non port: security/gnupg/distinfo |
Number of commits found: 104 (showing only 100 on this page) |
Friday, 9 Feb 2024
|
21:07 Joseph Mingrone (jrm)
security/gnupg: Update to 2.4.4
Changelog: https://dev.gnupg.org/T6578
Sponsored by: The FreeBSD Foundation
Approved by: adridg (maintainer)
Differential Revision: https://reviews.freebsd.org/D43787
c647d50 |
Monday, 10 Jul 2023
|
18:46 Jason E. Hale (jhale)
security/gnupg: Update to 2.4.3
2.4.3: https://dev.gnupg.org/T6509
2.4.2: https://dev.gnupg.org/T6506
2.4.1: https://dev.gnupg.org/T6454
2.4.0: https://dev.gnupg.org/T6303
PR: 272083
Approved by: maintainer timeout (3 weeks)
29b3afa |
Sunday, 6 Nov 2022
|
10:46 Daniel Engberg (diizzy) Author: Herbert J. Skuhra
security/gnupg: Update to 2.3.8
Changelog:
https://lists.gnupg.org/pipermail/gnupg-announce/2022q4/000476.html
Some additional changes to submitted patch:
- Change PORTVERSION to DISTVERSION
- Generate patch using "make makepatch"
- Remove obsolete configure switch
PR: 267152
Reviewed by: adridg (maintainer)
Tested by: Dennis Clarke <dclarke@blastwave.org>
142c06a |
Wednesday, 13 Oct 2021
|
14:55 Adam Weinberger (adamw)
security/gnupg: Update to 2.3.3
Changes:
* agent: Fix segv in GET_PASSPHRASE (regression). [#5577]
* dirmngr: Fix Let's Encrypt certificate chain validation. [#5639]
* gpg: Change default and maximum AEAD chunk size to 4 MiB.
[ad3dabc9fb]
* gpg: Print a warning when importing a bad cv25519 secret key.
[#5464]
* gpg: Fix --list-packets for undecryptable AEAD packets. [#5584]
* gpg: Verify backsigs for v5 keys correctly. [#5628]
* keyboxd: Fix checksum computation for no UBID entry on disk.
[#5573]
* keyboxd: Fix "invalid object" error with cv448 keys. [#5609]
* dirmngr: New option --ignore-cert. [4b3e9a44b5]
* agent: Fix calibrate_get_time use of clock_gettime. [#5623]
* Silence process spawning diagnostics on Windows. [f2b01025c3]
* Support a gpgconf.ctl file under Unix and use this for the
regression tests. [#5999]
* The Windows installer now also installs the new keyboxd.
(Put "use-keyboxd" into common.conf to use a fast SQLite
database instead of the pubring.kbx file.)
Release-info: https://dev.gnupg.org/T5565
b57a655 |
Tuesday, 24 Aug 2021
|
18:34 Adam Weinberger (adamw)
security/gnupg: Update to 2.3.2
Changes:
* gpg: Allow fingerprint based lookup with --locate-external-key.
[ec36eca08c]
* gpg: Allow decryption w/o public key but with correct card
inserted. [50293ec2eb]
* gpg: Auto import keys specified with --trusted-keys. [100037ac0f]
* gpg: Do not use import-clean for LDAP keyserver imports. [#5387]
* gpg: Fix mailbox based search via AKL keyserver method. [4fcfac6feb]
* gpg: Fix memory corruption with --clearsign introduced with 2.3.1.
[#5430]
* gpg: Use a more descriptive prompt for symmetric decryption.
[6dfae2f402]
* gpg: Improve speed of secret key listing. [40da61b89b]
* gpg: Support keygrip search with traditional keyring. [#5469]
* gpg: Let --fetch-key return an exit code on failure. [#5376]
* gpg: Emit the NO_SECKEY status again for decryption. [#5562]
* gpgsm: Support decryption of password based encryption (pwri).
[eeb65d3bbd]
* gpgsm: Support AES-GCM decryption. [4980fb3c6d]
* gpgsm: Let --dump-cert --show-cert also print an OpenPGP
fingerprint. [52bbdc731f]
* gpgsm: Fix finding of issuer in use-keyboxd mode. [6b76693ff5]
* gpgsm: New option --ldapserver as an alias for --keyserver.
[89df86157e]
* agent: Use SHA-256 for SSH fingerprint by default. [#5434]
* agent: Fix calling handle_pincache_put. [#5436]
* agent: Fix importing protected secret key. [#5122]
* agent: Fix a regression in agent_get_shadow_info_type. [#5393]
* agent: Add translatable text for Caps Lock hint. [#4950]
* agent: New option --pinentry-formatted-passphrase. [#5517]
* agent: Add checkpin inquiry for pinentry. [#5517,#5532]
* agent: New option --check-sym-passphrase-pattern. [#5517]
* agent: Use the sysconfdir for a pattern file.
* agent: Make QT_QPA_PATFORMTHEME=qt5ct work for the pinentry.
[1305baf099]
* dirmngr: LDAP search by a mailbox now ignores revoked keys.
[1406f551f1]
* dirmngr: For KS_SEARCH return the fingerprint also with LDAP.
[#5441]
* dirmngr: Allow for non-URL specified ldap keyservers. [#5405,#5452]
* dirmngr: New option --ldapserver. [52cf32ce2f]
* dirmngr: Fix regression in KS_GET for mail address pattern.
[#5497]
* card: New option --shadow for the list command. [2fce99d73a]
* tests: Make sure the built keyboxd is used. [#5406]
* scd: Fix computing shared secrets for 512 bit curves.
[9e24f2a45c]
* scd: Fix unblock PIN by a Reset Code with KDF. [#5413]
* scd: Fix PC/SC removed card problem. [8d81fd7c01]
* scd: Recover the partial match for PORTSTR for PC/SC.
[53bdc6288f]
* scd: Make sure to release the PC/SC context. [#5416]
* scd: Fix zero-byte handling in ECC. [#5163]
* scd: Fix serial number detection for Yubikey 5. [#5442]
* scd: Add basic support for AET JCOP cards. [544ec7872a]
* scd: Detect external interference when --pcsc-shared is in use.
[#5484]
* scd: Fix access to the list of cards. [#5524]
* gpgconf: Do not list a disabled tpm2d. [#5408]
* gpgconf: Make runtime changes with different homedir work.
[31c0aa2ff3]
* keyboxd: Fix searching for exact mail adddress. [f79e9540ca]
* keyboxd: Fix searching with multiple patterns. [101ba4f18a]
* gpgtar: Fix file size computation under Windows. [14e36bdbe1]
* tools: Extend gpg-check-pattern. [73c03e0232]
* wkd: Fix client issue with leading or trailing spaces in
user-ids. [b4345f7521]
* Under Windows add a fallback in case the console can't cope with
Unicode. [#5491]
* Under Windows use LOCAL_APPDATA for the socket directory. [#5537]
* Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to Pinentry.
[#3659]
* Change the default keyserver to keyserver.ubuntu.com. This is a
temporary change due to the shutdown of the SKS keyserver pools.
[55b5928099]
Release-info: https://dev.gnupg.org/T5405L
c12c170 |
Tuesday, 20 Apr 2021
|
14:15 Adam Weinberger (adamw)
security/gnupg: Update to 2.3.1
c260503 |
Thursday, 8 Apr 2021
|
18:45 Adam Weinberger (adamw)
security/gnupg: Update to 2.3.0
Changes:
* A new experimental key database daemon is provided. To enable it
put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored
in a SQLite database and make key lookup much faster.
* New tool gpg-card as a flexible frontend for all types of
supported smartcards.
* New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and
gpg-connect-agent.
* The gpg-wks-client tool is now installed under bin; a wrapper for
its old location at libexec is also installed.
* tpm2d: New daemon to physically bind keys to the local machine.
See https://gnupg.org/blog/20210315-using-tpm-with-gnupg-2.3.html
* gpg: Switch to ed25519/cv25519 as default public key algorithms.
* gpg: Verification results now depend on the --sender option and
the signer's UID subpacket. [#4735]
* gpg: Do not use any 64-bit block size cipher algorithm for
encryption. Use AES as last resort cipher preference instead of
3DES. This can be reverted using --allow-old-cipher-algos.
* gpg: Support AEAD encryption mode using OCB or EAX.
* gpg: Support v5 keys and signatures.
* gpg: Support curve X448 (ed448, cv448).
* gpg: Allow use of group names in key listings. [e825aea2ba]
* gpg: New option --full-timestrings to print date and time.
* gpg: New option --force-sign-key. [#4584]
* gpg: New option --no-auto-trust-new-key.
* gpg: The legacy key discovery method PKA is no longer supported.
The command --print-pka-records and the PKA related import and
export options have been removed.
* gpg: Support export of Ed448 Secure Shell keys.
* gpgsm: Add basic ECC support.
* gpgsm: Support creation of EdDSA certificates. [#4888]
* agent: Allow the use of "Label:" in a key file to customize the
pinentry prompt. [5388537806]
* agent: Support ssh-agent extensions for environment variables.
With a patched version of OpenSSH this avoids the need for the
"updatestartuptty" kludge. [224e26cf7b]
* scd: Improve support for multiple card readers and tokens.
* scd: Support PIV cards.
* scd: Support for Rohde&Schwarz Cybersecurity cards.
* scd: Support Telesec Signature Cards v2.0
* scd: Support multiple application on certain smartcard.
* scd: New option --application-priority.
* scd: New option --pcsc-shared; see man page for important notes.
* dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs.
* The symcryptrun tool, a wrapper for the now obsolete external
Chiasmus tool, has been removed.
* Full Unicode support under Windows for the command line. [#4398]
Release-info: https://dev.gnupg.org/T5343
433d2e2 |
Tuesday, 12 Jan 2021
|
04:50 adamw
security/gnupg: Update to 2.2.27
* gpg: Fix regression in 2.2.24 for gnupg_remove function under
Windows. [#5230]
* gpgconf: Fix case with neither local nor global gpg.conf. [9f37d3e6f3]
* gpgconf: Fix description of two new options. [#5221]
* Build Windows installer without timestamps. Note that the
Authenticode signatures still carry a timestamp.
Release-info: https://dev.gnupg.org/T5234
|
Tuesday, 22 Dec 2020
|
09:14 adamw
security/gnupg: Update to 2.2.26
Note that this release removes bin/symcryptrun which had essentially no
expected current use-case.
* gpg: New AKL method "ntds".
* gpg: Fix --trusted-key with fingerprint arg.
* scd: Fix writing of ECC keys to an OpenPGP card. [#5163]
* scd: Make an USB error fix specific to SPR532 readers. [#5167]
* dirmngr: With new LDAP keyservers store the new attributes. Never
store the useless pgpSignerID. Fix a long standing bug storing
some keys on an ldap server.
* dirmngr: Support the new Active Direcory LDAP schema for
keyservers.
* dirmngr: Allow LDAP OpenPGP searches via fingerprint.
* dirmngr: Do not block other threads during keyserver LDAP calls.
* Support global configuration files. [#4788]
* Fix the iconv fallback handling to UTF-8. [#5038]
Release-info: https://dev.gnupg.org/T5153
|
Tuesday, 24 Nov 2020
|
15:55 adamw
security/gnupg: Update to 2.2.25
* scd: Fix regression in 2.2.24 requiring gpg --card-status before
signing or decrypting. [#5065]
* gpgsm: Using Libksba 1.5.0 signatures with a rarely used
combination of attributes can now be verified. [#5146]
Release-info: https://dev.gnupg.org/T5140
|
Tuesday, 17 Nov 2020
|
14:12 adamw
security/gnupg: Update to 2.2.24
* Allow Unicode file names on Windows almost everywhere. Note that
it is still not possible to use Unicode strings on the command
line. This change also fixes a regression in 2.2.22 related to
non-ascii file names. [#5098]
* Fix localized time printing on Windows. [#5073]
* gpg: New command --quick-revoke-sig. [#5093]
* gpg: Do not use weak digest algos if selected by recipient
preference during sign+encrypt. [4c181d51a6]
* gpg: Switch to AES256 for symmetric encryption in de-vs mode.
[166e779634]
* gpg: Silence weak digest warnings with --quiet. [#4893]
* gpg: Print new status line CANCELED_BY_USER for a cancel during
symmetric encryption. [f05d1772c4]
* gpg: Fix the encrypt+sign hash algo preference selection for
ECDSA. This is in particular needed for keys created from
existing smartcard based keys. [aeed0b93ff]
* agent: Fix secret key import of GnuPG 2.3 generated Ed25519 keys.
[#5114]
* agent: Keep some permissions of private-keys-v1.d. [#2312]
* dirmngr: Align sks-keyservers.netCA.pem use between ntbtls and
gnutls builds. [e4f3b74c91]
* dirmngr: Fix the pool keyserver case for a single host in the
pool. [72e04b03b1a7]
* scd: Fix the use case of verify_chv2 by CHECKPIN. [61aea64b3c]
* scd: Various improvements to the ccid-driver. [#4616,#5065]
* scd: Minor fixes for Yubikey [25bec16d0b]
* gpgconf: New option --show-versions.
* w32: Install gpg-check-pattern and example profiles. Install
Windows subsystem variant of gpgconf (gpgconf-w32).
* i18n: Complete overhaul and completion of the Italian translation.
Thanks to Denis Renzi.
* Require Libgcrypt 1.8 because 1.7 has long reached end-of-life.
Release-info: https://dev.gnupg.org/T5052
|
Friday, 4 Sep 2020
|
02:12 adamw
security/gnupg: Update to 2.2.23
Importing an OpenPGP key having a preference list for AEAD algorithms
will lead to an array overflow and thus often to a crash or other
undefined behaviour.
Importing an arbitrary key can often easily be triggered by an attacker
and thus triggering this bug. Exploiting the bug aside from crashes is
not trivial but likely possible for a dedicated attacker. The major
hurdle for an attacker is that only every second byte is under their
control with every first byte having a fixed value of 0x04.
Software distribution verification should not be affected by this bug
because such a system uses a curated list of keys.
MFH: 2020Q3
Security: CVE-2020-25125
|
Thursday, 27 Aug 2020
|
19:58 adamw
security/gnupg: Update to 2.2.22
Also, sort plist. The new gpgsplit binary is getting installed as
gpgsplit2 to avoid a conflict with security/gnupg1.
Noteworthy changes in version 2.2.22
====================================
* gpg: Change the default key algorithm to rsa3072.
* gpg: Add regular expression support for Trust Signatures on all
platforms. [#4843]
* gpg: Fix regression in 2.2.21 with non-default --passphrase-repeat
option. [#4991]
* gpg: Ignore --personal-digest-prefs for ECDSA keys. [#5021]
* gpgsm: Make rsaPSS a de-vs compliant scheme.
* gpgsm: Show also the SHA256 fingerprint in key listings.
* gpgsm: Do not require a default keyring for --gpgconf-list. [#4867]
* gpg-agent: Default to extended key format and record the creation
time of keys. Add new option --disable-extended-key-format.
* gpg-agent: Support the WAYLAND_DISPLAY envvar. [#5016]
* gpg-agent: Allow using --gpgconf-list even if HOME does not
exist. [#4866]
* gpg-agent: Make the Pinentry work even if the envvar TERM is set
to the empty string. [#4137]
* scdaemon: Add a workaround for Gnuk tokens <= 2.15 which wrongly
incremented the error counter when using the "verify" command of
"gpg --edit-key" with only the signature key being present.
* dirmngr: Better handle systems with disabled IPv6. [#4977]
* gpgpslit: Install tool. It was not installed in the past to avoid
conflicts with the version installed by GnuPG 1.4. [#5023]
(We're installing it as gpgsplit2 to avoid conflict with security/gnupg1)
* gpgtar: Handle Unicode file names on Windows correctly (requires
libgpg-error 1.39). [#4083]
* gpgtar: Make --files-from and --null work as documented. [#5027]
* Build the Windows installer with the new Ntbtls 0.2.0 so that TLS
connections succeed for servers demanding GCM.
Release-info: https://dev.gnupg.org/T5030
|
Thursday, 9 Jul 2020
|
13:27 adamw
gnupg: Update to 2.2.21
* gpg: Improve symmetric decryption speed by about 25%.
See commit 144b95cc9d.
* gpg: Support decryption of AEAD encrypted data packets.
* gpg: Add option --no-include-key-block. [#4856]
* gpg: Allow for extra padding in ECDH. [#4908]
* gpg: Only a single pinentry is shown for symmetric encryption if
the pinentry supports this. [#4971]
* gpg: Print a note if no keys are given to --delete-key. [#4959]
* gpg,gpgsm: The ridiculous passphrase quality bar is not anymore
shown. [#2103]
* gpgsm: Certificates without a CRL distribution point are now
considered valid without looking up a CRL. The new option
--enable-issuer-based-crl-check can be used to revert to the
former behaviour.
* gpgsm: Support rsaPSS signature verification. [#4538]
* gpgsm: Unless CRL checking is disabled lookup a missing issuer
certificate using the certificate's authorityInfoAccess. [#4898]
* gpgsm: Print the certificate's serial number also in decimal
notation.
* gpgsm: Fix possible NULL-deref in messages of --gen-key. [#4895]
* scd: Support the CardOS 5 based D-Trust Card 3.1.
* dirmngr: Allow http URLs with "LOOKUP --url".
* wkd: Take name of sendmail from configure. Fixes an OpenBSD
specific bug. [#4886]
Release-info: https://dev.gnupg.org/T4897
|
Friday, 20 Mar 2020
|
18:51 adamw
gnupg: Update to 2.2.20
Noteworthy changes in version 2.2.20
====================================
* Protect the error counter against overflow to guarantee that the
tools can't be tricked into returning success after an error.
* gpg: Make really sure that --verify-files always returns an error.
* gpg: Fix key listing --with-secret if a pattern is given. [#4061]
* gpg: Fix detection of certain keys used as default-key. [#4810]
* gpg: Fix default-key selection when a card is available. [#4850]
* gpg: Fix key expiration and key usage for keys created with a
creation date of zero. [#4670]
* gpgsm: Fix import of some CR,LF terminated certificates. [#4847]
* gpg: New options --include-key-block and --auto-key-import to
allow encrypted replies after an initial signed message. [#4856]
* gpg: Allow the use of a fingerprint with --trusted-key. [#4855]
* gpg: New property "fpr" for use by --export-filter.
* scdaemon: Disable the pinpad if a KDF DO is used. [#4832]
* dirmngr: Improve finding OCSP certificates. [#4536]
* Avoid build problems with LTO or gcc-10. [#4831]
Release-info: https://dev.gnupg.org/T4860
|
Saturday, 7 Dec 2019
|
17:14 adamw
gnupg: Update to 2.2.19
* gpg: Fix double free when decrypting for hidden recipients.
Regression in 2.2.18. [#4762].
* gpg: Use auto-key-locate for encryption even for mail addressed
given with angle brackets. [#4726]
* gpgsm: Add special case for certain expired intermediate
certificates. [#4696]
Release-info: https://dev.gnupg.org/T4768
|
Tuesday, 26 Nov 2019
|
03:21 adamw
gnupg: Update to 2.2.18
* gpg: Changed the way keys are detected on a smartcards; this
allows the use of non-OpenPGP cards. In the case of a not very
likely regression the new option --use-only-openpgp-card is
available. [#4681]
* gpg: The commands --full-gen-key and --quick-gen-key now allow
direct key generation from supported cards. [#4681]
* gpg: Prepare against chosen-prefix SHA-1 collisions in key
signatures. This change removes all SHA-1 based key signature
newer than 2019-01-19 from the web-of-trust. Note that this
includes all key signature created with dsa1024 keys. The new
option --allow-weak-key-signatues can be used to override the new
and safer behaviour. [#4755,CVE-2019-14855]
* gpg: Improve performance for import of large keyblocks. [#4592]
* gpg: Implement a keybox compression run. [#4644]
* gpg: Show warnings from dirmngr about redirect and certificate
problems (details require --verbose as usual).
* gpg: Allow to pass the empty string for the passphrase if the
'--passphase=' syntax is used. [#4633]
* gpg: Fix printing of the KDF object attributes.
* gpg: Avoid surprises with --locate-external-key and certain
--auto-key-locate settings. [#4662]
* gpg: Improve selection of best matching key. [#4713]
* gpg: Delete key binding signature when deletring a subkey.
[#4665,#4457]
* gpg: Fix a potential loss of key sigantures during import with
self-sigs-only active. [#4628]
* gpg: Silence "marked as ultimately trusted" diagnostics if
option --quiet is used. [#4634]
* gpg: Silence some diagnostics during in key listsing even with
option --verbose. [#4627]
* gpg, gpgsm: Change parsing of agent's pkdecrypt results. [#4652]
* gpgsm: Support AES-256 keys.
* gpgsm: Fix a bug in triggering a keybox compression run if
--faked-system-time is used.
* dirmngr: System CA certificates are no longer used for the SKS
pool if GNUTLS instead of NTBTLS is used as TLS library. [#4594]
* dirmngr: On Windows detect usability of IPv4 and IPv6 interfaces
to avoid long timeouts. [#4165]
* scd: Fix BWI value for APDU level transfers to make Gemalto Ezio
Shield and Trustica Cryptoucan work. [#4654,#4566]
* wkd: gpg-wks-client --install-key now installs the required policy
file.
Release-info: https://dev.gnupg.org/T4684
|
Tuesday, 9 Jul 2019
|
15:54 adamw
gnupg: Update to 2.2.17, with security fixes
* gpg: Ignore all key-signatures received from keyservers. This
change is required to mitigate a DoS due to keys flooded with
faked key-signatures. The old behaviour can be achieved by adding
keyserver-options no-self-sigs-only,no-import-clean
to your gpg.conf. [#4607]
* gpg: If an imported keyblocks is too large to be stored in the
keybox (pubring.kbx) do not error out but fallback to an import
using the options "self-sigs-only,import-clean". [#4591]
* gpg: New command --locate-external-key which can be used to
refresh keys from the Web Key Directory or via other methods
configured with --auto-key-locate.
* gpg: New import option "self-sigs-only".
* gpg: In --auto-key-retrieve prefer WKD over keyservers. [#4595]
* dirmngr: Support the "openpgpkey" subdomain feature from
draft-koch-openpgp-webkey-service-07. [#4590].
* dirmngr: Add an exception for the "openpgpkey" subdomain to the
CSRF protection. [#4603]
* dirmngr: Fix endless loop due to http errors 503 and 504. [#4600]
* dirmngr: Fix TLS bug during redirection of HKP requests. [#4566]
* gpgconf: Fix a race condition when killing components. [#4577]
Release-info: https://dev.gnupg.org/T4606
MFH: 2019Q3
|
Wednesday, 29 May 2019
|
14:43 adamw
Update gnupg to 2.2.16
|
Wednesday, 27 Mar 2019
|
02:18 adamw
Update gnupg to 2.2.15
* sm: Fix --logger-fd and --status-fd on Windows for non-standard
file descriptors.
* sm: Allow decryption even if expired keys are configured. [#4431]
* agent: Change command KEYINFO to print ssh fingerprints with other
hash algos.
* dirmngr: Fix build problems on Solaris due to the use of reserved
symbol names. [#4420]
* wkd: New commands --print-wkd-hash and --print-wkd-url for
gpg-wks-client.
Release-info: https://dev.gnupg.org/T4434
|
Tuesday, 26 Mar 2019
|
00:05 adamw
Update gnupg to 2.2.14, pet portlint, and remove a redundant readline
dependency.
* gpg: Allow import of PGP desktop exported secret keys. Also avoid
importing secret keys if the secret keyblock is not valid. [#4392]
* gpg: Do not error out on version 5 keys in the local keyring.
* gpg: Make invalid primary key algo obvious in key listings.
* sm: Do not mark a certificate in a key listing as de-vs compliant
if its use for a signature will not be possible.
* sm: Fix certificate creation with key on card.
* sm: Create rsa3072 bit certificates by default.
* sm: Print Yubikey attestation extensions with --dump-cert.
* agent: Fix cancellation handling for scdaemon.
* agent: Support --mode=ssh option for CLEAR_PASSPHRASE. [#4340]
* scd: Fix flushing of the CA-FPR DOs in app-openpgp.
* scd: Avoid a conflict error with the "undefined" app.
* dirmngr: Add CSRF protection exception for protonmail.
* dirmngr: Fix build problems with gcc 9 in libdns.
* gpgconf: New option --show-socket for use wity --launch.
* gpgtar: Make option -C work for archive creation.
Release-info: https://dev.gnupg.org/T4412
PR: 236777
Submitted by: Yasuhiro Kimura
|
Wednesday, 13 Feb 2019
|
02:37 adamw
Update gnupg to 2.2.13
* gpg: Implement key lookup via keygrip (using the & prefix).
* gpg: Allow generating Ed25519 key from existing key.
* gpg: Emit an ERROR status line if no key was found with -k.
* gpg: Stop early when trying to create a primary Elgamal key. [#4329]
* gpgsm: Print the card's key algorithms along with their keygrips
in interactive key generation.
* agent: Clear bogus pinentry cache in the error case. [#4348]
* scd: Support "acknowledge button" feature.
* scd: Fix for USB INTERRUPT transfer. [#4308]
* wks: Do no use compression for the the encrypted challenge and
response.
Release-info: https://dev.gnupg.org/T4290
|
Friday, 14 Dec 2018
|
20:01 adamw
Update gnupg to 2.2.12
* tools: New commands --install-key and --remove-key for
gpg-wks-client. This allows to prepare a Web Key Directory on a
local file system for later upload to a web server.
* gpg: New --list-option "show-only-fpr-mbox". This makes the use
of the new gpg-wks-client --install-key command easier on Windows.
* gpg: Improve processing speed when --skip-verify is used.
* gpg: Fix a bug where a LF was accidentally written to the console.
* gpg: --card-status now shwos whether a card has the new KDF
feature enabled.
* agent: New runtime option --s2k-calibration=MSEC. New configure
option --with-agent-s2k-calibration=MSEC.
[https://dev.gnupg.org/T3399]
* dirmngr: Try another keyserver from the pool on receiving a 502,
503, or 504 error. [https://dev.gnupg.org/T4175]
* dirmngr: Avoid possible CSRF attacks via http redirects. A HTTP
query will not anymore follow a 3xx redirect unless the Location
header gives the same host. If the host is different only the
host and port is taken from the Location header and the original
path and query parts are kept.
* dirmngr: New command FLUSHCRL to flush all CRLS from disk and
memory. [https://dev.gnupg.org/T3967]
* New simplified Chinese translation (zh_CN).
Release-info: https://dev.gnupg.org/T4289
|
Wednesday, 7 Nov 2018
|
04:30 adamw
Update gnupg to 2.2.11
* gpgsm: Fix CRL loading when intermediate certicates are not yet
trusted.
* gpgsm: Fix an error message about the digest algo. [#4219]
* gpg: Fix a wrong warning due to new sign usage check introduced
with 2.2.9. [#4014]
* gpg: Print the "data source" even for an unsuccessful keyserver
query.
* gpg: Do not store the TOFU trust model in the trustdb. This
allows to enable or disable a TOFO model without triggering a
trustdb rebuild. [#4134]
* scd: Fix cases of "Bad PIN" after using "forcesig". [#4177]
* agent: Fix possible hang in the ssh handler. [#4221]
* dirmngr: Tack the unmodified mail address to a WKD request. See
commit a2bd4a64e5b057f291a60a9499f881dd47745e2f for details.
* dirmngr: Tweak diagnostic about missing LDAP server file.
* dirmngr: In verbose mode print the OCSP responder id.
* dirmngr: Fix parsing of the LDAP port. [#4230]
* wks: Add option --directory/-C to the server. Always build the
server on Unix systems.
* wks: Add option --with-colons to the client. Support sites which
use the policy file instead of the submission-address file.
* Fix EBADF when gpg et al. are called by broken CGI scripts.
* Fix some minor memory leaks and bugs.
Release-info: https://dev.gnupg.org/T4233
|
Thursday, 30 Aug 2018
|
14:45 adamw
Update gnupg to 2.2.10 and add LARGE_RSA option
The LARGE_RSA option [1] enables 8192-bit keys, though GnuPG's lead
author does not recommend using it routinely.
Also, sort OPTIONS, and move an explanation of the SUID option from
the Makefile into pkg-help, where it belongs.
Major changes:
gpg: Refresh expired keys originating from the WKD.
gpg: Use a 256 KiB limit for a WKD imported key.
gpg: New option --known-notation.
scd: Add support for the Trustica Cryptoucan reader.
agent: Speed up starting during on-demand launching.
dirmngr: Validate SRV records in WKD queries.
Release-info: https://dev.gnupg.org/T4112
PR: 230610 [1]
Submitted by: Dmitri Goutnik
Reported by: p5B2E9A8F t online de
|
Thursday, 12 Jul 2018
|
17:34 adamw
Update gnupg to 2.2.9
* dirmngr: Fix recursive resolver mode and other bugs in the libdns
code. [#3374,#3803,#3610]
* dirmngr: When using libgpg-error 1.32 or later a GnuPG build with
NTBTLS support (e.g. the standard Windows installer) does not
anymore block for dozens of seconds before returning data. If you
still have problems on Windows, please consider to use one of the
options disable-ipv4 or disable-ipv6.
* gpg: Fix bug in --show-keys which actually imported revocation
certificates. [#4017]
* gpg: Ignore too long user-ID and comment packets. [#4022]
* gpg: Fix crash due to bad German translation. Improved printf
format compile time check.
* gpg: Handle missing ISSUER sub packet gracefully in the presence of
the new ISSUER_FPR. [#4046]
* gpg: Allow decryption using several passphrases in most cases.
[#3795,#4050]
* gpg: Command --show-keys now enables the list options
show-unusable-uids, show-unusable-subkeys, show-notations and
show-policy-urls by default.
* gpg: Command --show-keys now prints revocation certificates. [#4018]
* gpg: Add revocation reason to the "rev" and "rvs" records of the
option --with-colons. [#1173]
* gpg: Export option export-clean does now remove certain expired
subkeys; export-minimal removes all expired subkeys. [#3622]
* gpg: New "usage" property for the drop-subkey filters. [#4019]
MFH: 2018Q3
|
Friday, 8 Jun 2018
|
14:18 adamw
Update gnupg to 2.2.8 (security release)
CVE-2018-12020:
The OpenPGP protocol allows to include the file name of the original
input file into a signed or encrypted message. During decryption and
verification the GPG tool can display a notice with that file name. The
displayed file name is not sanitized and as such may include line feeds
or other control characters. This can be used inject terminal control
sequences into the out and, worse, to fake the so-called status
messages. These status messages are parsed by programs to get
information from gpg about the validity of a signature and an other
parameters. Status messages are created with the option "--status-fd N"
where N is a file descriptor. Now if N is 2 the status messages and the
regular diagnostic messages share the stderr output channel. By using a
made up file name in the message it is possible to fake status messages.
Using this technique it is for example possible to fake the verification
status of a signed mail.
Also:
* gpg: Decryption of messages not using the MDC mode will now lead
to a hard failure even if a legacy cipher algorithm was used. The
option --ignore-mdc-error can be used to turn this failure into a
warning. Take care: Never use that option unconditionally or
without a prior warning.
* gpg: The MDC encryption mode is now always used regardless of the
cipher algorithm or any preferences. For testing --rfc2440 can be
used to create a message without an MDC.
* gpg: Sanitize the diagnostic output of the original file name in
verbose mode. [#4012,CVE-2018-12020]
* gpg: Detect suspicious multiple plaintext packets in a more
reliable way. [#4000]
* gpg: Fix the duplicate key signature detection code. [#3994]
* gpg: The options --no-mdc-warn, --force-mdc, --no-force-mdc,
--disable-mdc and --no-disable-mdc have no more effect.
* agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the
list of startup environment variables. [#3947]
MFH: 2018Q2
Security: CVE-2018-12020
|
Friday, 4 May 2018
|
12:31 adamw
Update gnupg to 2.2.7
Also, remove unnecessary USE_LDCONFIG.
* gpg: New option --no-symkey-cache to disable the passphrase cache
for symmetrical en- and decryption.
* gpg: The ERRSIG status now prints the fingerprint if that is part
of the signature.
* gpg: Relax emitting of FAILURE status lines
* gpg: Add a status flag to "sig" lines printed with --list-sigs.
* gpg: Fix "Too many open files" when using --multifile. [#3951]
* ssh: Return an error for unknown ssh-agent flags. [#3880]
* dirmngr: Fix a regression since 2.1.16 which caused corrupted CRL
caches under Windows. [#2448,#3923]
* dirmngr: Fix a CNAME problem with pools and TLS. Also use a fixed
mapping of keys.gnupg.net to sks-keyservers.net. [#3755]
* dirmngr: Try resurrecting dead hosts earlier (from 3 to 1.5 hours).
* dirmngr: Fallback to CRL if no default OCSP responder is configured.
* dirmngr: Implement CRL fetching via https. Here a redirection to
http is explictly allowed.
* dirmngr: Make LDAP searching and CRL fetching work under Windows.
This stopped working with 2.1. [#3937]
* agent,dirmngr: New sub-command "getenv" for "getinfo" to ease
debugging.
|
Wednesday, 11 Apr 2018
|
00:56 adamw
Update gnupg to 2.2.6
* gpg,gpgsm: New option --request-origin to pretend requests coming
from a browser or a remote site.
* gpg: Fix race condition on trustdb.gpg updates due to too early
released lock. [#3839]
* gpg: Emit FAILURE status lines in almost all cases. [#3872]
* gpg: Implement --dry-run for --passwd to make checking a key's
passphrase straightforward.
* gpg: Make sure to only accept a certification capable key for key
signatures. [#3844]
* gpg: Better user interaction in --card-edit for the factory-reset
sub-command.
* gpg: Improve changing key attributes in --card-edit by adding an
explicit "key-attr" sub-command. [#3781]
* gpg: Print the keygrips in the --card-status.
* scd: Support KDF DO setup. [#3823]
* scd: Fix some issues with PC/SC on Windows. [#3825]
* scd: Fix suspend/resume handling in the CCID driver.
* agent: Evict cached passphrases also via a timer. [#3829]
* agent: Use separate passphrase caches depending on the request
origin. [#3858]
* ssh: Support signature flags. [#3880]
* dirmngr: Handle failures related to missing IPv6 support
gracefully. [#3331]
* Fix corner cases related to specified home directory with
drive letter on Windows. [#3720]
* Allow the use of UNC directory names as homedir. [#3818]
|
Friday, 23 Feb 2018
|
14:24 adamw
Update gnupg to 2.2.5
Changes: https://lists.gnupg.org/pipermail/gnupg-announce/2018q1/000420.html
|
Thursday, 21 Dec 2017
|
01:16 adamw
Update gnupg to 2.2.4. Bump the libassuan requirement to 2.5.1.
* gpg: Change default preferences to prefer SHA512.
* gpg: Print a warning when more than 150 MiB are encrypted using a
cipher with 64 bit block size.
* gpg: Print a warning if the MDC feature has not been used for a
message.
* gpg: Fix regular expression of domain addresses in trust
signatures. [#2923]
* agent: New option --auto-expand-secmem to help with high numbers
of concurrent connections. Requires libgcrypt 1.8.2 for having
an effect. [#3530]
* dirmngr: Cache responses of WKD queries.
* gpgconf: Add option --status-fd.
* wks: Add commands --check and --remove-key to gpg-wks-server.
* Increase the backlog parameter of the daemons to 64 and add
option --listen-backlog.
* New configure option --enable-run-gnupg-user-socket to first try a
socket directory which is not removed by systemd at session end.
|
Wednesday, 22 Nov 2017
|
02:04 adamw
Update to 2.2.3
* gpgsm: Fix initial keybox creation on Windows. [#3507]
* dirmngr: Fix crash in case of a CRL loading error. [#3510]
* Fix the name of the Windows registry key. [Git#4f5afaf1fd]
* gpgtar: Fix wrong behaviour of --set-filename. [#3500]
* gpg: Silence AKL retrieval messages. [#3504]
* agent: Use clock or clock_gettime for calibration. [#3056]
* agent: Improve robustness of the shutdown pending
state. [Git#7ffedfab89]
|
Thursday, 9 Nov 2017
|
17:03 adamw
Update to 2.2.2
Also, improve COMMENT, which conflicted with the pkg-descr.
* gpg: Avoid duplicate key imports by concurrently running gpg
processes. [#3446]
* gpg: Fix creating on-disk subkey with on-card primary key. [#3280]
* gpg: Fix validity retrieval for multiple keyrings. [Debian#878812]
* gpg: Fix --dry-run and import option show-only for secret keys.
* gpg: Print "sec" or "sbb" for secret keys with import option
import-show. [#3431]
* gpg: Make import less verbose. [#3397]
* gpg: Add alias "Key-Grip" for parameter "Keygrip" and new
parameter "Subkey-Grip" to unattended key generation. [#3478]
* gpg: Improve "factory-reset" command for OpenPGP cards. [#3286]
* gpg: Ease switching Gnuk tokens into ECC mode by using the magic
keysize value 25519.
* gpgsm: Fix --with-colon listing in crt records for fields > 12.
* gpgsm: Do not expect X.509 keyids to be unique. [#1644]
* agent: Fix stucked Pinentry when using --max-passphrase-days. [#3190]
* agent: New option --s2k-count. [#3276 (workaround)]
* dirmngr: Do not follow https-to-http redirects. [#3436]
* dirmngr: Reduce default LDAP timeout from 100 to 15 seconds. [#3487]
* gpgconf: Ignore non-installed components for commands
--apply-profile and --apply-defaults. [#3313]
* Add configure option --enable-werror. [#2423]
|
Tuesday, 19 Sep 2017
|
18:31 adamw
Update gnupg to 2.2.1, and remove the security/gnupg22 port
I misjudged the timeline for 2.3, and had not processed that the
intent of 2.3 is different from 2.1. Rather than 2.3 being a "modern"
branch and 2.2 being purely "stable," 2.3 will be development and
users are encouraged to remain on 2.2. Furthermore, upstream doesn't
expent a 2.3 release for a year or so.
Accordingly, I'm removing the gnupg22 port and updating security/gnupg
to be 2.2. gnugp20 is still scheduled for deletion at the end of the
year.
|
Thursday, 10 Aug 2017
|
01:31 adamw
Update to 2.1.23, and use the correct TEST_TARGET.
* gpg: Options --auto-key-retrieve and --auto-key-locate "local,wkd"
are now used by default. Note: this enables keyserver and Web Key
Directory operators to notice when a signature from a locally
non-available key is being verified for the first time or when
you intend to encrypt to a mail address without having the key
locally. This new behaviour will eventually make key discovery
much easier and mostly automatic. Disable this by adding
no-auto-key-retrieve
auto-key-locate local
to your gpg.conf.
* agent: Option --no-grab is now the default. The new option --grab
allows to revert this.
* gpg: New import option "show-only".
* gpg: New option --disable-dirmngr to entirely disable network
access for gpg.
* gpg,gpgsm: Tweaked DE-VS compliance behaviour.
* New configure flag --enable-all-tests to run more extensive tests
during "make check".
* gpgsm: The keygrip is now always printed in colon mode as
documented in the man page.
|
Saturday, 5 Aug 2017
|
17:32 adamw
Update to 2.1.22.
Noteworthy changes in version 2.1.22
====================================
* gpg: Extend command --quick-set-expire to allow for setting the
expiration time of subkeys.
* gpg: By default try to repair keys during import. New sub-option
no-repair-keys for --import-options.
* gpg,gpgsm: Improved checking and reporting of DE-VS compliance.
* gpg: New options --key-origin and --with-key-origin. Store the
time of the last key update from keyservers, WKD, or DANE.
* agent: New option --ssh-fingerprint-digest.
* dimngr: Lower timeouts on keyserver connection attempts and made
it configurable.
* dirmngr: Tor will now automatically be detected and used. The
option --no-use-tor disables Tor detection.
* dirmngr: Now detects a changed /etc/resolv.conf.
* agent,dirmngr: Initiate shutdown on removal of the GnuPG home
directory.
* gpg: Avoid caching passphrase for failed symmetric encryption.
* agent: Support for unprotected ssh keys.
* dirmngr: Fixed name resolving on systems using only v6
nameservers.
* dirmngr: Allow the use of TLS over http proxies.
* w32: Change directory of the daemons after startup.
* wks: New man pages for client and server.
A detailed description of the changes found in this 2.1 branch can be
found at <https://gnupg.org/faq/whats-new-in-2.1.html>.
|
Monday, 15 May 2017
|
22:24 adamw
Update to 2.1.21, which in particular fixes a keyring corruption bug.
* gpg,gpgsm: Fix corruption of old style keyring.gpg files. This
bug was introduced with version 2.1.20. Note that the default
pubring.kbx format was not affected.
* gpg,dirmngr: Removed the skeleton config file support. The
system's standard methods for providing default configuration
files should be used instead.
* w32: The Windows installer now allows installion of GnuPG without
Administrator permissions.
* gpg: Fixed import filter property match bug.
* scd: Removed Linux support for Cardman 4040 PCMCIA reader.
* scd: Fixed some corner case bugs in resume/suspend handling.
* Many minor bug fixes and code cleanup.
MFH: 2017Q2
|
Monday, 3 Apr 2017
|
20:53 adamw
Update to 2.1.20.
* gpg: New properties 'expired', 'revoked', and 'disabled' for the
import and export filters.
* gpg: New command --quick-set-primary-uid.
* gpg: New compliance field for the --with-colon key listing.
* gpg: Changed the key parser to generalize the processing of local
meta data packets.
* gpg: Fixed assertion failure in the TOFU trust model.
* gpg: Fixed exporting of zero length user ID packets.
* scd: Improved support for multiple readers.
* scd: Fixed timeout handling for key generation.
* agent: New option --enable-extended-key-format.
* dirmngr: Do not add a keyserver to a new dirmngr.conf. Dirmngr
uses a default keyserver.
* dimngr: Do not treat TLS warning alerts as severe error when
building with GNUTLS.
* dirmngr: Actually take /etc/hosts in account.
* wks: Fixed client problems on Windows. Published keys are now set
to world-readable.
* tests: Fixed creation of temporary directories.
* A socket directory for a non standard GNUGHOME is now created on
the fly under /run/user. Thus "gpgconf --create-socketdir" is now
optional. The use of "gpgconf --remove-socketdir" to clean up
obsolete socket directories is however recommended to avoid
cluttering /run/user with useless directories.
* Fixed build problems on some platforms.
|
Friday, 3 Mar 2017
|
03:43 adamw
Update to 2.1.19.
Noteworthy changes in version 2.1.19
====================================
* gpg: Print a warning if Tor mode is requested but the Tor daemon
is not running.
* gpg: New status code DECRYPTION_KEY to print the actual private
key used for decryption.
* gpgv: New options --log-file and --debug.
* gpg-agent: Revamp the prompts to ask for card PINs.
* scd: Support for multiple card readers.
* scd: Removed option --debug-disable-ticker. Ticker is used
only when it is required to watch removal of device/card.
* scd: Improved detection of card inserting and removal.
* dirmngr: New option --disable-ipv4.
* dirmngr: New option --no-use-tor to explicitly disable the use of
Tor.
* dirmngr: The option --allow-version-check is now required even if
the option --use-tor is also used.
* dirmngr: Handle a missing nsswitch.conf gracefully.
* dirmngr: Avoid PTR lookups for keyserver pools. The are only done
for the debug command "keyserver --hosttable".
* dirmngr: Rework the internal certificate cache to support classes
of certificates. Load system provided certificates on startup.
Add options --tls, --no-crl, and --systrust to the "VALIDATE"
command.
* dirmngr: Add support for the ntbtls library.
* wks: Create mails with a "WKS-Phase" header. Fix detection of
Draft-2 mode.
* The Windows installer is now build with limited TLS support.
* Many other bug fixes and new regression tests.
A detailed description of the changes found in this 2.1 branch can be
found at <https://gnupg.org/faq/whats-new-in-2.1.html>.
|
Monday, 23 Jan 2017
|
23:01 adamw
Update to 2.1.18
Noteworthy changes in version 2.1.18
====================================
* gpg: Remove bogus subkey signature while cleaning a key (with
export-clean, import-clean, or --edit-key's sub-command clean)
* gpg: Allow freezing the clock with --faked-system-time.
* gpg: New --export-option flag "backup", new --import-option flag
"restore".
* gpg-agent: Fixed long delay due to a regression in the progress
callback code.
* scd: Lots of code cleanup and internal changes.
* scd: Improved the internal CCID driver.
* dirmngr: Fixed problem with the DNS glue code (removal of the
trailing dot in domain names).
* dirmngr: Make sure that Tor is actually enabled after changing the
conf file and sending SIGHUP or "gpgconf --reload dirmngr".
* dirmngr: Fixed Tor access to IPv6 addresses. Note that current
versions of Tor may require that the flag "IPv6Traffic" is used
with the option "SocksPort" in torrc to actually allow IPv6
traffic.
* dirmngr: Fixed HKP for literally given IPv6 addresses.
* dirmngr: Enabled reverse DNS lookups via Tor.
* dirmngr: Added experimental SRV record lookup for WKD.
See commit 88dc3af3d4ae1afe1d5e136bc4c38bc4e7d4cd10 for details.
* dirmngr: For HKP use "pgpkey-hkps" and "pgpkey-hkp" in SRV record
lookups. Avoid SRV record lookup when a port is explicitly
specified. This fixes a regression from the 1.4 and 2.0 behavior.
* dirmngr: Gracefully handle a missing /etc/nsswitch.conf. Ignore
negation terms (e.g. "[!UNAVAIL=return]" instead of bailing out.
* dirmngr: Better debug output for flags "dns" and "network".
* dirmngr: On reload mark all known HKP servers alive.
* gpgconf: Allow keyword "all" for --launch, --kill, and --reload.
* tools: gpg-wks-client now ignores a missing policy file on the
server.
* Avoid unnecessary ambiguity error message in the option parsing.
* Further improvements of the regression test suite.
* Fixed building with --disable-libdns configure option.
* Fixed a crash running the tests on 32 bit architectures.
* Fixed spurious failures on BSD system in the spawn functions.
This affected for example gpg-wks-client and gpgconf.
|
Saturday, 14 Jan 2017
|
23:46 adamw
Update GnuPG to 2.1.17 which resolves the following error that resulted when
attempting to use the --export-ssh-key option.
gpg: Ohhhh jeeee: Assertion "ret_found_key == NULL || ret_keyblock != NULL" in
lookup failed (getkey.c:3677)
The KDNS option is removed with this update because upstream dropped use of
adns in favor of a bundled libdns which is used by default. Also, removed an
obsolete patch.
PR: 216057
Submitted by: Matthew Rezny
|
Tuesday, 10 Jan 2017
|
02:38 adamw
A little more detail into COMMENT, reflow the pkg-descr, and use pro mode
for the plist.
|
Sunday, 20 Nov 2016
|
12:18 novel
security/gnupg: update to 2.1.16
This release fixes an issue that the previous gnupg release (2.1.15)
was incompatible with libgpg-error 1.25 that caused gpg-agent failing
to start.
PR: 214568
Submitted by: cmt
Tested by: cmt
Reported by: many
|
Tuesday, 18 Oct 2016
|
18:45 cmt
update gnupg to 2.1.15
PR: 212355
Approved by: rene (mentor)
Approved by: maintainer timeout
|
Monday, 20 Jun 2016
|
10:49 kuriyama
- Upgrade to 2.1.13 (minor bugfixes).
|
Friday, 6 May 2016
|
15:48 kuriyama
- Upgrade to 2.1.12 (bugfixes).
|
Friday, 19 Feb 2016
|
11:12 rakuco
Regenerate distinfo information for gnupg-2.1.11.tar.bz2.sig.
This fixes `make fetch'.
The actual hash and sizes are different, as mentioned in the associated PR.
I have also checked it manually, and verified the tarball's signature with
`gpg --verify gnupg-2.1.11.tar.bz2.sig gnupg-2.1.11.tar.bz2'.
I don't understand how this happened, but it looks similar to bug 202312.
PR: 207327
Submitted by: Trond.Endrestol@ximalas.info
|
06:25 kuriyama
Update to 2.1.11 (minor fixes, with upstream patch).
|
Monday, 14 Sep 2015
|
00:27 kuriyama
- Upgrade to 2.1.8 (minor bugfixes).
|
Monday, 17 Aug 2015
|
01:47 kuriyama
Add more signature (locally verified).
PR: ports/202312
Submitted by: igorz@yandex.ru
|
Tuesday, 11 Aug 2015
|
22:50 kuriyama
- Upgrade to 2.1.7 (minor fixes).
|
Thursday, 2 Jul 2015
|
14:10 kuriyama
- Upgrade to 2.1.6 (minor bugfixes).
Announce: https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000370.html
|
Saturday, 13 Jun 2015
|
07:34 kuriyama
- Upgrade to 2.1.5 (bugfixes, minor enhancements).
|
Sunday, 24 May 2015
|
12:55 kuriyama
- Update dist signature file.
Old one has "Werner Koch (dist sig)" only (287 bytes). New one adds
"NIIBE Yutaka (GnuPG Release Key) <gniibe@fsij.org>" signature (574 bytes).
I verified both of signature files.
Reported by: Lena@lena.kiev.ua
|
Tuesday, 19 May 2015
|
14:16 kuriyama
Upgrade to 2.1.4 (bugfixes since 2.1.2).
|
Wednesday, 18 Feb 2015
|
22:31 kuriyama
- Upgrade to 2.1.2 (bugfixes).
|
Sunday, 28 Dec 2014
|
14:04 kuriyama
- Upgrade to 2.1.1 and various fixes.
Sorry for mess at introducing 2.1.0. This branch is *modern* release,
and please use security/gnupg{1,20} for stable gpg. Patches are welcome
to use DEFAULT_VERSIONS. :-)
PR: ports/195489, ports/195931, ports/195459, ports/196301
Submitted by: rakuco, Matthew West <freebsd@r.zeeb.org>, Phil Pennock
<freebsd@phil.spodhuis.org>, tijl
|
Thursday, 20 Nov 2014
|
05:11 kuriyama
- Upgrade security/gnupg to 2.1.0 (modern release) and copy previous
as security/gnupg20 (stable release).
- Set PINENTRY as default option.
|
Thursday, 14 Aug 2014
|
22:16 kuriyama
- Upgrade to 2.0.26 (minor fixes).
|
Monday, 30 Jun 2014
|
22:44 kuriyama
- Upgrade to 2.0.25 (bugfix).
- Fix STD_SOCKET option argument [1].
PR: ports/191150 [1]
Submitted by: mazhe@alkumuna.eu [1]
|
Tuesday, 24 Jun 2014
|
14:42 kuriyama
- Upgrade to 2.0.24 (security).
- Explicitly depends on libgpg-error>=1.11 [1]
- Turn on PINENTRY option by default [2]
(I don't like this, but by popular demand for years...)
Submitted by: dereckson@gmail.com [1], sbruno [2]
PR: ports/138424 [1], ports/189394 [2]
|
Tuesday, 3 Jun 2014
|
12:19 kuriyama
- Upgrade to 2.0.23 (minor enhancement).
|
Saturday, 5 Oct 2013
|
09:34 kuriyama
- Upgrade 2.0.22 (security, VuXML entry will follow).
- Pet portlint about pkg-plist.
- Use $STAGEDIR.
- Turn setuid knob to OptionsNG [1]
PR: ports/181495 [1]
Submitted by: Matthew Luckie <mjl@luckie.org.nz> [1]
|
Monday, 19 Aug 2013
|
13:29 kuriyama
- Upgrade to 2.0.21 (minor improvements).
|
Saturday, 11 May 2013
|
01:38 kuriyama
- Upgrade to 2.0.20.
|
Tuesday, 27 Mar 2012
|
10:03 kuriyama
- Upgrade to 2.0.19.
Feature safe: yes
|
Friday, 5 Aug 2011
|
00:35 kuriyama
- Upgrade to 2.0.18:
- Support the SSH confirm flag and show SSH fingerprints in ssh
related pinentries.
- Improved dirmngr/gpgsm interaction for OCSP.
- Allow generation of card keys up to 4096 bit.
- Improve for port:
- Remove patch that was incorporated into this release.
- Remove redundant BUILD_DEPENDS.
- Patching should be done in a -patch target. Silence the REINPLACE.
Submitted by: dougb
PR: ports/159520
|
Tuesday, 8 Feb 2011
|
03:40 dougb
Version 2.0.17 was released on 2011-01-13:
What's New
===========
* Allow more hash algorithms with the OpenPGP v2 card.
* The gpg-agent now tests for a new gpg-agent.conf on a HUP.
* Fixed output of "gpgconf --check-options".
* Fixed a bug where Scdaemon sends a signal to Gpg-agent running in
non-daemon mode.
* Fixed TTY management for pinentries and session variable update
problem.
* Minor bug fixes.
For the port:
Camellia stopped being a configure option in 2.0.12
Fix minor typo for GPGSM OPTION
Minor plist update for 2.0.17
files/patch-keybox-blob.c seems to be no longer needed [2]
PR: ports/153984
Submitted by: me
Submitted by: Hirohisa Yamaguchi <umq@ueo.co.jp> [2]
Approved by: maintainer timeout (24 days)
Feature safe: yes
|
Tuesday, 20 Jul 2010
|
14:01 kuriyama
- Upgrade to 2.0.16.
- Add license info.
PR: ports/148756
Submitted by: Hirohisa Yamaguchi <umq@ueo.co.jp>
|
Thursday, 17 Jun 2010
|
21:33 dougb
Update to version 2.0.15, which has the following changes:
* New command --passwd for GPG.
* Fixes a regression in 2.0.14 which prevented unprotection of new
or changed gpg-agent passphrases.
* Make use of libassuan 2.0 which is available as a DSO.
For the port:
* Since libassuan is now a shared lib, move it LIB_DEPENDS
* Remove now-spurious CONFLICTS
Approved by: maintainer
|
Tuesday, 22 Dec 2009
|
08:24 kuriyama
- Upgrade to 2.0.14.
|
Saturday, 5 Sep 2009
|
15:22 kuriyama
- Upgrade to 2.0.13.
|
Wednesday, 17 Jun 2009
|
14:59 kuriyama
- Upgrade to 2.0.12.
- Turn on Camellia option (rfc5581 published).
PR: ports/135668
Submitted by: Hirohisa Yamaguchi <umq@ueo.co.jp>
|
Wednesday, 4 Mar 2009
|
14:27 kuriyama
Upgrade to 2.0.11 (minor fixes).
|
Tuesday, 13 Jan 2009
|
01:24 kuriyama
Upgrade to 2.0.10.
PR: ports/130430
Submitted by: Hirohisa Yamaguchi <umq@ueo.co.jp>
Announcement:
https://lists.gnupg.org/pipermail/gnupg-announce/2009q1/000284.html
|
Saturday, 26 Apr 2008
|
23:48 miwi
- Update to 2.0.9
Notes:
This update fixes a possible security vulnerability involving
memory corruption from importing malicious keys.
PR: 122114/122349
Submitted by: Hirohisa Yamaguchi <umq@ueo.co.jp> / Nick Barkas
<snb@threerings.net>
Approved by: maintainer timeout
Security:
http://www.vuxml.org/freebsd/30394651-13e1-11dd-bab7-0016179b2dd5.html
|
Tuesday, 4 Mar 2008
|
22:57 kuriyama
- Upgrade to 2.0.8.
- Change dependency versions.
- NLS option back again.
- Make GPGSM option off by default (to avoid ldap dependency in package).
PR: ports/118895
Submitted by: Hirohisa Yamaguchi <umq@ueo.co.jp>
|
Saturday, 16 Jun 2007
|
03:20 kuriyama
Upgrade to 2.0.4 (maintainance release with a few minor enhancements).
PR: ports/113676
Submitted by: Hirohisa Yamaguchi <umq@ueo.co.jp>
|
Thursday, 8 Mar 2007
|
21:20 kuriyama
- Upgrade to 2.0.3 (including same safety belt as of 1.4.7).
References:
http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html
|
Saturday, 3 Feb 2007
|
03:08 kuriyama
- Upgrade to 2.0.2.
|
Thursday, 21 Dec 2006
|
13:31 kuriyama
- Upgrade gnupg to 2.0.1. Old stable version (1.4.6) was repocopied
to security/gnupg1.
Thanks to: dougb, lofi
|
Thursday, 7 Dec 2006
|
00:34 kuriyama
- Upgrade to 1.4.6 (including security fix).
Security: CVE-2006-6235
References:
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html
|
Wednesday, 2 Aug 2006
|
01:34 kuriyama
- Upgrade to 1.4.5.
(fixes 2 more possible memory allocation attacks).
- Enable OPTIONS [1].
Security:
http://lists.gnupg.org/pipermail/gnupg-announce/2006q3/000229.html
PR: ports/93540 [1]
Submitted by: Pawel Wieleba <P.Wieleba@iem.pw.edu.pl> [1]
|
Sunday, 25 Jun 2006
|
23:32 kuriyama
- Upgrade to 1.4.4.
(fixes user ID handling bug).
Security:
http://lists.gnupg.org/pipermail/gnupg-announce/2006q2/000226.html
|
Monday, 3 Apr 2006
|
12:57 kuriyama
- Upgrade to 1.4.3.
- Handle hidden dependency on libusb (1).
Submitted by: Peter Pentchev <roam@ringlet.net> (1)
|
Thursday, 9 Mar 2006
|
22:44 kuriyama
Update to 1.4.2.2.
Security: GnuPG does not detect injection of unsigned data
References:
http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html
Probbed by: simon
Approved by: portmgr (erwin)
|
Wednesday, 15 Feb 2006
|
08:56 kuriyama
Upgrade to 1.4.2.1.
Security: False positive signature verification in GnuPG
References:
http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html
Prodded by: simon
|
Friday, 16 Dec 2005
|
02:16 kuriyama
Add SHA256.
PR: ports/90105
Submitted by: Thomas Vogt <thomas@bsdunix.ch>
|
Sunday, 31 Jul 2005
|
22:31 kuriyama
Upgrade to 1.4.2.
PR: ports/84289
Submitted by: Vasil Dimov <vd@datamax.bg>
|
Sunday, 24 Apr 2005
|
04:42 kuriyama
Upgrade to 1.4.1.
PR: ports/80157
Submitted by: Vasil Dimov <vd@datamax.bg>
Kindly knocked by: dougb
|
Wednesday, 29 Dec 2004
|
15:40 kuriyama
Upgrade to 1.4.0.
|
Tuesday, 31 Aug 2004
|
10:04 osa
Update to 1.2.6.
Utilize DOCSDIR and DATADIR macros.
Approved by: kuriyama (maintainer)
|
Tuesday, 3 Aug 2004
|
06:30 kuriyama
- Upgrade to 1.2.5.
- Remove unnecessary "@unexec rmdir"s for locales.
|
Thursday, 18 Mar 2004
|
00:48 kuriyama
SIZEify.
Submitted by: trevor
|
Wednesday, 24 Dec 2003
|
05:59 kuriyama
Upgrade to 1.2.4.
|
Saturday, 23 Aug 2003
|
06:34 kuriyama
o Upgrade to 1.2.3.
o Remove explicit --enable-tiger from $CONFIGURE_ARGS. This feature will
be removed from GnuPG.
|
Tuesday, 6 May 2003
|
15:09 kuriyama
Upgrade to 1.2.2.
|
Saturday, 26 Oct 2002
|
05:07 kuriyama
Upgrade to 1.2.1.
|
Sunday, 6 Oct 2002
|
08:55 kuriyama
Upgrade to 1.2.0.
PR: ports/43211
Submitted by: Jason Harris <jharris@widomaker.com>
Modified by: kuriyama (for WITH_LDAP)
|
Tuesday, 30 Apr 2002
|
13:13 kuriyama
Upgrade to 1.0.7.
See http://www.gnupg.org/whatsnew.html#rn20020429 for changelog.
|
Number of commits found: 104 (showing only 100 on this page) |