From owner-freebsd-ports@FreeBSD.ORG Thu Apr 19 02:21:31 2007 Return-Path: X-Original-To: ports@freebsd.org Delivered-To: freebsd-ports@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0D46316A481 for ; Thu, 19 Apr 2007 02:21:31 +0000 (UTC) (envelope-from foxfair@drago.fomokka.net) Received: from rsmtp2.corp.hki.yahoo.com (rsmtp2.corp.hki.yahoo.com [203.99.254.144]) by mx1.freebsd.org (Postfix) with ESMTP id 985DA13C484 for ; Thu, 19 Apr 2007 02:21:30 +0000 (UTC) (envelope-from foxfair@drago.fomokka.net) Received: from [10.101.135.232] (vpn-client133.taipei.corp.yahoo.com [172.24.58.133]) (authenticated bits=0) by rsmtp2.corp.hki.yahoo.com (8.13.8/8.13.6/y.rout) with ESMTP id l3J2Agx3042523 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 18 Apr 2007 19:10:43 -0700 (PDT) Message-ID: <4626CFA1.1070209@drago.fomokka.net> Date: Thu, 19 Apr 2007 10:10:41 +0800 From: Foxfair Hu User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.0.10) Gecko/20070221 Thunderbird/1.5.0.10 Mnenhy/0.7.5.666 MIME-Version: 1.0 To: Lowell Gilbert References: <200704181057.34795.david@vizion2000.net> <44wt09ilei.fsf@be-well.ilk.org> In-Reply-To: <44wt09ilei.fsf@be-well.ilk.org> Content-Type: multipart/mixed; boundary="------------020601090607050000050006" Cc: ports@freebsd.org, jharris@widomaker.com, foxfair@freebsd.org, David Southwell Subject: Re: Lynx -vulnerabilities- is this permanent? X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Apr 2007 02:21:31 -0000 This is a multi-part message in MIME format. --------------020601090607050000050006 Content-Type: text/plain; charset=Big5 Content-Transfer-Encoding: 7bit Lowell Gilbert wrote: > David Southwell writes: > >> portupgrade -a produces following output for lynx on cvsup from today. >> freebsd 6.1 >> ----------------------------------------- >> ---> Upgrading 'lynx-2.8.5_2' to 'lynx-2.8.6_4' (www/lynx) >> ---> Building '/usr/ports/www/lynx' >> ===> Cleaning for lynx-2.8.6_4 >> ===> lynx-2.8.6_4 has known vulnerabilities: >> => lynx -- remote buffer overflow. >> Reference: >> >> => Please update your ports tree and try again. >> *** Error code 1 >> >> Stop in /usr/ports/www/lynx. >> >> Any news or advice forthcoming? > > That doesn't *seem* to be applicable to the current version. > It looks like a version-number parsing problem producing a false warning. > I don't have access to my build machine to check more closely, though... > > . > Definitely a false alert, lynx 2.8.5rel4 had fixed the problem, and it was rev1.112 of Makefile in www/lynx. If no one objects, I'll put this diff to prevent portaudit send wrong warning again: --------------020601090607050000050006 Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0"; name="patch.lynx" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="patch.lynx" LS0tIC91c3IvcG9ydHMvd3d3L2x5bngvTWFrZWZpbGUJTW9uIEFwciAxNiAwMDowNDo0NyAy MDA3CisrKyAuL01ha2VmaWxlCVRodSBBcHIgMTkgMTA6MDY6NTkgMjAwNwpAQCAtNywxMSAr NywxMSBAQAogCiBQT1JUTkFNRT0JbHlueAogUE9SVFZFUlNJT049CTIuOC42Ci1QT1JUUkVW SVNJT049CTQKK1BPUlRSRVZJU0lPTj0JNQogQ0FURUdPUklFUz0Jd3d3IGlwdjYKIE1BU1RF Ul9TSVRFUz0JaHR0cDovL2x5bnguaXNjLm9yZy9jdXJyZW50LyBcCiAJCWZ0cDovL2x5bngu aXNjLm9yZy9seW54JHtQT1JUVkVSU0lPTn0vcGF0Y2hlcy86cGF0Y2hlcwotRElTVE5BTUU9 CSR7UE9SVE5BTUV9JHtQT1JUVkVSU0lPTn1yZWwuJHtQT1JUUkVWSVNJT059CitESVNUTkFN RT0JJHtQT1JUTkFNRX0ke1BPUlRWRVJTSU9OfXJlbC40CiAKIE1BSU5UQUlORVI/PQlqaGFy cmlzQHdpZG9tYWtlci5jb20KIENPTU1FTlQ/PQlBIG5vbi1ncmFwaGljYWwsIHRleHQtYmFz ZWQgV29ybGQtV2lkZSBXZWIgY2xpZW50CkBAIC0yOCw2ICsyOCw5IEBACiAuaWYgZGVmaW5l ZChFTkFCTEVfREVGQVVMVF9DT0xPUlMpCiBDT05GSUdVUkVfQVJHUys9LS1lbmFibGUtZGVm YXVsdC1jb2xvcnMKIC5lbmRpZgorCisjIENWRS0yMDA1LTMxMjAgd2FzIGZpeGVkIGluIGx5 bnggMi44LjVyZWw0CitESVNBQkxFX1ZVTE5FUkFCSUxJVElFUz0JWUVTCiAKIE1BS0VfQVJH Uz0JaGVscGRpcj0ke0xfSEVMUH0gZG9jZGlyPSR7RE9DU0RJUn0KIE1BS0VGSUxFPQltYWtl ZmlsZQo= --------------020601090607050000050006--