Force ports depending on a fetch target to actually run checksum.
ClosedPublic
Actions

Authored by mat on Aug 12 2019, 4:21 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Tue, Feb 25, 1:12 AM

	Unknown Object (File)
	Sun, Feb 23, 2:50 AM

	Unknown Object (File)
	Feb 4 2025, 8:17 AM

	Unknown Object (File)
	Jan 15 2025, 12:39 PM

	Unknown Object (File)
	Dec 22 2024, 7:36 PM

	Unknown Object (File)
	Dec 21 2024, 4:32 PM

	Unknown Object (File)
	Dec 21 2024, 4:31 PM

	Unknown Object (File)
	Dec 21 2024, 4:31 PM

View All 43 Files

Subscribers

swills

Details

Reviewers

emaste
swills
antoine

Group Reviewers

portmgr

Commits

rP508820: MFH: r508819
rP508819: Force ports depending on a fetch target to actually run checksum.

Summary

This prevents a possible MITM attack described in:
https://www.reddit.com/r/BSD/comments/br62hm/freebsd_cryptographic_bypass_and_mitmbased/

Diff Detail

Repository

rP FreeBSD ports repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

mat created this revision.Aug 12 2019, 4:21 PM

Harbormaster completed remote builds in B25806: Diff 60678.Aug 12 2019, 4:21 PM

LGTM

This revision is now accepted and ready to land.Aug 12 2019, 4:26 PM

Seems reasonable to me. I might expand the comment slightly to "prevents a MITM attack on the dependency."

antoine accepted this revision.Aug 12 2019, 7:29 PM

Closed by commit rP508819: Force ports depending on a fetch target to actually run checksum. (authored by mat). · Explain WhyAug 13 2019, 10:31 AM

This revision was automatically updated to reflect the committed changes.

mat added a commit: rP508819: Force ports depending on a fetch target to actually run checksum..

mat added a commit: rP508820: MFH: r508819.

Revision Contents
Changeset List

Path

Size

Packages

head/

Mk/

Scripts/

do-depends.sh

8 lines

O5: Ports Framework

Diff 60718

View Options

head/Mk/Scripts/do-depends.sh

Force ports depending on a fetch target to actually run checksum.ClosedPublicActions