- Update to 2.4.2:
* gpg: Print a warning if no more encryption subkeys are left over
after changing the expiration date. [rGef2c3d50fa]
* gpg: Fix searching for the ADSK key when adding an ADSK. [T6504]
* gpgsm: Speed up key listings on Windows. [rG08ff55bd44]
* gpgsm: Reduce the number of "failed to open policy file"
diagnostics. [rG68613a6a9d]
* agent: Make updating of private key files more robust and track
display S/N. [T6135]
* keyboxd: Avoid longish delays on Windows when listing keys.
[rG6944aefa3c]
* gpgtar: Emit extra status lines to help GPGME. [T6497]
* w32: Avoid using the VirtualStore. [T6403]
* Rebase gnupg-add_legacy_FIPS_mode_option.patch
- Update to 2.4.1:
* If the ~/.gnupg directory does not exist, the keyboxd is now
automagically enabled. [rGd9e7488b17]
* gpg: New option --add-desig-revoker. [rG3d094e2bcf]
* gpg: New option --assert-signer. [rGc9e95b8dee]
* gpg: New command --quick-add-adsk and other ADSK features.
[T6395, https://gnupg.org/blog/20230321-adsk.html]
* gpg: New list-option "show-unusable-sigs". Also show "[self-signature]"
instead of the user-id in key signature listings. [rG103acfe9ca]
* gpg: For symmetric encryption the default S2K hash is now SHA256. [T6367]
* gpg: Detect already compressed data also when using a pipe. Also
detect JPEG and PNG file formats. [T6332]
* gpg: New subcommand "openpgp" for --card-edit. [T6462]
* gpgsm: Verification of detached signatures does now strip trailing
zeroes from the input if --assume-binary is used. [rG2a13f7f9dc]
OBS-URL: https://build.opensuse.org/request/show/1089861
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=287
- Updated to require libgpg-error-devel >= 1.46
- Rebased patches:
* gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
* gnupg-add_legacy_FIPS_mode_option.patch
- GnuPG 2.4.0:
* common: Fix translations in --help for gpgrt < 1.47.
* gpg: Do not continue the export after a cancel for the primary key.
* gpg: Replace use of PRIu64 in log_debug.
* Update NEWS for 2.4.0.
* tests: Fix make check with GPGME.
* agent: Allow arguments to "scd serialno" in restricted mode.
* scd:p15: Skip deleted records.
* build: Remove Windows CE support.
* wkd: Do not send/install/mirror expired user ids.
* gpgsm: Print the revocation time also with --verify.
* gpgsm: Fix "problem re-searching certificate" case.
* gpgsm: Print revocation date and reason in cert listings.
* gpgsm: Silence the "non-critical certificate policy not allowed".
* gpgsm: Always use the chain model if the root-CA requests this.
* gpg: New export option "mode1003".
* gpg: Remove a mostly duplicated function.
* tests: Simplify fake-pinentry to use the option only.
* tests: Fix fake-pinentry for Windows.
* tests: Fix make check-all.
* agent: Fix import of protected v5 keys.
* gpgsm: Change default algo to AES-256.
* tests: Put a workaround for semihosted environment.
* tests: More fix for semihosted environment.
* tests: Support semihosted environment.
* tests: Fix tests under cms.
OBS-URL: https://build.opensuse.org/request/show/1046530
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=282
- GnuPG 2.3.8:
* gpg: Do not consider unknown public keys as non-compliant while
decrypting.
* gpg: Avoid to emit a compliance mode line if Libgcrypt is
non-compliant.
* gpg: Improve --edit-key setpref command to ease c+p.
* gpg: Emit an ERROR status if --quick-set-primary-uid fails and
allow to pass the user ID by hash.
* gpg: Actually show symmetric+pubkey encrypted data as de-vs
compliant. Add extra compliance checks for symkey_enc packets.
* gpg: In de-vs mode use SHA-256 instead of SHA-1 as implicit
preference.
* gpgsm: Fix reporting of bad passphrase error during PKCS#11
import.
* agent: Fix a regression in "READKEY --format=ssh".
* agent: New option --need-attr for KEYINFO.
* agent: New attribute "Remote-list" for use by KEYINFO.
* scd: Fix problem with Yubikey 5.4 firmware.
* dirmngr: Fix CRL Distribution Point fallback to other schemes.
* dirmngr: New LDAP server flag "areconly" (A-record-only).
* dirmngr: Fix upload of multiple keys for an LDAP server specified
using the colon format.
* dirmngr: Use LDAP schema v2 when a Base DN is specified.
* dirmngr: Avoid caching expired certificates.
* wkd: Fix path traversal attack in gpg-wks-server. Add the mail
address to the pending request data.
* wkd: New command --mirror for gpg-wks-client.
* gpg-auth: New tool for authentication.
* New common.conf option no-autostart.
* Silence warnings from AllowSetForegroundWindow unless
OBS-URL: https://build.opensuse.org/request/show/1012076
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=280
