From owner-freebsd-stable@FreeBSD.ORG Sat Apr 24 06:31:18 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A50BA16A4CE for ; Sat, 24 Apr 2004 06:31:18 -0700 (PDT) Received: from mtaw6.prodigy.net (mtaw6.prodigy.net [64.164.98.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9243343D53 for ; Sat, 24 Apr 2004 06:31:18 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (edf97de487bb840ec0e8f2a25fd51453@adsl-67-115-73-128.dsl.lsan03.pacbell.net [67.115.73.128]) by mtaw6.prodigy.net (8.12.10/8.12.10) with ESMTP id i3ODU4pT017905; Sat, 24 Apr 2004 06:30:04 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 3CFF552ABF; Sat, 24 Apr 2004 06:31:17 -0700 (PDT) Date: Sat, 24 Apr 2004 06:31:17 -0700 From: Kris Kennaway To: Andy Wolf Message-ID: <20040424133116.GA29653@xor.obsecurity.org> References: <408A6BB6.4000609@schwaben.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="VbJkn9YxBvnuCH5J" Content-Disposition: inline In-Reply-To: <408A6BB6.4000609@schwaben.de> User-Agent: Mutt/1.4.2.1i cc: freebsd-stable@freebsd.org Subject: Re: Sophos and compat3x dependency X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Apr 2004 13:31:18 -0000 --VbJkn9YxBvnuCH5J Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Apr 24, 2004 at 03:29:26PM +0200, Andy Wolf wrote: > Hello, >=20 > currently I am trying to install Sophos Anti Virus and found out that=20 > these binaries require FreeBSD 3.x compatibility. Now the misc/compat3x= =20 > port ist marked FORBIDDEN because of two security vulnerabilities=20 > (FreeBSD-SA-03:08.realpath and FreeBSD-SA-03:05.xdr). >=20 > Any idea how to proceed ? Contacting Sophos ? That would be a good idea. Try explaining the problem to them and asking them to produce a 4.x binary. > Waiting for a fixed compat3x ? I wouldn't hold my breath on that. It's been over 4 months and no-one in the community has expressed interest in fixing the security vulnerabilities in question in the 3.x branch. Kris --VbJkn9YxBvnuCH5J Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAimwkWry0BWjoQKURAqijAKDZIX1GU2IdpQBkCDavKFU54IxB9gCg7HdP vGYyoBZUaCTkAmBlOuU3fYQ= =Fha/ -----END PGP SIGNATURE----- --VbJkn9YxBvnuCH5J--