Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 28 Jun 2004 23:57:10 GMT
From:      "Thomas L. Kjeldsen" <tlk@mayi.dk>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/68461: [patch] port www/sitecopy use vulnerable libneon (bundled)
Message-ID:  <200406282357.i5SNvAEK010616@www.freebsd.org>
Resent-Message-ID: <200406290000.i5T00ows003209@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         68461
>Category:       ports
>Synopsis:       [patch] port www/sitecopy use vulnerable libneon (bundled)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 29 00:00:49 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Thomas L. Kjeldsen
>Release:        4.9-RELEASE-p5
>Organization:
mayi.dk
>Environment:

>Description:
According to http://www.openpkg.org/security/OpenPKG-SA-2004.024-neon.html sitecopy upstream is delivered with vulnerable libneon.

Quoting from http://bugs.gentoo.org/show_bug.cgi?id=51585 "The author of that package has indicated he has no immediate plans to release a new version of his program that contains the fixes for the security vulnerability."
>How-To-Repeat:

>Fix:
Kurt V. Hindenburg provided a gentoo ebuild patch to make sitecopy use libneon as a shared library instead of the bundled which is vulnerable. Here is a unified diff to make the freebsd port do the same:


--- Makefile_org        Tue Jun 29 01:44:19 2004
+++ Makefile    Tue Jun 29 01:44:41 2004
@@ -14,10 +14,12 @@
 MAINTAINER=    olgeni@FreeBSD.org
 COMMENT=       Maintains remote websites, uses FTP or WebDAV to sync up with local copy
 
+LIB_DEPENDS=   neon:${PORTSDIR}/www/neon
+
 GNU_CONFIGURE= yes
 CONFIGURE_ENV= CC="${CC} -I${LOCALBASE}/include" \
                LIBS="-L${LOCALBASE}/lib -lintl"
-CONFIGURE_ARGS=        --with-included-neon --with-libxml2
+CONFIGURE_ARGS=        --with-neon --with-libxml2
 USE_REINPLACE= yes
 USE_GETTEXT=   yes
 USE_GNOME=     libxml2

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200406282357.i5SNvAEK010616>