Date: Fri, 20 Jan 2006 13:30:07 GMT From: Anton Berezin <tobez@FreeBSD.org> To: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/92014: security/p5-Digest-SHA256: Broken on FreeBSD >= 5.x Message-ID: <200601201330.k0KDU7d9009841@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/92014; it has been noted by GNATS. From: Anton Berezin <tobez@FreeBSD.org> To: Johan van Selst <johans@stack.nl> Cc: FreeBSD-gnats-submit@FreeBSD.org, apeiron+ports@coitusmentis.info Subject: Re: ports/92014: security/p5-Digest-SHA256: Broken on FreeBSD >= 5.x Date: Fri, 20 Jan 2006 14:27:34 +0100 On Thu, Jan 19, 2006 at 06:53:06PM +0100, Johan van Selst wrote: > Please disable (or fix) this port for FreeBSD 5.x or later: > It produces invalid checksums and should not be used > (at least not in a security context) > I have searched in vain to locate the problem, > so my best suggestion is to mark it broken. > > P.S. While we're at it, add sha256 checksum to distfile - > no irony intended. > > diff -uNr p5-Digest-SHA256/Makefile p5-Digest-SHA256/Makefile > --- p5-Digest-SHA256/Makefile Thu May 26 15:10:51 2005 > +++ p5-Digest-SHA256/Makefile Thu Jan 19 18:40:43 2006 > @@ -24,4 +24,10 @@ > > MAN3= Digest::SHA256.3 Digest::sha256.3 > > -.include <bsd.port.mk> > +.include <bsd.port.pre.mk> > + > +.if ${OSVERSION} >= 500000 > +BROKEN= "Produces invalid checksums on >= 5.x" > +.endif > + > +.include <bsd.port.post.mk> > diff -uNr p5-Digest-SHA256/distinfo p5-Digest-SHA256/distinfo > --- p5-Digest-SHA256/distinfo Thu May 26 15:10:51 2005 > +++ p5-Digest-SHA256/distinfo Thu Jan 19 18:51:25 2006 > @@ -1,2 +1,3 @@ > MD5 (SHA256-0.01b.tar.gz) = 08f2b87bad328275bdebf64c18bfcb31 > +SHA256 (SHA256-0.01b.tar.gz) = 72bbb1e31bbfe39e9df930e9b34bbac25e5d1617b7289076945aa303ad03c170 > SIZE (SHA256-0.01b.tar.gz) = 9326 I have a better idea. How about fixing it instead? :-) Maintainer, do you approve the following patch? Index: files/patch-Makefile.PL =================================================================== RCS file: files/patch-Makefile.PL diff -N files/patch-Makefile.PL --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/patch-Makefile.PL 20 Jan 2006 13:25:23 -0000 @@ -0,0 +1,22 @@ +--- Makefile.PL Mon Mar 12 06:19:07 2001 ++++ Makefile.PL Fri Jan 20 14:23:20 2006 +@@ -9,6 +9,10 @@ WriteMakefile( + ); + + if (exists($Config{'byteorder'}) and defined($Config{'byteorder'})) { ++ my $bo = $Config{'byteorder'}; ++ if (length($bo) == 8 && $Config{use64bitint} && !$Config{use64bitall}) { ++ $bo =~ s/[5678]//g; ++ } + if (-e 'endian.h') { + warn "Warning: overwriting endian.h\n"; + } else { +@@ -24,7 +28,7 @@ if (exists($Config{'byteorder'}) and def + + /* Warning! this file is automatically generated; changes WILL disappear */ + +-#define BYTEORDER $Config{'byteorder'} ++#define BYTEORDER $bo + + #endif /* ENDIAN_H */ + END_OF_STRING Cheers, \Anton. -- An undefined problem has an infinite number of solutions. -- Robert A. Humphrey
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601201330.k0KDU7d9009841>