[Announce] GnuPG 2.0.1 released
Joseph Oreste Bruni
brunij at earthlink.net
Wed Nov 29 16:29:13 CET 2006
Do the build-problem fixes in 2.0.1 include OS X/Darwin? Or, should I
wait for a future release?
On Nov 29, 2006, at 6:55 AM, Werner Koch wrote:
> We are pleased to announce the availability of a new stable GnuPG-2
> release: Version 2.0.1
> This is maintenance release to fix build problems found after the
> release of 2.0.0 and to fix a buffer overflow in gpg2
> The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
> and data storage. It can be used to encrypt data, create digital
> signatures, help authenticating using Secure Shell and to provide a
> framework for public key cryptography. It includes an advanced key
> management facility and is compliant with the OpenPGP and S/MIME
> GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.5) in that
> it splits up functionality into several modules. However, both
> versions may be installed alongside without any conflict. In fact,
> the gpg version from GnuPG-1 is able to make use of the gpg-agent as
> included in GnuPG-2 and allows for seamless passphrase caching. The
> advantage of GnuPG-1 is its smaller size and the lack of dependency on
> other modules at run and build time. We will keep maintaining GnuPG-1
> versions because they are very useful for small systems and for server
> based applications requiring only OpenPGP support.
> GnuPG is distributed under the terms of the GNU General Public License
> (GPL). GnuPG-2 works best on GNU/Linux or *BSD systems. A port
> Windows is planned but work has not yet started.
> Getting the Software
> Please follow the instructions found at http://www.gnupg.org/download/
> or read on:
> GnuPG 2.0.1 may be downloaded from one of the GnuPG mirror sites or
> direct from ftp://ftp.gnupg.org/gcrypt/ . The list of mirrors can be
> found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not
> available at ftp.gnu.org.
> On the mirrors you should find the following files in the *gnupg*
> gnupg-2.0.1.tar.bz2 (3.8Mk)
> GnuPG source compressed using BZIP2 and OpenPGP signature.
> gnupg-2.0.0-2.0.1.diff.bz2 (220k)
> A patch file to upgrade a 2.0.0 GnuPG source. This is only that
> large arge due to an update of the included gettext module.
> Note, that we don't distribute gzip compressed tarballs.
> Checking the Integrity
> In order to check that the version of GnuPG which you are going to
> install is an original and unmodified one, you can do it in one of
> the following ways:
> * If you already have a trusted version of GnuPG installed, you
> can simply check the supplied signature. For example to check the
> signature of the file gnupg-2.0.1.tar.bz2 you would use this
> gpg --verify gnupg-2.0.1.tar.bz2.sig
> This checks whether the signature file matches the source file.
> You should see a message indicating that the signature is good and
> made by that signing key. Make sure that you have the right key,
> either by checking the fingerprint of that key with other sources
> or by checking that the key has been signed by a trustworthy other
> key. Note, that you can retrieve the signing key using the command
> finger wk ,at' g10code.com
> or using a keyserver like
> gpg --recv-key 1CE0C630
> The distribution key 1CE0C630 is signed by the well known key
> 5B0358A2. If you get an key expired message, you should retrieve a
> fresh copy as the expiration date might have been prolonged.
> NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE
> INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION!
> * If you are not able to use an old version of GnuPG, you have to
> the SHA-1 checksum. Assuming you downloaded the file
> gnupg-2.0.1.tar.bz2, you would run the sha1sum command like this:
> sha1sum gnupg-2.0.1.tar.bz2
> and check that the output matches the first line from the
> following list:
> ec84ffb1d2ac013dc0afb5bdf8b9df2c838673e9 gnupg-2.0.1.tar.bz2
> c6cca309b12700503bb4c671491ebf7a4cd6f1be gnupg-2.0.0-2.0.1.diff.bz2
> What's New
> * Experimental support for the PIN pads of the SPR 532 and the Kaan
> Advanced card readers. Add "disable-keypad" scdaemon.conf if you
> don't want it. Does currently only work for the OpenPGP card and
> its authentication and decrypt keys.
> * Fixed build problems on some some platforms and crashes on amd64.
> * Fixed a buffer overflow in gpg2. [bug#728]
> GnuPG comes with support for 27 languages. Due to a lot of new and
> changed strings most translations are not entirely complete. However
> the Turkish, German and Russian translators have meanwhile finished
> their translations. Updates of the other translations are expected
> for the next releases.
> We are currently working on an installation guide to explain in more
> detail how to configure the new features. As of now the chapters on
> gpg-agent and gpgsm include brief information on how to set up the
> whole thing. Please watch the GnuPG website for updates of the
> documentation. In the meantime you may search the GnuPG mailing list
> archives or ask on the gnupg-users mailing lists for advise on how to
> solve problems. Many of the new features are around for several years
> and thus enough public knowledge is already available.
> Improving GnuPG is costly, but you can help! We are looking for
> organizations that find GnuPG useful and wish to contribute back. You
> can contribute by reporting bugs, improve the software, or by donating
> Commercial support contracts for GnuPG are available, and they help
> finance continued maintenance. g10 Code GmbH, a Duesseldorf based
> company owned and headed by GnuPG's principal author, is currently
> funding GnuPG development. We are always looking for interesting
> development projects.
> A service directory is available at:
> We have to thank all the people who helped with this release, be it
> testing, coding, translating, suggesting, auditing, administering the
> servers, spreading the word or answering questions on the mailing
> Happy Hacking,
> The GnuPG Team (David, Werner and all other contributors)
> Werner Koch <wk at gnupg.org>
> The GnuPG Experts http://g10code.com
> Join the Fellowship and protect your Freedom! http://www.fsfe.org
> Gnupg-announce mailing list
> Gnupg-announce at gnupg.org
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
More information about the Gnupg-users