Subject: CVS commit: pkgsrc/security/gpgme
To: None <>
From: Thomas Klausner <>
List: pkgsrc-changes
Date: 12/14/2003 15:05:01
Module Name:	pkgsrc
Committed By:	wiz
Date:		Sun Dec 14 15:05:01 UTC 2003

Modified Files:
	pkgsrc/security/gpgme: Makefile PLIST distinfo
Added Files:
	pkgsrc/security/gpgme/patches: patch-aa

Log Message:
Update to 0.4.3 (for gpa-0.7.0):
Noteworthy changes in version 0.4.3 (2003-10-06)

 * libgpgme should not be used for threaded programs anymore.  This
   never worked reliably in all cases, because you had to
   be careful about the linking order and libtool wouldn't do that for
   you automatically.  Instead, now you have to link against
   libgpgme-pthread for applications using pthread and libgpgme-pth for
   applications using GNU Pth.

   The old code for automagically detecting the thread library is
   still part of libgpgme, but it is DEPRECATED.

 * There are new automake macros AM_PATH_GPGME_PTH and
   AM_PATH_GPGME_PTHREAD, which support checking for thread-enabled
   versions of GPGME.  They define GPGME_PTH_CFLAGS, GPGME_PTH_LIBS,
   variables of course also include the configuration for the thread
   package itself.  Alternatively, use libtool.

 * gpgme_strerror_r as a thread safe variant of gpgme_strerror was

 * gpgme-config doesn't support setting the prefix or exec prefix
   anymore.  I don't think it ever worked correctly, and it seems to
   be pointless.

 * gpgme_get_key fails with GPG_ERR_AMBIGUOUS_NAME if the key ID
   provided was not unique, instead returning the first matching key.

 * gpgme_key_t and gpgme_subkey_t have a new field, can_authenticate,
   that indicates if the key can be used for authentication.

 * gpgme_signature_t's status field is now correctly set to an error
   with error code GPG_ERR_NO_PUBKEY if public key is not found.

 * gpgme_new_signature_t's class field is now an unsigned int, rather
   than an unsigned long (the old class field is preserved for
   backwards compatibility).

 * A new function gpgme_set_locale() is provided to allow configuring
   the locale for the crypto backend.  This is necessary for text
   terminals so that programs like the pinentry can be started with
   the right locale settings for the terminal the application is running
   on, in case the terminal has different settings than the system
   default (for example, if it is a remote terminal).  You are highly
   recommended to call the following functions directly after

   #include <locale.h>

   setlocale (LC_ALL, "");
   gpgme_set_locale (NULL, LC_CTYPE, setlocale (LC_CTYPE, NULL));
   gpgme_set_locale (NULL, LC_MESSAGES, setlocale (LC_MESSAGES, NULL));

   GPGME can not do this for you, as setlocale is not thread safe, and
   there is no alternative.

 * The signal action for SIGPIPE is now set to SIG_IGN by
   gpgme_check_version, instead the first time a crypto engine is
   started (which is not well defined).

 * In the output of gpgme_hash_algo_name, change RMD160 to RIPEMD160,
   TIGER to TIGER192, CRC32-RFC1510 to CRC32RFC1510, and CRC24-RFC2440
   to CRC24RFC2440.  For now, these strings can be used as the MIC
   parameter for PGP/MIME (if appropriately modified).

Noteworthy changes in version 0.4.2 (2003-07-30)

 * Allow gpg-error to be in non-standard place when linking the test suite.

 * Configure will fail now if gpg-error can not be found.

 * Fixed initialized memory backed data objects for writing, which
   caused the test program to crash (but only on Mac OS, surprisingly).

 * Eliminate use of C99 constructs.

 * Small improvements to the manual.

Noteworthy changes in version 0.4.1 (2003-06-06)

 This is the release that 0.4.0 should have been.  There are many
 interface changes, please see below for the details.  The changes are
 sometimes the result of new functionality, but more often express a
 paradigm shift.  Others are an overdue cleanup to get GPGME in line
 with the GNU coding standards and to make the interface more
 self-consistent.  Here is an overview on the changes:

 All types have been renamed to conform to the GNU coding standards,
 most of the time by keeping the whole name in lowercase and inserting
 underscores between words.

 All operations consistently only accept input parameters in their
 invocation function, and return only an error code directly.  Further
 information about the result of the operation has to be retrieved
 afterwards by calling one of the result functions.  This unifies the
 synchronous and the asynchronous interface.

 The error values have been completely replaced by a more
 sophisticated model that allows GPGME to transparently and accurately
 report all errors from the other GnuPG components, irregardless of
 process boundaries.  This is achieved by using the library
 libgpg-errors, which is shared by all GnuPG components.  This library
 is now required for GPGME.

 The results of all operations are now provided by pointers to C
 structs rather than by XML structs or in other ways.

 Objects which used to be opaque (for example a key) are now pointers
 to accessible structs, so no accessor functions are necessary.

 Backward compatibility is provided where it was possible without too
 much effort and did not collide with the overall sanitization effort.
 However, this is only for ease of transition.  NO DEPRECATED FUNCTION
 Recommendations how to replace deprecated or removed functionality
 can be found within the description of each change.

 What follows are all changes to the interface and behaviour of GPGME
 in detail.

 * If gpgme.h is included in sources compiled by GCC 3.1 or later,
   deprecated attributes will warn about use of obsolete functions and
   type definitions.  You can suppress these warnings by passing
   -Wno-deprecated-declarations to the gcc command.

 * The following types have been renamed.  The old types are still
   available as aliases, but they are deprecated now:
	[complete list in NEWS file]

 * gpgme_error_t is now identical to gpg_error_t, the error type
   provided by libgpg-error.  More about using libgpg-error with GPGME
   can be found in the manual.  All error symbols have been removed!

 * All functions and types in libgpg-error have been wrapped in GPGME.
   The new types are gpgme_err_code_t and gpgme_err_source_t.  The new
   functions are gpgme_err_code, gpgme_err_source, gpgme_error,
   gpgme_err_make, gpgme_error_from_errno, gpgme_err_make_from_errno,
   gpgme_err_code_from_errno, gpgme_err_code_to_errno,

 * GPGME_ATTR_IS_SECRET is not anymore representable as a string.

 * GnuPG 1.2.2 is required.  The progress callback is now also invoked
   for encrypt, sign, encrypt-sign, decrypt, verify, and
   decrypt-verify operations.  For verify operations on detached
   signatures, the progress callback is invoked for both the detached
   signature and the plaintext message, though.

 * gpgme_passphrase_cb_t has been changed to not provide a complete
   description, but the UID hint, passphrase info and a flag
   indicating if this is a repeated attempt individually, so the user
   can compose his own description from this information.

   The passphrase is not returned as a C string, but must be written
   to a file descriptor directly.  This allows for secure passphrase

   The return type has been changed to gpgme_error_t value.  This
   allowed to remove the gpgme_cancel function; just return
   the error code GPG_ERR_CANCELED in the passphrase callback directly.

 * gpgme_edit_cb_t has been changed to take a file descriptor argument.
   The user is expected to write the response to the file descriptor,
   followed by a newline.

 * The recipients interface has been removed.  Instead, you use
   NULL-terminated lists of keys for specifying the recipients of an
   encryption operation.  Use the new encryption flag
   GPGME_ENCRYPT_ALWAYS_TRUST if you want to override the validity of
   the keys (but note that in general this is not a good idea).

   This change has been made to the prototypes of gpgme_op_encrypt,
   gpgme_op_encrypt_start, gpgme_op_encrypt_sign and

   The export interface has been changed to use pattern strings like
   the keylist interface.  Thus, new functions gpgme_op_export_ext and
   gpgme_op_export_ext_start have been added as well.  Now the
   prototypes of gpgme_op_export_start and gpgme_op_export finally
   make sense.

 * gpgme_op_verify and gpgme_op_decrypt_verify don't return a status
   summary anymore.  Use gpgme_get_sig_status to retrieve the individual

 * gpgme_io_cb_t changed from a void function to a function returning
   a gpgme_error_t value.  However, it will always return 0, so you
   can safely ignore the return value.

 * A new I/O callback event GPGME_EVENT_START has been added.  The new
   requirement is that you must wait until this event until you are
   allowed to call the I/O callback handlers previously registered for
   this context operation.  Calling I/O callback functions for this
   context operation before the start event happened is unsafe because
   it can lead to race conditions in a multi-threaded environment.

 * The idle function feature has been removed.  It was not precisely
   defined in a multi-threaded environment and is obsoleted by the
   user I/O callback functions.  If you still need a simple way to
   call something while waiting on one or multiple asynchronous
   operations to complete, don't set the HANG flag in gpgme_wait (note
   that this will return to your program more often than the idle
   function did).

 * gpgme_wait can return NULL even if hang is true, if an error
   occurs.  In that case *status contains the error code.

 * gpgme_get_engine_info was radically changed.  Instead an XML
   string, an info structure of the new type gpgme_engine_info_t is
   returned.  This makes it easier and more robust to evaluate the
   information in an application.

 * The new function gpgme_get_protocol_name can be used to convert a
   gpgme_protocol_t value into a string.

 * The status of a context operation is not checked anymore.  Starting
   a new operation will silently cancel the previous one.  Calling a
   function that requires you to have started an operation before without
   doing so is undefined.

 * The FPR argument to gpgme_op_genkey was removed.  Instead, use the
   gpgme_op_genkey_result function to retrieve a gpgme_genkey_result_t
   pointer to a structure which contains the fingerprint.  This also
   works with gpgme_op_genkey_start.  The structure also provides
   other information about the generated keys.

 * The new gpgme_op_import_result function provides detailed
   information about the result of an import operation in
   gpgme_import_result_t and gpgme_import_status_t objects.
   Thus, the gpgme_op_import_ext variant is deprecated.

 * The new gpgme_op_sign_result function provides detailed information
   about the result of a signing operation in gpgme_sign_result_t,
   gpgme_invalid_key_t and gpgme_new_signature_t objects.

 * The new gpgme_op_encrypt_result function provides detailed
   information about the result of an encryption operation in
   a GpgmeEncryptResult object.

 * The new gpgme_op_decrypt_result function provides detailed
   information about the result of a decryption operation in
   a GpgmeDecryptResult object.

 * The new gpgme_op_verify_result function provides detailed
   information about the result of an verify operation in
   a GpgmeVerifyResult object.  Because of this, the GPGME_SIG_STAT_*
   values, gpgme_get_sig_status, gpgme_get_sig_ulong_attr,
   gpgme_get_sig_string_attr and gpgme_get_sig_key are now deprecated,
   and gpgme_get_notation is removed.

 * GpgmeTrustItem objects have now directly accessible data, so the
   gpgme_trust_item_get_string_attr and gpgme_trust_item_get_ulong_attr
   accessor functions are deprecated.  Also, reference counting is
   available through gpgme_trust_item_ref and gpgme_trust_item_unref
   (the gpgme_trust_item_release alias for the latter is deprecated).

 * Keys are not cached internally anymore, so the force_update argument
   to gpgme_get_key has been removed.

 * GpgmeKey objects have now directly accessible data so the
   gpgme_key_get_string_attr, gpgme_key_get_ulong_attr,
   gpgme_key_sig_get_string_attr and gpgme_key_sig_get_ulong_attr
   functions are deprecated.  Also, gpgme_key_release is now
   deprecated.  The gpgme_key_get_as_xml function has been dropped.

 * Because all interfaces using attributes are deprecated, the
   GpgmeAttr data type is also deprecated.

 * The new gpgme_op_keylist_result function provides detailed
   information about the result of a key listing operation in
   a GpgmeKeyListResult object.

 * Now that each function comes with its own result retrieval
   interface, the generic gpgme_get_op_info interface is not useful
   anymore and dropped.

 * The type and mode of data objects is not available anymore.

Noteworthy changes in version 0.4.0 (2002-12-23)

 * Key generation returns the fingerprint of the generated key.

 * New convenience function gpgme_get_key.

 * Supports signatures of user IDs in keys via the new
   GPGME_KEYLIST_MODE_SIGS keylist mode and the
   gpgme_key_sig_get_string_attr and gpgme_key_sig_get_ulong_attr
   interfaces.  The XML info about a key also includes the signatures
   if available.

 * New data object interface, which is more flexible and transparent.

Lots of interface changes, for details see the included
NEWS file.

To generate a diff of this commit:
cvs rdiff -r1.13 -r1.14 pkgsrc/security/gpgme/Makefile
cvs rdiff -r1.8 -r1.9 pkgsrc/security/gpgme/PLIST
cvs rdiff -r1.4 -r1.5 pkgsrc/security/gpgme/
cvs rdiff -r1.6 -r1.7 pkgsrc/security/gpgme/distinfo
cvs rdiff -r0 -r1.3 pkgsrc/security/gpgme/patches/patch-aa

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.