Log message:
Bump PKGREVISION for security/openssl ABI bump.

Log message:
Bump dependency on libgpg-error to >=1.21; does not actually complete
configure with a lesser version.

Log message:
Use OPSYSVARS.

Log message:
Fix build on SunOS, where configure doesn't see getaddrinfo(), but
the code knows how to unlock and use it.

Log message:
Update gnupg21 to 2.1.11:

Noteworthy changes in version 2.1.11 (2016-01-26)
-------------------------------------------------

 * gpg: New command --export-ssh-key to replace the gpgkey2ssh tool.

 * gpg: Allow to generate mail address only keys with --gen-key.

 * gpg: "--list-options show-usage" is now the default.

 * gpg: Make lookup of DNS CERT records holding an URL work.

 * gpg: Emit PROGRESS status lines during key generation.

 * gpg: Don't check for ambigious or non-matching key specification in
   the config file or given to --encrypt-to.  This feature will return
   in 2.3.x.

 * gpg: Lock keybox files while updating them.

 * gpg: Solve rare error on Windows during keyring and Keybox updates.

 * gpg: Fix possible keyring corruption. (bug#2193)

 * gpg: Fix regression of "bkuptocard" sub-command in --edit-key and
   remove "checkbkupkey" sub-command introduced with 2.1.  (bug#2169)

 * gpg: Fix internal error in gpgv when using default keyid-format.

 * gpg: Fix --auto-key-retrieve to work with dirmngr.conf configured
   keyservers. (bug#2147).

 * agent: New option --pinentry-timeout.

 * scd: Improve unplugging of USB readers under Windows.

 * scd: Fix regression for generating RSA keys on card.

 * dirmmgr: All configured keyservers are now searched.

 * dirmngr: Install CA certificate for hkps.pool.sks-keyservers.net.
   Use this certiticate even if --hkp-cacert is not used.

 * gpgtar: Add actual encryption code.  gpgtar does now fully replace
   gpg-zip.

 * gpgtar: Fix filename encoding problem on Windows.

 * Print a warning if a GnuPG component is using an older version of
   gpg-agent, dirmngr, or scdaemon.

Log message:
Fix building on OS X

Log message:
Update to 2.1.10

Changelog:
Noteworthy changes in version 2.1.10 (2015-12-04)
-------------------------------------------------

 * gpg: New trust models "tofu" and "tofu+pgp".

 * gpg: New command --tofu-policy.  New options --tofu-default-policy
   and --tofu-db-format.

 * gpg: New option --weak-digest to specify hash algorithms which
   should be considered weak.

 * gpg: Allow the use of multiple --default-key options; take the last
   available key.

 * gpg: New option --encrypt-to-default-key.

 * gpg: New option --unwrap to only strip the encryption layer.

 * gpg: New option --only-sign-text-ids to exclude photo IDs from key
   signing.

 * gpg: Check for ambigious or non-matching key specification in the
   config file or given to --encrypt-to.

 * gpg: Show the used card reader with --card-status.

 * gpg: Print export statistics and an EXPORTED status line.

 * gpg: Allow selecting subkeys by keyid in --edit-key.

 * gpg: Allow updating the expiration time of multiple subkeys at
   once.

 * dirmngr: New option --use-tor.  For full support this requires
   libassuan version 2.4.2 and a patched version of libadns
   (e.g. adns-1.4-g10-7 as used by the standard Windows installer).

 * dirmngr: New option --nameserver to specify the nameserver used in
   Tor mode.

 * dirmngr: Keyservers may again be specified by IP address.

 * dirmngr: Fixed problems in resolving keyserver pools.

 * dirmngr: Fixed handling of premature termination of TLS streams so
   that large numbers of keys can be refreshed via hkps.

 * gpg: Fixed a regression in --locate-key [since 2.1.9].

 * gpg: Fixed another bug for keyrings with legacy keys.

 * gpgsm: Allow combinations of usage flags in --gen-key.

 * Make tilde expansion work with most options.

 * Many other cleanups and bug fixes.

Log message:
Update to gnupg-2.1.9.

gnupg-2.1.9:
 * gpg: Allow fetching keys via OpenPGP DANE (--auto-key-locate).  New
   option --print-dane-records.
 * gpg: Fix for a problem with PGP-2 keys in a keyring.
 * gpg: Fail with an error instead of a warning if a modern cipher
   algorithm is used without a MDC.
 * agent: New option --pinentry-invisible-char.
 * agent: Always do a RSA signature verification after creation.
 * agent: Fix a regression in ssh-add-ing Ed25519 keys.
 * agent: Fix ssh fingerprint computation for nistp384 and EdDSA.
 * agent: Fix crash during passprase entry on some platforms.
 * scd: Change timeout to fix problems with some 2.1 cards.
 * dirmngr: Displayed name is now Key Acquirer.
 * dirmngr: Add option --keyserver.  Deprecate that option for gpg.
   Install a dirmngr.conf file from a skeleton for new installations.

gnupg-2.1.8:
 * gpg: Sending very large keys to the keyservers works again.
 * gpg: Validity strings in key listings are now again translatable.
 * gpg: Emit FAILURE status lines to help GPGME.
 * gpg: Does not anymore link to Libksba to reduce dependencies.
 * gpgsm: Export of secret keys via Assuan is now possible.
 * agent: Raise the maximum passphrase length from 100 to 255 bytes.
 * agent: Fix regression using EdDSA keys with ssh.
 * Does not anymore use a build timestamp by default.
 * The fallback encoding for broken locale settings changed
   from Latin-1 to UTF-8.
 * Many code cleanups and improved internal documentation.
 * Various minor bug fixes.

gnupg-2.1.7:
 * gpg: Support encryption with Curve25519 if Libgcrypt 1.7 is used.
 * gpg: In the --edit-key menu: Removed the need for "toggle", changed
   how secret keys are indicated, new commands "fpr *" and \ 
"grip".
 * gpg: More fixes related to legacy keys in a keyring.
 * gpgv: Does now also work with a "trustedkeys.kbx" file.
 * scd: Support some feature from the OpenPGP card 3.0 specs.
 * scd: Improved ECC support
 * agent: New option --force for the DELETE_KEY command.
 * w32: Look for the Pinentry at more places.
 * Dropped deprecated gpgsm-gencert.sh
 * Various other bug fixes.

Log message:
Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.

Log message:
Add options.mk to properly select, detect and link in LDAP support.
Bump PKGREVISION as this removes dirmngr_ldap from default PLIST.