Problem with devel/silc-toolkit

Lubomir Sedlacik salo at
Sun Jan 28 12:48:22 UTC 2007


On Sat, Jan 27, 2007 at 09:45:14PM -0500, Wesley Shields wrote:
> > Looks like the bzipped tarball on their website has been altered -
> > possibly compromised.  I'm cc'ing the port maintainer, but I was
> > unable to find a security address at SILC to notify them.  I'm ccing
> > their abuse and postmaster addresses.

it's right there, on the web site:

SILC Project -> Contact Us -> Security Issues at security at 

> Altered, yes.  Compromised is a bit of a jump.  Maybe they re-rolled
> it for any one of an infinite number of reasons.

the file was _NOT_ touched since it was released.  we never re-release
tarballs under the same version for this precise reason.

> > I would recommend that the port be marked BROKEN until this is
> > resolved.
> Seeing as how it passes checksums for me I'm leaning towards a local
> problem.

checksums of the file in the master download area match the checksums
in the FreeBSD ports tree.  there is no reason to believe the file (or
the machine) was compromised.

 $ cksum -a sha256 silc-toolkit-1.0.2.tar.bz2
 SHA256 (silc-toolkit-1.0.2.tar.bz2) = 45b289f2c328378e5fbdfc394ff71cbb66ef7c4fdc882185dbeeb08b28d25c7a
 $ cksum -a md5 silc-toolkit-1.0.2.tar.bz2
 MD5 (silc-toolkit-1.0.2.tar.bz2) = 869ce01349444a28fbace3c1bfe745ff
 $ cat silc-toolkit-1.0.2.tar.bz2.md5
 869ce01349444a28fbace3c1bfe745ff  silc-toolkit-1.0.2.tar.bz2

everything seems to indicate a local problem.


-- Lubomir Sedlacik <salo@{NetBSD,Xtrmntr,silcnet}.org>   --
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url :

More information about the freebsd-ports mailing list