GnuPG 1.1.92 released

Werner Koch wk at
Thu Sep 12 10:42:07 CEST 2002


GnuPG 1.1.92 has been released yesterday evening.  This is hopefully
the last snapshot before we release 1.2.  It has a couple of new
features and fixes some bugs of course.  There are a few new things,
so *please read the news* below.  The only up to date language is
German, we hope top get most other translations updated for
1.2. Please test it.
The GnuPG primary server is {http,ftp}:// but we
would appreciate if you can use one of the mirrors as listed below.
we made sure that those mirrors already carry this release.
   alpha/gnupg/gnupg-1.1.92.tar.gz (2.4M)
and a diff against 1.1.91:
   alpha/gnupg/gnupg-1.1.91-1.1.92.diff.gz (547k)
a Windows binary is also available:

   alpha/binary/ (1.0M)

MD5 sums are:
3198a34dd9deaaa0c501699847d66a77  gnupg-1.1.92.tar.gz
883dd8f29d49ed4577064c1e3cc5bcd8  gnupg-1.1.91-1.1.92.diff.gz

Here are the NEWS:

    * The use of MDCs have increased.  A MDC will be used if the
      recipients directly request it, if the recipients have AES,
      AES192, AES256, or TWOFISH in their cipher preferences, or if
      the chosen cipher has a blocksize not equal to 64 bits
      (currently this is also AES, AES192, AES256, and TWOFISH).

    * GnuPG will no longer automatically disable compression when
      processing an already-compressed file unless a MDC is being
      used.  This is to give the message a certain amount of
      resistance to the chosen-ciphertext attack while communicating
      with other programs (most commonly PGP earlier than version 7.x)
      that do not support MDCs.

    * The option --interactive now has the desired effect when
      importing keys.

    * The file permission and ownership checks on files have been
      clarified.  Specifically, the homedir (usually ~/.gnupg) is
      checked to protect everything within it.  If the user specifies
      keyrings outside this homedir, they are presumed to be shared
      keyrings and therefore *not* checked.  Configuration files
      specified with the --options option and the IDEA cipher
      extension specified with --load-extension are checked, along
      with their enclosing directories.

      The default configuration file is now ~/.gnupg/gpg.conf.  If an
      old ~/.gnupg/options is found it will still be used.  This
      change is required to have a more consistent naming scheme with
      forthcoming tools.

    * The configure option --with-static-rnd=auto allows to build gpg
      with all available entropy gathering modules included.  At
      runtime the best usable one will be selected from the list
      linux, egd, unix.  This is also the default for systems lacking
      a /dev/random device.

    * The default character set is now taken from the current locale;
      it can still be overridden by the --charset option.  Using the
      option -vvv shows the used character set.

    * --emulate-checksum-bug and --emulate-3des-s2k-bug have been

Happy hacking,
  The GnuPG Team.

The mirror sites below have been verified to already carry this new
release. The list of sites mirroring is also available
at  BTW, Africa is a white spot in
the mirror list - anyone?













    United Kingdom

More information about the Gnupg-devel mailing list