xterm-353
Christoph Moench-Tegeder
cmt at burggraben.net
Sun Feb 2 20:50:54 UTC 2020
Thomas, care to check the latest xterm tar file on the mirror?
## Peter Jeremy (peter at rulingia.com):
> If you are inclined, you could compare the contents of both files and
> report the differences upstream - particularly if there has been a
> malicious change.
In fact, https://invisible-mirror.net/archives/xterm/xterm-353.tgz is
ftp://ftp.invisible-island.net/xterm/xterm-353.tgz gzipped once over again.
The file from the mirror fails the GPG signature check and has sha256
0ef2e2fdfade2dfba41f7babeb1066886fd3c8c6aa6dd057fbce3d59a8848aa6 and
can be gunzipped to reveal a tgz file with sha256
e521d3ee9def61f5d5c911afc74dd5c3a56ce147c7071c74023ea24cac9bb768 - that
file can be verified with the GPG signature and matches the sha256sum
the ports tree expects. (In fact, the file from the mirror can't even
be "tar xzf"ed, as it's not a tar inside a gz but a tar inside a gz inside
a gz).
Regards,
Christoph
--
Spare Space.
More information about the freebsd-ports
mailing list