Log message:
Update to gnupg-1.4.9
Addresses a recent security issue that only impacts 1.4.8 and 2.0.8
* Improved AES encryption performance by more than 20% (on ia32).
  Decryption is also a bit faster.
* Fixed possible memory corruption bug in 1.4.8 while importing
  OpenPGP keys.

Log message:
Update to 1.4.8:

Noteworthy changes in version 1.4.8 (2007-12-20)
------------------------------------------------

             *******************************************
             * A decade of GnuPG: g10-0.0.0.tar.gz was *
             *      released exactly 10 years ago.     *
             *******************************************

    * Changed the license to GPLv3.

    * Improved detection of keyrings specified multiple times.

    * Changes to better cope with broken keyservers.

    * Minor bug fixes.

    * The new OpenPGP standard is now complete, and has been published
      as RFC-4880.  The GnuPG --openpgp mode (note this is not the
      default) has been updated to match the new standard.  The
      --rfc2440 option can be used to return to the older RFC-2440
      behavior.  The main differences between the two are
      "--enable-dsa2 --no-rfc2440-text --escape-from-lines
      --require-cross-certification".

    * By default (i.e. --gnupg mode), --require-cross-certification is
      now on.  --rfc2440-text and --force-v3-sigs are now off.

    * Allow encryption using legacy Elgamal sign+encrypt keys if
      option --rfc2440 is used.

    * Fixed the auto creation of the key stub for smartcards.

    * Fixed a rare bug in decryption using the OpenPGP card.

    * Fix RFC-4880 typo in the SHA-224 hash prefix.  Old SHA-224
      signatures will continue to work.

Log message:
Renamed the deprecated LICENCE to LICENSE, which has the exactly same
meaning.

Log message:
update to 1.4.7, from Christian Gall per PR pkg/35940
This fixes a security problem which is rather an application issue:
The user wasn't notified about additional text (not covered by the
signature) unless the --status-fd flag is used.

Log message:
Whitespace cleanup, courtesy of pkglint.
Patch provided by Sergey Svishchev in private mail.

Log message:
pkglint cleanup; update HOMEPAGE/MASTER_SITES.

Log message:
Update to 1.4.6:

Noteworthy changes in version 1.4.6 (2006-12-06)
------------------------------------------------

    * Fixed a serious and exploitable bug in processing encrypted
      packages. [CVE-2006-6235].

    * Fixed a buffer overflow in gpg. [bug#728, CVE-2006-6169]
	(already fixed in pkgsrc)

    * Fixed a bug while decrypting certain compressed and encrypted
      messages. [bug#537]

    * Added --s2k-count to set the number of times passphrase mangling
      is repeated.  The default is 65536 times.

    * Added --passphrase-repeat to set the number of times GPG will
      prompt for a new passphrase to be repeated.  This is useful to
      help memorize a new passphrase.  The default is 1 repetition.

    * Added a GPL license exception to the keyserver helper programs
      gpgkeys_ldap, gpgkeys_curl, and gpgkeys_hkp, to clarify any
      potential questions about the ability to distribute binaries
      that link to the OpenSSL library.  GnuPG does not link directly
      to OpenSSL, but libcurl (used for HKP, HTTP, and FTP) and
      OpenLDAP (used for LDAP) may.  Note that this license exception
      is considered a bug fix and is intended to forgive any
      violations pertaining to this issue, including those that may
      have occurred in the past.

    * Man pages are now build from the same source as those of GnuPG-2.

Log message:
Add the same patch as security/gnupg2 package to fix a buffer overflow.

While fixing a bug reported by Hugh Warrington, a buffer overflow has
been identified in all released GnuPG versions.  The current versions
1.4.5 and 2.0.0 are affected.  A small patch is provided.
...

2006-11-27  Werner Koch  <wk@g10code.com>

	* openfile.c (ask_outfile_name): Fixed buffer overflow occurring
	if make_printable_string returns a longer string.  Fixes bug 728.

Bump PKGREVISION.

Log message:
DESTDIR support.

Log message:
Add an HTTP download location too, as a fallback for when FTP downloads are awkward.