>Number:         19749
>Category:       pkg
>Synopsis:       failed checksum on gnupg-1.2.1 and idea.c.gz
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jan 08 18:44:00 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Rogier Krieger
>Release:        NetBSD 1.6_STABLE
>Organization:
KSV Sanctus Virgilius
>Environment:
System: NetBSD karres 1.6_STABLE NetBSD 1.6_STABLE (KARRES) #0: Fri Dec 27 13:53:52 CET 2002 root@karres:/usr/src/sys/arch/i386/compile/KARRES i386
Architecture: i386
Machine: i386
>Description:
	When trying to build gnupg-1.2.1 from recent pkgsrc to include the IDEA
	algorithm (USE_IDEA=YES), the SHA1 checksum on the downloaded idea.c.gz
	file fails.

	Updating the pkgsrc so far has not resolved the problem. It appears
	the included distinfo file is out of date, or that there is a problem
	with the file on ftp://ftp.gnupg.dk/pub/contrib-dk/idea.c.gz.

	My distinfo claims the following:
	$NetBSD: distinfo,v 1.13 2002/10/27 02:53:02 chris Exp $
	SHA1 (idea.c.gz) = cd29040234a33cbfa9b87752c8cbb2adbccd9e95
	Size (idea.c.gz) = 4538 bytes

	While in fact, I get from my distfiles/idea.c.gz:
	SHA1 (idea.c.gz) = e45ee3299433196251f39e736190bb16ee676d0a
	Size (idea.c.gz) = 4777 bytes

	My Makefile, however, is dated quite differently, 2002/12/13:
	# $NetBSD: Makefile,v 1.40 2002/12/12 14:34:49 abs Exp $

>How-To-Repeat:
	Try a `make build USE_IDEA=YES' on a current pkgsrc copy for
	the security/gnupg package.

>Fix:
	Check the correctness of the idea.c.gz file or update the
	signature listed in the distinfo file.

>Release-Note:
>Audit-Trail:
>Unformatted: