|
|
|
|
Changelog for gpg2-tpm-2.4.5-341.6.i586.rpm :
* Mon Aug 12 2024 Andreas Stieger - Remove explicit runtime library dependency, pick ease of maintenance in Tumbleweed over mixed project use runtime bugs. * Fri Mar 08 2024 Pedro Monreal - Update to 2.4.5: * gpg,gpgv: New option --assert-pubkey-algo. [T6946] * gpg: Emit status lines for errors in the compression layer. [T6977] * gpg: Fix invocation with --trusted-keys and --no-options. [T7025] * gpgsm: Allow for a longer salt in PKCS#12 files. [T6757] * gpgtar: Make --status-fd=2 work on Windows. [T6961] * scd: Support for the ACR-122U NFC reader. [rG1682ca9f01] * scd: Suport D-TRUST ECC cards. [T7000,T7001] * scd: Allow auto detaching of kernel drivers; can be disabled with the new compatibility-flag ccid-no-auto-detach. [rGa1ea3b13e0] * scd: Allow setting a PIN length of 6 also with a reset code for openpgp cards. [T6843] * agent: Allow GET_PASSPHRASE in restricted mode. [rGadf4db6e20] * dirmngr: Trust system\'s root CAs for checking CRL issuers. [T6963] * dirmngr: Fix regression in 2.4.4 in fetching keys via hkps. [T6997] * gpg-wks-client: Make option --mirror work properly w/o specifying domains. [rG37cc255e49] * g13,gpg-wks-client: Allow command style options as in \"g13 mount foo\". [rGa09157ccb2] * Allow tilde expansion for the foo-program options. [T7017] * Make the getswdb.sh tool usable outside the GnuPG tree. * Release-info: https://dev.gnupg.org/T6960 * Update the required versions for the dependencies. * Thu Jan 25 2024 Pedro Monreal - Update to 2.4.4: [bsc#1219191] * gpg: Do not keep an unprotected smartcard backup key on disk. See https://gnupg.org/blog/20240125-smartcard-backup-key.html for a security advisory. [T6944] * gpg: Allow to specify seconds since Epoch beyond 2038 on 32-bit platforms. [T6736] * gpg: Fix expiration time when Creation-Date is specified. [T5252] * gpg: Add support for Subkey-Expire-Date. [rG96b69c1866] * gpg: Add option --with-v5-fingerprint. [T6705] * gpg: Add sub-option ignore-attributes to --import-options. * gpg: Add --list-filter properties sig_expires/sig_expires_d. * gpg: Fix validity of re-imported keys. [T6399] * gpg: Report BEGIN_ status before examining the input. [T6481] * gpg: Don\'t try to compress a read-only keybox. [T6811] * gpg: Choose key from inserted card over a non-inserted card. [T6831] * gpg: Allow to create revocations even with non-compliant algos. [T6929] * gpg: Fix regression in the Revoker keyword of the parameter file. [T6923] * gpg: Improve error message for expired default keys. [T4704] * gpgsm: Add --always-trust feature. [T6559] * gpgsm: Support ECC certificates in de-vs mode. [T6802] * gpgsm: Major rewrite of the PKCS#12 parser. [T6536] * gpgsm: No not show the pkcs#12 passphrase in debug output. [T6654] * keyboxd: Timeout on failure to get the database lock. [T6838] * agent: Update the key stubs only if really modified. [T6829] * scd: Add support for certain Starcos 3.2 cards. [rG5304c9b080] * scd: Add support for CardOS 5.4 cards. [rG812f988059] * scd: Add support for D-Trust 4.1/4.4 cards. [rG0b85a9ac09] * scd: Add support for Smartcafe Expert 7.0 cards. [T6919] * scd: Add a length check for a new PIN. [T6843] * tpm: Fix keytotpm handling in the agent. [rG9909f622f6] * tpm: Fixes for the TPM test suite. [T6052] * dirmngr: New option --ignore-crl-extensions. [T6545] * dirmngr: Support config value \"none\" to disable the default keyserver. [T6708] * dirmngr: Fix handling of the HTTP Content-Length. [rGa5e33618f4] * gpgconf: Add commands --lock and --unlock. [rG93b5ba38dc] * gpgconf: Add keyword socketdir to gpgconf.ctl. [rG239c1fdc28] * gpgconf: Adjust the -X command for the new VERSION file format. [T6918] * wkd: Use export-clean for gpg-wks-client\'s --mirror and --create commands. [rG2c7f7a5a278c] * wkd: Make --add-revocs the default in gpg-wks-client. New option - -no-add-revocs. [rG10c937ee68] * Remove duplicated backslashes when setting the homedir. [T6833] * Ignore attempts to remove the /dev/null device. [T6556] * Improve advisory file lock retry strategy. [T3380] * Release-info: https://dev.gnupg.org/T6578 * Remove patch upstream: - gnupg-Report-BEGIN_-status-before-examining-the-input.patch * Mon Oct 30 2023 Pedro Monreal - Fix the build in SLE and Leap by adding an exclude in the files section for the dirmngr\'s systemd user units. [jsc#PED-7093] * Tue Oct 17 2023 Pedro Monreal - Do not pull revision info from GIT when autoconf is run. This removes the -unknown suffix after the version number. * Add gnupg-nobetasuffix.patch [bsc#1216334] * Mon Oct 16 2023 Pedro Monreal - Fix Emacs EasyPG behavior when parsing output: * gpg: Report BEGIN_ * status before examining the input. * Upstream task: https://dev.gnupg.org/T6481 * Add gnupg-Report-BEGIN_-status-before-examining-the-input.patch * Tue Oct 10 2023 Pedro Monreal - Install the internal executables in the /usr/libexec dir instead of /usr/lib64. These files are keyboxd, scdaemon, gpg-auth gpg-check-pattern, gpg-pair-tool, gpg-preset-passphrase, gpg-protect-tool, gpg-wks-client, dirmngr_ldap and tpm2daemon. * Mon Oct 09 2023 Pedro Monreal - Provide the systemd-user files since they have been removed upstream since version 2.4.1. [bsc#1201564] * Add gpg2-systemd-user.tar.xz * Thu Sep 21 2023 Pedro Monreal - Install the systemd user units in the _userunitdir [bsc#1201564] * Note that, there is no activation by default. * Rework excludes in the spec\'s files section. * Thu Aug 03 2023 Pedro Monreal - Revert back to use the IBM TPM Software stack. * Wed Jul 05 2023 Pedro Monreal - Update to 2.4.3: * gpg: Set default expiration date to 3 years. [T2701] * gpg: Add --list-filter properties \"key_expires\" and \"key_expires_d\". [T6529] * gpg: Emit status line and proper diagnostics for write errors. [T6528] * gpg: Make progress work for large files on Windows. [T6534] * gpg: New option --no-compress as alias for -z0. * gpgsm: Print PROGRESS status lines. Add new --input-size-hint. [T6534] * gpgsm: Support SENDCERT_SKI for --call-dirmngr. [rG701a8b30f0] * gpgsm: Major rewrite of the PKCS#12 parser. [T6536] * gpgtar: New option --no-compress. * dirmngr: Extend the AD_QUERY command. [rG207c99567c] * dirmngr: Disable the HTTP redirect rewriting. [T6477] * dirmngr: New option --compatibility-flags. [rGbf04b07327] * dirmngr: New option --ignore-crl-extensions. [T6545] * wkd: Use export-clean for gpg-wks-client\'s --mirror and --create commands. [rG2c7f7a5a27] * wkd: Make --add-revocs the default in gpg-wks-client. New option - -no-add-revocs. [rG10c937ee68] * scd: Make signing work for Nexus cards. [rGb83d86b988] * scd: Fix authentication with Administration Key for PIV. [rG25b59cf6ce] * Tue May 30 2023 Pedro Monreal - Update to 2.4.2: * gpg: Print a warning if no more encryption subkeys are left over after changing the expiration date. [rGef2c3d50fa] * gpg: Fix searching for the ADSK key when adding an ADSK. [T6504] * gpgsm: Speed up key listings on Windows. [rG08ff55bd44] * gpgsm: Reduce the number of \"failed to open policy file\" diagnostics. [rG68613a6a9d] * agent: Make updating of private key files more robust and track display S/N. [T6135] * keyboxd: Avoid longish delays on Windows when listing keys. [rG6944aefa3c] * gpgtar: Emit extra status lines to help GPGME. [T6497] * w32: Avoid using the VirtualStore. [T6403] * Rebase gnupg-add_legacy_FIPS_mode_option.patch * Fri Apr 28 2023 Pedro Monreal - Update to 2.4.1: * If the ~/.gnupg directory does not exist, the keyboxd is now automagically enabled. [rGd9e7488b17] * gpg: New option --add-desig-revoker. [rG3d094e2bcf] * gpg: New option --assert-signer. [rGc9e95b8dee] * gpg: New command --quick-add-adsk and other ADSK features. [T6395, https://gnupg.org/blog/20230321-adsk.html] * gpg: New list-option \"show-unusable-sigs\". Also show \"[self-signature]\" instead of the user-id in key signature listings. [rG103acfe9ca] * gpg: For symmetric encryption the default S2K hash is now SHA256. [T6367] * gpg: Detect already compressed data also when using a pipe. Also detect JPEG and PNG file formats. [T6332] * gpg: New subcommand \"openpgp\" for --card-edit. [T6462] * gpgsm: Verification of detached signatures does now strip trailing zeroes from the input if --assume-binary is used. [rG2a13f7f9dc] * gpgsm: Non-armored detached signature are now created without using indefinite form length octets. This improves compatibility with some PDF signature verification software. [rG8996b0b655] * gpgtar: Emit progress status lines in create mode. [T6363] * dirmngr: The LDAP modifyTimestamp is now returned by some keyserver commands. [rG56d309133f] * ssh: Allow specification of the order keys are presented to ssh. See the man page entry for --enable-ssh-support. [T5996, T6212] * gpg: Make list-options \"show-sig-subpackets\" work again. Fixes regression in 2.4.0. [rG5a223303d7] * gpg: Fix the keytocard command for Yubikeys. [T6378] * gpg: Do not continue an export after a cancel for the primary key. [T6093] * gpg: Replace the --override-compliance-check hack by a real fix. [T5655] * gpgtar: Fix decryption with input taken from stdin. [T6355] * Rebase patches: - gnupg-revert-rfc4880bis.patch - gnupg-add_legacy_FIPS_mode_option.patch * Remove patch fixed upstream: - gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch * Fri Mar 10 2023 Pedro Monreal - Temporarily revert back to the pre-2.4 default for key generation. The new rfc4880bis has been set as the default in 2.4 version and might create incompatible keys. Note that, rfc4880bis can still be used with the option flag --rfc4880bis as in previous versions. * More info in the gnupg-devel ML: https://lists.gnupg.org/pipermail/gnupg-devel/2022-December/035183.html * Reverted commit https://dev.gnupg.org/rGcaf4b3fc16e9 * Add gnupg-revert-rfc4880bis.patch * Fri Mar 10 2023 Pedro Monreal - Allow 8192 bit RSA keys in keygen UI when large_rsa is set * Add gnupg-allow-large-rsa.patch * Tue Feb 07 2023 Pedro Monreal - Fix the regression test suite fails with the IBM TPM Software stack. Builds fine using the Intel TPM; use the swtpm and tpm2-0-tss-devel packages instead of ibmswtpm2 and ibmtss-devel. * Wed Jan 11 2023 Pedro Monreal - Fix broken GPGME QT tests: Upstram dev task dev.gnupg.org/T6313 * The original patch has been modified to expand the changes also to the tests/gpgme/Makefile.in file. * Add gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch * Tue Dec 20 2022 David Anes - Updated to require libgpg-error-devel >= 1.46- Rebased patches: * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch * gnupg-add_legacy_FIPS_mode_option.patch- GnuPG 2.4.0: * common: Fix translations in --help for gpgrt < 1.47. * gpg: Do not continue the export after a cancel for the primary key. * gpg: Replace use of PRIu64 in log_debug. * Update NEWS for 2.4.0. * tests: Fix make check with GPGME. * agent: Allow arguments to \"scd serialno\" in restricted mode. * scd:p15: Skip deleted records. * build: Remove Windows CE support. * wkd: Do not send/install/mirror expired user ids. * gpgsm: Print the revocation time also with --verify. * gpgsm: Fix \"problem re-searching certificate\" case. * gpgsm: Print revocation date and reason in cert listings. * gpgsm: Silence the \"non-critical certificate policy not allowed\". * gpgsm: Always use the chain model if the root-CA requests this. * gpg: New export option \"mode1003\". * gpg: Remove a mostly duplicated function. * tests: Simplify fake-pinentry to use the option only. * tests: Fix fake-pinentry for Windows. * tests: Fix make check-all. * agent: Fix import of protected v5 keys. * gpgsm: Change default algo to AES-256. * tests: Put a workaround for semihosted environment. * tests: More fix for semihosted environment. * tests: Support semihosted environment. * tests: Fix tests under cms. * tests,w32: Fix for semihosted environment. * w32: Fix for tests on semihosted environment. * w32: Fix gnupg_unsetenv. * wkd: New option --add-revocs and some fixes. * wkd: Make use of --debug extprog. * gpg: New export-filter export-revocs. * gpg: Fix double-free in gpg --card-edit. * gpg: Make --require-compliance work with out --status-fd. * gpg: New option --list-filter. * dirmngr: Silence ocsp debug output. * tests: Fix to support --enable-all-tests and variants. * tests:w32: Fix for non-dot file name for Windows. * tests:gpgscm:w32: Fix for GetTempPath. * tests: Keep .log files in objdir. * tests: Use 233 for invalid value of FD. * w32: Fix gnupg_tmpfile for possible failure. * scd: Redact --debug cardio output of a VERIFY APDU. * common: Remove Windows CE support in common. * gpgsm: Fix colon outout of ECC encryption certificates. * scd:nks: Fix ECC signing if key not given by keygrip. * dirmngr: Fix verification of ECDSA signed CRLs. * agent: Allow trustlist on Windows in Unicode homedirs. * gpg: Fix verification of cleartext signatures with overlong lines. * gpg: Move w32_system function. * gpg: New option --quick-update-pref. * gpg: New list-options show-pref and show-pref-verbose. * tests: Add tests to check that OCB is only used for capable keys. * gpg: Make --list-packets work w/o --no-armor for plain OCB packets. * tests: Add symmetric decryption tests. * tests: Add tr:assert-same function. * agent: Avoid blanks in the ssh key\'s comment. * build: Update m4 files. * gpg: Merge --rfc4880bis features into --gnupg. * gpg: Allow only OCB for AEAD encryption. * gpg: New option --compatibility-flags. * gpgsm: Also announce AES256-CBC in signatures. * gpg: Fix trusted introducer for user-ids with only the mbox. * gpg: Import stray revocation certificates. * agent: Automatically convert to extended key format by KEYATTR. * card: New commands \"gpg\" and \"gpgsm\". * card: Also show fingerprints of known X.509 certificates. * scd:nks: Support non-ESIGN signing with the Signature Card v2. * gpgsm: Allow ECC encryption keys with just keyAgreement specified. * gpgsm: Use macro constants for cert_usage_p. * build: Update gpg-error.m4. * agent,common,dirmngr,tests,tools: Remove spawn PREEXEC argument. * gpg: Move NETLIBS after GPG_ERROR_LIBS. * gpg: Use GCRY_KDF_ONESTEP_KDF with newer libgcrypt in future. * common,w32: Fix struct stat on Windows. * agent,w32: Support Win32-OpenSSH emulation by gpg-agent. * common: Don\'t use FD2INT for POSIX-only code. * dirmngr: Fix build with no LDAP support. * Mon Oct 17 2022 Pedro Monreal - GnuPG 2.3.8: * gpg: Do not consider unknown public keys as non-compliant while decrypting. * gpg: Avoid to emit a compliance mode line if Libgcrypt is non-compliant. * gpg: Improve --edit-key setpref command to ease c+p. * gpg: Emit an ERROR status if --quick-set-primary-uid fails and allow to pass the user ID by hash. * gpg: Actually show symmetric+pubkey encrypted data as de-vs compliant. Add extra compliance checks for symkey_enc packets. * gpg: In de-vs mode use SHA-256 instead of SHA-1 as implicit preference. * gpgsm: Fix reporting of bad passphrase error during PKCS#11 import. * agent: Fix a regression in \"READKEY --format=ssh\". * agent: New option --need-attr for KEYINFO. * agent: New attribute \"Remote-list\" for use by KEYINFO. * scd: Fix problem with Yubikey 5.4 firmware. * dirmngr: Fix CRL Distribution Point fallback to other schemes. * dirmngr: New LDAP server flag \"areconly\" (A-record-only). * dirmngr: Fix upload of multiple keys for an LDAP server specified using the colon format. * dirmngr: Use LDAP schema v2 when a Base DN is specified. * dirmngr: Avoid caching expired certificates. * wkd: Fix path traversal attack in gpg-wks-server. Add the mail address to the pending request data. * wkd: New command --mirror for gpg-wks-client. * gpg-auth: New tool for authentication. * New common.conf option no-autostart. * Silence warnings from AllowSetForegroundWindow unless GNUPG_EXEC_DEBUG_FLAGS is used. * Rebase gnupg-detect_FIPS_mode.patch * Remove patch upstream: - gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch * Mon Aug 08 2022 Andreas Stieger - Fix YubiKey 5 Nano support (boo#1202201), add gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch * Tue Jul 12 2022 Andreas Stieger - GnuPG 2.3.7: * CVE-2022-34903: garbled status messages could trick gpgme and other parsers to accept faked status lines [boo#1201225] * A number of bug fixes to the gpg command line interface * gpgsm gained a number of new options and got some rework on the PKCS#12 parser to support DFN issues keys * The gpg agent got some added options and UI tweaks * smart card support got a number of bug fixes, and improved support for Technology Nexus cards and Yubikey * The Telesec ESIGN application is now supported * Mon May 16 2022 Marcus Meissner - added tpm support, added a new subpackage gpg2-tpm * Mon Apr 25 2022 Andreas Stieger - GnuPG 2.3.6: * Up to five times faster verification of detached signatures, doubled detached signing speed, threefold decryption speedup for large files, nearly double the AES256.OCB encryption speed * Add support for GeNUA cards * Added and improved options for crypto options, and all-around bug fixes * Wed Dec 22 2021 Andreas Stieger - GnuPG 2.3.4: * gpg: New option --min-rsa-length * gpg: New option --forbid-gen-key * gpg: New option --override-compliance-check * gpgconf: New command --show-configs * agent,dirmngr,keyboxd: New option --steal-socket * gpg: Fix printing of binary notations * gpg: Remove stale ultimately trusted keys from the trustdb * gpg: Fix indentation of --print-mds and --print-md sha512 * gpg: Emit gpg 2.2 compatible Ed25519 signature * gpgsm: Detect circular chains in --list-chain * dirmngr: Make reading resolv.conf more robust * dirmngr: Ask keyservers to provide the key fingerprints * gpgconf: Allow changing gpg\'s deprecated keyserver option * gpg-wks-server: Fix created file permissions * scd: Support longer data for ssh-agent authentication with openpgp cards * scd: Modify DEVINFO behavior to support looping forever * Silence warning about the rootdir under Unices w/o a mounted /proc file system * Fix possible build problems about missing include files * Tue Oct 12 2021 Andreas Stieger - GnuPG 2.3.3: * agent: Fix segv in GET_PASSPHRASE (regression) * dirmngr: Fix Let\'s Encrypt certificate chain validation * gpg: Change default and maximum AEAD chunk size to 4 MiB * gpg: Print a warning when importing a bad cv25519 secret key * gpg: Fix --list-packets for undecryptable AEAD packets * gpg: Verify backsigs for v5 keys correctly * keyboxd: Fix checksum computation for no UBID entry on disk * keyboxd: Fix \"invalid object\" error with cv448 keys * dirmngr: New option --ignore-cert * agent: Fix calibrate_get_time use of clock_gettime * Support a gpgconf.ctl file under Unix and use this for the regression tests * Wed Aug 25 2021 Pedro Monreal - GnuPG 2.3.2: * gpg: Allow fingerprint based lookup with --locate-external-key. * gpg: Allow decryption w/o public key but with correct card inserted. * gpg: Auto import keys specified with --trusted-keys. * gpg: Do not use import-clean for LDAP keyserver imports. * gpg: Fix mailbox based search via AKL keyserver method. * gpg: Fix memory corruption with --clearsign introduced with 2.3.1. * gpg: Use a more descriptive prompt for symmetric decryption. * gpg: Improve speed of secret key listing. * gpg: Support keygrip search with traditional keyring. * gpg: Let --fetch-key return an exit code on failure. * gpg: Emit the NO_SECKEY status again for decryption. * gpgsm: Support decryption of password based encryption (pwri). * gpgsm: Support AES-GCM decryption. * gpgsm: Let --dump-cert --show-cert also print an OpenPGP fingerprint. * gpgsm: Fix finding of issuer in use-keyboxd mode. * gpgsm: New option --ldapserver as an alias for --keyserver. * agent: Use SHA-256 for SSH fingerprint by default. * agent: Fix calling handle_pincache_put. * agent: Fix importing protected secret key. * agent: Fix a regression in agent_get_shadow_info_type. * agent: Add translatable text for Caps Lock hint. * agent: New option --pinentry-formatted-passphrase. * agent: Add checkpin inquiry for pinentry. * agent: New option --check-sym-passphrase-pattern. * agent: Use the sysconfdir for a pattern file. * agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pinentry. * dirmngr: LDAP search by a mailbox now ignores revoked keys. * dirmngr: For KS_SEARCH return the fingerprint also with LDAP. * dirmngr: Allow for non-URL specified ldap keyservers. * dirmngr: New option --ldapserver. * dirmngr: Fix regression in KS_GET for mail address pattern. * card: New option --shadow for the list command. * tests: Make sure the built keyboxd is used. * scd: Fix computing shared secrets for 512 bit curves. * scd: Fix unblock PIN by a Reset Code with KDF. * scd: Fix PC/SC removed card problem. * scd: Recover the partial match for PORTSTR for PC/SC. * scd: Make sure to release the PC/SC context. * scd: Fix zero-byte handling in ECC. * scd: Fix serial number detection for Yubikey 5. * scd: Add basic support for AET JCOP cards. * scd: Detect external interference when --pcsc-shared is in use. * scd: Fix access to the list of cards. * gpgconf: Do not list a disabled tpm2d. * gpgconf: Make runtime changes with different homedir work. * keyboxd: Fix searching for exact mail adddress. * keyboxd: Fix searching with multiple patterns. * tools: Extend gpg-check-pattern. * wkd: Fix client issue with leading or trailing spaces in user-ids. * Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to Pinentry. * Change the default keyserver to keyserver.ubuntu.com. This is a temporary change due to the shutdown of the SKS keyserver pools. * Fri Jun 11 2021 Pedro Monreal - GnuPG 2.3.1: * The new configuration file common.conf is now used to enable the use of the key database daemon with \"use-keyboxd\". Using this option in gpg.conf and gpgsm.conf is supported for a transitional period. See doc/example/common.conf for more. * gpg: Force version 5 key creation for ed448 and cv448 algorithms. * gpg: By default do not use the self-sigs-only option when importing from an LDAP keyserver. * gpg: Lookup a missing public key of the active card via LDAP. * gpgsm: New command --show-certs. * scd: Fix CCID driver for SCM SPR332/SPR532. * scd: Further improvements for PKCS#15 cards. * New configure option --with-tss to allow the selection of the TSS library.- Rebase patches: * gnupg-add_legacy_FIPS_mode_option.patch * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch * gnupg-dont-fail-with-seahorse-agent.patch * gnupg-set_umask_before_open_outfile.patch * Fri Jun 11 2021 Andreas Stieger - GnuPG 2.3.0: * A new experimental key database daemon is provided. To enable it put \"use-keyboxd\" into gpg.conf and gpgsm.conf. Keys are stored in a SQLite database and make key lookup much faster. * New tool gpg-card as a flexible frontend for all types of supported smartcards. * New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and gpg-connect-agent. * The gpg-wks-client tool is now installed under bin; a wrapper for its old location at libexec is also installed. * tpm2d: New daemon to physically bind keys to the local machine. * gpg: Switch to ed25519/cv25519 as default public key algorithms. * gpg: Verification results now depend on the --sender option and the signer\'s UID subpacket. * gpg: Do not use any 64-bit block size cipher algorithm for encryption. Use AES as last resort cipher preference instead of 3DES. This can be reverted using --allow-old-cipher-algos. * gpg: Support AEAD encryption mode using OCB or EAX. * gpg: Support v5 keys and signatures. * gpg: Support curve X448 (ed448, cv448). * gpg: Allow use of group names in key listings. * gpg: New option --full-timestrings to print date and time. * gpg: New option --force-sign-key. * gpg: New option --no-auto-trust-new-key. * gpg: The legacy key discovery method PKA is no longer supported. The command --print-pka-records and the PKA related import and export options have been removed. * gpg: Support export of Ed448 Secure Shell keys. * gpgsm: Add basic ECC support. * gpgsm: Support creation of EdDSA certificates. [#4888] * agent: Allow the use of \"Label:\" in a key file to customize the pinentry prompt. * agent: Support ssh-agent extensions for environment variables. With a patched version of OpenSSH this avoids the need for the \"updatestartuptty\" kludge. * scd: Improve support for multiple card readers and tokens. * scd: Support PIV cards. * scd: Support for Rohde&Schwarz Cybersecurity cards. * scd: Support Telesec Signature Cards v2.0 * scd: Support multiple application on certain smartcard. * scd: New option --application-priority. * scd: New option --pcsc-shared; see man page for important notes. * dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs. * The symcryptrun tool, a wrapper for the now obsolete external Chiasmus tool, has been removed. * Full Unicode support for the command line.- dropped legacy commands: gpg-zip * Wed Apr 07 2021 Andreas Stieger - Remove the \"files-are-digests\" option from the openSUSE package. This feature was not upstream and only used in the OBS signing daemon. The recommended upstream feature for separating the data to be signed from the private keys is gpg agent forwarding, available from 2.1. Drop gnupg-2.2.8-files-are-digests.patch * Tue Jan 12 2021 Andreas Stieger - GnuPG 2.2.27: * gpgconf: Fix case with neither local nor global gpg.conf * gpgconf: Fix description of two new options- includes changes from 2.2.26: * gpg: New AKL method \"ntds\" * gpg: Fix --trusted-key with fingerprint arg * scd: Fix writing of ECC keys to an OpenPGP card * scd: Make an USB error fix specific to SPR532 readers * dirmngr: With new LDAP keyservers store the new attributes. Never store the useless pgpSignerID. Fix a long standing bug storing some keys on an ldap server. * dirmngr: Support the new Active Direcory LDAP schema for keyservers * dirmngr: Allow LDAP OpenPGP searches via fingerprint * dirmngr: Do not block other threads during keyserver LDAP calls * Support global configuration files * Fix the iconv fallback handling to UTF-8
|
|
|