[svn] GnuPG - r4358 - branches/STABLE-BRANCH-1-4

svn author dshaw cvs at cvs.gnupg.org
Sun Dec 3 05:54:22 CET 2006


Author: dshaw
Date: 2006-12-03 05:54:21 +0100 (Sun, 03 Dec 2006)
New Revision: 4358

Modified:
   branches/STABLE-BRANCH-1-4/ChangeLog
   branches/STABLE-BRANCH-1-4/NEWS
Log:
* NEWS: Note the CVE for bug#728, --s2k-count, --passphrase-repeat,
and the OpenSSL exception.


Modified: branches/STABLE-BRANCH-1-4/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/ChangeLog	2006-12-03 04:48:42 UTC (rev 4357)
+++ branches/STABLE-BRANCH-1-4/ChangeLog	2006-12-03 04:54:21 UTC (rev 4358)
@@ -1,3 +1,8 @@
+2006-12-02  David Shaw  <dshaw at jabberwocky.com>
+
+	* NEWS: Note the CVE for bug#728, --s2k-count,
+	--passphrase-repeat, and the OpenSSL exception.
+
 2006-11-29  Werner Koch  <wk at g10code.com>
 
 	Released 1.4.6rc1.

Modified: branches/STABLE-BRANCH-1-4/NEWS
===================================================================
--- branches/STABLE-BRANCH-1-4/NEWS	2006-12-03 04:48:42 UTC (rev 4357)
+++ branches/STABLE-BRANCH-1-4/NEWS	2006-12-03 04:54:21 UTC (rev 4358)
@@ -2,11 +2,28 @@
 ------------------------------------------------
 
     * Fixed a bug while decrypting certain compressed and encrypted
-      messages. See http://bugs.gnupg.org/537 .
+      messages. [bug#537]
  
-    * Fixed a buffer overflow in gpg2. [bug#728]
+    * Fixed a buffer overflow in gpg. [bug#728, CVE-2006-6169]
 
+    * Added --s2k-count to set the number of times passphrase mangling
+      is repeated.  The default is 65536 times.
 
+    * Added --passphrase-repeat to set the number of times GPG will
+      prompt for a new passphrase to be repeated.  This is useful to
+      help memorize a new passphrase.  The default is 1 repetition.
+
+    * Added a GPL license exception to the keyserver helper programs
+      gpgkeys_ldap, gpgkeys_curl, and gpgkeys_hkp, to clarify any
+      potential questions about the ability to distribute binaries
+      that link to the OpenSSL library.  GnuPG does not link directly
+      to OpenSSL, but libcurl (used for HKP, HTTP, and FTP) and
+      OpenLDAP (used for LDAP) may.  Note that this license exception
+      is considered a bug fix and is intended to forgive any
+      violations pertaining to this issue, including those that may
+      have occurred in the past.
+
+
 Noteworthy changes in version 1.4.5 (2006-08-01)
 ------------------------------------------------
 
@@ -24,7 +41,7 @@
 Noteworthy changes in version 1.4.4 (2006-06-25)
 ------------------------------------------------
 
-    * User IDs are now capped at 2048 byte.  This avoids a memory
+    * User IDs are now capped at 2048 bytes.  This avoids a memory
       allocation attack (see CVE-2006-3082).
 
     * Added support for the SHA-224 hash.  Like the SHA-384 hash, it




More information about the Gnupg-commits mailing list