Date: Sat, 27 Jan 2007 21:45:14 -0500 From: Wesley Shields <wxs@atarininja.org> To: Paul Schmehl <pauls@utdallas.edu> Cc: "Freebsd Ports: Archivers" <ports@freebsd.org>, aquatique-ports@rambler.ru, abuse@silcnet.org, postmaster@silcnet.org Subject: Re: Problem with devel/silc-toolkit Message-ID: <20070128024514.GA79142@atarininja.org> In-Reply-To: <D2F9DABD9A545B74551F4D18@paul-schmehls-powerbook59.local> References: <3B27E5D772A78D81D72D9420@paul-schmehls-powerbook59.local> <20070128014441.GA76439@atarininja.org> <D2F9DABD9A545B74551F4D18@paul-schmehls-powerbook59.local>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jan 27, 2007 at 08:32:14PM -0600, Paul Schmehl wrote: > --On January 27, 2007 8:44:41 PM -0500 Wesley Shields <wxs@atarininja.org> > wrote: > > >On Sat, Jan 27, 2007 at 06:37:28PM -0600, Paul Schmehl wrote: > >>=> MD5 Checksum mismatch for silc-toolkit-1.0.2.tar.bz2. > >>=> SHA256 Checksum mismatch for silc-toolkit-1.0.2.tar.bz2. > > > >These are usually because of a re-rolled distfile. If a PR has not been > >submitted already I would verify the contents of the new distfile and > >send-pr an update to take care of it. > > > >Of course, there's always the chance that the distfile was missed in the > >commit but that does not appear to be the case here. > > > Looks like it's more serious than that: It passes the checksums for me: wxs@syn silc-toolkit > sudo make checksum ===> Define WITHOUT_IPV6 to disable IPv6 support ===> Define WITHOUT_OPTIMIZED_ASM to disable assembler optimizations ===> Define WITH_PTHREADS to enable pthreads support ===> Define WITH_OPTIMIZED_CFLAGS to enable compilation optimizations ===> which is known to break some platforms (e.g., alpha) ===> Vulnerability check disabled, database not found => silc-toolkit-1.0.2.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/. => Attempting to fetch from http://www.silcnet.org/download/toolkit/sources/. silc-toolkit-1.0.2.tar.bz2 100% of 2485 kB 138 kBps 00m00s => MD5 Checksum OK for silc-toolkit-1.0.2.tar.bz2. => SHA256 Checksum OK for silc-toolkit-1.0.2.tar.bz2. wxs@syn silc-toolkit > > Looks like the bzipped tarball on their website has been altered - > possibly compromised. I'm cc'ing the port maintainer, but I was unable to > find a security address at SILC to notify them. I'm ccing their abuse and > postmaster addresses. Altered, yes. Compromised is a bit of a jump. Maybe they re-rolled it for any one of an infinite number of reasons. > I would recommend that the port be marked BROKEN until this is resolved. Seeing as how it passes checksums for me I'm leaning towards a local problem. -- WXS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070128024514.GA79142>