Hello! The GNU project is pleased to announce an update of the Libgcrypt 1.5 series: version 1.5.4. This is a maintenance release with backports of fixes from the current stable 1.6 series. In general it is preferable to use the latest stable version. However, the 1.6 series introduced an ABI break and thus some older software may not build or work correctly with 1.6. Libgcrypt is a general purpose library of cryptographic building blocks. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required for proper use Libgcrypt. Noteworthy changes in version 1.5.4 (2014-08-07) =============================================== * Declare 2016-12-31 as end-of-life for 1.5. Backported from 1.6: * Improved performance of RSA, DSA, and Elgamal by using a new exponentiation algorithm. * Fixed a subtle bug in mpi_set_bit which could set spurious bits. * Fixed a bug in an internal division function. Download ======= Source code is hosted at the GnuPG FTP server and its mirrors as listed at http://www.gnupg.org/download/mirrors.html . On the primary server the source tarball and its digital signature are: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.4.tar.bz2 (1478k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.4.tar.bz2.sig That file is bzip2 compressed. A gzip compressed version is here: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.4.tar.gz (1763k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.4.tar.gz.sig Alternativley you may upgrade using this patch file: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.3-1.5.4.diff.bz2 (17k) In order to check that the version of Libgcrypt you are going to build is an original and unmodified one, you can do it in one of the following ways: * Check the supplied OpenPGP signature. For example to check the signature of the file libgcrypt-1.5.4.tar.bz2 you would use this command: gpg --verify libgcrypt-1.5.4.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by the release signing key 4F25E3B6 which is certified by my well known key 1E42B367. To retrieve the keys you may use the command "gpg --fetch-key finger:wk@g10code.com". * If you are not able to use GnuPG, you have to verify the SHA-1 checksum: sha1sum libgcrypt-1.5.4.tar.bz2 and check that the output matches the first line from the following list: bdf4b04a0d2aabc04ab3564fbe38fd094135aa7a libgcrypt-1.5.4.tar.bz2 71e432e0ae8792076a40c6059667997250abbb9d libgcrypt-1.5.4.tar.gz 8876ae002751e6ec26c76e510d17fc3e0eccb3ed libgcrypt-1.5.3-1.5.4.diff.bz2 Copying ====== Libgcrypt is distributed under the terms of the GNU Lesser General Public License (LGPLv2.1+). The helper programs as well as the documentation are distributed under the terms of the GNU General Public License (GPLv2+). The file LICENSES has notices about contributions that require these additional notices are distributed. Support ====== For help on developing with Libgcrypt you should read the included manual and optional ask on the gcrypt-devel mailing list [1]. A listing with commercial support offers for Libgcrypt and related software is available at the GnuPG web site [2]. The driving force behind the development of Libgcrypt is my company g10 Code. Maintenance and improvement of Libgcrypt and related software takes up most of our resources. To allow us to continue our work on free software, we ask to either purchase a support contract, engage us for custom enhancements, or to donate money: http://gnupg.org/donate/ Thanks ===== Many thanks to all who contributed to Libgcrypt development, be it bug fixes, code, documentation, testing or helping users. Happy hacking, Werner [1] https://lists.gnupg.org/mailman/listinfo/gcrypt-devel [2] https://gnupg.org/service.html -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce