[Announce] GnuPG 2.0.1 released

Joseph Oreste Bruni brunij at earthlink.net
Wed Nov 29 16:29:13 CET 2006 

Hi Werner,

Do the build-problem fixes in 2.0.1 include OS X/Darwin? Or, should I  
wait for a future release?

Joe



On Nov 29, 2006, at 6:55 AM, Werner Koch wrote:

> Hello!
>
> We are pleased to announce the availability of a new stable GnuPG-2
> release: Version 2.0.1
>
> This is maintenance release to fix build problems found after the
> release of 2.0.0 and to fix a buffer overflow in gpg2
>
> The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
> and data storage.  It can be used to encrypt data, create digital
> signatures, help authenticating using Secure Shell and to provide a
> framework for public key cryptography.  It includes an advanced key
> management facility and is compliant with the OpenPGP and S/MIME
> standards.
>
> GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.5) in that
> it splits up functionality into several modules.  However, both
> versions may be installed alongside without any conflict.  In fact,
> the gpg version from GnuPG-1 is able to make use of the gpg-agent as
> included in GnuPG-2 and allows for seamless passphrase caching.  The
> advantage of GnuPG-1 is its smaller size and the lack of dependency on
> other modules at run and build time.  We will keep maintaining GnuPG-1
> versions because they are very useful for small systems and for server
> based applications requiring only OpenPGP support.
>
> GnuPG is distributed under the terms of the GNU General Public License
> (GPL).  GnuPG-2 works best on GNU/Linux or *BSD systems.  A port
> Windows is planned but work has not yet started.
>
>
> Getting the Software
> ====================
>
> Please follow the instructions found at http://www.gnupg.org/download/
> or read on:
>
> GnuPG 2.0.1 may be downloaded from one of the GnuPG mirror sites or
> direct from ftp://ftp.gnupg.org/gcrypt/ .  The list of mirrors can be
> found at http://www.gnupg.org/mirrors.html .  Note, that GnuPG is not
> available at ftp.gnu.org.
>
> On the mirrors you should find the following files in the *gnupg*
> directory:
>
>   gnupg-2.0.1.tar.bz2 (3.8Mk)
>   gnupg-2.0.1.tar.bz2.sig
>
>       GnuPG source compressed using BZIP2 and OpenPGP signature.
>
>   gnupg-2.0.0-2.0.1.diff.bz2 (220k)
>
>       A patch file to upgrade a 2.0.0 GnuPG source.  This is only that
>       large arge due to an update of the included gettext module.
>
> Note, that we don't distribute gzip compressed tarballs.
>
>
> Checking the Integrity
> ======================
>
> In order to check that the version of GnuPG which you are going to
> install is an original and unmodified one, you can do it in one of
> the following ways:
>
>  * If you already have a trusted version of GnuPG installed, you
>    can simply check the supplied signature.  For example to check the
>    signature of the file gnupg-2.0.1.tar.bz2 you would use this  
> command:
>
>      gpg --verify gnupg-2.0.1.tar.bz2.sig
>
>    This checks whether the signature file matches the source file.
>    You should see a message indicating that the signature is good and
>    made by that signing key.  Make sure that you have the right key,
>    either by checking the fingerprint of that key with other sources
>    or by checking that the key has been signed by a trustworthy other
>    key.  Note, that you can retrieve the signing key using the command
>
>      finger wk ,at' g10code.com
>
>    or using a keyserver like
>
>      gpg --recv-key 1CE0C630
>
>    The distribution key 1CE0C630 is signed by the well known key
>    5B0358A2.  If you get an key expired message, you should retrieve a
>    fresh copy as the expiration date might have been prolonged.
>
>    NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE
>    INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION!
>
>  * If you are not able to use an old version of GnuPG, you have to  
> verify
>    the SHA-1 checksum.  Assuming you downloaded the file
>    gnupg-2.0.1.tar.bz2, you would run the sha1sum command like this:
>
>      sha1sum gnupg-2.0.1.tar.bz2
>
>    and check that the output matches the first line from the
>    following list:
>
> ec84ffb1d2ac013dc0afb5bdf8b9df2c838673e9  gnupg-2.0.1.tar.bz2
> c6cca309b12700503bb4c671491ebf7a4cd6f1be  gnupg-2.0.0-2.0.1.diff.bz2
>
>
> What's New
> ===========
>
>  * Experimental support for the PIN pads of the SPR 532 and the Kaan
>    Advanced card readers.  Add "disable-keypad" scdaemon.conf if you
>    don't want it.  Does currently only work for the OpenPGP card and
>    its authentication and decrypt keys.
>
>  * Fixed build problems on some some platforms and crashes on amd64.
>
>  * Fixed a buffer overflow in gpg2. [bug#728]
>
>
> Internationalization
> ====================
>
> GnuPG comes with support for 27 languages.  Due to a lot of new and
> changed strings most translations are not entirely complete. However
> the Turkish, German and Russian translators have meanwhile finished
> their translations.  Updates of the other translations are expected
> for the next releases.
>
>
> Documentation
> =============
>
> We are currently working on an installation guide to explain in more
> detail how to configure the new features.  As of now the chapters on
> gpg-agent and gpgsm include brief information on how to set up the
> whole thing.  Please watch the GnuPG website for updates of the
> documentation.  In the meantime you may search the GnuPG mailing list
> archives or ask on the gnupg-users mailing lists for advise on how to
> solve problems.  Many of the new features are around for several years
> and thus enough public knowledge is already available.
>
>
> Support
> =======
>
> Improving GnuPG is costly, but you can help!  We are looking for
> organizations that find GnuPG useful and wish to contribute back.  You
> can contribute by reporting bugs, improve the software, or by donating
> money.
>
> Commercial support contracts for GnuPG are available, and they help
> finance continued maintenance.  g10 Code GmbH, a Duesseldorf based
> company owned and headed by GnuPG's principal author, is currently
> funding GnuPG development.  We are always looking for interesting
> development projects.
>
> A service directory is available at:
>
>   http://www.gnupg.org/service.html
>
>
> Thanks
> ======
>
> We have to thank all the people who helped with this release, be it
> testing, coding, translating, suggesting, auditing, administering the
> servers, spreading the word or answering questions on the mailing
> lists.
>
>
> Happy Hacking,
>
>   The GnuPG Team (David, Werner and all other contributors)
>
>
> -- 
> Werner Koch                                      <wk at gnupg.org>
> The GnuPG Experts                                http://g10code.com
> Join the Fellowship and protect your Freedom!    http://www.fsfe.org
> _______________________________________________
> Gnupg-announce mailing list
> Gnupg-announce at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-announce
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

More information about the Gnupg-users mailing list