Date: Tue, 19 Sep 2006 12:23:55 -0700 (PDT) From: Fred Cox <sailorfred@yahoo.com> To: Kris Kennaway <kris@obsecurity.org> Cc: freebsd-ports@freebsd.org Subject: Re: www/dotproject out of date and vulnerable Message-ID: <20060919192355.28159.qmail@web31804.mail.mud.yahoo.com> In-Reply-To: <20060919020738.GA16953@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--0-1829185543-1158693835=:27466 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Content-Id: Content-Disposition: inline This is the first time I've tried to modify a port, and I'm having a bit of trouble because this port requires MySQL 3.23 and PHP 4. Those dependencies weren't specified in the port before. I've gotten PHP4 by adding: USE_PHP= gd mysql session DEFAULT_PHP_VER=4 WANT_PHP_WEB= yes IGNORE_WITH_PHP=5 Trying to get it to install MySQL 3.23 client seems to be stymied by the php4-mysql default dependency on the MySQL 5 client. I haven't actually figured out how it specifies this dependency, since the php4-mysql/Makefile is very empty. I'm attaching what I think is right for the Makefile and distinfo. Any hints? Also, where do I go to get www/dotproject-2.0.2 marked as vulnerable in the portaudit database? Thanks, Fred --- Kris Kennaway <kris@obsecurity.org> wrote: > On Mon, Sep 18, 2006 at 07:00:02PM -0700, Fred Cox > wrote: > > www/dotproject is still 2.0.2, even though 2.0.4 > came > > out in June to address an XSS vulnerability. See > > http://www.dotproject.net/ for details. > > > > I've sent mail to the maintainer and the contact > for > > portaudit, with no response in over 2 weeks and 1 > week > > respectively. Portaudit does not report any > problem > > with dotproject. > > > > What's the next step? > > If you submit the update as a PR, it can be > committed under maintainer > timeout. > > Kris > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --0-1829185543-1158693835=:27466 Content-Type: application/octet-stream; name=Makefile Content-Transfer-Encoding: base64 Content-Description: 402397780-Makefile Content-Disposition: attachment; filename=Makefile IyBOZXcgcG9ydHMgY29sbGVjdGlvbiBtYWtlZmlsZSBmb3I6CWRvdHByb2pl Y3QKIyBEYXRlIGNyZWF0ZWQ6CQkJCTEyIEFwcmlsIDIwMDUKIyBXaG9tOgkJ CQkJQW50b25pbyBDYXJsb3MgVmVuYW5jaW8gSnVuaW9yICg8YW50b25pb0Bp bmYudWZzYy5icj4pCiMKIyAkRnJlZUJTRDogcG9ydHMvd3d3L2RvdHByb2pl Y3QvTWFrZWZpbGUsdiAxLjIgMjAwNi8wNS8xMiAxODoyNzo0MyBqbWVsbyBF eHAgJAojCgpQT1JUTkFNRT0JZG90cHJvamVjdApQT1JUVkVSU0lPTj0JMi4w LjQKQ0FURUdPUklFUz0Jd3d3IGRldmVsCk1BU1RFUl9TSVRFUz0JJHtNQVNU RVJfU0lURV9TT1VSQ0VGT1JHRX0KTUFTVEVSX1NJVEVfU1VCRElSPQkke1BP UlROQU1FfQpESVNUTkFNRT0JJHtQT1JUTkFNRX0tJHtQT1JUVkVSU0lPTn0K Ck1BSU5UQUlORVI9CXNhaWxvcmZyZWRAeWFob28uY29tCkNPTU1FTlQ9CU9w ZW4gU291cmNlIFByb2plY3QgTWFuYWdlbWVudCB0b29sCgpXUktTUkM9CQkk e1dSS0RJUn0vJHtQT1JUTkFNRX0KRE9UUFJPSkVDVERJUj0JJHtQUkVGSVh9 L3d3dy8ke1BPUlROQU1FfQpOT19CVUlMRD0JeWVzClVTRV9QSFA9CWdkIG15 c3FsIHNlc3Npb24KREVGQVVMVF9QSFBfVkVSPTQKV0FOVF9QSFBfV0VCPQl5 ZXMKSUdOT1JFX1dJVEhfUEhQPTUKV0lUSF9NWVNRTD0JeWVzCldBTlRfTVlT UUxfVkVSPQkzMjMKSUdOT1JFX1dJVEhfTVlTUUw9NQpVU0VfQVBBQ0hFPQkx LjMKClNVQl9MSVNUKz0JRE9UUFJPSkVDVERJUj0ke0RPVFBST0pFQ1RESVJ9 ClNVQl9GSUxFUz0JcGtnLW1lc3NhZ2UKCmRvLWluc3RhbGw6Cgkke01LRElS fSAke0RPVFBST0pFQ1RESVJ9Cgkke0NQfSAtUiAke1dSS1NSQ30vKiAke0RP VFBST0pFQ1RESVJ9Cgpwb3N0LWluc3RhbGw6CglAJHtDQVR9ICR7UEtHTUVT U0FHRX0KCi5pbmNsdWRlIDxic2QucG9ydC5taz4K --0-1829185543-1158693835=:27466 Content-Type: application/octet-stream; name=distinfo Content-Transfer-Encoding: base64 Content-Description: 1721150501-distinfo Content-Disposition: attachment; filename=distinfo TUQ1IChkb3Rwcm9qZWN0LTIuMC40LnRhci5neikgPSBlMGE4NDZmMGIyZDM3 ZjdmM2Y0YTUyODdiODQ0ZTJkOApTSEEyNTYgKGRvdHByb2plY3QtMi4wLjQu dGFyLmd6KSA9IGQwY2UwNDhmNDIzYmFmOGRkZmUyNDRkOTNkZjdiNGUxZGFi OTIyNWYyZjcyMzQyNDkzOGE2YjEzMmE2MzAyYjcKU0laRSAoZG90cHJvamVj dC0yLjAuNC50YXIuZ3opID0gMjEyNDA1Ngo= --0-1829185543-1158693835=:27466--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060919192355.28159.qmail>