From owner-freebsd-ports@FreeBSD.ORG Sun Jan 28 02:42:00 2007 Return-Path: X-Original-To: ports@freebsd.org Delivered-To: freebsd-ports@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 422F116A401 for ; Sun, 28 Jan 2007 02:42:00 +0000 (UTC) (envelope-from wxs@atarininja.org) Received: from syn.atarininja.org (syn.csh.rit.edu [129.21.60.158]) by mx1.freebsd.org (Postfix) with ESMTP id 1E1BF13C4AA for ; Sun, 28 Jan 2007 02:42:00 +0000 (UTC) (envelope-from wxs@atarininja.org) Received: by syn.atarininja.org (Postfix, from userid 1001) id DAC1B5C2E; Sat, 27 Jan 2007 21:45:14 -0500 (EST) Date: Sat, 27 Jan 2007 21:45:14 -0500 From: Wesley Shields To: Paul Schmehl Message-ID: <20070128024514.GA79142@atarininja.org> References: <3B27E5D772A78D81D72D9420@paul-schmehls-powerbook59.local> <20070128014441.GA76439@atarininja.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.13 (2006-08-11) Cc: "Freebsd Ports: Archivers" , aquatique-ports@rambler.ru, abuse@silcnet.org, postmaster@silcnet.org Subject: Re: Problem with devel/silc-toolkit X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jan 2007 02:42:00 -0000 On Sat, Jan 27, 2007 at 08:32:14PM -0600, Paul Schmehl wrote: > --On January 27, 2007 8:44:41 PM -0500 Wesley Shields > wrote: > > >On Sat, Jan 27, 2007 at 06:37:28PM -0600, Paul Schmehl wrote: > >>=> MD5 Checksum mismatch for silc-toolkit-1.0.2.tar.bz2. > >>=> SHA256 Checksum mismatch for silc-toolkit-1.0.2.tar.bz2. > > > >These are usually because of a re-rolled distfile. If a PR has not been > >submitted already I would verify the contents of the new distfile and > >send-pr an update to take care of it. > > > >Of course, there's always the chance that the distfile was missed in the > >commit but that does not appear to be the case here. > > > Looks like it's more serious than that: It passes the checksums for me: wxs@syn silc-toolkit > sudo make checksum ===> Define WITHOUT_IPV6 to disable IPv6 support ===> Define WITHOUT_OPTIMIZED_ASM to disable assembler optimizations ===> Define WITH_PTHREADS to enable pthreads support ===> Define WITH_OPTIMIZED_CFLAGS to enable compilation optimizations ===> which is known to break some platforms (e.g., alpha) ===> Vulnerability check disabled, database not found => silc-toolkit-1.0.2.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/. => Attempting to fetch from http://www.silcnet.org/download/toolkit/sources/. silc-toolkit-1.0.2.tar.bz2 100% of 2485 kB 138 kBps 00m00s => MD5 Checksum OK for silc-toolkit-1.0.2.tar.bz2. => SHA256 Checksum OK for silc-toolkit-1.0.2.tar.bz2. wxs@syn silc-toolkit > > Looks like the bzipped tarball on their website has been altered - > possibly compromised. I'm cc'ing the port maintainer, but I was unable to > find a security address at SILC to notify them. I'm ccing their abuse and > postmaster addresses. Altered, yes. Compromised is a bit of a jump. Maybe they re-rolled it for any one of an infinite number of reasons. > I would recommend that the port be marked BROKEN until this is resolved. Seeing as how it passes checksums for me I'm leaning towards a local problem. -- WXS