Noteworthy changes in version 2.0.30 (2016-03-31)
-------------------------------------------------
* gpg: Avoid too early timeout during key generation with 2.1 cards.
* agent: Fixed printing of ssh fingerprints for 384 bit ECDSA keys.
* agent: Fixed an alignment bug related to the passphrase
confirmation.
* scdaemon: Fixed a "conflicting usage" bug.
* scdaemon: Fixed usb card reader removal problem on Windows 8 and
later.
* Fixed a problem on AIX due to peculiarity with RLIMIT_NOFILE.
* Updated the Japanese and Dutch translations.
* Fixed a few other bugs.
Problems found locating distfiles:
Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
Package libidea: missing distfile libidea-0.8.2b.tar.gz
Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
Package uvscan: missing distfile vlp4510e.tar.Z
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
While here, clean up patches. They looked pretty cargo-culty to me and
were not commented.
File a bug report for one of the remaining ones and link to it from comment.
Changes in 2.0.29:
Noteworthy changes in version 2.0.29 (2015-09-08)
-------------------------------------------------
* gpg: Print a PGP-2 fingerprint again instead of a row of "0".
* gpg: Fixed a race condition from multiple several "gpg --verify".
* gpg: Print FAILURE status lines to help GPGME.
* gpgsm: Fixed a regression in CSR generation.
* scdaemon: Fixed problems with some pinpads.
* Fixed a few other bugs.
Noteworthy changes in version 2.0.28 (2015-06-02)
-------------------------------------------------
* agent: Added support for an external password manager.
* gpg: New command --list-gcrypt-config.
* gpg: Issue NEWSIG status lines during signature verification.
* gpgsm: The default hash algo for a CSR is now SHA-256 and the
default encryption algo is AES-128.
* scdaemon: Allow PC/SC reader selection by partial name match.
* gpgtar: Fix extracting files with a size of a multiple of 512.
* Fixed several other bugs.
* Libgcrypt 1.5 is now required.
Noteworthy changes in version 2.0.27 (2015-02-18)
-------------------------------------------------
* gpg: Detect faulty use of --verify on detached signatures.
* gpg: New import option "keep-ownertrust".
* gpg: Uses SHA-256 for all signature types also on RSA keys.
* gpg: Added support for algo names when generating keys using the
--command-fd method.
* gpg: Unless --allow-weak-digest-algos is used the insecure MD5
based fingerprints are shown as all zeroe
* gpg: Fixed DoS based on bogus and overlong key packets.
* gpg: Better error reporting for keyserver problems.
* Fixed several bugs related to bogus keyrings and improved some
other code.
Noteworthy changes in version 2.0.26 (2014-08-12)
-------------------------------------------------
* gpg: Fix a regression in 2.0.24 if a subkey id is given
to --recv-keys et al.
* gpg: Cap attribute packets at 16MB.
* gpgsm: Auto-create the ".gnupg" home directory in the same
way gpg does.
* scdaemon: Allow for certificates > 1024 when using PC/SC.
Noteworthy changes in version 2.0.25 (2014-06-30)
-------------------------------------------------
* gpg: Fix a regression in 2.0.24 if more than one keyid is given
to --recv-keys et al.
* gpg: Cap RSA and Elgamal keysize at 4096 bit also for unattended
key generation.
* gpgsm: Fix a DISPLAY related problem with --export-secret-key-p12.
* scdaemon: Support reader Gemalto IDBridge CT30.
Noteworthy changes in version 2.0.24 (2014-06-24)
-------------------------------------------------
* gpg: Avoid DoS due to garbled compressed data packets.
* gpg: Screen keyserver responses to avoid importing unwanted keys
from rogue servers.
* gpg: The validity of user ids is now shown by default. To revert
this add "list-options no-show-uid-validity" to gpg.conf.
* gpg: Print more specific reason codes with the INV_RECP status.
* gpg: Allow loading of a cert only key to an OpenPGP card.
* gpg-agent: Make ssh support for ECDSA keys work with Libgcrypt 1.6.
Noteworthy changes in version 2.0.23 (2014-06-03)
-------------------------------------------------
* gpg: Reject signatures made using the MD5 hash algorithm unless the
new option --allow-weak-digest-algos or --pgp2 are given.
* gpg: Do not create a trustdb file if --trust-model=always is used.
* gpg: Only the major version number is by default included in the
armored output.
* gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the
communication with the gpg-agent.
* gpg: The format of the fallback key listing ("gpg KEYFILE") is now more
aligned to the regular key listing ("gpg -k").
* gpg: The option--show-session-key prints its output now before the
decryption of the bulk message starts.
* gpg: New %U expando for the photo viewer.
* gpgsm: Improved handling of re-issued CA certificates.
* scdaemon: Various fixes for pinpad equipped card readers.
* Minor bug fixes.
Noteworthy changes in version 2.0.22 (2013-10-04)
-------------------------------------------------
* Fixed possible infinite recursion in the compressed packet
parser. [CVE-2013-4402]
* Improved support for some card readers.
* Prepared building with the forthcoming Libgcrypt 1.6.
* Protect against rogue keyservers sending secret keys.
Noteworthy changes in version 2.0.21 (2013-08-19)
-------------------------------------------------
* gpg-agent: By default the users are now asked via the Pinentry
whether they trust an X.509 root key. To prohibit interactive
marking of such keys, the new option --no-allow-mark-trusted may
be used.
* gpg-agent: The command KEYINFO has options to add info from
sshcontrol.
* The included ssh agent does now support ECDSA keys.
* The new option --enable-putty-support allows gpg-agent to act on
Windows as a Pageant replacement with full smartcard support.
* Support installation as portable application under Windows.
are replaced with .include "../../devel/readline/buildlink3.mk", and
USE_GNU_READLINE are removed,
* .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE
are replaced with .include "../../mk/readline.buildlink3.mk".
Noteworthy changes in version 2.0.20 (2013-05-10)
-------------------------------------------------
* Decryption using smartcards keys > 3072 bit does now work.
* New meta option ignore-invalid-option to allow using the same
option file by other GnuPG versions.
* gpg: The hash algorithm is now printed for sig records in key listings.
* gpg: Skip invalid keyblock packets during import to avoid a DoS.
* gpg: Correctly handle ports from DNS SRV records.
* keyserver: Improve use of SRV records
* gpg-agent: Avoid tty corruption when killing pinentry.
* scdaemon: Improve detection of card insertion and removal.
* scdaemon: Rename option --disable-keypad to --disable-pinpad.
* scdaemon: Better support for CCID readers. Now, the internal CCID
driver supports readers without the auto configuration feature.
* scdaemon: Add pinpad input for PC/SC, if your reader has pinpad and
it supports variable length PIN input, and you specify
--enable-pinpad-varlen option.
* scdaemon: New option --enable-pinpad-varlen.
* scdaemon: Install into libexecdir to avoid accidental execution
from the command line.
* Support building using w64-mingw32.
* Assorted bug fixes.
* Bug fix for newer versions of Libgcrypt.
* Support the SSH confirm flag and show SSH fingerprints in ssh
related pinentries.
* Improved dirmngr/gpgsm interaction for OCSP.
* Allow generation of card keys up to 4096 bit.
* Allow more hash algorithms with the OpenPGP v2 card.
* The gpg-agent now tests for a new gpg-agent.conf on a HUP.
* Fixed output of "gpgconf --check-options".
* Fixed a bug where Scdaemon sends a signal to Gpg-agent running in
non-daemon mode.
* Fixed TTY management for pinentries and session variable update
problem.
* not using autogen.sh anymore, so remove some tools from USE_TOOLS.
* patch-ak does not effect anymore for above reason, add patch-ao for it.
this patch is required to avoid conflict with security/gnupg.
Bump PKGREVISION.
changes:
-bugfixes
-New command --passwd for GPG
-Make use of libassuan 2.0 which is available as a DSO
-The gpg-agent commands KILLAGENT and RELOADAGENT are now available
on all platforms
changes:
* The default for --include-cert is now to include all certificates
in the chain except for the root certificate.
* Numerical values may now be used as an alternative to the
debug-level keywords.
* The GPGSM --audit-log feature is now more complete.
* GPG now supports DNS lookups for SRV, PKA and CERT on W32.
* New GPGSM option --ignore-cert-extension.
* New and changed passphrases are now created with an iteration count
requiring about 100ms of CPU work.
an "idea" option, but that was removed more than a year ago when it
got updated from 1.2 to 1.4
The patch was was used on gnupg2 in the "idea" case was just a four-line
memory initialization fix, there is no point in LICENSE restrictions
due to this, so I've pulled it in as regular patch so that it doesn't
get lost for the case someone fixes idea support in libgcrypt
(which isn't hard).
noticed by OBATA Akio per mail to pkgsrc-users.
This makes most sense to me since gnupg2 doesn't install a gpg-zip
intentionally. Since possible clients of gpg-zip should have a
dependency on gnupg1, we can't take over easily. Once we are sure
that gnupg2 can fully replace gnupg1, we might consider to install
eg symlinks gpg->gpg2 etc and make gnupg1 obsolete, but this needs
careful testing.
