Bug 207327

Summary: security/gnupg wrong hash and file length for signature file for GnuPG 2.1.11
Product: Ports & Packages Reporter: Trond.Endrestol
Component: Individual Port(s)Assignee: Raphael Kubo da Costa <rakuco>
Status: Closed FIXED    
Severity: Affects Only Me CC: kuriyama, rakuco
Priority: --- Flags: rakuco: maintainer-feedback-
Version: Latest   
Hardware: Any   
OS: Any   

Description Trond.Endrestol 2016-02-19 09:27:54 UTC
Hash should be:
cf2ca28205a479ceac1fa5b6ac3d855c9461814c9cd231e4da2cf4f156f738f0 gnupg-2.1.11.tar.bz2.sig
File length should be: 574

Recheck the hash and file length, and amend the changes to the distinfo file.
Comment 1 commit-hook freebsd_committer 2016-02-19 11:13:10 UTC
A commit references this bug:

Author: rakuco
Date: Fri Feb 19 11:12:54 UTC 2016
New revision: 409166
URL: https://svnweb.freebsd.org/changeset/ports/409166

  Regenerate distinfo information for gnupg-2.1.11.tar.bz2.sig.

  This fixes `make fetch'.

  The actual hash and sizes are different, as mentioned in the associated PR.
  I have also checked it manually, and verified the tarball's signature with
  `gpg --verify gnupg-2.1.11.tar.bz2.sig gnupg-2.1.11.tar.bz2'.

  I don't understand how this happened, but it looks similar to bug 202312.

  PR:		207327
  Submitted by:	Trond.Endrestol@ximalas.info

Comment 2 Raphael Kubo da Costa freebsd_committer 2016-02-19 11:18:45 UTC
Committed, thanks. I was also bitten by this today when trying to upgrade the port.