Opened 4 years ago

Closed 4 years ago

#12821 closed enhancement (fixed)

gnupg-2.2.18 (CVE-2019-14855)

Reported by: Douglas R. Reno Owned by: blfs-book
Priority: high Milestone: 9.1
Component: BOOK Version: SVN
Severity: normal Keywords:


New point version

Noteworthy changes in version 2.2.18

  * gpg: Changed the way keys are detected on a smartcards; this
    allows the use of non-OpenPGP cards.  In the case of a not very
    likely regression the new option --use-only-openpgp-card is
    available.  [#4681]

  * gpg: The commands --full-gen-key and --quick-gen-key now allow
    direct key generation from supported cards.  [#4681]

  * gpg: Prepare against chosen-prefix SHA-1 collisions in key
    signatures.  This change removes all SHA-1 based key signature
    newer than 2019-01-19 from the web-of-trust.  Note that this
    includes all key signature created with dsa1024 keys.  The new
    option --allow-weak-key-signatues can be used to override the new
    and safer behaviour.  [#4755,CVE-2019-14855]

  * gpg: Improve performance for import of large keyblocks.  [#4592]

  * gpg: Implement a keybox compression run.  [#4644]

  * gpg: Show warnings from dirmngr about redirect and certificate
    problems (details require --verbose as usual).

  * gpg: Allow to pass the empty string for the passphrase if the
    '--passphase=' syntax is used.  [#4633]

  * gpg: Fix printing of the KDF object attributes.

  * gpg: Avoid surprises with --locate-external-key and certain
    --auto-key-locate settings.  [#4662]

  * gpg: Improve selection of best matching key.  [#4713]

  * gpg: Delete key binding signature when deletring a subkey.

  * gpg: Fix a potential loss of key sigantures during import with
    self-sigs-only active.  [#4628]

  * gpg: Silence "marked as ultimately trusted" diagnostics if
    option --quiet is used.  [#4634]

  * gpg: Silence some diagnostics during in key listsing even with
    option --verbose.  [#4627]

  * gpg, gpgsm: Change parsing of agent's pkdecrypt results.  [#4652]

  * gpgsm: Support AES-256 keys.

  * gpgsm: Fix a bug in triggering a keybox compression run if
    --faked-system-time is used.

  * dirmngr: System CA certificates are no longer used for the SKS
    pool if GNUTLS instead of NTBTLS is used as TLS library.  [#4594]

  * dirmngr: On Windows detect usability of IPv4 and IPv6 interfaces
    to avoid long timeouts.  [#4165]

  * scd: Fix BWI value for APDU level transfers to make Gemalto Ezio
    Shield and Trustica Cryptoucan work.  [#4654,#4566]

  * wkd: gpg-wks-client --install-key now installs the required policy


Change History (1)

comment:1 by Douglas R. Reno, 4 years ago

Resolution: fixed
Status: newclosed

Fixed at r22402

Note: See TracTickets for help on using tickets.