From owner-freebsd-ports@FreeBSD.ORG  Fri May 14 15:43:28 2004
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 51A4E16A4CE
	for <ports@FreeBSD.org>; Fri, 14 May 2004 15:43:28 -0700 (PDT)
Received: from quark.rcs.purdue.edu (quark.rcs.purdue.edu [128.210.189.109])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EEF8643D3F
	for <ports@FreeBSD.org>; Fri, 14 May 2004 15:43:26 -0700 (PDT)
	(envelope-from linimon@FreeBSD.org)
Received: from quark.rcs.purdue.edu (localhost [127.0.0.1])
	by quark.rcs.purdue.edu (8.12.10/8.12.10) with ESMTP id i4EMhQhH062432
	for <ports@FreeBSD.org>; Fri, 14 May 2004 17:43:26 -0500 (EST)
	(envelope-from linimon@FreeBSD.org)
Date: Fri, 14 May 2004 17:43:26 -0500 (EST)
Message-Id: <200405142243.i4EMhQhH062432@quark.rcs.purdue.edu>
From: linimon@FreeBSD.org
To: ports@FreeBSD.org
Subject: 
	FreeBSD ports that you maintain which are currently marked forbidden
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 May 2004 22:43:28 -0000

Dear FreeBSD port maintainer:

As part of an ongoing effort to reduce the number of problems in the
FreeBSD ports system, we are attempting to notify maintainers of
ports that are marked as "forbidden" in their Makefiles.  Often,
these ports are so marked due to security concerns, such as known
exploits.

An overview of the port, including errors seen on the build farm, is
included below.

portname:           chinese/chinput3
overview:           http://portsmon.firepipe.net/portoverview.py?category=chinese&portname=chinput3
forbidden because:  Does not respect PTHREAD_{CFLAGS,LIBS}
build errors:
http://bento.FreeBSD.org/errorlogs/alpha-4-full/zh-chinput-3.0.2.5_1.log (Apr 27 07:43:12 GMT 2004)

portname:           databases/cyrus-imspd
overview:           http://portsmon.firepipe.net/portoverview.py?category=databases&portname=cyrus-imspd
forbidden because:  potentially exploitable heap overflow, see
                    <http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=25>
build errors:       none.

portname:           mail/cyrus
overview:           http://portsmon.firepipe.net/portoverview.py?category=mail&portname=cyrus
forbidden because:  remote exploitable buffer overflow: US-CERT VU#740169,
                    SecurityFocus BID 6298
build errors:       none.

portname:           mail/emil
overview:           http://portsmon.firepipe.net/portoverview.py?category=mail&portname=emil
forbidden because: 
                    http://vuxml.freebsd.org/ce46b93a-80f2-11d8-9645-0020ed76ef5a.html
build errors:       none.

portname:           misc/compat22
overview:           http://portsmon.firepipe.net/portoverview.py?category=misc&portname=compat22
forbidden because:  FreeBSD-SA-03:05.xdr, FreeBSD-SA-03:08.realpath  - not
                    fixed
build errors:       none.

portname:           misc/compat3x
overview:           http://portsmon.firepipe.net/portoverview.py?category=misc&portname=compat3x
forbidden because:  FreeBSD-SA-03:05.xdr, FreeBSD-SA-03:08.realpath  - not
                    fixed / no lib available
build errors:       none.

portname:           security/ssh
overview:           http://portsmon.firepipe.net/portoverview.py?category=security&portname=ssh
forbidden because:  OpenSSH is a superior version of SSH which has been
                    included in the FreeBSD base system since 4.0-RELEASE.
                    This port is now deprecated. To override this warning
                    set the REALLY_WANT_SSH environment variable and
                    rebuild.
build errors:       none.

portname:           textproc/xerces-c
overview:           http://portsmon.firepipe.net/portoverview.py?category=textproc&portname=xerces-c
forbidden because:  Does not respect PTHREAD_{CFLAGS,LIBS}
build errors:       none.

portname:           www/apache13-fp
overview:           http://portsmon.firepipe.net/portoverview.py?category=www&portname=apache13-fp
forbidden because:  multiple vulnerabilities:
                    http://www.apacheweek.com/features/security-13
build errors:       none.

portname:           www/phpnuke
overview:           http://portsmon.firepipe.net/portoverview.py?category=www&portname=phpnuke
forbidden because:  SQL injection vulnerability in Php-Nuke <= 7.1.0
build errors:       none.

If this problem is one that you are already aware of, please accept
our apologies and ignore this message.  On the other hand, if you no
longer wish to maintain this port (or ports), please reply with a
message stating that, and accept our thanks for your efforts in the
past.

Thanks for your efforts to help improve FreeBSD.