SECURITY: gnupg2
Hi, tj@ has just made me aware of: https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html Here's a diff to update to the fixed version. I've not tested it in a bulk, but all tests pass. tj@ also suggested that I take MAINTAINER since pea@ doesn't seem to be around. I don't mind taking it for a while. OK? Index: Makefile === RCS file: /cvs/ports/security/gnupg2/Makefile,v retrieving revision 1.69 diff -u -p -r1.69 Makefile --- Makefile25 Aug 2020 18:20:17 - 1.69 +++ Makefile3 Sep 2020 17:30:04 - @@ -2,7 +2,7 @@ COMMENT = GNU privacy guard - a free PGP replacement -DISTNAME = gnupg-2.2.21 +DISTNAME = gnupg-2.2.23 CATEGORIES = security # don't mix up dependencies with gnupg1 @@ -12,7 +12,7 @@ MASTER_SITES =${MASTER_SITE_GNUPG:=gnup HOMEPAGE = https://www.gnupg.org/ -MAINTAINER = Pierre-Emmanuel Andre +MAINTAINER = Edd Barrett # GPLv3+ PERMIT_PACKAGE = Yes Index: distinfo === RCS file: /cvs/ports/security/gnupg2/distinfo,v retrieving revision 1.33 diff -u -p -r1.33 distinfo --- distinfo25 Aug 2020 18:20:17 - 1.33 +++ distinfo3 Sep 2020 17:18:29 - @@ -1,2 +1,2 @@ -SHA256 (gnupg-2.2.21.tar.bz2) = YegyePtfpzNmWKi3OrJvN51BJ1uxx8bmlN2fmm6Oduw= -SIZE (gnupg-2.2.21.tar.bz2) = 6813160 +SHA256 (gnupg-2.2.23.tar.bz2) = ELVeSdeLPknx7bWNdUHsva2S3a7riFtvSG7SPRzR2lw= +SIZE (gnupg-2.2.23.tar.bz2) = 7099806 Index: patches/patch-doc_Makefile_in === RCS file: /cvs/ports/security/gnupg2/patches/patch-doc_Makefile_in,v retrieving revision 1.3 diff -u -p -r1.3 patch-doc_Makefile_in --- patches/patch-doc_Makefile_in 5 Jul 2020 10:10:38 - 1.3 +++ patches/patch-doc_Makefile_in 3 Sep 2020 17:18:49 - @@ -3,7 +3,7 @@ $OpenBSD: patch-doc_Makefile_in,v 1.3 20 Index: doc/Makefile.in --- doc/Makefile.in.orig +++ doc/Makefile.in -@@ -474,14 +474,6 @@ libcommontls = ../common/libcommontls.a +@@ -476,14 +476,6 @@ libcommontls = ../common/libcommontls.a libcommontlsnpth = ../common/libcommontlsnpth.a examples = examples/README examples/scd-event examples/trustlist.txt \ examples/vsnfd.prf examples/debug.prf\ Index: pkg/PLIST === RCS file: /cvs/ports/security/gnupg2/pkg/PLIST,v retrieving revision 1.20 diff -u -p -r1.20 PLIST --- pkg/PLIST 4 Sep 2018 12:46:21 - 1.20 +++ pkg/PLIST 3 Sep 2020 17:21:29 - @@ -12,6 +12,7 @@ @bin bin/gpgparsemail @bin bin/gpgscm @bin bin/gpgsm +@bin bin/gpgsplit @bin bin/gpgtar @bin bin/gpgv2 @bin bin/kbxutil -- Best Regards Edd Barrett http://www.theunixzoo.co.uk
Re: SECURITY: gnupg2
On Thu, Sep 03, 2020 at 06:32:28PM +0100, Edd Barrett wrote: > Hi, > > tj@ has just made me aware of: > https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html > > Here's a diff to update to the fixed version. > > I've not tested it in a bulk, but all tests pass. > > tj@ also suggested that I take MAINTAINER since pea@ doesn't seem to be > around. I don't mind taking it for a while. > > OK? > Yes ok pea@ (you can take maintainership too) > > Index: Makefile > === > RCS file: /cvs/ports/security/gnupg2/Makefile,v > retrieving revision 1.69 > diff -u -p -r1.69 Makefile > --- Makefile 25 Aug 2020 18:20:17 - 1.69 > +++ Makefile 3 Sep 2020 17:30:04 - > @@ -2,7 +2,7 @@ > > COMMENT =GNU privacy guard - a free PGP replacement > > -DISTNAME = gnupg-2.2.21 > +DISTNAME = gnupg-2.2.23 > CATEGORIES = security > > # don't mix up dependencies with gnupg1 > @@ -12,7 +12,7 @@ MASTER_SITES = ${MASTER_SITE_GNUPG:=gnup > > HOMEPAGE = https://www.gnupg.org/ > > -MAINTAINER = Pierre-Emmanuel Andre > +MAINTAINER = Edd Barrett > > # GPLv3+ > PERMIT_PACKAGE = Yes > Index: distinfo > === > RCS file: /cvs/ports/security/gnupg2/distinfo,v > retrieving revision 1.33 > diff -u -p -r1.33 distinfo > --- distinfo 25 Aug 2020 18:20:17 - 1.33 > +++ distinfo 3 Sep 2020 17:18:29 - > @@ -1,2 +1,2 @@ > -SHA256 (gnupg-2.2.21.tar.bz2) = YegyePtfpzNmWKi3OrJvN51BJ1uxx8bmlN2fmm6Oduw= > -SIZE (gnupg-2.2.21.tar.bz2) = 6813160 > +SHA256 (gnupg-2.2.23.tar.bz2) = ELVeSdeLPknx7bWNdUHsva2S3a7riFtvSG7SPRzR2lw= > +SIZE (gnupg-2.2.23.tar.bz2) = 7099806 > Index: patches/patch-doc_Makefile_in > === > RCS file: /cvs/ports/security/gnupg2/patches/patch-doc_Makefile_in,v > retrieving revision 1.3 > diff -u -p -r1.3 patch-doc_Makefile_in > --- patches/patch-doc_Makefile_in 5 Jul 2020 10:10:38 - 1.3 > +++ patches/patch-doc_Makefile_in 3 Sep 2020 17:18:49 - > @@ -3,7 +3,7 @@ $OpenBSD: patch-doc_Makefile_in,v 1.3 20 > Index: doc/Makefile.in > --- doc/Makefile.in.orig > +++ doc/Makefile.in > -@@ -474,14 +474,6 @@ libcommontls = ../common/libcommontls.a > +@@ -476,14 +476,6 @@ libcommontls = ../common/libcommontls.a > libcommontlsnpth = ../common/libcommontlsnpth.a > examples = examples/README examples/scd-event examples/trustlist.txt > \ > examples/vsnfd.prf examples/debug.prf\ > Index: pkg/PLIST > === > RCS file: /cvs/ports/security/gnupg2/pkg/PLIST,v > retrieving revision 1.20 > diff -u -p -r1.20 PLIST > --- pkg/PLIST 4 Sep 2018 12:46:21 - 1.20 > +++ pkg/PLIST 3 Sep 2020 17:21:29 - > @@ -12,6 +12,7 @@ > @bin bin/gpgparsemail > @bin bin/gpgscm > @bin bin/gpgsm > +@bin bin/gpgsplit > @bin bin/gpgtar > @bin bin/gpgv2 > @bin bin/kbxutil > > > -- > Best Regards > Edd Barrett > > http://www.theunixzoo.co.uk
Re: SECURITY: gnupg2
On Thu, Sep 03, 2020 at 06:32:28PM +0100, Edd Barrett wrote: > Hi, > > tj@ has just made me aware of: > https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html > > Here's a diff to update to the fixed version. > > I've not tested it in a bulk, but all tests pass. > > tj@ also suggested that I take MAINTAINER since pea@ doesn't seem to be > around. I don't mind taking it for a while. > > OK? > > > Index: Makefile > === > RCS file: /cvs/ports/security/gnupg2/Makefile,v > retrieving revision 1.69 > diff -u -p -r1.69 Makefile > --- Makefile 25 Aug 2020 18:20:17 - 1.69 > +++ Makefile 3 Sep 2020 17:30:04 - > @@ -2,7 +2,7 @@ > > COMMENT =GNU privacy guard - a free PGP replacement > > -DISTNAME = gnupg-2.2.21 > +DISTNAME = gnupg-2.2.23 > CATEGORIES = security > > # don't mix up dependencies with gnupg1 > @@ -12,7 +12,7 @@ MASTER_SITES = ${MASTER_SITE_GNUPG:=gnup > > HOMEPAGE = https://www.gnupg.org/ > > -MAINTAINER = Pierre-Emmanuel Andre > +MAINTAINER = Edd Barrett > > # GPLv3+ > PERMIT_PACKAGE = Yes > Index: distinfo > === > RCS file: /cvs/ports/security/gnupg2/distinfo,v > retrieving revision 1.33 > diff -u -p -r1.33 distinfo > --- distinfo 25 Aug 2020 18:20:17 - 1.33 > +++ distinfo 3 Sep 2020 17:18:29 - > @@ -1,2 +1,2 @@ > -SHA256 (gnupg-2.2.21.tar.bz2) = YegyePtfpzNmWKi3OrJvN51BJ1uxx8bmlN2fmm6Oduw= > -SIZE (gnupg-2.2.21.tar.bz2) = 6813160 > +SHA256 (gnupg-2.2.23.tar.bz2) = ELVeSdeLPknx7bWNdUHsva2S3a7riFtvSG7SPRzR2lw= > +SIZE (gnupg-2.2.23.tar.bz2) = 7099806 > Index: patches/patch-doc_Makefile_in > === > RCS file: /cvs/ports/security/gnupg2/patches/patch-doc_Makefile_in,v > retrieving revision 1.3 > diff -u -p -r1.3 patch-doc_Makefile_in > --- patches/patch-doc_Makefile_in 5 Jul 2020 10:10:38 - 1.3 > +++ patches/patch-doc_Makefile_in 3 Sep 2020 17:18:49 - > @@ -3,7 +3,7 @@ $OpenBSD: patch-doc_Makefile_in,v 1.3 20 > Index: doc/Makefile.in > --- doc/Makefile.in.orig > +++ doc/Makefile.in > -@@ -474,14 +474,6 @@ libcommontls = ../common/libcommontls.a > +@@ -476,14 +476,6 @@ libcommontls = ../common/libcommontls.a > libcommontlsnpth = ../common/libcommontlsnpth.a > examples = examples/README examples/scd-event examples/trustlist.txt > \ > examples/vsnfd.prf examples/debug.prf\ > Index: pkg/PLIST > === > RCS file: /cvs/ports/security/gnupg2/pkg/PLIST,v > retrieving revision 1.20 > diff -u -p -r1.20 PLIST > --- pkg/PLIST 4 Sep 2018 12:46:21 - 1.20 > +++ pkg/PLIST 3 Sep 2020 17:21:29 - > @@ -12,6 +12,7 @@ > @bin bin/gpgparsemail > @bin bin/gpgscm > @bin bin/gpgsm > +@bin bin/gpgsplit You introduced a conflict with security/gnupg... That's not good, these failed to build in my last bulk: security/py-gnupg www/ruby-capybara-webkit security/p5-PGP-Sign We should really get rid of gnupg1. -- Antoine
Re: SECURITY: gnupg2
On Sat, Sep 05, 2020 at 11:25:40AM +0200, Antoine Jacoutot wrote: > > +@bin bin/gpgsplit > > You introduced a conflict with security/gnupg... Ugh. Sorry. jca@ has a fix (rename to gpgsplit2 for now). > We should really get rid of gnupg1. Yes, I think I'm going to look at this more seriously. -- Best Regards Edd Barrett http://www.theunixzoo.co.uk
FIX: security/gnupg2
Hey, Finally found the thing that causes gpg2 to fail when talking to HKP keyserver pools. It's a memory management issue of course. Can someone review the fix (upstream have not confirmed my fix yet), and if it's good, OK? In short: ---8<--- hi->pool = xtryrealloc (reftbl, (refidx+1) * sizeof *reftbl); ... qsort (reftbl, refidx, sizeof *reftbl, sort_hostpool); /* BOOM! */ --->8--- Diff follows: Index: Makefile === RCS file: /home/edd/cvsync/ports/security/gnupg2/Makefile,v retrieving revision 1.39 diff -u -p -r1.39 Makefile --- Makefile11 Sep 2015 10:02:03 - 1.39 +++ Makefile29 Sep 2015 18:40:24 - @@ -4,6 +4,7 @@ COMMENT = GNU privacy guard - a free PGP DISTNAME = gnupg-2.1.8 CATEGORIES = security +REVISION = 0 MASTER_SITES = ${MASTER_SITES_GNUPG:=gnupg/} Index: patches/patch-dirmngr_ks-engine-hkp_c === RCS file: patches/patch-dirmngr_ks-engine-hkp_c diff -N patches/patch-dirmngr_ks-engine-hkp_c --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-dirmngr_ks-engine-hkp_c 29 Sep 2015 18:43:52 - @@ -0,0 +1,16 @@ +$OpenBSD$ + +Fix use of pointer which may have moved due to realloc(). +https://bugs.gnupg.org/gnupg/issue2107 + +--- dirmngr/ks-engine-hkp.c.orig Tue Sep 29 15:05:02 2015 dirmngr/ks-engine-hkp.cTue Sep 29 15:05:26 2015 +@@ -512,7 +512,7 @@ map_host (ctrl_t ctrl, const char *name, int force_res + xfree (reftbl); + return err; + } +- qsort (reftbl, refidx, sizeof *reftbl, sort_hostpool); ++ qsort (hi->pool, refidx, sizeof *reftbl, sort_hostpool); + } + else + xfree (reftbl); -- Best Regards Edd Barrett http://www.theunixzoo.co.uk
UPDATE: security/gnupg2
The latest gnupg2. Needs the libassuan and libksba updates I posted just now. I tried a few gpg-related operations and noticed no fallout. OK? Index: Makefile === RCS file: /home/edd/cvsync/ports/security/gnupg2/Makefile,v retrieving revision 1.42 diff -u -p -r1.42 Makefile --- Makefile29 Jun 2016 16:14:44 - 1.42 +++ Makefile3 Sep 2016 12:33:39 - @@ -2,9 +2,8 @@ COMMENT = GNU privacy guard - a free PGP replacement -DISTNAME = gnupg-2.1.9 +DISTNAME = gnupg-2.1.15 CATEGORIES = security -REVISION = 0 MASTER_SITES = ${MASTER_SITES_GNUPG:=gnupg/} @@ -16,8 +15,8 @@ MAINTAINER = Pierre-Emmanuel Andre =2.4.3 \ security/libgcrypt \ - security/libksba + security/libksba>=1.3.4 .if ${FLAVOR:Mldap} CONFIGURE_ARGS += --enable-ldap @@ -58,7 +57,6 @@ CONFIGURE_ARGS += docdir=${LOCALBASE}/s # Avoid conflict with gnupg-1.x post-install: - @mv ${PREFIX}/man/man1/gpg-zip.1 ${PREFIX}/man/man1/gpg2-zip.1 @mv ${PREFIX}/man/man7/gnupg.7 ${PREFIX}/man/man7/gnupg2.7 .include Index: distinfo === RCS file: /home/edd/cvsync/ports/security/gnupg2/distinfo,v retrieving revision 1.18 diff -u -p -r1.18 distinfo --- distinfo20 Oct 2015 09:20:50 - 1.18 +++ distinfo3 Sep 2016 11:10:15 - @@ -1,2 +1,2 @@ -SHA256 (gnupg-2.1.9.tar.bz2) = HLdjOlcZC+tm+SSct0RmAyKbJz1NiTMbdcZS+kop97Y= -SIZE (gnupg-2.1.9.tar.bz2) = 4925167 +SHA256 (gnupg-2.1.15.tar.bz2) = wowaII8bitY722uI0lL2c0/00z3mtU44SUsR1J4A/90= +SIZE (gnupg-2.1.15.tar.bz2) = 5723689 Index: pkg/PLIST === RCS file: /home/edd/cvsync/ports/security/gnupg2/pkg/PLIST,v retrieving revision 1.14 diff -u -p -r1.14 PLIST --- pkg/PLIST 29 Jun 2016 16:14:44 - 1.14 +++ pkg/PLIST 3 Sep 2016 12:07:00 - @@ -4,13 +4,12 @@ @conflict gnupg->=2 @bin bin/dirmngr @bin bin/dirmngr-client -@bin bin/g13 @bin bin/gpg-agent @bin bin/gpg-connect-agent @bin bin/gpg2 @bin bin/gpgconf -@bin bin/gpgkey2ssh @bin bin/gpgparsemail +@bin bin/gpgscm @bin bin/gpgsm @bin bin/gpgtar @bin bin/gpgv2 @@ -25,7 +24,6 @@ @man man/man1/gpg-agent.1 @man man/man1/gpg-connect-agent.1 @man man/man1/gpg-preset-passphrase.1 -@man man/man1/gpg2-zip.1 @man man/man1/gpg2.1 @man man/man1/gpgconf.1 @man man/man1/gpgparsemail.1 @@ -57,7 +55,6 @@ share/doc/gnupg2/examples/scd-event share/doc/gnupg2/examples/trustlist.txt share/doc/pkg-readmes/${FULLPKGNAME} share/gnupg/ -share/gnupg/com-certs.pem share/gnupg/dirmngr-conf.skel share/gnupg/distsigkey.gpg share/gnupg/gpg-conf.skel @@ -89,7 +86,7 @@ share/gnupg/help.tr.txt share/gnupg/help.txt share/gnupg/help.zh_CN.txt share/gnupg/help.zh_TW.txt -share/gnupg/qualified.txt +share/gnupg/sks-keyservers.netCA.pem share/locale/ca/LC_MESSAGES/gnupg2.mo share/locale/cs/LC_MESSAGES/gnupg2.mo share/locale/da/LC_MESSAGES/gnupg2.mo -- Best Regards Edd Barrett http://www.theunixzoo.co.uk
update security/gnupg2
Simple update to GnuPG 2.0.20. Index: Makefile === RCS file: /home/pascal/cvs/ports/security/gnupg2/Makefile,v retrieving revision 1.25 diff -u -p -r1.25 Makefile --- Makefile12 Jul 2013 00:49:23 - 1.25 +++ Makefile18 Jul 2013 21:20:36 - @@ -2,8 +2,7 @@ COMMENT = gnu privacy guard - a free PGP replacement -DISTNAME = gnupg-2.0.19 -REVISION = 3 +DISTNAME = gnupg-2.0.20 CATEGORIES = security MASTER_SITES = ${MASTER_SITES_GNUPG:=gnupg/} Index: distinfo === RCS file: /home/pascal/cvs/ports/security/gnupg2/distinfo,v retrieving revision 1.6 diff -u -p -r1.6 distinfo --- distinfo8 Aug 2012 15:10:02 - 1.6 +++ distinfo18 Jul 2013 21:17:42 - @@ -1,2 +1,2 @@ -SHA256 (gnupg-2.0.19.tar.bz2) = 76I6ipJa21HH07cIwlttAAMA9c433pvexkU757QZxiI= -SIZE (gnupg-2.0.19.tar.bz2) = 4187460 +SHA256 (gnupg-2.0.20.tar.bz2) = bpSbfwYsq4o88JEPkezwTKuq1FjAru7GYphlG4sEt5o= +SIZE (gnupg-2.0.20.tar.bz2) = 4286191 Index: patches/patch-scd_Makefile_in === RCS file: /home/pascal/cvs/ports/security/gnupg2/patches/patch-scd_Makefile_in,v retrieving revision 1.4 diff -u -p -r1.4 patch-scd_Makefile_in --- patches/patch-scd_Makefile_in 10 Oct 2012 11:47:21 - 1.4 +++ patches/patch-scd_Makefile_in 18 Jul 2013 21:18:55 - @@ -4,9 +4,9 @@ Link gnupg-pcsc-wrapper with -lpthread: that a program dlopen()ing a library which uses pthread functions is itself linked with the thread library. scd/Makefile.in.orig Tue Mar 27 10:22:48 2012 -+++ scd/Makefile.inThu Sep 27 16:02:27 2012 -@@ -227,7 +227,7 @@ KSBA_CONFIG = @KSBA_CONFIG@ +--- scd/Makefile.in.orig Fri May 10 15:56:29 2013 scd/Makefile.inThu Jul 18 23:18:46 2013 +@@ -255,7 +255,7 @@ KSBA_CONFIG = @KSBA_CONFIG@ KSBA_LIBS = @KSBA_LIBS@ LDAPLIBS = @LDAPLIBS@ LDAP_CPPFLAGS = @LDAP_CPPFLAGS@ @@ -15,12 +15,12 @@ is itself linked with the thread library LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ -@@ -504,7 +504,7 @@ clean-libexecPROGRAMS: +@@ -500,7 +500,7 @@ clean-libexecPROGRAMS: -test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS) - gnupg-pcsc-wrapper$(EXEEXT): $(gnupg_pcsc_wrapper_OBJECTS) $(gnupg_pcsc_wrapper_DEPENDENCIES) + gnupg-pcsc-wrapper$(EXEEXT): $(gnupg_pcsc_wrapper_OBJECTS) $(gnupg_pcsc_wrapper_DEPENDENCIES) $(EXTRA_gnupg_pcsc_wrapper_DEPENDENCIES) @rm -f gnupg-pcsc-wrapper$(EXEEXT) - $(gnupg_pcsc_wrapper_LINK) $(gnupg_pcsc_wrapper_OBJECTS) $(gnupg_pcsc_wrapper_LDADD) $(LIBS) + $(gnupg_pcsc_wrapper_LINK) $(gnupg_pcsc_wrapper_OBJECTS) $(gnupg_pcsc_wrapper_LDADD) -lpthread $(LIBS) - scdaemon$(EXEEXT): $(scdaemon_OBJECTS) $(scdaemon_DEPENDENCIES) + scdaemon$(EXEEXT): $(scdaemon_OBJECTS) $(scdaemon_DEPENDENCIES) $(EXTRA_scdaemon_DEPENDENCIES) @rm -f scdaemon$(EXEEXT) $(LINK) $(scdaemon_OBJECTS) $(scdaemon_LDADD) $(LIBS) Index: pkg/PLIST === RCS file: /home/pascal/cvs/ports/security/gnupg2/pkg/PLIST,v retrieving revision 1.8 diff -u -p -r1.8 PLIST --- pkg/PLIST 8 Aug 2012 15:10:02 - 1.8 +++ pkg/PLIST 18 Jul 2013 21:25:54 - @@ -12,7 +12,6 @@ bin/gpgsm-gencert.sh @bin bin/gpgtar @bin bin/gpgv2 @bin bin/kbxutil -@bin bin/scdaemon @bin bin/watchgnupg @info info/gnupg.info @bin libexec/gnupg-pcsc-wrapper @@ -22,6 +21,7 @@ bin/gpgsm-gencert.sh @bin libexec/gpg2keys_curl @bin libexec/gpg2keys_finger @bin libexec/gpg2keys_hkp +@bin libexec/scdaemon @man man/man1/gpg-agent.1 @man man/man1/gpg-connect-agent.1 @man man/man1/gpg-preset-passphrase.1
security/gnupg2 poll
Hi, Just a little poll about security/gnupg2 and smartcard support: Now that pcsc-lite-1.8.x is working fine (dunno what, but something has been fixed in either rthreads or libusb1: thanks a lot to the usual suspects!), is it better to completely disable internal ccid support from gnupg2 and add a runtime dependency on pcsc-lite and ccid or to leave things as they currently are and tell the users to install pcsc-lite and ccid in order to use a card reader other than the SCM SCR335 USB SmartCard reader[1] (the only reader supported by gnupg2 without pcsc-lite)? Thoughts welcome... [1] http://www.scm-pc-card.de/picture/scr-335.jpg P.S.: I'll send the pcsc-lite-1.8.4 diff and the new port for ccid when I'll be @home ciao, David
Re: UPDATE: security/gnupg2
+Cc maintainer Edd Barrett writes: > The latest gnupg2. > > Needs the libassuan and libksba updates I posted just now. > > I tried a few gpg-related operations and noticed no fallout. > > OK? ok jca@. It looks like tests need PORTHOME=${WRKDIR}, though (one test fails here). -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: update security/gnupg2
On Thu, 18 Jul 2013 23:57:08 +0200, Pascal Stumpf wrote: > Simple update to GnuPG 2.0.20. 2.0.21: Index: Makefile === RCS file: /home/pascal/cvs/ports/security/gnupg2/Makefile,v retrieving revision 1.25 diff -u -p -r1.25 Makefile --- Makefile12 Jul 2013 00:49:23 - 1.25 +++ Makefile20 Aug 2013 17:43:23 - @@ -2,8 +2,7 @@ COMMENT = gnu privacy guard - a free PGP replacement -DISTNAME = gnupg-2.0.19 -REVISION = 3 +DISTNAME = gnupg-2.0.21 CATEGORIES = security MASTER_SITES = ${MASTER_SITES_GNUPG:=gnupg/} Index: distinfo === RCS file: /home/pascal/cvs/ports/security/gnupg2/distinfo,v retrieving revision 1.6 diff -u -p -r1.6 distinfo --- distinfo8 Aug 2012 15:10:02 - 1.6 +++ distinfo20 Aug 2013 17:17:43 - @@ -1,2 +1,2 @@ -SHA256 (gnupg-2.0.19.tar.bz2) = 76I6ipJa21HH07cIwlttAAMA9c433pvexkU757QZxiI= -SIZE (gnupg-2.0.19.tar.bz2) = 4187460 +SHA256 (gnupg-2.0.21.tar.bz2) = AN+JAsfO9NJEDTbKKkWYWFPrNsNKQWO8mVw1eAMO7vU= +SIZE (gnupg-2.0.21.tar.bz2) = 4300604 Index: patches/patch-scd_Makefile_in === RCS file: /home/pascal/cvs/ports/security/gnupg2/patches/patch-scd_Makefile_in,v retrieving revision 1.4 diff -u -p -r1.4 patch-scd_Makefile_in --- patches/patch-scd_Makefile_in 10 Oct 2012 11:47:21 - 1.4 +++ patches/patch-scd_Makefile_in 20 Aug 2013 17:44:34 - @@ -4,9 +4,9 @@ Link gnupg-pcsc-wrapper with -lpthread: that a program dlopen()ing a library which uses pthread functions is itself linked with the thread library. scd/Makefile.in.orig Tue Mar 27 10:22:48 2012 -+++ scd/Makefile.inThu Sep 27 16:02:27 2012 -@@ -227,7 +227,7 @@ KSBA_CONFIG = @KSBA_CONFIG@ +--- scd/Makefile.in.orig Fri May 10 15:56:29 2013 scd/Makefile.inThu Jul 18 23:18:46 2013 +@@ -255,7 +255,7 @@ KSBA_CONFIG = @KSBA_CONFIG@ KSBA_LIBS = @KSBA_LIBS@ LDAPLIBS = @LDAPLIBS@ LDAP_CPPFLAGS = @LDAP_CPPFLAGS@ @@ -15,12 +15,12 @@ is itself linked with the thread library LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ -@@ -504,7 +504,7 @@ clean-libexecPROGRAMS: +@@ -500,7 +500,7 @@ clean-libexecPROGRAMS: -test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS) - gnupg-pcsc-wrapper$(EXEEXT): $(gnupg_pcsc_wrapper_OBJECTS) $(gnupg_pcsc_wrapper_DEPENDENCIES) + gnupg-pcsc-wrapper$(EXEEXT): $(gnupg_pcsc_wrapper_OBJECTS) $(gnupg_pcsc_wrapper_DEPENDENCIES) $(EXTRA_gnupg_pcsc_wrapper_DEPENDENCIES) @rm -f gnupg-pcsc-wrapper$(EXEEXT) - $(gnupg_pcsc_wrapper_LINK) $(gnupg_pcsc_wrapper_OBJECTS) $(gnupg_pcsc_wrapper_LDADD) $(LIBS) + $(gnupg_pcsc_wrapper_LINK) $(gnupg_pcsc_wrapper_OBJECTS) $(gnupg_pcsc_wrapper_LDADD) -lpthread $(LIBS) - scdaemon$(EXEEXT): $(scdaemon_OBJECTS) $(scdaemon_DEPENDENCIES) + scdaemon$(EXEEXT): $(scdaemon_OBJECTS) $(scdaemon_DEPENDENCIES) $(EXTRA_scdaemon_DEPENDENCIES) @rm -f scdaemon$(EXEEXT) $(LINK) $(scdaemon_OBJECTS) $(scdaemon_LDADD) $(LIBS) Index: pkg/PLIST === RCS file: /home/pascal/cvs/ports/security/gnupg2/pkg/PLIST,v retrieving revision 1.8 diff -u -p -r1.8 PLIST --- pkg/PLIST 8 Aug 2012 15:10:02 - 1.8 +++ pkg/PLIST 18 Jul 2013 21:25:54 - @@ -12,7 +12,6 @@ bin/gpgsm-gencert.sh @bin bin/gpgtar @bin bin/gpgv2 @bin bin/kbxutil -@bin bin/scdaemon @bin bin/watchgnupg @info info/gnupg.info @bin libexec/gnupg-pcsc-wrapper @@ -22,6 +21,7 @@ bin/gpgsm-gencert.sh @bin libexec/gpg2keys_curl @bin libexec/gpg2keys_finger @bin libexec/gpg2keys_hkp +@bin libexec/scdaemon @man man/man1/gpg-agent.1 @man man/man1/gpg-connect-agent.1 @man man/man1/gpg-preset-passphrase.1
Re: update security/gnupg2
On Tue, Aug 20, 2013 at 7:45 PM, Pascal Stumpf wrote: > On Thu, 18 Jul 2013 23:57:08 +0200, Pascal Stumpf wrote: >> Simple update to GnuPG 2.0.20. > > 2.0.21: Still works fine with my OpenPGP SmartCard. ok dcoppa@
Re: update security/gnupg2
David Coppa a écrit : >On Tue, Aug 20, 2013 at 7:45 PM, Pascal Stumpf >wrote: >> On Thu, 18 Jul 2013 23:57:08 +0200, Pascal Stumpf wrote: >>> Simple update to GnuPG 2.0.20. >> >> 2.0.21: > >Still works fine with my OpenPGP SmartCard. > >ok dcoppa@ OK pea@ -- Pierre-Emmanuel André GPG key: 0x7A329DC
Re: security/gnupg2 poll
On Wed, Jul 11, 2012 at 5:13 PM, David Coppa wrote: > Hi, > > Just a little poll about security/gnupg2 and smartcard support: > > Now that pcsc-lite-1.8.x is working fine (dunno what, but something > has been fixed in either rthreads or libusb1: thanks a lot to the > usual suspects!), is it better to completely disable internal ccid > support from gnupg2 and add a runtime dependency on pcsc-lite and ccid > or to leave things as they currently are and tell the users to install > pcsc-lite and ccid in order to use a card reader other than the SCM > SCR335 USB SmartCard reader[1] (the only reader supported by gnupg2 > without pcsc-lite)? > > Thoughts welcome... > > [1] http://www.scm-pc-card.de/picture/scr-335.jpg Of course, the SCR335 works with pcsc-lite too (just to be clear)
smartcard: security/gnupg2 diff
Hi, This is the last diff from my pcsc-lite/ccid work. The diff below enables pcsclite support for security/gnupg2. Ok? P.S.: native speakers, please tell me if README is good enough... Ciao, David Index: Makefile === RCS file: /cvs/ports/security/gnupg2/Makefile,v retrieving revision 1.19 diff -u -p -r1.19 Makefile --- Makefile14 May 2012 08:49:54 - 1.19 +++ Makefile7 Aug 2012 12:02:51 - @@ -3,7 +3,7 @@ COMMENT = gnu privacy guard - a free PGP replacement DISTNAME = gnupg-2.0.19 -REVISION = 0 +REVISION = 1 CATEGORIES = security MASTER_SITES = ftp://ftp.gnupg.org/gcrypt/gnupg/ \ @@ -62,7 +62,7 @@ USE_GROFF = Yes CONFIGURE_STYLE = gnu CONFIGURE_ENV =CPPFLAGS="-I${LOCALBASE}/include" \ - LDFLAGS="-L${LOCALBASE}/lib -pthread" + LDFLAGS="-L${LOCALBASE}/lib" CONFIGURE_ARGS = docdir=${LOCALBASE}/share/doc/gnupg2 \ --enable-gpgtar Index: patches/patch-configure === RCS file: patches/patch-configure diff -N patches/patch-configure --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-configure 7 Aug 2012 12:02:51 - @@ -0,0 +1,21 @@ +$OpenBSD$ +--- configure.orig Tue Mar 27 10:22:50 2012 configure Tue Aug 7 13:10:12 2012 +@@ -7851,7 +7851,7 @@ if ${ac_cv_lib_usb_usb_bulk_write+:} false; then : + $as_echo_n "(cached) " >&6 + else + ac_check_lib_save_LIBS=$LIBS +-LIBS="-lusb $LIBS" ++LIBS="-lusb -pthread $LIBS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + +@@ -7882,7 +7882,7 @@ fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_usb_usb_bulk_write" >&5 + $as_echo "$ac_cv_lib_usb_usb_bulk_write" >&6; } + if test "x$ac_cv_lib_usb_usb_bulk_write" = xyes; then : +- LIBUSB_LIBS="$LIBUSB_LIBS -lusb" ++ LIBUSB_LIBS="$LIBUSB_LIBS -lusb -pthread" + + $as_echo "#define HAVE_LIBUSB 1" >>confdefs.h + Index: patches/patch-scd_Makefile_in === RCS file: /cvs/ports/security/gnupg2/patches/patch-scd_Makefile_in,v retrieving revision 1.1 diff -u -p -r1.1 patch-scd_Makefile_in --- patches/patch-scd_Makefile_in 14 May 2012 08:49:54 - 1.1 +++ patches/patch-scd_Makefile_in 7 Aug 2012 12:02:51 - @@ -1,15 +1,12 @@ $OpenBSD: patch-scd_Makefile_in,v 1.1 2012/05/14 08:49:54 dcoppa Exp $ - -No PC/SC-Lite (pcsc-lite) support for now - --- scd/Makefile.in.orig Tue Mar 27 10:22:48 2012 -+++ scd/Makefile.inSun May 13 18:23:49 2012 -@@ -70,7 +70,7 @@ POST_UNINSTALL = : - build_triplet = @build@ - host_triplet = @host@ - bin_PROGRAMS = scdaemon$(EXEEXT) --@HAVE_W32_SYSTEM_FALSE@libexec_PROGRAMS = gnupg-pcsc-wrapper$(EXEEXT) -+@HAVE_W32_SYSTEM_FALSE@libexec_PROGRAMS = - DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ - $(top_srcdir)/am/cmacros.am - @HAVE_DOSISH_SYSTEM_FALSE@am__append_1 = -DGNUPG_BINDIR="\"$(bindir)\"" \ scd/Makefile.inTue Aug 7 12:40:15 2012 +@@ -227,7 +227,7 @@ KSBA_CONFIG = @KSBA_CONFIG@ + KSBA_LIBS = @KSBA_LIBS@ + LDAPLIBS = @LDAPLIBS@ + LDAP_CPPFLAGS = @LDAP_CPPFLAGS@ +-LDFLAGS = @LDFLAGS@ ++LDFLAGS = @LDFLAGS@ -pthread -Wl,--export-dynamic + LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ + LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ + LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ Index: patches/patch-scd_apdu_c === RCS file: patches/patch-scd_apdu_c diff -N patches/patch-scd_apdu_c --- patches/patch-scd_apdu_c14 May 2012 08:49:54 - 1.3 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,25 +0,0 @@ -$OpenBSD: patch-scd_apdu_c,v 1.3 2012/05/14 08:49:54 dcoppa Exp $ - -No PC/SC-Lite (pcsc-lite) support for now - scd/apdu.c.origTue Mar 27 10:00:38 2012 -+++ scd/apdu.c Sun May 13 18:41:37 2012 -@@ -66,7 +66,7 @@ - /* Due to conflicting use of threading libraries we usually can't link -against libpcsclite. Instead we use a wrapper program. */ - #ifdef USE_GNU_PTH --#if !defined(HAVE_W32_SYSTEM) && !defined(__CYGWIN__) -+#if !defined(HAVE_W32_SYSTEM) && !defined(__CYGWIN__) && !defined(__OpenBSD__) - #define NEED_PCSC_WRAPPER 1 - #endif - #endif -@@ -2389,6 +2389,9 @@ apdu_open_reader (const char *portstr, int *r_no_servi - /* No ctAPI configured, so lets try the PC/SC API */ - if (!pcsc_api_loaded) - { -+#ifdef __OpenBSD__ -+ return -1; -+#endif - #ifndef NEED_PCSC_WRAPPER - void *handle; - Index: pkg/PLIST === RCS file: /cvs/ports/security/gnupg2/pkg/PLIST,v retrieving revision 1
Re: smartcard: security/gnupg2 diff
On Tue, Aug 07, 2012 at 06:33:52AM -0600, David Coppa wrote: > > Hi, > > This is the last diff from my pcsc-lite/ccid work. > > The diff below enables pcsclite support for security/gnupg2. > > Ok? Hi, The diff looks good to me but i can't test it (no hardware). Regards, -- Pierre-Emmanuel André GPG key: 0x7AE329DC
security/gnupg2: fix curl dependency
Hi, Due to an error (include -> #include) into configure, curl dependency was not picked up correctly. The patch below fixes the issue (and regen WANTLIB accordingly). OK? cheers, David Index: Makefile === RCS file: /cvs/ports/security/gnupg2/Makefile,v retrieving revision 1.16 diff -u -p -r1.16 Makefile --- Makefile31 Jan 2012 10:51:48 - 1.16 +++ Makefile9 Mar 2012 08:18:11 - @@ -4,7 +4,7 @@ COMMENT = gnu privacy guard - a free PG DISTNAME = gnupg-2.0.18 CATEGORIES = security -REVISION = 2 +REVISION = 3 MASTER_SITES = ftp://ftp.gnupg.org/gcrypt/gnupg/ \ ftp://gd.tuwien.ac.at/privacy/gnupg/gnupg/ \ @@ -25,8 +25,9 @@ PERMIT_PACKAGE_FTP = Yes PERMIT_DISTFILES_CDROM =Yes PERMIT_DISTFILES_FTP = Yes -WANTLIB += assuan bz2 c gcrypt gpg-error -WANTLIB += ksba pth readline termcap z +WANTLIB += assuan bz2 c crypto curl gcrypt +WANTLIB += gpg-error idn ksba pth readline +WANTLIB += ssl termcap z EXTRACT_SUFX = .tar.bz2 Index: patches/patch-configure === RCS file: patches/patch-configure diff -N patches/patch-configure --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-configure 9 Mar 2012 08:18:11 - @@ -0,0 +1,12 @@ +$OpenBSD$ +--- configure.orig Thu Mar 8 09:48:08 2012 configure Thu Mar 8 09:48:49 2012 +@@ -9384,7 +9384,7 @@ else + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ +-include ++#include + int + main () + {
Re: security/gnupg2: fix curl dependency
On Fri, Mar 09, 2012 at 01:23:09AM -0700, David Coppa wrote: > > Hi, > > Due to an error (include -> #include) into configure, > curl dependency was not picked up correctly. > > The patch below fixes the issue (and regen WANTLIB accordingly). > > OK? > ok pea@ Regards, > cheers, > David > > Index: Makefile > ======= > RCS file: /cvs/ports/security/gnupg2/Makefile,v > retrieving revision 1.16 > diff -u -p -r1.16 Makefile > --- Makefile 31 Jan 2012 10:51:48 - 1.16 > +++ Makefile 9 Mar 2012 08:18:11 - > @@ -4,7 +4,7 @@ COMMENT = gnu privacy guard - a free PG > > DISTNAME = gnupg-2.0.18 > CATEGORIES = security > -REVISION = 2 > +REVISION = 3 > > MASTER_SITES = ftp://ftp.gnupg.org/gcrypt/gnupg/ \ > ftp://gd.tuwien.ac.at/privacy/gnupg/gnupg/ \ > @@ -25,8 +25,9 @@ PERMIT_PACKAGE_FTP =Yes > PERMIT_DISTFILES_CDROM =Yes > PERMIT_DISTFILES_FTP = Yes > > -WANTLIB += assuan bz2 c gcrypt gpg-error > -WANTLIB += ksba pth readline termcap z > +WANTLIB += assuan bz2 c crypto curl gcrypt > +WANTLIB += gpg-error idn ksba pth readline > +WANTLIB += ssl termcap z > > EXTRACT_SUFX = .tar.bz2 > > Index: patches/patch-configure > === > RCS file: patches/patch-configure > diff -N patches/patch-configure > --- /dev/null 1 Jan 1970 00:00:00 - > +++ patches/patch-configure 9 Mar 2012 08:18:11 - > @@ -0,0 +1,12 @@ > +$OpenBSD$ > +--- configure.orig Thu Mar 8 09:48:08 2012 > configureThu Mar 8 09:48:49 2012 > +@@ -9384,7 +9384,7 @@ else > + > +cat confdefs.h - <<_ACEOF >conftest.$ac_ext > + /* end confdefs.h. */ > +-include > ++#include > + int > + main () > + { -- Pierre-Emmanuel André GPG key: 0x7AE329DC
[UPDATE] pcsc-lite and gnupg2 (Was: security/gnupg2 poll)
On Wed, 11 Jul 2012, David Coppa wrote: > Hi, > > Just a little poll about security/gnupg2 and smartcard support: > > Now that pcsc-lite-1.8.x is working fine (dunno what, but something > has been fixed in either rthreads or libusb1: thanks a lot to the > usual suspects!), is it better to completely disable internal ccid > support from gnupg2 and add a runtime dependency on pcsc-lite and ccid > or to leave things as they currently are and tell the users to install > pcsc-lite and ccid in order to use a card reader other than the SCM > SCR335 USB SmartCard reader[1] (the only reader supported by gnupg2 > without pcsc-lite)? > > Thoughts welcome... > > [1] http://www.scm-pc-card.de/picture/scr-335.jpg Hi again, Here's my diff for both pcsc-lite and gnupg2. Tested on amd64 with the O2 O2Micro CCID SC Reader (the embedded card reader in my Dell Latitude) and with the SCM SCR335 USB SC Reader. Build-only tested on sparc64. Bonus point: it does not link with -lfl anymore. OK? I will send the new security/ccid port in another mail... Index: gnupg2/Makefile === RCS file: /cvs/ports/security/gnupg2/Makefile,v retrieving revision 1.19 diff -u -p -r1.19 Makefile --- gnupg2/Makefile 14 May 2012 08:49:54 - 1.19 +++ gnupg2/Makefile 12 Jul 2012 09:01:40 - @@ -3,7 +3,7 @@ COMMENT = gnu privacy guard - a free PGP replacement DISTNAME = gnupg-2.0.19 -REVISION = 0 +REVISION = 1 CATEGORIES = security MASTER_SITES = ftp://ftp.gnupg.org/gcrypt/gnupg/ \ @@ -27,7 +27,7 @@ PERMIT_DISTFILES_FTP =Yes WANTLIB += assuan bz2 c crypto curl gcrypt WANTLIB += gpg-error idn ksba pth pthread -WANTLIB += readline ssl termcap usb z +WANTLIB += readline ssl termcap z EXTRACT_SUFX = .tar.bz2 @@ -37,7 +37,6 @@ FLAVORS = ldap FLAVOR ?= LIB_DEPENDS = archivers/bzip2 \ - devel/libusb-compat \ security/libassuan \ security/libgcrypt \ security/libksba \ @@ -52,7 +51,8 @@ LIB_DEPENDS +=databases/openldap CONFIGURE_ARGS += --disable-ldap .endif -RUN_DEPENDS = security/pinentry +RUN_DEPENDS = security/ccid \ + security/pinentry # gpg-agent must be installed to run the regress tests REGRESS_DEPENDS = ${FULLPKGNAME}:${BUILD_PKGPATH} @@ -62,8 +62,9 @@ USE_GROFF = Yes CONFIGURE_STYLE = gnu CONFIGURE_ENV =CPPFLAGS="-I${LOCALBASE}/include" \ - LDFLAGS="-L${LOCALBASE}/lib -pthread" + LDFLAGS="-L${LOCALBASE}/lib" CONFIGURE_ARGS = docdir=${LOCALBASE}/share/doc/gnupg2 \ + --disable-ccid-driver \ --enable-gpgtar # Avoid conflict with gnupg-1.x Index: gnupg2/patches/patch-scd_Makefile_in ======= RCS file: /cvs/ports/security/gnupg2/patches/patch-scd_Makefile_in,v retrieving revision 1.1 diff -u -p -r1.1 patch-scd_Makefile_in --- gnupg2/patches/patch-scd_Makefile_in14 May 2012 08:49:54 - 1.1 +++ gnupg2/patches/patch-scd_Makefile_in12 Jul 2012 09:01:40 - @@ -1,15 +1,12 @@ $OpenBSD: patch-scd_Makefile_in,v 1.1 2012/05/14 08:49:54 dcoppa Exp $ - -No PC/SC-Lite (pcsc-lite) support for now - --- scd/Makefile.in.orig Tue Mar 27 10:22:48 2012 -+++ scd/Makefile.inSun May 13 18:23:49 2012 -@@ -70,7 +70,7 @@ POST_UNINSTALL = : - build_triplet = @build@ - host_triplet = @host@ - bin_PROGRAMS = scdaemon$(EXEEXT) --@HAVE_W32_SYSTEM_FALSE@libexec_PROGRAMS = gnupg-pcsc-wrapper$(EXEEXT) -+@HAVE_W32_SYSTEM_FALSE@libexec_PROGRAMS = - DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ - $(top_srcdir)/am/cmacros.am - @HAVE_DOSISH_SYSTEM_FALSE@am__append_1 = -DGNUPG_BINDIR="\"$(bindir)\"" \ scd/Makefile.inWed Jul 11 22:08:58 2012 +@@ -227,7 +227,7 @@ KSBA_CONFIG = @KSBA_CONFIG@ + KSBA_LIBS = @KSBA_LIBS@ + LDAPLIBS = @LDAPLIBS@ + LDAP_CPPFLAGS = @LDAP_CPPFLAGS@ +-LDFLAGS = @LDFLAGS@ ++LDFLAGS = @LDFLAGS@ -pthread -Wl,--export-dynamic + LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ + LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ + LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ Index: gnupg2/patches/patch-scd_apdu_c === RCS file: gnupg2/patches/patch-scd_apdu_c diff -N gnupg2/patches/patch-scd_apdu_c --- gnupg2/patches/patch-scd_apdu_c 14 May 2012 08:49:54 - 1.3 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,25 +0,0 @@ -$OpenBSD: patch-scd_apdu_c,v 1.3 2012/05/14 08:49:54 dcoppa Exp $ - -No PC/SC-Lite (pcsc-lite) support for now - scd/apdu.c.origTue Mar 27 10:00:38 20