wok-current diff gpgme/description.txt @ rev 25659

Update expat CVE-2023-52425,CVE-2023-52426, patch libxml2 CVE-2024-25062
author Stanislas Leduc <shann@slitaz.org>
date Sun Feb 18 10:03:28 2024 +0000 (10 months ago)
parents ac006a7bf27c
children
line diff
     1.1 --- a/gpgme/description.txt	Thu Jun 23 01:40:19 2016 +0300
     1.2 +++ b/gpgme/description.txt	Sun Feb 18 10:03:28 2024 +0000
     1.3 @@ -1,21 +1,3 @@
     1.4 -                  GPGME - GnuPG Made Easy
     1.5 -                ---------------------------
     1.6 -
     1.7 -         Copyright 2004, 2006, 2010, 2012, 2013, 2014, 2015 g10 Code GmbH
     1.8 -
     1.9 -This file is free software; as a special exception the author gives
    1.10 -unlimited permission to copy and/or distribute it, with or without
    1.11 -modifications, as long as this notice is preserved.
    1.12 -
    1.13 -This file is distributed in the hope that it will be useful, but
    1.14 -WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
    1.15 -implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
    1.16 -PURPOSE.
    1.17 -
    1.18 -
    1.19 -Introduction
    1.20 ---------------
    1.21 -
    1.22  GnuPG Made Easy (GPGME) is a C language library that allows to add
    1.23  support for cryptography to a program.  It is designed to make access
    1.24  to public key crypto engines like GnuPG or GpgSM easier for
    1.25 @@ -24,86 +6,3 @@
    1.26  
    1.27  GPGME uses GnuPG and GpgSM as its backends to support OpenPGP and the
    1.28  Cryptographic Message Syntax (CMS).
    1.29 -
    1.30 -GPGME runs best on GNU/Linux or *BSD systems.  Other Unices may
    1.31 -require small portability fixes, please send us your patches.
    1.32 -
    1.33 -See the files COPYING, COPYING.LESSER, and each file for copyright and
    1.34 -warranty information.  The file AUTHORS has a list of authors and
    1.35 -useful web and mail addresses.
    1.36 -
    1.37 -
    1.38 -Installation
    1.39 ---------------
    1.40 -
    1.41 -See the file INSTALL for generic installation instructions.
    1.42 -
    1.43 -Check that you have unmodified sources.  See below on how to do this.
    1.44 -Don't skip it - this is an important step!
    1.45 -
    1.46 -To build GPGME, you need to install libgpg-error (>= 1.11) and
    1.47 -Libassuan (>= 2.0.2).
    1.48 -
    1.49 -For support of the OpenPGP protocol (default), you should use the
    1.50 -latest version of GnuPG (>= 1.4) , available at:
    1.51 -ftp://ftp.gnupg.org/gcrypt/gnupg/.  For support of the CMS
    1.52 -(Cryptographic Message Syntax) protocol and lot of other features, you
    1.53 -need a GnuPG version >= 2.0.
    1.54 -
    1.55 -For building the GIT version of GPGME please see the file README.GIT
    1.56 -for more information.
    1.57 -
    1.58 -
    1.59 -How to Verify the Source
    1.60 ---------------------------
    1.61 -
    1.62 -In order to check that the version of GPGME which you are going to
    1.63 -install is an original and unmodified one, you can do it in one of the
    1.64 -following ways:
    1.65 -
    1.66 -a) If you have a trusted Version of GnuPG installed, you can simply check
    1.67 -   the supplied signature:
    1.68 -
    1.69 -	$ gpg --verify gpgme-x.y.z.tar.gz.sig
    1.70 -
    1.71 -   This checks that the detached signature gpgme-x.y.z.tar.gz.sig is
    1.72 -   indeed a a signature of gpgme-x.y.z.tar.gz.  The key used to create
    1.73 -   this signature is either of:
    1.74 -
    1.75 -   "pub  2048R/4F25E3B6 2011-01-12 Werner Koch (dist sig)"
    1.76 -   "pub  1024D/87978569 1999-05-13
    1.77 -                        Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
    1.78 -                        Marcus Brinkmann <mb@g10code.com>"
    1.79 -
    1.80 -   If you do not have this key, you can get it from any keyserver.  You
    1.81 -   have to make sure that this is really the key and not a faked one.
    1.82 -   You can do this by comparing the output of:
    1.83 -
    1.84 -	$ gpg --fingerprint 0x4F25E3B6
    1.85 -
    1.86 -   with the fingerprint published elsewhere.
    1.87 -
    1.88 -b) If you don't have any of the above programs, you have to verify
    1.89 -   the SHA1 checksum:
    1.90 -
    1.91 -	$ sha1sum gpgme-x.y.z.tar.gz
    1.92 -
    1.93 -   This should yield an output _similar_ to this:
    1.94 -
    1.95 -   fd9351b26b3189c1d577f0970f9dcadc3412def1  gpgme-x.y.z.tar.gz
    1.96 -
    1.97 -   Now check that this checksum is _exactly_ the same as the one
    1.98 -   published via the announcement list and probably via Usenet.
    1.99 -
   1.100 -
   1.101 -Documentation
   1.102 ----------------
   1.103 -
   1.104 -For information how to use the library you can read the info manual,
   1.105 -which is also a reference book, in the doc/ directory.  The programs
   1.106 -in the tests/gpg/ directory may also prove useful.
   1.107 -
   1.108 -Please subscribe to the gnupg-devel@gnupg.org mailing list if you want
   1.109 -to do serious work.
   1.110 -
   1.111 -For hacking on GPGME, please have a look at doc/HACKING.