Date: Sat, 27 Jan 2007 21:18:29 -0600 From: Paul Schmehl <pauls@utdallas.edu> To: "Freebsd Ports: Archivers" <ports@freebsd.org>, aquatique-ports@rambler.ru Cc: security@silcnet.org Subject: Re: Problem with devel/silc-toolkit Message-ID: <2A54A37FBF8B6E7EE4DEAA5F@paul-schmehls-powerbook59.local> In-Reply-To: <20070128024514.GA79142@atarininja.org> References: <3B27E5D772A78D81D72D9420@paul-schmehls-powerbook59.local> <20070128014441.GA76439@atarininja.org> <D2F9DABD9A545B74551F4D18@paul-schmehls-powerbook59.local> <20070128024514.GA79142@atarininja.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--==========91DE01B72790A07D6CA8========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline --On January 27, 2007 9:45:14 PM -0500 Wesley Shields <wxs@atarininja.org> = wrote: > > It passes the checksums for me: > > wxs@syn silc-toolkit > sudo make checksum > =3D=3D=3D> Define WITHOUT_IPV6 to disable IPv6 support > =3D=3D=3D> Define WITHOUT_OPTIMIZED_ASM to disable assembler = optimizations > =3D=3D=3D> Define WITH_PTHREADS to enable pthreads support > > =3D=3D=3D> Define WITH_OPTIMIZED_CFLAGS to enable compilation = optimizations > =3D=3D=3D> which is known to break some platforms (e.g., alpha) > =3D=3D=3D> Vulnerability check disabled, database not found > =3D> silc-toolkit-1.0.2.tar.bz2 doesn't seem to exist in > /usr/ports/distfiles/. > =3D> Attempting to fetch from > http://www.silcnet.org/download/toolkit/sources/. > silc-toolkit-1.0.2.tar.bz2 100% of 2485 kB 138 kBps > 00m00s > =3D> MD5 Checksum OK for silc-toolkit-1.0.2.tar.bz2. > =3D> SHA256 Checksum OK for silc-toolkit-1.0.2.tar.bz2. > wxs@syn silc-toolkit > > make checksum works here as well: root@utd59514# make checksum =3D=3D=3D> Define WITHOUT_IPV6 to disable IPv6 support =3D=3D=3D> Define WITHOUT_OPTIMIZED_ASM to disable assembler optimizations =3D=3D=3D> Define WITH_PTHREADS to enable pthreads support =3D=3D=3D> Define WITH_OPTIMIZED_CFLAGS to enable compilation = optimizations =3D=3D=3D> which is known to break some platforms (e.g., alpha) =3D> MD5 Checksum OK for silc-toolkit-1.0.2.tar.bz2. =3D> SHA256 Checksum OK for silc-toolkit-1.0.2.tar.bz2. I just downloaded it to my Mac here at home, and it doesn't pass the=20 checksum here either: paul-schmehls-powerbook59:~/Desktop pauls$ md5sum=20 silc-toolkit-1.0.2.tar.bz2 5e80212669182d986957d6d6af724c8b silc-toolkit-1.0.2.tar.bz2 <http://www.silcnet.org/download/toolkit/sources/silc-toolkit-1.0.2.tar.bz2= .md5> 869ce01349444a28fbace3c1bfe745ff silc-toolkit-1.0.2.tar.bz2 The md5sum of the file I just downloaded doesn't match what they have on=20 their website. Can you post the contents of your distinfo file please? cat distinfo MD5 (silc-toolkit-1.0.2.tar.bz2) =3D 869ce01349444a28fbace3c1bfe745ff SHA256 (silc-toolkit-1.0.2.tar.bz2) =3D=20 45b289f2c328378e5fbdfc394ff71cbb66ef7c4fdc882185dbeeb08b28d25c7a SIZE (silc-toolkit-1.0.2.tar.bz2) =3D 2545183 The size of the file doesn't match the distinfo file *or* what they have=20 on their website: ls -lsa silc-toolkit-1.0.2.tar.bz2 2944 -rw-r--r-- 1 pauls pauls 1505460 Jan 27 21:06=20 silc-toolkit-1.0.2.tar.bz2 <http://www.silcnet.org/software/download/toolkit/>; tar.bz2 1.0.2 2485 kB HTTP FTP MD5 Clearly, something is wrong. I'm not saying that it's been compromised,=20 but we do md5 and sha256 checksums for a reason. I do not think this is a local problem. Paul Schmehl (pauls@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ --==========91DE01B72790A07D6CA8==========--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2A54A37FBF8B6E7EE4DEAA5F>