Problem with devel/silc-toolkit

Wesley Shields wxs at
Sun Jan 28 02:42:00 UTC 2007

On Sat, Jan 27, 2007 at 08:32:14PM -0600, Paul Schmehl wrote:
> --On January 27, 2007 8:44:41 PM -0500 Wesley Shields <wxs at> 
> wrote:
> >On Sat, Jan 27, 2007 at 06:37:28PM -0600, Paul Schmehl wrote:
> >>=> MD5 Checksum mismatch for silc-toolkit-1.0.2.tar.bz2.
> >>=> SHA256 Checksum mismatch for silc-toolkit-1.0.2.tar.bz2.
> >
> >These are usually because of a re-rolled distfile.  If a PR has not been
> >submitted already I would verify the contents of the new distfile and
> >send-pr an update to take care of it.
> >
> >Of course, there's always the chance that the distfile was missed in the
> >commit but that does not appear to be the case here.
> >
> Looks like it's more serious than that:

It passes the checksums for me:

wxs at syn silc-toolkit > sudo make checksum
===> Define WITHOUT_IPV6 to disable IPv6 support
===> Define WITHOUT_OPTIMIZED_ASM to disable assembler optimizations
===> Define WITH_PTHREADS to enable pthreads support

===> Define WITH_OPTIMIZED_CFLAGS to enable compilation optimizations
===> which is known to break some platforms (e.g., alpha)
===>  Vulnerability check disabled, database not found
=> silc-toolkit-1.0.2.tar.bz2 doesn't seem to exist in
=> Attempting to fetch from
silc-toolkit-1.0.2.tar.bz2                    100% of 2485 kB  138 kBps
=> MD5 Checksum OK for silc-toolkit-1.0.2.tar.bz2.
=> SHA256 Checksum OK for silc-toolkit-1.0.2.tar.bz2.
wxs at syn silc-toolkit >

> Looks like the bzipped tarball on their website has been altered - 
> possibly compromised.  I'm cc'ing the port maintainer, but I was unable to 
> find a security address at SILC to notify them.  I'm ccing their abuse and 
> postmaster addresses.

Altered, yes.  Compromised is a bit of a jump.  Maybe they re-rolled it
for any one of an infinite number of reasons.

> I would recommend that the port be marked BROKEN until this is resolved.

Seeing as how it passes checksums for me I'm leaning towards a local

-- WXS

More information about the freebsd-ports mailing list