preparing 1.0.7

ChangeLog

@@ -1,3 +1,7 @@
+2002-04-19  Werner Koch  <wk@gnupg.org>
+
+	Released 1.0.6e snapshot.
+
 2002-04-12  Werner Koch  <wk@gnupg.org>
 
 	* configure.ac: Add a warning note to the definition of the

THANKS

@@ -115,6 +115,7 @@ Marco d'Itri               md@linux.it
 Marcus Brinkmann           Marcus.Brinkmann@ruhr-uni-bochum.de	
 Mark Adler		   madler@alumni.caltech.edu
 Mark Elbrecht		   snowball3@bigfoot.com
+Mark Pettit                pettit@yahoo-inc.com
 Markus Friedl		   Markus.Friedl@informatik.uni-erlangen.de
 Martin Kahlert		   martin.kahlert@provi.de
 Martin Hamilton

TODO

@@ -61,9 +61,6 @@
   * Replace the printing of the user name by [self-signature] when
     appropriate so that a key listing does not get clobbered.
 
-  * Check that the way we select cipher and digest algorithms w/o
-    preferences is okay and make AES the default in some future.
-
   * Concatenated encryption messages don't work corectly - only the
     first one is processed.
 
@@ -87,7 +84,7 @@
 
   * add test cases for invalid data (scrambled armor or other random data)
 
-  * add checking of armor trailers
+  * add checking of armor trailers.  Try to detect garbled header lines.
 
   * the pubkey encrypt functions should do some sanity checks.
 

checks/ChangeLog

@@ -1,3 +1,8 @@
+2002-04-19  Werner Koch  <wk@gnupg.org>
+
+	* signencrypt-dsa.test, sigs-dsa.test: Don't check with MD5 as
+	this is not valid with DSA signatures.
+
 2001-12-22  Werner Koch  <wk@gnupg.org>
 
 	* options.in: Add no-permission-warning.

checks/signencrypt-dsa.test

@@ -10,7 +10,7 @@ for i in $plain_files $data_files ; do
     cmp $i y || error "$i: mismatch"
 done
 
-for da in ripemd160 sha1 md5; do
+for da in ripemd160 sha1; do
     for i in $plain_files; do
 	$GPG $dsa_keyrings --always-trust -se -o x --yes --digest-algo $da \
 		    -u "$dsa_usrname1" -r "$dsa_usrname2" $i

checks/sigs-dsa.test

@@ -9,7 +9,7 @@ for i in $plain_files $data_files; do
     cmp $i y || error "$i: mismatch"
 done
 
-for da in ripemd160 sha1 md5; do
+for da in ripemd160 sha1; do
     for i in $plain_files; do
 	$GPG $dsa_keyrings --digest-algo $da \
 				-s -o x --yes -u $dsa_usrname1 $i

configure.ac

@@ -1,5 +1,5 @@
 dnl Configure.ac script for GnuPG
-dnl Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+dnl Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
 dnl
 dnl This file is part of GnuPG.
 dnl
@@ -24,7 +24,7 @@ AC_PREREQ(2.52)
 dnl A snapshot release has a letter appended.  CVS files before a release
 dnl are suffixed with the string "-cvs", so "1.0.6a-cvs" is a cvs version
 dnl between 1.0.6 and 1.0.6a. 
-AC_INIT(gnupg, 1.0.6e-cvs, bug-gnupg@gnu.org)
+AC_INIT(gnupg, 1.0.6e, bug-gnupg@gnu.org)
 ALL_LINGUAS="cs da de eo el es et fr gl id it ja nl pl pt_BR pt sv tr"
 static_modules="sha1 md5 rmd160"
 static_random_module=""

doc/gpg.texi

@@ -376,6 +376,8 @@ The second form of the command has the special property to
 render the secret part of the primary key useless; this is
 a GNU extension to OpenPGP and other implementations can
 not be expected to successfully import such a key.
+See the option ---simple-sk-checksum if you want to import such an
+exported key with an older OpenPGP implementation.
 
 @item ---import @code{files}
 @itemx ---fast-import @code{files}
@@ -617,17 +619,12 @@ For keyserver schemes that use HTTP (such as HKP), try to access the
 keyserver over the proxy set with the environment variable
 "http_proxy".
 
-@end table
-
-@item ---auto-key-retrieve
+@item auto-key-retrieve
 This option enables the automatic retrieving of keys from a keyserver
 when verifying signatures made by keys that are not on the local
 keyring.
 
-@item ---no-auto-key-retrieve
-This option disables the automatic retrieving of keys from a keyserver
-while verifying signatures. This may be of use if ---auto-key-retrieve
-is enabled from an options file.
+@end table
 
 @item ---keyring @code{file}
 Add @code{file} to the list of keyrings.
@@ -823,6 +820,14 @@ a 3 iterates the whole process a couple of times.
 Unless ---rfc1991 is used, this mode is also used
 for conventional encryption.
 
+@item ---simple-sk-checksum
+Secret keys are integrity protected by using a SHA-1 checksum. This
+method will be part of an enhanced OpenPGP specification but GnuPG
+already uses it as a countermeasure against certain attacks. Old
+applications don't understand this new format, so this option may be
+used to switch back to the old behaviour. Using this this option
+bears a security risk.
+
 @item ---compress-algo @code{n}
 Use compression algorithm @code{n}. Default is 2 which is RFC1950
 compression. You may use 1 to use the old zlib version (RFC1951) which
@@ -918,8 +923,9 @@ a message that PGP 2.x will not be able to handle. Note that `PGP
 2.x' here means `MIT PGP 2.6.2'. There are other versions of PGP 2.x
 available, but the MIT release is a good common baseline.
 
-This option implies `---rfc1991 --no-openpgp --no-force-v4-certs
----no-comment --escape-from --no-force-v3-sigs --cipher-algo IDEA
+This option implies `---rfc1991 --no-openpgp --disable-mdc
+---no-force-v4-certs --no-comment --escape-from --force-v3-sigs
+---no-ask-sig-expire --no-ask-cert-expire --cipher-algo IDEA
 ---digest-algo MD5 --compress-algo 1'
 
 @item ---no-pgp2

po/ChangeLog

@@ -1,3 +1,7 @@
+2002-04-19  Werner Koch  <wk@gnupg.org>
+
+	* de.po: Fixed fuzzies and added a few translations.
+
 2002-04-18  Werner Koch  <wk@gnupg.org>
 
 	* eo.po: Updated.