• https://www.gnupg.org/ftp/gcrypt/gnupg/ (Download)
• https://mirrors.dotsrc.org/gcrypt/gnupg/ (Download)
• ftp://ftp.gnupg.org/gcrypt/gnupg/ (Download)

• ldap

• (2020-10-06) Updated to version: gnupg-2.2.23
• (2018-06-13) Updated to version: gnupg-1.4.23
• (2017-10-20) Updated to version: gnupg-1.4.22
• (2016-08-26) Updated to version: gnupg-1.4.21
• (2015-03-01) Updated to version: gnupg-1.4.19
• (2015-01-05) Updated to version: gnupg-1.4.18
• (2014-06-27) Updated to version: gnupg-1.4.17
• (2013-12-20) Updated to version: gnupg-1.4.16
• (2013-11-17) Updated to version: gnupg-1.4.15
• (2013-01-06) Updated to version: gnupg-1.4.13

Log message:
Remove gnupg-1.4 and replace it with gnupg-2
gnupg-1.4 is not developed actively anymore, and new software expects
a modern "gpg" executable, which leads to pointless patches in the ports
tree.  Move the various users of security/gnupg2 to security/gnupg and
zap patches that forced the use of "gpg2".
Crusade started by edd@ (security/gnupg maintainer), gnupg->gnupg2 test
reports from semarie@, giovanni@ and solene@, input and bulk build by
sthen@.  ok sthen@ edd@ (maintainer)

Log message:
Drop maintainership
Being listed as the maintainer kinda implies that I care, but I don't:
I haven't used gpg1 for years.  In fact, it's been years since I think
this port ought to be removed and the tree should be moved to
security/gnupg2.  But someone has to do that work.

Log message:
gnupg: fix the build on macppc with clang:
- add `-fheinous-gnu-extensions' as seen on some other archs
- add a patch to remove the `-Wa,-mppc' flag, because clang's
integrated assembler was unhappy with it. Proposed by jca@,
instead of using `-no-integrated-as'.
OK jca@ (maintainer)

Log message:
Fix build with clang on mips64.
OK jca@

Log message:
Move the ports I maintain to PERMIT_PACKAGE

Log message:
Update gettext to 0.20.1.
Follow the upstream recommendations for packagers and switch to
multi-packages:
devel/gettext       -> devel/gettext,-runtime
devel/gettext-tools -> devel/gettext,-tools
(new)                  devel/gettext,-textstyle

Log message:
update curses WANTLIB entries following the change in base libraries to use soname

Log message:
bump ports known/suspected to be affected by issue with libedit/libreadline
and termcap on lld arches.

Log message:
enable the included PIC assembly code to fix text relocations on i386

Log message:
SECURITY update to gnupg-1.4.23
Fix for CVE-2017-7526 - Sanitize the diagnostic output of the original
file name in verbose mode.

Log message:
SECURITY update to gnupg-1.4.23
Fix for CVE-2017-7526 - Sanitize the diagnostic output of the original
file name in verbose mode.

Log message:
Tweak the HOMEPAGE of gnupg.org ports
- move to https
- use the per-project canonical homepage (reachable thru the main
- homepage; pinentry doesn't seem to have such homepage)
ok pea@ ajacoutot@

Log message:
Drop unneeded casts in inline asm to fix the build with clang on armv7
Fix from Markus Hennecke (thanks!), similar changes available in
upstream libgcrypt.

Log message:
fix security/gnupg build on i386+clang with -fheinous-gnu-extensions.
from FreeBSD.  ok jca@

Log message:
sync WANTLIB (and in one case, add gettext to LIB_DEPENDS) in dependent ports
now that internationalised domain name support has been removed from net/curl

Log message:
rename MASTER_SITES_GNUPG to MASTER_SITE_GNUPG, like all the others

Log message:
Drop the gettext module from gnupg.org ports

Log message:
SECURITY fix for CVE-2016-6313 (actual fix)
I failed to add the patch with the security fix in the previous commit.
Spotted by Markus Lude.

Log message:
Extra patch that snuck in.
Spotted by Markus Lude.

Log message:
SECURITY fix for CVE-2016-6313
* Fix critical security bug in the RNG [CVE-2016-6313].  An attacker
who obtains 580 bytes from the standard RNG can trivially predict
the next 20 bytes of output.  Problem detected by Felix Dörre and
Vladimir Klebanov, KIT.

Log message:
SECURITY fix for CVE-2016-6313
* Fix critical security bug in the RNG [CVE-2016-6313].  An attacker
who obtains 580 bytes from the standard RNG can trivially predict
the next 20 bytes of output.  Problem detected by Felix Dörre and
Vladimir Klebanov, KIT.

Log message:
SECURITY update to gnupg-1.4.21
CVE-2016-6313:  * Fix critical security bug in the RNG [CVE-2016-6313].
An attacker who obtains 580 bytes from the standard RNG can trivially
predict  the next 20 bytes of output.  Problem detected by Felix
Dörre and Vladimir Klebanov, KIT.
Main behavior changes:
- CAST5 -> AES for symmetric encryption
- MD5 sigs rejected by default
ok danj@

Log message:
add is-branch to all trivial ports that exist as multiple branches.

Log message:
drop workaround for static linking

Log message:
WANTLIB sync, missed from the big batch of curl nghttp2

Log message:
SECURITY backport for gnupg-1.4.17
This merge two fixes from gnupg-1.4.19:
* Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
* Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical].
ok jasper@

Log message:
SECURITY update to gnupg-1.4.19
* Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
* Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical].
This update introduces additional fixes and features, see
http://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html
ok sthen@

Log message:
Update to gnupg-1.4.18 and take maintainership.
* fix regression in --recv-key {multiple keys}
* cap the sizes for automatic key generation
While here, delete unneeded do-test target.
"looks ok" sthen@, ok daniel@

Log message:
use PKGSPEC, every dependent port uses this

Log message:
new depends

Log message:
more WANTLIB

Log message:
Bugfixes update to 1.4.11
ok benoit@

Log message:
USE_GROFF=Yes

Log message:
- reset maintainer, requested by reinhard@

Log message:
Avoid conflict with gnupg2. Like this you can install both in the same time.
ok aja@, jasper@

Log message:
update to 1.4.10.
From Pierre-Emmanuel Andri <pea@raveland.org>
OK reinhard@

Log message:
SECURITY UPDATE to gnupg 1.4.9
http://secunia.com/advisories/29568/
tested by many, thanks!

Log message:
Update to gnupg-1.4.8. (GPLv3 now)
ok steven@

Log message:
Remove surrounding quotes in NO_REGRESS/COMMENT*/PERMIT_*
From Darrin Chandler

Log message:
chase wantlib changes after curl update

Log message:
update to 1.4.7
feedback and ok bernd@

Log message:
more base64 checksums

Log message:
adjust another texinfo file so it does not leave entries behind.
rerun makesum while here.
from Moritz Grimm <mlist at scapa.dnsalias.net>
ok espie@

Log message:
Update to gnupg-1.4.6.
ok steven@

Log message:
MFC:
Security fix:
remotely controllable function pointer [CVE-2006-6235]
from Werner Koch via fsf announce

Log message:
MFC:
Security fix:
remotely controllable function pointer [CVE-2006-6235]
from Werner Koch via fsf announce

Log message:
Security fix:
remotely controllable function pointer [CVE-2006-6235]
from Werner Koch via fsf announce
ok steven

Log message:
MFC:
Security fix for a buffer overflow when running gnupg in interactive mode.
More info:
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html

Log message:
MFC:
Security fix for a buffer overflow when running gnupg in interactive mode.
More info:
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html

Log message:
Security fix for a buffer overflow when running gnupg in interactive mode.
More info:
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html

Log message:
backport from gnupg 1.4.5 which fixes a denial of service vulnerability
(CVE-2006-3746)
For more information see:
http://secunia.com/advisories/21297/
http://lists.gnupg.org/pipermail/gnupg-announce/2006q3/000229.html

Log message:
backport from gnupg 1.4.5 which fixes a denial of service vulnerability
(CVE-2006-3746)
For more information see:
http://secunia.com/advisories/21297/
http://lists.gnupg.org/pipermail/gnupg-announce/2006q3/000229.html

Log message:
Security update to gnupg-1.4.5. (CVE-2006-3746)
This fixes a denial of service vulnerability.
For more information see:
http://secunia.com/advisories/21297/
http://lists.gnupg.org/pipermail/gnupg-announce/2006q3/000229.html
okay espie@

Log message:
new lib specs

Log message:
Update to gnupg-1.4.4.
ok reinhard@ (MAINTAINER), "looks good" steven@

Log message:
MFC:
Security update! Fixes an integer overflow. (CVE-2006-3082)
Detailed information: http://secunia.com/advisories/20783/
Diff from gnupg CVS.

Log message:
MFC:
Security update! Fixes an integer overflow. (CVE-2006-3082)
Detailed information: http://secunia.com/advisories/20783/
Diff from gnupg CVS.

Log message:
Security update! Fixes an integer overflow. (CVE-2006-3082)
Detailed information: http://secunia.com/advisories/20783/
Diff from gnupg CVS.
ok sturm@

Log message:
security update to gnupg-1.4.2.2
from gnupg.org:
Signature verification of non-detached signatures may give a positive
result but when extracting the signed data, this data may be prepended
or appended with extra data not covered by the signature.  Thus it is
possible for an attacker to take any signed message and inject extra
arbitrary data.

Log message:
- Update to gnupg-1.4.3
- Add ldap FLAVOR
- Describe the FLAVORs in pkg/DESCR
ok steven@

Log message:
MFC:
security update to gnupg-1.4.2.2
from gnupg.org:
Signature verification of non-detached signatures may give a positive
result but when extracting the signed data, this data may be prepended
or appended with extra data not covered by the signature.  Thus it is
possible for an attacker to take any signed message and inject extra
arbitrary data.

Log message:
MFC:
security update to gnupg-1.4.2.2
from gnupg.org:
Signature verification of non-detached signatures may give a positive
result but when extracting the signed data, this data may be prepended
or appended with extra data not covered by the signature.  Thus it is
possible for an attacker to take any signed message and inject extra
arbitrary data.

Log message:
security update to gnupg-1.4.2.2
from gnupg.org:
Signature verification of non-detached signatures may give a positive
result but when extracting the signed data, this data may be prepended
or appended with extra data not covered by the signature.  Thus it is
possible for an attacker to take any signed message and inject extra
arbitrary data.

Log message:
MFC:
security update to 1.4.2.1
The security issue is caused due to "gpgv" exiting with a return code
of 0 even if the detached signature file did not carry any signature.
This may result in certain scripts that use "gpgv" to conclude that
the signature is correctly verified.
More info: http://secunia.com/advisories/18845/

Log message:
MFC:
security update to 1.4.2.1
The security issue is caused due to "gpgv" exiting with a return code
of 0 even if the detached signature file did not carry any signature.
This may result in certain scripts that use "gpgv" to conclude that
the signature is correctly verified.
More info: http://secunia.com/advisories/18845/

Log message:
security update to 1.4.2.1
The security issue is caused due to "gpgv" exiting with a return code
of 0 even if the detached signature file did not carry any signature.
This may result in certain scripts that use "gpgv" to conclude that
the signature is correctly verified.
More info: http://secunia.com/advisories/18845/
ok bernd@ pvalchev@

Log message:
Since we have swap encryption on OpenBSD, only warn about insecure
memory if swap encryption is disabled. (It's enabled by default.)
This supersedes pkg/MESSAGE.
Regen patches with update-patches while I'm here. Bump PKGNAME.
idea and ok espie@

Log message:
sync MESSAGE with reality
from Antoine Jacoutot <ajacoutot at lphp.org>
maintainer timeout

Log message:
SECURITY: update to 1.4.1
fix a openpgp protocol vulnerability
http://www.vuxml.org/openbsd/be6057f4-9ecf-11d9-82a1-00065bd5b0b6.html
ok brad@

Log message:
don't build the homegrown assembler modules on m68k platforms

Log message:
SECURITY:
update to 1.4.1; fix a openpgp protocol vulnerability
http://www.vuxml.org/openbsd/be6057f4-9ecf-11d9-82a1-00065bd5b0b6.html
ok brad@

Log message:
SECURITY:
update to 1.4.1; fix a openpgp protocol vulnerability
http://www.vuxml.org/openbsd/be6057f4-9ecf-11d9-82a1-00065bd5b0b6.html
ok brad@

Log message:
minor dependency nits (make sure we don't pick libusb, and readline
now pulls in termcap and not ncurses)

Log message:
SECURITY:
update to 1.4.1; fix a openpgp protocol vulnerability
http://www.vuxml.org/openbsd/be6057f4-9ecf-11d9-82a1-00065bd5b0b6.html

Log message:
- Add bzip2 to dependency list (from Okan Demirmen <okan@demirmen.com>)
- Fix libintl/libiconv linking
- Don't include bundled libintl headers
- Update WANTLIB marker
- Bump PKGNAME
help & go ahead espie@

Log message:
don't use gnupg's own iconv library

Log message:
update to GnuPG 1.4, new FLAVOR "card" to support usb card readers
initial version from Chris K. Young <cky at pobox.com>, adapted to
-current by Alec Berryman <alec at thened.net>
ok maintainer reinhard@

Log message:
proper SUPDISTFILES, restore checksums

Log message:
SIZE

Log message:
Add WANTLIB markers

Log message:
new plists.
gnutls depends on lzo.

Log message:
new-style MODULES.

Log message:
fix up MODGNU_CONFIG_GUESS_DIRS

Log message:
remove workaround for gcc2.95/sparc64 optimizer bug: sha1.c compiles fine now

Log message:
@dirrm shared directories

Log message:
remove WWW lines

Log message:
MFC:
Security fix:
Add workaround for GnuPG's ElGamal signing keys bug.
URL: http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html

Log message:
MFC:
Security fix:
Add workaround for GnuPG's ElGamal signing keys bug.
URL: http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html

Log message:
Security fix:
Add workaround for GnuPG's ElGamal signing keys bug.
URL: http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html

Log message:
MFC:
upgrade to gnupg 1.2.2
A bug was discovered in the key validation code.  This bug causes keys
with more than one user ID to give all user IDs on the key the amount
of validity given to the most-valid key.
http://marc.theaimsgroup.com/?l=bugtraq&m=105215110111174&w=2

Log message:
run these tests as part of the regression target.

Log message:
A bug was discovered in the key validation code.  This bug causes keys
with more than one user ID to give all user IDs on the key the amount
of validity given to the most-valid key.
http://marc.theaimsgroup.com/?l=bugtraq&m=105215110111174&w=2

Log message:
re-add IDEA flavor; ok sturm@

Log message:
upgrade to gnupg 1.2.2
A bug was discovered in the key validation code.  This bug causes keys
with more than one user ID to give all user IDs on the key the amount
of validity given to the most-valid key.
http://marc.theaimsgroup.com/?l=bugtraq&m=105215110111174&w=2
--
MAINTAINER ok

Log message:
adapt to new gas syntax for i386's switch to ELF

Log message:
no longer used idea flavour patches

Log message:
update MASTER_SITES; inspired by Xavier Santolaria <xsa@ucmb.ulb.ac.be>

Log message:
cast NULL sentinel to void * so it is 64bit on alpha & sparc64

Log message:
gnupg-1.2.1 update
tested on macppc, i386
ok reinhard@

Log message:
powerpc does require pic flags when building shared library, do not remove
them during config. ok pvalchev@