security update to gnupg-1.4.2.2

from gnupg.org:
Signature verification of non-detached signatures may give a positive
result but when extracting the signed data, this data may be prepended
or appended with extra data not covered by the signature.  Thus it is
possible for an attacker to take any signed message and inject extra
arbitrary data.

security/gnupg/Makefile

@@ -1,8 +1,8 @@
-# $OpenBSD: Makefile,v 1.55 2006/02/22 12:30:52 steven Exp $
+# $OpenBSD: Makefile,v 1.56 2006/03/10 20:57:50 steven Exp $
 
 COMMENT=	"GNU privacy guard - a free PGP replacement"
 
-DISTNAME=	gnupg-1.4.2.1
+DISTNAME=	gnupg-1.4.2.2
 CATEGORIES=	security
 
 MASTER_SITES=	ftp://ftp.gnupg.org/gcrypt/gnupg/ \

security/gnupg/distinfo

@@ -1,8 +1,8 @@
-MD5 (gnupg-1.4.2.1.tar.gz) = 218db161614c4aadd704e24ec0bf0882
+MD5 (gnupg-1.4.2.2.tar.gz) = 50d8fd9c5715ff78b7db0e5f20d08550
 MD5 (idea.c.gz) = 9dc3bc086824a8c7a331f35e09a3e57f
-RMD160 (gnupg-1.4.2.1.tar.gz) = 130381061d423762985bc88bc4935700842dfb28
+RMD160 (gnupg-1.4.2.2.tar.gz) = 301e45204b3b083e1014782d110dee5bad5ef320
 RMD160 (idea.c.gz) = e35be5a031d10d52341ac5f029d28f811edd908d
-SHA1 (gnupg-1.4.2.1.tar.gz) = cefc74560f21bde74eed298d86460612cd7e12ee
+SHA1 (gnupg-1.4.2.2.tar.gz) = 959540c1c6158e09d668ceee055bf366dc26d0bd
 SHA1 (idea.c.gz) = 82fded4ec31b97b3b2dd22741880b67cfee40f84
-SIZE (gnupg-1.4.2.1.tar.gz) = 4219980
+SIZE (gnupg-1.4.2.2.tar.gz) = 4222685
 SIZE (idea.c.gz) = 5216