------------------------------------------------------------------- Tue May 14 14:00:45 UTC 2013 - vcizek@suse.com - set safe umask before creating a plaintext file (bnc#780943) added gpg2-set_umask_before_open_outfile.patch - select proper ciphers when running in FIPS mode (bnc#808958) added gnupg-detect_FIPS_mode.patch ------------------------------------------------------------------- Fri May 10 19:33:24 UTC 2013 - andreas.stieger@gmx.de - update to 2.0.20 * Decryption using smartcards keys > 3072 bit does now work. * New meta option ignore-invalid-option to allow using the same option file by other GnuPG versions. * gpg: The hash algorithm is now printed for sig records in key listings. * gpg: Skip invalid keyblock packets during import to avoid a DoS. * gpg: Correctly handle ports from DNS SRV records. * keyserver: Improve use of SRV records * gpg-agent: Avoid tty corruption when killing pinentry. * scdaemon: Improve detection of card insertion and removal. * scdaemon: Rename option --disable-keypad to --disable-pinpad. * scdaemon: Better support for CCID readers. Now, the internal CCID driver supports readers without the auto configuration feature. * scdaemon: Add pinpad input for PC/SC, if your reader has pinpad and it supports variable length PIN input, and you specify --enable-pinpad-varlen option. * scdaemon: New option --enable-pinpad-varlen. * scdaemon: Install into libexecdir to avoid accidental execution from the command line. * Assorted bug fixes. - refresh gnupg-2.0.9-RSA_ES.patch - verify gpg signature of source tarball ------------------------------------------------------------------- Wed Mar 27 12:16:19 UTC 2013 - mmeister@suse.com - Added url as source. Please see http://en.opensuse.org/SourceUrls ------------------------------------------------------------------- Fri Jan 11 20:26:50 UTC 2013 - lazy.kent@opensuse.org - BuildRequires: libbz2-devel (support BZIP2 compression algorithm) (bnc#798175). ------------------------------------------------------------------- Wed Apr 18 10:55:34 UTC 2012 - vcizek@suse.com - Mention some of the changes in Greg's version update ------------------------------------------------------------------- Tue Mar 27 20:38:27 UTC 2012 - gregkh@opensuse.org - update to upstream 2.0.19 * GPG now accepts a space separated fingerprint as a user ID. This allows to copy and paste the fingerprint from the key listing. * GPG now uses the longest key ID available. Removed support for the original HKP keyserver which is not anymore used by any site. * Rebuild the trustdb after changing the option --min-cert-level. * Ukrainian translation. * Honor option --cert-digest-algo when creating a cert. * Emit a DECRYPTION_INFO status line. * Improved detection of JPEG files. ------------------------------------------------------------------- Tue Dec 6 10:58:36 UTC 2011 - vcizek@suse.com - fixed licence to GPL-3.0+ (bnc#734878) ------------------------------------------------------------------- Wed Nov 30 09:55:47 UTC 2011 - coolo@suse.com - add automake as buildrequire to avoid implicit dependency ------------------------------------------------------------------- Sat Oct 1 15:53:04 UTC 2011 - crrodriguez@opensuse.org - Test suite hangs in qemu-arm, workaround. ------------------------------------------------------------------- Wed Aug 31 10:00:35 UTC 2011 - puzel@suse.com - link with -pie ------------------------------------------------------------------- Fri Aug 19 01:11:42 UTC 2011 - crrodriguez@opensuse.org - libcurl.m4 tests were broken, resulting in the usage of a "fake" internal libcurl. ------------------------------------------------------------------- Sat Aug 6 20:19:09 UTC 2011 - andreas.stieger@gmx.de - update to upstream 2.0.18 * Bug fix for newer versions of Libgcrypt. * Support the SSH confirm flag and show SSH fingerprints in ssh related pinentries. * Improved dirmngr/gpgsm interaction for OCSP. * Allow generation of card keys up to 4096 bit. - refresh patch gnupg-2.0.10-tmpdir.diff -> gnupg-2.0.18-tmpdir.diff - refresh patch gnupg-files-are-digests.patch -> gnupg-2.0.18-files-are-digests.patch ------------------------------------------------------------------- Tue Mar 15 09:29:42 UTC 2011 - puzel@novell.com - update to gnupg-2.0.17 * Allow more hash algorithms with the OpenPGP v2 card. * The gpg-agent now tests for a new gpg-agent.conf on a HUP. * Fixed output of "gpgconf --check-options". * Fixed a bug where Scdaemon sends a signal to Gpg-agent running in non-daemon mode. * Fixed TTY management for pinentries and session variable update problem. - drop gnupg-CVE-2010-2547.patch (in upstream) ------------------------------------------------------------------- Fri Jan 7 13:24:17 CET 2011 - sbrabec@suse.cz - Removed obsolete BuildRequires of opensc-devel. ------------------------------------------------------------------- Sun Oct 31 12:37:02 UTC 2010 - jengelh@medozas.de - Use %_smp_mflags ------------------------------------------------------------------- Wed Jul 28 09:39:00 UTC 2010 - puzel@novell.com - gnupg-CVE-2010-2547.patch (bnc#625947) - renumber patches ------------------------------------------------------------------- Mon Jul 19 21:49:40 UTC 2010 - puzel@novell.com - update to gnupg-2.0.16 * If the agent's --use-standard-socket option is active, all tools try to start and daemonize the agent on the fly. In the past this was only supported on W32; on non-W32 systems the new configure option --use-standard-socket may now be used to use this feature by default. * The gpg-agent commands KILLAGENT and RELOADAGENT are now available on all platforms. * Minor bug fixes. - drop gnupg-2.0.14-s2kcount.patch (builds fine without it now) ------------------------------------------------------------------- Mon Jun 7 09:40:32 UTC 2010 - adrian@suse.de - add special provides to make sure that obs signd gets correct gpg version ------------------------------------------------------------------- Fri Apr 9 12:47:11 UTC 2010 - chris@computersalat.de - fix deps o libassuan-devel >= 2.0.0 o pth / libpth-devel >= 1.3.7 - added BuildReq libcurl-devel >= 7.10 - removed BuildReq openldap2 is already solved by openldap2-devel - removed unrecognized configure options --enable-external-hkp, --enable-shared, --enable-static-rnd ------------------------------------------------------------------- Wed Apr 7 14:19:11 UTC 2010 - puzel@novell.com - add gnupg-dont-fail-with-seahorse-agent.patch (bnc#589994) ------------------------------------------------------------------- Wed Mar 31 13:47:00 UTC 2010 - puzel@novell.com - update to gnupg-2.0.15 * New command --passwd for GPG. * Fixes a regression in 2.0.14 which prevented unprotection of new or changed gpg-agent passphrases. * Make use of libassuan 2.0 which is available as a DSO. ------------------------------------------------------------------- Mon Mar 22 15:09:24 UTC 2010 - puzel@novell.com - fix files-are-digests patch (bnc#469229) ------------------------------------------------------------------- Wed Feb 17 13:29:18 CET 2010 - dimstar@opensuse.org - Update to version 2.0.14: + The default for --include-cert is now to include all certificates in the chain except for the root certificate. + Numerical values may now be used as an alternative to the debug-level keywords. + The GPGSM --audit-log feature is now more complete. + GPG now supports DNS lookups for SRV, PKA and CERT on W32. + New GPGSM option --ignore-cert-extension. + New and changed passphrases are now created with an iteration count requiring about 100ms of CPU work. - Add gnupg-2.0.14-s2kcount.patch: use fixed s2k-count number otherwise the gpg2 would want to consult gpg-agent which is not yet installed in the mock chroot (Patch shamelessly stolen from Fedora). ------------------------------------------------------------------- Thu Jan 28 14:15:24 UTC 2010 - puzel@novell.com - fix build for older distributions ------------------------------------------------------------------- Wed Jan 27 16:30:41 UTC 2010 - puzel@novell.com - port files-are-digests patch from gpg1 (bnc#469229) ------------------------------------------------------------------- Tue Dec 15 20:56:35 CET 2009 - jengelh@medozas.de - enable parallel building - SPARC needs large PIE model ------------------------------------------------------------------- Sun Dec 6 08:52:32 UTC 2009 - coolo@novell.com - change -lang require to recommended ------------------------------------------------------------------- Fri Nov 13 14:37:58 UTC 2009 - puzel@novell.com - update to gnupg-2.0.13 * GPG now generates 2048 bit RSA keys by default. The default hash algorithm preferences has changed to prefer SHA-256 over SHA-1. 2048 bit DSA keys are now generated to use a 256 bit hash algorithm * The envvars XMODIFIERS, GTK_IM_MODULE and QT_IM_MODULE are now passed to the Pinentry to make SCIM work. * The GPGSM command --gen-key features a --batch mode and implements all features of gpgsm-gencert.sh in standard mode. * New option --re-import for GPGSM's IMPORT server command. * Enhanced writing of existing keys to OpenPGP v2 cards. * Add hack to the internal CCID driver to allow the use of some Omnikey based card readers with 2048 bit keys. * GPG now repeatly asks the user to insert the requested OpenPGP card. This can be disabled with --limit-card-insert-tries=1. * Minor bug fixes. - drop gnupg-2.0.4-default-tty.diff ------------------------------------------------------------------- Thu Jun 18 13:22:00 CEST 2009 - puzel@novell.com - update to gnupg-2.0.12 * GPGSM now always lists ephemeral certificates if specified by fingerprint or keygrip. * New command "KEYINFO" for GPG_AGENT. GPGSM now also returns information about smartcards. * Made sure not to leak file descriptors if running gpg-agent with a command. Restore the signal mask to solve a problem in Mono. * Changed order of the confirmation questions for root certificates and store negative answers in trustlist.txt. * Better synchronization of concurrent smartcard sessions. * Support 2048 bit OpenPGP cards. * Support Telesec Netkey 3 cards. * The gpg-protect-tool now uses gpg-agent via libassuan. * Changed code to avoid a possible Mac OS X system freeze. - drop gpg2-fix-rtsignals.patch (fixed upstream) - drop gnupg-1.9.22-ccid-driver-fix.diff (unused) ------------------------------------------------------------------- Thu Jun 11 11:19:58 CEST 2009 - puzel@suse.cz - change BuildRequires: (pth-devel -> libpth-devel) ------------------------------------------------------------------- Mon Jun 1 11:26:12 CEST 2009 - puzel@suse.cz - BuildRequires: pth-devel ------------------------------------------------------------------- Wed Mar 18 13:51:30 CET 2009 - puzel@suse.cz - add gpg2-fix-rtsignals.patch (bnc#481463) ------------------------------------------------------------------- Thu Mar 5 13:39:42 CET 2009 - puzel@suse.cz - update to 2.0.11 * Fixed a problem in SCDAEMON which caused unexpected card resets. * SCDAEMON is now aware of the Geldkarte. * The SCDAEMON option --allow-admin is now used by default. * GPGCONF now restarts SCdaemon if necessary. * The default cipher algorithm in GPGSM is now again 3DES. This is due to interoperability problems with Outlook 2003 which still can't cope with AES. - dropped gnupg-2.0.10-fix-convert.patch (upstream) - dropped gnupg-2.0.10-fix-missing-option.patch (upstream) - disabled gnupg-1.9.22-ccid-driver-fix.diff (does not apply and it is not clear what it is good for) ------------------------------------------------------------------- Mon Mar 2 15:53:22 CET 2009 - puzel@suse.cz - gnupg-2.0.10-fix-missing-option.patch (bnc#477362) ------------------------------------------------------------------- Mon Jan 19 16:16:11 CET 2009 - puzel@suse.cz - add gnupg-2.0.10-fix-convert.patch - fix broken 'make check' on ppc, s390 and s390x ------------------------------------------------------------------- Tue Jan 13 10:38:38 CET 2009 - puzel@suse.cz - update to 2.0.10 * New keyserver helper gpg2keys_kdns as generic DNS CERT lookup. * New mechanisms "local" and "nodefault" for --auto-key-locate. Fixed a few problems with this option. * New command --locate-keys. * New options --with-sig-list and --with-sig-check. * The option "-sat" is no longer an alias for --clearsign. * The option --fixed-list-mode is now implicitly used and obsolete. * New control statement %ask-passphrase for the unattended key generation. * The algorithm to compute the SIG_ID status has been changed. * [gpgsm] Now uses AES by default. * [gpgsm] Made --output option work with --export-secret-key-p12. * [gpg-agent] Terminate process if the own listening socket is not anymore served by ourself. * [gpg-connect-agent] Accept commands given as command line arguments. * The gpg-preset-passphrase mechanism works again. An arbitrary string may now be used for a custom cache ID. * Admin PINs are cached again (bug in 2.0.9). * Support for version 2 OpenPGP cards. - specfile changes: * require libadns * explicit versions for some BuildRequires * BuildRequires libgpg-error * changed license to GPL v3 * /etc/gnupg/gnupg.conf is now (noreplace) * documentation is installed with install ------------------------------------------------------------------- Wed Jun 11 11:06:09 CEST 2008 - puzel@suse.cz - fix [bnc#305725] - UTF-8 problems * non latin characters displayed incorrectly by pinentry-* ------------------------------------------------------------------- Wed May 21 14:01:14 CEST 2008 - puzel@suse.cz - added missing gpgconf.conf (bnc#391347) ------------------------------------------------------------------- Fri Mar 28 16:14:33 CET 2008 - pcerny@suse.cz - update to 2.0.9 * fixes CVE-2008-1530 (bnc#374254) * removing gnupg-2.0.8-from-upstream.diff (included in release) * removing gnupg-2.0.4-oldkey.diff (accepted by upstream) * removing gnupg-2.0.8-warningfixes.diff (also appears in upstream) - patch gnupg-2.0.9-RSA_ES.patch * adding back support for deprecated RSA_E, RSA_S algorithms (bnc#342979) ------------------------------------------------------------------- Wed Mar 26 22:07:29 CET 2008 - coolo@suse.de - require the split out lang package ------------------------------------------------------------------- Sun Mar 23 12:10:56 CET 2008 - coolo@suse.de - splitting out a third of the package by using a lang subpack ------------------------------------------------------------------- Tue Feb 12 19:24:37 CET 2008 - bk@suse.de - install gpg-zip and gpgsplit again and use -pie for randomisation ------------------------------------------------------------------- Wed Feb 6 18:16:34 CET 2008 - bk@suse.de - add selected upstream fixes and fix gcc and rpmlint warnings ------------------------------------------------------------------- Tue Jan 8 10:48:30 CET 2008 - sassmann@suse.de - update to GnuPG-2.0.8 - adapted patches to apply properly * gnupg-1.9.18-tmpdir.diff * gnupg-2.0.4-install_tools.diff - gnupg-2.0.5.fixes-from-svn-20070812.diff commented out, included in upstream 2.0.8 - use optflags during build ------------------------------------------------------------------- Wed Sep 12 22:40:46 CEST 2007 - ltinkl@suse.cz - fix #304749 - gpg2 unable to use old secret key ------------------------------------------------------------------- Mon Sep 10 20:13:07 CEST 2007 - ltinkl@suse.cz - fix gpg2 crash on accessing key (#307666) - fix gpg doesn't work on the console (#302323) ------------------------------------------------------------------- Fri Aug 10 11:50:20 CEST 2007 - bk@suse.de - update to GnuPG-2.0.5 - requries libassuan-1.0.2! * Switched license to GPLv3. * Fixed bug when using the --p12-charset without --armor. * The command --gen-key may now be used instead of the gpgsm-gencert.sh script. * Changed key generation to reveal less information about the machine. Bug fixes for gpg2's card key generation. - enable make check to test against build issues in the crypto engine - cleanup disabled nld patch for linking with -lgpg-error-nld - use %find_lang to label the locale files properly with %lang - add opensc-devel to BuildRequrires to enanble smartcard support - del Makefile.in patches where we patch Makefile.am and run automake - cleanup the standrd GNU INSTALL and the empty VERSION from %doc ------------------------------------------------------------------- Thu Jul 26 13:16:22 CEST 2007 - sbrabec@suse.cz - Build with libassuan-devel. ------------------------------------------------------------------- Thu Jun 21 20:31:44 CEST 2007 - ro@suse.de - install compat symlinks for gpg2 and gpgv2 - install gpg-zip and gpgsplit - added openldap2 to buildrequires (for gpgkeys_ldap) - added fPIE/pie to CFLAGS/LDFLAGS for gpgsplit ------------------------------------------------------------------- Wed May 23 19:02:45 CEST 2007 - dmueller@suse.de - add libusb-devel build requires ------------------------------------------------------------------- Wed May 16 14:27:28 CEST 2007 - ltinkl@suse.cz - remove gpg from Require's (#273491) ------------------------------------------------------------------- Fri May 11 13:20:19 CEST 2007 - ltinkl@suse.cz - updated to 2.0.4 stable snapshot ------------------------------------------------------------------- Wed Apr 4 12:42:06 CEST 2007 - ltinkl@suse.cz - update to 2.0.3 - fixed #251605 - VUL-0: signing issues within GNUPG - removed outdated patches ------------------------------------------------------------------- Fri Mar 30 01:58:56 CEST 2007 - ro@suse.de - added zlib-devel to buildreq ------------------------------------------------------------------- Wed Feb 14 15:14:44 CET 2007 - ltinkl@suse.cz - fix file conflicts with gpg (#242133) ------------------------------------------------------------------- Tue Jan 30 00:34:50 CET 2007 - ro@suse.de - fix build (exclude possible debuginfo directory) ------------------------------------------------------------------- Mon Jan 29 16:22:15 CET 2007 - ltinkl@suse.cz - fix #221212 - gpg2 is not updated and do not contain documentation - fix #233525 - gpg1/2: bug in vasprintf() implementation ------------------------------------------------------------------- Thu Nov 30 16:59:25 CET 2006 - anicka@suse.cz - fix overflow in openfile.c (CVE-2006-6169, #224108) ------------------------------------------------------------------- Mon Sep 11 13:44:21 CEST 2006 - pnemec@suse.cz - updated gnupg to new version 1.9.22 Enhanced pkcs#12 support Support for the CardMan 4040 PCMCIA Collected bug fixes - updated pth library to 2.0.7 - changed using pinetry-qt to pinentry - removed -cfb.diff -signature.patch -cap_large_uid.patch patches they are no longer needed - change patch -warnings-fix.diff -ccid-driver-fix.diff ------------------------------------------------------------------- Thu Aug 17 11:55:09 CEST 2006 - pnemec@suse.de - remove unused package in build requires ------------------------------------------------------------------- Wed Aug 9 09:32:56 CEST 2006 - pnemec@suse.cz - fix spec file to build with new gettext 0.15 ------------------------------------------------------------------- Mon Aug 7 11:06:19 CEST 2006 - pnemec@suse.cz - fixed security fix with large uid CVE-2006-3746 [#195569] ------------------------------------------------------------------- Thu Feb 23 17:07:18 CET 2006 - pnemec@suse.cz - fixed signature security problem CVE-2006-0455 (bugzilla#150742) ------------------------------------------------------------------- Thu Feb 2 15:37:22 CET 2006 - pnemec@suse.cz - fixed install info in spec file ------------------------------------------------------------------- Thu Jan 26 15:52:26 CET 2006 - sbrabec@suse.cz - Added missing %install_info. ------------------------------------------------------------------- Wed Jan 25 21:36:18 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Fri Aug 5 12:52:44 CEST 2005 - postadal@suse.cz - updated to version to 1.9.18 - removed obsoleted gcc patch - added patch tmpdir.diff for using $TMPDIR by gpg-agent [#bug95732] ------------------------------------------------------------------- Tue Jul 12 14:17:11 CEST 2005 - postadal@suse.cz - updated to version to 1.9.17 - updated pth to version 2.0.4 - removed obsoleted patch agent-cache-fix.diff - fixed ccid-driver.c - fixed gcc4 - explicitly enabled gpg building in configure ------------------------------------------------------------------- Thu Mar 24 13:55:34 CET 2005 - postadal@suse.cz - fixed caching passphrase in gpg-agent [#71975] ------------------------------------------------------------------- Tue Mar 22 18:11:12 CET 2005 - postadal@suse.cz - fixed on 64bit archs [#72440] ------------------------------------------------------------------- Wed Feb 23 15:16:55 CET 2005 - postadal@suse.cz - security fix for cfb-cipher issue [#65862] ------------------------------------------------------------------- Wed Jan 12 16:02:00 CET 2005 - postadal@suse.cz - update to version 1.9.14 - removed obsoleted patch automake-fixes.diff ------------------------------------------------------------------- Tue Sep 28 08:52:32 CEST 2004 - adrian@suse.de - link against libpth staticaly to make S/MIME support in kmail usable. Hopefully we can convert this to a native thread implementation later. (#46260) ------------------------------------------------------------------- Sat Jul 31 15:07:26 CEST 2004 - adrian@suse.de - update to version 1.9.10 ------------------------------------------------------------------- Tue Jul 20 09:01:50 CEST 2004 - adrian@suse.de - remove openct and opensc packages from nfb (we will need thread support, when enabling card reader support, but it isn't anyway implemented yet in gpg2) ------------------------------------------------------------------- Mon Jul 12 17:55:32 CEST 2004 - adrian@suse.de - use GnuPG 2 sources version 1.9.9 - opensc support misses some functions atm, support disabled for now - threading is disabled, since we do not have a pth package for now - prepare for nld ------------------------------------------------------------------- Thu Feb 26 13:27:08 CET 2004 - postadal@suse.cz - adapted some functions to the libgcrypt version 1.1.91 [#34987] - added libgpg-error to needforbuild flag ------------------------------------------------------------------- Wed Feb 18 14:02:47 CET 2004 - kukuk@suse.de - Don't build against libpth. ------------------------------------------------------------------- Tue Feb 10 16:00:08 CET 2004 - postadal@suse.cz - fixed code that broke strict aliasing ------------------------------------------------------------------- Fri Dec 5 14:35:32 CET 2003 - garloff@suse.de - disable core dumpe in child after forking. [#33499] ------------------------------------------------------------------- Mon Aug 11 14:48:50 CEST 2003 - adrian@suse.de - cleanup #neededforbuild and requires ------------------------------------------------------------------- Mon Aug 4 15:28:41 CEST 2003 - ro@suse.de - added openct to neededforbuild ------------------------------------------------------------------- Fri Jul 18 14:23:15 CEST 2003 - mc@suse.de - build against opensc ------------------------------------------------------------------- Thu Jun 19 19:04:45 CEST 2003 - schwab@suse.de - Add %install_info. ------------------------------------------------------------------- Mon Mar 17 15:25:30 CET 2003 - adrian@suse.de - add signal handler to check if the parent is still alive and exit if not - use pinentry-qt by default (/usr/bin/pinentry do not exist) ------------------------------------------------------------------- Tue Feb 11 15:38:30 CET 2003 - mc@suse.de - initial release