Date: Sat, 27 Jan 2007 20:32:14 -0600 From: Paul Schmehl <pauls@utdallas.edu> To: "Freebsd Ports: Archivers" <ports@freebsd.org> Cc: aquatique-ports@rambler.ru, abuse@silcnet.org, postmaster@silcnet.org Subject: Re: Problem with devel/silc-toolkit Message-ID: <D2F9DABD9A545B74551F4D18@paul-schmehls-powerbook59.local> In-Reply-To: <20070128014441.GA76439@atarininja.org> References: <3B27E5D772A78D81D72D9420@paul-schmehls-powerbook59.local> <20070128014441.GA76439@atarininja.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--==========15FC400A4E42D470F632==========
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
--On January 27, 2007 8:44:41 PM -0500 Wesley Shields <wxs@atarininja.org> =
wrote:
> On Sat, Jan 27, 2007 at 06:37:28PM -0600, Paul Schmehl wrote:
>> =3D> MD5 Checksum mismatch for silc-toolkit-1.0.2.tar.bz2.
>> =3D> SHA256 Checksum mismatch for silc-toolkit-1.0.2.tar.bz2.
>
> These are usually because of a re-rolled distfile. If a PR has not been
> submitted already I would verify the contents of the new distfile and
> send-pr an update to take care of it.
>
> Of course, there's always the chance that the distfile was missed in the
> commit but that does not appear to be the case here.
>
Looks like it's more serious than that:
=3D=3D=3D> Extracting for silc-toolkit-1.0.2
=3D> MD5 Checksum OK for silc-toolkit-1.0.2.tar.bz2.
=3D> SHA256 Checksum OK for silc-toolkit-1.0.2.tar.bz2.
=3D=3D=3D> silc-toolkit-1.0.2 depends on file: /usr/local/bin/perl5.8.8 =
- found
bzip2: Data integrity error when decompressing.
Input file =3D /usr/ports/distfiles//silc-toolkit-1.0.2.tar.bz2,=20
output file =3D (stdout)
It is possible that the compressed file(s) have become corrupted.
You can use the -tvv option to test integrity of such files.
You can use the `bzip2recover' program to attempt to recover
data from undamaged sections of corrupted files.
silc-toolkit-1.0.2/lib/Makefile.in: (Empty error message)
tar: (Empty error message)
*** Error code 1
Stop in /usr/ports/devel/silc-toolkit.
root@utd59514# bzip2
bzip2 bzip2recover
root@utd59514# bzip2 -tvv
bzip2: I won't read compressed data from a terminal.
bzip2: For help, type: `bzip2 --help'.
root@utd59514# bzip2 -tvv /usr/ports/distfiles/silc-toolkit-
silc-toolkit-0.9.12.tar.bz2 silc-toolkit-1.0.2.tar.bz2
root@utd59514# bzip2 -tvv /usr/ports/distfiles/silc-toolkit-1.0.2.tar.bz2
/usr/ports/distfiles/silc-toolkit-1.0.2.tar.bz2:
[1: huff+mtf rt+rld]
[2: huff+mtf data integrity (CRC) error in data
bzip2recover /usr/ports/distfiles/silc-toolkit-1.0.2.tar.bz2
bzip2recover 1.0.3: extracts blocks from damaged .bz2 files.
bzip2recover: searching for block boundaries ...
block 1 runs from 80 to 0
block 2 runs from 957242 to 0 (incomplete)
bzip2recover: splitting into blocks
writing block 1 to=20
`/usr/ports/distfiles/rec00001silc-toolkit-1.0.2.tar.bz2' ...
bzip2recover: finished
According to md5:
md5 /usr/ports/distfiles/silc-toolkit-1.0.2.tar.bz2
MD5 (/usr/ports/distfiles/silc-toolkit-1.0.2.tar.bz2) =3D=20
c1feaf91c9f789a6414f328502cbba22
According to their website:
869ce01349444a28fbace3c1bfe745ff silc-toolkit-1.0.2.tar.bz2
Looks like the bzipped tarball on their website has been altered -=20
possibly compromised. I'm cc'ing the port maintainer, but I was unable to =
find a security address at SILC to notify them. I'm ccing their abuse and =
postmaster addresses.
I would recommend that the port be marked BROKEN until this is resolved.
Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
--==========15FC400A4E42D470F632==========--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D2F9DABD9A545B74551F4D18>