Problem with devel/silc-toolkit
Lubomir Sedlacik
salo at silcnet.org
Sun Jan 28 12:48:22 UTC 2007
hello,
On Sat, Jan 27, 2007 at 09:45:14PM -0500, Wesley Shields wrote:
> > Looks like the bzipped tarball on their website has been altered -
> > possibly compromised. I'm cc'ing the port maintainer, but I was
> > unable to find a security address at SILC to notify them. I'm ccing
> > their abuse and postmaster addresses.
it's right there, on the web site:
SILC Project -> Contact Us -> Security Issues at security at silcnet.org
> Altered, yes. Compromised is a bit of a jump. Maybe they re-rolled
> it for any one of an infinite number of reasons.
the file was _NOT_ touched since it was released. we never re-release
tarballs under the same version for this precise reason.
> > I would recommend that the port be marked BROKEN until this is
> > resolved.
>
> Seeing as how it passes checksums for me I'm leaning towards a local
> problem.
checksums of the file in the master download area match the checksums
in the FreeBSD ports tree. there is no reason to believe the file (or
the machine) was compromised.
$ cksum -a sha256 silc-toolkit-1.0.2.tar.bz2
SHA256 (silc-toolkit-1.0.2.tar.bz2) = 45b289f2c328378e5fbdfc394ff71cbb66ef7c4fdc882185dbeeb08b28d25c7a
$ cksum -a md5 silc-toolkit-1.0.2.tar.bz2
MD5 (silc-toolkit-1.0.2.tar.bz2) = 869ce01349444a28fbace3c1bfe745ff
$ cat silc-toolkit-1.0.2.tar.bz2.md5
869ce01349444a28fbace3c1bfe745ff silc-toolkit-1.0.2.tar.bz2
everything seems to indicate a local problem.
regards,
--
-- Lubomir Sedlacik <salo@{NetBSD,Xtrmntr,silcnet}.org> --
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20070128/9f7377bb/attachment.pgp
More information about the freebsd-ports
mailing list