About changing md5sum's
Jan Eidtmann
cmak at lunar-linux.org
Thu May 13 14:06:47 GMT 2004
hi!
ok, next time!
thx for the tip!
cmak
Am Donnerstag, 13. Mai 2004 09:33 schrieb Jerry Lundström:
> Hi ppl,
>
> This may sound very paranoid but please, when packages change md5sum and
> they DON'T change version, please read thru all the change.
>
> As the example shows below it takes the recent changed module doxygen,
> Im not blaming you in anyway cmak but if you had looked at the diff youd
> see that it was very wrongly packaged. The included several generated
> files that should be generated on doing make. And since they just added
> them without doing a version update that can mean code
> insertion/exploits. This is why we have md5sum, to tell us that
> something is wrong. We need to get better at this since we are a
> source-based dist.
>
> Unpack the package we had before into one dir maybe called module.orig,
> then unpack the new into module and do:
>
> diff -urN module.orig module | less
>
> This will give you a list of all change, for ppl that dont know diff its
> pritty easy.
>
> A diff starts with the diff command it self, for example:
> diff -urN doxygen-1.3.7.orig/INSTALL doxygen-1.3.7/INSTALL
>
> then we have the + - header of the file with dates etc etc:
> --- doxygen-1.3.7.orig/INSTALL 2004-05-08 04:40:07.000000000 +0200
> +++ doxygen-1.3.7/INSTALL 2004-05-08 10:56:47.000000000 +0200
>
> after that we have the change in the file, all change starts with a
> index line:
> @@ -4,4 +4,4 @@
>
> and then the change, first char is either a space, + or -. Space is no
> change, + adds that line and - removes it:
> (http://www.doxygen.org/install.html) for instructions.
>
> --------
> -Dimitri van Heesch (07 May 2004)
> +Dimitri van Heesch (08 May 2004)
>
>
> Thats all folks, be safe and secure!
> _______________________________________________
> Lunar-dev mailing list
> Lunar-dev at lunar-linux.org
> http://dbguin.lunar-linux.org/mailman/listinfo/lunar-dev
More information about the Lunar-dev
mailing list