Re: PR/52044 CVS commit: pkgsrc/net

[Gert Doering <gert%greenie.muc.de@localhost>]

Hi,

On Sun, May 21, 2017 at 04:39:19AM +0200, Emmanuel Dreyfus wrote:
> S.P.Zeidler <spz%netbsd.org@localhost> wrote:
> 
> >  update openvpn to 2.3.15
> 
> I was going to test it, but the size and hash in distinfo does not match
> what I get from:
> http://swupdate.openvpn.net/community/releases/openvpn-2.3.15.tar.xz
> 
> Is it an error in the distinfo, or should this archive be treated with
> suspicion?

This archive is actually good, but the way there was thorny.

2.3.15 was prepared "in the close" (due to the two CVEs and the embargo
on details and patches) and the colleagues managed to produce two different
tar balls, both of them not "really" correct (one was missing a patch,
the other one contained erroneous .so files).

We've released 2.3.16 last Thursday with the normal release process
("everything in the open, taking public git with the published tag to
build tarballs from it").  It has a few small fixes 2.3.15, but most
important, it's one single tarball with one single GPG signature.

While at it, we decided to re-package 2.3.15 into a proper tarball that
matches the git tag, *and* has no extra garbage in it - so there's three
different 2.3.15 tarballs floating around now.  I think distinfo has
the checksum of the "good source, but extra files in" tarball, while
swupdate has the new one now.

Long story cut short: please bump to 2.3.16.

Apologies again...

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert%greenie.muc.de@localhost
fax: +49-89-35655025                        gert%net.informatik.tu-muenchen.de@localhost