The NetBSD Project

CVS log for pkgsrc/security/gnupg2/distinfo

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / security / gnupg2

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.66 / (download) - annotate - [select for diffs], Tue Jan 12 11:49:56 2021 UTC (6 days, 6 hours ago) by adam
Branch: MAIN
CVS Tags: HEAD
Changes since 1.65: +5 -5 lines
Diff to previous 1.65 (colored)

gnupg2: updated to 2.2.27

Noteworthy changes in version 2.2.27 (2021-01-11)
-------------------------------------------------
 * gpg: Fix regression in 2.2.24 for gnupg_remove function under
   Windows.
 * gpgconf: Fix case with neither local nor global gpg.conf.
 * gpgconf: Fix description of two new options.
 * Build Windows installer without timestamps.  Note that the
   Authenticode signatures still carry a timestamp.
  Release-info: https://dev.gnupg.org/T5234
  See-also: gnupg-announce/2021q1/000452.html


Noteworthy changes in version 2.2.26 (2020-12-21)
-------------------------------------------------
  * gpg: New AKL method "ntds".
  * gpg: Fix --trusted-key with fingerprint arg.
  * scd: Fix writing of ECC keys to an OpenPGP card.
  * scd: Make an USB error fix specific to SPR532 readers.
  * dirmngr: With new LDAP keyservers store the new attributes.  Never
    store the useless pgpSignerID.  Fix a long standing bug storing
    some keys on an ldap server.
  * dirmngr: Support the new Active Direcory LDAP schema for
    keyservers.
  * dirmngr: Allow LDAP OpenPGP searches via fingerprint.
  * dirmngr: Do not block other threads during keyserver LDAP calls.
  * Support global configuration files.
  * Fix the iconv fallback handling to UTF-8.
  Release-info: https://dev.gnupg.org/T5153
  See-also: gnupg-announce/2020q4/000451.html

Revision 1.65 / (download) - annotate - [select for diffs], Thu Dec 3 12:10:20 2020 UTC (6 weeks, 4 days ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base, pkgsrc-2020Q4
Changes since 1.64: +5 -5 lines
Diff to previous 1.64 (colored)

gnupg2: updated to 2.2.25

Noteworthy changes in version 2.2.25
* scd: Fix regression in 2.2.24 requiring gpg --card-status before
  signing or decrypting.
* gpgsm: Using Libksba 1.5.0 signatures with a rarely used
  combination of attributes can now be verified.

Revision 1.64 / (download) - annotate - [select for diffs], Wed Nov 18 13:06:44 2020 UTC (2 months ago) by adam
Branch: MAIN
Changes since 1.63: +5 -5 lines
Diff to previous 1.63 (colored)

gnupg2: updated to 2.2.24

Noteworthy changes in version 2.2.24
------------------------------------

  * Allow Unicode file names on Windows almost everywhere.  Note that
    it is still not possible to use Unicode strings on the command
    line.  This change also fixes a regression in 2.2.22 related to
    non-ascii file names.

  * Fix localized time printing on Windows.

  * gpg: New command --quick-revoke-sig.

  * gpg: Do not use weak digest algos if selected by recipient
    preference during sign+encrypt.

  * gpg: Switch to AES256 for symmetric encryption in de-vs mode.

  * gpg: Silence weak digest warnings with --quiet.

  * gpg: Print new status line CANCELED_BY_USER for a cancel during
    symmetric encryption.

  * gpg: Fix the encrypt+sign hash algo preference selection for
    ECDSA.  This is in particular needed for keys created from
    existing smartcard based keys.

  * agent: Fix secret key import of GnuPG 2.3 generated Ed25519 keys.

  * agent: Keep some permissions of private-keys-v1.d.

  * dirmngr: Align sks-keyservers.netCA.pem use between ntbtls and
    gnutls builds.

  * dirmngr: Fix the pool keyserver case for a single host in the
    pool.

  * scd: Fix the use case of verify_chv2 by CHECKPIN.

  * scd: Various improvements to the ccid-driver.

  * scd: Minor fixes for Yubikey

  * gpgconf: New option --show-versions.

  * w32: Install gpg-check-pattern and example profiles.  Install
    Windows subsystem variant of gpgconf (gpgconf-w32).

  * i18n: Complete overhaul and completion of the Italian translation.
    Thanks to Denis Renzi.

  * Require Libgcrypt 1.8 because 1.7 has long reached end-of-life.

Revision 1.63 / (download) - annotate - [select for diffs], Sat Sep 5 10:25:52 2020 UTC (4 months, 1 week ago) by js
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base, pkgsrc-2020Q3
Changes since 1.62: +5 -5 lines
Diff to previous 1.62 (colored)

Update security/gnupg2 to 2.2.23

Fixes a criticial vulnerability: https://dev.gnupg.org/T5050


Noteworthy changes in version 2.2.22
====================================

  * gpg: Change the default key algorithm to rsa3072.

  * gpg: Add regular expression support for Trust Signatures on all
    platforms.  [#4843]

  * gpg: Fix regression in 2.2.21 with non-default --passphrase-repeat
    option.  [#4991]

  * gpg: Ignore --personal-digest-prefs for ECDSA keys.  [#5021]

  * gpgsm: Make rsaPSS a de-vs compliant scheme.

  * gpgsm: Show also the SHA256 fingerprint in key listings.

  * gpgsm: Do not require a default keyring for --gpgconf-list.  [#4867]

  * gpg-agent: Default to extended key format and record the creation
    time of keys.  Add new option --disable-extended-key-format.

  * gpg-agent: Support the WAYLAND_DISPLAY envvar.  [#5016]

  * gpg-agent: Allow using --gpgconf-list even if HOME does not
    exist.  [#4866]

  * gpg-agent: Make the Pinentry work even if the envvar TERM is set
    to the empty string.  [#4137]

  * scdaemon: Add a workaround for Gnuk tokens <= 2.15 which wrongly
    incremented the error counter when using the "verify" command of
    "gpg --edit-key" with only the signature key being present.

  * dirmngr: Better handle systems with disabled IPv6.  [#4977]

  * gpgpslit: Install tool.  It was not installed in the past to avoid
    conflicts with the version installed by GnuPG 1.4.  [#5023]

  * gpgtar: Handle Unicode file names on Windows correctly (requires
    libgpg-error 1.39).  [#4083]

  * gpgtar: Make --files-from and --null work as documented.  [#5027]

  * Build the Windows installer with the new Ntbtls 0.2.0 so that TLS
    connections succeed for servers demanding GCM.

  Release-info: https://dev.gnupg.org/T5030


Noteworthy changes in version 2.2.23
====================================

  * gpg: Fix AEAD preference list overflow.  [#5050]

  * gpg: Fix a possible segv in the key cleaning code.

  * gpgsm: Fix a minor RFC2253 parser bug.  [#5037]

  * scdaemon: Fix a PIN verify failure on certain OpenPGP card
    implementations.  Regression in 2.2.22.  [#5039]

  * po: Fix bug in the Hungarian translation.  Updates for the Czech,
    Polish, and Ukrainian translations.

  Release-info: https://dev.gnupg.org/T5045

Revision 1.62 / (download) - annotate - [select for diffs], Tue Aug 18 09:39:23 2020 UTC (5 months ago) by schmonz
Branch: MAIN
Changes since 1.61: +2 -1 lines
Diff to previous 1.61 (colored)

Provide a definition of IN_EXCL_UNLINK for Linux < 2.6.36, and link with -lrt.
Fixes build on CentOS 6. Still builds on CentOS 7, Debian 9 and 10, Devuan 3.

Revision 1.61 / (download) - annotate - [select for diffs], Fri Jul 24 10:47:45 2020 UTC (5 months, 3 weeks ago) by adam
Branch: MAIN
Changes since 1.60: +5 -5 lines
Diff to previous 1.60 (colored)

gnupg2: updated to 2.2.21

Noteworthy changes in version 2.2.21
* gpg: Improve symmetric decryption speed by about 25%.
* gpg: Support decryption of AEAD encrypted data packets.
* gpg: Add option --no-include-key-block.
* gpg: Allow for extra padding in ECDH.
* gpg: Only a single pinentry is shown for symmetric encryption if
  the pinentry supports this.
* gpg: Print a note if no keys are given to --delete-key.
* gpg,gpgsm: The ridiculous passphrase quality bar is not anymore
  shown.
* gpgsm: Certificates without a CRL distribution point are now
  considered valid without looking up a CRL.  The new option
  --enable-issuer-based-crl-check can be used to revert to the
  former behaviour.
* gpgsm: Support rsaPSS signature verification.
* gpgsm: Unless CRL checking is disabled lookup a missing issuer
  certificate using the certificate's authorityInfoAccess.
* gpgsm: Print the certificate's serial number also in decimal
  notation.
* gpgsm: Fix possible NULL-deref in messages of --gen-key.
* scd: Support the CardOS 5 based D-Trust Card 3.1.
* dirmngr: Allow http URLs with "LOOKUP --url".
* wkd: Take name of sendmail from configure.  Fixes an OpenBSD
  specific bug.

Revision 1.60 / (download) - annotate - [select for diffs], Sat Mar 21 07:24:30 2020 UTC (9 months, 4 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1
Changes since 1.59: +5 -5 lines
Diff to previous 1.59 (colored)

gnupg2: updated to 2.2.20

Noteworthy changes in version 2.2.20:
* Protect the error counter against overflow to guarantee that the
  tools can't be tricked into returning success after an error.
* gpg: Make really sure that --verify-files always returns an error.
* gpg: Fix key listing --with-secret if a pattern is given.
* gpg: Fix detection of certain keys used as default-key.
* gpg: Fix default-key selection when a card is available.
* gpg: Fix key expiration and key usage for keys created with a
  creation date of zero.
* gpgsm: Fix import of some CR,LF terminated certificates.
* gpg: New options --include-key-block and --auto-key-import to
  allow encrypted replies after an initial signed message.
* gpg: Allow the use of a fingerprint with --trusted-key.
* gpg: New property "fpr" for use by --export-filter.
* scdaemon: Disable the pinpad if a KDF DO is used.
* dirmngr: Improve finding OCSP certificates.
* Avoid build problems with LTO or gcc-10.

Revision 1.59 / (download) - annotate - [select for diffs], Mon Dec 9 18:44:52 2019 UTC (13 months, 1 week ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4
Changes since 1.58: +5 -5 lines
Diff to previous 1.58 (colored)

gnupg2: updated to 2.2.19

Noteworthy changes in version 2.2.19:

* gpg: Fix double free when decrypting for hidden recipients.
  Regression in 2.2.18.

* gpg: Use auto-key-locate for encryption even for mail addressed
  given with angle brackets.

* gpgsm: Add special case for certain expired intermediate
  certificates.

Revision 1.58 / (download) - annotate - [select for diffs], Wed Nov 27 12:17:08 2019 UTC (13 months, 3 weeks ago) by ryoon
Branch: MAIN
Changes since 1.57: +5 -5 lines
Diff to previous 1.57 (colored)

Update to 2.2.18

Changelog:
Noteworthy changes in version 2.2.18 (2019-11-25)
-------------------------------------------------

  * gpg: Changed the way keys are detected on a smartcards; this
    allows the use of non-OpenPGP cards.  In the case of a not very
    likely regression the new option --use-only-openpgp-card is
    available.  [#4681]

  * gpg: The commands --full-gen-key and --quick-gen-key now allow
    direct key generation from supported cards.  [#4681]

  * gpg: Prepare against chosen-prefix SHA-1 collisions in key
    signatures.  This change removes all SHA-1 based key signature
    newer than 2019-01-19 from the web-of-trust.  Note that this
    includes all key signature created with dsa1024 keys.  The new
    option --allow-weak-key-signatues can be used to override the new
    and safer behaviour.  [#4755,CVE-2019-14855]

  * gpg: Improve performance for import of large keyblocks.  [#4592]

  * gpg: Implement a keybox compression run.  [#4644]

  * gpg: Show warnings from dirmngr about redirect and certificate
    problems (details require --verbose as usual).

  * gpg: Allow to pass the empty string for the passphrase if the
    '--passphase=' syntax is used.  [#4633]

  * gpg: Fix printing of the KDF object attributes.

  * gpg: Avoid surprises with --locate-external-key and certain
    --auto-key-locate settings.  [#4662]

  * gpg: Improve selection of best matching key.  [#4713]

  * gpg: Delete key binding signature when deletring a subkey.
    [#4665,#4457]

  * gpg: Fix a potential loss of key sigantures during import with
    self-sigs-only active.  [#4628]

  * gpg: Silence "marked as ultimately trusted" diagnostics if
    option --quiet is used.  [#4634]

  * gpg: Silence some diagnostics during in key listsing even with
    option --verbose.  [#4627]

  * gpg, gpgsm: Change parsing of agent's pkdecrypt results.  [#4652]

  * gpgsm: Support AES-256 keys.

  * gpgsm: Fix a bug in triggering a keybox compression run if
    --faked-system-time is used.

  * dirmngr: System CA certificates are no longer used for the SKS
    pool if GNUTLS instead of NTBTLS is used as TLS library.  [#4594]

  * dirmngr: On Windows detect usability of IPv4 and IPv6 interfaces
    to avoid long timeouts.  [#4165]

  * scd: Fix BWI value for APDU level transfers to make Gemalto Ezio
    Shield and Trustica Cryptoucan work.  [#4654,#4566]

  * wkd: gpg-wks-client --install-key now installs the required policy
    file.

Revision 1.57 / (download) - annotate - [select for diffs], Wed Jul 10 09:28:24 2019 UTC (18 months, 1 week ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3
Changes since 1.56: +5 -5 lines
Diff to previous 1.56 (colored)

gnupg2: updated to 2.2.17

Noteworthy changes in version 2.2.17:
* gpg: Ignore all key-signatures received from keyservers.  This
  change is required to mitigate a DoS due to keys flooded with
  faked key-signatures.  The old behaviour can be achieved by adding
    keyserver-options no-self-sigs-only,no-import-clean
  to your gpg.conf.
* gpg: If an imported keyblocks is too large to be stored in the
  keybox (pubring.kbx) do not error out but fallback to an import
  using the options "self-sigs-only,import-clean".
* gpg: New command --locate-external-key which can be used to
  refresh keys from the Web Key Directory or via other methods
  configured with --auto-key-locate.
* gpg: New import option "self-sigs-only".
* gpg: In --auto-key-retrieve prefer WKD over keyservers.
* dirmngr: Support the "openpgpkey" subdomain feature from
  draft-koch-openpgp-webkey-service-07.
* dirmngr: Add an exception for the "openpgpkey" subdomain to the
  CSRF protection.
* dirmngr: Fix endless loop due to http errors 503 and 504.
* dirmngr: Fix TLS bug during redirection of HKP requests.
* gpgconf: Fix a race condition when killing components.

Revision 1.56 / (download) - annotate - [select for diffs], Sun Jun 2 09:29:09 2019 UTC (19 months, 2 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2
Changes since 1.55: +5 -5 lines
Diff to previous 1.55 (colored)

gnupg2: updated to 2.2.16

Noteworthy changes in version 2.2.16:
* gpg,gpgsm: Fix deadlock on Windows due to a keybox sharing
  violation.
* gpg: Allow deletion of subkeys with --delete-key.  This finally
  makes the bang-suffix work as expected for that command.
* gpg: Replace SHA-1 by SHA-256 in self-signatures when updating
  them with --quick-set-expire or --quick-set-primary-uid.
* gpg: Improve the photo image viewer selection.
* gpg: Fix decryption with --use-embedded-filename.
* gpg: Remove hints on using the --keyserver option.
* gpg: Fix export of certain secret keys with comments.
* gpg: Reject too long user-ids in --quick-gen-key.
* gpg: Fix a double free in the best key selection code.
* gpg: Fix the key generation dialog for switching back from EdDSA
  to ECDSA.
* gpg: Use AES-192 with SHA-384 to comply with RFC-6637.
* gpg: Use only the addrspec from the Signer's UID subpacket to
  mitigate a problem with another implementation.
* gpg: Skip invalid packets during a keyring listing and sync
  diagnostics with the output.
* gpgsm: Avoid confusing diagnostic when signing with the default
  key.
* agent: Do not delete any secret key in --dry-run mode.
* agent: Fix failures on 64 bit big-endian boxes related to URIs in
  a keyfile.
* agent: Stop scdaemon after a reload with disable-scdaemon newly
  configured.
* dirmngr: Improve caching algorithm for WKD domains.
* dirmngr: Support other hash algorithms than SHA-1 for OCSP.
* gpgconf: Make --homedir work for --launch.
* gpgconf: Before --launch check for a valid config file.
* wkd: Do not import more than 5 keys from one WKD address.
* wkd: Accept keys which are stored in armored format in the
  directory.
* The installer for Windows now comes with signed binaries.

Revision 1.55 / (download) - annotate - [select for diffs], Mon Apr 1 08:30:04 2019 UTC (21 months, 2 weeks ago) by adam
Branch: MAIN
Changes since 1.54: +5 -6 lines
Diff to previous 1.54 (colored)

gnupg2: updated to 2.2.15

Noteworthy changes in version 2.2.15:
* sm: Fix --logger-fd and --status-fd on Windows for non-standard
  file descriptors.
* sm: Allow decryption even if expired keys are configured.
* agent: Change command KEYINFO to print ssh fingerprints with other
  hash algos.
* dirmngr: Fix build problems on Solaris due to the use of reserved
  symbol names.
* wkd: New commands --print-wkd-hash and --print-wkd-url for
  gpg-wks-client.

Revision 1.54 / (download) - annotate - [select for diffs], Wed Mar 27 09:42:15 2019 UTC (21 months, 3 weeks ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1
Changes since 1.53: +2 -1 lines
Diff to previous 1.53 (colored)

gnupg2: Fix build.

Revision 1.53 / (download) - annotate - [select for diffs], Wed Mar 20 06:39:52 2019 UTC (22 months ago) by adam
Branch: MAIN
Changes since 1.52: +5 -5 lines
Diff to previous 1.52 (colored)

gnupg2: updated to 2.2.14

Noteworthy changes in version 2.2.14:
* gpg: Allow import of PGP desktop exported secret keys.  Also avoid
 importing secret keys if the secret keyblock is not valid.
* gpg: Do not error out on version 5 keys in the local keyring.
* gpg: Make invalid primary key algo obvious in key listings.
* sm: Do not mark a certificate in a key listing as de-vs compliant
  if its use for a signature will not be possible.
* sm: Fix certificate creation with key on card.
* sm: Create rsa3072 bit certificates by default.
* sm: Print Yubikey attestation extensions with --dump-cert.
* agent: Fix cancellation handling for scdaemon.
* agent: Support --mode=ssh option for CLEAR_PASSPHRASE.
* scd: Fix flushing of the CA-FPR DOs in app-openpgp.
* scd: Avoid a conflict error with the "undefined" app.
* dirmngr: Add CSRF protection exception for protonmail.
* dirmngr: Fix build problems with gcc 9 in libdns.
* gpgconf: New option --show-socket for use wity --launch.
* gpgtar: Make option -C work for archive creation.

Revision 1.52 / (download) - annotate - [select for diffs], Wed Feb 13 16:06:44 2019 UTC (23 months ago) by adam
Branch: MAIN
Changes since 1.51: +5 -5 lines
Diff to previous 1.51 (colored)

gnupg2: updated to 2.2.13

Noteworthy changes in version 2.2.13:
* gpg: Implement key lookup via keygrip (using the & prefix).
* gpg: Allow generating Ed25519 key from existing key.
* gpg: Emit an ERROR status line if no key was found with -k.
* gpg: Stop early when trying to create a primary Elgamal key.
* gpgsm: Print the card's key algorithms along with their keygrips
  in interactive key generation.
* agent: Clear bogus pinentry cache in the error case.
* scd: Support "acknowledge button" feature.
* scd: Fix for USB INTERRUPT transfer.
* wks: Do no use compression for the the encrypted challenge and
  response

Revision 1.51 / (download) - annotate - [select for diffs], Thu Dec 20 19:33:27 2018 UTC (2 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base, pkgsrc-2018Q4
Changes since 1.50: +5 -5 lines
Diff to previous 1.50 (colored)

gnupg2: updated to 2.2.12

Noteworthy changes in version 2.2.12:

  * tools: New commands --install-key and --remove-key for
    gpg-wks-client.  This allows to prepare a Web Key Directory on a
    local file system for later upload to a web server.

  * gpg: New --list-option "show-only-fpr-mbox".  This makes the use
    of the new gpg-wks-client --install-key command easier on Windows.

  * gpg: Improve processing speed when --skip-verify is used.

  * gpg: Fix a bug where a LF was accidentally written to the console.

  * gpg: --card-status now shwos whether a card has the new KDF
    feature enabled.

  * agent: New runtime option --s2k-calibration=MSEC.  New configure
    option --with-agent-s2k-calibration=MSEC.

  * dirmngr: Try another keyserver from the pool on receiving a 502,
    503, or 504 error.

  * dirmngr: Avoid possible CSRF attacks via http redirects.  A HTTP
    query will not anymore follow a 3xx redirect unless the Location
    header gives the same host.  If the host is different only the
    host and port is taken from the Location header and the original
    path and query parts are kept.

  * dirmngr: New command FLUSHCRL to flush all CRLS from disk and
    memory.

  * New simplified Chinese translation (zh_CN).

Revision 1.50 / (download) - annotate - [select for diffs], Wed Nov 7 11:59:08 2018 UTC (2 years, 2 months ago) by adam
Branch: MAIN
Changes since 1.49: +5 -5 lines
Diff to previous 1.49 (colored)

gnupg2: updated to 2.2.11

Noteworthy changes in version 2.2.11:

* gpgsm: Fix CRL loading when intermediate certicates are not yet
  trusted.

* gpgsm: Fix an error message about the digest algo.

* gpg: Fix a wrong warning due to new sign usage check introduced
  with 2.2.9.

* gpg: Print the "data source" even for an unsuccessful keyserver
  query.

* gpg: Do not store the TOFU trust model in the trustdb.  This
  allows to enable or disable a TOFO model without triggering a
  trustdb rebuild.

* scd: Fix cases of "Bad PIN" after using "forcesig".

* agent: Fix possible hang in the ssh handler.

* dirmngr: Tack the unmodified mail address to a WKD request.  See
  commit a2bd4a64e5b057f291a60a9499f881dd47745e2f for details.

* dirmngr: Tweak diagnostic about missing LDAP server file.

* dirmngr: In verbose mode print the OCSP responder id.

* dirmngr: Fix parsing of the LDAP port.

* wks: Add option --directory/-C to the server.  Always build the
  server on Unix systems.

* wks: Add option --with-colons to the client.  Support sites which
  use the policy file instead of the submission-address file.

* Fix EBADF when gpg et al. are called by broken CGI scripts.

* Fix some minor memory leaks and bugs.

Revision 1.49 / (download) - annotate - [select for diffs], Wed Sep 5 15:41:12 2018 UTC (2 years, 4 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base, pkgsrc-2018Q3
Changes since 1.48: +5 -5 lines
Diff to previous 1.48 (colored)

Update to 2.2.10

Changelog:
Noteworthy changes in version 2.2.10 (2018-08-30)
-------------------------------------------------

  gpg: Refresh expired keys originating from the WKD.  [#2917]

  gpg: Use a 256 KiB limit for a WKD imported key.

  gpg: New option --known-notation.  [#4060]

  scd: Add support for the Trustica Cryptoucan reader.

  agent: Speed up starting during on-demand launching.  [#3490]

  dirmngr: Validate SRV records in WKD queries.

Revision 1.48 / (download) - annotate - [select for diffs], Mon Jul 16 01:00:22 2018 UTC (2 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.47: +5 -5 lines
Diff to previous 1.47 (colored)

Update to 2.2.9

Changelog:
Noteworthy changes in version 2.2.9 (2018-07-12)
------------------------------------------------

  * dirmngr: Fix recursive resolver mode and other bugs in the libdns
    code.  [#3374,#3803,#3610]

  * dirmngr: When using libgpg-error 1.32 or later a GnuPG build with
    NTBTLS support (e.g. the standard Windows installer) does not
    anymore block for dozens of seconds before returning data.

  * gpg: Fix bug in --show-keys which actually imported revocation
    certificates.  [#4017]

  * gpg: Ignore too long user-ID and comment packets.  [#4022]

  * gpg: Fix crash due to bad German translation.  Improved printf
    format compile time check.

  * gpg: Handle missing ISSUER sub packet gracefully in the presence of
    the new ISSUER_FPR.  [#4046]

  * gpg: Allow decryption using several passphrases in most cases.
    [#3795,#4050]

  * gpg: Command --show-keys now enables the list options
    show-unusable-uids, show-unusable-subkeys, show-notations and
    show-policy-urls by default.

  * gpg: Command --show-keys now prints revocation certificates. [#4018]

  * gpg: Add revocation reason to the "rev" and "rvs" records of the
    option --with-colons.  [#1173]

  * gpg: Export option export-clean does now remove certain expired
    subkeys; export-minimal removes all expired subkeys.  [#3622]

  * gpg: New "usage" property for the drop-subkey filters.  [#4019]

  Release-info: https://dev.gnupg.org/T4036

  See-also: gnupg-announce/2018q3/000427.html

Revision 1.47 / (download) - annotate - [select for diffs], Sat Jun 9 18:08:34 2018 UTC (2 years, 7 months ago) by leot
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base, pkgsrc-2018Q2
Changes since 1.46: +5 -5 lines
Diff to previous 1.46 (colored)

gnupg2: Update security/gnupg to 2.2.8

Changes:
Noteworthy changes in version 2.2.8 (2018-06-08)
------------------------------------------------
  * gpg: Decryption of messages not using the MDC mode will now lead
    to a hard failure even if a legacy cipher algorithm was used.  The
    option --ignore-mdc-error can be used to turn this failure into a
    warning.  Take care: Never use that option unconditionally or
    without a prior warning.
  * gpg: The MDC encryption mode is now always used regardless of the
    cipher algorithm or any preferences.  For testing --rfc2440 can be
    used to create a message without an MDC.
  * gpg: Sanitize the diagnostic output of the original file name in
    verbose mode.  [#4012, CVE-2018-12020]
  * gpg: Detect suspicious multiple plaintext packets in a more
    reliable way.  [#4000]
  * gpg: Fix the duplicate key signature detection code.  [#3994]
  * gpg: The options --no-mdc-warn, --force-mdc, --no-force-mdc,
    --disable-mdc and --no-disable-mdc have no more effect.
  * agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the
    list of startup environment variables.  [#3947]

Revision 1.46 / (download) - annotate - [select for diffs], Fri May 4 06:08:40 2018 UTC (2 years, 8 months ago) by adam
Branch: MAIN
Changes since 1.45: +5 -5 lines
Diff to previous 1.45 (colored)

gnupg2: updated to 2.2.7

changes in version 2.2.7:
* gpg: New option --no-symkey-cache to disable the passphrase cache
  for symmetrical en- and decryption.
* gpg: The ERRSIG status now prints the fingerprint if that is part
  of the signature.
* gpg: Relax emitting of FAILURE status lines
* gpg: Add a status flag to "sig" lines printed with --list-sigs.
* gpg: Fix "Too many open files" when using --multifile.
* ssh: Return an error for unknown ssh-agent flags.
* dirmngr: Fix a regression since 2.1.16 which caused corrupted CRL
  caches under Windows.
* dirmngr: Fix a CNAME problem with pools and TLS.  Also use a fixed
  mapping of keys.gnupg.net to sks-keyservers.net.
* dirmngr: Try resurrecting dead hosts earlier (from 3 to 1.5 hours).
* dirmngr: Fallback to CRL if no default OCSP responder is configured.
* dirmngr: Implement CRL fetching via https.  Here a redirection to
  http is explictly allowed.
* dirmngr: Make LDAP searching and CRL fetching work under Windows.
  This stopped working with 2.1.
* agent,dirmngr: New sub-command "getenv" for "getinfo" to ease
  debugging.

Revision 1.45 / (download) - annotate - [select for diffs], Thu Apr 12 07:02:03 2018 UTC (2 years, 9 months ago) by adam
Branch: MAIN
Changes since 1.44: +5 -5 lines
Diff to previous 1.44 (colored)

gnupg2: updated to 2.2.6

Noteworthy changes in version 2.2.6:
* gpg,gpgsm: New option --request-origin to pretend requests coming
  from a browser or a remote site.
* gpg: Fix race condition on trustdb.gpg updates due to too early
  released lock.
* gpg: Emit FAILURE status lines in almost all cases.
* gpg: Implement --dry-run for --passwd to make checking a key's
  passphrase straightforward.
* gpg: Make sure to only accept a certification capable key for key
  signatures.
* gpg: Better user interaction in --card-edit for the factory-reset
  sub-command.
* gpg: Improve changing key attributes in --card-edit by adding an
  explicit "key-attr" sub-command.
* gpg: Print the keygrips in the --card-status.
* scd: Support KDF DO setup.
* scd: Fix some issues with PC/SC on Windows.
* scd: Fix suspend/resume handling in the CCID driver.
* agent: Evict cached passphrases also via a timer.
* agent: Use separate passphrase caches depending on the request
  origin.
* ssh: Support signature flags.
* dirmngr: Handle failures related to missing IPv6 support
  gracefully.
* Fix corner cases related to specified home directory with
  drive letter on Windows.
* Allow the use of UNC directory names as homedir.

Revision 1.44 / (download) - annotate - [select for diffs], Mon Feb 26 09:05:45 2018 UTC (2 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base, pkgsrc-2018Q1
Changes since 1.43: +5 -5 lines
Diff to previous 1.43 (colored)

gnupg2: updated to 2.2.5

version 2.2.5:

* gpg: Allow the use of the "cv25519" and "ed25519" short names in
  addition to the canonical curve names in --batch --gen-key.

* gpg: Make sure to print all secret keys with option --list-only
  and --decrypt.

* gpg: Fix the use of future-default with --quick-add-key for
  signing keys.

* gpg: Select a secret key by checking availability under gpg-agent.

* gpg: Fix reversed prompt texts for --only-sign-text-ids.

* gpg,gpgsm: Fix detection of bogus keybox blobs on 32 bit systems.

* gpgsm: Fix regression since 2.1 in --export-secret-key-raw which
  got $d mod (q-1)$ wrong.  Note that most tools automatically fixup
  that parameter anyway.

* ssh: Fix a regression in getting the client'd PID on *BSD and
  macOS.

* scd: Support the KDF Data Object of the OpenPGP card 3.3.

* scd: Fix a regression in the internal CCID driver for certain card
  readers.

* scd: Fix a problem on NetBSD killing scdaemon on gpg-agent
  shutdown.

* dirmngr: Improve returned error description on failure of DNS
  resolving.

* wks: Implement command --install-key for gpg-wks-server.

* Add option STATIC=1 to the Speedo build system to allow a build
  with statically linked versions of the core GnuPG libraries.  Also
  use --enable-wks-tools by default by Speedo builds for Unix.

Revision 1.43 / (download) - annotate - [select for diffs], Thu Dec 21 09:45:41 2017 UTC (3 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base, pkgsrc-2017Q4
Changes since 1.42: +5 -5 lines
Diff to previous 1.42 (colored)

gnupg2: updated to 2.2.4

Noteworthy changes in version 2.2.4:
  * gpg: Change default preferences to prefer SHA512.
  * gpg: Print a warning when more than 150 MiB are encrypted using a
    cipher with 64 bit block size.
  * gpg: Print a warning if the MDC feature has not been used for a
    message.
  * gpg: Fix regular expression of domain addresses in trust
    signatures.
  * agent: New option --auto-expand-secmem to help with high numbers
    of concurrent connections.  Requires libgcrypt 1.8.2 for having
    an effect.
  * dirmngr: Cache responses of WKD queries.
  * gpgconf: Add option --status-fd.
  * wks: Add commands --check and --remove-key to gpg-wks-server.
  * Increase the backlog parameter of the daemons to 64 and add
    option --listen-backlog.
  * New configure option --enable-run-gnupg-user-socket to first try a
    socket directory which is not removed by systemd at session end.

Revision 1.42 / (download) - annotate - [select for diffs], Fri Nov 24 12:33:10 2017 UTC (3 years, 1 month ago) by adam
Branch: MAIN
Changes since 1.41: +5 -5 lines
Diff to previous 1.41 (colored)

gnupg2: updated to 2.2.3

changes in version 2.2.3:
* gpgsm: Fix initial keybox creation on Windows.
* dirmngr: Fix crash in case of a CRL loading error.
* Fix the name of the Windows registry key.
* gpgtar: Fix wrong behaviour of --set-filename.
* gpg: Silence AKL retrieval messages.
* agent: Use clock or clock_gettime for calibration.
* agent: Improve robustness of the shutdown pending state.

Revision 1.41 / (download) - annotate - [select for diffs], Thu Nov 9 08:02:30 2017 UTC (3 years, 2 months ago) by adam
Branch: MAIN
Changes since 1.40: +5 -5 lines
Diff to previous 1.40 (colored)

gnupg2: updated to 2.2.2

changes in version 2.2.2:
  * gpg: Avoid duplicate key imports by concurrently running gpg
    processes.
  * gpg: Fix creating on-disk subkey with on-card primary key.
  * gpg: Fix validity retrieval for multiple keyrings.
  * gpg: Fix --dry-run and import option show-only for secret keys.
  * gpg: Print "sec" or "sbb" for secret keys with import option
    import-show.
  * gpg: Make import less verbose.
  * gpg: Add alias "Key-Grip" for parameter "Keygrip" and new
    parameter "Subkey-Grip" to unattended key generation.
  * gpg: Improve "factory-reset" command for OpenPGP cards.
  * gpg: Ease switching Gnuk tokens into ECC mode by using the magic
    keysize value 25519.
  * gpgsm: Fix --with-colon listing in crt records for fields > 12.
  * gpgsm: Do not expect X.509 keyids to be unique.
  * agent: Fix stucked Pinentry when using --max-passphrase-days.
  * agent: New option --s2k-count.
  * dirmngr: Do not follow https-to-http redirects.
  * dirmngr: Reduce default LDAP timeout from 100 to 15 seconds.
  * gpgconf: Ignore non-installed components for commands
    --apply-profile and --apply-defaults.
  * Add configure option --enable-werror.

Revision 1.40 / (download) - annotate - [select for diffs], Sat Sep 30 12:38:01 2017 UTC (3 years, 3 months ago) by adam
Branch: MAIN
Changes since 1.39: +5 -5 lines
Diff to previous 1.39 (colored)

gnupg2: update to 2.2.1

version 2.2.1:
* gpg: Fix formatting of the user id in batch mode key generation
  if only "name-email" is given.
* gpgv: Fix annoying "not suitable for" warnings.
* wks: Convey only the newest user id to the provider.  This is the
  case if different names are used with the same addr-spec.
* wks: Create a complying user id for provider policy mailbox-only.
* wks: Add workaround for posteo.de.
* scd: Fix the use of large ECC keys with an OpenPGP card.
* dirmngr: Use system provided root certificates if no specific HKP
  certificates are configured.  If build with GNUTLS, this was
  already the case.

Revision 1.39 / (download) - annotate - [select for diffs], Tue Aug 29 12:07:04 2017 UTC (3 years, 4 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base, pkgsrc-2017Q3
Changes since 1.38: +5 -6 lines
Diff to previous 1.38 (colored)

Updated gnupg2 to 2.2.0.

Noteworthy changes in version 2.2.0 (2017-08-28)
------------------------------------------------

  This is the new long term stable branch.  This branch will only see
  bug fixes and no new features.

  * gpg: Reverted change in 2.1.23 so that --no-auto-key-retrieve is
    again the default.

  * Fixed a few minor bugs.

Revision 1.38 / (download) - annotate - [select for diffs], Wed Apr 13 18:01:55 2016 UTC (4 years, 9 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2
Changes since 1.37: +5 -6 lines
Diff to previous 1.37 (colored)

Update gnupg2 to 2.0.30.

Noteworthy changes in version 2.0.30 (2016-03-31)
-------------------------------------------------

 * gpg: Avoid too early timeout during key generation with 2.1 cards.

 * agent: Fixed printing of ssh fingerprints for 384 bit ECDSA keys.

 * agent: Fixed an alignment bug related to the passphrase
   confirmation.

 * scdaemon: Fixed a "conflicting usage" bug.

 * scdaemon: Fixed usb card reader removal problem on Windows 8 and
   later.

 * Fixed a problem on AIX due to peculiarity with RLIMIT_NOFILE.

 * Updated the Japanese and Dutch translations.

 * Fixed a few other bugs.

Revision 1.37 / (download) - annotate - [select for diffs], Wed Nov 4 01:17:45 2015 UTC (5 years, 2 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4
Changes since 1.36: +2 -1 lines
Diff to previous 1.36 (colored)

Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.

Revision 1.36 / (download) - annotate - [select for diffs], Wed Sep 9 18:15:34 2015 UTC (5 years, 4 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3
Changes since 1.35: +5 -8 lines
Diff to previous 1.35 (colored)

Update security/gnupg2 to 2.0.29.

While here, clean up patches. They looked pretty cargo-culty to me and
were not commented.
File a bug report for one of the remaining ones and link to it from comment.

Changes in 2.0.29:

Noteworthy changes in version 2.0.29 (2015-09-08)
-------------------------------------------------

 * gpg: Print a PGP-2 fingerprint again instead of a row of "0".

 * gpg: Fixed a race condition from multiple several "gpg --verify".

 * gpg: Print FAILURE status lines to help GPGME.

 * gpgsm: Fixed a regression in CSR generation.

 * scdaemon: Fixed problems with some pinpads.

 * Fixed a few other bugs.

Revision 1.35 / (download) - annotate - [select for diffs], Wed Jun 3 21:00:39 2015 UTC (5 years, 7 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base, pkgsrc-2015Q2
Changes since 1.34: +4 -4 lines
Diff to previous 1.34 (colored)

Update to 2.0.28:

Noteworthy changes in version 2.0.28 (2015-06-02)
-------------------------------------------------

 * agent: Added support for an external password manager.

 * gpg: New command --list-gcrypt-config.

 * gpg: Issue NEWSIG status lines during signature verification.

 * gpgsm: The default hash algo for a CSR is now SHA-256 and the
   default encryption algo is AES-128.

 * scdaemon: Allow PC/SC reader selection by partial name match.

 * gpgtar: Fix extracting files with a size of a multiple of 512.

 * Fixed several other bugs.

 * Libgcrypt 1.5 is now required.

Revision 1.34 / (download) - annotate - [select for diffs], Sat Feb 21 09:08:53 2015 UTC (5 years, 10 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base, pkgsrc-2015Q1
Changes since 1.33: +4 -4 lines
Diff to previous 1.33 (colored)

Update to 2.0.27:

Noteworthy changes in version 2.0.27 (2015-02-18)
-------------------------------------------------

 * gpg: Detect faulty use of --verify on detached signatures.

 * gpg: New import option "keep-ownertrust".

 * gpg: Uses SHA-256 for all signature types also on RSA keys.

 * gpg: Added support for algo names when generating keys using the
   --command-fd method.

 * gpg: Unless --allow-weak-digest-algos is used the insecure MD5
   based fingerprints are shown as all zeroe

 * gpg: Fixed DoS based on bogus and overlong key packets.

 * gpg: Better error reporting for keyserver problems.

 * Fixed several bugs related to bogus keyrings and improved some
   other code.

Revision 1.33 / (download) - annotate - [select for diffs], Thu Jan 15 20:59:59 2015 UTC (6 years ago) by wiz
Branch: MAIN
Changes since 1.32: +2 -1 lines
Diff to previous 1.32 (colored)

Fix executable name in gpgkey2ssh tool.
From ISIHARA Takanori in PR 49576.

Bump PKGREVISION.

Revision 1.32 / (download) - annotate - [select for diffs], Sat Aug 16 12:14:28 2014 UTC (6 years, 5 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3
Changes since 1.31: +4 -4 lines
Diff to previous 1.31 (colored)

Update to 2.0.26:

Noteworthy changes in version 2.0.26 (2014-08-12)
-------------------------------------------------

 * gpg: Fix a regression in 2.0.24 if a subkey id is given
   to --recv-keys et al.

 * gpg: Cap attribute packets at 16MB.

 * gpgsm: Auto-create the ".gnupg" home directory in the same
   way gpg does.

 * scdaemon: Allow for certificates > 1024 when using PC/SC.

Revision 1.31 / (download) - annotate - [select for diffs], Tue Jul 22 11:30:00 2014 UTC (6 years, 5 months ago) by wiz
Branch: MAIN
Changes since 1.30: +4 -4 lines
Diff to previous 1.30 (colored)

Update to 2.0.25. Rename gpgsm option to gnupg2-gpgsm.

Noteworthy changes in version 2.0.25 (2014-06-30)
-------------------------------------------------

 * gpg: Fix a regression in 2.0.24 if more than one keyid is given
   to --recv-keys et al.

 * gpg: Cap RSA and Elgamal keysize at 4096 bit also for unattended
   key generation.

 * gpgsm: Fix a DISPLAY related problem with --export-secret-key-p12.

 * scdaemon: Support reader Gemalto IDBridge CT30.

Revision 1.30 / (download) - annotate - [select for diffs], Tue Jun 24 21:53:14 2014 UTC (6 years, 6 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base, pkgsrc-2014Q2
Changes since 1.29: +4 -4 lines
Diff to previous 1.29 (colored)

Update to 2.0.24, security fix:

Noteworthy changes in version 2.0.24 (2014-06-24)
-------------------------------------------------

 * gpg: Avoid DoS due to garbled compressed data packets.

 * gpg: Screen keyserver responses to avoid importing unwanted keys
   from rogue servers.

 * gpg: The validity of user ids is now shown by default.  To revert
   this add "list-options no-show-uid-validity" to gpg.conf.

 * gpg: Print more specific reason codes with the INV_RECP status.

 * gpg: Allow loading of a cert only key to an OpenPGP card.

 * gpg-agent: Make ssh support for ECDSA keys work with Libgcrypt 1.6.


Noteworthy changes in version 2.0.23 (2014-06-03)
-------------------------------------------------

 * gpg: Reject signatures made using the MD5 hash algorithm unless the
   new option --allow-weak-digest-algos or --pgp2 are given.

 * gpg: Do not create a trustdb file if --trust-model=always is used.

 * gpg: Only the major version number is by default included in the
   armored output.

 * gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the
   communication with the gpg-agent.

 * gpg: The format of the fallback key listing ("gpg KEYFILE") is now more
   aligned to the regular key listing ("gpg -k").

 * gpg: The option--show-session-key prints its output now before the
   decryption of the bulk message starts.

 * gpg: New %U expando for the photo viewer.

 * gpgsm: Improved handling of re-issued CA certificates.

 * scdaemon: Various fixes for pinpad equipped card readers.

 * Minor bug fixes.

Revision 1.28.2.1 / (download) - annotate - [select for diffs], Sat Oct 5 16:11:10 2013 UTC (7 years, 3 months ago) by spz
Branch: pkgsrc-2013Q3
Changes since 1.28: +4 -4 lines
Diff to previous 1.28 (colored) next main 1.29 (colored)

Pullup ticket #4239 - requested by wiz
security/gnupg2: security update

Revisions pulled up:
- security/gnupg2/Makefile                                      1.48
- security/gnupg2/distinfo                                      1.29

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Sat Oct  5 13:20:03 UTC 2013

   Modified Files:
   	pkgsrc/security/gnupg2: Makefile distinfo

   Log Message:
   Update to 2.0.22:

   Noteworthy changes in version 2.0.22 (2013-10-04)
   -------------------------------------------------

    * Fixed possible infinite recursion in the compressed packet
      parser. [CVE-2013-4402]

    * Improved support for some card readers.

    * Prepared building with the forthcoming Libgcrypt 1.6.

    * Protect against rogue keyservers sending secret keys.


   To generate a diff of this commit:
   cvs rdiff -u -r1.47 -r1.48 pkgsrc/security/gnupg2/Makefile
   cvs rdiff -u -r1.28 -r1.29 pkgsrc/security/gnupg2/distinfo

Revision 1.29 / (download) - annotate - [select for diffs], Sat Oct 5 13:20:03 2013 UTC (7 years, 3 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base, pkgsrc-2014Q1, pkgsrc-2013Q4-base, pkgsrc-2013Q4
Changes since 1.28: +4 -4 lines
Diff to previous 1.28 (colored)

Update to 2.0.22:

Noteworthy changes in version 2.0.22 (2013-10-04)
-------------------------------------------------

 * Fixed possible infinite recursion in the compressed packet
   parser. [CVE-2013-4402]

 * Improved support for some card readers.

 * Prepared building with the forthcoming Libgcrypt 1.6.

 * Protect against rogue keyservers sending secret keys.

Revision 1.28 / (download) - annotate - [select for diffs], Mon Sep 2 16:52:04 2013 UTC (7 years, 4 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base
Branch point for: pkgsrc-2013Q3
Changes since 1.27: +4 -5 lines
Diff to previous 1.27 (colored)

Update to 2.0.21:

Noteworthy changes in version 2.0.21 (2013-08-19)
-------------------------------------------------

 * gpg-agent: By default the users are now asked via the Pinentry
   whether they trust an X.509 root key.  To prohibit interactive
   marking of such keys, the new option --no-allow-mark-trusted may
   be used.

 * gpg-agent: The command KEYINFO has options to add info from
   sshcontrol.

 * The included ssh agent does now support ECDSA keys.

 * The new option --enable-putty-support allows gpg-agent to act on
   Windows as a Pageant replacement with full smartcard support.

 * Support installation as portable application under Windows.

Revision 1.27 / (download) - annotate - [select for diffs], Wed May 29 22:53:36 2013 UTC (7 years, 7 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base, pkgsrc-2013Q2
Changes since 1.26: +4 -4 lines
Diff to previous 1.26 (colored)

Update to 2.0.20:

Noteworthy changes in version 2.0.20 (2013-05-10)
-------------------------------------------------

 * Decryption using smartcards keys > 3072 bit does now work.

 * New meta option ignore-invalid-option to allow using the same
   option file by other GnuPG versions.

 * gpg: The hash algorithm is now printed for sig records in key listings.

 * gpg: Skip invalid keyblock packets during import to avoid a DoS.

 * gpg: Correctly handle ports from DNS SRV records.

 * keyserver: Improve use of SRV records

 * gpg-agent: Avoid tty corruption when killing pinentry.

 * scdaemon: Improve detection of card insertion and removal.

 * scdaemon: Rename option --disable-keypad to --disable-pinpad.

 * scdaemon: Better support for CCID readers.  Now, the internal CCID
   driver supports readers without the auto configuration feature.

 * scdaemon: Add pinpad input for PC/SC, if your reader has pinpad and
   it supports variable length PIN input, and you specify
   --enable-pinpad-varlen option.

 * scdaemon: New option --enable-pinpad-varlen.

 * scdaemon: Install into libexecdir to avoid accidental execution
   from the command line.

 * Support building using w64-mingw32.

 * Assorted bug fixes.

Revision 1.25.6.1 / (download) - annotate - [select for diffs], Fri Jan 18 16:43:23 2013 UTC (8 years ago) by tron
Branch: pkgsrc-2012Q4
Changes since 1.25: +2 -1 lines
Diff to previous 1.25 (colored) next main 1.26 (colored)

Pullup ticket #4029 - requested by drochner
security/gnupg2: security patch

Revisions pulled up:
- security/gnupg2/Makefile                                      1.42
- security/gnupg2/distinfo                                      1.26
- security/gnupg2/patches/patch-CVE-2012-6085                   1.1

---
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Tue Jan 15 11:21:50 UTC 2013

   Modified Files:
           pkgsrc/security/gnupg2: Makefile distinfo
   Added Files:
           pkgsrc/security/gnupg2/patches: patch-CVE-2012-6085

   Log Message:
   add patch from upstream to fix possible keyring corruption
   on import of corrupted keys (CVE-2012-6085), bump PKGREV
   from "Bug Hunting" per PR pkg/47442

Revision 1.26 / (download) - annotate - [select for diffs], Tue Jan 15 11:21:50 2013 UTC (8 years ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base, pkgsrc-2013Q1
Changes since 1.25: +2 -1 lines
Diff to previous 1.25 (colored)

add patch from upstream to fix possible keyring corruption
on import of corrupted keys (CVE-2012-6085), bump PKGREV
from "Bug Hunting" per PR pkg/47442

Revision 1.25 / (download) - annotate - [select for diffs], Tue Apr 17 18:35:33 2012 UTC (8 years, 9 months ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base, pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2
Branch point for: pkgsrc-2012Q4
Changes since 1.24: +4 -6 lines
Diff to previous 1.24 (colored)

update to 2.0.19
changes:
-cmd line UI improvements
-Ukrainian translation

Revision 1.24 / (download) - annotate - [select for diffs], Mon Sep 12 17:38:33 2011 UTC (9 years, 4 months ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base, pkgsrc-2012Q1, pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3
Changes since 1.23: +2 -1 lines
Diff to previous 1.23 (colored)

fix configure check for libcurl, from John Marshall on the gnupg-devel
mailing list
bump PKGREV

Revision 1.23 / (download) - annotate - [select for diffs], Thu Aug 11 10:46:10 2011 UTC (9 years, 5 months ago) by adam
Branch: MAIN
Changes since 1.22: +4 -4 lines
Diff to previous 1.22 (colored)

Changes 2.0.18:
* Bug fix for newer versions of Libgcrypt.
* Support the SSH confirm flag and show SSH fingerprints in ssh
  related pinentries.
* Improved dirmngr/gpgsm interaction for OCSP.
* Allow generation of card keys up to 4096 bit.

Revision 1.22 / (download) - annotate - [select for diffs], Thu May 5 08:55:23 2011 UTC (9 years, 8 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base, pkgsrc-2011Q2
Changes since 1.21: +2 -3 lines
Diff to previous 1.21 (colored)

Fix buildling with Clang

Revision 1.21 / (download) - annotate - [select for diffs], Thu Jan 20 08:54:56 2011 UTC (10 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base, pkgsrc-2011Q1
Changes since 1.20: +8 -9 lines
Diff to previous 1.20 (colored)

Changes 2.0.17:
* Allow more hash algorithms with the OpenPGP v2 card.
* The gpg-agent now tests for a new gpg-agent.conf on a HUP.
* Fixed output of "gpgconf --check-options".
* Fixed a bug where Scdaemon sends a signal to Gpg-agent running in
  non-daemon mode.
* Fixed TTY management for pinentries and session variable update
  problem.

Revision 1.20 / (download) - annotate - [select for diffs], Thu Sep 2 06:58:35 2010 UTC (10 years, 4 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3
Changes since 1.19: +3 -2 lines
Diff to previous 1.19 (colored)

Some fixes at update to 2.0.16.
* not using autogen.sh anymore, so remove some tools from USE_TOOLS.
* patch-ak does not effect anymore for above reason, add patch-ao for it.
  this patch is required to avoid conflict with security/gnupg.

Bump PKGREVISION.

Revision 1.19 / (download) - annotate - [select for diffs], Wed Sep 1 16:46:41 2010 UTC (10 years, 4 months ago) by drochner
Branch: MAIN
Changes since 1.18: +4 -12 lines
Diff to previous 1.18 (colored)

update to 2.0.16
changes:
-bugfixes
-New command --passwd for GPG
-Make use of libassuan 2.0 which is available as a DSO
-The gpg-agent commands KILLAGENT and RELOADAGENT are now available
 on all platforms

Revision 1.17.4.1 / (download) - annotate - [select for diffs], Sun Aug 8 16:42:51 2010 UTC (10 years, 5 months ago) by spz
Branch: pkgsrc-2010Q2
Changes since 1.17: +2 -1 lines
Diff to previous 1.17 (colored) next main 1.18 (colored)

Pullup ticket 3199 - requested by gls
security patch

Revisions pulled up:
- pkgsrc/security/gnupg2/Makefile	1.30
- pkgsrc/security/gnupg2/distinfo	1.18

Files added:
pkgsrc/security/gnupg2/patches/patch-an

-------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Tue Aug  3 19:14:42 UTC 2010

   Modified Files:
           pkgsrc/security/gnupg2: Makefile distinfo
   Added Files:
           pkgsrc/security/gnupg2/patches: patch-an

   Log Message:
   add patch from upstream to fix a possible use-after-free problem
   (CVE-2010-2547), bump PKGREVISION


   To generate a diff of this commit:
   cvs rdiff -u -r1.29 -r1.30 pkgsrc/security/gnupg2/Makefile
   cvs rdiff -u -r1.17 -r1.18 pkgsrc/security/gnupg2/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/security/gnupg2/patches/patch-an

Revision 1.18 / (download) - annotate - [select for diffs], Tue Aug 3 19:14:42 2010 UTC (10 years, 5 months ago) by drochner
Branch: MAIN
Changes since 1.17: +2 -1 lines
Diff to previous 1.17 (colored)

add patch from upstream to fix a possible use-after-free problem
(CVE-2010-2547), bump PKGREVISION

Revision 1.17 / (download) - annotate - [select for diffs], Wed Feb 3 10:58:11 2010 UTC (10 years, 11 months ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2010Q2-base, pkgsrc-2010Q1-base, pkgsrc-2010Q1
Branch point for: pkgsrc-2010Q2
Changes since 1.16: +2 -1 lines
Diff to previous 1.16 (colored)

add a patch from upstream CVS to fix a bug which could make keys
unusable on passphrase changes
bump PKGREVISION

Revision 1.16 / (download) - annotate - [select for diffs], Fri Jan 15 20:15:07 2010 UTC (11 years ago) by drochner
Branch: MAIN
Changes since 1.15: +4 -7 lines
Diff to previous 1.15 (colored)

update to 2.0.14
changes:
* The default for --include-cert is now to include all certificates
  in the chain except for the root certificate.
* Numerical values may now be used as an alternative to the
  debug-level keywords.
* The GPGSM --audit-log feature is now more complete.
* GPG now supports DNS lookups for SRV, PKA and CERT on W32.
* New GPGSM option --ignore-cert-extension.
* New and changed passphrases are now created with an iteration count
  requiring about 100ms of CPU work.

Revision 1.15 / (download) - annotate - [select for diffs], Fri Dec 18 17:49:51 2009 UTC (11 years, 1 month ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base, pkgsrc-2009Q4
Changes since 1.14: +2 -1 lines
Diff to previous 1.14 (colored)

kill the "idea" option -- gnupg2 uses libgcrypt which used to have
an "idea" option, but that was removed more than a year ago when it
got updated from 1.2 to 1.4
The patch was was used on gnupg2 in the "idea" case was just a four-line
memory initialization fix, there is no point in LICENSE restrictions
due to this, so I've pulled it in as regular patch so that it doesn't
get lost for the case someone fixes idea support in libgcrypt
(which isn't hard).

Revision 1.14 / (download) - annotate - [select for diffs], Wed Dec 16 18:52:49 2009 UTC (11 years, 1 month ago) by drochner
Branch: MAIN
Changes since 1.13: +2 -1 lines
Diff to previous 1.13 (colored)

don't install the gpg-zip.1 manpage, avoids CONFLICT with gnupg1,
noticed by OBATA Akio per mail to pkgsrc-users.
This makes most sense to me since gnupg2 doesn't install a gpg-zip
intentionally. Since possible clients of gpg-zip should have a
dependency on gnupg1, we can't take over easily. Once we are sure
that gnupg2 can fully replace gnupg1, we might consider to install
eg symlinks gpg->gpg2 etc and make gnupg1 obsolete, but this needs
careful testing.

Revision 1.13 / (download) - annotate - [select for diffs], Wed Dec 16 09:09:06 2009 UTC (11 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.12: +4 -1 lines
Diff to previous 1.12 (colored)

Add checksum for idea patch.

Revision 1.12 / (download) - annotate - [select for diffs], Tue Dec 15 20:10:41 2009 UTC (11 years, 1 month ago) by drochner
Branch: MAIN
Changes since 1.11: +9 -9 lines
Diff to previous 1.11 (colored)

update to 2.0.13
changes: many fixes and improvements

reviewed by John R. Shannon

pkgsrc notes:
-since S/MIME support is the biggest difference in functionality over
 gnupg1, enable it per default -- my tests (with the s/mime plugin
 of claws-mail) worked
-left the build against a private libassuan with GNU-pth support
 alone for now, just updated libassuan to 1.0.5. We might build
 pkgsrc/libassuan against pkgsrc/pth at some point, but this needs
 to be checked for side effects. (As this pkg doesn't export a library
 which might propagate the pth dependency, the possibility of
 pthread-pth conflicts should be limited. Other uses of libassuan
 need to be checked.)

Revision 1.11 / (download) - annotate - [select for diffs], Mon Apr 28 14:54:27 2008 UTC (12 years, 8 months ago) by shannonjr
Branch: MAIN
CVS Tags: pkgsrc-2009Q3-base, pkgsrc-2009Q3, pkgsrc-2009Q2-base, pkgsrc-2009Q2, pkgsrc-2009Q1-base, pkgsrc-2009Q1, pkgsrc-2008Q4-base, pkgsrc-2008Q4, pkgsrc-2008Q3-base, pkgsrc-2008Q3, pkgsrc-2008Q2-base, pkgsrc-2008Q2, cwrapper, cube-native-xorg-base, cube-native-xorg
Changes since 1.10: +9 -9 lines
Diff to previous 1.10 (colored)

Update to 2.0.9. Changes:
* Enhanced gpg-connect-agent with a small scripting language.
* New option --list-config for gpgconf.
* Fixed a crash in gpgconf.
* The envvars XAUTHORITY and PINENTRY_USER_DATA are now passed to the
   pinentry.
 * Fixed the auto creation of the key stub for smartcards.
 * Fixed a rare bug in decryption using the OpenPGP card.
 * Creating DSA2 keys is now possible.
 * New option --extra-digest-algo for gpgsm to allow verification of
   broken signatures.
 * Allow encryption with legacy Elgamal sign+encrypt keys with option
   --rfc2440.

Revision 1.10 / (download) - annotate - [select for diffs], Wed Nov 7 15:24:26 2007 UTC (13 years, 2 months ago) by shannonjr
Branch: MAIN
CVS Tags: pkgsrc-2008Q1-base, pkgsrc-2008Q1, pkgsrc-2007Q4-base, pkgsrc-2007Q4
Changes since 1.9: +8 -11 lines
Diff to previous 1.9 (colored)

Update to 2.0.7. This is maintenance release with a few minor enhancements.
Changes:
 * Fixed encryption problem if duplicate certificates are in the
   keybox.
 * Add new options min-passphrase-nonalpha, check-passphrase-pattern,
   enforce-passphrase-constraints and max-passphrase-days to
   gpg-agent.
 * Add command --check-components to gpgconf.  Gpgconf now uses the
   installed versions of the programs and does not anymore search via
   PATH for them.

Revision 1.9 / (download) - annotate - [select for diffs], Wed Aug 29 23:19:07 2007 UTC (13 years, 4 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2007Q3-base, pkgsrc-2007Q3
Changes since 1.8: +7 -4 lines
Diff to previous 1.8 (colored)

Update to 2.0.6. Add support for idea option. From Blair Sadewitz
on tech-pkg.

Noteworthy changes in version 2.0.6 (2007-08-16)
------------------------------------------------

 * GPGSM does now grok --default-key.

 * GPGCONF is now aware of --default-key and --encrypt-to.

 * GPGSM does again correctly print the serial number as well the the
   various keyids.  This was broken since 2.0.4.

 * New option --validation-model and support for the chain-model.

 * Improved Windows support.

Revision 1.8 / (download) - annotate - [select for diffs], Sat Aug 4 12:00:02 2007 UTC (13 years, 5 months ago) by shannonjr
Branch: MAIN
Changes since 1.7: +9 -12 lines
Diff to previous 1.7 (colored)

Update to Version 2.0.5. Changes:
 * Switched license to GPLv3.
 * Fixed bug when using the --p12-charset without --armor.
 * The command --gen-key may now be used instead of the
   gpgsm-gencert.sh script.
 * Changed key generation to reveal less information about the
   machine.  Bug fixes for gpg2's card key generation.

Revision 1.7 / (download) - annotate - [select for diffs], Sat May 12 11:08:31 2007 UTC (13 years, 8 months ago) by shannonjr
Branch: MAIN
CVS Tags: pkgsrc-2007Q2-base, pkgsrc-2007Q2
Changes since 1.6: +11 -11 lines
Diff to previous 1.6 (colored)

Update to Version 2.0.4. Changes are not described in release announcement.

Revision 1.6 / (download) - annotate - [select for diffs], Mon Feb 5 11:43:01 2007 UTC (13 years, 11 months ago) by shannonjr
Branch: MAIN
CVS Tags: pkgsrc-2007Q1-base, pkgsrc-2007Q1
Changes since 1.5: +6 -6 lines
Diff to previous 1.5 (colored)

Update to Version 2.0.2.

This is maintenance release to fix build problems found after the
release of 2.0.1.  There are also some minor enhancements.

Revision 1.5 / (download) - annotate - [select for diffs], Mon Dec 18 07:14:51 2006 UTC (14 years, 1 month ago) by smb
Branch: MAIN
CVS Tags: pkgsrc-2006Q4-base, pkgsrc-2006Q4
Changes since 1.4: +2 -1 lines
Diff to previous 1.4 (colored)

Fix invocation of /usr/bin/install to take out $(SHELL)

Revision 1.4 / (download) - annotate - [select for diffs], Tue Dec 12 13:11:35 2006 UTC (14 years, 1 month ago) by shannonjr
Branch: MAIN
Changes since 1.3: +5 -5 lines
Diff to previous 1.3 (colored)

Update to 2.0.1.

This is maintenance release to fix build problems found after the
release of 2.0.0 and to fix a buffer overflow in gpg2

Revision 1.3 / (download) - annotate - [select for diffs], Sat Dec 9 13:39:28 2006 UTC (14 years, 1 month ago) by shannonjr
Branch: MAIN
Changes since 1.2: +2 -1 lines
Diff to previous 1.2 (colored)

Added patch fixing [CVE-2006-6235] remotely controllable function pointer.

Revision 1.2 / (download) - annotate - [select for diffs], Mon Nov 27 20:37:20 2006 UTC (14 years, 1 month ago) by shannonjr
Branch: MAIN
Changes since 1.1: +2 -1 lines
Diff to previous 1.1 (colored)

"While fixing a bug reported by Hugh Warrington, a buffer overflow has
been identified in all released GnuPG versions.  Exploiting this
overflow seems to be possible.  Apply the following patch to GnuPG."
2006-11-27  Werner Koch  <wk@g10code.com>

gnupg2 has been patched accordingly.

Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Fri Nov 17 12:13:11 2006 UTC (14 years, 2 months ago) by shannonjr
Branch: TNF
CVS Tags: SHANNONJR_20061117
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

This package is the sucessor to gnupg-devel.

GnuPG-2 provides several utilities that are used by mail clients,
such as Kmail and Balsa, including OpenPGP and S/MIME support.
GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.5) in that
it splits up functionality into several modules.  However, both
versions may be installed alongside without any conflict.  In fact,
the gpg version from GnuPG-1 is able to make use of the gpg-agent as
included in GnuPG-2 and allows for seamless passphrase caching.  The
advantage of GnuPG-1 is its smaller size and the lack of dependency on
other modules at run and build time.

Revision 1.1 / (download) - annotate - [select for diffs], Fri Nov 17 12:13:11 2006 UTC (14 years, 2 months ago) by shannonjr
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>