svn commit: r497208 - head/print/harfbuzz
Jan Beich
jbeich at FreeBSD.org
Sat Mar 30 01:25:21 UTC 2019
Charlie Li via svn-ports-all <svn-ports-all at freebsd.org> writes:
> Jan Beich wrote:
>
>> Modified: head/print/harfbuzz/distinfo
>> ==============================================================================
>> --- head/print/harfbuzz/distinfo Fri Mar 29 21:39:08 2019 (r497207)
>> +++ head/print/harfbuzz/distinfo Fri Mar 29 21:40:23 2019 (r497208)
>> @@ -1,3 +1,3 @@
>> -TIMESTAMP = 1548885104
>> -SHA256 (harfbuzz-2.3.1.tar.bz2) = f205699d5b91374008d6f8e36c59e419ae2d9a7bb8c5d9f34041b9a5abcae468
>> -SIZE (harfbuzz-2.3.1.tar.bz2) = 17942960
>> +TIMESTAMP = 1551037072
>> +SHA256 (harfbuzz-2.4.0.tar.bz2) = 336f0564189bd72024e38665e384af150b53e0c84cd5fcaa97fe5553079e4385
>> +SIZE (harfbuzz-2.4.0.tar.bz2) = 17918309
>>
> Looks like upstream modified the tarball since this commit, so fetching
> fails:
>
> => Attempting to fetch
> http://www.freedesktop.org/software/harfbuzz/release/harfbuzz-2.4.0.tar.bz2
> fetch:
> http://www.freedesktop.org/software/harfbuzz/release/harfbuzz-2.4.0.tar.bz2:
> size mismatch: expected 17918309, actual 17922003
https://people.freebsd.org/~jbeich/harfbuzz-2.4.0.tar.bz2 (temporary copy)
Based on contents it was master snapshot without files generated by autotools.
A good way to protect against such accidents is to not trust upstream artifacts
by using USE_GITHUB=yes.
More information about the svn-ports-all
mailing list