subject:"\[Announce\] GnuPG 2.2.6 released"

Re: [Announce] GnuPG 2.2.6 released

2018-04-18 Thread sgarl...@gmail.com

unsubscribe
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

[Announce] GnuPG 2.2.6 released

2018-04-10 Thread Werner Koch

Hello!

We are is pleased to announce the availability of a new GnuPG release:
version 2.2.6.  This is a maintenance release; see below for a list of
fixed bugs.


About GnuPG
===

The GNU Privacy Guard (GnuPG) is a complete and free implementation
of the OpenPGP standard which is commonly abbreviated as PGP.

GnuPG allows to encrypt and sign data and communication, features a
versatile key management system as well as access modules for public key
directories.  GnuPG itself is a command line tool with features for easy
integration with other applications.  A wealth of frontend applications
and libraries making use of GnuPG are available.  As an Universal Crypto
Engine GnuPG provides support for S/MIME and Secure Shell in addition to
OpenPGP.

GnuPG is Free Software (meaning that it respects your freedom).  It can
be freely used, modified and distributed under the terms of the GNU
General Public License.


Noteworthy changes in version 2.2.6
===

  * gpg,gpgsm: New option --request-origin to pretend requests coming
from a browser or a remote site.

  * gpg: Fix race condition on trustdb.gpg updates due to too early
released lock.  [#3839]

  * gpg: Emit FAILURE status lines in almost all cases.  [#3872]

  * gpg: Implement --dry-run for --passwd to make checking a key's
passphrase straightforward.

  * gpg: Make sure to only accept a certification capable key for key
signatures.  [#3844]

  * gpg: Better user interaction in --card-edit for the factory-reset
sub-command.

  * gpg: Improve changing key attributes in --card-edit by adding an
explicit "key-attr" sub-command.  [#3781]

  * gpg: Print the keygrips in the --card-status.

  * scd: Support KDF DO setup.  [#3823]

  * scd: Fix some issues with PC/SC on Windows.  [#3825]

  * scd: Fix suspend/resume handling in the CCID driver.

  * agent: Evict cached passphrases also via a timer.  [#3829]

  * agent: Use separate passphrase caches depending on the request
origin.  [#3858]

  * ssh: Support signature flags.  [#3880]

  * dirmngr: Handle failures related to missing IPv6 support
gracefully.  [#3331]

  * Fix corner cases related to specified home directory with
drive letter on Windows.  [#3720]

  * Allow the use of UNC directory names as homedir.  [#3818]


Getting the Software


Please follow the instructions found at  or
read on:

GnuPG 2.2.6 may be downloaded from one of the GnuPG mirror sites or
direct from its primary FTP server.  The list of mirrors can be found at
.  Note that GnuPG is not
available at ftp.gnu.org.

The GnuPG source code compressed using BZIP2 and its OpenPGP signature
are available here:

 https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.6.tar.bz2 (6430k)
 https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.6.tar.bz2.sig

An installer for Windows without any graphical frontend except for a
very minimal Pinentry tool is available here:

 https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.6_20180409.exe (3819k)
 https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.6_20180409.exe.sig

The source used to build the Windows installer can be found in the same
directory with a ".tar.xz" suffix.  A new Gpg4win installer featuring
this version of GnuPG will be available soon.


Checking the Integrity
==

In order to check that the version of GnuPG which you are going to
install is an original and unmodified one, you can do it in one of
the following ways:

 * If you already have a version of GnuPG installed, you can simply
   verify the supplied signature.  For example to verify the signature
   of the file gnupg-2.2.6.tar.bz2 you would use this command:

 gpg --verify gnupg-2.2.6.tar.bz2.sig gnupg-2.2.6.tar.bz2

   This checks whether the signature file matches the source file.
   You should see a message indicating that the signature is good and
   made by one or more of the release signing keys.  Make sure that
   this is a valid key, either by matching the shown fingerprint
   against a trustworthy list of valid release signing keys or by
   checking that the key has been signed by trustworthy other keys.
   See the end of this mail for information on the signing keys.

 * If you are not able to use an existing version of GnuPG, you have
   to verify the SHA-1 checksum.  On Unix systems the command to do
   this is either "sha1sum" or "shasum".  Assuming you downloaded the
   file gnupg-2.2.6.tar.bz2, you run the command like this:

 sha1sum gnupg-2.2.6.tar.bz2

   and check that the output matches the next line:

295298debcc2c12f02a2f2fdf04aecb6d6aae396  gnupg-2.2.6.tar.bz2
c9fe66788ea40bc57a189aa13e7c83add9baec40  gnupg-w32-2.2.6_20180409.exe
caff25b6576a8a2d63db844bb343c8d5455286d4  gnupg-w32-2.2.6_20180409.tar.xz


Internationalization


This version of GnuPG has support for 26 languages with Chinese, Czech,
French, German,

Re: [Announce] GnuPG 2.2.6 released

[Announce] GnuPG 2.2.6 released

2 matches

Site Navigation

Mail list logo

Footer information