Change logs for gnupg2 source package in Cosmic

gnupg2 (2.2.8-3ubuntu1.1) cosmic-security; urgency=medium

  * SECURITY UPDATE: CSRF in dirmngr
    - debian/patches/CVE-2018-1000858.patch: don't follow a redirect in
      dirmngr/Makefile.am, dirmngr/http.c, dirmngr/http.h,
      dirmngr/ks-engine-hkp.c, dirmngr/ks-engine-http.c,
      dirmngr/t-http-basic.c, dirmngr/t-http.c.
    - CVE-2018-1000858

 -- Marc Deslauriers <email address hidden>  Thu, 10 Jan 2019 08:01:09 -0500

gnupg2 (2.2.8-3ubuntu1) cosmic; urgency=medium

  * Sync with Debian. Remaining changes:
    - Honor http_proxy= environment variables by default in the systemd
      user session dirmngr service. LP: #1625848
      (debian/patches/dirmngr-honor-http-proxy.patch)
    - Export GPG_AGENT_INFO in the systemd-environment-generator too.

gnupg2 (2.2.8-3) unstable; urgency=medium

  * Ensure arch: all gnupg package supports binMNUs

gnupg2 (2.2.8-2) unstable; urgency=medium

  [ Daniel Kahn Gillmor ]
  * import bugfixes and improvements from upstream/STABLE-BRANCH-2-2
  * ensure that revocation certificates show up in --show-keys output
    (see 7c79bf7f71aa594102cb684b0abd8331bdac4608)
  * try passing not explicit paths to wine for the gpgv-win32 test
  * d/copyright: clarify debian/* licensing
  * convert gnupg metapackage to Architecture: all

  [ Giovanni Mascellani ]
  * avoid parallel tests on riscv64 (Closes: #901646)

 -- Jeremy Bicha <email address hidden>  Mon, 03 Sep 2018 20:43:20 -0400

gnupg2 (2.2.8-1ubuntu1) cosmic; urgency=low

  * Merge from Debian unstable to fix CVE-2018-12020.  Remaining changes:
    - Honor http_proxy= environment variables by default in the systemd
      user session dirmngr service. LP: #1625848
      (debian/patches/dirmngr-honor-http-proxy.patch)
    - Export GPG_AGENT_INFO in the systemd-environment-generator too.
  * dropped due to applied in debian:
    - debian/gnupg2.udev:
      - udev rules to set ACLs on SCM smartcard readers.
      - Add udev rules to give gpg access to some smartcard readers;
        Debian #543217. (applied in scdaemon in 2.1.11-7+exp1)
  * dropped (no longer needed):
    - Add breaks for software-properties-common at 0.96.24.3 or lower.

gnupg2 (2.2.8-1) unstable; urgency=medium

  * New upstream release
  * refresh patches

gnupg2 (2.2.7-1) unstable; urgency=medium

  * new upstream release
  * update/refresh patches, improve patch description
  * bump standards-version to 4.1.4 (no changes needed)

gnupg2 (2.2.5-1) unstable; urgency=medium

  * New upstream release
  * d/gbp.conf: use DEP-14 branch naming
  * d/control: declare Rules-Requires-Root: no
  * drop patches already applied upstream
  * refresh patches

gnupg2 (2.2.4-3) unstable; urgency=medium

  * version build-deps on mingw library toolchain  (Closes: #889921)
  * drop misbehaving upstream scd patch (Closes: #889751)

gnupg2 (2.2.4-2) unstable; urgency=medium

  [ Daniel Kahn Gillmor ]
  * move to debhelper 11
  * d/control: move Vcs to salsa
  * import more bugfixes and hardware from upstream

  [ Helge Deller ]
  * Fix FTBFS on hppa (Closes: #887843)

 -- Steve Beattie <email address hidden>  Wed, 13 Jun 2018 11:44:59 -0700

gnupg2 (2.2.4-1ubuntu1) bionic; urgency=medium

  * Merge from Debian unstable, remaining changes:
    - debian/gnupg2.udev:
      - Add udev rules to give gpg access to some smartcard readers;
        Debian #543217.
      - udev rules to set ACLs on SCM smartcard readers.
    - Add breaks for software-properties-common at 0.96.24.3 or lower.
    - Honor http_proxy= environment variables by default in the systemd
      user session dirmngr service. LP: #1625848
    - Export GPG_AGENT_INFO in the systemd-environment-generator too.

  * Dropped changes:
    - Removed user session upstart support.
    - Removed gpg-agent.service changes, use Debian's environment generator instead.
    - Patch to set GNUPGHOME for tests, fixed in debian/upstream.

gnupg2 (2.2.4-1) unstable; urgency=medium

  * New upstream release
  * do not use uupdate (we use gbp-import-orig)
  * dirmngr: cannot avoid idling in current arrangement
  * adjusting fixes to gpgsm defaults
  * prefer SHA-512 specifically on personal-digest-preferences.
  * refresh patches
  * Standards-Version: bump to 4.1.3 (no changes needed)
  * drop unnecessary lintian override
  * reflect actual requirement for libassuan
  * import bugfixes from upstream

gnupg2 (2.2.3-1) unstable; urgency=medium

  * New upstream release
  * refreshed patches

gnupg2 (2.2.2-1) unstable; urgency=medium

  * new upstream release.
  * avoid testsuite delays from excess socket waiting
  * clean up trailing whitespace in debian/{rules,changelog}
  * drop patches already upstream
  * refresh remaining patches

gnupg2 (2.2.1-5) unstable; urgency=medium

  * block ptrace on scdaemon as well as gpg-agent (Closes: #878952)

gnupg2 (2.2.1-4) unstable; urgency=medium

  * restore lintian override, because ftp-master isn't yet running lintian
    2.5.55 (see #877999 for more details)

gnupg2 (2.2.1-3) unstable; urgency=medium

  * bugfix for multiple keyrings (Closes: #878812)
  * drop an unnecessary lintian override

gnupg2 (2.2.1-2) unstable; urgency=medium

  * adopt bugfixes and documentation improvements from upstream
  * reorganize debian/patches for simpler maintenance
  * move gnupg-l10n to Section: localization
  * Standards-Version: bump to 4.1.1 (no changes needed)

gnupg2 (2.2.1-1) unstable; urgency=medium

  * New upstream release
  * drop patches already applied upstream

gnupg2 (2.2.0-3) unstable; urgency=medium

  * avoid FTBFS when TZ=UTC-12 (Closes: #874617)

gnupg2 (2.2.0-2) unstable; urgency=medium

  * dirmngr and gpgv-static are Multi-arch: foreign (Closes: #874111)
  * update to stronger cryptographic defaults.
  * use upstream gpg-agent-browser.socket systemd user service
  * publish SSH_AUTH_SOCK for wayland users (Closes: #855868)

gnupg2 (2.2.0-1) unstable; urgency=medium

  * New upstream release.
  * drop patches already upstream
  * scdaemon: bugfix from upstream for large ECC keys
  * Standards-Version: bump to 4.1.0 (no changes needed)

gnupg2 (2.1.23-2) unstable; urgency=medium

  * add openssh-client to build-deps for testing

gnupg2 (2.1.23-1) unstable; urgency=medium

  * New upstream release
  * move to unstable
  * refresh patches
  * keep default --no-auto-key-retrieve
  * Standards-Version: 4.0.1 (Priority: extra -> optional)
  * run tests in parallel

gnupg2 (2.1.22-1) experimental; urgency=medium

  * New upstream release
  * refreshed patches
  * pulled a few bugfix patches from upstream
  * simplify systemd user units

gnupg2 (2.1.21-4) experimental; urgency=medium

  * package reorganization:
   - new package 'gpg' is just for public key operations
   - 'gnupg' package is the full suite
   - 'gnupg-agent' package is renamed to 'gpg-agent'
   - 'gpgconf' is a base package, other packages depend on it
   - 'gnupg-utils' are a grab-bag of helper tools that may be useful
  * scdaemon: add AppStream metainfo about supported smartcards

gnupg2 (2.1.21-3) experimental; urgency=medium

  * include upstream bugfixes and improvements (Closes: #863221)
  * build gpgcompose, ship new gpgcompose binary package
  * upgrade to debhelper 10
  * upgrade to Standards-Version 4.0.0 (no changes needed)

gnupg2 (2.1.21-2) experimental; urgency=medium

  [ Stefan Bühler ]
  * Create WKS server and client packages

  [ Daniel Kahn Gillmor ]
  * minor packaging cleanups
  * more upstream bugfix and cleanup patches
  * rename WKS packages to match the tool names

gnupg2 (2.1.21-1) experimental; urgency=medium

  * new upstream release
  * drop patches alread yupstream, refresh patches
  * import post-release bugfixes from upstream

gnupg2 (2.1.20-4) experimental; urgency=medium

  * avoid shipping or trying to use .skel files
  * more bugfixes from upstream
  * skip missing signing keys (Closes: #834922)
  * prefer available smartcard

gnupg2 (2.1.20-3) experimental; urgency=medium

  * more upstream bugfixes (Closes: #858400)

gnupg2 (2.1.20-2) experimental; urgency=medium

  * more bugfix patches from upstream

gnupg2 (2.1.20-1) experimental; urgency=medium

  * new upstream release
  * drop patches already upstream, refresh patches
  * import post-release bugfixes from upstream

gnupg2 (2.1.19-3) experimental; urgency=medium

  * more patches from usptream
    - test suite should now use /tmp and not require /run/user/

gnupg2 (2.1.19-2) experimental; urgency=medium

  * more patches from upstream (Closes: #854829)
  * add verbose=3 to the test suite as requested by upstream

gnupg2 (2.1.19-1) experimental; urgency=medium

  * New upstream release (Closes: #854359)
  * many post-release bugfixes from upstream
  * add logcheck filters for gpg-agent (Closes: #856438)
  * Upload to experimental due to the freeze

gnupg2 (2.1.18-6) unstable; urgency=medium

  [ NIIBE Yutaka ]
  * scdaemon: Fix duplicated entries (Closes: #855056).

gnupg2 (2.1.18-5) unstable; urgency=medium

  [ Daniel Kahn Gillmor ]
  * Xsession.d/90gpg-agent: use simpler and more direct gpgconf
    invocations for socket names.

  [ NIIBE Yutaka ]
  * scdaemon.udev: Add Yubikey and Nitrokey (Closes: #648331, 734889).
  * scdaemon fix for PC/SC (Closes: #852702, #854005, #854595, #854616).

gnupg2 (2.1.18-4) unstable; urgency=medium

  [ Daniel Kahn Gillmor ]
  * document that debian disables --allow-version-check
  * docs, debugging, and bugfix patches from upstream (Closes: #852979)

  [ NIIBE Yutaka ]
  * scdaemon bugfixes

gnupg2 (2.1.18-3) unstable; urgency=medium

  * fix searches for keys with raw addr-spec

gnupg2 (2.1.18-2) unstable; urgency=medium

  * pull fixes from upstream (including a double-free in gpg-agent)

gnupg2 (2.1.18-1) unstable; urgency=medium

  * New upstream release.

gnupg2 (2.1.17-6) unstable; urgency=medium

  * Upstream patches, fixing unnecessary delay in gpg-agent (Closes: #851298)
  * gpg-agent: avoid race in shutdown (Closes: #841143)
  * improve dirmngr, gpg-agent README.Debian (Closes: #850982)
  * clean up gpg-agent-idling patch

gnupg2 (2.1.17-5) unstable; urgency=medium

  * more fixes from upstream (improving but not yet closing: #849845)
  * gpg-agent: actively poll when shutdown is pending.  Thanks, NIIBE
    Yutaka! (addresses but does not close #841143)

gnupg2 (2.1.17-4) unstable; urgency=medium

  * more patches from upstream, including dirmngr debugging
    improvements
  * resolve ambiguity in aliased options and commands (Closes: #850475)
  * auto-enable gpg-agent and dirmngr for systemd user sessions
  * enable easy reloads from systemd

gnupg2 (2.1.17-3) unstable; urgency=medium

  * more bugfixes from upstream (improving but not yet closing: #849845)

gnupg2 (2.1.17-2) unstable; urgency=medium

  * include patches from upstream to avoid build failures on 32-bit
    arches.

gnupg2 (2.1.17-1) unstable; urgency=medium

  * new upstream release.

gnupg2 (2.1.16-3) unstable; urgency=medium

  * remove -pie from hppa, kfreebsd-amd64, and x32 builds of
    gpgv-static (Closes: #846889)
  * import several upstream bugfix patches (Closes: #846834, #846168)
  * link gnupg-agent and scdaemon with Enhances/Suggests (Closes: #833518)

gnupg2 (2.1.16-2) unstable; urgency=medium

  * avoid using adns, due to lack of security support (Closes: #845078)

gnupg2 (2.1.16-1) unstable; urgency=medium

  * New upstream version
  * dropped many patches already incorporated upstream

gnupg2 (2.1.15-9) unstable; urgency=medium

  * Introduce gpgv-static package (Closes: #806940)
  * more patches from upstream
  * use adns for better DNS resolution in dirmngr
  * add some import-options to
    migrate-pubring-from-classic-gpg for better migration
  * reorganize patches to distinguish debian variations from upstream
  * set simple and easy defaults for keyservers
  * help dirmngr and gpg-agent idle better in the default case

gnupg2 (2.1.15-8) unstable; urgency=medium

  * rename gpg-agent-restricted.socket to gpg-agent-extra.socket
    (for symmetry with option names and actual sockets created)

gnupg2 (2.1.15-7) unstable; urgency=medium

  * more upstream patches
  * dirmngr systemd user service is now socket-activated.

gnupg2 (2.1.15-6) unstable; urgency=medium

  * more upstream patches (Closes: #841437, #840680)

gnupg2 (2.1.15-5) unstable; urgency=medium

  * added udev rules for Fujitsu Siemens cardreader (Closes: #840312)
  * mark transitional packages Multi-Arch: Foreign (closes: #840258)
  * make gnupg2 binNMU-safe
  * more patches from upstream
  * track upstream decision-making about gpg-agent socket names

gnupg2 (2.1.15-4) unstable; urgency=medium

  * update debian/tests/gpgv-win32
  * more patches from upstream (Closes: #838153)
  * tighten dependencies between gnupg and dirmngr (Closes: #834602)
  * updated systemd user gpg-agent units for socket activation

gnupg2 (2.1.15-3) unstable; urgency=medium

  * Use upstream fix to avoid touching homedir during test suite
  * backward compatibility for preset-passphrase and protect-tool
  * add Breaks: for python3-apt too (thanks, Harald Jenny!)
  * Avoid network access during tests (Closes: #836259)
  * more patches from upstream
   - gpgv --output now works
   - fingerprint display doesn't vary with --keyid-format
   - minor cleanup to scdaemon dealing with removed cards

gnupg2 (2.1.15-2) unstable; urgency=medium

  * restore keyid output in gpgv (Closes: #836144)
  * avoid test suite failures when HOME does not exist

 -- Dimitri John Ledkov <email address hidden>  Thu, 11 Jan 2018 13:33:17 +0000