lp:ubuntu/saucy-security/gnupg
- Get this branch:
- bzr branch lp:ubuntu/saucy-security/gnupg
Branch merges
Branch information
Recent revisions
- 45. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via uncompressing garbled packets
- debian/patches/ CVE-2014- 4617.patch: limit number of extra bytes in
g10/compress.c.
- CVE-2014-4617 - 44. By Marc Deslauriers
-
* SECURITY UPDATE: RSA Key Extraction via Low-Bandwidth Acoustic
Cryptanalysis attack
- debian/patches/ CVE-2013- 4576.patch: Use blinding for the RSA secret
operation in cipher/random.*, cipher/rsa.c, g10/gpgv.c. Normalize the
MPIs used as input to secret key functions in cipher/dsa.c,
cipher/elgamal. c, cipher/rsa.c.
- CVE-2013-4576 - 43. By Marc Deslauriers
-
* SECURITY UPDATE: incorrect no-usage-permitted flag handling
- debian/patches/ CVE-2013- 4351.patch: correctly handle empty key flags
in g10/getkey.c, g10/keygen.c, include/cipher.h.
- CVE-2013-4351
* SECURITY UPDATE: denial of service via infinite recursion
- debian/patches/ CVE-2013- 4402.patch: set limits on number of filters
and nested packets in util/iobuf.c, g10/mainproc.c.
- CVE-2013-4402 - 42. By Colin Watson
-
* Resynchronise with Debian. Remaining changes:
- Disable mlock() test since it fails with ulimit 0 (on buildds).
- Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
- Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
- Remove the Win32 build. - 41. By Colin Watson
-
* Resynchronise with Debian. Remaining changes:
- Disable mlock() test since it fails with ulimit 0 (on buildds).
- Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
- Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
- Remove the Win32 build.
- Update config.guess/config. sub for aarch64. - 40. By Colin Watson
-
* Resynchronise with Debian. Remaining changes:
- Disable mlock() test since it fails with ulimit 0 (on buildds).
- Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
- Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
- Remove the Win32 build.
- Update config.guess/config. sub for aarch64.
* Dropped patches:
- Fix udeb build failure on powerpc, building with -O2 instead of -Os.
(No longer seems to be necessary.)
* Simplify removal of Win32 build, to make this easier to merge in future. - 38. By Marc Deslauriers
-
debian/
patches/ long-keyids. dpatch: Use the longest key ID available
when requesting a key from a key server.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/trusty/gnupg