[Announce] Second release candidate for 1.4.1 available

David Shaw dshaw at jabberwocky.com
Thu Feb 17 04:18:24 CET 2005


We are pleased to announce the availability of a the second release
candidate for the forthcoming 1.4.1 version of GnuPG:

 ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.1rc2.tar.bz2      (2.7M)
 ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.1rc1-1.4.1rc2.diff.bz2 (338K)

An installer for Windows is also available:

 ftp://ftp.gnupg.org/gcrypt/alpha/binary/gnupg-w32cli-1.4.1rc2.exe (1.4M)

SHA-1 checksums for the above files are:

 cfa9d6f4c7a0aa5b58df75e3b5480a8ccf223dea  gnupg-1.4.1rc2.tar.bz2
 21d4c2ef378e89b87123dc97c90989e8f1e09783  gnupg-1.4.1rc1-1.4.1rc2.diff.bz2
 99f3bd0165cbfcbc2b562b42a3e0be64cec09b85  gnupg-w32cli-1.4.1rc2.exe

Please try these versions out and report any problems.

Noteworthy changes since 1.4.0:

    * New --rfc2440-text option which controls how text is handled in
      signatures.  This is in response to some problems seen with
      certain PGP/MIME mail clients and GnuPG version 1.4.0.  More
      details about this are available at

    * New "import-unusable-sigs" and "export-unusable-sigs" tags for
      --import-options and --export-options.  These are off by default,
      which causes GnuPG to not import or export key signatures that
      are not usable (e.g. expired signatures).

    * New experimental HTTP, HTTPS, FTP, and FTPS keyserver helper
      that uses the cURL library <http://curl.haxx.se> to retrieve
      keys.  This is disabled by default, but may be enabled with the
      configure option --with-libcurl.  Without this option, the
      existing HTTP code is used for HTTP, and HTTPS, FTP, and FTPS
      are not supported.

    * When running a --card-status or --card-edit and a public key is
      available, missing secret key stubs will be created on the fly.
      Details of the key are listed too.

    * The implicit packet dumping in double verbose mode is now sent
      to stderr and not to stdout.

    * Added countermeasures against the Mister/Zuccherato CFB attack

    * [W32] The algorithm for the default home directory changed:
      First we look at the environment variable GNUPGHOME, if this one
      is not set, we check whether the registry entry
      {HKCU,HKLM}\Software\GNU\GnuPG:HomeDir has been set. If this
      fails we use a GnuPG directory below the standard application
      data directory (APPDATA) of the current user. Only in the case
      that this directory cannot be determined, the old default of
      c:\gnupg will be used.  The option --homedir still overrides all
      of them.

    * [W32] The locale selection under Windows changed. You need to
      enter the locale in the registry at HKCU\Software\GNU\GnuPG:Lang. 
      For German you would use "de".  If it is not set, GnuPG falls
      back to HKLM.  The languages files "*.mo" are expected in a
      directory named "gnupg.nls" below the installation directory;
      that directory must be stored in the registry at the same key as
      above with the name "Install Directory".

    * Add new --edit-key command "bkuptocard" to allow restoring a
      card key from a backup.

    * The "fetch" command of --card-edit now retrieves the key using
      the default keyserver if no URL has been stored on the card.

Happy Hacking,

  David, Timo, Werner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 249 bytes
Desc: not available
Url : /pipermail/attachments/20050216/75b7c48e/attachment.pgp

More information about the Gnupg-devel mailing list