From owner-freebsd-security@FreeBSD.ORG Fri Jan 23 16:59:15 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2F0744A0 for ; Fri, 23 Jan 2015 16:59:15 +0000 (UTC) Received: from khavrinen.csail.mit.edu (khavrinen.csail.mit.edu [IPv6:2001:470:8b2d:1e1c:21b:21ff:feb8:d7b0]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "khavrinen.csail.mit.edu", Issuer "Client CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id E6114B8 for ; Fri, 23 Jan 2015 16:59:14 +0000 (UTC) Received: from khavrinen.csail.mit.edu (localhost [127.0.0.1]) by khavrinen.csail.mit.edu (8.14.9/8.14.9) with ESMTP id t0NGxCQw000339 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL CN=khavrinen.csail.mit.edu issuer=Client+20CA) for ; Fri, 23 Jan 2015 11:59:13 -0500 (EST) (envelope-from wollman@khavrinen.csail.mit.edu) Received: (from wollman@localhost) by khavrinen.csail.mit.edu (8.14.9/8.14.9/Submit) id t0NGxCkv000336; Fri, 23 Jan 2015 11:59:12 -0500 (EST) (envelope-from wollman) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <21698.32224.747971.146491@khavrinen.csail.mit.edu> Date: Fri, 23 Jan 2015 11:59:12 -0500 From: Garrett Wollman To: freebsd-security@freebsd.org Subject: Strange package checksum report X-Mailer: VM 7.17 under 21.4 (patch 22) "Instant Classic" XEmacs Lucid X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (khavrinen.csail.mit.edu [127.0.0.1]); Fri, 23 Jan 2015 11:59:13 -0500 (EST) X-Mailman-Approved-At: Fri, 23 Jan 2015 21:33:06 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jan 2015 16:59:15 -0000 On some of my machines, I've been noticing the following in the nightly security mail: Checking for packages with mismatched checksums: p5-XML-SAX-0.99_2: /usr/local/lib/perl5/site_perl/XML/SAX/ParserDetails.ini python27-2.7.9: /usr/local/lib/python2.7/UserDict.pyc python27-2.7.9: /usr/local/lib/python2.7/_weakrefset.pyc python27-2.7.9: /usr/local/lib/python2.7/abc.pyc python27-2.7.9: /usr/local/lib/python2.7/codecs.pyc python27-2.7.9: /usr/local/lib/python2.7/copy_reg.pyc python27-2.7.9: /usr/local/lib/python2.7/encodings/__init__.pyc [ a bunch of other .pyc files elided ] Does anyone know what causes this? Force-reinstalling the package fixes it, but only temporarily -- by the time the next security mail comes, it's back in this state. -GAWollman From owner-freebsd-security@FreeBSD.ORG Fri Jan 23 21:55:58 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8DA254B4 for ; Fri, 23 Jan 2015 21:55:58 +0000 (UTC) Received: from mail.indylix.nl (mail.indylix.nl [31.220.44.23]) by mx1.freebsd.org (Postfix) with ESMTP id 4CE9A99B for ; Fri, 23 Jan 2015 21:55:58 +0000 (UTC) Message-ID: <54C2C155.6060607@indylix.nl> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=indylix.nl; s=o26EqTc7; t=1422049630; bh=E5svPo1lzU+BbdlCqR6wIUYU4UyfL+ygC7S7Slxnyls=; h=Date:From:To:Subject:References:In-Reply-To; b=rU9G9+3SWWcrlaOAZ9u2WNCg0vlBR6FK+Ax6O680Y5zlLS+OzkPB+sstTKQ1RqFvq 3PfnMWwuVGYFLYc37EwIu5MwHphm4wjJCpSQpE5V29aJyOfkdj6nzhDF1D3LSxHfsS x9iGGXXSeNa6fVeFBsvEeqz4IhmRZSTsz9MxkJCMXCuFZz2oyi7LjEcfp6sUhtGF/x Zmx1v1ny4uxEGoHSa0vr6HjgaLJgGbhEyRaB4RPlkMwjTIG90OA5qrafceLt1OfWES t7V62Pm4vQQihWxf+9xEn0yhfzLhs5TTLqI3G46iSpW5V1BfMb42uArrjFp/T//AMs ORzG3ahkuWhew== Date: Fri, 23 Jan 2015 22:47:01 +0100 From: Robert Sevat MIME-Version: 1.0 To: Garrett Wollman , freebsd-security@freebsd.org Subject: Re: Strange package checksum report References: <21698.32224.747971.146491@khavrinen.csail.mit.edu> In-Reply-To: <21698.32224.747971.146491@khavrinen.csail.mit.edu> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="SRo2eaFt1EtC92xDqnmHQxRAotFFVWXcu" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jan 2015 21:55:58 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --SRo2eaFt1EtC92xDqnmHQxRAotFFVWXcu Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Maybe hardware going bad? If you're using ZFS, it's probably not the hard disk since ZFS would correct it before pkg can notice it. (Unless you have no redundancy, but then you'd still see checksum errors in zpool status) Maybe bad memory that causes corruption? Kind Regards, Robert Sevat On 01/23/2015 05:59 PM, Garrett Wollman wrote: > On some of my machines, I've been noticing the following in the > nightly security mail: >=20 > Checking for packages with mismatched checksums: > p5-XML-SAX-0.99_2: /usr/local/lib/perl5/site_perl/XML/SAX/ParserDetails= =2Eini > python27-2.7.9: /usr/local/lib/python2.7/UserDict.pyc > python27-2.7.9: /usr/local/lib/python2.7/_weakrefset.pyc > python27-2.7.9: /usr/local/lib/python2.7/abc.pyc > python27-2.7.9: /usr/local/lib/python2.7/codecs.pyc > python27-2.7.9: /usr/local/lib/python2.7/copy_reg.pyc > python27-2.7.9: /usr/local/lib/python2.7/encodings/__init__.pyc > [ a bunch of other .pyc files elided ] >=20 > Does anyone know what causes this? Force-reinstalling the package > fixes it, but only temporarily -- by the time the next security mail > comes, it's back in this state. >=20 > -GAWollman --SRo2eaFt1EtC92xDqnmHQxRAotFFVWXcu Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJUwsFdAAoJEOBNTiYXv1P0z3gP/RT1INT/dxk0oNyaiuZ0CJJr FFibGvdFwY7FfNTexn2yo++lkH3mxaRs4no04Ix/cxOskKISShVYitTulaL2woWu dce1y6oK6C0tey4eKrnQCfHMtsjhPP6AkouZmM1VmpY4qhY5Hk5FrqFitvo0SIxP fKwkPJFKBXTORuz7yE6OqMSodTruAoc4IwdYtsE4VrciE0FNPwfsi1Q1+2AtAxjt zLYdawgmUl2AME3Jvi46DkwMEV/JX1XN1uHh5uZu4FAgS6NC5AfOZyUegxlDb6OS buPAxL8NGbvoXClh+MdE24sRQWFpsVBxS6raWdbRsBnRrBqqmxWV7YnP+5/gfjU7 mkLN040v9bjG4tG5OYu0G+OdRVkCkmWgxBWDki9cTZAUUnGGtC1QXMpNQpEKJ/wS LwZRaOUuZYY14CVVj9TEqkZGv4clE2nUqSF3ejy74cfney5TRCytA9/1SF61c0s6 MFIfvO1WWTnF+AtDG0FiHIwFJfaivimVB2G22mPU/16n7P248Augv2bQ0sh0SDg9 J196MEfXHZY5TJnOyCtLx+VWBbHZfH019x/8MV4UlWDAwyvqAYJ764p1Vf8BlZDX bKA5JSmMaocoPy81TLJBvni94wGPWiRPse2jVCeZO49CEy493nj+90Lyb1XKNOMG Afvljg4T/g70PuSnGxDo =IjXq -----END PGP SIGNATURE----- --SRo2eaFt1EtC92xDqnmHQxRAotFFVWXcu-- From owner-freebsd-security@FreeBSD.ORG Fri Jan 23 22:20:16 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 81B328FE for ; Fri, 23 Jan 2015 22:20:16 +0000 (UTC) Received: from away.numachi.com (away.numachi.com [66.228.38.138]) by mx1.freebsd.org (Postfix) with SMTP id 325B5C46 for ; Fri, 23 Jan 2015 22:20:15 +0000 (UTC) Received: (qmail 24843 invoked from network); 23 Jan 2015 22:20:07 -0000 Received: from unknown (HELO meisai.numachi.com) (71.181.44.212) by away.numachi.com with SMTP; 23 Jan 2015 22:20:07 -0000 Received: (qmail 96215 invoked by uid 1001); 23 Jan 2015 21:57:38 -0000 Date: Fri, 23 Jan 2015 16:57:38 -0500 From: Brian Reichert To: Garrett Wollman Subject: Re: Strange package checksum report Message-ID: <20150123215738.GT80181@numachi.com> References: <21698.32224.747971.146491@khavrinen.csail.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <21698.32224.747971.146491@khavrinen.csail.mit.edu> User-Agent: Mutt/1.5.9i Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jan 2015 22:20:16 -0000 On Fri, Jan 23, 2015 at 11:59:12AM -0500, Garrett Wollman wrote: > On some of my machines, I've been noticing the following in the > nightly security mail: The *.pyc are blobs of byte code that Python generates if the interpreter chooses to compile a module. Maybe the package erroneously contains them, and the interpreter is regenerating them, according to whatever logic is would apply. Maybe a timestamp issue? When you do a force reinstall ,what are the timestamps as compared to the corresponding python modules (*.pl)? > > Checking for packages with mismatched checksums: > p5-XML-SAX-0.99_2: /usr/local/lib/perl5/site_perl/XML/SAX/ParserDetails.ini > python27-2.7.9: /usr/local/lib/python2.7/UserDict.pyc > python27-2.7.9: /usr/local/lib/python2.7/_weakrefset.pyc > python27-2.7.9: /usr/local/lib/python2.7/abc.pyc > python27-2.7.9: /usr/local/lib/python2.7/codecs.pyc > python27-2.7.9: /usr/local/lib/python2.7/copy_reg.pyc > python27-2.7.9: /usr/local/lib/python2.7/encodings/__init__.pyc > [ a bunch of other .pyc files elided ] > > Does anyone know what causes this? Force-reinstalling the package > fixes it, but only temporarily -- by the time the next security mail > comes, it's back in this state. > > -GAWollman > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Brian Reichert BSD admin/developer at large From owner-freebsd-security@FreeBSD.ORG Fri Jan 23 23:14:21 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E0615C5F for ; Fri, 23 Jan 2015 23:14:21 +0000 (UTC) Received: from mail-la0-f42.google.com (mail-la0-f42.google.com [209.85.215.42]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 665C11F8 for ; Fri, 23 Jan 2015 23:14:20 +0000 (UTC) Received: by mail-la0-f42.google.com with SMTP id ms9so174052lab.1 for ; Fri, 23 Jan 2015 15:14:13 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=lcqGJ9IWPN6OaQ6vJmWBm6WsiWTI8ItOw8JEhWXPfK0=; b=kDccDaLiWQWKXqWyBN3P29+baRbjq8s8GmR44LfReyv3aiiMasRUEbMdKYzesVWXpT vybnEZxABvvjoU3xdaiKEPpVJwtVzorhbRnh/hk29NmaDv31UYJSxrn/EByWVAekmfEU OQWYW3GE9vhEBSWf2RiZmlG0acENO5oqYNv/5tR+hyVvjFHNnuaF+XiRk7dKxybLKUF/ CFNj5VNdGl1NLGcN3XgX5cO4y7cDacT6yd5/yWpUD+0RNDTCHO7AeTmWgvdAQQ9t7uIF zjGk3PBnxwl40jjiqrHUrt1WNNvJjend/RBDQIzcXv2rEA2EfG1r5D1W7JqQjUrbJLw8 ZTmQ== X-Gm-Message-State: ALoCoQnoIS83DxyAJFAZWfx1ReXO4VBdbueMARScyxdbRvjgiJmiAvCoebHOsOMmiWOs/IcYNqoI X-Received: by 10.152.204.40 with SMTP id kv8mr9499904lac.42.1422054852921; Fri, 23 Jan 2015 15:14:12 -0800 (PST) MIME-Version: 1.0 Received: by 10.112.141.201 with HTTP; Fri, 23 Jan 2015 15:13:32 -0800 (PST) X-Originating-IP: [68.178.93.3] In-Reply-To: <20150123215738.GT80181@numachi.com> References: <21698.32224.747971.146491@khavrinen.csail.mit.edu> <20150123215738.GT80181@numachi.com> From: Leif Pedersen Date: Fri, 23 Jan 2015 17:13:32 -0600 Message-ID: Subject: Re: Strange package checksum report To: Garrett Wollman Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: "freebsd-security@freebsd.org" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jan 2015 23:14:22 -0000 I wonder if your computer's clock is off by a lot. Python might insist on rebuilding .pyc files if their timestamps are in the future. On Fri, Jan 23, 2015 at 3:57 PM, Brian Reichert wrote: > On Fri, Jan 23, 2015 at 11:59:12AM -0500, Garrett Wollman wrote: > > On some of my machines, I've been noticing the following in the > > nightly security mail: > > The *.pyc are blobs of byte code that Python generates if the > interpreter chooses to compile a module. > > Maybe the package erroneously contains them, and the interpreter > is regenerating them, according to whatever logic is would apply. > Maybe a timestamp issue? > > When you do a force reinstall ,what are the timestamps as compared > to the corresponding python modules (*.pl)? > > > > > > > Checking for packages with mismatched checksums: > > p5-XML-SAX-0.99_2: > /usr/local/lib/perl5/site_perl/XML/SAX/ParserDetails.ini > > python27-2.7.9: /usr/local/lib/python2.7/UserDict.pyc > > python27-2.7.9: /usr/local/lib/python2.7/_weakrefset.pyc > > python27-2.7.9: /usr/local/lib/python2.7/abc.pyc > > python27-2.7.9: /usr/local/lib/python2.7/codecs.pyc > > python27-2.7.9: /usr/local/lib/python2.7/copy_reg.pyc > > python27-2.7.9: /usr/local/lib/python2.7/encodings/__init__.pyc > > [ a bunch of other .pyc files elided ] > > > > Does anyone know what causes this? Force-reinstalling the package > > fixes it, but only temporarily -- by the time the next security mail > > comes, it's back in this state. > > > > -GAWollman > > > > _______________________________________________ > > freebsd-security@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to " > freebsd-security-unsubscribe@freebsd.org" > > -- > Brian Reichert > BSD admin/developer at large > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " > -- As implied by email protocols, the information in this message is not confidential. Any middle-man or recipient may inspect, modify, copy, forward, reply to, delete, or filter email for any purpose unless said parties are otherwise obligated. As the sender, I acknowledge that I have a lower expectation of the control and privacy of this message than I would a post-card. Further, nothing in this message is legally binding without cryptographic evidence of its integrity. http://bilbo.hobbiton.org/wiki/Eat_My_Sig