Date: Tue, 8 May 2007 09:29:29 -0400 From: Wesley Shields <wxs@atarininja.org> To: Stevan Tiefert <stevan_tiefert@yahoo.de> Cc: ports@freebsd.org Subject: Re: How to prevent make compiling a binary? Message-ID: <20070508132928.GD9465@atarininja.org> In-Reply-To: <1178628714.892.30.camel@vagabund.w33> References: <1178550334.6653.9.camel@vagabund.w33> <20070507201247.e3f834cc.stas@FreeBSD.org> <1178565933.5854.1.camel@vagabund.w33> <46401290.7080000@gmx.de> <1178619731.892.4.camel@vagabund.w33> <20070508114319.GG838@turion.vk2pj.dyndns.org> <1178625043.892.16.camel@vagabund.w33> <448xbzv6gt.fsf@Lowell-Desk.lan> <1178628714.892.30.camel@vagabund.w33>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 08, 2007 at 02:51:46PM +0200, Stevan Tiefert wrote: > Am Dienstag, den 08.05.2007, 08:35 -0400 schrieb Lowell Gilbert: > > Stevan Tiefert <stevan_tiefert@yahoo.de> writes: > > > > > Am Dienstag, den 08.05.2007, 21:43 +1000 schrieb Peter Jeremy: > > >> On 2007-May-08 12:22:03 +0200, Stevan Tiefert <stevan_tiefert@yahoo.de> wrote: > > >> > The port wouldn't be necessary when the > > >> >compat3x-port didn't stopped. > > >> > > >> The last FreeBSD 3.x release was 3.5.1 in July 2000. 3.x support has > > >> long since ceased and it is no longer possible to correct security > > >> holes in the compat3x port. Since a variety of security holes are > > >> known to exist, the port has been FORBIDDEN. > > >> > > >> Your options appear to be: > > >> 1) Contact mbrola@tcts.fpms.ac.be and get them to update the FreeBSD > > >> binaries to support 6.x > > >> 2) Override the 'FORBIDDEN' tag and install compat3x anyway. > > >> 3) Run the Linux version. > > >> > > > > > > 4) I build a port with this only needed lib in it. Already done: > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=112499 > > > > But that still installs the standard C library with the vulnerability > > in it. In what way is that better (or even significantly different) > > than option 2? > > _______________________________________________ > > freebsd-ports@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > > To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org" > > I want to provide a new port for german text-to-speech-system. And as a > dependency I need the NATIVE running audio/mbrola. > > It is NOT desireable that if somebody want to install my port he got the > error message: compat3x-20020925.tar.gz is forbidden to install! Should > I tell EVERY guy on my help-mailinglist (and I promise you it will be > almost 90% of the e-mails) you have to hack the Makefile-entry manually > to install my port? > > It is easier to install my convinient "misc/mbrola_compat-1.0" without > the forbidden tag. And I don't want to be blamed that I write a patch > which is changing foreign Makefiles of other maintainer! Unless I'm missing something you're looking at providing the compat3x libraries (or a sub-set thereof) in your port? You do what you feel is necessary to get it to work, however; Is it your intention to submit this port for inclusion in the tree? I am concerned that if you submit this new port for inclusion in the tree that you will be introducing the exact vulnerabilities which are documented in the compat3x port. -- WXS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070508132928.GD9465>