From wk at gnupg.org Tue Jul 25 14:10:23 2006 From: wk at gnupg.org (Werner Koch) Date: Tue Jul 25 14:12:12 2006 Subject: [Announce] Gpg4win 1.0.4 released Message-ID: <87u055opg0.fsf@wheatstone.g10code.de> Hi! We are pleased to announce the availibility of Gpg4win, version 1.0.4. * This version fixes a problem with several utilities like GPGee and parts of WinPT introduced with the last version. * Please make sure to subscribe to the new gpg4win announcement mailing list. We might stop in the future to cross post announcements to the general GnuPG annoucement list. See: http://lists.wald.intevation.org/mailman/listinfo/gpg4win-announce About Gpg4win ------------- The Gpg4win project aims at updating the Gpg4win Windows installation package with GnuPG encryption tool, associated applications and documentation on a regular basis. Especially the documentation (handbooks "Einsteiger" and "Durchblicker") are directly maintained as part of the gpg4win project. It is an international project. Due to the origin of the project the German language is fully supported. As of now the the handbooks are only available in German. People helping with translations are very welcome! The main difference compared to all other similar approaches (mainly GnuPP, GnuPT, Windows Privacy Tools and GnuPG-Basics) is that the first thing developed was the Gpg4win-Builder. This builder allows to easily create new gpg4win.exe installers with updated components. The builder runs on any decent Unix system, preferable Debian GNU/Linux. Almost all products are automatically cross-compiled for integration into the installer. With this concept it is hoped to prevent quick aging of the installer package. This is due to easier updating and less dependancy on single developers. Noteworthy changes in version 1.0.4 (2006-07-25) ------------------------------------------------ * Changed GnuPG to again allow working with certain frontends. * Added icons to GPA and Sylpheed-Claws. * Install an English manual for Sylpheed-Claws. * Included components are: GnuPG: 1.4.4 [*] WinPT: 0.12.3 GPA: 0.7.4 [*] GPGol: 0.9.10 GPGee: 1.3.1 Sylpheed-Claws: 2.3.1 [*] Einsteiger: 2.0.2 Durchblicker: 2.0.2 (Marked packages are updated since the last release) Installation ------------ For installation instructions, please visit http://www.gpg4win.org or read on. Developers who want to *build an installer* need to get the following files from http://wald.intevation.org/projects/gpg4win/ : gpg4win-1.0.4.tar.bz2 (3.9M) gpg4win-1.0.4.tar.bz2.sig The second file is a digital signature of the the first file. Either check that this signature is fine or compare with the checksums given below. (see also http://www.gnupg.org/download/integrity_check.html) The *ready to use installer* is available at: http://ftp.gpg4win.org/gpg4win-1.0.4.exe (6.3M) http://ftp.gpg4win.org/gpg4win-1.0.4.exe.sig Or using the ftp protocol at: ftp://ftp.gpg4win.org/gpg4win/gpg4win-1.0.4.exe (6.3M) ftp://ftp.gpg4win.org/gpg4win/gpg4win-1.0.4.exe.sig SHA1 and MD5 checksums for these files are given below. If you don't need the manuals, you might alternatively download the "light" version of the installer: http://ftp.gpg4win.org/gpg4win-light-1.0.4.exe (4.6M) http://ftp.gpg4win.org/gpg4win-light-1.0.4.exe.sig or using FTP at: ftp://ftp.gpg4win.org/gpg4win/gpg4win-1.0.4.exe (4.6M) ftp://ftp.gpg4win.org/gpg4win/gpg4win-1.0.4.exe.sig A separate installer with the the sources used to build the above installer is available at: ftp://ftp.gpg4win.org/gpg4win/gpg4win-src-1.0.4.exe (41M) ftp://ftp.gpg4win.org/gpg4win/gpg4win-src-1.0.4.exe.sig Most people don't need this source installer; it is merely stored on that server to satisfy the conditions of the GPL. In general it is better to get the gpg4win builder tarball (see above) and follow the instructions in the README to build new installers; building the installer is not possible on Windows machines and works best on current Debian GNU/Linux systems (we use the mingw32 package from Sid). SHA1 checksums are: c8bac61971ba28174e1ce0be911a4da01b6d83e3 gpg4win-1.0.4.exe 6409448a5e8b905747db027daa88d7bbaf93f29d gpg4win-light-1.0.4.exe 1b09104dfc5c131f19cad884607cb0762b712919 gpg4win-src-1.0.4.exe 340ecdfc315c7c022093e2ec151884560459319f gpg4win-1.0.4.tar.bz2 MD5 checksums are: 70541b9a5bc72e846194b7f7b6afd681 gpg4win-1.0.4.exe 574e5b1c215cbce561e7d82603adadc4 gpg4win-light-1.0.4.exe ed7965552a62564c7960eeea4e58b3ff gpg4win-src-1.0.4.exe fb8c2552cf2628f2f1580d50f105504c gpg4win-1.0.4.tar.bz2 We like to thank the authors of the included packages, the NSIS authors, all other contributors and first of all, those folks who stayed with us and tested the early releases of gpg4win. To help furthering this project, please consider to sponsor the development. See http://www.gpg4win.org . Happy hacking [1], Jan, Marcus, Timo and Werner [1] Or better take a walk to your favorite swimming pool in case you are suffering from the heatwave over Europe. -- Werner Koch The GnuPG Experts http://g10code.com Join the Fellowship and protect your Freedom! http://www.fsfe.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20060725/5bcf0306/attachment.pgp From wk at gnupg.org Tue Aug 1 17:37:08 2006 From: wk at gnupg.org (Werner Koch) Date: Tue Aug 1 17:38:57 2006 Subject: [Announce] GnuPG 1.4.5 released (another security fix) Message-ID: <87y7u8tql7.fsf@wheatstone.g10code.de> Hello! We are pleased to announce the availability of a new stable GnuPG release: Version 1.4.5 This is maintenance release to fix a recently detected flaw in the handling of certain packets, see the NEWS part below. UPDATING TO THIS VERSION IS HIGHLY RECOMMENDED! The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It is a complete and free replacement of PGP and can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. Getting the Software ==================== Please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 1.4.5 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the mirrors you should find the following files in the *gnupg* directory: gnupg-1.4.5.tar.bz2 (3017k) gnupg-1.4.5.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-1.4.5.tar.gz (4247k) gnupg-1.4.5.tar.gz.sig GnuPG source compressed using GZIP and OpenPGP signature. gnupg-1.4.4-1.4.5.diff.bz2 (116k) A patch file to upgrade a 1.4.4 GnuPG source. Select one of them. To shorten the download time, you probably want to get the BZIP2 compressed file. Please try another mirror if exceptional your mirror is not yet up to date. In the *binary* directory, you should find these files: gnupg-w32cli-1.4.5.exe (1460k) gnupg-w32cli-1.4.5.exe.sig GnuPG compiled for Microsoft Windows and OpenPGP signature. This is a command line only version; the source files are the same as given above. Note, that this is a minimal installer and unless you are just in need for the gpg binary, you are better off using the full featured installer at http://www.gpg4win.org . A new version of Gpg4win, including this version of GnuPG will be available and announced really soon. Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-1.4.5.tar.bz2 you would use this command: gpg --verify gnupg-1.4.5.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using the command finger wk ,at' g10code.com or using a keyserver like gpg --recv-key 1CE0C630 The distribution key 1CE0C630 is signed by the well known key 5B0358A2. If you get an key expired message, you should retrieve a fresh copy as the expiration date might have been prolonged. NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION! * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-1.4.5.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-1.4.5.tar.bz2 and check that the output matches the first line from the following list: 4f8705dec4a32a19cd972a61244fd676fbc28bd7 gnupg-1.4.5.tar.gz 553fefe0da5a91108dd9468e381faf9487754f9a gnupg-1.4.5.tar.bz2 0db5569be69f309f7c6aad7e77283945b503c77d gnupg-1.4.4-1.4.5.diff.bz2 c59fc69449d332133f2574523d0e29989fc981f5 gnupg-w32cli-1.4.5.exe Upgrade Information =================== If you are upgrading from a version prior to 1.0.7, you should run the script tools/convert-from-106 once. Please note also that due to a bug in versions prior to 1.0.6 it may not be possible to downgrade to such versions unless you apply the patch http://www.gnupg.org/developer/gpg-woody-fix.txt . If you have any problems, please see the FAQ and the mailing list archive at http://lists.gnupg.org. Please direct questions to the gnupg-users@gnupg.org mailing list. What's New =========== * Reverted check for valid standard handles under Windows. * More DSA2 tweaks. * Fixed a problem uploading certain keys to the smart card. * Fixed 2 more possible memory allocation attacks. They are similar to the problem we fixed with 1.4.4. This bug can easily be be exploted for a DoS; remote code execution is not entirely impossible. * Added Norwegian translation. Internationalization ==================== GnuPG comes with support for 29 languages. Due to a lot of new and changed strings the translations are not entirely complete. Future Directions ================= GnuPG 1.4.x is the current stable branch and will be kept as the easy to use and build single-executable versions. We plan to backport new features from the development series to 1.4. GnuPG 1.9.x is the development series of GnuPG. This version merged the code from the Aegypten project and thus includes the gpg-agent, a smartcard daemon and gpg's S/MIME cousin gpgsm. The design is different to the previous versions and we may not support all ancient systems - thus POSIX compatibility will be an absolute requirement for supported platforms. We plan to release GnuPG 2.0 within this year. IF YOU NEED GNUPG 1.9, IT IS HIGHLY SUGGESTED THAT YOU INSTALL IT IN ADDITION TO GNUPG 1.4! Both versions will peacefully coexist and extend each other. Support ======= Improving GnuPG is costly, but you can help! We are looking for organizations that find GnuPG useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or by donating money. Commercial support contracts for GnuPG are available, and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company owned and headed by gpg's principal author, is currently funding GnuPG development. We are always looking for interesting development projects. A service directory is available at: http://www.gnupg.org/service.html Thanks ====== We have to thank all the people who helped with this release, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word or answering questions on the mailing lists. Happy Hacking, The GnuPG Team (David, Werner and the other contributors) -- Werner Koch The GnuPG Experts http://g10code.com Join the Fellowship and protect your Freedom! http://www.fsfe.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20060801/b9d6400d/attachment-0001.pgp From wk at gnupg.org Wed Aug 2 10:08:56 2006 From: wk at gnupg.org (Werner Koch) Date: Wed Aug 2 10:10:50 2006 Subject: [Announce] Gpg4win 1.0.5 released (security fix) Message-ID: <874pwvtv8n.fsf@wheatstone.g10code.de> Hi! We are pleased to announce the availibility of Gpg4win, version 1.0.5. * This version contains a security fix for the GnuPG component. *Updating to this version is strongly recommended*. * Please also make sure to subscribe to the new gpg4win announcement mailing list. We might stop in the future to cross post announcements to the general GnuPG annoucement list. See: http://lists.wald.intevation.org/mailman/listinfo/gpg4win-announce About Gpg4win ------------- The Gpg4win project aims at updating the Gpg4win Windows installation package with GnuPG encryption tool, associated applications and documentation on a regular basis. Especially the documentation (handbooks "Einsteiger" and "Durchblicker") are directly maintained as part of the gpg4win project. It is an international project. Due to the origin of the project the German language is fully supported. As of now the the handbooks are only available in German. People helping with translations are very welcome! The main difference compared to all other similar approaches (mainly GnuPP, GnuPT, Windows Privacy Tools and GnuPG-Basics) is that the first thing developed was the *gpg4win-Builder*. This builder allows to easily create new gpg4win.exe installers with updated components. The builder runs on any decent Unix system, preferable Debian GNU/Linux. Almost all products are automatically cross-compiled for integration into the installer. With this concept it is hoped to *prevent quick aging of the* *installer package*. This is due to easier updating and less dependancy on single developers. Noteworthy changes in version 1.0.5 (2006-08-02) ------------------------------------------------ * Fixed another security related bug in GnuPG. * Included components are: GnuPG: 1.4.5 [*] WinPT: 0.12.3 GPA: 0.7.4 GPGol: 0.9.10 GPGee: 1.3.1 Sylpheed-Claws: 2.3.1 Einsteiger: 2.0.2 Durchblicker: 2.0.2 (Marked packages are updated since the last release) Installation ------------ For installation instructions, please visit http://www.gpg4win.org or read on. Developers who want to *build an installer* need to get the following files from http://wald.intevation.org/projects/gpg4win/ : gpg4win-1.0.5.tar.bz2 (3.9M) gpg4win-1.0.5.tar.bz2.sig The second file is a digital signature of the the first file. Either check that this signature is fine or compare with the checksums given below. (see also http://www.gnupg.org/download/integrity_check.html) The *ready to use installer* is available at: http://ftp.gpg4win.org/gpg4win-1.0.5.exe (6.2M) http://ftp.gpg4win.org/gpg4win-1.0.5.exe.sig Or using the ftp protocol at: ftp://ftp.gpg4win.org/gpg4win/gpg4win-1.0.5.exe (6.2M) ftp://ftp.gpg4win.org/gpg4win/gpg4win-1.0.5.exe.sig SHA1 and MD5 checksums for these files are given below. If you don't need the German PDF manuals, you might alternatively download the "light" version of the installer: http://ftp.gpg4win.org/gpg4win-light-1.0.5.exe (4.6M) http://ftp.gpg4win.org/gpg4win-light-1.0.5.exe.sig or using the ftp protocol at: ftp://ftp.gpg4win.org/gpg4win/gpg4win-1.0.5.exe (4.6M) ftp://ftp.gpg4win.org/gpg4win/gpg4win-1.0.5.exe.sig A separate installer with the the sources used to build the above installer is available at: ftp://ftp.gpg4win.org/gpg4win/gpg4win-src-1.0.5.exe (41M) ftp://ftp.gpg4win.org/gpg4win/gpg4win-src-1.0.5.exe.sig Most people don't need this source installer; it is merely stored on that server to satisfy the conditions of the GPL. In general it is better to get the gpg4win builder tarball (see above) and follow the instructions in the README to build new installers; building the installer is not possible on Windows machines and works best on current Debian GNU/Linux systems (we use the mingw32 package from Sid). SHA1 checksums are: 2f33cc305fec2a054d0669e559b8c802db1da105 gpg4win-1.0.5.tar.bz2 a72ea3747dcf789c27f98565cd95d5ffd467000a gpg4win-1.0.5.exe 138a7ba8efeb70552594df1c81839ae70fda291e gpg4win-light-1.0.5.exe 1e03125a5a8c3984b4fe2bc4b99d89d2aaf5f4de gpg4win-src-1.0.5.exe MD5 checksums are: 1d9df4916d53d1568e1207a0000be145 gpg4win-1.0.5.tar.bz2 2dd762f4284fc69643d280f41da7a1a0 gpg4win-1.0.5.exe e32f8ca4707a5c98fcd998c534e2938d gpg4win-light-1.0.5.exe 4a187db7c3d94dfd6b6fc55b0c586f4c gpg4win-src-1.0.5.exe We like to thank the authors of the included packages, the NSIS authors, all other contributors and first of all, those folks who stayed with us and tested the early releases of gpg4win. Happy hacking, Jan, Marcus, Timo and Werner -- Werner Koch The GnuPG Experts http://g10code.com Join the Fellowship and protect your Freedom! http://www.fsfe.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20060802/7c4ad056/attachment.pgp From wk at gnupg.org Mon Aug 28 14:13:32 2006 From: wk at gnupg.org (Werner Koch) Date: Mon Aug 28 14:16:25 2006 Subject: [Announce] Libgcrypt 1.2.3 released Message-ID: <878xl93vo3.fsf@wheatstone.g10code.de> Hello! We are pleased to announce the availability of Libgcrypt 1.2.3. Libgcrypt is a general purpose library of cryptographic building blocks. It is orgilayy based on the code used in GnuPG. This is a bug fix release solving a few minor issues. There are no new features. It is suggested that all users of Libgcrypt update to this version. Noteworthy changes are: * Rewrote gcry_mpi_rshift to allow arbitrary shift counts. * Minor bug fixes. Source code is hosted at the GnuPG FTP server and its mirrors as listed at http://www.gnupg.org/download/mirrors.html . On the primary server the source file and its digital signature are: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.2.3.tar.bz2 (766k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.2.3.tar.bz2.sig These files are bzip2 compressed. If you can't use the bunzip2 tool, gzip compressed versions of the files are also available: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.2.2.tar.gz (963k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.2.2.tar.gz.sig As an alternative a patch against version 1.2.2 is available as: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.2.2-1.2.3.diff.bz2 (45k) SHA-1 checksums are: a9efab77c764a57ac13e11cf89396f945d0da85d libgcrypt-1.2.3.tar.bz2 9680c8b3ffa20a82c32aa0d8947202c74c82f6eb libgcrypt-1.2.3.tar.gz aefc7e0ea5156d034e849df582803b409de64182 libgcrypt-1.2.2-1.2.3.diff.bz2 For help on installing or developing with Libgcrypt you should send mail to the grcypt-devel mailing list. For details see http://www.gnupg.org/documentation/mailing-lists.html . Improving Libgcrypt is costly, but you can help! We are looking for organizations that find Libgcrypt useful and wish to contribute back. You can contribute by reporting bugs, improve the software [1], or by donating money. Commercial support contracts for Libgcrypt are available [2], and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company owned and headed by gpg's principal author, is currently funding Libgcrypt development. We are always looking for interesting development projects. Happy hacking, Werner [1] As a GNU project copyright assignments to the FSF are required. [2] See the service directory at http://www.gnupg.org/service.html . -- Werner Koch The GnuPG Experts http://g10code.com Join the Fellowship and protect your Freedom! http://www.fsfe.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20060828/b60aecf0/attachment.pgp From wk at gnupg.org Mon Aug 28 19:19:05 2006 From: wk at gnupg.org (Werner Koch) Date: Mon Aug 28 19:21:34 2006 Subject: [Announce] Gpg4win 1.0.6 released Message-ID: <87zmdo7p86.fsf@wheatstone.g10code.de> Hi! We are pleased to announce the availibility of Gpg4win, version 1.0.6. * This version updates several packages and fixes some minor bugs. * Please make sure to subscribe to the new gpg4win announcement mailing list. We will soon stop to cross post announcements to the general GnuPG annoucement list. See: http://lists.wald.intevation.org/mailman/listinfo/gpg4win-announce About Gpg4win ------------- The Gpg4win project aims at updating the Gpg4win Windows installation package with GnuPG encryption tool, associated applications and documentation on a regular basis. Especially the documentation (handbooks "Einsteiger" and "Durchblicker") are directly maintained as part of the gpg4win project. It is an international project. Due to the origin of the project the German language is fully supported. As of now the the handbooks are only available in German. People helping with translations are very welcome! The main difference compared to all other similar approaches (mainly GnuPP, GnuPT, Windows Privacy Tools and GnuPG-Basics) is that the first thing developed was the Gpg4win-Builder. This builder allows to easily create new gpg4win.exe installers with updated components. The builder runs on any decent Unix system, preferable Debian GNU/Linux. Almost all products are automatically cross-compiled for integration into the installer. With this concept it is hoped to prevent quick aging of the installer package. This is due to easier updating and less dependancy on single developers. Noteworthy changes in version 1.0.6 (2006-08-28) ------------------------------------------------ * Packaged new versions of GPGol, Sylpheed-Claws and WinPT. * Included components are: GnuPG: 1.4.5 WinPT: 1.0.0 [*] GPA: 0.7.4 GPGol: 0.9.90 [*] GPGee: 1.3.1 Sylpheed-Claws: 2.4.0 [*] Einsteiger: 2.0.2 Durchblicker: 2.0.2 (Marked packages are updated since the last release) Installation ------------ For installation instructions, please visit http://www.gpg4win.org or read on. Developers who want to *build an installer* need to get the following files from http://wald.intevation.org/projects/gpg4win/ : gpg4win-1.0.6.tar.bz2 (4.1M) gpg4win-1.0.6.tar.bz2.sig The second file is a digital signature of the the first file. Either check that this signature is fine or compare with the checksums given below. (see also http://www.gnupg.org/download/integrity_check.html) The *ready to use installer* is available at: http://ftp.gpg4win.org/gpg4win-1.0.6.exe (6.4M) http://ftp.gpg4win.org/gpg4win-1.0.6.exe.sig Or using the ftp protocol at: ftp://ftp.gpg4win.org/gpg4win/gpg4win-1.0.6.exe (6.4M) ftp://ftp.gpg4win.org/gpg4win/gpg4win-1.0.6.exe.sig SHA1 and MD5 checksums for these files are given below. If you don't need the manuals, you might alternatively download the "light" version of the installer: http://ftp.gpg4win.org/gpg4win-light-1.0.6.exe (4.7M) http://ftp.gpg4win.org/gpg4win-light-1.0.6.exe.sig or using FTP at: ftp://ftp.gpg4win.org/gpg4win/gpg4win-1.0.6.exe (4.7M) ftp://ftp.gpg4win.org/gpg4win/gpg4win-1.0.6.exe.sig A separate installer with the the sources used to build the above installer is available at: ftp://ftp.gpg4win.org/gpg4win/gpg4win-src-1.0.6.exe (43M) ftp://ftp.gpg4win.org/gpg4win/gpg4win-src-1.0.6.exe.sig Most people don't need this source installer; it is merely stored on that server to satisfy the conditions of the GPL. In general it is better to get the gpg4win builder tarball (see above) and follow the instructions in the README to build new installers; building the installer is not possible on Windows machines and works best on current Debian GNU/Linux systems (we use the mingw32 package from Sid). SHA1 checksums are: 1917fcc7cb43ea06d63e390595fcaa6e9c623e0f gpg4win-1.0.6.exe 236c8f0de199b093f46c1d32eb5ccad6ea496079 gpg4win-light-1.0.6.exe a7353c2bf717c76159d8a8bb98da1f72de97ebb8 gpg4win-src-1.0.6.exe bbfc08e5ec9532e4b87dc6be74cb6c5a5ad84139 gpg4win-1.0.6.tar.bz2 MD5 checksums are: 2e7eee38a33cf5402039f32d574e6449 gpg4win-1.0.6.exe b2988a83553a22f32f840e2bd2048734 gpg4win-light-1.0.6.exe 6e33ad8ef1783d6d65ad84e1d87d1fe0 gpg4win-src-1.0.6.exe 3489d10a84816072c72f6bd6338a867e gpg4win-1.0.6.tar.bz2 We like to thank the authors of the included packages, the NSIS authors, all other contributors and first of all, those folks who stayed with us and tested the early releases of gpg4win. To help furthering this project, please consider to sponsor the development. See http://www.gpg4win.org . Happy hacking, Jan, Marcus, Timo and Werner -- Werner Koch The GnuPG Experts http://g10code.com Join the Fellowship and protect your Freedom! http://www.fsfe.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20060828/f979da53/attachment.pgp From wk at gnupg.org Thu Aug 31 17:45:31 2006 From: wk at gnupg.org (Werner Koch) Date: Thu Aug 31 17:47:30 2006 Subject: [Announce] Libksba 1.0.0 released. Message-ID: <877j0o29k4.fsf@wheatstone.g10code.de> Hi! After about 5 years of beta testing, I am pleased to announce the availability of libksba 1.0.0. Libksba is an X.509 and CMS (pkcs#7) library. It is for example required to build the S/MIME part of GnuPG (gpgsm). The only build requirement for Libksba itself is the libgpg-error package. There are no other dependencies; actual cryptographic operations need to be done by the user. Libksba is distributed under the GPL. There are no user tools accompanying this software, so it is only relevant to developers. You may downlaod the software from: ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.0.0.tar.bz2 (490k) ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.0.0.tar.bz2.sig or any mirror of ftp.gnupg.org. Commercial support contracts for Libksba are available, and they help finance continued maintenance. g10 Code, a Duesseldorf based company owned and headed by libksba's principal author, is currently funding its development. We are always looking for interesting development projects. Happy hacking, Werner -- Werner Koch g10 Code GmbH http://www.g10code.com -=- The GnuPG Experts -=- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20060831/7c1d628b/attachment.pgp From wk at gnupg.org Thu Sep 14 16:50:39 2006 From: wk at gnupg.org (Werner Koch) Date: Thu Sep 14 16:56:35 2006 Subject: [Announce] libgpg-error 1.4 released Message-ID: <87y7smec3k.fsf@wheatstone.g10code.de> Hi, We are pleased to announce version 1.4 of libgpg-error, a library for common error values and messages in GnuPG components. This is a shared library so it can be updated independently of each individual component, while still allowing the use of new error values in inter-process communication. It may be found in the files ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.4.tar.bz2 (457k) ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.4.tar.bz2.sig or gzip compressed ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.4.tar.gz (601k) ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.4.tar.gz.sig or as a patch to upgrade from 1.3: ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.3-1.4.diff.bz2 (30k) It should soon appear on the mirrors listed at: http://www.gnupg.org/mirrors.html Bug reports and requests for assistance should be sent to: gnupg-devel@gnupg.org The sha1sum checksums for this distibution are a1f42d6b8d795d657a1f592138a14991f5aeeb85 libgpg-error-1.4.tar.gz 6e6f701541e1ecf0a8e438b5b3d26ef05f6b1ffb libgpg-error-1.4.tar.bz2 b565cf7de380e2ade046ddebdb2c8d3a0e1cf75e libgpg-error-1.3-1.4.diff.bz2 Noteworthy changes in version 1.4 (2006-09-14) ---------------------------------------------- * Support for Common Lisp is included. * New error codes for the Assuan IPC library. * New error code GPG_ERR_MISSING_ERRNO to be used in cases when a system accidently does not set errno but a system error definitely occured. * New error source GPG_ERR_SOURCE_ANY to allow proper use of libgpg-error even if a specific source is not available. * New convenience functions gpg_err_code_from_syserror and gpg_error_from_syserror which make sure never to return 0. The new gpg_error_from_syserror is robustness feature useful in cases where you want to make sure that an error is returned even if accidently ERRNO has not been set. For example: void foo (size_t n) { char *p = my_malloc (n); if (!p) return gpg_error_from_errno (errno); bar (p, n); free (p); return 0; /* Success. */ } With a faulty my_malloc which does not set ERRNO on failure, this code would falsely return success if my_malloc has failed. Replacing the test by: if (!p) return gpg_error_from_syserror (); solves the problem as the new function will return GPG_ERR_MISSING_ERRNO in this case. It has also the advantage of avoiding the need to include errno.h. Shalom-Salam, Werner p.s. Commercial support contracts for GnuPG and related software are available, and they help finance continued maintenance. g10 Code, a Duesseldorf based company owned and headed by GnuPG's principal author, is currently funding GnuPG development. We are always looking for interesting development projects. -- Werner Koch The GnuPG Experts http://g10code.com Join the Fellowship and protect your Freedom! http://www.fsfe.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20060914/312ab71a/attachment.pgp From wk at gnupg.org Tue Sep 19 15:01:05 2006 From: wk at gnupg.org (Werner Koch) Date: Tue Sep 19 15:02:58 2006 Subject: [Announce] GnuPG Logo Contest Message-ID: <87ac4w9fji.fsf@wheatstone.g10code.de> Hi! After 8 years the time has come to modernize the GnuPG logo and to work on a new layout of the website. We appreciate Thomas L?ffelholz's Gnus-guarding-the-door logo which has served us for a long time. However, GnuPG has moved forward and is not anymore a plain OpenPGP application but features other protocols as well (S/MIME and partly Secure Shell). Further, the current logo is too detailed to be used as an icon or to be printed on a t-shirt. Thus we want to have a new modern logo. To get to such a logo we try something new: We ask you to donate to the logo contest and then offer the collected funds to the winner of that contest. Here are the rules for the contest: * Submissions should be send by mail to logo-contest at gnupg dot org. Sending just an URL is recommended. At least one PNG scaled to 300 pixel on one axis is required. Sending a design concept is appreciated. * The design should convey the message of freedom and privacy. It must not exploit or offend anyone's sex, race or religion, be obscene or propagate violence. * The logo shall be available in a free format (bitmap or vector) and eventually made available in source form, modifiable using Free Software (xcf, fig, etc.). The submitter's name and snail mail address is required for exchanging legal papers. * The winning submitter must agree to assign the copyright to the FSF and attach no other restrictions to the use of the logo. All submitters must declare that they do not infringe the rights of another party and that publishing their logos for the purpose of this contest is acceptable. * The contest runs until *October 31, 2006*. A jury will then select the winning submission. The winner will receive 50% of the collected funds. The three top rated submitters are eligible for a gnupg dot org mail alias. * All contributors to GnuPG who signed a copyright assignment with the FSF, actually provided code or translations and do not participate in the contest make up the jury to decide on the new logo. The file AUTHORS in the GnuPG 1.4.5 tarball has a list of these folks. Simple majority is used to decide. Collecting and spending the donations: * The donations are collected for the purpose of creating a logo and a new website layout. * The winner of the logo contest will receive 50% of the collected funds. The leftover funds will be used for a follow-up contest to redesign and re-implement the website. * A list of sponsors will be published after the final logo has been selected. * In case that for unforeseeable reasons a winner could be determined or we cannot spend the collected funds, they will be donated to the Free Software Foundation Europe. * The funds are collected through Paypal online payment. For legal reasons and ease of setup they will be collected by g10 Code GmbH, a company headed by GnuPG's principal author Werner Koch. Note, that the tax office will likely require to transfer a 16% VAT, thus the collected funds need to be reduced by this amount. g10 Code will do a weekly report on the received funds as well as a final report after selection of the winner. To donate to this contest and for latest information please go to http://www.gnupg.org/misc/logo-contest.html . Shalom-Salam, Werner -- Werner Koch The GnuPG Experts http://g10code.com Join the Fellowship and protect your Freedom! http://www.fsfe.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20060919/3e674d37/attachment-0001.pgp