insecure memory warning in 2.0.0
dougb at dougbarton.us
Thu Nov 16 09:54:22 CET 2006
-----BEGIN PGP SIGNED MESSAGE-----
Eric Buchanan wrote:
> Hi Doug,
> I haven't gotten 2.0 to compile on FreeBSD (yet),
http://dougbarton.us/libassuan.diff is the update to
/usr/ports/security/libassuan that you need to get it up to version
1.0.0, since gnupg 2.0.0 needs a newer version of the library than we
have in ports right now.
For gnupg 2.0.0 itself, you can do the following:
cp -Rp gnupg-devel gnupg2
Then apply the patch at http://dougbarton.us/gnupg2.diff
No promises that this will be the final version of either of these
ports, but I have already sent these patches to their maintainer, so
hopefully the ports tree will be updated soon. Meanwhile this is
enough to get you up and running.
> but with 1.x I have to run
> chmod 4775 on the absolute location of the gpg binary. Then it goes away.
There is actually a knob in the port for 1.4.x that will do that for
you, but if we can get the option to work I'd rather avoid making the
gpg2 binary suid to start with. Thanks for the suggestion in any case.
FWIW, I've been using 2.0.0 for a while now, doing some much needed
key maintenance, sending out signatures from a recent key signing,
sending challenges, and signing keys, and so far this is the only
"issue" I've run across. I even set up gpg-agent with a minimum of
fuss. So far so good ...
If you're never wrong, you're not trying hard enough
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.0 (FreeBSD)
-----END PGP SIGNATURE-----
More information about the Gnupg-users