| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
Based on PR 52165 by Jonathan Schleifer.
Noteworthy changes in version 2.1.20 (2017-04-03)
-------------------------------------------------
* gpg: New properties 'expired', 'revoked', and 'disbaled' for the
import and export filters.
* gpg: New command --quick-set-primary-uid.
* gpg: New compliance field for the --with-colon key listing.
* gpg: Changed the key parser to generalize the processing of local
meta data packets.
* gpg: Fixed assertion failure in the TOFU trust model.
* gpg: Fixed exporting of zero length user ID packets.
* scd: Improved support for multiple readers.
* scd: Fixed timeout handling for key generation.
* agent: New option --enable-extended-key-format.
* dirmngr: Do not add a keyserver to a new dirmngr.conf. Dirmngr
uses a default keyserver.
* dimngr: Do not treat TLS warning alerts as severe error when
building with GNUTLS.
* dirmngr: Actually take /etc/hosts in account.
* wks: Fixed client problems on Windows. Published keys are now set
to world-readable.
* tests: Fixed creation of temporary directories.
* A socket directory for a non standard GNUGHOME is now created on
the fly under /run/user. Thus "gpgconf --create-socketdir" is now
optional. The use of "gpgconf --remove-socketdir" to clean up
obsolete socket directories is however recommended to avoid
cluttering /run/user with useless directories.
* Fixed build problems on some platforms.
Noteworthy changes in version 2.1.19 (2017-03-01)
-------------------------------------------------
* gpg: Print a warning if Tor mode is requested but the Tor daemon
is not running.
* gpg: New status code DECRYPTION_KEY to print the actual private
key used for decryption.
* gpgv: New options --log-file and --debug.
* gpg-agent: Revamp the prompts to ask for card PINs.
* scd: Support for multiple card readers.
* scd: Removed option --debug-disable-ticker. Ticker is used
only when it is required to watch removal of device/card.
* scd: Improved detection of card inserting and removal.
* dirmngr: New option --disable-ipv4.
* dirmngr: New option --no-use-tor to explicitly disable the use of
Tor.
* dirmngr: The option --allow-version-check is now required even if
the option --use-tor is also used.
* dirmngr: Handle a missing nsswitch.conf gracefully.
* dirmngr: Avoid PTR lookups for keyserver pools. The are only done
for the debug command "keyserver --hosttable".
* dirmngr: Rework the internal certificate cache to support classes
of certificates. Load system provided certificates on startup.
Add options --tls, --no-crl, and --systrust to the "VALIDATE"
command.
* dirmngr: Add support for the ntbtls library.
* wks: Create mails with a "WKS-Phase" header. Fix detection of
Draft-2 mode.
* The Windows installer is now build with limited TLS support.
* Many other bug fixes and new regression tests.
See-also: gnupg-announce/2017q1/000402.html
|
|
PR pkg/51942
|
|
* gpg: New algorithm for selecting the best ranked public key when
using a mail address with -r, -R, or --locate-key.
* gpg: New option --with-tofu-info to print a new "tfs" record in
colon formatted key listings.
* gpg: New option --compliance as an alternative way to specify
options like --rfc2440, --rfc4880, et al.
* gpg: Many changes to the TOFU implementation.
* gpg: Improve usability of --quick-gen-key.
* gpg: In --verbose mode print a diagnostic when a pinentry is
launched.
* gpg: Remove code which warns for old versions of gnome-keyring.
* gpg: New option --override-session-key-fd.
* gpg: Option --output does now work with --verify.
* gpgv: New option --output to allow saving the verified data.
* gpgv: New option --enable-special-filenames.
* agent, dirmngr: New --supervised mode for use by systemd and alike.
* agent: By default listen on all available sockets using standard
names.
* agent: Invoke scdaemon with --homedir.
* dirmngr: On Linux now detects the removal of its own socket and
terminates.
* scd: Support ECC key generation.
* scd: Support more card readers.
* dirmngr: New option --allow-version-check to download a software
version database in the background.
* dirmngr: Use system provided CAs if no --hkp-cacert is given.
* dirmngr: Use a default keyserver if none is explicitly set
* gpgconf: New command --query-swdb to check software versions
against an copy of an online database.
* gpgconf: Print the socket directory with --list-dirs.
* tools: The WKS tools now support draft version -02.
* tools: Always build gpg-wks-client and install under libexec.
* tools: New option --supported for gpg-wks-client.
* The log-file option now accepts a value "socket://" to log to the
socket named "S.log" in the standard socket directory.
* Provide fake pinentries for use by tests cases of downstream
developers.
* Fixed many bugs and regressions.
* Many changes and improvements for the test suite.
|
|
|
|
|
|
versions of libcrypt and libksba.
Reported by Andreas Kusalananda Kähäri in mail to pkgsrc-user.
|
|
Noteworthy changes in version 2.1.14 (2016-07-14)
-------------------------------------------------
* gpg: Removed options --print-dane-records and --print-pka-records.
The new export options "export-pka" and "export-dane" can instead
be used with the export command.
* gpg: New options --import-filter and --export-filter.
* gpg: New import options "import-show" and "import-export".
* gpg: New option --no-keyring.
* gpg: New command --quick-revuid.
* gpg: New options -f/--recipient-file and -F/--hidden-recipient-file
to directly specify encryption keys.
* gpg: New option --mimemode to indicate that the content is a MIME
part. Does only enable --textmode right now.
* gpg: New option --rfc4880bis to allow experiments with proposed
changes to the current OpenPGP specs.
* gpg: Fix regression in the "fetch" sub-command of --card-edit.
* gpg: Fix regression since 2.1 in option --try-all-secrets.
* gpgv: Change default options for extra security.
* gpgsm: No more root certificates are installed by default.
* agent: "updatestartuptty" does now affect more environment
variables.
* scd: The option --homedir does now work with scdaemon.
* scd: Support some more GEMPlus card readers.
* gpgtar: Fix handling of '-' as file name.
* gpgtar: New commands --create and --extract.
* gpgconf: Tweak for --list-dirs to better support shell scripts.
* tools: Add programs gpg-wks-client and gpg-wks-server to implement
a Web Key Service. The configure option --enable-wks-tools is
required to build them; they should be considered Beta software.
* tests: Complete rework of the openpgp part of the test suite. The
test scripts have been changed from Bourne shell scripts to Scheme
programs. A customized scheme interpreter (gpgscm) is included.
This change was triggered by the need to run the test suite on
non-Unix platforms.
* The rendering of the man pages has been improved.
|
|
Noteworthy changes in version 2.1.13 (2016-06-16)
-------------------------------------------------
* gpg: New command --quick-addkey. Extend the --quick-gen-key
command.
* gpg: New --keyid-format "none" which is now also the default.
* gpg: New option --with-subkey-fingerprint.
* gpg: Include Signer's UID subpacket in signatures if the secret key
has been specified using a mail address and the new option
--disable-signer-uid is not used.
* gpg: Allow unattended deletion of a secret key.
* gpg: Allow export of non-passphrase protected secret keys.
* gpg: New status lines KEY_CONSIDERED and NOTATION_FLAGS.
* gpg: Change status line TOFU_STATS_LONG to use '~' as
a non-breaking-space character.
* gpg: Speedup key listings in Tofu mode.
* gpg: Make sure that the current and total values of a PROGRESS
status line are small enough.
* gpgsm: Allow the use of AES192 and SERPENT ciphers.
* dirmngr: Adjust WKD lookup to current specs.
* dirmngr: Fallback to LDAP v3 if v2 is is not supported.
* gpgconf: New commands --create-socketdir and --remove-socketdir,
new option --homedir.
* If a /run/user/$UID directory exists, that directory is now used
for IPC sockets instead of the GNUPGHOME directory. This fixes
problems with NFS and too long socket names and thus avoids the
need for redirection files.
* The Speedo build systems now uses the new versions.gnupg.org server
to retrieve the default package versions.
* Fix detection of libusb on FreeBSD.
* Speedup fd closing after a fork.
|
|
Noteworthy changes in version 2.1.12 (2016-05-04)
-------------------------------------------------
* gpg: New --edit-key sub-command "change-usage" for testing
purposes.
* gpg: Out of order key-signatures are now systematically detected
and fixed by --edit-key.
* gpg: Improved detection of non-armored messages.
* gpg: Removed the extra prompt needed to create Curve25519 keys.
* gpg: Improved user ID selection for --quick-sign-key.
* gpg: Use the root CAs provided by the system with --fetch-key.
* gpg: Add support for the experimental Web Key Directory key
location service.
* gpg: Improve formatting of Tofu messages and emit new Tofu specific
status lines.
* gpgsm: Add option --pinentry-mode to support a loopback pinentry.
* gpgsm: A new pubring.kbx is now created with the header blob so
that gpg can detect that the keybox format needs to be used.
* agent: Add read support for the new private key protection format
openpgp-s2k-ocb-aes.
* agent: Add read support for the new extended private key format.
* agent: Default to --allow-loopback-pinentry and add option
--no-allow-loopback-pinentry.
* scd: Changed to use the new libusb 1.0 API for the internal CCID
driver.
* dirmngr: The dirmngr-client does now auto-detect the PEM format.
* g13: Add experimental support for dm-crypt.
* w32: Tofu support is now available with the Speedo build method.
* w32: Removed the need for libiconv.dll.
* The man pages for gpg and gpgv are now installed under the correct
name (gpg2 or gpg - depending on a configure option).
* Lots of internal cleanups and bug fixes.
|
|
Noteworthy changes in version 2.1.11 (2016-01-26)
-------------------------------------------------
* gpg: New command --export-ssh-key to replace the gpgkey2ssh tool.
* gpg: Allow to generate mail address only keys with --gen-key.
* gpg: "--list-options show-usage" is now the default.
* gpg: Make lookup of DNS CERT records holding an URL work.
* gpg: Emit PROGRESS status lines during key generation.
* gpg: Don't check for ambigious or non-matching key specification in
the config file or given to --encrypt-to. This feature will return
in 2.3.x.
* gpg: Lock keybox files while updating them.
* gpg: Solve rare error on Windows during keyring and Keybox updates.
* gpg: Fix possible keyring corruption. (bug#2193)
* gpg: Fix regression of "bkuptocard" sub-command in --edit-key and
remove "checkbkupkey" sub-command introduced with 2.1. (bug#2169)
* gpg: Fix internal error in gpgv when using default keyid-format.
* gpg: Fix --auto-key-retrieve to work with dirmngr.conf configured
keyservers. (bug#2147).
* agent: New option --pinentry-timeout.
* scd: Improve unplugging of USB readers under Windows.
* scd: Fix regression for generating RSA keys on card.
* dirmmgr: All configured keyservers are now searched.
* dirmngr: Install CA certificate for hkps.pool.sks-keyservers.net.
Use this certiticate even if --hkp-cacert is not used.
* gpgtar: Add actual encryption code. gpgtar does now fully replace
gpg-zip.
* gpgtar: Fix filename encoding problem on Windows.
* Print a warning if a GnuPG component is using an older version of
gpg-agent, dirmngr, or scdaemon.
|
|
Changelog:
Noteworthy changes in version 2.1.10 (2015-12-04)
-------------------------------------------------
* gpg: New trust models "tofu" and "tofu+pgp".
* gpg: New command --tofu-policy. New options --tofu-default-policy
and --tofu-db-format.
* gpg: New option --weak-digest to specify hash algorithms which
should be considered weak.
* gpg: Allow the use of multiple --default-key options; take the last
available key.
* gpg: New option --encrypt-to-default-key.
* gpg: New option --unwrap to only strip the encryption layer.
* gpg: New option --only-sign-text-ids to exclude photo IDs from key
signing.
* gpg: Check for ambigious or non-matching key specification in the
config file or given to --encrypt-to.
* gpg: Show the used card reader with --card-status.
* gpg: Print export statistics and an EXPORTED status line.
* gpg: Allow selecting subkeys by keyid in --edit-key.
* gpg: Allow updating the expiration time of multiple subkeys at
once.
* dirmngr: New option --use-tor. For full support this requires
libassuan version 2.4.2 and a patched version of libadns
(e.g. adns-1.4-g10-7 as used by the standard Windows installer).
* dirmngr: New option --nameserver to specify the nameserver used in
Tor mode.
* dirmngr: Keyservers may again be specified by IP address.
* dirmngr: Fixed problems in resolving keyserver pools.
* dirmngr: Fixed handling of premature termination of TLS streams so
that large numbers of keys can be refreshed via hkps.
* gpg: Fixed a regression in --locate-key [since 2.1.9].
* gpg: Fixed another bug for keyrings with legacy keys.
* gpgsm: Allow combinations of usage flags in --gen-key.
* Make tilde expansion work with most options.
* Many other cleanups and bug fixes.
|
|
gnupg-2.1.9:
* gpg: Allow fetching keys via OpenPGP DANE (--auto-key-locate). New
option --print-dane-records.
* gpg: Fix for a problem with PGP-2 keys in a keyring.
* gpg: Fail with an error instead of a warning if a modern cipher
algorithm is used without a MDC.
* agent: New option --pinentry-invisible-char.
* agent: Always do a RSA signature verification after creation.
* agent: Fix a regression in ssh-add-ing Ed25519 keys.
* agent: Fix ssh fingerprint computation for nistp384 and EdDSA.
* agent: Fix crash during passprase entry on some platforms.
* scd: Change timeout to fix problems with some 2.1 cards.
* dirmngr: Displayed name is now Key Acquirer.
* dirmngr: Add option --keyserver. Deprecate that option for gpg.
Install a dirmngr.conf file from a skeleton for new installations.
gnupg-2.1.8:
* gpg: Sending very large keys to the keyservers works again.
* gpg: Validity strings in key listings are now again translatable.
* gpg: Emit FAILURE status lines to help GPGME.
* gpg: Does not anymore link to Libksba to reduce dependencies.
* gpgsm: Export of secret keys via Assuan is now possible.
* agent: Raise the maximum passphrase length from 100 to 255 bytes.
* agent: Fix regression using EdDSA keys with ssh.
* Does not anymore use a build timestamp by default.
* The fallback encoding for broken locale settings changed
from Latin-1 to UTF-8.
* Many code cleanups and improved internal documentation.
* Various minor bug fixes.
gnupg-2.1.7:
* gpg: Support encryption with Curve25519 if Libgcrypt 1.7 is used.
* gpg: In the --edit-key menu: Removed the need for "toggle", changed
how secret keys are indicated, new commands "fpr *" and "grip".
* gpg: More fixes related to legacy keys in a keyring.
* gpgv: Does now also work with a "trustedkeys.kbx" file.
* scd: Support some feature from the OpenPGP card 3.0 specs.
* scd: Improved ECC support
* agent: New option --force for the DELETE_KEY command.
* w32: Look for the Pinentry at more places.
* Dropped deprecated gpgsm-gencert.sh
* Various other bug fixes.
|
|
Problems found locating distfiles:
Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
Package libidea: missing distfile libidea-0.8.2b.tar.gz
Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
Package uvscan: missing distfile vlp4510e.tar.Z
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
|
|
GnuPG-2 provides several utilities that are used by mail clients,
such as Kmail and Balsa, including OpenPGP and S/MIME support.
GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.5) in that
it splits up functionality into several modules. However, both
versions may be installed alongside without any conflict. In fact,
the gpg version from GnuPG-1 is able to make use of the gpg-agent as
included in GnuPG-2 and allows for seamless passphrase caching. The
advantage of GnuPG-1 is its smaller size and the lack of dependency on
other modules at run and build time.
Packaged by adanbsd as pkgsrc/wip/gnupg21.
|
