wok-current diff gpgme/description.txt @ rev 25659
Update expat CVE-2023-52425,CVE-2023-52426, patch libxml2 CVE-2024-25062
author | Stanislas Leduc <shann@slitaz.org> |
---|---|
date | Sun Feb 18 10:03:28 2024 +0000 (10 months ago) |
parents | ac006a7bf27c |
children |
line diff
1.1 --- a/gpgme/description.txt Thu Jun 23 01:40:19 2016 +0300 1.2 +++ b/gpgme/description.txt Sun Feb 18 10:03:28 2024 +0000 1.3 @@ -1,21 +1,3 @@ 1.4 - GPGME - GnuPG Made Easy 1.5 - --------------------------- 1.6 - 1.7 - Copyright 2004, 2006, 2010, 2012, 2013, 2014, 2015 g10 Code GmbH 1.8 - 1.9 -This file is free software; as a special exception the author gives 1.10 -unlimited permission to copy and/or distribute it, with or without 1.11 -modifications, as long as this notice is preserved. 1.12 - 1.13 -This file is distributed in the hope that it will be useful, but 1.14 -WITHOUT ANY WARRANTY, to the extent permitted by law; without even the 1.15 -implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR 1.16 -PURPOSE. 1.17 - 1.18 - 1.19 -Introduction 1.20 --------------- 1.21 - 1.22 GnuPG Made Easy (GPGME) is a C language library that allows to add 1.23 support for cryptography to a program. It is designed to make access 1.24 to public key crypto engines like GnuPG or GpgSM easier for 1.25 @@ -24,86 +6,3 @@ 1.26 1.27 GPGME uses GnuPG and GpgSM as its backends to support OpenPGP and the 1.28 Cryptographic Message Syntax (CMS). 1.29 - 1.30 -GPGME runs best on GNU/Linux or *BSD systems. Other Unices may 1.31 -require small portability fixes, please send us your patches. 1.32 - 1.33 -See the files COPYING, COPYING.LESSER, and each file for copyright and 1.34 -warranty information. The file AUTHORS has a list of authors and 1.35 -useful web and mail addresses. 1.36 - 1.37 - 1.38 -Installation 1.39 --------------- 1.40 - 1.41 -See the file INSTALL for generic installation instructions. 1.42 - 1.43 -Check that you have unmodified sources. See below on how to do this. 1.44 -Don't skip it - this is an important step! 1.45 - 1.46 -To build GPGME, you need to install libgpg-error (>= 1.11) and 1.47 -Libassuan (>= 2.0.2). 1.48 - 1.49 -For support of the OpenPGP protocol (default), you should use the 1.50 -latest version of GnuPG (>= 1.4) , available at: 1.51 -ftp://ftp.gnupg.org/gcrypt/gnupg/. For support of the CMS 1.52 -(Cryptographic Message Syntax) protocol and lot of other features, you 1.53 -need a GnuPG version >= 2.0. 1.54 - 1.55 -For building the GIT version of GPGME please see the file README.GIT 1.56 -for more information. 1.57 - 1.58 - 1.59 -How to Verify the Source 1.60 --------------------------- 1.61 - 1.62 -In order to check that the version of GPGME which you are going to 1.63 -install is an original and unmodified one, you can do it in one of the 1.64 -following ways: 1.65 - 1.66 -a) If you have a trusted Version of GnuPG installed, you can simply check 1.67 - the supplied signature: 1.68 - 1.69 - $ gpg --verify gpgme-x.y.z.tar.gz.sig 1.70 - 1.71 - This checks that the detached signature gpgme-x.y.z.tar.gz.sig is 1.72 - indeed a a signature of gpgme-x.y.z.tar.gz. The key used to create 1.73 - this signature is either of: 1.74 - 1.75 - "pub 2048R/4F25E3B6 2011-01-12 Werner Koch (dist sig)" 1.76 - "pub 1024D/87978569 1999-05-13 1.77 - Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de> 1.78 - Marcus Brinkmann <mb@g10code.com>" 1.79 - 1.80 - If you do not have this key, you can get it from any keyserver. You 1.81 - have to make sure that this is really the key and not a faked one. 1.82 - You can do this by comparing the output of: 1.83 - 1.84 - $ gpg --fingerprint 0x4F25E3B6 1.85 - 1.86 - with the fingerprint published elsewhere. 1.87 - 1.88 -b) If you don't have any of the above programs, you have to verify 1.89 - the SHA1 checksum: 1.90 - 1.91 - $ sha1sum gpgme-x.y.z.tar.gz 1.92 - 1.93 - This should yield an output _similar_ to this: 1.94 - 1.95 - fd9351b26b3189c1d577f0970f9dcadc3412def1 gpgme-x.y.z.tar.gz 1.96 - 1.97 - Now check that this checksum is _exactly_ the same as the one 1.98 - published via the announcement list and probably via Usenet. 1.99 - 1.100 - 1.101 -Documentation 1.102 ---------------- 1.103 - 1.104 -For information how to use the library you can read the info manual, 1.105 -which is also a reference book, in the doc/ directory. The programs 1.106 -in the tests/gpg/ directory may also prove useful. 1.107 - 1.108 -Please subscribe to the gnupg-devel@gnupg.org mailing list if you want 1.109 -to do serious work. 1.110 - 1.111 -For hacking on GPGME, please have a look at doc/HACKING.