a "trustedkeys.kbx" file.
* scd: Support some feature from the OpenPGP card 3.0 specs.
* scd: Improved ECC support
* agent: New option --force for the DELETE_KEY command.
* Dropped deprecated gpgsm-gencert.sh
* Various other bug fixes.
* Thu Jul 02 2015 astieger@suse.com
- do not run checks on ppc64 for now
* Wed Jul 01 2015 astieger@suse.com
- GnuPG 2.1.6:
* agent: New option --verify for the PASSWD command.
* gpgsm: Add command option "offline" as an alternative to
- -disable-dirmngr.
* gpg: Do not prompt multiple times for a password in pinentry
loopback mode.
* Allow the use of debug category names with --debug.
* Using gpg-agent and gpg/gpgsm with different locales will now show
the correct translations in Pinentry.
* gpg: Improve speed of --list-sigs and --check-sigs.
* gpg: Make --list-options show-sig-subpackets work again.
* gpg: Fix an export problem for old keyrings with PGP-2 keys.
* scd: Support PIN-pads on more readers.
* dirmngr: Properly cleanup zombie LDAP helper processes and avoid
hangs on dirmngr shutdown.
* Various other bug fixes.
- remove documentation make workaround, fixed upstream
* Sun Jun 28 2015 schwab@linux-m68k.org
- Enable workaround for missing dependencies everywhere
* Mon Jun 15 2015 astieger@suse.com
- fix build with openSUSE 13.2 and earlier, call make to
compensate for incorrect documentation dependencies.
* Thu Jun 11 2015 astieger@suse.com
- GnuPG 2.1.5:
* Support for an external passphrase cache.
* Support for the forthcoming version 3 OpenPGP smartcard.
* Manuals now show the actual used file names.
* Prepared for improved integration with Emacs.
* Code cleanups and minor bug fixes.
* Sun May 17 2015 meissner@suse.com
- info deinstall needs to be in %preun
* Tue May 12 2015 astieger@suse.com
- update to 2.1.4:
* gpg: Add command --quick-adduid to non-interacitivly add a new
user id to an existing key.
* gpg: Do no enable honor-keyserver-url by default. Make it work
if enabled.
* gpg: Display the serial number in the --card-staus output again.
* agent: Support for external password managers.
Add option --no-allow-external-cache.
* scdaemon: Improved handling of extended APDUs.
* Make HTTP proxies work again.
* All network access including DNS as been moved to Dirmngr.
* Allow building without LDAP support.
* Fixed lots of smaller bugs.
* Sat Apr 11 2015 astieger@suse.com
- update to 2.1.3:
* gpg: LDAP keyservers are now supported by 2.1.
* gpg: New option --with-icao-spelling.
* gpg: New option --print-pka-records. Changed the PKA method to
use CERT records and hashed names.
* gpg: New command --list-gcrypt-config. New parameter "curve"
for --list-config.
* gpg: Print a NEWSIG status line like gpgsm always did.
* gpg: Print MPI values with --list-packets and --verbose.
* gpg: Write correct MPI lengths with ECC keys.
* gpg: Skip legacy PGP-2 keys while searching.
(drop 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch
now upstream)
* gpg: Improved searching for mail addresses when using a keybox.
* gpgsm: Changed default algos to AES-128 and SHA-256.
* gpgtar: Fixed extracting files with sizes of a multiple of 512.
* dirmngr: Fixed SNI handling for hkps pools.
(drop hkps-fix-host-name-verification-when-using-pools.patch
now upstream)
* dirmngr: extra-certs and trusted-certs are now always loaded
from the sysconfig dir instead of the homedir.
* Fixed possible problems due to compiler optimization, two minor
regressions, and other bugs.
- refreshed for context changes:
* gnupg-2.0.18-files-are-digests.patch
* gnupg-add_legacy_FIPS_mode_option.patch
* Mon Mar 23 2015 idonmez@suse.com
- Add hkps-fix-host-name-verification-when-using-pools.patch to
fix hkps support w/ pools. Upstream commit dc10d46.
* Thu Mar 19 2015 astieger@suse.com
- Ensure secure memory can be used with default 64k memlock limit
Fixes [boo#915931], removes gnupg-large_keys.patch
- Removed gnupg-remove_development_version_warning.patch, obsolete
- Removed gnupg-2.0.4-install_tools.diff, replaced by spec install
- Removed autoconf requirement and autoreconf calls thus obsoleted
* Tue Feb 24 2015 astieger@suse.com
- Fix invalid packet read error when reading keyrings [boo#914625]
add 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch
* Wed Feb 11 2015 astieger@suse.com
- update to 2.1.2:
* gpg: The parameter 'Passphrase' for batch key generation works
again.
* gpg: Using a passphrase option in batch mode now has the
expected effect on --quick-gen-key.
* gpg: Improved reporting of unsupported PGP-2 keys.
* gpg: Added support for algo names when generating keys using
- -command-fd.
* gpg: Fixed DoS based on bogus and overlong key packets.
* agent: When setting --default-cache-ttl the value
for --max-cache-ttl is adjusted to be not lower than the former.
* agent: Fixed problems with the new --extra-socket.
* agent: Made --allow-loopback-pinentry changeable with gpgconf.
* agent: Fixed importing of unprotected openpgp keys.
* agent: Now tries to use a fallback pinentry if the standard
pinentry is not installed.
* scd: Added support for ECDH.
* Fixed several bugs related to bogus keyrings and improved some
other code.
- in gnupg-2.0.18-files-are-digests.patch, change buffer_to_u32 to
buf32_to_u32 from host2net.h to match upstream changes
- now requires automake 1.14
* Fri Dec 26 2014 andreas.stieger@gmx.de
- update to 2.1.1:
* gpg: Detect faulty use of --verify on detached signatures.
* gpg: New import option "keep-ownertrust".
* gpg: New sub-command "factory-reset" for --card-edit.
* gpg: A stub key for smartcards is now created by --card-status.
* gpg: Fixed regression in --refresh-keys.
* gpg: Fixed regresion in %g and %p codes for --sig-notation.
* gpg: Fixed best matching hash algo detection for ECDSA and EdDSA.
* gpg: Improved perceived speed of secret key listisngs.
* gpg: Print number of skipped PGP-2 keys on import.
* gpg: Removed the option aliases --throw-keyid and --notation-data;
use --throw-keyids and --set-notation instead.
* gpg: New import option "keep-ownertrust".
* gpg: Skip too large keys during import.
* gpg,gpgsm: New option --no-autostart to avoid starting gpg-agent or
dirmngr.
* gpg-agent: New option --extra-socket to provide a restricted
command set for use with remote clients.
* gpgconf --kill does not anymore start a service only to kill it.
* gpg-pconnect-agent: Add convenience option --uiserver.
* More translations (but most of them are not complete).
* To support remotely mounted home directories, the IPC sockets may
now be redirected. This feature requires Libassuan 2.2.0.
* Improved portability and the usual bunch of bug fixes.
- removed patch not part of upstream release:
gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch
- refresh for context changes:
gnupg-2.0.18-files-are-digests.patch
gnupg-2.0.4-install_tools.diff
- refresh for upstream code changes:
gnupg-add_legacy_FIPS_mode_option.patch
gnupg-detect_FIPS_mode.patch (MD5 removed)
* Thu Dec 25 2014 dev@stellardeath.org
- Support for large RSA keys
This involves compiling with --enable-large-rsa and
- -enable-large-secmem, as well as patching the number
of secmem bytes and IPC bytes to slightly larger values.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739424
* added gnupg-large_keys.patch
* Wed Dec 03 2014 andreas.stieger@gmx.de
- update build requirement versions that changed with 2.1.0
* Wed Nov 26 2014 andreas.stieger@gmx.de
- fix buffer overflow in OID to string conversion function
[boo#907198], adding
gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch
* Tue Nov 11 2014 vcizek@suse.com
- obsolete dirmngr (shipped with gpg since 2.1.0)
- spec cleanup after previous update
- get rid of "THIS IS A DEVELOPMENT VERSION" warning
http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029065.html
* added gnupg-remove_development_version_warning.patch
* Thu Nov 06 2014 vcizek@suse.com
- upgrade to 2.1.0 (modern)
- The file "secring.gpg" is not anymore used to store the secret
keys. Merging of secret keys is now supported.
- All support for PGP-2 keys has been removed for security reasons.
- The standard key generation interface is now much leaner. This
will help a new user to quickly generate a suitable key.
- Support for Elliptic Curve Cryptography (ECC) is now available.
- Commands to create and sign keys from the command line without any
extra prompts are now available.
- The Pinentry may now show the new passphrase entry and the
passphrase confirmation entry in one dialog.
- There is no more need to manually start the gpg-agent. It is now
started by any part of GnuPG as needed.
- Problems with importing keys with the same long key id have been
addressed.
- The Dirmngr is now part of GnuPG proper and also takes care of
accessing keyserver.
- Keyserver pools are now handled in a smarter way.
- A new format for locally storing the public keys is now used.
This considerable speeds up operations on large keyrings.
- Revocation certificates are now created by default.
- Card support has been updated, new readers and token types are
supported.
- The format of the key listing has been changed to better identify
the properties of a key.
- The gpg-agent may now be used on Windows as a Pageant replacement
for Putty in the same way it is used for years on Unix as
ssh-agent replacement.
- Creation of X.509 certificates has been improved. It is now also
possible to export them directly in PKCS#8 and PEM format for use
on TLS servers.
- dropped patches:
* gnupg-2.0.20-automake113.diff
* gnupg-2.0.18-tmpdir.diff (socket is created in homedir now)
- refresh most of the remaining patches
- added new BuildRequires: gnutls-devel, pkg-config, npth-devel
/etc/gnupg /etc/gnupg/gpgconf.conf /usr/bin/dirmngr /usr/bin/dirmngr-client /usr/bin/dirmngr_ldap /usr/bin/g13 /usr/bin/gpg /usr/bin/gpg-agent /usr/bin/gpg-connect-agent /usr/bin/gpg-wks-server /usr/bin/gpg-zip /usr/bin/gpg2 /usr/bin/gpgconf /usr/bin/gpgparsemail /usr/bin/gpgscm /usr/bin/gpgsm /usr/bin/gpgtar /usr/bin/gpgv /usr/bin/gpgv2 /usr/bin/kbxutil /usr/bin/scdaemon /usr/bin/watchgnupg /usr/lib64/gpg-check-pattern /usr/lib64/gpg-preset-passphrase /usr/lib64/gpg-protect-tool /usr/lib64/gpg-wks-client /usr/sbin/addgnupghome /usr/sbin/applygnupgdefaults /usr/sbin/g13-syshelp /usr/share/doc/packages/gpg2 /usr/share/doc/packages/gpg2/AUTHORS /usr/share/doc/packages/gpg2/ChangeLog /usr/share/doc/packages/gpg2/DCO /usr/share/doc/packages/gpg2/DETAILS /usr/share/doc/packages/gpg2/FAQ /usr/share/doc/packages/gpg2/HACKING /usr/share/doc/packages/gpg2/KEYSERVER /usr/share/doc/packages/gpg2/NEWS /usr/share/doc/packages/gpg2/OpenPGP /usr/share/doc/packages/gpg2/README /usr/share/doc/packages/gpg2/THANKS /usr/share/doc/packages/gpg2/TODO /usr/share/doc/packages/gpg2/TRANSLATE /usr/share/doc/packages/gpg2/examples /usr/share/doc/packages/gpg2/examples/README /usr/share/doc/packages/gpg2/examples/debug.prf /usr/share/doc/packages/gpg2/examples/pwpattern.list /usr/share/doc/packages/gpg2/examples/scd-event /usr/share/doc/packages/gpg2/examples/systemd-user /usr/share/doc/packages/gpg2/examples/systemd-user/README /usr/share/doc/packages/gpg2/examples/systemd-user/dirmngr.service /usr/share/doc/packages/gpg2/examples/systemd-user/dirmngr.socket /usr/share/doc/packages/gpg2/examples/systemd-user/gpg-agent-browser.socket /usr/share/doc/packages/gpg2/examples/systemd-user/gpg-agent-extra.socket /usr/share/doc/packages/gpg2/examples/systemd-user/gpg-agent-ssh.socket /usr/share/doc/packages/gpg2/examples/systemd-user/gpg-agent.service /usr/share/doc/packages/gpg2/examples/systemd-user/gpg-agent.socket /usr/share/doc/packages/gpg2/examples/trustlist.txt /usr/share/doc/packages/gpg2/examples/vsnfd.prf /usr/share/gnupg /usr/share/gnupg/distsigkey.gpg /usr/share/gnupg/help.be.txt /usr/share/gnupg/help.ca.txt /usr/share/gnupg/help.cs.txt /usr/share/gnupg/help.da.txt /usr/share/gnupg/help.de.txt /usr/share/gnupg/help.el.txt /usr/share/gnupg/help.eo.txt /usr/share/gnupg/help.es.txt /usr/share/gnupg/help.et.txt /usr/share/gnupg/help.fi.txt /usr/share/gnupg/help.fr.txt /usr/share/gnupg/help.gl.txt /usr/share/gnupg/help.hu.txt /usr/share/gnupg/help.id.txt /usr/share/gnupg/help.it.txt /usr/share/gnupg/help.ja.txt /usr/share/gnupg/help.nb.txt /usr/share/gnupg/help.pl.txt /usr/share/gnupg/help.pt.txt /usr/share/gnupg/help.pt_BR.txt /usr/share/gnupg/help.ro.txt /usr/share/gnupg/help.ru.txt /usr/share/gnupg/help.sk.txt /usr/share/gnupg/help.sv.txt /usr/share/gnupg/help.tr.txt /usr/share/gnupg/help.txt /usr/share/gnupg/help.zh_CN.txt /usr/share/gnupg/help.zh_TW.txt /usr/share/gnupg/sks-keyservers.netCA.pem /usr/share/info/gnupg.info-1.gz /usr/share/info/gnupg.info-2.gz /usr/share/info/gnupg.info.gz /usr/share/licenses/gpg2 /usr/share/licenses/gpg2/COPYING /usr/share/licenses/gpg2/COPYING.CC0 /usr/share/licenses/gpg2/COPYING.GPL2 /usr/share/licenses/gpg2/COPYING.LGPL21 /usr/share/licenses/gpg2/COPYING.LGPL3 /usr/share/licenses/gpg2/COPYING.other /usr/share/man/man1/dirmngr-client.1.gz /usr/share/man/man1/gpg-agent.1.gz /usr/share/man/man1/gpg-connect-agent.1.gz /usr/share/man/man1/gpg-preset-passphrase.1.gz /usr/share/man/man1/gpg-wks-client.1.gz /usr/share/man/man1/gpg-wks-server.1.gz /usr/share/man/man1/gpg.1.gz /usr/share/man/man1/gpg2.1.gz /usr/share/man/man1/gpgconf.1.gz /usr/share/man/man1/gpgparsemail.1.gz /usr/share/man/man1/gpgsm.1.gz /usr/share/man/man1/gpgtar.1.gz /usr/share/man/man1/gpgv.1.gz /usr/share/man/man1/gpgv2.1.gz /usr/share/man/man1/scdaemon.1.gz /usr/share/man/man1/symcryptrun.1.gz /usr/share/man/man1/watchgnupg.1.gz /usr/share/man/man7/gnupg.7.gz /usr/share/man/man8/addgnupghome.8.gz /usr/share/man/man8/applygnupgdefaults.8.gz /usr/share/man/man8/dirmngr.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Apr 9 13:01:01 2024