Port build failure -- security/hydra
Ronald F. Guilmette
rfg at tristatelogic.com
Fri Oct 4 20:12:34 UTC 2013
Oh geeezzzzzzz! Things are even more screwed up with the hydra port
that I thought!
I mentioned in my prior e-mail that the size of the hydra-7.5.tar.gz
file being reported by essentially all of the mirrors that are coded
into the current hydra port is in fact 681552... *not* 681784 bytes,
which is apparently what the port is expecting and demanding.
However it appears that there is *one* and *only one* source for
the hydra-7.5.tar.gz distribution file where the size of the file
*is* in fact 681784 bytes, and that is:
https://www.thc.org/releases/hydra-7.5.tar.gz
but this is the site that apparently has its SSL certificates screwed up!
Geeeezzzz! How worrisome is it to be fetching a piece of "security"
software from a site that can't even manage to get its own SSL certs
set up or maintained properly??
How worrisome is it to be doing that when *every* other copy of the
relevant source tarball *everywhere* else on the net has a different
size??
OK, so being curious, I got *both* one of the 681552 sized copies
of this file and also one of the 681784 sized copies, and I unpacked
them both and ran "diff -rc2". The results are attached below.
Clearly, the bizzare and unexpected size differences are *not* due
to any any sneeky corruption of the source tarball. However it is
equally apparent that _somebody_ has been fiddling with the contents
of the source tarball *without* bothering to change the version number
on that.
(I don't generally believe in castration as a punishment for crimes
against humanity, but I make an exception in such cases, because there
is no excuse for this kind of shoddy workmanship. Even if the only
change is a single comma, different versions need different numbers.)
So, um, will the real hydra-7.5.tar.gz file please stand up?
============================================================================
diff -rc2 tmp0/hydra-7.5/LICENSE tmp1/hydra-7.5/LICENSE
*** tmp0/hydra-7.5/LICENSE 2013-08-02 04:35:56.000000000 -0700
--- tmp1/hydra-7.5/LICENSE 2013-08-06 07:42:44.000000000 -0700
***************
*** 1,2 ****
--- 1,7 ----
+ [see the end of the file for the special exception for linking with OpenSSL
+ - debian people need this]
+
+
+
GNU AFFERO GENERAL PUBLIC LICENSE
Version 3, 19 November 2007
***************
*** 660,661 ****
--- 665,683 ----
For more information on this, and how to apply and follow the GNU AGPL, see
<http://www.gnu.org/licenses/>.
+
+
+ Special Exception
+
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU Affero General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+
diff -rc2 tmp0/hydra-7.5/hydra.1 tmp1/hydra-7.5/hydra.1
*** tmp0/hydra-7.5/hydra.1 2013-08-02 04:35:56.000000000 -0700
--- tmp1/hydra-7.5/hydra.1 2013-08-06 00:27:33.000000000 -0700
***************
*** 94,98 ****
defines the max wait time in seconds for responses (default: 32)
.TP
! .B \-w TIME
defines a wait time between each connection a task performs. This usually
only makes sense if a low task number is used, .e.g \-t 1
--- 94,98 ----
defines the max wait time in seconds for responses (default: 32)
.TP
! .B \-W TIME
defines a wait time between each connection a task performs. This usually
only makes sense if a low task number is used, .e.g \-t 1
Files tmp0/hydra-7.5.tar.gz and tmp1/hydra-7.5.tar.gz differ
More information about the freebsd-ports
mailing list