[MacPorts] #51886: nmap @7.12 Minor portfile fixes
MacPorts
noreply at macports.org
Thu Jul 21 10:21:46 PDT 2016
#51886: nmap @7.12 Minor portfile fixes
--------------------------+------------------------------
Reporter: gavin@… | Owner: opendarwin.org@…
Type: enhancement | Status: new
Priority: Normal | Milestone:
Component: ports | Version:
Resolution: | Keywords: haspatch
Port: nmap |
--------------------------+------------------------------
Comment (by dluke@…):
Replying to [comment:3 gavin@…]:
> Not sure what you mean regarding upstream releases but i'll take your
word for it.
If upstream provides an md5 or sha1 hash, it's useful to be able to have
the same hash in the portfile.
> I was just imagining a scenario where malicious code could be introduced
into the source taking advantage of the known hash collisions but still
making the checksum valid. I realise there's a number of very specific
conditions which would also need to be setup to make the scenario actually
exploitable but I just figured for a security related tool like this, if
possible, it would be better than not to deprecate these HMACs.
Macports validates the distfile against all of the hashes in the portfile.
For that attack to work, you'd have to generate a malicious file that
collides with each hash listed (having a weak hash like md5 or sha1
doesn't stop Macports from using the sha256 checksum).
--
Ticket URL: <https://trac.macports.org/ticket/51886#comment:4>
MacPorts <https://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list