Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 25 Mar 2006 01:30:28 GMT
From:      Jeremy Chadwick <freebsd@jdc.parodius.com>
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   Re: ports/94919: [PATCH] suPHP (www/suphp) 0.6.1
Message-ID:  <200603250130.k2P1USHB032118@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/94919; it has been noted by GNATS.

From: Jeremy Chadwick <freebsd@jdc.parodius.com>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/94919: [PATCH] suPHP (www/suphp) 0.6.1
Date: Fri, 24 Mar 2006 17:28:58 -0800

 Sadly, I cannot approve this, for many of the same reasons listed
 in past PRs such as ports/82746.
 
 I get requests for this upgrade literally twice a week, sometimes
 more.  I actually keep a file laying around as a template response
 due to the high volume of mails...
 
 > The suphp port will not be upgraded to 0.6.x until the author fixes
 > numerous security holes and bugs in the software.  Some were fixed
 > with the 0.6.1 release, but there are still claims of security-related
 > issues with 0.6.1 (see the suphp mailing list for details).  One issue
 > which I have personally confirmed is the module doing double-free()'s
 > on pieces of previously allocated memory; this still exists in 0.6.1.
 > 
 > Until these issues are dealt with, the port will remain at 0.5.2; I'd
 > rather not unleash unstable software into the hands of BSD sysadmins
 > worldwide.
 > 
 > If 0.6.1 is an absolute necessity for you, I'd gladly review and
 > agree to the commital of a www/suphp-dev port, assuming someone else
 > maintains it.
 > 
 > I hope you understand.  Thanks!
 
 I'm all for someone maintaining a new port (ex. www/suphp-dev) which
 contains 0.6 or 0.6.1 -- until the suphp author manages to fix the
 bugs in recent releases.
 
 My apologies to the PR submitter (Eugene Kim), as he obviously put in
 quite a lot of work.  I would rather his efforts be put to use, just
 not in the current (stable) suphp port...
 
 -- 
 | Jeremy Chadwick                                 jdc at parodius.com |
 | Parodius Networking                        http://www.parodius.com/ |
 | UNIX Systems Administrator                   Mountain View, CA, USA |
 | Making life hard for others since 1977.                             |
 
 On Sat, Mar 25, 2006 at 01:04:03AM +0000, Edwin Groothuis wrote:
 > Maintainer of www/suphp,
 > 
 > Please note that PR ports/94919 has just been submitted.
 > 
 > If it contains a patch for an upgrade, an enhancement or a bug fix
 > you agree on, reply to this email stating that you approve the patch
 > and a committer will take care of it.
 > 
 > The full text of the PR can be found at:
 >     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/94919
 > 
 > -- 
 > Edwin Groothuis
 > edwin@FreeBSD.org



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200603250130.k2P1USHB032118>