Date: Wed, 20 Sep 2006 00:20:43 -0700 (PDT) From: Fred Cox <sailorfred@yahoo.com> To: Alex Dupre <ale@FreeBSD.org>, Kris Kennaway <kris@obsecurity.org> Cc: freebsd-ports@freebsd.org, Fred Cox <sailorfred@yahoo.com> Subject: Re: www/dotproject out of date and vulnerable Message-ID: <20060920072043.47129.qmail@web31808.mail.mud.yahoo.com> In-Reply-To: <4510DC28.9070808@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
So how about this: Update the version to 2.0.4 to avoid the vulnerability. Modify Makefile to require PHP4: DEFAULT_PHP_VER=4 WANT_PHP_WEB= yes IGNORE_WITH_PHP=5 Add to the files/pkg-message.in to inform the user that they must have a remote or jailed mysql 3.23 or make the published patches. Fred --- Alex Dupre <ale@FreeBSD.org> wrote: > Kris Kennaway ha scritto: > > Damn, how many messages should I read?! :-) > > > If there is no problem with using the mysql 5.x > client, then just use > > mysql 5.x and be done with it. You need to figure > out whether or not > > that is true. If it is false, then there's > clearly a problem for you > > I bet the client will have no problems with mysql > 5.0, so this seems a > good solution to me. > > > This whole discussion came about because you were > trying to look for a > > way to force everything (including php4-mysql) to > link to mysql 3.x, > > which is currently impossible to achieve > satisfactorily without > > further work on your part. > > And adding a php4-mysql3 port is not trivial and I'm > against it since > MySQL 3.23 is unsupported. If dotproject *must* > depends on mysql 3.23 it > has to be marked NO_PACKAGE, otherwise the above > (temporary, until the > sql scripts will be updated) solution is ok. > > -- > Alex Dupre > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060920072043.47129.qmail>