www/dotproject out of date and vulnerable
Kris Kennaway
kris at obsecurity.org
Tue Sep 19 18:12:16 PDT 2006
On Tue, Sep 19, 2006 at 06:02:52PM -0700, Fred Cox wrote:
> --- Kris Kennaway <kris at obsecurity.org> wrote:
>
> > On Tue, Sep 19, 2006 at 05:15:45PM -0700, Fred Cox
> > wrote:
> >
> > > Actually, it doesn't. It goes ahead and installs
> > it,
> > > even though I specified these:
> > >
> > > WITH_MYSQL= yes
> > > WANT_MYSQL_VER= 323
> > > IGNORE_WITH_MYSQL=5
> > >
> > > Starting with a system that had no MySQL or PHP
> > > installed on it, I did a make install in the
> > > dotproject port with the Makefile and distinfo I
> > > specified earlier.
> > >
> > > It seems to look for mysql.so, and if that's
> > found, it
> > > doesn't worry about the version.
> >
> > OK, so it's just silently broken, which is worse.
> >
>
> It's still better than the current situation.
Publishing packages that will not run because they're linked to the
wrong libraries is, again, not my idea of "better".
> > > See the log at http://fcox.net/dp.log, when no
> > mysql
> > > or php was installed on the system.
> > >
> > > Perhaps this is a bug in the dependencies system.
> >
> > Dunno without investigating. Anyway, the correct
> > solution is the
> > same.
> >
>
> OK, so if you had a pointer on how to depend on that
> alternate version, it would help.
Copy the php4-mysql port to php4-mysql3 and make the presumably
trivial change to make it use mysql 3 instead of whatever the default
is.
> Right now, the
> dependencies are specified with the WITH and IGNORE
> variables, but it seems that with your proposal I
> won't be able to do that. Maybe tonight I will fall
> asleep reading the Porter's Handbook.
OK.
Kris
More information about the freebsd-ports
mailing list