Bug 207327 - security/gnupg wrong hash and file length for signature file for GnuPG 2.1.11
Summary: security/gnupg wrong hash and file length for signature file for GnuPG 2.1.11
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Raphael Kubo da Costa
Depends on:
Reported: 2016-02-19 09:27 UTC by Trond.Endrestol
Modified: 2016-02-19 11:18 UTC (History)
2 users (show)

See Also:
rakuco: maintainer-feedback-


Note You need to log in before you can comment on or make changes to this bug.
Description Trond.Endrestol 2016-02-19 09:27:54 UTC
Hash should be:
cf2ca28205a479ceac1fa5b6ac3d855c9461814c9cd231e4da2cf4f156f738f0 gnupg-2.1.11.tar.bz2.sig
File length should be: 574

Recheck the hash and file length, and amend the changes to the distinfo file.
Comment 1 commit-hook freebsd_committer 2016-02-19 11:13:10 UTC
A commit references this bug:

Author: rakuco
Date: Fri Feb 19 11:12:54 UTC 2016
New revision: 409166
URL: https://svnweb.freebsd.org/changeset/ports/409166

  Regenerate distinfo information for gnupg-2.1.11.tar.bz2.sig.

  This fixes `make fetch'.

  The actual hash and sizes are different, as mentioned in the associated PR.
  I have also checked it manually, and verified the tarball's signature with
  `gpg --verify gnupg-2.1.11.tar.bz2.sig gnupg-2.1.11.tar.bz2'.

  I don't understand how this happened, but it looks similar to bug 202312.

  PR:		207327
  Submitted by:	Trond.Endrestol@ximalas.info

Comment 2 Raphael Kubo da Costa freebsd_committer 2016-02-19 11:18:45 UTC
Committed, thanks. I was also bitten by this today when trying to upgrade the port.