Commit Graph

561 Commits

Author SHA256 Message Date
AutoGits PR Review Bot
e58fa19c79 Merge commit 'e8f7427535a8146e0b41cea1621a3aac62cac5ec991109d5d3f4513c3c333f11' into slfo-main 2026-01-29 14:21:00 +01:00
e8f7427535 Security fix 2026-01-28 17:17:23 +02:00
6c3820a8f6 Fix gpg.fail/filename
# Please enter the commit message for your changes. Lines starting
2026-01-28 16:51:03 +02:00
18e25d2ef3 Merge pull request 'CVE-2025-68973' (#1) from pmonrealgonzalez/gpg2:slfo-main into slfo-main
Reviewed-on: https://src.suse.de/ayankov/gpg2/pulls/1
2026-01-09 12:07:52 +01:00
Pedro Monreal
9c6ff60b4e CVE-2025-68973 2026-01-09 12:00:16 +01:00
7536b55ea9 Security fix: bsc#1256243 2026-01-09 10:41:44 +02:00
2a80230136 Security fix: bsc#1256390 2026-01-09 10:41:42 +02:00
32ede2ff3d Sync changes to SLFO-1.2 branch 2025-08-20 09:21:35 +02:00
c2775c7469 Accepting request 1297466 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1297466
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=190
2025-08-06 12:31:18 +00:00
4316b63670 gpg2 2.5.11
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=336
2025-08-04 10:52:31 +00:00
dc67a6b728 Accepting request 1293223 from Base:System
gpg2 2.5.9 (forwarded request 1293215 from AndreasStieger)

OBS-URL: https://build.opensuse.org/request/show/1293223
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=189
2025-07-17 15:17:17 +00:00
001f15fe08 gpg2 2.5.9
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=334
2025-07-14 19:13:48 +00:00
4f81da96a5 Accepting request 1289186 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1289186
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=188
2025-07-01 09:33:17 +00:00
e610c38039 fix build of qgpgme >= 2.0.0 boo#1244605
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=332
2025-06-30 07:10:23 +00:00
859f96c71f Accepting request 1287839 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1287839
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=187
2025-06-24 18:45:58 +00:00
5030552bca Accepting request 1287470 from home:lmulling:branches:Base:System
- Update to 2.5.8:
  * gpg: Show revocation reason with a standard -k listing.  [T7083]
  * gpg: Emit a revocation reason as comment in a "pub" record.
    [T7083]
  * agent: Fix regression in 2.5.7 decrypting with a card based
    cv25519 key.  [T7676]
  * scd:openpgp: Fix a regression in exporting card based ed25519 ssh
    keys.  [T7589]
  * dirmngr: Do not require a keyserver for "gpg --fetch-key".
    [T7693]
- Remove patch:
  * gnupg-agent-fix-for-prefix-0x40-in-the-point-representation.patch

OBS-URL: https://build.opensuse.org/request/show/1287470
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=330
2025-06-23 06:25:56 +00:00
1405ece830 Accepting request 1283637 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1283637
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=186
2025-06-10 06:59:27 +00:00
93f47a6bcf - Fix problems with decoding Curve25519
- Added patch
  * gnupg-agent-fix-for-prefix-0x40-in-the-point-representation.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=328
2025-06-06 11:45:49 +00:00
488ac0217e Accepting request 1282303 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1282303
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=185
2025-06-04 18:26:54 +00:00
ff6b59b967 - Update to 2.5.7:
* gpg: Allow updating a SHA-1 key certification w/o using
    the --force-sign-key option.  [T7663]
  * gpg: The group key flag has now been fully implemented.
    [rG8833a34bf0]
  * gpg: Make combination of show-only-fpr-mbox and show-unusable-uid
    work.  [rGd5a4a2dc89]
  * gpg: Do not allow compressed key packets on import.  [T7014]
  * gpgsm: Allow an empty subject DN also during import.  [T7171]
  * agent: Recover the old behavior with max-cache-ttl=0.  [T6681]
  * agent: Fix ECC key on smartcard for composite KEM with PQC.
    [T7648]
  * scd: Fix a harmless read buffer over-read in a function used by
    PKCS#15 cards.  [T7662]
  * gpg-mail-tube,wks: Support templates for mail content.  [T7381]
  * Use the KEM interface of Libgcrypt for encryption/decryption.
    [T7649]
- Remove patches:
  * gnupg-agent-Recover-the-old-behavior-with-max-cache-ttl-0.patch
  * gnupg-dirmngr-Don-t-install-expired-sks-certificate.patch
- Update gpg2.keyring

OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=326
2025-06-03 12:06:53 +00:00
cc979e7f46 Accepting request 1277576 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1277576
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=184
2025-05-23 12:29:17 +00:00
8026720bed - Don't install expired sks certificate [bsc#1243069]
* Add patch gnupg-dirmngr-Don-t-install-expired-sks-certificate.patch
- Revert old max-cache-ttl behavior [bsc#1241656]
  * Add patch gnupg-agent-Recover-the-old-behavior-with-max-cache-ttl-0.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=324
2025-05-15 07:06:58 +00:00
2180b16f49 Accepting request 1275913 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1275913
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=183
2025-05-12 14:45:29 +00:00
1df721705b - Update to 2.5.6:
* gpg: Add a flag to the filter expressions for left anchored
    substring match.  [rGc12b7d047e]
  * gpg: New list option "show-trustsig" to avoid resorting to colon
    mode for this info.  [rG41d6ae8f41]
  * gpg: New command --quick-tsign-key to create a trust signature.
    [rGd90b290f97]
  * gpg: New keygen parameter "User-Id".  [rGcfd597c603]
  * gpg: New list options "show-trustsig".  [rGrG41d6ae8f41]
  * gpg: Fix double free of internal data in no-sig-cache mode [T7547]
  * gpg: Signatures from revoked or expired keys do not anymore show
    up as missing keys.  Fixes regression in 2.5.5.  [T7583]
  * gpgsm: Extend --learn-card by an optional s/n argument.  [T7379]
  * gpgsm: Skip expired certificates when selection a certificate by
    subject.  [rG4cf83273e8]
  * card: New command "ll" as alias for "list --cards".  [rGd6ee7adebe]
  * scd:p15: Accept P15 cards with a zero-length label.  [rGdb25aa9887]
  * keyboxd: Use case-insensitive search for mail addresses.  [T7576]
  * dirmngr: Fix a problem in libdns related to an address change from
    127.0.0.1.  [T4021]
  * gpgconf: Fix reload and kill of keyboxd.  [T7569]
  * Fix logic for certain recsel conditions.  [rG8968e84903]
  * Add Solaris support to get_signal_name.  [T7638]
  * Fix build error of the test shell on AIX.  [T7632]
- Release-info: https://dev.gnupg.org/T7586
- Rebase patch gnupg-nobetasuffix.patch
- Remove patch gnupg-CVE-2025-30258-fix.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=322
2025-05-08 19:18:57 +00:00
23376f49fa Accepting request 1255641 from home:pmonrealgonzalez:branches:Base:System
- Fix a regression introduced in CVE-2025-30258 [bsc#1239875]
  * Upstream task: dev.gnupg.org/T7547
  * gpg: Fix double free of internal data.
  * Add gnupg-CVE-2025-30258-fix.patch

- Update to 2.5.5: [bsc#1236931, bsc#1239119, CVE-2025-30258]

OBS-URL: https://build.opensuse.org/request/show/1255641
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=321
2025-03-24 14:02:22 +00:00
92a7acf48d Accepting request 1251267 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1251267
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=182
2025-03-10 16:57:32 +00:00
ff3895645a - Update to 2.5.5: [bsc#1236931, bsc#1239119]
* gpg: Fix a verification DoS due to a malicious subkey in the
    keyring.  [T7527]
  * dirmngr: Fix possible hangs due to blocking connection requests.
    [T6606, T7434]
  Release-info: https://dev.gnupg.org/T7530

OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=319
2025-03-07 19:23:04 +00:00
f6a9df7e71 Accepting request 1248748 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1248748
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=181
2025-02-27 13:49:55 +00:00
3d82e3acf3 - Fixing gpg-agent integration by changing --supervised to
--deprecated-supervised in service files.

Most likely not the final solution, but unbreak ssh usage for
me at least for now.

OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=317
2025-02-26 14:31:40 +00:00
6a3d8af788 Accepting request 1247136 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1247136
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=180
2025-02-20 15:27:36 +00:00
b5c8bbca87 - Update to 2.5.4:
* gpg: New option --disable-pqc-encryption. [rG00c31f8b04]
  * gpg: Fix --quick-add-key for Weierstrass ECC with usage given. [T7506]
  * gpg: Fix handling with no CRC armor. [T7071]
  * gpg: New private Kyber keys are now cross-referenced using a new
    Link attribute. [T6638]
  * gpg: Fix an import problem with keys having another primary key as
    a subkey. [T7527]
  * gpgsm: Allow unattended PKCS#12 export without passphrase. [rG159e801043]
  * gpgsm: Allow CSR generation with an unprotected key. [rG89055f24f4]
  * agent: New option --change-std-env-name. [T7522]
  * agent: Fix ssh-agent's request_identities for skipped Brainpool
    keys. [rG2469dc5aae]
  * Do not package zlib and bzip2 object files in a speedo release build. [T7442]
  * Rebase patches:
    - gnupg-add_legacy_FIPS_mode_option.patch
    - gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
    - gnupg-revert-rfc4880bis.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=315
2025-02-19 15:02:23 +00:00
149f801869 Accepting request 1237873 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1237873
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=179
2025-01-16 17:30:58 +00:00
304a894420 - Update to 2.5.3
* gpg: Allow for signature subpackets of up to 30000 octets.
    [rG36dbca3e69]
  * gpg: Silence expired trusted-key diagnostics in quiet mode.  [T7351]
  * gpg: Allow smaller session keys with Kyber and enforce the use of
    AES-256 if useful.  [T7472]
  * gpg: Fix regression in key generation from existing card key.
    [T7309,T7457]
  * gpg: Print a warning if the card backup key could not be written.
    [T2169]
  * The --supervised options of gpg-agent and dirmngr have been
    renamed to --deprecated-supervised as preparation for their removal.
    [rGa019a0fcd8]
  * There is no more default for a keyserver.

OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=313
2025-01-14 16:14:12 +00:00
63e215bf35 Accepting request 1235795 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1235795
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=178
2025-01-09 14:05:23 +00:00
5a59d6538d - note updated 2.5.x build dependencies
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=311
2025-01-08 07:02:53 +00:00
9d71403c8b Accepting request 1230100 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1230100
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=177
2024-12-13 21:31:20 +00:00
72807f89b1 Accepting request 1230099 from home:lmulling:branches:Base:System
- Update to 2.5.2:
  * gpg: Add option 16 to --full-gen-key to create ECC+Kyber.  [T6638]
  * gpg: For composite algos add the algo string to the colons
    listings.  [T6638]
  * gpg: Validate the trustdb after the import of a trusted key.
    [T7200]
  * gpg: Exclude expired trusted keys from the key validation process.
    [T7200]
  * gpg: Fix a wrong decryption failed status for signed and OCB
    encrypted messages without a signature verification key.  [T7042]
  * gpg: Retain binary representation for import->export with Ed25519
    key signatures.  [T7426]
  * gpg: Fix comparing ed448 to ed25519 with --assert-pubkey-algo.
    [T7425]
  * gpg: Avoid a failure exit code for expired ultimately trusted
    keys.  [T7351]
  * gpg: Emit status error for an invalid ADSK.  [T7322]
  * gpg: Allow the use of an ADSK subkey as ADSK subkey.  [T6882]
  * gpg: Fix --quick-set-expire for V5 subkey fingerprints.  [T7298]
  * gpg: Robust error handling for SCD READKEY.  [T7309]
  * gpg: Fix cv25519 v5 export regression.  [T7316]
  * gpgsm: Nearly fourfold speedup of validated certificate listings.
    [T7308]
  * gpgsm: Improvement for some rare P12 files.  [rGf50dde6269]
  * gpgsm: Terminate key listing on output write error.  [T6185]
  * agent: Add option --status to the LISTRUSTED command.
    [rG4275d5fa7a]
  * agent: Fix detection of the yet unused trustflag de-vs.  [T5079]
  * agent: Allow ssh to sign data larger than the Assuan line length.
    [T7436]

OBS-URL: https://build.opensuse.org/request/show/1230099
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=309
2024-12-11 12:42:25 +00:00
a37d32780e Accepting request 1228586 from devel:LoongArch:Factory
- Disable ibmswtpm2 on LoongArch64

OBS-URL: https://build.opensuse.org/request/show/1228586
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=308
2024-12-11 08:24:55 +00:00
ac9f481e74 Accepting request 1217152 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1217152
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=176
2024-10-25 17:18:26 +00:00
c957356fce - Update to 2.5.1:
* gpg: The support for composite Kyber+ECC public key algorithms
    does now use the final FIPS-203 and LibrePGP specifications. The
    experimental keys from 2.5.0 are no longer supported. [T6815]
  * gpg: New commands --add-recipients and --change-recipients. [T1825]
  * gpg: New option --proc-all-sigs. [T7261]
  * gpg: Fix a regression in 2.5.0 in gpgme's tests. [T7195]
  * gpg: Make --no-literal work again for -c and --store. [T5852]
  * gpg: Improve detection of input data read errors. [T6528]
  * gpg: Fix getting key by IPGP record (rfc-4398). [T7288]
  * gpgsm: New option --assert-signer. [T7286]
  * gpgsm: More improvements to PKCS#12 parsing to cope with latest
    IVBB changes. [T7213]
  * agent: Fix KEYTOCARD command when used with a loopback pinentry. [T7283]
  * gpg-mail-tube: Make sure GNUPGHOME is set in vsd mode.  New option
    --as-attach. [rG4511997e9e1b]
  * Now uses the process spawn API from libgpg-error. [T7192,T7194]
  * Removed the --enable-gpg-is-gpg2 configure time option.
    [rG2125f228d36c]
  * Rebase patches:
    - gnupg-add_legacy_FIPS_mode_option.patch
    - gnupg-revert-rfc4880bis.patch
    - gnupg-nobetasuffix.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=306
2024-10-23 06:41:50 +00:00
fec1c85c21 Accepting request 1193388 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1193388
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=175
2024-08-13 11:22:21 +00:00
68c77d8339 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=304 2024-08-12 10:43:59 +00:00
adfcc45b23 Accepting request 1156460 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1156460
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=174
2024-03-09 19:54:13 +00:00
9cc9b61229 Accepting request 1156367 from home:pmonrealgonzalez:branches:Base:System
- Update to 2.4.5:
  * gpg,gpgv: New option --assert-pubkey-algo. [T6946]
  * gpg: Emit status lines for errors in the compression layer. [T6977]
  * gpg: Fix invocation with --trusted-keys and --no-options. [T7025]
  * gpgsm: Allow for a longer salt in PKCS#12 files. [T6757]
  * gpgtar: Make --status-fd=2 work on Windows. [T6961]
  * scd: Support for the ACR-122U NFC reader. [rG1682ca9f01]
  * scd: Suport D-TRUST ECC cards. [T7000,T7001]
  * scd: Allow auto detaching of kernel drivers; can be disabled with
    the new compatibility-flag ccid-no-auto-detach. [rGa1ea3b13e0]
  * scd: Allow setting a PIN length of 6 also with a reset code for
    openpgp cards. [T6843]
  * agent: Allow GET_PASSPHRASE in restricted mode. [rGadf4db6e20]
  * dirmngr: Trust system's root CAs for checking CRL issuers. [T6963]
  * dirmngr: Fix regression in 2.4.4 in fetching keys via hkps. [T6997]
  * gpg-wks-client: Make option --mirror work properly w/o specifying
    domains. [rG37cc255e49]
  * g13,gpg-wks-client: Allow command style options as in "g13 mount
    foo". [rGa09157ccb2]
  * Allow tilde expansion for the foo-program options. [T7017]
  * Make the getswdb.sh tool usable outside the GnuPG tree.
  * Release-info: https://dev.gnupg.org/T6960
  * Update the required versions for the dependencies.

OBS-URL: https://build.opensuse.org/request/show/1156367
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=302
2024-03-08 21:44:56 +00:00
ca6530f919 Accepting request 1141713 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1141713
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=173
2024-01-26 21:46:20 +00:00
756f25929a Accepting request 1141611 from home:pmonrealgonzalez:branches:Base:System
- Update to 2.4.4: [bsc#1219191]
  * gpg: Do not keep an unprotected smartcard backup key on disk.
    See https://gnupg.org/blog/20240125-smartcard-backup-key.html
    for a security advisory. [T6944]
  * gpg: Allow to specify seconds since Epoch beyond 2038 on 32-bit
    platforms. [T6736]
  * gpg: Fix expiration time when Creation-Date is specified. [T5252]
  * gpg: Add support for Subkey-Expire-Date. [rG96b69c1866]
  * gpg: Add option --with-v5-fingerprint. [T6705]
  * gpg: Add sub-option ignore-attributes to --import-options.
  * gpg: Add --list-filter properties sig_expires/sig_expires_d.
  * gpg: Fix validity of re-imported keys. [T6399]
  * gpg: Report BEGIN_ status before examining the input. [T6481]
  * gpg: Don't try to compress a read-only keybox. [T6811]
  * gpg: Choose key from inserted card over a non-inserted card. [T6831]
  * gpg: Allow to create revocations even with non-compliant algos. [T6929]
  * gpg: Fix regression in the Revoker keyword of the parameter file. [T6923]
  * gpg: Improve error message for expired default keys. [T4704]
  * gpgsm: Add --always-trust feature. [T6559]
  * gpgsm: Support ECC certificates in de-vs mode. [T6802]
  * gpgsm: Major rewrite of the PKCS#12 parser. [T6536]
  * gpgsm: No not show the pkcs#12 passphrase in debug output. [T6654]
  * keyboxd: Timeout on failure to get the database lock. [T6838]
  * agent: Update the key stubs only if really modified. [T6829]
  * scd: Add support for certain Starcos 3.2 cards. [rG5304c9b080]
  * scd: Add support for CardOS 5.4 cards. [rG812f988059]
  * scd: Add support for D-Trust 4.1/4.4 cards. [rG0b85a9ac09]
  * scd: Add support for Smartcafe Expert 7.0 cards. [T6919]
  * scd: Add a length check for a new PIN. [T6843]
  * tpm: Fix keytotpm handling in the agent. [rG9909f622f6]

OBS-URL: https://build.opensuse.org/request/show/1141611
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=300
2024-01-26 10:36:00 +00:00
9e56a72fd1 Accepting request 1121440 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1121440
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=172
2023-11-02 19:20:41 +00:00
66cef8f95a Accepting request 1121439 from security:privacy
OBS-URL: https://build.opensuse.org/request/show/1121439
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=298
2023-10-31 12:55:15 +00:00
8642aa53ea Accepting request 1118846 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1118846
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=171
2023-10-20 21:15:36 +00:00
eb82e4c4b9 Accepting request 1118845 from security:privacy
OBS-URL: https://build.opensuse.org/request/show/1118845
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=296
2023-10-19 08:12:17 +00:00