Bug 225056

Summary:	Bump finance/electrum version to 3.0.5
Product:	Ports & Packages	Reporter:	pete
Component:	Individual Port(s)	Assignee:	Emanuel Haupt <ehaupt>
Status:	Closed FIXED
Severity:	Affects Many People	Flags:	bugzilla: maintainer-feedback? (ehaupt)
Priority:	---
Version:	Latest
Hardware:	Any
OS:	Any

Description pete 2018-01-10 17:58:44 UTC

Hello,
Version 3.0.5 of electrum is available and resolves some very critical security vulnerabilities.  This diff should allow us to build newer packages - I'm building now to verify functionality but wanted to file this ASAP due to the urgency:

Security Notice:
https://github.com/spesmilo/electrum-docs/blob/master/cve.rst

Diff:
diff --git a/finance/electrum/Makefile b/finance/electrum/Makefile
index 3275f14f766f..d793f6524b19 100644
--- a/finance/electrum/Makefile
+++ b/finance/electrum/Makefile
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=      electrum
-PORTVERSION=   3.0.3
+PORTVERSION=   3.0.5
 CATEGORIES=    finance python
 MASTER_SITES=  https://download.electrum.org/${PORTVERSION}/ \
                http://download.electrum.org/${PORTVERSION}/
diff --git a/finance/electrum/distinfo b/finance/electrum/distinfo
index 7f5d706f9064..9fbdfdc7979d 100644
--- a/finance/electrum/distinfo
+++ b/finance/electrum/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1513060630
-SHA256 (Electrum-3.0.3.tar.gz) = e55cb8b29a2ee1442f0873787e54b52b85aac76c2b5f540e823cd2b96ad00326
-SIZE (Electrum-3.0.3.tar.gz) = 2590410
+TIMESTAMP = 1515606913
+SHA256 (Electrum-3.0.5.tar.gz) = 61ebc06782433f928853188762c6f3098bd3d08d54c34b5594233d196e51e01b
+SIZE (Electrum-3.0.5.tar.gz) = 2639766

Comment 1 commit-hook freebsd_committer

2018-02-11 11:01:09 UTC

A commit references this bug:

Author: ehaupt
Date: Sun Feb 11 11:00:37 UTC 2018
New revision: 461487
URL: https://svnweb.freebsd.org/changeset/ports/461487

Log:
  Document vulnerability in finance/electrum and finance/electrum2.

  PR:		225056
  Submitted by:	pete@nomadlogic.org, vermaden@interia.pl (via mail)
  Security:	CVE-2018-6353

Changes:
  head/security/vuxml/vuln.xml

Comment 2 Emanuel Haupt freebsd_committer

2018-02-11 11:17:38 UTC

I've updated the port to 3.0.6, created a VuXML entry and marked the legacy port finance/electrum2 DEPRECATED with a one month epiration period.