cvs commit: ports/www/horde-base Makefile distinfo pkg-plist
Martin Matuska
mm at FreeBSD.org
Tue Feb 14 23:31:31 UTC 2012
On 14.2.2012 20:34, Olli Hauer wrote:
> On 2012-02-14 12:35, Martin Matuska wrote:
>> mm 2012-02-14 11:35:51 UTC
>>
>> FreeBSD ports repository
>>
>> Modified files:
>> www/horde-base Makefile distinfo pkg-plist
>> Log:
>> Update to 3.3.13
>>
>> Revision Changes Path
>> 1.91 +1 -2 ports/www/horde-base/Makefile
>> 1.40 +2 -2 ports/www/horde-base/distinfo
>> 1.36 +20 -0 ports/www/horde-base/pkg-plist
>>
>> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/www/horde-base/Makefile.diff?&r1=1.90&r2=1.91&f=h
>> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/www/horde-base/distinfo.diff?&r1=1.39&r2=1.40&f=h
>> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/www/horde-base/pkg-plist.diff?&r1=1.35&r2=1.36&f=h
>>
> Hi Martin,
>
> shouldn't we push a vuxml for the update?
>
> Seems version 3.3.12 contains a backdor.
> http://dev.horde.org/h/jonah/stories/view.php?channel_id=1&id=155
>
> --
> Regards,
> olli
Hi Olli,
as of the Horde report the problem affects "Horde 3.3.12 downloaded
between November 15 and February 7".
Our port and the SHA256 checksums have been updated shortly after
release to 3.3.12 on July, 28, 2011.
The altered file on the Horde server must have had an invalid checksum
and should have been failing to install.
Therefore I see no point in adding this to vuxml, as our users were not
affected by this issue.
--
Martin Matuska
FreeBSD committer
http://blog.vx.sk
More information about the cvs-all
mailing list