Language Selection

English French German Italian Portuguese Spanish

GnuPG 2.2.17 released

Filed under
GNU
Security
Hello!

We are pleased to announce the availability of a new GnuPG release:
version 2.2.17.  This is maintenance release to mitigate the effects of
the denial-of-service attacks on the keyserver network.  See below for a
list changes.


About GnuPG
===========

The GNU Privacy Guard (GnuPG, GPG) is a complete and free implementation
of the OpenPGP and S/MIME standards.

GnuPG allows to encrypt and sign data and communication, features a
versatile key management system as well as access modules for public key
directories.  GnuPG itself is a command line tool with features for easy
integration with other applications.  The separate library GPGME provides
a uniform API to use the GnuPG engine by software written in common
programming languages.  A wealth of frontend applications and libraries
making use of GnuPG are available.  As an universal crypto engine GnuPG
provides support for S/MIME and Secure Shell in addition to OpenPGP.

GnuPG is Free Software (meaning that it respects your freedom).  It can
be freely used, modified and distributed under the terms of the GNU
General Public License.


Noteworthy changes in version 2.2.17
====================================

  * gpg: Ignore all key-signatures received from keyservers.  This
    change is required to mitigate a DoS due to keys flooded with
    faked key-signatures.  The old behaviour can be achieved by adding
      keyserver-options no-self-sigs-only,no-import-clean
    to your gpg.conf.  [#4607]

  * gpg: If an imported keyblocks is too large to be stored in the
    keybox (pubring.kbx) do not error out but fallback to an import
    using the options "self-sigs-only,import-clean".  [#4591]

  * gpg: New command --locate-external-key which can be used to
    refresh keys from the Web Key Directory or via other methods
    configured with --auto-key-locate.

  * gpg: New import option "self-sigs-only".

  * gpg: In --auto-key-retrieve prefer WKD over keyservers.  [#4595]

  * dirmngr: Support the "openpgpkey" subdomain feature from
    draft-koch-openpgp-webkey-service-07. [#4590].

  * dirmngr: Add an exception for the "openpgpkey" subdomain to the
    CSRF protection.  [#4603]

  * dirmngr: Fix endless loop due to http errors 503 and 504.  [#4600]

  * dirmngr: Fix TLS bug during redirection of HKP requests.  [#4566]

  * gpgconf: Fix a race condition when killing components.  [#4577]

  Release-info: https://dev.gnupg.org/T4606


Getting the Software
====================

Please follow the instructions found at https://gnupg.org/download/ or
read on:

GnuPG 2.2.17 may be downloaded from one of the GnuPG mirror sites or
direct from its primary FTP server.  The list of mirrors can be found at
https://gnupg.org/download/mirrors.html.  Note that GnuPG is not
available at ftp.gnu.org.

The GnuPG source code compressed using BZIP2 and its OpenPGP signature
are available here:

 https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.17.tar.bz2 (6560k)
 https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.17.tar.bz2.sig

An installer for Windows without any graphical frontend except for a
very minimal Pinentry tool is available here:

 https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.17_2019... (4185k)
 https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.17_2019...

The source used to build the Windows installer can be found in the same
directory with a ".tar.xz" suffix.

A new version of Gpg4win incluing this version of GnuPG will be released
in a few days.


Read more

More in Tux Machines

LibreOffice 6.4 Alpha1 is ready for testing

The LibreOffice Quality Assurance ( QA ) Team is happy to announce LibreOffice 6.4 Alpha1 is ready for testing! LibreOffice 6.4 will be released as final at the beginning of February, 2020 ( Check the Release Plan ) being LibreOffice 6.4 Alpha1 the first pre-release since the development of version 6.4 started in the beginning of June, 2019. Since then, 4600 commits have been submitted to the code repository and more than 720 bugs have been set to FIXED in Bugzilla. Check the release notes to find the new features included in this version of LibreOffice. Read more

Events: Cloud Foundry Summit, OpenSUSE Asia and FSFE System Hackers

  • The Importance of Culture in Software Development

    A few weeks ago at Cloud Foundry Summit, I had the chance to grab a few of our partners and talk about how culture plays a part in the software development process. While appropriate tools are very important, it is only part of the story. Culture will make or break any change initiative regardless of how amazing our technology is.

  • openSUSE Asia Summit

    I met Edwin and Ary earlier this year at the openSUSE Conference in Nuremberg. They invited me to come to the openSUSE Asia Summit happening in Bali. I wasn't sure that I would be able to attend it. But then, around June I saw a tweet reminding about the deadline for the Call for Proposal for the openSUSE Asia Summit and I thought maybe I should give it a try. I submitted a workshop proposal on MicroOS and a lightning talk proposal to the openSUSE Asia CFP team. Both were accepted and I couldn't be happier. It gave me the chance to meet friends from the openSUSE community again, learn and share more. We do not have direct flights to Indonesia. I traveled through Air Mauritius to Kuala Lumpur and then Malaysia Arlines to Denpasar, Bali. I spent almost 24 hours traveling before reaching my hotel in Jimbaran. I was totally knackered when I arrived but the enthusiasm of being there for the summit was stronger than anything. I booked a taxi through Traveloka ahead of my arrival in Bali. It was recommended by Edwin. When I compared other taxi fares I felt glad I booked it online. I also bought a SIM card on my way to the hotel with a 6GB data package. I knew we'd all communicate mostly on Telegram, just as we did for oSC 2019. My hotel WiFi connection wasn't great but I was impressed by the 4G coverage of my mobile Internet provider, XL Axiata. Mobile connectivity was extremely helpful as I would rely on GoJek car-hailing for the next few days.

  • The 3rd FSFE System Hackers hackathon

    On 10 and 11 October, the FSFE System Hackers met in person to tackle problems and new features regarding the servers and services the FSFE is running. The team consists of dedicated volunteers who ensure that the community and staff can work effectively. The recent meeting built on the great work of the past 2 years which have been shaped by large personal and technical changes. The System Hackers are responsible for the maintenance and development of a large number of services. From the fsfe.org website’s deployment to the mail servers and blogs, from Git to internal services like DNS and monitoring, all these services, virtual machines and physical servers are handled by this friendly group that is always looking forward to welcoming new members.

GNU Parallel Released and 10 Years of GNU Health

  • GNU Parallel 20191022 ('Driving IT') released [stable]

    GNU Parallel 20191022 ('Driving IT') [stable] has been released. It is available for download at: http://ftpmirror.gnu.org/parallel/ No new functionality was introduced so this is a good candidate for a stable release. GNU Parallel is 10 years old next year on 2020-04-22. You are here by invited to a reception on Friday 2020-04-17.

  • GNU Health: 10 years of Freedom and Equity in Healthcare

    I am back from my trip to India, where I spent a week with the team of All India Institute of Medical Sciences – AIIMS –, the largest public hospital in Asia and a leading research institution. They have taken the decision to adopt GNU Health, the Free Hospital and Health Information System. One key aspect in Free Software is ownership. From the moment they adopted GNU Health, it now also belongs to AIIMS. They have full control over it. They can download and upgrade the system; access the source code; customize it to fit their needs; and contribute back to the community. This is the definition of Free Software. The definition of Free Software is universal. GNU Health is equally valid for very large institutions, national public health networks and small, rural or primary care centers. The essence is the same.

Programming Leftovers

  • NumFOCUS and Tidelift partner to support essential community-led open source data science and scientific computing projects

    NumFOCUS and Tidelift today announced a partnership to support open source libraries critical to the Python data science and scientific computing ecosystem. NumPy, SciPy, and pandas—sponsored projects within NumFOCUS—are now part of the Tidelift Subscription. Working in collaboration with NumFOCUS, Tidelift financially supports the work of project maintainers to provide ongoing security updates, maintenance and code improvements, licensing verification and indemnification, and more to enterprise engineering and data science teams via a managed open source subscription from Tidelift.

  • Python Plotting With Matplotlib

    A picture is worth a thousand words, and with Python’s matplotlib library, it fortunately takes far less than a thousand words of code to create a production-quality graphic. However, matplotlib is also a massive library, and getting a plot to look just right is often achieved through trial and error. Using one-liners to generate basic plots in matplotlib is relatively simple, but skillfully commanding the remaining 98% of the library can be daunting.

  • Nominations for 2019 Malcolm Tredinnick Memorial Prize

    Malcolm was an early core contributor to Django and had both a huge influence and large impact on Django as we know it today. Besides being knowledgeable he was also especially friendly to new users and contributors. He exemplified what it means to be an amazing Open Source contributor. We still miss him. The DSF Prize page summarizes the prize nicely: The Malcolm Tredinnick Memorial Prize is a monetary prize, awarded annually, to the person who best exemplifies the spirit of Malcolm’s work - someone who welcomes, supports and nurtures newcomers; freely gives feedback and assistance to others, and helps to grow the community. The hope is that the recipient of the award will use the award stipend as a contribution to travel to a community event -- a DjangoCon, a PyCon, a sprint -- and continue in Malcolm’s footsteps.

  • Dirk Eddelbuettel: pkgKitten 0.1.5: Creating R Packages that purr

    This release provides a few small changes. The default per-package manual page now benefits from a second refinement (building on what was introduced in the 0.1.4 release) in using the Rd macros referring to the DESCRIPTION file rather than duplicating information. Several pull requests fixes sloppy typing in the README.md, NEWS.Rd or manual page—thanks to all contributors for fixing these. Details below.