svn commit: r547501 - in branches/2020Q3/security/gnupg: . files
Adam Weinberger
adamw at FreeBSD.org
Fri Sep 4 02:20:43 UTC 2020
Author: adamw
Date: Fri Sep 4 02:20:42 2020
New Revision: 547501
URL: https://svnweb.freebsd.org/changeset/ports/547501
Log:
MFH: r541749 r546681 r547499
Approved by: portmgr (with hat)
gnupg: Update to 2.2.21
* gpg: Improve symmetric decryption speed by about 25%.
See commit 144b95cc9d.
* gpg: Support decryption of AEAD encrypted data packets.
* gpg: Add option --no-include-key-block. [#4856]
* gpg: Allow for extra padding in ECDH. [#4908]
* gpg: Only a single pinentry is shown for symmetric encryption if
the pinentry supports this. [#4971]
* gpg: Print a note if no keys are given to --delete-key. [#4959]
* gpg,gpgsm: The ridiculous passphrase quality bar is not anymore
shown. [#2103]
* gpgsm: Certificates without a CRL distribution point are now
considered valid without looking up a CRL. The new option
--enable-issuer-based-crl-check can be used to revert to the
former behaviour.
* gpgsm: Support rsaPSS signature verification. [#4538]
* gpgsm: Unless CRL checking is disabled lookup a missing issuer
certificate using the certificate's authorityInfoAccess. [#4898]
* gpgsm: Print the certificate's serial number also in decimal
notation.
* gpgsm: Fix possible NULL-deref in messages of --gen-key. [#4895]
* scd: Support the CardOS 5 based D-Trust Card 3.1.
* dirmngr: Allow http URLs with "LOOKUP --url".
* wkd: Take name of sendmail from configure. Fixes an OpenBSD
specific bug. [#4886]
Release-info: https://dev.gnupg.org/T4897
security/gnupg: Update to 2.2.22
Also, sort plist. The new gpgsplit binary is getting installed as
gpgsplit2 to avoid a conflict with security/gnupg1.
Noteworthy changes in version 2.2.22
====================================
* gpg: Change the default key algorithm to rsa3072.
* gpg: Add regular expression support for Trust Signatures on all
platforms. [#4843]
* gpg: Fix regression in 2.2.21 with non-default --passphrase-repeat
option. [#4991]
* gpg: Ignore --personal-digest-prefs for ECDSA keys. [#5021]
* gpgsm: Make rsaPSS a de-vs compliant scheme.
* gpgsm: Show also the SHA256 fingerprint in key listings.
* gpgsm: Do not require a default keyring for --gpgconf-list. [#4867]
* gpg-agent: Default to extended key format and record the creation
time of keys. Add new option --disable-extended-key-format.
* gpg-agent: Support the WAYLAND_DISPLAY envvar. [#5016]
* gpg-agent: Allow using --gpgconf-list even if HOME does not
exist. [#4866]
* gpg-agent: Make the Pinentry work even if the envvar TERM is set
to the empty string. [#4137]
* scdaemon: Add a workaround for Gnuk tokens <= 2.15 which wrongly
incremented the error counter when using the "verify" command of
"gpg --edit-key" with only the signature key being present.
* dirmngr: Better handle systems with disabled IPv6. [#4977]
* gpgpslit: Install tool. It was not installed in the past to avoid
conflicts with the version installed by GnuPG 1.4. [#5023]
(We're installing it as gpgsplit2 to avoid conflict with security/gnupg1)
* gpgtar: Handle Unicode file names on Windows correctly (requires
libgpg-error 1.39). [#4083]
* gpgtar: Make --files-from and --null work as documented. [#5027]
* Build the Windows installer with the new Ntbtls 0.2.0 so that TLS
connections succeed for servers demanding GCM.
Release-info: https://dev.gnupg.org/T5030
security/gnupg: Update to 2.2.23
Importing an OpenPGP key having a preference list for AEAD algorithms
will lead to an array overflow and thus often to a crash or other
undefined behaviour.
Importing an arbitrary key can often easily be triggered by an attacker
and thus triggering this bug. Exploiting the bug aside from crashes is
not trivial but likely possible for a dedicated attacker. The major
hurdle for an attacker is that only every second byte is under their
control with every first byte having a fixed value of 0x04.
Software distribution verification should not be affected by this bug
because such a system uses a curated list of keys.
Security: CVE-2020-25125
Added:
branches/2020Q3/security/gnupg/files/patch-doc_Makefile.in
- copied unchanged from r541749, head/security/gnupg/files/patch-doc_Makefile.in
Modified:
branches/2020Q3/security/gnupg/Makefile
branches/2020Q3/security/gnupg/distinfo
branches/2020Q3/security/gnupg/pkg-plist
Directory Properties:
branches/2020Q3/ (props changed)
Modified: branches/2020Q3/security/gnupg/Makefile
==============================================================================
--- branches/2020Q3/security/gnupg/Makefile Fri Sep 4 02:13:17 2020 (r547500)
+++ branches/2020Q3/security/gnupg/Makefile Fri Sep 4 02:20:42 2020 (r547501)
@@ -1,7 +1,7 @@
# $FreeBSD$
PORTNAME= gnupg
-PORTVERSION= 2.2.20
+PORTVERSION= 2.2.23
CATEGORIES= security
MASTER_SITES= GNUPG
@@ -31,6 +31,7 @@ CONFIGURE_ARGS= --disable-ntbtls --enable-gpg-is-gpg2
GNU_CONFIGURE= yes
INFO= gnupg
TEST_TARGET= check
+TEST_ARGS= TESTARGS=--parallel
SUB_FILES= pkg-message
@@ -66,6 +67,7 @@ pre-build:
@${TOUCH} ${WRKSRC}/doc/*.texi
post-install:
- @${MV} ${STAGEDIR}${DATADIR}/help*.txt ${STAGEDIR}${DOCSDIR}
+ ${MV} ${STAGEDIR}${PREFIX}/bin/gpgsplit ${STAGEDIR}${PREFIX}/bin/gpgsplit2
+ ${MV} ${STAGEDIR}${DATADIR}/help*.txt ${STAGEDIR}${DOCSDIR}
.include <bsd.port.mk>
Modified: branches/2020Q3/security/gnupg/distinfo
==============================================================================
--- branches/2020Q3/security/gnupg/distinfo Fri Sep 4 02:13:17 2020 (r547500)
+++ branches/2020Q3/security/gnupg/distinfo Fri Sep 4 02:20:42 2020 (r547501)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1584729314
-SHA256 (gnupg-2.2.20.tar.bz2) = 04a7c9d48b74c399168ee8270e548588ddbe52218c337703d7f06373d326ca30
-SIZE (gnupg-2.2.20.tar.bz2) = 6786913
+TIMESTAMP = 1599184354
+SHA256 (gnupg-2.2.23.tar.bz2) = 10b55e49d78b3e49f1edb58d7541ecbdad92ddaeeb885b6f486ed23d1cd1da5c
+SIZE (gnupg-2.2.23.tar.bz2) = 7099806
Copied: branches/2020Q3/security/gnupg/files/patch-doc_Makefile.in (from r541749, head/security/gnupg/files/patch-doc_Makefile.in)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2020Q3/security/gnupg/files/patch-doc_Makefile.in Fri Sep 4 02:20:42 2020 (r547501, copy of r541749, head/security/gnupg/files/patch-doc_Makefile.in)
@@ -0,0 +1,16 @@
+This works around a breakage introduced in 2.2.21.
+Hopefully the patch can be removed for 2.2.22.
+
+--- doc/Makefile.in.orig 2020-07-09 13:22:35 UTC
++++ doc/Makefile.in
+@@ -1235,8 +1235,8 @@ defsincdate: $(gnupg_TEXINFOS)
+ if test -e $(top_srcdir)/.git; then \
+ (cd $(srcdir) && git log -1 --format='%ct' \
+ -- $(gnupg_TEXINFOS) 2>/dev/null) >>defsincdate; \
+- elif test x"$SOURCE_DATE_EPOCH" != x; then \
+- echo "$SOURCE_DATE_EPOCH" >>defsincdate ; \
++ elif test x"$$SOURCE_DATE_EPOCH" != x; then \
++ echo "$$SOURCE_DATE_EPOCH" >>defsincdate ; \
+ fi
+
+ defs.inc : defsincdate Makefile mkdefsinc
Modified: branches/2020Q3/security/gnupg/pkg-plist
==============================================================================
--- branches/2020Q3/security/gnupg/pkg-plist Fri Sep 4 02:13:17 2020 (r547500)
+++ branches/2020Q3/security/gnupg/pkg-plist Fri Sep 4 02:20:42 2020 (r547501)
@@ -1,17 +1,18 @@
bin/dirmngr
bin/dirmngr-client
-bin/gpg-connect-agent
bin/gpg-agent
-bin/gpgscm
-bin/gpgsm
-bin/gpgtar
+bin/gpg-connect-agent
%%WKS_SERVER%%bin/gpg-wks-server
-bin/kbxutil
%%SUID_GPG%%@(,,4555) bin/gpg2
%%NO_SUID_GPG%%bin/gpg2
bin/gpgconf
bin/gpgparsemail
+bin/gpgscm
+bin/gpgsm
+bin/gpgsplit2
+bin/gpgtar
bin/gpgv2
+bin/kbxutil
bin/symcryptrun
bin/watchgnupg
%%LDAP%%libexec/dirmngr_ldap
More information about the svn-ports-all
mailing list