diff options
| author | David Shaw <[email protected]> | 2006-12-03 04:54:21 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2006-12-03 04:54:21 +0000 |
| commit | 69f73dddd992261748110b3ec9ba72ce5441374c (patch) | |
| tree | 9c807c057e4d8f61d60121b9e5d5d5c623da630f | |
| parent | * options.h, gpg.c (main), passphrase.c (passphrase_to_dek): Add (diff) | |
| download | gnupg-69f73dddd992261748110b3ec9ba72ce5441374c.tar.gz gnupg-69f73dddd992261748110b3ec9ba72ce5441374c.zip | |
* NEWS: Note the CVE for bug#728, --s2k-count, --passphrase-repeat,
and the OpenSSL exception.
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | NEWS | 23 |
2 files changed, 25 insertions, 3 deletions
@@ -1,3 +1,8 @@ +2006-12-02 David Shaw <[email protected]> + + * NEWS: Note the CVE for bug#728, --s2k-count, + --passphrase-repeat, and the OpenSSL exception. + 2006-11-29 Werner Koch <[email protected]> Released 1.4.6rc1. @@ -2,9 +2,26 @@ Noteworthy changes in version 1.4.6 ------------------------------------------------ * Fixed a bug while decrypting certain compressed and encrypted - messages. See http://bugs.gnupg.org/537 . + messages. [bug#537] - * Fixed a buffer overflow in gpg2. [bug#728] + * Fixed a buffer overflow in gpg. [bug#728, CVE-2006-6169] + + * Added --s2k-count to set the number of times passphrase mangling + is repeated. The default is 65536 times. + + * Added --passphrase-repeat to set the number of times GPG will + prompt for a new passphrase to be repeated. This is useful to + help memorize a new passphrase. The default is 1 repetition. + + * Added a GPL license exception to the keyserver helper programs + gpgkeys_ldap, gpgkeys_curl, and gpgkeys_hkp, to clarify any + potential questions about the ability to distribute binaries + that link to the OpenSSL library. GnuPG does not link directly + to OpenSSL, but libcurl (used for HKP, HTTP, and FTP) and + OpenLDAP (used for LDAP) may. Note that this license exception + is considered a bug fix and is intended to forgive any + violations pertaining to this issue, including those that may + have occurred in the past. Noteworthy changes in version 1.4.5 (2006-08-01) @@ -24,7 +41,7 @@ Noteworthy changes in version 1.4.5 (2006-08-01) Noteworthy changes in version 1.4.4 (2006-06-25) ------------------------------------------------ - * User IDs are now capped at 2048 byte. This avoids a memory + * User IDs are now capped at 2048 bytes. This avoids a memory allocation attack (see CVE-2006-3082). * Added support for the SHA-224 hash. Like the SHA-384 hash, it |