Noteworthy changes in version 1.4.6 (2006-12-06)
------------------------------------------------
* Fixed a serious and exploitable bug in processing encrypted
packages. [CVE-2006-6235].
* Fixed a buffer overflow in gpg. [bug#728, CVE-2006-6169]
(already fixed in pkgsrc)
* Fixed a bug while decrypting certain compressed and encrypted
messages. [bug#537]
* Added --s2k-count to set the number of times passphrase mangling
is repeated. The default is 65536 times.
* Added --passphrase-repeat to set the number of times GPG will
prompt for a new passphrase to be repeated. This is useful to
help memorize a new passphrase. The default is 1 repetition.
* Added a GPL license exception to the keyserver helper programs
gpgkeys_ldap, gpgkeys_curl, and gpgkeys_hkp, to clarify any
potential questions about the ability to distribute binaries
that link to the OpenSSL library. GnuPG does not link directly
to OpenSSL, but libcurl (used for HKP, HTTP, and FTP) and
OpenLDAP (used for LDAP) may. Note that this license exception
is considered a bug fix and is intended to forgive any
violations pertaining to this issue, including those that may
have occurred in the past.
* Man pages are now build from the same source as those of GnuPG-2.
While fixing a bug reported by Hugh Warrington, a buffer overflow has
been identified in all released GnuPG versions. The current versions
1.4.5 and 2.0.0 are affected. A small patch is provided.
...
2006-11-27 Werner Koch <wk@g10code.com>
* openfile.c (ask_outfile_name): Fixed buffer overflow occurring
if make_printable_string returns a longer string. Fixes bug 728.
Bump PKGREVISION.
security update, recommended by gnupg.org
(fixes CVE-2006-3746)
changes:
* More DSA2 tweaks.
* Fixed a problem uploading certain keys to the smart card.
* Fixed 2 more possible memory allocation attacks.
* Added Norwegian translation.
Noteworthy changes in version 1.4.4 (2006-06-25)
------------------------------------------------
* User IDs are now capped at 2048 byte. This avoids a memory
allocation attack (see CVE-2006-3082).
[was already fixed in pkgsrc]
* Added support for the SHA-224 hash. Like the SHA-384 hash, it
is mainly useful when DSS (the US Digital Signature Standard)
compatibility is desired.
* Added support for the latest update to DSA keys and signatures.
This allows for larger keys than 1024 bits and hashes other than
SHA-1 and RIPEMD/160. Note that not all OpenPGP implementations
can handle these new keys and signatures yet. See
"--enable-dsa2" in the manual for more information.
"parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions,
allows remote attackers to cause a denial of service (gpg crash) and
possibly overwrite memory via a message packet with a large length,
which could lead to an integer overflow, as demonstrated using the
--no-armor option."
Patch from GnuPG CVS repository.
Bump PKGREVISION.
Noteworthy changes in version 1.4.3 (2006-04-03)
------------------------------------------------
* If available, cURL-based keyserver helpers are built that can
retrieve keys using HKP or any protocol that cURL supports
(HTTP, HTTPS, FTP, FTPS, etc). If cURL is not available, HKP
and HTTP are still supported using a built-in cURL emulator. To
force building the old pre-cURL keyserver helpers, use the
configure option --enable-old-keyserver-helpers. Note that none
of this affects finger or LDAP support, which are unchanged.
Note also that a future version of GnuPG will remove the old
keyserver helpers altogether.
* Implemented Public Key Association (PKA) signature verification.
This uses special DNS records and notation data to associate a
mail address with an OpenPGP key to prove that mail coming from
that address is legitimate without the need for a full trust
path to the signing key.
* When exporting subkeys, those specified with a key ID or
fingerpint and the '!' suffix are now merged into one keyblock.
* Added "gpg-zip", a program to create encrypted archives that can
interoperate with PGP Zip.
* Added support for signing subkey cross-certification "back
signatures". Requiring cross-certification to be present is
currently off by default, but will be changed to on by default
in the future, once more keys use it. A new "cross-certify"
command in the --edit-key menu can be used to update signing
subkeys to have cross-certification.
* The key cleaning options for --import-options and
--export-options have been further polished. "import-clean" and
"export-clean" replace the older
import-clean-sigs/import-clean-uids and
export-clean-sigs/export-clean-uids option pairs.
* New "minimize" command in the --edit-key menu removes everything
that can be removed from a key, rendering it as small as
possible. There are corresponding "export-minimal" and
"import-minimal" commands for --export-options and
--import-options.
* New --fetch-keys command to retrieve keys by specifying a URI.
This allows direct key retrieval from a web page or other
location that can be specified in a URI. Available protocols
are HTTP and finger, plus anything that cURL supplies, if built
with cURL support.
* Files containing several signed messages are not allowed any
longer as there is no clean way to report the status of such
files back to the caller. To partly revert to the old behaviour
the new option --allow-multisig-verification may be used.
* The keyserver helpers can now handle keys in either ASCII armor
or binary format.
* New auto-key-locate option that takes an ordered list of methods
to locate a key if it is not available at encryption time (-r or
--recipient). Possible methods include "cert" (use DNS CERT as
per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP
server for the domain in question), "keyserver" (use the
currently defined keyserver), as well as arbitrary keyserver
URIs that will be contacted for the key.
* Able to retrieve keys using DNS CERT records as per RFC-2538bis
(currently in draft): http://www.josefsson.org/rfc2538bis
pkgsrc change:
make architecture-specific options really architecture-specific.
While here, convert to options.mk.
GnuPG 1.4 Highlights
====================
This is a brief overview of the changes between the GnuPG 1.2 series
and the new GnuPG 1.4 series. To read the full list of highlights for
each revision that led up to 1.4, see the NEWS file in the GnuPG
distribution. This document is based on the NEWS file, and is thus
the highlights of the highlights.
When upgrading, note that RFC-2440, the OpenPGP standard, is currently
being revised. Most of the revisions in the latest draft (2440bis-12)
have already been incorporated into GnuPG 1.4.
Algorithm Changes
-----------------
OpenPGP supports many different algorithms for encryption, hashing,
and compression, and taking into account the OpenPGP revisions, GnuPG
1.4 supports a slightly different algorithm set than 1.2 did.
The SHA256, SHA384, and SHA512 hashes are now supported for read and
write.
The BZIP2 compression algorithm is now supported for read and write.
Due to the recent successful attack on the MD5 hash algorithm
(discussed in <http://www.rsasecurity.com/rsalabs/node.asp?id=2738>,
among other places), MD5 is deprecated for OpenPGP use. It is still
allowed in GnuPG 1.4 for backwards compatibility, but a warning is
given when it is used.
The TIGER/192 hash is no longer available. This should not be
interpreted as a statement as to the quality of TIGER/192 - rather,
the revised OpenPGP standard removes support for several unused or
mostly unused hashes, and TIGER/192 was one of them.
Similarly, Elgamal signatures and the Elgamal signing key type have
been removed from the OpenPGP standard, and thus from GnuPG. Please
do not confuse Elgamal signatures with DSA or DSS signatures or with
Elgamal encryption. Elgamal signatures were very rarely used and were
not supported in any product other than GnuPG. Elgamal encryption was
and still is part of OpenPGP and GnuPG.
Very old (pre-1.0) versions of GnuPG supported a nonstandard (contrary
to OpenPGP) Elgamal key type. While no recent version of GnuPG
permitted the generation of such keys, GnuPG 1.2 could still use them.
GnuPG 1.4 no longer allows the use of these keys or the (also
nonstandard) messages generated using them.
At build time, it is possible to select which algorithms will be built
into GnuPG. This can be used to build a smaller program binary for
embedded uses where space is tight.
Keyserver Changes
-----------------
GnuPG 1.4 does all keyserver operations via plugin or helper
applications. This allows the main GnuPG program to be smaller and
simpler. People who package GnuPG for various reasons have the
flexibility to include or leave out support for any keyserver type as
desired.
Support for fetching keys via HTTP and finger has been added. This is
mainly useful for setting a preferred keyserver URL like
"http://www.jabberwocky.com/key.asc". or "finger:wk at g10code.com".
The LDAP keyserver helper now supports storing, retrieving, and
searching for keys in both the old NAI "LDAP keyserver" as well as the
more recent method to store OpenPGP keys in standard LDAP servers.
This is compatible with the storage schema that PGP uses, so both
products can interoperate with the same LDAP server.
The LDAP keyserver helper is compatible with the PGP company's new
"Global Directory" service.
If the LDAP library you use supports LDAP-over-TLS and LDAPS, then
GnuPG detects this and supports them as well. Note that using TLS or
LDAPS does not improve the security of GnuPG itself, but may be useful
in certain key distribution scenarios.
HTTP Basic authentication is now supported for all HKP and HTTP
keyserver functions, either through a proxy or via direct access.
The HKP keyserver plugin supports the new machine-readable key
listing format for those keyservers that provide it.
IPv6 is supported for HKP and HTTP keyserver access.
When using a HKP keyserver with multiple DNS records (such as
subkeys.pgp.net which has the addresses of multiple servers around the
world), all DNS address records are tried until one succeeds. This
prevents a single down server in the rotation from stopping access.
DNS SRV records are used in HKP keyserver lookups to allow
administrators to load balance and select keyserver ports
automatically.
Timeout support has been added to the keyserver plugins. This allows
users to set an upper limit on how long to wait for the keyserver
before giving up.
Preferred Keyserver URL
-----------------------
Preferred keyserver support has been added. Users may set a preferred
keyserver via the --edit-key command "keyserver". If the
--keyserver-option honor-keyserver-url is set (and it is by default),
then the preferred keyserver is used when refreshing that key with
--refresh-keys.
The --sig-keyserver-url option can be used to inform signature
recipients where the signing key can be downloaded. When verifying
the signature, if the signing key is not present, and the keyserver
options honor-keyserver-url and auto-key-retrieve are set, this URL
will be used to retrieve the key.
Trust Signatures
----------------
GnuPG 1.4 supports OpenPGP trust signatures, which allow a user to
specify the trust level and distance from the user along with the
signature so users can delegate different levels of certification
ability to other users, possibly restricted by a regular expression on
the user ID.
Trust Models
------------
GnuPG 1.4 supports several ways of looking at trust:
Classic - The classic PGP trust model, where people sign each others
keys and thus build up an assurance (called "validity") that
the key belongs to the right person. This was the default
trust model in GnuPG 1.2.
Always - Bypass all trust checks, and make all keys fully valid.
Direct - Users may set key validity directly.
PGP - The PGP 7 and 8 behavior which combines Classic trust with trust
signatures overlaid on top. This is the default trust model in
GnuPG 1.4.
The OpenPGP Smartcard
---------------------
GnuPG 1.4 supports the OpenPGP smartcard
(<http://www.g10code.de/p-card.html>)
Secret keys may be kept fully or partially on the smartcard. The
smartcard may be used for primary keys or subkeys.
Other Interesting New Features
------------------------------
For those using Security-Enhanced Linux <http://www.nsa.gov/selinux/>,
the configure option --enable-selinux-support prevents GnuPG from
processing its own files (i.e. reading the secret keyring for
something other than getting a secret key from it). This simplifies
writing ACLs for the SELinux kernel.
Readline support is now available at all prompts if the system
provides a readline library.
GnuPG can now create messages that can be decrypted with either a
passphrase or a secret key. These messages may be generated with
--symmetric --encrypt or --symmetric --sign --encrypt.
--list-options and --verify-options allow the user to customize
exactly what key listings or signature verifications look like,
enabling or disabling things such as photo display, preferred
keyserver URL, calculated validity for each user ID, etc.
The --primary-keyring option designates the keyring that the user
wants new keys imported into.
The --hidden-recipient (or -R) command encrypts to a user, but hides
the identity of that user. This is the same functionality as
--throw-keyid, but can be used on a per-user basis.
Full algorithm names (e.g. "3DES", "SHA1", "ZIP") can now be used
interchangeably with the short algorithm names (e.g. "S2", "H2", "Z1")
anywhere algorithm names are used in GnuPG.
The --keyid-format option selects short (99242560), long
(DB698D7199242560), 0xshort (0x99242560), or 0xlong
(0xDB698D7199242560) key ID displays. This lets users tune the
display to what they prefer.
While it is not recommended for extended periods, it is possible to
run both GnuPG 1.2.x and GnuPG 1.4 during the transition. To aid in
this, GnuPG 1.4 tries to load a config file suffixed with its version
before it loads the default config file. For example, 1.4 will try
for gpg.conf-1.4 and gpg.conf-1 before falling back to the regular
gpg.conf file.
* New --ask-cert-level/--no-ask-cert-level option to turn on and
off the prompt for signature level when signing a key. Defaults
to on.
* New --min-cert-level option to disregard key signatures that are
under a specified level. Defaults to 1 (i.e. don't disregard
anything).
* New --max-output option to limit the amount of plaintext output
generated by GnuPG. This option can be used by programs which
call GnuPG to process messages that may result in plaintext
larger than the calling program is prepared to handle. This is
sometimes called a "Decompression Bomb".
* New --list-config command for frontends and other programs that
call GnuPG. See doc/DETAILS for the specifics of this.
* New --gpgconf-list command for internal use by the gpgconf
utility from gnupg 1.9.x.
* Some performance improvements with large keyrings. See
--enable-key-cache=SIZE in the README file for details.
* Some portability fixes for the OpenBSD/i386, HPPA, and AIX
platforms.
* Simplified Chinese translation.
bug gnupg/293, so grant has blessed it for inclusion in pkgsrc.
No more GNU sed build dependency, but the binaries do not change; thus
PKGREVISION untouched.
* Added read-only support for BZIP2 compression. This should be
considered experimental, and is only available if the libbzip2
library <http://sources.redhat.com/bzip2/> is installed.
* Added the ability to handle messages that can be decrypted with
either a passphrase or a secret key.
* Most support for Elgamal sign+encrypt keys has been removed.
Old signatures may still be verified, and existing encrypted
messages may still be decrypted, but no new signatures may be
issued by, and no new messages will be encrypted to, these keys.
Elgamal sign+encrypt keys are not part of the web of trust. The
only new message that can be generated by an Elgamal
sign+encrypt key is a key revocation. Note that in a future
version of GnuPG (currently planned for 1.4), all support for
Elgamal sign+encrypt keys will be removed, so take this
opportunity to revoke old keys now.
* A Russian translation is included again as well as a new
Belarusian translation.
macro. This could happen with UNIX98-type systems, such as the code on
our netbsd-1-5 branch, and would prevent this package from building on
such systems. Problem also reported to the original author.
* New "--gnupg" option (set by default) that disables --openpgp,
and the various --pgpX emulation options. This replaces
--no-openpgp, and --no-pgpX, and also means that GnuPG has
finally grown a --gnupg option to make GnuPG act like GnuPG.
* A number of portability changes to make building GnuPG on
less-common platforms easier.
* Romanian translation.
* Two new %-expandos for use in notation and policy URLs. "%g"
expands to the fingerprint of the key making the signature
(which might be a subkey), and "%p" expands to the fingerprint
of the primary key that owns the key making the signature.
* New "tru" record in --with-colons --list-keys listings. It
shows the status of the trust database that was used to
calculate the key validity in the listings. See doc/DETAILS for
the specifics of this.
* New REVKEYSIG status tag for --status-fd. It indicates a valid
signature that was issued by a revoked key. See doc/DETAILS for
the specifics of this.
Security problem is reported on bugtraq.
http://www.securityfocus.com/archive/1/320444/2003-05-02/2003-05-08/0
2003-05-01 Werner Koch <wk@gnupg.org>
Released 1.2.2.
2003-04-30 David Shaw <dshaw@jabberwocky.com>
* NEWS: Note trust bug fix.
2003-04-29 David Shaw <dshaw@jabberwocky.com>
* NEWS: Add note about TIGER being dropped from OpenPGP.
* README: Add note about the HP/UX inline problem. Fix all URLs
to point to the right place in the reorganized gnupg.org web
pages. Some minor language fixes.
2003-04-27 David Shaw <dshaw@jabberwocky.com>
* NEWS: Add sig version, pk algo, hash algo, and sig class to
VALIDSIG.
* BUGS: Fix bug reporting URL.
2003-04-24 Werner Koch <wk@gnupg.org>
* configure.ac (ALL_LINGUAS): Added Hungarian translation by Nagy
Ferenc László.
2003-04-23 David Shaw <dshaw@jabberwocky.com>
* configure.ac: "TIGER" -> "TIGER/192".
* README: Put back proper copyright line.
2003-04-16 Werner Koch <wk@gnupg.org>
Released 1.2.2rc2.
2003-04-15 Werner Koch <wk@gnupg.org>
* configure.ac (ALL_LINGUAS): Add Slovak translation.
* configure.ac (HAVE_DOSISH_SYSTEM): New automake conditional.
* acinclude.m4 (GNUPG_CHECK_ENDIAN): Fixed quoting of r.e. using
quadrigraphs.
2003-04-08 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Big warning that TIGER is being removed from the
standard.
2003-04-08 Werner Koch <wk@gnupg.org>
* Makefile.am (EXTRA_DIST): Add autogen.sh wrapper which is
useful for some cross-compiling targets.
2003-04-07 David Shaw <dshaw@jabberwocky.com>
* acinclude.m4: Fix URL to faqprog.pl.
* README: Add --enable-sha512 switch and update version number and
copyright date.
* NEWS: Add note about SHA-256/384/512.
2003-03-24 Werner Koch <wk@gnupg.org>
* configure.ac: Test for ranlib and ar.
2003-03-12 Werner Koch <wk@gnupg.org>
* acinclude.m4 (GNUPG_CHECK_ENDIAN): When crosscompiling assume
little only for Intel CPUs.
2003-02-19 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Define @CAPLIBS@ to link in -lcap if we are using
capabilities.
2003-02-11 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Add --enable-sha512 switch to add SHA384/512
support.
2003-02-06 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Do not set GNUPG_LIBEXECDIR in ./configure, so
that makefiles can override it.
2003-02-02 David Shaw <dshaw@jabberwocky.com>
* configure.ac (ALL_LINGUAS): Needs to be on one line to avoid
problems during ./configure.
* NEWS: Note new --with-colons disabled key flag and new "revuid"
command.
2003-01-07 Werner Koch <wk@gnupg.org>
Released 1.2.2rc1.
* configure.ac (ALL_LINGUAS): Added fi and zh_TW.
2003-01-06 David Shaw <dshaw@jabberwocky.com>
* NEWS: Add notes about disabled keys and trustdb tweaks.
2002-12-04 David Shaw <dshaw@jabberwocky.com>
* NEWS: Add note about convert-from-106 script.
2002-11-25 David Shaw <dshaw@jabberwocky.com>
* NEWS: Add notes about notation names and '@', the "--trust-model
always" option, and non-optimized memory wiping.
2002-11-09 Werner Koch <wk@gnupg.org>
* configure.ac: Check for ctermid().
2002-10-31 David Shaw <dshaw@jabberwocky.com>
* Makefile.am: Put gnupg.spec in the root directory so rpm -ta
works.
* configure.ac: Add a check for volatile.
Major user visible changes are:
* The library dependencies for OpenLDAP seem to change fairly
frequently, and GnuPG's configure script cannot guess all the
combinations. Use ./configure LDAPLIBS="-L libdir -l libs" to
override the script and use the libraries selected.
* Secret keys generated with --export-secret-subkeys are now
indicated in key listings with a '#' after the "sec", and in
--with-colons listings by showing no capabilities (no lowercase
characters).
* --trusted-key has been un-obsoleted, as it is useful for adding
ultimately trusted keys from the config file. It is identical
to using --edit and "trust" to change a key to ultimately
trusted.
* The usual bug fixes as well as fixes to build problems on some
systems.
Note that patch-aa and patch-ab are no longer needed as was, patch-aa now
contains fixes to handle dlsym errors properly.
Also now include libiconv/buildlink2.mk as gnupg looks for iconv.
Fixes pkg/18221.
2002-09-21 Werner Koch <wk@gnupg.org>
Released 1.2.0.
* configure.ac: Bumbed version number and set development version
to no.
2002-09-19 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Try linking LDAP as just -lldap as it seems very
recent OpenLDAPs (>=2.0.23) support that.
2002-09-14 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Try linking LDAP without -lresolv first, just in
case the platform has libresolv, but doesn't actually need it to
use LDAP.
2002-09-12 David Shaw <dshaw@jabberwocky.com>
* NEWS: Note that the old IDEA plugin won't work with post-1.1.90
gpg.
2002-09-11 Werner Koch <wk@gnupg.org>
Released 1.1.92.
* configure.ac (random_modules): The default random module for
system lacking a /dev/random is now auto selected at runtime.
2002-09-09 David Shaw <dshaw@jabberwocky.com>
* NEWS: typo.
* configure.ac: Add a link test for LDAP without -lresolv for
HPUX. Remove "hstrerror" test as it is no longer needed.
2002-09-02 Werner Koch <wk@gnupg.org>
* README: Removed the note about a development version so that we
later don't forget this. Minor other changes.
2002-08-29 Werner Koch <wk@gnupg.org>
* configure.ac (random_modules): Reworked the code to select the
random module. Define USE_ALL_RANDOM_MODULES for value all.
2002-08-27 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Check type of mode_t.
* NEWS: Clarify that --libexecdir is a configure option.
* configure.ac: Check for hstrerror.
2002-08-19 David Shaw <dshaw@jabberwocky.com>
* NEWS: Document new ways to enable MDC, and change in automatic
compression disabling.
* configure.ac: No such thing as the "none" random gather any
longer.
2002-08-08 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Add an --enable-tiger.
* NEWS: Clarify new permission checks.
2002-08-07 David Shaw <dshaw@jabberwocky.com>
* configure.ac: If the static IDEA cipher is present, disable
dynamic loading. Also fix backwards grammar of keyserver
exec-path CHECKING message.
2002-08-05 Werner Koch <wk@gnupg.org>
* configure.ac: Bumbed version number.
2002-08-04 Werner Koch <wk@gnupg.org>
Released 1.1.91.
* configure.ac (ALL_LINGUAS): Added Catalan.
2002-08-02 Werner Koch <wk@gnupg.org>
* configure.ac: Removed all extension stuff but keep the tests for
dlopen. We don't need to figure out the flags required. All
stuff is now statically loaded.
2002-07-30 David Shaw <dshaw@jabberwocky.com>
* README, configure.ac: --with-exec-path is now clarified into
--disable-keyserver-path
* NEWS: changes since 1.1.90.
2002-07-24 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Include a GNUPG_LIBEXECDIR in g10defs.h, as well
as a SUBST for Makefiles.
2002-07-22 Timo Schulz <ts@winpt.org>
* configure.ac: Replace the 'c:/' variables with 'c:\' due
to the fact we already use '\' in the remaining code.
2002-07-08 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Add --with-mailprog to override the use of
sendmail with another MTA. We can use anything that follows the
"$MAILPROG -t" convention.
2002-07-04 David Shaw <dshaw@jabberwocky.com>
* configure.ac: --enable-exec-path should be a 'with'. Fix 'no'
cases of --with-exec-path and --with-photo-viewer.
* README: Document --disable-exec, --disable-photo-viewers,
--disable-keyserver-helpers, --enable-exec-path, and
--with-photo-viewer.
* configure.ac: Add --with-photo-viewer to lock the viewer at
compile time and --disable-keyserver-helpers and
--disable-photo-viewers to allow disabling one without disabling
the other.
2002-07-03 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Allow setting USE_EXEC_PATH to lock the exec-path
to a fixed value.
2002-07-01 Werner Koch <wk@gnupg.org>
* configure.ac: Set version number to 1.1.91.
Released 1.1.90.
* INSTALL: Replaced by generic install file.
* README: Marked as development version and moved most stuff of
the old INSTALL file to here.
2002-06-30 Werner Koch <wk@gnupg.org>
* configure.ac: Link W32 version against libwsock32.
2002-06-29 Werner Koch <wk@gnupg.org>
* configure.ac (development_version): New.
(HAVE_DEV_RANDOM_IOCTL): Removed test for it; it was never used.
* BUGS, AUTHORS: Add a note on how to send security related bug
reports.
2002-06-20 David Shaw <dshaw@jabberwocky.com>
* NEWS: changes since 1.0.7.
* configure.ac: Set new version number (1.1.90), and fix Solaris
compiler flags for shared objects.
2002-06-11 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Move -lsocket and -lnsl checks before LDAP link
tests so they work properly on Solaris. Noted by David Champion.
Also, check for the Mozilla LDAP library if the OpenLDAP library
check fails. Put -lsocket and -lnsl in NETLIBS rather than LIBS
so not all programs are forced to link to them.
2002-06-05 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Add a switch for the experimental external HKP
keyserver interface.
2002-05-22 Werner Koch <wk@gnupg.org>
* configure.ac: Check for strcasecmp and strncasecmp. Removed
stricmp and memicmp checks.
2002-05-08 David Shaw <dshaw@jabberwocky.com>
* configure.ac: If LDAP comes up unusable, try #including <lber.h>
before giving up. Old versions of OpenLDAP require that.
2002-05-03 David Shaw <dshaw@jabberwocky.com>
* configure.ac: In g10defs.h, use \ for the directory separator
when HAVE_DOSISH_SYSTEM is on.
* configure.ac: Add --disable-exec flag to disable all remote
program execution. --disable-exec implies --disable-ldap and
--disable-mailto. Also look in /usr/lib for sendmail. If
sendmail is not found, do not default - just fail.
2002-04-30 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Try and link to a sample LDAP program to check if
the LDAP we're about to use is really sane. The most common
problem (using a very old OpenLDAP), could be fixed with an extra
#include, but this would not be very portable to other LDAP
libraries.
Bumped PKGREVISION to 1, changed PLIST accordingly and added 2 patches
for configure and configure.ac. Patches were sent to gnupg-bugs@gnu.org.
Thomas Klausner approved.
* Secret keys are now stored and exported in a new format which
uses SHA-1 for integrity checks. This format renders the
Rosa/Klima attack useless. Other OpenPGP implementations might
not yet support this, so the option --simple-sk-checksum creates
the old vulnerable format.
* The default cipher algorithm for encryption is now CAST5,
default hash algorithm is SHA-1. This will give us better
interoperability with other OpenPGP implementations.
* Symmetric encrypted messages now use a fixed file size if
possible. This is a tradeoff: it breaks PGP 5, but fixes PGP 2,
6, and 7. Note this was only an issue with RFC-1991 style
symmetric messages.
* Photographic user ID support. This uses an external program to
view the images.
* Enhanced keyserver support via keyserver "plugins". GnuPG comes
with plugins for the NAI LDAP keyserver as well as the HKP email
keyserver. It retains internal support for the HKP HTTP
keyserver.
* Nonrevocable signatures are now supported. If a user signs a
key nonrevocably, this signature cannot be taken back so be
careful!
* Multiple signature classes are usable when signing a key to
specify how carefully the key information (fingerprint, photo
ID, etc) was checked.
* --pgp2 mode automatically sets all necessary options to ensure
that the resulting message will be usable by a user of PGP 2.x.
* --pgp6 mode automatically sets all necessary options to ensure
that the resulting message will be usable by a user of PGP 6.x.
* Signatures may now be given an expiration date. When signing a
key with an expiration date, the user is prompted whether they
want their signature to expire at the same time.
* Revocation keys (designated revokers) are now supported if
present. There is currently no way to designate new keys as
designated revokers.
* Permissions on the .gnupg directory and its files are checked
for safety.
* --expert mode enables certain silly things such as signing a
revoked user id, expired key, or revoked key.
* Some fixes to build cleanly under Cygwin32.
* New tool gpgsplit to split OpenPGP data formats into packets.
* New option --preserve-permissions.
* Subkeys created in the future are not used for encryption or
signing unless the new option --ignore-valid-from is used.
* Revoked user-IDs are not listed unless signatures are listed too
or we are in verbose mode.
* There is no default comment string with ascii armors anymore
except for revocation certificates and --enarmor mode.
* The command "primary" in the edit menu can be used to change the
primary UID, "setpref" and "updpref" can be used to change the
preferences.
* Fixed the preference handling; since 1.0.5 they were erroneously
matched against against the latest user ID and not the given one.
* RSA key generation.
* It is now possible to sign and conventional encrypt a message (-cs).
* The MDC feature flag is supported and can be set by using
the "updpref" edit command.
* The status messages GOODSIG and BADSIG are now returning the primary
UID, encoded using %XX escaping (but with spaces left as spaces,
so that it should not break too much)
* Support for GDBM based keyrings has been removed.
* The entire keyring management has been revamped.
* The way signature stati are store has changed so that v3
signatures can be supported. To increase the speed of many
operations for existing keyrings you can use the new
--rebuild-keydb-caches command.
* The entire key validation process (trustdb) has been revamped.
See the man page entries for --update-trustdb, --check-trustdb
and --no-auto-check-trustdb.
* --trusted-keys is again obsolete, --edit can be used to set the
ownertrust of any key to ultimately trusted.
* A subkey is never used to sign keys.
* Read only keyrings are now handled as expected.
Some pkg related changes by me.
Changes since 1.0.4:
* WARNING: The semantics of --verify have changed to address a
problem with detached signature detection. --verify now ignores
signed material given on stdin unless this is requested by using
a "-" as the name for the file with the signed material. Please
check all your detached signature handling applications and make
sure that they don't pipe the signed material to stdin without
using a filename together with "-" on the the command line.
* WARNING: Corrected hash calculation for input data larger than
512M - it was just wrong, so you might notice bad signature in
some very big files. It may be wise to keep an old copy of
GnuPG around.
* Secret keys are no longer imported unless you use the new option
--allow-secret-key-import. This is a kludge and future versions will
handle it in another way.
* New command "showpref" in the --edit-key menu to show an easier
to understand preference listing.
* There is now the notation of a primary user ID. For example, it
is printed with a signature verification as the first user ID;
revoked user IDs are not printed there anymore. In general the
primary user ID is the one with the latest self-signature.
* New --charset=utf-8 to bypass all internal conversions.
* Large File Support (LFS) is now working.
* New options: --ignore-crc-error, --no-sig-create-check,
--no-sig-cache, --fixed_list_mode, --no-expensive-trust-checks,
--enable-special-filenames and --use-agent. See man page.
* New command --pipemode, which can be used to run gpg as a
co-process. Currently only the verification of detached
signatures are working. See doc/DETAILS.
* Rewritten key selection code so that GnuPG can better cope with
multiple subkeys, expire dates and so. The drawback is that it
is slower.
* A whole lot of bug fixes.
* The verification status of self-signatures are now cached. To
increase the speed of key list operations for existing keys you
can do the following in your GnuPG homedir (~/.gnupg):
$ cp pubring.gpg pubring.gpg.save && $ gpg --export-all >x && \
rm pubring.gpg && gpg --import x
Only v4 keys (i.e not the old RSA keys) benefit from this caching.
* New translations: Estonian, Turkish.
* Fixed a serious bug which could lead to false signature verification
results when more than one signature is fed to gpg. This is the
primary reason for releasing this version.
* New utility gpgv which is a stripped down version of gpg to
be used to verify signatures against a list of trusted keys.
* Rijndael (AES) is now supported and listed with top preference.
* --with-colons now works with --print-md[s].
Based on an update provided by Mipam <mipam@ibb.net>.
have been integrated.
Relevant Changes:
* Fixed expiration handling of encryption keys.
* Add an experimental feature to do unattended key generation.
* The user is now asked for the reason of revocation as required by
the new OpenPGP draft.
* There is a ~/.gnupg/random_seed file now which saves the state of
the internal RNG and increases system performance somewhat. This
way the full entropy source is only used in cases were it is really
required. Use the option --no-random-seed-file to disable this
feature.
* New options --ignore-time-conflict and --lock-never.
* Encryption is now much faster: About 2 times for 1k bit keys and 8
times for 4k keys.
* New encryption keys are generated in a way which allows a much
faster decryption.
* New command --export-secret-subkeys which outputs the _primary_
key with it's secret parts deleted. This is useful for automated
decryption/signature creation as it allows to keep the real secret
primary key offline and thereby protecting the key certificates and
allowing to create revocations for the subkeys. See the FAQ for a
procedure to install such secret keys.
* Keygeneration now writes to the first writeable keyring or as
default to the one in the homedirectory. Prior versions ignored all
--keyring options.
* New option --command-fd to take user input from a file descriptor;
to be used with --status-fd by software which uses GnuPG as a
backend.
* There is a new status PROGRESS which is used to show progress during
key generation.
* Support for the new MDC encryption packets. To create them either
--force-mdc must be use or cipher algorithm with a blocksize other
than 64 bits is to be used. --openpgp currently disables MDC
packets entirely. This option should not yet be used.
* New option --no-auto-key-retrieve to disable retrieving of a missing
public key from a keyerver, when a keyerver has been set.
* Danish, Esperanto, Japanese, Dutch, and Swedish translations
/* XXX someone should test this in i386/aout, maybe that broke
in exchange, so someone would need to fix it. I have no system
to test on. But since this package was totaly broken, its an
improvement... XXX */
Noteworthy changes in version 1.0.0 (1999-09-07)
-----------------------------------
* Add a very preliminary version of the GNU Privacy Handbook to
the distribution (lynx doc/gph/index.html).
* Changed the version number to GnuPG 2001 ;-)
Noteworthy changes in version 0.9.11
------------------------------------
* UTF-8 strings are now correctly printed (if --charset is set correctly).
Output of --with-colons remains C-style escaped UTF-8.
* Workaround for a problem with PGP 5 detached signature in textmode.
* Fixed a problem when importing new subkeys (duplicated signatures).
Noteworthy changes in version 0.9.10
------------------------------------
* Some strange new options to help pgpgpg
* Cleaned up the dox a bit.
Noteworthy changes in version 0.9.9
-----------------------------------
* New options --[no-]utf8-strings.
* New edit-menu commands "enable" and "disable" for entire keys.
* You will be asked for a filename if gpg cannot deduce one.
* Changes to support libtool which is needed for the development
of libgcrypt.
* New script tools/lspgpot to help transferring assigned
trustvalues from PGP to GnuPG.
* New commands --lsign-key and made --sign-key a shortcut for --edit
and sign.
* New options (#122--126 ;-) --[no-]default-recipient[-self],
--disable-{cipher,pubkey}-algo. See the man page.
* Enhanced info output in case of multiple recipients and fixed exit code.
* New option --allow-non-selfsigned-uid to work around a problem with
the German IN way of separating signing and encryption keys.
Noteworthy changes in version 0.9.8
-----------------------------------
* New subcommand "delsig" in the edit menu.
* The name of the output file is not anymore the one which is
embedded in the processed message, but the used filename with
the extension stripped. To revert to the old behaviour you can
use the option --use-embedded-filename.
* Another hack to cope with pgp2 generated detached signatures.
* latin-2 character set works (--charset=iso-8859-2).
* New option --with-key-data to list the public key parameters.
New option -N to insert notations and a --set-policy-url.
A couple of other options to allow reseting of options.
* Better support for HPUX.
Noteworthy changes in version 0.9.7
-----------------------------------
* Add some work arounds for a bugs in pgp 2 which led to bad signatures
when used with canonical texts in some cases.
* Enhanced some status outputs.
Noteworthy changes in version 0.9.6
-----------------------------------
* Twofish is now statically linked by default. The experimental 128 bit
version is now disabled. Full support will be available as soon as
the OpenPGP WG has decided on an interpretation of rfc2440.
* Dropped support for the ancient Blowfish160 which is not OpenPGP.
* Merged gpgm and gpg into one binary.
* Add "revsig" and "revkey" commands to the edit menu. It is now
possible to revoke signature and subkeys.
