[ubuntu/vivid-proposed] gnupg2 2.0.26-6ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Mar 11 13:23:15 UTC 2015 

gnupg2 (2.0.26-6ubuntu1) vivid; urgency=medium

  * Merge from Debian, remaining changes:
    - Drop sh prefix from openpgp test environment as it leads to exec
      invocations of sh /bin/bash leading to syntax errors from sh.  Fixes
      FTBFS detected in Ubuntu saucy archive rebuild.
    - Add udev rules to give gpg access to some smartcard readers;
      Debian #543217.
    - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
    - Add upstart user job for gpg-agent.
    - debian/control: drop dirmngr to Suggests as it is in universe.

gnupg2 (2.0.26-6) unstable; urgency=medium

  * Avoid NULL dereference with opaque MPI.

gnupg2 (2.0.26-5) unstable; urgency=medium

  * import bug-fixes from upstream
    (Closes: #773415, #773469, #773471, #773472, #773423)
  * Fixes CVE-2015-1606 "Use after free, resulting from failure to skip
    invalid packets", CVE-2015-1607 "memcpy with overlapping ranges,
    resulting from incorrect bitwise left shifts" (Closes: #778577)

gnupg2 (2.0.26-4) unstable; urgency=medium

  [ David Prévot ]
  * Update POT and PO files, and ensure the translations get rebuild
  * Update French translation (Closes: #769574)
  * Update Ukrainian translation, thanks to Yuri Chornoivan
  * Update German translation, thanks to Werner Koch
  * Update Danish translation, thanks to Joe Hansen
  * Update Japanese translation, thanks to NIIBE Yutaka
  * Update Chinese (traditional) translation, thanks to Jedi Lin
  * Update Russian translation, thanks to Ineiev
  * Update Polish translation, thanks to Jakub Bogusz
  * Update Spanish translation, thanks to Manuel "Venturi" Porras Peralta
    (Closes: #770727)
  * New Dutch translation, thanks to Frans Spiesschaert (Closes: #770981)

  [ Daniel Kahn Gillmor ]
  * bugfix and cryptographic safety changes imported from upstream:
   - Avoid regression when adding subkeys with strong s2k algorithms
     (Closes: #772780) Thanks, NIIBE Yutaka
   - Allow french translation to work when prompting for passphrase.
   - add build and runtime support for larger RSA keys (Closes: #739424)
   - fix runtime errors on bad input (Closes: #771987)
   - deprecate insecure one-argument variant for gpg --verify of detached
     signatures (Closes: #771992)
   - initialize trustdb before trying to clear it (Closes: #735363)
   - default to issuing SHA256 signatures for RSA
   - avoid relying on MD5 signatures
   - show v3 key fingerprints as all zero (OpenPGPv3 is deprecated)

Date: Wed, 11 Mar 2015 08:25:01 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/gnupg2/2.0.26-6ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 11 Mar 2015 08:25:01 -0400
Source: gnupg2
Binary: gnupg-agent scdaemon gpgsm gnupg2 gpgv2
Architecture: source
Version: 2.0.26-6ubuntu1
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 gnupg-agent - GNU privacy guard - password agent
 gnupg2     - GNU privacy guard - a free PGP replacement (new v2.x)
 gpgsm      - GNU privacy guard - S/MIME version
 gpgv2      - GNU privacy guard - signature verification tool (new v2.x)
 scdaemon   - GNU privacy guard - smart card support
Closes: 735363 739424 769574 770727 770981 771987 771992 772780 773415 773423 773469 773471 773472 778577
Changes:
 gnupg2 (2.0.26-6ubuntu1) vivid; urgency=medium
 .
   * Merge from Debian, remaining changes:
     - Drop sh prefix from openpgp test environment as it leads to exec
       invocations of sh /bin/bash leading to syntax errors from sh.  Fixes
       FTBFS detected in Ubuntu saucy archive rebuild.
     - Add udev rules to give gpg access to some smartcard readers;
       Debian #543217.
     - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
     - Add upstart user job for gpg-agent.
     - debian/control: drop dirmngr to Suggests as it is in universe.
 .
 gnupg2 (2.0.26-6) unstable; urgency=medium
 .
   * Avoid NULL dereference with opaque MPI.
 .
 gnupg2 (2.0.26-5) unstable; urgency=medium
 .
   * import bug-fixes from upstream
     (Closes: #773415, #773469, #773471, #773472, #773423)
   * Fixes CVE-2015-1606 "Use after free, resulting from failure to skip
     invalid packets", CVE-2015-1607 "memcpy with overlapping ranges,
     resulting from incorrect bitwise left shifts" (Closes: #778577)
 .
 gnupg2 (2.0.26-4) unstable; urgency=medium
 .
   [ David Prévot ]
   * Update POT and PO files, and ensure the translations get rebuild
   * Update French translation (Closes: #769574)
   * Update Ukrainian translation, thanks to Yuri Chornoivan
   * Update German translation, thanks to Werner Koch
   * Update Danish translation, thanks to Joe Hansen
   * Update Japanese translation, thanks to NIIBE Yutaka
   * Update Chinese (traditional) translation, thanks to Jedi Lin
   * Update Russian translation, thanks to Ineiev
   * Update Polish translation, thanks to Jakub Bogusz
   * Update Spanish translation, thanks to Manuel "Venturi" Porras Peralta
     (Closes: #770727)
   * New Dutch translation, thanks to Frans Spiesschaert (Closes: #770981)
 .
   [ Daniel Kahn Gillmor ]
   * bugfix and cryptographic safety changes imported from upstream:
    - Avoid regression when adding subkeys with strong s2k algorithms
      (Closes: #772780) Thanks, NIIBE Yutaka
    - Allow french translation to work when prompting for passphrase.
    - add build and runtime support for larger RSA keys (Closes: #739424)
    - fix runtime errors on bad input (Closes: #771987)
    - deprecate insecure one-argument variant for gpg --verify of detached
      signatures (Closes: #771992)
    - initialize trustdb before trying to clear it (Closes: #735363)
    - default to issuing SHA256 signatures for RSA
    - avoid relying on MD5 signatures
    - show v3 key fingerprints as all zero (OpenPGPv3 is deprecated)
Checksums-Sha1:
 59a456c9c4b92dc8126f467c1cfd6718231b38dc 2524 gnupg2_2.0.26-6ubuntu1.dsc
 3ff5b38152c919724fd09cf2f17df704272ba192 4303384 gnupg2_2.0.26.orig.tar.bz2
 30cf64d17b4b0e6e3163113ab1ff062b62474384 400055 gnupg2_2.0.26-6ubuntu1.debian.tar.bz2
Checksums-Sha256:
 cdac81bd643433c621d8a3b26467b10d3271c63f43b2a3aa05ba2f5429f4446c 2524 gnupg2_2.0.26-6ubuntu1.dsc
 7758e30dc382ae7a7167ed41b7f936aa50af5ea2d6fccdef663b5b750b65b8e0 4303384 gnupg2_2.0.26.orig.tar.bz2
 4b8fa7c01bee0f2ddf41ef6003325a760bb7a4a3ba66826fc1a4f0858c06f8c7 400055 gnupg2_2.0.26-6ubuntu1.debian.tar.bz2
Files:
 1def330be305a022ff9e5576702d53a7 2524 utils optional gnupg2_2.0.26-6ubuntu1.dsc
 fa7e704aad33eb114d1840164455aec1 4303384 utils optional gnupg2_2.0.26.orig.tar.bz2
 4eb50026be7b15ccf5a21c4089f008f1 400055 utils optional gnupg2_2.0.26-6ubuntu1.debian.tar.bz2
Original-Maintainer: Debian GnuPG Maintainers <pkg-gnupg-maint at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVAEFEAAoJEGVp2FWnRL6TCYUQAKd32nr4sNQtw8AYvK0Vw4s8
3Itmn5/VhZKci1+aZu6HkoKrhCsWca87us2MeR4ho19S/riNQTis+J7lbvXk9/5q
+ORhcCG6dYlHLWI7z7meew7DIIzE95Ey9Lylw+n/Vu+Ol2i6fgQNRm2IbHvNSXxf
PP9Q/EnJYAcXbX/Js7Rdr5+U3JE7FIy2A7enNnIF5Qr7XEMtzsSiKehFVhA7FZGN
HGE0RaXjTdOmt9T6YuutEvkE8qI25bkKAwzqChX0ie1kmG4ys5olCH4lx+Ao6qJX
NkpDusxDZqN/CUNhbyjYlGWzWqS3ehF0ciamzVuuvZdYgR/vmDEeaVyz5gKEKBj7
fNnKX7MMwTmh1XiEm2Ak7jUlK04XC8iiZzjeRQB0ZmZf2z90MQMBw742nYpm5+5z
p7e3Dy5D70tqw0mUyw4MXHSpbrXEkvuP2H3GjjsSp6ao/GZZQE2mQTPIIA/HNBdm
U3NgOD0YWqQhKw0j60ke/nqdpHA7wJLkgjat6VaLN4vh+jjtR6YzzScahBBx2HpZ
e//XE3Py1YjgEK0WQ90/Npnbt65CXqSPcOKXawSSwol/czVV/rg1s05yrd3+bMUO
lNLw477zVLVuuaa9Lbh/XnoLv12GhE4Hk7fhD76ZQrdHQVr41g4LP2GFxX9M3ylz
WLTbjBsh6JWGrYmPAGsr
=dk2z
-----END PGP SIGNATURE-----

More information about the Vivid-changes mailing list