Author: Iain Lane
Revision Date: 2015-07-13 13:18:38 UTC

* Merge from Debian, remaining changes:
  - Drop sh prefix from openpgp test environment as it leads to exec
    invocations of sh /bin/bash leading to syntax errors from sh. Fixes
    FTBFS detected in Ubuntu saucy archive rebuild.
  - Add udev rules to give gpg access to some smartcard readers;
    Debian #543217.
  - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
  - Add upstart user job for gpg-agent.
  - debian/control: drop dirmngr to Suggests as it is in universe.

Author: Iain Lane
Revision Date: 2015-07-13 13:18:38 UTC

* Merge from Debian, remaining changes:
  - Drop sh prefix from openpgp test environment as it leads to exec
    invocations of sh /bin/bash leading to syntax errors from sh. Fixes
    FTBFS detected in Ubuntu saucy archive rebuild.
  - Add udev rules to give gpg access to some smartcard readers;
    Debian #543217.
  - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
  - Add upstart user job for gpg-agent.
  - debian/control: drop dirmngr to Suggests as it is in universe.

Author: Marc Deslauriers
Revision Date: 2015-03-27 08:16:53 UTC

* Fix screening responses from keyservers (LP: #1421640)
  - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch
  - d/p/0003-Add-kbnode_t-for-easier-backporting.patch
  - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
* Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
  - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch
  - debian/rules: build with --enable-large-secmem
* SECURITY UPDATE: invalid memory read via invalid keyring
  - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in
    a keyring in g10/keyring.c.
  - CVE-2015-1606
* SECURITY UPDATE: memcpy with overlapping ranges
  - debian/patches/CVE-2015-1607.patch: use inline functions to convert
    buffer data to scalars in common/iobuf.c, g10/build-packet.c,
    g10/getkey.c, g10/keyid.c, g10/main.h, g10/misc.c,
    g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h,
    kbx/keybox-dump.c, kbx/keybox-openpgp.c, kbx/keybox-search.c,
    kbx/keybox-update.c, scd/apdu.c, scd/app-openpgp.c,
    scd/ccid-driver.c, scd/pcsc-wrapper.c, tools/ccidmon.c.
  - CVE-2015-1607

Author: Marc Deslauriers
Revision Date: 2015-03-27 08:16:53 UTC

* Fix screening responses from keyservers (LP: #1421640)
  - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch
  - d/p/0003-Add-kbnode_t-for-easier-backporting.patch
  - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
* Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
  - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch
  - debian/rules: build with --enable-large-secmem
* SECURITY UPDATE: invalid memory read via invalid keyring
  - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in
    a keyring in g10/keyring.c.
  - CVE-2015-1606
* SECURITY UPDATE: memcpy with overlapping ranges
  - debian/patches/CVE-2015-1607.patch: use inline functions to convert
    buffer data to scalars in common/iobuf.c, g10/build-packet.c,
    g10/getkey.c, g10/keyid.c, g10/main.h, g10/misc.c,
    g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h,
    kbx/keybox-dump.c, kbx/keybox-openpgp.c, kbx/keybox-search.c,
    kbx/keybox-update.c, scd/apdu.c, scd/app-openpgp.c,
    scd/ccid-driver.c, scd/pcsc-wrapper.c, tools/ccidmon.c.
  - CVE-2015-1607

Author: Marc Deslauriers
Revision Date: 2015-03-27 08:18:55 UTC

* Screen responses from keyservers (LP: #1409117)
  - d/p/0001-Screen-keyserver-responses.patch
  - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch
  - d/p/0003-Add-kbnode_t-for-easier-backporting.patch
  - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
* Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
  - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch
  - debian/rules: build with --enable-large-secmem
* SECURITY UPDATE: invalid memory read via invalid keyring
  - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in
    a keyring in g10/keyring.c.
  - CVE-2015-1606
* SECURITY UPDATE: memcpy with overlapping ranges
  - debian/patches/CVE-2015-1607.patch: use inline functions to convert
    buffer data to scalars in common/iobuf.c, g10/build-packet.c,
    g10/getkey.c, g10/keyid.c, g10/main.h, g10/misc.c,
    g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h,
    kbx/keybox-dump.c, kbx/keybox-openpgp.c, kbx/keybox-search.c,
    kbx/keybox-update.c, scd/apdu.c, scd/app-openpgp.c,
    scd/ccid-driver.c, scd/pcsc-wrapper.c, tools/ccidmon.c.
  - CVE-2015-1607

Author: Marc Deslauriers
Revision Date: 2015-03-27 08:20:03 UTC

* Screen responses from keyservers (LP: #1409117)
  - d/p/0001-Screen-keyserver-responses.patch
  - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch
  - d/p/0003-Add-kbnode_t-for-easier-backporting.patch
  - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
* Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
  - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch
  - debian/rules: build with --enable-large-secmem
* SECURITY UPDATE: invalid memory read via invalid keyring
  - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in
    a keyring in g10/keyring.c.
  - CVE-2015-1606
* SECURITY UPDATE: memcpy with overlapping ranges
  - debian/patches/CVE-2015-1607.patch: use inline functions to convert
    buffer data to scalars in common/iobuf.c, g10/build-packet.c,
    g10/getkey.c, g10/keygen.c, g10/keyid.c, g10/main.h, g10/misc.c,
    g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h,
    kbx/keybox-dump.c, kbx/keybox-openpgp.c, kbx/keybox-search.c,
    kbx/keybox-update.c, scd/apdu.c, scd/app-openpgp.c,
    scd/ccid-driver.c, scd/pcsc-wrapper.c, tools/ccidmon.c.
  - CVE-2015-1607

Author: Marc Deslauriers
Revision Date: 2015-03-27 08:20:03 UTC

* Screen responses from keyservers (LP: #1409117)
  - d/p/0001-Screen-keyserver-responses.patch
  - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch
  - d/p/0003-Add-kbnode_t-for-easier-backporting.patch
  - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
* Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
  - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch
  - debian/rules: build with --enable-large-secmem
* SECURITY UPDATE: invalid memory read via invalid keyring
  - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in
    a keyring in g10/keyring.c.
  - CVE-2015-1606
* SECURITY UPDATE: memcpy with overlapping ranges
  - debian/patches/CVE-2015-1607.patch: use inline functions to convert
    buffer data to scalars in common/iobuf.c, g10/build-packet.c,
    g10/getkey.c, g10/keygen.c, g10/keyid.c, g10/main.h, g10/misc.c,
    g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h,
    kbx/keybox-dump.c, kbx/keybox-openpgp.c, kbx/keybox-search.c,
    kbx/keybox-update.c, scd/apdu.c, scd/app-openpgp.c,
    scd/ccid-driver.c, scd/pcsc-wrapper.c, tools/ccidmon.c.
  - CVE-2015-1607

Author: Marc Deslauriers
Revision Date: 2015-03-27 08:18:55 UTC

* Screen responses from keyservers (LP: #1409117)
  - d/p/0001-Screen-keyserver-responses.patch
  - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch
  - d/p/0003-Add-kbnode_t-for-easier-backporting.patch
  - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
* Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
  - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch
  - debian/rules: build with --enable-large-secmem
* SECURITY UPDATE: invalid memory read via invalid keyring
  - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in
    a keyring in g10/keyring.c.
  - CVE-2015-1606
* SECURITY UPDATE: memcpy with overlapping ranges
  - debian/patches/CVE-2015-1607.patch: use inline functions to convert
    buffer data to scalars in common/iobuf.c, g10/build-packet.c,
    g10/getkey.c, g10/keyid.c, g10/main.h, g10/misc.c,
    g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h,
    kbx/keybox-dump.c, kbx/keybox-openpgp.c, kbx/keybox-search.c,
    kbx/keybox-update.c, scd/apdu.c, scd/app-openpgp.c,
    scd/ccid-driver.c, scd/pcsc-wrapper.c, tools/ccidmon.c.
  - CVE-2015-1607

Author: Marc Deslauriers
Revision Date: 2015-03-11 08:25:01 UTC

* Merge from Debian, remaining changes:
  - Drop sh prefix from openpgp test environment as it leads to exec
    invocations of sh /bin/bash leading to syntax errors from sh. Fixes
    FTBFS detected in Ubuntu saucy archive rebuild.
  - Add udev rules to give gpg access to some smartcard readers;
    Debian #543217.
  - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
  - Add upstart user job for gpg-agent.
  - debian/control: drop dirmngr to Suggests as it is in universe.

Author: Marc Deslauriers
Revision Date: 2015-03-11 08:25:01 UTC

* Merge from Debian, remaining changes:
  - Drop sh prefix from openpgp test environment as it leads to exec
    invocations of sh /bin/bash leading to syntax errors from sh. Fixes
    FTBFS detected in Ubuntu saucy archive rebuild.
  - Add udev rules to give gpg access to some smartcard readers;
    Debian #543217.
  - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
  - Add upstart user job for gpg-agent.
  - debian/control: drop dirmngr to Suggests as it is in universe.

Author: Mark Adams
Revision Date: 2015-01-05 00:14:45 UTC

Updated debian/gpg-agent.user-session.upstart so that global environment
variables SSH_AUTH_SOCK and SSH_AGENT_PID are set if gpg-agent is running
with SSH support.; LP: #1407513

Author: Marc Deslauriers
Revision Date: 2014-07-29 11:55:05 UTC

debian/control: drop dirmngr to Suggests as it is in universe.

Author: Marc Deslauriers
Revision Date: 2014-07-29 11:55:05 UTC

debian/control: drop dirmngr to Suggests as it is in universe.

Author: Marc Deslauriers
Revision Date: 2014-06-26 09:20:05 UTC

* SECURITY UPDATE: denial of service via uncompressing garbled packets
  - debian/patches/CVE-2014-4617.patch: limit number of extra bytes in
    g10/compress.c.
  - CVE-2014-4617

Author: Marc Deslauriers
Revision Date: 2014-06-26 09:20:05 UTC

* SECURITY UPDATE: denial of service via uncompressing garbled packets
  - debian/patches/CVE-2014-4617.patch: limit number of extra bytes in
    g10/compress.c.
  - CVE-2014-4617

Author: Marc Deslauriers
Revision Date: 2014-06-26 09:21:08 UTC

* SECURITY UPDATE: denial of service via uncompressing garbled packets
  - debian/patches/CVE-2014-4617.patch: limit number of extra bytes in
    g10/compress.c.
  - CVE-2014-4617

Author: Marc Deslauriers
Revision Date: 2014-06-26 09:21:08 UTC

* SECURITY UPDATE: denial of service via uncompressing garbled packets
  - debian/patches/CVE-2014-4617.patch: limit number of extra bytes in
    g10/compress.c.
  - CVE-2014-4617

Author: Dimitri John Ledkov
Revision Date: 2014-02-19 15:08:39 UTC

* Merge from Debian, remaining changes:
  - Drop sh prefix from openpgp test environment as it leads to exec
  invocations of sh /bin/bash leading to syntax errors from sh. Fixes
  FTBFS detected in Ubuntu saucy archive rebuild.
  - Add udev rules to give gpg access to some smartcard readers;
    Debian #543217.
  - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
  - Add upstart user job for gpg-agent.

Author: Dimitri John Ledkov
Revision Date: 2014-02-19 15:08:39 UTC

* Merge from Debian, remaining changes:
  - Drop sh prefix from openpgp test environment as it leads to exec
  invocations of sh /bin/bash leading to syntax errors from sh. Fixes
  FTBFS detected in Ubuntu saucy archive rebuild.
  - Add udev rules to give gpg access to some smartcard readers;
    Debian #543217.
  - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
  - Add upstart user job for gpg-agent.

Author: Marc Deslauriers
Revision Date: 2013-10-07 15:44:52 UTC

* SECURITY UPDATE: incorrect no-usage-permitted flag handling
  - debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
    in g10/getkey.c, g10/keygen.c, include/cipher.h.
  - CVE-2013-4351
* SECURITY UPDATE: denial of service via infinite recursion
  - debian/patches/CVE-2013-4402.patch: set limits on number of filters
    and nested packets in common/iobuf.c, g10/mainproc.c.
  - CVE-2013-4402

Author: Marc Deslauriers
Revision Date: 2013-10-07 15:44:52 UTC

* SECURITY UPDATE: incorrect no-usage-permitted flag handling
  - debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
    in g10/getkey.c, g10/keygen.c, include/cipher.h.
  - CVE-2013-4351
* SECURITY UPDATE: denial of service via infinite recursion
  - debian/patches/CVE-2013-4402.patch: set limits on number of filters
    and nested packets in common/iobuf.c, g10/mainproc.c.
  - CVE-2013-4402

Author: Marc Deslauriers
Revision Date: 2013-10-07 15:50:38 UTC

* SECURITY UPDATE: incorrect no-usage-permitted flag handling
  - debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
    in g10/getkey.c, g10/keygen.c, include/cipher.h.
  - CVE-2013-4351
* SECURITY UPDATE: denial of service via infinite recursion
  - debian/patches/CVE-2013-4402.patch: set limits on number of filters
    and nested packets in common/iobuf.c, g10/mainproc.c.
  - CVE-2013-4402

Author: Marc Deslauriers
Revision Date: 2013-10-07 15:50:38 UTC

* SECURITY UPDATE: incorrect no-usage-permitted flag handling
  - debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
    in g10/getkey.c, g10/keygen.c, include/cipher.h.
  - CVE-2013-4351
* SECURITY UPDATE: denial of service via infinite recursion
  - debian/patches/CVE-2013-4402.patch: set limits on number of filters
    and nested packets in common/iobuf.c, g10/mainproc.c.
  - CVE-2013-4402

Author: Marc Deslauriers
Revision Date: 2013-10-07 15:38:03 UTC

* SECURITY UPDATE: incorrect no-usage-permitted flag handling
  - debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
    in g10/getkey.c, g10/keygen.c, include/cipher.h.
  - CVE-2013-4351
* SECURITY UPDATE: denial of service via infinite recursion
  - debian/patches/CVE-2013-4402.patch: set limits on number of filters
    and nested packets in common/iobuf.c, g10/mainproc.c.
  - CVE-2013-4402

Author: Marc Deslauriers
Revision Date: 2013-10-07 15:38:03 UTC

* SECURITY UPDATE: incorrect no-usage-permitted flag handling
  - debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
    in g10/getkey.c, g10/keygen.c, include/cipher.h.
  - CVE-2013-4351
* SECURITY UPDATE: denial of service via infinite recursion
  - debian/patches/CVE-2013-4402.patch: set limits on number of filters
    and nested packets in common/iobuf.c, g10/mainproc.c.
  - CVE-2013-4402

Author: Marc Deslauriers
Revision Date: 2013-01-10 09:02:23 UTC

* Resynchronize on Debian, remaining changes:
  - Add udev rules to give gpg access to some smartcard readers;
    Debian #543217.
    . debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.

Author: Marc Deslauriers
Revision Date: 2013-01-10 09:02:23 UTC

* Resynchronize on Debian, remaining changes:
  - Add udev rules to give gpg access to some smartcard readers;
    Debian #543217.
    . debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.

Author: Marc Deslauriers
Revision Date: 2013-01-08 15:37:01 UTC

* SECURITY UPDATE: keyring corruption via malformed key import
  - debian/patches/CVE-2012-6085.patch: validate PKTTYPE in g10/import.c.
  - CVE-2012-6085

Author: Marc Deslauriers
Revision Date: 2013-01-08 15:37:01 UTC

* SECURITY UPDATE: keyring corruption via malformed key import
  - debian/patches/CVE-2012-6085.patch: validate PKTTYPE in g10/import.c.
  - CVE-2012-6085

Author: Marc Deslauriers
Revision Date: 2012-08-14 13:31:24 UTC

debian/patches/long-keyids.diff: Use the longest key ID available
when requesting a key from a key server.

Author: Marc Deslauriers
Revision Date: 2012-08-14 13:31:24 UTC

debian/patches/long-keyids.diff: Use the longest key ID available
when requesting a key from a key server.

Author: Marc Deslauriers
Revision Date: 2012-08-14 13:12:12 UTC

debian/patches/long-keyids.diff: Use the longest key ID available
when requesting a key from a key server.

Author: Marc Deslauriers
Revision Date: 2012-08-14 13:26:31 UTC

debian/patches/long-keyids.diff: Use the longest key ID available
when requesting a key from a key server.

Author: Marc Deslauriers
Revision Date: 2012-08-14 13:31:24 UTC

debian/patches/long-keyids.diff: Use the longest key ID available
when requesting a key from a key server.

Author: Marc Deslauriers
Revision Date: 2012-08-14 14:32:25 UTC

* keyserver/gpgkeys_hkp.c: Use the longest key ID available when
  requesting a key from a key server.
  - http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=3005b0a6f43e53bed2f9b6fba7ad1205bdb29bc5

Author: Marc Deslauriers
Revision Date: 2012-08-14 14:32:25 UTC

* keyserver/gpgkeys_hkp.c: Use the longest key ID available when
  requesting a key from a key server.
  - http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=3005b0a6f43e53bed2f9b6fba7ad1205bdb29bc5

Author: Marc Deslauriers
Revision Date: 2012-08-14 14:32:25 UTC

* keyserver/gpgkeys_hkp.c: Use the longest key ID available when
  requesting a key from a key server.
  - http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=3005b0a6f43e53bed2f9b6fba7ad1205bdb29bc5

Author: Marc Deslauriers
Revision Date: 2012-08-14 13:34:54 UTC

debian/patches/long-keyids.diff: Use the longest key ID available
when requesting a key from a key server.

Author: Marc Deslauriers
Revision Date: 2012-07-24 10:40:49 UTC

* debian/patches/long-keyids.diff: Use the longest key ID available
  when requesting a key from a key server.
* debian/rules: don't generate config.guess, config.sub and version in
  clean target to prevent build cruft patches.
* debian/patches/debian-changes-2.0.17-2,
  debian/patches/debian-changes-2.0.17-2ubuntu1: removed, build cruft.

Author: Marc Deslauriers
Revision Date: 2012-07-24 10:40:49 UTC

* debian/patches/long-keyids.diff: Use the longest key ID available
  when requesting a key from a key server.
* debian/rules: don't generate config.guess, config.sub and version in
  clean target to prevent build cruft patches.
* debian/patches/debian-changes-2.0.17-2,
  debian/patches/debian-changes-2.0.17-2ubuntu1: removed, build cruft.

Author: Anders Kaseorg
Revision Date: 2011-07-23 15:50:51 UTC

debian/patches/gnupg2-fix-libgcrypt.diff: Fix assertion failure with
libgcrypt 1.5.0. (LP: #815190)

Author: Anders Kaseorg
Revision Date: 2011-07-23 15:50:51 UTC

debian/patches/gnupg2-fix-libgcrypt.diff: Fix assertion failure with
libgcrypt 1.5.0. (LP: #815190)

Author: Martin Pool
Revision Date: 2011-08-11 03:20:08 UTC

Add my name on this upload so it can be signed and built

Author: Marc Deslauriers
Revision Date: 2010-11-16 11:30:31 UTC

* Merge from debian unstable. Remaining changes:
  - Add udev rules to give gpg access to some smartcard readers;
    Debian #543217.
    . debian/gnupg2.dev: udev rules to set ACLs on SCM smartcard readers.
    . debian/rules: Call dh_installudev.
  - debian/control: Rename Vcs-* to XS-Debian-Vcs-*.
* debian/patches/CVE-2010-2547.patch: dropped, now in
  03-gpgsm-realloc.diff.

Author: Marc Deslauriers
Revision Date: 2010-08-10 09:30:23 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via certificate with large number of Subject Alternate Names
  - debian/patches/CVE-2010-2547.patch: fix use-after-free in
    kbx/keybox-blob.c.
  - CVE-2010-2547

Author: Marc Deslauriers
Revision Date: 2010-08-10 09:32:22 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via certificate with large number of Subject Alternate Names
  - kbx/keybox-blob.c: fix use-after-free.
  - http://cvs.gnupg.org/cgi-bin/viewcvs.cgi?view=rev&revision=5371
  - CVE-2010-2547

Author: Marc Deslauriers
Revision Date: 2010-08-10 09:30:23 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via certificate with large number of Subject Alternate Names
  - debian/patches/CVE-2010-2547.patch: fix use-after-free in
    kbx/keybox-blob.c.
  - CVE-2010-2547

Author: Marc Deslauriers
Revision Date: 2010-08-10 09:32:22 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via certificate with large number of Subject Alternate Names
  - kbx/keybox-blob.c: fix use-after-free.
  - http://cvs.gnupg.org/cgi-bin/viewcvs.cgi?view=rev&revision=5371
  - CVE-2010-2547

Author: Marc Deslauriers
Revision Date: 2010-08-11 13:56:02 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via certificate with large number of Subject Alternate Names
  - debian/patches/CVE-2010-2547.patch: fix use-after-free in
    kbx/keybox-blob.c.
  - CVE-2010-2547

Author: Michael Bienia
Revision Date: 2010-01-22 21:49:55 UTC

* Merge with Debian testing (lp: #511356). Remaining changes:
  - debian/gnupg2.dev: udev rules to set ACLs on SCM smartcard readers.
  - debian/rules: Call dh_installudev.

Author: Matthias Klose
Revision Date: 2009-09-19 22:56:12 UTC

Build-depend on libreadline-dev instead of libreadline5-dev.

Author: Thomas Viehmann
Revision Date: 2008-10-04 10:25:53 UTC

* Non-maintainer upload.
* agent/gpg-agent.c: Deinit the threading library before exec'ing
  the command to run in --daemon mode. And because that still doesn't
  restore the sigprocmask, do that manually. Closes: #499569

Author: Thomas Viehmann
Revision Date: 2008-10-04 10:25:53 UTC

* Non-maintainer upload.
* agent/gpg-agent.c: Deinit the threading library before exec'ing
  the command to run in --daemon mode. And because that still doesn't
  restore the sigprocmask, do that manually. Closes: #499569

Author: Eric Dorland
Revision Date: 2007-09-30 02:50:40 UTC

* New upstream release.
* debian/rules:
  - Remove unnecessary deletion of the .gmo files. (Closes: #442583)
  - Clean out some old comments
* gnupg-agent.xsession: Remove the quotes around --write-env-file
  argument. Not ideal, but fine for now. Thanks Luis Rodrigo Gallardo
  Cruz. (Closes: #443580)

Author: Steve Kowalik
Revision Date: 2007-07-05 01:41:29 UTC

Rebuild for the libcurl transition mess.

Author: Michael Bienia
Revision Date: 2007-03-09 12:32:03 UTC

* Merge from Debian unstable. Remaining changes:
  - Remove libpcsclite-dev, libopensc2-dev build dependencies (they are in
    universe).
  - Build-depend on libcurl3-gnutls-dev
  - Include /doc files as done with gnupg
  - debian/rules: add doc/com-certs.pem to the docs for gpgsm
  - g10/call-agent.c: set DBG_ASSUAN to 0 to suppress a debug message
  - debian/README.Debian: remove note the gnupg2 isn't released yet.
  - debian/control: Change Maintainer/XSBC-Original-Maintainer field.

Author: Kees Cook
Revision Date: 2007-03-12 17:10:06 UTC

* SECURITY UPDATE: without --status-fd, forged inline sigs can appear valid.
* g10/status.{h,c}, g10/options.h, g10/gpg.c, g10/mainproc.c: backported
  changes from upstream 2.0.2 to 2.0.3 releases.
* References
  CVE-2007-1263

Author: Kees Cook
Revision Date: 2007-03-12 17:10:06 UTC

* SECURITY UPDATE: without --status-fd, forged inline sigs can appear valid.
* g10/status.{h,c}, g10/options.h, g10/gpg.c, g10/mainproc.c: backported
  changes from upstream 2.0.2 to 2.0.3 releases.
* References
  CVE-2007-1263

Author: Martin Pitt
Revision Date: 2006-08-16 10:43:10 UTC

* SECURITY UPDATE: Local arbitrary code execution.
* Fix buffer overflows in parse_comment() and parse_gpg_control().
* Reproducer: perl -e 'print "\xfd\xff\xff\xff\xff\xfe"'| gpg --no-armor
* CVE-2006-3746

Author: Matthias Urlichs
Revision Date: 2005-12-08 22:13:21 UTC

* Convert debian/changelog to UTF-8.
* Put gnupg-agent and gpgsm lintian overrides in the respectively
  right package. Closes: #335066
* Added debhelper tokens to maintainer scripts.
* xsession fixes:
  o Added host name to gpg-agent PID file name. Closes: #312717
  o Fixed xsession script to be able to run under zsh. Closes: #308516
  o Don't run gpg-agent if one is already running. Closes: #336480
* debian/control:
  o Fixed package description of gpgsm package. Closes: #299842
  o Added mention of gpg-agent to description of gnupg-agent package.
    Closes: #304355
* Thanks to Peter Eisentraut <petere@debian.org> for all of the above.

Author: Matthias Urlichs
Revision Date: 2005-04-07 10:13:19 UTC

* Move gpg-protect-tool to the gpgsm package.
  Closes: #303492.
  High urgency because this renders gpgsm unuseable for some people.
* gpg-agent: Override max-cache-ttl if a higher default is set.
  Closes: #302692.

Author: Andreas Mueller
Revision Date: 2005-03-29 10:30:32 UTC

removed libopensc1-dev builddepends for the move into main