Bug 219747

Summary: security/libgcrypt: update to 1.7.7
Product: Ports & Packages Reporter: Carlos J. Puga Medina <cpm>
Component: Individual Port(s)Assignee: Carlos J. Puga Medina <cpm>
Status: Closed FIXED    
Severity: Affects Many People Keywords: patch, patch-ready
Priority: --- Flags: cpm: merge-quarterly?
cpm: exp-run?
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
patch-libgcrypt-1.7.7.diff none

Description Carlos J. Puga Medina freebsd_committer 2017-06-03 11:44:21 UTC
Created attachment 183170 [details]
patch-libgcrypt-1.7.7.diff

- Update libgcrypt to 1.7.7
- Silence all explicitly called commands
- Update WWW in pkg-descr: use https://
- Bump library version in pkg-plist

Noteworthy changes in version 1.7.7 

 * Bug fixes:

   - Fix possible timing attack on EdDSA session key.

   - Fix long standing bug in secure memory implementation which could
     lead to a segv on free. [bug#3027]

Changes: https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000406.html
Binary compatibility report: https://abi-laboratory.pro/tracker/compat_report/libgcrypt/1.7.6/1.7.7/042f3/abi_compat_report.html
Comment 1 Antoine Brodin freebsd_committer 2017-06-07 09:22:28 UTC
Exp-run looks fine.
Comment 2 commit-hook freebsd_committer 2017-06-07 11:36:41 UTC
A commit references this bug:

Author: cpm
Date: Wed Jun  7 11:35:52 UTC 2017
New revision: 442829
URL: https://svnweb.freebsd.org/changeset/ports/442829

Log:
  security/libgcrypt: update to 1.7.7

  - Update libgcrypt to 1.7.7
  - Silence all explicitly called commands
  - Update WWW in pkg-descr: use https://
  - Bump library version in pkg-plist

  Noteworthy changes in version 1.7.7

  * Bug fixes:

    - Fix possible timing attack on EdDSA session key.
    - Fix long standing bug in secure memory implementation which could
       lead to a segv on free. [bug#3027].

  PR:		219747
  MFH:		2017Q2
  Exp-run by:	antoine

Changes:
  head/security/libgcrypt/Makefile
  head/security/libgcrypt/distinfo
  head/security/libgcrypt/files/extra-patch-aarch64
  head/security/libgcrypt/pkg-descr
  head/security/libgcrypt/pkg-plist
Comment 3 Carlos J. Puga Medina freebsd_committer 2017-06-07 11:40:10 UTC
(In reply to Antoine Brodin from comment #1)

Thanks, Antoine!
Comment 4 commit-hook freebsd_committer 2017-06-08 23:07:56 UTC
A commit references this bug:

Author: cpm
Date: Thu Jun  8 23:07:05 UTC 2017
New revision: 442961
URL: https://svnweb.freebsd.org/changeset/ports/442961

Log:
  MFH: r442829

  security/libgcrypt: update to 1.7.7

  - Update libgcrypt to 1.7.7
  - Silence all explicitly called commands
  - Update WWW in pkg-descr: use https://
  - Bump library version in pkg-plist

  Noteworthy changes in version 1.7.7

  * Bug fixes:

    - Fix possible timing attack on EdDSA session key.
    - Fix long standing bug in secure memory implementation which could
       lead to a segv on free. [bug#3027].

  PR:		219747
  Exp-run by:	antoine

  Approved by:	ports-secteam (zi)

Changes:
_U  branches/2017Q2/
  branches/2017Q2/security/libgcrypt/Makefile
  branches/2017Q2/security/libgcrypt/distinfo
  branches/2017Q2/security/libgcrypt/files/extra-patch-aarch64
  branches/2017Q2/security/libgcrypt/pkg-descr
  branches/2017Q2/security/libgcrypt/pkg-plist