Date: Sat, 21 Jul 2007 10:52:52 +1000 From: Peter Jeremy <peterjeremy@optushome.com.au> To: araujo@FreeBSD.org, daichi@FreeBSD.org, glewis@FreeBSD.org, java@FreeBSD.org, kaeru@inigo-tech.com, kuriyama@FreeBSD.org, leeym@FreeBSD.org, matusita@FreeBSD.org, ports@FreeBSD.org, support@kryltech.com, x@Vex.Net, yasi@yasi.to Subject: Ports depending on FORBIDDEN ports Message-ID: <20070721005252.GJ1176@turion.vk2pj.dyndns.org>
next in thread | raw e-mail | index | archive | help
--uXxzq0nDebZQVNAZ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable The following three ports are currently FORBIDDEN due to security vulnerabilities but are listed as dependencies by a number of other ports: misc/compat3x: FreeBSD-SA-03:05.xdr, FreeBSD-SA-03:08.realpath - not fixed= / no lib available sysutils/eject: Setuid root and has security issues www/zope: contains cross-site scripting vulnerability http://VuXML.FreeBSD.= org/34414a1e-e377-11db-b8ab-000c76189c4c.html The misc/compat3x port is unlikely to ever be fixed and therefore it would seem reasonable to deprecate both it and the following ports that depend on it: audio/mbrola MBROLA voice synthesizer databases/java-sqlrelay Java classes to access to SQL Relay emulators/vmware-guestd3 VMware time synchronization daemon for FreeBSD gue= st OS (for VMware 3.x) emulators/vmware-tools3 VMware tools for guest OS (for VMware 3.x, FreeBSD= version) japanese/vje30 Modern intelligent Japanese input engine (purchase= version) java/collections JDK1.2 Collections' API for JDK1.1 environments java/gj-jdk11 Extension of the Java programming language that su= pports generic types java/infobus Enables dynamic exchange of data between JavaBeans= (TM) java/jdk11 Java Development Kit 1.1 java/jdk12 Java Development Kit 1.2 java/jfc Java Foundation Classes (JFC)/Swing java/jre Standard Java Platform for running Java programs java/tya A ``100% unofficial'' JIT-compiler for java lang/fesi Free EcmaScript Interpreter written in Java mail/pop3vscan A transparent POP3-Proxy with virus-scanning capab= ilities mail/yuzu A nicer mail user agent powered by JavaMail and JF= C/Swing print/acrobatviewer Viewer for the PDF files written in Java(TM) security/amavis-perl Mail Virus Scanner (uses external antivirus) security/amavisd The daemonized version of amavis-perl security/vscan Evaluation version of a DOS/Windows/Linux file vir= us scanner www/hotjava Sun's Hotjava web browser www/mapedit A WWW authoring tool to create clickable maps www/ssserver Adds the search capability to a Web site I'm particularly concerned about the existence of 'java/jre' and it's description as the 'Standard Java Platform for running Java programs'. This appears to occasionally trap people who are looking for a current JRE and attempt to install java/jre. sysutils/eject only has one port depending on it. eject-1.5 is nearly 7 years old and appears to be abandonware. It would therefore seem reasonable to deprecate both it and the following port that depends on it: sysutils/cdbkup Simple but full-featured backup/restore perl scripts (uses= gnu tar) www/zope has a significant number of ports depending on it. This is a very old version of zope (2.7.9) and some of these ports may be able to be adapted to a newer version of zope (2.9, 2.10 or 3.3 - all of which are in ports). www/zope and any of the following ports that can't be adapted to a later version of zope should probably be deprecated: japanese/zope-ejsplitter A Japanese word splitter for searchin= g text in Zope Products japanese/zope-jamailhost A Zope hotfix Product to send mail in= Japanese www/knowledgekit A mechanism for the automatic creatio= n/maintenance of Knowledge Bases www/squishdot A web-based news publishing and discu= ssion product for Zope www/znavigator A Zope product to simplify the constr= uction of navigation bars www/zope-FileSystemSite Enable file system based sites within= Zope www/zope-annotations A generic way to add information to a= rbitrary Zope objects www/zope-archetypes Framework for the development of new = Content Types in Zope/CMF/Plone www/zope-btreefolder2 Zope product that can store many items www/zope-calendaring Calendar product for Plone www/zope-cmf The Zope Content Management Framework= (CMF) www/zope-cmfactionicons CMFActionIcons product for Zope/CMF www/zope-cmfformcontroller CMFFormController product for Zope/CMF www/zope-cmfforum A forum for ZOPE CMF with file attach= ments www/zope-cmfphoto CMFPhoto product for Zope/CMF www/zope-cmfphotoalbum CMFPhotoAlbum product for Zope/CMF www/zope-cmfquickinstaller CMFQuickInstaller is a product for Zo= pe/CMF www/zope-coreblog A Zope Blog/Weblog/Web-nikki Product www/zope-epoz A cross-browser-wysiwyg-editor for Zo= pe/CMF www/zope-exuserfolder Extensible User Folder - Custom & dat= abase authenticatoin for Zope www/zope-formulator HTML form generatation and validation= system for Zope www/zope-generator Generator product for Zope www/zope-groupuserfolder GroupUserFolder product for Zope www/zope-guf A roll-your-own user folder product f= or Zope www/zope-i18nlayer I18NLayer product for Zope www/zope-kupu A 'document-centric' client-side edit= or for Mozilla/IE www/zope-mimetypesregistry MimetypesRegistry product for Zope/CMF www/zope-mindmapbbs A Zope product to create graphical BB= S based on Mind Map www/zope-mysqluserfolder A Zope user folder which uses MySQL d= atabase to store user information www/zope-parsedxml Access and manipulate XML documents w= ithin Zope www/zope-placelesstranslationservice PlacelessTranslationService product f= or Zope/CMF www/zope-plonelanguagetool PloneLanguageTool product for Zope www/zope-portaltransforms PortalTransforms product for Zope/CMF www/zope-proxyindex Plugin catalog index using TALES inst= ead attribute lookup/call www/zope-silva Web application (CMS) to manage/edit = structured documents www/zope-silvaviews A component used by Silva to attach v= iews to objects www/zope-ttwtype TTWType product for CMF/Plone www/zope-validation Validation product for Zope www/zope-xmlmethods Provides methods to apply to Zope obj= ects for XML/XSLT processing www/zope-xmlwidgets XMLWidgets - dynamic translations of = ParsedXML to HTML pages www/zope-zmysqlda MySQL Database Adapter for the Zope w= eb application framework www/zope-zsyncer Allows multiple Zopes to be synchroni= zed via xmlrpc www/zope-zwiki A WikiWikiWeb product for Zope (colab= orative web site system) All relevant maintainers are copied. --=20 Peter Jeremy --uXxzq0nDebZQVNAZ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGoVjk/opHv/APuIcRAqgnAKCfSdNbR5iNdVvzRwhGkC8HPdlhKACdEqt+ +nkrOR7k58QIWirpeWj5jGE= =BxRC -----END PGP SIGNATURE----- --uXxzq0nDebZQVNAZ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070721005252.GJ1176>