Emery Hemingway 80b3994500 prepare_port: prefer SHA256 file verification ... SHA1 is susceptible to collision attacks and is generally deprecated. Source code archives are particularly vulnerable because the hash digest can be tweaked by hiding by arbitrary data in code comments and files not processed during build. With this in mind the 'prepare_port' tool now attempts to verify digests as SHA256 with a fallback to SHA1. When CHECK_HASH=no is set the tool will refuse to verify digests as SHA1. The use of SHA1 for creating unique port versions is retained because the hashes are produced locally from inputs stored in a git history. Issue #2767		2018-05-03 15:31:19 +02:00
..
mk	prepare_port: prefer SHA256 file verification	2018-05-03 15:31:19 +02:00
check_port_source	tool/ports: add tool to check source availability	2015-03-19 08:57:18 +01:00
current	Tools for convenient handling of port contrib dirs	2015-01-20 11:23:50 +01:00
list	Add 'update_hash' and 'list' to tool/ports	2014-05-27 13:45:03 +02:00
prepare_port	prepare_port: prepare multiple ports at once	2016-03-07 12:34:43 +01:00
shortcut	Tools for convenient handling of port contrib dirs	2015-01-20 11:23:50 +01:00
update_hash	Add 'update_hash' and 'list' to tool/ports	2014-05-27 13:45:03 +02:00