Change log for gnupg2 package in Ubuntu

175 of 97 results
Published in cosmic-release on 2018-09-04
Deleted in cosmic-proposed (Reason: moved to release)
gnupg2 (2.2.8-3ubuntu1) cosmic; urgency=medium

  * Sync with Debian. Remaining changes:
    - Honor http_proxy= environment variables by default in the systemd
      user session dirmngr service. LP: #1625848
      (debian/patches/dirmngr-honor-http-proxy.patch)
    - Export GPG_AGENT_INFO in the systemd-environment-generator too.

Available diffs

Published in xenial-updates on 2018-06-14
Published in xenial-security on 2018-06-14
gnupg2 (2.1.11-6ubuntu2.1) xenial-security; urgency=medium

  * SECURITY UPDATE: missing sanitization of verbose output
    - debian/patches/CVE-2018-12020.patch: Sanitize diagnostic with
      the original file name.
    - CVE-2018-12020
  * backport patch to handle the tofu tests expiring in 2016
    - d/p/0006-tests-openpgp-Fake-the-system-time-for-the-tofu-test.patch

 -- Steve Beattie <email address hidden>  Thu, 14 Jun 2018 10:41:36 -0700
Superseded in cosmic-release on 2018-09-04
Deleted in cosmic-proposed on 2018-09-06 (Reason: moved to release)
gnupg2 (2.2.8-1ubuntu1) cosmic; urgency=low

  * Merge from Debian unstable to fix CVE-2018-12020.  Remaining changes:
    - Honor http_proxy= environment variables by default in the systemd
      user session dirmngr service. LP: #1625848
      (debian/patches/dirmngr-honor-http-proxy.patch)
    - Export GPG_AGENT_INFO in the systemd-environment-generator too.
  * dropped due to applied in debian:
    - debian/gnupg2.udev:
      - udev rules to set ACLs on SCM smartcard readers.
      - Add udev rules to give gpg access to some smartcard readers;
        Debian #543217. (applied in scdaemon in 2.1.11-7+exp1)
  * dropped (no longer needed):
    - Add breaks for software-properties-common at 0.96.24.3 or lower.

Available diffs

Published in trusty-updates on 2018-06-14
Published in trusty-security on 2018-06-14
gnupg2 (2.0.22-3ubuntu1.4) trusty-security; urgency=medium

  * SECURITY UPDATE: missing sanitization of verbose output
    - debian/patches/CVE-2018-12020.patch: Sanitize diagnostic with
      the original file name.
    - CVE-2018-12020

 -- Steve Beattie <email address hidden>  Thu, 14 Jun 2018 11:05:25 -0700
Published in artful-updates on 2018-06-11
Published in artful-security on 2018-06-11
gnupg2 (2.1.15-1ubuntu8.1) artful-security; urgency=medium

  * SECURITY UPDATE: missing sanitization of verbose output
    - debian/patches/CVE-2018-12020.patch: Sanitize diagnostic with
      the original file name.
    - CVE-2018-12020

 -- Steve Beattie <email address hidden>  Sat, 09 Jun 2018 14:15:54 -0700
Published in bionic-updates on 2018-06-11
Published in bionic-security on 2018-06-11
gnupg2 (2.2.4-1ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: missing sanitization of verbose output
    - debian/patches/from-master/CVE-2018-12020.patch: Sanitize diagnostic with
      the original file name.
    - CVE-2018-12020
  * SECURITY UPDATE: certify public keys without a certify key present
    when using a smartcard.
    - debian/patches/from-master/CVE-2018-9234-1.patch,
    - debian/patches/from-master/CVE-2018-9234-2.patch: Check that a key
      may do certifications.
    - CVE-2018-9234
  * Always use MDC encryption mode regardless of the cipher algorithm
    or any preferences. The --rfc2440 option can be used to create
    a message without an MDC.
    - debian/patches/from-master/0003-gpg-Remove-MDC-options.patch
  * Decryption of messages not using the MDC mode into a hard
    failure even if a legacy cipher algorithm was used.  The
    option --ignore-mdc-error can be used to turn this failure
    into a warning.
    - debian/patches/from-master/0001-gpg-Turn-no-mdc-warn-into-a-NOP.patch
    - debian/patches/from-master/0003-gpg-Remove-MDC-options.patch
    - debian/patches/from-master/0004-gpg-Print-a-hint-on-how-to-decrypt-a-non-mdc-message.patch

 -- Steve Beattie <email address hidden>  Sun, 10 Jun 2018 21:54:05 -0700
Superseded in cosmic-release on 2018-07-10
Published in bionic-release on 2018-02-21
Deleted in bionic-proposed (Reason: moved to release)
gnupg2 (2.2.4-1ubuntu1) bionic; urgency=medium

  * Merge from Debian unstable, remaining changes:
    - debian/gnupg2.udev:
      - Add udev rules to give gpg access to some smartcard readers;
        Debian #543217.
      - udev rules to set ACLs on SCM smartcard readers.
    - Add breaks for software-properties-common at 0.96.24.3 or lower.
    - Honor http_proxy= environment variables by default in the systemd
      user session dirmngr service. LP: #1625848
    - Export GPG_AGENT_INFO in the systemd-environment-generator too.

  * Dropped changes:
    - Removed user session upstart support.
    - Removed gpg-agent.service changes, use Debian's environment generator instead.
    - Patch to set GNUPGHOME for tests, fixed in debian/upstream.

Superseded in bionic-release on 2018-02-21
Published in artful-release on 2017-10-14
Deleted in artful-proposed (Reason: moved to release)
gnupg2 (2.1.15-1ubuntu8) artful; urgency=medium

  * debian/patches/0005-set-gnupghome-for-tests.patch:
    - set GNUPGHOME to a directory under the build directory as the
      default value relies on $HOME which shouldn't be used during
      the package build. LP: #1722939.

 -- Tiago Stürmer Daitx <email address hidden>  Wed, 11 Oct 2017 20:20:46 +0000
Superseded in artful-release on 2017-10-14
Obsolete in zesty-release on 2018-06-22
Deleted in zesty-proposed on 2018-06-22 (Reason: moved to release)
gnupg2 (2.1.15-1ubuntu7) zesty; urgency=medium

  * gpg-agent.conf: use XDG_RUNTIME_DIR for ssh-agent socket, in the
    upstart user session job too. LP: #1675925.

 -- Dimitri John Ledkov <email address hidden>  Wed, 29 Mar 2017 16:15:15 +0100

Available diffs

Superseded in zesty-release on 2017-04-05
Obsolete in yakkety-release on 2018-01-23
Deleted in yakkety-proposed on 2018-01-23 (Reason: moved to release)
gnupg2 (2.1.15-1ubuntu6) yakkety; urgency=medium

  * gpg-agent.service: use XDG_RUNTIME_DIR for ssh-agent socket, instead
    of GNUPGHOME. LP: #1631320.

 -- Dimitri John Ledkov <email address hidden>  Fri, 07 Oct 2016 11:20:28 +0100

Available diffs

Superseded in yakkety-release on 2016-10-07
Deleted in yakkety-proposed on 2016-10-08 (Reason: moved to release)
gnupg2 (2.1.15-1ubuntu5) yakkety; urgency=medium

  * gpg-agent.service: Properly escape "\$10" to avoid warning. (LP: #1615726)

 -- Martin Pitt <email address hidden>  Thu, 06 Oct 2016 23:10:50 +0200

Available diffs

Superseded in yakkety-release on 2016-10-07
Deleted in yakkety-proposed on 2016-10-08 (Reason: moved to release)
gnupg2 (2.1.15-1ubuntu4) yakkety; urgency=medium

  * Honor http_proxy= environment variables by default, in the newly
    generated dirmngr.conf files. Existing users behing proxies should set
    honor-http-proxy in $GNUPGHOME/dirmngr.conf, see
    /usr/share/gnupg/dirmngr-conf.skel. LP: #1625848

 -- Dimitri John Ledkov <email address hidden>  Wed, 21 Sep 2016 02:23:54 +0100

Available diffs

Superseded in yakkety-release on 2016-09-28
Deleted in yakkety-proposed on 2016-09-29 (Reason: moved to release)
gnupg2 (2.1.15-1ubuntu3) yakkety; urgency=medium

  * No-change rebuild for readline soname change.

 -- Matthias Klose <email address hidden>  Sat, 17 Sep 2016 12:02:46 +0000

Available diffs

Superseded in yakkety-release on 2016-09-18
Deleted in yakkety-proposed on 2016-09-20 (Reason: moved to release)
gnupg2 (2.1.15-1ubuntu2) yakkety; urgency=medium

  * Add breaks for software-properties-common at 0.96.24.3 or lower.

 -- Dimitri John Ledkov <email address hidden>  Thu, 01 Sep 2016 11:34:12 +0100
Superseded in yakkety-proposed on 2016-09-01
gnupg2 (2.1.15-1ubuntu1) yakkety; urgency=medium

  * gnupg is now 2.1. LP: #1615039
  * Merge from Debian unstable, remaining changes:
    - debian/systemd-user/gpg-agent.service:
      - Set the environment variables in ExecStartPre - Post has a race
        condition as other SSH agent providers can start up after ExecStart
        finishes. The ExecStopPost commands are run in the case of failure, to
        unset them.
      - Be Before= gnome-keyring-ssh and ssh-agent - if someone has explicitly
        asked for gpg-agent to be their SSH agent then we want to win.
      - Set $SSH_AGENT_LAUNCHER so that we can avoid executing gpgconf in the
        ExecStopPost.
      - Ignore initctl failures - eventually this will go away.
    - debian/upstart-user/:
      - Add upstart user session jobs
      - Add upstart override for the upstart user session jobs, when user
        systemd is present
    - debian/Xsession.d/90gpg-agent:
      - Don't run if we have a systemd user instance. We want to phase out
        the Xsession.d scripts, and use the systemd/upstart scripts so that
        things also work under Mir.
    - debian/gnupg2.udev:
      - Add udev rules to give gpg access to some smartcard readers;
        Debian #543217.
      - udev rules to set ACLs on SCM smartcard readers.

Superseded in yakkety-release on 2016-09-08
Deleted in yakkety-proposed on 2016-09-09 (Reason: moved to release)
gnupg2 (2.1.11-6ubuntu4) yakkety; urgency=medium

  * debian/user/gpg-agent.service:
    - Set the environment variables in ExecStartPre - Post has a race
      condition as other SSH agent providers can start up after ExecStart
      finishes. The ExecStopPost commands are run in the case of failure, to
      unset them.
    - Be Before= gnome-keyring-ssh and ssh-agent - if someone has explicitly
      asked for gpg-agent to be their SSH agent then we want to win.
    - Set $SSH_AGENT_LAUNCHER so that we can avoid executing gpgconf in the
      ExecStopPost.
    - Ignore initctl failures - eventually this will go away.

 -- Iain Lane <email address hidden>  Thu, 04 Aug 2016 11:16:01 +0100
Superseded in yakkety-release on 2016-08-04
Deleted in yakkety-proposed on 2016-08-05 (Reason: moved to release)
gnupg2 (2.1.11-6ubuntu3) yakkety; urgency=medium

  * debian/user/: Add systemd user unit and upstart override for gpg-agent.
  * debian/gnupg-agent.xsession: Don't run if we have a systemd user instance.
    We want to phase out the Xsession.d scripts, and use the systemd/upstart
    scripts so that things also work under Mir.

 -- Martin Pitt <email address hidden>  Tue, 19 Jul 2016 17:35:01 +0200
Superseded in yakkety-release on 2016-07-19
Published in xenial-release on 2016-04-08
Deleted in xenial-proposed (Reason: moved to release)
gnupg2 (2.1.11-6ubuntu2) xenial; urgency=medium

  * Fix upstart user-session integration with new pinentry:
  - restart gpg-agent, once dbus is started, such that agent has DBUS
    session environemnt set and can connect to the pinentry-gnome3 Closes:
    #790316 Closes: #795368 LP: #1566928
  - use gpgconf to launch/kill gpg-agent and to check settings

 -- Dimitri John Ledkov <email address hidden>  Fri, 08 Apr 2016 08:55:10 +0100
Superseded in xenial-release on 2016-04-08
Deleted in xenial-proposed on 2016-04-09 (Reason: moved to release)
gnupg2 (2.1.11-6ubuntu1) xenial; urgency=medium

  * Adds support for --pinentry= argument for gpgme1.0 (LP: #1564234)
  * Merge with debian, remaining changes:
    - Add udev rules to give gpg access to some smartcard readers;
      Debian #543217.
    - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
    - Add upstart user job for gpg-agent.
  * Dropped no longer applicable changes in merge:
    - Drop sh prefix from openpgp test environment as it leads to exec
      invocations of sh /bin/bash leading to syntax errors from sh.  Fixes
      FTBFS detected in Ubuntu saucy archive rebuild.
    - debian/control: drop dirmngr to Suggests as it is in universe.
    - gcc5-fix.patch: add upstream fix for an optimization issue when
      compiling with gcc 5.

 -- Mario Limonciello <email address hidden>  Wed, 30 Mar 2016 23:20:09 -0500
Superseded in xenial-release on 2016-04-01
Deleted in xenial-proposed on 2016-04-02 (Reason: moved to release)
gnupg2 (2.0.28-3ubuntu2) xenial; urgency=medium

  * debian/gcc5-fix.patch: add upstream fix for an optimization issue when
    compiling with gcc 5. (LP: #1501634)

 -- Marc Deslauriers <email address hidden>  Tue, 09 Feb 2016 16:11:42 -0500
Superseded in xenial-release on 2016-02-15
Obsolete in wily-release on 2018-01-22
Deleted in wily-proposed on 2018-01-22 (Reason: moved to release)
gnupg2 (2.0.28-3ubuntu1) wily; urgency=low

  * Merge from Debian, remaining changes:
    - Drop sh prefix from openpgp test environment as it leads to exec
      invocations of sh /bin/bash leading to syntax errors from sh.  Fixes
      FTBFS detected in Ubuntu saucy archive rebuild.
    - Add udev rules to give gpg access to some smartcard readers;
      Debian #543217.
    - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
    - Add upstart user job for gpg-agent.
    - debian/control: drop dirmngr to Suggests as it is in universe.

Superseded in wily-release on 2015-07-27
Deleted in wily-proposed on 2015-07-28 (Reason: moved to release)
gnupg2 (2.0.26-6ubuntu3) wily; urgency=medium

  * debian/gpg-agent.user-session.upstart: Fix grep line for ssh-agent to not
    fail pre-start if it doesn't match, due to `set -e'.
  * debian/gpg-agent.user-session.upstart,
    debian/no-pinentry-gnome3.user-session.upstart: If we are using
    pinentry-gnome3, make gnupg-agent wait for dbus, since it needs to
    communicate over the bus.

 -- Iain Lane <email address hidden>  Fri, 03 Jul 2015 12:35:55 +0100
Superseded in wily-release on 2015-07-10
Deleted in wily-proposed on 2015-07-12 (Reason: moved to release)
gnupg2 (2.0.26-6ubuntu2) wily; urgency=medium

  [ Mark Adams ]
  * Updated debian/gpg-agent.user-session.upstart so that global environment
    variables SSH_AUTH_SOCK and SSH_AGENT_PID are set if gpg-agent is running
    with SSH support. LP: #1407513

  [ Iain Lane ]
  * Fix whitespace in user session job.

 -- Mark Adams <email address hidden>  Tue, 05 May 2015 13:09:36 +0100

Available diffs

Published in precise-updates on 2015-04-01
Published in precise-security on 2015-04-01
gnupg2 (2.0.17-2ubuntu2.12.04.6) precise-security; urgency=medium

  * Screen responses from keyservers (LP: #1409117)
    - d/p/0001-Screen-keyserver-responses.patch
    - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch
    - d/p/0003-Add-kbnode_t-for-easier-backporting.patch
    - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
  * Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
    - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch
    - debian/rules: build with --enable-large-secmem
  * SECURITY UPDATE: invalid memory read via invalid keyring
    - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in
      a keyring in g10/keyring.c.
    - CVE-2015-1606
  * SECURITY UPDATE: memcpy with overlapping ranges
    - debian/patches/CVE-2015-1607.patch: use inline functions to convert
      buffer data to scalars in common/iobuf.c, g10/build-packet.c,
      g10/getkey.c, g10/keygen.c, g10/keyid.c, g10/main.h, g10/misc.c,
      g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h,
      kbx/keybox-dump.c, kbx/keybox-openpgp.c, kbx/keybox-search.c,
      kbx/keybox-update.c, scd/apdu.c, scd/app-openpgp.c,
      scd/ccid-driver.c, scd/pcsc-wrapper.c, tools/ccidmon.c.
    - CVE-2015-1607
 -- Marc Deslauriers <email address hidden>   Fri, 27 Mar 2015 08:20:03 -0400
Superseded in trusty-updates on 2018-06-14
Superseded in trusty-security on 2018-06-14
gnupg2 (2.0.22-3ubuntu1.3) trusty-security; urgency=medium

  * Screen responses from keyservers (LP: #1409117)
    - d/p/0001-Screen-keyserver-responses.patch
    - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch
    - d/p/0003-Add-kbnode_t-for-easier-backporting.patch
    - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
  * Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
    - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch
    - debian/rules: build with --enable-large-secmem
  * SECURITY UPDATE: invalid memory read via invalid keyring
    - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in
      a keyring in g10/keyring.c.
    - CVE-2015-1606
  * SECURITY UPDATE: memcpy with overlapping ranges
    - debian/patches/CVE-2015-1607.patch: use inline functions to convert
      buffer data to scalars in common/iobuf.c, g10/build-packet.c,
      g10/getkey.c, g10/keyid.c, g10/main.h, g10/misc.c,
      g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h,
      kbx/keybox-dump.c, kbx/keybox-openpgp.c, kbx/keybox-search.c,
      kbx/keybox-update.c, scd/apdu.c, scd/app-openpgp.c,
      scd/ccid-driver.c, scd/pcsc-wrapper.c, tools/ccidmon.c.
    - CVE-2015-1607
 -- Marc Deslauriers <email address hidden>   Fri, 27 Mar 2015 08:18:55 -0400
Obsolete in utopic-updates on 2016-11-03
Obsolete in utopic-security on 2016-11-03
gnupg2 (2.0.24-1ubuntu2.2) utopic-security; urgency=medium

  * Fix screening responses from keyservers (LP: #1421640)
    - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch
    - d/p/0003-Add-kbnode_t-for-easier-backporting.patch
    - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
  * Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
    - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch
    - debian/rules: build with --enable-large-secmem
  * SECURITY UPDATE: invalid memory read via invalid keyring
    - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in
      a keyring in g10/keyring.c.
    - CVE-2015-1606
  * SECURITY UPDATE: memcpy with overlapping ranges
    - debian/patches/CVE-2015-1607.patch: use inline functions to convert
      buffer data to scalars in common/iobuf.c, g10/build-packet.c,
      g10/getkey.c, g10/keyid.c, g10/main.h, g10/misc.c,
      g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h,
      kbx/keybox-dump.c, kbx/keybox-openpgp.c, kbx/keybox-search.c,
      kbx/keybox-update.c, scd/apdu.c, scd/app-openpgp.c,
      scd/ccid-driver.c, scd/pcsc-wrapper.c, tools/ccidmon.c.
    - CVE-2015-1607
 -- Marc Deslauriers <email address hidden>   Fri, 27 Mar 2015 08:16:53 -0400
Superseded in wily-release on 2015-05-05
Obsolete in vivid-release on 2018-01-18
Deleted in vivid-proposed on 2018-01-19 (Reason: moved to release)
gnupg2 (2.0.26-6ubuntu1) vivid; urgency=medium

  * Merge from Debian, remaining changes:
    - Drop sh prefix from openpgp test environment as it leads to exec
      invocations of sh /bin/bash leading to syntax errors from sh.  Fixes
      FTBFS detected in Ubuntu saucy archive rebuild.
    - Add udev rules to give gpg access to some smartcard readers;
      Debian #543217.
    - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
    - Add upstart user job for gpg-agent.
    - debian/control: drop dirmngr to Suggests as it is in universe.

Available diffs

Superseded in vivid-release on 2015-03-11
Deleted in vivid-proposed on 2015-03-12 (Reason: moved to release)
gnupg2 (2.0.26-3ubuntu1) vivid; urgency=medium

  * Merge from Debian, remaining changes:
    - Drop sh prefix from openpgp test environment as it leads to exec
      invocations of sh /bin/bash leading to syntax errors from sh.  Fixes
      FTBFS detected in Ubuntu saucy archive rebuild.
    - Add udev rules to give gpg access to some smartcard readers;
      Debian #543217.
    - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
    - Add upstart user job for gpg-agent.
    - debian/control: drop dirmngr to Suggests as it is in universe.

Available diffs

Superseded in vivid-release on 2014-10-30
Obsolete in utopic-release on 2016-11-03
Deleted in utopic-proposed on 2016-11-03 (Reason: moved to release)
gnupg2 (2.0.24-1ubuntu2) utopic; urgency=medium

  * debian/control: drop dirmngr to Suggests as it is in universe.
 -- Marc Deslauriers <email address hidden>   Tue, 29 Jul 2014 11:55:05 -0400

Available diffs

Superseded in utopic-release on 2014-07-29
Deleted in utopic-proposed on 2014-07-30 (Reason: moved to release)
gnupg2 (2.0.24-1ubuntu1) utopic; urgency=medium

  * Merge from Debian, remaining changes:
    - Drop sh prefix from openpgp test environment as it leads to exec
      invocations of sh /bin/bash leading to syntax errors from sh.  Fixes
      FTBFS detected in Ubuntu saucy archive rebuild.
    - Add udev rules to give gpg access to some smartcard readers;
      Debian #543217.
    - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
    - Add upstart user job for gpg-agent.

Available diffs

Superseded in trusty-updates on 2015-04-01
Superseded in trusty-security on 2015-04-01
gnupg2 (2.0.22-3ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via uncompressing garbled packets
    - debian/patches/CVE-2014-4617.patch: limit number of extra bytes in
      g10/compress.c.
    - CVE-2014-4617
 -- Marc Deslauriers <email address hidden>   Thu, 26 Jun 2014 09:18:35 -0400
Obsolete in saucy-updates on 2015-04-24
Obsolete in saucy-security on 2015-04-24
gnupg2 (2.0.20-1ubuntu3.1) saucy-security; urgency=medium

  * SECURITY UPDATE: denial of service via uncompressing garbled packets
    - debian/patches/CVE-2014-4617.patch: limit number of extra bytes in
      g10/compress.c.
    - CVE-2014-4617
 -- Marc Deslauriers <email address hidden>   Thu, 26 Jun 2014 09:20:05 -0400
Superseded in precise-updates on 2015-04-01
Superseded in precise-security on 2015-04-01
gnupg2 (2.0.17-2ubuntu2.12.04.4) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via uncompressing garbled packets
    - debian/patches/CVE-2014-4617.patch: limit number of extra bytes in
      g10/compress.c.
    - CVE-2014-4617
 -- Marc Deslauriers <email address hidden>   Thu, 26 Jun 2014 09:20:38 -0400
Obsolete in lucid-updates on 2016-10-26
Obsolete in lucid-security on 2016-10-26
gnupg2 (2.0.14-1ubuntu1.7) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service via uncompressing garbled packets
    - debian/patches/CVE-2014-4617.patch: limit number of extra bytes in
      g10/compress.c.
    - CVE-2014-4617
 -- Marc Deslauriers <email address hidden>   Thu, 26 Jun 2014 09:21:08 -0400
Superseded in utopic-release on 2014-06-26
Deleted in utopic-proposed on 2014-06-28 (Reason: moved to release)
gnupg2 (2.0.22-3ubuntu2) utopic; urgency=medium

  * Don't start gpg-agent upstart user job, if there is one available
    already.
 -- Dimitri John Ledkov <email address hidden>   Mon, 28 Apr 2014 16:42:05 +0100

Available diffs

Superseded in utopic-release on 2014-04-28
Published in trusty-release on 2014-02-19
Deleted in trusty-proposed (Reason: moved to release)
gnupg2 (2.0.22-3ubuntu1) trusty; urgency=medium

  * Merge from Debian, remaining changes:
    - Drop sh prefix from openpgp test environment as it leads to exec
    invocations of sh /bin/bash leading to syntax errors from sh.  Fixes
    FTBFS detected in Ubuntu saucy archive rebuild.
    - Add udev rules to give gpg access to some smartcard readers;
      Debian #543217.
    - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
    - Add upstart user job for gpg-agent.

Superseded in trusty-release on 2014-02-19
Deleted in trusty-proposed on 2014-02-20 (Reason: moved to release)
gnupg2 (2.0.22-1ubuntu1) trusty; urgency=low

  * Merge from Debian, remaining changes:
    - Drop sh prefix from openpgp test environment as it leads to exec
    invocations of sh /bin/bash leading to syntax errors from sh.  Fixes
    FTBFS detected in Ubuntu saucy archive rebuild.
    - Add udev rules to give gpg access to some smartcard readers;
      Debian #543217.
    - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
    - Add upstart user job for gpg-agent.

Available diffs

Superseded in trusty-release on 2013-11-03
Obsolete in saucy-release on 2015-04-24
Deleted in saucy-proposed on 2015-04-28 (Reason: moved to release)
gnupg2 (2.0.20-1ubuntu3) saucy; urgency=low

  * SECURITY UPDATE: incorrect no-usage-permitted flag handling
    - debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
      in g10/getkey.c, g10/keygen.c, include/cipher.h.
    - CVE-2013-4351
  * SECURITY UPDATE: denial of service via infinite recursion
    - debian/patches/CVE-2013-4402.patch: set limits on number of filters
      and nested packets in common/iobuf.c, g10/mainproc.c.
    - CVE-2013-4402
 -- Marc Deslauriers <email address hidden>   Mon, 07 Oct 2013 15:38:03 -0400
Obsolete in quantal-updates on 2015-04-24
Obsolete in quantal-security on 2015-04-24
gnupg2 (2.0.17-2ubuntu3.2) quantal-security; urgency=low

  * SECURITY UPDATE: incorrect no-usage-permitted flag handling
    - debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
      in g10/getkey.c, g10/keygen.c, include/cipher.h.
    - CVE-2013-4351
  * SECURITY UPDATE: denial of service via infinite recursion
    - debian/patches/CVE-2013-4402.patch: set limits on number of filters
      and nested packets in common/iobuf.c, g10/mainproc.c.
    - CVE-2013-4402
 -- Marc Deslauriers <email address hidden>   Mon, 07 Oct 2013 15:50:38 -0400
Superseded in lucid-updates on 2014-06-26
Superseded in lucid-security on 2014-06-26
gnupg2 (2.0.14-1ubuntu1.6) lucid-security; urgency=low

  * SECURITY UPDATE: incorrect no-usage-permitted flag handling
    - debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
      in g10/getkey.c, g10/keygen.c, include/cipher.h.
    - CVE-2013-4351
  * SECURITY UPDATE: denial of service via infinite recursion
    - debian/patches/CVE-2013-4402.patch: set limits on number of filters
      and nested packets in common/iobuf.c, g10/mainproc.c.
    - CVE-2013-4402
 -- Marc Deslauriers <email address hidden>   Mon, 07 Oct 2013 15:52:58 -0400
Superseded in precise-updates on 2014-06-26
Superseded in precise-security on 2014-06-26
gnupg2 (2.0.17-2ubuntu2.12.04.3) precise-security; urgency=low

  * SECURITY UPDATE: incorrect no-usage-permitted flag handling
    - debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
      in g10/getkey.c, g10/keygen.c, include/cipher.h.
    - CVE-2013-4351
  * SECURITY UPDATE: denial of service via infinite recursion
    - debian/patches/CVE-2013-4402.patch: set limits on number of filters
      and nested packets in common/iobuf.c, g10/mainproc.c.
    - CVE-2013-4402
 -- Marc Deslauriers <email address hidden>   Mon, 07 Oct 2013 15:51:48 -0400
Obsolete in raring-updates on 2015-04-24
Obsolete in raring-security on 2015-04-24
gnupg2 (2.0.19-2ubuntu1.1) raring-security; urgency=low

  * SECURITY UPDATE: incorrect no-usage-permitted flag handling
    - debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
      in g10/getkey.c, g10/keygen.c, include/cipher.h.
    - CVE-2013-4351
  * SECURITY UPDATE: denial of service via infinite recursion
    - debian/patches/CVE-2013-4402.patch: set limits on number of filters
      and nested packets in common/iobuf.c, g10/mainproc.c.
    - CVE-2013-4402
 -- Marc Deslauriers <email address hidden>   Mon, 07 Oct 2013 15:44:52 -0400
Superseded in saucy-release on 2013-10-08
Deleted in saucy-proposed on 2013-10-09 (Reason: moved to release)
gnupg2 (2.0.20-1ubuntu2) saucy; urgency=low

  * Drop sh prefix from openpgp test environment as it leads to exec
    invocations of sh /bin/bash leading to syntax errors from sh.
    Fixes FTBFS detected in Ubuntu saucy archive rebuild.
 -- Andy Whitcroft <email address hidden>   Fri, 20 Sep 2013 12:19:01 +0100

Available diffs

Superseded in saucy-release on 2013-09-20
Deleted in saucy-proposed on 2013-09-21 (Reason: moved to release)
gnupg2 (2.0.20-1ubuntu1) saucy; urgency=low

  * Resynchronize on Debian, remaining changes:
    - Add udev rules to give gpg access to some smartcard readers;
      Debian #543217.
      . debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
    - Add upstart user job for gpg-agent.

Available diffs

Superseded in saucy-release on 2013-05-24
Deleted in saucy-proposed on 2013-05-26 (Reason: moved to release)
gnupg2 (2.0.19-2ubuntu2) saucy; urgency=low

  * Add upstart user job for gpg-agent.
 -- Stephane Graber <email address hidden>   Fri, 03 May 2013 09:13:11 -0700

Available diffs

Superseded in saucy-release on 2013-05-03
Obsolete in raring-release on 2015-04-24
Deleted in raring-proposed on 2015-04-27 (Reason: moved to release)
gnupg2 (2.0.19-2ubuntu1) raring; urgency=low

  * Resynchronize on Debian, remaining changes:
    - Add udev rules to give gpg access to some smartcard readers;
      Debian #543217.
      . debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.

Obsolete in oneiric-updates on 2015-04-24
Obsolete in oneiric-security on 2015-04-24
gnupg2 (2.0.17-2ubuntu2.11.10.2) oneiric-security; urgency=low

  * SECURITY UPDATE: keyring corruption via malformed key import
    - debian/patches/CVE-2012-6085.patch: validate PKTTYPE in g10/import.c.
    - CVE-2012-6085
 -- Marc Deslauriers <email address hidden>   Tue, 08 Jan 2013 15:37:01 -0500
Superseded in quantal-updates on 2013-10-09
Superseded in quantal-security on 2013-10-09
gnupg2 (2.0.17-2ubuntu3.1) quantal-security; urgency=low

  * SECURITY UPDATE: keyring corruption via malformed key import
    - debian/patches/CVE-2012-6085.patch: validate PKTTYPE in g10/import.c.
    - CVE-2012-6085
 -- Marc Deslauriers <email address hidden>   Tue, 08 Jan 2013 15:34:57 -0500
Superseded in lucid-updates on 2013-10-09
Superseded in lucid-security on 2013-10-09
gnupg2 (2.0.14-1ubuntu1.5) lucid-security; urgency=low

  * SECURITY UPDATE: keyring corruption via malformed key import
    - debian/patches/CVE-2012-6085.patch: validate PKTTYPE in g10/import.c.
    - CVE-2012-6085
 -- Marc Deslauriers <email address hidden>   Tue, 08 Jan 2013 15:37:50 -0500
Superseded in precise-updates on 2013-10-09
Superseded in precise-security on 2013-10-09
gnupg2 (2.0.17-2ubuntu2.12.04.2) precise-security; urgency=low

  * SECURITY UPDATE: keyring corruption via malformed key import
    - debian/patches/CVE-2012-6085.patch: validate PKTTYPE in g10/import.c.
    - CVE-2012-6085
 -- Marc Deslauriers <email address hidden>   Tue, 08 Jan 2013 15:36:17 -0500
Superseded in raring-release on 2013-01-10
Deleted in raring-proposed on 2013-01-11 (Reason: moved to release)
gnupg2 (2.0.19-1ubuntu1) raring; urgency=low

  * Resynchronize on Debian, remaining changes:
    - Add udev rules to give gpg access to some smartcard readers;
      Debian #543217.
      . debian/gnupg2.dev: udev rules to set ACLs on SCM smartcard readers.

Obsolete in natty-updates on 2013-06-04
Obsolete in natty-security on 2013-06-04
Deleted in natty-proposed on 2013-06-04 (Reason: moved to -updates)
gnupg2 (2.0.14-2ubuntu1.2) natty-security; urgency=low

  * debian/patches/long-keyids.diff: Use the longest key ID available
    when requesting a key from a key server.
 -- Marc Deslauriers <email address hidden>   Tue, 14 Aug 2012 13:31:24 -0400
Superseded in lucid-security on 2013-01-09
Superseded in lucid-updates on 2013-01-09
Deleted in lucid-proposed on 2013-01-11 (Reason: moved to -updates)
gnupg2 (2.0.14-1ubuntu1.4) lucid-security; urgency=low

  * debian/patches/long-keyids.diff: Use the longest key ID available
    when requesting a key from a key server.
 -- Marc Deslauriers <email address hidden>   Tue, 14 Aug 2012 13:34:54 -0400
Superseded in precise-security on 2013-01-09
Superseded in precise-updates on 2013-01-09
Deleted in precise-proposed on 2013-01-11 (Reason: moved to -updates)
gnupg2 (2.0.17-2ubuntu2.12.04.1) precise-security; urgency=low

  * debian/patches/long-keyids.diff: Use the longest key ID available
    when requesting a key from a key server.
 -- Marc Deslauriers <email address hidden>   Tue, 14 Aug 2012 13:12:12 -0400
Superseded in oneiric-security on 2013-01-09
Superseded in oneiric-updates on 2013-01-09
Deleted in oneiric-proposed on 2013-01-11 (Reason: moved to -updates)
gnupg2 (2.0.17-2ubuntu2.11.10.1) oneiric-security; urgency=low

  * debian/patches/long-keyids.diff: Use the longest key ID available
    when requesting a key from a key server.
 -- Marc Deslauriers <email address hidden>   Tue, 14 Aug 2012 13:26:31 -0400
Obsolete in hardy-security on 2015-04-24
Obsolete in hardy-updates on 2015-04-24
Deleted in hardy-proposed on 2015-04-30 (Reason: moved to -updates)
gnupg2 (2.0.7-1ubuntu0.2) hardy-security; urgency=low

  * keyserver/gpgkeys_hkp.c: Use the longest key ID available when
    requesting a key from a key server.
    - http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=3005b0a6f43e53bed2f9b6fba7ad1205bdb29bc5
 -- Marc Deslauriers <email address hidden>   Tue, 14 Aug 2012 14:32:25 -0400
Superseded in raring-release on 2012-11-06
Obsolete in quantal-release on 2015-04-24
Deleted in quantal-proposed on 2015-05-01 (Reason: moved to release)
gnupg2 (2.0.17-2ubuntu3) quantal-proposed; urgency=low

  * debian/patches/long-keyids.diff: Use the longest key ID available
    when requesting a key from a key server.
  * debian/rules: don't generate config.guess, config.sub and version in
    clean target to prevent build cruft patches.
  * debian/patches/debian-changes-2.0.17-2,
    debian/patches/debian-changes-2.0.17-2ubuntu1: removed, build cruft.
 -- Marc Deslauriers <email address hidden>   Tue, 24 Jul 2012 10:40:49 -0400
Superseded in quantal-release on 2012-07-27
Published in precise-release on 2011-10-13
Obsolete in oneiric-release on 2015-04-24
gnupg2 (2.0.17-2ubuntu2) oneiric; urgency=low

  * debian/patches/gnupg2-fix-libgcrypt.diff: Fix assertion failure with
    libgcrypt 1.5.0.  (LP: #815190)
 -- Anders Kaseorg <email address hidden>   Sat, 23 Jul 2011 15:50:51 -0400
Superseded in oneiric-release on 2011-08-24
gnupg2 (2.0.17-2ubuntu1) oneiric; urgency=low

  * Merge from debian unstable. Remaining changes:
    - Add udev rules to give gpg access to some smartcard readers;
      Debian #543217.
      . debian/gnupg2.dev: udev rules to set ACLs on SCM smartcard readers.
      . debian/rules: Call dh_installudev.
    - debian/control: Rename Vcs-* to XS-Debian-Vcs-*.

Superseded in oneiric-release on 2011-05-25
Obsolete in natty-release on 2013-06-04
gnupg2 (2.0.14-2ubuntu1) natty; urgency=low

  * Merge from debian unstable.  Remaining changes:
    - Add udev rules to give gpg access to some smartcard readers;
      Debian #543217.
      . debian/gnupg2.dev: udev rules to set ACLs on SCM smartcard readers.
      . debian/rules: Call dh_installudev.
    - debian/control: Rename Vcs-* to XS-Debian-Vcs-*.
  * debian/patches/CVE-2010-2547.patch: dropped, now in
    03-gpgsm-realloc.diff.

Superseded in natty-release on 2010-11-16
Obsolete in maverick-release on 2013-03-05
gnupg2 (2.0.14-1.1ubuntu2) maverick; urgency=low

  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via certificate with large number of Subject Alternate Names
    - debian/patches/CVE-2010-2547.patch: fix use-after-free in
      kbx/keybox-blob.c.
    - CVE-2010-2547
 -- Marc Deslauriers <email address hidden>   Wed, 11 Aug 2010 13:56:02 -0400
Superseded in hardy-updates on 2012-09-17
Superseded in hardy-security on 2012-09-17
gnupg2 (2.0.7-1ubuntu0.1) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via certificate with large number of Subject Alternate Names
    - kbx/keybox-blob.c: fix use-after-free.
    - http://cvs.gnupg.org/cgi-bin/viewcvs.cgi?view=rev&revision=5371
    - CVE-2010-2547
 -- Marc Deslauriers <email address hidden>   Tue, 10 Aug 2010 09:49:32 -0400
Obsolete in jaunty-updates on 2013-02-28
Obsolete in jaunty-security on 2013-02-28
gnupg2 (2.0.9-3.1ubuntu0.1) jaunty-security; urgency=low

  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via certificate with large number of Subject Alternate Names
    - kbx/keybox-blob.c: fix use-after-free.
    - http://cvs.gnupg.org/cgi-bin/viewcvs.cgi?view=rev&revision=5371
    - CVE-2010-2547
 -- Marc Deslauriers <email address hidden>   Tue, 10 Aug 2010 09:32:22 -0400
Obsolete in karmic-updates on 2013-03-04
Obsolete in karmic-security on 2013-03-04
gnupg2 (2.0.12-0ubuntu2.1) karmic-security; urgency=low

  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via certificate with large number of Subject Alternate Names
    - debian/patches/CVE-2010-2547.patch: fix use-after-free in
      kbx/keybox-blob.c.
    - CVE-2010-2547
 -- Marc Deslauriers <email address hidden>   Tue, 10 Aug 2010 09:30:23 -0400
Superseded in lucid-updates on 2012-09-17
Superseded in lucid-security on 2012-09-17
gnupg2 (2.0.14-1ubuntu1.2) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via certificate with large number of Subject Alternate Names
    - debian/patches/CVE-2010-2547.patch: fix use-after-free in
      kbx/keybox-blob.c.
    - CVE-2010-2547
 -- Marc Deslauriers <email address hidden>   Mon, 09 Aug 2010 15:31:52 -0400
Superseded in lucid-updates on 2010-08-11
Deleted in lucid-proposed on 2010-08-12 (Reason: moved to -updates)
gnupg2 (2.0.14-1ubuntu1.1) lucid-proposed; urgency=low

  * Fix a regression in gnupg2 2.0.14 which prevents unprotection of new or
    changed gpg-agent passphrases. Patch provided by Werner Koch (upstream)
    (lp: #567106).
 -- Michael Bienia <email address hidden>   Sat, 19 Jun 2010 11:01:30 +0200
Superseded in maverick-release on 2010-08-11
gnupg2 (2.0.14-1.1ubuntu1) maverick; urgency=low

  * Merge with Debian; remaining changes:
    - Add udev rules to give gpg access to some smartcard readers;
      Debian #543217.
      . debian/gnupg2.dev: udev rules to set ACLs on SCM smartcard readers.
      . debian/rules: Call dh_installudev.
 -- Loic Minier <email address hidden>   Tue, 15 Jun 2010 13:21:29 +0200
Superseded in maverick-release on 2010-06-17
gnupg2 (2.0.14-1ubuntu2) maverick; urgency=low

  * Drop Ubuntu patch from series, refresh debian/patches/debian-changes after
    updating config.guess and config.sub with the Ubuntu version; fixes FTBFS
    in Ubuntu.
  * Rename Vcs-* to XS-Debian-Vcs-*.
 -- Loic Minier <email address hidden>   Sun, 06 Jun 2010 15:11:15 +0200
Superseded in maverick-release on 2010-06-06
Obsolete in lucid-release on 2016-10-26
gnupg2 (2.0.14-1ubuntu1) lucid; urgency=low

  * Merge with Debian testing (lp: #511356). Remaining changes:
    - debian/gnupg2.dev: udev rules to set ACLs on SCM smartcard readers.
    - debian/rules: Call dh_installudev.

Available diffs

Superseded in lucid-release on 2010-02-03
gnupg2 (2.0.13-1ubuntu1) lucid; urgency=low

  * Merge with Debian testing (lp: #477491). Remaining changes:
    - Build-depend on libreadline-dev instead of libreadline5-dev.
    - debian/gnupg2.dev: udev rules to set ACLs on SCM smartcard readers.
    - debian/rules: Call dh_installudev.

Superseded in lucid-release on 2009-11-09
Obsolete in karmic-release on 2013-03-04
gnupg2 (2.0.12-0ubuntu2) karmic; urgency=low

  * Build-depend on libreadline-dev instead of libreadline5-dev.

 -- Matthias Klose <email address hidden>   Sat, 19 Sep 2009 22:56:12 +0200

Available diffs

Superseded in karmic-release on 2009-09-19
gnupg2 (2.0.12-0ubuntu1) karmic; urgency=low

  * New upstream release.
  * Add 01-scd-pw2.patch, 03-opgp-writekey.patch, and 06-opgp-sign3072.patch
    from https://bugs.g10code.com/gnupg/issue1094 to make OpenPGP 2.0
    smartcards work.

 -- Soren Hansen <email address hidden>   Tue, 04 Aug 2009 12:27:49 +0100

Available diffs

Superseded in karmic-release on 2009-08-04
gnupg2 (2.0.11-1ubuntu1) karmic; urgency=low

  * debian/gnupg2.udev:
    Add udev rules to set ACLs on SCM smartcard readers. They replace the hal
    rules for the same purpose. (LP: #57755)
  * debian/rules:
    Call dh_installudev.

 -- Michael Bienia <email address hidden>   Fri, 03 Jul 2009 15:35:47 +0200

Available diffs

Superseded in karmic-release on 2009-07-13
gnupg2 (2.0.11-1) unstable; urgency=low

  * New upstream release. (Closes: #496663)
  * debian/control: Make the description a little more distinctive than
    gnupg v1's. Thanks Jari Aalto. (Closes: #496323)

 -- Ubuntu Archive Auto-Sync <email address hidden>   Wed,  29 Apr 2009 00:12:48 +0100

Available diffs

Superseded in karmic-release on 2009-04-29
Obsolete in jaunty-release on 2013-02-28
Obsolete in intrepid-release on 2013-02-20
gnupg2 (2.0.9-3.1) unstable; urgency=low

  * Non-maintainer upload.
  * agent/gpg-agent.c: Deinit the threading library before exec'ing
    the command to run in --daemon mode. And because that still doesn't
    restore the sigprocmask, do that manually. Closes: #499569

Available diffs

175 of 97 results