Date: Fri, 04 Oct 2013 13:12:33 -0700 From: "Ronald F. Guilmette" <rfg@tristatelogic.com> To: Ruslan Makhmatkhanov <cvs-src@yandex.ru> Cc: rm@FreeBSD.org, freebsd-ports@freebsd.org Subject: Re: Port build failure -- security/hydra Message-ID: <92711.1380917553@server1.tristatelogic.com> In-Reply-To: <524F179D.8030603@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Oh geeezzzzzzz! Things are even more screwed up with the hydra port that I thought! I mentioned in my prior e-mail that the size of the hydra-7.5.tar.gz file being reported by essentially all of the mirrors that are coded into the current hydra port is in fact 681552... *not* 681784 bytes, which is apparently what the port is expecting and demanding. However it appears that there is *one* and *only one* source for the hydra-7.5.tar.gz distribution file where the size of the file *is* in fact 681784 bytes, and that is: https://www.thc.org/releases/hydra-7.5.tar.gz but this is the site that apparently has its SSL certificates screwed up! Geeeezzzz! How worrisome is it to be fetching a piece of "security" software from a site that can't even manage to get its own SSL certs set up or maintained properly?? How worrisome is it to be doing that when *every* other copy of the relevant source tarball *everywhere* else on the net has a different size?? OK, so being curious, I got *both* one of the 681552 sized copies of this file and also one of the 681784 sized copies, and I unpacked them both and ran "diff -rc2". The results are attached below. Clearly, the bizzare and unexpected size differences are *not* due to any any sneeky corruption of the source tarball. However it is equally apparent that _somebody_ has been fiddling with the contents of the source tarball *without* bothering to change the version number on that. (I don't generally believe in castration as a punishment for crimes against humanity, but I make an exception in such cases, because there is no excuse for this kind of shoddy workmanship. Even if the only change is a single comma, different versions need different numbers.) So, um, will the real hydra-7.5.tar.gz file please stand up? ============================================================================ diff -rc2 tmp0/hydra-7.5/LICENSE tmp1/hydra-7.5/LICENSE *** tmp0/hydra-7.5/LICENSE 2013-08-02 04:35:56.000000000 -0700 --- tmp1/hydra-7.5/LICENSE 2013-08-06 07:42:44.000000000 -0700 *************** *** 1,2 **** --- 1,7 ---- + [see the end of the file for the special exception for linking with OpenSSL + - debian people need this] + + + GNU AFFERO GENERAL PUBLIC LICENSE Version 3, 19 November 2007 *************** *** 660,661 **** --- 665,683 ---- For more information on this, and how to apply and follow the GNU AGPL, see <http://www.gnu.org/licenses/>. + + + Special Exception + + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU Affero General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. + diff -rc2 tmp0/hydra-7.5/hydra.1 tmp1/hydra-7.5/hydra.1 *** tmp0/hydra-7.5/hydra.1 2013-08-02 04:35:56.000000000 -0700 --- tmp1/hydra-7.5/hydra.1 2013-08-06 00:27:33.000000000 -0700 *************** *** 94,98 **** defines the max wait time in seconds for responses (default: 32) .TP ! .B \-w TIME defines a wait time between each connection a task performs. This usually only makes sense if a low task number is used, .e.g \-t 1 --- 94,98 ---- defines the max wait time in seconds for responses (default: 32) .TP ! .B \-W TIME defines a wait time between each connection a task performs. This usually only makes sense if a low task number is used, .e.g \-t 1 Files tmp0/hydra-7.5.tar.gz and tmp1/hydra-7.5.tar.gz differ
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?92711.1380917553>