Problem with devel/silc-toolkit
pauls at utdallas.edu
Sun Jan 28 02:32:19 UTC 2007
--On January 27, 2007 8:44:41 PM -0500 Wesley Shields <wxs at atarininja.org>
> On Sat, Jan 27, 2007 at 06:37:28PM -0600, Paul Schmehl wrote:
>> => MD5 Checksum mismatch for silc-toolkit-1.0.2.tar.bz2.
>> => SHA256 Checksum mismatch for silc-toolkit-1.0.2.tar.bz2.
> These are usually because of a re-rolled distfile. If a PR has not been
> submitted already I would verify the contents of the new distfile and
> send-pr an update to take care of it.
> Of course, there's always the chance that the distfile was missed in the
> commit but that does not appear to be the case here.
Looks like it's more serious than that:
===> Extracting for silc-toolkit-1.0.2
=> MD5 Checksum OK for silc-toolkit-1.0.2.tar.bz2.
=> SHA256 Checksum OK for silc-toolkit-1.0.2.tar.bz2.
===> silc-toolkit-1.0.2 depends on file: /usr/local/bin/perl5.8.8 - found
bzip2: Data integrity error when decompressing.
Input file = /usr/ports/distfiles//silc-toolkit-1.0.2.tar.bz2,
output file = (stdout)
It is possible that the compressed file(s) have become corrupted.
You can use the -tvv option to test integrity of such files.
You can use the `bzip2recover' program to attempt to recover
data from undamaged sections of corrupted files.
silc-toolkit-1.0.2/lib/Makefile.in: (Empty error message)
tar: (Empty error message)
*** Error code 1
Stop in /usr/ports/devel/silc-toolkit.
root at utd59514# bzip2
root at utd59514# bzip2 -tvv
bzip2: I won't read compressed data from a terminal.
bzip2: For help, type: `bzip2 --help'.
root at utd59514# bzip2 -tvv /usr/ports/distfiles/silc-toolkit-
root at utd59514# bzip2 -tvv /usr/ports/distfiles/silc-toolkit-1.0.2.tar.bz2
[1: huff+mtf rt+rld]
[2: huff+mtf data integrity (CRC) error in data
bzip2recover 1.0.3: extracts blocks from damaged .bz2 files.
bzip2recover: searching for block boundaries ...
block 1 runs from 80 to 0
block 2 runs from 957242 to 0 (incomplete)
bzip2recover: splitting into blocks
writing block 1 to
According to md5:
MD5 (/usr/ports/distfiles/silc-toolkit-1.0.2.tar.bz2) =
According to their website:
Looks like the bzipped tarball on their website has been altered -
possibly compromised. I'm cc'ing the port maintainer, but I was unable to
find a security address at SILC to notify them. I'm ccing their abuse and
I would recommend that the port be marked BROKEN until this is resolved.
Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
More information about the freebsd-ports