From owner-freebsd-ports@FreeBSD.ORG Wed Sep 20 07:20:45 2006 Return-Path: X-Original-To: freebsd-ports@freebsd.org Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B17416A47C for ; Wed, 20 Sep 2006 07:20:45 +0000 (UTC) (envelope-from sailorfred@yahoo.com) Received: from web31808.mail.mud.yahoo.com (web31808.mail.mud.yahoo.com [68.142.207.71]) by mx1.FreeBSD.org (Postfix) with SMTP id 87B9943D5C for ; Wed, 20 Sep 2006 07:20:44 +0000 (GMT) (envelope-from sailorfred@yahoo.com) Received: (qmail 47131 invoked by uid 60001); 20 Sep 2006 07:20:43 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=F2G8CAGLaqkw5GzBDHukdq/5TmqyqGH0R/Ao4Yx8SdrNxJ9VoaQCms23fs8IL6S0qeKHcOQTUg/b+rVuoyybp/WlUhNtlZcZ3WVihw4f38JVIozeaKkcd2+AFhAjzaO+0xlgRaqeHgn5klh+xyV67rej8fbd1Nt/OeUIAL+NJfM= ; Message-ID: <20060920072043.47129.qmail@web31808.mail.mud.yahoo.com> Received: from [63.198.177.76] by web31808.mail.mud.yahoo.com via HTTP; Wed, 20 Sep 2006 00:20:43 PDT Date: Wed, 20 Sep 2006 00:20:43 -0700 (PDT) From: Fred Cox To: Alex Dupre , Kris Kennaway In-Reply-To: <4510DC28.9070808@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-ports@freebsd.org, Fred Cox Subject: Re: www/dotproject out of date and vulnerable X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Sep 2006 07:20:45 -0000 So how about this: Update the version to 2.0.4 to avoid the vulnerability. Modify Makefile to require PHP4: DEFAULT_PHP_VER=4 WANT_PHP_WEB= yes IGNORE_WITH_PHP=5 Add to the files/pkg-message.in to inform the user that they must have a remote or jailed mysql 3.23 or make the published patches. Fred --- Alex Dupre wrote: > Kris Kennaway ha scritto: > > Damn, how many messages should I read?! :-) > > > If there is no problem with using the mysql 5.x > client, then just use > > mysql 5.x and be done with it. You need to figure > out whether or not > > that is true. If it is false, then there's > clearly a problem for you > > I bet the client will have no problems with mysql > 5.0, so this seems a > good solution to me. > > > This whole discussion came about because you were > trying to look for a > > way to force everything (including php4-mysql) to > link to mysql 3.x, > > which is currently impossible to achieve > satisfactorily without > > further work on your part. > > And adding a php4-mysql3 port is not trivial and I'm > against it since > MySQL 3.23 is unsupported. If dotproject *must* > depends on mysql 3.23 it > has to be marked NO_PACKAGE, otherwise the above > (temporary, until the > sql scripts will be updated) solution is ok. > > -- > Alex Dupre > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com