Date: Tue, 6 Jul 2004 01:00:44 -0700 From: Kent Stewart <kstewart@owt.com> To: freebsd-stable@freebsd.org Subject: Re: apache port broken for 4.10 RELEASE? Message-ID: <200407060100.44096.kstewart@owt.com> In-Reply-To: <200407060035.05334.kstewart@owt.com> References: <200407060633.i666XuiP077911@app.auscert.org.au> <200407060035.05334.kstewart@owt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 06 July 2004 12:35 am, Kent Stewart wrote: > On Monday 05 July 2004 11:33 pm, freebsd-stable@auscert.org.au wrote: > > Thanks Kent (and Phil and Udo). > > > > I have a couple of questions though. > > > > If 2.0.49 apache is broken in 4.10 release (install +ports), why do > > the MD5 sums exist in distinfo for this particular version at all > > (rather than just a simple "not supported for this release" error) > > Well, you are some what expected to follow the port tree. Ports in > the releases get old quickly. A port that is used as much as Apache > is will never stay broken for long. You need to look at http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/apache2/Makefile There have been security problems fixed in Apache that will never be added to a stock release. If you follow the port system using cvsup of ports-all, there are tools to tell you that ports on your system are out of date and need to be updated to include those security fixes. It is a two edged sword because not all updates are security related and the tools will want to update the ports that have new releases.Some of them involved changing the interface in libraries and continuing to use new libraries with old codes can produce the typical off by 1 problems that make your system vulnerable. Kent -- Kent Stewart Richland, WA http://users.owt.com/kstewart/index.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407060100.44096.kstewart>