| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: gpg2 | Distribution: openSUSE Tumbleweed |
| Version: 2.5.17 | Vendor: openSUSE |
| Release: 2.2 | Build date: Wed Feb 11 11:27:56 2026 |
| Group: Productivity/Networking/Security | Build host: reproducible |
| Size: 7662336 | Source RPM: gpg2-2.5.17-2.2.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://www.gnupg.org | |
| Summary: File encryption, decryption, signature creation and verification utility | |
GnuPG is a hybrid-encryption software program; it uses a combination of symmetric-key and public-key cryptography to encrypt/decrypt messages and/or to sign and verify them. gpg2 provides GPGSM, gpg-agent, and a keybox library.
GPL-3.0-or-later
* Wed Feb 11 2026 Pedro Monreal <pmonreal@suse.com>
- Fix Y2K38 FTBFS:
* gpg2 quick-key-manipulation test FTBFS-2038 (bsc#1251214)
* Upstream issue: dev.gnupg.org/T8096
* Add gnupg-gpgscm-New-operator-long-time-t-to-detect-proper-tim.patch
* Tue Jan 27 2026 Andreas Stieger <andreas.stieger@gmx.de>
- Update to 2.5.17:
* agent: Fix stack buffer overflow when using gpgsm and KEM
(CVE-2026-24881, boo#1257358)
* tpm: Fix possible buffer overflow in PKDECRYPT
(CVE-2026-24882, boo#1257396)
* gpg: Fix possible NULL-deref with overlong signature packets
(CVE-2026-24883, boo#1257395)
* gpg: New export-option "keep-expired-subkeys"
* gpgsm: Make multiple search patterns work with keyboxd
* agent: Add accelerator keys for "Wrong" and "Correct"
* dirmngr: Help detection of bad keyserver configurations
* Tue Dec 30 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Update to 2.5.16:
* gpg: Fix a validation bug when using keyboxd
* gpg: Deprecate the option --not-dash-escaped and ignore the
NotDashEscaped armor header
* keyboxd: Fix migration to new schema
* dirmngr: New compatibility flag "ocsp-sha256-certid" to support
forthcoming libksba versions
* New translation to Georgian.
* Mon Nov 24 2025 Pedro Monreal <pmonreal@suse.com>
- Update to 2.5.14 (bsc#1255715, CVE-2025-68973):
* gpg: Fix possible memory corruption in the armor parser. [T7906]
* gpgsm: Fix output of card serial number in colon listing. [T7914]
* agent:ssh: Fix RSA signature handling for newer spec. [T7882]
* gpg: Improve/relax the checking of preference options. [rG6570700fdd]
* gpg: Fix the check for the END armor line. [rG62b8bf2f39]
* gpg: Do not present a default when asking for another output filename. [T7908]
* gpg: Include ADSK keys in key listings specified by fingerprints. [T7892]
* agent: Fix a decryption failures if the pinentry dialog for the
first tried recipient is canceled. Regression since 2.5.7. [T7893, T7649]
* keyboxd: Fix schema of the fingerprint table. [T7892]
* dirmngr: Fix OCSP next-update check. [rG9ef87bcdb0]
* gpg: New "pfc" record in colons key listings. [T7897]
* gpg: Allow import and export of Kyber secret keys. [T7315]
* gpg: Escape characters with the high bit set in NOTATION status lines. [T7896]
* gpg: New import option "force-update". [T7892,rGf6237ccd31]
* agent: Accept a trustlist with a missing LF at the end. [rG1b4ac98de7]
* agent: Support protection for Kyber keys. [T6638,rGaea62817f3]
* scd:nks: Make newer TCOS signature cards work. [rG17596e830f]
* Release-info: https://dev.gnupg.org/T7869
* Rebase gnupg-revert-rfc4880bis.patch
* Thu Oct 23 2025 Pedro Monreal <pmonreal@suse.com>
- Update to 2.5.13:
* gpg: Fix de-vs compliance with OCB and additional password. [T7804]
* gpg: Detect duplicate keys with --add-recipients. [T1825]
* gpg: Take care about the prefix for cv25519 encryption. [T7649]
* gpg: Avoid potential downgrade to SHA1 in 3rd party key
signatures. [rGdb9705ef59]
* gpg: Error out on unverified output for non-detached signatures.
[rG8abc320f2a]
* gpgsm: Use KEM interface for en- and decryption. [T7811,T7845]
* gpgsm: Fix delete and store certificate locking glitches. [T7855]
* gpg,gpgsm: Run keybox compression only when there are no other
users. [T7855]
* gpg,gpgsm: Improve keybox closing and locking order on read and
write. [T7855]
* gpg,gpgsm: Always use share mode read-write for the keybox file
access. [T7829]
* scd:openpgp: Fix an oddity in changing the PIN. [T7840]
* dirmngr: New LDAP keyserver flag "upload". [T7866]
* agent: Retry private key deletion in case of sharing violations
for up to 400ms. [T7863]
* Release-info: https://dev.gnupg.org/T7801
* Tue Sep 30 2025 Pedro Monreal <pmonreal@suse.com>
- Remove the infodir directory if it exists.
* Tue Sep 02 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Update to 2.5.12:
* gpg: New options --[no-]auto-key-upload
* gpg: Keys send to an LDAP server are now first updated from that
server. New keyserver option "no-update-before-send" to disable
this feature
* gpg: Disable default compression for 7z compressed input
* gpg: Fix a regression with composite PQC and ECC algos
* gpg: Fix the list of possible algos for --edit-key:addkey
* gpg: Allow to select the Kyber variants with --edit-key:addkey
* gpg: Avoid a second Pinentry pop-up for a configured ADSK during
key generation
* gpg: Change the ADSK key binding time to use the current time
* gpgsm: Add option --no-qes-note and new trustlist flag
"noconsent"
* agent: Enable "relax" in the trustlist by default and add flag
"norelax"
* scd:openpgp: Support Yubikey attestation generation
* gpgtar: Fix regression in end-of-archive detection
* Sun Aug 03 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Update to 2.5.11:
* gpg: Fix a segv in key signing with notations introduced in
2.5.10
* agent: Fix for smartcard decryption with Brainpool keys
- includes changes from 2.5.10:
* gpg: Add a notation with version information to signatures
* gpgv: New option --print-notation
* gpgsm: Fix caching of the trustlist's flags
* agent: Fix for smartcard decryption returning x-coordinate only
* agent: Another fix for a regression with unknown curves and ssh
* dirmngr: Implement command KS_DEL for ldap servers
- fail build upon test failures
* Mon Jul 14 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Update to 2.5.9:
* gpg: Add the revocation reason to the sigclass of a "rev" line
(drops gnupg-2.5.8-re-add-revocation-reason.patch)
* gpg: Do not show the non-standard secp256k1 curve in the menu
to select the curve. It can however be specified using its name
* gpg: Fix regression in using the secp256k1 curve.
* dirmngr: New option --user-agent and send a default User-Agent
of "GnuPG/2.6" for all HTTP requests
* Sun Jun 29 2025 Andreas Stieger <andreas.stieger@gmx.de>
- fix build of qgpgme >= 2.0.0 [T7083] boo#1244605
add gnupg-2.5.8-re-add-revocation-reason.patch
* Fri Jun 20 2025 Lucas Mulling <lucas.mulling@suse.com>
- Update to 2.5.8:
* gpg: Show revocation reason with a standard -k listing. [T7083]
* gpg: Emit a revocation reason as comment in a "pub" record.
[T7083]
* agent: Fix regression in 2.5.7 decrypting with a card based
cv25519 key. [T7676]
* scd:openpgp: Fix a regression in exporting card based ed25519 ssh
keys. [T7589]
* dirmngr: Do not require a keyserver for "gpg --fetch-key".
[T7693]
- Remove patch:
* gnupg-agent-fix-for-prefix-0x40-in-the-point-representation.patch
* Fri Jun 06 2025 Michal Hrusecky <michal@hrusecky.net>
- Fix problems with decoding Curve25519
- Added patch
* gnupg-agent-fix-for-prefix-0x40-in-the-point-representation.patch
* Mon Jun 02 2025 Lucas Mulling <lucas.mulling@suse.com>
- Update to 2.5.7:
* gpg: Allow updating a SHA-1 key certification w/o using
the --force-sign-key option. [T7663]
* gpg: The group key flag has now been fully implemented.
[rG8833a34bf0]
* gpg: Make combination of show-only-fpr-mbox and show-unusable-uid
work. [rGd5a4a2dc89]
* gpg: Do not allow compressed key packets on import. [T7014]
* gpgsm: Allow an empty subject DN also during import. [T7171]
* agent: Recover the old behavior with max-cache-ttl=0. [T6681]
* agent: Fix ECC key on smartcard for composite KEM with PQC.
[T7648]
* scd: Fix a harmless read buffer over-read in a function used by
PKCS#15 cards. [T7662]
* gpg-mail-tube,wks: Support templates for mail content. [T7381]
* Use the KEM interface of Libgcrypt for encryption/decryption.
[T7649]
- Remove patches:
* gnupg-agent-Recover-the-old-behavior-with-max-cache-ttl-0.patch
* gnupg-dirmngr-Don-t-install-expired-sks-certificate.patch
- Update gpg2.keyring
* Tue May 13 2025 Lucas Mulling <lucas.mulling@suse.com>
- Don't install expired sks certificate [bsc#1243069]
* Add patch gnupg-dirmngr-Don-t-install-expired-sks-certificate.patch
- Revert old max-cache-ttl behavior [bsc#1241656]
* Add patch gnupg-agent-Recover-the-old-behavior-with-max-cache-ttl-0.patch
* Thu May 08 2025 Lucas Mulling <lucas.mulling@suse.com>
- Update to 2.5.6:
* gpg: Add a flag to the filter expressions for left anchored
substring match. [rGc12b7d047e]
* gpg: New list option "show-trustsig" to avoid resorting to colon
mode for this info. [rG41d6ae8f41]
* gpg: New command --quick-tsign-key to create a trust signature.
[rGd90b290f97]
* gpg: New keygen parameter "User-Id". [rGcfd597c603]
* gpg: New list options "show-trustsig". [rGrG41d6ae8f41]
* gpg: Fix double free of internal data in no-sig-cache mode [T7547]
* gpg: Signatures from revoked or expired keys do not anymore show
up as missing keys. Fixes regression in 2.5.5. [T7583]
* gpgsm: Extend --learn-card by an optional s/n argument. [T7379]
* gpgsm: Skip expired certificates when selection a certificate by
subject. [rG4cf83273e8]
* card: New command "ll" as alias for "list --cards". [rGd6ee7adebe]
* scd:p15: Accept P15 cards with a zero-length label. [rGdb25aa9887]
* keyboxd: Use case-insensitive search for mail addresses. [T7576]
* dirmngr: Fix a problem in libdns related to an address change from
127.0.0.1. [T4021]
* gpgconf: Fix reload and kill of keyboxd. [T7569]
* Fix logic for certain recsel conditions. [rG8968e84903]
* Add Solaris support to get_signal_name. [T7638]
* Fix build error of the test shell on AIX. [T7632]
- Release-info: https://dev.gnupg.org/T7586
- Rebase patch gnupg-nobetasuffix.patch
- Remove patch gnupg-CVE-2025-30258-fix.patch
* Mon Mar 24 2025 Pedro Monreal <pmonreal@suse.com>
- Fix a regression introduced in CVE-2025-30258 [bsc#1239875]
* Upstream task: dev.gnupg.org/T7547
* gpg: Fix double free of internal data.
* Add gnupg-CVE-2025-30258-fix.patch
* Fri Mar 07 2025 Lucas Mulling <lucas.mulling@suse.com>
- Update to 2.5.5: [bsc#1236931, bsc#1239119, CVE-2025-30258]
* gpg: Fix a verification DoS due to a malicious subkey in the
keyring. [T7527]
* dirmngr: Fix possible hangs due to blocking connection requests.
[T6606, T7434]
Release-info: https://dev.gnupg.org/T7530
* Wed Feb 26 2025 Adrian Schröter <adrian@suse.de>
- Fixing gpg-agent integration by changing --supervised to
- -deprecated-supervised in service files.
* Wed Feb 19 2025 Pedro Monreal <pmonreal@suse.com>
- Update to 2.5.4:
* gpg: New option --disable-pqc-encryption. [rG00c31f8b04]
* gpg: Fix --quick-add-key for Weierstrass ECC with usage given. [T7506]
* gpg: Fix handling with no CRC armor. [T7071]
* gpg: New private Kyber keys are now cross-referenced using a new
Link attribute. [T6638]
* gpg: Fix an import problem with keys having another primary key as
a subkey. [T7527]
* gpgsm: Allow unattended PKCS#12 export without passphrase. [rG159e801043]
* gpgsm: Allow CSR generation with an unprotected key. [rG89055f24f4]
* agent: New option --change-std-env-name. [T7522]
* agent: Fix ssh-agent's request_identities for skipped Brainpool
keys. [rG2469dc5aae]
* Do not package zlib and bzip2 object files in a speedo release build. [T7442]
* Rebase patches:
- gnupg-add_legacy_FIPS_mode_option.patch
- gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
- gnupg-revert-rfc4880bis.patch
* Tue Jan 14 2025 Lucas Mulling <lucas.mulling@suse.com>
- Update to 2.5.3
* gpg: Allow for signature subpackets of up to 30000 octets.
[rG36dbca3e69]
* gpg: Silence expired trusted-key diagnostics in quiet mode. [T7351]
* gpg: Allow smaller session keys with Kyber and enforce the use of
AES-256 if useful. [T7472]
* gpg: Fix regression in key generation from existing card key.
[T7309,T7457]
* gpg: Print a warning if the card backup key could not be written.
[T2169]
* The --supervised options of gpg-agent and dirmngr have been
renamed to --deprecated-supervised as preparation for their removal.
[rGa019a0fcd8]
* There is no more default for a keyserver.
* Mon Jan 06 2025 Andreas Stieger <andreas.stieger@gmx.de>
- note updated 2.5.x build dependencies
* Wed Dec 11 2024 Lucas Mulling <lucas.mulling@suse.com>
- Update to 2.5.2:
* gpg: Add option 16 to --full-gen-key to create ECC+Kyber. [T6638]
* gpg: For composite algos add the algo string to the colons
listings. [T6638]
* gpg: Validate the trustdb after the import of a trusted key.
[T7200]
* gpg: Exclude expired trusted keys from the key validation process.
[T7200]
* gpg: Fix a wrong decryption failed status for signed and OCB
encrypted messages without a signature verification key. [T7042]
* gpg: Retain binary representation for import->export with Ed25519
key signatures. [T7426]
* gpg: Fix comparing ed448 to ed25519 with --assert-pubkey-algo.
[T7425]
* gpg: Avoid a failure exit code for expired ultimately trusted
keys. [T7351]
* gpg: Emit status error for an invalid ADSK. [T7322]
* gpg: Allow the use of an ADSK subkey as ADSK subkey. [T6882]
* gpg: Fix --quick-set-expire for V5 subkey fingerprints. [T7298]
* gpg: Robust error handling for SCD READKEY. [T7309]
* gpg: Fix cv25519 v5 export regression. [T7316]
* gpgsm: Nearly fourfold speedup of validated certificate listings.
[T7308]
* gpgsm: Improvement for some rare P12 files. [rGf50dde6269]
* gpgsm: Terminate key listing on output write error. [T6185]
* agent: Add option --status to the LISTRUSTED command.
[rG4275d5fa7a]
* agent: Fix detection of the yet unused trustflag de-vs. [T5079]
* agent: Allow ssh to sign data larger than the Assuan line length.
[T7436]
* keyboxd: Fix a race condition on the database handle. [T7294]
* dirmngr: A list of used URLs for loaded CRLs is printed first in
the output of the LISTCRL command. [T7337]
* scd: More mitigations against lock ups with multiple cards or
apps. [T7323, T7402]
* gpgtar: Use log-file from common.conf only in --batch mode.
[rGb389e04ef5]
* gpgtar: Fix directory creation during extraction. [T7380]
* gpg-mail-tube: Minor fixes.
* gpgconf: Add list flag to trusted-key et al. [T7313]
* Implement GNUPG_ASSUME_COMPLIANCE envvar and registry key for
testing de-vs compliance mode. [rGb287fb5775,rG7b0be541a9]
* Fix a race condition in creating the socket directory. [T7332]
* Thu Dec 05 2024 Adrian Schröter <adrian@suse.de>
- Disable ibmswtpm2 on LoongArch64
* Mon Oct 21 2024 Pedro Monreal <pmonreal@suse.com>
- Update to 2.5.1:
* gpg: The support for composite Kyber+ECC public key algorithms
does now use the final FIPS-203 and LibrePGP specifications. The
experimental keys from 2.5.0 are no longer supported. [T6815]
* gpg: New commands --add-recipients and --change-recipients. [T1825]
* gpg: New option --proc-all-sigs. [T7261]
* gpg: Fix a regression in 2.5.0 in gpgme's tests. [T7195]
* gpg: Make --no-literal work again for -c and --store. [T5852]
* gpg: Improve detection of input data read errors. [T6528]
* gpg: Fix getting key by IPGP record (rfc-4398). [T7288]
* gpgsm: New option --assert-signer. [T7286]
* gpgsm: More improvements to PKCS#12 parsing to cope with latest
IVBB changes. [T7213]
* agent: Fix KEYTOCARD command when used with a loopback pinentry. [T7283]
* gpg-mail-tube: Make sure GNUPGHOME is set in vsd mode. New option
- -as-attach. [rG4511997e9e1b]
* Now uses the process spawn API from libgpg-error. [T7192,T7194]
* Removed the --enable-gpg-is-gpg2 configure time option.
[rG2125f228d36c]
* Rebase patches:
- gnupg-add_legacy_FIPS_mode_option.patch
- gnupg-revert-rfc4880bis.patch
- gnupg-nobetasuffix.patch
* Mon Aug 12 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Remove explicit runtime library dependency, pick ease of
maintenance in Tumbleweed over mixed project use runtime bugs.
* Fri Mar 08 2024 Pedro Monreal <pmonreal@suse.com>
- Update to 2.4.5:
* gpg,gpgv: New option --assert-pubkey-algo. [T6946]
* gpg: Emit status lines for errors in the compression layer. [T6977]
* gpg: Fix invocation with --trusted-keys and --no-options. [T7025]
* gpgsm: Allow for a longer salt in PKCS#12 files. [T6757]
* gpgtar: Make --status-fd=2 work on Windows. [T6961]
* scd: Support for the ACR-122U NFC reader. [rG1682ca9f01]
* scd: Suport D-TRUST ECC cards. [T7000,T7001]
* scd: Allow auto detaching of kernel drivers; can be disabled with
the new compatibility-flag ccid-no-auto-detach. [rGa1ea3b13e0]
* scd: Allow setting a PIN length of 6 also with a reset code for
openpgp cards. [T6843]
* agent: Allow GET_PASSPHRASE in restricted mode. [rGadf4db6e20]
* dirmngr: Trust system's root CAs for checking CRL issuers. [T6963]
* dirmngr: Fix regression in 2.4.4 in fetching keys via hkps. [T6997]
* gpg-wks-client: Make option --mirror work properly w/o specifying
domains. [rG37cc255e49]
* g13,gpg-wks-client: Allow command style options as in "g13 mount
foo". [rGa09157ccb2]
* Allow tilde expansion for the foo-program options. [T7017]
* Make the getswdb.sh tool usable outside the GnuPG tree.
* Release-info: https://dev.gnupg.org/T6960
* Update the required versions for the dependencies.
* Thu Jan 25 2024 Pedro Monreal <pmonreal@suse.com>
- Update to 2.4.4: [bsc#1219191]
* gpg: Do not keep an unprotected smartcard backup key on disk.
See https://gnupg.org/blog/20240125-smartcard-backup-key.html
for a security advisory. [T6944]
* gpg: Allow to specify seconds since Epoch beyond 2038 on 32-bit
platforms. [T6736]
* gpg: Fix expiration time when Creation-Date is specified. [T5252]
* gpg: Add support for Subkey-Expire-Date. [rG96b69c1866]
* gpg: Add option --with-v5-fingerprint. [T6705]
* gpg: Add sub-option ignore-attributes to --import-options.
* gpg: Add --list-filter properties sig_expires/sig_expires_d.
* gpg: Fix validity of re-imported keys. [T6399]
* gpg: Report BEGIN_ status before examining the input. [T6481]
* gpg: Don't try to compress a read-only keybox. [T6811]
* gpg: Choose key from inserted card over a non-inserted card. [T6831]
* gpg: Allow to create revocations even with non-compliant algos. [T6929]
* gpg: Fix regression in the Revoker keyword of the parameter file. [T6923]
* gpg: Improve error message for expired default keys. [T4704]
* gpgsm: Add --always-trust feature. [T6559]
* gpgsm: Support ECC certificates in de-vs mode. [T6802]
* gpgsm: Major rewrite of the PKCS#12 parser. [T6536]
* gpgsm: No not show the pkcs#12 passphrase in debug output. [T6654]
* keyboxd: Timeout on failure to get the database lock. [T6838]
* agent: Update the key stubs only if really modified. [T6829]
* scd: Add support for certain Starcos 3.2 cards. [rG5304c9b080]
* scd: Add support for CardOS 5.4 cards. [rG812f988059]
* scd: Add support for D-Trust 4.1/4.4 cards. [rG0b85a9ac09]
* scd: Add support for Smartcafe Expert 7.0 cards. [T6919]
* scd: Add a length check for a new PIN. [T6843]
* tpm: Fix keytotpm handling in the agent. [rG9909f622f6]
* tpm: Fixes for the TPM test suite. [T6052]
* dirmngr: New option --ignore-crl-extensions. [T6545]
* dirmngr: Support config value "none" to disable the default
keyserver. [T6708]
* dirmngr: Fix handling of the HTTP Content-Length. [rGa5e33618f4]
* gpgconf: Add commands --lock and --unlock. [rG93b5ba38dc]
* gpgconf: Add keyword socketdir to gpgconf.ctl. [rG239c1fdc28]
* gpgconf: Adjust the -X command for the new VERSION file format. [T6918]
* wkd: Use export-clean for gpg-wks-client's --mirror and --create
commands. [rG2c7f7a5a278c]
* wkd: Make --add-revocs the default in gpg-wks-client. New option
- -no-add-revocs. [rG10c937ee68]
* Remove duplicated backslashes when setting the homedir. [T6833]
* Ignore attempts to remove the /dev/null device. [T6556]
* Improve advisory file lock retry strategy. [T3380]
* Release-info: https://dev.gnupg.org/T6578
* Remove patch upstream:
- gnupg-Report-BEGIN_-status-before-examining-the-input.patch
* Mon Oct 30 2023 Pedro Monreal <pmonreal@suse.com>
- Fix the build in SLE and Leap by adding an exclude in the files
section for the dirmngr's systemd user units. [jsc#PED-7093]
* Tue Oct 17 2023 Pedro Monreal <pmonreal@suse.com>
- Do not pull revision info from GIT when autoconf is run. This
removes the -unknown suffix after the version number.
* Add gnupg-nobetasuffix.patch [bsc#1216334]
* Mon Oct 16 2023 Pedro Monreal <pmonreal@suse.com>
- Fix Emacs EasyPG behavior when parsing output:
* gpg: Report BEGIN_* status before examining the input.
* Upstream task: https://dev.gnupg.org/T6481
* Add gnupg-Report-BEGIN_-status-before-examining-the-input.patch
* Tue Oct 10 2023 Pedro Monreal <pmonreal@suse.com>
- Install the internal executables in the /usr/libexec dir instead
of /usr/lib64. These files are keyboxd, scdaemon, gpg-auth
gpg-check-pattern, gpg-pair-tool, gpg-preset-passphrase,
gpg-protect-tool, gpg-wks-client, dirmngr_ldap and tpm2daemon.
* Mon Oct 09 2023 Pedro Monreal <pmonreal@suse.com>
- Provide the systemd-user files since they have been removed
upstream since version 2.4.1. [bsc#1201564]
* Add gpg2-systemd-user.tar.xz
* Thu Sep 21 2023 Pedro Monreal <pmonreal@suse.com>
- Install the systemd user units in the _userunitdir [bsc#1201564]
* Note that, there is no activation by default.
* Rework excludes in the spec's files section.
* Thu Aug 03 2023 Pedro Monreal <pmonreal@suse.com>
- Revert back to use the IBM TPM Software stack.
* Wed Jul 05 2023 Pedro Monreal <pmonreal@suse.com>
- Update to 2.4.3:
* gpg: Set default expiration date to 3 years. [T2701]
* gpg: Add --list-filter properties "key_expires" and
"key_expires_d". [T6529]
* gpg: Emit status line and proper diagnostics for write errors. [T6528]
* gpg: Make progress work for large files on Windows. [T6534]
* gpg: New option --no-compress as alias for -z0.
* gpgsm: Print PROGRESS status lines. Add new --input-size-hint. [T6534]
* gpgsm: Support SENDCERT_SKI for --call-dirmngr. [rG701a8b30f0]
* gpgsm: Major rewrite of the PKCS#12 parser. [T6536]
* gpgtar: New option --no-compress.
* dirmngr: Extend the AD_QUERY command. [rG207c99567c]
* dirmngr: Disable the HTTP redirect rewriting. [T6477]
* dirmngr: New option --compatibility-flags. [rGbf04b07327]
* dirmngr: New option --ignore-crl-extensions. [T6545]
* wkd: Use export-clean for gpg-wks-client's --mirror and --create
commands. [rG2c7f7a5a27]
* wkd: Make --add-revocs the default in gpg-wks-client. New option
- -no-add-revocs. [rG10c937ee68]
* scd: Make signing work for Nexus cards. [rGb83d86b988]
* scd: Fix authentication with Administration Key for PIV. [rG25b59cf6ce]
* Tue May 30 2023 Pedro Monreal <pmonreal@suse.com>
- Update to 2.4.2:
* gpg: Print a warning if no more encryption subkeys are left over
after changing the expiration date. [rGef2c3d50fa]
* gpg: Fix searching for the ADSK key when adding an ADSK. [T6504]
* gpgsm: Speed up key listings on Windows. [rG08ff55bd44]
* gpgsm: Reduce the number of "failed to open policy file"
diagnostics. [rG68613a6a9d]
* agent: Make updating of private key files more robust and track
display S/N. [T6135]
* keyboxd: Avoid longish delays on Windows when listing keys.
[rG6944aefa3c]
* gpgtar: Emit extra status lines to help GPGME. [T6497]
* w32: Avoid using the VirtualStore. [T6403]
* Rebase gnupg-add_legacy_FIPS_mode_option.patch
* Fri Apr 28 2023 Pedro Monreal <pmonreal@suse.com>
- Update to 2.4.1:
* If the ~/.gnupg directory does not exist, the keyboxd is now
automagically enabled. [rGd9e7488b17]
* gpg: New option --add-desig-revoker. [rG3d094e2bcf]
* gpg: New option --assert-signer. [rGc9e95b8dee]
* gpg: New command --quick-add-adsk and other ADSK features.
[T6395, https://gnupg.org/blog/20230321-adsk.html]
* gpg: New list-option "show-unusable-sigs". Also show "[self-signature]"
instead of the user-id in key signature listings. [rG103acfe9ca]
* gpg: For symmetric encryption the default S2K hash is now SHA256. [T6367]
* gpg: Detect already compressed data also when using a pipe. Also
detect JPEG and PNG file formats. [T6332]
* gpg: New subcommand "openpgp" for --card-edit. [T6462]
* gpgsm: Verification of detached signatures does now strip trailing
zeroes from the input if --assume-binary is used. [rG2a13f7f9dc]
* gpgsm: Non-armored detached signature are now created without
using indefinite form length octets. This improves compatibility
with some PDF signature verification software. [rG8996b0b655]
* gpgtar: Emit progress status lines in create mode. [T6363]
* dirmngr: The LDAP modifyTimestamp is now returned by some
keyserver commands. [rG56d309133f]
* ssh: Allow specification of the order keys are presented to ssh.
See the man page entry for --enable-ssh-support. [T5996, T6212]
* gpg: Make list-options "show-sig-subpackets" work again.
Fixes regression in 2.4.0. [rG5a223303d7]
* gpg: Fix the keytocard command for Yubikeys. [T6378]
* gpg: Do not continue an export after a cancel for the primary key. [T6093]
* gpg: Replace the --override-compliance-check hack by a real fix. [T5655]
* gpgtar: Fix decryption with input taken from stdin. [T6355]
* Rebase patches:
- gnupg-revert-rfc4880bis.patch
- gnupg-add_legacy_FIPS_mode_option.patch
* Remove patch fixed upstream:
- gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch
* Fri Mar 10 2023 Pedro Monreal <pmonreal@suse.com>
- Temporarily revert back to the pre-2.4 default for key generation.
The new rfc4880bis has been set as the default in 2.4 version and
might create incompatible keys. Note that, rfc4880bis can still
be used with the option flag --rfc4880bis as in previous versions.
* More info in the gnupg-devel ML:
https://lists.gnupg.org/pipermail/gnupg-devel/2022-December/035183.html
* Reverted commit https://dev.gnupg.org/rGcaf4b3fc16e9
* Add gnupg-revert-rfc4880bis.patch
* Fri Mar 10 2023 Pedro Monreal <pmonreal@suse.com>
- Allow 8192 bit RSA keys in keygen UI when large_rsa is set
* Add gnupg-allow-large-rsa.patch
* Tue Feb 07 2023 Pedro Monreal <pmonreal@suse.com>
- Fix the regression test suite fails with the IBM TPM Software
stack. Builds fine using the Intel TPM; use the swtpm and
tpm2-0-tss-devel packages instead of ibmswtpm2 and ibmtss-devel.
* Wed Jan 11 2023 Pedro Monreal <pmonreal@suse.com>
- Fix broken GPGME QT tests: Upstram dev task dev.gnupg.org/T6313
* The original patch has been modified to expand the changes
also to the tests/gpgme/Makefile.in file.
* Add gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch
/etc/gnupg /etc/gnupg/gpgconf.conf /usr/bin/g13 /usr/bin/gpg /usr/bin/gpg-agent /usr/bin/gpg-authcode-sign.sh /usr/bin/gpg-card /usr/bin/gpg-connect-agent /usr/bin/gpg-mail-tube /usr/bin/gpg-wks-client /usr/bin/gpg-wks-server /usr/bin/gpg2 /usr/bin/gpgconf /usr/bin/gpgparsemail /usr/bin/gpgscm /usr/bin/gpgsm /usr/bin/gpgsplit /usr/bin/gpgtar /usr/bin/gpgv /usr/bin/gpgv2 /usr/bin/kbxutil /usr/bin/watchgnupg /usr/lib/systemd/user/gpg-agent-browser.socket /usr/lib/systemd/user/gpg-agent-extra.socket /usr/lib/systemd/user/gpg-agent-ssh.socket /usr/lib/systemd/user/gpg-agent.service /usr/lib/systemd/user/gpg-agent.socket /usr/lib/udev/rules.d/60-scdaemon.rules /usr/libexec/gpg-auth /usr/libexec/gpg-check-pattern /usr/libexec/gpg-pair-tool /usr/libexec/gpg-preset-passphrase /usr/libexec/gpg-protect-tool /usr/libexec/gpg-wks-client /usr/libexec/keyboxd /usr/libexec/scdaemon /usr/sbin/addgnupghome /usr/sbin/applygnupgdefaults /usr/sbin/g13-syshelp /usr/share/doc/packages/gpg2 /usr/share/doc/packages/gpg2/AUTHORS /usr/share/doc/packages/gpg2/ChangeLog /usr/share/doc/packages/gpg2/DCO /usr/share/doc/packages/gpg2/DETAILS /usr/share/doc/packages/gpg2/FAQ /usr/share/doc/packages/gpg2/HACKING /usr/share/doc/packages/gpg2/KEYSERVER /usr/share/doc/packages/gpg2/NEWS /usr/share/doc/packages/gpg2/OpenPGP /usr/share/doc/packages/gpg2/README /usr/share/doc/packages/gpg2/README.systemd /usr/share/doc/packages/gpg2/THANKS /usr/share/doc/packages/gpg2/TODO /usr/share/doc/packages/gpg2/TRANSLATE /usr/share/doc/packages/gpg2/examples /usr/share/doc/packages/gpg2/examples/README /usr/share/doc/packages/gpg2/examples/common.conf /usr/share/doc/packages/gpg2/examples/gpgconf.rnames /usr/share/doc/packages/gpg2/examples/pwpattern.list /usr/share/doc/packages/gpg2/examples/qualified.txt /usr/share/doc/packages/gpg2/examples/scd-event /usr/share/doc/packages/gpg2/examples/trustlist.txt /usr/share/gnupg /usr/share/gnupg/distsigkey.gpg /usr/share/gnupg/help.be.txt /usr/share/gnupg/help.ca.txt /usr/share/gnupg/help.cs.txt /usr/share/gnupg/help.da.txt /usr/share/gnupg/help.de.txt /usr/share/gnupg/help.el.txt /usr/share/gnupg/help.eo.txt /usr/share/gnupg/help.es.txt /usr/share/gnupg/help.et.txt /usr/share/gnupg/help.fi.txt /usr/share/gnupg/help.fr.txt /usr/share/gnupg/help.gl.txt /usr/share/gnupg/help.hu.txt /usr/share/gnupg/help.id.txt /usr/share/gnupg/help.it.txt /usr/share/gnupg/help.ja.txt /usr/share/gnupg/help.nb.txt /usr/share/gnupg/help.pl.txt /usr/share/gnupg/help.pt.txt /usr/share/gnupg/help.pt_BR.txt /usr/share/gnupg/help.ro.txt /usr/share/gnupg/help.ru.txt /usr/share/gnupg/help.sk.txt /usr/share/gnupg/help.sv.txt /usr/share/gnupg/help.tr.txt /usr/share/gnupg/help.txt /usr/share/gnupg/help.zh_CN.txt /usr/share/gnupg/help.zh_TW.txt /usr/share/gnupg/mail-tube.de.txt /usr/share/gnupg/mail-tube.txt /usr/share/gnupg/wks-utils.de.txt /usr/share/gnupg/wks-utils.txt /usr/share/info/gnupg.info-1.gz /usr/share/info/gnupg.info-2.gz /usr/share/info/gnupg.info-3.gz /usr/share/info/gnupg.info.gz /usr/share/licenses/gpg2 /usr/share/licenses/gpg2/COPYING /usr/share/licenses/gpg2/COPYING.CC0 /usr/share/licenses/gpg2/COPYING.GPL2 /usr/share/licenses/gpg2/COPYING.LGPL21 /usr/share/licenses/gpg2/COPYING.LGPL3 /usr/share/licenses/gpg2/COPYING.other /usr/share/man/man1/gpg-agent.1.gz /usr/share/man/man1/gpg-card.1.gz /usr/share/man/man1/gpg-check-pattern.1.gz /usr/share/man/man1/gpg-connect-agent.1.gz /usr/share/man/man1/gpg-mail-tube.1.gz /usr/share/man/man1/gpg-preset-passphrase.1.gz /usr/share/man/man1/gpg-wks-client.1.gz /usr/share/man/man1/gpg-wks-server.1.gz /usr/share/man/man1/gpg.1.gz /usr/share/man/man1/gpg2.1.gz /usr/share/man/man1/gpgconf.1.gz /usr/share/man/man1/gpgparsemail.1.gz /usr/share/man/man1/gpgsm.1.gz /usr/share/man/man1/gpgtar.1.gz /usr/share/man/man1/gpgv.1.gz /usr/share/man/man1/gpgv2.1.gz /usr/share/man/man1/scdaemon.1.gz /usr/share/man/man1/watchgnupg.1.gz /usr/share/man/man7/gnupg.7.gz /usr/share/man/man7/gnupg2.7.gz /usr/share/man/man8/addgnupghome.8.gz /usr/share/man/man8/applygnupgdefaults.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Mar 18 23:51:43 2026