0.9.1

Werner Koch wk at isil.d.shuttle.de
Sat Jan 9 20:01:36 CET 1999 

Hi,

I have just released version 0.9.1 of GnuPG.  This release fixes some
of the bugs which showed up since the 0.9.0 and some of the long 
outstanding bugs.  There are still other bugs and due to some complete
recoding old bugs may occur ;-)

  ftp://ftp.gnupg.org/pub/gcrypt/gnupg-0.9.1.tar.gz  (978k)

or a diff against 0.9.0

  ftp://ftp.gnupg.org/pub/gcrypt/diffs/gnupg-0.9.1.diff.gz (118k)

This one is not signed becuase I found out too late that the
verification of not-dash-escaped files does not work anymore.


   Werner



Noteworthy changes in version 0.9.1
-----------------------------------

    * Polish language support.

    * When querying the passphrase, the key ID of the primary key is
      displayed along with the one of the used secondary key.

    * Fixed a bug occurring when decrypting pgp 5 encrypted messages,
      fixed an infinite loop bug in the 3DES code and in the code
      which looks for trusted signatures.

    * Fixed a bug in the mpi library which caused signatures not to
      compare okay.

    * Rewrote the handling of cleartext signatures; the code is now
      better maintainable (I hope so).

    * New status output VALIDSIG only for valid signatures together
      with the fingerprint of the signer's key.


Bugs
----
    * clearsig: keep lineendings as they are. Remember that trailings
      blanks are not hashed.  Funny: pgp263in works fine even with
      a source file with CR,LF but GnuPG and pgp263in has problems
      if the clearsign has been created by pgp263ia.
      Needs more investigation - anyone?

Important
----------
    * Check revocation and expire stuff.  PLEASE: THIS MUST BE TESTED!

    * Check calculation of key validity. PLEASE: IT IS IMPORTED THAT
      THIS GET TESTED.

    * It has been reported that lockfiles are not removed in all cases.
      cleanup is done with atexit() and all signals trigger exit() -
      anything wrong with this?  - ah yes: a signal while still in
      dotlock_make

    * See why we always get this "Hmmm public key lost"

    * print a warning when a revoked/expired secret key is used.

    * Allow the use of a the faked RNG only for keys which are
      flagged as INSECURE.


Needed
------
    * remove more "Fixmes"

    * Replace Blowfish by Twofish and add the new encrypted packet typ
      which has a MACing option (append SHA1 hash to the plaintext and
      encrypt this all) - We need an identifier for Twofish to put this
      one into the cipher preferences.

    * The -export-dynamic flag to ld works only for FreeBSD 3.0.  It does
      not exist on FreeBSD's 2.2.x version of ld.
      Also, on my FreeBSD 2.2-stable box, i simply removed the
      -Wl,-export-dynamic flag from my Makefile and it linked and seems to
      be working OK so far.

More information about the Gnupg-devel mailing list