Change log for gnupg package in Ubuntu

175 of 118 results
Published in trusty-updates on 2018-06-11
Published in trusty-security on 2018-06-11
gnupg (1.4.16-1ubuntu2.5) trusty-security; urgency=medium

  * SECURITY UPDATE: missing sanitization of verbose output
    - debian/patches/CVE-2018-12020.patch: Sanitize diagnostic with
      the original file name.
    - CVE-2018-12020

 -- Steve Beattie <email address hidden>  Fri, 08 Jun 2018 22:31:18 -0700
Published in xenial-updates on 2018-06-11
Published in xenial-security on 2018-06-11
gnupg (1.4.20-1ubuntu3.2) xenial-security; urgency=medium

  * SECURITY UPDATE: missing sanitization of verbose output
    - debian/patches/CVE-2018-12020.patch: Sanitize diagnostic with
      the original file name.
    - CVE-2018-12020

 -- Steve Beattie <email address hidden>  Fri, 08 Jun 2018 15:53:57 -0700
Deleted in yakkety-release on 2016-09-08 (Reason: superseded by gnupg2)
Deleted in yakkety-proposed on 2016-09-08 (Reason: moved to release)
gnupg (1.4.20-6ubuntu1) yakkety; urgency=medium

  * Merge with Debian. Remaining Ubuntu changes:
    - Disable mlock() test since it fails with ulimit 0 (on buildds).
    - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
    - Only suggest gnupg-curl and libldap; recommendations are pulled into
      minimal, and we don't need the keyserver utilities in a minimal Ubuntu
      system.
    - Disable inline assembler for ppc64el.
    - Enable SHA-512 support in gpgv-udeb.
    - debian/patches/lp1541925.patch: Make sure directory exists before
      creating the lock.
  * SECURITY UPDATE: random number generator prediction
    - debian/patches/CVE-2016-6313-1.patch: improve readability by using a
      macro in cipher/random.c.
    - debian/patches/CVE-2016-6313-2.patch: hash continuous areas in the
      csprng pool in cipher/random.c.
    - CVE-2016-6313

Published in precise-updates on 2016-08-18
Published in precise-security on 2016-08-18
gnupg (1.4.11-3ubuntu2.10) precise-security; urgency=medium

  * SECURITY UPDATE: random number generator prediction
    - debian/patches/CVE-2016-6313.dpatch: improve readability by using a
      macro and hash continuous areas in the csprng pool in
      cipher/random.c.
    - CVE-2016-6313

 -- Marc Deslauriers <email address hidden>  Wed, 17 Aug 2016 13:37:00 -0400
Superseded in trusty-updates on 2018-06-11
Superseded in trusty-security on 2018-06-11
gnupg (1.4.16-1ubuntu2.4) trusty-security; urgency=medium

  * SECURITY UPDATE: random number generator prediction
    - debian/patches/CVE-2016-6313-1.patch: improve readability by using a
      macro in cipher/random.c.
    - debian/patches/CVE-2016-6313-2.patch: hash continuous areas in the
      csprng pool in cipher/random.c.
    - CVE-2016-6313

 -- Marc Deslauriers <email address hidden>  Wed, 17 Aug 2016 13:35:58 -0400
Superseded in xenial-updates on 2018-06-11
Superseded in xenial-security on 2018-06-11
gnupg (1.4.20-1ubuntu3.1) xenial-security; urgency=medium

  * SECURITY UPDATE: random number generator prediction
    - debian/patches/CVE-2016-6313-1.patch: improve readability by using a
      macro in cipher/random.c.
    - debian/patches/CVE-2016-6313-2.patch: hash continuous areas in the
      csprng pool in cipher/random.c.
    - CVE-2016-6313

 -- Marc Deslauriers <email address hidden>  Wed, 17 Aug 2016 13:35:22 -0400
Superseded in yakkety-proposed on 2016-08-19
gnupg (1.4.20-1ubuntu4) yakkety; urgency=medium

  * SECURITY UPDATE: random number generator prediction
    - debian/patches/CVE-2016-6313-1.patch: improve readability by using a
      macro in cipher/random.c.
    - debian/patches/CVE-2016-6313-2.patch: hash continuous areas in the
      csprng pool in cipher/random.c.
    - CVE-2016-6313

 -- Marc Deslauriers <email address hidden>  Wed, 17 Aug 2016 13:32:13 -0400
Superseded in yakkety-release on 2016-08-19
Published in xenial-release on 2016-02-15
Deleted in xenial-proposed (Reason: moved to release)
gnupg (1.4.20-1ubuntu3) xenial; urgency=medium

  * debian/patches/lp1541925.patch: switch to final upstream commit.

 -- Marc Deslauriers <email address hidden>  Fri, 12 Feb 2016 07:19:26 -0500
Superseded in xenial-release on 2016-02-15
Deleted in xenial-proposed on 2016-02-16 (Reason: moved to release)
gnupg (1.4.20-1ubuntu2) xenial; urgency=medium

  * debian/patches/lp1541925.patch: Make sure directory exists before
    creating the lock. (LP: #1541925)

 -- Marc Deslauriers <email address hidden>  Tue, 09 Feb 2016 14:39:34 -0500
Superseded in xenial-release on 2016-02-10
Deleted in xenial-proposed on 2016-02-11 (Reason: moved to release)
gnupg (1.4.20-1ubuntu1) xenial; urgency=medium

  * Merge with Debian. Remaining Ubuntu changes:
    - Disable mlock() test since it fails with ulimit 0 (on buildds).
    - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
    - Only suggest gnupg-curl and libldap; recommendations are pulled into
      minimal, and we don't need the keyserver utilities in a minimal Ubuntu
      system.
    - Remove the Win32 build.
    - Build using dh-autoreconf.
    - Disable inline assembler for ppc64el.
    - Enable SHA-512 support in gpgv-udeb.

Available diffs

Superseded in xenial-release on 2016-02-01
Deleted in xenial-proposed on 2016-02-02 (Reason: moved to release)
gnupg (1.4.19-6ubuntu1) xenial; urgency=medium

  * Merge with Debian. Remaining Ubuntu changes:
    - Disable mlock() test since it fails with ulimit 0 (on buildds).
    - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
    - Only suggest gnupg-curl and libldap; recommendations are pulled into
      minimal, and we don't need the keyserver utilities in a minimal Ubuntu
      system.
    - Remove the Win32 build.
    - Build using dh-autoreconf.
    - Disable inline assembler for ppc64el.
    - Enable SHA-512 support in gpgv-udeb.

Obsolete in utopic-updates on 2016-11-03
Obsolete in utopic-security on 2016-11-03
gnupg (1.4.16-1.2ubuntu1.2) utopic-security; urgency=medium

  * Screen responses from keyservers (LP: #1409117)
    - d/p/0001-Screen-keyserver-responses.patch
    - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch
    - d/p/0003-Add-kbnode_t-for-easier-backporting.patch
    - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
  * Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
    - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch
    - debian/rules: build with --enable-large-secmem
  * SECURITY UPDATE: sidechannel attack on Elgamal
    - debian/patches/CVE-2014-3591.patch: use ciphertext blinding in
      cipher/elgamal.c.
    - CVE-2014-3591
  * SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm
    - debian/patches/CVE-2015-0837.patch: avoid timing variations in
      include/mpi.h, mpi/mpi-pow.c, mpi/mpiutil.c.
    - CVE-2015-0837
  * SECURITY UPDATE: invalid memory read via invalid keyring
    - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in
      a keyring in g10/keyring.c.
    - CVE-2015-1606
  * SECURITY UPDATE: memcpy with overlapping ranges
    - debian/patches/CVE-2015-1607.patch: use inline functions to convert
      buffer data to scalars in g10/apdu.c, g10/app-openpgp.c,
      g10/build-packet.c, g10/ccid-driver.c, g10/getkey.c, g10/keygen.c,
      g10/keyid.c, g10/misc.c, g10/parse-packet.c, g10/tdbio.c,
      g10/trustdb.c, include/host2net.h.
    - CVE-2015-1607
 -- Marc Deslauriers <email address hidden>   Fri, 27 Mar 2015 08:21:50 -0400
Superseded in precise-updates on 2016-08-18
Superseded in precise-security on 2016-08-18
gnupg (1.4.11-3ubuntu2.9) precise-security; urgency=medium

  * Screen responses from keyservers (LP: #1409117)
    - d/p/0001-Screen-keyserver-responses.dpatch
    - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.dpatch
    - d/p/0003-Add-kbnode_t-for-easier-backporting.dpatch
    - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.dpatch
  * Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
    - d/p/Add-build-and-runtime-support-for-larger-RSA-key.dpatch
    - debian/rules: build with --enable-large-secmem
  * SECURITY UPDATE: sidechannel attack on Elgamal
    - debian/patches/CVE-2014-3591.dpatch: use ciphertext blinding in
      cipher/elgamal.c.
    - CVE-2014-3591
  * SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm
    - debian/patches/CVE-2015-0837.dpatch: avoid timing variations in
      include/mpi.h, mpi/mpi-pow.c, mpi/mpiutil.c.
    - CVE-2015-0837
  * SECURITY UPDATE: invalid memory read via invalid keyring
    - debian/patches/CVE-2015-1606.dpatch: skip all packets not allowed in
      a keyring in g10/keyring.c.
    - CVE-2015-1606
  * SECURITY UPDATE: memcpy with overlapping ranges
    - debian/patches/CVE-2015-1607.dpatch: use inline functions to convert
      buffer data to scalars in g10/apdu.c, g10/app-openpgp.c,
      g10/build-packet.c, g10/ccid-driver.c, g10/getkey.c, g10/keygen.c,
      g10/keyid.c, g10/misc.c, g10/parse-packet.c, g10/tdbio.c,
      g10/trustdb.c, include/host2net.h.
    - CVE-2015-1607
 -- Marc Deslauriers <email address hidden>   Fri, 27 Mar 2015 08:24:00 -0400
Superseded in trusty-updates on 2016-08-18
Superseded in trusty-security on 2016-08-18
gnupg (1.4.16-1ubuntu2.3) trusty-security; urgency=medium

  * Screen responses from keyservers (LP: #1409117)
    - d/p/0001-Screen-keyserver-responses.patch
    - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch
    - d/p/0003-Add-kbnode_t-for-easier-backporting.patch
    - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
  * Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
    - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch
    - debian/rules: build with --enable-large-secmem
  * SECURITY UPDATE: sidechannel attack on Elgamal
    - debian/patches/CVE-2014-3591.patch: use ciphertext blinding in
      cipher/elgamal.c.
    - CVE-2014-3591
  * SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm
    - debian/patches/CVE-2015-0837.patch: avoid timing variations in
      include/mpi.h, mpi/mpi-pow.c, mpi/mpiutil.c.
    - CVE-2015-0837
  * SECURITY UPDATE: invalid memory read via invalid keyring
    - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in
      a keyring in g10/keyring.c.
    - CVE-2015-1606
  * SECURITY UPDATE: memcpy with overlapping ranges
    - debian/patches/CVE-2015-1607.patch: use inline functions to convert
      buffer data to scalars in g10/apdu.c, g10/app-openpgp.c,
      g10/build-packet.c, g10/ccid-driver.c, g10/getkey.c, g10/keygen.c,
      g10/keyid.c, g10/misc.c, g10/parse-packet.c, g10/tdbio.c,
      g10/trustdb.c, include/host2net.h.
    - CVE-2015-1607
 -- Marc Deslauriers <email address hidden>   Fri, 27 Mar 2015 08:22:48 -0400
Obsolete in lucid-updates on 2016-10-26
Obsolete in lucid-security on 2016-10-26
gnupg (1.4.10-2ubuntu1.8) lucid-security; urgency=medium

  * SECURITY UPDATE: sidechannel attack on Elgamal
    - debian/patches/CVE-2014-3591.dpatch: use ciphertext blinding in
      cipher/elgamal.c.
    - CVE-2014-3591
  * SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm
    - debian/patches/CVE-2015-0837.dpatch: avoid timing variations in
      include/mpi.h, mpi/mpi-pow.c, mpi/mpiutil.c.
    - CVE-2015-0837
  * SECURITY UPDATE: invalid memory read via invalid keyring
    - debian/patches/CVE-2015-1606.dpatch: skip all packets not allowed in
      a keyring in g10/keyring.c.
    - CVE-2015-1606
  * SECURITY UPDATE: memcpy with overlapping ranges
    - debian/patches/CVE-2015-1607.dpatch: use inline functions to convert
      buffer data to scalars in g10/apdu.c, g10/app-openpgp.c,
      g10/build-packet.c, g10/ccid-driver.c, g10/getkey.c, g10/keygen.c,
      g10/keyid.c, g10/misc.c, g10/parse-packet.c, g10/tdbio.c,
      g10/trustdb.c, include/host2net.h.
    - CVE-2015-1607
 -- Marc Deslauriers <email address hidden>   Wed, 25 Mar 2015 14:34:25 -0400
Superseded in xenial-release on 2015-11-27
Obsolete in wily-release on 2018-01-22
Obsolete in vivid-release on 2018-01-18
Deleted in vivid-proposed on 2018-01-22 (Reason: moved to release)
gnupg (1.4.18-7ubuntu1) vivid; urgency=medium

  * Resynchronise with Debian.  Remaining changes:
    - Disable mlock() test since it fails with ulimit 0 (on buildds).
    - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
    - Only suggest gnupg-curl and libldap; recommendations are pulled into
      minimal, and we don't need the keyserver utilities in a minimal Ubuntu
      system.
    - Remove the Win32 build.
    - Build using dh-autoreconf.
    - Disable inline assembler for ppc64el.
    - Enable SHA-512 support in gpgv-udeb.

Superseded in vivid-release on 2015-03-08
Deleted in vivid-proposed on 2015-03-09 (Reason: moved to release)
gnupg (1.4.18-6ubuntu1) vivid; urgency=medium

  * Resynchronise with Debian (LP: #1371766).  Remaining changes:
    - Disable mlock() test since it fails with ulimit 0 (on buildds).
    - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
    - Only suggest gnupg-curl and libldap; recommendations are pulled into
      minimal, and we don't need the keyserver utilities in a minimal Ubuntu
      system.
    - Remove the Win32 build.
    - Build using dh-autoreconf.
    - Disable inline assembler for ppc64el.
    - Enable SHA-512 support in gpgv-udeb.

Available diffs

Superseded in vivid-release on 2015-01-22
Deleted in vivid-proposed on 2015-01-23 (Reason: moved to release)
gnupg (1.4.18-4ubuntu2) vivid; urgency=medium

  * Enable SHA-512 support in gpgv-udeb, since Ubuntu's Release.gpg is
    signed using that digest algorithm (thanks, Nathan Rennie-Waldock;
    LP: #1403982).
 -- Colin Watson <email address hidden>   Wed, 14 Jan 2015 11:23:40 +0000

Available diffs

Superseded in vivid-release on 2015-01-14
Deleted in vivid-proposed on 2015-01-15 (Reason: moved to release)
gnupg (1.4.18-4ubuntu1) vivid; urgency=medium

  * Resynchronise with Debian. Remaining changes:
    - Disable mlock() test since it fails with ulimit 0 (on buildds).
    - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
    - Only suggest gnupg-curl and libldap; recommendations are pulled into
      minimal, and we don't need the keyserver utilities in a minimal Ubuntu
      system.
    - Remove the Win32 build.
    - Build using dh-autoreconf
    - Disable inline assembler for ppc64el.

Superseded in lucid-updates on 2015-04-01
Superseded in lucid-security on 2015-04-01
gnupg (1.4.10-2ubuntu1.7) lucid-security; urgency=medium

  * SECURITY UPDATE: side-channel attack on Elgamal encryption subkeys
    - debian/patches/CVE-2014-5270.dpatch: use sliding window method for
      exponentiation algorithm in mpi/mpi-pow.c.
    - CVE-2014-5270
 -- Marc Deslauriers <email address hidden>   Tue, 19 Aug 2014 09:44:38 -0400
Superseded in precise-updates on 2015-04-01
Superseded in precise-security on 2015-04-01
gnupg (1.4.11-3ubuntu2.7) precise-security; urgency=medium

  * SECURITY UPDATE: side-channel attack on Elgamal encryption subkeys
    - debian/patches/CVE-2014-5270.dpatch: use sliding window method for
      exponentiation algorithm in mpi/mpi-pow.c.
    - CVE-2014-5270
 -- Marc Deslauriers <email address hidden>   Tue, 19 Aug 2014 09:41:45 -0400
Superseded in vivid-release on 2014-10-31
Obsolete in utopic-release on 2016-11-03
Deleted in utopic-proposed on 2016-11-03 (Reason: moved to release)
gnupg (1.4.16-1.2ubuntu1) utopic; urgency=medium

  * Resynchronise with Debian. Remaining changes:
    - Disable mlock() test since it fails with ulimit 0 (on buildds).
    - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
    - Only suggest gnupg-curl and libldap; recommendations are pulled into
      minimal, and we don't need the keyserver utilities in a minimal Ubuntu
      system.
    - Remove the Win32 build.
    - Build using dh-autoreconf
    - Disable inline assembler for ppc64el.

Superseded in precise-updates on 2014-09-03
Superseded in precise-security on 2014-09-03
gnupg (1.4.11-3ubuntu2.6) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via uncompressing garbled packets
    - debian/patches/CVE-2014-4617.dpatch: limit number of extra bytes in
      g10/compress.c.
    - CVE-2014-4617
 -- Marc Deslauriers <email address hidden>   Thu, 26 Jun 2014 08:30:14 -0400
Superseded in trusty-updates on 2015-04-01
Superseded in trusty-security on 2015-04-01
gnupg (1.4.16-1ubuntu2.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via uncompressing garbled packets
    - debian/patches/CVE-2014-4617.patch: limit number of extra bytes in
      g10/compress.c.
    - CVE-2014-4617
 -- Marc Deslauriers <email address hidden>   Thu, 26 Jun 2014 08:26:05 -0400
Superseded in lucid-updates on 2014-09-03
Superseded in lucid-security on 2014-09-03
gnupg (1.4.10-2ubuntu1.6) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service via uncompressing garbled packets
    - debian/patches/CVE-2014-4617.dpatch: limit number of extra bytes in
      g10/compress.c.
    - CVE-2014-4617
 -- Marc Deslauriers <email address hidden>   Thu, 26 Jun 2014 08:32:12 -0400
Obsolete in saucy-updates on 2015-04-24
Obsolete in saucy-security on 2015-04-24
gnupg (1.4.14-1ubuntu2.2) saucy-security; urgency=medium

  * SECURITY UPDATE: denial of service via uncompressing garbled packets
    - debian/patches/CVE-2014-4617.patch: limit number of extra bytes in
      g10/compress.c.
    - CVE-2014-4617
 -- Marc Deslauriers <email address hidden>   Thu, 26 Jun 2014 08:28:58 -0400
Superseded in utopic-release on 2014-06-26
Published in trusty-release on 2014-03-06
Deleted in trusty-proposed (Reason: moved to release)
gnupg (1.4.16-1ubuntu2) trusty; urgency=medium

  * Add patch init_trustdb.patch (Closes: #737128)
 -- Brian Murray <email address hidden>   Thu, 06 Mar 2014 07:53:11 -0800

Available diffs

Superseded in trusty-release on 2014-03-06
Deleted in trusty-proposed on 2014-03-07 (Reason: moved to release)
gnupg (1.4.16-1ubuntu1) trusty; urgency=medium

  * Resynchronise with Debian. Remaining changes:
    - Disable mlock() test since it fails with ulimit 0 (on buildds).
    - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
    - Only suggest gnupg-curl and libldap; recommendations are pulled into
      minimal, and we don't need the keyserver utilities in a minimal Ubuntu
      system.
    - Remove the Win32 build.
    - Build using dh-autoreconf
    - Disable inline assembler for ppc64el.

Available diffs

Superseded in trusty-release on 2014-01-28
Deleted in trusty-proposed on 2014-01-30 (Reason: moved to release)
gnupg (1.4.15-2ubuntu1) trusty; urgency=low

  * Resynchronise with Debian.  Remaining changes:
    - Disable mlock() test since it fails with ulimit 0 (on buildds).
    - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
    - Only suggest gnupg-curl and libldap; recommendations are pulled into
      minimal, and we don't need the keyserver utilities in a minimal Ubuntu
      system.
    - Remove the Win32 build.
    - Build using dh-autoreconf
    - Disable inline assembler for ppc64el.
  * Moved CVE-2013-4576 patch to the right directory, and added to series
    file so it actually gets applied.

Obsolete in quantal-updates on 2015-04-24
Obsolete in quantal-security on 2015-04-24
gnupg (1.4.11-3ubuntu4.4) quantal-security; urgency=low

  * SECURITY UPDATE: RSA Key Extraction via Low-Bandwidth Acoustic
    Cryptanalysis attack
    - debian/patches/CVE-2013-4576.dpatch: Use blinding for the RSA secret
      operation in cipher/random.*, cipher/rsa.c, g10/gpgv.c. Normalize the
      MPIs used as input to secret key functions in cipher/dsa.c,
      cipher/elgamal.c, cipher/rsa.c.
    - CVE-2013-4576
 -- Marc Deslauriers <email address hidden>   Wed, 18 Dec 2013 11:15:37 -0500
Superseded in precise-updates on 2014-06-26
Superseded in precise-security on 2014-06-26
gnupg (1.4.11-3ubuntu2.5) precise-security; urgency=low

  * SECURITY UPDATE: RSA Key Extraction via Low-Bandwidth Acoustic
    Cryptanalysis attack
    - debian/patches/CVE-2013-4576.dpatch: Use blinding for the RSA secret
      operation in cipher/random.*, cipher/rsa.c, g10/gpgv.c. Normalize the
      MPIs used as input to secret key functions in cipher/dsa.c,
      cipher/elgamal.c, cipher/rsa.c.
    - CVE-2013-4576
 -- Marc Deslauriers <email address hidden>   Wed, 18 Dec 2013 11:17:02 -0500
Obsolete in raring-updates on 2015-04-24
Obsolete in raring-security on 2015-04-24
gnupg (1.4.12-7ubuntu1.3) raring-security; urgency=low

  * SECURITY UPDATE: RSA Key Extraction via Low-Bandwidth Acoustic
    Cryptanalysis attack
    - debian/patches/CVE-2013-4576.patch: Use blinding for the RSA secret
      operation in cipher/random.*, cipher/rsa.c, g10/gpgv.c. Normalize the
      MPIs used as input to secret key functions in cipher/dsa.c,
      cipher/elgamal.c, cipher/rsa.c.
    - CVE-2013-4576
 -- Marc Deslauriers <email address hidden>   Wed, 18 Dec 2013 11:14:22 -0500
Superseded in saucy-updates on 2014-06-26
Superseded in saucy-security on 2014-06-26
gnupg (1.4.14-1ubuntu2.1) saucy-security; urgency=low

  * SECURITY UPDATE: RSA Key Extraction via Low-Bandwidth Acoustic
    Cryptanalysis attack
    - debian/patches/CVE-2013-4576.patch: Use blinding for the RSA secret
      operation in cipher/random.*, cipher/rsa.c, g10/gpgv.c. Normalize the
      MPIs used as input to secret key functions in cipher/dsa.c,
      cipher/elgamal.c, cipher/rsa.c.
    - CVE-2013-4576
 -- Marc Deslauriers <email address hidden>   Wed, 18 Dec 2013 11:08:33 -0500
Superseded in lucid-updates on 2014-06-26
Superseded in lucid-security on 2014-06-26
gnupg (1.4.10-2ubuntu1.5) lucid-security; urgency=low

  * SECURITY UPDATE: RSA Key Extraction via Low-Bandwidth Acoustic
    Cryptanalysis attack
    - debian/patches/CVE-2013-4576.dpatch: Use blinding for the RSA secret
      operation in cipher/random.*, cipher/rsa.c, g10/gpgv.c. Normalize the
      MPIs used as input to secret key functions in cipher/dsa.c,
      cipher/elgamal.c, cipher/rsa.c.
    - CVE-2013-4576
 -- Marc Deslauriers <email address hidden>   Wed, 18 Dec 2013 11:18:09 -0500
Superseded in trusty-release on 2013-12-20
Deleted in trusty-proposed on 2013-12-21 (Reason: moved to release)
gnupg (1.4.15-1.1ubuntu2) trusty; urgency=medium

  * Build using dh-autoreconf
  * Disable inline assembler for ppc64el.
 -- Matthias Klose <email address hidden>   Sun, 15 Dec 2013 10:39:38 +0100
Superseded in trusty-release on 2013-12-15
Deleted in trusty-proposed on 2013-12-16 (Reason: moved to release)
gnupg (1.4.15-1.1ubuntu1) trusty; urgency=low

  * Resynchronise with Debian.  Remaining changes:
    - Disable mlock() test since it fails with ulimit 0 (on buildds).
    - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
    - Only suggest gnupg-curl and libldap; recommendations are pulled into
      minimal, and we don't need the keyserver utilities in a minimal Ubuntu
      system.
    - Remove the Win32 build.
  * Dropped upstreamed patches:
    - debian/patches/CVE-2013-4351.patch
    - debian/patches/CVE-2013-4402.patch

Superseded in trusty-release on 2013-11-04
Obsolete in saucy-release on 2015-04-24
Deleted in saucy-proposed on 2015-04-28 (Reason: moved to release)
gnupg (1.4.14-1ubuntu2) saucy; urgency=low

  * SECURITY UPDATE: incorrect no-usage-permitted flag handling
    - debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
      in g10/getkey.c, g10/keygen.c, include/cipher.h.
    - CVE-2013-4351
  * SECURITY UPDATE: denial of service via infinite recursion
    - debian/patches/CVE-2013-4402.patch: set limits on number of filters
      and nested packets in util/iobuf.c, g10/mainproc.c.
    - CVE-2013-4402
 -- Marc Deslauriers <email address hidden>   Tue, 08 Oct 2013 07:40:27 -0400
Superseded in precise-updates on 2013-12-18
Superseded in precise-security on 2013-12-18
gnupg (1.4.11-3ubuntu2.4) precise-security; urgency=low

  * SECURITY UPDATE: incorrect no-usage-permitted flag handling
    - debian/patches/CVE-2013-4351.dpatch: correctly handle empty key flags
      in g10/getkey.c, g10/keygen.c, include/cipher.h.
    - CVE-2013-4351
  * SECURITY UPDATE: denial of service via infinite recursion
    - debian/patches/CVE-2013-4402.dpatch: set limits on number of filters
      and nested packets in util/iobuf.c, g10/mainproc.c.
    - CVE-2013-4402
 -- Marc Deslauriers <email address hidden>   Tue, 08 Oct 2013 07:49:58 -0400
Superseded in lucid-updates on 2013-12-18
Superseded in lucid-security on 2013-12-18
gnupg (1.4.10-2ubuntu1.4) lucid-security; urgency=low

  * SECURITY UPDATE: incorrect no-usage-permitted flag handling
    - debian/patches/CVE-2013-4351.dpatch: correctly handle empty key flags
      in g10/getkey.c, g10/keygen.c, include/cipher.h.
    - CVE-2013-4351
  * SECURITY UPDATE: denial of service via infinite recursion
    - debian/patches/CVE-2013-4402.dpatch: set limits on number of filters
      and nested packets in util/iobuf.c, g10/mainproc.c.
    - CVE-2013-4402
 -- Marc Deslauriers <email address hidden>   Tue, 08 Oct 2013 07:51:47 -0400
Superseded in quantal-updates on 2013-12-18
Superseded in quantal-security on 2013-12-18
gnupg (1.4.11-3ubuntu4.3) quantal-security; urgency=low

  * SECURITY UPDATE: incorrect no-usage-permitted flag handling
    - debian/patches/CVE-2013-4351.dpatch: correctly handle empty key flags
      in g10/getkey.c, g10/keygen.c, include/cipher.h.
    - CVE-2013-4351
  * SECURITY UPDATE: denial of service via infinite recursion
    - debian/patches/CVE-2013-4402.dpatch: set limits on number of filters
      and nested packets in util/iobuf.c, g10/mainproc.c.
    - CVE-2013-4402
 -- Marc Deslauriers <email address hidden>   Tue, 08 Oct 2013 07:46:59 -0400
Superseded in raring-updates on 2013-12-18
Superseded in raring-security on 2013-12-18
gnupg (1.4.12-7ubuntu1.2) raring-security; urgency=low

  * SECURITY UPDATE: incorrect no-usage-permitted flag handling
    - debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
      in g10/getkey.c, g10/keygen.c, include/cipher.h.
    - CVE-2013-4351
  * SECURITY UPDATE: denial of service via infinite recursion
    - debian/patches/CVE-2013-4402.patch: set limits on number of filters
      and nested packets in util/iobuf.c, g10/mainproc.c.
    - CVE-2013-4402
 -- Marc Deslauriers <email address hidden>   Tue, 08 Oct 2013 07:43:41 -0400
Superseded in saucy-release on 2013-10-08
Deleted in saucy-proposed on 2013-10-10 (Reason: moved to release)
gnupg (1.4.14-1ubuntu1) saucy; urgency=low

  * Resynchronise with Debian.  Remaining changes:
    - Disable mlock() test since it fails with ulimit 0 (on buildds).
    - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
    - Only suggest gnupg-curl and libldap; recommendations are pulled into
      minimal, and we don't need the keyserver utilities in a minimal Ubuntu
      system.
    - Remove the Win32 build.

Superseded in raring-updates on 2013-10-09
Superseded in raring-security on 2013-10-09
gnupg (1.4.12-7ubuntu1.1) raring-security; urgency=low

  * SECURITY UPDATE: The path of execution in an exponentiation function may
    depend upon secret key data, allowing a local attacker to determine the
    contents of the secret key through a side-channel attack.
    - debian/patches/CVE-2013-4242.diff: always perform the mpi_mul for
      exponents in secure memory. Based on upstream patch.
    - CVE-2013-4242
 -- Seth Arnold <email address hidden>   Tue, 30 Jul 2013 14:54:59 -0700
Superseded in quantal-updates on 2013-10-09
Superseded in quantal-security on 2013-10-09
gnupg (1.4.11-3ubuntu4.2) quantal-security; urgency=low

  * SECURITY UPDATE: The path of execution in an exponentiation function may
    depend upon secret key data, allowing a local attacker to determine the
    contents of the secret key through a side-channel attack.
    - debian/patches/CVE-2013-4242.dpatch: always perform the mpi_mul for
      exponents in secure memory. Based on upstream patch.
    - CVE-2013-4242
 -- Seth Arnold <email address hidden>   Tue, 30 Jul 2013 15:22:19 -0700
Superseded in precise-updates on 2013-10-09
Superseded in precise-security on 2013-10-09
gnupg (1.4.11-3ubuntu2.3) precise-security; urgency=low

  * SECURITY UPDATE: The path of execution in an exponentiation function may
    depend upon secret key data, allowing a local attacker to determine the
    contents of the secret key through a side-channel attack.
    - debian/patches/CVE-2013-4242.dpatch: always perform the mpi_mul for
      exponents in secure memory. Based on upstream patch.
    - CVE-2013-4242
 -- Seth Arnold <email address hidden>   Tue, 30 Jul 2013 15:51:17 -0700
Superseded in lucid-updates on 2013-10-09
Superseded in lucid-security on 2013-10-09
gnupg (1.4.10-2ubuntu1.3) lucid-security; urgency=low

  * SECURITY UPDATE: The path of execution in an exponentiation function may
    depend upon secret key data, allowing a local attacker to determine the
    contents of the secret key through a side-channel attack.
    - debian/patches/CVE-2013-4242.dpatch: always perform the mpi_mul for
      exponents in secure memory. Based on upstream patch.
    - CVE-2013-4242
 -- Seth Arnold <email address hidden>   Tue, 30 Jul 2013 15:56:45 -0700
Superseded in lucid-updates on 2013-08-01
Superseded in lucid-security on 2013-08-01
gnupg (1.4.10-2ubuntu1.2) lucid-security; urgency=low

  * SECURITY UPDATE: keyring corruption via malformed key import
    - debian/patches/CVE-2012-6085.dpatch: validate PKTTYPE in g10/import.c.
    - CVE-2012-6085
 -- Marc Deslauriers <email address hidden>   Tue, 08 Jan 2013 10:55:50 -0500
Superseded in precise-updates on 2013-08-01
Superseded in precise-security on 2013-08-01
gnupg (1.4.11-3ubuntu2.2) precise-security; urgency=low

  * SECURITY UPDATE: keyring corruption via malformed key import
    - debian/patches/CVE-2012-6085.dpatch: validate PKTTYPE in g10/import.c.
    - CVE-2012-6085
 -- Marc Deslauriers <email address hidden>   Tue, 08 Jan 2013 10:52:55 -0500
Obsolete in hardy-updates on 2015-04-24
Obsolete in hardy-security on 2015-04-24
gnupg (1.4.6-2ubuntu5.2) hardy-security; urgency=low

  * SECURITY UPDATE: keyring corruption via malformed key import
    - debian/patches/CVE-2012-6085.dpatch: validate PKTTYPE in g10/import.c.
    - CVE-2012-6085
 -- Marc Deslauriers <email address hidden>   Tue, 08 Jan 2013 10:57:13 -0500
Obsolete in oneiric-updates on 2015-04-24
Obsolete in oneiric-security on 2015-04-24
gnupg (1.4.11-3ubuntu1.11.10.2) oneiric-security; urgency=low

  * SECURITY UPDATE: keyring corruption via malformed key import
    - debian/patches/CVE-2012-6085.dpatch: validate PKTTYPE in g10/import.c.
    - CVE-2012-6085
 -- Marc Deslauriers <email address hidden>   Tue, 08 Jan 2013 10:54:13 -0500
Superseded in quantal-updates on 2013-08-01
Superseded in quantal-security on 2013-08-01
gnupg (1.4.11-3ubuntu4.1) quantal-security; urgency=low

  * SECURITY UPDATE: keyring corruption via malformed key import
    - debian/patches/CVE-2012-6085.dpatch: validate PKTTYPE in g10/import.c.
    - CVE-2012-6085
 -- Marc Deslauriers <email address hidden>   Tue, 08 Jan 2013 10:46:11 -0500
Superseded in saucy-release on 2013-08-02
Obsolete in raring-release on 2015-04-24
Deleted in raring-proposed on 2015-04-27 (Reason: moved to release)
gnupg (1.4.12-7ubuntu1) raring; urgency=low

  * Resynchronise with Debian.  Remaining changes:
    - Disable mlock() test since it fails with ulimit 0 (on buildds).
    - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
    - Only suggest gnupg-curl and libldap; recommendations are pulled into
      minimal, and we don't need the keyserver utilities in a minimal Ubuntu
      system.
    - Remove the Win32 build.
    - Update config.guess/config.sub for aarch64.

Superseded in raring-release on 2013-01-08
Deleted in raring-proposed on 2013-01-09 (Reason: moved to release)
gnupg (1.4.12-6ubuntu1) raring; urgency=low

  * Resynchronise with Debian.  Remaining changes:
    - Disable mlock() test since it fails with ulimit 0 (on buildds).
    - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
    - Only suggest gnupg-curl and libldap; recommendations are pulled into
      minimal, and we don't need the keyserver utilities in a minimal Ubuntu
      system.
    - Remove the Win32 build.
    - Update config.guess/config.sub for aarch64.
  * Dropped patches:
    - Fix udeb build failure on powerpc, building with -O2 instead of -Os.
      (No longer seems to be necessary.)
  * Simplify removal of Win32 build, to make this easier to merge in future.

Superseded in raring-release on 2012-12-05
Obsolete in quantal-release on 2015-04-24
gnupg (1.4.11-3ubuntu4) quantal; urgency=low

  * Update config.guess,sub for aarch64
 -- Wookey <email address hidden>   Mon, 01 Oct 2012 12:56:41 +0100
Obsolete in natty-security on 2013-06-04
Obsolete in natty-updates on 2013-06-04
Deleted in natty-proposed on 2013-06-04 (Reason: moved to -updates)
gnupg (1.4.11-3ubuntu1.11.04.1) natty-security; urgency=low

  * debian/patches/long-keyids.dpatch: Use the longest key ID available
    when requesting a key from a key server.
 -- Marc Deslauriers <email address hidden>   Tue, 14 Aug 2012 08:37:40 -0400
Superseded in oneiric-security on 2013-01-09
Superseded in oneiric-updates on 2013-01-09
Deleted in oneiric-proposed on 2013-01-11 (Reason: moved to -updates)
gnupg (1.4.11-3ubuntu1.11.10.1) oneiric-security; urgency=low

  * debian/patches/long-keyids.dpatch: Use the longest key ID available
    when requesting a key from a key server.
 -- Marc Deslauriers <email address hidden>   Tue, 14 Aug 2012 08:36:09 -0400
Superseded in hardy-security on 2013-01-09
Superseded in hardy-updates on 2013-01-09
Deleted in hardy-proposed on 2013-01-11 (Reason: moved to -updates)
gnupg (1.4.6-2ubuntu5.1) hardy-security; urgency=low

  * debian/patches/long-keyids.dpatch: Use the longest key ID available
    when requesting a key from a key server.
 -- Marc Deslauriers <email address hidden>   Tue, 14 Aug 2012 08:43:58 -0400
Superseded in lucid-security on 2013-01-09
Superseded in lucid-updates on 2013-01-09
Deleted in lucid-proposed on 2013-01-11 (Reason: moved to -updates)
gnupg (1.4.10-2ubuntu1.1) lucid-security; urgency=low

  * debian/patches/long-keyids.dpatch: Use the longest key ID available
    when requesting a key from a key server.
 -- Marc Deslauriers <email address hidden>   Tue, 14 Aug 2012 08:41:19 -0400
Superseded in precise-security on 2013-01-09
Superseded in precise-updates on 2013-01-09
Deleted in precise-proposed on 2013-01-11 (Reason: moved to -updates)
gnupg (1.4.11-3ubuntu2.1) precise-security; urgency=low

  * debian/patches/long-keyids.dpatch: Use the longest key ID available
    when requesting a key from a key server.
 -- Marc Deslauriers <email address hidden>   Tue, 14 Aug 2012 08:34:24 -0400
Superseded in quantal-release on 2012-10-04
Deleted in quantal-proposed on 2012-10-05 (Reason: moved to release)
gnupg (1.4.11-3ubuntu3) quantal-proposed; urgency=low

  * debian/patches/long-keyids.dpatch: Use the longest key ID available
    when requesting a key from a key server.
 -- Marc Deslauriers <email address hidden>   Tue, 24 Jul 2012 10:28:39 -0400
Superseded in quantal-release on 2012-07-27
Published in precise-release on 2011-11-21
gnupg (1.4.11-3ubuntu2) precise; urgency=low

  * Mark gnupg, gnupg-curl, and gpgv Multi-Arch: foreign.
 -- Colin Watson <email address hidden>   Mon, 21 Nov 2011 13:42:07 +0000

Available diffs

Superseded in precise-release on 2011-11-21
Obsolete in oneiric-release on 2015-04-24
Obsolete in natty-release on 2013-06-04
gnupg (1.4.11-3ubuntu1) natty; urgency=low

  * Resynchronise with Debian (LP: #720905).  Remaining changes:
    - Disable mlock() test since it fails with ulimit 0 (on buildds).
    - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
    - Fix udeb build failure on powerpc, building with -O2 instead of -Os.
    - Only suggest gnupg-curl and libldap; recommendations are pulled into
      minimal, and we don't need the keyserver utilities in a minimal Ubuntu
      system.
  * debian/{control,rules}: Remove the Win32 build (and mingw32
    build-dependency), since mingw32 is in universe, and will remain so for
    the forseeable future.

Available diffs

Superseded in natty-release on 2011-02-22
gnupg (1.4.10-4ubuntu2) natty; urgency=low

  * No-change rebuild to drop upstream changelog.
 -- Martin Pitt <email address hidden>   Fri, 03 Dec 2010 08:31:25 +0100

Available diffs

Superseded in natty-release on 2010-12-03
gnupg (1.4.10-4ubuntu1) natty; urgency=low

  * Resynchronise with Debian.  Remaining changes:
    - Disable mlock() test since it fails with ulimit 0 (on buildds).
    - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
    - Fix udeb build failure on powerpc, building with -O2 instead of -Os.
    - Only suggest gnupg-curl and libldap; recommendations are pulled into
      minimal, and we don't need the keyserver utilities in a minimal Ubuntu
      system.

Superseded in natty-release on 2010-10-15
Obsolete in maverick-release on 2013-03-05
gnupg (1.4.10-2ubuntu2) maverick; urgency=low

  * Only suggest gnupg-curl and libldap; recommendations are pulled into
    minimal, and we don't need the keyserver utilities in a minimal Ubuntu
    system.
 -- Colin Watson <email address hidden>   Mon, 14 Jun 2010 14:40:00 +0100

Available diffs

Superseded in maverick-release on 2010-06-14
Obsolete in lucid-release on 2016-10-26
gnupg (1.4.10-2ubuntu1) lucid; urgency=low

  * Merge from Debian testing (lp: #503064, #477818). Remaining changes:
    - Add 'debian/patches/50_disable_mlock_test.dpatch': Disable mlock() test
      since it fails with ulimit 0 (on buildds).
    - Add 'debian/patches/61_use_agent_default.dpatch': Patch to set gpg
      (or gpg2) and gpgsm to use a passphrase agent by default (lp: 15485)
    - Fix udeb build failure on powerpc, building with -O2 instead of -Os.
 -- Michael Bienia <email address hidden>   Mon, 04 Jan 2010 20:06:01 +0100

Available diffs

Superseded in lucid-release on 2010-01-05
Obsolete in karmic-release on 2013-03-04
gnupg (1.4.9-4ubuntu7) karmic; urgency=low

  * Fix udeb build failure on powerpc, building with -O2 instead of -Os.

 -- Matthias Klose <email address hidden>   Sun, 27 Sep 2009 13:49:46 +0200

Available diffs

Superseded in karmic-release on 2009-09-27
gnupg (1.4.9-4ubuntu6) karmic; urgency=low

  * Build-depend on libreadline-dev instead of libreadline5-dev.

 -- Matthias Klose <email address hidden>   Sat, 19 Sep 2009 22:52:53 +0200

Available diffs

Superseded in karmic-release on 2009-09-19
gnupg (1.4.9-4ubuntu5) karmic; urgency=low

  * debian/gnupg.udev:
    Add udev rules to set ACLs on SCM smartcard readers. They replace the hal
    rules for the same purpose. (LP: #57755)
  * debian/rules:
    Call dh_installudev.

 -- Michael Bienia <email address hidden>   Fri, 03 Jul 2009 15:38:40 +0200

Available diffs

Superseded in karmic-release on 2009-07-13
gnupg (1.4.9-4ubuntu4) karmic; urgency=low

  * Undo the last change. A GnuPG bug with handling multiple keyservers
    makes this break

 -- Mackenzie Morgan <email address hidden>   Sat, 20 Jun 2009 18:04:47 -0400

Available diffs

Superseded in karmic-release on 2009-06-20
gnupg (1.4.9-4ubuntu3) karmic; urgency=low

  * deian/patches/100_ubuntu_default_keyserver.dpatch: (LP: #380093)
    - Add keyserver.ubuntu.com as a default keyserver in g10/options.skel

 -- Mackenzie Morgan <email address hidden>   Mon, 25 May 2009 13:10:51 -0400

Available diffs

Superseded in karmic-release on 2009-05-29
gnupg (1.4.9-4ubuntu2) karmic; urgency=low

  * debian/rules: add --enable-noexecstack to configure to avoid needless
    executable stacks on i386 (LP: #49323, debian bug 527630).
  * debian/rules: fix "nocheck" logic to run tests (debian bug 521884).

 -- Kees Cook <email address hidden>   Fri, 08 May 2009 09:12:18 -0700

Available diffs

Superseded in karmic-release on 2009-05-09
gnupg (1.4.9-4ubuntu1) karmic; urgency=low

  * Merge from debian unstable, remaining changes:
    - Add 'debian/patches/50_disable_mlock_test.dpatch': Disable mlock() test
      since it fails with ulimit 0 (on buildds).
    - Add 'debian/patches/61_use_agent_default.dpatch': Patch to set gpg
      (or gpg2) and gpgsm to use a passphrase agent by default (lp: 15485)
    - Add libcurl4-gnutls-dev to Build-Depends to fix gpg running into a
      timeout updating the keyring (lp: 62864)
    - Add 'debian/patches/55_curl_typefix.dpatch': Fix a build error with recent
      curl and gcc 4.3

Available diffs

Superseded in karmic-release on 2009-05-06
Obsolete in jaunty-release on 2013-02-28
Obsolete in intrepid-release on 2013-02-20
gnupg (1.4.9-3ubuntu1) intrepid; urgency=low

  * Merge from debian unstable (lp: #225005), remaining changes:
    - Add 'debian/patches/50_disable_mlock_test.dpatch': Disable mlock() test
      since it fails with ulimit 0 (on buildds).
    - Add 'debian/patches/61_use_agent_default.dpatch': Patch to set gpg
      (or gpg2) and gpgsm to use a passphrase agent by default (lp: 15485)
    - Add libcurl4-gnutls-dev to Build-Depends to fix gpg running into a
      timeout updating the keyring (lp: 62864)
  * Dropped Ubuntu patches, applied upstream:
    - 50_show_primary_only.dpatch
    - 60_install_options_skel.dpatch
  * Add 'debian/patches/55_curl_typefix.dpatch': Fix a build error with recent
    curl and gcc 4.3 (lp: #247679). Patch taken from upstream:
    http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024344.html

Available diffs

Superseded in intrepid-release on 2008-07-30
Obsolete in hardy-release on 2015-04-24
gnupg (1.4.6-2ubuntu5) hardy; urgency=low

  * No-change rebuild against libldap-2.4-2.

 -- Steve Langasek <email address hidden>   Wed, 23 Jan 2008 10:49:38 +0000
175 of 118 results