./security/gnupg2, GnuPG with OpenPGP and S/MIME capabilities

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.2.19nb1, Package name: gnupg2-2.2.19nb1, Maintainer: ada

GnuPG 2.2 provides several utilities that are used by mail clients,
such as Kmail and Balsa, including OpenPGP and S/MIME support. GnuPG
2.2 has a different architecture than GnuPG 1.4 in that it splits up
functionality into several modules. However, both versions may be
installed alongside without any conflict. The advantage of GnuPG-1 is
its smaller size and the lack of dependency on other modules at run
and build time.

Required to run:
[security/libgpg-error] [security/gnutls] [security/libksba] [security/libgcrypt] [security/pinentry] [devel/readline] [security/libassuan2] [devel/libusb1] [devel/npth]

Required to build:

Package options: bzip2, gnutls, libusb-1, zlib

Master sites:

SHA1: e24a1208ffe69d7436b2f27e99542a85f34d0ac0
RMD160: 9456b4162762e9091b3ce11e9a32494084f6dfae
Filesize: 6596.652 KB

Version history: (Expand)

CVS history: (Expand)

   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2019-12-09 19:44:52 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
gnupg2: updated to 2.2.19

Noteworthy changes in version 2.2.19:

* gpg: Fix double free when decrypting for hidden recipients.
  Regression in 2.2.18.

* gpg: Use auto-key-locate for encryption even for mail addressed
  given with angle brackets.

* gpgsm: Add special case for certain expired intermediate
   2019-11-27 13:17:08 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 2.2.18

Noteworthy changes in version 2.2.18 (2019-11-25)

  * gpg: Changed the way keys are detected on a smartcards; this
    allows the use of non-OpenPGP cards.  In the case of a not very
    likely regression the new option --use-only-openpgp-card is
    available.  [#4681]

  * gpg: The commands --full-gen-key and --quick-gen-key now allow
    direct key generation from supported cards.  [#4681]

  * gpg: Prepare against chosen-prefix SHA-1 collisions in key
    signatures.  This change removes all SHA-1 based key signature
    newer than 2019-01-19 from the web-of-trust.  Note that this
    includes all key signature created with dsa1024 keys.  The new
    option --allow-weak-key-signatues can be used to override the new
    and safer behaviour.  [#4755,CVE-2019-14855]

  * gpg: Improve performance for import of large keyblocks.  [#4592]

  * gpg: Implement a keybox compression run.  [#4644]

  * gpg: Show warnings from dirmngr about redirect and certificate
    problems (details require --verbose as usual).

  * gpg: Allow to pass the empty string for the passphrase if the
    '--passphase=' syntax is used.  [#4633]

  * gpg: Fix printing of the KDF object attributes.

  * gpg: Avoid surprises with --locate-external-key and certain
    --auto-key-locate settings.  [#4662]

  * gpg: Improve selection of best matching key.  [#4713]

  * gpg: Delete key binding signature when deletring a subkey.

  * gpg: Fix a potential loss of key sigantures during import with
    self-sigs-only active.  [#4628]

  * gpg: Silence "marked as ultimately trusted" diagnostics if
    option --quiet is used.  [#4634]

  * gpg: Silence some diagnostics during in key listsing even with
    option --verbose.  [#4627]

  * gpg, gpgsm: Change parsing of agent's pkdecrypt results.  [#4652]

  * gpgsm: Support AES-256 keys.

  * gpgsm: Fix a bug in triggering a keybox compression run if
    --faked-system-time is used.

  * dirmngr: System CA certificates are no longer used for the SKS
    pool if GNUTLS instead of NTBTLS is used as TLS library.  [#4594]

  * dirmngr: On Windows detect usability of IPv4 and IPv6 interfaces
    to avoid long timeouts.  [#4165]

  * scd: Fix BWI value for APDU level transfers to make Gemalto Ezio
    Shield and Trustica Cryptoucan work.  [#4654,#4566]

  * wkd: gpg-wks-client --install-key now installs the required policy
   2019-07-21 00:46:59 by Thomas Klausner | Files touched by this commit (595)
Log message:
*: recursive bump for nettle 3.5.1
   2019-07-10 11:28:24 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
gnupg2: updated to 2.2.17

Noteworthy changes in version 2.2.17:
* gpg: Ignore all key-signatures received from keyservers.  This
  change is required to mitigate a DoS due to keys flooded with
  faked key-signatures.  The old behaviour can be achieved by adding
    keyserver-options no-self-sigs-only,no-import-clean
  to your gpg.conf.
* gpg: If an imported keyblocks is too large to be stored in the
  keybox (pubring.kbx) do not error out but fallback to an import
  using the options "self-sigs-only,import-clean".
* gpg: New command --locate-external-key which can be used to
  refresh keys from the Web Key Directory or via other methods
  configured with --auto-key-locate.
* gpg: New import option "self-sigs-only".
* gpg: In --auto-key-retrieve prefer WKD over keyservers.
* dirmngr: Support the "openpgpkey" subdomain feature from
* dirmngr: Add an exception for the "openpgpkey" subdomain to the
  CSRF protection.
* dirmngr: Fix endless loop due to http errors 503 and 504.
* dirmngr: Fix TLS bug during redirection of HKP requests.
* gpgconf: Fix a race condition when killing components.
   2019-06-02 11:29:09 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
gnupg2: updated to 2.2.16

Noteworthy changes in version 2.2.16:
* gpg,gpgsm: Fix deadlock on Windows due to a keybox sharing
* gpg: Allow deletion of subkeys with --delete-key.  This finally
  makes the bang-suffix work as expected for that command.
* gpg: Replace SHA-1 by SHA-256 in self-signatures when updating
  them with --quick-set-expire or --quick-set-primary-uid.
* gpg: Improve the photo image viewer selection.
* gpg: Fix decryption with --use-embedded-filename.
* gpg: Remove hints on using the --keyserver option.
* gpg: Fix export of certain secret keys with comments.
* gpg: Reject too long user-ids in --quick-gen-key.
* gpg: Fix a double free in the best key selection code.
* gpg: Fix the key generation dialog for switching back from EdDSA
  to ECDSA.
* gpg: Use AES-192 with SHA-384 to comply with RFC-6637.
* gpg: Use only the addrspec from the Signer's UID subpacket to
  mitigate a problem with another implementation.
* gpg: Skip invalid packets during a keyring listing and sync
  diagnostics with the output.
* gpgsm: Avoid confusing diagnostic when signing with the default
* agent: Do not delete any secret key in --dry-run mode.
* agent: Fix failures on 64 bit big-endian boxes related to URIs in
  a keyfile.
* agent: Stop scdaemon after a reload with disable-scdaemon newly
* dirmngr: Improve caching algorithm for WKD domains.
* dirmngr: Support other hash algorithms than SHA-1 for OCSP.
* gpgconf: Make --homedir work for --launch.
* gpgconf: Before --launch check for a valid config file.
* wkd: Do not import more than 5 keys from one WKD address.
* wkd: Accept keys which are stored in armored format in the
* The installer for Windows now comes with signed binaries.
   2019-04-03 02:33:20 by Ryo ONODERA | Files touched by this commit (748)
Log message:
Recursive revbump from textproc/icu
   2019-04-01 10:30:04 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
gnupg2: updated to 2.2.15

Noteworthy changes in version 2.2.15:
* sm: Fix --logger-fd and --status-fd on Windows for non-standard
  file descriptors.
* sm: Allow decryption even if expired keys are configured.
* agent: Change command KEYINFO to print ssh fingerprints with other
  hash algos.
* dirmngr: Fix build problems on Solaris due to the use of reserved
  symbol names.
* wkd: New commands --print-wkd-hash and --print-wkd-url for