insecure memory warning in 2.0.0

Doug Barton dougb at
Thu Nov 16 09:54:22 CET 2006

Hash: SHA1

Eric Buchanan wrote:
> Hi Doug,
> I haven't gotten 2.0 to compile on FreeBSD (yet), is the update to
/usr/ports/security/libassuan that you need to get it up to version
1.0.0, since gnupg 2.0.0 needs a newer version of the library than we
have in ports right now.

For gnupg 2.0.0 itself, you can do the following:

cd /usr/ports/security
cp -Rp gnupg-devel gnupg2
cd gnupg2

Then apply the patch at

No promises that this will be the final version of either of these
ports, but I have already sent these patches to their maintainer, so
hopefully the ports tree will be updated soon. Meanwhile this is
enough to get you up and running.

> but with 1.x I have to run 
> chmod 4775 on the absolute location of the gpg binary. Then it goes away.

There is actually a knob in the port for 1.4.x that will do that for
you, but if we can get the option to work I'd rather avoid making the
gpg2 binary suid to start with. Thanks for the suggestion in any case.

FWIW, I've been using 2.0.0 for a while now, doing some much needed
key maintenance, sending out signatures from a recent key signing,
sending challenges, and signing keys, and so far this is the only
"issue" I've run across. I even set up gpg-agent with a minimum of
fuss. So far so good ...


- --

	If you're never wrong, you're not trying hard enough
Version: GnuPG v2.0.0 (FreeBSD)


More information about the Gnupg-users mailing list