1.4.11 release candidate (was: Overflow bug in bzip2)
Hi, The Windows installer version of GnuPG 1.4 uses a statically linked bzip library. Thus the bzip2 bug affects this version. We have not done a gnupg 1.4 release for more than a year. I believe it is best to first do a release candidate. There a couple of bug fixes collected over the last year to go into 1.4.11, but nothing really important. However to build the 1.4 windows installer we better use the new source along with an updated bzip. Here we go: GnuPG 1.4.11 release candidate 1 is availabale at ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.11rc1.tar.bz2 (3360k) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.11rc1.tar.bz2.sig and the Windows installer with the updated bzip2 at: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-w32cli-1.4.11rc1.exe (1607k) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-w32cli-1.4.11rc1.exe.sig SHA-1 checksums are: 56a9da797bf17f6447f1243ac682d4e7b91e24f0 gnupg-1.4.11rc1.tar.bz2 c6f421a7874c734d1d66bd756d1a5ee3cd5a44ee gnupg-w32cli-1.4.11rc1.exe Please check it out and report problems to this list. Note that translations are not completely up to date. We are also preparing a new version of Gpg4win; this may take a couple of days. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 1.4.11 release candidate
However to build the 1.4 windows installer we better use the new source along with an updated bzip. While you're at it, you might want to update zlib to version 1.2.5 - looking at the source, it seems that the currently used version is 1.1.4. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 1.4.11 release candidate
On Thu, 23 Sep 2010 14:20, war_is_pe...@privatdemail.net said: While you're at it, you might want to update zlib to version 1.2.5 - looking at the source, it seems that the currently used version is 1.1.4. I see no reason for such an update. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 1.4.11 release candidate
I see no reason for such an update. I remembered something with fixed security vulnerabilities - but those possible security vulnerabilities seem to be introduced in later versions than 1.1.4, which leaves bug fixes and performance improvements. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 1.4.11 release candidate
On Thu, Sep 23, 2010 at 08:26:19PM +0200, Werner Koch wrote: On Thu, 23 Sep 2010 14:20, war_is_pe...@privatdemail.net said: While you're at it, you might want to update zlib to version 1.2.5 - looking at the source, it seems that the currently used version is 1.1.4. I see no reason for such an update. CVE-2003-0107 ? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 1.4.11 release candidate
On Thu, Sep 23, 2010 at 08:26:19PM +0200, Werner Koch wrote: On Thu, 23 Sep 2010 14:20, war_is_pe...@privatdemail.net said: While you're at it, you might want to update zlib to version 1.2.5 - looking at the source, it seems that the currently used version is 1.1.4. I see no reason for such an update. CVE-2003-0107 ? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users