Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 6 Jul 2004 01:00:44 -0700
From:      Kent Stewart <kstewart@owt.com>
To:        freebsd-stable@freebsd.org
Subject:   Re: apache port broken for 4.10 RELEASE?
Message-ID:  <200407060100.44096.kstewart@owt.com>
In-Reply-To: <200407060035.05334.kstewart@owt.com>
References:  <200407060633.i666XuiP077911@app.auscert.org.au> <200407060035.05334.kstewart@owt.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 06 July 2004 12:35 am, Kent Stewart wrote:
> On Monday 05 July 2004 11:33 pm, freebsd-stable@auscert.org.au wrote:
> > Thanks Kent (and Phil and Udo).
> >
> > I have a couple of questions though.
> >
> > If 2.0.49 apache is broken in 4.10 release (install +ports), why do
> > the MD5 sums exist in distinfo for this particular version at all
> > (rather than just a simple "not supported for this release" error)
>
> Well, you are some what  expected to follow the port tree. Ports in
> the releases get old quickly. A port that is used as much as Apache
> is will never stay broken for long.

You need to look at
http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/apache2/Makefile

There have been security problems fixed in Apache that will never be 
added to a stock release. If you follow the port system using cvsup of 
ports-all, there are tools to tell you that ports on your system are 
out of date and need to be updated to include those security fixes.

It is a two edged sword because not all updates are security related and 
the tools will want to update the ports that have new releases.Some of 
them involved changing the interface in libraries and continuing to use 
new libraries with old codes can produce the typical off by 1 problems 
that make your system vulnerable.

Kent

-- 
Kent Stewart
Richland, WA

http://users.owt.com/kstewart/index.html



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407060100.44096.kstewart>