Re: [7.0] Openldap client

[Konrad Heuer]

On Fri, 11 Apr 2008, Paul Schmehl wrote:

--On Friday, April 11, 2008 16:03:24 +0200 Konrad Heuer <[EMAIL PROTECTED]> 
wrote:




On Fri, 11 Apr 2008, [EMAIL PROTECTED] wrote:


I'm unbale to install nss_ldap from padl. I've error :
=> nss_ldap-257.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch from http://www.padl.com/download/.
fetch: http://www.padl.com/download/nss_ldap-257.tar.gz: size mismatch:
expected 229242, actual   229299

Anyone, can tell me, how to install openldap client on Freebsd 7-Stable ?


I do not know why /usr/ports/net/nss_ldap/distinfo contains a different 
file

size (and probably inappropriate checksums), but you can just edit
/usr/ports/net/nss_ldap/distinfo and put in what you find (start with size
only, later by using md5 and sha256 utilities in /sbin to calculate 
checksums

after the file has been fetched /usr/ports/distfiles).


The answer to that is obvious.  The size and checksums are different because 
the *file* is different.  That means that the file he's trying to download 
hasn't been vetted by the maintainer to ensure that it's not compromised.


The way to solve this problem is (in the order you should do them)
1) Update your ports to see if the maintainer has corrected the problem
2) Download the source code and compare it with the md5sum of the vendor to 
ensure that it's not compromised.  If the checksum matches, go into the port 
directory and run "make makesum" to update the distinfo file.  (No need to 
reinvent the wheel.)
3) Use DISABLE_VULNERABILITIES to foolishly install the software without 
first verifying that it hasn't been compromised.


I'm thinking option one is probably best:

# make
=> nss_ldap-257.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch from http://www.padl.com/download/.
nss_ldap-257.tar.gz   100% of  223 kB   36 kBps
===>  Extracting for nss_ldap-1.257
=> MD5 Checksum OK for nss_ldap-257.tar.gz.
=> SHA256 Checksum OK for nss_ldap-257.tar.gz.

--
Paul Schmehl ([EMAIL PROTECTED])
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/


1. I use FreeBSD for more than 10 years now and know that sometimes ports
   are not updated as soon as I need them, especially if you need to fix
   a security problem quickly. Thus sometimes I need to do what I wrote.

2. I mentioned the problem of security. You did not quote this part of
   my mail in your reply and this is not correct!

Konrad Heuer
GWDG, Am Fassberg, 37077 Goettingen, Germany, [EMAIL PROTECTED]

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: [7.0] Openldap client

[karim . bourenane]

Hi Paul

Thanks you for your reply.
I updated all ports with csup, and now is good for nss_pam package.

I see on Freebsd gnat report same problem :
http://www.freebsd.org/cgi/query-pr.cgi?pr=117886

Best Regards, thanks you for all help

Karim Bourenane
Orange Business Services / Equant
RO&SI / IBNF / ENO / GNS
112 Avenue Charles de Gaules
92200 Neuilly S/Seine
Phone: +33156 76 35 52
Fax:   +33156 76 35 04
http://www.equant.com





   
Paul Schmehl
   
<[EMAIL PROTECTED]> 
  
11/04/2008 16:31   To: Konrad Heuer <[EMAIL 
PROTECTED]>, [EMAIL PROTECTED]  
   cc: 
freebsd-questions@freebsd.org   

   bcc: 
   
   Subject:  Re: [7.0] Openldap 
client 

   

   




--On Friday, April 11, 2008 16:03:24 +0200 Konrad Heuer <[EMAIL PROTECTED]> 
wrote:

>
> On Fri, 11 Apr 2008, [EMAIL PROTECTED] wrote:
>
>> I'm unbale to install nss_ldap from padl. I've error :
>> => nss_ldap-257.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
>> => Attempting to fetch from http://www.padl.com/download/.
>> fetch: http://www.padl.com/download/nss_ldap-257.tar.gz: size mismatch:
>> expected 229242, actual   229299
>>
>> Anyone, can tell me, how to install openldap client on Freebsd 7-Stable ?
>
> I do not know why /usr/ports/net/nss_ldap/distinfo contains a different file
> size (and probably inappropriate checksums), but you can just edit
> /usr/ports/net/nss_ldap/distinfo and put in what you find (start with size
> only, later by using md5 and sha256 utilities in /sbin to calculate checksums
> after the file has been fetched /usr/ports/distfiles).

The answer to that is obvious.  The size and checksums are different because
the *file* is different.  That means that the file he's trying to download
hasn't been vetted by the maintainer to ensure that it's not compromised.

The way to solve this problem is (in the order you should do them)
1) Update your ports to see if the maintainer has corrected the problem
2) Download the source code and compare it with the md5sum of the vendor to
ensure that it's not compromised.  If the checksum matches, go into the port
directory and run "make makesum" to update the distinfo file.  (No need to
reinvent the wheel.)
3) Use DISABLE_VULNERABILITIES to foolishly install the software without first
verifying that it hasn't been compromised.

I'm thinking option one is probably best:

# make
=> nss_ldap-257.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch from http://www.padl.com/download/.
nss_ldap-257.tar.gz   100% of  223 kB   36 kBps
===>  Extracting for nss_ldap-1.257
=> MD5 Checksum OK for nss_ldap-257.tar.gz.
=> SHA256 Checksum OK for nss_ldap-257.tar.gz.

--
Paul Schmehl ([EMAIL PROTECTED])
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/





___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: [7.0] Openldap client

[Paul Schmehl]

--On Friday, April 11, 2008 16:03:24 +0200 Konrad Heuer <[EMAIL PROTECTED]> 
wrote:



On Fri, 11 Apr 2008, [EMAIL PROTECTED] wrote:


I'm unbale to install nss_ldap from padl. I've error :
=> nss_ldap-257.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch from http://www.padl.com/download/.
fetch: http://www.padl.com/download/nss_ldap-257.tar.gz: size mismatch:
expected 229242, actual   229299

Anyone, can tell me, how to install openldap client on Freebsd 7-Stable ?


I do not know why /usr/ports/net/nss_ldap/distinfo contains a different file
size (and probably inappropriate checksums), but you can just edit
/usr/ports/net/nss_ldap/distinfo and put in what you find (start with size
only, later by using md5 and sha256 utilities in /sbin to calculate checksums
after the file has been fetched /usr/ports/distfiles).


The answer to that is obvious.  The size and checksums are different because 
the *file* is different.  That means that the file he's trying to download 
hasn't been vetted by the maintainer to ensure that it's not compromised.


The way to solve this problem is (in the order you should do them)
1) Update your ports to see if the maintainer has corrected the problem
2) Download the source code and compare it with the md5sum of the vendor to 
ensure that it's not compromised.  If the checksum matches, go into the port 
directory and run "make makesum" to update the distinfo file.  (No need to 
reinvent the wheel.)
3) Use DISABLE_VULNERABILITIES to foolishly install the software without first 
verifying that it hasn't been compromised.


I'm thinking option one is probably best:

# make
=> nss_ldap-257.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch from http://www.padl.com/download/.
nss_ldap-257.tar.gz   100% of  223 kB   36 kBps
===>  Extracting for nss_ldap-1.257
=> MD5 Checksum OK for nss_ldap-257.tar.gz.
=> SHA256 Checksum OK for nss_ldap-257.tar.gz.

--
Paul Schmehl ([EMAIL PROTECTED])
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: [7.0] Openldap client

[Jonathan McKeown]

On Friday 11 April 2008 16:03, Konrad Heuer wrote:
> On Fri, 11 Apr 2008, [EMAIL PROTECTED] wrote:
>
> > fetch: http://www.padl.com/download/nss_ldap-257.tar.gz: size mismatch:
> > expected 229242, actual   229299
> >
> > Anyone, can tell me, how to install openldap client on Freebsd 7-Stable ?
>
> I do not know why /usr/ports/net/nss_ldap/distinfo contains a different
> file size (and probably inappropriate checksums), but you can just edit
> /usr/ports/net/nss_ldap/distinfo and put in what you find (start with size
> only, later by using md5 and sha256 utilities in /sbin to calculate
> checksums after the file has been fetched /usr/ports/distfiles).

Check  - the most recent checkin 
message (2007-12-16) states that the original author rerolled the distfile 
without making any changes.

There are at least a couple of ports where distributors sometimes repackage 
the source tarball and don't bother to change the version number because they 
haven't changed anything else. You can either choose to ignore, or manually 
change, the filesize and checksum, or just bring the ports tree up to date 
and try again.

Jonathan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: [7.0] Openldap client

[Konrad Heuer]

On Fri, 11 Apr 2008, [EMAIL PROTECTED] wrote:


I'm unbale to install nss_ldap from padl. I've error :
=> nss_ldap-257.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch from http://www.padl.com/download/.
fetch: http://www.padl.com/download/nss_ldap-257.tar.gz: size mismatch: 
expected 229242, actual   229299

Anyone, can tell me, how to install openldap client on Freebsd 7-Stable ?


I do not know why /usr/ports/net/nss_ldap/distinfo contains a different 
file size (and probably inappropriate checksums), but you can just edit 
/usr/ports/net/nss_ldap/distinfo and put in what you find (start with size 
only, later by using md5 and sha256 utilities in /sbin to calculate 
checksums after the file has been fetched /usr/ports/distfiles).


You can also build from the ports collection with make options to ignore 
size and checksums but I forgot them. ;-)


Of course distinfo is there no just for fun but for security. So you must 
decide whether you modify the file or not.


Best regards

Konrad Heuer
GWDG, Am Fassberg, 37077 Goettingen, Germany, [EMAIL PROTECTED]

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

[7.0] Openldap client

[karim . bourenane]

Hi Team

I'm unbale to install nss_ldap from padl. I've error :
=> nss_ldap-257.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch from http://www.padl.com/download/.
fetch: http://www.padl.com/download/nss_ldap-257.tar.gz: size mismatch: 
expected 229242, actual   229299

Anyone, can tell me, how to install openldap client on Freebsd 7-Stable ?

Thanks

Regards

Karim Bourenane
Orange Business Services / Equant
RO&SI / IBNF / ENO / GNS
112 Avenue Charles de Gaules
92200 Neuilly S/Seine
Phone: +33156 76 35 52
Fax:   +33156 76 35 04
http://www.equant.com




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"