Bug 219747 - security/libgcrypt: update to 1.7.7
Summary: security/libgcrypt: update to 1.7.7
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Carlos J. Puga Medina
URL:
Keywords: patch, patch-ready
Depends on:
Blocks:
 
Reported: 2017-06-03 11:44 UTC by Carlos J. Puga Medina
Modified: 2017-06-08 23:08 UTC (History)
0 users

See Also:
cpm: merge-quarterly?
cpm: exp-run?

Attachments
patch-libgcrypt-1.7.7.diff (2.85 KB, patch)
2017-06-03 11:44 UTC, Carlos J. Puga Medina 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos J. Puga Medina freebsd_committer freebsd_triage 2017-06-03 11:44:21 UTC 
Created attachment 183170 [details]
patch-libgcrypt-1.7.7.diff

- Update libgcrypt to 1.7.7
- Silence all explicitly called commands
- Update WWW in pkg-descr: use https://
- Bump library version in pkg-plist

Noteworthy changes in version 1.7.7 

 * Bug fixes:

   - Fix possible timing attack on EdDSA session key.

   - Fix long standing bug in secure memory implementation which could
     lead to a segv on free. [bug#3027]

Changes: https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000406.html
Binary compatibility report: https://abi-laboratory.pro/tracker/compat_report/libgcrypt/1.7.6/1.7.7/042f3/abi_compat_report.html
Comment 1 Antoine Brodin freebsd_committer freebsd_triage 2017-06-07 09:22:28 UTC 
Exp-run looks fine.
Comment 2 commit-hook freebsd_committer freebsd_triage 2017-06-07 11:36:41 UTC 
A commit references this bug:

Author: cpm
Date: Wed Jun  7 11:35:52 UTC 2017
New revision: 442829
URL: https://svnweb.freebsd.org/changeset/ports/442829

Log:
  security/libgcrypt: update to 1.7.7

  - Update libgcrypt to 1.7.7
  - Silence all explicitly called commands
  - Update WWW in pkg-descr: use https://
  - Bump library version in pkg-plist

  Noteworthy changes in version 1.7.7

  * Bug fixes:

    - Fix possible timing attack on EdDSA session key.
    - Fix long standing bug in secure memory implementation which could
       lead to a segv on free. [bug#3027].

  PR:		219747
  MFH:		2017Q2
  Exp-run by:	antoine

Changes:
  head/security/libgcrypt/Makefile
  head/security/libgcrypt/distinfo
  head/security/libgcrypt/files/extra-patch-aarch64
  head/security/libgcrypt/pkg-descr
  head/security/libgcrypt/pkg-plist
Comment 3 Carlos J. Puga Medina freebsd_committer freebsd_triage 2017-06-07 11:40:10 UTC 
(In reply to Antoine Brodin from comment #1)

Thanks, Antoine!
Comment 4 commit-hook freebsd_committer freebsd_triage 2017-06-08 23:07:56 UTC 
A commit references this bug:

Author: cpm
Date: Thu Jun  8 23:07:05 UTC 2017
New revision: 442961
URL: https://svnweb.freebsd.org/changeset/ports/442961

Log:
  MFH: r442829

  security/libgcrypt: update to 1.7.7

  - Update libgcrypt to 1.7.7
  - Silence all explicitly called commands
  - Update WWW in pkg-descr: use https://
  - Bump library version in pkg-plist

  Noteworthy changes in version 1.7.7

  * Bug fixes:

    - Fix possible timing attack on EdDSA session key.
    - Fix long standing bug in secure memory implementation which could
       lead to a segv on free. [bug#3027].

  PR:		219747
  Exp-run by:	antoine

  Approved by:	ports-secteam (zi)

Changes:
_U  branches/2017Q2/
  branches/2017Q2/security/libgcrypt/Makefile
  branches/2017Q2/security/libgcrypt/distinfo
  branches/2017Q2/security/libgcrypt/files/extra-patch-aarch64
  branches/2017Q2/security/libgcrypt/pkg-descr
  branches/2017Q2/security/libgcrypt/pkg-plist