Date: Wed, 15 Feb 2012 00:31:27 +0100 From: Martin Matuska <mm@FreeBSD.org> To: ohauer@FreeBSD.org Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/www/horde-base Makefile distinfo pkg-plist Message-ID: <4F3AEECF.8070805@FreeBSD.org> In-Reply-To: <4F3AB761.2090500@FreeBSD.org> References: <201202141135.q1EBZptq054425@repoman.freebsd.org> <4F3AB761.2090500@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 14.2.2012 20:34, Olli Hauer wrote: > On 2012-02-14 12:35, Martin Matuska wrote: >> mm 2012-02-14 11:35:51 UTC >> >> FreeBSD ports repository >> >> Modified files: >> www/horde-base Makefile distinfo pkg-plist >> Log: >> Update to 3.3.13 >> >> Revision Changes Path >> 1.91 +1 -2 ports/www/horde-base/Makefile >> 1.40 +2 -2 ports/www/horde-base/distinfo >> 1.36 +20 -0 ports/www/horde-base/pkg-plist >> >> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/www/horde-base/Makefile.diff?&r1=1.90&r2=1.91&f=h >> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/www/horde-base/distinfo.diff?&r1=1.39&r2=1.40&f=h >> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/www/horde-base/pkg-plist.diff?&r1=1.35&r2=1.36&f=h >> > Hi Martin, > > shouldn't we push a vuxml for the update? > > Seems version 3.3.12 contains a backdor. > http://dev.horde.org/h/jonah/stories/view.php?channel_id=1&id=155 > > -- > Regards, > olli Hi Olli, as of the Horde report the problem affects "Horde 3.3.12 downloaded between November 15 and February 7". Our port and the SHA256 checksums have been updated shortly after release to 3.3.12 on July, 28, 2011. The altered file on the Horde server must have had an invalid checksum and should have been failing to install. Therefore I see no point in adding this to vuxml, as our users were not affected by this issue. -- Martin Matuska FreeBSD committer http://blog.vx.sk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F3AEECF.8070805>