Subject: CVS commit: [pkgsrc-2006Q3] pkgsrc/security/gnupg
To: None <>
From: Geert Hendrickx <>
List: pkgsrc-changes
Date: 12/07/2006 13:54:38
Module Name:	pkgsrc
Committed By:	ghen
Date:		Thu Dec  7 13:54:38 UTC 2006

Modified Files:
	pkgsrc/security/gnupg [pkgsrc-2006Q3]: Makefile PLIST distinfo
Removed Files:
	pkgsrc/security/gnupg/patches [pkgsrc-2006Q3]: patch-al

Log Message:
Pullup ticket 1944 - requested by wiz
security update for gnupg

- pkgsrc/security/gnupg/Makefile		1.93
- pkgsrc/security/gnupg/PLIST			1.20
- pkgsrc/security/gnupg/distinfo		1.45
- pkgsrc/security/gnupg/patches/patch-al	removed

   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Wed Dec  6 23:00:46 UTC 2006

   Modified Files:
	pkgsrc/security/gnupg: Makefile PLIST distinfo
   Removed Files:
	pkgsrc/security/gnupg/patches: patch-al

   Log Message:
   Update to 1.4.6:

   Noteworthy changes in version 1.4.6 (2006-12-06)

       * Fixed a serious and exploitable bug in processing encrypted
         packages. [CVE-2006-6235].

       * Fixed a buffer overflow in gpg. [bug#728, CVE-2006-6169]
   	(already fixed in pkgsrc)

       * Fixed a bug while decrypting certain compressed and encrypted
         messages. [bug#537]

       * Added --s2k-count to set the number of times passphrase mangling
         is repeated.  The default is 65536 times.

       * Added --passphrase-repeat to set the number of times GPG will
         prompt for a new passphrase to be repeated.  This is useful to
         help memorize a new passphrase.  The default is 1 repetition.

       * Added a GPL license exception to the keyserver helper programs
         gpgkeys_ldap, gpgkeys_curl, and gpgkeys_hkp, to clarify any
         potential questions about the ability to distribute binaries
         that link to the OpenSSL library.  GnuPG does not link directly
         to OpenSSL, but libcurl (used for HKP, HTTP, and FTP) and
         OpenLDAP (used for LDAP) may.  Note that this license exception
         is considered a bug fix and is intended to forgive any
         violations pertaining to this issue, including those that may
         have occurred in the past.

       * Man pages are now build from the same source as those of GnuPG-2.

To generate a diff of this commit:
cvs rdiff -r1.90.2.1 -r1.90.2.2 pkgsrc/security/gnupg/Makefile
cvs rdiff -r1.19 -r1.19.2.1 pkgsrc/security/gnupg/PLIST
cvs rdiff -r1.43.2.1 -r1.43.2.2 pkgsrc/security/gnupg/distinfo
cvs rdiff -r1.1.2.1 -r0 pkgsrc/security/gnupg/patches/patch-al

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.