apache port broken for 4.10 RELEASE?

freebsd-stable at auscert.org.au freebsd-stable at auscert.org.au
Tue Jul 6 05:04:46 PDT 2004

Kent, thanks.

> You need to look at
> http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/apache2/Makefile


> There have been security problems fixed in Apache that will never be 
> added to a stock release. If you follow the port system using cvsup of 
> ports-all, there are tools to tell you that ports on your system are 
> out of date and need to be updated to include those security fixes.
> It is a two edged sword because not all updates are security related and 
> the tools will want to update the ports that have new releases.Some of 
> them involved changing the interface in libraries and continuing to use 
> new libraries with old codes can produce the typical off by 1 problems 
> that make your system vulnerable.

Sounds like I need to learn a little more about the ports system :) I'm
not in the position to cvsup my ports, so will continue to just build from
source for now. That's always worked well for me on FreeBSD in any case.

-- Joel Hatton --
Security Analyst and FIRST Representative  | Hotline: +61 7 3365 4417
AusCERT - Australia's national CERT        | Fax:     +61 7 3365 7031
The University of Queensland               | WWW:     www.auscert.org.au
Qld 4072 Australia                         | Email:   auscert at auscert.org.au

More information about the freebsd-stable mailing list