Force ports depending on a fetch target to actually run checksum.
ClosedPublic
Actions

Authored by mat on Aug 12 2019, 4:21 PM.

Tags

None

Referenced Files

	F153068502: D21230.diff
	Sat, Apr 18, 10:50 PM

	Unknown Object (File)
	Tue, Apr 14, 7:06 PM

	Unknown Object (File)
	Tue, Apr 14, 2:35 PM

	Unknown Object (File)
	Mon, Apr 13, 12:17 PM

	Unknown Object (File)
	Sat, Apr 11, 1:28 PM

	Unknown Object (File)
	Sat, Apr 11, 8:45 AM

	Unknown Object (File)
	Fri, Apr 10, 11:09 PM

	Unknown Object (File)
	Thu, Apr 9, 12:24 AM

View All 97 Files

Subscribers

swills

Details

Reviewers

emaste
swills
antoine

Group Reviewers

portmgr

Commits

rP508820: MFH: r508819
rP508819: Force ports depending on a fetch target to actually run checksum.

Summary

This prevents a possible MITM attack described in:
https://www.reddit.com/r/BSD/comments/br62hm/freebsd_cryptographic_bypass_and_mitmbased/

Diff Detail

Lint

No Lint Coverage

Unit

No Test Coverage

Build Status

Buildable 25806
Build 24378: arc lint + arc unit

Event Timeline

mat created this revision.Aug 12 2019, 4:21 PM

Harbormaster completed remote builds in B25806: Diff 60678.Aug 12 2019, 4:21 PM

LGTM

This revision is now accepted and ready to land.Aug 12 2019, 4:26 PM

Seems reasonable to me. I might expand the comment slightly to "prevents a MITM attack on the dependency."

antoine accepted this revision.Aug 12 2019, 7:29 PM

Closed by commit rP508819: Force ports depending on a fetch target to actually run checksum. (authored by mat). · Explain WhyAug 13 2019, 10:31 AM

This revision was automatically updated to reflect the committed changes.

mat added a commit: rP508819: Force ports depending on a fetch target to actually run checksum..

mat added a commit: rP508820: MFH: r508819.

Revision Contents
Changeset List

Path

Size

Mk/

Scripts/

do-depends.sh

8 lines

Diff 60678

View Options

Force ports depending on a fetch target to actually run checksum.ClosedPublicActions