Change log for gnupg package in Ubuntu
76 → 121 of 121 results | First • Previous • Next • Last |
Superseded in karmic-release |
gnupg (1.4.9-4ubuntu1) karmic; urgency=low * Merge from debian unstable, remaining changes: - Add 'debian/patches/50_disable_mlock_test.dpatch': Disable mlock() test since it fails with ulimit 0 (on buildds). - Add 'debian/patches/61_use_agent_default.dpatch': Patch to set gpg (or gpg2) and gpgsm to use a passphrase agent by default (lp: 15485) - Add libcurl4-gnutls-dev to Build-Depends to fix gpg running into a timeout updating the keyring (lp: 62864) - Add 'debian/patches/55_curl_typefix.dpatch': Fix a build error with recent curl and gcc 4.3
Available diffs
gnupg (1.4.9-3ubuntu1) intrepid; urgency=low * Merge from debian unstable (lp: #225005), remaining changes: - Add 'debian/patches/50_disable_mlock_test.dpatch': Disable mlock() test since it fails with ulimit 0 (on buildds). - Add 'debian/patches/61_use_agent_default.dpatch': Patch to set gpg (or gpg2) and gpgsm to use a passphrase agent by default (lp: 15485) - Add libcurl4-gnutls-dev to Build-Depends to fix gpg running into a timeout updating the keyring (lp: 62864) * Dropped Ubuntu patches, applied upstream: - 50_show_primary_only.dpatch - 60_install_options_skel.dpatch * Add 'debian/patches/55_curl_typefix.dpatch': Fix a build error with recent curl and gcc 4.3 (lp: #247679). Patch taken from upstream: http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024344.html
Available diffs
gnupg (1.4.6-2ubuntu5) hardy; urgency=low * No-change rebuild against libldap-2.4-2. -- Steve Langasek <email address hidden> Wed, 23 Jan 2008 10:49:38 +0000
gnupg (1.4.6-2ubuntu4) gutsy; urgency=low * debian/patches/70_trust_error.dpatch: Removed as it broke setting the trust level to 1 (LP: #147343). -- Michael Bienia <email address hidden> Mon, 01 Oct 2007 21:52:52 +0200
Obsolete in feisty-backports |
gnupg (1.4.6-2ubuntu3~feisty1) feisty-backports; urgency=low * Feisty backport -- Jonathan Riddell <email address hidden> Thu, 2 Aug 2007 09:40:55 +0000
Superseded in gutsy-release |
gnupg (1.4.6-2ubuntu3) gutsy; urgency=low [ Scott Kitterman ] * Add 'debian/patches/60_install_options_skel.dpatch': Patch to install options file from upstream (LP: #76983) * Add 'debian/patches/61_use_agent_default.dpatch': Patch to set gpg (or gpg2) and gpgsm to use a passphrase agent by default (LP: #15485) * Add 'debian/patches/70_trust_error.dpatch': Patch to disallow illegal zero response for trust level changes (LP: #39459) [ Michael Bienia ] * Add libcurl4-gnutls-dev to Build-Depends to fix gpg running into a timeout updating the keyring (LP: #62864) -- Michael Bienia <email address hidden> Fri, 06 Jul 2007 20:56:05 +0200
Superseded in gutsy-release |
gnupg (1.4.6-2ubuntu2) gutsy; urgency=low * Add 'debian/patches/50_show_primary_only.dpatch': add 'show-primary-uid-only' to verify options, to suppress 'aka' output in key verifications, backported from 1.4.7 upstream. -- Kees Cook <email address hidden> Tue, 15 May 2007 12:09:41 -0700
Superseded in gutsy-release |
gnupg (1.4.6-2ubuntu1) gutsy; urgency=low * Merge from debian unstable, remaining changes: - config.h.in: Disable mlock() test since it fails with ulimit 0 (on buildds). - debian/rules: + Do not install gpg as suid root, since that is not necessary with kernels 2.6.8+. + Make the build fail if the test suite fails. - debian/control: Maintainer field update.
gnupg (1.4.3-2ubuntu3.3) edgy-security; urgency=low * SECURITY UPDATE: without --status-fd, forged inline sigs can appear valid. * debian/patches/50_stop_multiple_messages.dpatch: ported upstream patch. * References ftp://ftp.gnupg.org/gcrypt/gnupg/patches/gnupg-1.4.6-multiple-message.patch CVE-2007-1263 -- Kees Cook <email address hidden> Wed, 7 Mar 2007 14:10:02 -0800
gnupg (1.4.2.2-1ubuntu2.5) dapper-security; urgency=low * SECURITY UPDATE: without --status-fd, forged inline sigs can appear valid. * debian/patches/50_stop_multiple_messages.dpatch: ported upstream patch. * References ftp://ftp.gnupg.org/gcrypt/gnupg/patches/gnupg-1.4.6-multiple-message.patch CVE-2007-1263 -- Kees Cook <email address hidden> Wed, 7 Mar 2007 14:13:56 -0800
Obsolete in breezy-security |
gnupg (1.4.1-1ubuntu1.7) breezy-security; urgency=low * SECURITY UPDATE: without --status-fd, forged inline sigs can appear valid. * debian/patches/50_stop_multiple_messages.dpatch: ported upstream patch. * References ftp://ftp.gnupg.org/gcrypt/gnupg/patches/gnupg-1.4.6-multiple-message.patch CVE-2007-1263 -- Kees Cook <email address hidden> Wed, 7 Mar 2007 14:31:54 -0800
gnupg (1.4.6-1ubuntu2) feisty; urgency=low * SECURITY UPDATE: without --status-fd, forged inline sigs can appear valid. * debian/patches/50_stop_multiple_messages.dpatch: upstream patch. * References ftp://ftp.gnupg.org/gcrypt/gnupg/patches/gnupg-1.4.6-multiple-message.patch CVE-2007-1263 -- Kees Cook <email address hidden> Wed, 7 Mar 2007 11:53:20 -0800
Superseded in feisty-release |
gnupg (1.4.6-1ubuntu1) feisty; urgency=low * Merge from debian unstable, remaining changes: - config.h.in: Disable mlock() test since it fails with ulimit 0 (on buildds). - debian/rules: + Do not install gpg as suid root, since that is not necessary with kernels 2.6.8+. + Make the build fail if the test suite fails.
Superseded in edgy-security |
gnupg (1.4.3-2ubuntu3.2) edgy-security; urgency=low * SECURITY UPDATE: unwound stack data use, leading to arbitrary code execution. * Add debian/patches/29_dxf_context_stack.dpatch: upstream patch, use heap for allocation instead. * References http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html CVE-2006-6235 -- Kees Cook <email address hidden> Wed, 6 Dec 2006 11:56:02 -0800
Superseded in dapper-security |
gnupg (1.4.2.2-1ubuntu2.4) dapper-security; urgency=low * SECURITY UPDATE: unwound stack data use, leading to arbitrary code execution. * Add debian/patches/29_dxf_context_stack.dpatch: upstream patch, use heap for allocation instead. * References http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html CVE-2006-6235 -- Kees Cook <email address hidden> Wed, 6 Dec 2006 12:24:58 -0800
Superseded in breezy-security |
gnupg (1.4.1-1ubuntu1.6) breezy-security; urgency=low * SECURITY UPDATE: unwound stack data use, leading to arbitrary code execution. * Add debian/patches/29_dxf_context_stack.dpatch: upstream patch, use heap for allocation instead. * References http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html CVE-2006-6235 -- Kees Cook <email address hidden> Wed, 6 Dec 2006 13:39:49 -0800
Superseded in feisty-release |
gnupg (1.4.5-3ubuntu2) feisty; urgency=low * SECURITY UPDATE: unwound stack data use, leading to arbitrary code execution. * Add debian/patches/29_dxf_context_stack.dpatch: upstream patch, use heap for allocation instead. * References CVE-2006-6235 -- Kees Cook <email address hidden> Wed, 6 Dec 2006 11:46:44 -0800
Superseded in edgy-security |
gnupg (1.4.3-2ubuntu3.1) edgy-security; urgency=low * SECURITY UPDATE: Local arbitrary code execution. * Add debian/patches/28_filename_prompt_overflow.dpatch to fix buffer overflow, taken from upstream. * References http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html -- Kees Cook <email address hidden> Tue, 28 Nov 2006 14:27:31 -0800
Superseded in dapper-security |
gnupg (1.4.2.2-1ubuntu2.3) dapper-security; urgency=low * SECURITY UPDATE: Local arbitrary code execution. * Add debian/patches/28_filename_prompt_overflow.dpatch to fix buffer overflow, taken from upstream. * References http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html -- Kees Cook <email address hidden> Tue, 28 Nov 2006 13:54:12 -0800
Superseded in breezy-security |
gnupg (1.4.1-1ubuntu1.5) breezy-security; urgency=low * SECURITY UPDATE: Local arbitrary code execution. * Add debian/patches/28_filename_prompt_overflow.dpatch to fix buffer overflow, taken from upstream. * References http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html -- Kees Cook <email address hidden> Tue, 28 Nov 2006 13:41:10 -0800
Superseded in feisty-release |
gnupg (1.4.5-3ubuntu1) feisty; urgency=low * Merge to Debian unstable. Remaining Ubuntu changes: - config.h.in: Disable mlock() test since it fails with ulimit 0 (on buildds). - debian/rules: + Do not install gpg as suid root, since that is not necessary with kernels 2.6.8+. + Make the build fail if the test suite fails.
Superseded in feisty-release |
gnupg (1.4.5-2ubuntu1) feisty; urgency=low * Merge to Debian unstable. Remaining Ubuntu changes: - config.h.in: Disable mlock() test since it fails with ulimit 0 (on buildds). - debian/rules: + Do not install gpg as suid root, since that is not necessary with kernels 2.6.8+. + Make the build fail if the test suite fails.
Superseded in dapper-security |
gnupg (1.4.2.2-1ubuntu2.2) dapper-security; urgency=low * SECURITY UPDATE: Local arbitrary code execution. * Add debian/patches/27_comment_control_overflow.dpatch: - Fix buffer overflows in parse_comment() and parse_gpg_control(). - Patch extracted from stable 1.4.5 release. - Reproducer: perl -e 'print "\xfd\xff\xff\xff\xff\xfe"'| gpg --no-armor - Credit: Evgeny Legerov - CVE-2006-3746 -- Martin Pitt <email address hidden> Thu, 3 Aug 2006 06:04:42 +0000
Superseded in breezy-security |
gnupg (1.4.1-1ubuntu1.4) breezy-security; urgency=low * SECURITY UPDATE: Local arbitrary code execution. * Add debian/patches/27_comment_control_overflow.dpatch: - Fix buffer overflows in parse_comment() and parse_gpg_control(). - Patch extracted from stable 1.4.5 release. - Reproducer: perl -e 'print "\xfd\xff\xff\xff\xff\xfe"'| gpg --no-armor - Credit: Evgeny Legerov - CVE-2006-3746 -- Martin Pitt <email address hidden> Thu, 3 Aug 2006 06:18:48 +0000
Obsolete in hoary-security |
gnupg (1.2.5-3ubuntu5.5) hoary-security; urgency=low * SECURITY UPDATE: Local arbitrary code execution. * Add debian/patches/27_comment_control_overflow.dpatch: - Fix buffer overflows in parse_comment() and parse_gpg_control(). - Patch extracted from stable 1.4.5 release. - Reproducer: perl -e 'print "\xfd\xff\xff\xff\xff\xfe"'| gpg --no-armor - Credit: Evgeny Legerov - CVE-2006-3746 -- Martin Pitt <email address hidden> Thu, 3 Aug 2006 06:21:37 +0000
gnupg (1.4.3-2ubuntu3) edgy; urgency=low * SECURITY UPDATE: Local arbitrary code execution. * Add debian/patches/27_comment_control_overflow.dpatch: - Fix buffer overflows in parse_comment() and parse_gpg_control(). - Patch extracted from stable 1.4.5 release. - Reproducer: perl -e 'print "\xfd\xff\xff\xff\xff\xfe"'| gpg --no-armor - Credit: Evgeny Legerov - CVE-2006-3746 -- Martin Pitt <email address hidden> Thu, 3 Aug 2006 08:11:46 +0200
Superseded in edgy-release |
gnupg (1.4.3-2ubuntu2) edgy; urgency=low * Rebuild with current zlib1g-dev to fix udeb shlibdeps. Thanks to Evan Dandrea for noticing. -- Colin Watson <email address hidden> Mon, 31 Jul 2006 11:21:55 +0100
Superseded in edgy-release |
gnupg (1.4.3-2ubuntu1) edgy; urgency=low * Sync with Debian: Remaining Ubuntu changes: + config.h.in: Disable mlock() test since it fails with ulimit 0 (on buildds). + debian/patches/20_no_tty_fix.dpatch: - dropped, upstream now + debian/rules: - don't use the included gettext - Don't install gpg as suid root, since that is not necessary with kernels 2.6.8+ - Make the build fail if the test suite fails
Superseded in dapper-security |
gnupg (1.4.2.2-1ubuntu2.1) dapper-security; urgency=low * SECURITY UPDATE: Crash and possibly arbitrary code execution. * Add debian/patches/26_user_id_overflow.dpatch: - Cap size of user ID packets to avoid overflow. - Patch ported from Debian's 1.4.3-2, originally from upstream SVN. - CVE-2006-3082 -- Martin Pitt <email address hidden> Mon, 26 Jun 2006 12:26:08 +0200
Superseded in breezy-security |
gnupg (1.4.1-1ubuntu1.3) breezy-security; urgency=low * SECURITY UPDATE: Crash and possibly arbitrary code execution. * Add debian/patches/26_user_id_overflow.dpatch: - Cap size of user ID packets to avoid overflow. - Patch ported from Debian's 1.4.3-2, originally from upstream SVN. - CVE-2006-3082 -- Martin Pitt <email address hidden> Mon, 26 Jun 2006 10:28:30 +0000
Superseded in hoary-security |
gnupg (1.2.5-3ubuntu5.4) hoary-security; urgency=low * SECURITY UPDATE: Crash and possibly arbitrary code execution. * Add debian/patches/26_user_id_overflow.dpatch: - Cap size of user ID packets to avoid overflow. - Patch ported from Debian's 1.4.3-2, originally from upstream SVN. - CVE-2006-3082 -- Martin Pitt <email address hidden> Mon, 26 Jun 2006 10:46:56 +0000
gnupg (1.4.2.2-1ubuntu2) dapper; urgency=low * debian/rules: - Remove --with-included-gettext configure option; use libc's gettext to get language pack support. Closes: LP#25609 - rm'ing locale.alias is not necessary with this change, so change it to rm -f to not break the build. -- Martin Pitt <email address hidden> Mon, 3 Apr 2006 18:21:19 +0200
Superseded in breezy-security |
gnupg (1.4.1-1ubuntu1.2) breezy-security; urgency=low * SECURITY UPDATE: Fix signature verification bypass. * Add debian/patches/21_CVE-2006-0049.dpatch: - Apply upstream patch to fix correct verification on invalid multiple signatures. - CVE-2006-0049 -- Martin Pitt <email address hidden> Mon, 13 Mar 2006 12:22:57 +0000
Superseded in hoary-security |
gnupg (1.2.5-3ubuntu5.3) hoary-security; urgency=low * SECURITY UPDATE: Fix signature verification bypass. * Add debian/patches/24_multisig.dpatch: - Apply upstream patch to fix correct verification on invalid multiple signatures. - CVE-2006-0049 -- Martin Pitt <email address hidden> Mon, 13 Mar 2006 12:44:27 +0000
Obsolete in warty-security |
gnupg (1.2.4-4ubuntu2.3) warty-security; urgency=low * SECURITY UPDATE: Fix signature verification bypass. * Add debian/patches/24_multisig.dpatch: - Apply upstream patch to fix correct verification on invalid multiple signatures. - CVE-2006-0049 -- Martin Pitt <email address hidden> Mon, 13 Mar 2006 12:46:22 +0000
Superseded in dapper-release |
gnupg (1.4.2.2-1ubuntu1) dapper; urgency=low * Resynchronize with Debian, UVF exception approved by Matt. 1.4.2.2 only contains a security fix, updated test cases, and updated translations. * For reference and to ease future merges, these are the remaining Ubuntu changes: - debian/rules: Make the build fail if the test suite fails. - debian/changelog: Add missing CVE number. - Don't install gpg as suid root, since that is not necessary with kernels 2.6.8+. - config.h.in: Disable mlock() test since it fails with ulimit 0 (on buildds). - debian/patches/20_no_tty_fix.dpatch: Malone #5570
Superseded in breezy-security |
gnupg (1.4.1-1ubuntu1.1) breezy-security; urgency=low * SECURITY UPDATE: Fix potential signature verification bypass. * Add debian/patches/23_verify_exit_code.dpatch: - Security fix for a verification weakness in gpgv. Some input could lead to gpgv exiting with 0 even if the detached signature file did not carry any signature. This is not as fatal as it might seem because the suggestion as always been not to rely on th exit code but to parse the --status-fd messages. However it is likely that gpgv is used in that simplified way and thus we do this release. Same problem with "gpg --verify" but nobody should have used this for signature verification without checking the status codes anyway. - Upstream patch from 1.4.2.1. - CVE-2006-0455 -- Martin Pitt <email address hidden> Fri, 17 Feb 2006 09:55:02 +0000
Superseded in hoary-security |
gnupg (1.2.5-3ubuntu5.2) hoary-security; urgency=low * SECURITY UPDATE: Fix potential signature verification bypass. * Add debian/patches/23_verify_exit_code.dpatch: - Security fix for a verification weakness in gpgv. Some input could lead to gpgv exiting with 0 even if the detached signature file did not carry any signature. This is not as fatal as it might seem because the suggestion as always been not to rely on th exit code but to parse the --status-fd messages. However it is likely that gpgv is used in that simplified way and thus we do this release. Same problem with "gpg --verify" but nobody should have used this for signature verification without checking the status codes anyway. - Upstream patch from 1.4.2.1. - CVE-2006-0455 -- Martin Pitt <email address hidden> Fri, 17 Feb 2006 10:39:23 +0000
Superseded in warty-security |
gnupg (1.2.4-4ubuntu2.2) warty-security; urgency=low * SECURITY UPDATE: Fix potential signature verification bypass. * Add debian/patches/23_verify_exit_code.dpatch: - Security fix for a verification weakness in gpgv. Some input could lead to gpgv exiting with 0 even if the detached signature file did not carry any signature. This is not as fatal as it might seem because the suggestion as always been not to rely on th exit code but to parse the --status-fd messages. However it is likely that gpgv is used in that simplified way and thus we do this release. Same problem with "gpg --verify" but nobody should have used this for signature verification without checking the status codes anyway. - Upstream patch from 1.4.2.1. - CVE-2006-0455 -- Martin Pitt <email address hidden> Fri, 17 Feb 2006 11:11:51 +0000
Superseded in dapper-release |
gnupg (1.4.2.1-0ubuntu1) dapper; urgency=low * New upstream security bugfix release, only contains the following changes: - Security fix for a verification weakness in gpgv. Some input could lead to gpgv exiting with 0 even if the detached signature file did not carry any signature. This is not as fatal as it might seem because the suggestion as always been not to rely on th exit code but to parse the --status-fd messages. However it is likely that gpgv is used in that simplified way and thus we do this release. Same problem with "gpg --verify" but nobody should have used this for signature verification without checking the status codes anyway. [CVE-2006-0455] - Added a test case for above vulnerability. * debian/rules: Call the test suite during build. (Will fail the build if the test suite fails.) -- Martin Pitt <email address hidden> Fri, 17 Feb 2006 11:18:27 +0100
gnupg (1.4.2-2ubuntu2) dapper; urgency=low * Add 20_no_tty_fix.dpatch: - Do not open /dev/tty if --no-tty is specified, since this breaks programs like seahorse. - Patch also accepted upstream. - Thanks to Ryan Lortie <email address hidden> for the patch. - Malone #5570 -- Martin Pitt <email address hidden> Fri, 16 Dec 2005 16:57:39 +0100
Obsolete in breezy-release |
gnupg (1.4.1-1ubuntu1) breezy; urgency=low * Resynchronise with Debian, fixing changelog ordering. * Added CAN number to previous changelog entry. -- Martin Pitt <email address hidden> Fri, 10 Jun 2005 10:36:38 +0200
Superseded in hoary-security |
gnupg (1.2.5-3ubuntu5.1) hoary-security; urgency=low * SECURITY UPDATE: Fix possible encryption weakening. * Add debian/patches/21_disable_quick_scan.dpatch: - Disable quick scan feature to avoid being vulnerable to Serge Mister' and Robert Zuccherato's timing attack. - CAN-2005-0366 -- Martin Pitt <email address hidden> Fri, 19 Aug 2005 16:21:49 +0200
Obsolete in hoary-release |
gnupg (1.2.5-3ubuntu5) hoary; urgency=low * debian/rules: Call pkgstriptranslations if present (the package does not use debhelper, thus it does not happen automatically). -- Martin Pitt <email address hidden> Fri, 18 Mar 2005 13:04:50 +0000
Superseded in warty-security |
gnupg (1.2.4-4ubuntu2.1) warty-security; urgency=low * SECURITY UPDATE: Fix possible encryption weakening. * Add debian/patches/17_disable_quick_scan.dpatch: - Disable quick scan feature to avoid being vulnerable to Serge Mister' and Robert Zuccherato's timing attack. - CAN-2005-0366 -- Martin Pitt <email address hidden> Fri, 19 Aug 2005 16:15:14 +0200
Obsolete in warty-release |
gnupg (1.2.4-4ubuntu2) warty; urgency=low * Do not configure with --with-capabilities, and do not install gnupg as suid root any more since the Ubuntu kernel now supports calling mlock() as user. -- Martin Pitt <email address hidden> Tue, 14 Sep 2004 07:57:14 +0200
76 → 121 of 121 results | First • Previous • Next • Last |