[Bug 1435397] Re: Please backprt sks 1.1.5-1ubuntu2 release, from Ubuntu 14.10 to 14.04 LTS

Micah Gersten launchpad at micahscomputing.com
Mon Jun 8 21:42:01 UTC 2015 

** Description changed:

  Binary package hint: sks
  
  Since sks servers running versions < 1.15 will not be included within
  sks.keyserver pool
  
  attached is the changelog between 1.1.4 to 1.1.5 from
  https://bitbucket.org/skskeyserver/sks-
  keyserver/src/40280f59d0f503da1326972757168aa42335573f/CHANGELOG?at=default
  
  Maybe it is also kind of security related due to  CVE-2014-3207
  
  Thanx in advance
  
+ 1.1.5
+   - Fixes for machine-readable indices. Key expiration times are now read
+     from self-signatures on the key's UIDs. In addition, instead of 8-digit
+     key IDs, index entries now return the most specific key ID possible:
+     16-digit key ID for V3 keys, and the full fingerprint for V4 keys.
+   - Add metadata information (number of keys, number of files,
+     checksums, etc) to key dump. This allows for information on the
+     key dump ahead of download/import, and direct verification of checksums
+     using md5sum -c <metadata-file>.
+   - Replaced occurrances of the deprecated operator 'or' with '||' (BB issue #2)
+   - Upgraded to cryptlib-1.7 and own changes are now packaged as separate
+     patches that is installed during 'make'. Added the SHA-3 algorithm, Keccak
+   - Option max_matches was setting max_internal_matches. Fixed (BB issue #4)
+   - op=hget now supports option=mr for completeness (BB issue #17)
+   - Add CORS header to web server responses. Allows JavaScript code to
+     interact with keyservers, for example the OpenPGP.js project.
+   - Change the default hkp_address and recon_address to making the
+     default configuration support IPv6. (Requires OCaml 3.11.0 or newer)
+   - Only use '-warn-error A' if the source is marked as development as per
+     the version suffix (+) (part of BB Issue #2)
+   - Reduce logging verbosity for debug level lower than 6 for (i) bad requests,
+     and (ii) no results found (removal of HTTP headers in log) (BB Issue #13)
+   - Add additional OIDs for ECC RFC6637 style implementations
+     (brainpool and secp256k1) (BB Issue #25) and fix issue for 32 bit arches.
+   - Fix a non-persistent cross-site scripting possibility resulting from
+     improper input sanitation before writing to client. (BB Issue #26 | CVE-2014-3207)
  
- 1.1.5
-   - Fixes for machine-readable indices. Key expiration times are now read
-     from self-signatures on the key's UIDs. In addition, instead of 8-digit
-     key IDs, index entries now return the most specific key ID possible:
-     16-digit key ID for V3 keys, and the full fingerprint for V4 keys.
-   - Add metadata information (number of keys, number of files, 
-     checksums, etc) to key dump. This allows for information on the
-     key dump ahead of download/import, and direct verification of checksums
-     using md5sum -c <metadata-file>.  
-   - Replaced occurrances of the deprecated operator 'or' with '||' (BB issue #2)
-   - Upgraded to cryptlib-1.7 and own changes are now packaged as separate 
-     patches that is installed during 'make'. Added the SHA-3 algorithm, Keccak
-   - Option max_matches was setting max_internal_matches. Fixed (BB issue #4)
-   - op=hget now supports option=mr for completeness (BB issue #17)
-   - Add CORS header to web server responses. Allows JavaScript code to
-     interact with keyservers, for example the OpenPGP.js project.
-   - Change the default hkp_address and recon_address to making the 
-     default configuration support IPv6. (Requires OCaml 3.11.0 or newer)
-   - Only use '-warn-error A' if the source is marked as development as per
-     the version suffix (+) (part of BB Issue #2)
-   - Reduce logging verbosity for debug level lower than 6 for (i) bad requests, 
-     and (ii) no results found (removal of HTTP headers in log) (BB Issue #13)
-   - Add additional OIDs for ECC RFC6637 style implementations
-     (brainpool and secp256k1) (BB Issue #25) and fix issue for 32 bit arches.
-   - Fix a non-persistent cross-site scripting possibility resulting from 
-     improper input sanitation before writing to client. (BB Issue #26 | CVE-2014-3207)
+ Testing:
+ ========
+ Mark off items in the checklist [X] as you test them, but please leave the checklist so that backporters can quickly evaluate the state of testing.
+ 
+ You can test-build the backport in your PPA with backportpackage:
+ $ backportpackage -u ppa:<lp username>/<ppa name> -s utopic -d trusty sks
+ 
+ * trusty:
+ [ ] Package builds without modification
+ [ ] sks installs cleanly and runs

-- 
You received this bug notification because you are a member of Ubuntu
Backporters, which is subscribed to trusty-backports.
Matching subscriptions: ubuntu-backporters
https://bugs.launchpad.net/bugs/1435397

Title:
  Please backprt sks 1.1.5-1ubuntu2 release, from Ubuntu 14.10 to 14.04
  LTS

To manage notifications about this bug go to:
https://bugs.launchpad.net/trusty-backports/+bug/1435397/+subscriptions

More information about the ubuntu-backports mailing list