2019-11-27 13:17:08 by Ryo ONODERA | Files touched by this commit (2) |
Log message:
Update to 2.2.18
Changelog:
Noteworthy changes in version 2.2.18 (2019-11-25)
-------------------------------------------------
* gpg: Changed the way keys are detected on a smartcards; this
allows the use of non-OpenPGP cards. In the case of a not very
likely regression the new option --use-only-openpgp-card is
available. [#4681]
* gpg: The commands --full-gen-key and --quick-gen-key now allow
direct key generation from supported cards. [#4681]
* gpg: Prepare against chosen-prefix SHA-1 collisions in key
signatures. This change removes all SHA-1 based key signature
newer than 2019-01-19 from the web-of-trust. Note that this
includes all key signature created with dsa1024 keys. The new
option --allow-weak-key-signatues can be used to override the new
and safer behaviour. [#4755,CVE-2019-14855]
* gpg: Improve performance for import of large keyblocks. [#4592]
* gpg: Implement a keybox compression run. [#4644]
* gpg: Show warnings from dirmngr about redirect and certificate
problems (details require --verbose as usual).
* gpg: Allow to pass the empty string for the passphrase if the
'--passphase=' syntax is used. [#4633]
* gpg: Fix printing of the KDF object attributes.
* gpg: Avoid surprises with --locate-external-key and certain
--auto-key-locate settings. [#4662]
* gpg: Improve selection of best matching key. [#4713]
* gpg: Delete key binding signature when deletring a subkey.
[#4665,#4457]
* gpg: Fix a potential loss of key sigantures during import with
self-sigs-only active. [#4628]
* gpg: Silence "marked as ultimately trusted" diagnostics if
option --quiet is used. [#4634]
* gpg: Silence some diagnostics during in key listsing even with
option --verbose. [#4627]
* gpg, gpgsm: Change parsing of agent's pkdecrypt results. [#4652]
* gpgsm: Support AES-256 keys.
* gpgsm: Fix a bug in triggering a keybox compression run if
--faked-system-time is used.
* dirmngr: System CA certificates are no longer used for the SKS
pool if GNUTLS instead of NTBTLS is used as TLS library. [#4594]
* dirmngr: On Windows detect usability of IPv4 and IPv6 interfaces
to avoid long timeouts. [#4165]
* scd: Fix BWI value for APDU level transfers to make Gemalto Ezio
Shield and Trustica Cryptoucan work. [#4654,#4566]
* wkd: gpg-wks-client --install-key now installs the required policy
file.
|
2019-07-21 00:46:59 by Thomas Klausner | Files touched by this commit (595) |
Log message:
*: recursive bump for nettle 3.5.1
|
2019-07-10 11:28:24 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
gnupg2: updated to 2.2.17
Noteworthy changes in version 2.2.17:
* gpg: Ignore all key-signatures received from keyservers. This
change is required to mitigate a DoS due to keys flooded with
faked key-signatures. The old behaviour can be achieved by adding
keyserver-options no-self-sigs-only,no-import-clean
to your gpg.conf.
* gpg: If an imported keyblocks is too large to be stored in the
keybox (pubring.kbx) do not error out but fallback to an import
using the options "self-sigs-only,import-clean".
* gpg: New command --locate-external-key which can be used to
refresh keys from the Web Key Directory or via other methods
configured with --auto-key-locate.
* gpg: New import option "self-sigs-only".
* gpg: In --auto-key-retrieve prefer WKD over keyservers.
* dirmngr: Support the "openpgpkey" subdomain feature from
draft-koch-openpgp-webkey-service-07.
* dirmngr: Add an exception for the "openpgpkey" subdomain to the
CSRF protection.
* dirmngr: Fix endless loop due to http errors 503 and 504.
* dirmngr: Fix TLS bug during redirection of HKP requests.
* gpgconf: Fix a race condition when killing components.
|
2019-06-02 11:29:09 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
gnupg2: updated to 2.2.16
Noteworthy changes in version 2.2.16:
* gpg,gpgsm: Fix deadlock on Windows due to a keybox sharing
violation.
* gpg: Allow deletion of subkeys with --delete-key. This finally
makes the bang-suffix work as expected for that command.
* gpg: Replace SHA-1 by SHA-256 in self-signatures when updating
them with --quick-set-expire or --quick-set-primary-uid.
* gpg: Improve the photo image viewer selection.
* gpg: Fix decryption with --use-embedded-filename.
* gpg: Remove hints on using the --keyserver option.
* gpg: Fix export of certain secret keys with comments.
* gpg: Reject too long user-ids in --quick-gen-key.
* gpg: Fix a double free in the best key selection code.
* gpg: Fix the key generation dialog for switching back from EdDSA
to ECDSA.
* gpg: Use AES-192 with SHA-384 to comply with RFC-6637.
* gpg: Use only the addrspec from the Signer's UID subpacket to
mitigate a problem with another implementation.
* gpg: Skip invalid packets during a keyring listing and sync
diagnostics with the output.
* gpgsm: Avoid confusing diagnostic when signing with the default
key.
* agent: Do not delete any secret key in --dry-run mode.
* agent: Fix failures on 64 bit big-endian boxes related to URIs in
a keyfile.
* agent: Stop scdaemon after a reload with disable-scdaemon newly
configured.
* dirmngr: Improve caching algorithm for WKD domains.
* dirmngr: Support other hash algorithms than SHA-1 for OCSP.
* gpgconf: Make --homedir work for --launch.
* gpgconf: Before --launch check for a valid config file.
* wkd: Do not import more than 5 keys from one WKD address.
* wkd: Accept keys which are stored in armored format in the
directory.
* The installer for Windows now comes with signed binaries.
|
2019-04-03 02:33:20 by Ryo ONODERA | Files touched by this commit (748) |
Log message:
Recursive revbump from textproc/icu
|
2019-04-01 10:30:04 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
gnupg2: updated to 2.2.15
Noteworthy changes in version 2.2.15:
* sm: Fix --logger-fd and --status-fd on Windows for non-standard
file descriptors.
* sm: Allow decryption even if expired keys are configured.
* agent: Change command KEYINFO to print ssh fingerprints with other
hash algos.
* dirmngr: Fix build problems on Solaris due to the use of reserved
symbol names.
* wkd: New commands --print-wkd-hash and --print-wkd-url for
gpg-wks-client.
|
2019-03-27 10:42:15 by Jonathan Perkin | Files touched by this commit (2) |
Log message:
gnupg2: Fix build.
|
2019-03-20 07:39:53 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
gnupg2: updated to 2.2.14
Noteworthy changes in version 2.2.14:
* gpg: Allow import of PGP desktop exported secret keys. Also avoid
importing secret keys if the secret keyblock is not valid.
* gpg: Do not error out on version 5 keys in the local keyring.
* gpg: Make invalid primary key algo obvious in key listings.
* sm: Do not mark a certificate in a key listing as de-vs compliant
if its use for a signature will not be possible.
* sm: Fix certificate creation with key on card.
* sm: Create rsa3072 bit certificates by default.
* sm: Print Yubikey attestation extensions with --dump-cert.
* agent: Fix cancellation handling for scdaemon.
* agent: Support --mode=ssh option for CLEAR_PASSPHRASE.
* scd: Fix flushing of the CA-FPR DOs in app-openpgp.
* scd: Avoid a conflict error with the "undefined" app.
* dirmngr: Add CSRF protection exception for protonmail.
* dirmngr: Fix build problems with gcc 9 in libdns.
* gpgconf: New option --show-socket for use wity --launch.
* gpgtar: Make option -C work for archive creation.
|
2019-02-13 17:06:44 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
gnupg2: updated to 2.2.13
Noteworthy changes in version 2.2.13:
* gpg: Implement key lookup via keygrip (using the & prefix).
* gpg: Allow generating Ed25519 key from existing key.
* gpg: Emit an ERROR status line if no key was found with -k.
* gpg: Stop early when trying to create a primary Elgamal key.
* gpgsm: Print the card's key algorithms along with their keygrips
in interactive key generation.
* agent: Clear bogus pinentry cache in the error case.
* scd: Support "acknowledge button" feature.
* scd: Fix for USB INTERRUPT transfer.
* wks: Do no use compression for the the encrypted challenge and
response
|
2019-02-02 04:38:30 by Mark Davies | Files touched by this commit (1) |
Log message:
gnupg2: teach about PKG_SYSCONFDIR and VARBASE
|