Force ports depending on a fetch target to actually run checksum.
ClosedPublic
Actions

Authored by mat on Aug 12 2019, 4:21 PM.

Details

Reviewers

emaste
swills
antoine

Group Reviewers

portmgr

Commits

rP508820: MFH: r508819
rP508819: Force ports depending on a fetch target to actually run checksum.

Summary

This prevents a possible MITM attack described in:
https://www.reddit.com/r/BSD/comments/br62hm/freebsd_cryptographic_bypass_and_mitmbased/

Diff Detail

Repository

rP FreeBSD ports repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

mat created this revision.Aug 12 2019, 4:21 PM

Harbormaster completed remote builds in B25806: Diff 60678.Aug 12 2019, 4:21 PM

LGTM

This revision is now accepted and ready to land.Aug 12 2019, 4:26 PM

Seems reasonable to me. I might expand the comment slightly to "prevents a MITM attack on the dependency."

antoine accepted this revision.Aug 12 2019, 7:29 PM

Closed by commit rP508819: Force ports depending on a fetch target to actually run checksum. (authored by mat). · Explain WhyAug 13 2019, 10:31 AM

This revision was automatically updated to reflect the committed changes.

mat added a commit: rP508819: Force ports depending on a fetch target to actually run checksum..

mat added a commit: rP508820: MFH: r508819.

Revision Contents
Changeset List

Path

Size

Packages

head/

Mk/

Scripts/

do-depends.sh

8 lines

O5: Ports Framework

Diff 60718

View Options

head/Mk/Scripts/do-depends.sh

Force ports depending on a fetch target to actually run checksum.ClosedPublicActions