Subject: Re: How to compute the checksum of patch files
To: Jeremy C. Reed <>
From: Roland Illig <>
List: tech-pkg
Date: 12/01/2005 10:42:50
Jeremy C. Reed wrote:
> On Thu, 1 Dec 2005, Roland Illig wrote:
>> currently the algorithms used for calculating the checksums of patch 
>> files differ between pkgtools/pkglint and the rest of pkgsrc. I think 
>> the pkglint way is "more correct".
>> others:  ${SED} -e '/\$$NetBSD.*/d' $$patchfile | ${DIGEST} $$alg
>> pkglint: ${SED} -e '/^\$$NetBSD.*/d' $$patchfile | ${DIGEST} $$alg
> Maybe instead of just checking for $NetBSD at beginning of line, only 
> check for that on the first line.
> If $NetBSD for some reason or another was starting another line in a 
> diff, someone could abuse it. Imagine in a shell script:
> $NetBSD rm whatever
> Maybe this doesn't matter as maybe someone couldn't add a new line to a 
> diff without breaking the patch(1) use of it.

Since only lines starting with "---", "+++", "***", " ", "@", "-" or "+" 
are relevant to patch(1) I am awaiting your proof-of-concept exploit. :)