head 1.21; access; symbols pkgsrc-2013Q2:1.21.0.4 pkgsrc-2013Q2-base:1.21 pkgsrc-2012Q4:1.21.0.2 pkgsrc-2012Q4-base:1.21 pkgsrc-2012Q3:1.19.0.10 pkgsrc-2012Q3-base:1.19 pkgsrc-2012Q2:1.19.0.8 pkgsrc-2012Q2-base:1.19 pkgsrc-2012Q1:1.19.0.6 pkgsrc-2012Q1-base:1.19 pkgsrc-2011Q4:1.19.0.4 pkgsrc-2011Q4-base:1.19 pkgsrc-2011Q3:1.19.0.2 pkgsrc-2011Q3-base:1.19 pkgsrc-2011Q2:1.18.0.26 pkgsrc-2011Q2-base:1.18 pkgsrc-2009Q4:1.18.0.24 pkgsrc-2009Q4-base:1.18 pkgsrc-2008Q4:1.18.0.22 pkgsrc-2008Q4-base:1.18 pkgsrc-2008Q3:1.18.0.20 pkgsrc-2008Q3-base:1.18 cube-native-xorg:1.18.0.18 cube-native-xorg-base:1.18 pkgsrc-2008Q2:1.18.0.16 pkgsrc-2008Q2-base:1.18 pkgsrc-2008Q1:1.18.0.14 pkgsrc-2008Q1-base:1.18 pkgsrc-2007Q4:1.18.0.12 pkgsrc-2007Q4-base:1.18 pkgsrc-2007Q3:1.18.0.10 pkgsrc-2007Q3-base:1.18 pkgsrc-2007Q2:1.18.0.8 pkgsrc-2007Q2-base:1.18 pkgsrc-2007Q1:1.18.0.6 pkgsrc-2007Q1-base:1.18 pkgsrc-2006Q4:1.18.0.4 pkgsrc-2006Q4-base:1.18 pkgsrc-2006Q3:1.18.0.2 pkgsrc-2006Q3-base:1.18 pkgsrc-2006Q2:1.16.0.12 pkgsrc-2006Q2-base:1.16 pkgsrc-2006Q1:1.16.0.10 pkgsrc-2006Q1-base:1.16 pkgsrc-2005Q4:1.16.0.8 pkgsrc-2005Q4-base:1.16 pkgsrc-2005Q3:1.16.0.6 pkgsrc-2005Q3-base:1.16 pkgsrc-2005Q2:1.16.0.4 pkgsrc-2005Q2-base:1.16 pkgsrc-2005Q1:1.16.0.2 pkgsrc-2005Q1-base:1.16 pkgsrc-2004Q4:1.15.0.4 pkgsrc-2004Q4-base:1.15 pkgsrc-2004Q3:1.15.0.2 pkgsrc-2004Q3-base:1.15 pkgsrc-2004Q2:1.14.0.4 pkgsrc-2004Q2-base:1.14 pkgsrc-2004Q1:1.14.0.2 pkgsrc-2004Q1-base:1.14 pkgsrc-2003Q4:1.13.0.2 pkgsrc-2003Q4-base:1.13 netbsd-1-6:1.11.0.8 netbsd-1-6-RELEASE-base:1.11 pkgviews:1.11.0.4 pkgviews-base:1.11 buildlink2:1.11.0.2 buildlink2-base:1.11 netbsd-1-5-PATCH003:1.10 netbsd-1-5-RELEASE:1.6 netbsd-1-4-PATCH003:1.6 netbsd-1-4-PATCH002:1.3 comdex-fall-1999:1.2 netbsd-1-4-PATCH001:1.2 netbsd-1-4-RELEASE:1.2; locks; strict; comment @# @; 1.21 date 2012.11.07.12.23.23; author wiz; state dead; branches; next 1.20; 1.20 date 2012.10.27.17.39.12; author wiz; state Exp; branches; next 1.19; 1.19 date 2011.08.02.17.11.00; author joerg; state Exp; branches; next 1.18; 1.18 date 2006.08.02.10.37.34; author drochner; state dead; branches; next 1.17; 1.17 date 2006.07.08.21.29.24; author markd; state Exp; branches; next 1.16; 1.16 date 2004.12.25.02.54.13; author wiz; state dead; branches; next 1.15; 1.15 date 2004.07.28.15.17.42; author wiz; state Exp; branches; next 1.14; 1.14 date 2003.12.25.14.05.02; author wiz; state Exp; branches; next 1.13; 1.13 date 2003.08.15.07.02.23; author itojun; state Exp; branches; next 1.12; 1.12 date 2002.10.09.14.16.56; author itojun; state dead; branches; next 1.11; 1.11 date 2002.05.07.18.48.47; author wiz; state Exp; branches; next 1.10; 1.10 date 2002.01.07.21.29.35; author wiz; state Exp; branches; next 1.9; 1.9 date 2001.02.15.12.04.38; author wiz; state dead; branches; next 1.8; 1.8 date 2001.01.29.11.53.03; author wiz; state Exp; branches; next 1.7; 1.7 date 2000.11.10.02.35.03; author wiz; state dead; branches; next 1.6; 1.6 date 2000.07.17.23.44.53; author wiz; state Exp; branches; next 1.5; 1.5 date 2000.07.15.11.24.28; author wiz; state dead; branches; next 1.4; 1.4 date 2000.03.02.08.21.33; author wiz; state Exp; branches; next 1.3; 1.3 date 99.12.02.15.50.45; author frueauf; state Exp; branches; next 1.2; 1.2 date 99.04.08.15.17.28; author mellon; state Exp; branches; next 1.1; 1.1 date 99.04.07.23.01.27; author mellon; state Exp; branches; next ; desc @@ 1.21 log @Use just committed upstream change addressing c99 inline semantics. @ text @$NetBSD: patch-ac,v 1.20 2012/10/27 17:39:12 wiz Exp $ Deal with c99 inline semantics. --- mpi/mpi-inline.h.orig 2008-12-11 16:39:43.000000000 +0000 +++ mpi/mpi-inline.h @@@@ -28,10 +28,6 @@@@ #ifndef G10_MPI_INLINE_H #define G10_MPI_INLINE_H -#ifndef G10_MPI_INLINE_DECL -#define G10_MPI_INLINE_DECL extern __inline__ -#endif - G10_MPI_INLINE_DECL mpi_limb_t mpihelp_add_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, mpi_size_t s1_size, mpi_limb_t s2_limb) @ 1.20 log @Add comments to patches. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.19 2011/08/02 17:11:00 joerg Exp $ @ 1.19 log @Deal with c99 inline semantics. @ text @d1 3 a3 1 $NetBSD$ @ 1.18 log @update to 1.4.5 security update, recommended by gnupg.org (fixes CVE-2006-3746) changes: * More DSA2 tweaks. * Fixed a problem uploading certain keys to the smart card. * Fixed 2 more possible memory allocation attacks. * Added Norwegian translation. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.17 2006/07/08 21:29:24 markd Exp $ d3 5 a7 10 --- configure.orig 2006-06-25 23:14:59.000000000 +1200 +++ configure @@@@ -4876,7 +4876,7 @@@@ fi echo "$as_me:$LINENO: checking whether $_mytar speaks USTAR" >&5 echo $ECHO_N "checking whether $_mytar speaks USTAR... $ECHO_C" >&6 echo hithere > conftest.txt - $_mytar -cf - conftest.txt | grep -q ustar + $_mytar -cf - conftest.txt | strings | grep -q ustar _tar_bad=$? rm conftest.txt d9 7 @ 1.17 log @Solaris grep doesn't deal well with the binary output of tar when testing if tar supports "ustar" so feed through strings before grep. Fixes PR pkg/33776. @ text @d1 1 a1 1 $NetBSD$ @ 1.16 log @Update to 1.4.0, provided by Stefan Krüger in PR 28738. While here, convert to options.mk. GnuPG 1.4 Highlights ==================== This is a brief overview of the changes between the GnuPG 1.2 series and the new GnuPG 1.4 series. To read the full list of highlights for each revision that led up to 1.4, see the NEWS file in the GnuPG distribution. This document is based on the NEWS file, and is thus the highlights of the highlights. When upgrading, note that RFC-2440, the OpenPGP standard, is currently being revised. Most of the revisions in the latest draft (2440bis-12) have already been incorporated into GnuPG 1.4. Algorithm Changes ----------------- OpenPGP supports many different algorithms for encryption, hashing, and compression, and taking into account the OpenPGP revisions, GnuPG 1.4 supports a slightly different algorithm set than 1.2 did. The SHA256, SHA384, and SHA512 hashes are now supported for read and write. The BZIP2 compression algorithm is now supported for read and write. Due to the recent successful attack on the MD5 hash algorithm (discussed in , among other places), MD5 is deprecated for OpenPGP use. It is still allowed in GnuPG 1.4 for backwards compatibility, but a warning is given when it is used. The TIGER/192 hash is no longer available. This should not be interpreted as a statement as to the quality of TIGER/192 - rather, the revised OpenPGP standard removes support for several unused or mostly unused hashes, and TIGER/192 was one of them. Similarly, Elgamal signatures and the Elgamal signing key type have been removed from the OpenPGP standard, and thus from GnuPG. Please do not confuse Elgamal signatures with DSA or DSS signatures or with Elgamal encryption. Elgamal signatures were very rarely used and were not supported in any product other than GnuPG. Elgamal encryption was and still is part of OpenPGP and GnuPG. Very old (pre-1.0) versions of GnuPG supported a nonstandard (contrary to OpenPGP) Elgamal key type. While no recent version of GnuPG permitted the generation of such keys, GnuPG 1.2 could still use them. GnuPG 1.4 no longer allows the use of these keys or the (also nonstandard) messages generated using them. At build time, it is possible to select which algorithms will be built into GnuPG. This can be used to build a smaller program binary for embedded uses where space is tight. Keyserver Changes ----------------- GnuPG 1.4 does all keyserver operations via plugin or helper applications. This allows the main GnuPG program to be smaller and simpler. People who package GnuPG for various reasons have the flexibility to include or leave out support for any keyserver type as desired. Support for fetching keys via HTTP and finger has been added. This is mainly useful for setting a preferred keyserver URL like "http://www.jabberwocky.com/key.asc". or "finger:wk at g10code.com". The LDAP keyserver helper now supports storing, retrieving, and searching for keys in both the old NAI "LDAP keyserver" as well as the more recent method to store OpenPGP keys in standard LDAP servers. This is compatible with the storage schema that PGP uses, so both products can interoperate with the same LDAP server. The LDAP keyserver helper is compatible with the PGP company's new "Global Directory" service. If the LDAP library you use supports LDAP-over-TLS and LDAPS, then GnuPG detects this and supports them as well. Note that using TLS or LDAPS does not improve the security of GnuPG itself, but may be useful in certain key distribution scenarios. HTTP Basic authentication is now supported for all HKP and HTTP keyserver functions, either through a proxy or via direct access. The HKP keyserver plugin supports the new machine-readable key listing format for those keyservers that provide it. IPv6 is supported for HKP and HTTP keyserver access. When using a HKP keyserver with multiple DNS records (such as subkeys.pgp.net which has the addresses of multiple servers around the world), all DNS address records are tried until one succeeds. This prevents a single down server in the rotation from stopping access. DNS SRV records are used in HKP keyserver lookups to allow administrators to load balance and select keyserver ports automatically. Timeout support has been added to the keyserver plugins. This allows users to set an upper limit on how long to wait for the keyserver before giving up. Preferred Keyserver URL ----------------------- Preferred keyserver support has been added. Users may set a preferred keyserver via the --edit-key command "keyserver". If the --keyserver-option honor-keyserver-url is set (and it is by default), then the preferred keyserver is used when refreshing that key with --refresh-keys. The --sig-keyserver-url option can be used to inform signature recipients where the signing key can be downloaded. When verifying the signature, if the signing key is not present, and the keyserver options honor-keyserver-url and auto-key-retrieve are set, this URL will be used to retrieve the key. Trust Signatures ---------------- GnuPG 1.4 supports OpenPGP trust signatures, which allow a user to specify the trust level and distance from the user along with the signature so users can delegate different levels of certification ability to other users, possibly restricted by a regular expression on the user ID. Trust Models ------------ GnuPG 1.4 supports several ways of looking at trust: Classic - The classic PGP trust model, where people sign each others keys and thus build up an assurance (called "validity") that the key belongs to the right person. This was the default trust model in GnuPG 1.2. Always - Bypass all trust checks, and make all keys fully valid. Direct - Users may set key validity directly. PGP - The PGP 7 and 8 behavior which combines Classic trust with trust signatures overlaid on top. This is the default trust model in GnuPG 1.4. The OpenPGP Smartcard --------------------- GnuPG 1.4 supports the OpenPGP smartcard () Secret keys may be kept fully or partially on the smartcard. The smartcard may be used for primary keys or subkeys. Other Interesting New Features ------------------------------ For those using Security-Enhanced Linux , the configure option --enable-selinux-support prevents GnuPG from processing its own files (i.e. reading the secret keyring for something other than getting a secret key from it). This simplifies writing ACLs for the SELinux kernel. Readline support is now available at all prompts if the system provides a readline library. GnuPG can now create messages that can be decrypted with either a passphrase or a secret key. These messages may be generated with --symmetric --encrypt or --symmetric --sign --encrypt. --list-options and --verify-options allow the user to customize exactly what key listings or signature verifications look like, enabling or disabling things such as photo display, preferred keyserver URL, calculated validity for each user ID, etc. The --primary-keyring option designates the keyring that the user wants new keys imported into. The --hidden-recipient (or -R) command encrypts to a user, but hides the identity of that user. This is the same functionality as --throw-keyid, but can be used on a per-user basis. Full algorithm names (e.g. "3DES", "SHA1", "ZIP") can now be used interchangeably with the short algorithm names (e.g. "S2", "H2", "Z1") anywhere algorithm names are used in GnuPG. The --keyid-format option selects short (99242560), long (DB698D7199242560), 0xshort (0x99242560), or 0xlong (0xDB698D7199242560) key ID displays. This lets users tune the display to what they prefer. While it is not recommended for extended periods, it is possible to run both GnuPG 1.2.x and GnuPG 1.4 during the transition. To aid in this, GnuPG 1.4 tries to load a config file suffixed with its version before it loads the default config file. For example, 1.4 will try for gpg.conf-1.4 and gpg.conf-1 before falling back to the regular gpg.conf file. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.15 2004/07/28 15:17:42 wiz Exp $ d3 10 a12 7 ftp://ftp.kame.net/pub/kame/misc/gnupg-1.2.2-IPv6.diff.gz --- config.h.in.orig 2004-07-26 14:26:11.000000000 +0200 +++ config.h.in @@@@ -616,3 +616,4 @@@@ #include "g10defs.h" a13 1 +#undef HAVE_GETADDRINFO @ 1.15 log @Update to 1.2.5: * New --ask-cert-level/--no-ask-cert-level option to turn on and off the prompt for signature level when signing a key. Defaults to on. * New --min-cert-level option to disregard key signatures that are under a specified level. Defaults to 1 (i.e. don't disregard anything). * New --max-output option to limit the amount of plaintext output generated by GnuPG. This option can be used by programs which call GnuPG to process messages that may result in plaintext larger than the calling program is prepared to handle. This is sometimes called a "Decompression Bomb". * New --list-config command for frontends and other programs that call GnuPG. See doc/DETAILS for the specifics of this. * New --gpgconf-list command for internal use by the gpgconf utility from gnupg 1.9.x. * Some performance improvements with large keyrings. See --enable-key-cache=SIZE in the README file for details. * Some portability fixes for the OpenBSD/i386, HPPA, and AIX platforms. * Simplified Chinese translation. @ text @d1 1 a1 1 $NetBSD$ @ 1.14 log @Update to 1.2.4: * Added read-only support for BZIP2 compression. This should be considered experimental, and is only available if the libbzip2 library is installed. * Added the ability to handle messages that can be decrypted with either a passphrase or a secret key. * Most support for Elgamal sign+encrypt keys has been removed. Old signatures may still be verified, and existing encrypted messages may still be decrypted, but no new signatures may be issued by, and no new messages will be encrypted to, these keys. Elgamal sign+encrypt keys are not part of the web of trust. The only new message that can be generated by an Elgamal sign+encrypt key is a key revocation. Note that in a future version of GnuPG (currently planned for 1.4), all support for Elgamal sign+encrypt keys will be removed, so take this opportunity to revoke old keys now. * A Russian translation is included again as well as a new Belarusian translation. @ text @d5 1 a5 1 --- config.h.in.orig Tue Dec 23 20:28:49 2003 d7 1 a7 1 @@@@ -553,3 +553,4 @@@@ @ 1.13 log @add IPv6 support. bump PKGREVISION @ text @d5 3 a7 4 diff -u -r1.1.1.1 -r1.2 --- config.h.in 15 Aug 2003 05:12:06 -0000 1.1.1.1 +++ config.h.in 15 Aug 2003 06:44:46 -0000 1.2 @@@@ -537,3 +537,4 @@@@ @ 1.12 log @upgrade to 1.2.0, from skrueger@@europe.com 2002-09-21 Werner Koch Released 1.2.0. * configure.ac: Bumbed version number and set development version to no. 2002-09-19 David Shaw * configure.ac: Try linking LDAP as just -lldap as it seems very recent OpenLDAPs (>=2.0.23) support that. 2002-09-14 David Shaw * configure.ac: Try linking LDAP without -lresolv first, just in case the platform has libresolv, but doesn't actually need it to use LDAP. 2002-09-12 David Shaw * NEWS: Note that the old IDEA plugin won't work with post-1.1.90 gpg. 2002-09-11 Werner Koch Released 1.1.92. * configure.ac (random_modules): The default random module for system lacking a /dev/random is now auto selected at runtime. 2002-09-09 David Shaw * NEWS: typo. * configure.ac: Add a link test for LDAP without -lresolv for HPUX. Remove "hstrerror" test as it is no longer needed. 2002-09-02 Werner Koch * README: Removed the note about a development version so that we later don't forget this. Minor other changes. 2002-08-29 Werner Koch * configure.ac (random_modules): Reworked the code to select the random module. Define USE_ALL_RANDOM_MODULES for value all. 2002-08-27 David Shaw * configure.ac: Check type of mode_t. * NEWS: Clarify that --libexecdir is a configure option. * configure.ac: Check for hstrerror. 2002-08-19 David Shaw * NEWS: Document new ways to enable MDC, and change in automatic compression disabling. * configure.ac: No such thing as the "none" random gather any longer. 2002-08-08 David Shaw * configure.ac: Add an --enable-tiger. * NEWS: Clarify new permission checks. 2002-08-07 David Shaw * configure.ac: If the static IDEA cipher is present, disable dynamic loading. Also fix backwards grammar of keyserver exec-path CHECKING message. 2002-08-05 Werner Koch * configure.ac: Bumbed version number. 2002-08-04 Werner Koch Released 1.1.91. * configure.ac (ALL_LINGUAS): Added Catalan. 2002-08-02 Werner Koch * configure.ac: Removed all extension stuff but keep the tests for dlopen. We don't need to figure out the flags required. All stuff is now statically loaded. 2002-07-30 David Shaw * README, configure.ac: --with-exec-path is now clarified into --disable-keyserver-path * NEWS: changes since 1.1.90. 2002-07-24 David Shaw * configure.ac: Include a GNUPG_LIBEXECDIR in g10defs.h, as well as a SUBST for Makefiles. 2002-07-22 Timo Schulz * configure.ac: Replace the 'c:/' variables with 'c:\' due to the fact we already use '\' in the remaining code. 2002-07-08 David Shaw * configure.ac: Add --with-mailprog to override the use of sendmail with another MTA. We can use anything that follows the "$MAILPROG -t" convention. 2002-07-04 David Shaw * configure.ac: --enable-exec-path should be a 'with'. Fix 'no' cases of --with-exec-path and --with-photo-viewer. * README: Document --disable-exec, --disable-photo-viewers, --disable-keyserver-helpers, --enable-exec-path, and --with-photo-viewer. * configure.ac: Add --with-photo-viewer to lock the viewer at compile time and --disable-keyserver-helpers and --disable-photo-viewers to allow disabling one without disabling the other. 2002-07-03 David Shaw * configure.ac: Allow setting USE_EXEC_PATH to lock the exec-path to a fixed value. 2002-07-01 Werner Koch * configure.ac: Set version number to 1.1.91. Released 1.1.90. * INSTALL: Replaced by generic install file. * README: Marked as development version and moved most stuff of the old INSTALL file to here. 2002-06-30 Werner Koch * configure.ac: Link W32 version against libwsock32. 2002-06-29 Werner Koch * configure.ac (development_version): New. (HAVE_DEV_RANDOM_IOCTL): Removed test for it; it was never used. * BUGS, AUTHORS: Add a note on how to send security related bug reports. 2002-06-20 David Shaw * NEWS: changes since 1.0.7. * configure.ac: Set new version number (1.1.90), and fix Solaris compiler flags for shared objects. 2002-06-11 David Shaw * configure.ac: Move -lsocket and -lnsl checks before LDAP link tests so they work properly on Solaris. Noted by David Champion. Also, check for the Mozilla LDAP library if the OpenLDAP library check fails. Put -lsocket and -lnsl in NETLIBS rather than LIBS so not all programs are forced to link to them. 2002-06-05 David Shaw * configure.ac: Add a switch for the experimental external HKP keyserver interface. 2002-05-22 Werner Koch * configure.ac: Check for strcasecmp and strncasecmp. Removed stricmp and memicmp checks. 2002-05-08 David Shaw * configure.ac: If LDAP comes up unusable, try #including before giving up. Old versions of OpenLDAP require that. 2002-05-03 David Shaw * configure.ac: In g10defs.h, use \ for the directory separator when HAVE_DOSISH_SYSTEM is on. * configure.ac: Add --disable-exec flag to disable all remote program execution. --disable-exec implies --disable-ldap and --disable-mailto. Also look in /usr/lib for sendmail. If sendmail is not found, do not default - just fail. 2002-04-30 David Shaw * configure.ac: Try and link to a sample LDAP program to check if the LDAP we're about to use is really sane. The most common problem (using a very old OpenLDAP), could be fixed with an extra #include, but this would not be very portable to other LDAP libraries. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.11 2002/05/07 18:48:47 wiz Exp $ d3 10 a12 15 --- mpi/config.links.orig Thu Apr 18 12:10:40 2002 +++ mpi/config.links @@@@ -119,6 +119,12 @@@@ path="sparc32v8 sparc32" mpi_extra_modules="udiv" ;; + sparc64-*-netbsd) + # There are no sparc64 assembler modules that work, so + # just use generic C functions + echo '/* configured for sparc64-*-netbsd */' >>./mpi/asm-syntax.h + path="" + ;; sparc64-sun-solaris2*) # Got a report that udiv is missing, so we try this one echo '/* configured for sparc64-sun-solaris2 */' >>./mpi/asm-syntax.h @ 1.11 log @Update to 1.0.7. * Secret keys are now stored and exported in a new format which uses SHA-1 for integrity checks. This format renders the Rosa/Klima attack useless. Other OpenPGP implementations might not yet support this, so the option --simple-sk-checksum creates the old vulnerable format. * The default cipher algorithm for encryption is now CAST5, default hash algorithm is SHA-1. This will give us better interoperability with other OpenPGP implementations. * Symmetric encrypted messages now use a fixed file size if possible. This is a tradeoff: it breaks PGP 5, but fixes PGP 2, 6, and 7. Note this was only an issue with RFC-1991 style symmetric messages. * Photographic user ID support. This uses an external program to view the images. * Enhanced keyserver support via keyserver "plugins". GnuPG comes with plugins for the NAI LDAP keyserver as well as the HKP email keyserver. It retains internal support for the HKP HTTP keyserver. * Nonrevocable signatures are now supported. If a user signs a key nonrevocably, this signature cannot be taken back so be careful! * Multiple signature classes are usable when signing a key to specify how carefully the key information (fingerprint, photo ID, etc) was checked. * --pgp2 mode automatically sets all necessary options to ensure that the resulting message will be usable by a user of PGP 2.x. * --pgp6 mode automatically sets all necessary options to ensure that the resulting message will be usable by a user of PGP 6.x. * Signatures may now be given an expiration date. When signing a key with an expiration date, the user is prompted whether they want their signature to expire at the same time. * Revocation keys (designated revokers) are now supported if present. There is currently no way to designate new keys as designated revokers. * Permissions on the .gnupg directory and its files are checked for safety. * --expert mode enables certain silly things such as signing a revoked user id, expired key, or revoked key. * Some fixes to build cleanly under Cygwin32. * New tool gpgsplit to split OpenPGP data formats into packets. * New option --preserve-permissions. * Subkeys created in the future are not used for encryption or signing unless the new option --ignore-valid-from is used. * Revoked user-IDs are not listed unless signatures are listed too or we are in verbose mode. * There is no default comment string with ascii armors anymore except for revocation certificates and --enarmor mode. * The command "primary" in the edit menu can be used to change the primary UID, "setpref" and "updpref" can be used to change the preferences. * Fixed the preference handling; since 1.0.5 they were erroneously matched against against the latest user ID and not the given one. * RSA key generation. * It is now possible to sign and conventional encrypt a message (-cs). * The MDC feature flag is supported and can be set by using the "updpref" edit command. * The status messages GOODSIG and BADSIG are now returning the primary UID, encoded using %XX escaping (but with spaces left as spaces, so that it should not break too much) * Support for GDBM based keyrings has been removed. * The entire keyring management has been revamped. * The way signature stati are store has changed so that v3 signatures can be supported. To increase the speed of many operations for existing keyrings you can use the new --rebuild-keydb-caches command. * The entire key validation process (trustdb) has been revamped. See the man page entries for --update-trustdb, --check-trustdb and --no-auto-check-trustdb. * --trusted-keys is again obsolete, --edit can be used to set the ownertrust of any key to ultimately trusted. * A subkey is never used to sign keys. * Read only keyrings are now handled as expected. @ text @d1 1 a1 1 $NetBSD$ @ 1.10 log @Fix for sparc64, provided in pkg/15168. @ text @d3 1 a3 1 --- mpi/config.links.orig Sun Apr 29 13:36:18 2001 d9 9 a17 9 + sparc64-*-netbsd) + # There are no sparc64 assembler modules that work, so + # just use generic C functions + echo '/* configured for sparc64-*-netbsd */' >>./mpi/asm-syntax.h + path="" + ;; sparc9*-*-* | \ sparc64*-*-* | \ ultrasparc*-*-* ) @ 1.9 log @Update to 1.0.4nb3: incorporate a security fix by the author. (Which also includes completely unrelated patch-ac.) Closes pkg/12208. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.8 2001/01/29 11:53:03 wiz Exp $ d3 15 a17 11 --- g10/openfile.c.orig Tue Sep 5 17:31:57 2000 +++ g10/openfile.c @@@@ -329,7 +329,7 @@@@ if ( ( *defhome == '~' && ( strlen(fname) >= strlen (defhome+1) - && !strcmp(fname+strlen(defhome+1)-strlen(defhome+1), + && !strcmp(fname+strlen(fname)-strlen(defhome+1), defhome+1 ) )) || ( *defhome != '~' && !compare_filenames( fname, defhome ) ) @ 1.8 log @Update gnupg to 1.0.4nb2: Fix a bug in ~/.gnupg creation. Honor USE_IDEA, and add the IDEA extension in that case. Addresses pkg/11876. @ text @d1 1 a1 1 $NetBSD$ @ 1.7 log @Update to 1.0.4. Changes since 1.0.3: * Fixed a serious bug which could lead to false signature verification results when more than one signature is fed to gpg. This is the primary reason for releasing this version. * New utility gpgv which is a stripped down version of gpg to be used to verify signatures against a list of trusted keys. * Rijndael (AES) is now supported and listed with top preference. * --with-colons now works with --print-md[s]. Based on an update provided by Mipam . @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.6 2000/07/17 23:44:53 wiz Exp $ d3 11 a13 17 --- mpi/config.links.orig Tue Mar 21 10:24:45 2000 +++ mpi/config.links Mon Jul 17 14:30:59 2000 @@@@ -171,7 +171,13 @@@@ cat $srcdir/mpi/m68k/syntax.h >>./mpi/asm-syntax.h path="m68k/mc68020 m68k" ;; - + powerpc*-*-netbsd*) + echo '/* configured NetBSD on powerpc */' >>./mpi/asm-syntax.h + echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h + cat $srcdir/mpi/powerpc32/syntax.h >>./mpi/asm-syntax.h + mpi_sflags="-Wa,-mppc" + path="powerpc32" + ;; powerpc*-*-linux*) echo '/* configured for powerpc/ELF */' >>./mpi/asm-syntax.h echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h @ 1.6 log @Add patch to make gnupg work on macppc/ELF. Patch provided by Gabriel Rosenkoetter . @ text @d1 1 a1 1 $NetBSD$ @ 1.5 log @Update gnupg to 1.0.2. NetBSD changes had been mailed to author and have been integrated. Relevant Changes: * Fixed expiration handling of encryption keys. * Add an experimental feature to do unattended key generation. * The user is now asked for the reason of revocation as required by the new OpenPGP draft. * There is a ~/.gnupg/random_seed file now which saves the state of the internal RNG and increases system performance somewhat. This way the full entropy source is only used in cases were it is really required. Use the option --no-random-seed-file to disable this feature. * New options --ignore-time-conflict and --lock-never. * Encryption is now much faster: About 2 times for 1k bit keys and 8 times for 4k keys. * New encryption keys are generated in a way which allows a much faster decryption. * New command --export-secret-subkeys which outputs the _primary_ key with it's secret parts deleted. This is useful for automated decryption/signature creation as it allows to keep the real secret primary key offline and thereby protecting the key certificates and allowing to create revocations for the subkeys. See the FAQ for a procedure to install such secret keys. * Keygeneration now writes to the first writeable keyring or as default to the one in the homedirectory. Prior versions ignored all --keyring options. * New option --command-fd to take user input from a file descriptor; to be used with --status-fd by software which uses GnuPG as a backend. * There is a new status PROGRESS which is used to show progress during key generation. * Support for the new MDC encryption packets. To create them either --force-mdc must be use or cipher algorithm with a blocksize other than 64 bits is to be used. --openpgp currently disables MDC packets entirely. This option should not yet be used. * New option --no-auto-key-retrieve to disable retrieving of a missing public key from a keyerver, when a keyerver has been set. * Danish, Esperanto, Japanese, Dutch, and Swedish translations @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.4 2000/03/02 08:21:33 wiz Exp $ d3 17 a19 19 --- ./mpi/config.links.orig Fri Dec 10 14:04:00 1999 +++ ./mpi/config.links Thu Mar 2 01:53:31 2000 @@@@ -22,6 +22,16 @@@@ cat $srcdir/mpi/i386/syntax.h >>./mpi/asm-syntax.h path="i586 i386" ;; + i[34]86*-*-netbsd*) + echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h + cat $srcdir/mpi/i386/syntax.h >>./mpi/asm-syntax.h + path="i386" + ;; + i[56]86*-*-netbsd* | pentium-*-netbsd* | pentiumpro-*-netbsd*) + echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h + cat $srcdir/mpi/i386/syntax.h >>./mpi/asm-syntax.h + path="i586 i386" + ;; i[34]86*-*-bsdi4*) echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h cat $srcdir/mpi/i386/syntax.h >>./mpi/asm-syntax.h @ 1.4 log @Fetch and install man page, as noted by Markus Kurek in pkg/9519. Also defuzz patches. @ text @d1 1 a1 1 $NetBSD$ @ 1.3 log @Update gnupg to 1.0.0. As sideeffect this fixes pr 8826 and pr 8606. /* XXX someone should test this in i386/aout, maybe that broke in exchange, so someone would need to fix it. I have no system to test on. But since this package was totaly broken, its an improvement... XXX */ Noteworthy changes in version 1.0.0 (1999-09-07) ----------------------------------- * Add a very preliminary version of the GNU Privacy Handbook to the distribution (lynx doc/gph/index.html). * Changed the version number to GnuPG 2001 ;-) Noteworthy changes in version 0.9.11 ------------------------------------ * UTF-8 strings are now correctly printed (if --charset is set correctly). Output of --with-colons remains C-style escaped UTF-8. * Workaround for a problem with PGP 5 detached signature in textmode. * Fixed a problem when importing new subkeys (duplicated signatures). Noteworthy changes in version 0.9.10 ------------------------------------ * Some strange new options to help pgpgpg * Cleaned up the dox a bit. Noteworthy changes in version 0.9.9 ----------------------------------- * New options --[no-]utf8-strings. * New edit-menu commands "enable" and "disable" for entire keys. * You will be asked for a filename if gpg cannot deduce one. * Changes to support libtool which is needed for the development of libgcrypt. * New script tools/lspgpot to help transferring assigned trustvalues from PGP to GnuPG. * New commands --lsign-key and made --sign-key a shortcut for --edit and sign. * New options (#122--126 ;-) --[no-]default-recipient[-self], --disable-{cipher,pubkey}-algo. See the man page. * Enhanced info output in case of multiple recipients and fixed exit code. * New option --allow-non-selfsigned-uid to work around a problem with the German IN way of separating signing and encryption keys. Noteworthy changes in version 0.9.8 ----------------------------------- * New subcommand "delsig" in the edit menu. * The name of the output file is not anymore the one which is embedded in the processed message, but the used filename with the extension stripped. To revert to the old behaviour you can use the option --use-embedded-filename. * Another hack to cope with pgp2 generated detached signatures. * latin-2 character set works (--charset=iso-8859-2). * New option --with-key-data to list the public key parameters. New option -N to insert notations and a --set-policy-url. A couple of other options to allow reseting of options. * Better support for HPUX. Noteworthy changes in version 0.9.7 ----------------------------------- * Add some work arounds for a bugs in pgp 2 which led to bad signatures when used with canonical texts in some cases. * Enhanced some status outputs. Noteworthy changes in version 0.9.6 ----------------------------------- * Twofish is now statically linked by default. The experimental 128 bit version is now disabled. Full support will be available as soon as the OpenPGP WG has decided on an interpretation of rfc2440. * Dropped support for the ancient Blowfish160 which is not OpenPGP. * Merged gpgm and gpg into one binary. * Add "revsig" and "revkey" commands to the edit menu. It is now possible to revoke signature and subkeys. @ text @d3 2 a4 2 --- mpi/config.links.orig Mon Aug 30 11:06:48 1999 +++ mpi/config.links Thu Dec 2 15:42:48 1999 d9 13 a21 13 + i[34]86*-*-netbsd*) + echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h + cat $srcdir/mpi/i386/syntax.h >>./mpi/asm-syntax.h + path="i386" + ;; + i[56]86*-*-netbsd* | pentium-*-netbsd* | pentiumpro-*-netbsd*) + echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h + cat $srcdir/mpi/i386/syntax.h >>./mpi/asm-syntax.h + path="i586 i386" + ;; i[34]86*-*-linuxaout* | i[34]86*-*-linuxoldld* | i[34]86*-*-*bsd*) echo '#define BSD_SYNTAX' >>./mpi/asm-syntax.h echo '#define X86_BROKEN_ALIGN' >>./mpi/asm-syntax.h @ 1.2 log @Oops, fix paths. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.1 1999/04/07 23:01:27 mellon Exp $ d3 19 a21 20 diff -rc2 config.links mpi/config.links *** mpi/config.links Mon Mar 8 12:51:20 1999 --- mpi/config.links Wed Apr 7 16:43:18 1999 *************** *** 35,38 **** --- 35,48 ---- path="i586 i386" ;; + i[34]86*-*-netbsd*) + echo '#define BSD_SYNTAX' >>./mpi/asm-syntax.h + cat $srcdir/mpi/i386/syntax.h >>./mpi/asm-syntax.h + path="i386" + ;; + i[56]86*-*-netbsd* | pentium-*-netbsd* | pentiumpro-*-netbsd*) + echo '#define BSD_SYNTAX' >>./mpi/asm-syntax.h + cat $srcdir/mpi/i386/syntax.h >>./mpi/asm-syntax.h + path="i586 i386" + ;; i[34]86*-*-*) echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h @ 1.1 log @GNU Privacy Guard (a PGP replacement) @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 diff -rc2 gnupg-0.9.5/mpi/config.links gnupg-0.9.5-hacked/mpi/config.links *** gnupg-0.9.5/mpi/config.links Mon Mar 8 12:51:20 1999 --- gnupg-0.9.5-hacked/mpi/config.links Wed Apr 7 16:43:18 1999 @