Date: Sun, 28 Jan 2018 18:45:48 +0000 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-ports@freebsd.org Subject: Re: daily security run output and joomla3 Message-ID: <4c740809-4237-fe43-4e38-7bba5f718291@FreeBSD.org> In-Reply-To: <20180128180456.wle3ydeqhshspq6y@ler-imac.local> References: <BN6PR2001MB1730E3A2E333A619617FA8E880E60@BN6PR2001MB1730.namprd20.prod.outlook.com> <6eb84508-9379-7030-1989-b0c1796c9dd8@quip.cz> <BN6PR2001MB17305EA8F53CFD1FC963957580E60@BN6PR2001MB1730.namprd20.prod.outlook.com> <20180129.025651.1943739201262226813.yasu@utahime.org> <20180128180456.wle3ydeqhshspq6y@ler-imac.local>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --LXz6UxD4hkOOYsw6X479h143RGo6OmYhT Content-Type: multipart/mixed; boundary="rV6U9OiomwzH6I5KrK9A0qFpqnmckPoPx"; protected-headers="v1" From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-ports@freebsd.org Message-ID: <4c740809-4237-fe43-4e38-7bba5f718291@FreeBSD.org> Subject: Re: daily security run output and joomla3 References: <BN6PR2001MB1730E3A2E333A619617FA8E880E60@BN6PR2001MB1730.namprd20.prod.outlook.com> <6eb84508-9379-7030-1989-b0c1796c9dd8@quip.cz> <BN6PR2001MB17305EA8F53CFD1FC963957580E60@BN6PR2001MB1730.namprd20.prod.outlook.com> <20180129.025651.1943739201262226813.yasu@utahime.org> <20180128180456.wle3ydeqhshspq6y@ler-imac.local> In-Reply-To: <20180128180456.wle3ydeqhshspq6y@ler-imac.local> --rV6U9OiomwzH6I5KrK9A0qFpqnmckPoPx Content-Type: text/plain; charset=windows-1252 Content-Language: en-GB Content-Transfer-Encoding: quoted-printable On 28/01/2018 18:04, Larry Rosenman wrote: > On Mon, Jan 29, 2018 at 02:56:51AM +0900, Yasuhiro KIMURA wrote: >> From: Carmel NY <carmel_ny@outlook.com> >> Subject: Re: daily security run output and joomla3 >> Date: Sun, 28 Jan 2018 17:38:10 +0000 >> >>>> You can try "pkg check -r", see man pkg-check >>> >>> Unfortunately, that has no affect. >> >> Accoding to the messages of security periodic sript, the problrem is >> not checksum mismatch but lost of package files. And "pkg check -r" >> cannot recover it. So you should reinstall www/joomla3. >> > But as the OP notes, the joomla3 instructions *REQUIRE* > removal of the install directory for security reasons, so=20 > I understand where he is coming from.=20 >=20 > As the maintainer, I'm not sure how to fix it. >=20 At a minimum, the install directory parts should be moved out of the actual package. If we had sub-packages, this would be an ideal application -- you could make a temporary sub-package of the installation bits. Unfortunately we don't have sub-packages yet, so... How about installing the installation sub-directory as part of the examples: still part of the package, but outside the web-root so inaccessible during normal operation? Create a sym-link as required to hook the installation parts into the web-root as needed -- perhaps use a POST-INSTALL script for this? Or write a small script and add it to the package as an aid to adding or removing the sym-link easily. Cheers, Matthew --rV6U9OiomwzH6I5KrK9A0qFpqnmckPoPx-- --LXz6UxD4hkOOYsw6X479h143RGo6OmYhT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQKoBAEBCgCSFiEEGfFU7L8RLlBUTj8wAFE/EOCp5OcFAlpuGlxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDE5 RjE1NEVDQkYxMTJFNTA1NDRFM0YzMDAwNTEzRjEwRTBBOUU0RTcUHG1hdHRoZXdA ZnJlZWJzZC5vcmcACgkQAFE/EOCp5OdH9Q/8C18RX3won7RIP/B39+CDRz1vNGe6 rvJu8B7KJBVOkmgN3AGhZkRym4TrJ3hZsuxDQQd4SILjda+77dSo3hEafOvnyFl1 D/WYC7JEQqptX5PnC3BWeNZ+ZHnK2SYJbQYE1RRawgDxJ+KuOyKeMAxRaBItZt/p gf7SA2pLHh3TS+acVjPNoBln1rF8g6EzD8mOC/y222scmZoP8dr6DPk3i40Zkl/5 fivyOkUDSlNzmZgsbbVAx9bBH/4QBuIrSp5n9/UJ7fKGeTjGXG9LhJWa/8WVUH9s qgIMPY8ErKgpuprvrjEbzoJJ+AZr/PtupYO0tiLO1JLv2X1HBsn5V/C6GTmfNJbB NnO+koRZZm4lSdLveYUQeQwWjcWYAnEJvSPiM64tc5+1iZm8hzaIDQ4rhADdKK+V ax4JGvyQ6uMHrk1v51ShCcXZw6Ue6ZUQP4sYgLlQgz2e/RpH97f/pUsNV0Mmk64+ GbAZgGvBVIbmH9tCtm69kNS438JXlwHQEkwvBFF0u/Tc/bZSA1K6yHhtF8XwgKnr jYWcTofKLdN6i19Wb+oDWm21YhrUF1wDUMgGmtRt/cSxUddie0GHBTCdHyOQzRi5 Utvn4yp1wzq9LPPGa05lfIIx9BOVZEZdGYCGsTjYyWToltTr1JjaIq0I1DBaPl+a BKzC+eTZzTLuOAE= =hwze -----END PGP SIGNATURE----- --LXz6UxD4hkOOYsw6X479h143RGo6OmYhT--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4c740809-4237-fe43-4e38-7bba5f718291>