Force ports depending on a fetch target to actually run checksum.
ClosedPublic
Actions

Authored by mat on Aug 12 2019, 4:21 PM.

Tags

None

Referenced Files

	F149168104: D21230.id60718.diff
	Sun, Mar 22, 5:39 PM

	Unknown Object (File)
	Wed, Mar 18, 7:40 AM

	Unknown Object (File)
	Tue, Mar 17, 7:35 PM

	Unknown Object (File)
	Sun, Mar 15, 6:56 AM

	Unknown Object (File)
	Sat, Mar 14, 11:41 PM

	Unknown Object (File)
	Tue, Mar 3, 8:39 AM

	Unknown Object (File)
	Tue, Mar 3, 3:36 AM

	Unknown Object (File)
	Sat, Feb 28, 9:40 PM

View All 85 Files

Subscribers

swills

Details

Reviewers

emaste
swills
antoine

Group Reviewers

portmgr

Commits

rP508820: MFH: r508819
rP508819: Force ports depending on a fetch target to actually run checksum.

Summary

This prevents a possible MITM attack described in:
https://www.reddit.com/r/BSD/comments/br62hm/freebsd_cryptographic_bypass_and_mitmbased/

Diff Detail

Repository

rP FreeBSD ports repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

mat created this revision.Aug 12 2019, 4:21 PM

Harbormaster completed remote builds in B25806: Diff 60678.Aug 12 2019, 4:21 PM

LGTM

This revision is now accepted and ready to land.Aug 12 2019, 4:26 PM

Seems reasonable to me. I might expand the comment slightly to "prevents a MITM attack on the dependency."

antoine accepted this revision.Aug 12 2019, 7:29 PM

Closed by commit rP508819: Force ports depending on a fetch target to actually run checksum. (authored by mat). · Explain WhyAug 13 2019, 10:31 AM

This revision was automatically updated to reflect the committed changes.

mat added a commit: rP508819: Force ports depending on a fetch target to actually run checksum..

mat added a commit: rP508820: MFH: r508819.

Revision Contents
Changeset List

Path

Size

Packages

head/

Mk/

Scripts/

do-depends.sh

8 lines

O5: Ports Framework

Diff 60718

View Options

head/Mk/Scripts/do-depends.sh

Force ports depending on a fetch target to actually run checksum.ClosedPublicActions