www/dotproject out of date and vulnerable
Fred Cox
sailorfred at yahoo.com
Wed Sep 20 00:20:45 PDT 2006
So how about this:
Update the version to 2.0.4 to avoid the
vulnerability.
Modify Makefile to require PHP4:
DEFAULT_PHP_VER=4
WANT_PHP_WEB= yes
IGNORE_WITH_PHP=5
Add to the files/pkg-message.in to inform the user
that they must have a remote or jailed mysql 3.23 or
make the published patches.
Fred
--- Alex Dupre <ale at FreeBSD.org> wrote:
> Kris Kennaway ha scritto:
>
> Damn, how many messages should I read?! :-)
>
> > If there is no problem with using the mysql 5.x
> client, then just use
> > mysql 5.x and be done with it. You need to figure
> out whether or not
> > that is true. If it is false, then there's
> clearly a problem for you
>
> I bet the client will have no problems with mysql
> 5.0, so this seems a
> good solution to me.
>
> > This whole discussion came about because you were
> trying to look for a
> > way to force everything (including php4-mysql) to
> link to mysql 3.x,
> > which is currently impossible to achieve
> satisfactorily without
> > further work on your part.
>
> And adding a php4-mysql3 port is not trivial and I'm
> against it since
> MySQL 3.23 is unsupported. If dotproject *must*
> depends on mysql 3.23 it
> has to be marked NO_PACKAGE, otherwise the above
> (temporary, until the
> sql scripts will be updated) solution is ok.
>
> --
> Alex Dupre
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the freebsd-ports
mailing list