Bug 219747 - security/libgcrypt: update to 1.7.7
Summary: security/libgcrypt: update to 1.7.7
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Carlos J. Puga Medina
URL:
Keywords: patch, patch-ready
Depends on:
Blocks:
 
Reported: 2017-06-03 11:44 UTC by Carlos J. Puga Medina
Modified: 2017-06-08 23:08 UTC (History)
0 users

See Also:
cpm: exp-run?
cpm: merge-quarterly?


Attachments
patch-libgcrypt-1.7.7.diff (2.85 KB, patch)
2017-06-03 11:44 UTC, Carlos J. Puga Medina
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos J. Puga Medina freebsd_committer 2017-06-03 11:44:21 UTC
Created attachment 183170 [details]
patch-libgcrypt-1.7.7.diff

- Update libgcrypt to 1.7.7
- Silence all explicitly called commands
- Update WWW in pkg-descr: use https://
- Bump library version in pkg-plist

Noteworthy changes in version 1.7.7 

 * Bug fixes:

   - Fix possible timing attack on EdDSA session key.

   - Fix long standing bug in secure memory implementation which could
     lead to a segv on free. [bug#3027]

Changes: https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000406.html
Binary compatibility report: https://abi-laboratory.pro/tracker/compat_report/libgcrypt/1.7.6/1.7.7/042f3/abi_compat_report.html
Comment 1 Antoine Brodin freebsd_committer 2017-06-07 09:22:28 UTC
Exp-run looks fine.
Comment 2 commit-hook freebsd_committer 2017-06-07 11:36:41 UTC
A commit references this bug:

Author: cpm
Date: Wed Jun  7 11:35:52 UTC 2017
New revision: 442829
URL: https://svnweb.freebsd.org/changeset/ports/442829

Log:
  security/libgcrypt: update to 1.7.7

  - Update libgcrypt to 1.7.7
  - Silence all explicitly called commands
  - Update WWW in pkg-descr: use https://
  - Bump library version in pkg-plist

  Noteworthy changes in version 1.7.7

  * Bug fixes:

    - Fix possible timing attack on EdDSA session key.
    - Fix long standing bug in secure memory implementation which could
       lead to a segv on free. [bug#3027].

  PR:		219747
  MFH:		2017Q2
  Exp-run by:	antoine

Changes:
  head/security/libgcrypt/Makefile
  head/security/libgcrypt/distinfo
  head/security/libgcrypt/files/extra-patch-aarch64
  head/security/libgcrypt/pkg-descr
  head/security/libgcrypt/pkg-plist
Comment 3 Carlos J. Puga Medina freebsd_committer 2017-06-07 11:40:10 UTC
(In reply to Antoine Brodin from comment #1)

Thanks, Antoine!
Comment 4 commit-hook freebsd_committer 2017-06-08 23:07:56 UTC
A commit references this bug:

Author: cpm
Date: Thu Jun  8 23:07:05 UTC 2017
New revision: 442961
URL: https://svnweb.freebsd.org/changeset/ports/442961

Log:
  MFH: r442829

  security/libgcrypt: update to 1.7.7

  - Update libgcrypt to 1.7.7
  - Silence all explicitly called commands
  - Update WWW in pkg-descr: use https://
  - Bump library version in pkg-plist

  Noteworthy changes in version 1.7.7

  * Bug fixes:

    - Fix possible timing attack on EdDSA session key.
    - Fix long standing bug in secure memory implementation which could
       lead to a segv on free. [bug#3027].

  PR:		219747
  Exp-run by:	antoine

  Approved by:	ports-secteam (zi)

Changes:
_U  branches/2017Q2/
  branches/2017Q2/security/libgcrypt/Makefile
  branches/2017Q2/security/libgcrypt/distinfo
  branches/2017Q2/security/libgcrypt/files/extra-patch-aarch64
  branches/2017Q2/security/libgcrypt/pkg-descr
  branches/2017Q2/security/libgcrypt/pkg-plist