glimpse: Unable to verify file checksums

[joshmoz@…]

Can't install glimpse because of a checksum error. Looks like this has happened to glimpse before but the other tickets are closed out as fixed. This is using port 1.600 on Mac OS X 10.5.3.

[ryandesign (Ryan Carsten Schmidt)]

I don't get a checksum error; I get a fetch failure.

[jlmuir@…]

Replying to joshmoz@gmail.com:

Can't install glimpse because of a checksum error. Looks like this has happened to glimpse before but the other tickets are closed out as fixed. This is using port 1.600 on Mac OS X 10.5.3.

I have the same problem. I'm using MacPorts 1.6 on Mac OS X 10.5.4.

I downloaded the tar.gz file by hand and confirmed that the MD5 checksum does not match what is in the glimpse Portfile (checksums md5 10204ab813f3bbb558e22dedf19d1dfb):

$ curl -O http://webglimpse.net/trial/glimpse-4.18.5.tar.gz
$ md5 glimpse-4.18.5.tar.gz 
MD5 (glimpse-4.18.5.tar.gz) = 47cb8199fc7359b6fab8710501a89310

[jlmuir@…]

Cc Me!

[ryandesign (Ryan Carsten Schmidt)]

It seems that webglimpse.net has been hacked and the glimpse-4.18.5.tar.gz distfile has been replaced with a different one by the hacker. The contents of the archive differs in several places from the file with the correct checksum, most notably in the file index/index.chronicle, whose contents, in the distfile currently available from webglimpse.net, reads "Owned by nEt^DeViL .. Just testing your Security .. Peace ! .. net_devil@hackermail.com"

[ryandesign (Ryan Carsten Schmidt)]

I fixed the port in r39717: I found a mirror that still had the old distfile changed the master_sites to use that. Now the correct distfile has also been fetched to the MacPorts distfiles mirror, so that will further prevent the problem from recurring.

I informed the developers of glimpse of the compromised file on their site by using the contact form on their web site.

[(none)]

Milestone Port Bugs deleted