SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for gpg2-lang-2.0.24-9.6.1.noarch.rpm :

* Mon Jun 11 2018 vcizekAATTsuse.com- Sanitize the diagnostic output of the original file name in verbose mode (CVE-2018-12020, bsc#1096745)
* the attacker could have crafted a file name that could inject terminal control sequences or fake a status message
* add gnupg-CVE-2018-12020.patch
* Fri Apr 28 2017 alarrosaAATTsuse.com- Added 0001-Do-not-install-cacert-and-other-root-certificates.patch to backport a patch from gnupg 2.1.14 to not install cacert and other root certificates which are not needed with Let\'s Encrypt (boo#1036736).
* Mon Jun 27 2016 jsegitzAATTnovell.com- Added gnupg-init-trustdb.patch to get commit 23191d7851eae2217ecdac6484349849a24fd94a: Need to init the trustdb for import. (bsc#986783)
* Thu Nov 19 2015 vcizekAATTsuse.com- fix CVE-2015-1606 (bsc#918089)
* Invalid memory read using a garbled keyring
* 0001-gpg-Prevent-an-invalid-memory-read-using-a-garbled-k.patch- fix CVE-2015-1607 (bsc#918090)
* memcpy with overlapping ranges
* 0001-Use-inline-functions-to-convert-buffer-data-to-scala.patch
* Thu Nov 19 2015 tiwaiAATTsuse.de- Fix regression of \"gpg --recv\" due to keyserver import filter (bsc#955753,boo#952347): 0001-gpg-Make-screening-of-keyserver-result-work-with-mul.patch 0002-gpg-Add-kbnode_t-for-easier-backporting.patch 0003-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
* Tue Jun 24 2014 andreas.stiegerAATTgmx.de- update to 2.0.24 Contains a security fix to stop a possible DoS using garbled compressed data packets which can be used to put gpg into an infinite loop. [bnc#884130] [CVE-2014-4617]
* gpg: Avoid DoS due to garbled compressed data packets.- further:
* gpg: Screen keyserver responses to avoid importing unwanted keys from rogue servers.
* gpg: The validity of user ids is now shown by default. To revert this add \"list-options no-show-uid-validity\" to gpg.conf
* gpg: Print more specific reason codes with the INV_RECP status.
* gpg: Allow loading of a cert only key to an OpenPGP card.
* gpg-agent: Make ssh support for ECDSA keys work with Libgcrypt 1.6.
* Tue Jun 03 2014 andreas.stiegerAATTgmx.de- update to 2.0.23:
* gpg: Reject signatures made using the MD5 hash algorithm unless the new option --allow-weak-digest-algos or --pgp2 are given.
* gpg: Do not create a trustdb file if --trust-model=always is used.
* gpg: Only the major version number is by default included in the armored output.
* gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the communication with the gpg-agent.
* gpg: The format of the fallback key listing (\"gpg KEYFILE\") is now more aligned to the regular key listing (\"gpg -k\").
* gpg: The option--show-session-key prints its output now before the decryption of the bulk message starts.
* gpg: New %U expando for the photo viewer.
* gpgsm: Improved handling of re-issued CA certificates.
* scdaemon: Various fixes for pinpad equipped card readers.
* Minor bug fixes.- Packaging changes:
* add gpgtar utility
* update and use use source URL for tarball signing key
* removed gnupg-2.0.9-RSA_ES.patch, applied upstream
* updated for context changes: gnupg-add_legacy_FIPS_mode_option.patch gnupg-2.0.18-files-are-digests.patch gnupg-dont-fail-with-seahorse-agent.patch
* Tue Apr 29 2014 vcizekAATTsuse.com- add patch by Stephan Mueller which adds an option to enable legacy ciphers in FIPS mode
* added gnupg-add_legacy_FIPS_mode_option.patch (part of bnc#856312)- added BuildRequires: makeinfo (to build info pages from the patched gnupg.texi)
* Fri Feb 14 2014 vcizekAATTsuse.com- install scdaemon to /usr/bin (bnc#863645)
* Sat Oct 05 2013 andreas.stiegerAATTgmx.de- update to 2.0.22 [bnc#844175]
* Fixed possible infinite recursion in the compressed packet parser. [CVE-2013-4402]
* Improved support for some card readers.
* Prepared building with the forthcoming Libgcrypt 1.6.
* Protect against rogue keyservers sending secret keys.- remove gpg2-CVE-2013-4351.patch, committed upstream
* Mon Sep 16 2013 vcizekAATTsuse.com- fix CVE-2013-4351 (bnc#840510)
* Mon Aug 19 2013 andreas.stiegerAATTgmx.de- update to 2.0.21
* gpg-agent: By default the users are now asked via the Pinentry whether they trust an X.509 root key. To prohibit interactive marking of such keys, the new option --no-allow-mark-trusted may be used.
* gpg-agent: The command KEYINFO has options to add info from sshcontrol.
* The included ssh agent does now support ECDSA keys.- now requires libgpg-error 1.11- update gnupg-2.0.9-langinfo.patch for upstream whitespace changes- drop gnupg-broken-curl-test.patch, no longer required
* Mon Jun 17 2013 cooloAATTsuse.com- revert usage of gpg-offline to avoid cycles
* Mon Jun 17 2013 cooloAATTsuse.com- add gnupg-2.0.20-automake113.diff to fix build with automake 1.13
* Tue May 14 2013 vcizekAATTsuse.com- set safe umask before creating a plaintext file (bnc#780943) added gpg2-set_umask_before_open_outfile.patch- select proper ciphers when running in FIPS mode (bnc#808958) added gnupg-detect_FIPS_mode.patch
* Fri May 10 2013 andreas.stiegerAATTgmx.de- update to 2.0.20
* Decryption using smartcards keys > 3072 bit does now work.
* New meta option ignore-invalid-option to allow using the same option file by other GnuPG versions.
* gpg: The hash algorithm is now printed for sig records in key listings.
* gpg: Skip invalid keyblock packets during import to avoid a DoS.
* gpg: Correctly handle ports from DNS SRV records.
* keyserver: Improve use of SRV records
* gpg-agent: Avoid tty corruption when killing pinentry.
* scdaemon: Improve detection of card insertion and removal.
* scdaemon: Rename option --disable-keypad to --disable-pinpad.
* scdaemon: Better support for CCID readers. Now, the internal CCID driver supports readers without the auto configuration feature.
* scdaemon: Add pinpad input for PC/SC, if your reader has pinpad and it supports variable length PIN input, and you specify - -enable-pinpad-varlen option.
* scdaemon: New option --enable-pinpad-varlen.
* scdaemon: Install into libexecdir to avoid accidental execution from the command line.
* Assorted bug fixes.- refresh gnupg-2.0.9-RSA_ES.patch- verify gpg signature of source tarball
* Wed Mar 27 2013 mmeisterAATTsuse.com- Added url as source. Please see http://en.opensuse.org/SourceUrls
* Fri Jan 11 2013 lazy.kentAATTopensuse.org- BuildRequires: libbz2-devel (support BZIP2 compression algorithm) (bnc#798175).
* Wed Apr 18 2012 vcizekAATTsuse.com- Mention some of the changes in Greg\'s version update
* Tue Mar 27 2012 gregkhAATTopensuse.org- update to upstream 2.0.19
* GPG now accepts a space separated fingerprint as a user ID. This allows to copy and paste the fingerprint from the key listing.
* GPG now uses the longest key ID available. Removed support for the original HKP keyserver which is not anymore used by any site.
* Rebuild the trustdb after changing the option --min-cert-level.
* Ukrainian translation.
* Honor option --cert-digest-algo when creating a cert.
* Emit a DECRYPTION_INFO status line.
* Improved detection of JPEG files.
* Tue Dec 06 2011 vcizekAATTsuse.com- fixed licence to GPL-3.0+ (bnc#734878)
* Wed Nov 30 2011 cooloAATTsuse.com- add automake as buildrequire to avoid implicit dependency
* Sat Oct 01 2011 crrodriguezAATTopensuse.org- Test suite hangs in qemu-arm, workaround.
* Wed Aug 31 2011 puzelAATTsuse.com- link with -pie
* Fri Aug 19 2011 crrodriguezAATTopensuse.org- libcurl.m4 tests were broken, resulting in the usage of a \"fake\" internal libcurl.
* Sat Aug 06 2011 andreas.stiegerAATTgmx.de- update to upstream 2.0.18
* Bug fix for newer versions of Libgcrypt.
* Support the SSH confirm flag and show SSH fingerprints in ssh related pinentries.
* Improved dirmngr/gpgsm interaction for OCSP.
* Allow generation of card keys up to 4096 bit.- refresh patch gnupg-2.0.10-tmpdir.diff -> gnupg-2.0.18-tmpdir.diff- refresh patch gnupg-files-are-digests.patch -> gnupg-2.0.18-files-are-digests.patch
* Tue Mar 15 2011 puzelAATTnovell.com- update to gnupg-2.0.17
* Allow more hash algorithms with the OpenPGP v2 card.
* The gpg-agent now tests for a new gpg-agent.conf on a HUP.
* Fixed output of \"gpgconf --check-options\".
* Fixed a bug where Scdaemon sends a signal to Gpg-agent running in non-daemon mode.
* Fixed TTY management for pinentries and session variable update problem.- drop gnupg-CVE-2010-2547.patch (in upstream)
* Fri Jan 07 2011 sbrabecAATTsuse.cz- Removed obsolete BuildRequires of opensc-devel.
* Sun Oct 31 2010 jengelhAATTmedozas.de- Use %_smp_mflags
* Wed Jul 28 2010 puzelAATTnovell.com- gnupg-CVE-2010-2547.patch (bnc#625947)- renumber patches
* Mon Jul 19 2010 puzelAATTnovell.com- update to gnupg-2.0.16
* If the agent\'s --use-standard-socket option is active, all tools try to start and daemonize the agent on the fly. In the past this was only supported on W32; on non-W32 systems the new configure option --use-standard-socket may now be used to use this feature by default.
* The gpg-agent commands KILLAGENT and RELOADAGENT are now available on all platforms.
* Minor bug fixes.- drop gnupg-2.0.14-s2kcount.patch (builds fine without it now)
* Mon Jun 07 2010 adrianAATTsuse.de- add special provides to make sure that obs signd gets correct gpg version
* Fri Apr 09 2010 chrisAATTcomputersalat.de- fix deps o libassuan-devel >= 2.0.0 o pth / libpth-devel >= 1.3.7- added BuildReq libcurl-devel >= 7.10- removed BuildReq openldap2 is already solved by openldap2-devel- removed unrecognized configure options - -enable-external-hkp, --enable-shared, --enable-static-rnd
* Wed Apr 07 2010 puzelAATTnovell.com- add gnupg-dont-fail-with-seahorse-agent.patch (bnc#589994)
* Wed Mar 31 2010 puzelAATTnovell.com- update to gnupg-2.0.15
* New command --passwd for GPG.
* Fixes a regression in 2.0.14 which prevented unprotection of new or changed gpg-agent passphrases.
* Make use of libassuan 2.0 which is available as a DSO.
* Mon Mar 22 2010 puzelAATTnovell.com- fix files-are-digests patch (bnc#469229)
* Wed Feb 17 2010 dimstarAATTopensuse.org- Update to version 2.0.14: + The default for --include-cert is now to include all certificates in the chain except for the root certificate. + Numerical values may now be used as an alternative to the debug-level keywords. + The GPGSM --audit-log feature is now more complete. + GPG now supports DNS lookups for SRV, PKA and CERT on W32. + New GPGSM option --ignore-cert-extension. + New and changed passphrases are now created with an iteration count requiring about 100ms of CPU work.- Add gnupg-2.0.14-s2kcount.patch: use fixed s2k-count number otherwise the gpg2 would want to consult gpg-agent which is not yet installed in the mock chroot (Patch shamelessly stolen from Fedora).
* Thu Jan 28 2010 puzelAATTnovell.com- fix build for older distributions
* Wed Jan 27 2010 puzelAATTnovell.com- port files-are-digests patch from gpg1 (bnc#469229)
* Tue Dec 15 2009 jengelhAATTmedozas.de- enable parallel building- SPARC needs large PIE model
* Sun Dec 06 2009 cooloAATTnovell.com- change -lang require to recommended
* Fri Nov 13 2009 puzelAATTnovell.com- update to gnupg-2.0.13
* GPG now generates 2048 bit RSA keys by default. The default hash algorithm preferences has changed to prefer SHA-256 over SHA-1. 2048 bit DSA keys are now generated to use a 256 bit hash algorithm
* The envvars XMODIFIERS, GTK_IM_MODULE and QT_IM_MODULE are now passed to the Pinentry to make SCIM work.
* The GPGSM command --gen-key features a --batch mode and implements all features of gpgsm-gencert.sh in standard mode.
* New option --re-import for GPGSM\'s IMPORT server command.
* Enhanced writing of existing keys to OpenPGP v2 cards.
* Add hack to the internal CCID driver to allow the use of some Omnikey based card readers with 2048 bit keys.
* GPG now repeatly asks the user to insert the requested OpenPGP card. This can be disabled with --limit-card-insert-tries=1.
* Minor bug fixes.- drop gnupg-2.0.4-default-tty.diff
* Thu Jun 18 2009 puzelAATTnovell.com- update to gnupg-2.0.12
* GPGSM now always lists ephemeral certificates if specified by fingerprint or keygrip.
* New command \"KEYINFO\" for GPG_AGENT. GPGSM now also returns information about smartcards.
* Made sure not to leak file descriptors if running gpg-agent with a command. Restore the signal mask to solve a problem in Mono.
* Changed order of the confirmation questions for root certificates and store negative answers in trustlist.txt.
* Better synchronization of concurrent smartcard sessions.
* Support 2048 bit OpenPGP cards.
* Support Telesec Netkey 3 cards.
* The gpg-protect-tool now uses gpg-agent via libassuan.
* Changed code to avoid a possible Mac OS X system freeze.- drop gpg2-fix-rtsignals.patch (fixed upstream)- drop gnupg-1.9.22-ccid-driver-fix.diff (unused)
* Thu Jun 11 2009 puzelAATTsuse.cz- change BuildRequires: (pth-devel -> libpth-devel)
* Mon Jun 01 2009 puzelAATTsuse.cz- BuildRequires: pth-devel
* Wed Mar 18 2009 puzelAATTsuse.cz- add gpg2-fix-rtsignals.patch (bnc#481463)
* Thu Mar 05 2009 puzelAATTsuse.cz- update to 2.0.11
* Fixed a problem in SCDAEMON which caused unexpected card resets.
* SCDAEMON is now aware of the Geldkarte.
* The SCDAEMON option --allow-admin is now used by default.
* GPGCONF now restarts SCdaemon if necessary.
* The default cipher algorithm in GPGSM is now again 3DES. This is due to interoperability problems with Outlook 2003 which still can\'t cope with AES.- dropped gnupg-2.0.10-fix-convert.patch (upstream)- dropped gnupg-2.0.10-fix-missing-option.patch (upstream)- disabled gnupg-1.9.22-ccid-driver-fix.diff (does not apply and it is not clear what it is good for)
* Mon Mar 02 2009 puzelAATTsuse.cz- gnupg-2.0.10-fix-missing-option.patch (bnc#477362)
 
ICM