Commit graph

135 commits

Author SHA1 Message Date
adrianp
ffbce7705e Update to gnupg-1.4.9
Addresses a recent security issue that only impacts 1.4.8 and 2.0.8
* Improved AES encryption performance by more than 20% (on ia32).
  Decryption is also a bit faster.
* Fixed possible memory corruption bug in 1.4.8 while importing
  OpenPGP keys.
2008-03-26 21:20:34 +00:00
wiz
e11174603f Update to 1.4.8:
Noteworthy changes in version 1.4.8 (2007-12-20)
------------------------------------------------

             *******************************************
             * A decade of GnuPG: g10-0.0.0.tar.gz was *
             *      released exactly 10 years ago.     *
             *******************************************

    * Changed the license to GPLv3.

    * Improved detection of keyrings specified multiple times.

    * Changes to better cope with broken keyservers.

    * Minor bug fixes.

    * The new OpenPGP standard is now complete, and has been published
      as RFC-4880.  The GnuPG --openpgp mode (note this is not the
      default) has been updated to match the new standard.  The
      --rfc2440 option can be used to return to the older RFC-2440
      behavior.  The main differences between the two are
      "--enable-dsa2 --no-rfc2440-text --escape-from-lines
      --require-cross-certification".

    * By default (i.e. --gnupg mode), --require-cross-certification is
      now on.  --rfc2440-text and --force-v3-sigs are now off.

    * Allow encryption using legacy Elgamal sign+encrypt keys if
      option --rfc2440 is used.

    * Fixed the auto creation of the key stub for smartcards.

    * Fixed a rare bug in decryption using the OpenPGP card.

    * Fix RFC-4880 typo in the SHA-224 hash prefix.  Old SHA-224
      signatures will continue to work.
2008-01-13 16:23:55 +00:00
rillig
ece592ed4a Renamed the deprecated LICENCE to LICENSE, which has the exactly same
meaning.
2007-10-31 12:29:33 +00:00
drochner
8c787d5d15 update to 1.4.7, from Christian Gall per PR pkg/35940
This fixes a security problem which is rather an application issue:
The user wasn't notified about additional text (not covered by the
signature) unless the --status-fd flag is used.
2007-03-07 11:31:24 +00:00
wiz
601583c320 Whitespace cleanup, courtesy of pkglint.
Patch provided by Sergey Svishchev in private mail.
2007-02-22 19:26:05 +00:00
wiz
6e2c35c083 pkglint cleanup; update HOMEPAGE/MASTER_SITES.
From Sergey Svishchev in private mail.
2007-02-22 19:01:13 +00:00
wiz
e162ec1863 Update to 1.4.6:
Noteworthy changes in version 1.4.6 (2006-12-06)
------------------------------------------------

    * Fixed a serious and exploitable bug in processing encrypted
      packages. [CVE-2006-6235].

    * Fixed a buffer overflow in gpg. [bug#728, CVE-2006-6169]
	(already fixed in pkgsrc)

    * Fixed a bug while decrypting certain compressed and encrypted
      messages. [bug#537]

    * Added --s2k-count to set the number of times passphrase mangling
      is repeated.  The default is 65536 times.

    * Added --passphrase-repeat to set the number of times GPG will
      prompt for a new passphrase to be repeated.  This is useful to
      help memorize a new passphrase.  The default is 1 repetition.

    * Added a GPL license exception to the keyserver helper programs
      gpgkeys_ldap, gpgkeys_curl, and gpgkeys_hkp, to clarify any
      potential questions about the ability to distribute binaries
      that link to the OpenSSL library.  GnuPG does not link directly
      to OpenSSL, but libcurl (used for HKP, HTTP, and FTP) and
      OpenLDAP (used for LDAP) may.  Note that this license exception
      is considered a bug fix and is intended to forgive any
      violations pertaining to this issue, including those that may
      have occurred in the past.

    * Man pages are now build from the same source as those of GnuPG-2.
2006-12-06 23:00:46 +00:00
taca
553fdbc1e1 Add the same patch as security/gnupg2 package to fix a buffer overflow.
While fixing a bug reported by Hugh Warrington, a buffer overflow has
been identified in all released GnuPG versions.  The current versions
1.4.5 and 2.0.0 are affected.  A small patch is provided.
...

2006-11-27  Werner Koch  <wk@g10code.com>

	* openfile.c (ask_outfile_name): Fixed buffer overflow occurring
	if make_printable_string returns a longer string.  Fixes bug 728.

Bump PKGREVISION.
2006-11-28 05:39:41 +00:00
joerg
7abab1544d DESTDIR support. 2006-11-03 07:45:44 +00:00
dsainty
3e77ddc300 Add an HTTP download location too, as a fallback for when FTP downloads are awkward. 2006-08-05 03:13:25 +00:00
gdt
081d6c9bcb When using idea option, change license from fee-based-commercial-use
to idea-license, and also set RESTRICTED and NO_*_CDROM.
(Note that this doesn't change what happens if the idea option is unused.)
2006-08-03 14:49:14 +00:00
drochner
383423e5b5 update to 1.4.5
security update, recommended by gnupg.org
(fixes CVE-2006-3746)
changes:
* More DSA2 tweaks.
* Fixed a problem uploading certain keys to the smart card.
* Fixed 2 more possible memory allocation attacks.
* Added Norwegian translation.
2006-08-02 10:37:34 +00:00
jlam
ccdf6dbe01 Rename "SITES_* to "SITES.*" for file-specific lists of sites from which
to fetch the file.  This completes the renaming described in revision
1.1799 of bsd.pkg.mk.
2006-07-27 18:48:02 +00:00
markd
349db29ab7 Don't try and use assembler when building 64bit on Solaris. It gets it
wrong for both amd64 and sparc.
Fixes PR pkg/32648 and possibly PR pkg/33030.
2006-07-08 21:37:02 +00:00
markd
0f621942da Solaris grep doesn't deal well with the binary output of tar when testing
if tar supports "ustar" so feed through strings before grep.
Fixes PR pkg/33776.
2006-07-08 21:29:24 +00:00
wiz
637befe263 Update to 1.4.4:
Noteworthy changes in version 1.4.4 (2006-06-25)
------------------------------------------------

    * User IDs are now capped at 2048 byte.  This avoids a memory
      allocation attack (see CVE-2006-3082).
	[was already fixed in pkgsrc]

    * Added support for the SHA-224 hash.  Like the SHA-384 hash, it
      is mainly useful when DSS (the US Digital Signature Standard)
      compatibility is desired.

    * Added support for the latest update to DSA keys and signatures.
      This allows for larger keys than 1024 bits and hashes other than
      SHA-1 and RIPEMD/160.  Note that not all OpenPGP implementations
      can handle these new keys and signatures yet.  See
      "--enable-dsa2" in the manual for more information.
2006-07-03 21:15:14 +00:00
salo
5ba55d77ed Security fix for CVE-2006-3082:
"parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions,
 allows remote attackers to cause a denial of service (gpg crash) and
 possibly overwrite memory via a message packet with a large length,
 which could lead to an integer overflow, as demonstrated using the
 --no-armor option."

Patch from GnuPG CVS repository.
Bump PKGREVISION.
2006-06-24 14:20:29 +00:00
ghen
2eca3d9f2c The databases/openldap package has been split in -client and -server component
packages.  Convert LDAP-based applications to depend on openldap-client, and
bump PKGREVISION for those that depend on it by default.
2006-05-31 18:22:23 +00:00
jlam
ea5f9f80b6 Strip ${PKGLOCALEDIR} from PLISTs of packages that already obey
PKGLOCALEDIR and which install their locale files directly under
${PREFIX}/${PKGLOCALEDIR} and sort the PLIST file entries.  From now
on, pkgsrc/mk/plist/plist-locale.awk will automatically handle
transforming the PLIST to refer to the correct locale directory.
2006-04-17 07:07:11 +00:00
jlam
1cf9796f3c BUILD_USE_MSGFMT and USE_MSGFMT_PLURALS are obsolete. Replace with
USE_TOOLS+=msgfmt.
2006-04-13 18:23:29 +00:00
jlam
2515667d5d List the info files directly in the PLIST and honor PKG{INFO,MAN}DIR. 2006-04-07 15:28:49 +00:00
drochner
b6e52038b4 --with-libcurl is on per default, so revert the logics
(no functional change, just more effective because a compile check
is skipped)
2006-04-05 10:04:12 +00:00
wiz
81602be927 Update to 1.4.3:
Noteworthy changes in version 1.4.3 (2006-04-03)
------------------------------------------------

    * If available, cURL-based keyserver helpers are built that can
      retrieve keys using HKP or any protocol that cURL supports
      (HTTP, HTTPS, FTP, FTPS, etc).  If cURL is not available, HKP
      and HTTP are still supported using a built-in cURL emulator.  To
      force building the old pre-cURL keyserver helpers, use the
      configure option --enable-old-keyserver-helpers.  Note that none
      of this affects finger or LDAP support, which are unchanged.
      Note also that a future version of GnuPG will remove the old
      keyserver helpers altogether.

    * Implemented Public Key Association (PKA) signature verification.
      This uses special DNS records and notation data to associate a
      mail address with an OpenPGP key to prove that mail coming from
      that address is legitimate without the need for a full trust
      path to the signing key.

    * When exporting subkeys, those specified with a key ID or
      fingerpint and the '!' suffix are now merged into one keyblock.

    * Added "gpg-zip", a program to create encrypted archives that can
      interoperate with PGP Zip.

    * Added support for signing subkey cross-certification "back
      signatures".  Requiring cross-certification to be present is
      currently off by default, but will be changed to on by default
      in the future, once more keys use it.  A new "cross-certify"
      command in the --edit-key menu can be used to update signing
      subkeys to have cross-certification.

    * The key cleaning options for --import-options and
      --export-options have been further polished.  "import-clean" and
      "export-clean" replace the older
      import-clean-sigs/import-clean-uids and
      export-clean-sigs/export-clean-uids option pairs.

    * New "minimize" command in the --edit-key menu removes everything
      that can be removed from a key, rendering it as small as
      possible.  There are corresponding "export-minimal" and
      "import-minimal" commands for --export-options and
      --import-options.

    * New --fetch-keys command to retrieve keys by specifying a URI.
      This allows direct key retrieval from a web page or other
      location that can be specified in a URI.  Available protocols
      are HTTP and finger, plus anything that cURL supplies, if built
      with cURL support.

    * Files containing several signed messages are not allowed any
      longer as there is no clean way to report the status of such
      files back to the caller.  To partly revert to the old behaviour
      the new option --allow-multisig-verification may be used.

    * The keyserver helpers can now handle keys in either ASCII armor
      or binary format.

    * New auto-key-locate option that takes an ordered list of methods
      to locate a key if it is not available at encryption time (-r or
      --recipient).  Possible methods include "cert" (use DNS CERT as
      per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP
      server for the domain in question), "keyserver" (use the
      currently defined keyserver), as well as arbitrary keyserver
      URIs that will be contacted for the key.

    * Able to retrieve keys using DNS CERT records as per RFC-2538bis
      (currently in draft): http://www.josefsson.org/rfc2538bis

pkgsrc change:
make architecture-specific options really architecture-specific.
2006-04-04 21:16:37 +00:00
ghen
90e07d501f Update gnupg to 1.4.2.2, fixing another vulnerability:
* Files containing several signed messages are not allowed any
  longer as there is no clean way to report the status of such
  files back to the caller.  To partly revert to the old behaviour
  the new option --allow-multisig-verification may be used.
2006-03-10 15:10:08 +00:00
tron
d303bbebdc Readd checksum for "idea.c.gz" which got lost during the last update. 2006-02-15 22:26:46 +00:00
drochner
a544d6f73f update to 1.4.2.1
this fixes a false positive signature verification if only the exit
code of "gpgv" or "gpg --verify" is used
2006-02-15 19:10:20 +00:00
joerg
5911def816 Recursive revision bump / recommended bump for gettext ABI change. 2006-02-05 23:08:03 +00:00
rillig
b71a1d488b Fixed pkglint warnings. The warnings are mostly quoting issues, for
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in

    http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
2005-12-05 20:49:47 +00:00
reed
3d6be73882 Remove the redundant INSTALLATION_DIRS. This already
does mkdir or mkinstalldirs for these needed directories.
2005-10-10 20:45:19 +00:00
wiz
d1c0bfc9ae Fix RCS Id. 2005-10-04 22:50:41 +00:00
wiz
00a12dbcb7 security/gnupg has a build problem on sparc when you use any -mcpu
optimization flag, as was already described in this thread:
http://mail-index.netbsd.org/port-sparc/2004/12/19/0001.html

Thus, remove any -mcpu on sparc.

From Geert Hendrickx in PR 31463.
2005-10-04 17:59:37 +00:00
wiz
3b8d4fd26e Update to 1.4.2.
Noteworthy changes in version 1.4.2 (2005-07-26)
------------------------------------------------

    * New command "verify" in the card-edit menu to display
      the Private-DO-3.  The Admin command has been enhanced to take
      the optional arguments "on", "off" and "verify".  The latter may
      be used to verify the Admin Pin without modifying data; this
      allows displaying the Private-DO-4 with the "list" command.

    * Rewrote large parts of the card code to optionally make use of a
      running gpg-agent.  If --use-agent is being used and a gpg-agent
      with enabled scdaemon is active, gpg will now divert all card
      operations to that daemon.  This is required because both,
      scdaemon and gpg require exclusive access to the card reader. By
      delegating the work to scdaemon, both can peacefully coexist and
      scdaemon is able to control the use of the reader.  Note that
      this requires at least gnupg 1.9.17.

    * Fixed a couple of problems with the card reader.

    * Command completion is now available in the --edit-key and
      --card-edit menus.  Filename completion is available at all
      filename prompts.  Note that completion is only available if the
      system provides a readline library.

    * New experimental HKP keyserver helper that uses the cURL
      library.  It is enabled via the configure option --with-libcurl
      like the other (also experimental) cURL helpers.

    * New key cleaning options that can be used to remove unusable
      (expired, revoked) signatures from a key.  This is available via
      the new "clean" command in --edit-key on a key by key basis, as
      well as via the import-clean-sigs/import-clean-uids and
      export-clean-sigs/export-clean-uids options for --import-options
      and --export-options.  These are currently off by default, and
      replace the import-unusable-sigs/export-unusable-sigs options
      from version 1.4.1.

    * New export option export-reset-subkey-passwd.

    * New option --limit-card-insert-tries.
2005-07-28 15:12:05 +00:00
jlam
bf9129c41e Drop distinction between PKGSRC_USE_TOOLS and USE_TOOLS by making
PKGSRC_USE_TOOLS go away.  There is now only a single USE_TOOLS variable
that specifies all of the tools we need to build/run the package.
2005-07-15 18:27:48 +00:00
jlam
585534220c Remove USE_GNU_TOOLS and replace with the correct USE_TOOLS definitions:
USE_GNU_TOOLS	-> USE_TOOLS
	awk		-> gawk
	m4		-> gm4
	make		-> gmake
	sed		-> gsed
	yacc		-> bison
2005-05-22 20:07:36 +00:00
jlam
ac6724aa7c gzcat is needed, so note it as such for the new tools framework. 2005-05-15 04:26:24 +00:00
tv
f816d81489 Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used. 2005-04-11 21:44:48 +00:00
wiz
215694b4d2 Update to 1.4.1:
Noteworthy changes in version 1.4.1 (2005-03-15)
------------------------------------------------

    * New --rfc2440-text option which controls how text is handled in
      signatures.  This is in response to some problems seen with
      certain PGP/MIME mail clients and GnuPG version 1.4.0.  More
      details about this are available at
      <http://lists.gnupg.org/pipermail/gnupg-users/2005-January/024408.html>.

    * New "import-unusable-sigs" and "export-unusable-sigs" tags for
      --import-options and --export-options.  These are off by
      default, and cause GnuPG to not import or export key signatures
      that are not usable (e.g. expired signatures).

    * New experimental HTTP, HTTPS, FTP, and FTPS keyserver helper
      that uses the cURL library <http://curl.haxx.se> to retrieve
      keys.  This is disabled by default, but may be enabled with the
      configure option --with-libcurl.  Without this option, the
      existing HTTP code is used for HTTP, and HTTPS, FTP, and FTPS
      are not supported.

      [enabled with the "curl" option for the package]

    * When running a --card-status or --card-edit and a public key is
      available, missing secret key stubs will be created on the fly.
      Details of the key are listed too.

    * The implicit packet dumping in double verbose mode is now sent
      to stderr and not to stdout.

    * Added countermeasures against the Mister/Zuccherato CFB attack
      <http://eprint.iacr.org/2005/033>.

    * Add new --edit-key command "bkuptocard" to allow restoring a
      card key from a backup.

    * The "fetch" command of --card-edit now retrieves the key using
      the default keyserver if no URL has been stored on the card.

    * New configure option --enable-noexecstack.

Also, gpgkeys_mailto is not installed any longer, dropping the
dependency on perl.
2005-03-22 17:50:55 +00:00
agc
d81d19f8e0 Add RMD160 digests. 2005-02-24 12:51:41 +00:00
markd
4200ac9b06 Disable gnupg's new iconv code on platforms that have problems with it
in the default locale (NetBSD < 2.0 and Solaris).
OK'ed by wiz.
Fixes PR pkg/28895.
2005-02-09 11:35:50 +00:00
wiz
37147d29df Add options.mk file. 2004-12-25 02:54:49 +00:00
wiz
e21f814082 Update to 1.4.0, provided by Stefan Krüger in PR 28738.
While here, convert to options.mk.


GnuPG 1.4 Highlights
====================

This is a brief overview of the changes between the GnuPG 1.2 series
and the new GnuPG 1.4 series.  To read the full list of highlights for
each revision that led up to 1.4, see the NEWS file in the GnuPG
distribution.  This document is based on the NEWS file, and is thus
the highlights of the highlights.

When upgrading, note that RFC-2440, the OpenPGP standard, is currently
being revised.  Most of the revisions in the latest draft (2440bis-12)
have already been incorporated into GnuPG 1.4.


Algorithm Changes
-----------------

OpenPGP supports many different algorithms for encryption, hashing,
and compression, and taking into account the OpenPGP revisions, GnuPG
1.4 supports a slightly different algorithm set than 1.2 did.

The SHA256, SHA384, and SHA512 hashes are now supported for read and
write.

The BZIP2 compression algorithm is now supported for read and write.

Due to the recent successful attack on the MD5 hash algorithm
(discussed in <http://www.rsasecurity.com/rsalabs/node.asp?id=2738>,
among other places), MD5 is deprecated for OpenPGP use.  It is still
allowed in GnuPG 1.4 for backwards compatibility, but a warning is
given when it is used.

The TIGER/192 hash is no longer available.  This should not be
interpreted as a statement as to the quality of TIGER/192 - rather,
the revised OpenPGP standard removes support for several unused or
mostly unused hashes, and TIGER/192 was one of them.

Similarly, Elgamal signatures and the Elgamal signing key type have
been removed from the OpenPGP standard, and thus from GnuPG.  Please
do not confuse Elgamal signatures with DSA or DSS signatures or with
Elgamal encryption.  Elgamal signatures were very rarely used and were
not supported in any product other than GnuPG.  Elgamal encryption was
and still is part of OpenPGP and GnuPG.

Very old (pre-1.0) versions of GnuPG supported a nonstandard (contrary
to OpenPGP) Elgamal key type.  While no recent version of GnuPG
permitted the generation of such keys, GnuPG 1.2 could still use them.
GnuPG 1.4 no longer allows the use of these keys or the (also
nonstandard) messages generated using them.

At build time, it is possible to select which algorithms will be built
into GnuPG.  This can be used to build a smaller program binary for
embedded uses where space is tight.


Keyserver Changes
-----------------

GnuPG 1.4 does all keyserver operations via plugin or helper
applications.  This allows the main GnuPG program to be smaller and
simpler.  People who package GnuPG for various reasons have the
flexibility to include or leave out support for any keyserver type as
desired.

Support for fetching keys via HTTP and finger has been added.  This is
mainly useful for setting a preferred keyserver URL like
"http://www.jabberwocky.com/key.asc". or "finger:wk at g10code.com".

The LDAP keyserver helper now supports storing, retrieving, and
searching for keys in both the old NAI "LDAP keyserver" as well as the
more recent method to store OpenPGP keys in standard LDAP servers.
This is compatible with the storage schema that PGP uses, so both
products can interoperate with the same LDAP server.

The LDAP keyserver helper is compatible with the PGP company's new
"Global Directory" service.

If the LDAP library you use supports LDAP-over-TLS and LDAPS, then
GnuPG detects this and supports them as well.  Note that using TLS or
LDAPS does not improve the security of GnuPG itself, but may be useful
in certain key distribution scenarios.

HTTP Basic authentication is now supported for all HKP and HTTP
keyserver functions, either through a proxy or via direct access.

The HKP keyserver plugin supports the new machine-readable key
listing format for those keyservers that provide it.

IPv6 is supported for HKP and HTTP keyserver access.

When using a HKP keyserver with multiple DNS records (such as
subkeys.pgp.net which has the addresses of multiple servers around the
world), all DNS address records are tried until one succeeds.  This
prevents a single down server in the rotation from stopping access.

DNS SRV records are used in HKP keyserver lookups to allow
administrators to load balance and select keyserver ports
automatically.

Timeout support has been added to the keyserver plugins.  This allows
users to set an upper limit on how long to wait for the keyserver
before giving up.


Preferred Keyserver URL
-----------------------

Preferred keyserver support has been added.  Users may set a preferred
keyserver via the --edit-key command "keyserver".  If the
--keyserver-option honor-keyserver-url is set (and it is by default),
then the preferred keyserver is used when refreshing that key with
--refresh-keys.

The --sig-keyserver-url option can be used to inform signature
recipients where the signing key can be downloaded.  When verifying
the signature, if the signing key is not present, and the keyserver
options honor-keyserver-url and auto-key-retrieve are set, this URL
will be used to retrieve the key.


Trust Signatures
----------------

GnuPG 1.4 supports OpenPGP trust signatures, which allow a user to
specify the trust level and distance from the user along with the
signature so users can delegate different levels of certification
ability to other users, possibly restricted by a regular expression on
the user ID.


Trust Models
------------

GnuPG 1.4 supports several ways of looking at trust:

Classic - The classic PGP trust model, where people sign each others
          keys and thus build up an assurance (called "validity") that
          the key belongs to the right person.  This was the default
          trust model in GnuPG 1.2.

Always - Bypass all trust checks, and make all keys fully valid.

Direct - Users may set key validity directly.

PGP - The PGP 7 and 8 behavior which combines Classic trust with trust
      signatures overlaid on top.  This is the default trust model in
      GnuPG 1.4.


The OpenPGP Smartcard
---------------------

GnuPG 1.4 supports the OpenPGP smartcard
(<http://www.g10code.de/p-card.html>)

Secret keys may be kept fully or partially on the smartcard.  The
smartcard may be used for primary keys or subkeys.


Other Interesting New Features
------------------------------

For those using Security-Enhanced Linux <http://www.nsa.gov/selinux/>,
the configure option --enable-selinux-support prevents GnuPG from
processing its own files (i.e. reading the secret keyring for
something other than getting a secret key from it).  This simplifies
writing ACLs for the SELinux kernel.

Readline support is now available at all prompts if the system
provides a readline library.

GnuPG can now create messages that can be decrypted with either a
passphrase or a secret key.  These messages may be generated with
--symmetric --encrypt or --symmetric --sign --encrypt.

--list-options and --verify-options allow the user to customize
exactly what key listings or signature verifications look like,
enabling or disabling things such as photo display, preferred
keyserver URL, calculated validity for each user ID, etc.

The --primary-keyring option designates the keyring that the user
wants new keys imported into.

The --hidden-recipient (or -R) command encrypts to a user, but hides
the identity of that user.  This is the same functionality as
--throw-keyid, but can be used on a per-user basis.

Full algorithm names (e.g. "3DES", "SHA1", "ZIP") can now be used
interchangeably with the short algorithm names (e.g. "S2", "H2", "Z1")
anywhere algorithm names are used in GnuPG.

The --keyid-format option selects short (99242560), long
(DB698D7199242560), 0xshort (0x99242560), or 0xlong
(0xDB698D7199242560) key ID displays.  This lets users tune the
display to what they prefer.

While it is not recommended for extended periods, it is possible to
run both GnuPG 1.2.x and GnuPG 1.4 during the transition.  To aid in
this, GnuPG 1.4 tries to load a config file suffixed with its version
before it loads the default config file.  For example, 1.4 will try
for gpg.conf-1.4 and gpg.conf-1 before falling back to the regular
gpg.conf file.
2004-12-25 02:54:13 +00:00
tv
b4d68d91eb The correct name of this program is "GNU Privacy Guard" (not "Privacy Guard"). 2004-11-08 21:17:01 +00:00
tv
c487cb967a Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10
in the process.  (More information on tech-pkg.)

Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.

Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
2004-10-03 00:12:51 +00:00
lukem
9de8a5be02 add back idea.c.gz (from USE_IDEA=yes). (hi wiz!) 2004-08-26 13:39:05 +00:00
wiz
61bd72b91d Update to 1.2.6:
* Updated the included gettext.  This also fixes the installation
      problem from 1.2.5

    * Fixed a race condition possibly leading to deleted keys.
2004-08-26 13:19:32 +00:00
minskim
34ec2a4e09 Regen to make GNU patch happy. 2004-08-05 21:35:37 +00:00
schmonz
3e9966eaa5 Enable pkgviews installation. 2004-07-28 15:55:45 +00:00
wiz
3b4cf0f45f Update to 1.2.5:
* New --ask-cert-level/--no-ask-cert-level option to turn on and
      off the prompt for signature level when signing a key.  Defaults
      to on.

    * New --min-cert-level option to disregard key signatures that are
      under a specified level.  Defaults to 1 (i.e. don't disregard
      anything).

    * New --max-output option to limit the amount of plaintext output
      generated by GnuPG.  This option can be used by programs which
      call GnuPG to process messages that may result in plaintext
      larger than the calling program is prepared to handle.  This is
      sometimes called a "Decompression Bomb".

    * New --list-config command for frontends and other programs that
      call GnuPG.  See doc/DETAILS for the specifics of this.

    * New --gpgconf-list command for internal use by the gpgconf
      utility from gnupg 1.9.x.

    * Some performance improvements with large keyrings.  See
      --enable-key-cache=SIZE in the README file for details.

    * Some portability fixes for the OpenBSD/i386, HPPA, and AIX
      platforms.

    * Simplified Chinese translation.
2004-07-28 15:17:42 +00:00
cjep
341efbf789 whitespace nits 2004-05-07 15:25:13 +00:00
reed
06f8d025f8 Assume a mail transfer agent (/usr/sbin/sendmail) is installed.
This is to make sure that libexec/gnupg/gpgkeys_mailto is
installed. (Okay'd by wiz.)

This assumes that /usr/sbin/sendmail is sendmail.

PKGREVISION is not bumped because package couldn't be made
in first place if libexec/gnupg/gpgkeys_mailto was missing.
2004-04-09 00:36:06 +00:00