summaryrefslogtreecommitdiff
path: root/security/gnupg
AgeCommit message (Collapse)AuthorFilesLines
2003-12-25Update to 1.2.4:wiz9-110/+29
* Added read-only support for BZIP2 compression. This should be considered experimental, and is only available if the libbzip2 library <http://sources.redhat.com/bzip2/> is installed. * Added the ability to handle messages that can be decrypted with either a passphrase or a secret key. * Most support for Elgamal sign+encrypt keys has been removed. Old signatures may still be verified, and existing encrypted messages may still be decrypted, but no new signatures may be issued by, and no new messages will be encrypted to, these keys. Elgamal sign+encrypt keys are not part of the web of trust. The only new message that can be generated by an Elgamal sign+encrypt key is a key revocation. Note that in a future version of GnuPG (currently planned for 1.4), all support for Elgamal sign+encrypt keys will be removed, so take this opportunity to revoke old keys now. * A Russian translation is included again as well as a new Belarusian translation.
2003-12-01Add a patch to handle systems which have uint64_t but not the UINT64_Che2-1/+19
macro. This could happen with UNIX98-type systems, such as the code on our netbsd-1-5 branch, and would prevent this package from building on such systems. Problem also reported to the original author.
2003-11-27Add improved patch for compromised ElGamal signing keys fromheinz4-9/+83
gnupg-devel at gnupg org. The old patch didn't completely disable usage of the compromised keys. Move the old and new fix to the patches/ directory.
2003-11-27Apply security patch which disables ElGamal signature keys because theytron2-3/+9
are vulnerable. Bump package revision to reflect this change.
2003-10-11require GNU sed for GNU sed specific expressions.grant1-1/+3
fixes PR pkg/21493.
2003-08-25upgrade to 1.2.3.itojun6-44/+22
* New "--gnupg" option (set by default) that disables --openpgp, and the various --pgpX emulation options. This replaces --no-openpgp, and --no-pgpX, and also means that GnuPG has finally grown a --gnupg option to make GnuPG act like GnuPG. * A number of portability changes to make building GnuPG on less-common platforms easier. * Romanian translation. * Two new %-expandos for use in notation and policy URLs. "%g" expands to the fingerprint of the key making the signature (which might be a subkey), and "%p" expands to the fingerprint of the primary key that owns the key making the signature. * New "tru" record in --with-colons --list-keys listings. It shows the status of the trust database that was used to calculate the key validity in the listings. See doc/DETAILS for the specifics of this. * New REVKEYSIG status tag for --status-fd. It indicates a valid signature that was issued by a revoked key. See doc/DETAILS for the specifics of this.
2003-08-15add IPv6 support. bump PKGREVISIONitojun6-3/+89
2003-08-09USE_NEW_TEXINFO is unnecessary now.seb1-2/+1
2003-08-09Remove superfluous chunk which confuses some patch(1).wiz2-10/+3
2003-08-09fix for bad sh behaviour on Solaris (already available in latest GnuPG ↵heinz1-1/+2
snapshots)
2003-08-09fix for bad sh behaviour on Solaris (already available in latest GnuPG ↵heinz1-0/+23
snapshots)
2003-08-08Add http master site for idea.c.gz. Addresses PR 22408.wiz1-2/+3
2003-08-04Convert to USE_NEW_TEXINFO.seb2-7/+3
2003-07-17s/netbsd.org/NetBSD.org/grant1-2/+2
2003-07-13PKGREVISION bump for libiconv update.wiz1-1/+2
2003-05-07fix checksum for USE_IDEA caseitojun1-3/+3
2003-05-06Remove dead mirrors, add a new one.tron1-4/+2
2003-05-06Fix some of the master site URLs so that the "fetch" target works attron1-5/+4
least particually.
2003-05-05Update gnupg package to 1.2.2.taca4-20/+10
Security problem is reported on bugtraq. http://www.securityfocus.com/archive/1/320444/2003-05-02/2003-05-08/0 2003-05-01 Werner Koch <wk@gnupg.org> Released 1.2.2. 2003-04-30 David Shaw <dshaw@jabberwocky.com> * NEWS: Note trust bug fix. 2003-04-29 David Shaw <dshaw@jabberwocky.com> * NEWS: Add note about TIGER being dropped from OpenPGP. * README: Add note about the HP/UX inline problem. Fix all URLs to point to the right place in the reorganized gnupg.org web pages. Some minor language fixes. 2003-04-27 David Shaw <dshaw@jabberwocky.com> * NEWS: Add sig version, pk algo, hash algo, and sig class to VALIDSIG. * BUGS: Fix bug reporting URL. 2003-04-24 Werner Koch <wk@gnupg.org> * configure.ac (ALL_LINGUAS): Added Hungarian translation by Nagy Ferenc László. 2003-04-23 David Shaw <dshaw@jabberwocky.com> * configure.ac: "TIGER" -> "TIGER/192". * README: Put back proper copyright line. 2003-04-16 Werner Koch <wk@gnupg.org> Released 1.2.2rc2. 2003-04-15 Werner Koch <wk@gnupg.org> * configure.ac (ALL_LINGUAS): Add Slovak translation. * configure.ac (HAVE_DOSISH_SYSTEM): New automake conditional. * acinclude.m4 (GNUPG_CHECK_ENDIAN): Fixed quoting of r.e. using quadrigraphs. 2003-04-08 David Shaw <dshaw@jabberwocky.com> * configure.ac: Big warning that TIGER is being removed from the standard. 2003-04-08 Werner Koch <wk@gnupg.org> * Makefile.am (EXTRA_DIST): Add autogen.sh wrapper which is useful for some cross-compiling targets. 2003-04-07 David Shaw <dshaw@jabberwocky.com> * acinclude.m4: Fix URL to faqprog.pl. * README: Add --enable-sha512 switch and update version number and copyright date. * NEWS: Add note about SHA-256/384/512. 2003-03-24 Werner Koch <wk@gnupg.org> * configure.ac: Test for ranlib and ar. 2003-03-12 Werner Koch <wk@gnupg.org> * acinclude.m4 (GNUPG_CHECK_ENDIAN): When crosscompiling assume little only for Intel CPUs. 2003-02-19 David Shaw <dshaw@jabberwocky.com> * configure.ac: Define @CAPLIBS@ to link in -lcap if we are using capabilities. 2003-02-11 David Shaw <dshaw@jabberwocky.com> * configure.ac: Add --enable-sha512 switch to add SHA384/512 support. 2003-02-06 David Shaw <dshaw@jabberwocky.com> * configure.ac: Do not set GNUPG_LIBEXECDIR in ./configure, so that makefiles can override it. 2003-02-02 David Shaw <dshaw@jabberwocky.com> * configure.ac (ALL_LINGUAS): Needs to be on one line to avoid problems during ./configure. * NEWS: Note new --with-colons disabled key flag and new "revuid" command. 2003-01-07 Werner Koch <wk@gnupg.org> Released 1.2.2rc1. * configure.ac (ALL_LINGUAS): Added fi and zh_TW. 2003-01-06 David Shaw <dshaw@jabberwocky.com> * NEWS: Add notes about disabled keys and trustdb tweaks. 2002-12-04 David Shaw <dshaw@jabberwocky.com> * NEWS: Add note about convert-from-106 script. 2002-11-25 David Shaw <dshaw@jabberwocky.com> * NEWS: Add notes about notation names and '@', the "--trust-model always" option, and non-optimized memory wiping. 2002-11-09 Werner Koch <wk@gnupg.org> * configure.ac: Check for ctermid(). 2002-10-31 David Shaw <dshaw@jabberwocky.com> * Makefile.am: Put gnupg.spec in the root directory so rpm -ta works. * configure.ac: Add a check for volatile.
2003-05-02Dependency bumps, needed because of devel/pth's major bump, and relatedwiz1-2/+2
dependency bumps.
2003-04-21Add RCS tagcjep1-0/+1
2003-04-01Don't try to use asm on any version of Darwin.thorpej2-1/+13
2003-01-10USE_PKGLOCALEDIR=yescjep1-7/+8
2003-01-09Update checksum for idea.c.gz.chris1-3/+3
Changelog from idea.c file indicates: * 2002-12-11 wk __ppc__ is used on Darwin instead of __powerpc__. Used .sig file to check download was ok. Closes pkg/19749
2002-12-12shorten COMMENTabs1-2/+2
2002-11-24use test target provided by bsd.pkg.mk instead of home grown one.dillo1-4/+2
2002-11-24Rename the regress target test. This appears to be the new standard:chris1-2/+2
http://mail-index.netbsd.org/pkgsrc-changes/2002/11/23/0009.html
2002-11-24Seems that gnupg now depends on perl being available to create, installchris1-1/+3
and run gpgkeys_mailto Fixes PR pkg/19104 Also bump pkgrevision.
2002-10-27Update gnupg to 1.2.1. Is a bug fix release.chris4-46/+22
Major user visible changes are: * The library dependencies for OpenLDAP seem to change fairly frequently, and GnuPG's configure script cannot guess all the combinations. Use ./configure LDAPLIBS="-L libdir -l libs" to override the script and use the libraries selected. * Secret keys generated with --export-secret-subkeys are now indicated in key listings with a '#' after the "sec", and in --with-colons listings by showing no capabilities (no lowercase characters). * --trusted-key has been un-obsoleted, as it is useful for adding ultimately trusted keys from the config file. It is identical to using --edit and "trust" to change a key to ultimately trusted. * The usual bug fixes as well as fixes to build problems on some systems. Note that patch-aa and patch-ab are no longer needed as was, patch-aa now contains fixes to handle dlsym errors properly. Also now include libiconv/buildlink2.mk as gnupg looks for iconv. Fixes pkg/18221.
2002-10-09upgrade to 1.2.0, from skrueger@europe.comitojun9-143/+89
2002-09-21 Werner Koch <wk@gnupg.org> Released 1.2.0. * configure.ac: Bumbed version number and set development version to no. 2002-09-19 David Shaw <dshaw@jabberwocky.com> * configure.ac: Try linking LDAP as just -lldap as it seems very recent OpenLDAPs (>=2.0.23) support that. 2002-09-14 David Shaw <dshaw@jabberwocky.com> * configure.ac: Try linking LDAP without -lresolv first, just in case the platform has libresolv, but doesn't actually need it to use LDAP. 2002-09-12 David Shaw <dshaw@jabberwocky.com> * NEWS: Note that the old IDEA plugin won't work with post-1.1.90 gpg. 2002-09-11 Werner Koch <wk@gnupg.org> Released 1.1.92. * configure.ac (random_modules): The default random module for system lacking a /dev/random is now auto selected at runtime. 2002-09-09 David Shaw <dshaw@jabberwocky.com> * NEWS: typo. * configure.ac: Add a link test for LDAP without -lresolv for HPUX. Remove "hstrerror" test as it is no longer needed. 2002-09-02 Werner Koch <wk@gnupg.org> * README: Removed the note about a development version so that we later don't forget this. Minor other changes. 2002-08-29 Werner Koch <wk@gnupg.org> * configure.ac (random_modules): Reworked the code to select the random module. Define USE_ALL_RANDOM_MODULES for value all. 2002-08-27 David Shaw <dshaw@jabberwocky.com> * configure.ac: Check type of mode_t. * NEWS: Clarify that --libexecdir is a configure option. * configure.ac: Check for hstrerror. 2002-08-19 David Shaw <dshaw@jabberwocky.com> * NEWS: Document new ways to enable MDC, and change in automatic compression disabling. * configure.ac: No such thing as the "none" random gather any longer. 2002-08-08 David Shaw <dshaw@jabberwocky.com> * configure.ac: Add an --enable-tiger. * NEWS: Clarify new permission checks. 2002-08-07 David Shaw <dshaw@jabberwocky.com> * configure.ac: If the static IDEA cipher is present, disable dynamic loading. Also fix backwards grammar of keyserver exec-path CHECKING message. 2002-08-05 Werner Koch <wk@gnupg.org> * configure.ac: Bumbed version number. 2002-08-04 Werner Koch <wk@gnupg.org> Released 1.1.91. * configure.ac (ALL_LINGUAS): Added Catalan. 2002-08-02 Werner Koch <wk@gnupg.org> * configure.ac: Removed all extension stuff but keep the tests for dlopen. We don't need to figure out the flags required. All stuff is now statically loaded. 2002-07-30 David Shaw <dshaw@jabberwocky.com> * README, configure.ac: --with-exec-path is now clarified into --disable-keyserver-path * NEWS: changes since 1.1.90. 2002-07-24 David Shaw <dshaw@jabberwocky.com> * configure.ac: Include a GNUPG_LIBEXECDIR in g10defs.h, as well as a SUBST for Makefiles. 2002-07-22 Timo Schulz <ts@winpt.org> * configure.ac: Replace the 'c:/' variables with 'c:\' due to the fact we already use '\' in the remaining code. 2002-07-08 David Shaw <dshaw@jabberwocky.com> * configure.ac: Add --with-mailprog to override the use of sendmail with another MTA. We can use anything that follows the "$MAILPROG -t" convention. 2002-07-04 David Shaw <dshaw@jabberwocky.com> * configure.ac: --enable-exec-path should be a 'with'. Fix 'no' cases of --with-exec-path and --with-photo-viewer. * README: Document --disable-exec, --disable-photo-viewers, --disable-keyserver-helpers, --enable-exec-path, and --with-photo-viewer. * configure.ac: Add --with-photo-viewer to lock the viewer at compile time and --disable-keyserver-helpers and --disable-photo-viewers to allow disabling one without disabling the other. 2002-07-03 David Shaw <dshaw@jabberwocky.com> * configure.ac: Allow setting USE_EXEC_PATH to lock the exec-path to a fixed value. 2002-07-01 Werner Koch <wk@gnupg.org> * configure.ac: Set version number to 1.1.91. Released 1.1.90. * INSTALL: Replaced by generic install file. * README: Marked as development version and moved most stuff of the old INSTALL file to here. 2002-06-30 Werner Koch <wk@gnupg.org> * configure.ac: Link W32 version against libwsock32. 2002-06-29 Werner Koch <wk@gnupg.org> * configure.ac (development_version): New. (HAVE_DEV_RANDOM_IOCTL): Removed test for it; it was never used. * BUGS, AUTHORS: Add a note on how to send security related bug reports. 2002-06-20 David Shaw <dshaw@jabberwocky.com> * NEWS: changes since 1.0.7. * configure.ac: Set new version number (1.1.90), and fix Solaris compiler flags for shared objects. 2002-06-11 David Shaw <dshaw@jabberwocky.com> * configure.ac: Move -lsocket and -lnsl checks before LDAP link tests so they work properly on Solaris. Noted by David Champion. Also, check for the Mozilla LDAP library if the OpenLDAP library check fails. Put -lsocket and -lnsl in NETLIBS rather than LIBS so not all programs are forced to link to them. 2002-06-05 David Shaw <dshaw@jabberwocky.com> * configure.ac: Add a switch for the experimental external HKP keyserver interface. 2002-05-22 Werner Koch <wk@gnupg.org> * configure.ac: Check for strcasecmp and strncasecmp. Removed stricmp and memicmp checks. 2002-05-08 David Shaw <dshaw@jabberwocky.com> * configure.ac: If LDAP comes up unusable, try #including <lber.h> before giving up. Old versions of OpenLDAP require that. 2002-05-03 David Shaw <dshaw@jabberwocky.com> * configure.ac: In g10defs.h, use \ for the directory separator when HAVE_DOSISH_SYSTEM is on. * configure.ac: Add --disable-exec flag to disable all remote program execution. --disable-exec implies --disable-ldap and --disable-mailto. Also look in /usr/lib for sendmail. If sendmail is not found, do not default - just fail. 2002-04-30 David Shaw <dshaw@jabberwocky.com> * configure.ac: Try and link to a sample LDAP program to check if the LDAP we're about to use is really sane. The most common problem (using a very old OpenLDAP), could be fixed with an extra #include, but this would not be very portable to other LDAP libraries.
2002-10-01Belated bump to nb2, following fixes to dlsym return checks to work properly ↵chris1-2/+2
against -current.
2002-09-30fixup dlsym error checks. An error is indicated by dlsym returning NULL notchris2-1/+24
dlerror returning something valid.
2002-08-25Merge packages from the buildlink2 branch back into the main trunk thatjlam5-12/+13
have been converted to USE_BUILDLINK2.
2002-07-18Correct wrong detection of /dev/random in GnuPG 1.0.7 on NetBSD.heinz5-4/+47
Bumped PKGREVISION to 1, changed PLIST accordingly and added 2 patches for configure and configure.ac. Patches were sent to gnupg-bugs@gnu.org. Thomas Klausner approved.
2002-05-07Update to 1.0.7.wiz5-33/+35
* Secret keys are now stored and exported in a new format which uses SHA-1 for integrity checks. This format renders the Rosa/Klima attack useless. Other OpenPGP implementations might not yet support this, so the option --simple-sk-checksum creates the old vulnerable format. * The default cipher algorithm for encryption is now CAST5, default hash algorithm is SHA-1. This will give us better interoperability with other OpenPGP implementations. * Symmetric encrypted messages now use a fixed file size if possible. This is a tradeoff: it breaks PGP 5, but fixes PGP 2, 6, and 7. Note this was only an issue with RFC-1991 style symmetric messages. * Photographic user ID support. This uses an external program to view the images. * Enhanced keyserver support via keyserver "plugins". GnuPG comes with plugins for the NAI LDAP keyserver as well as the HKP email keyserver. It retains internal support for the HKP HTTP keyserver. * Nonrevocable signatures are now supported. If a user signs a key nonrevocably, this signature cannot be taken back so be careful! * Multiple signature classes are usable when signing a key to specify how carefully the key information (fingerprint, photo ID, etc) was checked. * --pgp2 mode automatically sets all necessary options to ensure that the resulting message will be usable by a user of PGP 2.x. * --pgp6 mode automatically sets all necessary options to ensure that the resulting message will be usable by a user of PGP 6.x. * Signatures may now be given an expiration date. When signing a key with an expiration date, the user is prompted whether they want their signature to expire at the same time. * Revocation keys (designated revokers) are now supported if present. There is currently no way to designate new keys as designated revokers. * Permissions on the .gnupg directory and its files are checked for safety. * --expert mode enables certain silly things such as signing a revoked user id, expired key, or revoked key. * Some fixes to build cleanly under Cygwin32. * New tool gpgsplit to split OpenPGP data formats into packets. * New option --preserve-permissions. * Subkeys created in the future are not used for encryption or signing unless the new option --ignore-valid-from is used. * Revoked user-IDs are not listed unless signatures are listed too or we are in verbose mode. * There is no default comment string with ascii armors anymore except for revocation certificates and --enarmor mode. * The command "primary" in the edit menu can be used to change the primary UID, "setpref" and "updpref" can be used to change the preferences. * Fixed the preference handling; since 1.0.5 they were erroneously matched against against the latest user ID and not the given one. * RSA key generation. * It is now possible to sign and conventional encrypt a message (-cs). * The MDC feature flag is supported and can be set by using the "updpref" edit command. * The status messages GOODSIG and BADSIG are now returning the primary UID, encoded using %XX escaping (but with spaces left as spaces, so that it should not break too much) * Support for GDBM based keyrings has been removed. * The entire keyring management has been revamped. * The way signature stati are store has changed so that v3 signatures can be supported. To increase the speed of many operations for existing keyrings you can use the new --rebuild-keydb-caches command. * The entire key validation process (trustdb) has been revamped. See the man page entries for --update-trustdb, --check-trustdb and --no-auto-check-trustdb. * --trusted-keys is again obsolete, --edit can be used to set the ownertrust of any key to ultimately trusted. * A subkey is never used to sign keys. * Read only keyrings are now handled as expected.
2002-02-18Introduce new framework for handling info files generation and installation.seb2-6/+7
Summary of changes: - removal of USE_GTEXINFO - addition of mk/texinfo.mk - inclusion of this file in package Makefiles requiring it - `install-info' substituted by `${INSTALL_INFO}' in PLISTs - tuning of mk/bsd.pkg.mk: removal of USE_GTEXINFO INSTALL_INFO added to PLIST_SUBST `${INSTALL_INFO}' replace `install-info' in target rules print-PLIST target now generate `${INSTALL_INFO}' instead of `install-info' - a couple of new patch files added for a handful of packages - setting of the TEXINFO_OVERRIDE "switch" in packages Makefiles requiring it - devel/cssc marked requiring texinfo 4.0 - a couple of packages Makefiles were tuned with respect of INFO_FILES and makeinfo command usage See -newly added by this commit- section 10.24 of Packages.txt for further information.
2002-01-07Fix for sparc64, provided in pkg/15168.wiz2-1/+19
2001-11-01Move pkg/ files into package's toplevel directoryzuntum2-1/+1
2001-10-27Remove commented USE_LIBINTL definitions ... we already use thejlam1-2/+1
gettext-lib/buildlink.mk file.
2001-06-28Convert to use buildlink.mk files and mark as USE_BUILDLINK_ONLY.jlam1-7/+5
2001-06-04Use slightly modified idea.c, which recognizes NetBSD PowerPC machines aswiz2-6/+6
big endian. Makes gnupg work with IDEA support on ppc machines. XXX: Probably similar changes needed for some other big-endian platforms.
2001-05-31Update to 1.0.6, provided by Nathan Ahlstrom in pkg/13069.wiz3-7/+6
Changes: Fixed a format string bug which is exploitable if --batch is not used. Checked all translations for format strings bugs. Removed the Russian translation due to too many bugs. Fixed keyserver access and expire time calculation.
2001-05-23Fix compilation on macppc. (relocation error because of missing -fPIC)wiz3-1/+29
2001-05-14Tidy up, and remove note about RSA.wiz1-3/+3
2001-05-14Update to 1.0.5, provided by Mark White in private mail.wiz5-65/+30
Some pkg related changes by me. Changes since 1.0.4: * WARNING: The semantics of --verify have changed to address a problem with detached signature detection. --verify now ignores signed material given on stdin unless this is requested by using a "-" as the name for the file with the signed material. Please check all your detached signature handling applications and make sure that they don't pipe the signed material to stdin without using a filename together with "-" on the the command line. * WARNING: Corrected hash calculation for input data larger than 512M - it was just wrong, so you might notice bad signature in some very big files. It may be wise to keep an old copy of GnuPG around. * Secret keys are no longer imported unless you use the new option --allow-secret-key-import. This is a kludge and future versions will handle it in another way. * New command "showpref" in the --edit-key menu to show an easier to understand preference listing. * There is now the notation of a primary user ID. For example, it is printed with a signature verification as the first user ID; revoked user IDs are not printed there anymore. In general the primary user ID is the one with the latest self-signature. * New --charset=utf-8 to bypass all internal conversions. * Large File Support (LFS) is now working. * New options: --ignore-crc-error, --no-sig-create-check, --no-sig-cache, --fixed_list_mode, --no-expensive-trust-checks, --enable-special-filenames and --use-agent. See man page. * New command --pipemode, which can be used to run gpg as a co-process. Currently only the verification of detached signatures are working. See doc/DETAILS. * Rewritten key selection code so that GnuPG can better cope with multiple subkeys, expire dates and so. The drawback is that it is slower. * A whole lot of bug fixes. * The verification status of self-signatures are now cached. To increase the speed of key list operations for existing keys you can do the following in your GnuPG homedir (~/.gnupg): $ cp pubring.gpg pubring.gpg.save && $ gpg --export-all >x && \ rm pubring.gpg && gpg --import x Only v4 keys (i.e not the old RSA keys) benefit from this caching. * New translations: Estonian, Turkish.
2001-04-19Move to sha1 digests, add distfile sizes.agc1-4/+7
2001-04-17+ move the distfile digest/checksum value from files/md5 to distinfoagc2-5/+3
+ move the patch digest/checksum values from files/patch-sum to distinfo
2001-03-31o Fix/add quotingzuntum1-2/+2
o Respect ${CFLAGS}
2001-03-27Change BUILD_DEPENDS semantics:hubertf1-2/+2
first component is now a package name+version/pattern, no more executable/patchname/whatnot. While there, introduce BUILD_USES_MSGFMT as shorthand to pull in devel/gettext unless /usr/bin/msgfmt exists (i.e. on post-1.5 -current). Patch by Alistair Crooks <agc@netbsd.org>
2001-02-17Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT.wiz2-2/+2