-
gnupg (1.4.12-7ubuntu1.3) raring-security; urgency=low
* SECURITY UPDATE: RSA Key Extraction via Low-Bandwidth Acoustic
Cryptanalysis attack
- debian/patches/CVE-2013-4576.patch: Use blinding for the RSA secret
operation in cipher/random.*, cipher/rsa.c, g10/gpgv.c. Normalize the
MPIs used as input to secret key functions in cipher/dsa.c,
cipher/elgamal.c, cipher/rsa.c.
- CVE-2013-4576
-- Marc Deslauriers <email address hidden> Wed, 18 Dec 2013 11:14:22 -0500
-
gnupg (1.4.12-7ubuntu1.2) raring-security; urgency=low
* SECURITY UPDATE: incorrect no-usage-permitted flag handling
- debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
in g10/getkey.c, g10/keygen.c, include/cipher.h.
- CVE-2013-4351
* SECURITY UPDATE: denial of service via infinite recursion
- debian/patches/CVE-2013-4402.patch: set limits on number of filters
and nested packets in util/iobuf.c, g10/mainproc.c.
- CVE-2013-4402
-- Marc Deslauriers <email address hidden> Tue, 08 Oct 2013 07:43:41 -0400
-
gnupg (1.4.12-7ubuntu1.1) raring-security; urgency=low
* SECURITY UPDATE: The path of execution in an exponentiation function may
depend upon secret key data, allowing a local attacker to determine the
contents of the secret key through a side-channel attack.
- debian/patches/CVE-2013-4242.diff: always perform the mpi_mul for
exponents in secure memory. Based on upstream patch.
- CVE-2013-4242
-- Seth Arnold <email address hidden> Tue, 30 Jul 2013 14:54:59 -0700
-
gnupg (1.4.12-7ubuntu1) raring; urgency=low
* Resynchronise with Debian. Remaining changes:
- Disable mlock() test since it fails with ulimit 0 (on buildds).
- Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
- Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
- Remove the Win32 build.
- Update config.guess/config.sub for aarch64.
gnupg (1.4.12-7) unstable; urgency=high
* Apply upstream patch to fix memory and key database corruption
when importing with invalid keys (CVE-2012-6085, closes: #697108).
-- Colin Watson <email address hidden> Tue, 08 Jan 2013 10:47:07 +0000
-
gnupg (1.4.12-6ubuntu1) raring; urgency=low
* Resynchronise with Debian. Remaining changes:
- Disable mlock() test since it fails with ulimit 0 (on buildds).
- Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
- Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
- Remove the Win32 build.
- Update config.guess/config.sub for aarch64.
* Dropped patches:
- Fix udeb build failure on powerpc, building with -O2 instead of -Os.
(No longer seems to be necessary.)
* Simplify removal of Win32 build, to make this easier to merge in future.
gnupg (1.4.12-6) unstable; urgency=low
* debian/patches/685627_french_translation_update.patch: Adjusted.
- po/gnupg.pot: Trigger .gmo rebuild by date update (closes: #685627).
gnupg (1.4.12-5) unstable; urgency=low
[ Thijs Kinkhorst ]
* Add lintian override for gnupg-curl non-conflict.
[ Daniel Leidert ]
* debian/README.BUGS.Debian: Added note about gpg not returning an error
message if junk is given after --edit-key/--send-keys (closes: #630388).
* patches/685627_french_translation_update.patch: Added.
- po/fr.po: French translation proofread and updated (closes: #685627).
gnupg (1.4.12-4) unstable; urgency=low
* Move mingw64 to B-D-I, adjust make targets. This helps debian-ports
architectures: mingw64 is not commonly available there.
gnupg (1.4.12-3) unstable; urgency=low
* Upload to unstable.
* Correct path for gpgv-win32 to /usr/share/win32.
* Updated to policy 3.9.3.
* Convert to copyright-format 1.0.
gnupg (1.4.12-2) experimental; urgency=low
* Move mingw-w64 from build-depends-indep to build-depends,
otherwise buildds won't install it (classic mistake).
gnupg (1.4.12-1) experimental; urgency=low
* New upstream release.
- Documents keyid-format and with-colons combination (LP: #808295).
- No longer requires readline for gpgv (closes: #592902).
- Fixes man page format error for gpg-zip (closes: #606072).
- Fixes gpg manual page (closes: #640140).
* As we're now on 0 patches, and dpatch is supposedly obsoleted,
take the chance to switch to dpkg-source 3.0 (quilt) format.
* Several packaging tweaks to keep Lintian happy.
* Mark packages Multi-Arch: foreign. thanks Colin Watson (closes: #649490).
* Fix path to README.BUGS.Debian.gz in presubj (closes: #614962).
* Add Crypto Stick to udev rules (closes: #648332).
* Build win32 package with mingw-w64, thanks Stephen Kitt (closes: #623526).
* Enable hardened build flags, thanks Moritz Muehlenhoff (closes: #653480).
-- Colin Watson <email address hidden> Tue, 04 Dec 2012 22:26:16 +0000
-
gnupg (1.4.11-3ubuntu4) quantal; urgency=low
* Update config.guess,sub for aarch64
-- Wookey <email address hidden> Mon, 01 Oct 2012 12:56:41 +0100
