-
gnupg (1.4.20-1ubuntu3.3) xenial-security; urgency=medium
* SECURITY UPDATE: full RSA key recovery via side-channel attack
- debian/patches/CVE-2017-7526-1.patch: simplify loop in mpi/mpi-pow.c.
- debian/patches/CVE-2017-7526-2.patch: use same computation for square
and multiply in mpi/mpi-pow.c.
- debian/patches/CVE-2017-7526-3.patch: fix allocation size for mpi_pow
- debian/patches/CVE-2017-7526-4.patch: add exponent blinding in
cipher/rsa.c.
- debian/patches/CVE-2017-7526-5.patch: allow different build directory
- CVE-2017-7526
-- Alex Murray <email address hidden> Mon, 06 Aug 2018 09:59:18 +0930
-
gnupg (1.4.20-1ubuntu3.2) xenial-security; urgency=medium
* SECURITY UPDATE: missing sanitization of verbose output
- debian/patches/CVE-2018-12020.patch: Sanitize diagnostic with
the original file name.
- CVE-2018-12020
-- Steve Beattie <email address hidden> Fri, 08 Jun 2018 15:53:57 -0700
-
gnupg (1.4.20-1ubuntu3.1) xenial-security; urgency=medium
* SECURITY UPDATE: random number generator prediction
- debian/patches/CVE-2016-6313-1.patch: improve readability by using a
macro in cipher/random.c.
- debian/patches/CVE-2016-6313-2.patch: hash continuous areas in the
csprng pool in cipher/random.c.
- CVE-2016-6313
-- Marc Deslauriers <email address hidden> Wed, 17 Aug 2016 13:35:22 -0400
-
gnupg (1.4.20-1ubuntu3) xenial; urgency=medium
* debian/patches/lp1541925.patch: switch to final upstream commit.
-- Marc Deslauriers <email address hidden> Fri, 12 Feb 2016 07:19:26 -0500
-
gnupg (1.4.20-1ubuntu2) xenial; urgency=medium
* debian/patches/lp1541925.patch: Make sure directory exists before
creating the lock. (LP: #1541925)
-- Marc Deslauriers <email address hidden> Tue, 09 Feb 2016 14:39:34 -0500
-
gnupg (1.4.20-1ubuntu1) xenial; urgency=medium
* Merge with Debian. Remaining Ubuntu changes:
- Disable mlock() test since it fails with ulimit 0 (on buildds).
- Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
- Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
- Remove the Win32 build.
- Build using dh-autoreconf.
- Disable inline assembler for ppc64el.
- Enable SHA-512 support in gpgv-udeb.
gnupg (1.4.20-1) unstable; urgency=medium
* new upstream release
-- Martin Pitt <email address hidden> Thu, 28 Jan 2016 14:52:22 +0100
-
gnupg (1.4.19-6ubuntu1) xenial; urgency=medium
* Merge with Debian. Remaining Ubuntu changes:
- Disable mlock() test since it fails with ulimit 0 (on buildds).
- Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
- Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
- Remove the Win32 build.
- Build using dh-autoreconf.
- Disable inline assembler for ppc64el.
- Enable SHA-512 support in gpgv-udeb.
gnupg (1.4.19-6) unstable; urgency=medium
* dropping gnupg-udeb
* require rebuild of l10n files
* make gpg signature verification work under GCC 5 (Closes: #800641)
* fix es l10n of public key types
gnupg (1.4.19-5) unstable; urgency=medium
* use OPTION putenv=DBUS_SESSION_BUS_ADDRESS= instead of OPTION
DBUS_SESSION_BUS_ADDRESS=
gnupg (1.4.19-4) unstable; urgency=medium
[ Thijs Kinkhorst ]
* Add udev rule for Cherry XX44 smart card pinpad (Closes: #790396).
[ Daniel Kahn Gillmor ]
* pass DBUS_SESSION_BUS_ADDRESS to agent.
gnupg (1.4.19-3) unstable; urgency=medium
* imported upstream bugfixes:
- avoid unnecessary debug messages (Closes: #785789)
- avoid DoS when parsing mangled secret keys (Closes: #787050)
- handle unknown subkey types (Closes: #787046)
- improve handling of no corresponding subkey (Closes: #638619)
- do not allow encryption subkeys of unsuitable types
gnupg (1.4.19-2) unstable; urgency=medium
[ Thijs Kinkhorst ]
* Upload to unstable.
* Make gnupg cross-build to Windows more resilient by specifying
build architecture explicitly. Patch by Stephen Kitt.
(Closes: #736286)
* Add udev rules for more Crypto Sticks (Closes: #734885).
[ Daniel Kahn Gillmor ]
* added gnupg-dbg package.
gnupg (1.4.19-1) experimental; urgency=medium
* New upstream version.
* Make debian build reproducible (Closes: #778877).
* added udev rule for Alcor smartcard reader in ThinkPad X250 (Closes:
#780469)
* bump to debhelper 9
-- Martin Pitt <email address hidden> Thu, 26 Nov 2015 22:10:27 +0100
-
gnupg (1.4.18-7ubuntu1) vivid; urgency=medium
* Resynchronise with Debian. Remaining changes:
- Disable mlock() test since it fails with ulimit 0 (on buildds).
- Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
- Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
- Remove the Win32 build.
- Build using dh-autoreconf.
- Disable inline assembler for ppc64el.
- Enable SHA-512 support in gpgv-udeb.
gnupg (1.4.18-7) unstable; urgency=medium
* import a series of DoS and vulnerabilities from upstream, including
CVE-2014-3591
-- Colin Watson <email address hidden> Sun, 08 Mar 2015 09:26:02 +0000
