[Bug 238854] archivers/bzip2 - update to 1.0.7

Thu Jun 27 19:53:15 UTC 2019

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238854

            Bug ID: 238854
           Summary: archivers/bzip2 - update to 1.0.7
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs at FreeBSD.org
          Reporter: jharris at widomaker.com
 Attachment #205383 maintainer-approval+
             Flags:
             Flags: maintainer-feedback+

Created attachment 205383
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=205383&action=edit
patch to update bzip2 to 1.0.7

New release, fixes CVE-2016-3189 and CVE-2019-12900:

  https://gitlab.com/federicomenaquintero/bzip2/blob/master/NEWS

Updates WWW to gitlab.com (no tarballs/releases) and MASTER_SITES to
sourceware.org, which has a GnuPG signature:

gpg: assuming signed data in `/usr/ports/distfiles/bzip2-1.0.7.tar.gz'
gpg: Signature made Thu Jun 27 18:16:01 2019 UTC using RSA key ID ACD99A78
gpg: using subkey ACD99A78 instead of primary key 49DE760A
gpg: Good signature from "Mark Wielaard <@klomp.org>"
gpg:                 aka "Mark Wielaard <@gnu.org>"
gpg:                 aka "Mark Wielaard <@redhat.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: EC3C FE88 F6CA 0788 774F  5C1D 1AA4 4BE6 49DE 760A
     Subkey fingerprint: 1276 8A96 7959 9010 7A0D  2FDF FC57 E3CC ACD9 9A78
gpg: binary signature, digest algorithm SHA256

Old version/mirror at https://sourceforge.net/projects/bzip2/ hasn't caught
up...

-- 
You are receiving this mail because:
You are the assignee for the bug.