Problem with devel/silc-toolkit

Paul Schmehl pauls at utdallas.edu
Sun Jan 28 03:18:33 UTC 2007 

--On January 27, 2007 9:45:14 PM -0500 Wesley Shields <wxs at atarininja.org> 
wrote:
>
> It passes the checksums for me:
>
> wxs at syn silc-toolkit > sudo make checksum
> ===> Define WITHOUT_IPV6 to disable IPv6 support
> ===> Define WITHOUT_OPTIMIZED_ASM to disable assembler optimizations
> ===> Define WITH_PTHREADS to enable pthreads support
>
> ===> Define WITH_OPTIMIZED_CFLAGS to enable compilation optimizations
> ===> which is known to break some platforms (e.g., alpha)
> ===>  Vulnerability check disabled, database not found
> => silc-toolkit-1.0.2.tar.bz2 doesn't seem to exist in
> /usr/ports/distfiles/.
> => Attempting to fetch from
> http://www.silcnet.org/download/toolkit/sources/.
> silc-toolkit-1.0.2.tar.bz2                    100% of 2485 kB  138 kBps
> 00m00s
> => MD5 Checksum OK for silc-toolkit-1.0.2.tar.bz2.
> => SHA256 Checksum OK for silc-toolkit-1.0.2.tar.bz2.
> wxs at syn silc-toolkit >
>
make checksum works here as well:
root at utd59514# make checksum
===> Define WITHOUT_IPV6 to disable IPv6 support
===> Define WITHOUT_OPTIMIZED_ASM to disable assembler optimizations
===> Define WITH_PTHREADS to enable pthreads support

===> Define WITH_OPTIMIZED_CFLAGS to enable compilation optimizations
===> which is known to break some platforms (e.g., alpha)
=> MD5 Checksum OK for silc-toolkit-1.0.2.tar.bz2.
=> SHA256 Checksum OK for silc-toolkit-1.0.2.tar.bz2.

I just downloaded it to my Mac here at home, and it doesn't pass the 
checksum here either:
paul-schmehls-powerbook59:~/Desktop pauls$ md5sum 
silc-toolkit-1.0.2.tar.bz2
5e80212669182d986957d6d6af724c8b  silc-toolkit-1.0.2.tar.bz2

<http://www.silcnet.org/download/toolkit/sources/silc-toolkit-1.0.2.tar.bz2.md5>
869ce01349444a28fbace3c1bfe745ff  silc-toolkit-1.0.2.tar.bz2

The md5sum of the file I just downloaded doesn't match what they have on 
their website.

Can you post the contents of your distinfo file please?

cat distinfo
MD5 (silc-toolkit-1.0.2.tar.bz2) = 869ce01349444a28fbace3c1bfe745ff
SHA256 (silc-toolkit-1.0.2.tar.bz2) = 
45b289f2c328378e5fbdfc394ff71cbb66ef7c4fdc882185dbeeb08b28d25c7a
SIZE (silc-toolkit-1.0.2.tar.bz2) = 2545183

The size of the file doesn't match the distinfo file *or* what they have 
on their website:
ls -lsa silc-toolkit-1.0.2.tar.bz2
2944 -rw-r--r--   1 pauls  pauls  1505460 Jan 27 21:06 
silc-toolkit-1.0.2.tar.bz2

<http://www.silcnet.org/software/download/toolkit/>
tar.bz2  	1.0.2  	2485 kB   	HTTP  	FTP  	MD5

Clearly, something is wrong.  I'm not saying that it's been compromised, 
but we do md5 and sha256 checksums for a reason.

I do not think this is a local problem.

Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

More information about the freebsd-ports mailing list