From PR pkg/23634 by Louis Guillaume.
also noted in PR pkg/23339.
Fix configure to not try and _statically_ link in gssapi support as it doesn't
work (unresolved symbols when used). This deals with the second part of
PR pkg/23339.
For home users using the BSD open-source operating system, we offer F-Prot
Antivirus for BSD Workstations. F-Prot Antivirus for BSD Workstations
utilizes the renowned F-Prot Antivirus scanning engine for primary scan but
has in addition to that a system of internal heuristics devised to search
for unknown viruses
F-Prot Antivirus for BSD was especially developed to effectively eradicate
viruses threatening workstations running FreeBSD, NetBSD, or OpenBSD. It
provides full protection against macro viruses and other forms of malicious
software - including Trojans.
By popular demand, add a -v switch to audit-packages(8) which enables the
check for a package vulnerabilities file being unchanged for over 7 days.
To enable the check, -v must be specified on the command line:
% audit-packages
% audit-packages -v
*** WARNING - /usr/distfiles/pkg-vulnerabilities more than a week old, continuing...
%
not include <openssl/rsa.h> from <openssl/x509.h>. Fixes PR pkg/23901.
While here, apply the patches to properly buildlinkify it for openssl,
which I forgot to pass to agc@ for the last update.
The Digest::Hashcash Perl module calculates n-bit partial hash
collisions on chosen texts.
The idea of using partial hashes is that they can be made arbitrarily
expensive to compute (by choosing the desired number of bits of
collision), and yet can be verified instantly. This can be used as the
basis for an e-cash system measured in burnt CPU cycles. Such cash
systems can be used to throttle systematic abuses of un-metered internet
resources.
* Added read-only support for BZIP2 compression. This should be
considered experimental, and is only available if the libbzip2
library <http://sources.redhat.com/bzip2/> is installed.
* Added the ability to handle messages that can be decrypted with
either a passphrase or a secret key.
* Most support for Elgamal sign+encrypt keys has been removed.
Old signatures may still be verified, and existing encrypted
messages may still be decrypted, but no new signatures may be
issued by, and no new messages will be encrypted to, these keys.
Elgamal sign+encrypt keys are not part of the web of trust. The
only new message that can be generated by an Elgamal
sign+encrypt key is a key revocation. Note that in a future
version of GnuPG (currently planned for 1.4), all support for
Elgamal sign+encrypt keys will be removed, so take this
opportunity to revoke old keys now.
* A Russian translation is included again as well as a new
Belarusian translation.
- Corrected bug in gnutls_bye() which made it return an error code
of INVALID_REQUEST instead of success.
- Corrected a bug in the GNUTLS_KEY key usage definitions.
Changes since 1.0.0:
- Some minor fixes in the makefiles. They now include CFLAGS
from libgcrypt or opencdk if installed in a non standard directory.
- Fixed the SRP detection test in gnutls-cli-debug.
- Added gnutls_rsa_params_export_pkcs1() and
gnutls_rsa_params_import_pkcs1().
Noteworthy changes in version 0.7.0 (2003-10-22)
------------------------------------------------
* Long file operations no longer block GPA, so several operations can be
run at the same time. This also means GPA does not freeze while an operation
runs, leading to a more responsive interface.
* The keyring editor now displays all the subkeys of the currently selected
key. This is only visible if GPA is in advanced mode (available from the
preferences dialog).
* The capabilities of a key (certify, sign, encrypt) are now visible from
the keyring editor.
* The keyring editor can now sort keys by any column. By default, they are
listed in the order they were imported into the keyring (i.e. the same order
as "gpg --list-keys").
* The key list is now displayed while it is being filled, allowing for
faster startup times.
* A warning dialog is now displayed when an operation slows down due to
gpg rebuilding the trust database.
* Imports and exports from files and servers have been separated into
different dialogs and menu options.
* Invoking GPA with file names as arguments will open those files in the
file manager.
* Cosmetical and minor fixes to the file manager window.
* GPA now remembers the brief/detailed setting view and restores it
when GPA is started.
* Removed all deprecated widgets. GPA is now pure GTK+ 2.2.
* Fixed a hang on startup on PowerPC machines.
Noteworthy changes in version 0.6.1 (2003-01-29)
------------------------------------------------
* Added a popup menu to the keyring view, with all the common operations.
* Keys' expiration dates can be choosen by clicking on a calendar.
* The key generation dialogs have been revamped to use GTK+2 stock widgets.
* The passphrase for a key can be changed from the edit key dialog.
* Revoked user names are properly treated. They are not displayed, save in
the details notebook, and then they are clearly marked as revoked.
* GPA now uses the standard GTK+ file selection dialog.
* Added Swedish translation.
* Many other bugfixes, including several portability issues.
Noteworthy changes in version 0.6.0 (2002-12-24)
------------------------------------------------
* GPA now supports GnuPG 1.2 or later, thanks to it's use of GPGME.
* All the user preferences are set from a single dialog, and automatically
saved in gpa.conf, including the default keyserver and the use of
advanced/simple UI mode.
* The `--advanced-ui' command line options has been removed, as it is
available within the program itself.
* The new `-f' and `-k' options can be used to launch the keyring editor,
the file manager, or both on startup.
* All the user ID's in a key are now displayed in the `Details' section, and
in most dialogs.
* Key signatures are now displayed individually for each User ID, or in a
global listing for the key.
* The usual `Copy' and `Paste' commands can be used to import and export keys
from the clipboard.
* The `Edit key' option is now only available for private keys. Setting the
ownertrust of a key is now an independent operation.
* After every import operation, the user is informed of how many keys have
been imported.
* Errors or keyserver operations are now reported to the user.
* The `Verify file' dialog has been completely revamped to allow
verification of several files at the same time.
* Added Japanese, Brazilian Portuguese, Dutch and Spanish translations.
* The user interface has been updated to use GTK+ 2.0 and stock items.
Noteworthy changes in version 0.5.0 (2002-02-25)
------------------------------------------------
* The file selection dialog has been significantly changed from the
standard GTK+ file selection dialog to look more like what users
of MS-Windows are accustomed to.
* "Show Details" in the menu of the file manager is now named
"Verify Signatures", and it is now accessible through an icon in
the tool bar, too.
* Keyserver access via a direct HTTP request now allows for
searching for keys on keyservers.
* GPAPA's output is now gettext()ified.
* The standard key is now remembered in `gpa.conf'.
* The "Sign File" dialog has been simplified.
* The creation of a backup copy of your public and private keys
works now. It is remembered in `gpa.conf'. If a backup does not
yet exist, the user is asked at startup to create one.
* GPA now has a nice icon in the upper left corner of its window. :-)
* Many bugfixes (for instance: crashes when signing files and keys,
handling of spaces in file names, etc.).
* Makefiles do contain `-mwindows' now to suppress the console
window.
* The "Help" menus is now called "Info". The license is displayed
in the (unofficial) German translation now. (This should be
improved to honor "locale" settings.)
* GPA is now ready to compile with GTK+ version 2 once it is
released.
* In the key manager, there are now menu entries for key operations.
* A secret key without a matching public key is now warned about.
* Keys now can be imported from and exported to the MS Windows
clipboard.
* Secret keys can be imported now.
* When a key is generated, a passphrase which is too stupid is
warned about.
* There now is an icon in the tool bar to switch from the keyring
manager to the file manager.
* GPA can now be compiled using a standard GNU toolchain.
In particular it can be cross-compiled from GNU/Linux to
mingw32/MS-Windows (which is what we did for the GnuPP CD),
or compiled natively under MS-Windows using CygWin.
Noteworthy changes in version 0.4.3 (2003-10-06)
------------------------------------------------
* libgpgme should not be used for threaded programs anymore. This
never worked reliably in all cases, because you had to
be careful about the linking order and libtool wouldn't do that for
you automatically. Instead, now you have to link against
libgpgme-pthread for applications using pthread and libgpgme-pth for
applications using GNU Pth.
The old code for automagically detecting the thread library is
still part of libgpgme, but it is DEPRECATED.
* There are new automake macros AM_PATH_GPGME_PTH and
AM_PATH_GPGME_PTHREAD, which support checking for thread-enabled
versions of GPGME. They define GPGME_PTH_CFLAGS, GPGME_PTH_LIBS,
GPGME_PTHREAD_CFLAGS and GPGME_PTHREAD_LIBS respectively. These
variables of course also include the configuration for the thread
package itself. Alternatively, use libtool.
* gpgme_strerror_r as a thread safe variant of gpgme_strerror was
added.
* gpgme-config doesn't support setting the prefix or exec prefix
anymore. I don't think it ever worked correctly, and it seems to
be pointless.
* gpgme_get_key fails with GPG_ERR_AMBIGUOUS_NAME if the key ID
provided was not unique, instead returning the first matching key.
* gpgme_key_t and gpgme_subkey_t have a new field, can_authenticate,
that indicates if the key can be used for authentication.
* gpgme_signature_t's status field is now correctly set to an error
with error code GPG_ERR_NO_PUBKEY if public key is not found.
* gpgme_new_signature_t's class field is now an unsigned int, rather
than an unsigned long (the old class field is preserved for
backwards compatibility).
* A new function gpgme_set_locale() is provided to allow configuring
the locale for the crypto backend. This is necessary for text
terminals so that programs like the pinentry can be started with
the right locale settings for the terminal the application is running
on, in case the terminal has different settings than the system
default (for example, if it is a remote terminal). You are highly
recommended to call the following functions directly after
gpgme_check_version:
#include <locale.h>
setlocale (LC_ALL, "");
gpgme_set_locale (NULL, LC_CTYPE, setlocale (LC_CTYPE, NULL));
gpgme_set_locale (NULL, LC_MESSAGES, setlocale (LC_MESSAGES, NULL));
GPGME can not do this for you, as setlocale is not thread safe, and
there is no alternative.
* The signal action for SIGPIPE is now set to SIG_IGN by
gpgme_check_version, instead the first time a crypto engine is
started (which is not well defined).
* In the output of gpgme_hash_algo_name, change RMD160 to RIPEMD160,
TIGER to TIGER192, CRC32-RFC1510 to CRC32RFC1510, and CRC24-RFC2440
to CRC24RFC2440. For now, these strings can be used as the MIC
parameter for PGP/MIME (if appropriately modified).
Noteworthy changes in version 0.4.2 (2003-07-30)
------------------------------------------------
* Allow gpg-error to be in non-standard place when linking the test suite.
* Configure will fail now if gpg-error can not be found.
* Fixed initialized memory backed data objects for writing, which
caused the test program to crash (but only on Mac OS, surprisingly).
* Eliminate use of C99 constructs.
* Small improvements to the manual.
Noteworthy changes in version 0.4.1 (2003-06-06)
------------------------------------------------
This is the release that 0.4.0 should have been. There are many
interface changes, please see below for the details. The changes are
sometimes the result of new functionality, but more often express a
paradigm shift. Others are an overdue cleanup to get GPGME in line
with the GNU coding standards and to make the interface more
self-consistent. Here is an overview on the changes:
All types have been renamed to conform to the GNU coding standards,
most of the time by keeping the whole name in lowercase and inserting
underscores between words.
All operations consistently only accept input parameters in their
invocation function, and return only an error code directly. Further
information about the result of the operation has to be retrieved
afterwards by calling one of the result functions. This unifies the
synchronous and the asynchronous interface.
The error values have been completely replaced by a more
sophisticated model that allows GPGME to transparently and accurately
report all errors from the other GnuPG components, irregardless of
process boundaries. This is achieved by using the library
libgpg-errors, which is shared by all GnuPG components. This library
is now required for GPGME.
The results of all operations are now provided by pointers to C
structs rather than by XML structs or in other ways.
Objects which used to be opaque (for example a key) are now pointers
to accessible structs, so no accessor functions are necessary.
Backward compatibility is provided where it was possible without too
much effort and did not collide with the overall sanitization effort.
However, this is only for ease of transition. NO DEPRECATED FUNCTION
OR DATA TYPE IS CONSIDERED A PART OF THE API OR ABI AND WILL BE
DROPPED IN THE FUTURE WITHOUT CHANGING THE SONAME OF THE LIBRARY.
Recommendations how to replace deprecated or removed functionality
can be found within the description of each change.
What follows are all changes to the interface and behaviour of GPGME
in detail.
* If gpgme.h is included in sources compiled by GCC 3.1 or later,
deprecated attributes will warn about use of obsolete functions and
type definitions. You can suppress these warnings by passing
-Wno-deprecated-declarations to the gcc command.
* The following types have been renamed. The old types are still
available as aliases, but they are deprecated now:
[complete list in NEWS file]
* gpgme_error_t is now identical to gpg_error_t, the error type
provided by libgpg-error. More about using libgpg-error with GPGME
can be found in the manual. All error symbols have been removed!
* All functions and types in libgpg-error have been wrapped in GPGME.
The new types are gpgme_err_code_t and gpgme_err_source_t. The new
functions are gpgme_err_code, gpgme_err_source, gpgme_error,
gpgme_err_make, gpgme_error_from_errno, gpgme_err_make_from_errno,
gpgme_err_code_from_errno, gpgme_err_code_to_errno,
gpgme_strsource.
* GPGME_ATTR_IS_SECRET is not anymore representable as a string.
* GnuPG 1.2.2 is required. The progress callback is now also invoked
for encrypt, sign, encrypt-sign, decrypt, verify, and
decrypt-verify operations. For verify operations on detached
signatures, the progress callback is invoked for both the detached
signature and the plaintext message, though.
* gpgme_passphrase_cb_t has been changed to not provide a complete
description, but the UID hint, passphrase info and a flag
indicating if this is a repeated attempt individually, so the user
can compose his own description from this information.
The passphrase is not returned as a C string, but must be written
to a file descriptor directly. This allows for secure passphrase
entries.
The return type has been changed to gpgme_error_t value. This
allowed to remove the gpgme_cancel function; just return
the error code GPG_ERR_CANCELED in the passphrase callback directly.
* gpgme_edit_cb_t has been changed to take a file descriptor argument.
The user is expected to write the response to the file descriptor,
followed by a newline.
* The recipients interface has been removed. Instead, you use
NULL-terminated lists of keys for specifying the recipients of an
encryption operation. Use the new encryption flag
GPGME_ENCRYPT_ALWAYS_TRUST if you want to override the validity of
the keys (but note that in general this is not a good idea).
This change has been made to the prototypes of gpgme_op_encrypt,
gpgme_op_encrypt_start, gpgme_op_encrypt_sign and
gpgme_op_encrypt_sign_start.
The export interface has been changed to use pattern strings like
the keylist interface. Thus, new functions gpgme_op_export_ext and
gpgme_op_export_ext_start have been added as well. Now the
prototypes of gpgme_op_export_start and gpgme_op_export finally
make sense.
* gpgme_op_verify and gpgme_op_decrypt_verify don't return a status
summary anymore. Use gpgme_get_sig_status to retrieve the individual
stati.
* gpgme_io_cb_t changed from a void function to a function returning
a gpgme_error_t value. However, it will always return 0, so you
can safely ignore the return value.
* A new I/O callback event GPGME_EVENT_START has been added. The new
requirement is that you must wait until this event until you are
allowed to call the I/O callback handlers previously registered for
this context operation. Calling I/O callback functions for this
context operation before the start event happened is unsafe because
it can lead to race conditions in a multi-threaded environment.
* The idle function feature has been removed. It was not precisely
defined in a multi-threaded environment and is obsoleted by the
user I/O callback functions. If you still need a simple way to
call something while waiting on one or multiple asynchronous
operations to complete, don't set the HANG flag in gpgme_wait (note
that this will return to your program more often than the idle
function did).
* gpgme_wait can return NULL even if hang is true, if an error
occurs. In that case *status contains the error code.
* gpgme_get_engine_info was radically changed. Instead an XML
string, an info structure of the new type gpgme_engine_info_t is
returned. This makes it easier and more robust to evaluate the
information in an application.
* The new function gpgme_get_protocol_name can be used to convert a
gpgme_protocol_t value into a string.
* The status of a context operation is not checked anymore. Starting
a new operation will silently cancel the previous one. Calling a
function that requires you to have started an operation before without
doing so is undefined.
* The FPR argument to gpgme_op_genkey was removed. Instead, use the
gpgme_op_genkey_result function to retrieve a gpgme_genkey_result_t
pointer to a structure which contains the fingerprint. This also
works with gpgme_op_genkey_start. The structure also provides
other information about the generated keys.
* The new gpgme_op_import_result function provides detailed
information about the result of an import operation in
gpgme_import_result_t and gpgme_import_status_t objects.
Thus, the gpgme_op_import_ext variant is deprecated.
* The new gpgme_op_sign_result function provides detailed information
about the result of a signing operation in gpgme_sign_result_t,
gpgme_invalid_key_t and gpgme_new_signature_t objects.
* The new gpgme_op_encrypt_result function provides detailed
information about the result of an encryption operation in
a GpgmeEncryptResult object.
* The new gpgme_op_decrypt_result function provides detailed
information about the result of a decryption operation in
a GpgmeDecryptResult object.
* The new gpgme_op_verify_result function provides detailed
information about the result of an verify operation in
a GpgmeVerifyResult object. Because of this, the GPGME_SIG_STAT_*
values, gpgme_get_sig_status, gpgme_get_sig_ulong_attr,
gpgme_get_sig_string_attr and gpgme_get_sig_key are now deprecated,
and gpgme_get_notation is removed.
* GpgmeTrustItem objects have now directly accessible data, so the
gpgme_trust_item_get_string_attr and gpgme_trust_item_get_ulong_attr
accessor functions are deprecated. Also, reference counting is
available through gpgme_trust_item_ref and gpgme_trust_item_unref
(the gpgme_trust_item_release alias for the latter is deprecated).
* Keys are not cached internally anymore, so the force_update argument
to gpgme_get_key has been removed.
* GpgmeKey objects have now directly accessible data so the
gpgme_key_get_string_attr, gpgme_key_get_ulong_attr,
gpgme_key_sig_get_string_attr and gpgme_key_sig_get_ulong_attr
functions are deprecated. Also, gpgme_key_release is now
deprecated. The gpgme_key_get_as_xml function has been dropped.
* Because all interfaces using attributes are deprecated, the
GpgmeAttr data type is also deprecated.
* The new gpgme_op_keylist_result function provides detailed
information about the result of a key listing operation in
a GpgmeKeyListResult object.
* Now that each function comes with its own result retrieval
interface, the generic gpgme_get_op_info interface is not useful
anymore and dropped.
* The type and mode of data objects is not available anymore.
Noteworthy changes in version 0.4.0 (2002-12-23)
------------------------------------------------
* Key generation returns the fingerprint of the generated key.
* New convenience function gpgme_get_key.
* Supports signatures of user IDs in keys via the new
GPGME_KEYLIST_MODE_SIGS keylist mode and the
gpgme_key_sig_get_string_attr and gpgme_key_sig_get_ulong_attr
interfaces. The XML info about a key also includes the signatures
if available.
* New data object interface, which is more flexible and transparent.
Lots of interface changes, for details see the included
NEWS file.
Difference from previous version (1.26):
+ if the vulnerability list is older than a week, just display a warning
message - don't consider this a fatal error.
Take maintainership.
Add HOMEPAGE.
Changes since 2.06:
2003-12-05 Gisle Aas <gisle@ActiveState.com>
Release 2.07
Inherit add_bits() from Digest::base if available.
Take maintainershi.
Add HOMEPAGE.
Changes since 2.30:
2003-12-07 Gisle Aas <gisle@ActiveState.com>
Release 2.33
Enable explicit context passing for slight performance
improvement in threaded perls.
Tweaks to the Makefile.PL so that it is suitable both for
core and CPAN use.
2003-12-05 Gisle Aas <gisle@ActiveState.com>
Release 2.32
Don't run u32align test program on HP-UX 10.20 as it
will hang. Patch by H.Merijn Brand <h.m.brand@hccnet.nl>.
Fixed documentation typo.
2003-11-28 Gisle Aas <gisle@ActiveState.com>
Release 2.31
Inherit add_bits() from Digest::base if available.
Changes since 2.01:
Release 2.03
The only reason for this release it to clean up my CPAN directory.
There is no change in this release besides the version number.
Release 2.02
Sync up with Digest-MD5-2.26
- added clone method
- $md2->addfile croak on read errors
- safer patchlevel include
- warn if functional interface used as methods
