Problem with devel/silc-toolkit
wxs at atarininja.org
Sun Jan 28 02:42:00 UTC 2007
On Sat, Jan 27, 2007 at 08:32:14PM -0600, Paul Schmehl wrote:
> --On January 27, 2007 8:44:41 PM -0500 Wesley Shields <wxs at atarininja.org>
> >On Sat, Jan 27, 2007 at 06:37:28PM -0600, Paul Schmehl wrote:
> >>=> MD5 Checksum mismatch for silc-toolkit-1.0.2.tar.bz2.
> >>=> SHA256 Checksum mismatch for silc-toolkit-1.0.2.tar.bz2.
> >These are usually because of a re-rolled distfile. If a PR has not been
> >submitted already I would verify the contents of the new distfile and
> >send-pr an update to take care of it.
> >Of course, there's always the chance that the distfile was missed in the
> >commit but that does not appear to be the case here.
> Looks like it's more serious than that:
It passes the checksums for me:
wxs at syn silc-toolkit > sudo make checksum
===> Define WITHOUT_IPV6 to disable IPv6 support
===> Define WITHOUT_OPTIMIZED_ASM to disable assembler optimizations
===> Define WITH_PTHREADS to enable pthreads support
===> Define WITH_OPTIMIZED_CFLAGS to enable compilation optimizations
===> which is known to break some platforms (e.g., alpha)
===> Vulnerability check disabled, database not found
=> silc-toolkit-1.0.2.tar.bz2 doesn't seem to exist in
=> Attempting to fetch from
silc-toolkit-1.0.2.tar.bz2 100% of 2485 kB 138 kBps
=> MD5 Checksum OK for silc-toolkit-1.0.2.tar.bz2.
=> SHA256 Checksum OK for silc-toolkit-1.0.2.tar.bz2.
wxs at syn silc-toolkit >
> Looks like the bzipped tarball on their website has been altered -
> possibly compromised. I'm cc'ing the port maintainer, but I was unable to
> find a security address at SILC to notify them. I'm ccing their abuse and
> postmaster addresses.
Altered, yes. Compromised is a bit of a jump. Maybe they re-rolled it
for any one of an infinite number of reasons.
> I would recommend that the port be marked BROKEN until this is resolved.
Seeing as how it passes checksums for me I'm leaning towards a local
More information about the freebsd-ports