Date: Thu, 27 Jun 2019 19:53:12 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 238854] archivers/bzip2 - update to 1.0.7 Message-ID: <bug-238854-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D238854 Bug ID: 238854 Summary: archivers/bzip2 - update to 1.0.7 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: jharris@widomaker.com Attachment #205383 maintainer-approval+ Flags: Flags: maintainer-feedback+ Created attachment 205383 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D205383&action= =3Dedit patch to update bzip2 to 1.0.7 New release, fixes CVE-2016-3189 and CVE-2019-12900: https://gitlab.com/federicomenaquintero/bzip2/blob/master/NEWS Updates WWW to gitlab.com (no tarballs/releases) and MASTER_SITES to sourceware.org, which has a GnuPG signature: gpg: assuming signed data in `/usr/ports/distfiles/bzip2-1.0.7.tar.gz' gpg: Signature made Thu Jun 27 18:16:01 2019 UTC using RSA key ID ACD99A78 gpg: using subkey ACD99A78 instead of primary key 49DE760A gpg: Good signature from "Mark Wielaard <@klomp.org>" gpg: aka "Mark Wielaard <@gnu.org>" gpg: aka "Mark Wielaard <@redhat.com>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owne= r. Primary key fingerprint: EC3C FE88 F6CA 0788 774F 5C1D 1AA4 4BE6 49DE 760A Subkey fingerprint: 1276 8A96 7959 9010 7A0D 2FDF FC57 E3CC ACD9 9A78 gpg: binary signature, digest algorithm SHA256 Old version/mirror at https://sourceforge.net/projects/bzip2/ hasn't caught up... --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-238854-7788>