- Update to 2.2.14:
* gpg: Allow import of PGP desktop exported secret keys. Also avoid
importing secret keys if the secret keyblock is not valid.
* gpg: Do not error out on version 5 keys in the local keyring.
* gpg: Make invalid primary key algo obvious in key listings.
* sm: Do not mark a certificate in a key listing as de-vs compliant
if its use for a signature will not be possible.
* sm: Fix certificate creation with key on card.
* sm: Create rsa3072 bit certificates by default.
* sm: Print Yubikey attestation extensions with --dump-cert.
* agent: Fix cancellation handling for scdaemon.
* agent: Support --mode=ssh option for CLEAR_PASSPHRASE.
* scd: Fix flushing of the CA-FPR DOs in app-openpgp.
* scd: Avoid a conflict error with the "undefined" app.
* dirmngr: Add CSRF protection exception for protonmail.
* dirmngr: Fix build problems with gcc 9 in libdns.
* gpgconf: New option --show-socket for use wity --launch.
* gpgtar: Make option -C work for archive creation.
- Removed patches that are included upstream by now:
- 0001-libdns-Avoid-using-compound-literals.patch
- 0002-libdns-Avoid-using-compound-literals-2.patch
- 0003-libdns-Avoid-using-compound-literals-3.patch
- 0004-libdns-Avoid-using-compound-literals-4.patch
- 0005-libdns-Avoid-using-compound-literals-5.patch
- 0006-libdns-Avoid-using-compound-literals-6.patch
- 0007-libdns-Avoid-using-compound-literals-7.patch
- 0008-libdns-Avoid-using-compound-literals-8.patch
OBS-URL: https://build.opensuse.org/request/show/686406
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=224
- Update to 2.2.13:
* gpg: Implement key lookup via keygrip (using the & prefix).
* gpg: Allow generating Ed25519 key from existing key.
* gpg: Emit an ERROR status line if no key was found with -k.
* gpg: Stop early when trying to create a primary Elgamal key.
* gpgsm: Print the card's key algorithms along with their keygrips
in interactive key generation.
* agent: Clear bogus pinentry cache in the error case.
* scd: Support "acknowledge button" feature.
* scd: Fix for USB INTERRUPT transfer.
* wks: Do no use compression for the the encrypted challenge and response.
Release-info: https://dev.gnupg.org/T4290
See-also: gnupg-announce/2019q1/000434.html
- Update to 2.2.12:
OBS-URL: https://build.opensuse.org/request/show/674396
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=219
-Update to 2.2.12:
* tools: New commands --install-key and --remove-key for
gpg-wks-client. This allows to prepare a Web Key Directory on a
local file system for later upload to a web server.
* gpg: New --list-option "show-only-fpr-mbox". This makes the use
of the new gpg-wks-client --install-key command easier on Windows.
* gpg: Improve processing speed when --skip-verify is used.
* gpg: Fix a bug where a LF was accidentally written to the console.
* gpg: --card-status now shwos whether a card has the new KDF
feature enabled.
* agent: New runtime option --s2k-calibration=MSEC. New configure
option --with-agent-s2k-calibration=MSEC. [#3399]
* dirmngr: Try another keyserver from the pool on receiving a 502,
503, or 504 error. [#4175]
* dirmngr: Avoid possible CSRF attacks via http redirects. A HTTP
query will not anymore follow a 3xx redirect unless the Location
header gives the same host. If the host is different only the
host and port is taken from the Location header and the original
path and query parts are kept.
* dirmngr: New command FLUSHCRL to flush all CRLS from disk and
memory. [#3967]
OBS-URL: https://build.opensuse.org/request/show/658084
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=217
- Update to 2.2.11:
* gpgsm: Fix CRL loading when intermediate certicates are not yet trusted.
* gpgsm: Fix an error message about the digest algo.
* gpg: Fix a wrong warning due to new sign usage check introduced with 2.2.9.
* gpg: Print the "data source" even for an unsuccessful keyserver query.
* gpg: Do not store the TOFU trust model in the trustdb.
* scd: Fix cases of "Bad PIN" after using "forcesig".
* agent: Fix possible hang in the ssh handler.
* dirmngr: Tack the unmodified mail address to a WKD request.
* dirmngr: Tweak diagnostic about missing LDAP server file.
* dirmngr: In verbose mode print the OCSP responder id.
* dirmngr: Fix parsing of the LDAP port.
* wks: Add option --directory/-C to the server.
* wks: Add option --with-colons to the client.
* Fix EBADF when gpg et al. are called by broken CGI scripts.
* Fix some minor memory leaks and bugs.
OBS-URL: https://build.opensuse.org/request/show/646642
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=213
- Applied spec-cleaner
- Refreshed patches
- Update to version 2.2.8:
* gpg: Decryption of messages not using the MDC mode will now lead to a
hard failure even if a legacy cipher algorithm was used. The option
--ignore-mdc-error can be used to turn this failure into a warning. Take
care: Never use that option unconditionally or without a prior warning.
* gpg: The MDC encryption mode is now always used regardless of the
cipher algorithm or any preferences. For testing --rfc2440 can be
used to create a message without an MDC.
* gpg: Sanitize the diagnostic output of the original file name in
verbose mode.
* gpg: Detect suspicious multiple plaintext packets in a more reliable way.
* gpg: Fix the duplicate key signature detection code.
* gpg: The options --no-mdc-warn, --force-mdc, --no-force-mdc,
--disable-mdc and --no-disable-mdc have no more effect.
* agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the
list of startup environment variables.
OBS-URL: https://build.opensuse.org/request/show/615233
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=198
