Force ports depending on a fetch target to actually run checksum.
ClosedPublic
Actions

Authored by mat on Aug 12 2019, 4:21 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Thu, Sep 25, 1:36 AM

	Unknown Object (File)
	Sep 16 2025, 1:45 PM

	Unknown Object (File)
	Sep 13 2025, 10:19 AM

	Unknown Object (File)
	Sep 10 2025, 5:32 PM

	Unknown Object (File)
	Sep 10 2025, 4:22 PM

	Unknown Object (File)
	Sep 1 2025, 9:47 AM

	Unknown Object (File)
	Jun 28 2025, 3:03 AM

	Unknown Object (File)
	Jun 26 2025, 4:21 PM

View All 59 Files

Subscribers

swills

Details

Reviewers

emaste
swills
antoine

Group Reviewers

portmgr

Commits

rP508820: MFH: r508819
rP508819: Force ports depending on a fetch target to actually run checksum.

Summary

This prevents a possible MITM attack described in:
https://www.reddit.com/r/BSD/comments/br62hm/freebsd_cryptographic_bypass_and_mitmbased/

Diff Detail

Repository

rP FreeBSD ports repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

mat created this revision.Aug 12 2019, 4:21 PM

Harbormaster completed remote builds in B25806: Diff 60678.Aug 12 2019, 4:21 PM

LGTM

This revision is now accepted and ready to land.Aug 12 2019, 4:26 PM

Seems reasonable to me. I might expand the comment slightly to "prevents a MITM attack on the dependency."

antoine accepted this revision.Aug 12 2019, 7:29 PM

Closed by commit rP508819: Force ports depending on a fetch target to actually run checksum. (authored by mat). · Explain WhyAug 13 2019, 10:31 AM

This revision was automatically updated to reflect the committed changes.

mat added a commit: rP508819: Force ports depending on a fetch target to actually run checksum..

mat added a commit: rP508820: MFH: r508819.

Revision Contents
Changeset List

Path

Size

Packages

head/

Mk/

Scripts/

do-depends.sh

8 lines

O5: Ports Framework

Diff 60718

View Options

head/Mk/Scripts/do-depends.sh

Force ports depending on a fetch target to actually run checksum.ClosedPublicActions