Update to 2.0.20:

Noteworthy changes in version 2.0.20 (2013-05-10)
-------------------------------------------------

 * Decryption using smartcards keys > 3072 bit does now work.

 * New meta option ignore-invalid-option to allow using the same
   option file by other GnuPG versions.

 * gpg: The hash algorithm is now printed for sig records in key listings.

 * gpg: Skip invalid keyblock packets during import to avoid a DoS.

 * gpg: Correctly handle ports from DNS SRV records.

 * keyserver: Improve use of SRV records

 * gpg-agent: Avoid tty corruption when killing pinentry.

 * scdaemon: Improve detection of card insertion and removal.

 * scdaemon: Rename option --disable-keypad to --disable-pinpad.

 * scdaemon: Better support for CCID readers.  Now, the internal CCID
   driver supports readers without the auto configuration feature.

 * scdaemon: Add pinpad input for PC/SC, if your reader has pinpad and
   it supports variable length PIN input, and you specify
   --enable-pinpad-varlen option.

 * scdaemon: New option --enable-pinpad-varlen.

 * scdaemon: Install into libexecdir to avoid accidental execution
   from the command line.

 * Support building using w64-mingw32.

 * Assorted bug fixes.

security/gnupg2/Makefile

@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.44 2013/02/06 23:23:37 jperkin Exp $
+# $NetBSD: Makefile,v 1.45 2013/05/29 22:53:36 wiz Exp $
 
-DISTNAME=	gnupg-2.0.19
+DISTNAME=	gnupg-2.0.20
 PKGNAME=	${DISTNAME:S/gnupg/gnupg2/}
-PKGREVISION=	3
 CATEGORIES=	security
 MASTER_SITES=	ftp://ftp.gnupg.org/gcrypt/gnupg/
 EXTRACT_SUFX=	.tar.bz2

security/gnupg2/PLIST.gpgsm

@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST.gpgsm,v 1.12 2011/05/05 08:55:23 adam Exp $
+@comment $NetBSD: PLIST.gpgsm,v 1.13 2013/05/29 22:53:36 wiz Exp $
 bin/gpg-connect-agent
 bin/gpg2
 bin/gpgconf
@@ -8,7 +8,6 @@ bin/gpgsm
 bin/gpgsm-gencert.sh
 bin/gpgv2
 bin/kbxutil
-bin/scdaemon
 bin/watchgnupg
 info/gnupg.info
 info/gnupg.info-1
@@ -18,6 +17,7 @@ libexec/gpg2keys_curl
 libexec/gpg2keys_finger
 libexec/gpg2keys_hkp
 libexec/gpg2keys_ldap
+libexec/scdaemon
 man/man1/gpg-agent.1
 man/man1/gpg-connect-agent.1
 man/man1/gpg-preset-passphrase.1

security/gnupg2/distinfo

@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.26 2013/01/15 11:21:50 drochner Exp $
+$NetBSD: distinfo,v 1.27 2013/05/29 22:53:36 wiz Exp $
 
-SHA1 (gnupg-2.0.19.tar.bz2) = 190c09e6688f688fb0a5cf884d01e240d957ac1f
-RMD160 (gnupg-2.0.19.tar.bz2) = 026b5c5fa2b21c3586f325f48ff1420c987b88a7
-Size (gnupg-2.0.19.tar.bz2) = 4187460 bytes
+SHA1 (gnupg-2.0.20.tar.bz2) = 7ddfefa37ee9da89a8aaa8f9059d251b4cd02562
+RMD160 (gnupg-2.0.20.tar.bz2) = 5a506b29a5c42b8b4870f76c99a41eeaf45a0911
+Size (gnupg-2.0.20.tar.bz2) = 4286191 bytes
 SHA1 (patch-CVE-2012-6085) = cbc5ff88eaaebcff9c7bc7983b3d363eff4fcd8b
 SHA1 (patch-ai) = 4445d30150518f71f996e3b368a81523daded2e2
 SHA1 (patch-aj) = bfd21504e0d55f99df543912b1cdf2c573de2f98

security/gnupg2/patches/patch-CVE-2012-6085

@@ -1,43 +0,0 @@
-$NetBSD: patch-CVE-2012-6085,v 1.1 2013/01/15 11:21:50 drochner Exp $
-
-upstream rev. 498882296ffac7987c644aaf2a0aa108a2925471
-
---- g10/import.c.orig	2012-03-27 08:00:37.000000000 +0000
-+++ g10/import.c
-@@ -347,6 +347,27 @@ import_print_stats (void *hd)
- }
- 
- 
-+/* Return true if PKTTYPE is valid in a keyblock.  */
-+static int
-+valid_keyblock_packet (int pkttype)
-+{
-+  switch (pkttype)
-+    {
-+    case PKT_PUBLIC_KEY:
-+    case PKT_PUBLIC_SUBKEY:
-+    case PKT_SECRET_KEY:
-+    case PKT_SECRET_SUBKEY:
-+    case PKT_SIGNATURE:
-+    case PKT_USER_ID:
-+    case PKT_ATTRIBUTE:
-+    case PKT_RING_TRUST:
-+      return 1;
-+    default:
-+      return 0;
-+    }
-+}
-+
-+
- /****************
-  * Read the next keyblock from stream A.
-  * PENDING_PKT should be initialzed to NULL
-@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pk
- 	    }
- 	    in_cert = 1;
- 	  default:
--	    if( in_cert ) {
-+	    if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
- 		if( !root )
- 		    root = new_kbnode( pkt );
- 		else