[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Upgrading to Wheezy issues


> md5sum says:
> ~> md5sum slbackup_0.0.12-5~edu70+1_all.deb
> *7e72a33d83d3185abe66278c1b01b67e* slbackup_0.0.12-5~edu70+1_all.deb
> but
> http://ftp.skolelinux.org/skolelinux/dists/wheezy/local/binary-amd64/Package
> s states
> MD5sum: *83d3185abe66278c1b01b67e98d69f57*
> SHA1: a23c8598901c18fa16dc18128e6b668ef2de7f61
> SHA256: 4dc74d5da14c7b8d5bcc55fcfc40660991255d074142d9f0b2461e3200000000
> Only the SHA512 value matches the one we calculated locally, MD5, SHA1
> and SHA256 are screwed.
> There is an indication that there might be somewhere something broken
> with string manipulation as e.g. the MD5 sums we got match a substring
> of the one given on the project web page. This gets more obvious if
> written like this:
> 7e72a33d *83d3185abe66278c1b01b67e*
> ........ *83d3185abe66278c1b01b67e*  98d69f57

Yeah, looking closer, it's all eight characters off somewhere (check the eight 
0s at the end of the sha256 hash).

Cute bug :D!

@pere, if you give me a hint on where the Packages index is generated, I'd 
look at it.


PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Mobil: +49-1520-1981389

Teckids e.V. · FrOSCon e.V. · OpenRheinRuhr e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Contributor

LPIC-3 Linux Enterprise Professional (Security)

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: