Re: [eug-lug]How to find out about sf mirrors

Jacob Meuser Wed, 18 Feb 2004 16:09:27 -0800

On Wed, Feb 18, 2004 at 02:52:56PM -0801, Jacob Meuser wrote:
> I'm pretty sure I found a trojaned package on
> http://belnet.dl.sourceforge.net/
> 
> The file is /espgs/espgs-7.07.1-source.tar.gz


Actually, it looks like several sf.net mirrors have an incorrect version
of this file.

funk:~/tmp% ftp http://belnet.dl.sourceforge.net/espgs/espgs-7.07.1-source.tar.gz
Trying 193.190.198.97...
Requesting http://belnet.dl.sourceforge.net/espgs/espgs-7.07.1-source.tar.gz
100% |**************************************************|  6636 KB    01:45    
Successfully retrieved file.
funk:~/tmp% ls -l espgs-7.07.1-source.tar.gz 
-rw-r--r--  1 jakemsr  jakemsr  6795608 Feb 18 14:06 espgs-7.07.1-source.tar.gz
funk:~/tmp% ls -l /usr/ports/distfiles/gs/espgs-7.07.1-source.tar.gz 
-rw-r--r--  1 jakemsr  jakemsr  6795608 Jan 26 13:37 
/usr/ports/distfiles/gs/espgs-7.07.1-source.tar.gz
funk:~/tmp% mkdir -p espgs/belnet                                   
funk:~/tmp% mkdir -p espgs/mine  
funk:~/tmp% cd espgs/belnet 
funk:~/tmp/espgs/belnet% tar zxf ../../espgs-7.07.1-source.tar.gz 
tar: End of archive volume 1 reached
funk:~/tmp/espgs/belnet% ls 
espgs-7.07.1
funk:~/tmp/espgs/belnet% cd espgs-7.07.1 
funk:~/tmp/espgs/belnet/espgs-7.07.1% ls 
contrib
funk:~/tmp/espgs/belnet/espgs-7.07.1% cd ../../mine 
funk:~/tmp/espgs/mine% tar zxf /usr/ports/distfiles/gs/espgs-7.07.1-source.tar.gz
funk:~/tmp/espgs/mine% ls
espgs-7.07.1
funk:~/tmp/espgs/mine% cd espgs-7.07.1 
funk:~/tmp/espgs/mine/espgs-7.07.1% ls
CHANGES                    debian                     lib
INSTALL                    depcomp                    man
LICENSE                    doc                        missing
Makefile.in                examples                   mkinstalldirs
README                     ghostscript-cups.list.in   pcl3
README.espgs               ghostscript.list.in        pstoraster
autogen.sh                 ghostscript.spec           src
configure                  icclib                     toolbin
configure.ac               ijs
contrib                    install-sh
funk:~/tmp/espgs/mine/espgs-7.07.1% cd ../../
funk:~/tmp/espgs% diff -ur belnet mine | grep -v ^Only                                 
Binary files belnet/espgs-7.07.1/contrib/gsj/drivers/jpdf-0.2.1/japan1.pdf and 
mine/espgs-7.07.1/contrib/gsj/drivers/jpdf-0.2.1/japan1.pdf differ
funk:~/tmp/espgs% ls -l belnet/espgs-7.07.1/contrib/gsj/drivers/jpdf-0.2.1/japan1.pdf 
-rw-r--r--  1 jakemsr  jakemsr  264430 Jul 20  2002 
belnet/espgs-7.07.1/contrib/gsj/drivers/jpdf-0.2.1/japan1.pdf
funk:~/tmp/espgs% ls -l mine/espgs-7.07.1/contrib/gsj/drivers/jpdf-0.2.1/japan1.pdf
-rw-r--r--  1 jakemsr  jakemsr  572595 Jul 20  2002 
mine/espgs-7.07.1/contrib/gsj/drivers/jpdf-0.2.1/japan1.pdf
funk:~/tmp/espgs% 


-- 
<[EMAIL PROTECTED]>

_______________________________________________
EuG-LUG mailing list
[EMAIL PROTECTED]
http://mailman.efn.org/cgi-bin/listinfo/eug-lug

Re: [eug-lug]How to find out about sf mirrors

Reply via email to