[Announce] GnuPG Made Easy (GPGME) 1.11.1 released

Sergi Blanch-Torné sergi at calcurco.cat
Thu Apr 19 10:33:14 CEST 2018 

Hi,

I didn't realise about newer releases of libgpg-error and I've first try
to compile gpgme with libgpg-error 1.27 with a compilation error.

The configure checks this library version but seems outdated:
> checking for GPG Error - version >= 1.24... yes (1.27)
Once updated to 1.29 it works. Also works with 1.28, but I've seen some
unused params warning for 'gpgme-json.c' that is not present later on 1.29.

The other dependency with libassuan, I was using 2.5.1 that, if I'm not
wrong is the last release.

I hope this helps.

/Sergi.

Ps: the compilation error
./.libs/libgpgme.so: undefined reference to `gpgrt_log_debug'
with some previous warning about an implicit declaration of this
function in 'decrypt.c' and 'verify.c'


On 04/18/18 20:37, Werner Koch wrote:
> Hello!
> 
> We are pleased to announce version 1.11.0 of GPGME.
> 
> GnuPG Made Easy (GPGME) is a C language library that allows to add
> support for cryptography to a program.  It is designed to make access to
> public key crypto engines like gpg and gpgsm easier for applications.
> GPGME provides a high-level crypto API for encryption, decryption,
> signing, signature verification, and key management.  GPGME comes with
> language bindings for Common Lisp, C++, QT, Python 2 and 3.
> 
> See https://gnupg.org/software/gpgme for more.
> 
> 
> Noteworthy changes in version 1.11.0
> ====================================
> 
>  * New encryption API to support direct key specification including
>    hidden recipients option and taking keys from a file.  This also
>    allows to enforce the use of a subkey.
> 
>  * New encryption flag for the new API to enforce the use of plain
>    mail addresses (addr-spec).
> 
>  * The import API can now tell whether v3 keys are skipped.  These old
>    and basically broken keys are not anymore supported by GnuPG 2.1.
> 
>  * The decrypt and verify API will now return the MIME flag as
>    specified by RFC-4880bis.
> 
>  * The offline mode now has an effect on gpg by disabling all network
>    access.  [#3831]
> 
>  * A failed OpenPGP verification how returns the fingerprint of the
>    intended key if a recent gpg version was used for signature
>    creation.
> 
>  * New tool gpgme-json as native messaging server for web browsers.
>    As of now public key encryption and decryption is supported.
>    Requires Libgpg-error 1.29.
> 
>  * New context flag "request-origin" which has an effect when used
>    with GnuPG 2.2.6 or later.
> 
>  * New context flag "no-symkey-cache" which has an effect when used
>    with GnuPG 2.2.7 or later.
> 
>  * New convenience constant GPGME_KEYLIST_MODE_LOCATE.
> 
>  * Improved the Python documentation.
> 
>  * Fixed a potential regression with GnuPG 2.2.6 or later.
> 
>  * Fixed a crash in the Python bindings on 32 bit platforms.  [#3892]
> 
>  * Various minor fixes.
> 
> 
> Download
> ========
> 
> You may download this library and its OpenPGP signature from:
> 
>   https://gnupg.org/ftp/gcrypt/gpgme/gpgme-1.11.0.tar.bz2 (1382k)
>   https://gnupg.org/ftp/gcrypt/gpgme/gpgme-1.11.0.tar.bz2.sig
> 
> or from ftp.gnupg.org.  The SHA-1 checksum is
> 
>   17772bf86eef70ab0c77cbb6df0b90f002af0030  gpgme-1.11.0.tar.bz2
> 
> but you better check the integrity using the provided signature. See
> <https://gnupg.org/download/integrity_check.html> for details.
> 
> 
> Thanks
> ======
> 
> Maintenance and development of GnuPG is mostly financed by donations.
> The GnuPG project currently employs one full-time developer and two
> contractors.  Both work exclusivly on GnuPG and closely related software
> like Libgcrypt, GPGME and GPA.
> 
> We have to thank all the people who helped the GnuPG project, be it
> testing, coding, translating, suggesting, auditing, administering the
> servers, spreading the word, answering questions on the mailing lists
> and with financial support.
> 
> 
> Happy hacking,
> 
>   Your GnuPG hackers
> 
> 
> 
> p.s.
> This is an announcement only mailing list.  Please send replies only to
> the gnupg-devel 'at' gnupg.org mailing list.
> 
> p.p.s 
> List of Release Signing Keys:
> 
> To guarantee that a downloaded GnuPG version has not been tampered by
> malicious entities we provide signature files for all tarballs and
> binary versions.  The keys are also signed by the long term keys of
> their respective owners.  Current releases are signed by one or more
> of these four keys:
> 
>   rsa2048 2011-01-12 [expires: 2019-12-31]
>   Key fingerprint = D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6
>   Werner Koch (dist sig)
> 
>   rsa2048 2014-10-29 [expires: 2019-12-31]
>   Key fingerprint = 46CC 7308 65BB 5C78 EBAB  ADCF 0437 6F3E E085 6959
>   David Shaw (GnuPG Release Signing Key) <dshaw 'at' jabberwocky.com>
> 
>   rsa2048 2014-10-29 [expires: 2020-10-30]
>   Key fingerprint = 031E C253 6E58 0D8E A286  A9F2 2071 B08A 33BD 3F06
>   NIIBE Yutaka (GnuPG Release Key) <gniibe 'at' fsij.org>
> 
>   rsa3072 2017-03-17 [expires: 2027-03-15]
>   Key fingerprint = 5B80 C575 4298 F0CB 55D8  ED6A BCEF 7E29 4B09 2E28
>   Andre Heinecke (Release Signing Key)
> 
> The keys are available at <https://gnupg.org/signature_key.html> and
> in any recently released GnuPG tarball in the file g10/distsigkey.gpg .
> Note that this mail has been signed by a different key.
> 
> 
> 
> _______________________________________________
> Gnupg-announce mailing list
> Gnupg-announce at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-announce
> 

-- 
Sergi Blanch-Torné
C797 490A C93E DB00 0615  680A FC1C 1CB6 8079 85E6

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180419/a8a25a57/attachment.sig>

More information about the Gnupg-devel mailing list