[pkgsrc/pkgsrc-2006Q3]: pkgsrc/security/gnupg Pullup ticket 1944 - requested ...

[ghen <ghen%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/986fb0e0ede0
branches:  pkgsrc-2006Q3
changeset: 519235:986fb0e0ede0
user:      ghen <ghen%pkgsrc.org@localhost>
date:      Thu Dec 07 13:54:38 2006 +0000

description:
Pullup ticket 1944 - requested by wiz
security update for gnupg

- pkgsrc/security/gnupg/Makefile                1.93
- pkgsrc/security/gnupg/PLIST                   1.20
- pkgsrc/security/gnupg/distinfo                1.45
- pkgsrc/security/gnupg/patches/patch-al        removed

   Module Name: pkgsrc
   Committed By:        wiz
   Date:                Wed Dec  6 23:00:46 UTC 2006

   Modified Files:
        pkgsrc/security/gnupg: Makefile PLIST distinfo
   Removed Files:
        pkgsrc/security/gnupg/patches: patch-al

   Log Message:
   Update to 1.4.6:

   Noteworthy changes in version 1.4.6 (2006-12-06)
   ------------------------------------------------

       * Fixed a serious and exploitable bug in processing encrypted
         packages. [CVE-2006-6235].

       * Fixed a buffer overflow in gpg. [bug#728, CVE-2006-6169]
        (already fixed in pkgsrc)

       * Fixed a bug while decrypting certain compressed and encrypted
         messages. [bug#537]

       * Added --s2k-count to set the number of times passphrase mangling
         is repeated.  The default is 65536 times.

       * Added --passphrase-repeat to set the number of times GPG will
         prompt for a new passphrase to be repeated.  This is useful to
         help memorize a new passphrase.  The default is 1 repetition.

       * Added a GPL license exception to the keyserver helper programs
         gpgkeys_ldap, gpgkeys_curl, and gpgkeys_hkp, to clarify any
         potential questions about the ability to distribute binaries
         that link to the OpenSSL library.  GnuPG does not link directly
         to OpenSSL, but libcurl (used for HKP, HTTP, and FTP) and
         OpenLDAP (used for LDAP) may.  Note that this license exception
         is considered a bug fix and is intended to forgive any
         violations pertaining to this issue, including those that may
         have occurred in the past.

       * Man pages are now build from the same source as those of GnuPG-2.

diffstat:

 security/gnupg/Makefile         |   5 ++---
 security/gnupg/PLIST            |   5 ++---
 security/gnupg/distinfo         |   9 ++++-----
 security/gnupg/patches/patch-al |  15 ---------------
 4 files changed, 8 insertions(+), 26 deletions(-)

diffs (68 lines):

diff -r bd723e4d59b4 -r 986fb0e0ede0 security/gnupg/Makefile
--- a/security/gnupg/Makefile   Thu Dec 07 13:39:42 2006 +0000
+++ b/security/gnupg/Makefile   Thu Dec 07 13:54:38 2006 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.90.2.1 2006/11/28 08:21:42 ghen Exp $
+# $NetBSD: Makefile,v 1.90.2.2 2006/12/07 13:54:38 ghen Exp $
 
-DISTNAME=      gnupg-1.4.5
-PKGREVISION=   1
+DISTNAME=      gnupg-1.4.6
 CATEGORIES=    security
 MASTER_SITES=  ftp://ftp.gnupg.org/gcrypt/gnupg/ \
                ftp://ftp.planetmirror.com/pub/gnupg/ \
diff -r bd723e4d59b4 -r 986fb0e0ede0 security/gnupg/PLIST
--- a/security/gnupg/PLIST      Thu Dec 07 13:39:42 2006 +0000
+++ b/security/gnupg/PLIST      Thu Dec 07 13:54:38 2006 +0000
@@ -1,10 +1,9 @@
-@comment $NetBSD: PLIST,v 1.19 2006/08/02 10:37:34 drochner Exp $
+@comment $NetBSD: PLIST,v 1.19.2.1 2006/12/07 13:54:38 ghen Exp $
 bin/gpg
 bin/gpg-zip
 bin/gpgsplit
 bin/gpgv
-info/gpg.info
-info/gpgv.info
+info/gnupg1.info
 libexec/gnupg/gpgkeys_curl
 libexec/gnupg/gpgkeys_finger
 libexec/gnupg/gpgkeys_hkp
diff -r bd723e4d59b4 -r 986fb0e0ede0 security/gnupg/distinfo
--- a/security/gnupg/distinfo   Thu Dec 07 13:39:42 2006 +0000
+++ b/security/gnupg/distinfo   Thu Dec 07 13:54:38 2006 +0000
@@ -1,12 +1,11 @@
-$NetBSD: distinfo,v 1.43.2.1 2006/11/28 08:21:42 ghen Exp $
+$NetBSD: distinfo,v 1.43.2.2 2006/12/07 13:54:38 ghen Exp $
 
-SHA1 (gnupg-1.4.5.tar.bz2) = 553fefe0da5a91108dd9468e381faf9487754f9a
-RMD160 (gnupg-1.4.5.tar.bz2) = f27447b3aec1423ac10c3a5b4745ea3b13c5a5e5
-Size (gnupg-1.4.5.tar.bz2) = 3089617 bytes
+SHA1 (gnupg-1.4.6.tar.bz2) = 9cbbef5c94f793867ff3ae4941816962311a0563
+RMD160 (gnupg-1.4.6.tar.bz2) = c7e7409358aaaaf7f3bb202aa86f6121749b97e3
+Size (gnupg-1.4.6.tar.bz2) = 3149454 bytes
 SHA1 (idea.c.gz) = 82fded4ec31b97b3b2dd22741880b67cfee40f84
 RMD160 (idea.c.gz) = e35be5a031d10d52341ac5f029d28f811edd908d
 Size (idea.c.gz) = 5216 bytes
 SHA1 (patch-aa) = 91d55ca22b58e8a1f3c17a2fd0ad888d4c85c6cf
 SHA1 (patch-ab) = 29a7d0b736322eb1ecf0925a2419b513f323000e
 SHA1 (patch-ak) = 89a6a7552104f4d5b97a98889da88fca68c54f31
-SHA1 (patch-al) = 504ff52178d9ffa36f14d6741e4805c212156c0e
diff -r bd723e4d59b4 -r 986fb0e0ede0 security/gnupg/patches/patch-al
--- a/security/gnupg/patches/patch-al   Thu Dec 07 13:39:42 2006 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
-$NetBSD: patch-al,v 1.1.2.2 2006/11/28 08:21:42 ghen Exp $
-
-# http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html
-
---- ./g10/openfile.c.orig      2006-09-14 08:18:39.000000000 -0600
-+++ ./g10/openfile.c
-@@ -145,7 +145,7 @@ ask_outfile_name( const char *name, size
- 
-     s = _("Enter new filename");
- 
--    n = strlen(s) + namelen + 10;
-+    n = strlen(s) + (defname?strlen (defname):0) + 10;
-     defname = name && namelen? make_printable_string( name, namelen, 0): NULL;
-     prompt = xmalloc(n);
-     if( defname )