gnupg2 (2.2.27-3ubuntu2.4) jammy-security; urgency=medium
* debian/patches/fix-key-validity-regression-due-to-CVE-2025-
30258.patch:
- Fix a key validity regression following patches for CVE-2025-30258,
causing trusted "certify-only" primary keys to be ignored when checking
signature on user IDs and computing key validity. This regression makes
imported keys signed by a trusted "certify-only" key have an unknown
validity (LP: #2114775).
-- dcpi <dcpi@u22vm> Wed, 25 Jun 2025 13:54:28 +0000
gnupg2 (2.2.27-3ubuntu2.3) jammy-security; urgency=medium
* SECURITY UPDATE: verification DoS via crafted subkey data
- debian/patches/CVE-2025-30258-1.patch: lookup key for merging/
inserting only by primary key in g10/getkey.c, g10/import.c,
g10/keydb.h.
- debian/patches/CVE-2025-30258-2.patch: remove a signature check
function wrapper in g10/mainproc.c, g10/packet.h, g10/sig-check.c.
- debian/patches/CVE-2025-30258-3.patch: fix a verification DoS due to
a malicious subkey in the keyring in g10/getkey.c, g10/keydb.h,
g10/mainproc.c, g10/packet.h, g10/sig-check.c, g10/pkclist.c.
- debian/patches/CVE-2025-30258-4.patch: fix regression for the recent
malicious subkey DoS fix in g10/getkey.c, g10/packet.h.
- debian/patches/CVE-2025-30258-5.patch: fix double free of internal
data in g10/sig-check.c.
- CVE-2025-30258
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 28 Mar 2025 13:39:15 -0400
gnupg2 (2.2.27-3ubuntu2.1) jammy-security; urgency=medium
* SECURITY UPDATE: signature forgery via injection into the status line
- debian/patches/CVE-2022-34903.patch: Fix garbled status messages in
NOTATION_DATA in g10/cpr.c.
- CVE-2022-34903
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 04 Jul 2022 12:17:43 -0400
gnupg2 (2.2.27-3ubuntu2) jammy; urgency=medium
* No-change rebuild for ppc64el baseline bump.
-- Ćukasz 'sil2100' Zemczak <lukasz.zemczak@ubuntu.com> Wed, 23 Mar 2022 14:55:24 +0100
gnupg2 (2.2.27-3ubuntu1) jammy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Drop the gpgv-win32 test
- Honor http_proxy= environment variables by default in the systemd
user session dirmngr service.
(debian/patches/dirmngr-honor-http-proxy.patch)
- Export GPG_AGENT_INFO in the systemd-environment-generator too.
- Don't declare diffutils as a test dependency, this package is
essential so always installed; and the dependency declaration breaks
cross-arch testing.
-- Steve Langasek <steve.langasek@ubuntu.com> Wed, 29 Dec 2021 15:59:57 -0800
gnupg2 (2.2.27-3) unstable; urgency=medium
* Avoid network interaction in generator. Closes: #993578
* Remove build dependency on librsvg2-bin. Closes: #993857
* Backport "Scd: Fix CCID driver for SCM SPR332/SPR532".
Closes: #982546
* Update watch file: Sticking to the 2.2 series for the time being
-- Christoph Biedl <debian.axhn@manchmal.in-ulm.de> Sat, 18 Dec 2021 14:04:20 +0100
gnupg2 (2.2.27-2ubuntu1) jammy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Drop the gpgv-win32 test
- Honor http_proxy= environment variables by default in the systemd
user session dirmngr service.
(debian/patches/dirmngr-honor-http-proxy.patch)
- Export GPG_AGENT_INFO in the systemd-environment-generator too.
- Don't declare diffutils as a test dependency, this package is
essential so always installed; and the dependency declaration breaks
cross-arch testing.
* Dropped changes, included upstream:
- d/p/dirmngr-handle-EAFNOSUPPORT-at-connect_server.patch:
Fix IPv6 connectivity for dirmngr.
-- Steve Langasek <steve.langasek@ubuntu.com> Mon, 01 Nov 2021 11:19:52 -0700
gnupg2 (2.2.27-2) unstable; urgency=medium
* Add a NEWS entry about the end of support for ~/.gnupg/options.
Closes: #985158
-- Christoph Biedl <debian.axhn@manchmal.in-ulm.de> Thu, 22 Apr 2021 20:40:36 +0200
gnupg2 (2.2.27-1) unstable; urgency=medium
[ NIIBE Yutaka ]
* New upstream release.
[ Christoph Biedl ]
* Tighten libgcrypt and libksba dependency
[ Daniel Kahn Gillmor ]
* change debian packaging branch name to debian/main
* refresh patches using gbp pq
* point to upstream commit used to improve spawning reliability
* Refresh 3072-bit default patch
* standards-version: bump to 4.5.1 (no changes needed)
* dh: bump to dh 13
* clean up lintian overrides
* fully drop symcryptrun
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 08 Feb 2021 17:57:00 -0500
gnupg2 (2.2.26-1) UNRELEASED; urgency=medium
[ Jeremiah C. Foster ]
* debian/scdaemon.udev: Add an entry for Librem Key.
[ NIIBE Yutaka ]
* New upstream release.
* refresh patches.
* debian/rules: Add build for regexp.
* debian/gnupg-utils.install: Remove /usr/bin/symcryptrun.
Fix for gpgsplit, which is changed in upstream from 'noinst'.
* debian/patches/gpg-change-agent-spawn-2019-07-24-v2.patch: New patch to
fix a race condition, backported from master (Closes: #868550, #972525).
* debian/scdaemon.udev: Add a generic entry for "Gnuk Token" and another
for GnuPG e.V.
* org.gnupg.scdaemon.metainfo.xml: Add an entry for GnuPG e.V.
-- NIIBE Yutaka <gniibe@fsij.org> Thu, 07 Jan 2021 09:07:21 +0900
# For older changelog entries, run 'apt-get changelog gnupg-utils'
Generated by dwww version 1.14 on Tue Aug 26 21:19:36 CEST 2025.