The NetBSD Project

CVS log for pkgsrc/security/gnupg/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / security / gnupg

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.166 / (download) - annotate - [select for diffs], Wed Nov 8 13:20:45 2023 UTC (4 months, 2 weeks ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2023Q4-base, pkgsrc-2023Q4, HEAD
Changes since 1.165: +2 -2 lines
Diff to previous 1.165 (colored) to selected 1.96 (colored)

*: recursive bump for icu 74.1

Revision 1.165 / (download) - annotate - [select for diffs], Tue Oct 24 22:10:47 2023 UTC (5 months ago) by wiz
Branch: MAIN
Changes since 1.164: +2 -2 lines
Diff to previous 1.164 (colored) to selected 1.96 (colored)

*: bump for openssl 3

Revision 1.164 / (download) - annotate - [select for diffs], Wed Apr 19 08:11:21 2023 UTC (11 months, 1 week ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base, pkgsrc-2023Q3, pkgsrc-2023Q2-base, pkgsrc-2023Q2
Changes since 1.163: +2 -2 lines
Diff to previous 1.163 (colored) to selected 1.96 (colored)

revbump after textproc/icu update

Revision 1.163 / (download) - annotate - [select for diffs], Wed Oct 26 10:31:56 2022 UTC (17 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4
Changes since 1.162: +2 -2 lines
Diff to previous 1.162 (colored) to selected 1.96 (colored)

*: bump PKGREVISION for libunistring shlib major bump

Revision 1.162 / (download) - annotate - [select for diffs], Tue May 10 11:50:55 2022 UTC (22 months, 2 weeks ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base, pkgsrc-2022Q3, pkgsrc-2022Q2-base, pkgsrc-2022Q2
Changes since 1.161: +2 -4 lines
Diff to previous 1.161 (colored) to selected 1.96 (colored)

*: Remove dodgy hacks for NetBSD versions older than 5.

Revision 1.161 / (download) - annotate - [select for diffs], Wed Dec 8 16:06:17 2021 UTC (2 years, 3 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4
Changes since 1.160: +2 -2 lines
Diff to previous 1.160 (colored) to selected 1.96 (colored)

revbump for icu and libffi

Revision 1.160 / (download) - annotate - [select for diffs], Thu Sep 30 11:17:10 2021 UTC (2 years, 5 months ago) by nia
Branch: MAIN
Changes since 1.159: +5 -1 lines
Diff to previous 1.159 (colored) to selected 1.96 (colored)

gnupg: asm is unsafe for MKPIE on i386

Revision 1.159 / (download) - annotate - [select for diffs], Wed Sep 29 19:01:16 2021 UTC (2 years, 5 months ago) by adam
Branch: MAIN
Changes since 1.158: +2 -2 lines
Diff to previous 1.158 (colored) to selected 1.96 (colored)

revbump for boost-libs

Revision 1.158 / (download) - annotate - [select for diffs], Wed Apr 21 13:25:18 2021 UTC (2 years, 11 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2
Changes since 1.157: +2 -2 lines
Diff to previous 1.157 (colored) to selected 1.96 (colored)

revbump for boost-libs

Revision 1.157 / (download) - annotate - [select for diffs], Mon Sep 7 13:08:28 2020 UTC (3 years, 6 months ago) by gdt
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3
Changes since 1.156: +2 -2 lines
Diff to previous 1.156 (colored) to selected 1.96 (colored)

devel/gnupg: Stop installing gpgsplit, because it conflicts with gnupg2

gpgsplit has been installed by gnupg(1) since 2002.  gpgsplit has also
been in tools/ within gnupg-2, but upstream recently moved it from
noinst_PROGRAMS to bin_PROGRAMS without noting this in NEWS.

Because gnugp2 is normal and gnupg remains for special cases, simply
drop gpgsplit from gnupg; we have no intent to save people from
installing gnupg2 -- only to continue to allow them to use the old gpg
binary for special uses.

Revision 1.156 / (download) - annotate - [select for diffs], Fri May 22 10:56:36 2020 UTC (3 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base, pkgsrc-2020Q2
Changes since 1.155: +2 -2 lines
Diff to previous 1.155 (colored) to selected 1.96 (colored)

revbump after updating security/nettle

Revision 1.155 / (download) - annotate - [select for diffs], Wed May 6 14:05:00 2020 UTC (3 years, 10 months ago) by adam
Branch: MAIN
Changes since 1.154: +2 -2 lines
Diff to previous 1.154 (colored) to selected 1.96 (colored)

revbump after boost update

Revision 1.154 / (download) - annotate - [select for diffs], Sun Mar 8 16:51:07 2020 UTC (4 years ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base, pkgsrc-2020Q1
Changes since 1.153: +2 -2 lines
Diff to previous 1.153 (colored) to selected 1.96 (colored)

*: recursive bump for libffi

Revision 1.153 / (download) - annotate - [select for diffs], Sun Jan 26 17:32:03 2020 UTC (4 years, 2 months ago) by rillig
Branch: MAIN
Changes since 1.152: +2 -2 lines
Diff to previous 1.152 (colored) to selected 1.96 (colored)

all: migrate homepages from http to https

pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.

Revision 1.152 / (download) - annotate - [select for diffs], Sat Jan 18 21:50:36 2020 UTC (4 years, 2 months ago) by jperkin
Branch: MAIN
Changes since 1.151: +2 -2 lines
Diff to previous 1.151 (colored) to selected 1.96 (colored)

*: Recursive revision bump for openssl 1.1.1.

Revision 1.151 / (download) - annotate - [select for diffs], Sun Jan 12 20:20:41 2020 UTC (4 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.150: +2 -2 lines
Diff to previous 1.150 (colored) to selected 1.96 (colored)

*: Recursive revbump from devel/boost-libs

Revision 1.150 / (download) - annotate - [select for diffs], Thu Aug 22 12:23:44 2019 UTC (4 years, 7 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4, pkgsrc-2019Q3-base, pkgsrc-2019Q3
Changes since 1.149: +2 -2 lines
Diff to previous 1.149 (colored) to selected 1.96 (colored)

Recursive revbump from boost-1.71.0

Revision 1.149 / (download) - annotate - [select for diffs], Sat Jul 20 22:46:46 2019 UTC (4 years, 8 months ago) by wiz
Branch: MAIN
Changes since 1.148: +2 -2 lines
Diff to previous 1.148 (colored) to selected 1.96 (colored)

*: recursive bump for nettle 3.5.1

Revision 1.148 / (download) - annotate - [select for diffs], Mon Jul 1 04:08:45 2019 UTC (4 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.147: +2 -2 lines
Diff to previous 1.147 (colored) to selected 1.96 (colored)

Recursive revbump from boost-1.70.0

Revision 1.147 / (download) - annotate - [select for diffs], Thu Dec 13 19:52:19 2018 UTC (5 years, 3 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4
Changes since 1.146: +2 -2 lines
Diff to previous 1.146 (colored) to selected 1.96 (colored)

revbump for boost 1.69.0

Revision 1.146 / (download) - annotate - [select for diffs], Thu Aug 16 18:55:09 2018 UTC (5 years, 7 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base, pkgsrc-2018Q3
Changes since 1.145: +2 -1 lines
Diff to previous 1.145 (colored) to selected 1.96 (colored)

revbump after boost-libs update

Revision 1.145 / (download) - annotate - [select for diffs], Fri Jun 15 21:51:23 2018 UTC (5 years, 9 months ago) by tez
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base, pkgsrc-2018Q2
Changes since 1.144: +2 -3 lines
Diff to previous 1.144 (colored) to selected 1.96 (colored)

gnupg: update to 1.4.23

Fixes CVE-2017-7526

Updates since 1.4.22:

2018-06-11  Werner Koch  <wk@gnupg.org>

        Release 1.4.23.
        + commit 8ae6a246bef5b5eb0684e9fb1c933a4f8441dadd


2018-06-08  Werner Koch  <wk@gnupg.org>

        gpg: Sanitize diagnostic with the original file name.
        + commit 2326851c60793653069494379b16d84e4c10a0ac
        * g10/mainproc.c (proc_plaintext): Sanitize verbose output.

2018-04-13  NIIBE Yutaka  <gniibe@fsij.org>

        g10: Push compress filter only if compressed.
        + commit 0f8fd95ab32a6d29dac79e19f0850037c7d0c16f
        * g10/compress.c (handle_compressed): Fix memory leak.

2017-12-18  NIIBE Yutaka  <gniibe@fsij.org>

        po: Update Japanese translation.
        + commit 1338bce5f66a95b53f18c4b54f0e9ac79604500a
        * po/ja.po: Fix message with no "%s".

2017-12-04  NIIBE Yutaka  <gniibe@fsij.org>
            Damien Goutte-Gattat  <dgouttegattat@incenp.org>

        g10: Fix regexp sanitization.
        + commit 9441946e1824eb58249c58432ed1f554d0d8a102
        * g10/trustdb.c (sanitize_regexp): Only escape operators.

2017-11-10  Dario Niedermann  <dario@darioniedermann.it>

        Do not use C99 feature.
        + commit 877e3073d731fec55a88673f91ed646a75e786c8
        * cipher/rsa.c (secret): Move var decl to the beginning.

2017-09-06  Frans Spiesschaert  <Frans.Spiesschaert@yucom.be>

        po: update Dutch translation.
        + commit aa26eda8ab679a80a7be2c82478cb4440b45ec8c


2017-08-04  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

        doc: Remove documentation for future option --faked-system-time.
        + commit eb15d5ed8e4a765998e9de7698bdc65328bcaaa3
        doc/gpg.texi: Remove documentation for --faked-system-time.

2017-08-02  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

        debian: Remove packaging from upstream repository.
        + commit 9832a4bacfa5232534f2c7fe7655bd0677a41f6e
        Debian packaging for GnuPG is handled in debian git repositories, and
        doesn't belong here in the upstream repository.  The packaging was
        significantly out of date anyway.

        If you're looking for debian packaging for the 1.4 branch of GnuPG,
        please use the following git remote:

            https://anonscm.debian.org/git/pkg-gnupg/gnupg1.git

2017-08-02  Joe Hansen  <joedalton2@yahoo.dk>

        po: Update Danish translation.
        + commit 12afc37a946477692257d725acac513f271c4e9e
        Originally reported at:
        http://lists.gnupg.org/pipermail/gnupg-i18n/2014-November/000308.html

2017-08-02  Frans Spiesschaert  <Frans.Spiesschaert@yucom.be>

        po: Update Dutch translation.
        + commit 6d5c5204d79fa9d01981c0076d3acde18534640a
        Debian-Bug-Id: 845695

2017-08-01  Manuel Venturi Porras Peralta  <venturi@openmailbox.org>

        po: Update Spanish translation.
        + commit 76239356bcb3bfeec5327637ed87429594868fef
        Debian-Bug-Id: 814541

Revision 1.144 / (download) - annotate - [select for diffs], Sun Apr 29 21:32:02 2018 UTC (5 years, 11 months ago) by adam
Branch: MAIN
Changes since 1.143: +2 -2 lines
Diff to previous 1.143 (colored) to selected 1.96 (colored)

revbump for boost-libs update

Revision 1.143 / (download) - annotate - [select for diffs], Sat Apr 21 13:38:06 2018 UTC (5 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.142: +1 -2 lines
Diff to previous 1.142 (colored) to selected 1.96 (colored)

*: gd.tuwien.ac.at/ftp.tuwien.ac.at is gone, remove it from various mastersites

Revision 1.142 / (download) - annotate - [select for diffs], Tue Jan 2 05:37:23 2018 UTC (6 years, 2 months ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base, pkgsrc-2018Q1
Changes since 1.141: +1 -2 lines
Diff to previous 1.141 (colored) to selected 1.96 (colored)

Remove traces of crypto restrictions from packages.

ok for idea riastradh.

Revision 1.141 / (download) - annotate - [select for diffs], Mon Jan 1 21:18:50 2018 UTC (6 years, 2 months ago) by adam
Branch: MAIN
Changes since 1.140: +2 -2 lines
Diff to previous 1.140 (colored) to selected 1.96 (colored)

Revbump after boost update

Revision 1.140 / (download) - annotate - [select for diffs], Thu Aug 24 20:03:38 2017 UTC (6 years, 7 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3
Changes since 1.139: +2 -1 lines
Diff to previous 1.139 (colored) to selected 1.96 (colored)

Revbump for boost update

Revision 1.139 / (download) - annotate - [select for diffs], Mon Aug 14 20:12:00 2017 UTC (6 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.138: +2 -3 lines
Diff to previous 1.138 (colored) to selected 1.96 (colored)

Updated gnupg to 1.4.22.

Noteworthy changes in version 1.4.22 (2017-07-19)
-------------------------------------------------

 * Mitigate a flush+reload side-channel attack on RSA secret keys
   dubbed "Sliding right into disaster".  For details see
   <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]

 * Fix some minor bugs.

Revision 1.138 / (download) - annotate - [select for diffs], Sun Apr 30 01:21:59 2017 UTC (6 years, 11 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2
Changes since 1.137: +2 -2 lines
Diff to previous 1.137 (colored) to selected 1.96 (colored)

Recursive revbump from boost update

Revision 1.137 / (download) - annotate - [select for diffs], Thu Jan 19 18:52:23 2017 UTC (7 years, 2 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base, pkgsrc-2017Q1
Changes since 1.136: +4 -4 lines
Diff to previous 1.136 (colored) to selected 1.96 (colored)

Convert all occurrences (353 by my count) of

	MASTER_SITES= 	site1 \
			site2

style continuation lines to be simple repeated

	MASTER_SITES+= site1
	MASTER_SITES+= site2

lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.

Revision 1.136 / (download) - annotate - [select for diffs], Sun Jan 1 16:06:35 2017 UTC (7 years, 2 months ago) by adam
Branch: MAIN
Changes since 1.135: +2 -2 lines
Diff to previous 1.135 (colored) to selected 1.96 (colored)

Revbump after boost update

Revision 1.135 / (download) - annotate - [select for diffs], Fri Oct 7 18:26:09 2016 UTC (7 years, 5 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base, pkgsrc-2016Q4
Changes since 1.134: +2 -1 lines
Diff to previous 1.134 (colored) to selected 1.96 (colored)

Revbump post boost update

Revision 1.133.4.1 / (download) - annotate - [select for diffs], Tue Sep 13 18:23:35 2016 UTC (7 years, 6 months ago) by bsiegert
Branch: pkgsrc-2016Q2
Changes since 1.133: +2 -3 lines
Diff to previous 1.133 (colored) next main 1.134 (colored) to selected 1.96 (colored)

Pullup ticket #5100 - requested by maya
security/gnupg: security fix
security/libgcrypt: security fix, build fix

Revisions pulled up:
- security/gnupg/Makefile                                       1.134
- security/gnupg/distinfo                                       1.70
- security/libgcrypt/Makefile                                   1.82-1.84
- security/libgcrypt/buildlink3.mk                              1.18
- security/libgcrypt/distinfo                                   1.67-1.68
- security/libgcrypt/patches/patch-aa                           1.9

---
   Module Name:    pkgsrc
   Committed By:   maya
   Date:           Wed Aug 17 23:05:19 UTC 2016

   Modified Files:
           pkgsrc/security/gnupg: Makefile distinfo

   Log Message:
   Update gnupg to 1.4.21

   Changelog:
   2016-08-17  Werner Koch  <wk%gnupg.org@localhost>

           Release 1.4.21.

           gpg: Add dummy option --with-subkey-fingerprint.
           * g10/gpg.c (opts): Add dummy option.

           build: Create a swdb file during "make distcheck".
           * Makefile.am (distcheck-hook): New.

   2016-08-17  Ineiev  <ineiev%gnu.org@localhost>

           po: Update Russian translation.

   2016-08-17  Werner Koch  <wk%gnupg.org@localhost>

           random: Hash continuous areas in the csprng pool.
           * cipher/random.c (mix_pool): Store the first hash at the end of the
           pool.

           cipher: Improve readability by using a macro.
           * cipher/random.c (mix_pool): Use DIGESTLEN instead of 20.

   2016-08-09  Daniel Kahn Gillmor  <dkg%fifthhorseman.net@localhost>

           gpg: Avoid publishing the GnuPG version by default.
           * g10/gpg.c (main): initialize opt.emit_version to 0
           * doc/gpg.texi: document different default for --emit-version

   2016-08-04  Daniel Kahn Gillmor  <dkg%fifthhorseman.net@localhost>

           Clean up "allow to"
           * README, cipher/cipher.c, cipher/pubkey.c, doc/gpg.texi: replace
             "allow to" with clearer text

           In standard English, the normal construction is "${XXX} allows ${YYY}
           to" -- that is, the subject (${XXX}) of the sentence is allowing the
           object (${YYY}) to do something.  When the object is missing, the
           phrasing sounds awkward, even if the object is implied by context.
           There's almost always a better construction that isn't as awkward.

           These changes should make the language a bit clearer.

           Fix spelling: "occured" should be "occurred"
           * checks/armor.test, cipher/des.c, g10/ccid-driver.c, g10/pkclist.c,
             util/regcomp.c, util/regex_internal.c: correct the spelling of
             "occured" to "occurred"

   2016-08-04  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           g10: Fix checking key for signature validation.
           * g10/sig-check.c (signature_check2): Not only subkey, but also primary
           key should have flags.valid=1.

   2016-08-03  Justus Winter  <justus%g10code.com@localhost>

           Partially revert "g10: Fix another race condition for trustdb access."
           This amends db246f8b which accidentally included the compiled
           translation files.

   2016-07-09  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           gpgv: Tweak default options for extra security.
           * g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
           cached status.  Similarly, set opt.flags.require_cross_cert for backsig
           validation for subkey signature.

   2016-07-06  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           g10: Fix keysize with --expert.
           * g10/keygen.c (ask_keysize): It's 768 only for DSA.

   2016-06-28  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           g10: Fix --list-packets.
           * g10/gpg.c (main): Call set_packet_list_mode after assignment of
           opt.list_packets.
           * g10/mainproc.c (do_proc_packets): Don't stop processing with
           --list-packets as the comment says.
           * g10/options.h (list_packets): Fix the comment.
           * g10/parse-packet.c: Fix the condition for opt.list_packets.

   2016-06-15  Niibe Yutaka  <gniibe%fsij.org@localhost>

           g10: Fix another race condition for trustdb access.
           * g10/tdbio.c (create_version_record): Call create_hashtable to always
           make hashtable, together with the version record.
           (get_trusthashrec): Remove call to create_hashtable.

   2016-02-12  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           g10: Make sure to have the directory for trustdb.
           * g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE.  Check
           the directory and create it if none before calling take_write_lock.

   2016-02-01  Werner Koch  <wk%gnupg.org@localhost>

           Fix possible sign extension problem with newer compilers.
           * cipher/des.c (READ_64BIT_DATA): Cast to u32 before shifting by 24.
           * cipher/blowfish.c (do_encrypt_block): Ditto.
           (do_decrypt_block): Ditto.
           * cipher/camellia.c (CAMELLIA_RR8): Ditto.
           * cipher/cast5.c (do_encrypt_block): Ditto.
           (do_decrypt_block): Ditto.
           (do_cast_setkey): Ditto.
           * cipher/twofish.c (INPACK): Ditto.
           * util/iobuf.c (block_filter): Ditto.

   2016-01-26  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           g10: Fix iobuf API of filter function for alignment.
           * include/iobuf.h (struct iobuf_struct): Remove DESC.
           * util/iobuf.c (iobuf_desc): New.
           (print_chain, iobuf_close, iobuf_open, iobuf_fdopen, iobuf_sockopen)
           (iobuf_create, iobuf_append, iobuf_openrw, iobuf_ioctl)
           (iobuf_push_filter2, pop_filter, underflow): Use iobuf_desc.
           (file_filter, sock_filter, block_filter): Fill the description.
           * g10/armor.c, g10/cipher.c, g10/compress-bz2.c, g10/compress.c,
           g10/encode.c, g10/encr-data.c, g10/mdfilter.c, g10/pipemode.c,
           g10/progress.c, g10/textfilter.c: Likewise.

   2016-01-15  Werner Koch  <wk%gnupg.org@localhost>

           Fix possible AIX problem with sysconf in rndunix.
           * cipher/rndunix.c [HAVE_STDINT_H]: Include stdint.h.
           (start_gatherer): Detect misbehaving sysconf.

   2016-01-13  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           Fix to support git worktree.
           * Makefile.am: Use -e for testing .git.

   2015-12-21  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           po: Update Japanese translation.

---
   Module Name:    pkgsrc
   Committed By:   maya
   Date:           Wed Aug 17 23:13:11 UTC 2016

   Modified Files:
           pkgsrc/security/libgcrypt: Makefile buildlink3.mk distinfo

   Log Message:
   Update libgcrypt to 1.7.3

   Changelog:

   2016-08-17  Werner Koch  <wk%gnupg.org@localhost>

           Release 1.7.3.
           * configure.ac: Set LT version to C21/A1/R3.

           random: Hash continuous areas in the csprng pool.
           * random/random-csprng.c (mix_pool): Store the first hash at the end
           of the pool.

           random: Improve the diagram showing the random mixing.
           * random/random-csprng.c (mix_pool): Use DIGESTLEN instead of 20.

   2016-07-19  Jussi Kivilinna  <jussi.kivilinna%iki.fi@localhost>

           crc-intel-pclmul: split assembly block to ease register pressure.
           * cipher/crc-intel-pclmul.c (crc32_less_than_16): Split inline
           assembly block handling 4 byte input into multiple blocks.

           rijndael-aesni: split assembly block to ease register pressure.
           * cipher/rijndael-aesni.c (do_aesni_ctr_4): Use single register
           constraint for passing 'bige_addb' to assembly block; split
           first inline assembly block into two parts.

   2016-07-14  Jussi Kivilinna  <jussi.kivilinna%iki.fi@localhost>

           Add ARMv8/AArch32 Crypto Extension implementation of AES.
           * cipher/Makefile.am: Add 'rijndael-armv8-ce.c' and
           'rijndael-armv-aarch32-ce.S'.
           * cipher/rijndael-armv8-aarch32-ce.S: New.
           * cipher/rijndael-armv8-ce.c: New.
           * cipher/rijndael-internal.h (USE_ARM_CE): New.
           (RIJNDAEL_context_s): Add 'use_arm_ce'.
           * cipher/rijndael.c [USE_ARM_CE] (_gcry_aes_armv8_ce_setkey)
           (_gcry_aes_armv8_ce_prepare_decryption)
           (_gcry_aes_armv8_ce_encrypt, _gcry_aes_armv8_ce_decrypt)
           (_gcry_aes_armv8_ce_cfb_enc, _gcry_aes_armv8_ce_cbc_enc)
           (_gcry_aes_armv8_ce_ctr_enc, _gcry_aes_armv8_ce_cfb_dec)
           (_gcry_aes_armv8_ce_cbc_dec, _gcry_aes_armv8_ce_ocb_crypt)
           (_gcry_aes_armv8_ce_ocb_auth): New.
           (do_setkey) [USE_ARM_CE]: Add ARM CE/AES HW feature check and key
           setup for ARM CE.
           (prepare_decryption, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
           (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec)
           (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth) [USE_ARM_CE]: Add
           ARM CE support.
           * configure.ac: Add 'rijndael-armv8-ce.lo' and
           'rijndael-armv8-aarch32-ce.lo'.

           Add ARMv8/AArch32 Crypto Extension implementation of GCM.
           * cipher/Makefile.am: Add 'cipher-gcm-armv8-aarch32-ce.S'.
           * cipher/cipher-gcm-armv8-aarch32-ce.S: New.
           * cipher/cipher-gcm.c [GCM_USE_ARM_PMULL]
           (_gcry_ghash_setup_armv8_ce_pmull, _gcry_ghash_armv8_ce_pmull)
           (ghash_setup_armv8_ce_pmull, ghash_armv8_ce_pmull): New.
           (setupM) [GCM_USE_ARM_PMULL]: Enable ARM PMULL implementation if
           HWF_ARM_PULL HW feature flag is enabled.
           * cipher/cipher-gcm.h (GCM_USE_ARM_PMULL): New.

           Add ARMv8/AArch32 Crypto Extension implemenation of SHA-256.
           * cipher/Makefile.am: Add 'sha256-armv8-aarch32-ce.S'.
           * cipher/sha256-armv8-aarch32-ce.S: New.
           * cipher/sha256.c (USE_ARM_CE): New.
           (sha256_init, sha224_init): Check features for HWF_ARM_SHA1.
           [USE_ARM_CE] (_gcry_sha256_transform_armv8_ce): New.
           (transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports.
           (SHA256_CONTEXT): Add 'use_arm_ce'.
           * configure.ac: Add 'sha256-armv8-aarch32-ce.lo'.

           Add ARMv8/AArch32 Crypto Extension implementation of SHA-1.
           * cipher/Makefile.am: Add 'sha1-armv8-aarch32-ce.S'.
           * cipher/sha1-armv7-neon.S (_gcry_sha1_transform_armv7_neon): Add
           missing size.
           * cipher/sha1-armv8-aarch32-ce.S: New.
           * cipher/sha1.c (USE_ARM_CE): New.
           (sha1_init): Check features for HWF_ARM_SHA1.
           [USE_ARM_CE] (_gcry_sha1_transform_armv8_ce): New.
           (transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports
           it.
           * cipher/sha1.h (SHA1_CONTEXT): Add 'use_arm_ce'.
           * configure.ac: Add 'sha1-armv8-aarch32-ce.lo'.

           Add HW feature check for ARMv8 AArch64 and crypto extensions.
           * configure.ac: Add '--disable-arm-crypto-support'; enable hwf-arm
           module on 64-bit ARM.
           (armcryptosupport, gcry_cv_gcc_inline_aarch32_crypto)
           (gcry_cv_inline_asm_aarch64_neon)
           (gcry_cv_gcc_inline_asm_aarch64_crypto): New.
           * src/g10lib.h (HWF_ARM_AES, HWF_ARM_SHA1, HWF_ARM_SHA2)
           (HWF_ARM_PMULL): New.
           * src/hwf-arm.c [__aarch64__]: Enable building in AArch64 mode.
           (feature_map_s): New.
           [__arm__] (AT_HWCAP, AT_HWCAP2, HWCAP2_AES, HWCAP2_PMULL)
           (HWCAP2_SHA1, HWCAP2_SHA2, arm_features): New.
           [__aarch64__] (AT_HWCAP, AT_HWCAP2, HWCAP_ASIMD, HWCAP_AES)
           (HWCAP_PMULL, HWCAP_SHA1, HWCAP_SHA2, arm_features): New.
           (get_hwcap): Add reading of 'AT_HWCAP2'; Change auxv use
           'unsigned long'.
           (detect_arm_at_hwcap): Add mapping of HWCAP/HWCAP2 to HWF flags.
           (detect_arm_proc_cpuinfo): Add mapping of CPU features to HWF flags.
           (_gcry_hwf_detect_arm): Use __ARM_NEON instead of legacy __ARM_NEON__.
           * src/hwfeatures.c (hwflist): Add 'arm-aes', 'arm-sha1', 'arm-sha2'
           and 'arm-pmull'.

---
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Sat Aug 20 19:22:37 UTC 2016

   Modified Files:
           pkgsrc/security/libgcrypt: Makefile

   Log Message:
   Depends on libgpg-error-1.13.
   >From David H. Gutteridge in PR 51430.

---
   Module Name:    pkgsrc
   Committed By:   fhajny
   Date:           Thu Sep  1 10:19:30 UTC 2016

   Modified Files:
           pkgsrc/security/libgcrypt: Makefile distinfo
           pkgsrc/security/libgcrypt/patches: patch-aa

   Log Message:
   Use COMPILER_RPATH_FLAG properly. Reconciles libgcrypt-config with
   Darwin linker. Fixes joyent/pkgsrc#400. Bump PKGREVISION.

Revision 1.134 / (download) - annotate - [select for diffs], Wed Aug 17 23:05:19 2016 UTC (7 years, 7 months ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base, pkgsrc-2016Q3
Changes since 1.133: +2 -3 lines
Diff to previous 1.133 (colored) to selected 1.96 (colored)

Update gnupg to 1.4.21

Changelog:
2016-08-17  Werner Koch  <wk@gnupg.org>

	Release 1.4.21.

	gpg: Add dummy option --with-subkey-fingerprint.
	* g10/gpg.c (opts): Add dummy option.

	build: Create a swdb file during "make distcheck".
	* Makefile.am (distcheck-hook): New.

2016-08-17  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.

2016-08-17  Werner Koch  <wk@gnupg.org>

	random: Hash continuous areas in the csprng pool.
	* cipher/random.c (mix_pool): Store the first hash at the end of the
	pool.

	cipher: Improve readability by using a macro.
	* cipher/random.c (mix_pool): Use DIGESTLEN instead of 20.

2016-08-09  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Avoid publishing the GnuPG version by default.
	* g10/gpg.c (main): initialize opt.emit_version to 0
	* doc/gpg.texi: document different default for --emit-version

2016-08-04  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	Clean up "allow to"
	* README, cipher/cipher.c, cipher/pubkey.c, doc/gpg.texi: replace
	  "allow to" with clearer text

	In standard English, the normal construction is "${XXX} allows ${YYY}
	to" -- that is, the subject (${XXX}) of the sentence is allowing the
	object (${YYY}) to do something.  When the object is missing, the
	phrasing sounds awkward, even if the object is implied by context.
	There's almost always a better construction that isn't as awkward.

	These changes should make the language a bit clearer.

	Fix spelling: "occured" should be "occurred"
	* checks/armor.test, cipher/des.c, g10/ccid-driver.c, g10/pkclist.c,
	  util/regcomp.c, util/regex_internal.c: correct the spelling of
	  "occured" to "occurred"

2016-08-04  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix checking key for signature validation.
	* g10/sig-check.c (signature_check2): Not only subkey, but also primary
	key should have flags.valid=1.

2016-08-03  Justus Winter  <justus@g10code.com>

	Partially revert "g10: Fix another race condition for trustdb access."
	This amends db246f8b which accidentally included the compiled
	translation files.

2016-07-09  NIIBE Yutaka  <gniibe@fsij.org>

	gpgv: Tweak default options for extra security.
	* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
	cached status.  Similarly, set opt.flags.require_cross_cert for backsig
	validation for subkey signature.

2016-07-06  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix keysize with --expert.
	* g10/keygen.c (ask_keysize): It's 768 only for DSA.

2016-06-28  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix --list-packets.
	* g10/gpg.c (main): Call set_packet_list_mode after assignment of
	opt.list_packets.
	* g10/mainproc.c (do_proc_packets): Don't stop processing with
	--list-packets as the comment says.
	* g10/options.h (list_packets): Fix the comment.
	* g10/parse-packet.c: Fix the condition for opt.list_packets.

2016-06-15  Niibe Yutaka  <gniibe@fsij.org>

	g10: Fix another race condition for trustdb access.
	* g10/tdbio.c (create_version_record): Call create_hashtable to always
	make hashtable, together with the version record.
	(get_trusthashrec): Remove call to create_hashtable.

2016-02-12  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Make sure to have the directory for trustdb.
	* g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE.  Check
	the directory and create it if none before calling take_write_lock.

2016-02-01  Werner Koch  <wk@gnupg.org>

	Fix possible sign extension problem with newer compilers.
	* cipher/des.c (READ_64BIT_DATA): Cast to u32 before shifting by 24.
	* cipher/blowfish.c (do_encrypt_block): Ditto.
	(do_decrypt_block): Ditto.
	* cipher/camellia.c (CAMELLIA_RR8): Ditto.
	* cipher/cast5.c (do_encrypt_block): Ditto.
	(do_decrypt_block): Ditto.
	(do_cast_setkey): Ditto.
	* cipher/twofish.c (INPACK): Ditto.
	* util/iobuf.c (block_filter): Ditto.

2016-01-26  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix iobuf API of filter function for alignment.
	* include/iobuf.h (struct iobuf_struct): Remove DESC.
	* util/iobuf.c (iobuf_desc): New.
	(print_chain, iobuf_close, iobuf_open, iobuf_fdopen, iobuf_sockopen)
	(iobuf_create, iobuf_append, iobuf_openrw, iobuf_ioctl)
	(iobuf_push_filter2, pop_filter, underflow): Use iobuf_desc.
	(file_filter, sock_filter, block_filter): Fill the description.
	* g10/armor.c, g10/cipher.c, g10/compress-bz2.c, g10/compress.c,
	g10/encode.c, g10/encr-data.c, g10/mdfilter.c, g10/pipemode.c,
	g10/progress.c, g10/textfilter.c: Likewise.

2016-01-15  Werner Koch  <wk@gnupg.org>

	Fix possible AIX problem with sysconf in rndunix.
	* cipher/rndunix.c [HAVE_STDINT_H]: Include stdint.h.
	(start_gatherer): Detect misbehaving sysconf.

2016-01-13  NIIBE Yutaka  <gniibe@fsij.org>

	Fix to support git worktree.
	* Makefile.am: Use -e for testing .git.

2015-12-21  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.

Revision 1.133 / (download) - annotate - [select for diffs], Sat Mar 5 11:29:20 2016 UTC (8 years ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base, pkgsrc-2016Q1-base, pkgsrc-2016Q1
Branch point for: pkgsrc-2016Q2
Changes since 1.132: +2 -1 lines
Diff to previous 1.132 (colored) to selected 1.96 (colored)

Bump PKGREVISION for security/openssl ABI bump.

Revision 1.132 / (download) - annotate - [select for diffs], Wed Feb 24 13:01:21 2016 UTC (8 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.131: +2 -2 lines
Diff to previous 1.131 (colored) to selected 1.96 (colored)

Drop maintainership.

Revision 1.131 / (download) - annotate - [select for diffs], Fri Jan 22 08:39:51 2016 UTC (8 years, 2 months ago) by zafer
Branch: MAIN
Changes since 1.130: +1 -2 lines
Diff to previous 1.130 (colored) to selected 1.96 (colored)

remove one dead mirror (not resolved)

Revision 1.130 / (download) - annotate - [select for diffs], Tue Dec 22 20:55:41 2015 UTC (8 years, 3 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base, pkgsrc-2015Q4
Changes since 1.129: +2 -3 lines
Diff to previous 1.129 (colored) to selected 1.96 (colored)

Update to 1.4.20

Changelog:
Noteworthy changes in version 1.4.20 (2015-12-20)
-------------------------------------------------

 * Reject signatures made using the MD5 hash algorithm unless the
   new option --allow-weak-digest-algos or --pgp2 are given.

 * New option --weak-digest to specify hash algorithms which
   should be considered weak.

 * Changed default cipher for symmetric-only encryption to AES-128.

 * Fix for DoS when importing certain garbled secret keys.

 * Improved error reporting for secret subkey w/o corresponding public
   subkey.

 * Improved error reporting in decryption due to wrong algorithm.

 * Fix cluttering of stdout with trustdb info in double verbose mode.

 * Pass a DBUS envvar to gpg-agent for use by gnome-keyring.

Revision 1.129 / (download) - annotate - [select for diffs], Mon Nov 16 10:33:35 2015 UTC (8 years, 4 months ago) by wiz
Branch: MAIN
Changes since 1.128: +2 -1 lines
Diff to previous 1.128 (colored) to selected 1.96 (colored)

Bump PKGREVISION.

Revision 1.127.2.1 / (download) - annotate - [select for diffs], Mon Mar 9 19:06:32 2015 UTC (9 years ago) by tron
Branch: pkgsrc-2014Q4
Changes since 1.127: +2 -2 lines
Diff to previous 1.127 (colored) next main 1.128 (colored) to selected 1.96 (colored)

Pullup ticket #4635 - requested by he
security/gnupg: security update

Revisions pulled up:
- security/gnupg/Makefile                                       1.128
- security/gnupg/PLIST                                          1.28
- security/gnupg/distinfo                                       1.66

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Sat Feb 28 00:13:25 UTC 2015

   Modified Files:
   	pkgsrc/security/gnupg: Makefile PLIST distinfo

   Log Message:
   Update to 1.4.19:

   Noteworthy changes in version 1.4.19 (2015-02-27)
   -------------------------------------------------

    * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
      See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.

    * Fixed data-dependent timing variations in modular exponentiation
      [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
      are Practical].

    * Detect faulty use of --verify on detached signatures.

    * Changed the PKA method to use CERT records and hashed names.

    * New import option "keep-ownertrust".

    * Support algorithm names when generating keys using the --command-fd
      method.

    * Updated many translations.

    * Updated build system.

    * Fixed a regression in keyserver import

    * Fixed argument parsing for option --debug-level.

    * Fixed DoS based on bogus and overlong key packets.

    * Fixed bugs related to bogus keyrings.

    * The usual minor minor bug fixes.

Revision 1.128 / (download) - annotate - [select for diffs], Sat Feb 28 00:13:25 2015 UTC (9 years, 1 month ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1
Changes since 1.127: +2 -2 lines
Diff to previous 1.127 (colored) to selected 1.96 (colored)

Update to 1.4.19:

Noteworthy changes in version 1.4.19 (2015-02-27)
-------------------------------------------------

 * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
   See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.

 * Fixed data-dependent timing variations in modular exponentiation
   [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
   are Practical].

 * Detect faulty use of --verify on detached signatures.

 * Changed the PKA method to use CERT records and hashed names.

 * New import option "keep-ownertrust".

 * Support algorithm names when generating keys using the --command-fd
   method.

 * Updated many translations.

 * Updated build system.

 * Fixed a regression in keyserver import

 * Fixed argument parsing for option --debug-level.

 * Fixed DoS based on bogus and overlong key packets.

 * Fixed bugs related to bogus keyrings.

 * The usual minor minor bug fixes.

Revision 1.127 / (download) - annotate - [select for diffs], Thu Oct 9 14:06:52 2014 UTC (9 years, 5 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base
Branch point for: pkgsrc-2014Q4
Changes since 1.126: +1 -3 lines
Diff to previous 1.126 (colored) to selected 1.96 (colored)

Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles.

Revision 1.126 / (download) - annotate - [select for diffs], Tue Jul 22 11:24:29 2014 UTC (9 years, 8 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base, pkgsrc-2014Q3
Changes since 1.125: +2 -2 lines
Diff to previous 1.125 (colored) to selected 1.96 (colored)

Update to 1.4.18:

Noteworthy changes in version 1.4.18 (2014-06-30)
-------------------------------------------------

 * Fix a regression in 1.4.17 if more than one keyid is given
   to --recv-keys et al.

 * Cap RSA and Elgamal keysize at 4096 bit also for unattended key
   generation.

Revision 1.125 / (download) - annotate - [select for diffs], Tue Jun 24 07:35:10 2014 UTC (9 years, 9 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base, pkgsrc-2014Q2
Changes since 1.124: +2 -3 lines
Diff to previous 1.124 (colored) to selected 1.96 (colored)

Update to 1.4.17 due to security fix:

Noteworthy changes in version 1.4.17 (2014-06-23)
-------------------------------------------------

 * Avoid DoS due to garbled compressed data packets.

 * Screen keyserver reponses to avoid import of unwanted keys by rogue
   servers.

 * Add hash algorithms to the "sig" records of the colon output.

 * More specific reason codes for INV_RECP status.

 * Fixes for PC/SC access on Apple.

 * Minor bug fixes.

Revision 1.124 / (download) - annotate - [select for diffs], Wed Feb 12 23:18:32 2014 UTC (10 years, 1 month ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base, pkgsrc-2014Q1
Changes since 1.123: +2 -1 lines
Diff to previous 1.123 (colored) to selected 1.96 (colored)

Recursive PKGREVISION bump for OpenSSL API version bump.

Revision 1.123 / (download) - annotate - [select for diffs], Wed Dec 18 18:56:24 2013 UTC (10 years, 3 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base, pkgsrc-2013Q4
Changes since 1.122: +2 -2 lines
Diff to previous 1.122 (colored) to selected 1.96 (colored)

Update to 1.4.16:

Noteworthy changes in version 1.4.16 (2013-12-18)
-------------------------------------------------

 * Fixed the RSA Key Extraction via Low-Bandwidth Acoustic
   Cryptanalysis attack as described by Genkin, Shamir, and Tromer.
   See <http://www.cs.tau.ac.il/~tromer/acoustic/>.  [CVE-2013-4576]

 * Put only the major version number by default into armored output.

 * Do not create a trustdb file if --trust-model=always is used.

 * Print the keyid for key packets with --list-packets.

 * Changed modular exponentiation algorithm to recover from a small
   performance loss due to a change in 1.4.14.

Revision 1.122 / (download) - annotate - [select for diffs], Sat Oct 26 23:30:29 2013 UTC (10 years, 5 months ago) by wiz
Branch: MAIN
Changes since 1.121: +1 -2 lines
Diff to previous 1.121 (colored) to selected 1.96 (colored)

Remove obsolete --with-static-rnd=auto as suggested by Andreas Gustafsson
in PR 48345.

Revision 1.120.2.1 / (download) - annotate - [select for diffs], Sat Oct 5 15:51:55 2013 UTC (10 years, 5 months ago) by spz
Branch: pkgsrc-2013Q3
Changes since 1.120: +2 -2 lines
Diff to previous 1.120 (colored) next main 1.121 (colored) to selected 1.96 (colored)

Pullup ticket #4238 - requested by wiz
security/gnupg: security update

Revisions pulled up:
- security/gnupg/Makefile                                       1.121
- security/gnupg/distinfo                                       1.62

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Sat Oct  5 13:19:51 UTC 2013

   Modified Files:
   	pkgsrc/security/gnupg: Makefile distinfo

   Log Message:
   Update to 1.4.15:

   Noteworthy changes in version 1.4.15 (2013-10-04)
   -------------------------------------------------

       * Fixed possible infinite recursion in the compressed packet
         parser. [CVE-2013-4402]

       * Protect against rogue keyservers sending secret keys.

       * Use 2048 bit also as default for batch key generation.

       * Minor bug fixes.


   To generate a diff of this commit:
   cvs rdiff -u -r1.120 -r1.121 pkgsrc/security/gnupg/Makefile
   cvs rdiff -u -r1.61 -r1.62 pkgsrc/security/gnupg/distinfo

Revision 1.121 / (download) - annotate - [select for diffs], Sat Oct 5 13:19:51 2013 UTC (10 years, 5 months ago) by wiz
Branch: MAIN
Changes since 1.120: +2 -2 lines
Diff to previous 1.120 (colored) to selected 1.96 (colored)

Update to 1.4.15:

Noteworthy changes in version 1.4.15 (2013-10-04)
-------------------------------------------------

    * Fixed possible infinite recursion in the compressed packet
      parser. [CVE-2013-4402]

    * Protect against rogue keyservers sending secret keys.

    * Use 2048 bit also as default for batch key generation.

    * Minor bug fixes.

Revision 1.119.2.1 / (download) - annotate - [select for diffs], Fri Jul 26 09:07:48 2013 UTC (10 years, 8 months ago) by tron
Branch: pkgsrc-2013Q2
Changes since 1.119: +2 -3 lines
Diff to previous 1.119 (colored) next main 1.120 (colored) to selected 1.96 (colored)

Pullup ticket #4187 - requested by wiz
security/gnupg: security update

Revisions pulled up:
- security/gnupg/Makefile                                       1.120
- security/gnupg/distinfo                                       1.61
- security/gnupg/patches/patch-cipher_idea.c                    deleted

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Thu Jul 25 11:50:45 UTC 2013

   Modified Files:
   	pkgsrc/security/gnupg: Makefile distinfo
   Removed Files:
   	pkgsrc/security/gnupg/patches: patch-cipher_idea.c

   Log Message:
   Update to 1.4.14:

   Noteworthy changes in version 1.4.14 (2013-07-25)
   -------------------------------------------------

       * Mitigate the Yarom/Falkner flush+reload side-channel attack on
         RSA secret keys.  See <http://eprint.iacr.org/2013/448>.

       * Fixed IDEA for big-endian CPUs

       * Improved the diagnostics for failed keyserver lockups.

       * Minor bug and portability fixes.

Revision 1.120 / (download) - annotate - [select for diffs], Thu Jul 25 11:50:45 2013 UTC (10 years, 8 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base
Branch point for: pkgsrc-2013Q3
Changes since 1.119: +2 -3 lines
Diff to previous 1.119 (colored) to selected 1.96 (colored)

Update to 1.4.14:

Noteworthy changes in version 1.4.14 (2013-07-25)
-------------------------------------------------

    * Mitigate the Yarom/Falkner flush+reload side-channel attack on
      RSA secret keys.  See <http://eprint.iacr.org/2013/448>.

    * Fixed IDEA for big-endian CPUs

    * Improved the diagnostics for failed keyserver lockups.

    * Minor bug and portability fixes.

Revision 1.119 / (download) - annotate - [select for diffs], Fri May 10 20:18:39 2013 UTC (10 years, 10 months ago) by riastradh
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base
Branch point for: pkgsrc-2013Q2
Changes since 1.118: +5 -1 lines
Diff to previous 1.118 (colored) to selected 1.96 (colored)

Fix cross-build of gnupg with CC_FOR_BUILD=NATIVE_CC.

Revision 1.118 / (download) - annotate - [select for diffs], Wed Feb 6 23:23:36 2013 UTC (11 years, 1 month ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base, pkgsrc-2013Q1
Changes since 1.117: +2 -2 lines
Diff to previous 1.117 (colored) to selected 1.96 (colored)

PKGREVISION bumps for the security/openssl 1.0.1d update.

Revision 1.114.2.2 / (download) - annotate - [select for diffs], Fri Jan 25 10:16:02 2013 UTC (11 years, 2 months ago) by tron
Branch: pkgsrc-2012Q4
Changes since 1.114.2.1: +1 -2 lines
Diff to previous 1.114.2.1 (colored) to branchpoint 1.114 (colored) next main 1.115 (colored) to selected 1.96 (colored)

Pullup ticket #4040 - requested by wiz
security/gnupg: bug fix patch

Revisions pulled up:
- security/gnupg/Makefile                                       1.116-1.117
- security/gnupg/distinfo                                       1.58-1.60
- security/gnupg/options.mk                                     1.16
- security/gnupg/patches/patch-cipher_idea.c                    1.1

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Mon Jan  7 12:26:56 UTC 2013

   Modified Files:
   	pkgsrc/security/gnupg: distinfo options.mk

   Log Message:
   Remove idea option -- included in standard distfile now.

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Mon Jan  7 21:47:01 UTC 2013

   Modified Files:
   	pkgsrc/security/gnupg: distinfo

   Log Message:
   Remove a superfluous line (hi tron!)

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Mon Jan  7 21:47:32 UTC 2013

   Modified Files:
   	pkgsrc/security/gnupg: Makefile

   Log Message:
   Remove obsolete line. Noted by tez.

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Mon Jan  7 21:53:53 UTC 2013

   Modified Files:
   	pkgsrc/security/gnupg: Makefile distinfo
   Added Files:
   	pkgsrc/security/gnupg/patches: patch-cipher_idea.c

   Log Message:
   Fix idea on big-endian hosts.
   >From http://bugs.g10code.com/gnupg/issue1461

   Reported by tez.

   Bump PKGREVISION.

Revision 1.117 / (download) - annotate - [select for diffs], Mon Jan 7 21:53:53 2013 UTC (11 years, 2 months ago) by wiz
Branch: MAIN
Changes since 1.116: +2 -1 lines
Diff to previous 1.116 (colored) to selected 1.96 (colored)

Fix idea on big-endian hosts.
From http://bugs.g10code.com/gnupg/issue1461

Reported by tez.

Bump PKGREVISION.

Revision 1.116 / (download) - annotate - [select for diffs], Mon Jan 7 21:47:32 2013 UTC (11 years, 2 months ago) by wiz
Branch: MAIN
Changes since 1.115: +1 -3 lines
Diff to previous 1.115 (colored) to selected 1.96 (colored)

Remove obsolete line. Noted by tez.

Revision 1.114.2.1 / (download) - annotate - [select for diffs], Mon Jan 7 08:33:09 2013 UTC (11 years, 2 months ago) by tron
Branch: pkgsrc-2012Q4
Changes since 1.114: +2 -3 lines
Diff to previous 1.114 (colored) to selected 1.96 (colored)

Pullup ticket #4002 - requested by spz
security/gnupg: security update

Revisions pulled up:
- security/gnupg/Makefile                                       1.115
- security/gnupg/distinfo                                       1.56
- security/gnupg/patches/patch-ak                               deleted
- security/gnupg/patches/patch-cipher_idea-stub.c               deleted
- security/gnupg/patches/patch-mpi_mpi-inline.h                 deleted

---
   Module Name:	pkgsrc
   Committed By:	spz
   Date:		Sun Jan  6 14:50:48 UTC 2013

   Modified Files:
   	pkgsrc/security/gnupg: Makefile distinfo
   Removed Files:
   	pkgsrc/security/gnupg/patches: patch-ak patch-cipher_idea-stub.c
   	    patch-mpi_mpi-inline.h

   Log Message:
   update of gnupg
   Fixes CVE-2012-6085

   Upstream Changes:
       * Add support for the old cipher algorithm IDEA.

       * Minor bug fixes.

       * Small changes to better cope with future OpenPGP and GnuPG
         features.

Revision 1.115 / (download) - annotate - [select for diffs], Sun Jan 6 14:50:47 2013 UTC (11 years, 2 months ago) by spz
Branch: MAIN
Changes since 1.114: +2 -3 lines
Diff to previous 1.114 (colored) to selected 1.96 (colored)

update of gnupg
Fixes CVE-2012-6085

Upstream Changes:
    * Add support for the old cipher algorithm IDEA.

    * Minor bug fixes.

    * Small changes to better cope with future OpenPGP and GnuPG
      features.

Revision 1.114 / (download) - annotate - [select for diffs], Sun Dec 16 01:52:32 2012 UTC (11 years, 3 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base
Branch point for: pkgsrc-2012Q4
Changes since 1.113: +2 -2 lines
Diff to previous 1.113 (colored) to selected 1.96 (colored)

recursive bump from cyrus-sasl libsasl2 shlib major bump.

Revision 1.113 / (download) - annotate - [select for diffs], Wed Nov 7 21:07:51 2012 UTC (11 years, 4 months ago) by wiz
Branch: MAIN
Changes since 1.112: +2 -1 lines
Diff to previous 1.112 (colored) to selected 1.96 (colored)

Bump PKGREVISION for patch replacements.

Revision 1.112 / (download) - annotate - [select for diffs], Wed Nov 7 12:24:39 2012 UTC (11 years, 4 months ago) by wiz
Branch: MAIN
Changes since 1.111: +1 -12 lines
Diff to previous 1.111 (colored) to selected 1.96 (colored)

Remove it-seems-unneeded FreeBSD changes that were long commented out.

Revision 1.111 / (download) - annotate - [select for diffs], Tue Oct 23 18:16:28 2012 UTC (11 years, 5 months ago) by asau
Branch: MAIN
Changes since 1.110: +1 -2 lines
Diff to previous 1.110 (colored) to selected 1.96 (colored)

Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.

Revision 1.110 / (download) - annotate - [select for diffs], Sat Mar 3 00:17:29 2012 UTC (12 years ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1
Changes since 1.109: +2 -3 lines
Diff to previous 1.109 (colored) to selected 1.96 (colored)

Update to 1.4.12:

Noteworthy changes in version 1.4.12 (2012-01-30)
-------------------------------------------------

    * GPG now accepts a space separated fingerprint as a user ID.
      This allows to copy and paste the fingerprint from the key
      listing.

    * Removed support for the original HKP keyserver which is not
      anymore used by any site.

    * Rebuild the trustdb after changing the option --min-cert-level.

    * Improved JPEG detection.

    * Included more VMS patches

    * Made it easier to create an installer for Windows.

    * Supports the 32 bit variant of the mingw-w64 toolchain.

    * Made file locking more portable.

    * Minor bug fixes.

Revision 1.109 / (download) - annotate - [select for diffs], Wed Nov 16 08:23:49 2011 UTC (12 years, 4 months ago) by sbd
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base, pkgsrc-2011Q4
Changes since 1.108: +3 -2 lines
Diff to previous 1.108 (colored) to selected 1.96 (colored)

Add missing devel/readline buildlinks.

Bump PKGREVISIONs

Revision 1.108 / (download) - annotate - [select for diffs], Fri Apr 22 13:44:34 2011 UTC (12 years, 11 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2
Changes since 1.107: +2 -1 lines
Diff to previous 1.107 (colored) to selected 1.96 (colored)

recursive bump from gettext-lib shlib bump.

Revision 1.107 / (download) - annotate - [select for diffs], Thu Oct 21 21:48:12 2010 UTC (13 years, 5 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4
Changes since 1.106: +12 -12 lines
Diff to previous 1.106 (colored) to selected 1.96 (colored)

Update to 1.4.11, add some comments to patches and please pkglint.

Noteworthy changes in version 1.4.11 (2010-10-18)
-------------------------------------------------

    * Bug fixes and portability changes.

    * Minor changes for better interoperability with GnuPG-2.

Revision 1.106 / (download) - annotate - [select for diffs], Tue Nov 3 07:28:17 2009 UTC (14 years, 4 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2, pkgsrc-2010Q1-base, pkgsrc-2010Q1, pkgsrc-2009Q4-base, pkgsrc-2009Q4
Changes since 1.105: +3 -6 lines
Diff to previous 1.105 (colored) to selected 1.96 (colored)

Allow building on 64-bit Darwin

Revision 1.105 / (download) - annotate - [select for diffs], Tue Oct 27 16:25:21 2009 UTC (14 years, 5 months ago) by zafer
Branch: MAIN
Changes since 1.104: +2 -2 lines
Diff to previous 1.104 (colored) to selected 1.96 (colored)

update master_sites. switch to http with gd.tuwien.ac.at

Revision 1.104 / (download) - annotate - [select for diffs], Mon Sep 28 20:15:08 2009 UTC (14 years, 6 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2009Q3-base, pkgsrc-2009Q3
Changes since 1.103: +6 -2 lines
Diff to previous 1.103 (colored) to selected 1.96 (colored)

- AIX fixes from Louis Guillaume
- kill a trailing whitespace

Revision 1.103 / (download) - annotate - [select for diffs], Thu Sep 3 12:05:52 2009 UTC (14 years, 6 months ago) by wiz
Branch: MAIN
Changes since 1.102: +2 -2 lines
Diff to previous 1.102 (colored) to selected 1.96 (colored)

Update to 1.4.10:

Noteworthy changes in version 1.4.10 (2009-09-02)
-------------------------------------------------

    * 2048 bit RSA keys are now generated by default.  The default
      hash algorithm preferences has changed to prefer SHA-256 over
      SHA-1.  2048 bit DSA keys are now generated to use a 256 bit
      hash algorithm

    * Support v2 OpenPGP cards.

    * The algorithm to compute the SIG_ID status has been changed to
      match the one from 2.0.10.

    * Improved file locking.  Implemented it for W32.

    * Fixed a memory leak which made imports of many keys very slow.

    * Many smaller bug fixes.

    * Support for the Camellia cipher (RFC-5581).

    * Support for HKP keyservers over SSL ("HKPS").

Revision 1.102 / (download) - annotate - [select for diffs], Fri Jun 5 22:47:11 2009 UTC (14 years, 9 months ago) by zafer
Branch: MAIN
CVS Tags: pkgsrc-2009Q2-base, pkgsrc-2009Q2
Changes since 1.101: +1 -3 lines
Diff to previous 1.101 (colored) to selected 1.96 (colored)

update master sites. remove planetmirror (does not resolve). remove dfn. requires active ftp. (renders it useless with PASV).

Revision 1.101 / (download) - annotate - [select for diffs], Tue May 19 08:59:31 2009 UTC (14 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.100: +2 -2 lines
Diff to previous 1.100 (colored) to selected 1.96 (colored)

Use standard location for LICENSE line (in MAINTAINER/HOMEPAGE/COMMENT
block). Uncomment some commented out LICENSE lines while here.

Revision 1.100 / (download) - annotate - [select for diffs], Mon May 4 20:39:55 2009 UTC (14 years, 10 months ago) by zafer
Branch: MAIN
Changes since 1.99: +2 -2 lines
Diff to previous 1.99 (colored) to selected 1.96 (colored)

remove backslash

Revision 1.99 / (download) - annotate - [select for diffs], Mon May 4 17:19:31 2009 UTC (14 years, 10 months ago) by zafer
Branch: MAIN
Changes since 1.98: +1 -2 lines
Diff to previous 1.98 (colored) to selected 1.96 (colored)

Remove mirror rediris. It does not provide the distfile.

Revision 1.98 / (download) - annotate - [select for diffs], Thu Mar 5 10:46:23 2009 UTC (15 years ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2009Q1-base, pkgsrc-2009Q1
Changes since 1.97: +2 -2 lines
Diff to previous 1.97 (colored) to selected 1.96 (colored)

Pick up maintainership.

Revision 1.97 / (download) - annotate - [select for diffs], Tue Feb 24 16:18:57 2009 UTC (15 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.96: +2 -2 lines
Diff to previous 1.96 (colored)

Drop maintainership.

Revision 1.96 / (download) - annotate - [selected], Wed Mar 26 21:20:34 2008 UTC (16 years ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2008Q4-base, pkgsrc-2008Q4, pkgsrc-2008Q3-base, pkgsrc-2008Q3, pkgsrc-2008Q2-base, pkgsrc-2008Q2, pkgsrc-2008Q1-base, pkgsrc-2008Q1, cwrapper, cube-native-xorg-base, cube-native-xorg
Changes since 1.95: +2 -2 lines
Diff to previous 1.95 (colored)

Update to gnupg-1.4.9
Addresses a recent security issue that only impacts 1.4.8 and 2.0.8
* Improved AES encryption performance by more than 20% (on ia32).
  Decryption is also a bit faster.
* Fixed possible memory corruption bug in 1.4.8 while importing
  OpenPGP keys.

Revision 1.95 / (download) - annotate - [select for diffs], Sun Jan 13 16:23:55 2008 UTC (16 years, 2 months ago) by wiz
Branch: MAIN
Changes since 1.94: +3 -2 lines
Diff to previous 1.94 (colored) to selected 1.96 (colored)

Update to 1.4.8:

Noteworthy changes in version 1.4.8 (2007-12-20)
------------------------------------------------

             *******************************************
             * A decade of GnuPG: g10-0.0.0.tar.gz was *
             *      released exactly 10 years ago.     *
             *******************************************

    * Changed the license to GPLv3.

    * Improved detection of keyrings specified multiple times.

    * Changes to better cope with broken keyservers.

    * Minor bug fixes.

    * The new OpenPGP standard is now complete, and has been published
      as RFC-4880.  The GnuPG --openpgp mode (note this is not the
      default) has been updated to match the new standard.  The
      --rfc2440 option can be used to return to the older RFC-2440
      behavior.  The main differences between the two are
      "--enable-dsa2 --no-rfc2440-text --escape-from-lines
      --require-cross-certification".

    * By default (i.e. --gnupg mode), --require-cross-certification is
      now on.  --rfc2440-text and --force-v3-sigs are now off.

    * Allow encryption using legacy Elgamal sign+encrypt keys if
      option --rfc2440 is used.

    * Fixed the auto creation of the key stub for smartcards.

    * Fixed a rare bug in decryption using the OpenPGP card.

    * Fix RFC-4880 typo in the SHA-224 hash prefix.  Old SHA-224
      signatures will continue to work.

Revision 1.93.2.1 / (download) - annotate - [select for diffs], Fri Mar 9 16:21:35 2007 UTC (17 years ago) by salo
Branch: pkgsrc-2006Q4
Changes since 1.93: +2 -2 lines
Diff to previous 1.93 (colored) next main 1.94 (colored) to selected 1.96 (colored)

Pullup ticket 2047 - requested by drochner
security update for gnupg

Revisions pulled up:
- pkgsrc/security/gnupg/Makefile				1.94
- pkgsrc/security/gnupg/PLIST					1.21
- pkgsrc/security/gnupg/distinfo				1.46

   Module Name:		pkgsrc
   Committed By:	drochner
   Date:		Wed Mar  7 11:31:24 UTC 2007

   Modified Files:
   	pkgsrc/security/gnupg: Makefile PLIST distinfo

   Log Message:
   update to 1.4.7, from Christian Gall per PR pkg/35940
   This fixes a security problem which is rather an application issue:
   The user wasn't notified about additional text (not covered by the
   signature) unless the --status-fd flag is used.

Revision 1.94 / (download) - annotate - [select for diffs], Wed Mar 7 11:31:24 2007 UTC (17 years ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2007Q4-base, pkgsrc-2007Q4, pkgsrc-2007Q3-base, pkgsrc-2007Q3, pkgsrc-2007Q2-base, pkgsrc-2007Q2, pkgsrc-2007Q1-base, pkgsrc-2007Q1
Changes since 1.93: +2 -2 lines
Diff to previous 1.93 (colored) to selected 1.96 (colored)

update to 1.4.7, from Christian Gall per PR pkg/35940
This fixes a security problem which is rather an application issue:
The user wasn't notified about additional text (not covered by the
signature) unless the --status-fd flag is used.

Revision 1.90.2.2 / (download) - annotate - [select for diffs], Thu Dec 7 13:54:38 2006 UTC (17 years, 3 months ago) by ghen
Branch: pkgsrc-2006Q3
Changes since 1.90.2.1: +2 -3 lines
Diff to previous 1.90.2.1 (colored) to branchpoint 1.90 (colored) next main 1.91 (colored) to selected 1.96 (colored)

Pullup ticket 1944 - requested by wiz
security update for gnupg

- pkgsrc/security/gnupg/Makefile		1.93
- pkgsrc/security/gnupg/PLIST			1.20
- pkgsrc/security/gnupg/distinfo		1.45
- pkgsrc/security/gnupg/patches/patch-al	removed

   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Wed Dec  6 23:00:46 UTC 2006

   Modified Files:
	pkgsrc/security/gnupg: Makefile PLIST distinfo
   Removed Files:
	pkgsrc/security/gnupg/patches: patch-al

   Log Message:
   Update to 1.4.6:

   Noteworthy changes in version 1.4.6 (2006-12-06)
   ------------------------------------------------

       * Fixed a serious and exploitable bug in processing encrypted
         packages. [CVE-2006-6235].

       * Fixed a buffer overflow in gpg. [bug#728, CVE-2006-6169]
   	(already fixed in pkgsrc)

       * Fixed a bug while decrypting certain compressed and encrypted
         messages. [bug#537]

       * Added --s2k-count to set the number of times passphrase mangling
         is repeated.  The default is 65536 times.

       * Added --passphrase-repeat to set the number of times GPG will
         prompt for a new passphrase to be repeated.  This is useful to
         help memorize a new passphrase.  The default is 1 repetition.

       * Added a GPL license exception to the keyserver helper programs
         gpgkeys_ldap, gpgkeys_curl, and gpgkeys_hkp, to clarify any
         potential questions about the ability to distribute binaries
         that link to the OpenSSL library.  GnuPG does not link directly
         to OpenSSL, but libcurl (used for HKP, HTTP, and FTP) and
         OpenLDAP (used for LDAP) may.  Note that this license exception
         is considered a bug fix and is intended to forgive any
         violations pertaining to this issue, including those that may
         have occurred in the past.

       * Man pages are now build from the same source as those of GnuPG-2.

Revision 1.93 / (download) - annotate - [select for diffs], Wed Dec 6 23:00:46 2006 UTC (17 years, 3 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2006Q4-base
Branch point for: pkgsrc-2006Q4
Changes since 1.92: +2 -3 lines
Diff to previous 1.92 (colored) to selected 1.96 (colored)

Update to 1.4.6:

Noteworthy changes in version 1.4.6 (2006-12-06)
------------------------------------------------

    * Fixed a serious and exploitable bug in processing encrypted
      packages. [CVE-2006-6235].

    * Fixed a buffer overflow in gpg. [bug#728, CVE-2006-6169]
	(already fixed in pkgsrc)

    * Fixed a bug while decrypting certain compressed and encrypted
      messages. [bug#537]

    * Added --s2k-count to set the number of times passphrase mangling
      is repeated.  The default is 65536 times.

    * Added --passphrase-repeat to set the number of times GPG will
      prompt for a new passphrase to be repeated.  This is useful to
      help memorize a new passphrase.  The default is 1 repetition.

    * Added a GPL license exception to the keyserver helper programs
      gpgkeys_ldap, gpgkeys_curl, and gpgkeys_hkp, to clarify any
      potential questions about the ability to distribute binaries
      that link to the OpenSSL library.  GnuPG does not link directly
      to OpenSSL, but libcurl (used for HKP, HTTP, and FTP) and
      OpenLDAP (used for LDAP) may.  Note that this license exception
      is considered a bug fix and is intended to forgive any
      violations pertaining to this issue, including those that may
      have occurred in the past.

    * Man pages are now build from the same source as those of GnuPG-2.

Revision 1.90.2.1 / (download) - annotate - [select for diffs], Tue Nov 28 08:21:42 2006 UTC (17 years, 4 months ago) by ghen
Branch: pkgsrc-2006Q3
Changes since 1.90: +2 -1 lines
Diff to previous 1.90 (colored) to selected 1.96 (colored)

Pullup ticket 1924 - requested by taca
security fix for gnupg

- pkgsrc/security/gnupg/Makefile		1.92
- pkgsrc/security/gnupg/distinfo		1.44
- pkgsrc/security/gnupg/patches/patch-al	1.1

   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Nov 28 05:39:42 UTC 2006

   Modified Files:
	pkgsrc/security/gnupg: Makefile distinfo
   Added Files:
	pkgsrc/security/gnupg/patches: patch-al

   Log Message:
   Add the same patch as security/gnupg2 package to fix a buffer overflow.

   While fixing a bug reported by Hugh Warrington, a buffer overflow has
   been identified in all released GnuPG versions.  The current versions
   1.4.5 and 2.0.0 are affected.  A small patch is provided.
   ...

   2006-11-27  Werner Koch  <wk@g10code.com>

	* openfile.c (ask_outfile_name): Fixed buffer overflow occurring
	if make_printable_string returns a longer string.  Fixes bug 728.

   Bump PKGREVISION.

Revision 1.92 / (download) - annotate - [select for diffs], Tue Nov 28 05:39:41 2006 UTC (17 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.91: +2 -1 lines
Diff to previous 1.91 (colored) to selected 1.96 (colored)

Add the same patch as security/gnupg2 package to fix a buffer overflow.

While fixing a bug reported by Hugh Warrington, a buffer overflow has
been identified in all released GnuPG versions.  The current versions
1.4.5 and 2.0.0 are affected.  A small patch is provided.
...

2006-11-27  Werner Koch  <wk@g10code.com>

	* openfile.c (ask_outfile_name): Fixed buffer overflow occurring
	if make_printable_string returns a longer string.  Fixes bug 728.

Bump PKGREVISION.

Revision 1.91 / (download) - annotate - [select for diffs], Fri Nov 3 07:45:44 2006 UTC (17 years, 4 months ago) by joerg
Branch: MAIN
Changes since 1.90: +3 -2 lines
Diff to previous 1.90 (colored) to selected 1.96 (colored)

DESTDIR support.

Revision 1.90 / (download) - annotate - [select for diffs], Sat Aug 5 03:13:25 2006 UTC (17 years, 7 months ago) by dsainty
Branch: MAIN
CVS Tags: pkgsrc-2006Q3-base
Branch point for: pkgsrc-2006Q3
Changes since 1.89: +3 -2 lines
Diff to previous 1.89 (colored) to selected 1.96 (colored)

Add an HTTP download location too, as a fallback for when FTP downloads are awkward.

Revision 1.86.2.1 / (download) - annotate - [select for diffs], Wed Aug 2 14:55:07 2006 UTC (17 years, 8 months ago) by ghen
Branch: pkgsrc-2006Q2
Changes since 1.86: +6 -3 lines
Diff to previous 1.86 (colored) next main 1.87 (colored) to selected 1.96 (colored)

Pullup ticket 1772 - requested by salo
security update for gnupg

Revisions pulled up:
- pkgsrc/security/gnupg/Makefile		1.87-1.89
- pkgsrc/security/gnupg/distinfo		1.41-1.43
- pkgsrc/security/gnupg/PLIST			1.19
- pkgsrc/security/gnupg/patches/patch-ba	removed

Revision 1.89 / (download) - annotate - [select for diffs], Wed Aug 2 10:37:34 2006 UTC (17 years, 8 months ago) by drochner
Branch: MAIN
Changes since 1.88: +2 -2 lines
Diff to previous 1.88 (colored) to selected 1.96 (colored)

update to 1.4.5
security update, recommended by gnupg.org
(fixes CVE-2006-3746)
changes:
* More DSA2 tweaks.
* Fixed a problem uploading certain keys to the smart card.
* Fixed 2 more possible memory allocation attacks.
* Added Norwegian translation.

Revision 1.88 / (download) - annotate - [select for diffs], Sat Jul 8 21:37:02 2006 UTC (17 years, 8 months ago) by markd
Branch: MAIN
Changes since 1.87: +5 -1 lines
Diff to previous 1.87 (colored) to selected 1.96 (colored)

Don't try and use assembler when building 64bit on Solaris.  It gets it
wrong for both amd64 and sparc.
Fixes PR pkg/32648 and possibly PR pkg/33030.

Revision 1.87 / (download) - annotate - [select for diffs], Mon Jul 3 21:15:14 2006 UTC (17 years, 9 months ago) by wiz
Branch: MAIN
Changes since 1.86: +2 -3 lines
Diff to previous 1.86 (colored) to selected 1.96 (colored)

Update to 1.4.4:

Noteworthy changes in version 1.4.4 (2006-06-25)
------------------------------------------------

    * User IDs are now capped at 2048 byte.  This avoids a memory
      allocation attack (see CVE-2006-3082).
	[was already fixed in pkgsrc]

    * Added support for the SHA-224 hash.  Like the SHA-384 hash, it
      is mainly useful when DSS (the US Digital Signature Standard)
      compatibility is desired.

    * Added support for the latest update to DSA keys and signatures.
      This allows for larger keys than 1024 bits and hashes other than
      SHA-1 and RIPEMD/160.  Note that not all OpenPGP implementations
      can handle these new keys and signatures yet.  See
      "--enable-dsa2" in the manual for more information.

Revision 1.82.2.1 / (download) - annotate - [select for diffs], Sun Jun 25 08:58:13 2006 UTC (17 years, 9 months ago) by snj
Branch: pkgsrc-2006Q1
Changes since 1.82: +3 -2 lines
Diff to previous 1.82 (colored) next main 1.83 (colored) to selected 1.96 (colored)

Pullup ticket 1709 - requested by salo
security update for gnupg

Revisions pulled up:
- pkgsrc/security/gnupg/Makefile		1.83, 1.86
- pkgsrc/security/gnupg/PLIST			1.16
- pkgsrc/security/gnupg/distinfo		1.39, 1.40
- pkgsrc/security/gnupg/options.mk		1.6, 1.7
- pkgsrc/security/gnupg/patches/patch-aa	1.11
- pkgsrc/security/gnupg/patches/patch-ak	1.3
- pkgsrc/security/gnupg/patches/patch-ba	1.1

   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Tue Apr  4 21:16:37 UTC 2006

   Modified Files:
           pkgsrc/security/gnupg: Makefile PLIST distinfo options.mk
           pkgsrc/security/gnupg/patches: patch-aa patch-ak

   Log Message:
   Update to 1.4.3:

   Noteworthy changes in version 1.4.3 (2006-04-03)
   ------------------------------------------------

       * If available, cURL-based keyserver helpers are built that can
         retrieve keys using HKP or any protocol that cURL supports
         (HTTP, HTTPS, FTP, FTPS, etc).  If cURL is not available, HKP
         and HTTP are still supported using a built-in cURL emulator.  To
         force building the old pre-cURL keyserver helpers, use the
         configure option --enable-old-keyserver-helpers.  Note that none
         of this affects finger or LDAP support, which are unchanged.
         Note also that a future version of GnuPG will remove the old
         keyserver helpers altogether.


       * Implemented Public Key Association (PKA) signature verification.
         This uses special DNS records and notation data to associate a
         mail address with an OpenPGP key to prove that mail coming from
         that address is legitimate without the need for a full trust
         path to the signing key.

       * When exporting subkeys, those specified with a key ID or
         fingerpint and the '!' suffix are now merged into one keyblock.

       * Added "gpg-zip", a program to create encrypted archives that can
         interoperate with PGP Zip.

       * Added support for signing subkey cross-certification "back
         signatures".  Requiring cross-certification to be present is
         currently off by default, but will be changed to on by default
         in the future, once more keys use it.  A new "cross-certify"
         command in the --edit-key menu can be used to update signing
         subkeys to have cross-certification.

       * The key cleaning options for --import-options and
         --export-options have been further polished.  "import-clean" and
         "export-clean" replace the older
         import-clean-sigs/import-clean-uids and
         export-clean-sigs/export-clean-uids option pairs.

       * New "minimize" command in the --edit-key menu removes everything
         that can be removed from a key, rendering it as small as
         possible.  There are corresponding "export-minimal" and
         "import-minimal" commands for --export-options and
         --import-options.

       * New --fetch-keys command to retrieve keys by specifying a URI.
         This allows direct key retrieval from a web page or other
         location that can be specified in a URI.  Available protocols
         are HTTP and finger, plus anything that cURL supplies, if built
         with cURL support.

       * Files containing several signed messages are not allowed any
         longer as there is no clean way to report the status of such
         files back to the caller.  To partly revert to the old behaviour
         the new option --allow-multisig-verification may be used.

       * The keyserver helpers can now handle keys in either ASCII armor
         or binary format.

       * New auto-key-locate option that takes an ordered list of methods
         to locate a key if it is not available at encryption time (-r or
         --recipient).  Possible methods include "cert" (use DNS CERT as
         per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP
         server for the domain in question), "keyserver" (use the
         currently defined keyserver), as well as arbitrary keyserver
         URIs that will be contacted for the key.

       * Able to retrieve keys using DNS CERT records as per RFC-2538bis
         (currently in draft): http://www.josefsson.org/rfc2538bis

   pkgsrc change:
   make architecture-specific options really architecture-specific.
---
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Wed Apr  5 10:04:12 UTC 2006

   Modified Files:
           pkgsrc/security/gnupg: options.mk

   Log Message:
   --with-libcurl is on per default, so revert the logics
   (no functional change, just more effective because a compile check
   is skipped)
---
   Module Name:    pkgsrc
   Committed By:   salo
   Date:           Sat Jun 24 14:20:29 UTC 2006

   Modified Files:
           pkgsrc/security/gnupg: Makefile distinfo
   Added Files:
           pkgsrc/security/gnupg/patches: patch-ba

   Log Message:
   Security fix for CVE-2006-3082:

   "parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions,
    allows remote attackers to cause a denial of service (gpg crash) and
    possibly overwrite memory via a message packet with a large length,
    which could lead to an integer overflow, as demonstrated using the
    --no-armor option."

   Patch from GnuPG CVS repository.
   Bump PKGREVISION.

Revision 1.86 / (download) - annotate - [select for diffs], Sat Jun 24 14:20:29 2006 UTC (17 years, 9 months ago) by salo
Branch: MAIN
CVS Tags: pkgsrc-2006Q2-base
Branch point for: pkgsrc-2006Q2
Changes since 1.85: +2 -1 lines
Diff to previous 1.85 (colored) to selected 1.96 (colored)

Security fix for CVE-2006-3082:

"parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions,
 allows remote attackers to cause a denial of service (gpg crash) and
 possibly overwrite memory via a message packet with a large length,
 which could lead to an integer overflow, as demonstrated using the
 --no-armor option."

Patch from GnuPG CVS repository.
Bump PKGREVISION.

Revision 1.85 / (download) - annotate - [select for diffs], Thu Apr 13 18:23:37 2006 UTC (17 years, 11 months ago) by jlam
Branch: MAIN
Changes since 1.84: +2 -4 lines
Diff to previous 1.84 (colored) to selected 1.96 (colored)

BUILD_USE_MSGFMT and USE_MSGFMT_PLURALS are obsolete.  Replace with
USE_TOOLS+=msgfmt.

Revision 1.84 / (download) - annotate - [select for diffs], Fri Apr 7 15:28:49 2006 UTC (17 years, 11 months ago) by jlam
Branch: MAIN
Changes since 1.83: +2 -3 lines
Diff to previous 1.83 (colored) to selected 1.96 (colored)

List the info files directly in the PLIST and honor PKG{INFO,MAN}DIR.

Revision 1.83 / (download) - annotate - [select for diffs], Tue Apr 4 21:16:37 2006 UTC (17 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.82: +2 -2 lines
Diff to previous 1.82 (colored) to selected 1.96 (colored)

Update to 1.4.3:

Noteworthy changes in version 1.4.3 (2006-04-03)
------------------------------------------------

    * If available, cURL-based keyserver helpers are built that can
      retrieve keys using HKP or any protocol that cURL supports
      (HTTP, HTTPS, FTP, FTPS, etc).  If cURL is not available, HKP
      and HTTP are still supported using a built-in cURL emulator.  To
      force building the old pre-cURL keyserver helpers, use the
      configure option --enable-old-keyserver-helpers.  Note that none
      of this affects finger or LDAP support, which are unchanged.
      Note also that a future version of GnuPG will remove the old
      keyserver helpers altogether.

    * Implemented Public Key Association (PKA) signature verification.
      This uses special DNS records and notation data to associate a
      mail address with an OpenPGP key to prove that mail coming from
      that address is legitimate without the need for a full trust
      path to the signing key.

    * When exporting subkeys, those specified with a key ID or
      fingerpint and the '!' suffix are now merged into one keyblock.

    * Added "gpg-zip", a program to create encrypted archives that can
      interoperate with PGP Zip.

    * Added support for signing subkey cross-certification "back
      signatures".  Requiring cross-certification to be present is
      currently off by default, but will be changed to on by default
      in the future, once more keys use it.  A new "cross-certify"
      command in the --edit-key menu can be used to update signing
      subkeys to have cross-certification.

    * The key cleaning options for --import-options and
      --export-options have been further polished.  "import-clean" and
      "export-clean" replace the older
      import-clean-sigs/import-clean-uids and
      export-clean-sigs/export-clean-uids option pairs.

    * New "minimize" command in the --edit-key menu removes everything
      that can be removed from a key, rendering it as small as
      possible.  There are corresponding "export-minimal" and
      "import-minimal" commands for --export-options and
      --import-options.

    * New --fetch-keys command to retrieve keys by specifying a URI.
      This allows direct key retrieval from a web page or other
      location that can be specified in a URI.  Available protocols
      are HTTP and finger, plus anything that cURL supplies, if built
      with cURL support.

    * Files containing several signed messages are not allowed any
      longer as there is no clean way to report the status of such
      files back to the caller.  To partly revert to the old behaviour
      the new option --allow-multisig-verification may be used.

    * The keyserver helpers can now handle keys in either ASCII armor
      or binary format.

    * New auto-key-locate option that takes an ordered list of methods
      to locate a key if it is not available at encryption time (-r or
      --recipient).  Possible methods include "cert" (use DNS CERT as
      per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP
      server for the domain in question), "keyserver" (use the
      currently defined keyserver), as well as arbitrary keyserver
      URIs that will be contacted for the key.

    * Able to retrieve keys using DNS CERT records as per RFC-2538bis
      (currently in draft): http://www.josefsson.org/rfc2538bis

pkgsrc change:
make architecture-specific options really architecture-specific.

Revision 1.79.2.2 / (download) - annotate - [select for diffs], Sat Mar 11 03:21:36 2006 UTC (18 years ago) by snj
Branch: pkgsrc-2005Q4
Changes since 1.79.2.1: +2 -2 lines
Diff to previous 1.79.2.1 (colored) to branchpoint 1.79 (colored) next main 1.80 (colored) to selected 1.96 (colored)

Pullup ticket 1218 - requested by Geert Hendrickx
security update for gnupg

Changes:
- pkgsrc/security/gnupg/Makefile	1.82
- pkgsrc/security/gnupg/distinfo	1.38

   Module Name:    pkgsrc
   Committed By:   ghen
   Date:           Fri Mar 10 15:10:08 UTC 2006

   Modified Files:
           pkgsrc/security/gnupg: Makefile distinfo

   Log Message:
   Update gnupg to 1.4.2.2, fixing another vulnerability:

   * Files containing several signed messages are not allowed any
     longer as there is no clean way to report the status of such
     files back to the caller.  To partly revert to the old behaviour
     the new option --allow-multisig-verification may be used.

Revision 1.82 / (download) - annotate - [select for diffs], Fri Mar 10 15:10:08 2006 UTC (18 years ago) by ghen
Branch: MAIN
CVS Tags: pkgsrc-2006Q1-base
Branch point for: pkgsrc-2006Q1
Changes since 1.81: +2 -2 lines
Diff to previous 1.81 (colored) to selected 1.96 (colored)

Update gnupg to 1.4.2.2, fixing another vulnerability:

* Files containing several signed messages are not allowed any
  longer as there is no clean way to report the status of such
  files back to the caller.  To partly revert to the old behaviour
  the new option --allow-multisig-verification may be used.

Revision 1.79.2.1 / (download) - annotate - [select for diffs], Thu Feb 16 15:00:21 2006 UTC (18 years, 1 month ago) by salo
Branch: pkgsrc-2005Q4
Changes since 1.79: +2 -2 lines
Diff to previous 1.79 (colored) to selected 1.96 (colored)

Pullup ticket 1141 - requested by Matthias Drochner
security update for gnupg

Revisions pulled up:
- pkgsrc/security/gnupg/Makefile		1.81
- pkgsrc/security/gnupg/distinfo		1.36, 1.37

   Module Name:		pkgsrc
   Committed By:	drochner
   Date:		Wed Feb 15 19:10:20 UTC 2006

   Modified Files:
   	pkgsrc/security/gnupg: Makefile distinfo

   Log Message:
   update to 1.4.2.1
   this fixes a false positive signature verification if only the exit
   code of "gpgv" or "gpg --verify" is used
---
   Module Name:		pkgsrc
   Committed By:	tron
   Date:		Wed Feb 15 22:26:46 UTC 2006

   Modified Files:
   	pkgsrc/security/gnupg: distinfo

   Log Message:
   Readd checksum for "idea.c.gz" which got lost during the last update.

Revision 1.81 / (download) - annotate - [select for diffs], Wed Feb 15 19:10:20 2006 UTC (18 years, 1 month ago) by drochner
Branch: MAIN
Changes since 1.80: +2 -3 lines
Diff to previous 1.80 (colored) to selected 1.96 (colored)

update to 1.4.2.1
this fixes a false positive signature verification if only the exit
code of "gpgv" or "gpg --verify" is used

Revision 1.80 / (download) - annotate - [select for diffs], Sun Feb 5 23:10:43 2006 UTC (18 years, 1 month ago) by joerg
Branch: MAIN
Changes since 1.79: +2 -1 lines
Diff to previous 1.79 (colored) to selected 1.96 (colored)

Recursive revision bump / recommended bump for gettext ABI change.

Revision 1.79 / (download) - annotate - [select for diffs], Mon Dec 5 20:50:56 2005 UTC (18 years, 3 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2005Q4-base
Branch point for: pkgsrc-2005Q4
Changes since 1.78: +2 -2 lines
Diff to previous 1.78 (colored) to selected 1.96 (colored)

Fixed pkglint warnings. The warnings are mostly quoting issues, for
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in

    http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html

Revision 1.78 / (download) - annotate - [select for diffs], Mon Oct 10 20:45:19 2005 UTC (18 years, 5 months ago) by reed
Branch: MAIN
Changes since 1.77: +1 -3 lines
Diff to previous 1.77 (colored) to selected 1.96 (colored)

Remove the redundant INSTALLATION_DIRS. This already
does mkdir or mkinstalldirs for these needed directories.

Revision 1.77 / (download) - annotate - [select for diffs], Thu Jul 28 15:12:05 2005 UTC (18 years, 8 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2005Q3-base, pkgsrc-2005Q3
Changes since 1.76: +2 -2 lines
Diff to previous 1.76 (colored) to selected 1.96 (colored)

Update to 1.4.2.

Noteworthy changes in version 1.4.2 (2005-07-26)
------------------------------------------------

    * New command "verify" in the card-edit menu to display
      the Private-DO-3.  The Admin command has been enhanced to take
      the optional arguments "on", "off" and "verify".  The latter may
      be used to verify the Admin Pin without modifying data; this
      allows displaying the Private-DO-4 with the "list" command.

    * Rewrote large parts of the card code to optionally make use of a
      running gpg-agent.  If --use-agent is being used and a gpg-agent
      with enabled scdaemon is active, gpg will now divert all card
      operations to that daemon.  This is required because both,
      scdaemon and gpg require exclusive access to the card reader. By
      delegating the work to scdaemon, both can peacefully coexist and
      scdaemon is able to control the use of the reader.  Note that
      this requires at least gnupg 1.9.17.

    * Fixed a couple of problems with the card reader.

    * Command completion is now available in the --edit-key and
      --card-edit menus.  Filename completion is available at all
      filename prompts.  Note that completion is only available if the
      system provides a readline library.

    * New experimental HKP keyserver helper that uses the cURL
      library.  It is enabled via the configure option --with-libcurl
      like the other (also experimental) cURL helpers.

    * New key cleaning options that can be used to remove unusable
      (expired, revoked) signatures from a key.  This is available via
      the new "clean" command in --edit-key on a key by key basis, as
      well as via the import-clean-sigs/import-clean-uids and
      export-clean-sigs/export-clean-uids options for --import-options
      and --export-options.  These are currently off by default, and
      replace the import-unusable-sigs/export-unusable-sigs options
      from version 1.4.1.

    * New export option export-reset-subkey-passwd.

    * New option --limit-card-insert-tries.

Revision 1.76 / (download) - annotate - [select for diffs], Sun May 22 20:08:30 2005 UTC (18 years, 10 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2005Q2-base, pkgsrc-2005Q2
Changes since 1.75: +2 -2 lines
Diff to previous 1.75 (colored) to selected 1.96 (colored)

Remove USE_GNU_TOOLS and replace with the correct USE_TOOLS definitions:

	USE_GNU_TOOLS	-> USE_TOOLS
	awk		-> gawk
	m4		-> gm4
	make		-> gmake
	sed		-> gsed
	yacc		-> bison

Revision 1.75 / (download) - annotate - [select for diffs], Mon Apr 11 21:47:11 2005 UTC (18 years, 11 months ago) by tv
Branch: MAIN
Changes since 1.74: +1 -2 lines
Diff to previous 1.74 (colored) to selected 1.96 (colored)

Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.

Revision 1.73.2.1 / (download) - annotate - [select for diffs], Sat Mar 26 10:53:35 2005 UTC (19 years ago) by snj
Branch: pkgsrc-2005Q1
Changes since 1.73: +4 -4 lines
Diff to previous 1.73 (colored) next main 1.74 (colored) to selected 1.96 (colored)

Pullup ticket 391 - requested by Thomas Klausner
security fix for gnupg

Revisions pulled up:
- pkgsrc/security/gnupg/Makefile	1.74
- pkgsrc/security/gnupg/PLIST		1.15
- pkgsrc/security/gnupg/distinfo	1.34
- pkgsrc/security/gnupg/options.mk	1.2


  Module Name:	pkgsrc
  Committed By:	wiz
  Date:		Tue Mar 22 17:50:55 UTC 2005

  Modified Files:
          pkgsrc/security/gnupg: Makefile PLIST distinfo options.mk

  Log Message:
  Update to 1.4.1:

  Noteworthy changes in version 1.4.1 (2005-03-15)
  ------------------------------------------------

      * New --rfc2440-text option which controls how text is handled in
        signatures.  This is in response to some problems seen with
        certain PGP/MIME mail clients and GnuPG version 1.4.0.  More
        details about this are available at
        <http://lists.gnupg.org/pipermail/gnupg-users/2005-January/024408.html>.

      * New "import-unusable-sigs" and "export-unusable-sigs" tags for
        --import-options and --export-options.  These are off by
        default, and cause GnuPG to not import or export key signatures
        that are not usable (e.g. expired signatures).

      * New experimental HTTP, HTTPS, FTP, and FTPS keyserver helper
        that uses the cURL library <http://curl.haxx.se> to retrieve
        keys.  This is disabled by default, but may be enabled with the
        configure option --with-libcurl.  Without this option, the
        existing HTTP code is used for HTTP, and HTTPS, FTP, and FTPS
        are not supported.

        [enabled with the "curl" option for the package]

      * When running a --card-status or --card-edit and a public key is
        available, missing secret key stubs will be created on the fly.
        Details of the key are listed too.

      * The implicit packet dumping in double verbose mode is now sent
        to stderr and not to stdout.

      * Added countermeasures against the Mister/Zuccherato CFB attack
        <http://eprint.iacr.org/2005/033>.

      * Add new --edit-key command "bkuptocard" to allow restoring a
        card key from a backup.

      * The "fetch" command of --card-edit now retrieves the key using
        the default keyserver if no URL has been stored on the card.

      * New configure option --enable-noexecstack.

  Also, gpgkeys_mailto is not installed any longer, dropping the
  dependency on perl.

Revision 1.74 / (download) - annotate - [select for diffs], Tue Mar 22 17:50:55 2005 UTC (19 years ago) by wiz
Branch: MAIN
Changes since 1.73: +4 -4 lines
Diff to previous 1.73 (colored) to selected 1.96 (colored)

Update to 1.4.1:

Noteworthy changes in version 1.4.1 (2005-03-15)
------------------------------------------------

    * New --rfc2440-text option which controls how text is handled in
      signatures.  This is in response to some problems seen with
      certain PGP/MIME mail clients and GnuPG version 1.4.0.  More
      details about this are available at
      <http://lists.gnupg.org/pipermail/gnupg-users/2005-January/024408.html>.

    * New "import-unusable-sigs" and "export-unusable-sigs" tags for
      --import-options and --export-options.  These are off by
      default, and cause GnuPG to not import or export key signatures
      that are not usable (e.g. expired signatures).

    * New experimental HTTP, HTTPS, FTP, and FTPS keyserver helper
      that uses the cURL library <http://curl.haxx.se> to retrieve
      keys.  This is disabled by default, but may be enabled with the
      configure option --with-libcurl.  Without this option, the
      existing HTTP code is used for HTTP, and HTTPS, FTP, and FTPS
      are not supported.

      [enabled with the "curl" option for the package]

    * When running a --card-status or --card-edit and a public key is
      available, missing secret key stubs will be created on the fly.
      Details of the key are listed too.

    * The implicit packet dumping in double verbose mode is now sent
      to stderr and not to stdout.

    * Added countermeasures against the Mister/Zuccherato CFB attack
      <http://eprint.iacr.org/2005/033>.

    * Add new --edit-key command "bkuptocard" to allow restoring a
      card key from a backup.

    * The "fetch" command of --card-edit now retrieves the key using
      the default keyserver if no URL has been stored on the card.

    * New configure option --enable-noexecstack.

Also, gpgkeys_mailto is not installed any longer, dropping the
dependency on perl.

Revision 1.73 / (download) - annotate - [select for diffs], Wed Feb 9 11:35:50 2005 UTC (19 years, 1 month ago) by markd
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base
Branch point for: pkgsrc-2005Q1
Changes since 1.72: +5 -1 lines
Diff to previous 1.72 (colored) to selected 1.96 (colored)

Disable gnupg's new iconv code on platforms that have problems with it
in the default locale (NetBSD < 2.0 and Solaris).
OK'ed by wiz.
Fixes PR pkg/28895.

Revision 1.72 / (download) - annotate - [select for diffs], Sat Dec 25 02:54:13 2004 UTC (19 years, 3 months ago) by wiz
Branch: MAIN
Changes since 1.71: +9 -43 lines
Diff to previous 1.71 (colored) to selected 1.96 (colored)

Update to 1.4.0, provided by Stefan Krüger in PR 28738.
While here, convert to options.mk.


GnuPG 1.4 Highlights
====================

This is a brief overview of the changes between the GnuPG 1.2 series
and the new GnuPG 1.4 series.  To read the full list of highlights for
each revision that led up to 1.4, see the NEWS file in the GnuPG
distribution.  This document is based on the NEWS file, and is thus
the highlights of the highlights.

When upgrading, note that RFC-2440, the OpenPGP standard, is currently
being revised.  Most of the revisions in the latest draft (2440bis-12)
have already been incorporated into GnuPG 1.4.


Algorithm Changes
-----------------

OpenPGP supports many different algorithms for encryption, hashing,
and compression, and taking into account the OpenPGP revisions, GnuPG
1.4 supports a slightly different algorithm set than 1.2 did.

The SHA256, SHA384, and SHA512 hashes are now supported for read and
write.

The BZIP2 compression algorithm is now supported for read and write.

Due to the recent successful attack on the MD5 hash algorithm
(discussed in <http://www.rsasecurity.com/rsalabs/node.asp?id=2738>,
among other places), MD5 is deprecated for OpenPGP use.  It is still
allowed in GnuPG 1.4 for backwards compatibility, but a warning is
given when it is used.

The TIGER/192 hash is no longer available.  This should not be
interpreted as a statement as to the quality of TIGER/192 - rather,
the revised OpenPGP standard removes support for several unused or
mostly unused hashes, and TIGER/192 was one of them.

Similarly, Elgamal signatures and the Elgamal signing key type have
been removed from the OpenPGP standard, and thus from GnuPG.  Please
do not confuse Elgamal signatures with DSA or DSS signatures or with
Elgamal encryption.  Elgamal signatures were very rarely used and were
not supported in any product other than GnuPG.  Elgamal encryption was
and still is part of OpenPGP and GnuPG.

Very old (pre-1.0) versions of GnuPG supported a nonstandard (contrary
to OpenPGP) Elgamal key type.  While no recent version of GnuPG
permitted the generation of such keys, GnuPG 1.2 could still use them.
GnuPG 1.4 no longer allows the use of these keys or the (also
nonstandard) messages generated using them.

At build time, it is possible to select which algorithms will be built
into GnuPG.  This can be used to build a smaller program binary for
embedded uses where space is tight.


Keyserver Changes
-----------------

GnuPG 1.4 does all keyserver operations via plugin or helper
applications.  This allows the main GnuPG program to be smaller and
simpler.  People who package GnuPG for various reasons have the
flexibility to include or leave out support for any keyserver type as
desired.

Support for fetching keys via HTTP and finger has been added.  This is
mainly useful for setting a preferred keyserver URL like
"http://www.jabberwocky.com/key.asc". or "finger:wk at g10code.com".

The LDAP keyserver helper now supports storing, retrieving, and
searching for keys in both the old NAI "LDAP keyserver" as well as the
more recent method to store OpenPGP keys in standard LDAP servers.
This is compatible with the storage schema that PGP uses, so both
products can interoperate with the same LDAP server.

The LDAP keyserver helper is compatible with the PGP company's new
"Global Directory" service.

If the LDAP library you use supports LDAP-over-TLS and LDAPS, then
GnuPG detects this and supports them as well.  Note that using TLS or
LDAPS does not improve the security of GnuPG itself, but may be useful
in certain key distribution scenarios.

HTTP Basic authentication is now supported for all HKP and HTTP
keyserver functions, either through a proxy or via direct access.

The HKP keyserver plugin supports the new machine-readable key
listing format for those keyservers that provide it.

IPv6 is supported for HKP and HTTP keyserver access.

When using a HKP keyserver with multiple DNS records (such as
subkeys.pgp.net which has the addresses of multiple servers around the
world), all DNS address records are tried until one succeeds.  This
prevents a single down server in the rotation from stopping access.

DNS SRV records are used in HKP keyserver lookups to allow
administrators to load balance and select keyserver ports
automatically.

Timeout support has been added to the keyserver plugins.  This allows
users to set an upper limit on how long to wait for the keyserver
before giving up.


Preferred Keyserver URL
-----------------------

Preferred keyserver support has been added.  Users may set a preferred
keyserver via the --edit-key command "keyserver".  If the
--keyserver-option honor-keyserver-url is set (and it is by default),
then the preferred keyserver is used when refreshing that key with
--refresh-keys.

The --sig-keyserver-url option can be used to inform signature
recipients where the signing key can be downloaded.  When verifying
the signature, if the signing key is not present, and the keyserver
options honor-keyserver-url and auto-key-retrieve are set, this URL
will be used to retrieve the key.


Trust Signatures
----------------

GnuPG 1.4 supports OpenPGP trust signatures, which allow a user to
specify the trust level and distance from the user along with the
signature so users can delegate different levels of certification
ability to other users, possibly restricted by a regular expression on
the user ID.


Trust Models
------------

GnuPG 1.4 supports several ways of looking at trust:

Classic - The classic PGP trust model, where people sign each others
          keys and thus build up an assurance (called "validity") that
          the key belongs to the right person.  This was the default
          trust model in GnuPG 1.2.

Always - Bypass all trust checks, and make all keys fully valid.

Direct - Users may set key validity directly.

PGP - The PGP 7 and 8 behavior which combines Classic trust with trust
      signatures overlaid on top.  This is the default trust model in
      GnuPG 1.4.


The OpenPGP Smartcard
---------------------

GnuPG 1.4 supports the OpenPGP smartcard
(<http://www.g10code.de/p-card.html>)

Secret keys may be kept fully or partially on the smartcard.  The
smartcard may be used for primary keys or subkeys.


Other Interesting New Features
------------------------------

For those using Security-Enhanced Linux <http://www.nsa.gov/selinux/>,
the configure option --enable-selinux-support prevents GnuPG from
processing its own files (i.e. reading the secret keyring for
something other than getting a secret key from it).  This simplifies
writing ACLs for the SELinux kernel.

Readline support is now available at all prompts if the system
provides a readline library.

GnuPG can now create messages that can be decrypted with either a
passphrase or a secret key.  These messages may be generated with
--symmetric --encrypt or --symmetric --sign --encrypt.

--list-options and --verify-options allow the user to customize
exactly what key listings or signature verifications look like,
enabling or disabling things such as photo display, preferred
keyserver URL, calculated validity for each user ID, etc.

The --primary-keyring option designates the keyring that the user
wants new keys imported into.

The --hidden-recipient (or -R) command encrypts to a user, but hides
the identity of that user.  This is the same functionality as
--throw-keyid, but can be used on a per-user basis.

Full algorithm names (e.g. "3DES", "SHA1", "ZIP") can now be used
interchangeably with the short algorithm names (e.g. "S2", "H2", "Z1")
anywhere algorithm names are used in GnuPG.

The --keyid-format option selects short (99242560), long
(DB698D7199242560), 0xshort (0x99242560), or 0xlong
(0xDB698D7199242560) key ID displays.  This lets users tune the
display to what they prefer.

While it is not recommended for extended periods, it is possible to
run both GnuPG 1.2.x and GnuPG 1.4 during the transition.  To aid in
this, GnuPG 1.4 tries to load a config file suffixed with its version
before it loads the default config file.  For example, 1.4 will try
for gpg.conf-1.4 and gpg.conf-1 before falling back to the regular
gpg.conf file.

Revision 1.71 / (download) - annotate - [select for diffs], Mon Nov 8 21:17:01 2004 UTC (19 years, 4 months ago) by tv
Branch: MAIN
CVS Tags: pkgsrc-2004Q4-base, pkgsrc-2004Q4
Changes since 1.70: +2 -2 lines
Diff to previous 1.70 (colored) to selected 1.96 (colored)

The correct name of this program is "GNU Privacy Guard" (not "Privacy Guard").

Revision 1.70 / (download) - annotate - [select for diffs], Sun Oct 3 00:18:08 2004 UTC (19 years, 6 months ago) by tv
Branch: MAIN
Changes since 1.69: +2 -1 lines
Diff to previous 1.69 (colored) to selected 1.96 (colored)

Libtool fix for PR pkg/26633, and other issues.  Update libtool to 1.5.10
in the process.  (More information on tech-pkg.)

Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.

Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.

Revision 1.69 / (download) - annotate - [select for diffs], Thu Aug 26 13:19:32 2004 UTC (19 years, 7 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2004Q3-base, pkgsrc-2004Q3
Changes since 1.68: +2 -2 lines
Diff to previous 1.68 (colored) to selected 1.96 (colored)

Update to 1.2.6:
    * Updated the included gettext.  This also fixes the installation
      problem from 1.2.5

    * Fixed a race condition possibly leading to deleted keys.

Revision 1.68 / (download) - annotate - [select for diffs], Wed Jul 28 15:55:45 2004 UTC (19 years, 8 months ago) by schmonz
Branch: MAIN
Changes since 1.67: +5 -1 lines
Diff to previous 1.67 (colored) to selected 1.96 (colored)

Enable pkgviews installation.

Revision 1.67 / (download) - annotate - [select for diffs], Wed Jul 28 15:17:42 2004 UTC (19 years, 8 months ago) by wiz
Branch: MAIN
Changes since 1.66: +2 -3 lines
Diff to previous 1.66 (colored) to selected 1.96 (colored)

Update to 1.2.5:
    * New --ask-cert-level/--no-ask-cert-level option to turn on and
      off the prompt for signature level when signing a key.  Defaults
      to on.

    * New --min-cert-level option to disregard key signatures that are
      under a specified level.  Defaults to 1 (i.e. don't disregard
      anything).

    * New --max-output option to limit the amount of plaintext output
      generated by GnuPG.  This option can be used by programs which
      call GnuPG to process messages that may result in plaintext
      larger than the calling program is prepared to handle.  This is
      sometimes called a "Decompression Bomb".

    * New --list-config command for frontends and other programs that
      call GnuPG.  See doc/DETAILS for the specifics of this.

    * New --gpgconf-list command for internal use by the gpgconf
      utility from gnupg 1.9.x.

    * Some performance improvements with large keyrings.  See
      --enable-key-cache=SIZE in the README file for details.

    * Some portability fixes for the OpenBSD/i386, HPPA, and AIX
      platforms.

    * Simplified Chinese translation.

Revision 1.66 / (download) - annotate - [select for diffs], Fri May 7 15:25:13 2004 UTC (19 years, 10 months ago) by cjep
Branch: MAIN
CVS Tags: pkgsrc-2004Q2-base, pkgsrc-2004Q2
Changes since 1.65: +2 -2 lines
Diff to previous 1.65 (colored) to selected 1.96 (colored)

whitespace nits

Revision 1.65 / (download) - annotate - [select for diffs], Fri Apr 9 00:36:06 2004 UTC (19 years, 11 months ago) by reed
Branch: MAIN
Changes since 1.64: +2 -1 lines
Diff to previous 1.64 (colored) to selected 1.96 (colored)

Assume a mail transfer agent (/usr/sbin/sendmail) is installed.
This is to make sure that libexec/gnupg/gpgkeys_mailto is
installed. (Okay'd by wiz.)

This assumes that /usr/sbin/sendmail is sendmail.

PKGREVISION is not bumped because package couldn't be made
in first place if libexec/gnupg/gpgkeys_mailto was missing.

Revision 1.64 / (download) - annotate - [select for diffs], Thu Apr 8 20:58:32 2004 UTC (19 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.63: +8 -8 lines
Diff to previous 1.63 (colored) to selected 1.96 (colored)

Convert to bl3.

Revision 1.63 / (download) - annotate - [select for diffs], Tue Mar 30 15:13:12 2004 UTC (20 years ago) by tv
Branch: MAIN
Changes since 1.62: +2 -2 lines
Diff to previous 1.62 (colored) to selected 1.96 (colored)

Apply the patch from PR pkg/21493.  This is now submitted to gnupg.org as
bug gnupg/293, so grant has blessed it for inclusion in pkgsrc.

No more GNU sed build dependency, but the binaries do not change; thus
PKGREVISION untouched.

Revision 1.62 / (download) - annotate - [select for diffs], Tue Mar 30 09:05:56 2004 UTC (20 years ago) by grant
Branch: MAIN
Changes since 1.61: +2 -4 lines
Diff to previous 1.61 (colored) to selected 1.96 (colored)

compress USE_GNU_TOOLS onto one line.

Revision 1.61 / (download) - annotate - [select for diffs], Mon Mar 1 19:12:25 2004 UTC (20 years, 1 month ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2004Q1-base, pkgsrc-2004Q1
Changes since 1.60: +8 -2 lines
Diff to previous 1.60 (colored) to selected 1.96 (colored)

Make build on m68kelf, and honour M68060 variable for quite a bit
of speedup on m68060 machines.
From S.P. Zeidler in PR 24579.

Revision 1.60 / (download) - annotate - [select for diffs], Sun Feb 8 01:00:13 2004 UTC (20 years, 1 month ago) by kleink
Branch: MAIN
Changes since 1.59: +6 -1 lines
Diff to previous 1.59 (colored) to selected 1.96 (colored)

Install doc/DETAILS, which conveniently documents --with-colon formatted
output, among other things.  Bump to 1.2.4nb1.

Approved by Thomas Klausner.

Revision 1.59 / (download) - annotate - [select for diffs], Mon Feb 2 23:47:15 2004 UTC (20 years, 2 months ago) by xtraeme
Branch: MAIN
Changes since 1.58: +2 -2 lines
Diff to previous 1.58 (colored) to selected 1.96 (colored)

Respect whitespaces in SUBST_SED.fixme.

Revision 1.58 / (download) - annotate - [select for diffs], Mon Feb 2 23:41:32 2004 UTC (20 years, 2 months ago) by xtraeme
Branch: MAIN
Changes since 1.57: +13 -1 lines
Diff to previous 1.57 (colored) to selected 1.96 (colored)

Fix build in FreeBSD, the output was:

 _mpih-mul1.s:2: Error: alignment not a power of 2
_mpih-mul1.s:20: Error: alignment not a power of 2

So, changing ALIGN (3) to ALIGN (4) fixes these problems.
Patch sent by pancake in private email, adapted to use subst.mk
framework by me.

Revision 1.57 / (download) - annotate - [select for diffs], Sat Jan 24 15:00:22 2004 UTC (20 years, 2 months ago) by grant
Branch: MAIN
Changes since 1.56: +2 -2 lines
Diff to previous 1.56 (colored) to selected 1.96 (colored)

replace deprecated USE_GMAKE with USE_GNU_TOOLS+=make.

Revision 1.56 / (download) - annotate - [select for diffs], Thu Dec 25 14:05:02 2003 UTC (20 years, 3 months ago) by wiz
Branch: MAIN
Changes since 1.55: +3 -3 lines
Diff to previous 1.55 (colored) to selected 1.96 (colored)

Update to 1.2.4:
    * Added read-only support for BZIP2 compression.  This should be
      considered experimental, and is only available if the libbzip2
      library <http://sources.redhat.com/bzip2/> is installed.

    * Added the ability to handle messages that can be decrypted with
      either a passphrase or a secret key.

    * Most support for Elgamal sign+encrypt keys has been removed.
      Old signatures may still be verified, and existing encrypted
      messages may still be decrypted, but no new signatures may be
      issued by, and no new messages will be encrypted to, these keys.
      Elgamal sign+encrypt keys are not part of the web of trust.  The
      only new message that can be generated by an Elgamal
      sign+encrypt key is a key revocation.  Note that in a future
      version of GnuPG (currently planned for 1.4), all support for
      Elgamal sign+encrypt keys will be removed, so take this
      opportunity to revoke old keys now.

    * A Russian translation is included again as well as a new
      Belarusian translation.

Revision 1.53.2.1 / (download) - annotate - [select for diffs], Mon Dec 8 11:36:12 2003 UTC (20 years, 3 months ago) by agc
Branch: pkgsrc-2003Q4
Changes since 1.53: +2 -2 lines
Diff to previous 1.53 (colored) next main 1.54 (colored) to selected 1.96 (colored)

Pull up security fixes to the pkgsrc-2003Q4 branch, requested by
Alistair Crooks.

	---------------------
	PatchSet 73
	Date: 2003/11/27 09:50:12
	Author: tron
	Log:
	Apply security patch which disables ElGamal signature keys because they
	are vulnerable. Bump package revision to reflect this change.

	Members:
		Makefile:1.53->1.54
		distinfo:1.21->1.22

	---------------------
	PatchSet 74
	Date: 2003/11/27 23:46:36
	Author: heinz
	Log:
	Add improved patch for compromised ElGamal signing keys from
	gnupg-devel at gnupg org. The old patch didn't completely disable usage
	of the compromised keys.
	Move the old and new fix to the patches/ directory.

	Members:
		Makefile:1.54->1.55
		distinfo:1.22->1.23
		patches/patch-ai:INITIAL->1.1
		patches/patch-aj:INITIAL->1.1

Revision 1.55 / (download) - annotate - [select for diffs], Thu Nov 27 23:46:36 2003 UTC (20 years, 4 months ago) by heinz
Branch: MAIN
Changes since 1.54: +2 -6 lines
Diff to previous 1.54 (colored) to selected 1.96 (colored)

Add improved patch for compromised ElGamal signing keys from
gnupg-devel at gnupg org. The old patch didn't completely disable usage
of the compromised keys.
Move the old and new fix to the patches/ directory.

Revision 1.54 / (download) - annotate - [select for diffs], Thu Nov 27 09:50:12 2003 UTC (20 years, 4 months ago) by tron
Branch: MAIN
Changes since 1.53: +6 -2 lines
Diff to previous 1.53 (colored) to selected 1.96 (colored)

Apply security patch which disables ElGamal signature keys because they
are vulnerable. Bump package revision to reflect this change.

Revision 1.53 / (download) - annotate - [select for diffs], Sat Oct 11 07:18:50 2003 UTC (20 years, 5 months ago) by grant
Branch: MAIN
CVS Tags: pkgsrc-2003Q4-base
Branch point for: pkgsrc-2003Q4
Changes since 1.52: +3 -1 lines
Diff to previous 1.52 (colored) to selected 1.96 (colored)

require GNU sed for GNU sed specific expressions.

fixes PR pkg/21493.

Revision 1.52 / (download) - annotate - [select for diffs], Mon Aug 25 21:25:24 2003 UTC (20 years, 7 months ago) by itojun
Branch: MAIN
Changes since 1.51: +2 -3 lines
Diff to previous 1.51 (colored) to selected 1.96 (colored)

upgrade to 1.2.3.

    * New "--gnupg" option (set by default) that disables --openpgp,
      and the various --pgpX emulation options.  This replaces
      --no-openpgp, and --no-pgpX, and also means that GnuPG has
      finally grown a --gnupg option to make GnuPG act like GnuPG.
    * A number of portability changes to make building GnuPG on
      less-common platforms easier.
    * Romanian translation.
    * Two new %-expandos for use in notation and policy URLs.  "%g"
      expands to the fingerprint of the key making the signature
      (which might be a subkey), and "%p" expands to the fingerprint
      of the primary key that owns the key making the signature.
    * New "tru" record in --with-colons --list-keys listings.  It
      shows the status of the trust database that was used to
      calculate the key validity in the listings.  See doc/DETAILS for
      the specifics of this.
    * New REVKEYSIG status tag for --status-fd.  It indicates a valid
      signature that was issued by a revoked key.  See doc/DETAILS for
      the specifics of this.

Revision 1.51 / (download) - annotate - [select for diffs], Fri Aug 15 07:02:22 2003 UTC (20 years, 7 months ago) by itojun
Branch: MAIN
Changes since 1.50: +2 -2 lines
Diff to previous 1.50 (colored) to selected 1.96 (colored)

add IPv6 support.  bump PKGREVISION

Revision 1.50 / (download) - annotate - [select for diffs], Sat Aug 9 11:21:55 2003 UTC (20 years, 7 months ago) by seb
Branch: MAIN
Changes since 1.49: +1 -2 lines
Diff to previous 1.49 (colored) to selected 1.96 (colored)

USE_NEW_TEXINFO is unnecessary now.

Revision 1.49 / (download) - annotate - [select for diffs], Fri Aug 8 18:57:04 2003 UTC (20 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.48: +3 -2 lines
Diff to previous 1.48 (colored) to selected 1.96 (colored)

Add http master site for idea.c.gz. Addresses PR 22408.

Revision 1.48 / (download) - annotate - [select for diffs], Mon Aug 4 23:12:17 2003 UTC (20 years, 7 months ago) by seb
Branch: MAIN
Changes since 1.47: +2 -2 lines
Diff to previous 1.47 (colored) to selected 1.96 (colored)

Convert to USE_NEW_TEXINFO.

Revision 1.47 / (download) - annotate - [select for diffs], Thu Jul 17 22:52:55 2003 UTC (20 years, 8 months ago) by grant
Branch: MAIN
Changes since 1.46: +2 -2 lines
Diff to previous 1.46 (colored) to selected 1.96 (colored)

s/netbsd.org/NetBSD.org/

Revision 1.46 / (download) - annotate - [select for diffs], Sun Jul 13 13:53:10 2003 UTC (20 years, 8 months ago) by wiz
Branch: MAIN
Changes since 1.45: +2 -1 lines
Diff to previous 1.45 (colored) to selected 1.96 (colored)

PKGREVISION bump for libiconv update.

Revision 1.45 / (download) - annotate - [select for diffs], Tue May 6 15:57:03 2003 UTC (20 years, 10 months ago) by tron
Branch: MAIN
Changes since 1.44: +2 -4 lines
Diff to previous 1.44 (colored) to selected 1.96 (colored)

Remove dead mirrors, add a new one.

Revision 1.44 / (download) - annotate - [select for diffs], Tue May 6 15:48:24 2003 UTC (20 years, 10 months ago) by tron
Branch: MAIN
Changes since 1.43: +4 -5 lines
Diff to previous 1.43 (colored) to selected 1.96 (colored)

Fix some of the master site URLs so that the "fetch" target works at
least particually.

Revision 1.43 / (download) - annotate - [select for diffs], Mon May 5 16:33:46 2003 UTC (20 years, 10 months ago) by taca
Branch: MAIN
Changes since 1.42: +2 -3 lines
Diff to previous 1.42 (colored) to selected 1.96 (colored)

Update gnupg package to 1.2.2.

Security problem is reported on bugtraq.

http://www.securityfocus.com/archive/1/320444/2003-05-02/2003-05-08/0


2003-05-01  Werner Koch  <wk@gnupg.org>

	Released 1.2.2.

2003-04-30  David Shaw  <dshaw@jabberwocky.com>

	* NEWS: Note trust bug fix.

2003-04-29  David Shaw  <dshaw@jabberwocky.com>

	* NEWS: Add note about TIGER being dropped from OpenPGP.

	* README: Add note about the HP/UX inline problem.  Fix all URLs
	to point to the right place in the reorganized gnupg.org web
	pages.  Some minor language fixes.

2003-04-27  David Shaw  <dshaw@jabberwocky.com>

	* NEWS: Add sig version, pk algo, hash algo, and sig class to
	VALIDSIG.

	* BUGS: Fix bug reporting URL.

2003-04-24  Werner Koch  <wk@gnupg.org>

	* configure.ac (ALL_LINGUAS): Added Hungarian translation by Nagy
	Ferenc László.

2003-04-23  David Shaw  <dshaw@jabberwocky.com>

	* configure.ac: "TIGER" -> "TIGER/192".

	* README: Put back proper copyright line.

2003-04-16  Werner Koch  <wk@gnupg.org>

	Released 1.2.2rc2.

2003-04-15  Werner Koch  <wk@gnupg.org>

	* configure.ac (ALL_LINGUAS): Add Slovak translation.

	* configure.ac (HAVE_DOSISH_SYSTEM): New automake conditional.

	* acinclude.m4 (GNUPG_CHECK_ENDIAN): Fixed quoting of r.e. using
	quadrigraphs.

2003-04-08  David Shaw  <dshaw@jabberwocky.com>

	* configure.ac: Big warning that TIGER is being removed from the
	standard.

2003-04-08  Werner Koch  <wk@gnupg.org>

	* Makefile.am (EXTRA_DIST): Add autogen.sh wrapper which is
	useful for some cross-compiling targets.

2003-04-07  David Shaw  <dshaw@jabberwocky.com>

	* acinclude.m4: Fix URL to faqprog.pl.

	* README: Add --enable-sha512 switch and update version number and
	copyright date.

	* NEWS: Add note about SHA-256/384/512.

2003-03-24  Werner Koch  <wk@gnupg.org>

	* configure.ac: Test for ranlib and ar.

2003-03-12  Werner Koch  <wk@gnupg.org>

	* acinclude.m4 (GNUPG_CHECK_ENDIAN): When crosscompiling assume
	little only for Intel CPUs.

2003-02-19  David Shaw  <dshaw@jabberwocky.com>

	* configure.ac: Define @CAPLIBS@ to link in -lcap if we are using
	capabilities.

2003-02-11  David Shaw  <dshaw@jabberwocky.com>

	* configure.ac: Add --enable-sha512 switch to add SHA384/512
	support.

2003-02-06  David Shaw  <dshaw@jabberwocky.com>

	* configure.ac: Do not set GNUPG_LIBEXECDIR in ./configure, so
	that makefiles can override it.

2003-02-02  David Shaw  <dshaw@jabberwocky.com>

	* configure.ac (ALL_LINGUAS): Needs to be on one line to avoid
	problems during ./configure.

	* NEWS: Note new --with-colons disabled key flag and new "revuid"
	command.

2003-01-07  Werner Koch  <wk@gnupg.org>

        Released 1.2.2rc1.

	* configure.ac (ALL_LINGUAS): Added fi and zh_TW.

2003-01-06  David Shaw  <dshaw@jabberwocky.com>

	* NEWS: Add notes about disabled keys and trustdb tweaks.

2002-12-04  David Shaw  <dshaw@jabberwocky.com>

	* NEWS: Add note about convert-from-106 script.

2002-11-25  David Shaw  <dshaw@jabberwocky.com>

	* NEWS: Add notes about notation names and '@', the "--trust-model
	always" option, and non-optimized memory wiping.

2002-11-09  Werner Koch  <wk@gnupg.org>

	* configure.ac: Check for ctermid().

2002-10-31  David Shaw  <dshaw@jabberwocky.com>

	* Makefile.am: Put gnupg.spec in the root directory so rpm -ta
	works.

	* configure.ac: Add a check for volatile.

Revision 1.42 / (download) - annotate - [select for diffs], Fri May 2 11:56:16 2003 UTC (20 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.41: +2 -2 lines
Diff to previous 1.41 (colored) to selected 1.96 (colored)

Dependency bumps, needed because of devel/pth's major bump, and related
dependency bumps.

Revision 1.41 / (download) - annotate - [select for diffs], Fri Jan 10 07:48:48 2003 UTC (21 years, 2 months ago) by cjep
Branch: MAIN
CVS Tags: netbsd-1-6-1-base, netbsd-1-6-1
Changes since 1.40: +8 -7 lines
Diff to previous 1.40 (colored) to selected 1.96 (colored)

USE_PKGLOCALEDIR=yes

Revision 1.40 / (download) - annotate - [select for diffs], Thu Dec 12 14:34:49 2002 UTC (21 years, 3 months ago) by abs
Branch: MAIN
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored) to selected 1.96 (colored)

shorten COMMENT

Revision 1.39 / (download) - annotate - [select for diffs], Sun Nov 24 18:47:48 2002 UTC (21 years, 4 months ago) by dillo
Branch: MAIN
Changes since 1.38: +2 -4 lines
Diff to previous 1.38 (colored) to selected 1.96 (colored)

use test target provided by bsd.pkg.mk instead of home grown one.

Revision 1.38 / (download) - annotate - [select for diffs], Sun Nov 24 16:52:05 2002 UTC (21 years, 4 months ago) by chris
Branch: MAIN
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored) to selected 1.96 (colored)

Rename the regress target test.  This appears to be the new standard:
http://mail-index.netbsd.org/pkgsrc-changes/2002/11/23/0009.html

Revision 1.37 / (download) - annotate - [select for diffs], Sun Nov 24 12:22:16 2002 UTC (21 years, 4 months ago) by chris
Branch: MAIN
Changes since 1.36: +3 -1 lines
Diff to previous 1.36 (colored) to selected 1.96 (colored)

Seems that gnupg now depends on perl being available to create, install
and run gpgkeys_mailto

Fixes PR pkg/19104

Also bump pkgrevision.

Revision 1.36 / (download) - annotate - [select for diffs], Sun Oct 27 02:53:02 2002 UTC (21 years, 5 months ago) by chris
Branch: MAIN
Changes since 1.35: +3 -2 lines
Diff to previous 1.35 (colored) to selected 1.96 (colored)

Update gnupg to 1.2.1.  Is a bug fix release.

Major user visible changes are:
    * The library dependencies for OpenLDAP seem to change fairly
      frequently, and GnuPG's configure script cannot guess all the
      combinations.  Use ./configure LDAPLIBS="-L libdir -l libs" to
      override the script and use the libraries selected.

    * Secret keys generated with --export-secret-subkeys are now
      indicated in key listings with a '#' after the "sec", and in
      --with-colons listings by showing no capabilities (no lowercase
      characters).

    * --trusted-key has been un-obsoleted, as it is useful for adding
      ultimately trusted keys from the config file.  It is identical
      to using --edit and "trust" to change a key to ultimately
      trusted.

    * The usual bug fixes as well as fixes to build problems on some
      systems.

Note that patch-aa and patch-ab are no longer needed as was, patch-aa now
contains fixes to handle dlsym errors properly.

Also now include libiconv/buildlink2.mk as gnupg looks for iconv.

Fixes pkg/18221.

Revision 1.35 / (download) - annotate - [select for diffs], Wed Oct 9 14:16:55 2002 UTC (21 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.34: +35 -22 lines
Diff to previous 1.34 (colored) to selected 1.96 (colored)

upgrade to 1.2.0, from skrueger@europe.com

2002-09-21  Werner Koch  <wk@gnupg.org>
        Released 1.2.0.
	* configure.ac: Bumbed version number and set development version
	to no.
2002-09-19  David Shaw  <dshaw@jabberwocky.com>
	* configure.ac: Try linking LDAP as just -lldap as it seems very
	recent OpenLDAPs (>=2.0.23) support that.
2002-09-14  David Shaw  <dshaw@jabberwocky.com>
	* configure.ac: Try linking LDAP without -lresolv first, just in
	case the platform has libresolv, but doesn't actually need it to
	use LDAP.
2002-09-12  David Shaw  <dshaw@jabberwocky.com>
	* NEWS: Note that the old IDEA plugin won't work with post-1.1.90
	gpg.
2002-09-11  Werner Koch  <wk@gnupg.org>
	Released 1.1.92.
	* configure.ac (random_modules): The default random module for
	system lacking a /dev/random is now auto selected at runtime.
2002-09-09  David Shaw  <dshaw@jabberwocky.com>
	* NEWS: typo.
	* configure.ac: Add a link test for LDAP without -lresolv for
	HPUX.  Remove "hstrerror" test as it is no longer needed.
2002-09-02  Werner Koch  <wk@gnupg.org>
	* README: Removed the note about a development version so that we
	later don't forget this.  Minor other changes.
2002-08-29  Werner Koch  <wk@gnupg.org>
	* configure.ac (random_modules): Reworked the code to select the
	random module.  Define USE_ALL_RANDOM_MODULES for value all.
2002-08-27  David Shaw  <dshaw@jabberwocky.com>
	* configure.ac: Check type of mode_t.
	* NEWS: Clarify that --libexecdir is a configure option.
	* configure.ac: Check for hstrerror.
2002-08-19  David Shaw  <dshaw@jabberwocky.com>
	* NEWS: Document new ways to enable MDC, and change in automatic
	compression disabling.
	* configure.ac: No such thing as the "none" random gather any
	longer.
2002-08-08  David Shaw  <dshaw@jabberwocky.com>
	* configure.ac: Add an --enable-tiger.
	* NEWS: Clarify new permission checks.
2002-08-07  David Shaw  <dshaw@jabberwocky.com>
	* configure.ac: If the static IDEA cipher is present, disable
	dynamic loading.  Also fix backwards grammar of keyserver
	exec-path CHECKING message.
2002-08-05  Werner Koch  <wk@gnupg.org>
	* configure.ac: Bumbed version number.
2002-08-04  Werner Koch  <wk@gnupg.org>
	Released 1.1.91.
	* configure.ac (ALL_LINGUAS): Added Catalan.
2002-08-02  Werner Koch  <wk@gnupg.org>
	* configure.ac: Removed all extension stuff but keep the tests for
	dlopen.  We don't need to figure out the flags required.  All
	stuff is now statically loaded.
2002-07-30  David Shaw  <dshaw@jabberwocky.com>
	* README, configure.ac: --with-exec-path is now clarified into
	--disable-keyserver-path
	* NEWS: changes since 1.1.90.
2002-07-24  David Shaw  <dshaw@jabberwocky.com>
	* configure.ac: Include a GNUPG_LIBEXECDIR in g10defs.h, as well
	as a SUBST for Makefiles.
2002-07-22  Timo Schulz  <ts@winpt.org>
	* configure.ac: Replace the 'c:/' variables with 'c:\' due
	to the fact we already use '\' in the remaining code.
2002-07-08  David Shaw  <dshaw@jabberwocky.com>
	* configure.ac: Add --with-mailprog to override the use of
	sendmail with another MTA.  We can use anything that follows the
	"$MAILPROG -t" convention.
2002-07-04  David Shaw  <dshaw@jabberwocky.com>
	* configure.ac: --enable-exec-path should be a 'with'.  Fix 'no'
	cases of --with-exec-path and --with-photo-viewer.
	* README: Document --disable-exec, --disable-photo-viewers,
	--disable-keyserver-helpers, --enable-exec-path, and
	--with-photo-viewer.
	* configure.ac: Add --with-photo-viewer to lock the viewer at
	compile time and --disable-keyserver-helpers and
	--disable-photo-viewers to allow disabling one without disabling
	the other.
2002-07-03  David Shaw  <dshaw@jabberwocky.com>
	* configure.ac: Allow setting USE_EXEC_PATH to lock the exec-path
	to a fixed value.
2002-07-01  Werner Koch  <wk@gnupg.org>
	* configure.ac: Set version number to 1.1.91.
        Released 1.1.90.
	* INSTALL: Replaced by generic install file.
	* README: Marked as development version and moved most stuff of
	the old INSTALL file to here.
2002-06-30  Werner Koch  <wk@gnupg.org>
	* configure.ac: Link W32 version against libwsock32.
2002-06-29  Werner Koch  <wk@gnupg.org>
	* configure.ac (development_version): New.
	(HAVE_DEV_RANDOM_IOCTL): Removed test for it; it was never used.
	* BUGS, AUTHORS: Add a note on how to send security related bug
	reports.
2002-06-20  David Shaw  <dshaw@jabberwocky.com>
	* NEWS: changes since 1.0.7.
	* configure.ac: Set new version number (1.1.90), and fix Solaris
	compiler flags for shared objects.
2002-06-11  David Shaw  <dshaw@jabberwocky.com>
	* configure.ac: Move -lsocket and -lnsl checks before LDAP link
	tests so they work properly on Solaris.  Noted by David Champion.
	Also, check for the Mozilla LDAP library if the OpenLDAP library
	check fails.  Put -lsocket and -lnsl in NETLIBS rather than LIBS
	so not all programs are forced to link to them.
2002-06-05  David Shaw  <dshaw@jabberwocky.com>
	* configure.ac: Add a switch for the experimental external HKP
	keyserver interface.
2002-05-22  Werner Koch  <wk@gnupg.org>
	* configure.ac: Check for strcasecmp and strncasecmp.  Removed
	stricmp and memicmp checks.
2002-05-08  David Shaw  <dshaw@jabberwocky.com>
	* configure.ac: If LDAP comes up unusable, try #including <lber.h>
	before giving up.  Old versions of OpenLDAP require that.
2002-05-03  David Shaw  <dshaw@jabberwocky.com>
	* configure.ac: In g10defs.h, use \ for the directory separator
	when HAVE_DOSISH_SYSTEM is on.
	* configure.ac: Add --disable-exec flag to disable all remote
	program execution.  --disable-exec implies --disable-ldap and
	--disable-mailto.  Also look in /usr/lib for sendmail.  If
	sendmail is not found, do not default - just fail.
2002-04-30  David Shaw  <dshaw@jabberwocky.com>
	* configure.ac: Try and link to a sample LDAP program to check if
	the LDAP we're about to use is really sane.  The most common
	problem (using a very old OpenLDAP), could be fixed with an extra
	#include, but this would not be very portable to other LDAP
	libraries.

Revision 1.34 / (download) - annotate - [select for diffs], Tue Oct 1 19:53:54 2002 UTC (21 years, 6 months ago) by chris
Branch: MAIN
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored) to selected 1.96 (colored)

Belated bump to nb2, following fixes to dlsym return checks to work properly against -current.

Revision 1.33 / (download) - annotate - [select for diffs], Sun Aug 25 21:50:36 2002 UTC (21 years, 7 months ago) by jlam
Branch: MAIN
Changes since 1.32: +9 -8 lines
Diff to previous 1.32 (colored) to selected 1.96 (colored)

Merge packages from the buildlink2 branch back into the main trunk that
have been converted to USE_BUILDLINK2.

Revision 1.31.2.2 / (download) - annotate - [select for diffs], Sun Aug 25 21:21:04 2002 UTC (21 years, 7 months ago) by jlam
Branch: buildlink2
Changes since 1.31.2.1: +2 -1 lines
Diff to previous 1.31.2.1 (colored) next main 1.32 (colored) to selected 1.96 (colored)

Merge changes in the main trunk into the buildlink2 branch for those
packages that have been converted to USE_BUILDLINK2.

Revision 1.32 / (download) - annotate - [select for diffs], Thu Jul 18 20:44:52 2002 UTC (21 years, 8 months ago) by heinz
Branch: MAIN
CVS Tags: pkgviews-base, pkgviews, netbsd-1-6-RELEASE-base, netbsd-1-6, buildlink2-base
Changes since 1.31: +2 -1 lines
Diff to previous 1.31 (colored) to selected 1.96 (colored)

Correct wrong detection of /dev/random in GnuPG 1.0.7 on NetBSD.
Bumped PKGREVISION to 1, changed PLIST accordingly and added 2 patches
for configure and configure.ac. Patches were sent to gnupg-bugs@gnu.org.
Thomas Klausner approved.

Revision 1.31.2.1 / (download) - annotate - [select for diffs], Mon Jul 1 17:45:08 2002 UTC (21 years, 9 months ago) by jlam
Branch: buildlink2
Changes since 1.31: +9 -8 lines
Diff to previous 1.31 (colored) to selected 1.96 (colored)

Convert from using buildlink1 to using the new buildlink2 framework.

Revision 1.31 / (download) - annotate - [select for diffs], Tue May 7 18:48:46 2002 UTC (21 years, 10 months ago) by wiz
Branch: MAIN
Branch point for: buildlink2
Changes since 1.30: +3 -3 lines
Diff to previous 1.30 (colored) to selected 1.96 (colored)

Update to 1.0.7.
* Secret keys are now stored and exported in a new format which
  uses SHA-1 for integrity checks.  This format renders the
  Rosa/Klima attack useless.  Other OpenPGP implementations might
  not yet support this, so the option --simple-sk-checksum creates
  the old vulnerable format.

* The default cipher algorithm for encryption is now CAST5,
  default hash algorithm is SHA-1.  This will give us better
  interoperability with other OpenPGP implementations.

* Symmetric encrypted messages now use a fixed file size if
  possible.  This is a tradeoff: it breaks PGP 5, but fixes PGP 2,
  6, and 7.  Note this was only an issue with RFC-1991 style
  symmetric messages.

* Photographic user ID support.  This uses an external program to
  view the images.

* Enhanced keyserver support via keyserver "plugins".  GnuPG comes
  with plugins for the NAI LDAP keyserver as well as the HKP email
  keyserver.  It retains internal support for the HKP HTTP
  keyserver.

* Nonrevocable signatures are now supported.  If a user signs a
  key nonrevocably, this signature cannot be taken back so be
  careful!

* Multiple signature classes are usable when signing a key to
  specify how carefully the key information (fingerprint, photo
  ID, etc) was checked.

* --pgp2 mode automatically sets all necessary options to ensure
  that the resulting message will be usable by a user of PGP 2.x.

* --pgp6 mode automatically sets all necessary options to ensure
  that the resulting message will be usable by a user of PGP 6.x.

* Signatures may now be given an expiration date.  When signing a
  key with an expiration date, the user is prompted whether they
  want their signature to expire at the same time.

* Revocation keys (designated revokers) are now supported if
  present.  There is currently no way to designate new keys as
  designated revokers.

* Permissions on the .gnupg directory and its files are checked
  for safety.

* --expert mode enables certain silly things such as signing a
  revoked user id, expired key, or revoked key.

* Some fixes to build cleanly under Cygwin32.

* New tool gpgsplit to split OpenPGP data formats into packets.

* New option --preserve-permissions.

* Subkeys created in the future are not used for encryption or
  signing unless the new option --ignore-valid-from is used.

* Revoked user-IDs are not listed unless signatures are listed too
  or we are in verbose mode.

* There is no default comment string with ascii armors anymore
  except for revocation certificates and --enarmor mode.

* The command "primary" in the edit menu can be used to change the
  primary UID, "setpref" and "updpref" can be used to change the
  preferences.

* Fixed the preference handling; since 1.0.5 they were erroneously
  matched against against the latest user ID and not the given one.

* RSA key generation.

* It is now possible to sign and conventional encrypt a message (-cs).

* The MDC feature flag is supported and can be set by using
  the "updpref" edit command.

* The status messages GOODSIG and BADSIG are now returning the primary
  UID, encoded using %XX escaping (but with spaces left as spaces,
  so that it should not break too much)

* Support for GDBM based keyrings has been removed.

* The entire keyring management has been revamped.

* The way signature stati are store has changed so that v3
  signatures can be supported. To increase the speed of many
  operations for existing keyrings you can use the new
  --rebuild-keydb-caches command.

* The entire key validation process (trustdb) has been revamped.
  See the man page entries for --update-trustdb, --check-trustdb
  and --no-auto-check-trustdb.

* --trusted-keys is again obsolete, --edit can be used to set the
  ownertrust of any key to ultimately trusted.

* A subkey is never used to sign keys.

* Read only keyrings are now handled as expected.

Revision 1.30 / (download) - annotate - [select for diffs], Mon Feb 18 15:14:39 2002 UTC (22 years, 1 month ago) by seb
Branch: MAIN
CVS Tags: netbsd-1-5-PATCH003
Changes since 1.29: +2 -1 lines
Diff to previous 1.29 (colored) to selected 1.96 (colored)

Introduce new framework for handling info files generation and installation.

Summary of changes:
- removal of USE_GTEXINFO
- addition of mk/texinfo.mk
- inclusion of this file in package Makefiles requiring it
- `install-info' substituted by `${INSTALL_INFO}' in PLISTs
- tuning of mk/bsd.pkg.mk:
    removal of USE_GTEXINFO
    INSTALL_INFO added to PLIST_SUBST
    `${INSTALL_INFO}' replace `install-info' in target rules
    print-PLIST target now generate `${INSTALL_INFO}' instead of `install-info'
- a couple of new patch files added for a handful of packages
- setting of the TEXINFO_OVERRIDE "switch" in packages Makefiles requiring it
- devel/cssc marked requiring texinfo 4.0
- a couple of packages Makefiles were tuned with respect of INFO_FILES and
  makeinfo command usage

See -newly added by this commit- section 10.24 of Packages.txt for
further information.

Revision 1.29 / (download) - annotate - [select for diffs], Sat Oct 27 07:00:53 2001 UTC (22 years, 5 months ago) by jlam
Branch: MAIN
Changes since 1.28: +1 -2 lines
Diff to previous 1.28 (colored) to selected 1.96 (colored)

Remove commented USE_LIBINTL definitions ... we already use the
gettext-lib/buildlink.mk file.

Revision 1.28 / (download) - annotate - [select for diffs], Thu Jun 28 19:13:24 2001 UTC (22 years, 9 months ago) by jlam
Branch: MAIN
Changes since 1.27: +5 -7 lines
Diff to previous 1.27 (colored) to selected 1.96 (colored)

Convert to use buildlink.mk files and mark as USE_BUILDLINK_ONLY.

Revision 1.27 / (download) - annotate - [select for diffs], Mon Jun 4 23:41:36 2001 UTC (22 years, 9 months ago) by wiz
Branch: MAIN
Changes since 1.26: +3 -3 lines
Diff to previous 1.26 (colored) to selected 1.96 (colored)

Use slightly modified idea.c, which recognizes NetBSD PowerPC machines as
big endian. Makes gnupg work with IDEA support on ppc machines.
XXX: Probably similar changes needed for some other big-endian platforms.

Revision 1.26 / (download) - annotate - [select for diffs], Thu May 31 13:30:02 2001 UTC (22 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored) to selected 1.96 (colored)

Update to 1.0.6, provided by Nathan Ahlstrom in pkg/13069.
Changes:
Fixed a format string bug which is exploitable if --batch is not used.
Checked all translations for format strings bugs.
Removed the Russian translation due to too many bugs.
Fixed keyserver access and expire time calculation.

Revision 1.25 / (download) - annotate - [select for diffs], Mon May 14 13:40:04 2001 UTC (22 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.24: +4 -8 lines
Diff to previous 1.24 (colored) to selected 1.96 (colored)

Update to 1.0.5, provided by Mark White in private mail.
Some pkg related changes by me.
Changes since 1.0.4:
* WARNING: The semantics of --verify have changed to address a
  problem with detached signature detection. --verify now ignores
  signed material given on stdin unless this is requested by using
  a "-" as the name for the file with the signed material.  Please
  check all your detached signature handling applications and make
  sure that they don't pipe the signed material to stdin without
  using a filename together with "-" on the the command line.

* WARNING: Corrected hash calculation for input data larger than
  512M - it was just wrong, so you might notice bad signature in
  some very big files.  It may be wise to keep an old copy of
  GnuPG around.

* Secret keys are no longer imported unless you use the new option
  --allow-secret-key-import.  This is a kludge and future versions will
  handle it in another way.

* New command "showpref" in the --edit-key menu to show an easier
  to understand preference listing.

* There is now the notation of a primary user ID.  For example, it
  is printed with a signature verification as the first user ID;
  revoked user IDs are not printed there anymore.  In general the
  primary user ID is the one with the latest self-signature.

* New --charset=utf-8 to bypass all internal conversions.

* Large File Support (LFS) is now working.

* New options: --ignore-crc-error, --no-sig-create-check,
  --no-sig-cache, --fixed_list_mode, --no-expensive-trust-checks,
  --enable-special-filenames and --use-agent.  See man page.

* New command --pipemode, which can be used to run gpg as a
  co-process.  Currently only the verification of detached
  signatures are working.  See doc/DETAILS.

* Rewritten key selection code so that GnuPG can better cope with
  multiple subkeys, expire dates and so.  The drawback is that it
  is slower.

* A whole lot of bug fixes.

* The verification status of self-signatures are now cached. To
  increase the speed of key list operations for existing keys you
  can do the following in your GnuPG homedir (~/.gnupg):
     $ cp pubring.gpg pubring.gpg.save && $ gpg --export-all >x && \
      rm pubring.gpg && gpg --import x
  Only v4 keys (i.e not the old RSA keys) benefit from this caching.

* New translations: Estonian, Turkish.

Revision 1.24 / (download) - annotate - [select for diffs], Sat Mar 31 11:14:30 2001 UTC (23 years ago) by zuntum
Branch: MAIN
CVS Tags: netbsd-1-5-PATCH001
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored) to selected 1.96 (colored)

o Fix/add quoting
o Respect ${CFLAGS}

Revision 1.23 / (download) - annotate - [select for diffs], Tue Mar 27 03:20:15 2001 UTC (23 years ago) by hubertf
Branch: MAIN
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored) to selected 1.96 (colored)

Change BUILD_DEPENDS semantics:
first component is now a package name+version/pattern, no more
executable/patchname/whatnot.

While there, introduce BUILD_USES_MSGFMT as shorthand to pull in
devel/gettext unless /usr/bin/msgfmt exists (i.e. on post-1.5 -current).

Patch by Alistair Crooks <agc@netbsd.org>

Revision 1.22 / (download) - annotate - [select for diffs], Sat Feb 17 17:49:45 2001 UTC (23 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.21: +2 -1 lines
Diff to previous 1.21 (colored) to selected 1.96 (colored)

Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT.

Revision 1.21 / (download) - annotate - [select for diffs], Thu Feb 15 12:04:37 2001 UTC (23 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.20: +6 -2 lines
Diff to previous 1.20 (colored) to selected 1.96 (colored)

Update to 1.0.4nb3: incorporate a security fix by the author.
(Which also includes completely unrelated patch-ac.)
Closes pkg/12208.

Revision 1.20 / (download) - annotate - [select for diffs], Mon Jan 29 11:53:02 2001 UTC (23 years, 2 months ago) by wiz
Branch: MAIN
Changes since 1.19: +27 -2 lines
Diff to previous 1.19 (colored) to selected 1.96 (colored)

Update gnupg to 1.0.4nb2:
Fix a bug in ~/.gnupg creation.
Honor USE_IDEA, and add the IDEA extension in that case.
Addresses pkg/11876.

Revision 1.19 / (download) - annotate - [select for diffs], Thu Nov 30 00:11:26 2000 UTC (23 years, 4 months ago) by wiz
Branch: MAIN
Changes since 1.18: +2 -2 lines
Diff to previous 1.18 (colored) to selected 1.96 (colored)

change DEPENDS on gettext to BUILD_DEPENDS on msgfmt

Revision 1.18 / (download) - annotate - [select for diffs], Sun Nov 12 14:28:48 2000 UTC (23 years, 4 months ago) by wiz
Branch: MAIN
Changes since 1.17: +2 -1 lines
Diff to previous 1.17 (colored) to selected 1.96 (colored)

Declare some symbols static in twofish.c (for details see lib/11458).
Patch provided by Olaf Seibert.
Bump version number to 1.0.4nb1.

Revision 1.17 / (download) - annotate - [select for diffs], Fri Nov 10 02:35:02 2000 UTC (23 years, 4 months ago) by wiz
Branch: MAIN
Changes since 1.16: +3 -2 lines
Diff to previous 1.16 (colored) to selected 1.96 (colored)

Update to 1.0.4. Changes since 1.0.3:
* Fixed a serious bug which could lead to false signature verification
  results when more than one signature is fed to gpg.  This is the
  primary reason for releasing this version.
* New utility gpgv which is a stripped down version of gpg to
  be used to verify signatures against a list of trusted keys.
* Rijndael (AES) is now supported and listed with top preference.
* --with-colons now works with --print-md[s].

Based on an update provided by Mipam <mipam@ibb.net>.

Revision 1.16 / (download) - annotate - [select for diffs], Wed Oct 11 09:57:45 2000 UTC (23 years, 5 months ago) by itojun
Branch: MAIN
CVS Tags: netbsd-1-5-RELEASE, netbsd-1-4-PATCH003
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored) to selected 1.96 (colored)

recover DEPENDS

Revision 1.15 / (download) - annotate - [select for diffs], Wed Oct 11 09:57:30 2000 UTC (23 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.14: +3 -3 lines
Diff to previous 1.14 (colored) to selected 1.96 (colored)

update to 1.0.3.

Noteworthy changes in version 1.0.3 (2000-09-18)
------------------------------------------------

    * Fixed problems with piping to/from other MS-Windows software

    * Expiration time of the primary key can be changed again.

    * Revoked user IDs are now marked in the output of --list-key

    * New options --show-session-key and --override-session-key
      to help the British folks to somewhat minimize the danger
      of this Orwellian RIP bill.

    * New options --merge-only and --try-all-secrets.

    * New configuration option --with-egd-socket.

    * The --trusted-key option is back after it left us with 0.9.5

    * RSA is supported. Key generation does not yet work but will come
      soon.

    * CAST5 and SHA-1 are now the default algorithms to protect the key
      and for symmetric-only encryption. This should solve a couple
      of compatibility problems because the old algorithms are optional
      according to RFC2440

    * Twofish and MDC enhanced encryption is now used.  PGP 7 supports
      this.  Older versions of GnuPG don't support it, so they should be
      upgraded to at least 1.0.2

Revision 1.14 / (download) - annotate - [select for diffs], Sat Sep 9 19:40:21 2000 UTC (23 years, 6 months ago) by fredb
Branch: MAIN
Changes since 1.13: +3 -7 lines
Diff to previous 1.13 (colored) to selected 1.96 (colored)

Reorganize crypto handling, as discussed on tech-pkg. Remove all
RESTRICTED= variables that were predicated on former U.S. export
regulations. Add CRYPTO=, as necessary, so it's still possible to
exclude all crypto packages from a build by setting MKCRYPTO=no
(but "lintpkgsrc -R" will no longer catch them).

Specifically,

- - All packages which set USE_SSL just lose their RESTRICTED
    variable, since MKCRYPTO responds to USE_SSL directly.
- - realplayer7 and ns-flash keep their RESTRICTED, which is based
    on license terms, but also gain the CRYPTO variable.
- - srp-client is now marked broken, since the distfile is evidently
    no longer available. On this, we're no worse off than before.
    [We haven't been mirroring the distfile, or testing the build!]
- - isakmpd gets CRYPTO for RESTRICTED, but remains broken.
- - crack loses all restrictions, as it does not evidently empower
    a user to utilize strong encryption (working definition: ability
    to encode a message that requires a secret key plus big number
    arithmetic to decode).

Revision 1.13 / (download) - annotate - [select for diffs], Fri Aug 18 22:46:47 2000 UTC (23 years, 7 months ago) by hubertf
Branch: MAIN
Changes since 1.12: +2 -1 lines
Diff to previous 1.12 (colored) to selected 1.96 (colored)

Replace MIRROR_DISTFILES and NO_CDROM with the more descriptive and
more fine-grained NO_{BIN,SRC}_ON_{FTP,CDROM} definitions.

MIRROR_DISTFILES and NO_CDROM are now dead.

Revision 1.12 / (download) - annotate - [select for diffs], Mon Jul 31 04:14:10 2000 UTC (23 years, 8 months ago) by jlam
Branch: MAIN
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored) to selected 1.96 (colored)

The gettext package gained a shared library.  For all packages which
link against libintl.so, update the dependency on gettext to >=0.10.35nb1.

Revision 1.11 / (download) - annotate - [select for diffs], Sun Jul 16 23:05:38 2000 UTC (23 years, 8 months ago) by wiz
Branch: MAIN
Changes since 1.10: +1 -5 lines
Diff to previous 1.10 (colored) to selected 1.96 (colored)

Man page is not distributed by itself anymore. (undo last commit, fix it
correctly)

Revision 1.10 / (download) - annotate - [select for diffs], Sun Jul 16 17:10:24 2000 UTC (23 years, 8 months ago) by mason
Branch: MAIN
Changes since 1.9: +3 -3 lines
Diff to previous 1.9 (colored) to selected 1.96 (colored)

Corrected distfile name (two places) so package builds.

Revision 1.9 / (download) - annotate - [select for diffs], Sat Jul 15 11:25:57 2000 UTC (23 years, 8 months ago) by wiz
Branch: MAIN
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored) to selected 1.96 (colored)

Set maintainer to wiz@netbsd.org.

Revision 1.8 / (download) - annotate - [select for diffs], Sat Jul 15 11:24:27 2000 UTC (23 years, 8 months ago) by wiz
Branch: MAIN
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored) to selected 1.96 (colored)

Update gnupg to 1.0.2. NetBSD changes had been mailed to author and
have been integrated.
Relevant Changes:
* Fixed expiration handling of encryption keys.
* Add an experimental feature to do unattended key generation.
* The user is now asked for the reason of revocation as required by
  the new OpenPGP draft.
* There is a ~/.gnupg/random_seed file now which saves the state of
  the internal RNG and increases system performance somewhat.  This
  way the full entropy source is only used in cases were it is really
  required. Use the option --no-random-seed-file to disable this
  feature.
* New options --ignore-time-conflict and --lock-never.
* Encryption is now much faster: About 2 times for 1k bit keys and 8
  times for 4k keys.
* New encryption keys are generated in a way which allows a much
  faster decryption.
* New command --export-secret-subkeys which outputs the _primary_
  key with it's secret parts deleted.  This is useful for automated
  decryption/signature creation as it allows to keep the real secret
  primary key offline and thereby protecting the key certificates and
  allowing to create revocations for the subkeys.  See the FAQ for a
  procedure to install such secret keys.
* Keygeneration now writes to the first writeable keyring or as
  default to the one in the homedirectory.  Prior versions ignored all
  --keyring options.
* New option --command-fd to take user input from a file descriptor;
  to be used with --status-fd by software which uses GnuPG as a
  backend.
* There is a new status PROGRESS which is used to show progress during
  key generation.
* Support for the new MDC encryption packets.  To create them either
  --force-mdc must be use or cipher algorithm with a blocksize other
  than 64 bits is to be used.  --openpgp currently disables MDC
  packets entirely.  This option should not yet be used.
* New option --no-auto-key-retrieve to disable retrieving of a missing
  public key from a keyerver, when a keyerver has been set.
* Danish, Esperanto, Japanese, Dutch, and Swedish translations

Revision 1.7 / (download) - annotate - [select for diffs], Thu Mar 2 08:21:31 2000 UTC (24 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.6: +7 -1 lines
Diff to previous 1.6 (colored) to selected 1.96 (colored)

Fetch and install man page, as noted by Markus Kurek
<kurek@uni-duisburg.de> in pkg/9519. Also defuzz patches.

Revision 1.6 / (download) - annotate - [select for diffs], Sun Feb 27 04:16:55 2000 UTC (24 years, 1 month ago) by wiz
Branch: MAIN
CVS Tags: netbsd-1-4-PATCH002
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored) to selected 1.96 (colored)

Update gnupg to 1.0.1, as PR'd by
Takahiro Kambe <taca@sky.yamashina.kyoto.jp> in pkg/9477.

Changes since 1.0.0:
    * New command --verify-files.  New option --fast-list-mode.
    * $http_proxy is now used when --honor-http-proxy is set.
    * Fixed some minor bugs and the problem with conventional encrypted
      packets which did use the gpg v3 partial length headers.
    * Add Indonesian and Portugese translations.
    * Fixed a bug with symmetric-only encryption using the non-default 3DES.
      The option --emulate-3des-s2k-bug may be used to decrypt documents
      which have been encrypted this way; this should be done immediately
      as this workaround will be remove in 1.1
    * Can now handle (but not display) PGP's photo IDs. I don't know the
      format of that packet but after stripping a few bytes from the start
      it looks like a JPEG (at least my test data).  Handling of this
      package is required because otherwise it would mix up the
      self signatures and you can't import those keys.
    * Passing non-ascii user IDs on the commandline should now work in all
      cases.
    * New keys are now generated with an additional preference to Blowfish.
    * Removed the GNU Privacy Handbook from the distribution as it will go
      into a separate one.

Revision 1.5 / (download) - annotate - [select for diffs], Mon Jan 10 19:11:09 2000 UTC (24 years, 2 months ago) by hubertf
Branch: MAIN
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored) to selected 1.96 (colored)

be consistent on which version to wildcard

Revision 1.4 / (download) - annotate - [select for diffs], Thu Dec 2 15:50:43 1999 UTC (24 years, 4 months ago) by frueauf
Branch: MAIN
Changes since 1.3: +10 -5 lines
Diff to previous 1.3 (colored) to selected 1.96 (colored)

Update gnupg to 1.0.0. As sideeffect this fixes pr 8826 and pr 8606.

/* XXX someone should test this in i386/aout, maybe that broke
       in exchange, so someone would need to fix it. I have no system
       to test on. But since this package was totaly broken, its an
       improvement...							XXX */

Noteworthy changes in version 1.0.0 (1999-09-07)
-----------------------------------

    * Add a very preliminary version of the GNU Privacy Handbook to
      the distribution (lynx doc/gph/index.html).

    * Changed the version number to GnuPG 2001 ;-)


Noteworthy changes in version 0.9.11
------------------------------------

    * UTF-8 strings are now correctly printed (if --charset is set correctly).
      Output of --with-colons remains C-style escaped UTF-8.

    * Workaround for a problem with PGP 5 detached signature in textmode.

    * Fixed a problem when importing new subkeys (duplicated signatures).

Noteworthy changes in version 0.9.10
------------------------------------

    * Some strange new options to help pgpgpg

    * Cleaned up the dox a bit.


Noteworthy changes in version 0.9.9
-----------------------------------

    * New options --[no-]utf8-strings.

    * New edit-menu commands "enable" and "disable" for entire keys.

    * You will be asked for a filename if gpg cannot deduce one.

    * Changes to support libtool which is needed for the development
      of libgcrypt.

    * New script tools/lspgpot to help transferring assigned
      trustvalues from PGP to GnuPG.

    * New commands --lsign-key and made --sign-key a shortcut for --edit
      and sign.

    * New options (#122--126 ;-) --[no-]default-recipient[-self],
      --disable-{cipher,pubkey}-algo. See the man page.

    * Enhanced info output in case of multiple recipients and fixed exit code.

    * New option --allow-non-selfsigned-uid to work around a problem with
      the German IN way of separating signing and encryption keys.


Noteworthy changes in version 0.9.8
-----------------------------------

    * New subcommand "delsig" in the edit menu.

    * The name of the output file is not anymore the one which is
      embedded in the processed message, but the used filename with
      the extension stripped.  To revert to the old behaviour you can
      use the option --use-embedded-filename.

    * Another hack to cope with pgp2 generated detached signatures.

    * latin-2 character set works (--charset=iso-8859-2).

    * New option --with-key-data to list the public key parameters.
      New option -N to insert notations and a --set-policy-url.
      A couple of other options to allow reseting of options.

    * Better support for HPUX.


Noteworthy changes in version 0.9.7
-----------------------------------

    * Add some work arounds for a bugs in pgp 2 which led to bad signatures
      when used with canonical texts in some cases.

    * Enhanced some status outputs.

Noteworthy changes in version 0.9.6
-----------------------------------

    * Twofish is now statically linked by default. The experimental 128 bit
      version is now disabled.  Full support will be available as soon as
      the OpenPGP WG has decided on an interpretation of rfc2440.

    * Dropped support for the ancient Blowfish160 which is not OpenPGP.

    * Merged gpgm and gpg into one binary.

    * Add "revsig" and "revkey" commands to the edit menu.  It is now
      possible to revoke signature and subkeys.

Revision 1.3 / (download) - annotate - [select for diffs], Fri Apr 9 09:39:20 1999 UTC (24 years, 11 months ago) by agc
Branch: MAIN
CVS Tags: netbsd-1-4-RELEASE, netbsd-1-4-PATCH001, comdex-fall-1999
Changes since 1.2: +8 -3 lines
Diff to previous 1.2 (colored) to selected 1.96 (colored)

Make this package work on Solaris.

Revision 1.2 / (download) - annotate - [select for diffs], Thu Apr 8 15:22:40 1999 UTC (24 years, 11 months ago) by mellon
Branch: MAIN
Changes since 1.1: +4 -2 lines
Diff to previous 1.1 (colored) to selected 1.96 (colored)

Undo some damage pkglint insisted on.

Revision 1.1 / (download) - annotate - [select for diffs], Wed Apr 7 23:01:27 1999 UTC (24 years, 11 months ago) by mellon
Branch: MAIN
Diff to selected 1.96 (colored)

GNU Privacy Guard (a PGP replacement)

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>