<pre style='margin:0'>
Joshua Root (jmroot) pushed a commit to branch master
in repository macports-base.
</pre>
<p><a href="https://github.com/macports/macports-base/commit/1dcfc29f0aeb58da68dd1fcc796194a8b5c18549">https://github.com/macports/macports-base/commit/1dcfc29f0aeb58da68dd1fcc796194a8b5c18549</a></p>
<pre style="white-space: pre; background: #F8F8F8"><span style='display:block; white-space:pre;color:#808000;'>commit 1dcfc29f0aeb58da68dd1fcc796194a8b5c18549
</span>Author: Joshua Root <jmr@macports.org>
AuthorDate: Sat Sep 8 09:16:41 2018 +1000
<span style='display:block; white-space:pre;color:#404040;'> lint: don't assume all default checksums are secure
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> Size is in fact the least secure type.
</span>---
src/port1.0/portchecksum.tcl | 2 ++
src/port1.0/portlint.tcl | 12 +++++-------
2 files changed, 7 insertions(+), 7 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/src/port1.0/portchecksum.tcl b/src/port1.0/portchecksum.tcl
</span><span style='display:block; white-space:pre;color:#808080;'>index 986890a..b4b56ce 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/src/port1.0/portchecksum.tcl
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/src/port1.0/portchecksum.tcl
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -47,6 +47,8 @@ namespace eval portchecksum {
</span> # types to recommend if none are specified in the portfile
variable default_checksum_types [list rmd160 sha256 size]
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ # types that are considered secure
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ variable secure_checksum_types [list rmd160 sha256]
</span> }
# Options
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/src/port1.0/portlint.tcl b/src/port1.0/portlint.tcl
</span><span style='display:block; white-space:pre;color:#808080;'>index 2083740..65e8009 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/src/port1.0/portlint.tcl
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/src/port1.0/portlint.tcl
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -124,22 +124,20 @@ proc portlint::seems_utf8 {str} {
</span> # Returns an empty list if no issues are found.
proc portlint::lint_checksum_type_list {types} {
set issues [list]
<span style='display:block; white-space:pre;background:#ffe0e0;'>- set using_recc false
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set using_secure false
</span>
foreach preferred $portchecksum::default_checksum_types {
<span style='display:block; white-space:pre;background:#ffe0e0;'>- if {$preferred in $types} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- set using_recc true
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span> if {$preferred ni $types} {
lappend issues "missing recommended checksum type: $preferred"
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ } elseif {$preferred in $portchecksum::secure_checksum_types} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set using_secure true
</span> }
}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- if {!$using_recc} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {!$using_secure} {
</span> foreach type $types {
if {$type ni $portchecksum::default_checksum_types} {
<span style='display:block; white-space:pre;background:#ffe0e0;'>- lappend issues "checksum type is deprecated: $type"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ lappend issues "checksum type is insecure on its own: $type"
</span> }
}
}
</pre><pre style='margin:0'>
</pre>