| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-SWARE-Spam-Status: | No, hits=-1.5 required=5.0 tests=AWL,BAYES_00,EXECUTABLE_URI,SPF_PASS |
| X-Spam-Check-By: | sourceware.org |
| Message-ID: | <4AA8D0D8.8090902@gmail.com> |
| Date: | Thu, 10 Sep 2009 11:11:36 +0100 |
| From: | Dave Korn <dave DOT korn DOT cygwin AT googlemail DOT com> |
| User-Agent: | Thunderbird 2.0.0.17 (Windows/20080914) |
| MIME-Version: | 1.0 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: setup.exe hijacked? |
| References: | <7515D3C005374AED9E2BCFDA491CCF2F AT st DOT com> |
| In-Reply-To: | <7515D3C005374AED9E2BCFDA491CCF2F@st.com> |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
Michael PARKER wrote:
> I've just tried downloading setup.exe from www.cygwin.com, only to find that it crashes when run on my WinXP x64 desktop.
>
> Verifying against the setup.exe.sig signature I see the following:
>
>> gpg --verify setup.exe.sig setup.exe
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> gpg: Signature made Tue Jun 16 03:50:01 2009 GMTDT using DSA key ID 676041BA
> gpg: BAD signature from "Cygwin <cygwin AT cygwin DOT com>
>
> Running a diff on the "strings" output of the new file vs. a "known good" version of setup.exe, I see (amongst garbage) the following:
> Any thoughts?
I can't reproduce this locally:
> $ wget http://cygwin.com/setup.exe
> --2009-09-10 11:09:45-- http://cygwin.com/setup.exe
> Resolving cygwin.com... 209.132.176.174
> Connecting to cygwin.com|209.132.176.174|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 585728 (572K) [application/octet-stream]
> Saving to: `setup.exe'
>
> 100%[======================================>] 585,728 121K/s in 5.2s
>
> 2009-09-10 11:09:51 (110 KB/s) - `setup.exe' saved [585728/585728]
>
>
> admin AT ubik /tmp
> $ wget http://cygwin.com/setup.exe.sig
> --2009-09-10 11:09:51-- http://cygwin.com/setup.exe.sig
> Resolving cygwin.com... 209.132.176.174
> Connecting to cygwin.com|209.132.176.174|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 65 [application/octet-stream]
> Saving to: `setup.exe.sig'
>
> 100%[======================================>] 65 --.-K/s in 0s
>
> 2009-09-10 11:09:51 (1.30 MB/s) - `setup.exe.sig' saved [65/65]
>
>
> admin AT ubik /tmp
> $ gpg --verify setup.exe.sig
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> gpg: Signature made Tue Jun 16 03:50:01 2009 GMTDT using DSA key ID 676041BA
> gpg: Good signature from "Cygwin <cygwin AT cygwin DOT com>"
>
> admin AT ubik /tmp
> $
How did you download it? I would suspect your browser is hijacked; try wget.
cheers,
DaveK
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |