[git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.24-4-g045c979
by Werner Koch
cvs at cvs.gnupg.org
Wed Jun 25 17:21:17 CEST 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 045c979a7673112bdb4e04f1bc7d3d4afbc775f8 (commit)
via 044847a0e2013a2833605c1a9f80cfa6ef353309 (commit)
via 616126530f92ab31abcbf3fad9a34532e378355d (commit)
from 6aa0464db9785a5f9d63b3ff826500b4e2dd7c0e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 045c979a7673112bdb4e04f1bc7d3d4afbc775f8
Author: Werner Koch <wk at gnupg.org>
Date: Wed Jun 25 17:16:40 2014 +0200
agent: Let gpg-protect-tool pass envvars to pinentry.
* agent/protect-tool.c (opt_session_env): New.
(main): Pass session environment object to
gnupg_prepare_get_passphrase.
--
GnuPG-bug-id: 1402
The full story can be found at
https://bugzilla.redhat.com/show_bug.cgi?id=548528
Sorry for the delay.
diff --git a/agent/protect-tool.c b/agent/protect-tool.c
index dc040f9..aff0abd 100644
--- a/agent/protect-tool.c
+++ b/agent/protect-tool.c
@@ -47,8 +47,8 @@
#include "estream.h"
-enum cmd_and_opt_values
-{
+enum cmd_and_opt_values
+{
aNull = 0,
oVerbose = 'v',
oArmor = 'a',
@@ -56,7 +56,7 @@ enum cmd_and_opt_values
oProtect = 'p',
oUnprotect = 'u',
-
+
oNoVerbose = 500,
oShadow,
oShowShadowInfo,
@@ -73,13 +73,13 @@ enum cmd_and_opt_values
oNoFailOnExist,
oHomedir,
oPrompt,
- oStatusMsg,
+ oStatusMsg,
oAgentProgram
};
-struct rsa_secret_key_s
+struct rsa_secret_key_s
{
gcry_mpi_t n; /* public modulus */
gcry_mpi_t e; /* public exponent */
@@ -101,7 +101,8 @@ static const char *opt_passphrase;
static char *opt_prompt;
static int opt_status_msg;
static const char *opt_p12_charset;
-static const char *opt_agent_program;
+static const char *opt_agent_program;
+static session_env_t opt_session_env;
static char *get_passphrase (int promptno);
static void release_passphrase (char *pw);
@@ -117,13 +118,13 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_c (oShadow, "shadow", "create a shadow entry for a public key"),
ARGPARSE_c (oShowShadowInfo, "show-shadow-info", "return the shadow info"),
ARGPARSE_c (oShowKeygrip, "show-keygrip", "show the \"keygrip\""),
- ARGPARSE_c (oP12Import, "p12-import",
+ ARGPARSE_c (oP12Import, "p12-import",
"import a pkcs#12 encoded private key"),
ARGPARSE_c (oP12Export, "p12-export",
"export a private key pkcs#12 encoded"),
ARGPARSE_c (oS2Kcalibration, "s2k-calibration", "@"),
-
+
ARGPARSE_group (301, N_("@\nOptions:\n ")),
ARGPARSE_s_n (oVerbose, "verbose", "verbose"),
@@ -135,14 +136,14 @@ static ARGPARSE_OPTS opts[] = {
"|NAME|set charset for a new PKCS#12 passphrase to NAME"),
ARGPARSE_s_n (oHaveCert, "have-cert",
"certificate to export provided on STDIN"),
- ARGPARSE_s_n (oStore, "store",
+ ARGPARSE_s_n (oStore, "store",
"store the created key in the appropriate place"),
- ARGPARSE_s_n (oForce, "force",
+ ARGPARSE_s_n (oForce, "force",
"force overwriting"),
ARGPARSE_s_n (oNoFailOnExist, "no-fail-on-exist", "@"),
- ARGPARSE_s_s (oHomedir, "homedir", "@"),
- ARGPARSE_s_s (oPrompt, "prompt",
- "|ESCSTRING|use ESCSTRING as prompt in pinentry"),
+ ARGPARSE_s_s (oHomedir, "homedir", "@"),
+ ARGPARSE_s_s (oPrompt, "prompt",
+ "|ESCSTRING|use ESCSTRING as prompt in pinentry"),
ARGPARSE_s_n (oStatusMsg, "enable-status-msg", "@"),
ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
@@ -168,7 +169,7 @@ my_strusage (int level)
case 41: p = _("Syntax: gpg-protect-tool [options] [args]\n"
"Secret key maintenance tool\n");
break;
-
+
default: p = NULL;
}
return p;
@@ -249,7 +250,7 @@ read_file (const char *fname, size_t *r_length)
FILE *fp;
char *buf;
size_t buflen;
-
+
if (!strcmp (fname, "-"))
{
size_t nread, bufsize = 0;
@@ -261,7 +262,7 @@ read_file (const char *fname, size_t *r_length)
buf = NULL;
buflen = 0;
#define NCHUNK 8192
- do
+ do
{
bufsize += NCHUNK;
if (!buf)
@@ -292,14 +293,14 @@ read_file (const char *fname, size_t *r_length)
log_error ("can't open `%s': %s\n", fname, strerror (errno));
return NULL;
}
-
+
if (fstat (fileno(fp), &st))
{
log_error ("can't stat `%s': %s\n", fname, strerror (errno));
fclose (fp);
return NULL;
}
-
+
buflen = st.st_size;
buf = xmalloc (buflen+1);
if (fread (buf, buflen, 1, fp) != 1)
@@ -323,7 +324,7 @@ read_key (const char *fname)
char *buf;
size_t buflen;
unsigned char *key;
-
+
buf = read_file (fname, &buflen);
if (!buf)
return NULL;
@@ -342,7 +343,7 @@ read_and_protect (const char *fname)
unsigned char *result;
size_t resultlen;
char *pw;
-
+
key = read_key (fname);
if (!key)
return;
@@ -356,7 +357,7 @@ read_and_protect (const char *fname)
log_error ("protecting the key failed: %s\n", gpg_strerror (rc));
return;
}
-
+
if (opt_armor)
{
char *p = make_advanced (result, resultlen);
@@ -386,7 +387,7 @@ read_and_unprotect (const char *fname)
if (!key)
return;
- rc = agent_unprotect (key, (pw=get_passphrase (1)),
+ rc = agent_unprotect (key, (pw=get_passphrase (1)),
protected_at, &result, &resultlen);
release_passphrase (pw);
xfree (key);
@@ -427,7 +428,7 @@ read_and_shadow (const char *fname)
unsigned char *result;
size_t resultlen;
unsigned char dummy_info[] = "(8:313233342:43)";
-
+
key = read_key (fname);
if (!key)
return;
@@ -441,7 +442,7 @@ read_and_shadow (const char *fname)
}
resultlen = gcry_sexp_canon_len (result, 0, NULL,NULL);
assert (resultlen);
-
+
if (opt_armor)
{
char *p = make_advanced (result, resultlen);
@@ -463,7 +464,7 @@ show_shadow_info (const char *fname)
unsigned char *key;
const unsigned char *info;
size_t infolen;
-
+
key = read_key (fname);
if (!key)
return;
@@ -477,7 +478,7 @@ show_shadow_info (const char *fname)
}
infolen = gcry_sexp_canon_len (info, 0, NULL,NULL);
assert (infolen);
-
+
if (opt_armor)
{
char *p = make_advanced (info, infolen);
@@ -497,14 +498,14 @@ show_file (const char *fname)
unsigned char *key;
size_t keylen;
char *p;
-
+
key = read_key (fname);
if (!key)
return;
keylen = gcry_sexp_canon_len (key, 0, NULL,NULL);
assert (keylen);
-
+
if (opt_canonical)
{
fwrite (key, keylen, 1, stdout);
@@ -528,7 +529,7 @@ show_keygrip (const char *fname)
gcry_sexp_t private;
unsigned char grip[20];
int i;
-
+
key = read_key (fname);
if (!key)
return;
@@ -537,7 +538,7 @@ show_keygrip (const char *fname)
{
log_error ("gcry_sexp_new failed\n");
return;
- }
+ }
xfree (key);
if (!gcry_pk_get_keygrip (private, grip))
@@ -672,7 +673,7 @@ import_p12_file (const char *fname)
char *pw;
/* fixme: we should release some stuff on error */
-
+
buf = read_file (fname, &buflen);
if (!buf)
return;
@@ -776,7 +777,7 @@ import_p12_file (const char *fname)
log_error ("protecting the key failed: %s\n", gpg_strerror (rc));
return;
}
-
+
if (opt_armor)
{
char *p = make_advanced (result, resultlen);
@@ -810,7 +811,7 @@ sexp_to_kparms (gcry_sexp_t sexp)
list = gcry_sexp_find_token (sexp, "private-key", 0 );
if(!list)
- return NULL;
+ return NULL;
l2 = gcry_sexp_cadr (list);
gcry_sexp_release (list);
list = l2;
@@ -824,7 +825,7 @@ sexp_to_kparms (gcry_sexp_t sexp)
/* Parameter names used with RSA. */
elems = "nedpqu";
array = xcalloc (strlen(elems) + 1, sizeof *array);
- for (idx=0, s=elems; *s; s++, idx++ )
+ for (idx=0, s=elems; *s; s++, idx++ )
{
l2 = gcry_sexp_find_token (list, s, 1);
if (!l2)
@@ -846,7 +847,7 @@ sexp_to_kparms (gcry_sexp_t sexp)
return NULL; /* required parameter is invalid */
}
}
-
+
gcry_sexp_release (list);
return array;
}
@@ -859,9 +860,9 @@ is_keygrip (const char *string)
{
int i;
- for(i=0; string[i] && i < 41; i++)
+ for(i=0; string[i] && i < 41; i++)
if (!strchr("01234567890ABCDEF", string[i]))
- return 0;
+ return 0;
return i == 40;
}
@@ -886,7 +887,7 @@ export_p12_file (const char *fname)
{
char hexgrip[40+4+1];
char *p;
-
+
assert (strlen(fname) == 40);
strcpy (stpcpy (hexgrip, fname), ".key");
@@ -960,7 +961,7 @@ export_p12_file (const char *fname)
xfree (key);
xfree (cert);
return;
- }
+ }
wipememory (key, keylen_for_wipe);
xfree (key);
@@ -971,7 +972,7 @@ export_p12_file (const char *fname)
log_error ("error converting key parameters\n");
xfree (cert);
return;
- }
+ }
sk.n = kp[0];
sk.e = kp[1];
sk.d = kp[2];
@@ -980,7 +981,7 @@ export_p12_file (const char *fname)
sk.u = kp[5];
xfree (kp);
-
+
kparms[0] = sk.n;
kparms[1] = sk.e;
kparms[2] = sk.d;
@@ -988,10 +989,10 @@ export_p12_file (const char *fname)
kparms[4] = sk.p;
kparms[5] = gcry_mpi_snew (0); /* compute d mod (p-1) */
gcry_mpi_sub_ui (kparms[5], kparms[3], 1);
- gcry_mpi_mod (kparms[5], sk.d, kparms[5]);
+ gcry_mpi_mod (kparms[5], sk.d, kparms[5]);
kparms[6] = gcry_mpi_snew (0); /* compute d mod (q-1) */
gcry_mpi_sub_ui (kparms[6], kparms[4], 1);
- gcry_mpi_mod (kparms[6], sk.d, kparms[6]);
+ gcry_mpi_mod (kparms[6], sk.d, kparms[6]);
kparms[7] = sk.u;
kparms[8] = NULL;
@@ -1003,7 +1004,7 @@ export_p12_file (const char *fname)
gcry_mpi_release (kparms[i]);
if (!key)
return;
-
+
#ifdef HAVE_DOSISH_SYSTEM
setmode ( fileno (stdout) , O_BINARY );
#endif
@@ -1022,7 +1023,7 @@ main (int argc, char **argv )
set_strusage (my_strusage);
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
- log_set_prefix ("gpg-protect-tool", 1);
+ log_set_prefix ("gpg-protect-tool", 1);
/* Make sure that our subsystems are ready. */
i18n_init ();
@@ -1040,6 +1041,7 @@ main (int argc, char **argv )
opt_homedir = default_homedir ();
+ opt_session_env = session_env_new ();
pargs.argc = &argc;
pargs.argv = &argv;
@@ -1073,7 +1075,7 @@ main (int argc, char **argv )
case oHaveCert: opt_have_cert = 1; break;
case oPrompt: opt_prompt = pargs.r.ret_str; break;
case oStatusMsg: opt_status_msg = 1; break;
-
+
default: pargs.err = ARGPARSE_PRINT_ERROR; break;
}
}
@@ -1091,7 +1093,7 @@ main (int argc, char **argv )
opt.verbose,
opt_homedir,
opt_agent_program,
- NULL, NULL, NULL);
+ NULL, NULL, opt_session_env);
if (opt_prompt)
opt_prompt = percent_plus_unescape (opt_prompt, 0);
@@ -1127,6 +1129,8 @@ void
agent_exit (int rc)
{
rc = rc? rc : log_get_errorcount(0)? 2 : 0;
+ session_env_release (opt_session_env);
+ opt_session_env = NULL;
exit (rc);
}
@@ -1147,7 +1151,7 @@ get_passphrase (int promptno)
const char *desc;
char *orig_codeset;
int repeat = 0;
-
+
if (opt_passphrase)
return xstrdup (opt_passphrase);
@@ -1214,7 +1218,7 @@ store_private_key (const unsigned char *grip,
char *fname;
estream_t fp;
char hexgrip[40+4+1];
-
+
bin2hex (grip, 20, hexgrip);
strcpy (hexgrip+40, ".key");
@@ -1236,11 +1240,11 @@ store_private_key (const unsigned char *grip,
}
/* FWIW: Under Windows Vista the standard fopen in the msvcrt
fails if the "x" GNU extension is used. */
- fp = es_fopen (fname, "wbx");
+ fp = es_fopen (fname, "wbx");
}
- if (!fp)
- {
+ if (!fp)
+ {
log_error ("can't create `%s': %s\n", fname, strerror (errno));
xfree (fname);
return -1;
commit 044847a0e2013a2833605c1a9f80cfa6ef353309
Author: Werner Koch <wk at gnupg.org>
Date: Wed Jun 25 14:33:34 2014 +0200
gpg: Make screening of keyserver result work with multi-key commands.
* g10/keyserver.c (ks_retrieval_filter_arg_s): new.
(keyserver_retrieval_filter): Use new struct and check all
descriptions.
(keyserver_spawn): Pass filter arg suing the new struct.
--
This is a fix for commit 5e933008.
The old code did only work for a single key. It failed as soon as
several keys are specified ("gpg --refresh-keys" or "gpg --recv-key A
B C").
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 83a4b95..aa41536 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -982,13 +982,25 @@ direct_uri_map(const char *scheme,unsigned int is_direct)
#define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\""
+/* Structure to convey the arg to keyserver_retrieval_filter. */
+struct ks_retrieval_filter_arg_s
+{
+ KEYDB_SEARCH_DESC *desc;
+ int ndesc;
+};
+
+
/* Check whether a key matches the search description. The filter
returns 0 if the key shall be imported. Note that this kind of
filter is not related to the iobuf filters. */
static int
-keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg)
+keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk,
+ void *opaque)
{
- KEYDB_SEARCH_DESC *desc = arg;
+ struct ks_retrieval_filter_arg_s *arg = opaque;
+ KEYDB_SEARCH_DESC *desc = arg->desc;
+ int ndesc = arg->ndesc;
+ int n;
u32 keyid[2];
byte fpr[MAX_FINGERPRINT_LEN];
size_t fpr_len = 0;
@@ -997,32 +1009,40 @@ keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg)
if (sk)
return G10ERR_GENERAL;
+ if (!ndesc)
+ return 0; /* Okay if no description given. */
+
fingerprint_from_pk (pk, fpr, &fpr_len);
keyid_from_pk (pk, keyid);
/* Compare requested and returned fingerprints if available. */
- if (desc->mode == KEYDB_SEARCH_MODE_FPR20)
- {
- if (fpr_len != 20 || memcmp (fpr, desc->u.fpr, 20))
- return G10ERR_GENERAL;
- }
- else if (desc->mode == KEYDB_SEARCH_MODE_FPR16)
- {
- if (fpr_len != 16 || memcmp (fpr, desc->u.fpr, 16))
- return G10ERR_GENERAL;
- }
- else if (desc->mode == KEYDB_SEARCH_MODE_LONG_KID)
- {
- if (keyid[0] != desc->u.kid[0] || keyid[1] != desc->u.kid[1])
- return G10ERR_GENERAL;
- }
- else if (desc->mode == KEYDB_SEARCH_MODE_SHORT_KID)
+ for (n = 0; n < ndesc; n++)
{
- if (keyid[1] != desc->u.kid[1])
- return G10ERR_GENERAL;
+ if (desc[n].mode == KEYDB_SEARCH_MODE_FPR20)
+ {
+ if (fpr_len == 20 && !memcmp (fpr, desc[n].u.fpr, 20))
+ return 0;
+ }
+ else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR16)
+ {
+ if (fpr_len == 16 && !memcmp (fpr, desc[n].u.fpr, 16))
+ return 0;
+ }
+ else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID)
+ {
+ if (keyid[0] == desc[n].u.kid[0] && keyid[1] == desc[n].u.kid[1])
+ return 0;
+ }
+ else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID)
+ {
+ if (keyid[1] == desc[n].u.kid[1])
+ return 0;
+ }
+ else
+ return 0;
}
- return 0;
+ return G10ERR_GENERAL;
}
@@ -1535,6 +1555,7 @@ keyserver_spawn (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc,
case KS_GETNAME:
{
void *stats_handle;
+ struct ks_retrieval_filter_arg_s filterarg;
stats_handle=import_new_stats_handle();
@@ -1547,11 +1568,12 @@ keyserver_spawn (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc,
that we don't allow the import of secret keys from a
keyserver. Keyservers should never accept or send them
but we better protect against rogue keyservers. */
-
+ filterarg.desc = desc;
+ filterarg.ndesc = count;
import_keys_stream (spawn->fromchild, stats_handle, fpr, fpr_len,
(opt.keyserver_options.import_options
| IMPORT_NO_SECKEY),
- keyserver_retrieval_filter, desc);
+ keyserver_retrieval_filter, &filterarg);
import_print_stats(stats_handle);
import_release_stats_handle(stats_handle);
commit 616126530f92ab31abcbf3fad9a34532e378355d
Author: Werner Koch <wk at gnupg.org>
Date: Tue Jun 24 20:12:26 2014 +0200
Add CVE number
--
diff --git a/NEWS b/NEWS
index 3800c35..cffc774 100644
--- a/NEWS
+++ b/NEWS
@@ -4,7 +4,7 @@ Noteworthy changes in version 2.0.25 (unreleased)
Noteworthy changes in version 2.0.24 (2014-06-24)
-------------------------------------------------
- * gpg: Avoid DoS due to garbled compressed data packets.
+ * gpg: Avoid DoS due to garbled compressed data packets. [CVE-2014-4617]
* gpg: Screen keyserver responses to avoid importing unwanted keys
from rogue servers.
diff --git a/announce.txt b/announce.txt
index f4d046d..61c6ee2 100644
--- a/announce.txt
+++ b/announce.txt
@@ -5,8 +5,9 @@ Mail-Followup-To: gnupg-users at gnupg.org
Hello!
We are pleased to announce the availability of a new stable GnuPG-2
-release: Version 2.0.23. This is a maintenace release with a few
-new features.
+release: Version 2.0.24. This release includes a *security fix* to
+stop a possible DoS using garbled compressed data packets which can
+be used to put gpg into an infinite loop.
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
and data storage. It can be used to encrypt data, create digital
@@ -15,7 +16,7 @@ framework for public key cryptography. It includes an advanced key
management facility and is compliant with the OpenPGP and S/MIME
standards.
-GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.14) in
+GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.17) in
that it splits up functionality into several modules. However, both
versions may be installed alongside without any conflict. In fact,
the gpg version from GnuPG-1 is able to make use of the gpg-agent as
@@ -30,59 +31,50 @@ GnuPG is distributed under the terms of the GNU General Public License
also available for other Unices, Microsoft Windows and Mac OS X.
-What's New in 2.0.23
+What's New in 2.0.24
====================
- * gpg: Reject signatures made using the MD5 hash algorithm unless the
- new option --allow-weak-digest-algos or --pgp2 are given.
+ * gpg: Avoid DoS due to garbled compressed data packets.
- * gpg: Do not create a trustdb file if --trust-model=always is used.
+ * gpg: Screen keyserver responses to avoid importing unwanted keys
+ from rogue servers.
- * gpg: Only the major version number is by default included in the
- armored output.
+ * gpg: The validity of user ids is now shown by default. To revert
+ this add "list-options no-show-uid-validity" to gpg.conf.
- * gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the
- communication with the gpg-agent.
+ * gpg: Print more specific reason codes with the INV_RECP status.
- * gpg: The format of the fallback key listing ("gpg KEYFILE") is now more
- aligned to the regular key listing ("gpg -k").
+ * gpg: Allow loading of a cert only key to an OpenPGP card.
- * gpg: The option--show-session-key prints its output now before the
- decryption of the bulk message starts.
-
- * gpg: New %U expando for the photo viewer.
-
- * gpgsm: Improved handling of re-issued CA certificates.
-
- * scdaemon: Various fixes for pinpad equipped card readers.
+ * gpg-agent: Make ssh support for ECDSA keys work with Libgcrypt 1.6.
* Minor bug fixes.
-
Getting the Software
====================
Please follow the instructions found at https://www.gnupg.org/download/
or read on:
-GnuPG 2.0.23 may be downloaded from one of the GnuPG mirror sites or
+GnuPG 2.0.24 may be downloaded from one of the GnuPG mirror sites or
direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors
can be found at https://www.gnupg.org/mirrors.html . Note that GnuPG
is not available at ftp.gnu.org.
-On the FTP server and its mirrors you should find the following files
-in the gnupg/ directory:
+On ftp.gnupg.org and on its mirrors you should find the following new
+files in the gnupg/ directory:
- gnupg-2.0.23.tar.bz2 (4196k)
- gnupg-2.0.23.tar.bz2.sig
+ - The GnuPG-2 source code compressed using BZIP2 and its OpenPGP
+ signature:
- GnuPG source compressed using BZIP2 and its OpenPGP signature.
+ gnupg-2.0.24.tar.bz2 (4201k)
+ gnupg-2.0.24.tar.bz2.sig
- gnupg-2.0.22-2.0.23.diff.bz2 (53k)
+ - A patch file to upgrade a 2.0.23 GnuPG source tree. This patch does
+ not include updates of the language files.
- A patch file to upgrade a 2.0.22 GnuPG source tree. This patch
- does not include updates of the language files.
+ gnupg-2.0.23-2.0.24.diff.bz2 (20k)
Note, that we don't distribute gzip compressed tarballs for GnuPG-2.
A Windows version will eventually be released at https://gpg4win.org .
@@ -97,9 +89,9 @@ the following ways:
* If you already have a trusted version of GnuPG installed, you
can simply check the supplied signature. For example to check the
- signature of the file gnupg-2.0.23.tar.bz2 you would use this command:
+ signature of the file gnupg-2.0.24.tar.bz2 you would use this command:
- gpg --verify gnupg-2.0.23.tar.bz2.sig
+ gpg --verify gnupg-2.0.24.tar.bz2.sig
This checks whether the signature file matches the source file.
You should see a message indicating that the signature is good and
@@ -122,15 +114,15 @@ the following ways:
* If you are not able to use an old version of GnuPG, you have to verify
the SHA-1 checksum. Assuming you downloaded the file
- gnupg-2.0.23.tar.bz2, you would run the sha1sum command like this:
+ gnupg-2.0.24.tar.bz2, you would run the sha1sum command like this:
- sha1sum gnupg-2.0.23.tar.bz2
+ sha1sum gnupg-2.0.24.tar.bz2
and check that the output matches the first line from the
following list:
-c90e47ab95a40dd070fd75faef0a05c7b679553b gnupg-2.0.23.tar.bz2
-e02cfab2bc046f9fac89eef098c34f58b5745d20 gnupg-2.0.22-2.0.23.diff.bz2
+010e027d5f622778cadc4c124013fe515ed705cf gnupg-2.0.24.tar.bz2
+594d7f91ba4fc215345f18afee46c4aa9f2b3303 gnupg-2.0.23-2.0.24.diff.bz2
Documentation
@@ -176,11 +168,6 @@ GnuPG and related software takes up most of their resources. To allow
him to continue this work he kindly asks to either purchase a support
contract, engage g10 Code for custom enhancements, or to donate money:
-Maintaining and improving GnuPG is costly. For more than a decade,
-g10 Code GmbH, a German company owned and headed by GnuPG's principal
-author Werner Koch, is bearing the majority of these costs. To help
-them carry on this work, they need your support. See
-
https://gnupg.org/donate/
-----------------------------------------------------------------------
Summary of changes:
NEWS | 2 +-
agent/protect-tool.c | 108 ++++++++++++++++++++++++++------------------------
announce.txt | 71 ++++++++++++++-------------------
g10/keyserver.c | 68 ++++++++++++++++++++-----------
4 files changed, 131 insertions(+), 118 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list