Bug 216057 - security/gnupg: update to 2.1.17
Summary: security/gnupg: update to 2.1.17
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Adam Weinberger
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-01-14 06:20 UTC by Matthew Rezny
Modified: 2017-01-14 23:48 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (adamw)


Attachments
update security/gnupg to 2.1.17 (3.21 KB, patch)
2017-01-14 06:20 UTC, Matthew Rezny
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Matthew Rezny freebsd_committer 2017-01-14 06:20:28 UTC
Created attachment 178875 [details]
update security/gnupg to 2.1.17

Update GnuPG to 2.1.17 which resolves the following error that resulted when attempting to use the --export-ssh-key option.

gpg: Ohhhh jeeee: Assertion "ret_found_key == NULL || ret_keyblock != NULL" in lookup failed (getkey.c:3677)

The KDNS option is removed with this update because upstream dropped use of adns in favor of a bundled libdns which is used by default. Also, removed an obsolete patch.
Comment 1 Adam Weinberger freebsd_committer 2017-01-14 06:30:57 UTC
Thanks for submitting this, Matthew!

I don't know too much about their bundled libdns. My knee-jerk reaction is to provide an OPTION to turn it off. If you have an opinion on that, I'd welcome your input.
Comment 2 Matthew Rezny freebsd_committer 2017-01-14 14:54:17 UTC
(In reply to Adam Weinberger from comment #1)

The configure script understands --disable-libdns so it would be easy to add an option, but I do not see a value in the option. Without adns or libdns, dirmngr relies on the system resolver which is not ideal when using a pool of keyservers; it will keep trying to talk to a down server until the cache expires. When dirmngr is built with a DNS library, it can retrieve the complete set of servers in the pool and quickly switch to another should one go down. I do not see much reason to disable that ability and assume the option only existed because the functionality relied on an external library. Now that alternate DNS code is included into dirmngr, I see little reason to disable that as there would be no conceivable benefit from doing so.
Comment 3 commit-hook freebsd_committer 2017-01-14 23:47:31 UTC
A commit references this bug:

Author: adamw
Date: Sat Jan 14 23:46:29 UTC 2017
New revision: 431502
URL: https://svnweb.freebsd.org/changeset/ports/431502

Log:
  Update GnuPG to 2.1.17 which resolves the following error that resulted when
  attempting to use the --export-ssh-key option.

  gpg: Ohhhh jeeee: Assertion "ret_found_key == NULL || ret_keyblock != NULL" in
  lookup failed (getkey.c:3677)

  The KDNS option is removed with this update because upstream dropped use of
  adns in favor of a bundled libdns which is used by default. Also, removed an
  obsolete patch.

  PR:		216057
  Submitted by:	Matthew Rezny

Changes:
  head/security/gnupg/Makefile
  head/security/gnupg/distinfo
  head/security/gnupg/files/patch-tools_Makefile.in
  head/security/gnupg/pkg-plist
Comment 4 Adam Weinberger freebsd_committer 2017-01-14 23:48:25 UTC
Committed. Thanks for this, Matthew.