apache port broken for 4.10 RELEASE?
Kent Stewart
kstewart at owt.com
Tue Jul 6 01:00:48 PDT 2004
On Tuesday 06 July 2004 12:35 am, Kent Stewart wrote:
> On Monday 05 July 2004 11:33 pm, freebsd-stable at auscert.org.au wrote:
> > Thanks Kent (and Phil and Udo).
> >
> > I have a couple of questions though.
> >
> > If 2.0.49 apache is broken in 4.10 release (install +ports), why do
> > the MD5 sums exist in distinfo for this particular version at all
> > (rather than just a simple "not supported for this release" error)
>
> Well, you are some what expected to follow the port tree. Ports in
> the releases get old quickly. A port that is used as much as Apache
> is will never stay broken for long.
You need to look at
http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/apache2/Makefile
There have been security problems fixed in Apache that will never be
added to a stock release. If you follow the port system using cvsup of
ports-all, there are tools to tell you that ports on your system are
out of date and need to be updated to include those security fixes.
It is a two edged sword because not all updates are security related and
the tools will want to update the ports that have new releases.Some of
them involved changing the interface in libraries and continuing to use
new libraries with old codes can produce the typical off by 1 problems
that make your system vulnerable.
Kent
--
Kent Stewart
Richland, WA
http://users.owt.com/kstewart/index.html
More information about the freebsd-stable
mailing list