From 8ae6a246bef5b5eb0684e9fb1c933a4f8441dadd Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 11 Jun 2018 10:36:00 +0200
Subject: [PATCH] Release 1.4.23

---
 NEWS   | 18 +++++++++++++++++-
 README | 26 +++++++++++++++++++++++---
 2 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/NEWS b/NEWS
index 3587933f3..3543e6b8d 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,22 @@
-Noteworthy changes in version 1.4.23 (unreleased)
+Noteworthy changes in version 1.4.23 (2018-06-11)
 -------------------------------------------------
 
+ * gpg: Sanitize the diagnostic output of the original file name in
+   verbose mode.  [#4012,CVE-2018-12020]
+
+ * Does not push the compress-filter if not needed.  [#3898]
+
+ * Fix the regexp sanitation. [#2923]
+
+ * Fix the accidental use of a C99 feature.
+
+ * Does not try to use the removed /dev/srandom device on OpenBSD.
+
+ * Updated the Danish, Dutch and Spansih translations.
+
+ Release info at <https://dev.gnupg.org/T4015>.
+
+
 Noteworthy changes in version 1.4.22 (2017-07-19)
 -------------------------------------------------
 
diff --git a/README b/README
index 460e2db39..1b5be62ff 100644
--- a/README
+++ b/README
@@ -1,10 +1,10 @@
 
 		    GnuPG - The GNU Privacy Guard
 		   -------------------------------
-                            Version 1.4.22
+                            Version 1.4.23
 
-	 Copyright 1998-2017 Free Software Foundation, Inc.
-         Copyright 1997-2017 Werner Koch
+	 Copyright 1998-2018 Free Software Foundation, Inc.
+         Copyright 1997-2018 Werner Koch
 
     This file is free software; as a special exception the author
     gives unlimited permission to copy and/or distribute it, with or
@@ -15,6 +15,26 @@
     the implied warranty of MERCHANTABILITY or FITNESS FOR A
     PARTICULAR PURPOSE.
 
+    Warning
+    -------
+
+    This version is from a legacy branch of GnuPG.  We provide this
+    version only for two purposes:
+
+     - To decrypt and verify old messages created using PGP-2 keys.
+       Due to security problems with PGP-2 keys, these keys are not
+       anymore supported by the current stable GnuPG versions.
+
+     - For ancient pre-POSIX platforms which are not capable of
+       building the modern GnuPG-2.
+
+    Although there are no plans to stop basic maintenance of the 1.4
+    branch, it will not see any updates except for severe security
+    problems.  Side-channel attacks and the like won't be fixed in
+    this branch.  It is strongly suggested to migrate to the current
+    stable GnuPG version and - if at all needed - use the 1.4 version
+    only for the above listed purposes.
+
 
     Intro
     -----