[Announce] [security] GPGME 1.5.1 and 1.4.4 released

Werner Koch wk at gnupg.org
Thu Aug 7 17:08:49 CEST 2014


Hello!

I am pleased to announce version 1.5.1 of GPGME.

  GnuPG Made Easy (GPGME) is a C language library that allows to add
  support for cryptography to a program.  It is designed to make access
  to public key crypto engines as included in GnuPG easier for
  applications.  GPGME provides a high-level crypto API for encryption,
  decryption, signing, signature verification, and key management.

This is a security fix release and it is suggested to update to this
version.  Given that the 1.5 versions are quite new and implement
features which may raise problems with some software, I also released
version 1.4.4 with backported fixes.


* Noteworthy changes in version 1.5.1 (2014-07-30)

 - Fixed possible overflow in gpgsm and uiserver engines.
   [CVE-2014-3564]

 - Added support for GnuPG 2.1's --with-secret option.

 - Interface changes relative to the 1.5.0 release:
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 GPGME_KEYLIST_MODE_WITH_SECRET NEW.


* Noteworthy changes in version 1.4.4 (2014-07-30)

 - Fixed possible overflow in gpgsm and uiserver engines.
   [CVE-2014-3564]

 - Fixed possibled segv in gpgme_op_card_edit.

 - Fixed minor memleaks and possible zombie processes.

 - Fixed prototype inconsistencies and void pointer arithmetic.


* Download

  You may download version 1.5.1 from:

    ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.5.1.tar.bz2 (943k)
    ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.5.1.tar.bz2.sig

  You may download version 1.4.4 from:

    ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.4.4.tar.bz2 (936k)
    ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.4.4.tar.bz2.sig
  
  SHA-1 checksums are:
  
  a91c258e79acf30ec86a667e07f835e5e79342d8  gpgme-1.5.1.tar.bz2
  1f9f668886c25467987a11c0d37c45e1ffe66b8e  gpgme-1.4.4.tar.bz2

* Support

  Please send questions regarding the use of GPGME to the gnupg-devel
  mailing list:

    https://lists.gnupg.org/mailman/listinfo/gnupg-devel/

  If you need commercial support, you may want to consult this listing:

    https://www.gnupg.org/service.html

  The driving force behind the development of the GnuPG system is my
  company g10 Code.  Maintenance and improvement of GnuPG and related
  software takes up most of our resources.  To allow us to continue our
  work on free software, we ask to either purchase a support contract,
  engage us for custom enhancements, or to donate money:

    https://gnupg.org/donate/


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: </pipermail/attachments/20140807/4a4a7b4a/attachment.sig>


More information about the Gnupg-announce mailing list