- Update to 2.2.18 [bsc#1157900, CVE-2019-14855]
* gpg: Changed the way keys are detected on a smartcards; this
allows the use of non-OpenPGP cards. In the case of a not very
likely regression the new option --use-only-openpgp-card is
available. [#4681]
* gpg: The commands --full-gen-key and --quick-gen-key now allow
direct key generation from supported cards. [#4681]
* gpg: Prepare against chosen-prefix SHA-1 collisions in key
signatures. This change removes all SHA-1 based key signature
newer than 2019-01-19 from the web-of-trust. Note that this
includes all key signature created with dsa1024 keys. The new
option --allow-weak-key-signatues can be used to override the new
and safer behaviour. [#4755,CVE-2019-14855]
* gpg: Improve performance for import of large keyblocks. [#4592]
* gpg: Implement a keybox compression run. [#4644]
* gpg: Show warnings from dirmngr about redirect and certificate
problems (details require --verbose as usual).
* gpg: Allow to pass the empty string for the passphrase if the
'--passphase=' syntax is used. [#4633]
* gpg: Fix printing of the KDF object attributes.
* gpg: Avoid surprises with --locate-external-key and certain
--auto-key-locate settings. [#4662]
* gpg: Improve selection of best matching key. [#4713]
* gpg: Delete key binding signature when deletring a subkey.
[#4665,#4457]
* gpg: Fix a potential loss of key sigantures during import with
self-sigs-only active. [#4628]
* gpg: Silence "marked as ultimately trusted" diagnostics if
option --quiet is used. [#4634]
* gpg: Silence some diagnostics during in key listsing even with
OBS-URL: https://build.opensuse.org/request/show/751408
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=237
- Update to 2.2.17 [bsc#1141093]
* gpg: Do not try the import fallback if the options are already used.
* gpg: Fix regression in option "self-sigs-only".
* gpg: With --auto-key-retrieve prefer WKD over keyservers.
* gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
* gpg: Avoid printing false AKL error message.
* gpg: New command --locate-external-key.
* gpg: Make the get_pubkey_byname interface easier to understand.
* gpg: Fallback to import with self-sigs-only on too large keyblocks.
* gpg: New import and keyserver option "self-sigs-only"
* gpg: Make read_block in import.c more flexible.
* dirmngr: fix handling of HTTPS redirections during HKP.
* dirmngr: Avoid endless loop in case of HTTP error 503.
* dirmngr: Do not rewrite the redirection for the "openpgpkey" subdomain.
* dirmngr: Support the new WKD draft with the openpgpkey subdomain.
* wkd: Change client/server limit back to 64 KiB.
* tools: gpgconf: Killing order is children-first.
* Return better error code for some getinfo IPC commands.
* po: Update Russian translation.
OBS-URL: https://build.opensuse.org/request/show/714630
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=233
- Update to 2.2.16
* gpg: Fixed i18n markup of some strings.
* gpg: Allow deletion of subkeys with --delete-[secret-]key.
* gpg: Do not bail on an invalid packet in the local keyring.
* gpg: Do not allow creation of user ids larger than our parser allows.
* gpg: Do not delete any keys if --dry-run is passed.
* gpg: Fix using --decrypt along with --use-embedded-filename.
* gpg: Improve the photo image viewer selection.
* gpg: enable OpenPGP export of cleartext keys with comments.
* gpg: Do not print a hint to use the deprecated --keyserver option.
* gpg: Change update_keysig_packet to replace SHA-1 by SHA-256.
* gpg: Use just the addrspec from the Signer's UID.
* gpg: Accept also armored data from the WKD.
* gpg: Set a limit of 5 to the number of keys imported from the WKD.
* gpg: Don't use EdDSA algo ID for ECDSA curves.
* agent: Stop scdaemon after reload when disable_scdaemon.
* agent: For SSH key, don't put NUL-byte at the end.
* agent: correct length for uri and comment on 64-bit big-endian platforms
* dirmngr: Allow for other hash algorithms than SHA-1 in OCSP.
* dirmngr: Improve domaininfo cache update algorithm.
* dirmngr: Better error code for http status 413.
* g10: Fix possible null dereference.
* g10: Fix double free when locating by mbox.
* g10: Fix symmetric cipher algo constant for ECDH.
* sm: Avoid confusing diagnostic for the default key.
* sm: Fix a warning in an es_fopencooie function.
* gpgconf: Before --launch check that the config file is fine.
* gpgconf: Support --homedir for --launch.
* build: Update m4/iconv.m4.
* doc: correct documentation for gpgconf --kill.
OBS-URL: https://build.opensuse.org/request/show/706483
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=229
- Update to 2.2.14:
* gpg: Allow import of PGP desktop exported secret keys. Also avoid
importing secret keys if the secret keyblock is not valid.
* gpg: Do not error out on version 5 keys in the local keyring.
* gpg: Make invalid primary key algo obvious in key listings.
* sm: Do not mark a certificate in a key listing as de-vs compliant
if its use for a signature will not be possible.
* sm: Fix certificate creation with key on card.
* sm: Create rsa3072 bit certificates by default.
* sm: Print Yubikey attestation extensions with --dump-cert.
* agent: Fix cancellation handling for scdaemon.
* agent: Support --mode=ssh option for CLEAR_PASSPHRASE.
* scd: Fix flushing of the CA-FPR DOs in app-openpgp.
* scd: Avoid a conflict error with the "undefined" app.
* dirmngr: Add CSRF protection exception for protonmail.
* dirmngr: Fix build problems with gcc 9 in libdns.
* gpgconf: New option --show-socket for use wity --launch.
* gpgtar: Make option -C work for archive creation.
- Removed patches that are included upstream by now:
- 0001-libdns-Avoid-using-compound-literals.patch
- 0002-libdns-Avoid-using-compound-literals-2.patch
- 0003-libdns-Avoid-using-compound-literals-3.patch
- 0004-libdns-Avoid-using-compound-literals-4.patch
- 0005-libdns-Avoid-using-compound-literals-5.patch
- 0006-libdns-Avoid-using-compound-literals-6.patch
- 0007-libdns-Avoid-using-compound-literals-7.patch
- 0008-libdns-Avoid-using-compound-literals-8.patch
OBS-URL: https://build.opensuse.org/request/show/686406
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=224
- Update to 2.2.13:
* gpg: Implement key lookup via keygrip (using the & prefix).
* gpg: Allow generating Ed25519 key from existing key.
* gpg: Emit an ERROR status line if no key was found with -k.
* gpg: Stop early when trying to create a primary Elgamal key.
* gpgsm: Print the card's key algorithms along with their keygrips
in interactive key generation.
* agent: Clear bogus pinentry cache in the error case.
* scd: Support "acknowledge button" feature.
* scd: Fix for USB INTERRUPT transfer.
* wks: Do no use compression for the the encrypted challenge and response.
Release-info: https://dev.gnupg.org/T4290
See-also: gnupg-announce/2019q1/000434.html
- Update to 2.2.12:
OBS-URL: https://build.opensuse.org/request/show/674396
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=219
-Update to 2.2.12:
* tools: New commands --install-key and --remove-key for
gpg-wks-client. This allows to prepare a Web Key Directory on a
local file system for later upload to a web server.
* gpg: New --list-option "show-only-fpr-mbox". This makes the use
of the new gpg-wks-client --install-key command easier on Windows.
* gpg: Improve processing speed when --skip-verify is used.
* gpg: Fix a bug where a LF was accidentally written to the console.
* gpg: --card-status now shwos whether a card has the new KDF
feature enabled.
* agent: New runtime option --s2k-calibration=MSEC. New configure
option --with-agent-s2k-calibration=MSEC. [#3399]
* dirmngr: Try another keyserver from the pool on receiving a 502,
503, or 504 error. [#4175]
* dirmngr: Avoid possible CSRF attacks via http redirects. A HTTP
query will not anymore follow a 3xx redirect unless the Location
header gives the same host. If the host is different only the
host and port is taken from the Location header and the original
path and query parts are kept.
* dirmngr: New command FLUSHCRL to flush all CRLS from disk and
memory. [#3967]
OBS-URL: https://build.opensuse.org/request/show/658084
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=217
- Update to 2.2.11:
* gpgsm: Fix CRL loading when intermediate certicates are not yet trusted.
* gpgsm: Fix an error message about the digest algo.
* gpg: Fix a wrong warning due to new sign usage check introduced with 2.2.9.
* gpg: Print the "data source" even for an unsuccessful keyserver query.
* gpg: Do not store the TOFU trust model in the trustdb.
* scd: Fix cases of "Bad PIN" after using "forcesig".
* agent: Fix possible hang in the ssh handler.
* dirmngr: Tack the unmodified mail address to a WKD request.
* dirmngr: Tweak diagnostic about missing LDAP server file.
* dirmngr: In verbose mode print the OCSP responder id.
* dirmngr: Fix parsing of the LDAP port.
* wks: Add option --directory/-C to the server.
* wks: Add option --with-colons to the client.
* Fix EBADF when gpg et al. are called by broken CGI scripts.
* Fix some minor memory leaks and bugs.
OBS-URL: https://build.opensuse.org/request/show/646642
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=213
- Applied spec-cleaner
- Refreshed patches
- Update to version 2.2.8:
* gpg: Decryption of messages not using the MDC mode will now lead to a
hard failure even if a legacy cipher algorithm was used. The option
--ignore-mdc-error can be used to turn this failure into a warning. Take
care: Never use that option unconditionally or without a prior warning.
* gpg: The MDC encryption mode is now always used regardless of the
cipher algorithm or any preferences. For testing --rfc2440 can be
used to create a message without an MDC.
* gpg: Sanitize the diagnostic output of the original file name in
verbose mode.
* gpg: Detect suspicious multiple plaintext packets in a more reliable way.
* gpg: Fix the duplicate key signature detection code.
* gpg: The options --no-mdc-warn, --force-mdc, --no-force-mdc,
--disable-mdc and --no-disable-mdc have no more effect.
* agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the
list of startup environment variables.
OBS-URL: https://build.opensuse.org/request/show/615233
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=198
