ports/94919: [PATCH] suPHP (www/suphp) 0.6.1
Jeremy Chadwick
freebsd at jdc.parodius.com
Sat Mar 25 01:30:34 UTC 2006
The following reply was made to PR ports/94919; it has been noted by GNATS.
From: Jeremy Chadwick <freebsd at jdc.parodius.com>
To: bug-followup at FreeBSD.org
Cc:
Subject: Re: ports/94919: [PATCH] suPHP (www/suphp) 0.6.1
Date: Fri, 24 Mar 2006 17:28:58 -0800
Sadly, I cannot approve this, for many of the same reasons listed
in past PRs such as ports/82746.
I get requests for this upgrade literally twice a week, sometimes
more. I actually keep a file laying around as a template response
due to the high volume of mails...
> The suphp port will not be upgraded to 0.6.x until the author fixes
> numerous security holes and bugs in the software. Some were fixed
> with the 0.6.1 release, but there are still claims of security-related
> issues with 0.6.1 (see the suphp mailing list for details). One issue
> which I have personally confirmed is the module doing double-free()'s
> on pieces of previously allocated memory; this still exists in 0.6.1.
>
> Until these issues are dealt with, the port will remain at 0.5.2; I'd
> rather not unleash unstable software into the hands of BSD sysadmins
> worldwide.
>
> If 0.6.1 is an absolute necessity for you, I'd gladly review and
> agree to the commital of a www/suphp-dev port, assuming someone else
> maintains it.
>
> I hope you understand. Thanks!
I'm all for someone maintaining a new port (ex. www/suphp-dev) which
contains 0.6 or 0.6.1 -- until the suphp author manages to fix the
bugs in recent releases.
My apologies to the PR submitter (Eugene Kim), as he obviously put in
quite a lot of work. I would rather his efforts be put to use, just
not in the current (stable) suphp port...
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. |
On Sat, Mar 25, 2006 at 01:04:03AM +0000, Edwin Groothuis wrote:
> Maintainer of www/suphp,
>
> Please note that PR ports/94919 has just been submitted.
>
> If it contains a patch for an upgrade, an enhancement or a bug fix
> you agree on, reply to this email stating that you approve the patch
> and a committer will take care of it.
>
> The full text of the PR can be found at:
> http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/94919
>
> --
> Edwin Groothuis
> edwin at FreeBSD.org
More information about the freebsd-ports-bugs
mailing list