Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 06 Jul 2004 22:04:43 +1000
From:      freebsd-stable@auscert.org.au
To:        freebsd-stable@freebsd.org
Subject:   Re: apache port broken for 4.10 RELEASE? 
Message-ID:  <200407061204.i66C4hiP020657@app.auscert.org.au>
In-Reply-To: Your message of "Tue, 06 Jul 2004 01:00:44 MST." <200407060100.44096.kstewart@owt.com> 

next in thread | previous in thread | raw e-mail | index | archive | help
Kent, thanks.

> You need to look at
> http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/apache2/Makefile

<check>

> There have been security problems fixed in Apache that will never be 
> added to a stock release. If you follow the port system using cvsup of 
> ports-all, there are tools to tell you that ports on your system are 
> out of date and need to be updated to include those security fixes.
> 
> It is a two edged sword because not all updates are security related and 
> the tools will want to update the ports that have new releases.Some of 
> them involved changing the interface in libraries and continuing to use 
> new libraries with old codes can produce the typical off by 1 problems 
> that make your system vulnerable.

Sounds like I need to learn a little more about the ports system :) I'm
not in the position to cvsup my ports, so will continue to just build from
source for now. That's always worked well for me on FreeBSD in any case.

cheers,
-- Joel Hatton --
Security Analyst and FIRST Representative  | Hotline: +61 7 3365 4417
AusCERT - Australia's national CERT        | Fax:     +61 7 3365 7031
The University of Queensland               | WWW:     www.auscert.org.au
Qld 4072 Australia                         | Email:   auscert@auscert.org.au



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407061204.i66C4hiP020657>