From rmartini at iis.com.br Mon Oct 9 04:52:26 2000 From: rmartini at iis.com.br (rmartini@iis.com.br) Date: Wed Feb 23 12:43:30 2005 Subject: No subject Message-ID: <200010090152.WAA17992@mail.iis.com.br> "GnuPG for Unix"' - Updated http://gnupg.unixsecurity.com.br rmartini@cipsga.org.br October 2000. The new packages for Solaris 7 or 8 (IA, just now) are available: GnuPG version 1.0.3 These Pkgadd packages are ready to install and runs. ***************************************************************** Others packages (resume): SCO Unix: OpenServer 5.0.x - GnuPG v.1.0.1 UnixWare 7 - GnuPG v.1.0.2 and 1.0.3 (with EGD) Silicon IRIX: GnuPG v.1.0.2 FreeBSD (intel): GnuPG v.1.0.1 and 1.0.2 Sun Solaris: IA - GnuPG v.1.0.1 amd 1.0.3 Sparc (SunOS 2.6 & Solaris 8) - GnuPG v. 1.0.2 IBM AIX: Bff package - GnuPG v.1.0.1 ---------------------------------------------------------------- From wk at gnupg.org Fri Oct 13 18:42:04 2000 From: wk at gnupg.org (Werner Koch) Date: Wed Feb 23 12:43:30 2005 Subject: GPG 1.0.3 doesn't detect modifications to files with multiple signatures In-Reply-To: <200010111930.MAA03505@mail14.bigmailbox.com>; from cavenewt@MY-DEJA.COM on Wed, Oct 11, 2000 at 12:30:19PM -0700 References: <200010111930.MAA03505@mail14.bigmailbox.com> Message-ID: <20001013184204.K6164@gnupg.de> Hi! Jim is right. There is a bug in all GnuPG versions up to 1.0.3: If you have more than one cleartext signature in a file (or pipe that to gpg), gpg does not compare each signature but flags each document as good or bad depending on the first document in the file. This is a very serious bug in gpg's verification function. I have made a snapshot version which corrects this bug available at: ftp://ftp.guug.de/gcrypt/devel/gnupg-1.0.3b.tar.gz (1681k) ftp://ftp.guug.de/gcrypt/devel/gnupg-1.0.3b.tar.gz.sig This version also comes with AES support but there are still the same problems with building on Solaris and HP/UX as in 1.0.3. We are currently working on large file support and the compilations problems. A regular release should be available in a few days. Some background: To check cleartext signatures, GnuPG uses the same dearmoring code as everywhere and this code works just like a filter which decoded the base-64 armor and feeds it into the normal processing. When it comes to cleartext signatures, the armor code fakes 2 packet: The first one is a so called one-pass packet, which tells the further processing stuff how the plaintext should be hashed and a literal data packet which contains the signed material. This way it is not easy to detect the cleartext signed part which is needed to reset the internal state of gpg. The new solution (which is something I should have done from the beginning) is to create a new control packet, which is taken out of the special private packet number space and use this to transfer the meta information about the cleartext signature to the verification engine. To avoid problems with control packets send to gpg over the normal input, the faked packets are now tagged with a random string during creation and the packet parser code accepts this control packet only when it contains this tag. This problem has been in GnuPG since the beginning but Jim's seems to be the first one who noiced that. We need better auditing folks! This bug is just one more prove that "given enough eyeballs all bugs are shallow" can not be held true when it comes to the security bugs; well, the bugs are probably found faster - but most times only be coincedence. BTW, I'd would have appreciated it if Jim had reported that bug through the usual GnuPG bug address or to the developers mailing list. To give us a day or so to analyze the thing and prepare a patch. Werner -- Werner Koch GnuPG key: 621CC013 OpenIT GmbH http://www.OpenIT.de From wk at gnupg.org Tue Oct 17 19:47:01 2000 From: wk at gnupg.org (Werner Koch) Date: Wed Feb 23 12:43:30 2005 Subject: [Announce] GnuPG security fix Message-ID: <20001017194701.C13262@gnupg.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! A bug in GnuPG's signature verification function has recently been found: If you have more than one signature (either cleartext or binary ones) in a file (or pipe that to gpg), gpg does not compare each signature but flags each document as good or bad depending on the first document in the file. It is possible to use this bug to fake signatures (it most cases it needs some social engineering but it is not that complicated). IT IS RECOMMENDED TO UPDATE TO THIS NEW 1.0.4 RELEASE WHICH FIXES THE PROBLEM! GnuPG version 1.0.4 is now available at the address below and should show up on the mirrors within a day. ftp://ftp.gnupg.org/pub/gcrypt/gnupg/gnupg-1.0.4.tar.gz (1685k) ftp://ftp.gnupg.org/pub/gcrypt/gnupg/gnupg-1.0.4.tar.gz.sig A diff against 1.0.3 is also available: ftp://ftp.guug.de/pub/gcrypt/gnupg/gnupg-1.0.3-1.0.4.diff.gz (116k) MD5 checksums of the above files are: bef2267bfe9b74a00906a78db34437f9 gnupg-1.0.4.tar.gz c79711f3c6b79acb733f79fe0f36a8c2 gnupg-1.0.3-1.0.4.diff.gz So, what's new in this version: * Fixed a serious bug which could lead to false signature verification results when more than one signature is fed to gpg. This is the primary reason for releasing this version. * New utility gpgv which is a stripped down version of gpg to be used to verify signatures against a list of trusted keys. * Rijndael (AES) is now supported and listed with top preference. * --with-colons now works with --print-md[s]. Some other bugs are also fixed. Due to the need for this security update, we have not yet accomplished to fix some build problems on HP/UX, AIX, Solaris and probably some other OSes. GNU/Linux should work just fine. Debian and RPM packages will be available really soon. I apologize for this bug and any inconvenience you have with this., Werner p.s. Here is a list of sites mirroring ftp://ftp.gnupg.org/pub/gcrypt/ Please use them if you can; new releases should show up on these servers within a day. Australia ftp://orcus.progsoc.uts.edu.au/pub/gnupg/ http://orcus.progsoc.uts.edu.au/pub/gnupg/ rsync://orcus.progsoc.uts.edu.au/pub/gnupg/ ftp://mirror.aarnet.edu.au/pub/gnupg/ http://mirror.aarnet.edu.au/pub/gnupg/ Austria ftp://gd.tuwien.ac.at/privacy/gnupg/ Belgium ftp://openbsd.rug.ac.be/pub/gcrypt/ Canada ftp://crypto.yashy.com/pub/cryptography/gnupg/ Denmark ftp://sunsite.auc.dk/pub/security/gcrypt/ Finland ftp://ftp.jyu.fi/pub/crypt/gcrypt/ France ftp://ftp.strasbourg.linuxfr.org/pub/gnupg/ Germany ftp://ftp.franken.de/pub/crypt/mirror/ftp.guug.de/gcrypt/ ftp://ftp.freenet.de/pub/ftp.gnupg.org/pub/gcrypt/ ftp://ftp.gigabell.net/pub/gnupg Greece ftp://ftp.linux.gr/pub/crypto/gnupg/ Hungary ftp://ftp.kfki.hu/pub/packages/security/gnupg/ Iceland ftp://ftp.hi.is/pub/mirrors/gnupg/ Ireland ftp://ftp.compsoc.com/pub/gnupg/ Italy ftp://ftp.linux.it/pub/mirrors/gnupg/ ftp://ftp3.linux.it/pub/mirrors/gnupg/ Japan ftp://pgp.iijlab.net/pub/gnupg/ ftp://ftp.ring.gr.jp/pub/net/gnupg/ http://www.ring.gr.jp/pub/net/gnupg/ Poland ftp://sunsite.icm.edu.pl/pub/security/gnupg/ Spain ftp://dimonieta.udg.es/mirror/gnupg Sweden ftp://ftp.stacken.kth.se/pub/crypto/gnupg/ ftp://ftp.sunet.se:/pub/security/gnupg/ Switzerland ftp://sunsite.cnlab-switch.ch/mirror/gcrypt/ Taiwan ftp://coda.nctu.edu.tw/Security/gcrypt United Kingdom ftp://ftp.net.lut.ac.uk/gcrypt/ ftp://ftp.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/ http://www.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE57JAybH7huGIcwBMRAo6RAJ4/pl5ylyJLerkrr2ePX5oodsxp1gCgvIvk qQkJdXpPu4bebV/q3JW8qWs= =o7O0 -----END PGP SIGNATURE----- -- Werner Koch GnuPG key: 621CC013 OpenIT GmbH http://www.OpenIT.de From wk at gnupg.org Tue Oct 17 19:47:01 2000 From: wk at gnupg.org (Werner Koch) Date: Wed Feb 23 12:43:30 2005 Subject: [Announce] GnuPG security fix Message-ID: <20001017194701.C13262@gnupg.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! A bug in GnuPG's signature verification function has recently been found: If you have more than one signature (either cleartext or binary ones) in a file (or pipe that to gpg), gpg does not compare each signature but flags each document as good or bad depending on the first document in the file. It is possible to use this bug to fake signatures (it most cases it needs some social engineering but it is not that complicated). IT IS RECOMMENDED TO UPDATE TO THIS NEW 1.0.4 RELEASE WHICH FIXES THE PROBLEM! GnuPG version 1.0.4 is now available at the address below and should show up on the mirrors within a day. ftp://ftp.gnupg.org/pub/gcrypt/gnupg/gnupg-1.0.4.tar.gz (1685k) ftp://ftp.gnupg.org/pub/gcrypt/gnupg/gnupg-1.0.4.tar.gz.sig A diff against 1.0.3 is also available: ftp://ftp.guug.de/pub/gcrypt/gnupg/gnupg-1.0.3-1.0.4.diff.gz (116k) MD5 checksums of the above files are: bef2267bfe9b74a00906a78db34437f9 gnupg-1.0.4.tar.gz c79711f3c6b79acb733f79fe0f36a8c2 gnupg-1.0.3-1.0.4.diff.gz So, what's new in this version: * Fixed a serious bug which could lead to false signature verification results when more than one signature is fed to gpg. This is the primary reason for releasing this version. * New utility gpgv which is a stripped down version of gpg to be used to verify signatures against a list of trusted keys. * Rijndael (AES) is now supported and listed with top preference. * --with-colons now works with --print-md[s]. Some other bugs are also fixed. Due to the need for this security update, we have not yet accomplished to fix some build problems on HP/UX, AIX, Solaris and probably some other OSes. GNU/Linux should work just fine. Debian and RPM packages will be available really soon. I apologize for this bug and any inconvenience you have with this., Werner p.s. Here is a list of sites mirroring ftp://ftp.gnupg.org/pub/gcrypt/ Please use them if you can; new releases should show up on these servers within a day. Australia ftp://orcus.progsoc.uts.edu.au/pub/gnupg/ http://orcus.progsoc.uts.edu.au/pub/gnupg/ rsync://orcus.progsoc.uts.edu.au/pub/gnupg/ ftp://mirror.aarnet.edu.au/pub/gnupg/ http://mirror.aarnet.edu.au/pub/gnupg/ Austria ftp://gd.tuwien.ac.at/privacy/gnupg/ Belgium ftp://openbsd.rug.ac.be/pub/gcrypt/ Canada ftp://crypto.yashy.com/pub/cryptography/gnupg/ Denmark ftp://sunsite.auc.dk/pub/security/gcrypt/ Finland ftp://ftp.jyu.fi/pub/crypt/gcrypt/ France ftp://ftp.strasbourg.linuxfr.org/pub/gnupg/ Germany ftp://ftp.franken.de/pub/crypt/mirror/ftp.guug.de/gcrypt/ ftp://ftp.freenet.de/pub/ftp.gnupg.org/pub/gcrypt/ ftp://ftp.gigabell.net/pub/gnupg Greece ftp://ftp.linux.gr/pub/crypto/gnupg/ Hungary ftp://ftp.kfki.hu/pub/packages/security/gnupg/ Iceland ftp://ftp.hi.is/pub/mirrors/gnupg/ Ireland ftp://ftp.compsoc.com/pub/gnupg/ Italy ftp://ftp.linux.it/pub/mirrors/gnupg/ ftp://ftp3.linux.it/pub/mirrors/gnupg/ Japan ftp://pgp.iijlab.net/pub/gnupg/ ftp://ftp.ring.gr.jp/pub/net/gnupg/ http://www.ring.gr.jp/pub/net/gnupg/ Poland ftp://sunsite.icm.edu.pl/pub/security/gnupg/ Spain ftp://dimonieta.udg.es/mirror/gnupg Sweden ftp://ftp.stacken.kth.se/pub/crypto/gnupg/ ftp://ftp.sunet.se:/pub/security/gnupg/ Switzerland ftp://sunsite.cnlab-switch.ch/mirror/gcrypt/ Taiwan ftp://coda.nctu.edu.tw/Security/gcrypt United Kingdom ftp://ftp.net.lut.ac.uk/gcrypt/ ftp://ftp.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/ http://www.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE57JAybH7huGIcwBMRAo6RAJ4/pl5ylyJLerkrr2ePX5oodsxp1gCgvIvk qQkJdXpPu4bebV/q3JW8qWs= =o7O0 -----END PGP SIGNATURE----- -- Werner Koch GnuPG key: 621CC013 OpenIT GmbH http://www.OpenIT.de From wk at gnupg.org Tue Oct 17 19:47:01 2000 From: wk at gnupg.org (Werner Koch) Date: Wed Feb 23 12:43:30 2005 Subject: [Announce] GnuPG security fix Message-ID: <20001017194701.C13262@gnupg.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! A bug in GnuPG's signature verification function has recently been found: If you have more than one signature (either cleartext or binary ones) in a file (or pipe that to gpg), gpg does not compare each signature but flags each document as good or bad depending on the first document in the file. It is possible to use this bug to fake signatures (it most cases it needs some social engineering but it is not that complicated). IT IS RECOMMENDED TO UPDATE TO THIS NEW 1.0.4 RELEASE WHICH FIXES THE PROBLEM! GnuPG version 1.0.4 is now available at the address below and should show up on the mirrors within a day. ftp://ftp.gnupg.org/pub/gcrypt/gnupg/gnupg-1.0.4.tar.gz (1685k) ftp://ftp.gnupg.org/pub/gcrypt/gnupg/gnupg-1.0.4.tar.gz.sig A diff against 1.0.3 is also available: ftp://ftp.guug.de/pub/gcrypt/gnupg/gnupg-1.0.3-1.0.4.diff.gz (116k) MD5 checksums of the above files are: bef2267bfe9b74a00906a78db34437f9 gnupg-1.0.4.tar.gz c79711f3c6b79acb733f79fe0f36a8c2 gnupg-1.0.3-1.0.4.diff.gz So, what's new in this version: * Fixed a serious bug which could lead to false signature verification results when more than one signature is fed to gpg. This is the primary reason for releasing this version. * New utility gpgv which is a stripped down version of gpg to be used to verify signatures against a list of trusted keys. * Rijndael (AES) is now supported and listed with top preference. * --with-colons now works with --print-md[s]. Some other bugs are also fixed. Due to the need for this security update, we have not yet accomplished to fix some build problems on HP/UX, AIX, Solaris and probably some other OSes. GNU/Linux should work just fine. Debian and RPM packages will be available really soon. I apologize for this bug and any inconvenience you have with this., Werner p.s. Here is a list of sites mirroring ftp://ftp.gnupg.org/pub/gcrypt/ Please use them if you can; new releases should show up on these servers within a day. Australia ftp://orcus.progsoc.uts.edu.au/pub/gnupg/ http://orcus.progsoc.uts.edu.au/pub/gnupg/ rsync://orcus.progsoc.uts.edu.au/pub/gnupg/ ftp://mirror.aarnet.edu.au/pub/gnupg/ http://mirror.aarnet.edu.au/pub/gnupg/ Austria ftp://gd.tuwien.ac.at/privacy/gnupg/ Belgium ftp://openbsd.rug.ac.be/pub/gcrypt/ Canada ftp://crypto.yashy.com/pub/cryptography/gnupg/ Denmark ftp://sunsite.auc.dk/pub/security/gcrypt/ Finland ftp://ftp.jyu.fi/pub/crypt/gcrypt/ France ftp://ftp.strasbourg.linuxfr.org/pub/gnupg/ Germany ftp://ftp.franken.de/pub/crypt/mirror/ftp.guug.de/gcrypt/ ftp://ftp.freenet.de/pub/ftp.gnupg.org/pub/gcrypt/ ftp://ftp.gigabell.net/pub/gnupg Greece ftp://ftp.linux.gr/pub/crypto/gnupg/ Hungary ftp://ftp.kfki.hu/pub/packages/security/gnupg/ Iceland ftp://ftp.hi.is/pub/mirrors/gnupg/ Ireland ftp://ftp.compsoc.com/pub/gnupg/ Italy ftp://ftp.linux.it/pub/mirrors/gnupg/ ftp://ftp3.linux.it/pub/mirrors/gnupg/ Japan ftp://pgp.iijlab.net/pub/gnupg/ ftp://ftp.ring.gr.jp/pub/net/gnupg/ http://www.ring.gr.jp/pub/net/gnupg/ Poland ftp://sunsite.icm.edu.pl/pub/security/gnupg/ Spain ftp://dimonieta.udg.es/mirror/gnupg Sweden ftp://ftp.stacken.kth.se/pub/crypto/gnupg/ ftp://ftp.sunet.se:/pub/security/gnupg/ Switzerland ftp://sunsite.cnlab-switch.ch/mirror/gcrypt/ Taiwan ftp://coda.nctu.edu.tw/Security/gcrypt United Kingdom ftp://ftp.net.lut.ac.uk/gcrypt/ ftp://ftp.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/ http://www.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE57JAybH7huGIcwBMRAo6RAJ4/pl5ylyJLerkrr2ePX5oodsxp1gCgvIvk qQkJdXpPu4bebV/q3JW8qWs= =o7O0 -----END PGP SIGNATURE----- -- Werner Koch GnuPG key: 621CC013 OpenIT GmbH http://www.OpenIT.de -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org From wk at gnupg.org Wed Oct 18 16:01:37 2000 From: wk at gnupg.org (Werner Koch) Date: Wed Feb 23 12:43:30 2005 Subject: [Announce] Minor gpg fix Message-ID: <20001018160137.O15768@gnupg.de> Hi, some folks asked what the message gpg: this cipher algorithm is depreciated; please use a more standard one! does mean. Yes, gpg 1.0.4 should not emit this message. I forgot to put the AES cipher algorithm into the list of "good" algorithms. Either ignore this message or apply the patch below. Werner Index: g10/misc.c =================================================================== RCS file: /home/koch/cvs/gnupg/g10/misc.c,v retrieving revision 1.16.2.4 diff -u -r1.16.2.4 misc.c --- g10/misc.c 2000/10/13 15:03:48 1.16.2.4 +++ g10/misc.c 2000/10/18 13:34:01 @@ -224,6 +224,9 @@ || algo == CIPHER_ALGO_CAST5 || algo == CIPHER_ALGO_BLOWFISH || algo == CIPHER_ALGO_TWOFISH + || algo == CIPHER_ALGO_RIJNDAEL + || algo == CIPHER_ALGO_RIJNDAEL192 + || algo == CIPHER_ALGO_RIJNDAEL256 ) ; else { From wk at gnupg.org Wed Oct 18 16:01:37 2000 From: wk at gnupg.org (Werner Koch) Date: Wed Feb 23 12:43:30 2005 Subject: [Announce] Minor gpg fix Message-ID: <20001018160137.O15768@gnupg.de> Hi, some folks asked what the message gpg: this cipher algorithm is depreciated; please use a more standard one! does mean. Yes, gpg 1.0.4 should not emit this message. I forgot to put the AES cipher algorithm into the list of "good" algorithms. Either ignore this message or apply the patch below. Werner Index: g10/misc.c =================================================================== RCS file: /home/koch/cvs/gnupg/g10/misc.c,v retrieving revision 1.16.2.4 diff -u -r1.16.2.4 misc.c --- g10/misc.c 2000/10/13 15:03:48 1.16.2.4 +++ g10/misc.c 2000/10/18 13:34:01 @@ -224,6 +224,9 @@ || algo == CIPHER_ALGO_CAST5 || algo == CIPHER_ALGO_BLOWFISH || algo == CIPHER_ALGO_TWOFISH + || algo == CIPHER_ALGO_RIJNDAEL + || algo == CIPHER_ALGO_RIJNDAEL192 + || algo == CIPHER_ALGO_RIJNDAEL256 ) ; else { From wk at gnupg.org Wed Oct 18 16:01:37 2000 From: wk at gnupg.org (Werner Koch) Date: Wed Feb 23 12:43:30 2005 Subject: [Announce] Minor gpg fix Message-ID: <20001018160137.O15768@gnupg.de> Hi, some folks asked what the message gpg: this cipher algorithm is depreciated; please use a more standard one! does mean. Yes, gpg 1.0.4 should not emit this message. I forgot to put the AES cipher algorithm into the list of "good" algorithms. Either ignore this message or apply the patch below. Werner Index: g10/misc.c =================================================================== RCS file: /home/koch/cvs/gnupg/g10/misc.c,v retrieving revision 1.16.2.4 diff -u -r1.16.2.4 misc.c --- g10/misc.c 2000/10/13 15:03:48 1.16.2.4 +++ g10/misc.c 2000/10/18 13:34:01 @@ -224,6 +224,9 @@ || algo == CIPHER_ALGO_CAST5 || algo == CIPHER_ALGO_BLOWFISH || algo == CIPHER_ALGO_TWOFISH + || algo == CIPHER_ALGO_RIJNDAEL + || algo == CIPHER_ALGO_RIJNDAEL192 + || algo == CIPHER_ALGO_RIJNDAEL256 ) ; else { -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org From cova at ferrara.linux.it Wed Oct 18 21:45:22 2000 From: cova at ferrara.linux.it (Fabio Coatti) Date: Wed Feb 23 12:43:30 2005 Subject: RPMS for GnuPG 1.0.4 Message-ID: <20001018214522.B899@janus> I'm uploading the rpms packages for gnupg 1.0.4; I've included the patch for AES warning, provided by Werner Koch. The URL is the usual: ftp://crypto.ferrara.linux.it/pub/gpg All packages are signed with my own key. Please report any problem. Have fun, -- Fabio Coatti http://www.ferrara.linux.it/members/cova Ferrara Linux Users Group http://ferrara.linux.it GnuPG fp:9765 A5B6 6843 17BC A646 BE8C FA56 373A 5374 C703 Old SysOps never die... they simply forget their password. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : /pipermail/attachments/20001018/f1cc8f2f/attachment.pgp From cova at ferrara.linux.it Wed Oct 18 21:45:22 2000 From: cova at ferrara.linux.it (Fabio Coatti) Date: Wed Feb 23 12:43:31 2005 Subject: RPMS for GnuPG 1.0.4 Message-ID: <20001018214522.B899@janus> I'm uploading the rpms packages for gnupg 1.0.4; I've included the patch for AES warning, provided by Werner Koch. The URL is the usual: ftp://crypto.ferrara.linux.it/pub/gpg All packages are signed with my own key. Please report any problem. Have fun, -- Fabio Coatti http://www.ferrara.linux.it/members/cova Ferrara Linux Users Group http://ferrara.linux.it GnuPG fp:9765 A5B6 6843 17BC A646 BE8C FA56 373A 5374 C703 Old SysOps never die... they simply forget their password. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : /pipermail/attachments/20001018/f1cc8f2f/attachment-0001.pgp From cova at ferrara.linux.it Wed Oct 18 21:45:22 2000 From: cova at ferrara.linux.it (Fabio Coatti) Date: Wed Feb 23 12:43:31 2005 Subject: RPMS for GnuPG 1.0.4 Message-ID: <20001018214522.B899@janus> I'm uploading the rpms packages for gnupg 1.0.4; I've included the patch for AES warning, provided by Werner Koch. The URL is the usual: ftp://crypto.ferrara.linux.it/pub/gpg All packages are signed with my own key. Please report any problem. Have fun, -- Fabio Coatti http://www.ferrara.linux.it/members/cova Ferrara Linux Users Group http://ferrara.linux.it GnuPG fp:9765 A5B6 6843 17BC A646 BE8C FA56 373A 5374 C703 Old SysOps never die... they simply forget their password. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : /pipermail/attachments/20001018/f1cc8f2f/attachment-0002.pgp From rmartini at iis.com.br Sun Oct 22 22:56:32 2000 From: rmartini at iis.com.br (rmartini@iis.com.br) Date: Wed Feb 23 12:43:31 2005 Subject: GnuPG for Unix (update): version 1.0.4 Message-ID: <200010221956.RAA14916@mail.iis.com.br> GnuPG for Unix New Unix package: GnuPG version 1.0.4 ====================================== *SCO UnixWare 7: with EGD or without EGD *Solaris 7 or 8 (Intel only): tarrballs and Sun pkgadd *FreeBSD (Intel) Renato Martini (rmartini@cipsga.org.br) http://gnupg.unixsecurity.com.br ------------------------------ From rmartini at iis.com.br Sun Oct 22 22:56:32 2000 From: rmartini at iis.com.br (rmartini@iis.com.br) Date: Wed Feb 23 12:43:31 2005 Subject: GnuPG for Unix (update): version 1.0.4 Message-ID: <200010221956.RAA14916@mail.iis.com.br> GnuPG for Unix New Unix package: GnuPG version 1.0.4 ====================================== *SCO UnixWare 7: with EGD or without EGD *Solaris 7 or 8 (Intel only): tarrballs and Sun pkgadd *FreeBSD (Intel) Renato Martini (rmartini@cipsga.org.br) http://gnupg.unixsecurity.com.br ------------------------------ From rmartini at iis.com.br Sun Oct 22 22:56:32 2000 From: rmartini at iis.com.br (rmartini@iis.com.br) Date: Wed Feb 23 12:43:31 2005 Subject: GnuPG for Unix (update): version 1.0.4 Message-ID: <200010221956.RAA14916@mail.iis.com.br> GnuPG for Unix New Unix package: GnuPG version 1.0.4 ====================================== *SCO UnixWare 7: with EGD or without EGD *Solaris 7 or 8 (Intel only): tarrballs and Sun pkgadd *FreeBSD (Intel) Renato Martini (rmartini@cipsga.org.br) http://gnupg.unixsecurity.com.br ------------------------------ -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org From wk at gnupg.org Mon Oct 23 19:55:35 2000 From: wk at gnupg.org (Werner Koch) Date: Wed Feb 23 12:43:31 2005 Subject: [Announce] GnuPG 1.0.4 for MS-Windows Message-ID: <20001023195535.Y12924@gnupg.de> A non-text attachment was scrubbed... Name: msg.pgp Type: application/pgp Size: 889 bytes Desc: not available Url : /pipermail/attachments/20001023/827a2975/msg.bin From wk at gnupg.org Mon Oct 23 19:55:35 2000 From: wk at gnupg.org (Werner Koch) Date: Wed Feb 23 12:43:31 2005 Subject: [Announce] GnuPG 1.0.4 for MS-Windows Message-ID: <20001023195535.Y12924@gnupg.de> A non-text attachment was scrubbed... Name: msg.pgp Type: application/pgp Size: 888 bytes Desc: not available Url : /pipermail/attachments/20001023/827a2975/msg-0001.bin From wk at gnupg.org Mon Oct 23 19:55:35 2000 From: wk at gnupg.org (Werner Koch) Date: Wed Feb 23 12:43:31 2005 Subject: [Announce] GnuPG 1.0.4 for MS-Windows Message-ID: <20001023195535.Y12924@gnupg.de> A non-text attachment was scrubbed... Name: msg.pgp Type: application/pgp Size: 1028 bytes Desc: not available Url : /pipermail/attachments/20001023/827a2975/msg-0002.bin From cova at ferrara.linux.it Sat Nov 11 17:05:45 2000 From: cova at ferrara.linux.it (Fabio Coatti) Date: Wed Feb 23 12:43:31 2005 Subject: GnuPG 1.0.4 rpm for sparc. Message-ID: <20001111170545.C2008@janus> Sparc rpm of GnuPG 1.0.4 is available on ftp://crypto.ferrara.linux.it/pub/gpg Many thanks to Munehiro that is the packager. The package is signed with both his and my gpg key. Have fun... -- Fabio Coatti http://www.ferrara.linux.it/members/cova Ferrara Linux Users Group http://ferrara.linux.it GnuPG fp:9765 A5B6 6843 17BC A646 BE8C FA56 373A 5374 C703 Old SysOps never die... they simply forget their password. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : /pipermail/attachments/20001111/8728510b/attachment.pgp From cova at ferrara.linux.it Sat Nov 11 17:05:45 2000 From: cova at ferrara.linux.it (Fabio Coatti) Date: Wed Feb 23 12:43:31 2005 Subject: GnuPG 1.0.4 rpm for sparc. Message-ID: <20001111170545.C2008@janus> Sparc rpm of GnuPG 1.0.4 is available on ftp://crypto.ferrara.linux.it/pub/gpg Many thanks to Munehiro that is the packager. The package is signed with both his and my gpg key. Have fun... -- Fabio Coatti http://www.ferrara.linux.it/members/cova Ferrara Linux Users Group http://ferrara.linux.it GnuPG fp:9765 A5B6 6843 17BC A646 BE8C FA56 373A 5374 C703 Old SysOps never die... they simply forget their password. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : /pipermail/attachments/20001111/8728510b/attachment-0001.pgp From cova at ferrara.linux.it Sat Nov 11 17:05:45 2000 From: cova at ferrara.linux.it (Fabio Coatti) Date: Wed Feb 23 12:43:31 2005 Subject: GnuPG 1.0.4 rpm for sparc. Message-ID: <20001111170545.C2008@janus> Sparc rpm of GnuPG 1.0.4 is available on ftp://crypto.ferrara.linux.it/pub/gpg Many thanks to Munehiro that is the packager. The package is signed with both his and my gpg key. Have fun... -- Fabio Coatti http://www.ferrara.linux.it/members/cova Ferrara Linux Users Group http://ferrara.linux.it GnuPG fp:9765 A5B6 6843 17BC A646 BE8C FA56 373A 5374 C703 Old SysOps never die... they simply forget their password. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : /pipermail/attachments/20001111/8728510b/attachment-0002.pgp From rmartini at iis.com.br Tue Nov 28 01:03:44 2000 From: rmartini at iis.com.br (rmartini@iis.com.br) Date: Wed Feb 23 12:43:31 2005 Subject: GnuPG 1.0.4 for Solaris 8 SPARC Message-ID: <200011272303.VAA26585@mail.iis.com.br> The GnuPG 1.0.4 package for Solaris/Sparc 8.0 (Sun's pkgadd) is available at "GnuPG for Unix" web site: http://gnupg.unixsecurity.com.br Renato Martini rmartini@cipsga.org.br From rmartini at iis.com.br Tue Nov 28 01:03:44 2000 From: rmartini at iis.com.br (rmartini@iis.com.br) Date: Wed Feb 23 12:43:32 2005 Subject: GnuPG 1.0.4 for Solaris 8 SPARC Message-ID: <200011272303.VAA26585@mail.iis.com.br> The GnuPG 1.0.4 package for Solaris/Sparc 8.0 (Sun's pkgadd) is available at "GnuPG for Unix" web site: http://gnupg.unixsecurity.com.br Renato Martini rmartini@cipsga.org.br From rmartini at iis.com.br Tue Nov 28 01:03:44 2000 From: rmartini at iis.com.br (rmartini@iis.com.br) Date: Wed Feb 23 12:43:32 2005 Subject: GnuPG 1.0.4 for Solaris 8 SPARC Message-ID: <200011272303.VAA26585@mail.iis.com.br> The GnuPG 1.0.4 package for Solaris/Sparc 8.0 (Sun's pkgadd) is available at "GnuPG for Unix" web site: http://gnupg.unixsecurity.com.br Renato Martini rmartini@cipsga.org.br -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org From wk at gnupg.org Thu Nov 30 22:32:54 2000 From: wk at gnupg.org (Werner Koch) Date: Wed Feb 23 12:43:32 2005 Subject: [Announce] Security fix for GnuPG Message-ID: <20001130223254.A29985@gnupg.de> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : /pipermail/attachments/20001130/61172204/attachment.pgp From wk at gnupg.org Thu Nov 30 22:32:54 2000 From: wk at gnupg.org (Werner Koch) Date: Wed Feb 23 12:43:32 2005 Subject: [Announce] Security fix for GnuPG Message-ID: <20001130223254.A29985@gnupg.de> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : /pipermail/attachments/20001130/61172204/attachment-0001.pgp From wk at gnupg.org Thu Nov 30 22:32:54 2000 From: wk at gnupg.org (Werner Koch) Date: Wed Feb 23 12:43:32 2005 Subject: [Announce] Security fix for GnuPG Message-ID: <20001130223254.A29985@gnupg.de> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : /pipermail/attachments/20001130/61172204/attachment-0002.pgp From rmartini at iis.com.br Wed Dec 27 00:00:39 2000 From: rmartini at iis.com.br (rmartini@iis.com.br) Date: Wed Feb 23 12:43:32 2005 Subject: Release: GnuPG 1.0.4 for BSD 3.1 Message-ID: <200012262200.eBQM0dC32763@mail.iis.com.br> GnuPG 1.0.4 binaries for BSDI BSD/OS 3.1 ............................................................. *This package was compiled by Gregory Karpinsky (gregory@tiv.net) TIV.NET Inc. (http://tiv.net) *This package is available at "GnuPG for Unix" web site (http://gnupg.unixsecurity.com.br). Email: rmartini@cipsga.org.br Thanks Renato Martini From rmartini at iis.com.br Wed Dec 27 00:00:39 2000 From: rmartini at iis.com.br (rmartini@iis.com.br) Date: Wed Feb 23 12:43:32 2005 Subject: Release: GnuPG 1.0.4 for BSD 3.1 Message-ID: <200012262200.eBQM0dC32763@mail.iis.com.br> GnuPG 1.0.4 binaries for BSDI BSD/OS 3.1 ............................................................. *This package was compiled by Gregory Karpinsky (gregory@tiv.net) TIV.NET Inc. (http://tiv.net) *This package is available at "GnuPG for Unix" web site (http://gnupg.unixsecurity.com.br). Email: rmartini@cipsga.org.br Thanks Renato Martini From rmartini at iis.com.br Wed Dec 27 00:00:39 2000 From: rmartini at iis.com.br (rmartini@iis.com.br) Date: Wed Feb 23 12:43:32 2005 Subject: Release: GnuPG 1.0.4 for BSD 3.1 Message-ID: <200012262200.eBQM0dC32763@mail.iis.com.br> GnuPG 1.0.4 binaries for BSDI BSD/OS 3.1 ............................................................. *This package was compiled by Gregory Karpinsky (gregory@tiv.net) TIV.NET Inc. (http://tiv.net) *This package is available at "GnuPG for Unix" web site (http://gnupg.unixsecurity.com.br). Email: rmartini@cipsga.org.br Thanks Renato Martini -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org From rmartini at iis.com.br Wed Dec 27 03:16:38 2000 From: rmartini at iis.com.br (rmartini@iis.com.br) Date: Wed Feb 23 12:43:32 2005 Subject: GnuPG for BSD 4.1 Message-ID: <200012270116.eBR1GcC24354@mail.iis.com.br> GnuPG 1.0.4 binaries for BSDI BSD/OS 4.1 ............................................................. *This package was compiled by Gregory Karpinsky (gregory@tiv.net) TIV.NET Inc. (http://tiv.net) *This package is available at "GnuPG for Unix" web site (http://gnupg.unixsecurity.com.br). Email: rmartini@cipsga.org.br Thanks Renato Martini From rmartini at iis.com.br Wed Dec 27 03:16:38 2000 From: rmartini at iis.com.br (rmartini@iis.com.br) Date: Wed Feb 23 12:43:32 2005 Subject: GnuPG for BSD 4.1 Message-ID: <200012270116.eBR1GcC24354@mail.iis.com.br> GnuPG 1.0.4 binaries for BSDI BSD/OS 4.1 ............................................................. *This package was compiled by Gregory Karpinsky (gregory@tiv.net) TIV.NET Inc. (http://tiv.net) *This package is available at "GnuPG for Unix" web site (http://gnupg.unixsecurity.com.br). Email: rmartini@cipsga.org.br Thanks Renato Martini From rmartini at iis.com.br Wed Dec 27 03:16:38 2000 From: rmartini at iis.com.br (rmartini@iis.com.br) Date: Wed Feb 23 12:43:32 2005 Subject: GnuPG for BSD 4.1 Message-ID: <200012270116.eBR1GcC24354@mail.iis.com.br> GnuPG 1.0.4 binaries for BSDI BSD/OS 4.1 ............................................................. *This package was compiled by Gregory Karpinsky (gregory@tiv.net) TIV.NET Inc. (http://tiv.net) *This package is available at "GnuPG for Unix" web site (http://gnupg.unixsecurity.com.br). Email: rmartini@cipsga.org.br Thanks Renato Martini -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org