Re: [R-pkg-devel] Possible malware(?) in a vignette

The current one on CRAN does get flagged for some low-level Sigma rules b/c of one of way a few URLs interact. I don't know if f-secure is pedantic enough to call that malicious (it probably is, though). The *current* PDF is "fine". There is a major problem with the 2020 version. The file Iñaki's

Re: [R-pkg-devel] Possible malware(?) in a vignette

Bob, I was not making assertions, I was only dismissing clearly false claims: CRAN did NOT generate the file in question, it is not a ZIP file trojan as indicated by the AV flags and content inspection did not reveal any other streams than what is usual in pdflatex output. The information about

Re: [R-pkg-devel] Possible malware(?) in a vignette

Simon, Please re-read my email. I did *not* say that CRAN *generated* that file. I said that CRAN *may* be compromised (some virus may have modified files). I did *not* claim that the report was necessarily 100% accurate. But "that page I linked" was created by a security firm, and it would be wi

Re: [R-pkg-devel] Possible malware(?) in a vignette

В Sat, 27 Jan 2024 03:52:01 -0500 Bob Rudis пишет: > Two VT sandboxes used Adobe Acrobat Reader to open the PDF and the PDF > seems to either had malicious JavaScript or had been crafted > sufficiently to caused a buffer overflow in Reader that then let it > perform other functions on those sandb

Re: [R-pkg-devel] Possible malware(?) in a vignette

Iñaki, > On Jan 27, 2024, at 11:44 PM, Iñaki Ucar wrote: > > Simon, > > Please re-read my email. I did *not* say that CRAN *generated* that file. I > said that CRAN *may* be compromised (some virus may have modified files). > I guess I should have been more clear in my response: the file co

Re: [R-pkg-devel] Possible malware(?) in a vignette

Simon: Is there a historical record of the hashes of just the PDFs that show up in the CRAN web view? Ivan: do you know what mirror NOAA used at that time to get that version of the package? Or, did they pull it "directly" from cran.r-project.org (scare-quotes only b/c DNS spoofing is and has been

Re: [R-pkg-devel] Possible malware(?) in a vignette

Apologies for being insufficiently clear. By "a file straight from NOAA" I meant a completely different PDF, , that gives the same SHA-256 hash whether downloaded by VirusTotal

Re: [R-pkg-devel] Possible malware(?) in a vignette

First, let's take a step back, because I think there is way too much confusion here. The original report was about the vignette from the poweRlaw package version 0.70.6. That package contains a vignette file d_jss_paper.pdf with the SHA256 hash 9486d99c1c1f2d1b06f0b6c5d27c54d4f6e39d69a91d7fad84

Re: [R-pkg-devel] Native pipe in package examples

See https://github.com/r-lib/httr2/blob/main/configure and https://github.com/r-lib/httr2/blob/main/tools%2Fexamples.R (and https://r-pkgs.org/misc.html#sec-misc-tools if you're not sure what you're looking at). They use a build-time script to change the examples. It looks like it just puts a hea