From wk at gnupg.org Fri Apr 6 12:20:01 2001 From: wk at gnupg.org (Werner Koch) Date: Wed Feb 23 12:43:32 2005 Subject: [Announce] new gnupg snapshot Message-ID: <20010406122108.B18159@alberti.gnupg.de> Hi! I have just released a new snapshot of GnuPG with version 1.0.4g. Please note that this is a development version and may contain severe bugs. However, I believe it is already pretty stable. This should be one of the last snapshots before the release of 1.0.5 which I expect to happen within this month. So, if you want to try it out, wait a day and get it from one of the mirrors (http://www.gnupg.org/mirrors.html) or get it know at ftp://ftp/gnupg.org/gcrypt/devel/gnupg-1.0.4g.tar.gz (1.8M) ftp://ftp/gnupg.org/gcrypt/devel/gnupg-1.0.4g.tar.gz.sig or as a patch file against the previous snapshot: ftp://ftp/gnupg.org/gcrypt/devel/gnupg-1.0.4f-1.0.4g.diff.gz (80k) MD5 checksums are: a8072de04dbe4306829c69f0d3abba9b gnupg-1.0.4g.tar.gz 02564d89a3b18ff217936136a5d6f793 gnupg-1.0.4f-1.0.4g.diff.gz Here is a list of important changes since 1.0.4: * WARNING: The semantics of --verify have changed to address a problem with detached signature detection. --verify now ignores signed material given on stdin unless this is requested by using a "-" as the name for the file with the signed material. ! Please check all your detached signature handling applications ! ! and make sure that they don't pipe the signed material to stdin ! ! without using a filename and "-" on the the command line. ! * Secret keys are no longer imported unless you use the new option --allow-secret-key-import. * There is now a notation of a primary user ID. For example this one is printed with a signature verifaction as the first user ID, revoked user IDs are not printed there anymore. I general the primary user ID is the one with the latest self-signature. * The verification status of self-signatures are now cached. To increase the speed of key list operations for existing keys you can do the following in yout GnuPG homedir (~/.gnupg): $ cp pubring.gpg pubring.gpg.save $ gpg --export-all >x $ rm pubring.gpg $ gpg --import x Note, that only v4 keys (i.e no old RSA keys) benefit from this caching. * Support for the gpg-agent from gpg 1.1 and other changes needed by gpgme. * Better LFS support. * New option --ignore-crc-error * Keyserver support for the W32 version. * Corrected hash calculation for some inputs greater than 512M - it was just wrong, so you might notice bad signature in some very big files. It may be wise to keep an old copy of GnuPG around. Have fun and please report bugs to gnupg-devel@gnupg.org. Ciao, Werner -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 233 bytes Desc: not available Url : /pipermail/attachments/20010406/1e674471/attachment.pgp From rmartini at iis.com.br Tue Apr 17 11:48:02 2001 From: rmartini at iis.com.br (Renato Martini) Date: Wed Feb 23 12:43:32 2005 Subject: [Announce] (no subject) Message-ID: New Sparc packages (sun4m & sun4u), Solaris 2.6 and 8. These packages are available at the "GnuPG for Unix" web site... http://gnupg.unixsecurity.com.br Thanks -- ................................................................................ .................... E-Mail: rmartini@cipsga.org.br Date: 17-Mar-2001 Time: 16:26:49 Membro e Consultor do CIPSGA/Rio de Janeiro http://www.cipsga.org.br http://gnupg.unixsecurity.com.br ::: "GnuPG for Unix" ------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : /pipermail/attachments/20010417/c44a7579/attachment.pgp From wk at gnupg.org Thu Apr 19 14:07:02 2001 From: wk at gnupg.org (Werner Koch) Date: Wed Feb 23 12:43:33 2005 Subject: [Announce] New GnuPG snapshot Message-ID: <20010419140904.J425@alberti.gnupg.de> Hi! I have just released a new snapshot of GnuPG. This should be the last one before the release of 1.0.5 which will be done RSN. I have just wait for some translations to get finished. If you want to have a look at this snapshot, get it from: ftp://ftp.gnupg.org/gcrypt/devel/gnupg-1.0.4h.tar.gz (1906k) ftp://ftp.gnupg.org/gcrypt/devel/gnupg-1.0.4h.tar.gz.sig or get the diff file against the last snapshot: ftp://ftp.gnupg.org/gcrypt/devel/gnupg-1.0.4g-1.0.4h.diff.gz (98k) If you wait until tomorrow, most mirrors should have catched up. The list of mirrors is available at http://www.gnupg.org/mirrors.html. MD5 checksums of the above files are: b0e53b13c8ce7e9e227cec6442a17023 gnupg-1.0.4h.tar.gz a496b100afcd2f3aea0380b1fcaea54e gnupg-1.0.4g-1.0.4h.diff.gz Please note that the old address ftp.guug.de has been replaced by ftp.gnupg.org. However, the German Unix User Group is still supporting this project by donating the new machine and paying for the traffic. Have fun, Werner -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 233 bytes Desc: not available Url : /pipermail/attachments/20010419/6ec3cdc7/attachment.pgp From wk at gnupg.org Sun Apr 29 20:23:01 2001 From: wk at gnupg.org (Werner Koch) Date: Wed Feb 23 12:43:33 2005 Subject: [Announce] GnuPG 1.0.5 released Message-ID: <20010429202455.J13927@alberti.gnupg.de> A non-text attachment was scrubbed... Name: msg.pgp Type: application/pgp Size: 6940 bytes Desc: not available Url : /pipermail/attachments/20010429/27d1a73e/msg.bin From wk at gnupg.org Fri Jun 1 14:45:01 2001 From: wk at gnupg.org (Werner Koch) Date: Wed Feb 23 12:43:33 2005 Subject: [Announce] GnuPG security fix 1.0.6 Message-ID: <20010601144058.N11454@alberti.gnupg.de> Hi, I have recently released a new version of GnuPG which fixes an exploit found by fish stiqz as well has some other bugs: * Security fix for a format string bug in the tty code. * Fixed format string bugs in all PO files. * Removed Russian translation due to too many bugs. The FTP server has an unofficial but better translation in the contrib directory. * Fixed expire time calculation and keyserver access. * The usual set of minor bug fixes and enhancements. Although that the posted exploit code can only be used with a special knowledge of the target machine, I STRONGLY ADVISE TO UPDATE GnuPG to this new version. This new release should be avalable at all mirror sites (see http://www.gnupg.org/mirrors.html and below) and at the primary location: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.6.tar.gz (1896k) ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.6.tar.gz.sig or as a patch file: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.5-1.0.6.diff.gz (217k) MD5 checksums are: 7c319a9e5e70ad9bc3bf0d7b5008a508 gnupg-1.0.6.tar.gz 71ae7d725776688c2e095d9672f38e61 gnupg-1.0.5-1.0.6.diff.gz A binary distribution for MS Windows systems is available at: ftp://ftp.gnupg.org/gcrypt/binaty/gnupg-w32-1.0.6.zip ftp://ftp.gnupg.org/gcrypt/binaty/gnupg-w32-1.0.6.zip After releasing this version it turned out that there is a small glitch in the source when a compiler other than GCC is used. If you encounter a compile problem, you should fix it in include/ttyio.c like this: diff -r1.7.2.3 ttyio.h 27c27 < void tty_printf const char *fmt, ... ); --- > void tty_printf (const char *fmt, ... ); Due to the switch to a new gettext version, some systems may have problems with there own gettext version. Using ./configure --with-included-gettext should fix this (this is also mentioned in the INSTALL file) Have fun Werner Here is a list of sites mirroring ftp://ftp.gnupg.org/gcrypt/ Please use them if you can; new releases should show up on these servers within a day. This mirror list is also available at http://www.gnupg.org/mirrors.html Australia ftp://ftp.planetmirror.com/pub/gnupg/ http://ftp.planetmirror.com/pub/gnupg/ ftp://mirror.aarnet.edu.au/pub/gnupg/ Austria ftp://gd.tuwien.ac.at/privacy/gnupg/ http://gd.tuwien.ac.at/privacy/gnupg/ Belgium ftp://openbsd.rug.ac.be/pub/gcrypt/ ftp://gnupg.x-zone.org/pub/gnupg Czechia ftp://ftp.gnupg.cz/pub/gcrypt Denmark ftp://sunsite.dk/pub/security/gcrypt/ Finland ftp://ftp.jyu.fi/pub/crypt/gcrypt/ France ftp://ftp.strasbourg.linuxfr.org/pub/gnupg/ Germany ftp://ftp.franken.de/pub/crypt/mirror/ftp.guug.de/gcrypt/ ftp://ftp.freenet.de/pub/ftp.gnupg.org/pub/gcrypt/ Greece ftp://ftp.linux.gr/pub/crypto/gnupg/ ftp://hal.csd.auth.gr/mirrors/gnupg/ Hungary ftp://ftp.kfki.hu/pub/packages/security/gnupg/ Iceland ftp://ftp.hi.is/pub/mirrors/gnupg/ Ireland ftp://ftp.compsoc.com/pub/gnupg/ Italy ftp://ftp.linux.it/pub/mirrors/gnupg/ ftp://ftp3.linux.it/pub/mirrors/gnupg/ Japan ftp://pgp.iijlab.net/pub/gnupg/ ftp://ftp.ring.gr.jp/pub/net/gnupg/ http://www.ring.gr.jp/pub/net/gnupg/ Korea ftp://ftp.snu.ac.kr/pub/security/gnupg/ Poland ftp://sunsite.icm.edu.pl/pub/security/gnupg/ Spain ftp://dimonieta.udg.es/mirror/gnupg Sweden ftp://ftp.stacken.kth.se/pub/crypto/gnupg/ ftp://ftp.sunet.se:/pub/security/gnupg/ Switzerland ftp://sunsite.cnlab-switch.ch/mirror/gcrypt/ Taiwan ftp://coda.nctu.edu.tw/Security/gcrypt United Kingdom ftp://ftp.net.lut.ac.uk/gcrypt/ ftp://ftp.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/ http://www.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/ -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : /pipermail/attachments/20010601/6f6059b9/attachment.pgp From wk at gnupg.org Tue Jun 19 13:28:02 2001 From: wk at gnupg.org (Werner Koch) Date: Wed Feb 23 12:43:33 2005 Subject: [Announce] GEAM 0.8.2 released Message-ID: <87sngwk8zl.fsf@alberti.gnupg.de> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 268 bytes Desc: not available Url : /pipermail/attachments/20010619/2412a7e3/attachment.pgp