Release info:
https://dev.gnupg.org/T6105
Packaging changes:
- need to drop a --css-ref= option unrecognized by base makeinfo.
- no need for gmake
- having the package installed is not needed any more to run the tests
- respect LDFLAGS
Fix for CVE-2022-34903, other changes:
https://dev.gnupg.org/T5949
Gentle prodding by tj@ who backported patches to address the CVE problem.
Since upstream has published a release, let's use that instead.
ChangeLog: https://dev.gnupg.org/T5928
Tests & ok bket@ gnezdo@
Since the question came up: we're staying on the 2.2 LTS branch as long
as there is no adamant reason to switch to the public testing 2.3
release, and as long as 2.4 hasn't been published. For more information
about the release scheme please refer to the gnupg-2.3.0 announcement:
https://lists.gnupg.org/pipermail/gnupg-announce/2021q2/000458.html
gnupg-1.4 is not developed actively anymore, and new software expects
a modern "gpg" executable, which leads to pointless patches in the ports
tree. Move the various users of security/gnupg2 to security/gnupg and
zap patches that forced the use of "gpg2".
Crusade started by edd@ (security/gnupg maintainer), gnupg->gnupg2 test
reports from semarie@, giovanni@ and solene@, input and bulk build by
sthen@. ok sthen@ edd@ (maintainer)
Being listed as the maintainer kinda implies that I care, but I don't:
I haven't used gpg1 for years. In fact, it's been years since I think
this port ought to be removed and the tree should be moved to
security/gnupg2. But someone has to do that work.
- add `-fheinous-gnu-extensions' as seen on some other archs
- add a patch to remove the `-Wa,-mppc' flag, because clang's
integrated assembler was unhappy with it. Proposed by jca@,
instead of using `-no-integrated-as'.
OK jca@ (maintainer)
Follow the upstream recommendations for packagers and switch to
multi-packages:
devel/gettext -> devel/gettext,-runtime
devel/gettext-tools -> devel/gettext,-tools
(new) devel/gettext,-textstyle
- move to https
- use the per-project canonical homepage (reachable thru the main
- homepage; pinentry doesn't seem to have such homepage)
ok pea@ ajacoutot@
* Fix critical security bug in the RNG [CVE-2016-6313]. An attacker
who obtains 580 bytes from the standard RNG can trivially predict
the next 20 bytes of output. Problem detected by Felix Dörre and
Vladimir Klebanov, KIT.
CVE-2016-6313: * Fix critical security bug in the RNG [CVE-2016-6313].
An attacker who obtains 580 bytes from the standard RNG can trivially
predict the next 20 bytes of output. Problem detected by Felix
Dörre and Vladimir Klebanov, KIT.
Main behavior changes:
- CAST5 -> AES for symmetric encryption
- MD5 sigs rejected by default
ok danj@
* fix regression in --recv-key {multiple keys}
* cap the sizes for automatic key generation
While here, delete unneeded do-test target.
"looks ok" sthen@, ok daniel@
parsing compressed packets) and includes the patch we had for
CVE-2013-4242 (Yarom/Falkner flush+reload side-channel attack on RSA
secret keys already had a patch). Input from and ok sthen@
