Author Topic: Notepad++ 7.6.5 released with GnuPG signatures  (Read 583 times)

0 Members and 1 Guest are viewing this topic.

JeGX

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1962
    • View Profile
    • Geeks3D.com
Notepad++ 7.6.5 released with GnuPG signatures
« on: April 02, 2019, 11:47:56 AM »
Quote
Since version 7.6.5 of Notepad++, the distributive packages are signed with digital signature by using GnuPG (GNU Privacy Guard). This allows users to reliably validate authenticity and integrity of Notepad++ packages.

On Windows you can use native GnuPG (https://gnupg.org) which works under the command line, or use Gpg4win (https://www.gpg4win.org) which is based on GnuPG and has a nice GUI. Of course you can also use PGP Desktop, which now days is provided by Symantec. Most Linux distributions ship with GnuPG installed by default. If you don't have it then install it using package management system present in your distribution.

Release Key
Notepad++ packages and GitHub commits are signed using the Release Key, which has the following characteristics:
Signer: Notepad++
E-mail: don.h@free.fr
Key ID: 0x8D84F46E
Key fingerprint: 14BC E436 2749 B2B5 1F8C 7122 6C42 9F1D 8D84 F46E
Key type: RSA 4096/4096
Created: 2019-03-11
Expiries: 2021-03-10

Obtaining and validating Release Key
To make signature verification possible, you need to obtain a copy of our Release Key:
https://notepad-plus-plus.org/gpg/nppGpgPub.asc

Then get the key ID from here:
https://github.com/notepad-plus-plus/notepad-plus-plus/blob/master/README.md#notepad-release-key

You should compare it against other copies downloaded from keyserver to minimize the risk of obtaining the malicious key. To do this, use the key ID to find the key in one of the following key servers:
http://keys.gnupg.net
https://keyserver.ubuntu.com
https://pgp.mit.edu
https://zimmermann.mayfirst.org

Full release notes: https://notepad-plus-plus.org/news/v7.6.5-with-gpg-signatures.html

Downloads
- @ Geeks3D
- @ notepad-plus-plus.org


Changelog
Quote
Notepad++ v7.6.5 new features and bug-fixes:

0.  Security enhancement: GPG Signature is provided for Notepad++ release.
1.  Fix a long waiting issue about file auto change detection: enhance "File status Auto-Detection" to avoid switching editing tab off behaviour.
2.  Fix encoding (language) detection regressions since v7.6.
3.  Fix a regression: double-clicking on a "find all in current document" result for an unsaved doc prompts to save it.
4.  Added close all unchanged tabs command.
5.  Restore deleted "Launch in browser" customized shortcuts in EU-FOSSA bounty program by implementing them in more secure way: Add "View Current File in Browser" for Firefox, Chrome, IE & Edge.
6.  Retain read only setting state in session.
7.  Enhancement: after file reload user can still undo.
8.  Fix a bug in command "Remove Consecutive Duplicate Lines" and make it work with old Macintosh EOL.
9.  Fix UDL language marker bullet position, if UDL Name exceeds 14 characters, extend UDL names to max 64 characters.
10. Enhance external call code to avoid eventual arbitrary commands execution. (EURO-FOSSA)
11. Fix crash issue by command "On Selection->Open File" while the number of selected characters is exceed 2048. (EURO-FOSSA)
12. Fix crash issue of User Define dialog while deleting a unallocated entry. (EURO-FOSSA)
13. Fix crash issue on shortcut command while its length exceed 260. (EURO-FOSSA)
14. Add an enhancement on "Open..." command to prevent from the eventual crash. (EURO-FOSSA)
15. Fix stack Buffer Overflow in Command::extractArgs. (EURO-FOSSA)