- Update to 2.5.16:
* gpg: Fix a validation bug when using keyboxd
* gpg: Deprecate the option --not-dash-escaped and ignore the
NotDashEscaped armor header
* keyboxd: Fix migration to new schema
* dirmngr: New compatibility flag "ocsp-sha256-certid" to support
forthcoming libksba versions
* New translation to Georgian.
- Update to 2.5.14 (bsc#1255715, CVE-2025-68973, bsc#1255714,
CVE-2025-68973):
- note updated 2.5.x build dependencies
removes the -unknown suffix after the version number.
* Up to five times faster verification of detached signatures,
* Added and improved options for crypto options, and all-around
* dirmngr: With new LDAP keyservers store the new attributes.
- GnuPG 2.2.23:
- Code no longer uses libcurl, remove from buildrequires.
* wks: Add option --with-colons to the client.
- Dropped gnupg-CVE-2018-9234.patch since it is included upstream
(bnc#1088255 CVE-2018-9234)
* modified gnupg-2.0.18-files-are-digests.patch to work with
Existing configurations are not touched.
drop gnupg-2.1.19-stronger-defaults.patch FATE#323084
* Many minor bug fixes and code cleanup.
- Test suite hangs in qemu-arm, workaround.
- link with -pie
- add gnupg-dont-fail-with-seahorse-agent.patch (bnc#589994)
- update to gnupg-2.0.15
- fix build for older distributions
OBS-URL: https://build.opensuse.org/request/show/1324888
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=195
CVE-2025-68973):
- note updated 2.5.x build dependencies
removes the -unknown suffix after the version number.
* Up to five times faster verification of detached signatures,
* Added and improved options for crypto options, and all-around
* dirmngr: With new LDAP keyservers store the new attributes.
- GnuPG 2.2.23:
- Code no longer uses libcurl, remove from buildrequires.
* wks: Add option --with-colons to the client.
- Dropped gnupg-CVE-2018-9234.patch since it is included upstream
(bnc#1088255 CVE-2018-9234)
* modified gnupg-2.0.18-files-are-digests.patch to work with
Existing configurations are not touched.
drop gnupg-2.1.19-stronger-defaults.patch FATE#323084
* Many minor bug fixes and code cleanup.
- Test suite hangs in qemu-arm, workaround.
- link with -pie
- add gnupg-dont-fail-with-seahorse-agent.patch (bnc#589994)
- update to gnupg-2.0.15
- fix build for older distributions
- port files-are-digests patch from gpg1 (bnc#469229)
- change BuildRequires: (pth-devel -> libpth-devel)
- BuildRequires: pth-devel
- gnupg-2.0.10-fix-missing-option.patch (bnc#477362)
- add gnupg-2.0.10-fix-convert.patch
lookup.
* require libadns
* removing gnupg-2.0.8-warningfixes.diff
- add selected upstream fixes and fix gcc and rpmlint warnings
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=347
- Update to 2.5.14:
* gpg: Fix possible memory corruption in the armor parser. [T7906]
* gpgsm: Fix output of card serial number in colon listing. [T7914]
* agent:ssh: Fix RSA signature handling for newer spec. [T7882]
* gpg: Improve/relax the checking of preference options. [rG6570700fdd]
* gpg: Fix the check for the END armor line. [rG62b8bf2f39]
* gpg: Do not present a default when asking for another output filename. [T7908]
* gpg: Include ADSK keys in key listings specified by fingerprints. [T7892]
* agent: Fix a decryption failures if the pinentry dialog for the
first tried recipient is canceled. Regression since 2.5.7. [T7893, T7649]
* keyboxd: Fix schema of the fingerprint table. [T7892]
* dirmngr: Fix OCSP next-update check. [rG9ef87bcdb0]
* gpg: New "pfc" record in colons key listings. [T7897]
* gpg: Allow import and export of Kyber secret keys. [T7315]
* gpg: Escape characters with the high bit set in NOTATION status lines. [T7896]
* gpg: New import option "force-update". [T7892,rGf6237ccd31]
* agent: Accept a trustlist with a missing LF at the end. [rG1b4ac98de7]
* agent: Support protection for Kyber keys. [T6638,rGaea62817f3]
* scd:nks: Make newer TCOS signature cards work. [rG17596e830f]
* Release-info: https://dev.gnupg.org/T7869
* Rebase gnupg-revert-rfc4880bis.patch
OBS-URL: https://build.opensuse.org/request/show/1319683
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=344
- Update to 2.5.13:
* gpg: Fix de-vs compliance with OCB and additional password. [T7804]
* gpg: Detect duplicate keys with --add-recipients. [T1825]
* gpg: Take care about the prefix for cv25519 encryption. [T7649]
* gpg: Avoid potential downgrade to SHA1 in 3rd party key
signatures. [rGdb9705ef59]
* gpg: Error out on unverified output for non-detached signatures.
[rG8abc320f2a]
* gpgsm: Use KEM interface for en- and decryption. [T7811,T7845]
* gpgsm: Fix delete and store certificate locking glitches. [T7855]
* gpg,gpgsm: Run keybox compression only when there are no other
users. [T7855]
* gpg,gpgsm: Improve keybox closing and locking order on read and
write. [T7855]
* gpg,gpgsm: Always use share mode read-write for the keybox file
access. [T7829]
* scd:openpgp: Fix an oddity in changing the PIN. [T7840]
* dirmngr: New LDAP keyserver flag "upload". [T7866]
* agent: Retry private key deletion in case of sharing violations
for up to 400ms. [T7863]
* Release-info: https://dev.gnupg.org/T7801
OBS-URL: https://build.opensuse.org/request/show/1313161
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=342
- Update to 2.5.8:
* gpg: Show revocation reason with a standard -k listing. [T7083]
* gpg: Emit a revocation reason as comment in a "pub" record.
[T7083]
* agent: Fix regression in 2.5.7 decrypting with a card based
cv25519 key. [T7676]
* scd:openpgp: Fix a regression in exporting card based ed25519 ssh
keys. [T7589]
* dirmngr: Do not require a keyserver for "gpg --fetch-key".
[T7693]
- Remove patch:
* gnupg-agent-fix-for-prefix-0x40-in-the-point-representation.patch
OBS-URL: https://build.opensuse.org/request/show/1287470
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=330
- Update to 2.5.7:
* gpg: Allow updating a SHA-1 key certification w/o using
the --force-sign-key option. [T7663]
* gpg: The group key flag has now been fully implemented.
[rG8833a34bf0]
* gpg: Make combination of show-only-fpr-mbox and show-unusable-uid
work. [rGd5a4a2dc89]
* gpg: Do not allow compressed key packets on import. [T7014]
* gpgsm: Allow an empty subject DN also during import. [T7171]
* agent: Recover the old behavior with max-cache-ttl=0. [T6681]
* agent: Fix ECC key on smartcard for composite KEM with PQC.
[T7648]
* scd: Fix a harmless read buffer over-read in a function used by
PKCS#15 cards. [T7662]
* gpg-mail-tube,wks: Support templates for mail content. [T7381]
* Use the KEM interface of Libgcrypt for encryption/decryption.
[T7649]
- Remove patches:
* gnupg-agent-Recover-the-old-behavior-with-max-cache-ttl-0.patch
* gnupg-dirmngr-Don-t-install-expired-sks-certificate.patch
- Update gpg2.keyring
OBS-URL: https://build.opensuse.org/request/show/1282274
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=326
- Update to 2.5.6:
* gpg: Add a flag to the filter expressions for left anchored
substring match. [rGc12b7d047e]
* gpg: New list option "show-trustsig" to avoid resorting to colon
mode for this info. [rG41d6ae8f41]
* gpg: New command --quick-tsign-key to create a trust signature.
[rGd90b290f97]
* gpg: New keygen parameter "User-Id". [rGcfd597c603]
* gpg: New list options "show-trustsig". [rGrG41d6ae8f41]
* gpg: Fix double free of internal data in no-sig-cache mode [T7547]
* gpg: Signatures from revoked or expired keys do not anymore show
up as missing keys. Fixes regression in 2.5.5. [T7583]
* gpgsm: Extend --learn-card by an optional s/n argument. [T7379]
* gpgsm: Skip expired certificates when selection a certificate by
subject. [rG4cf83273e8]
* card: New command "ll" as alias for "list --cards". [rGd6ee7adebe]
* scd:p15: Accept P15 cards with a zero-length label. [rGdb25aa9887]
* keyboxd: Use case-insensitive search for mail addresses. [T7576]
* dirmngr: Fix a problem in libdns related to an address change from
127.0.0.1. [T4021]
* gpgconf: Fix reload and kill of keyboxd. [T7569]
* Fix logic for certain recsel conditions. [rG8968e84903]
* Add Solaris support to get_signal_name. [T7638]
* Fix build error of the test shell on AIX. [T7632]
- Release-info: https://dev.gnupg.org/T7586
- Rebase patch gnupg-nobetasuffix.patch
- Remove patch gnupg-CVE-2025-30258-fix.patch
OBS-URL: https://build.opensuse.org/request/show/1275911
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=322
- Update to 2.5.4:
* gpg: New option --disable-pqc-encryption. [rG00c31f8b04]
* gpg: Fix --quick-add-key for Weierstrass ECC with usage given. [T7506]
* gpg: Fix handling with no CRC armor. [T7071]
* gpg: New private Kyber keys are now cross-referenced using a new
Link attribute. [T6638]
* gpg: Fix an import problem with keys having another primary key as
a subkey. [T7527]
* gpgsm: Allow unattended PKCS#12 export without passphrase. [rG159e801043]
* gpgsm: Allow CSR generation with an unprotected key. [rG89055f24f4]
* agent: New option --change-std-env-name. [T7522]
* agent: Fix ssh-agent's request_identities for skipped Brainpool
keys. [rG2469dc5aae]
* Do not package zlib and bzip2 object files in a speedo release build. [T7442]
* Rebase patches:
- gnupg-add_legacy_FIPS_mode_option.patch
- gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
- gnupg-revert-rfc4880bis.patch
OBS-URL: https://build.opensuse.org/request/show/1247032
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=315
- Update to 2.5.3
* gpg: Allow for signature subpackets of up to 30000 octets.
[rG36dbca3e69]
* gpg: Silence expired trusted-key diagnostics in quiet mode. [T7351]
* gpg: Allow smaller session keys with Kyber and enforce the use of
AES-256 if useful. [T7472]
* gpg: Fix regression in key generation from existing card key.
[T7309,T7457]
* gpg: Print a warning if the card backup key could not be written.
[T2169]
* The --supervised options of gpg-agent and dirmngr have been
renamed to --deprecated-supervised as preparation for their removal.
[rGa019a0fcd8]
* There is no more default for a keyserver.
OBS-URL: https://build.opensuse.org/request/show/1237872
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=313
- Update to 2.5.2:
* gpg: Add option 16 to --full-gen-key to create ECC+Kyber. [T6638]
* gpg: For composite algos add the algo string to the colons
listings. [T6638]
* gpg: Validate the trustdb after the import of a trusted key.
[T7200]
* gpg: Exclude expired trusted keys from the key validation process.
[T7200]
* gpg: Fix a wrong decryption failed status for signed and OCB
encrypted messages without a signature verification key. [T7042]
* gpg: Retain binary representation for import->export with Ed25519
key signatures. [T7426]
* gpg: Fix comparing ed448 to ed25519 with --assert-pubkey-algo.
[T7425]
* gpg: Avoid a failure exit code for expired ultimately trusted
keys. [T7351]
* gpg: Emit status error for an invalid ADSK. [T7322]
* gpg: Allow the use of an ADSK subkey as ADSK subkey. [T6882]
* gpg: Fix --quick-set-expire for V5 subkey fingerprints. [T7298]
* gpg: Robust error handling for SCD READKEY. [T7309]
* gpg: Fix cv25519 v5 export regression. [T7316]
* gpgsm: Nearly fourfold speedup of validated certificate listings.
[T7308]
* gpgsm: Improvement for some rare P12 files. [rGf50dde6269]
* gpgsm: Terminate key listing on output write error. [T6185]
* agent: Add option --status to the LISTRUSTED command.
[rG4275d5fa7a]
* agent: Fix detection of the yet unused trustflag de-vs. [T5079]
* agent: Allow ssh to sign data larger than the Assuan line length.
[T7436]
OBS-URL: https://build.opensuse.org/request/show/1230099
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=309
- Update to 2.5.1:
* gpg: The support for composite Kyber+ECC public key algorithms
does now use the final FIPS-203 and LibrePGP specifications. The
experimental keys from 2.5.0 are no longer supported. [T6815]
* gpg: New commands --add-recipients and --change-recipients. [T1825]
* gpg: New option --proc-all-sigs. [T7261]
* gpg: Fix a regression in 2.5.0 in gpgme's tests. [T7195]
* gpg: Make --no-literal work again for -c and --store. [T5852]
* gpg: Improve detection of input data read errors. [T6528]
* gpg: Fix getting key by IPGP record (rfc-4398). [T7288]
* gpgsm: New option --assert-signer. [T7286]
* gpgsm: More improvements to PKCS#12 parsing to cope with latest
IVBB changes. [T7213]
* agent: Fix KEYTOCARD command when used with a loopback pinentry. [T7283]
* gpg-mail-tube: Make sure GNUPGHOME is set in vsd mode. New option
--as-attach. [rG4511997e9e1b]
* Now uses the process spawn API from libgpg-error. [T7192,T7194]
* Removed the --enable-gpg-is-gpg2 configure time option.
[rG2125f228d36c]
* Rebase patches:
- gnupg-add_legacy_FIPS_mode_option.patch
- gnupg-revert-rfc4880bis.patch
- gnupg-nobetasuffix.patch
OBS-URL: https://build.opensuse.org/request/show/1216989
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=306
