| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gpg: Ignore all key-signatures received from keyservers. This
change is required to mitigate a DoS due to keys flooded with
faked key-signatures. The old behaviour can be achieved by adding
keyserver-options no-self-sigs-only,no-import-clean
to your gpg.conf. [#4607]
* gpg: If an imported keyblocks is too large to be stored in the
keybox (pubring.kbx) do not error out but fallback to an import
using the options "self-sigs-only,import-clean". [#4591]
* gpg: New command --locate-external-key which can be used to
refresh keys from the Web Key Directory or via other methods
configured with --auto-key-locate.
* gpg: New import option "self-sigs-only".
* gpg: In --auto-key-retrieve prefer WKD over keyservers. [#4595]
* dirmngr: Support the "openpgpkey" subdomain feature from
draft-koch-openpgp-webkey-service-07. [#4590].
* dirmngr: Add an exception for the "openpgpkey" subdomain to the
CSRF protection. [#4603]
* dirmngr: Fix endless loop due to http errors 503 and 504. [#4600]
* dirmngr: Fix TLS bug during redirection of HKP requests. [#4566]
* gpgconf: Fix a race condition when killing components. [#4577]
Release-info: https://dev.gnupg.org/T4606
MFH: 2019Q3
Notes:
svn path=/head/; revision=506281
|
| |
|
|
| |
Notes:
svn path=/head/; revision=502962
|
| |
|
|
|
|
|
|
|
|
|
| |
- Bump PORTREVISION of dependent ports for shlib change
Changes: https://tiswww.case.edu/php/chet/readline/CHANGES
PR: 236156
Exp-run by: antoine
Notes:
svn path=/head/; revision=498476
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm: Fix --logger-fd and --status-fd on Windows for non-standard
file descriptors.
* sm: Allow decryption even if expired keys are configured. [#4431]
* agent: Change command KEYINFO to print ssh fingerprints with other
hash algos.
* dirmngr: Fix build problems on Solaris due to the use of reserved
symbol names. [#4420]
* wkd: New commands --print-wkd-hash and --print-wkd-url for
gpg-wks-client.
Release-info: https://dev.gnupg.org/T4434
Notes:
svn path=/head/; revision=496934
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dependency.
* gpg: Allow import of PGP desktop exported secret keys. Also avoid
importing secret keys if the secret keyblock is not valid. [#4392]
* gpg: Do not error out on version 5 keys in the local keyring.
* gpg: Make invalid primary key algo obvious in key listings.
* sm: Do not mark a certificate in a key listing as de-vs compliant
if its use for a signature will not be possible.
* sm: Fix certificate creation with key on card.
* sm: Create rsa3072 bit certificates by default.
* sm: Print Yubikey attestation extensions with --dump-cert.
* agent: Fix cancellation handling for scdaemon.
* agent: Support --mode=ssh option for CLEAR_PASSPHRASE. [#4340]
* scd: Fix flushing of the CA-FPR DOs in app-openpgp.
* scd: Avoid a conflict error with the "undefined" app.
* dirmngr: Add CSRF protection exception for protonmail.
* dirmngr: Fix build problems with gcc 9 in libdns.
* gpgconf: New option --show-socket for use wity --launch.
* gpgtar: Make option -C work for archive creation.
Release-info: https://dev.gnupg.org/T4412
PR: 236777
Submitted by: Yasuhiro Kimura
Notes:
svn path=/head/; revision=496862
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gpg: Implement key lookup via keygrip (using the & prefix).
* gpg: Allow generating Ed25519 key from existing key.
* gpg: Emit an ERROR status line if no key was found with -k.
* gpg: Stop early when trying to create a primary Elgamal key. [#4329]
* gpgsm: Print the card's key algorithms along with their keygrips
in interactive key generation.
* agent: Clear bogus pinentry cache in the error case. [#4348]
* scd: Support "acknowledge button" feature.
* scd: Fix for USB INTERRUPT transfer. [#4308]
* wks: Do no use compression for the the encrypted challenge and
response.
Release-info: https://dev.gnupg.org/T4290
Notes:
svn path=/head/; revision=492823
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools: New commands --install-key and --remove-key for
gpg-wks-client. This allows to prepare a Web Key Directory on a
local file system for later upload to a web server.
* gpg: New --list-option "show-only-fpr-mbox". This makes the use
of the new gpg-wks-client --install-key command easier on Windows.
* gpg: Improve processing speed when --skip-verify is used.
* gpg: Fix a bug where a LF was accidentally written to the console.
* gpg: --card-status now shwos whether a card has the new KDF
feature enabled.
* agent: New runtime option --s2k-calibration=MSEC. New configure
option --with-agent-s2k-calibration=MSEC.
[https://dev.gnupg.org/T3399]
* dirmngr: Try another keyserver from the pool on receiving a 502,
503, or 504 error. [https://dev.gnupg.org/T4175]
* dirmngr: Avoid possible CSRF attacks via http redirects. A HTTP
query will not anymore follow a 3xx redirect unless the Location
header gives the same host. If the host is different only the
host and port is taken from the Location header and the original
path and query parts are kept.
* dirmngr: New command FLUSHCRL to flush all CRLS from disk and
memory. [https://dev.gnupg.org/T3967]
* New simplified Chinese translation (zh_CN).
Release-info: https://dev.gnupg.org/T4289
Notes:
svn path=/head/; revision=487464
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
defined via Mk/bsd.default-versions.mk which has moved from GCC 7.4 t
GCC 8.2 under most circumstances.
This includes ports
- with USE_GCC=yes or USE_GCC=any,
- with USES=fortran,
- using Mk/bsd.octave.mk which in turn features USES=fortran, and
- with USES=compiler specifying openmp, nestedfct, c11, c++0x, c++11-lang,
c++11-lib, c++14-lang, c++17-lang, or gcc-c++11-lib
plus, as a double check, everything INDEX-11 showed depending on lang/gcc7.
PR: 231590
Notes:
svn path=/head/; revision=487272
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After a discussion on the mailing list on moving manpages to
${PREFIX}/share/man for consistency with base where it is
installed in usr/share/man, it appeared the same should happen
to GNU info files which were installed under share in base and
not in ports.
Now texinfo is not in base on any of the supported version of FreeBSD
it is possible to proceed to this move and it is easier to do than
the manpage change.
Other benefit than consistency are less patching: all build tools but
cmake are expecting info files to be under share/info and cmake (patched here)
was having an exception for BSD so the patch makes FreeBSD case less
specific for them
Bump revision of all impacted ports
PR: 232907
exp-run by: antoine
Differential Revision: https://reviews.freebsd.org/D17816
Notes:
svn path=/head/; revision=484628
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gpgsm: Fix CRL loading when intermediate certicates are not yet
trusted.
* gpgsm: Fix an error message about the digest algo. [#4219]
* gpg: Fix a wrong warning due to new sign usage check introduced
with 2.2.9. [#4014]
* gpg: Print the "data source" even for an unsuccessful keyserver
query.
* gpg: Do not store the TOFU trust model in the trustdb. This
allows to enable or disable a TOFO model without triggering a
trustdb rebuild. [#4134]
* scd: Fix cases of "Bad PIN" after using "forcesig". [#4177]
* agent: Fix possible hang in the ssh handler. [#4221]
* dirmngr: Tack the unmodified mail address to a WKD request. See
commit a2bd4a64e5b057f291a60a9499f881dd47745e2f for details.
* dirmngr: Tweak diagnostic about missing LDAP server file.
* dirmngr: In verbose mode print the OCSP responder id.
* dirmngr: Fix parsing of the LDAP port. [#4230]
* wks: Add option --directory/-C to the server. Always build the
server on Unix systems.
* wks: Add option --with-colons to the client. Support sites which
use the policy file instead of the submission-address file.
* Fix EBADF when gpg et al. are called by broken CGI scripts.
* Fix some minor memory leaks and bugs.
Release-info: https://dev.gnupg.org/T4233
Notes:
svn path=/head/; revision=484383
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
GnuPG, when run on hosts without IPv6 connectivity, may fail to connect to
dual-stack hkp servers [1]. Describe a workaround in pkg-message.
[1] https://dev.gnupg.org/rGecfc4db3a2f8bc2652ba4ac4de5ca1cd13bfcbec
Approved by: adamw (maintainer)
Differential Revision: https://reviews.freebsd.org/D17071
Notes:
svn path=/head/; revision=479210
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The LARGE_RSA option [1] enables 8192-bit keys, though GnuPG's lead
author does not recommend using it routinely.
Also, sort OPTIONS, and move an explanation of the SUID option from
the Makefile into pkg-help, where it belongs.
Major changes:
gpg: Refresh expired keys originating from the WKD.
gpg: Use a 256 KiB limit for a WKD imported key.
gpg: New option --known-notation.
scd: Add support for the Trustica Cryptoucan reader.
agent: Speed up starting during on-demand launching.
dirmngr: Validate SRV records in WKD queries.
Release-info: https://dev.gnupg.org/T4112
PR: 230610 [1]
Submitted by: Dmitri Goutnik
Reported by: p5B2E9A8F t online de
Notes:
svn path=/head/; revision=478464
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in the ports tree (via Mk/bsd.default-versions.mk and lang/gcc) which
has now moved from GCC 6 to GCC 7 by default.
This includes ports
- featuring USE_GCC=yes or USE_GCC=any,
- featuring USES=fortran,
- using Mk/bsd.octave.mk which in turn features USES=fortran, and those
- with USES=compiler specifying one of openmp, nestedfct, c11, c++0x,
c++11-lib, c++11-lang, c++14-lang, c++17-lang, or gcc-c++11-lib.
PR: 222542
Notes:
svn path=/head/; revision=475857
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr: Fix recursive resolver mode and other bugs in the libdns
code. [#3374,#3803,#3610]
* dirmngr: When using libgpg-error 1.32 or later a GnuPG build with
NTBTLS support (e.g. the standard Windows installer) does not
anymore block for dozens of seconds before returning data. If you
still have problems on Windows, please consider to use one of the
options disable-ipv4 or disable-ipv6.
* gpg: Fix bug in --show-keys which actually imported revocation
certificates. [#4017]
* gpg: Ignore too long user-ID and comment packets. [#4022]
* gpg: Fix crash due to bad German translation. Improved printf
format compile time check.
* gpg: Handle missing ISSUER sub packet gracefully in the presence of
the new ISSUER_FPR. [#4046]
* gpg: Allow decryption using several passphrases in most cases.
[#3795,#4050]
* gpg: Command --show-keys now enables the list options
show-unusable-uids, show-unusable-subkeys, show-notations and
show-policy-urls by default.
* gpg: Command --show-keys now prints revocation certificates. [#4018]
* gpg: Add revocation reason to the "rev" and "rvs" records of the
option --with-colons. [#1173]
* gpg: Export option export-clean does now remove certain expired
subkeys; export-minimal removes all expired subkeys. [#3622]
* gpg: New "usage" property for the drop-subkey filters. [#4019]
MFH: 2018Q3
Notes:
svn path=/head/; revision=474528
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2018-12020:
The OpenPGP protocol allows to include the file name of the original
input file into a signed or encrypted message. During decryption and
verification the GPG tool can display a notice with that file name. The
displayed file name is not sanitized and as such may include line feeds
or other control characters. This can be used inject terminal control
sequences into the out and, worse, to fake the so-called status
messages. These status messages are parsed by programs to get
information from gpg about the validity of a signature and an other
parameters. Status messages are created with the option "--status-fd N"
where N is a file descriptor. Now if N is 2 the status messages and the
regular diagnostic messages share the stderr output channel. By using a
made up file name in the message it is possible to fake status messages.
Using this technique it is for example possible to fake the verification
status of a signed mail.
Also:
* gpg: Decryption of messages not using the MDC mode will now lead
to a hard failure even if a legacy cipher algorithm was used. The
option --ignore-mdc-error can be used to turn this failure into a
warning. Take care: Never use that option unconditionally or
without a prior warning.
* gpg: The MDC encryption mode is now always used regardless of the
cipher algorithm or any preferences. For testing --rfc2440 can be
used to create a message without an MDC.
* gpg: Sanitize the diagnostic output of the original file name in
verbose mode. [#4012,CVE-2018-12020]
* gpg: Detect suspicious multiple plaintext packets in a more
reliable way. [#4000]
* gpg: Fix the duplicate key signature detection code. [#3994]
* gpg: The options --no-mdc-warn, --force-mdc, --no-force-mdc,
--disable-mdc and --no-disable-mdc have no more effect.
* agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the
list of startup environment variables. [#3947]
MFH: 2018Q2
Security: CVE-2018-12020
Notes:
svn path=/head/; revision=472003
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also, remove unnecessary USE_LDCONFIG.
* gpg: New option --no-symkey-cache to disable the passphrase cache
for symmetrical en- and decryption.
* gpg: The ERRSIG status now prints the fingerprint if that is part
of the signature.
* gpg: Relax emitting of FAILURE status lines
* gpg: Add a status flag to "sig" lines printed with --list-sigs.
* gpg: Fix "Too many open files" when using --multifile. [#3951]
* ssh: Return an error for unknown ssh-agent flags. [#3880]
* dirmngr: Fix a regression since 2.1.16 which caused corrupted CRL
caches under Windows. [#2448,#3923]
* dirmngr: Fix a CNAME problem with pools and TLS. Also use a fixed
mapping of keys.gnupg.net to sks-keyservers.net. [#3755]
* dirmngr: Try resurrecting dead hosts earlier (from 3 to 1.5 hours).
* dirmngr: Fallback to CRL if no default OCSP responder is configured.
* dirmngr: Implement CRL fetching via https. Here a redirection to
http is explictly allowed.
* dirmngr: Make LDAP searching and CRL fetching work under Windows.
This stopped working with 2.1. [#3937]
* agent,dirmngr: New sub-command "getenv" for "getinfo" to ease
debugging.
Notes:
svn path=/head/; revision=469025
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gpg,gpgsm: New option --request-origin to pretend requests coming
from a browser or a remote site.
* gpg: Fix race condition on trustdb.gpg updates due to too early
released lock. [#3839]
* gpg: Emit FAILURE status lines in almost all cases. [#3872]
* gpg: Implement --dry-run for --passwd to make checking a key's
passphrase straightforward.
* gpg: Make sure to only accept a certification capable key for key
signatures. [#3844]
* gpg: Better user interaction in --card-edit for the factory-reset
sub-command.
* gpg: Improve changing key attributes in --card-edit by adding an
explicit "key-attr" sub-command. [#3781]
* gpg: Print the keygrips in the --card-status.
* scd: Support KDF DO setup. [#3823]
* scd: Fix some issues with PC/SC on Windows. [#3825]
* scd: Fix suspend/resume handling in the CCID driver.
* agent: Evict cached passphrases also via a timer. [#3829]
* agent: Use separate passphrase caches depending on the request
origin. [#3858]
* ssh: Support signature flags. [#3880]
* dirmngr: Handle failures related to missing IPv6 support
gracefully. [#3331]
* Fix corner cases related to specified home directory with
drive letter on Windows. [#3720]
* Allow the use of UNC directory names as homedir. [#3818]
Notes:
svn path=/head/; revision=467022
|
| |
|
|
|
|
|
| |
Changes: https://lists.gnupg.org/pipermail/gnupg-announce/2018q1/000420.html
Notes:
svn path=/head/; revision=462700
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gpg: Change default preferences to prefer SHA512.
* gpg: Print a warning when more than 150 MiB are encrypted using a
cipher with 64 bit block size.
* gpg: Print a warning if the MDC feature has not been used for a
message.
* gpg: Fix regular expression of domain addresses in trust
signatures. [#2923]
* agent: New option --auto-expand-secmem to help with high numbers
of concurrent connections. Requires libgcrypt 1.8.2 for having
an effect. [#3530]
* dirmngr: Cache responses of WKD queries.
* gpgconf: Add option --status-fd.
* wks: Add commands --check and --remove-key to gpg-wks-server.
* Increase the backlog parameter of the daemons to 64 and add
option --listen-backlog.
* New configure option --enable-run-gnupg-user-socket to first try a
socket directory which is not removed by systemd at session end.
Notes:
svn path=/head/; revision=456878
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gpgsm: Fix initial keybox creation on Windows. [#3507]
* dirmngr: Fix crash in case of a CRL loading error. [#3510]
* Fix the name of the Windows registry key. [Git#4f5afaf1fd]
* gpgtar: Fix wrong behaviour of --set-filename. [#3500]
* gpg: Silence AKL retrieval messages. [#3504]
* agent: Use clock or clock_gettime for calibration. [#3056]
* agent: Improve robustness of the shutdown pending
state. [Git#7ffedfab89]
Notes:
svn path=/head/; revision=454661
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also, improve COMMENT, which conflicted with the pkg-descr.
* gpg: Avoid duplicate key imports by concurrently running gpg
processes. [#3446]
* gpg: Fix creating on-disk subkey with on-card primary key. [#3280]
* gpg: Fix validity retrieval for multiple keyrings. [Debian#878812]
* gpg: Fix --dry-run and import option show-only for secret keys.
* gpg: Print "sec" or "sbb" for secret keys with import option
import-show. [#3431]
* gpg: Make import less verbose. [#3397]
* gpg: Add alias "Key-Grip" for parameter "Keygrip" and new
parameter "Subkey-Grip" to unattended key generation. [#3478]
* gpg: Improve "factory-reset" command for OpenPGP cards. [#3286]
* gpg: Ease switching Gnuk tokens into ECC mode by using the magic
keysize value 25519.
* gpgsm: Fix --with-colon listing in crt records for fields > 12.
* gpgsm: Do not expect X.509 keyids to be unique. [#1644]
* agent: Fix stucked Pinentry when using --max-passphrase-days. [#3190]
* agent: New option --s2k-count. [#3276 (workaround)]
* dirmngr: Do not follow https-to-http redirects. [#3436]
* dirmngr: Reduce default LDAP timeout from 100 to 15 seconds. [#3487]
* gpgconf: Ignore non-installed components for commands
--apply-profile and --apply-defaults. [#3313]
* Add configure option --enable-werror. [#2423]
Notes:
svn path=/head/; revision=453850
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I misjudged the timeline for 2.3, and had not processed that the
intent of 2.3 is different from 2.1. Rather than 2.3 being a "modern"
branch and 2.2 being purely "stable," 2.3 will be development and
users are encouraged to remain on 2.2. Furthermore, upstream doesn't
expent a 2.3 release for a year or so.
Accordingly, I'm removing the gnupg22 port and updating security/gnupg
to be 2.2. gnugp20 is still scheduled for deletion at the end of the
year.
Notes:
svn path=/head/; revision=450153
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(via Mk/bsd.default-versions.mk and lang/gcc) which has moved from
GCC 5.4 to GCC 6.4 under most circumstances.
This includes ports
- with USE_GCC=yes or USE_GCC=any,
- with USES=fortran,
- using Mk/bsd.octave.mk which in turn features USES=fortran, and
- with USES=compiler specifying openmp, nestedfct, c++11-lib, c++11-lang,
c++14-lang, c++0x, c11, or gcc-c++11-lib.
PR: 219275
Notes:
svn path=/head/; revision=449591
|
| |
|
|
|
|
|
|
|
|
|
| |
now marked for deprecation at the end of the year (when upstream support
for it will end). Users of gnupg20 should migrate to gnupg22.
The gnupg port is remaining at 2.1.x for now, as it's essentially the
same thing as 2.2.0. It will become 2.3 soon-ish.
Notes:
svn path=/head/; revision=448867
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gpg: Options --auto-key-retrieve and --auto-key-locate "local,wkd"
are now used by default. Note: this enables keyserver and Web Key
Directory operators to notice when a signature from a locally
non-available key is being verified for the first time or when
you intend to encrypt to a mail address without having the key
locally. This new behaviour will eventually make key discovery
much easier and mostly automatic. Disable this by adding
no-auto-key-retrieve
auto-key-locate local
to your gpg.conf.
* agent: Option --no-grab is now the default. The new option --grab
allows to revert this.
* gpg: New import option "show-only".
* gpg: New option --disable-dirmngr to entirely disable network
access for gpg.
* gpg,gpgsm: Tweaked DE-VS compliance behaviour.
* New configure flag --enable-all-tests to run more extensive tests
during "make check".
* gpgsm: The keygrip is now always printed in colon mode as
documented in the man page.
Notes:
svn path=/head/; revision=447661
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Noteworthy changes in version 2.1.22
====================================
* gpg: Extend command --quick-set-expire to allow for setting the
expiration time of subkeys.
* gpg: By default try to repair keys during import. New sub-option
no-repair-keys for --import-options.
* gpg,gpgsm: Improved checking and reporting of DE-VS compliance.
* gpg: New options --key-origin and --with-key-origin. Store the
time of the last key update from keyservers, WKD, or DANE.
* agent: New option --ssh-fingerprint-digest.
* dimngr: Lower timeouts on keyserver connection attempts and made
it configurable.
* dirmngr: Tor will now automatically be detected and used. The
option --no-use-tor disables Tor detection.
* dirmngr: Now detects a changed /etc/resolv.conf.
* agent,dirmngr: Initiate shutdown on removal of the GnuPG home
directory.
* gpg: Avoid caching passphrase for failed symmetric encryption.
* agent: Support for unprotected ssh keys.
* dirmngr: Fixed name resolving on systems using only v6
nameservers.
* dirmngr: Allow the use of TLS over http proxies.
* w32: Change directory of the daemons after startup.
* wks: New man pages for client and server.
A detailed description of the changes found in this 2.1 branch can be
found at <https://gnupg.org/faq/whats-new-in-2.1.html>.
Notes:
svn path=/head/; revision=447409
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Bump PORTREVISION for shlib change
Changes: https://cnswww.cns.cwru.edu/php/chet/readline/CHANGES
https://lists.gnu.org/archive/html/bug-bash/2016-09/msg00107.html
https://lists.gnu.org/archive/html/bug-readline/2017-01/msg00002.html
Differential Revision: https://reviews.freebsd.org/D11172
PR: 219947
Exp-run by: antoine
Notes:
svn path=/head/; revision=444463
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's an OPTION on FreeBSD, but 2.1.21 treated missing scdaemon as an
error.
PR: 219400
Submitted by: Philip Jocks
Obtained from: https://dev.gnupg.org/rGa8dd96826f8484c0ae93c954035b95c2a75c80f2
See also: https://lists.gnupg.org/pipermail/gnupg-users/2017-May/058233.html
MFH: 2017Q2
Notes:
svn path=/head/; revision=441252
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gpg,gpgsm: Fix corruption of old style keyring.gpg files. This
bug was introduced with version 2.1.20. Note that the default
pubring.kbx format was not affected.
* gpg,dirmngr: Removed the skeleton config file support. The
system's standard methods for providing default configuration
files should be used instead.
* w32: The Windows installer now allows installion of GnuPG without
Administrator permissions.
* gpg: Fixed import filter property match bug.
* scd: Removed Linux support for Cardman 4040 PCMCIA reader.
* scd: Fixed some corner case bugs in resume/suspend handling.
* Many minor bug fixes and code cleanup.
MFH: 2017Q2
Notes:
svn path=/head/; revision=440980
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gpg: New properties 'expired', 'revoked', and 'disabled' for the
import and export filters.
* gpg: New command --quick-set-primary-uid.
* gpg: New compliance field for the --with-colon key listing.
* gpg: Changed the key parser to generalize the processing of local
meta data packets.
* gpg: Fixed assertion failure in the TOFU trust model.
* gpg: Fixed exporting of zero length user ID packets.
* scd: Improved support for multiple readers.
* scd: Fixed timeout handling for key generation.
* agent: New option --enable-extended-key-format.
* dirmngr: Do not add a keyserver to a new dirmngr.conf. Dirmngr
uses a default keyserver.
* dimngr: Do not treat TLS warning alerts as severe error when
building with GNUTLS.
* dirmngr: Actually take /etc/hosts in account.
* wks: Fixed client problems on Windows. Published keys are now set
to world-readable.
* tests: Fixed creation of temporary directories.
* A socket directory for a non standard GNUGHOME is now created on
the fly under /run/user. Thus "gpgconf --create-socketdir" is now
optional. The use of "gpgconf --remove-socketdir" to clean up
obsolete socket directories is however recommended to avoid
cluttering /run/user with useless directories.
* Fixed build problems on some platforms.
Notes:
svn path=/head/; revision=437674
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lang/gcc which have moved from GCC 4.9.4 to GCC 5.4 (at least under some
circumstances such as versions of FreeBSD or platforms).
This includes ports
- with USE_GCC=yes or USE_GCC=any,
- with USES=fortran,
- using using Mk/bsd.octave.mk which in turn has USES=fortran, and
- with USES=compiler specifying openmp, nestedfct, c++11-lib, c++14-lang,
c++11-lang, c++0x, c11, or gcc-c++11-lib.
PR: 216707
Notes:
svn path=/head/; revision=437439
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Noteworthy changes in version 2.1.19
====================================
* gpg: Print a warning if Tor mode is requested but the Tor daemon
is not running.
* gpg: New status code DECRYPTION_KEY to print the actual private
key used for decryption.
* gpgv: New options --log-file and --debug.
* gpg-agent: Revamp the prompts to ask for card PINs.
* scd: Support for multiple card readers.
* scd: Removed option --debug-disable-ticker. Ticker is used
only when it is required to watch removal of device/card.
* scd: Improved detection of card inserting and removal.
* dirmngr: New option --disable-ipv4.
* dirmngr: New option --no-use-tor to explicitly disable the use of
Tor.
* dirmngr: The option --allow-version-check is now required even if
the option --use-tor is also used.
* dirmngr: Handle a missing nsswitch.conf gracefully.
* dirmngr: Avoid PTR lookups for keyserver pools. The are only done
for the debug command "keyserver --hosttable".
* dirmngr: Rework the internal certificate cache to support classes
of certificates. Load system provided certificates on startup.
Add options --tls, --no-crl, and --systrust to the "VALIDATE"
command.
* dirmngr: Add support for the ntbtls library.
* wks: Create mails with a "WKS-Phase" header. Fix detection of
Draft-2 mode.
* The Windows installer is now build with limited TLS support.
* Many other bug fixes and new regression tests.
A detailed description of the changes found in this 2.1 branch can be
found at <https://gnupg.org/faq/whats-new-in-2.1.html>.
Notes:
svn path=/head/; revision=435304
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Noteworthy changes in version 2.1.18
====================================
* gpg: Remove bogus subkey signature while cleaning a key (with
export-clean, import-clean, or --edit-key's sub-command clean)
* gpg: Allow freezing the clock with --faked-system-time.
* gpg: New --export-option flag "backup", new --import-option flag
"restore".
* gpg-agent: Fixed long delay due to a regression in the progress
callback code.
* scd: Lots of code cleanup and internal changes.
* scd: Improved the internal CCID driver.
* dirmngr: Fixed problem with the DNS glue code (removal of the
trailing dot in domain names).
* dirmngr: Make sure that Tor is actually enabled after changing the
conf file and sending SIGHUP or "gpgconf --reload dirmngr".
* dirmngr: Fixed Tor access to IPv6 addresses. Note that current
versions of Tor may require that the flag "IPv6Traffic" is used
with the option "SocksPort" in torrc to actually allow IPv6
traffic.
* dirmngr: Fixed HKP for literally given IPv6 addresses.
* dirmngr: Enabled reverse DNS lookups via Tor.
* dirmngr: Added experimental SRV record lookup for WKD.
See commit 88dc3af3d4ae1afe1d5e136bc4c38bc4e7d4cd10 for details.
* dirmngr: For HKP use "pgpkey-hkps" and "pgpkey-hkp" in SRV record
lookups. Avoid SRV record lookup when a port is explicitly
specified. This fixes a regression from the 1.4 and 2.0 behavior.
* dirmngr: Gracefully handle a missing /etc/nsswitch.conf. Ignore
negation terms (e.g. "[!UNAVAIL=return]" instead of bailing out.
* dirmngr: Better debug output for flags "dns" and "network".
* dirmngr: On reload mark all known HKP servers alive.
* gpgconf: Allow keyword "all" for --launch, --kill, and --reload.
* tools: gpg-wks-client now ignores a missing policy file on the
server.
* Avoid unnecessary ambiguity error message in the option parsing.
* Further improvements of the regression test suite.
* Fixed building with --disable-libdns configure option.
* Fixed a crash running the tests on 32 bit architectures.
* Fixed spurious failures on BSD system in the spawn functions.
This affected for example gpg-wks-client and gpgconf.
Notes:
svn path=/head/; revision=432305
|
| |
|
|
|
|
|
| |
Requested by: Dave Horn
Notes:
svn path=/head/; revision=431813
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
attempting to use the --export-ssh-key option.
gpg: Ohhhh jeeee: Assertion "ret_found_key == NULL || ret_keyblock != NULL" in
lookup failed (getkey.c:3677)
The KDNS option is removed with this update because upstream dropped use of
adns in favor of a bundled libdns which is used by default. Also, removed an
obsolete patch.
PR: 216057
Submitted by: Matthew Rezny
Notes:
svn path=/head/; revision=431502
|
| |
|
|
|
|
|
|
|
|
| |
false for dead links and ln should be allowed to replace them.
Simplify removal of the link on uninstall.
Approved by: adamw (maintainer)
Notes:
svn path=/head/; revision=431097
|
| |
|
|
|
|
|
| |
for the plist.
Notes:
svn path=/head/; revision=431053
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The user-facing changes, some of which required a PORTREVISION bump:
* Don't make everybody download the signature file
* Add USES=readline, rather than making assumptions about it being in
/usr. A side effect of this was that gnupg was being built with
readline support on 10 but not 11, except when LDAP was enabled which
brought it in as a side effect
* Don't make manpages dependent upon the DOCS option. As a side effect,
everybody now gets the info files. Also, put the help files into
DOCSDIR instead of DATADIR; best as I can tell they aren't being
called from within gpg
* Reword the pkg-descr to describe what gpg is, rather than making a
frightening-sounding statement about patents and unrestricted use
* Handle the gpg symlink in the plist, and be a little looser about
creating it and tighter about removing it
* Remove the pkg-message. The pinentry dependency installs a pinentry
dialogue already
Notes:
svn path=/head/; revision=431046
|
| |
|
|
|
|
|
|
|
| |
is slimming his portfolio. He created the gnupg ports over 18 years ago
and he has looked after them this whole time. Deepest thanks to him
for the incredible amount of work and time that's gone into these ports!
Notes:
svn path=/head/; revision=431044
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
gnupg fails to build on 9.x with:
mime-parser.h:53: error: redefinition of typedef 'rfc822parse_t'
rfc822parse.h:23: error: previous declaration of 'rfc822parse_t' was here
Add compiler:c11 to USES to fix that.
Reported by: antoine
Notes:
svn path=/head/; revision=426589
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This release fixes an issue that the previous gnupg release (2.1.15)
was incompatible with libgpg-error 1.25 that caused gpg-agent failing
to start.
PR: 214568
Submitted by: cmt
Tested by: cmt
Reported by: many
Notes:
svn path=/head/; revision=426573
|
| |
|
|
|
|
|
|
|
| |
PR: 212355
Approved by: rene (mentor)
Approved by: maintainer timeout
Notes:
svn path=/head/; revision=424203
|
| |
|
|
| |
Notes:
svn path=/head/; revision=417149
|
| |
|
|
| |
Notes:
svn path=/head/; revision=414711
|
| |
|
|
|
|
|
|
| |
With hat: portmgr
Sponsored by: Absolight
Notes:
svn path=/head/; revision=412349
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Rename the LIBDANE option DANE because that's the name of the protocol
supported by libgnutls-dane and gnutls-cli. Also clarify the option
description.
- Add an IDN option.
- libgnutls-openssl has been removed in 3.4. Some ports used this library
in their LIB_DEPENDS but no port actually required it.
- Some old API functions have been removed. Ports that used these have been
updated or patched to use the new API.
- Add a patch to print/cups to prevent overlinking of libgnutls.so.
- Bump PORTREVISION on dependent ports.
net-im/jabber: This port used the old API to give users fine grained
control over which crypto algorithms were used via a configuration file.
It's not immediately obvious how to port this to the new API so the port
always uses the defaults now.
www/hydra: Mark BROKEN. This uses more removed calls than the other ports,
is said to be alpha quality and not fully functional and has been abandoned
10 years ago.
PR: 207768
Exp-run by: antoine
Approved by: portmgr (antoine)
Notes:
svn path=/head/; revision=411990
|
| |
|
|
| |
Notes:
svn path=/head/; revision=409190
|
| |
|
|
| |
Notes:
svn path=/head/; revision=409152
|
| |
|
|
| |
Notes:
svn path=/head/; revision=396876
|
| |
|
|
| |
Notes:
svn path=/head/; revision=393983
|
