---
- branch: MAIN
  date: Wed Nov 27 12:17:08 UTC 2019
  files:
  - new: '1.106'
    old: '1.105'
    path: pkgsrc/security/gnupg2/Makefile
    pathrev: pkgsrc/security/gnupg2/Makefile@1.106
    type: modified
  - new: '1.58'
    old: '1.57'
    path: pkgsrc/security/gnupg2/distinfo
    pathrev: pkgsrc/security/gnupg2/distinfo@1.58
    type: modified
  id: 20191127T121708Z.d7b7bc98772a1cbc2a2789ba0153a34e69cdc04d
  log: |
    Update to 2.2.18

    Changelog:
    Noteworthy changes in version 2.2.18 (2019-11-25)
    -------------------------------------------------

      * gpg: Changed the way keys are detected on a smartcards; this
        allows the use of non-OpenPGP cards.  In the case of a not very
        likely regression the new option --use-only-openpgp-card is
        available.  [#4681]

      * gpg: The commands --full-gen-key and --quick-gen-key now allow
        direct key generation from supported cards.  [#4681]

      * gpg: Prepare against chosen-prefix SHA-1 collisions in key
        signatures.  This change removes all SHA-1 based key signature
        newer than 2019-01-19 from the web-of-trust.  Note that this
        includes all key signature created with dsa1024 keys.  The new
        option --allow-weak-key-signatues can be used to override the new
        and safer behaviour.  [#4755,CVE-2019-14855]

      * gpg: Improve performance for import of large keyblocks.  [#4592]

      * gpg: Implement a keybox compression run.  [#4644]

      * gpg: Show warnings from dirmngr about redirect and certificate
        problems (details require --verbose as usual).

      * gpg: Allow to pass the empty string for the passphrase if the
        '--passphase=' syntax is used.  [#4633]

      * gpg: Fix printing of the KDF object attributes.

      * gpg: Avoid surprises with --locate-external-key and certain
        --auto-key-locate settings.  [#4662]

      * gpg: Improve selection of best matching key.  [#4713]

      * gpg: Delete key binding signature when deletring a subkey.
        [#4665,#4457]

      * gpg: Fix a potential loss of key sigantures during import with
        self-sigs-only active.  [#4628]

      * gpg: Silence "marked as ultimately trusted" diagnostics if
        option --quiet is used.  [#4634]

      * gpg: Silence some diagnostics during in key listsing even with
        option --verbose.  [#4627]

      * gpg, gpgsm: Change parsing of agent's pkdecrypt results.  [#4652]

      * gpgsm: Support AES-256 keys.

      * gpgsm: Fix a bug in triggering a keybox compression run if
        --faked-system-time is used.

      * dirmngr: System CA certificates are no longer used for the SKS
        pool if GNUTLS instead of NTBTLS is used as TLS library.  [#4594]

      * dirmngr: On Windows detect usability of IPv4 and IPv6 interfaces
        to avoid long timeouts.  [#4165]

      * scd: Fix BWI value for APDU level transfers to make Gemalto Ezio
        Shield and Trustica Cryptoucan work.  [#4654,#4566]

      * wkd: gpg-wks-client --install-key now installs the required policy
        file.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/security/gnupg2'
  unixtime: '1574857028'
  user: ryoon