New stable release on the 2.5.x development series. Highlights from
upstream's NEWS:
* gpgsm: Implement GCM encryption.
* gpgsm: New option --attribute and server command SETATTR to
include arbitrary signed or unsigned attributes into a
signature. Requires libksba >= 1.7.0 (bumped to 1.8.0 in the
preceding commit).
* gpgsm: Introduce system attribute _signingCertificateV2.
* gpg: Fix wrong assertion failure which could very rarely occur
during key signature checking.
* gpg: Consider certify-only keys for revocation signature check.
* gpgsm: Fix possible double free in the CMS parser.
* gpgsm: Fix possible too early removal of ephemeral keys.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update GnuPG to the current upstream stable release. As listed at
https://gnupg.org/download/, the 2.5.x series is currently 'stable'
while 2.4.x is 'oldstable' (LTS).
Highlights of changes since 2.4.8:
* New OpenPGP key formats: Curve25519 and Curve448 (RFC9580)
* SHA3 family signature support
* Kyber post-quantum hybrid keys
* KEM (Key Encapsulation Mechanism) operations
* dirmngr: improved LDAP and HTTP keyserver support
* scdaemon: better support for new smartcard tokens
* Many bug fixes and security improvements
Link: https://dev.gnupg.org/source/gnupg/browse/master/NEWS
Link: https://gnupg.org/download/release_notes.html
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Noteworthy changes in version 2.4.8 (2025-05-14)
------------------------------------------------
* gpg: Fix a verification DoS due to a malicious subkey in the
keyring. [T7527]
* gpg: Fix a regression in 2.4.7 for generating a key from card.
[T7457]
* gpg: Fix --quick-add-key for Weierstrass ECC with usage given.
[T7506]
* gpg: Fully implement the group key flag. [rGedd01d8fc4]
* gpg: Make combination of show-only-fpr-mbox and show-unusable-uid
work. [rGeb2a90d343]
* gpgsm: Do not return an error code when importing a certificate
with an empty subject. [T7171]
* scd: Accept P15 cards with a zero-length label. [rG18b4ebb28a]
* keyboxd: Use case-insensitive search for mail addresses. [T7576]
* gpgconf: Fix reload and kill of keyboxd. [T7569]
* w32: Fix posssible lockup due to lost select results.
[rG9448d01d61]
Release-info: https://dev.gnupg.org/T7428
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
this Makefile still used `CONFIG_GCC_USE_VERSION_*` to select various
compilation options, for GCC versions that are antiquated
convert to parsing the major from the `CONFIG_GCC_VERSION` which will
always exist and can also be used with range logic
intent seemed to be:
* `-DEXTERN_UNLESS_MAIN_MODULE=static` for "=10" (and newer, probably)
* no additional options for "not =10" (or older, probably)
GCC 11 or 12 would likely revert to the default (not =10) option,
because 10 was the newest at the time, and 11 and 12 are "not 10"
Signed-off-by: Tony Butler <spudz76@gmail.com>
dirmngr is needed to download keys from keyservers.
That being a useful thing, let's package dirmngr.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle