Hello community, here is the log from the commit of package gpg2 for openSUSE:Factory checked in at 2014-06-25 21:19:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gpg2 (Old) and /work/SRC/openSUSE:Factory/.gpg2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "gpg2" Changes: -------- --- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes 2014-06-18 10:59:13.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes 2014-06-25 21:20:02.000000000 +0200 @@ -1,0 +2,18 @@ +Tue Jun 24 22:25:12 UTC 2014 - andreas.stieger@gmx.de + +- update to 2.0.24 + Contains a security fix to stop a possible DoS using garbled + compressed data packets which can be used to put gpg into an + infinite loop. [bnc#884130] [CVE-2014-4617] + * gpg: Avoid DoS due to garbled compressed data packets. +- further: + * gpg: Screen keyserver responses to avoid importing unwanted + keys from rogue servers. + * gpg: The validity of user ids is now shown by default. To + revert this add "list-options no-show-uid-validity" to gpg.conf + * gpg: Print more specific reason codes with the INV_RECP status. + * gpg: Allow loading of a cert only key to an OpenPGP card. + * gpg-agent: Make ssh support for ECDSA keys work with Libgcrypt + 1.6. + +------------------------------------------------------------------- Old: ---- gnupg-2.0.23.tar.bz2 gnupg-2.0.23.tar.bz2.sig New: ---- gnupg-2.0.24.tar.bz2 gnupg-2.0.24.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gpg2.spec ++++++ --- /var/tmp/diff_new_pack.leYkxV/_old 2014-06-25 21:20:04.000000000 +0200 +++ /var/tmp/diff_new_pack.leYkxV/_new 2014-06-25 21:20:04.000000000 +0200 @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.0.23 +Version: 2.0.24 Release: 0 BuildRequires: automake >= 1.10 BuildRequires: expect ++++++ gnupg-2.0.23.tar.bz2 -> gnupg-2.0.24.tar.bz2 ++++++ ++++ 52425 lines of diff (skipped) ++++++ gpg2.keyring ++++++ --- /var/tmp/diff_new_pack.leYkxV/_old 2014-06-25 21:20:06.000000000 +0200 +++ /var/tmp/diff_new_pack.leYkxV/_new 2014-06-25 21:20:06.000000000 +0200 @@ -7,7 +7,7 @@ <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> <meta name="title" content="GnuPG - Signature Key"/> <meta name="generator" content="Org-mode"/> -<meta name="generated" content="򳢛"/> +<meta name="generated" content="򳢰"/> <meta name="author" content="Werner Koch"/> <meta name="description" content=""/> <meta name="keywords" content=""/> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org