* Complete overhaul of ppf_mime. Determine the MIME message boundary
using more reliable (albeit more complex) means, and special case
a lot of client behavior to allow verification of a wider variety
of messages. For display, de-code more of the MIME en-coding so that
the messages are much more readable. Use the same tricks to display
decrypted messages in ppf_mime_decrypt.
These changes have several major benefits:
a. Support for PGP/MIME messages generated by well over a dozen MUAs.
b. Support for verifying signatures on attachments, and a clear
indication that attachments are signed (or not).
c. Greatly improved readability. With the exception of text coloring
(URLs, signatures, etc.), 8-bit characters, and some types of
messages sent with format=flowed, messages displayed by the filter
are identical to the display in Alpine.
* For ppf_{decrypt|encrypt|sign|verify} add 'clear' commands so that
nothing is left behind in the "user interface" area between scripts.
For _verify, add a message indicating that we are verifying, along
with a helpful hint about delays caused by auto-key-retrieve.
1. Use a more reliable method to find the signature and message parts
in the ppf_mime script.
2. Add support for the OpenPGP header in ppf_sign and ppf_encrypt, and
use the same method to sanitize the key ID as was already done for
the other headers.
For the port:
1. Update the URL to the web site
2. Switch to PLIST_FILES and PORTDOCS macros
The affected ports are the ones with gettext as a run-dependency
according to ports/INDEX-7 (5007 of them) and the ones with USE_GETTEXT
in Makefile (29 of them).
PR: ports/124340
Submitted by: edwin@
Approved by: portmgr (pav)
goal was to have this port be gpg-version-agnostic, but since there is
no gpg installed on the package builders, and the new configure script
in version 1.5 fails if it can't find one, package building was failing.
The solution is twofold, in the port test if gpg2 is already present,
and record a dependency on it if so. If not, depend on gpg 1.x, and
record that dependency. [1] Second, rev the configure script to look
for gpg2 first, and use that if its found. That will allow those that
install the port (or the software without the port) to prefer gpg2.
Other than the fix in the configure script there are no other changes
from version 1.5 to 1.6.
Submitted by: pav [1]
Approved by: portmgr (pav)
to other platforms (notably to Linux) and several substantive changes:
Bug fixes
=========
1. Add error handling for failed TDIR creation in ppf_decrypt,
ppf_verify, and ppf_mime*.
2. Fix error handling in ppf_mime_decrypt.
Improvements
============
1. When displaying MIME messages after verification, substitute a space
for the MIME'ified =20 character at the end of a line, and substitute
an = sign for the MIME'ified =3D. This greatly improves readability
of the verified message.
2. Add a --- Status --- line for the beginning and end of the PGP
stuff which includes a timestamp to help avoid a socially engineered
message that includes the "good signature" output in the same format
as what we print.
Notes
=====
1. Support for other than GnuPG was dropped in this version, which I
don't think will actually affect anyone.
2. I did do a version 1.4, but it was a limited release.
See CHANGES for more information.
Approved by: portmgr (erwin)
1. Add myself as a backup master site (Sourceforge and CPAN ports
already have good enough coverage, so skip them).
2. For all ports that have them, download the PGP signature files.
3. For ports in 2, add a verify target to the Makefile
4. For ports where I was already providing a master site, update the URL.
5. Pet portlint in a couple of places.
