NetBSD Problem Report #49220

From kre@munnari.OZ.AU  Fri Sep 19 10:45:55 2014
Return-Path: <kre@munnari.OZ.AU>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 1675FA656A
	for <gnats-bugs@gnats.NetBSD.org>; Fri, 19 Sep 2014 10:45:55 +0000 (UTC)
Message-Id: <201409191043.s8JAhtj9015031@munnari.OZ.AU>
Date: Fri, 19 Sep 2014 17:43:55 +0700 (ICT)
From: kre@munnari.OZ.AU
To: gnats-bugs@gnats.NetBSD.org
Subject: devel/deforaos-libsystem distfile checksum error
X-Send-Pr-Version: 3.95

>Number:         49220
>Category:       pkg
>Synopsis:       devel/deforaos-libsystem distfile checksum error
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    khorben
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Sep 19 10:50:00 +0000 2014
>Closed-Date:    Mon Mar 28 22:00:44 +0000 2016
>Last-Modified:  Mon Mar 28 22:00:44 +0000 2016
>Originator:     Robert Elz
>Release:        NetBSD 6.99.30 (irrelevant) (pkgsrc current (HEAD) 2014-09-19)
>Organization:
	Prince of Songkla University
>Environment:


System: NetBSD munnari.OZ.AU 6.99.30 NetBSD 6.99.30 (MUNNARI-DomU) #0: Mon Feb 3 19:19:20 ICT 2014 kre@onyx.coe.psu.ac.th:/usr/obj/current/kernels/amd64/MUNNARI-DomU amd64
Architecture: x86_64
Machine: amd64
>Description:
	The distinfo file for devel/deforaos-libsystem expects the
	distfile to be 60538 - the file fetched is actually 60539
	bytes ... needless to say the checksums do not match.

>How-To-Repeat:
	mv ..../distfiles/libSystem-0.2.0.tar.gz /somewhere/safe/.
	cd ..../pkgsrc/devel/deforaos-libsystem
	make checksum

>Fix:
	Find out what changed in the distfile from the version that was
	used to build the package, to the version that is being
	distributed now, and assuming the change is benign, update
	the distinfo file (given the timing of this problem compared
	with the package update, I doubt anyone but the updater has the
	original distfile, so neither a DIST_SUBDIR nor a revbump
	should be needed).   Certainly f.n.o didn't manage to fetch the
	original distfile, which suggests that it changed on the master
	site before the update to the package was actually committed.

	Should it appear that the distfile has been hacked (or similar)
	report it upstream, and put the original on f.n.o

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: pkg-manager->khorben
Responsible-Changed-By: ryoon@NetBSD.org
Responsible-Changed-When: Tue, 23 Sep 2014 07:02:34 +0000
Responsible-Changed-Why:
Over to maintainer


From: Pierre Pronchery <khorben@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc: ryoon@NetBSD.org, pkg-manager@netbsd.org, pkgsrc-bugs@netbsd.org, 
 gnats-admin@netbsd.org, kre@munnari.OZ.AU
Subject: Re: pkg/49220 (devel/deforaos-libsystem distfile checksum error)
Date: Tue, 23 Sep 2014 18:58:26 +0200

 On 23/09/2014 09:02, ryoon@NetBSD.org wrote:
 > Synopsis: devel/deforaos-libsystem distfile checksum error
 > 
 > Responsible-Changed-From-To: pkg-manager->khorben
 > Responsible-Changed-By: ryoon@NetBSD.org
 > Responsible-Changed-When: Tue, 23 Sep 2014 07:02:34 +0000
 > Responsible-Changed-Why:
 > Over to maintainer

 Thanks for the report, I'm having a look...

 -- 
 khorben

From: Pierre Pronchery <khorben@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc: gnats-admin@netbsd.org, pkgsrc-bugs@netbsd.org, kre@munnari.OZ.AU
Subject: Re: pkg/49220 (devel/deforaos-libsystem distfile checksum error)
Date: Tue, 23 Sep 2014 19:10:56 +0200

 On 23/09/2014 19:05, Pierre Pronchery wrote:
 > The following reply was made to PR pkg/49220; it has been noted by GNATS.
 > 
 > From: Pierre Pronchery <khorben@netbsd.org>
 > To: gnats-bugs@NetBSD.org
 > Cc: ryoon@NetBSD.org, pkg-manager@netbsd.org, pkgsrc-bugs@netbsd.org, 
 >  gnats-admin@netbsd.org, kre@munnari.OZ.AU
 > Subject: Re: pkg/49220 (devel/deforaos-libsystem distfile checksum error)
 > Date: Tue, 23 Sep 2014 18:58:26 +0200
 > 
 >  On 23/09/2014 09:02, ryoon@NetBSD.org wrote:
 >  > Synopsis: devel/deforaos-libsystem distfile checksum error
 >  > 
 >  > Responsible-Changed-From-To: pkg-manager->khorben
 >  > Responsible-Changed-By: ryoon@NetBSD.org
 >  > Responsible-Changed-When: Tue, 23 Sep 2014 07:02:34 +0000
 >  > Responsible-Changed-Why:
 >  > Over to maintainer
 >  
 >  Thanks for the report, I'm having a look...

 The original size on the server is 60538 bytes, while the SHA1 sum is
 c264070ff4034fbdc97aae3f7e694f84e7898365 as found in the distinfo file.
 The distinfo file is therefore correct.

 However, there seems to be a problem with the server-side code serving
 this file with some clients in particular. Mozilla Firefox 24 issues me
 a doubly gzip-encoded file, which is obviously wrong.

 I am therefore keeping this bug report open while I try to fix the issue
 with the server.

 Sorry for the inconvenience,
 -- 
 khorben

From: Robert Elz <kre@munnari.OZ.AU>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: pkg/49220 (devel/deforaos-libsystem distfile checksum error)
Date: Wed, 24 Sep 2014 10:24:54 +0700

     Date:        Tue, 23 Sep 2014 17:15:01 +0000 (UTC)
     From:        Pierre Pronchery <khorben@netbsd.org>
     Message-ID:  <20140923171501.29E8BA655F@mollari.NetBSD.org>

   |  I am therefore keeping this bug report open while I try to fix the issue
   |  with the server.

 That's fine - if it matters, my client was the normal pkgsrc ftp (from
 6.99.something).  There is no urgency about fixing this for me, I just
 fetch every distfile there is to fetch (kind of like f.n.o does, except
 I also fetch the non-redistributable ones).

 kre

From: Robert Elz <kre@munnari.OZ.AU>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: pkg/49220 (devel/deforaos-libsystem distfile checksum error)
Date: Wed, 24 Sep 2014 21:44:05 +0700

     Date:        Tue, 23 Sep 2014 17:15:01 +0000 (UTC)
     From:        Pierre Pronchery <khorben@netbsd.org>
     Message-ID:  <20140923171501.29E8BA655F@mollari.NetBSD.org>

   |  However, there seems to be a problem with the server-side code serving
   |  this file with some clients in particular. Mozilla Firefox 24 issues me
   |  a doubly gzip-encoded file, which is obviously wrong.

 I did a little more investigating too ... if I use wget to fetch it
 comes correctly - with whatever pkgsrc uses by default (either the
 standard ftp client, or something using libfetch - whatever it is) the
 sole difference (that makes the sizes different, and alters the checksum)
 is that a '1' (0x31) is appended to the file.   gzip just says
 	trailing garbage ignored
 and otherwise unpacks the file (seemingly) fine (I have not tried to
 untar it to verify, but it is likely to be OK).

 Maybe someone might recognise what might be appending a '1' at the end of
 a file fetched using ftp (or whatever) using HTTP (port 80) - or what the
 server might be doing, which apparently depends upon the client, that would
 cause the file to get sent differently.

 kre

State-Changed-From-To: open->closed
State-Changed-By: khorben@NetBSD.org
State-Changed-When: Mon, 28 Mar 2016 22:00:44 +0000
State-Changed-Why:
I believe this is fixed by now.


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.