Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gpg2 for openSUSE:Factory checked in at 2026-01-29 17:44:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gpg2 (Old) and /work/SRC/openSUSE:Factory/.gpg2.new.1995 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gpg2" Thu Jan 29 17:44:12 2026 rev:197 rq:1329667 version:2.5.17 Changes: -------- --- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes 2026-01-17 21:41:49.935666339 +0100 +++ /work/SRC/openSUSE:Factory/.gpg2.new.1995/gpg2.changes 2026-01-29 17:44:56.069306659 +0100 @@ -1,0 +2,15 @@ +Tue Jan 27 17:07:54 UTC 2026 - Andreas Stieger <[email protected]> + +- Update to 2.5.17: + * agent: Fix stack buffer overflow when using gpgsm and KEM + (CVE-2026-24881, boo#1257358) + * tpm: Fix possible buffer overflow in PKDECRYPT + (CVE-2026-24882, boo#1257396) + * gpg: Fix possible NULL-deref with overlong signature packets + (CVE-2026-24883, boo#1257395) + * gpg: New export-option "keep-expired-subkeys" + * gpgsm: Make multiple search patterns work with keyboxd + * agent: Add accelerator keys for "Wrong" and "Correct" + * dirmngr: Help detection of bad keyserver configurations + +------------------------------------------------------------------- Old: ---- gnupg-2.5.16.tar.bz2 gnupg-2.5.16.tar.bz2.sig New: ---- gnupg-2.5.17.tar.bz2 gnupg-2.5.17.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gpg2.spec ++++++ --- /var/tmp/diff_new_pack.bsiiDg/_old 2026-01-29 17:44:59.037432039 +0100 +++ /var/tmp/diff_new_pack.bsiiDg/_new 2026-01-29 17:44:59.053432714 +0100 @@ -2,7 +2,7 @@ # spec file for package gpg2 # # Copyright (c) 2026 SUSE LLC and contributors -# Copyright (c) 2025 Andreas Stieger <[email protected]> +# Copyright (c) 2026 Andreas Stieger <[email protected]> # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ Name: gpg2 -Version: 2.5.16 +Version: 2.5.17 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later ++++++ gnupg-2.5.16.tar.bz2 -> gnupg-2.5.17.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/gpg2/gnupg-2.5.16.tar.bz2 /work/SRC/openSUSE:Factory/.gpg2.new.1995/gnupg-2.5.17.tar.bz2 differ: char 11, line 1
