>Number:         20148
>Category:       pkg
>Synopsis:       pkgsrc/textproc/expat distinfo file has wrong file size and checksum
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Feb 01 03:21:00 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     David Griffith
>Release:        1.6
>Organization:
>Environment:
NetBSD zaphod 1.6 NetBSD 1.6 (GENERIC) #0: Sun Sep  8 19:43:40 UTC 2002     autobuild@tgm.daemon.org:/autobuild/i386/OBJ/autobuild/src/sys/arch/i386/compile/GENERIC i386

>Description:
Trying to make expat, the distfile downloads then the make aborts with:

=> Checksum mismatch for expat-1.95.6.tar.gz.
Make sure the Makefile and checksum file (/usr/pkgsrc/textproc/expat/distinfo)
are up to date.  If you want to override this check, type
"make NO_CHECKSUM=yes [other args]".
*** Error code 1

Stop.

I did a "make distclean" a few times, then manually downloaded the distfile just to make sure.  Yes, both filesize and checksum are different than what the pkgsrc tree thinks.
>How-To-Repeat:

>Fix:
1) (easy) Rebuild distinfo and update pkgsrc.

2) (hard) Figure out why the distinfo is incorrect.  Check for malicious code in the distfile.

Hopefully this is just a finger-fumble.
>Release-Note:
>Audit-Trail:
>Unformatted: