Summary: | portage not checking md5 checksums ? | ||
---|---|---|---|
Product: | Portage Development | Reporter: | Thorsten Ebers <tebers> |
Component: | Unclassified | Assignee: | Nicholas Jones (RETIRED) <carpaski> |
Status: | RESOLVED WORKSFORME | ||
Severity: | critical | CC: | h3y, vapier |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Thorsten Ebers
2002-11-13 15:31:48 UTC
Nothing here that says anything useful. Reopen if there's a reason and an explanation. our sources dont contain the trojan which is why the package was accepted :P in fact if you read the report you'll notice it says this: Good sources: http://www.ibiblio.org/pub/Linux/distributions/gentoo/distfiles/libpcap-0.7.1.tar.gz http://www.ibiblio.org/pub/Linux/distributions/gentoo/distfiles/tcpdump-3.6.2.tar.gz http://www.ibiblio.org/pub/Linux/distributions/gentoo/distfiles/tcpdump-3.7.1.tar.gz well maybe ist the ebuild.
but with other ebuild i get a line saying something like
>>> md5 ;-) <downloaded tarball>
but with this i dont get it. And even if the donwload of tcpdump is from the
right source, should not be an excuse having not the md5 verification.
works over here ... what version of portage you running ? root@vapier root # ls /usr/portage/distfiles/tcpdump-3.7.1.tar.gz /usr/portage/distfiles/tcpdump-3.7.1.tar.gz root@vapier root # emerge tcpdump Calculating dependencies ...done! >>> emerge (1 of 1) net-analyzer/tcpdump-3.7.1 to / >>> md5 ;-) tcpdump-3.7.1.tar.gz root@vapier root # rm /usr/portage/distfiles/tcpdump-3.7.1.tar.gz root@vapier root # emerge tcpdump Calculating dependencies ...done! >>> emerge (1 of 1) net-analyzer/tcpdump-3.7.1 to / >>> Downloading ftp://ftp.ibiblio.org/pub/Linux/distributions/gentoo/distfiles/t cpdump-3.7.1.tar.gz --11:02:22-- ftp://ftp.ibiblio.org/pub/Linux/distributions/gentoo/distfiles/tcp dump-3.7.1.tar.gz => `/usr/portage/distfiles/tcpdump-3.7.1.tar.gz' Resolving ftp.ibiblio.org... done. Connecting to ftp.ibiblio.org[152.2.210.81]:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD /pub/Linux/distributions/gentoo/distfiles ... done . ==> PASV ... done. ==> RETR tcpdump-3.7.1.tar.gz ... done. Length: 428,737 (unauthoritative) 100%[====================================>] 428,737 64.19K/s ETA 00:00 11:02:30 (64.19 KB/s) - `/usr/portage/distfiles/tcpdump-3.7.1.tar.gz' saved [428737] >>> md5 ;-) tcpdump-3.7.1.tar.gz Portage 2.0.44 (default-x86-1.4, gcc-3.2, glibc-2.2.5-r4,2.2.5-r7) can you verify this still happens with 2.0.4{6,7} ? well re-open if you can define a procedure that is reproducable |