Date: Tue, 06 Jul 2004 22:04:43 +1000 From: freebsd-stable@auscert.org.au To: freebsd-stable@freebsd.org Subject: Re: apache port broken for 4.10 RELEASE? Message-ID: <200407061204.i66C4hiP020657@app.auscert.org.au> In-Reply-To: Your message of "Tue, 06 Jul 2004 01:00:44 MST." <200407060100.44096.kstewart@owt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Kent, thanks. > You need to look at > http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/apache2/Makefile <check> > There have been security problems fixed in Apache that will never be > added to a stock release. If you follow the port system using cvsup of > ports-all, there are tools to tell you that ports on your system are > out of date and need to be updated to include those security fixes. > > It is a two edged sword because not all updates are security related and > the tools will want to update the ports that have new releases.Some of > them involved changing the interface in libraries and continuing to use > new libraries with old codes can produce the typical off by 1 problems > that make your system vulnerable. Sounds like I need to learn a little more about the ports system :) I'm not in the position to cvsup my ports, so will continue to just build from source for now. That's always worked well for me on FreeBSD in any case. cheers, -- Joel Hatton -- Security Analyst and FIRST Representative | Hotline: +61 7 3365 4417 AusCERT - Australia's national CERT | Fax: +61 7 3365 7031 The University of Queensland | WWW: www.auscert.org.au Qld 4072 Australia | Email: auscert@auscert.org.au
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407061204.i66C4hiP020657>