Date: Wed, 30 Aug 2000 04:34:47 -0500 (CDT) From: Mike Meyer <mwm@mired.org> To: A Ling <al52x@nih.gov> Cc: questions@freebsd.org Subject: Re: Netscape Navigator 4.75 availability? Message-ID: <14764.54583.510221.218951@guru.mired.org> In-Reply-To: <200008292250.PAA29684@idiom.com> References: <200008292250.PAA29684@idiom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
A Ling writes: > On Tue, 29 Aug 2000 15:33:01 -0500 (CDT), Mike Meyer wrote: > >A Ling writes: > >> I'm anxious to upgrade following the recent > >> vulnerability > >> announcement: > >> http://marc.theaimsgroup.com/?l=freebsd-security&m=967491697 > >> 21010&w=2 > >> but cant find the "after the correction date" distfile on > >> either the various FreeBSD ftp sites, including > >> ftp.FreeBSD.org, or at: http://home.netscape.com/download/ > >The "after the correction date" distfile on freebsd is actually the > >appropriate netscape port file (for whichever one you're using). > Hate to belabor this, but I think I was confused. What > you seem to be saying is that the distfiles actually didn't > change, just the port skeleton, is that right? Or perhaps > that anyone downloading skeletons and/or distfiles after > the 8/19 correction date got the fixed bits? First - please cc: questions with such (I did this), as other people might be confused. Ok, there are three files here: the package, the port, and the distfile. The port uses the distfile to build the package. The port is small, and comes with BSD. The distfile (usualy) comes comes from an external vendor, even though it may be mirrored on the FreeBSD site. For netscape, the port name contains *part* of the version number (3, 4, 6 or 47 - and I have no idea why 47 is a separate port). The version number - which shows up on the package - reflects the full netscape version number, at least for the 47 ports. So that's either 4.74 or 4.75. The bug in question is in Netscape, which means it's in the package and the distfile, but not the port. However, if the port uses a distfile with the bug, it'll build a package with the bug. So you want the package that has a version number that matches a netscape product that has the bug fixed. > If so, that > would mean that I need not upgrade from Netscape 3.04 just > for this security notice, just pkg_delete it plus or minus > rm /usr/ports/distfiles/netscape-etc.tgz, then make && make > install the port. Or did I misunderstand something? If you want a version that has the bug fixed, you'll need to upgrade to a version of Netscape that has it fixed. If they haven't provided a fix for 3, that means 4.75. However, you can avoid the bugs in question by disabling Java and Javascript. Bugs in JavaScript are sufficiently common that CERT recommends disabling it anyway <URL: http://www.cert.org/advisories/CA-2000-02.html >). > Struggling to live on a 1 Gb disk (my data's big) on a > slow machine :(. Thanks again for your help. Um - have you considered a different browser? Minimally, use the -navigator version of Netscape if you aren't using the mail/news functionality. Of course, ditching X in favor of LUI tools would buy back a lot of that gig. <mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14764.54583.510221.218951>