Addresses a recent security issue that only impacts 1.4.8 and 2.0.8
* Improved AES encryption performance by more than 20% (on ia32).
Decryption is also a bit faster.
* Fixed possible memory corruption bug in 1.4.8 while importing
OpenPGP keys.
Noteworthy changes in version 1.4.8 (2007-12-20)
------------------------------------------------
*******************************************
* A decade of GnuPG: g10-0.0.0.tar.gz was *
* released exactly 10 years ago. *
*******************************************
* Changed the license to GPLv3.
* Improved detection of keyrings specified multiple times.
* Changes to better cope with broken keyservers.
* Minor bug fixes.
* The new OpenPGP standard is now complete, and has been published
as RFC-4880. The GnuPG --openpgp mode (note this is not the
default) has been updated to match the new standard. The
--rfc2440 option can be used to return to the older RFC-2440
behavior. The main differences between the two are
"--enable-dsa2 --no-rfc2440-text --escape-from-lines
--require-cross-certification".
* By default (i.e. --gnupg mode), --require-cross-certification is
now on. --rfc2440-text and --force-v3-sigs are now off.
* Allow encryption using legacy Elgamal sign+encrypt keys if
option --rfc2440 is used.
* Fixed the auto creation of the key stub for smartcards.
* Fixed a rare bug in decryption using the OpenPGP card.
* Fix RFC-4880 typo in the SHA-224 hash prefix. Old SHA-224
signatures will continue to work.
This fixes a security problem which is rather an application issue:
The user wasn't notified about additional text (not covered by the
signature) unless the --status-fd flag is used.
Noteworthy changes in version 1.4.6 (2006-12-06)
------------------------------------------------
* Fixed a serious and exploitable bug in processing encrypted
packages. [CVE-2006-6235].
* Fixed a buffer overflow in gpg. [bug#728, CVE-2006-6169]
(already fixed in pkgsrc)
* Fixed a bug while decrypting certain compressed and encrypted
messages. [bug#537]
* Added --s2k-count to set the number of times passphrase mangling
is repeated. The default is 65536 times.
* Added --passphrase-repeat to set the number of times GPG will
prompt for a new passphrase to be repeated. This is useful to
help memorize a new passphrase. The default is 1 repetition.
* Added a GPL license exception to the keyserver helper programs
gpgkeys_ldap, gpgkeys_curl, and gpgkeys_hkp, to clarify any
potential questions about the ability to distribute binaries
that link to the OpenSSL library. GnuPG does not link directly
to OpenSSL, but libcurl (used for HKP, HTTP, and FTP) and
OpenLDAP (used for LDAP) may. Note that this license exception
is considered a bug fix and is intended to forgive any
violations pertaining to this issue, including those that may
have occurred in the past.
* Man pages are now build from the same source as those of GnuPG-2.
While fixing a bug reported by Hugh Warrington, a buffer overflow has
been identified in all released GnuPG versions. The current versions
1.4.5 and 2.0.0 are affected. A small patch is provided.
...
2006-11-27 Werner Koch <wk@g10code.com>
* openfile.c (ask_outfile_name): Fixed buffer overflow occurring
if make_printable_string returns a longer string. Fixes bug 728.
Bump PKGREVISION.
security update, recommended by gnupg.org
(fixes CVE-2006-3746)
changes:
* More DSA2 tweaks.
* Fixed a problem uploading certain keys to the smart card.
* Fixed 2 more possible memory allocation attacks.
* Added Norwegian translation.
Noteworthy changes in version 1.4.4 (2006-06-25)
------------------------------------------------
* User IDs are now capped at 2048 byte. This avoids a memory
allocation attack (see CVE-2006-3082).
[was already fixed in pkgsrc]
* Added support for the SHA-224 hash. Like the SHA-384 hash, it
is mainly useful when DSS (the US Digital Signature Standard)
compatibility is desired.
* Added support for the latest update to DSA keys and signatures.
This allows for larger keys than 1024 bits and hashes other than
SHA-1 and RIPEMD/160. Note that not all OpenPGP implementations
can handle these new keys and signatures yet. See
"--enable-dsa2" in the manual for more information.
"parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions,
allows remote attackers to cause a denial of service (gpg crash) and
possibly overwrite memory via a message packet with a large length,
which could lead to an integer overflow, as demonstrated using the
--no-armor option."
Patch from GnuPG CVS repository.
Bump PKGREVISION.
PKGLOCALEDIR and which install their locale files directly under
${PREFIX}/${PKGLOCALEDIR} and sort the PLIST file entries. From now
on, pkgsrc/mk/plist/plist-locale.awk will automatically handle
transforming the PLIST to refer to the correct locale directory.
Noteworthy changes in version 1.4.3 (2006-04-03)
------------------------------------------------
* If available, cURL-based keyserver helpers are built that can
retrieve keys using HKP or any protocol that cURL supports
(HTTP, HTTPS, FTP, FTPS, etc). If cURL is not available, HKP
and HTTP are still supported using a built-in cURL emulator. To
force building the old pre-cURL keyserver helpers, use the
configure option --enable-old-keyserver-helpers. Note that none
of this affects finger or LDAP support, which are unchanged.
Note also that a future version of GnuPG will remove the old
keyserver helpers altogether.
* Implemented Public Key Association (PKA) signature verification.
This uses special DNS records and notation data to associate a
mail address with an OpenPGP key to prove that mail coming from
that address is legitimate without the need for a full trust
path to the signing key.
* When exporting subkeys, those specified with a key ID or
fingerpint and the '!' suffix are now merged into one keyblock.
* Added "gpg-zip", a program to create encrypted archives that can
interoperate with PGP Zip.
* Added support for signing subkey cross-certification "back
signatures". Requiring cross-certification to be present is
currently off by default, but will be changed to on by default
in the future, once more keys use it. A new "cross-certify"
command in the --edit-key menu can be used to update signing
subkeys to have cross-certification.
* The key cleaning options for --import-options and
--export-options have been further polished. "import-clean" and
"export-clean" replace the older
import-clean-sigs/import-clean-uids and
export-clean-sigs/export-clean-uids option pairs.
* New "minimize" command in the --edit-key menu removes everything
that can be removed from a key, rendering it as small as
possible. There are corresponding "export-minimal" and
"import-minimal" commands for --export-options and
--import-options.
* New --fetch-keys command to retrieve keys by specifying a URI.
This allows direct key retrieval from a web page or other
location that can be specified in a URI. Available protocols
are HTTP and finger, plus anything that cURL supplies, if built
with cURL support.
* Files containing several signed messages are not allowed any
longer as there is no clean way to report the status of such
files back to the caller. To partly revert to the old behaviour
the new option --allow-multisig-verification may be used.
* The keyserver helpers can now handle keys in either ASCII armor
or binary format.
* New auto-key-locate option that takes an ordered list of methods
to locate a key if it is not available at encryption time (-r or
--recipient). Possible methods include "cert" (use DNS CERT as
per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP
server for the domain in question), "keyserver" (use the
currently defined keyserver), as well as arbitrary keyserver
URIs that will be contacted for the key.
* Able to retrieve keys using DNS CERT records as per RFC-2538bis
(currently in draft): http://www.josefsson.org/rfc2538bis
pkgsrc change:
make architecture-specific options really architecture-specific.
* Files containing several signed messages are not allowed any
longer as there is no clean way to report the status of such
files back to the caller. To partly revert to the old behaviour
the new option --allow-multisig-verification may be used.
Noteworthy changes in version 1.4.2 (2005-07-26)
------------------------------------------------
* New command "verify" in the card-edit menu to display
the Private-DO-3. The Admin command has been enhanced to take
the optional arguments "on", "off" and "verify". The latter may
be used to verify the Admin Pin without modifying data; this
allows displaying the Private-DO-4 with the "list" command.
* Rewrote large parts of the card code to optionally make use of a
running gpg-agent. If --use-agent is being used and a gpg-agent
with enabled scdaemon is active, gpg will now divert all card
operations to that daemon. This is required because both,
scdaemon and gpg require exclusive access to the card reader. By
delegating the work to scdaemon, both can peacefully coexist and
scdaemon is able to control the use of the reader. Note that
this requires at least gnupg 1.9.17.
* Fixed a couple of problems with the card reader.
* Command completion is now available in the --edit-key and
--card-edit menus. Filename completion is available at all
filename prompts. Note that completion is only available if the
system provides a readline library.
* New experimental HKP keyserver helper that uses the cURL
library. It is enabled via the configure option --with-libcurl
like the other (also experimental) cURL helpers.
* New key cleaning options that can be used to remove unusable
(expired, revoked) signatures from a key. This is available via
the new "clean" command in --edit-key on a key by key basis, as
well as via the import-clean-sigs/import-clean-uids and
export-clean-sigs/export-clean-uids options for --import-options
and --export-options. These are currently off by default, and
replace the import-unusable-sigs/export-unusable-sigs options
from version 1.4.1.
* New export option export-reset-subkey-passwd.
* New option --limit-card-insert-tries.
Noteworthy changes in version 1.4.1 (2005-03-15)
------------------------------------------------
* New --rfc2440-text option which controls how text is handled in
signatures. This is in response to some problems seen with
certain PGP/MIME mail clients and GnuPG version 1.4.0. More
details about this are available at
<http://lists.gnupg.org/pipermail/gnupg-users/2005-January/024408.html>.
* New "import-unusable-sigs" and "export-unusable-sigs" tags for
--import-options and --export-options. These are off by
default, and cause GnuPG to not import or export key signatures
that are not usable (e.g. expired signatures).
* New experimental HTTP, HTTPS, FTP, and FTPS keyserver helper
that uses the cURL library <http://curl.haxx.se> to retrieve
keys. This is disabled by default, but may be enabled with the
configure option --with-libcurl. Without this option, the
existing HTTP code is used for HTTP, and HTTPS, FTP, and FTPS
are not supported.
[enabled with the "curl" option for the package]
* When running a --card-status or --card-edit and a public key is
available, missing secret key stubs will be created on the fly.
Details of the key are listed too.
* The implicit packet dumping in double verbose mode is now sent
to stderr and not to stdout.
* Added countermeasures against the Mister/Zuccherato CFB attack
<http://eprint.iacr.org/2005/033>.
* Add new --edit-key command "bkuptocard" to allow restoring a
card key from a backup.
* The "fetch" command of --card-edit now retrieves the key using
the default keyserver if no URL has been stored on the card.
* New configure option --enable-noexecstack.
Also, gpgkeys_mailto is not installed any longer, dropping the
dependency on perl.
While here, convert to options.mk.
GnuPG 1.4 Highlights
====================
This is a brief overview of the changes between the GnuPG 1.2 series
and the new GnuPG 1.4 series. To read the full list of highlights for
each revision that led up to 1.4, see the NEWS file in the GnuPG
distribution. This document is based on the NEWS file, and is thus
the highlights of the highlights.
When upgrading, note that RFC-2440, the OpenPGP standard, is currently
being revised. Most of the revisions in the latest draft (2440bis-12)
have already been incorporated into GnuPG 1.4.
Algorithm Changes
-----------------
OpenPGP supports many different algorithms for encryption, hashing,
and compression, and taking into account the OpenPGP revisions, GnuPG
1.4 supports a slightly different algorithm set than 1.2 did.
The SHA256, SHA384, and SHA512 hashes are now supported for read and
write.
The BZIP2 compression algorithm is now supported for read and write.
Due to the recent successful attack on the MD5 hash algorithm
(discussed in <http://www.rsasecurity.com/rsalabs/node.asp?id=2738>,
among other places), MD5 is deprecated for OpenPGP use. It is still
allowed in GnuPG 1.4 for backwards compatibility, but a warning is
given when it is used.
The TIGER/192 hash is no longer available. This should not be
interpreted as a statement as to the quality of TIGER/192 - rather,
the revised OpenPGP standard removes support for several unused or
mostly unused hashes, and TIGER/192 was one of them.
Similarly, Elgamal signatures and the Elgamal signing key type have
been removed from the OpenPGP standard, and thus from GnuPG. Please
do not confuse Elgamal signatures with DSA or DSS signatures or with
Elgamal encryption. Elgamal signatures were very rarely used and were
not supported in any product other than GnuPG. Elgamal encryption was
and still is part of OpenPGP and GnuPG.
Very old (pre-1.0) versions of GnuPG supported a nonstandard (contrary
to OpenPGP) Elgamal key type. While no recent version of GnuPG
permitted the generation of such keys, GnuPG 1.2 could still use them.
GnuPG 1.4 no longer allows the use of these keys or the (also
nonstandard) messages generated using them.
At build time, it is possible to select which algorithms will be built
into GnuPG. This can be used to build a smaller program binary for
embedded uses where space is tight.
Keyserver Changes
-----------------
GnuPG 1.4 does all keyserver operations via plugin or helper
applications. This allows the main GnuPG program to be smaller and
simpler. People who package GnuPG for various reasons have the
flexibility to include or leave out support for any keyserver type as
desired.
Support for fetching keys via HTTP and finger has been added. This is
mainly useful for setting a preferred keyserver URL like
"http://www.jabberwocky.com/key.asc". or "finger:wk at g10code.com".
The LDAP keyserver helper now supports storing, retrieving, and
searching for keys in both the old NAI "LDAP keyserver" as well as the
more recent method to store OpenPGP keys in standard LDAP servers.
This is compatible with the storage schema that PGP uses, so both
products can interoperate with the same LDAP server.
The LDAP keyserver helper is compatible with the PGP company's new
"Global Directory" service.
If the LDAP library you use supports LDAP-over-TLS and LDAPS, then
GnuPG detects this and supports them as well. Note that using TLS or
LDAPS does not improve the security of GnuPG itself, but may be useful
in certain key distribution scenarios.
HTTP Basic authentication is now supported for all HKP and HTTP
keyserver functions, either through a proxy or via direct access.
The HKP keyserver plugin supports the new machine-readable key
listing format for those keyservers that provide it.
IPv6 is supported for HKP and HTTP keyserver access.
When using a HKP keyserver with multiple DNS records (such as
subkeys.pgp.net which has the addresses of multiple servers around the
world), all DNS address records are tried until one succeeds. This
prevents a single down server in the rotation from stopping access.
DNS SRV records are used in HKP keyserver lookups to allow
administrators to load balance and select keyserver ports
automatically.
Timeout support has been added to the keyserver plugins. This allows
users to set an upper limit on how long to wait for the keyserver
before giving up.
Preferred Keyserver URL
-----------------------
Preferred keyserver support has been added. Users may set a preferred
keyserver via the --edit-key command "keyserver". If the
--keyserver-option honor-keyserver-url is set (and it is by default),
then the preferred keyserver is used when refreshing that key with
--refresh-keys.
The --sig-keyserver-url option can be used to inform signature
recipients where the signing key can be downloaded. When verifying
the signature, if the signing key is not present, and the keyserver
options honor-keyserver-url and auto-key-retrieve are set, this URL
will be used to retrieve the key.
Trust Signatures
----------------
GnuPG 1.4 supports OpenPGP trust signatures, which allow a user to
specify the trust level and distance from the user along with the
signature so users can delegate different levels of certification
ability to other users, possibly restricted by a regular expression on
the user ID.
Trust Models
------------
GnuPG 1.4 supports several ways of looking at trust:
Classic - The classic PGP trust model, where people sign each others
keys and thus build up an assurance (called "validity") that
the key belongs to the right person. This was the default
trust model in GnuPG 1.2.
Always - Bypass all trust checks, and make all keys fully valid.
Direct - Users may set key validity directly.
PGP - The PGP 7 and 8 behavior which combines Classic trust with trust
signatures overlaid on top. This is the default trust model in
GnuPG 1.4.
The OpenPGP Smartcard
---------------------
GnuPG 1.4 supports the OpenPGP smartcard
(<http://www.g10code.de/p-card.html>)
Secret keys may be kept fully or partially on the smartcard. The
smartcard may be used for primary keys or subkeys.
Other Interesting New Features
------------------------------
For those using Security-Enhanced Linux <http://www.nsa.gov/selinux/>,
the configure option --enable-selinux-support prevents GnuPG from
processing its own files (i.e. reading the secret keyring for
something other than getting a secret key from it). This simplifies
writing ACLs for the SELinux kernel.
Readline support is now available at all prompts if the system
provides a readline library.
GnuPG can now create messages that can be decrypted with either a
passphrase or a secret key. These messages may be generated with
--symmetric --encrypt or --symmetric --sign --encrypt.
--list-options and --verify-options allow the user to customize
exactly what key listings or signature verifications look like,
enabling or disabling things such as photo display, preferred
keyserver URL, calculated validity for each user ID, etc.
The --primary-keyring option designates the keyring that the user
wants new keys imported into.
The --hidden-recipient (or -R) command encrypts to a user, but hides
the identity of that user. This is the same functionality as
--throw-keyid, but can be used on a per-user basis.
Full algorithm names (e.g. "3DES", "SHA1", "ZIP") can now be used
interchangeably with the short algorithm names (e.g. "S2", "H2", "Z1")
anywhere algorithm names are used in GnuPG.
The --keyid-format option selects short (99242560), long
(DB698D7199242560), 0xshort (0x99242560), or 0xlong
(0xDB698D7199242560) key ID displays. This lets users tune the
display to what they prefer.
While it is not recommended for extended periods, it is possible to
run both GnuPG 1.2.x and GnuPG 1.4 during the transition. To aid in
this, GnuPG 1.4 tries to load a config file suffixed with its version
before it loads the default config file. For example, 1.4 will try
for gpg.conf-1.4 and gpg.conf-1 before falling back to the regular
gpg.conf file.
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
* New --ask-cert-level/--no-ask-cert-level option to turn on and
off the prompt for signature level when signing a key. Defaults
to on.
* New --min-cert-level option to disregard key signatures that are
under a specified level. Defaults to 1 (i.e. don't disregard
anything).
* New --max-output option to limit the amount of plaintext output
generated by GnuPG. This option can be used by programs which
call GnuPG to process messages that may result in plaintext
larger than the calling program is prepared to handle. This is
sometimes called a "Decompression Bomb".
* New --list-config command for frontends and other programs that
call GnuPG. See doc/DETAILS for the specifics of this.
* New --gpgconf-list command for internal use by the gpgconf
utility from gnupg 1.9.x.
* Some performance improvements with large keyrings. See
--enable-key-cache=SIZE in the README file for details.
* Some portability fixes for the OpenBSD/i386, HPPA, and AIX
platforms.
* Simplified Chinese translation.
This is to make sure that libexec/gnupg/gpgkeys_mailto is
installed. (Okay'd by wiz.)
This assumes that /usr/sbin/sendmail is sendmail.
PKGREVISION is not bumped because package couldn't be made
in first place if libexec/gnupg/gpgkeys_mailto was missing.