File signing-party.changes of Package signing-party
-------------------------------------------------------------------
Sat May 15 08:53:33 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
- signing-party 2.11:
* fixes for other distributions only
-------------------------------------------------------------------
Sun Jun 9 19:40:13 UTC 2019 - Sebastian Wagner <sebix+novell.com@sebix.at>
- remove cve-2019-11627.patchm included in tarball.
- update to version 2.10-1:
* gpg-key2ps: Security fix for CVE-2018-15599: unsafe shell call enabling
shell injection via a User ID. Use Perl's (core) module Encode.pm instead
of shelling out to `iconv`. (Closes: #928256.)
-------------------------------------------------------------------
Fri May 3 11:46:01 UTC 2019 - Sebastian Wagner <sebix+novell.com@sebix.at>
- Add patch cve-2019-11627.patch from https://salsa.debian.org/signing-party-team/signing-party/commit/cd69b6c0426a6160ef3de03fce9c7f112166d5a8
to fix CVE-2019-11627.
-------------------------------------------------------------------
Sun Mar 17 20:08:02 UTC 2019 - Sebastian Wagner <sebix+novell.com@sebix.at>
- replace broken URL in specfile
-------------------------------------------------------------------
Sat Mar 16 14:36:52 UTC 2019 - Sebastian Wagner <sebix+novell.com@sebix.at>
- update to version 2.9:
* gpglist:
+ When --signer's argument is a long keyid or fingerprint, don't require
the key to be present in the keyring. This enable filtering on unknown
signing keys.
+ Don't choke on direct-key signatures. (Closes: #921331.)
* gpgparticipants:
+ Improve quoting and replace `echo` with `printf`.
+ Avoid including subkey fingerprints when gpg.conf contains 'fingerprint'.
- update to version 2.8:
* keyart, gpgparticipants-prefill: port to python3.
* keyart:
+ Don't print ASCII art for subkeys, only the master key.
+ Pass --no-auto-check-trustdb flag to gpg(1).
+ Fix crash with non-ASCII UIDs. Patch from Grégoire Detrez.
* Fix a couple of spelling errors. Thanks to Edward Betts for the report
and patch. (Closes: debian#882729)
* caff:
+ Add the "only-sign-text-ids" to the list of gpg(1) options imported from
~/.gnupg/gpg.conf.
+ Ensure the terminal is "sane enough" when asking questions ('echo',
'echok', 'icanon', 'icrnl' settings are all set), and restore original
settings when exit()'ing the program. (Closes: #872529)
* caff, gpglist, gpgsigs: in `gpg --with-colons` output, allow signature
class to be followed with an optional revocation reason. gpg(1) does that
since 2.2.9. (Closes: #905097.)
* caff, gpg-key2latex, gpg-key2ps, gpglist, gpgsigs, keylookup: Remove
references to https://pgp-tools.alioth.debian.org/ .
* caff, gpg-key2latex, gpg-key2ps, gpg-mailkeys, gpglist, gpgparticipants,
gpgsigs, keylookup: Remove SVN keywords ($Id$, $Rev$, etc.)
* sig2dot: Don't use the diamond operator.
-------------------------------------------------------------------
Mon Feb 11 09:08:36 UTC 2019 - olaf@aepfle.de
- apply conditionals also to filelist
-------------------------------------------------------------------
Mon Feb 4 11:51:55 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
- Spec cleanup
-------------------------------------------------------------------
Thu Jun 21 10:04:38 UTC 2018 - astieger@suse.com
- update to 2.7:
* gpg-key2ps: Add support for ECDH, ECDSA and EDDSA key types.
* gpg-key2ps: Align key type & size listing to the GnuPG 2.1.x
output (e.g., "rsa4096/DEADBEEF" instead of "4096R/DEADBEEF")
* gpgsigs: Set UAT (jpeg photos) density to 90dpi so XeLaTeX
doesn't complain that the image is too large
-------------------------------------------------------------------
Mon Oct 9 09:54:16 UTC 2017 - astieger@suse.com
- update to 2.6:
* gpgsigs: Skip undefined UIDs.
* gpgsigs: Properly handle (skip) unknown attributes.
* gpgsigs: Allow digest hexadecimal characters to replace multiple
'_' in the fill-in forms
* gpglist: New option '--signer' to limit listed signers to the
matching keys.
-------------------------------------------------------------------
Wed Oct 26 06:34:34 UTC 2016 - astieger@suse.com
- update to 2.5:
* caff: Show how to set $ENV{'PERL_MAILERS'} to specify a
sendmail binary (or use a sendmail-compatible MTA)
* caff: Fix regression skipping --recv-key when 'keys-from-gnupg'
isn't set. (Closes: #837406)
* caff: List all UIDs contained in an email when asking whether
to send it.
* gpg-key2latex: Add an option '--qrcode-data' to specify the
data to encode in a QR code (default: "OPENPGP4FPR:%f").
* gpg-key2ps: Fix revoked UID stroke slant with "-r strike".
* gpg-key2ps: Ensure subkeys are hiden unless '--show-subkeys' is
set.
-------------------------------------------------------------------
Tue Sep 13 08:47:59 UTC 2016 - astieger@suse.com
- update to 2.4:
* caff, gpg-key2latex, gpgsigs: Ignore "KEY_CONSIDERED" status
output emitted by gpg 2.1.13 and later.
* caff, gpgsigs: Allow input produced by gpgparticipants(1) using
gpg 2.1.13. With this version, key IDs are not displayed by
default and the "Key fingerprint = " prefix is omitted.
* caff:
+ Fix GnuPG version number comparison.
+ With GnuPG 2.1.13 or later, use gpgconf(1) to determine the
socket paths. (It is not used on earlier gpg since earlier
gpgconf do not support --homedir.) This fixes compatibility
with GnuPG 2.1.13.
+ When ~/.caff/gnupghome/gpg.conf does not exist, instead of
creating a temporary file (as it's done since signing-party 2.3),
parse ~/.gnup/gpg.conf and pass the GnuPG options that are known
to be safe (and useful) for caff to gpg(1) using command line
options. This soves the problem of lingering configuration files
in case caff is killed.
+ Use full fingerprints internally to avoid collisions.
(However $CONFIG{'keyid'} and $CONFIG{'local-users'} are kept
to 64-bits key IDs as per RFC 4880 full fingerprints are not
available in key signatures, and thus not exposed by
`gpg --with-colons --list-sigs`.)
+ Automatically import the $CONFIG{'also-encrypt-to'} from the
normal GnuPGHOME when possible.
-------------------------------------------------------------------
Sat Aug 27 11:58:34 UTC 2016 - mpluskal@suse.com
- Rename pgpgring to avoid file conflict with mutt
-------------------------------------------------------------------
Sat Jul 23 14:50:12 UTC 2016 - mpluskal@suse.com
- Build also pgpring
-------------------------------------------------------------------
Tue Jun 28 07:02:58 UTC 2016 - olaf@aepfle.de
- Correct path to _defaultdocdir in caff(1)
-------------------------------------------------------------------
Sun May 8 15:32:20 UTC 2016 - astieger@suse.com
- update to 2.3:
* caff:
+ Deprecate $CONFIG{'keyserver'}. Users of GnuPG <2.1 should
put the option in caff's GnuPG configuration file
(~/.caff/gnupghome/gpg.conf by default) instead. GnuPG 2.1
delegates network access to another process (dirmngr), hence
for 2.1 the keyserver should be set in ~/.gnupg/dirmngr.conf instead.
+ When caff's own GnuPG configuration file (~/.caff/gnupghome/gpg.conf)
does not exist, automatically generate it with the GnuPG options found
in ~/.gnup/gpg.conf that are known to be safe (and useful) for caff.
This includes "keyserver", "keyserver-options", "ask-cert-level" and
"cert-digest-algo" (among many others). Hence in the absence of its own
GnuPG configuration file caff now uses the certification options from
the user's GnuPG configuration file.
+ Perl < 5.20 compatibiliey
(drop caff-perl_5.18_compatibility.patch)
* gpgsigs, gpg-key2latex:
+ Use "Noto Mono" as default font when compiling with XeLaTeX or LuaLaTeX;
and "Noto Sans Mono CJK" as CJK font when compiling with XeLaTeX.
* gpg-key2latex:
+ Don't show capabilities of the entire key when --show-subkeys is set.
(Instead, the capabilities of the master key and each subkey are shown
independently in uppercase.)
+ Enclose (sub)key capabilities in square brackets, to match GnuPG 2.1.11+'s
output.
+ For ECDH, ECDSA, EDDSA (sub)keys, show the curve name instead of the
public key algorithm and length. This matches GnuPG 2.1.x's output.
+ The master key's fingerprint was incorrectly set to the last unusable
(eg, expired or revoked) subkey fingerprint, if any. (Closes: #815721)
* keyart:
+ Print the public key algorithm and length as shown by GnuPG 2.1 (e.g.,
"rsa4096" instead of "4096R"); for ECDH, ECDSA and EDDSA keys, show the
curve name instead.
-------------------------------------------------------------------
Tue Dec 15 02:10:43 UTC 2015 - astieger@suse.com
- update to 2.2:
* caff:
+ "gpgparticipants"-formated input: accept key blocks not
starting with a number such as
[x] Fingerprint(s) OK [x] ID OK
This makes caff able to process the Debconf 15 KSP file.
* gpglist:
+ Don't prune revoked UIDs with a subsequent selfsig.
+ Add an option '--show-revoked' to show revoked UIDs.
+ Mention in the manpage that the path to the gpg binary is
taken from the GNUPGBIN environment variable, if defined.
-------------------------------------------------------------------
Fri Nov 27 08:25:29 UTC 2015 - astieger@suse.com
- Require srm
-------------------------------------------------------------------
Thu Nov 26 21:34:56 UTC 2015 - vcizek@suse.com
- fix an incompatibility with perl 5.18 (boo#955986)
* caff 2.x is using hash slices which were introduced in Perl 5.20
* added caff-perl_5.18_compatibility.patch
-------------------------------------------------------------------
Sat Aug 22 21:26:21 UTC 2015 - astieger@suse.com
- update to 2.1:
* caff:
+ Only consider non-expired/invalid/revoked keys and UIDs when
generating the caffrc.
+ Proper RFC 5322 validation of email addresses.
+ Prefix the signature by "-- \n" in the email template.
+ Automatically mkdir ~/.caff if it doesn't exit.
-------------------------------------------------------------------
Mon Jun 22 10:45:24 UTC 2015 - astieger@suse.com
- update to 2.0 [boo#918402]
* caff:
+ Fix broken compatibility with GnuPG 2.1 (2.1.3 and later only)
+ Default $CONFIG{'local-user'} to $CONFIG{'keyid'} rather than
importing the public part of *all* keys found in the secret keyring.
+ error output handling improvements
+ Add a --debug flag to enable debug messages.
+ Send attachements and non RFC 2822 UIDs to *all* signed addresses, not
only those for which the UID is exported. This is useful when the
signee has some already signed RFC 2822 UIDs and a freshly added
attribute, for instance.
+ color ouput ($CONFIG{colors})
+ Prune keys with import-{clean,minimal} not export-{clean,minimal}.
+ Fix $CONFIG{'also-lsign-in-gnupghome'}: local signatures are directly
imported from caff's GNUPGHOME to our own; in auto-lsign'ing mode, lsign
UID for which we have an exportable signature (preserving the signer and
cert level).
+ Pass the 'keyserver-options' specified in ~/.gnupg/gpg.conf to
$CONFIG{keyserver} when it is left unset.
* gpgsigs:
+ Add a legend with the different signature types.
+ Mark local signatures as 'L' (formerly they were marked as 'S'), and
expiring -- but not expired -- signatures as 'x'.
* caff, pgp-clean, pgp-fixkey, gpg-key2latex, gpg-key2ps, gpg-mailkeys,
gpgdir, gpgparticipants, gpgsigs, keyart, keylookup:
+ Add the possibility to choose the gpg binary via the "GNUPGBIN"
environment variable. (Default: "gpg".)
-------------------------------------------------------------------
Wed Feb 18 13:31:10 UTC 2015 - meissner@suse.com
- require new perl module in 1.1.12 perl-Net-IDN-Encode
-------------------------------------------------------------------
Wed Feb 18 12:26:26 UTC 2015 - astieger@suse.com
- signing-party 1.1.12:
* new keyart command
* new options and commands
* bug and compatibility fixes
-------------------------------------------------------------------
Sat Jan 5 11:28:44 UTC 2013 - joop.boonen@opensuse.org
- Corrected the Url that links to the main page
-------------------------------------------------------------------
Thu Mar 22 14:42:18 UTC 2012 - cfarrell@suse.com
- license update: GPL-2.0+
Various Open Source Licenses is not acceptable as a spec file license.
For this package, GPL-2.0+ seems to be the most accurate license choice
-------------------------------------------------------------------
Wed Mar 14 16:56:24 UTC 2012 - joop.boonen@opensuse.org
- Build version 1.1.4
* gpg-key2ps:
+ Apply patch from Uwe Kleine-König to deal with latin1 characters
* gpg-mailkeys:
+ Correct path of ~/.gpg-mailkeysrc and ~/.signature in manpage.
+ Add new environment variable SENDMAIL_ARGS to allow user to pass
arguments to sendmail
* caff:
+ Correct path of ~/.caffrc in informational messages
+ Be more verbose on unexpected key ID
+ Refactor import of own key and import for keys to sign from keyrings.
+ Also automatically import keys to sign from the user's normal gpg
keyrings.
+ Use --no-auto-check-trustdb when importing keys from files or
the user's normal gpg keyrings
+ manpage: Refer to all of /usr/share/doc/signing-party/caff/ and not
just to /usr/share/doc/signing-party/caff/caffrc.sample
+ Fix horrible &function calls used because of broken prototypes.
+ Even if all keys to sign were found in the user's normal gpg
keyrings we still need to import them (again) from any keyrings
passed with --key-files - the keys there might be newer, containing
new subkeys (for encryption), uids (for signing) or revocations.
+ Make importing of keys to be signed from the normal gpg optional
(--keys-from-gnupg).
+ refactor copying of command line options into global config variable.
+ Create the mail files in ~/.caff/keys even if mail is not sent
-------------------------------------------------------------------
Wed Oct 12 14:50:52 UTC 2011 - aj@suse.de
- Fix caff manpage (bnc#722626)
- Run spec file through spec-cleaner
-------------------------------------------------------------------
Tue Oct 26 09:00:39 UTC 2010 - aj@suse.de
- Make package noarch.
-------------------------------------------------------------------
Tue Jun 29 00:00:01 CEST 2010 - joop.boonen@opensuse.org
- Build version 1.1.3
-------------------------------------------------------------------
Sat Sep 19 21:03:52 CEST 2009 - aj@suse.de
- Fix Requires.
-------------------------------------------------------------------
Wed Aug 12 15:35:36 CEST 2009 - aj@suse.de
- Update to version 1.1.1.
- Many bugfixes.
- New tools: keyanalyze, sig2dot, springgraph.
- Drop keylookup.
-------------------------------------------------------------------
Sat Mar 3 19:20:03 CET 2007 - aj@suse.de
- Add missing requires for caff.
- Update to version 0.4.9.
-------------------------------------------------------------------
Wed Sep 13 09:43:45 CEST 2006 - aj@suse.de
- Initial package.
