Navigation:
Browse pkgsrc
(this page)
security gnupg
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2015-03-09 20:06:32 by Matthias Scheler | Files touched by this commit (3) |  |
Log message:
Pullup ticket #4635 - requested by he
security/gnupg: security update
Revisions pulled up:
- security/gnupg/Makefile 1.128
- security/gnupg/PLIST 1.28
- security/gnupg/distinfo 1.66
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Feb 28 00:13:25 UTC 2015
Modified Files:
pkgsrc/security/gnupg: Makefile PLIST distinfo
Log message:
Update to 1.4.19:
Noteworthy changes in version 1.4.19 (2015-02-27)
-------------------------------------------------
* Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
* Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical].
* Detect faulty use of --verify on detached signatures.
* Changed the PKA method to use CERT records and hashed names.
* New import option "keep-ownertrust".
* Support algorithm names when generating keys using the --command-fd
method.
* Updated many translations.
* Updated build system.
* Fixed a regression in keyserver import
* Fixed argument parsing for option --debug-level.
* Fixed DoS based on bogus and overlong key packets.
* Fixed bugs related to bogus keyrings.
* The usual minor minor bug fixes.
|
New packages: