Bring over changes from source of truth in pkgsrc - bump version to 20200503

Update netpgpverify and libnetpgpverify to version 20200503

ensure all exported functions use a unique prfix, so that they don't
conflict with symbols (both data and text) in libcrypto. this works for
statically linked binaries and libraries, rather then the version map which
only works for dynalically-linked.

Update netpgpverify sources in base from 20160617 to 20170201 (i.e. bring
over changes from master sources in pkgsrc/security/netpgpverify, version 20170201):

Changes:

Update netpgpverify (and libnetpgpverify) to 20160614
+ handle signatures created by gpg with "--no-emit-version", don't assume
there will always be a version string.
+ add a test for above
Fixes security PR 51240.
Thanks to xnox@ubuntu.com for reporting the error

Update netpgpverify and libnetpgpverify to 20160615:
Simplify the method of finding the end of the versioning information
in the signature - back up to the "\n" character at the end of the
signature start:

"-----BEGIN PGP SIGNATURE-----\n"

and then find the "\n\n" character sequence to denote the start of the
signature itself. The previous version worked, but this is more efficient.

Update netpgpverify and libnetpgpverify to 20160616
+ bring over joerg's printflike change from the netpgpverify
version in src/crypto
+ add a test for cleartext signatures with version information
to complement the one with no version information

Update netpgpverify and libnetpgpverify to 20160622 during freeze to fix PR 51262
+ take a bit of a step backwards, and don't use stdbool.h, just to appease
Solaris 10 compiler

Update netpgpverify and libnetpgpverify to 20160623
+ remove use of asprintf and vasprintf from libverify. Inspired
by work from Dimitri John Ledkov. Should allow building on Linux
without superfluous definitions.
+ also free the BIGNUM struct in PGPV_BN_clear() - from Dimitri
John Ledkov

Update netpgpverify and libnetpgpverify to 20160626
+ make the pgpv_t and pgpv_cursor_t structures opaque
+ add new accessor functions for fields in the pgpv_cursor_t struct
+ add new creation functions for the pgpv_t and pgpv_cursor_t structs

Update netpgpverify and libnetpgpverify to 20160704
+ get rid of redundant PGPV_ARRAY definition in libverify.c, brought in when
the definitions moved from verify.h
+ fix obuf_add_mem() to use a const void *, as any struct can be
dumped using it
+ remove redundant NO_SUBKEYS definition - unused
+ add an (unused as yet) ARRAY_FREE() macro

Update netpgpverify and libnetpgpverify to 20160705
External API changes
====================
+ add a pgpv_cursor_close() function to free resources associated with
a cursor
Better memory management
========================
+ restructure the way dynamic arrays are used, to avoid memory
corruption issues and memory leaks - keep all dynamic arrays in the global
data structure, and use indices in the other data structures to index them.
Means lack of data localisation, but avoids stale pointers, and leaks.
+ make signer field of signature a uint8_t array, rather than a pointer
+ use our own version of strdup(3) - don't depend on it being
available in standard library
+ keep track of whether litdata filenames and userid were allocated or not,
and free memory in pgpv_close() if it was allocated
+ free up allocated resources which were allocated in pgpv_close()

Update netpgpverify and libnetpgpverify to 20160706
+ 20160705 introduced a bug whereby a key subid would match and verify
fine, but, if formatted, would not display the correct subkey
information. Fix to show the correct information in this case.

Update netpgpverify and libnetpgpverify to 20160707 to fix some
unusual build errors shown by old gcc versions (works fine for
gcc-5.2.1 on ubuntu and gcc-5.3.0 on NetBSD 7.99.32)
+ use ULL suffix on unsigned 64bit constants, not UL
+ don't typedef the public structs twice - second time just define it
without the typedef
Fixes PR 51327

Update netpgpverify and libnetpgpverify to 20160708
+ clear and free bignums properly - helps immensely with plugging
memory leaks

Update netpgpverify and libnetpgpverify to 20160828
+ bring over change from christos in src/crypto to check for
the end of an ASCII-armored signature
+ no need for namespace protection in array.h any more, now
that netpgp/verify.h now contains opaque structures
+ minor typo clean-up in a definition (benign, ignored by compiler)

update netpgpverify and libnetpgpverify to 20170201
+ make sure howmany() macro is defined
pointed out by cube - thanks!

branches: 1.6.2; 1.6.4;
Update netpgpverify to 20160616:

+ Bring over change from pkgsrc to add version.asc signature verification
to complement the noversion.asc cleartext signatures

+ Update version to 20160616

Sync with pkgsrc sources as of version 20160614

+ pick up renaming changes to internal routines
+ fix for issue verifying signatures created by gpg --no-emit-version
+ add test for same

Sync the src version of netpgpverify with the version in pkgsrc

> ----------------------------
> revision 1.10
> date: 2015-02-04 16:58:02 -0800; author: agc; state: Exp; lines: +1 -0; commitid: 0v3HoBPFTnhDSK8y;
> appease compiler warning police - initialise a variable in case it's otherwise
> "used uninitialised". ride previous version bump.
> ----------------------------
> revision 1.9
> date: 2015-02-04 16:21:57 -0800; author: agc; state: Exp; lines: +48 -21; commitid: ElUADrlljB46GK8y;
> Update netpgpverify (and libnetpgpverify) to version 20150205
>
> + recognise signatures made by subkeys as well as by primary keys
>
> + print out the relevant key which signed the file, even if it's
> a subkey and not the primary key itself.
>
> + keep the same API as before
>
> with many thanks to Jonathan Perkin
> ----------------------------
> revision 1.8
> date: 2015-02-03 13:34:57 -0800; author: agc; state: Exp; lines: +1 -3; commitid: 6qTclEbv7hmZMB8y;
> Update netpgpverify, and libnetpgpverify, to 20150204
>
> + dump the huge output in testing script to /dev/null so that we can
> see what's happening with the other tests in testit.sh
>
> + fix from jperkin@, don't try to be clever when selecting the only
> key id in a keyring
>
> + add a test for single key (non-ssh) pubring
> ----------------------------
> revision 1.7
> date: 2015-02-03 13:13:17 -0800; author: agc; state: Exp; lines: +3 -0; commitid: ztXbqAi9ocXGFB8y;
> Update netpgpverify, and libnetpgpverify, to 20150203
>
> + portability fixes to make netpgpverify build on freebsd 10.1 with WARNS=5
>
> + fixed an oversight in the testit.sh script

catch up with pkgsrc, update netpgpverify to 20150115:

+ add '-c dump' command to do a packet dump of the input

Bring over the 20141204 portable version of netpgpverify from pkgsrc

+ Remove unused logmessage helper function

+ Add pgpv_get_cursor_element for easier manipulation of results
returned.

+ libnetpgpverify(3) man page improvements

+ Standardise on WARNS=5 settings (6 is too intrusive and distracting)

+ Also install the library and header file for netpgpverify. This
allows scripting languages to use the same verification methods via a
shared library, rather than being forced to exec the netpgpverify(1)
command line utility.

+ libnetpgpverify is now a standalone library, and requires no
pre-requsisite libraries to function

branches: 1.1.4; 1.1.6; 1.1.8;
Bring over the standalone netpgpverify sources from
pkgsrc/security/netpgpverify.

No functional change.

Update netpgpverify sources in base from 20160617 to 20170201 (i.e. bring
over changes from master sources in pkgsrc/security/netpgpverify, version 20170201):

Changes:

Update netpgpverify (and libnetpgpverify) to 20160614
+ handle signatures created by gpg with "--no-emit-version", don't assume
there will always be a version string.
+ add a test for above
Fixes security PR 51240.
Thanks to xnox@ubuntu.com for reporting the error

Update netpgpverify and libnetpgpverify to 20160615:
Simplify the method of finding the end of the versioning information
in the signature - back up to the "\n" character at the end of the
signature start:

"-----BEGIN PGP SIGNATURE-----\n"

and then find the "\n\n" character sequence to denote the start of the
signature itself. The previous version worked, but this is more efficient.

Update netpgpverify and libnetpgpverify to 20160616
+ bring over joerg's printflike change from the netpgpverify
version in src/crypto
+ add a test for cleartext signatures with version information
to complement the one with no version information

Update netpgpverify and libnetpgpverify to 20160622 during freeze to fix PR 51262
+ take a bit of a step backwards, and don't use stdbool.h, just to appease
Solaris 10 compiler

Update netpgpverify and libnetpgpverify to 20160623
+ remove use of asprintf and vasprintf from libverify. Inspired
by work from Dimitri John Ledkov. Should allow building on Linux
without superfluous definitions.
+ also free the BIGNUM struct in PGPV_BN_clear() - from Dimitri
John Ledkov

Update netpgpverify and libnetpgpverify to 20160626
+ make the pgpv_t and pgpv_cursor_t structures opaque
+ add new accessor functions for fields in the pgpv_cursor_t struct
+ add new creation functions for the pgpv_t and pgpv_cursor_t structs

Update netpgpverify and libnetpgpverify to 20160704
+ get rid of redundant PGPV_ARRAY definition in libverify.c, brought in when
the definitions moved from verify.h
+ fix obuf_add_mem() to use a const void *, as any struct can be
dumped using it
+ remove redundant NO_SUBKEYS definition - unused
+ add an (unused as yet) ARRAY_FREE() macro

Update netpgpverify and libnetpgpverify to 20160705
External API changes
====================
+ add a pgpv_cursor_close() function to free resources associated with
a cursor
Better memory management
========================
+ restructure the way dynamic arrays are used, to avoid memory
corruption issues and memory leaks - keep all dynamic arrays in the global
data structure, and use indices in the other data structures to index them.
Means lack of data localisation, but avoids stale pointers, and leaks.
+ make signer field of signature a uint8_t array, rather than a pointer
+ use our own version of strdup(3) - don't depend on it being
available in standard library
+ keep track of whether litdata filenames and userid were allocated or not,
and free memory in pgpv_close() if it was allocated
+ free up allocated resources which were allocated in pgpv_close()

Update netpgpverify and libnetpgpverify to 20160706
+ 20160705 introduced a bug whereby a key subid would match and verify
fine, but, if formatted, would not display the correct subkey
information. Fix to show the correct information in this case.

Update netpgpverify and libnetpgpverify to 20160707 to fix some
unusual build errors shown by old gcc versions (works fine for
gcc-5.2.1 on ubuntu and gcc-5.3.0 on NetBSD 7.99.32)
+ use ULL suffix on unsigned 64bit constants, not UL
+ don't typedef the public structs twice - second time just define it
without the typedef
Fixes PR 51327

Update netpgpverify and libnetpgpverify to 20160708
+ clear and free bignums properly - helps immensely with plugging
memory leaks

Update netpgpverify and libnetpgpverify to 20160828
+ bring over change from christos in src/crypto to check for
the end of an ASCII-armored signature
+ no need for namespace protection in array.h any more, now
that netpgp/verify.h now contains opaque structures
+ minor typo clean-up in a definition (benign, ignored by compiler)

update netpgpverify and libnetpgpverify to 20170201
+ make sure howmany() macro is defined
pointed out by cube - thanks!

branches: 1.6.2; 1.6.4;
Update netpgpverify to 20160616:

+ Bring over change from pkgsrc to add version.asc signature verification
to complement the noversion.asc cleartext signatures

+ Update version to 20160616

Sync with pkgsrc sources as of version 20160614

+ pick up renaming changes to internal routines
+ fix for issue verifying signatures created by gpg --no-emit-version
+ add test for same

Sync the src version of netpgpverify with the version in pkgsrc

> ----------------------------
> revision 1.10
> date: 2015-02-04 16:58:02 -0800; author: agc; state: Exp; lines: +1 -0; commitid: 0v3HoBPFTnhDSK8y;
> appease compiler warning police - initialise a variable in case it's otherwise
> "used uninitialised". ride previous version bump.
> ----------------------------
> revision 1.9
> date: 2015-02-04 16:21:57 -0800; author: agc; state: Exp; lines: +48 -21; commitid: ElUADrlljB46GK8y;
> Update netpgpverify (and libnetpgpverify) to version 20150205
>
> + recognise signatures made by subkeys as well as by primary keys
>
> + print out the relevant key which signed the file, even if it's
> a subkey and not the primary key itself.
>
> + keep the same API as before
>
> with many thanks to Jonathan Perkin
> ----------------------------
> revision 1.8
> date: 2015-02-03 13:34:57 -0800; author: agc; state: Exp; lines: +1 -3; commitid: 6qTclEbv7hmZMB8y;
> Update netpgpverify, and libnetpgpverify, to 20150204
>
> + dump the huge output in testing script to /dev/null so that we can
> see what's happening with the other tests in testit.sh
>
> + fix from jperkin@, don't try to be clever when selecting the only
> key id in a keyring
>
> + add a test for single key (non-ssh) pubring
> ----------------------------
> revision 1.7
> date: 2015-02-03 13:13:17 -0800; author: agc; state: Exp; lines: +3 -0; commitid: ztXbqAi9ocXGFB8y;
> Update netpgpverify, and libnetpgpverify, to 20150203
>
> + portability fixes to make netpgpverify build on freebsd 10.1 with WARNS=5
>
> + fixed an oversight in the testit.sh script

catch up with pkgsrc, update netpgpverify to 20150115:

+ add '-c dump' command to do a packet dump of the input

Bring over the 20141204 portable version of netpgpverify from pkgsrc

+ Remove unused logmessage helper function

+ Add pgpv_get_cursor_element for easier manipulation of results
returned.

+ libnetpgpverify(3) man page improvements

+ Standardise on WARNS=5 settings (6 is too intrusive and distracting)

+ Also install the library and header file for netpgpverify. This
allows scripting languages to use the same verification methods via a
shared library, rather than being forced to exec the netpgpverify(1)
command line utility.

+ libnetpgpverify is now a standalone library, and requires no
pre-requsisite libraries to function

branches: 1.1.4; 1.1.6; 1.1.8;
Bring over the standalone netpgpverify sources from
pkgsrc/security/netpgpverify.

No functional change.

Update netpgpverify to 20160616:

+ Bring over change from pkgsrc to add version.asc signature verification
to complement the noversion.asc cleartext signatures

+ Update version to 20160616

Sync with pkgsrc sources as of version 20160614

+ pick up renaming changes to internal routines
+ fix for issue verifying signatures created by gpg --no-emit-version
+ add test for same

Sync the src version of netpgpverify with the version in pkgsrc

> ----------------------------
> revision 1.10
> date: 2015-02-04 16:58:02 -0800; author: agc; state: Exp; lines: +1 -0; commitid: 0v3HoBPFTnhDSK8y;
> appease compiler warning police - initialise a variable in case it's otherwise
> "used uninitialised". ride previous version bump.
> ----------------------------
> revision 1.9
> date: 2015-02-04 16:21:57 -0800; author: agc; state: Exp; lines: +48 -21; commitid: ElUADrlljB46GK8y;
> Update netpgpverify (and libnetpgpverify) to version 20150205
>
> + recognise signatures made by subkeys as well as by primary keys
>
> + print out the relevant key which signed the file, even if it's
> a subkey and not the primary key itself.
>
> + keep the same API as before
>
> with many thanks to Jonathan Perkin
> ----------------------------
> revision 1.8
> date: 2015-02-03 13:34:57 -0800; author: agc; state: Exp; lines: +1 -3; commitid: 6qTclEbv7hmZMB8y;
> Update netpgpverify, and libnetpgpverify, to 20150204
>
> + dump the huge output in testing script to /dev/null so that we can
> see what's happening with the other tests in testit.sh
>
> + fix from jperkin@, don't try to be clever when selecting the only
> key id in a keyring
>
> + add a test for single key (non-ssh) pubring
> ----------------------------
> revision 1.7
> date: 2015-02-03 13:13:17 -0800; author: agc; state: Exp; lines: +3 -0; commitid: ztXbqAi9ocXGFB8y;
> Update netpgpverify, and libnetpgpverify, to 20150203
>
> + portability fixes to make netpgpverify build on freebsd 10.1 with WARNS=5
>
> + fixed an oversight in the testit.sh script

catch up with pkgsrc, update netpgpverify to 20150115:

+ add '-c dump' command to do a packet dump of the input

Bring over the 20141204 portable version of netpgpverify from pkgsrc

+ Remove unused logmessage helper function

+ Add pgpv_get_cursor_element for easier manipulation of results
returned.

+ libnetpgpverify(3) man page improvements

+ Standardise on WARNS=5 settings (6 is too intrusive and distracting)

+ Also install the library and header file for netpgpverify. This
allows scripting languages to use the same verification methods via a
shared library, rather than being forced to exec the netpgpverify(1)
command line utility.

+ libnetpgpverify is now a standalone library, and requires no
pre-requsisite libraries to function

branches: 1.1.4; 1.1.6; 1.1.8;
Bring over the standalone netpgpverify sources from
pkgsrc/security/netpgpverify.

No functional change.

Sync the src version of netpgpverify with the version in pkgsrc

> ----------------------------
> revision 1.10
> date: 2015-02-04 16:58:02 -0800; author: agc; state: Exp; lines: +1 -0; commitid: 0v3HoBPFTnhDSK8y;
> appease compiler warning police - initialise a variable in case it's otherwise
> "used uninitialised". ride previous version bump.
> ----------------------------
> revision 1.9
> date: 2015-02-04 16:21:57 -0800; author: agc; state: Exp; lines: +48 -21; commitid: ElUADrlljB46GK8y;
> Update netpgpverify (and libnetpgpverify) to version 20150205
>
> + recognise signatures made by subkeys as well as by primary keys
>
> + print out the relevant key which signed the file, even if it's
> a subkey and not the primary key itself.
>
> + keep the same API as before
>
> with many thanks to Jonathan Perkin
> ----------------------------
> revision 1.8
> date: 2015-02-03 13:34:57 -0800; author: agc; state: Exp; lines: +1 -3; commitid: 6qTclEbv7hmZMB8y;
> Update netpgpverify, and libnetpgpverify, to 20150204
>
> + dump the huge output in testing script to /dev/null so that we can
> see what's happening with the other tests in testit.sh
>
> + fix from jperkin@, don't try to be clever when selecting the only
> key id in a keyring
>
> + add a test for single key (non-ssh) pubring
> ----------------------------
> revision 1.7
> date: 2015-02-03 13:13:17 -0800; author: agc; state: Exp; lines: +3 -0; commitid: ztXbqAi9ocXGFB8y;
> Update netpgpverify, and libnetpgpverify, to 20150203
>
> + portability fixes to make netpgpverify build on freebsd 10.1 with WARNS=5
>
> + fixed an oversight in the testit.sh script

catch up with pkgsrc, update netpgpverify to 20150115:

+ add '-c dump' command to do a packet dump of the input

Bring over the 20141204 portable version of netpgpverify from pkgsrc

+ Remove unused logmessage helper function

+ Add pgpv_get_cursor_element for easier manipulation of results
returned.

+ libnetpgpverify(3) man page improvements

+ Standardise on WARNS=5 settings (6 is too intrusive and distracting)

+ Also install the library and header file for netpgpverify. This
allows scripting languages to use the same verification methods via a
shared library, rather than being forced to exec the netpgpverify(1)
command line utility.

+ libnetpgpverify is now a standalone library, and requires no
pre-requsisite libraries to function

branches: 1.1.4; 1.1.6; 1.1.8;
Bring over the standalone netpgpverify sources from
pkgsrc/security/netpgpverify.

No functional change.

Rebase to HEAD as of a few days ago.

file Makefile.bsd was added on branch tls-maxphys on 2014-08-19 23:45:23 +0000

Pull up following revision(s) (requested by agc in ticket #297):
crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.h: revision 1.3
crypto/external/bsd/netpgp/dist/src/netpgpverify/rsa.c: revision 1.2
crypto/external/bsd/netpgp/dist/src/netpgpverify/misc.c: revision 1.2
crypto/external/bsd/netpgp/dist/src/netpgpverify/main.c: revision 1.5
crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c: revision 1.5
crypto/external/bsd/netpgp/dist/src/netpgpverify/misc.h: revision 1.3
crypto/external/bsd/netpgp/lib/verify/Makefile: revision 1.7
crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.bsd: revision 1.2
crypto/external/bsd/netpgp/lib/verify/config.h: revision 1.1
crypto/external/bsd/netpgp/dist/src/netpgpverify/libnetpgpverify.3: revision 1.2
crypto/external/bsd/netpgp/bin/netpgpverify/Makefile: revision 1.13

Bring over the 20141204 portable version of netpgpverify from pkgsrc
+ Remove unused logmessage helper function
+ Add pgpv_get_cursor_element for easier manipulation of results returned.
+ libnetpgpverify(3) man page improvements
+ Standardise on WARNS=5 settings (6 is too intrusive and distracting)
+ Also install the library and header file for netpgpverify. This
allows scripting languages to use the same verification methods via a
shared library, rather than being forced to exec the netpgpverify(1)
command line utility.
+ libnetpgpverify is now a standalone library, and requires no
pre-requsisite libraries to function

sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")

file Makefile.bsd was added on branch yamt-pagecache on 2014-05-22 13:21:33 +0000