GnuPG 1.1.92 released
Werner Koch
wk at gnupg.org
Thu Sep 12 10:42:07 CEST 2002
Hi!
GnuPG 1.1.92 has been released yesterday evening. This is hopefully
the last snapshot before we release 1.2. It has a couple of new
features and fixes some bugs of course. There are a few new things,
so *please read the news* below. The only up to date language is
German, we hope top get most other translations updated for
1.2. Please test it.
The GnuPG primary server is {http,ftp}://ftp.gnupg.org/gcrypt/ but we
would appreciate if you can use one of the mirrors as listed below.
we made sure that those mirrors already carry this release.
alpha/gnupg/gnupg-1.1.92.tar.gz (2.4M)
alpha/gnupg/gnupg-1.1.92.tar.gz.sig
and a diff against 1.1.91:
alpha/gnupg/gnupg-1.1.91-1.1.92.diff.gz (547k)
a Windows binary is also available:
alpha/binary/gnupg-w32cli-1.1.92.zip (1.0M)
MD5 sums are:
3198a34dd9deaaa0c501699847d66a77 gnupg-1.1.92.tar.gz
883dd8f29d49ed4577064c1e3cc5bcd8 gnupg-1.1.91-1.1.92.diff.gz
8dfc942102f3f700ac48f53760758432 gnupg-w32cli-1.1.92.zip
Here are the NEWS:
* The use of MDCs have increased. A MDC will be used if the
recipients directly request it, if the recipients have AES,
AES192, AES256, or TWOFISH in their cipher preferences, or if
the chosen cipher has a blocksize not equal to 64 bits
(currently this is also AES, AES192, AES256, and TWOFISH).
* GnuPG will no longer automatically disable compression when
processing an already-compressed file unless a MDC is being
used. This is to give the message a certain amount of
resistance to the chosen-ciphertext attack while communicating
with other programs (most commonly PGP earlier than version 7.x)
that do not support MDCs.
* The option --interactive now has the desired effect when
importing keys.
* The file permission and ownership checks on files have been
clarified. Specifically, the homedir (usually ~/.gnupg) is
checked to protect everything within it. If the user specifies
keyrings outside this homedir, they are presumed to be shared
keyrings and therefore *not* checked. Configuration files
specified with the --options option and the IDEA cipher
extension specified with --load-extension are checked, along
with their enclosing directories.
* IMPORTANT:
The default configuration file is now ~/.gnupg/gpg.conf. If an
old ~/.gnupg/options is found it will still be used. This
change is required to have a more consistent naming scheme with
forthcoming tools.
* The configure option --with-static-rnd=auto allows to build gpg
with all available entropy gathering modules included. At
runtime the best usable one will be selected from the list
linux, egd, unix. This is also the default for systems lacking
a /dev/random device.
* The default character set is now taken from the current locale;
it can still be overridden by the --charset option. Using the
option -vvv shows the used character set.
* --emulate-checksum-bug and --emulate-3des-s2k-bug have been
removed.
Happy hacking,
The GnuPG Team.
p.s.
The mirror sites below have been verified to already carry this new
release. The list of sites mirroring ftp.gnupg.org is also available
at http://www.gnupg.org/mirrors.html. BTW, Africa is a white spot in
the mirror list - anyone?
Asia
Japan
ftp://ftp.ayamura.org/pub/gnupg/
Europe
Austria
ftp://gd.tuwien.ac.at/privacy/gnupg/
http://gd.tuwien.ac.at/privacy/gnupg/
Denmark
ftp://sunsite.dk/pub/security/gcrypt/
Finland
ftp://ftp.jyu.fi/pub/crypt/gcrypt/
ftp://trumpetti.atm.tut.fi/gcrypt/
http://trumpetti.atm.tut.fi/gcrypt/
rsync://trumpetti.atm.tut.fi/gcrypt/
France
ftp://ftp.strasbourg.linuxfr.org/pub/gnupg/
Germany
ftp://ftp.freenet.de/pub/ftp.gnupg.org/gcrypt/
Greece
ftp://igloo.linux.gr/pub/crypto/gnupg/
Italy
ftp://ftp.linux.it/pub/mirrors/gnupg/
http://ftp.linux.it/pub/mirrors/gnupg/
rsync://ftp.linux.it/gnupg/
Netherlands
ftp://ftp.demon.nl/pub/mirrors/gnupg/
Switzerland
ftp://sunsite.cnlab-switch.ch/mirror/gcrypt/
United Kingdom
ftp://ftp.mirror.ac.uk/sites/ftp.gnupg.org/gcrypt/
http://www.mirror.ac.uk/sites/ftp.gnupg.org/gcrypt/
More information about the Gnupg-devel
mailing list