-
gnupg (1.4.3-2ubuntu3.3) edgy-security; urgency=low
* SECURITY UPDATE: without --status-fd, forged inline sigs can appear valid.
* debian/patches/50_stop_multiple_messages.dpatch: ported upstream patch.
* References
ftp://ftp.gnupg.org/gcrypt/gnupg/patches/gnupg-1.4.6-multiple-message.patch
CVE-2007-1263
-- Kees Cook <email address hidden> Wed, 7 Mar 2007 14:10:02 -0800
-
gnupg (1.4.3-2ubuntu3.2) edgy-security; urgency=low
* SECURITY UPDATE: unwound stack data use, leading to arbitrary code
execution.
* Add debian/patches/29_dxf_context_stack.dpatch: upstream patch, use heap
for allocation instead.
* References
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html
CVE-2006-6235
-- Kees Cook <email address hidden> Wed, 6 Dec 2006 11:56:02 -0800
-
gnupg (1.4.3-2ubuntu3.1) edgy-security; urgency=low
* SECURITY UPDATE: Local arbitrary code execution.
* Add debian/patches/28_filename_prompt_overflow.dpatch to fix buffer
overflow, taken from upstream.
* References
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html
-- Kees Cook <email address hidden> Tue, 28 Nov 2006 14:27:31 -0800
-
gnupg (1.4.3-2ubuntu3) edgy; urgency=low
* SECURITY UPDATE: Local arbitrary code execution.
* Add debian/patches/27_comment_control_overflow.dpatch:
- Fix buffer overflows in parse_comment() and parse_gpg_control().
- Patch extracted from stable 1.4.5 release.
- Reproducer:
perl -e 'print "\xfd\xff\xff\xff\xff\xfe"'| gpg --no-armor
- Credit: Evgeny Legerov
- CVE-2006-3746
-- Martin Pitt <email address hidden> Thu, 3 Aug 2006 08:11:46 +0200
-
gnupg (1.4.3-2ubuntu2) edgy; urgency=low
* Rebuild with current zlib1g-dev to fix udeb shlibdeps. Thanks to Evan
Dandrea for noticing.
-- Colin Watson <email address hidden> Mon, 31 Jul 2006 11:21:55 +0100
-
gnupg (1.4.3-2ubuntu1) edgy; urgency=low
* Sync with Debian:
Remaining Ubuntu changes:
+ config.h.in: Disable mlock() test since it fails with ulimit 0 (on
buildds).
+ debian/patches/20_no_tty_fix.dpatch:
- dropped, upstream now
+ debian/rules:
- don't use the included gettext
- Don't install gpg as suid root, since that is not necessary with
kernels 2.6.8+
- Make the build fail if the test suite fails
gnupg (1.4.3-2) unstable; urgency=low
* 26_user_id_overflow.dpatch: new patch pulled from upstream SVN to fix
a crash when processing overly large User ID packets [CVE-2006-3082].
Thanks to Alec Berryman <email address hidden>. Closes: #375052
gnupg (1.4.3-1) unstable; urgency=low
* New upstream release.
* 22_zero_length_mpi_fix.dpatch: merged upstream, dropped.
* debian/rules (test): s/g10.c/gpg.c/.
* 16_min_privileges.dpatch: likewise.
* debian/control, debian/rules: apply patch from Max Vozeler
<email address hidden> to build gnupg-udeb. Closes: #321948
* Based on discussion with and testing by Martin Pitt
<email address hidden>:
* debian/rules (build-deb-stamp): don't pass --with-included-gettext to
configure.
* debian/rules (build-udeb-stamp): likewise.
* debian/rules (binary-arch): don't need to remove
usr/share/locale/locale.alias anymore as a result.
* debian/rules (build-deb-stamp): pass --enable-mailto to configure.
Closes #301308
* debian/rules (build-udeb-stamp): likewise.
* debian/control (Build-Depends): drop mail-transport-agent and...
* debian/rules (build-deb-stamp): pass
--with-mailprog=/usr/sbin/sendmail to configure instead.
* debian/rules (build-udeb-stamp): likewise. Closes: #333218
* debian/rules: put common configure options into CONFARGS variable and
rename the cross-compile-only variable to HOSTARG.
* debian/rules (clean): also remove debian/gnupg-deb build directory.
* debian/gpg-convert-from-106.1, debian/gpgsplit.1, debian/lspgpot.1:
new manpages from François Wendling <email address hidden>. Closes:
#344314
* debian/rules (binary-arch): install them.
* The following is a patch from Frans Pop <email address hidden>. Closes:
#360257
* debian/control (Build-Depends): add dpkg-dev (>= 1.13.12).
* debian/rules (binary-arch): pass -tudeb when invoking dpkg-shlibdeps
for the .udeb builds.
* 23_getkey_utf8_userid.dpatch: new patch from Fumitoshi UKAI
<email address hidden> to fix '[User id not found]' message in non-UTF-8
locales. Closes: #205028
* 24_gpgv_manpage_cleanup.dpatch: new patch from "Jim W. Jaszewski"
<email address hidden> to fix small errors in the gpgv manpage. Closes:
#177951
* 25_de.po_fixes.dpatch: new patch from Jens Seidel
<email address hidden> with small fixes to the German translations.
Closes: #314069
-- Sebastian Dröge <email address hidden> Wed, 28 Jun 2006 21:11:14 +0200
-
gnupg (1.4.2.2-1ubuntu2) dapper; urgency=low
* debian/rules:
- Remove --with-included-gettext configure option; use libc's gettext to
get language pack support. Closes: LP#25609
- rm'ing locale.alias is not necessary with this change, so change it to
rm -f to not break the build.
-- Martin Pitt <email address hidden> Mon, 3 Apr 2006 18:21:19 +0200
