Change log for gnupg2 package in Debian

gnupg2 (2.0.26-3) unstable; urgency=medium


  * fix typo in gpg.info (closes: #760273)
  * drop versioned Build-Conflicts on automake by setting environment
    variables in debian/rules
  * ship /usr/bin/gpgparsemail (closes: #760575)
  * warn but don't fail when scdaemon options are in ~/.gnupg/gpg.conf
    (closes: #762844)
  * do not break on --trust-model=always (closes: #751266)
  * document that doc/OpenPGP is not actually an RFC, but just refers to
    one (closes: #745410)
  * Bump Standards-Version to 3.9.6 (no changes needed)

 -- Daniel Kahn Gillmor <email address hidden>  Tue, 30 Sep 2014 23:39:15 -0400

gnupg2 (2.0.26-2) unstable; urgency=medium


  * ignore emacs turds in debian/
  * update Vcs fields
  * move package to group maintenance
  * wrap-and-sort cleanup of debian/*

 -- Daniel Kahn Gillmor <email address hidden>  Thu, 28 Aug 2014 11:42:18 -0700

gnupg2 (2.0.26-1) unstable; urgency=medium


  * New upstream release.
  * debian/control: Suggest parcimonie. Thanks ilf. (Closes: #752261)

 -- Eric Dorland <email address hidden>  Tue, 19 Aug 2014 18:09:08 -0400

gnupg2 (2.0.25-2) unstable; urgency=medium


  * debian/control: Switch to libgcrypt20-dev (aka 1.6 release).

 -- Eric Dorland <email address hidden>  Fri, 08 Aug 2014 14:12:05 -0400

gnupg2 (2.0.19-2+deb7u2) wheezy-security; urgency=high


  * debian/patches/06-cve-2014-4617.diff: Fixes CVE-2014-4617 "infinite
    loop when decompressing data packets". (Closes: #752498)

 -- Eric Dorland <email address hidden>  Thu, 26 Jun 2014 00:30:48 -0400

gnupg2 (2.0.25-1) unstable; urgency=medium


  * New upstream release.

 -- Eric Dorland <email address hidden>  Mon, 30 Jun 2014 13:10:04 -0400

gnupg2 (2.0.24-1) unstable; urgency=high


  * New upstream release. Fixes CVE-2014-4617 "infinite loop when
    decompressing data packets". (Closes: #752498)
  * debian/patches/02-gpgv2-dont-link-libassuan.diff: Drop, now
    upstreamed.

 -- Eric Dorland <email address hidden>  Wed, 25 Jun 2014 00:11:19 -0400

gnupg2 (2.0.23-1) unstable; urgency=medium


  * New upstream release.
  * debian/upstream/signing-key.asc: Rename upstream-signing-key.pgp to
    the new, supported name.
  * debian/control: Restore versioned conflict against gpg-idea. (Closes:
    #733984)
  * debian/control: Add Recommends on dirmngr for gpgsm. (Closes: #683579)

 -- Eric Dorland <email address hidden>  Sun, 08 Jun 2014 19:20:17 -0400

gnupg2 (2.0.14-2+squeeze2) squeeze-security; urgency=low


  * debian/patches/{05-cve-2013-4402_p1.diff,06-cve-2013-4402_p2.diff}:
    Fix for CVE-2013-4402, "infinite recursion in the compressed packet
    parser". (Closes: #725433)
  * debian/patches/07-cve-2013-4351.diff: Fix for CVE-2013-4351, "treats
    no-usage-permitted keys as all-usages-permitted". (Closes: #722724)

 -- Eric Dorland <email address hidden>  Tue, 08 Oct 2013 18:27:16 -0400

gnupg2 (2.0.22-3) unstable; urgency=low


  * debian/watch, debian/upstream-signing-key.pgp: Add upstream signing
    key for uscan verification.
  * debian/kbxutil.1, debian/rules: Add better description and regenerate
    the manpage.
  * debian/control: Remove version on gpg-idea conflict, add missing
    Breaks for gpgsm and convert Conflicts to Breaks for gpgv2.
  * debian/control: Move gnupg-agent to Depends for gpgsm instead of
    Replaces (which in turn should have been Recommends).
  * debian/control: Standards-Version to 3.9.5.
  * debian/copyright: Switch to a shiny DEP-5 copyright file.

 -- Eric Dorland <email address hidden>  Wed, 01 Jan 2014 22:56:56 -0500

gnupg2 (2.0.19-2+deb7u1) wheezy-security; urgency=high


  * debian/patches/{03-cve-2013-4402_p1.diff,04-cve-2013-4402_p2.diff}:
    Fix for CVE-2013-4402, "infinite recursion in the compressed packet
    parser". (Closes: #725433)
  * debian/patches/05-cve-2013-4351.diff: Fix for CVE-2013-4351, "treats
    no-usage-permitted keys as all-usages-permitted". (Closes: #722724)

 -- Eric Dorland <email address hidden>  Tue, 08 Oct 2013 02:04:01 -0400

gnupg2 (2.0.22-2) unstable; urgency=low


  * debian/control: Fix Build-Conflicts on newer automakes. Thanks Chris
    Boot. (Closes: #726015)
  * debian/control: IDEA is no longer patented, drop its metion from the
    description. Thanks brian m. carlson. (Closes: #726139)
  * debian/rules: Disable the test suite on mips and mipsel to work around
    Bug:#730846.

 -- Eric Dorland <email address hidden>  Sat, 30 Nov 2013 23:47:56 -0500

gnupg2 (2.0.22-1) unstable; urgency=low


  * New upstream version. Fixes CVE-2013-4402 and CVE-2013-4351. (Closes:
    #725433, #722724)
  * debian/gnupg2.install: Install gnupg-card-architecture.png for the
    info file.

 -- Eric Dorland <email address hidden>  Sat, 05 Oct 2013 17:45:28 -0400

gnupg2 (2.0.21-2) unstable; urgency=low


  * debian/rules, debian/gnupg2.install: Switch libexecdir to
    /usr/lib/gnupg2 to install helper binaries to a non-multiarch specific
    location. (Closes: #717303)
  * debian/control, debian/gpgv2.install: Split out gpgv2 into its own
    package.
  * debian/control, debian/gnupg2.install, debian/kbxutil.1: Add rule and
    manpage for kbxutil using help2man. (Closes: #323494)
  * debian/patches/02-gpgv2-dont-link-libassuan.diff: Don't link gpgv2
    against libassuan as it's not used.
  * debian/rules: Install changelog for gpgv2.

 -- Eric Dorland <email address hidden>  Sun, 01 Sep 2013 00:42:16 -0400

gnupg2 (2.0.21-1) unstable; urgency=low


  * New upstream release. (Closes: #613465, #720369)
  * debian/patches/01-gnupg2-rename.diff: Refresh patch.
  * debian/control: Fix Vcs-Git path.
  * debian/control: Now depends on libgpg-error >= 1.11.
  * debian/control: Build-Depends on automake1.11 since the test suite
    fails on newer versions. (Closes: #713287)
  * debian/control: Also need a Build-Conflicts on automake (<= 1.12).

 -- Eric Dorland <email address hidden>  Sat, 24 Aug 2013 20:33:19 -0400

gnupg2 (2.0.20-1) unstable; urgency=low


  * New upstream release. (Closes: #691237, #583893)
  * debian/patches/02-cve-2012-6085.diff: Remove, merged upstream.
  * debian/control: Upgrade Standards-Version to 3.9.4.
  * debian/compat, debian/control: Upgrade to debhelper v9.
  * debian/control, debian/rules: Drop hardening-wrapper, now that we use
    debhelper v9.
  * debian/scdaemon.install: scdaemon has moved under $libexecdir.
  * debian/control: Tighten dependency on scdaemon.
  * debian/rules: Turn on all hardening options.
  * debian/patches/01-gnupg2-rename.diff: Refresh patch.
  * debian/gnupg-agent.install, debian/gnupg2.install,
    debian/scdaemon.install: Fix /usr/lib paths for multi-arch.
  * debian/rules: Pass ${pkglibdir} to --libexecdir since dh v9 passes
    ${libdir} by default.

 -- Eric Dorland <email address hidden>  Sat, 11 May 2013 18:28:57 -0400

gnupg2 (2.0.14-2+squeeze1) stable-security; urgency=high


  * debian/patches/04-cve-2012-6085.diff: Patch from upstream to fix
    CVE-2012-6085, "gnupg key import memory corruption". (Closes: #697251)
  * debian/rules: Remove linking of config.{guess,sub} and creation of the
    version file on clean that breaks newer dpkg-source.

 -- Eric Dorland <email address hidden>  Sat, 05 Jan 2013 00:28:47 -0500

gnupg2 (2.0.19-2) unstable; urgency=high


  * debian/patches/02-cve-2012-6085.diff: Patch from upstream to fix
    CVE-2012-6085, "gnupg key import memory corruption". (Closes: #697251)
  * debian/control: Use canonical addresses for VCS.
  * debian/control: Fix scdaemon short description.

 -- Eric Dorland <email address hidden>  Fri, 04 Jan 2013 00:56:52 -0500

gnupg2 (2.0.19-1) unstable; urgency=low


  * New upstream release. (Closes: #666092)
  * debian/control: Add Multi-Arch: foreign to all packages.
  * debian/rules: Update ChangeLog locations.

 -- Eric Dorland <email address hidden>  Sat, 31 Mar 2012 01:06:02 -0400

Available diffs

• diff from 2.0.17-2 to 2.0.19-1 (1.3 MiB)

gnupg2 (2.0.18-2) unstable; urgency=low


  * debian/control, debian/gpgsm.install, debian/scdaemon.install: Add a
    separate package for the scdaemon. (Closes: #416129)
  * debian/control, debian/gpgsm.install, debian/gnupg2.install,
    gnupg-agent.install: Move gpg-preset-passphrase and gpg-protect-tool
    into the gnupg-agent.
  * debian/control: Upgrade Standards-Version to 3.9.2.
  * debian/rules: Install ChangeLog for new scdaemon package.

 -- Eric Dorland <email address hidden>  Sat, 15 Oct 2011 20:21:35 -0400

gnupg2 (2.0.18-1) unstable; urgency=low


  * New upstream release. (Closes: #635206)
  * debian/copyright: Update ftp location. (Closes: #624404)
  * debian/patches/01-gnupg2-rename.diff: Refresh patch.

 -- Eric Dorland <email address hidden>  Tue, 30 Aug 2011 03:43:20 -0400

gnupg2 (2.0.17-2) unstable; urgency=low
  * debian/control: Add dependency on dpkg (>= 1.15.4) | install-info for    info install trigger.  * debian/control, debian/rules: Use debian build hardening. -- Eric Dorland <email address hidden>  Sun, 13 Feb 2011 16:33:17 -0500

gnupg2 (2.0.17-1) unstable; urgency=low
  * New upstream release. (Closes: #584316, #603985, #603983, #603984)  * debian/patches/02-encode-s2k.diff,    debian/patches/03-gpgsm-realloc.diff, debian/patches/series: Drop now    unneeded security patches.  * debian/rules, debian/patches/01-gnupg2-rename.diff,    debian/gnupg2.info, debian/gnupg2.install: No need to rename the info    file anymore.  * debian/patches/01-gnupg2-rename.diff: Rename the autoconf package for    better renaming of pkg directories. (Closes: #579006)  * debian/control, debian/compat: Upgrade to debhelper level 8.  * debian/control:    - Upgrade Standards-Version to 3.9.1.    - Update Build-Depends versions for the latest release.  * debian/gnupg2.install: Add the applygnupgdefaults command. (Closes:    #567537)  * debian/gnupg2.docs: doc/faq.html no longer exists. -- Eric Dorland <email address hidden>  Sun, 13 Feb 2011 16:06:41 -0500

gnupg2 (2.0.9-3.1+lenny1) stable-security; urgency=medium


  * Apply patch from Werner Koch to fix a use-after-free issue in
    certificate parsing.

 -- Florian Weimer <email address hidden>  Fri, 23 Jul 2010 21:22:34 +0200

gnupg2 (2.0.14-2) unstable; urgency=low


  * debian/*.lintian, debian/*.lintian-overrides, debian/rules: Rename
    lintian files and use dh_lintian instead of shell snippets.
  * debian/source/patch-header, debian/source/options: Delete patch header
    and remove single-debian-patch option.
  * debian/patches/01-gnupg2-rename.diff: Move patch to do the necessary
    renaming of gnupg -> gnupg2 in a quilt patch.
  * debian/patches/02-encode-s2k.diff: Added patch to fix passphrase
    problem in gpgsm. Thanks Martijn van Brummelen for the NMU to fix this
    problem in 2.0.14-1.1.
  * debian/patches/03-gpgsm-realloc.diff: Fix for "Realloc Bug with X.509
    certificates" for gpgsm. (Closes: #590122)
  * debian/rules, debian/control: Use dh-autoreconf and autopoint to
    regenerate autotools files at build time.

 -- Eric Dorland <email address hidden>  Sun, 25 Jul 2010 02:16:42 -0400

gnupg2 (2.0.14-1.1) unstable; urgency=low


  * Non-maintainer upload.
  * Added encode-s2k.patch(Encode the s2kcount and do not use a
    static value of 96.(thanks to Werner Koch) (closes: #567926).

 -- Martijn van Brummelen <email address hidden>  Fri, 07 May 2010 06:23:55 +0200

gnupg2 (2.0.14-1) unstable; urgency=low


  * New upstream release.
  * debian/control: Build depend on libreadline-dev instead of
    libreadline5-dev, since libreadline6-dev is out. (Closes: #548922)
  * debian/source/format, debian/source/options,
    debian/source/patch-header: Convert to v3 quilt format, with
    single-debian-patch.
  * debian/control: Tighten dependency on gnupg-agent. (Closes: #551792)

 -- Eric Dorland <email address hidden>  Sat, 09 Jan 2010 21:15:18 -0500

gnupg2 (2.0.13-1) unstable; urgency=low


  * New upstream release.
  * debian/control: Depend instead of Recommend gnupg-agent. (Closes:
    #538947)

 -- Eric Dorland <email address hidden>  Mon, 07 Sep 2009 20:38:23 -0400

gnupg2 (2.0.12-1) unstable; urgency=low


  * New upstream release. (Closes: #499569, #463270, #446494, #314068, 
    #519375, #514587)
  * debian/control: Change build dependency on gs to ghoscript, since
    ghoscript has been replaced.
  * debian/compat: Use debhelper v7.
  * debian/control: Update Standards-Version to 3.8.2.
  * debian/control: Use ${misc:Depends}.
  * configure.ac: Override pkgdatadir so that it points to
    /usr/share/gnupg2. (Closes: #528734)
  * debian/rules: No longer need to specify pkgdatadir at make install
    time.

 -- Eric Dorland <email address hidden>  Sun, 23 Aug 2009 20:48:11 -0400

gnupg2 (2.0.11-1) unstable; urgency=low


  * New upstream release. (Closes: #496663)
  * debian/control: Make the description a little more distinctive than
    gnupg v1's. Thanks Jari Aalto. (Closes: #496323)

 -- Eric Dorland <email address hidden>  Sun, 08 Mar 2009 22:46:47 -0400

gnupg2 (2.0.9-3.1) unstable; urgency=low


  * Non-maintainer upload.
  * agent/gpg-agent.c: Deinit the threading library before exec'ing
    the command to run in --daemon mode. And because that still doesn't
    restore the sigprocmask, do that manually. Closes: #499569

 -- Thomas Viehmann <email address hidden>  Sat, 04 Oct 2008 10:25:53 +0200