Re: [Announce] GnuPG 2.0.1 released
reynt0 wrote: May one ask, is there any chance there will be such a packaged version for OS10.3.x as well as for 10.4.x? Unlikely I'm afraid: i/ The mac-gpg team consider 10.3.x to be a legacy system. ii/ I don't have access to 10.3.x iii/ gpg is easy enough to compile under MacOS now. However, please feel free to contribute a 10.3.x build. Ben ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.0.1 released
On Wed, 29 Nov 2006 18:40, [EMAIL PROTECTED] said: Two, actually. libgpg-error will not build unless I disable NLS. After that, libksba won't build at all. Yes, know. I have disabled NLS for my builds. TO solve this problem I will remove all included gettext implementations (intl/) for all libraries and require that the system comes with suitable gettext installation. gettext should by now available on most platforms and thus including it with each package is not anymore needed. Salam-Shalom, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.0.1 released
On Wed, 29 Nov 2006, Benjamin Donnachie wrote: . . . When I get time, I will prepare a packaged up version for MacOS which will be available through the mac-gpg project. May one ask, is there any chance there will be such a packaged version for OS10.3.x as well as for 10.4.x? Presently, the very helpful mac-gpg project has gnupg 1.4.5 only for OS10.4; for OS10.3 is provided only the less secure gnupg 1.4.1. The uncontrolled outgoing information flow required by the OS10.4 EULA http://www.eulascan.com/product.aspx?pid=22 makes using OS10.4 undesirable. I guess the same question applies to the gnupg 1.4.6 being worked on now. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[Announce] GnuPG 2.0.1 released
Hello! We are pleased to announce the availability of a new stable GnuPG-2 release: Version 2.0.1 This is maintenance release to fix build problems found after the release of 2.0.0 and to fix a buffer overflow in gpg2 The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards. GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.5) in that it splits up functionality into several modules. However, both versions may be installed alongside without any conflict. In fact, the gpg version from GnuPG-1 is able to make use of the gpg-agent as included in GnuPG-2 and allows for seamless passphrase caching. The advantage of GnuPG-1 is its smaller size and the lack of dependency on other modules at run and build time. We will keep maintaining GnuPG-1 versions because they are very useful for small systems and for server based applications requiring only OpenPGP support. GnuPG is distributed under the terms of the GNU General Public License (GPL). GnuPG-2 works best on GNU/Linux or *BSD systems. A port Windows is planned but work has not yet started. Getting the Software Please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 2.0.1 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the mirrors you should find the following files in the *gnupg* directory: gnupg-2.0.1.tar.bz2 (3.8Mk) gnupg-2.0.1.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-2.0.0-2.0.1.diff.bz2 (220k) A patch file to upgrade a 2.0.0 GnuPG source. This is only that large arge due to an update of the included gettext module. Note, that we don't distribute gzip compressed tarballs. Checking the Integrity == In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.0.1.tar.bz2 you would use this command: gpg --verify gnupg-2.0.1.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using the command finger wk ,at' g10code.com or using a keyserver like gpg --recv-key 1CE0C630 The distribution key 1CE0C630 is signed by the well known key 5B0358A2. If you get an key expired message, you should retrieve a fresh copy as the expiration date might have been prolonged. NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION! * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-2.0.1.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-2.0.1.tar.bz2 and check that the output matches the first line from the following list: ec84ffb1d2ac013dc0afb5bdf8b9df2c838673e9 gnupg-2.0.1.tar.bz2 c6cca309b12700503bb4c671491ebf7a4cd6f1be gnupg-2.0.0-2.0.1.diff.bz2 What's New === * Experimental support for the PIN pads of the SPR 532 and the Kaan Advanced card readers. Add disable-keypad scdaemon.conf if you don't want it. Does currently only work for the OpenPGP card and its authentication and decrypt keys. * Fixed build problems on some some platforms and crashes on amd64. * Fixed a buffer overflow in gpg2. [bug#728] Internationalization GnuPG comes with support for 27 languages. Due to a lot of new and changed strings most translations are not entirely complete. However the Turkish, German and Russian translators have meanwhile finished their translations. Updates of the other translations are expected for the next releases. Documentation = We are currently working on an installation guide to explain in more detail how to configure the new features. As of now the chapters on gpg-agent and gpgsm include brief information on how to set up the whole thing. Please watch the GnuPG website for updates of the documentation. In the meantime you may search the GnuPG mailing
Re: [Announce] GnuPG 2.0.1 released
Werner Koch wrote: This is maintenance release to fix build problems found after the release of 2.0.0 and to fix a buffer overflow in gpg2 Will there come a 1.4.6 too? -- ir. J.C.A. Wevers // Physics and science fiction site: [EMAIL PROTECTED] // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.0.1 released
Hi Werner, Do the build-problem fixes in 2.0.1 include OS X/Darwin? Or, should I wait for a future release? Joe On Nov 29, 2006, at 6:55 AM, Werner Koch wrote: Hello! We are pleased to announce the availability of a new stable GnuPG-2 release: Version 2.0.1 This is maintenance release to fix build problems found after the release of 2.0.0 and to fix a buffer overflow in gpg2 The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards. GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.5) in that it splits up functionality into several modules. However, both versions may be installed alongside without any conflict. In fact, the gpg version from GnuPG-1 is able to make use of the gpg-agent as included in GnuPG-2 and allows for seamless passphrase caching. The advantage of GnuPG-1 is its smaller size and the lack of dependency on other modules at run and build time. We will keep maintaining GnuPG-1 versions because they are very useful for small systems and for server based applications requiring only OpenPGP support. GnuPG is distributed under the terms of the GNU General Public License (GPL). GnuPG-2 works best on GNU/Linux or *BSD systems. A port Windows is planned but work has not yet started. Getting the Software Please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 2.0.1 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the mirrors you should find the following files in the *gnupg* directory: gnupg-2.0.1.tar.bz2 (3.8Mk) gnupg-2.0.1.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-2.0.0-2.0.1.diff.bz2 (220k) A patch file to upgrade a 2.0.0 GnuPG source. This is only that large arge due to an update of the included gettext module. Note, that we don't distribute gzip compressed tarballs. Checking the Integrity == In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.0.1.tar.bz2 you would use this command: gpg --verify gnupg-2.0.1.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using the command finger wk ,at' g10code.com or using a keyserver like gpg --recv-key 1CE0C630 The distribution key 1CE0C630 is signed by the well known key 5B0358A2. If you get an key expired message, you should retrieve a fresh copy as the expiration date might have been prolonged. NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION! * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-2.0.1.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-2.0.1.tar.bz2 and check that the output matches the first line from the following list: ec84ffb1d2ac013dc0afb5bdf8b9df2c838673e9 gnupg-2.0.1.tar.bz2 c6cca309b12700503bb4c671491ebf7a4cd6f1be gnupg-2.0.0-2.0.1.diff.bz2 What's New === * Experimental support for the PIN pads of the SPR 532 and the Kaan Advanced card readers. Add disable-keypad scdaemon.conf if you don't want it. Does currently only work for the OpenPGP card and its authentication and decrypt keys. * Fixed build problems on some some platforms and crashes on amd64. * Fixed a buffer overflow in gpg2. [bug#728] Internationalization GnuPG comes with support for 27 languages. Due to a lot of new and changed strings most translations are not entirely complete. However the Turkish, German and Russian translators have meanwhile finished their translations. Updates of the other translations are expected for the next releases. Documentation = We are currently working on an installation guide to explain in more detail how to configure the new features. As of now the chapters on gpg-agent and gpgsm
Re: [Announce] GnuPG 2.0.1 released
Johan Wevers wrote: Werner Koch wrote: This is maintenance release to fix build problems found after the release of 2.0.0 and to fix a buffer overflow in gpg2 Will there come a 1.4.6 too? Yes. I don't remember if this was asked, but will 1.4.6 have a Win32 build? -- /\_/\ /\_/\ /\_/\ ( o.o ) ( o.o ) ( o.o ) ^ ^ ^ Don't make me send my ASCII kitten minions. Key ID: 0x9C6CC3A3 Fingerprint: 5474 04A6 2BAC 7138 204A D61B 4246 59CB 9C6C C3A3 (Portable) Thunderbird 1.5.0.7 w/ Enigmail 0.94.1.1 and GnuPG 1.4.5 Windows XP SP2 Home Edition Every time you send private information unencrypted, a kitten cries. So won't you please, please, think of the kittens? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.0.1 released
Werner Koch wrote: libksba does not build out of the box. This is a problem with gnulib and ar. I might need to update gnulib in libksba - then I can check further. FWIW, I am using this box for the tests: I haven't tested it fully with the new version, but the following was in the darwin ports and worked well previously: edit gl/Makefile.in Change the line am_libgnu_la_OBJECTS = to am_libgnu_la_OBJECTS = alloca.lo Then ./configure, make etc. Ben ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.0.1 released
On Wed, 29 Nov 2006 18:08, [EMAIL PROTECTED] said: What problems are you having? libksba does not build out of the box. This is a problem with gnulib and ar. I might need to update gnulib in libksba - then I can check further. FWIW, I am using this box for the tests: Darwin ppc-osx3.cf.sourceforge.net 6.8 Darwin Kernel Version 6.8: Wed Sep 10 15:20:55 PDT 2003; root:xnu/xnu-344.49.obj~2/RELEASE_PPC Power Macintosh powerpc Shalom-Salam, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.0.1 released
On Nov 29, 2006, at 10:08 AM, Benjamin Donnachie wrote: Joseph Oreste Bruni wrote: Do the build-problem fixes in 2.0.1 include OS X/Darwin? Or, should I wait for a future release? What problems are you having? Ben Two, actually. libgpg-error will not build unless I disable NLS. After that, libksba won't build at all. I'm using 10.4.8 on an intel iMac. Darwin lethe 8.8.1 Darwin Kernel Version 8.8.1: Mon Sep 25 19:42:00 PDT 2006; root:xnu-792.13.8.obj~1/RELEASE_I386 i386 i386 -Joe smime.p7s Description: S/MIME cryptographic signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.0.1 released
On Wed, 29 Nov 2006 18:47, [EMAIL PROTECTED] said: edit gl/Makefile.in Change the line am_libgnu_la_OBJECTS = to am_libgnu_la_OBJECTS = alloca.lo I have found a more portable way to do it. Ii is in libksba 1.0.1. The problem is that ar(1) does not like ar cru foo.a to simply create an empty library foo.a. Now, we won't need alloca on OS X and thus the configure stuff creates a Makefile with no modules and thus ar is called without any object modules by litool. Addin a dummy object helps. Shalom-Salam, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users