gnupg 2.0.9_2 security =390

The GNU Privacy Guard
Maintained by: kuriyama@FreeBSD.org
Port Added: unknown

---

---

GnuPG is a complete and free replacement for PGP.

Because it does not use the patented IDEA algorithm, it can be used
without any restrictions.  GnuPG is an RFC2440 (OpenPGP) compliant
application.

WWW: http://www.gnupg.org/

CVSWeb : Sources : Main Web Site : Distfiles Availability : PortsMon

---

Required To Build: security/libassuan, security/libksba, devel/gmake
Required Libraries: security/libgcrypt, security/libgpg-error, security/libksba, devel/pth, ftp/curl, converters/libiconv

---

To install the port: cd /usr/ports/security/gnupg/ && make install clean
To add the package: pkg_add -r gnupg

---

Configuration Options

===> The following configuration options are available for gnupg-2.0.9_2:
     LDAP=off (default) "LDAP keyserver interface"
     SCDAEMON=off (default) "Enable Smartcard daemon (with libusb)"
     CURL=on (default) "Use the real curl library (worked around if no)"
     GPGSM=off (default) "Enable GPGSM (require LDAP)"
     NLS=off (default) "National Language Support"
===> Use 'make config' to modify these settings

---

Master Sites:

http://ftp.linux.it/pub/mirrors/gnupg/gnupg/

ftp://ftp.demon.nl/pub/mirrors/gnupg/gnupg/

ftp://sunsite.dk/pub/security/gcrypt/gnupg/

ftp://ftp.jyu.fi/pub/crypt/gcrypt/gnupg/

ftp://ftp.freenet.de/pub/ftp.gnupg.org/gcrypt/gnupg/

ftp://ftp.surfnet.nl/pub/security/gnupg/gnupg/

ftp://ftp.mirrorservice.org/sites/ftp.gnupg.org/gcrypt/gnupg/

ftp://sunsite.cnlab-switch.ch/mirror/gcrypt/gnupg/

ftp://ftp.iasi.roedu.net/pub/mirrors/ftp.gnupg.org/gnupg/

http://ring.nict.go.jp/archives/net/gnupg/gnupg/

http://ring.sakura.ad.jp/archives/net/gnupg/gnupg/

http://ring.riken.jp/archives/net/gnupg/gnupg/

ftp://igloo.linux.gr/pub/crypto/gnupg/gnupg/

ftp://ftp.gnupg.org/gcrypt/gnupg/

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/

• 2006-12-21

  Affects: users of security/gnupg

  Author: kuriyama@FreeBSD.org

  Reason: 
    The security/gnupg port was upgraded to 2.0.1 (with security fix)
    and good-old gnupg-1.4.6 was repocopied to security/gnupg1.
  
    Both of security/gnupg (2.x) and security/gnupg1 (1.4.x) are
    designed not to conflict with each other.  So you can use
    security/gnupg1 for gpg(1), and use security/gnupg for gpg2(1)
    commands.
  
    All directly dependents are $PORTREVISION bumped, so portupgrade -R
    gnupg will works fine.  After portupgrade, you will have both of
    gnupg-2.0.1 and gnupg-1.4.6.
  
  

• port moved here from security/gnupg-devel on 2006-12-21
  REASON: gnupg-devel has been released as Gnupg 2.0
  

Make WITHOUT_NLS actually work

Bump portrevision due to upgrade of devel/gettext.

The affected ports are the ones with gettext as a run-dependency
according to ports/INDEX-7 (5007 of them) and the ones with USE_GETTEXT
in Makefile (29 of them).

PR:             ports/124340
Submitted by:   edwin@
Approved by:    portmgr (pav)

- Update to 2.0.9

Notes:
        This update fixes a possible security vulnerability involving
        memory corruption from importing malicious keys.

PR:             122114/122349
Submitted by:   Hirohisa Yamaguchi <umq@ueo.co.jp> / Nick Barkas
<snb@threerings.net>
Approved by:    maintainer timeout
Security:      
http://www.vuxml.org/freebsd/30394651-13e1-11dd-bab7-0016179b2dd5.html

- Upgrade to 2.0.8.
- Change dependency versions.
- NLS option back again.
- Make GPGSM option off by default (to avoid ldap dependency in package).

PR:             ports/118895
Submitted by:   Hirohisa Yamaguchi <umq@ueo.co.jp>

Chase libgcrypt library version

- Add a note "require LDAP" in GPGSM knob for $OPTIONS.  This may help
  to reduce confusion when "WITHOUT_LDAP and WITH_GPGSM selected, but
  OpenLDAP dependency exists" situcation.

PR:             ports/116558
Reported by:    Jo Rhett <jrhett@netconsonance.com>

Backout the commit with addition of pinentry as a run dependency because
it needs discussion.

Add RUN_DEPEND on security/pinentry because gpg is almost useless
without it.

PR:             115760
Submitted by:   novel
Approved by:    maintainer timeout (1 week, linimon ok)

Resurrect handy WITH_SUID_GPG knob.

PR:             114926
Submitted by:   novel
Approved by:    maintainer timeout

- Set --mandir and --infodir in CONFIGURE_ARGS if the configure script
  supports them.  This is determined by running ``configure --help'' in
  do-configure target and set the shell variable _LATE_CONFIGURE_ARGS
  which is then passed to CONFIGURE_ARGS.
- Remove --mandir and --infodir in ports' Makefile where applicable
  Few ports use REINPLACE_CMD to achieve the same effect, remove them too.
- Correct some manual pages location from PREFIX/man to MANPREFIX/man
- Define INFO_PATH where necessary
- Document that .info files are installed in a subdirectory relative to
  PREFIX/INFO_PATH and slightly change add-plist-info to use INFO_PATH and
  subdirectory detection.

PR:             ports/111470
Approved by:    portmgr
Discussed with: stas (Mk/*), gerald (info related stuffs)
Tested by:      pointyhat exp run

Upgrade to 2.0.4 (maintainance release with a few minor enhancements).

PR:             ports/113676
Submitted by:   Hirohisa Yamaguchi <umq@ueo.co.jp>

- Fix breakage on WITHOUT_NLS=t condition by forcing --enable-nls in
  configure args which I fogot in previous commit.

Reported by:    kris

- Upgrade to 2.0.3 (including same safety belt as of 1.4.7).

References:    
http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html

Track libgpg-error shlib version change.

- Upgrade to 2.0.2.

Fix breakage.

- Make GPGSM dependency optional (then we can use this port without LDAP
  dependency). [1]
- Remove libpth hack in configure since this problem was fixed in 2.0.1. [2]
- Remove silly conflict detections which breaks BATCH building [2],[3]
- Check libassuan package version (to avoid using old lib) [4]

PR:             ports/107185 (I'm still working on NLS problem) [2],
                ports/107349 [3]
Submitted by:   Brian Minard <bminard@flatfoot.ca> [1],
                dougb [2],
                Ulrich Spoerlein <uspoerlein@gmail.com> [3],
                Ian Lister <freebsd-ports@lister.dnsalias.net> [4]

- Force USE_GETTEXT=YES (remove from OPTIONS) because 2.0.x cannot be
  compiled without libintl.so (I didn't notice this by hidden
  dependencies).

PR:                     ports/107089
Investigated with:      Roland Smith <rsmith@xs4all.nl>

- Force USE_GETTEXT=YES (remove from OPTIONS) because 2.0.x cannot be
  compiled without libintl.so (I didn't notice this by hidden
  dependencies).

PR:                     ports/107089
Investigated with:      Roland Smith <rsmith@xs4all.nl>

gnupg-devel and gnupg-2.x conflict.

- Upgrade gnupg to 2.0.1.  Old stable version (1.4.6) was repocopied
  to security/gnupg1.

Thanks to:      dougb, lofi

Update the ftp/curl port to 7.16.0.
Bump PORTREVISION of all dependent ports.
Fix the build errors in the few ports that still use the long deprecated,
and now obsoleted, cURL options.

Thanks to everyone who took the time to look over the patch!

Discussed on:   -ports

- Unbreak locale.

PR:             ports/106456
Submitted by:   jjuanino@gmail.com

- Upgrade to 1.4.6 (including security fix).

Security:       CVE-2006-6235
References:    
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html

Fix buffer overflow.

References:    
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html

Fix GnuPG's hidden dependency on cURL - add cURL support to OPTIONS and
either explicitly depend on it, or disable it in the configure options.

PR:             103427
Silence from:   kuriyama (maintainer)

- Fix WITH_LIBICONV to work correctly.
- Add WITH_USB to OPTIONS.

PR:             ports/101311
Submitted by:   Helge Oldach <gnupgaug06@oldach.net>

- Remove NOPORTDOCS from OPTIONS since the correct is check NOPORTDOCS and
  not WITH(OUT)_NOPORTDOCS
- Use PORTDOCS and clean pkg-plist
- Add NLS to OPTIONS as on by default and move the check after
  bsd.port.pre.mk
- Add --with-ldap=${LOCALBASE} because it was not finding ldap libs without
  this

PR:             ports/101318
Submitted by:   garga
Approved by:    maintainer timeout (14 days)

- Upgrade to 1.4.5.
  (fixes 2 more possible memory allocation attacks).
- Enable OPTIONS [1].

Security:      
http://lists.gnupg.org/pipermail/gnupg-announce/2006q3/000229.html
PR:             ports/93540 [1]
Submitted by:   Pawel Wieleba <P.Wieleba@iem.pw.edu.pl> [1]

- Upgrade to 1.4.4.
  (fixes user ID handling bug).

Security:      
http://lists.gnupg.org/pipermail/gnupg-announce/2006q2/000226.html

- Upgrade to 1.4.3.
- Handle hidden dependency on libusb (1).

Submitted by:   Peter Pentchev <roam@ringlet.net> (1)

Update to 1.4.2.2.

Security:       GnuPG does not detect injection of unsigned data
References:    
http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html
Probbed by:     simon
Approved by:    portmgr (erwin)

Upgrade to 1.4.2.1.

Security:       False positive signature verification in GnuPG
References:    
http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html
Prodded by:     simon

Replace ugly "@unexec rmdir %D... 2>/dev/null || true" with @dirrmtry

Approved by:    krion@
PR:             ports/88711 (related)

Add SHA256.

PR:             ports/90105
Submitted by:   Thomas Vogt <thomas@bsdunix.ch>

Fix the problem in --batch mode.

Obtained from: 
http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/keygen.c?rev=3853&r1=3852&r2=3853
PR:             ports/90105
Submitted by:   Thomas Vogt <thomas@bsdunix.ch>

Fix build failure on 4.x.

Reported by:    "Sander Holthaus - Orange XL" <info@orangexl.com>

Upgrade to 1.4.2.

PR:             ports/84289
Submitted by:   Vasil Dimov <vd@datamax.bg>

Upgrade to 1.4.1.

PR:             ports/80157
Submitted by:   Vasil Dimov <vd@datamax.bg>
Kindly knocked by:      dougb

At Kris's request, back out the MACHINE_ARCH spelling correction until
after 5.4-RELEASE.

Assist getting more ports working on AMD64 by obeying the
Ports Collection documentation and use 'ARCH' rather than 'MACHINE_ARCH'.

Add a workaround patch to avoid protocol attack (but will not be
effective in the real world).

References:    
http://lists.gnupg.org/pipermail/gnupg-announce/2005q1/000190.html (broken
mailman archive)
                http://www.pgp.com/library/ctocorner/openpgp.html
                http://eprint.iacr.org/2005/033
Reported by:    dougb

Upgrade to 1.4.0.

Clean up handling of locale directories at deinstall-time:

* Don't remove "system directories" (which were created by BSD.*.dist)
* Silently try to remove locale directories which we might have created

Update to 1.2.6.
Utilize DOCSDIR and DATADIR macros.

Approved by:    kuriyama (maintainer)

Link with openldap library only when WITH_LDAP knob is specified
explicitly.

- Upgrade to 1.2.5.
- Remove unnecessary "@unexec rmdir"s for locales.

Fix LDAP detection. For everybody who has a the default
openldap client installed, this will cause a plist change.
I didn't bump the PORTREVISION, but it might not be a bad
idea. I'll leave that up to the maintainer.

Add WITHOUT_NLS knob.

PR:             ports/64491
Submitted by:   Sebastian Klemke <packet@adrenochrome.nl>

- Use USE_ICONV knob

Approved by:    portmgr

SIZEify.

Submitted by:   trevor

Add USE_GETTEXT and bump PORTREVISION.

Submitted by:   trevor
Tested by:      bento

Now gettext 0.12.1 is gettext-old.

Upgrade to 1.2.4.

*** Security Update (not fix, only workaround) ***

Disable the ability to create signatures using the ElGamal
sign+encrypt (type 20) keys as well as to remove the option
to create such keys.

Reported by:    se
References:    
http://lists.gnupg.org/pipermail/gnupg-devel/2003-November/020570.html
               
http://lists.gnupg.org/pipermail/gnupg-devel/2003-November/020569.html
Approved by     portmgr (will)

What users should use is WITH_LDAP and USE_OPENLDAP is for ports
system.

Submitted by:   Alex Dupre <sysadmin@alexdupre.com>
PR:             ports/59151

Fix USE_DYNAMIC_LINKING detection.

Submitted by:   ls+gnupg.devel.gnupg.org@gambit.com.ru
References:    
http://lists.gnupg.org/pipermail/gnupg-devel/2003-October/020503.html

Add missing share/locale/ro/LC_MESSAGES/gnupg.mo and clean up
@unexec rmdir's.

PR:             ports/58212
Submitted by:   Dimitry Andric <dimitry@andric.com>

Add missing share/locale/ro/LC_MESSAGES/gnupg.mo and clean up
@unexec rmdir's.

PR:             ports/58212
Submitted by:   Dimitry Andric <dimitry@andric.com>

Respect USE_OPENLDAP(WANT_OPENLDAP_VER).

Pointed out by: lofi

Bump the PORTREVISION for the ports directly affected by the gettext upgrade.

Prodded by:     kris

Chase the libintl.so shared lib version.

o Upgrade to 1.2.3.
o Remove explicit --enable-tiger from $CONFIGURE_ARGS.  This feature will
  be removed from GnuPG.

Fix non-default dependency on openldap2[012] which is broken by splitting.

# I'm not bumped port revision of them because this should not affect
# packages built on bento...

Show $PKGMESSAGE only if $OSVERSION < 500019.
Add URL reference for rndcontrol.

Submitted by:   dougb

Add a patch for mpi/config.links to avoid infinite loop on sparc64.

MPI assembler function for sparc32 is used for our sparc64, but it
will not work on it.  So use generic (C) version for sparc64-*-freebsd*.

Upgrade to 1.2.2.

Check versioned library file explicitly.

PR:             ports/48692
Submitted by:   fenner

Point dependencies on net/openldap2 to net/openldap20

de-pkg-comment.

Use MASTER_SITE_GNUPG

Correct typo in previous

Pointy hat to:  kris

Add missing @dirrm

Upgrade to 1.2.1.