aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAdam Weinberger <adamw@FreeBSD.org>2021-04-08 18:44:52 +0000
committerAdam Weinberger <adamw@FreeBSD.org>2021-04-08 18:45:33 +0000
commit433d2e2d0cc31894e2660f4faf87b4cfcd59c08b (patch)
tree54686a33ba9f32e3058d7d59a10aa48065e9e349
parentc8b5781d44df119933a557b215c1cb542d632549 (diff)
downloadports-433d2e2d0cc31894e2660f4faf87b4cfcd59c08b.tar.gz
ports-433d2e2d0cc31894e2660f4faf87b4cfcd59c08b.zip
security/gnupg: Update to 2.3.0
Changes: * A new experimental key database daemon is provided. To enable it put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored in a SQLite database and make key lookup much faster. * New tool gpg-card as a flexible frontend for all types of supported smartcards. * New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and gpg-connect-agent. * The gpg-wks-client tool is now installed under bin; a wrapper for its old location at libexec is also installed. * tpm2d: New daemon to physically bind keys to the local machine. See https://gnupg.org/blog/20210315-using-tpm-with-gnupg-2.3.html * gpg: Switch to ed25519/cv25519 as default public key algorithms. * gpg: Verification results now depend on the --sender option and the signer's UID subpacket. [#4735] * gpg: Do not use any 64-bit block size cipher algorithm for encryption. Use AES as last resort cipher preference instead of 3DES. This can be reverted using --allow-old-cipher-algos. * gpg: Support AEAD encryption mode using OCB or EAX. * gpg: Support v5 keys and signatures. * gpg: Support curve X448 (ed448, cv448). * gpg: Allow use of group names in key listings. [e825aea2ba] * gpg: New option --full-timestrings to print date and time. * gpg: New option --force-sign-key. [#4584] * gpg: New option --no-auto-trust-new-key. * gpg: The legacy key discovery method PKA is no longer supported. The command --print-pka-records and the PKA related import and export options have been removed. * gpg: Support export of Ed448 Secure Shell keys. * gpgsm: Add basic ECC support. * gpgsm: Support creation of EdDSA certificates. [#4888] * agent: Allow the use of "Label:" in a key file to customize the pinentry prompt. [5388537806] * agent: Support ssh-agent extensions for environment variables. With a patched version of OpenSSH this avoids the need for the "updatestartuptty" kludge. [224e26cf7b] * scd: Improve support for multiple card readers and tokens. * scd: Support PIV cards. * scd: Support for Rohde&Schwarz Cybersecurity cards. * scd: Support Telesec Signature Cards v2.0 * scd: Support multiple application on certain smartcard. * scd: New option --application-priority. * scd: New option --pcsc-shared; see man page for important notes. * dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs. * The symcryptrun tool, a wrapper for the now obsolete external Chiasmus tool, has been removed. * Full Unicode support under Windows for the command line. [#4398] Release-info: https://dev.gnupg.org/T5343
-rw-r--r--security/gnupg/Makefile4
-rw-r--r--security/gnupg/distinfo6
-rw-r--r--security/gnupg/files/patch-doc_scdaemon.texi14
-rw-r--r--security/gnupg/files/patch-scd_apdu.c11
-rw-r--r--security/gnupg/files/patch-scd_scdaemon.c36
-rw-r--r--security/gnupg/files/patch-scd_scdaemon.h11
-rw-r--r--security/gnupg/files/patch-tools_gpgconf-comp.c12
-rw-r--r--security/gnupg/pkg-plist14
8 files changed, 15 insertions, 93 deletions
diff --git a/security/gnupg/Makefile b/security/gnupg/Makefile
index 76c2132742c2..452308c269a0 100644
--- a/security/gnupg/Makefile
+++ b/security/gnupg/Makefile
@@ -1,5 +1,5 @@
PORTNAME= gnupg
-PORTVERSION= 2.2.27
+PORTVERSION= 2.3.0
CATEGORIES= security
MASTER_SITES= GNUPG
@@ -38,7 +38,7 @@ OPTIONS_SUB= yes
LARGE_RSA_DESC= Enable support for 8192-bit RSA keys
LDAP_DESC= LDAP keyserver interface
SCDAEMON_DESC= Enable Smartcard daemon (with libusb)
-SUID_GPG_DESC= Install GPG with suid
+SUID_GPG_DESC= Install GPG as SUID root
WKS_SERVER_DESC=Install the Web Key Service server
GNUTLS_CONFIGURE_ENABLE=gnutls
diff --git a/security/gnupg/distinfo b/security/gnupg/distinfo
index 094506df443f..61cff8e4eaa3 100644
--- a/security/gnupg/distinfo
+++ b/security/gnupg/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1610426077
-SHA256 (gnupg-2.2.27.tar.bz2) = 34e60009014ea16402069136e0a5f63d9b65f90096244975db5cea74b3d02399
-SIZE (gnupg-2.2.27.tar.bz2) = 7191555
+TIMESTAMP = 1617905248
+SHA256 (gnupg-2.3.0.tar.bz2) = 84c1ef39e8621cfb70f31463a5d1d8edeab44332bc1e0e1af9b78b6f9ed05bb4
+SIZE (gnupg-2.3.0.tar.bz2) = 7557228
diff --git a/security/gnupg/files/patch-doc_scdaemon.texi b/security/gnupg/files/patch-doc_scdaemon.texi
deleted file mode 100644
index f44dc1142da2..000000000000
--- a/security/gnupg/files/patch-doc_scdaemon.texi
+++ /dev/null
@@ -1,14 +0,0 @@
---- doc/scdaemon.texi.orig 2019-11-20 21:45:47 UTC
-+++ doc/scdaemon.texi
-@@ -300,6 +300,11 @@ Note that with the current version of Scdaemon the car
- down immediately at the next timer tick for any value of @var{n} other
- than 0.
-
-+@item --shared-access
-+@opindex shared-access
-+Open the smart card in shared mode, rather than exclusive. This will allow
-+other applications like PKCS#11 libraries to use the smart card concurrently.
-+
- @item --enable-pinpad-varlen
- @opindex enable-pinpad-varlen
- Please specify this option when the card reader supports variable
diff --git a/security/gnupg/files/patch-scd_apdu.c b/security/gnupg/files/patch-scd_apdu.c
deleted file mode 100644
index f3313b850367..000000000000
--- a/security/gnupg/files/patch-scd_apdu.c
+++ /dev/null
@@ -1,11 +0,0 @@
---- scd/apdu.c.orig 2019-07-09 09:08:45 UTC
-+++ scd/apdu.c
-@@ -816,7 +816,7 @@ connect_pcsc_card (int slot)
-
- err = pcsc_connect (reader_table[slot].pcsc.context,
- reader_table[slot].rdrname,
-- PCSC_SHARE_EXCLUSIVE,
-+ opt.shared_access ? PCSC_SHARE_SHARED : PCSC_SHARE_EXCLUSIVE,
- PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1,
- &reader_table[slot].pcsc.card,
- &reader_table[slot].pcsc.protocol);
diff --git a/security/gnupg/files/patch-scd_scdaemon.c b/security/gnupg/files/patch-scd_scdaemon.c
deleted file mode 100644
index 4b2e62255de6..000000000000
--- a/security/gnupg/files/patch-scd_scdaemon.c
+++ /dev/null
@@ -1,36 +0,0 @@
---- scd/scdaemon.c.orig 2019-07-09 09:08:45 UTC
-+++ scd/scdaemon.c
-@@ -99,6 +99,7 @@ enum cmd_and_opt_values
- oDenyAdmin,
- oDisableApplication,
- oEnablePinpadVarlen,
-+ oSharedAccess,
- oListenBacklog,
-
- oNoop
-@@ -164,6 +165,8 @@ static ARGPARSE_OPTS opts[] = {
- /* Stubs for options which are implemented by 2.3 or later. */
- ARGPARSE_s_s (oNoop, "application-priority", "@"),
-
-+ ARGPARSE_s_n (oSharedAccess, "shared-access", N_("use PCSC_SHARE_SHARED for pcsc_connect")),
-+
- ARGPARSE_end ()
- };
-
-@@ -629,6 +632,8 @@ main (int argc, char **argv )
-
- case oNoop: break;
-
-+ case oSharedAccess: opt.shared_access = 1; break;
-+
- default:
- pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
- break;
-@@ -727,6 +732,7 @@ main (int argc, char **argv )
- es_printf ("disable-pinpad:%lu:\n", GC_OPT_FLAG_NONE );
- es_printf ("card-timeout:%lu:%d:\n", GC_OPT_FLAG_DEFAULT, 0);
- es_printf ("enable-pinpad-varlen:%lu:\n", GC_OPT_FLAG_NONE );
-+ es_printf ("shared-access:%lu:\n", GC_OPT_FLAG_NONE );
-
- scd_exit (0);
- }
diff --git a/security/gnupg/files/patch-scd_scdaemon.h b/security/gnupg/files/patch-scd_scdaemon.h
deleted file mode 100644
index 66748abf6bd6..000000000000
--- a/security/gnupg/files/patch-scd_scdaemon.h
+++ /dev/null
@@ -1,11 +0,0 @@
---- scd/scdaemon.h.orig 2019-07-09 09:08:45 UTC
-+++ scd/scdaemon.h
-@@ -62,6 +62,8 @@ struct
- strlist_t disabled_applications; /* Card applications we do not
- want to use. */
- unsigned long card_timeout; /* Disconnect after N seconds of inactivity. */
-+
-+ int shared_access;
- } opt;
-
-
diff --git a/security/gnupg/files/patch-tools_gpgconf-comp.c b/security/gnupg/files/patch-tools_gpgconf-comp.c
deleted file mode 100644
index 51bb3c1aca41..000000000000
--- a/security/gnupg/files/patch-tools_gpgconf-comp.c
+++ /dev/null
@@ -1,12 +0,0 @@
---- tools/gpgconf-comp.c.orig 2019-07-09 09:08:45 UTC
-+++ tools/gpgconf-comp.c
-@@ -653,6 +653,9 @@ static gc_option_t gc_options_scdaemon[] =
- { "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
- "gnupg", "|N|disconnect the card after N seconds of inactivity",
- GC_ARG_TYPE_UINT32, GC_BACKEND_SCDAEMON },
-+ { "shared-access", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
-+ "gnupg", "use PCSC_SHARE_SHARED for pcsc_connect",
-+ GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
-
- { "Debug",
- GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
diff --git a/security/gnupg/pkg-plist b/security/gnupg/pkg-plist
index fb5cc8ca273c..77c212e987bd 100644
--- a/security/gnupg/pkg-plist
+++ b/security/gnupg/pkg-plist
@@ -1,7 +1,9 @@
-bin/dirmngr
-bin/dirmngr-client
+%%GNUTLS%%bin/dirmngr
+%%GNUTLS%%bin/dirmngr-client
bin/gpg-agent
+bin/gpg-card
bin/gpg-connect-agent
+bin/gpg-wks-client
%%WKS_SERVER%%bin/gpg-wks-server
%%SUID_GPG%%@(,,4555) bin/gpg2
%%NO_SUID_GPG%%bin/gpg2
@@ -16,12 +18,16 @@ bin/kbxutil
bin/watchgnupg
%%LDAP%%libexec/dirmngr_ldap
libexec/gpg-check-pattern
+libexec/gpg-pair-tool
libexec/gpg-preset-passphrase
libexec/gpg-protect-tool
libexec/gpg-wks-client
+libexec/keyboxd
%%SCDAEMON%%libexec/scdaemon
man/man1/dirmngr-client.1.gz
man/man1/gpg-agent.1.gz
+man/man1/gpg-card.1.gz
+man/man1/gpg-check-pattern.1.gz
man/man1/gpg-connect-agent.1.gz
man/man1/gpg-preset-passphrase.1.gz
man/man1/gpg-wks-client.1.gz
@@ -33,7 +39,6 @@ man/man1/gpgsm.1.gz
man/man1/gpgtar.1.gz
man/man1/gpgv2.1.gz
man/man1/scdaemon.1.gz
-man/man1/symcryptrun.1.gz
man/man1/watchgnupg.1.gz
man/man7/gnupg.7.gz
man/man8/addgnupghome.8.gz
@@ -55,6 +60,7 @@ sbin/applygnupgdefaults
%%PORTDOCS%%%%DOCSDIR%%/examples/debug.prf
%%PORTDOCS%%%%DOCSDIR%%/examples/gpgconf.conf
%%PORTDOCS%%%%DOCSDIR%%/examples/pwpattern.list
+%%PORTDOCS%%%%DOCSDIR%%/examples/qualified.txt
%%PORTDOCS%%%%DOCSDIR%%/examples/scd-event
%%PORTDOCS%%%%DOCSDIR%%/examples/systemd-user/README
%%PORTDOCS%%%%DOCSDIR%%/examples/systemd-user/dirmngr.service
@@ -94,7 +100,7 @@ sbin/applygnupgdefaults
%%PORTDOCS%%%%DOCSDIR%%/help.zh_CN.txt
%%PORTDOCS%%%%DOCSDIR%%/help.zh_TW.txt
%%DATADIR%%/distsigkey.gpg
-%%DATADIR%%/sks-keyservers.netCA.pem
+%%GNUTLS%%%%DATADIR%%/sks-keyservers.netCA.pem
%%NLS%%share/locale/ca/LC_MESSAGES/gnupg2.mo
%%NLS%%share/locale/cs/LC_MESSAGES/gnupg2.mo
%%NLS%%share/locale/da/LC_MESSAGES/gnupg2.mo