- GnuPG 2.3.2:
* gpg: Allow fingerprint based lookup with --locate-external-key.
* gpg: Allow decryption w/o public key but with correct card inserted.
* gpg: Auto import keys specified with --trusted-keys.
* gpg: Do not use import-clean for LDAP keyserver imports.
* gpg: Fix mailbox based search via AKL keyserver method.
* gpg: Fix memory corruption with --clearsign introduced with 2.3.1.
* gpg: Use a more descriptive prompt for symmetric decryption.
* gpg: Improve speed of secret key listing.
* gpg: Support keygrip search with traditional keyring.
* gpg: Let --fetch-key return an exit code on failure.
* gpg: Emit the NO_SECKEY status again for decryption.
* gpgsm: Support decryption of password based encryption (pwri).
* gpgsm: Support AES-GCM decryption.
* gpgsm: Let --dump-cert --show-cert also print an OpenPGP fingerprint.
* gpgsm: Fix finding of issuer in use-keyboxd mode.
* gpgsm: New option --ldapserver as an alias for --keyserver.
* agent: Use SHA-256 for SSH fingerprint by default.
* agent: Fix calling handle_pincache_put.
* agent: Fix importing protected secret key.
* agent: Fix a regression in agent_get_shadow_info_type.
* agent: Add translatable text for Caps Lock hint.
* agent: New option --pinentry-formatted-passphrase.
* agent: Add checkpin inquiry for pinentry.
* agent: New option --check-sym-passphrase-pattern.
* agent: Use the sysconfdir for a pattern file.
* agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pinentry.
* dirmngr: LDAP search by a mailbox now ignores revoked keys.
* dirmngr: For KS_SEARCH return the fingerprint also with LDAP.
* dirmngr: Allow for non-URL specified ldap keyservers.
OBS-URL: https://build.opensuse.org/request/show/914200
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=268
- GnuPG 2.3.1:
* The new configuration file common.conf is now used to enable
the use of the key database daemon with "use-keyboxd". Using
this option in gpg.conf and gpgsm.conf is supported for a
transitional period. See doc/example/common.conf for more.
* gpg: Force version 5 key creation for ed448 and cv448 algorithms.
* gpg: By default do not use the self-sigs-only option when
importing from an LDAP keyserver.
* gpg: Lookup a missing public key of the active card via LDAP.
* gpgsm: New command --show-certs.
* scd: Fix CCID driver for SCM SPR332/SPR532.
* scd: Further improvements for PKCS#15 cards.
* New configure option --with-tss to allow the selection of the
TSS library.
- Rebase patches:
* gnupg-add_legacy_FIPS_mode_option.patch
* gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
* gnupg-dont-fail-with-seahorse-agent.patch
* gnupg-set_umask_before_open_outfile.patch
- GnuPG 2.3.0:
* A new experimental key database daemon is provided. To enable
it put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored
in a SQLite database and make key lookup much faster.
* New tool gpg-card as a flexible frontend for all types of
supported smartcards.
* New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and
gpg-connect-agent.
* The gpg-wks-client tool is now installed under bin; a wrapper for
its old location at libexec is also installed.
OBS-URL: https://build.opensuse.org/request/show/899451
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=267
- GnuPG 2.2.23:
* gpg: fix AHEAD preference list overflow boo#1176034 / CVE-2020-25125
* gpg: fix possible segv in the key cleaning code
* gpgsm: fix a minor RFC2253 parser gub
* scdaemon: Fix a PIN verify failure on certain OpenPGP card
implementations
- GnuPG 2.2.22:
* gpg: Change the default key algorithm to rsa3072
* gpg: Add regular expression support for Trust Signatures on
all platforms
* gpg: Ignore --personal-digest-prefs for ECDSA keys
* gpgsm: Make rsaPSS a de-vs compliant scheme
* gpgsm: Show also the SHA256 fingerprint in key listings
* gpgsm: Do not require a default keyring for --gpgconf-list
* gpg-agent: Default to extended key format and record the
creation time of keys
Add new option --disable-extended-key-format
* gpg-agent: Support the WAYLAND_DISPLAY envvar
* gpg-agent: Allow using --gpgconf-list even if HOME does not
exist
* gpg-agent: Make the Pinentry work even if the envvar TERM is
set to the empty string
* scdaemon: Add a workaround for Gnuk tokens <= 2.15 which
wrongly incremented the error counter when using the
"verify" command of "gpg --edit-key" with only the signature
key being present
* dirmngr: Better handle systems with disabled IPv6
* gpgpslit: Install tool. It was not installed in the past to
avoid conflicts with the version installed by GnuPG 1.4
OBS-URL: https://build.opensuse.org/request/show/831939
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=150
- Update to 2.2.18 [bsc#1157900, CVE-2019-14855]
* gpg: Changed the way keys are detected on a smartcards; this
allows the use of non-OpenPGP cards. In the case of a not very
likely regression the new option --use-only-openpgp-card is
available. [#4681]
* gpg: The commands --full-gen-key and --quick-gen-key now allow
direct key generation from supported cards. [#4681]
* gpg: Prepare against chosen-prefix SHA-1 collisions in key
signatures. This change removes all SHA-1 based key signature
newer than 2019-01-19 from the web-of-trust. Note that this
includes all key signature created with dsa1024 keys. The new
option --allow-weak-key-signatues can be used to override the new
and safer behaviour. [#4755,CVE-2019-14855]
* gpg: Improve performance for import of large keyblocks. [#4592]
* gpg: Implement a keybox compression run. [#4644]
* gpg: Show warnings from dirmngr about redirect and certificate
problems (details require --verbose as usual).
* gpg: Allow to pass the empty string for the passphrase if the
'--passphase=' syntax is used. [#4633]
* gpg: Fix printing of the KDF object attributes.
* gpg: Avoid surprises with --locate-external-key and certain
--auto-key-locate settings. [#4662]
* gpg: Improve selection of best matching key. [#4713]
* gpg: Delete key binding signature when deletring a subkey.
[#4665,#4457]
* gpg: Fix a potential loss of key sigantures during import with
self-sigs-only active. [#4628]
* gpg: Silence "marked as ultimately trusted" diagnostics if
option --quiet is used. [#4634]
* gpg: Silence some diagnostics during in key listsing even with
OBS-URL: https://build.opensuse.org/request/show/751408
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=237
- Update to 2.2.17 [bsc#1141093]
* gpg: Do not try the import fallback if the options are already used.
* gpg: Fix regression in option "self-sigs-only".
* gpg: With --auto-key-retrieve prefer WKD over keyservers.
* gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
* gpg: Avoid printing false AKL error message.
* gpg: New command --locate-external-key.
* gpg: Make the get_pubkey_byname interface easier to understand.
* gpg: Fallback to import with self-sigs-only on too large keyblocks.
* gpg: New import and keyserver option "self-sigs-only"
* gpg: Make read_block in import.c more flexible.
* dirmngr: fix handling of HTTPS redirections during HKP.
* dirmngr: Avoid endless loop in case of HTTP error 503.
* dirmngr: Do not rewrite the redirection for the "openpgpkey" subdomain.
* dirmngr: Support the new WKD draft with the openpgpkey subdomain.
* wkd: Change client/server limit back to 64 KiB.
* tools: gpgconf: Killing order is children-first.
* Return better error code for some getinfo IPC commands.
* po: Update Russian translation.
OBS-URL: https://build.opensuse.org/request/show/714630
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=233
