Date: Thu, 8 Apr 2021 18:45:43 GMT From: Adam Weinberger <adamw@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 433d2e2d0cc3 - main - security/gnupg: Update to 2.3.0 Message-ID: <202104081845.138Ijhu6088897@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by adamw: URL: https://cgit.FreeBSD.org/ports/commit/?id=433d2e2d0cc31894e2660f4faf87b4cfcd59c08b commit 433d2e2d0cc31894e2660f4faf87b4cfcd59c08b Author: Adam Weinberger <adamw@FreeBSD.org> AuthorDate: 2021-04-08 18:44:52 +0000 Commit: Adam Weinberger <adamw@FreeBSD.org> CommitDate: 2021-04-08 18:45:33 +0000 security/gnupg: Update to 2.3.0 Changes: * A new experimental key database daemon is provided. To enable it put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored in a SQLite database and make key lookup much faster. * New tool gpg-card as a flexible frontend for all types of supported smartcards. * New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and gpg-connect-agent. * The gpg-wks-client tool is now installed under bin; a wrapper for its old location at libexec is also installed. * tpm2d: New daemon to physically bind keys to the local machine. See https://gnupg.org/blog/20210315-using-tpm-with-gnupg-2.3.html * gpg: Switch to ed25519/cv25519 as default public key algorithms. * gpg: Verification results now depend on the --sender option and the signer's UID subpacket. [#4735] * gpg: Do not use any 64-bit block size cipher algorithm for encryption. Use AES as last resort cipher preference instead of 3DES. This can be reverted using --allow-old-cipher-algos. * gpg: Support AEAD encryption mode using OCB or EAX. * gpg: Support v5 keys and signatures. * gpg: Support curve X448 (ed448, cv448). * gpg: Allow use of group names in key listings. [e825aea2ba] * gpg: New option --full-timestrings to print date and time. * gpg: New option --force-sign-key. [#4584] * gpg: New option --no-auto-trust-new-key. * gpg: The legacy key discovery method PKA is no longer supported. The command --print-pka-records and the PKA related import and export options have been removed. * gpg: Support export of Ed448 Secure Shell keys. * gpgsm: Add basic ECC support. * gpgsm: Support creation of EdDSA certificates. [#4888] * agent: Allow the use of "Label:" in a key file to customize the pinentry prompt. [5388537806] * agent: Support ssh-agent extensions for environment variables. With a patched version of OpenSSH this avoids the need for the "updatestartuptty" kludge. [224e26cf7b] * scd: Improve support for multiple card readers and tokens. * scd: Support PIV cards. * scd: Support for Rohde&Schwarz Cybersecurity cards. * scd: Support Telesec Signature Cards v2.0 * scd: Support multiple application on certain smartcard. * scd: New option --application-priority. * scd: New option --pcsc-shared; see man page for important notes. * dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs. * The symcryptrun tool, a wrapper for the now obsolete external Chiasmus tool, has been removed. * Full Unicode support under Windows for the command line. [#4398] Release-info: https://dev.gnupg.org/T5343 --- security/gnupg/Makefile | 4 +-- security/gnupg/distinfo | 6 ++--- security/gnupg/files/patch-doc_scdaemon.texi | 14 ---------- security/gnupg/files/patch-scd_apdu.c | 11 -------- security/gnupg/files/patch-scd_scdaemon.c | 36 ------------------------- security/gnupg/files/patch-scd_scdaemon.h | 11 -------- security/gnupg/files/patch-tools_gpgconf-comp.c | 12 --------- security/gnupg/pkg-plist | 14 +++++++--- 8 files changed, 15 insertions(+), 93 deletions(-) diff --git a/security/gnupg/Makefile b/security/gnupg/Makefile index 76c2132742c2..452308c269a0 100644 --- a/security/gnupg/Makefile +++ b/security/gnupg/Makefile @@ -1,5 +1,5 @@ PORTNAME= gnupg -PORTVERSION= 2.2.27 +PORTVERSION= 2.3.0 CATEGORIES= security MASTER_SITES= GNUPG @@ -38,7 +38,7 @@ OPTIONS_SUB= yes LARGE_RSA_DESC= Enable support for 8192-bit RSA keys LDAP_DESC= LDAP keyserver interface SCDAEMON_DESC= Enable Smartcard daemon (with libusb) -SUID_GPG_DESC= Install GPG with suid +SUID_GPG_DESC= Install GPG as SUID root WKS_SERVER_DESC=Install the Web Key Service server GNUTLS_CONFIGURE_ENABLE=gnutls diff --git a/security/gnupg/distinfo b/security/gnupg/distinfo index 094506df443f..61cff8e4eaa3 100644 --- a/security/gnupg/distinfo +++ b/security/gnupg/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1610426077 -SHA256 (gnupg-2.2.27.tar.bz2) = 34e60009014ea16402069136e0a5f63d9b65f90096244975db5cea74b3d02399 -SIZE (gnupg-2.2.27.tar.bz2) = 7191555 +TIMESTAMP = 1617905248 +SHA256 (gnupg-2.3.0.tar.bz2) = 84c1ef39e8621cfb70f31463a5d1d8edeab44332bc1e0e1af9b78b6f9ed05bb4 +SIZE (gnupg-2.3.0.tar.bz2) = 7557228 diff --git a/security/gnupg/files/patch-doc_scdaemon.texi b/security/gnupg/files/patch-doc_scdaemon.texi deleted file mode 100644 index f44dc1142da2..000000000000 --- a/security/gnupg/files/patch-doc_scdaemon.texi +++ /dev/null @@ -1,14 +0,0 @@ ---- doc/scdaemon.texi.orig 2019-11-20 21:45:47 UTC -+++ doc/scdaemon.texi -@@ -300,6 +300,11 @@ Note that with the current version of Scdaemon the car - down immediately at the next timer tick for any value of @var{n} other - than 0. - -+@item --shared-access -+@opindex shared-access -+Open the smart card in shared mode, rather than exclusive. This will allow -+other applications like PKCS#11 libraries to use the smart card concurrently. -+ - @item --enable-pinpad-varlen - @opindex enable-pinpad-varlen - Please specify this option when the card reader supports variable diff --git a/security/gnupg/files/patch-scd_apdu.c b/security/gnupg/files/patch-scd_apdu.c deleted file mode 100644 index f3313b850367..000000000000 --- a/security/gnupg/files/patch-scd_apdu.c +++ /dev/null @@ -1,11 +0,0 @@ ---- scd/apdu.c.orig 2019-07-09 09:08:45 UTC -+++ scd/apdu.c -@@ -816,7 +816,7 @@ connect_pcsc_card (int slot) - - err = pcsc_connect (reader_table[slot].pcsc.context, - reader_table[slot].rdrname, -- PCSC_SHARE_EXCLUSIVE, -+ opt.shared_access ? PCSC_SHARE_SHARED : PCSC_SHARE_EXCLUSIVE, - PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1, - &reader_table[slot].pcsc.card, - &reader_table[slot].pcsc.protocol); diff --git a/security/gnupg/files/patch-scd_scdaemon.c b/security/gnupg/files/patch-scd_scdaemon.c deleted file mode 100644 index 4b2e62255de6..000000000000 --- a/security/gnupg/files/patch-scd_scdaemon.c +++ /dev/null @@ -1,36 +0,0 @@ ---- scd/scdaemon.c.orig 2019-07-09 09:08:45 UTC -+++ scd/scdaemon.c -@@ -99,6 +99,7 @@ enum cmd_and_opt_values - oDenyAdmin, - oDisableApplication, - oEnablePinpadVarlen, -+ oSharedAccess, - oListenBacklog, - - oNoop -@@ -164,6 +165,8 @@ static ARGPARSE_OPTS opts[] = { - /* Stubs for options which are implemented by 2.3 or later. */ - ARGPARSE_s_s (oNoop, "application-priority", "@"), - -+ ARGPARSE_s_n (oSharedAccess, "shared-access", N_("use PCSC_SHARE_SHARED for pcsc_connect")), -+ - ARGPARSE_end () - }; - -@@ -629,6 +632,8 @@ main (int argc, char **argv ) - - case oNoop: break; - -+ case oSharedAccess: opt.shared_access = 1; break; -+ - default: - pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR; - break; -@@ -727,6 +732,7 @@ main (int argc, char **argv ) - es_printf ("disable-pinpad:%lu:\n", GC_OPT_FLAG_NONE ); - es_printf ("card-timeout:%lu:%d:\n", GC_OPT_FLAG_DEFAULT, 0); - es_printf ("enable-pinpad-varlen:%lu:\n", GC_OPT_FLAG_NONE ); -+ es_printf ("shared-access:%lu:\n", GC_OPT_FLAG_NONE ); - - scd_exit (0); - } diff --git a/security/gnupg/files/patch-scd_scdaemon.h b/security/gnupg/files/patch-scd_scdaemon.h deleted file mode 100644 index 66748abf6bd6..000000000000 --- a/security/gnupg/files/patch-scd_scdaemon.h +++ /dev/null @@ -1,11 +0,0 @@ ---- scd/scdaemon.h.orig 2019-07-09 09:08:45 UTC -+++ scd/scdaemon.h -@@ -62,6 +62,8 @@ struct - strlist_t disabled_applications; /* Card applications we do not - want to use. */ - unsigned long card_timeout; /* Disconnect after N seconds of inactivity. */ -+ -+ int shared_access; - } opt; - - diff --git a/security/gnupg/files/patch-tools_gpgconf-comp.c b/security/gnupg/files/patch-tools_gpgconf-comp.c deleted file mode 100644 index 51bb3c1aca41..000000000000 --- a/security/gnupg/files/patch-tools_gpgconf-comp.c +++ /dev/null @@ -1,12 +0,0 @@ ---- tools/gpgconf-comp.c.orig 2019-07-09 09:08:45 UTC -+++ tools/gpgconf-comp.c -@@ -653,6 +653,9 @@ static gc_option_t gc_options_scdaemon[] = - { "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC, - "gnupg", "|N|disconnect the card after N seconds of inactivity", - GC_ARG_TYPE_UINT32, GC_BACKEND_SCDAEMON }, -+ { "shared-access", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC, -+ "gnupg", "use PCSC_SHARE_SHARED for pcsc_connect", -+ GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON }, - - { "Debug", - GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED, diff --git a/security/gnupg/pkg-plist b/security/gnupg/pkg-plist index fb5cc8ca273c..77c212e987bd 100644 --- a/security/gnupg/pkg-plist +++ b/security/gnupg/pkg-plist @@ -1,7 +1,9 @@ -bin/dirmngr -bin/dirmngr-client +%%GNUTLS%%bin/dirmngr +%%GNUTLS%%bin/dirmngr-client bin/gpg-agent +bin/gpg-card bin/gpg-connect-agent +bin/gpg-wks-client %%WKS_SERVER%%bin/gpg-wks-server %%SUID_GPG%%@(,,4555) bin/gpg2 %%NO_SUID_GPG%%bin/gpg2 @@ -16,12 +18,16 @@ bin/kbxutil bin/watchgnupg %%LDAP%%libexec/dirmngr_ldap libexec/gpg-check-pattern +libexec/gpg-pair-tool libexec/gpg-preset-passphrase libexec/gpg-protect-tool libexec/gpg-wks-client +libexec/keyboxd %%SCDAEMON%%libexec/scdaemon man/man1/dirmngr-client.1.gz man/man1/gpg-agent.1.gz +man/man1/gpg-card.1.gz +man/man1/gpg-check-pattern.1.gz man/man1/gpg-connect-agent.1.gz man/man1/gpg-preset-passphrase.1.gz man/man1/gpg-wks-client.1.gz @@ -33,7 +39,6 @@ man/man1/gpgsm.1.gz man/man1/gpgtar.1.gz man/man1/gpgv2.1.gz man/man1/scdaemon.1.gz -man/man1/symcryptrun.1.gz man/man1/watchgnupg.1.gz man/man7/gnupg.7.gz man/man8/addgnupghome.8.gz @@ -55,6 +60,7 @@ sbin/applygnupgdefaults %%PORTDOCS%%%%DOCSDIR%%/examples/debug.prf %%PORTDOCS%%%%DOCSDIR%%/examples/gpgconf.conf %%PORTDOCS%%%%DOCSDIR%%/examples/pwpattern.list +%%PORTDOCS%%%%DOCSDIR%%/examples/qualified.txt %%PORTDOCS%%%%DOCSDIR%%/examples/scd-event %%PORTDOCS%%%%DOCSDIR%%/examples/systemd-user/README %%PORTDOCS%%%%DOCSDIR%%/examples/systemd-user/dirmngr.service @@ -94,7 +100,7 @@ sbin/applygnupgdefaults %%PORTDOCS%%%%DOCSDIR%%/help.zh_CN.txt %%PORTDOCS%%%%DOCSDIR%%/help.zh_TW.txt %%DATADIR%%/distsigkey.gpg -%%DATADIR%%/sks-keyservers.netCA.pem +%%GNUTLS%%%%DATADIR%%/sks-keyservers.netCA.pem %%NLS%%share/locale/ca/LC_MESSAGES/gnupg2.mo %%NLS%%share/locale/cs/LC_MESSAGES/gnupg2.mo %%NLS%%share/locale/da/LC_MESSAGES/gnupg2.mo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202104081845.138Ijhu6088897>