From owner-freebsd-questions@FreeBSD.ORG Mon Apr 26 19:23:56 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E2E1716A4CE for ; Mon, 26 Apr 2004 19:23:56 -0700 (PDT) Received: from mta7.pltn13.pbi.net (mta7.pltn13.pbi.net [64.164.98.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id C3E4943D2D for ; Mon, 26 Apr 2004 19:23:56 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (0a2f63db3a962e2682bb5cdc2affb1f0@adsl-67-115-73-128.dsl.lsan03.pacbell.net [67.115.73.128])i3R2NoQZ009363; Mon, 26 Apr 2004 19:23:50 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id C7ED751FCA; Mon, 26 Apr 2004 19:23:49 -0700 (PDT) Date: Mon, 26 Apr 2004 19:23:49 -0700 From: Kris Kennaway To: Noah Message-ID: <20040427022349.GA29349@xor.obsecurity.org> References: <20040427013641.M59961@enabled.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="6c2NcOVqGQ03X4Wi" Content-Disposition: inline In-Reply-To: <20040427013641.M59961@enabled.com> User-Agent: Mutt/1.4.2.1i cc: freebsd-questions@freebsd.org Subject: Re: frontpage build failing - compat3x-i386-4.4.20020925 is forbidden X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Apr 2004 02:23:57 -0000 --6c2NcOVqGQ03X4Wi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Apr 26, 2004 at 05:36:41PM -0800, Noah wrote: > FreeBSD-4.9-STABLE >=20 >=20 >=20 > I am trying to build frontpage from an updated /usr/ports/www/frontpage >=20 > there appears to be a security issue here. any clues on how to get aroun= d this? You have four options: 1) Don't use the port 2) If you wish to use the port and potentially expose yourself to the vulnerabilities discussed in those advisories, comment ouf the FORBIDDEN line in the compat3x port 3) Convince the vendor to make a new version of frontpage that doesn't depend on the FreeBSD 3.x libraries 4) Fix the security vulnerabilities in the unmaintained FreeBSD 3.x code and submit your changes. Kris --6c2NcOVqGQ03X4Wi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAjcQ1Wry0BWjoQKURAq81AKDE/YmGuMb1rNDMsh2YSdJ43bSzvgCeJsMg IJeAl9/xXFAWnlm8E+OEDQA= =xk6x -----END PGP SIGNATURE----- --6c2NcOVqGQ03X4Wi--