From owner-freebsd-stable@FreeBSD.ORG Tue Jul 6 12:04:46 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 17BC916A4CF for ; Tue, 6 Jul 2004 12:04:46 +0000 (GMT) Received: from titania.auscert.org.au (gw.auscert.org.au [203.5.112.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id D74AE43D69 for ; Tue, 6 Jul 2004 12:04:44 +0000 (GMT) (envelope-from freebsd-stable@auscert.org.au) Received: from app.auscert.org.au (app [10.0.1.192])i66C4e2V008824 for ; Tue, 6 Jul 2004 22:04:40 +1000 (EST) Received: from app.auscert.org.au (localhost [127.0.0.1]) by app.auscert.org.au (8.12.10/8.12.10) with ESMTP id i66C4hiP020657 for ; Tue, 6 Jul 2004 22:04:43 +1000 (EST) Message-Id: <200407061204.i66C4hiP020657@app.auscert.org.au> From: freebsd-stable@auscert.org.au To: freebsd-stable@freebsd.org In-Reply-To: Your message of "Tue, 06 Jul 2004 01:00:44 MST." <200407060100.44096.kstewart@owt.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <20655.1089115483.1@app.auscert.org.au> Date: Tue, 06 Jul 2004 22:04:43 +1000 Subject: Re: apache port broken for 4.10 RELEASE? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jul 2004 12:04:46 -0000 Kent, thanks. > You need to look at > http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/apache2/Makefile > There have been security problems fixed in Apache that will never be > added to a stock release. If you follow the port system using cvsup of > ports-all, there are tools to tell you that ports on your system are > out of date and need to be updated to include those security fixes. > > It is a two edged sword because not all updates are security related and > the tools will want to update the ports that have new releases.Some of > them involved changing the interface in libraries and continuing to use > new libraries with old codes can produce the typical off by 1 problems > that make your system vulnerable. Sounds like I need to learn a little more about the ports system :) I'm not in the position to cvsup my ports, so will continue to just build from source for now. That's always worked well for me on FreeBSD in any case. cheers, -- Joel Hatton -- Security Analyst and FIRST Representative | Hotline: +61 7 3365 4417 AusCERT - Australia's national CERT | Fax: +61 7 3365 7031 The University of Queensland | WWW: www.auscert.org.au Qld 4072 Australia | Email: auscert@auscert.org.au