security/gnupg update

To: tech-pkg%NetBSD.org@localhost
Subject: security/gnupg update
From: Ryo ONODERA <ryo_on%yk.rim.or.jp@localhost>
Date: Tue, 22 Dec 2015 02:16:01 +0900 (JST)

Hi,

GnuPG 1.4.20 is released. It has fixes for DoS and errors.
Can I update security/gnupg?

From NEWS:
Noteworthy changes in version 1.4.20 (2015-12-20)
-------------------------------------------------

 * Reject signatures made using the MD5 hash algorithm unless the
   new option --allow-weak-digest-algos or --pgp2 are given.

 * New option --weak-digest to specify hash algorithms which
   should be considered weak.

 * Changed default cipher for symmetric-only encryption to AES-128.

 * Fix for DoS when importing certain garbled secret keys.

 * Improved error reporting for secret subkey w/o corresponding public
   subkey.

 * Improved error reporting in decryption due to wrong algorithm.

 * Fix cluttering of stdout with trustdb info in double verbose mode.

 * Pass a DBUS envvar to gpg-agent for use by gnome-keyring.

--
Ryo ONODERA // ryo_on%yk.rim.or.jp@localhost
PGP fingerprint = 82A2 DC91 76E0 A10A 8ABB  FD1B F404 27FA C7D1 15F3

Follow-Ups:
- Re: security/gnupg update
  - From: Greg Troxel

Prev by Date: Re: Permission to commit to lang/go14 and lang/go during the freeze
Next by Date: Re: security/gnupg update
Previous by Thread: Permission to commit to lang/go14 and lang/go during the freeze
Next by Thread: Re: security/gnupg update
Indexes:

Home | Main Index | Thread Index | Old Index