From owner-freebsd-ports@FreeBSD.ORG Sat Jul 21 00:53:00 2007 Return-Path: Delivered-To: ports@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8A2DA16A419 for ; Sat, 21 Jul 2007 00:53:00 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (c220-239-20-82.belrs4.nsw.optusnet.com.au [220.239.20.82]) by mx1.freebsd.org (Postfix) with ESMTP id EBD1913C459 for ; Sat, 21 Jul 2007 00:52:59 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by turion.vk2pj.dyndns.org (8.14.1/8.14.1) with ESMTP id l6L0qr1G042726; Sat, 21 Jul 2007 10:52:53 +1000 (EST) (envelope-from peter@turion.vk2pj.dyndns.org) Received: (from peter@localhost) by turion.vk2pj.dyndns.org (8.14.1/8.14.1/Submit) id l6L0qqiT042725; Sat, 21 Jul 2007 10:52:52 +1000 (EST) (envelope-from peter) Date: Sat, 21 Jul 2007 10:52:52 +1000 From: Peter Jeremy To: araujo@FreeBSD.org, daichi@FreeBSD.org, glewis@FreeBSD.org, java@FreeBSD.org, kaeru@inigo-tech.com, kuriyama@FreeBSD.org, leeym@FreeBSD.org, matusita@FreeBSD.org, ports@FreeBSD.org, support@kryltech.com, x@Vex.Net, yasi@yasi.to Message-ID: <20070721005252.GJ1176@turion.vk2pj.dyndns.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="uXxzq0nDebZQVNAZ" Content-Disposition: inline X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.16 (2007-06-09) X-Mailman-Approved-At: Sat, 21 Jul 2007 01:06:25 +0000 Cc: Subject: Ports depending on FORBIDDEN ports X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jul 2007 00:53:00 -0000 --uXxzq0nDebZQVNAZ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable The following three ports are currently FORBIDDEN due to security vulnerabilities but are listed as dependencies by a number of other ports: misc/compat3x: FreeBSD-SA-03:05.xdr, FreeBSD-SA-03:08.realpath - not fixed= / no lib available sysutils/eject: Setuid root and has security issues www/zope: contains cross-site scripting vulnerability http://VuXML.FreeBSD.= org/34414a1e-e377-11db-b8ab-000c76189c4c.html The misc/compat3x port is unlikely to ever be fixed and therefore it would seem reasonable to deprecate both it and the following ports that depend on it: audio/mbrola MBROLA voice synthesizer databases/java-sqlrelay Java classes to access to SQL Relay emulators/vmware-guestd3 VMware time synchronization daemon for FreeBSD gue= st OS (for VMware 3.x) emulators/vmware-tools3 VMware tools for guest OS (for VMware 3.x, FreeBSD= version) japanese/vje30 Modern intelligent Japanese input engine (purchase= version) java/collections JDK1.2 Collections' API for JDK1.1 environments java/gj-jdk11 Extension of the Java programming language that su= pports generic types java/infobus Enables dynamic exchange of data between JavaBeans= (TM) java/jdk11 Java Development Kit 1.1 java/jdk12 Java Development Kit 1.2 java/jfc Java Foundation Classes (JFC)/Swing java/jre Standard Java Platform for running Java programs java/tya A ``100% unofficial'' JIT-compiler for java lang/fesi Free EcmaScript Interpreter written in Java mail/pop3vscan A transparent POP3-Proxy with virus-scanning capab= ilities mail/yuzu A nicer mail user agent powered by JavaMail and JF= C/Swing print/acrobatviewer Viewer for the PDF files written in Java(TM) security/amavis-perl Mail Virus Scanner (uses external antivirus) security/amavisd The daemonized version of amavis-perl security/vscan Evaluation version of a DOS/Windows/Linux file vir= us scanner www/hotjava Sun's Hotjava web browser www/mapedit A WWW authoring tool to create clickable maps www/ssserver Adds the search capability to a Web site I'm particularly concerned about the existence of 'java/jre' and it's description as the 'Standard Java Platform for running Java programs'. This appears to occasionally trap people who are looking for a current JRE and attempt to install java/jre. sysutils/eject only has one port depending on it. eject-1.5 is nearly 7 years old and appears to be abandonware. It would therefore seem reasonable to deprecate both it and the following port that depends on it: sysutils/cdbkup Simple but full-featured backup/restore perl scripts (uses= gnu tar) www/zope has a significant number of ports depending on it. This is a very old version of zope (2.7.9) and some of these ports may be able to be adapted to a newer version of zope (2.9, 2.10 or 3.3 - all of which are in ports). www/zope and any of the following ports that can't be adapted to a later version of zope should probably be deprecated: japanese/zope-ejsplitter A Japanese word splitter for searchin= g text in Zope Products japanese/zope-jamailhost A Zope hotfix Product to send mail in= Japanese www/knowledgekit A mechanism for the automatic creatio= n/maintenance of Knowledge Bases www/squishdot A web-based news publishing and discu= ssion product for Zope www/znavigator A Zope product to simplify the constr= uction of navigation bars www/zope-FileSystemSite Enable file system based sites within= Zope www/zope-annotations A generic way to add information to a= rbitrary Zope objects www/zope-archetypes Framework for the development of new = Content Types in Zope/CMF/Plone www/zope-btreefolder2 Zope product that can store many items www/zope-calendaring Calendar product for Plone www/zope-cmf The Zope Content Management Framework= (CMF) www/zope-cmfactionicons CMFActionIcons product for Zope/CMF www/zope-cmfformcontroller CMFFormController product for Zope/CMF www/zope-cmfforum A forum for ZOPE CMF with file attach= ments www/zope-cmfphoto CMFPhoto product for Zope/CMF www/zope-cmfphotoalbum CMFPhotoAlbum product for Zope/CMF www/zope-cmfquickinstaller CMFQuickInstaller is a product for Zo= pe/CMF www/zope-coreblog A Zope Blog/Weblog/Web-nikki Product www/zope-epoz A cross-browser-wysiwyg-editor for Zo= pe/CMF www/zope-exuserfolder Extensible User Folder - Custom & dat= abase authenticatoin for Zope www/zope-formulator HTML form generatation and validation= system for Zope www/zope-generator Generator product for Zope www/zope-groupuserfolder GroupUserFolder product for Zope www/zope-guf A roll-your-own user folder product f= or Zope www/zope-i18nlayer I18NLayer product for Zope www/zope-kupu A 'document-centric' client-side edit= or for Mozilla/IE www/zope-mimetypesregistry MimetypesRegistry product for Zope/CMF www/zope-mindmapbbs A Zope product to create graphical BB= S based on Mind Map www/zope-mysqluserfolder A Zope user folder which uses MySQL d= atabase to store user information www/zope-parsedxml Access and manipulate XML documents w= ithin Zope www/zope-placelesstranslationservice PlacelessTranslationService product f= or Zope/CMF www/zope-plonelanguagetool PloneLanguageTool product for Zope www/zope-portaltransforms PortalTransforms product for Zope/CMF www/zope-proxyindex Plugin catalog index using TALES inst= ead attribute lookup/call www/zope-silva Web application (CMS) to manage/edit = structured documents www/zope-silvaviews A component used by Silva to attach v= iews to objects www/zope-ttwtype TTWType product for CMF/Plone www/zope-validation Validation product for Zope www/zope-xmlmethods Provides methods to apply to Zope obj= ects for XML/XSLT processing www/zope-xmlwidgets XMLWidgets - dynamic translations of = ParsedXML to HTML pages www/zope-zmysqlda MySQL Database Adapter for the Zope w= eb application framework www/zope-zsyncer Allows multiple Zopes to be synchroni= zed via xmlrpc www/zope-zwiki A WikiWikiWeb product for Zope (colab= orative web site system) All relevant maintainers are copied. --=20 Peter Jeremy --uXxzq0nDebZQVNAZ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGoVjk/opHv/APuIcRAqgnAKCfSdNbR5iNdVvzRwhGkC8HPdlhKACdEqt+ +nkrOR7k58QIWirpeWj5jGE= =BxRC -----END PGP SIGNATURE----- --uXxzq0nDebZQVNAZ--