apache port broken for 4.10 RELEASE?
freebsd-stable at auscert.org.au
freebsd-stable at auscert.org.au
Tue Jul 6 05:04:46 PDT 2004
Kent, thanks.
> You need to look at
> http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/apache2/Makefile
<check>
> There have been security problems fixed in Apache that will never be
> added to a stock release. If you follow the port system using cvsup of
> ports-all, there are tools to tell you that ports on your system are
> out of date and need to be updated to include those security fixes.
>
> It is a two edged sword because not all updates are security related and
> the tools will want to update the ports that have new releases.Some of
> them involved changing the interface in libraries and continuing to use
> new libraries with old codes can produce the typical off by 1 problems
> that make your system vulnerable.
Sounds like I need to learn a little more about the ports system :) I'm
not in the position to cvsup my ports, so will continue to just build from
source for now. That's always worked well for me on FreeBSD in any case.
cheers,
-- Joel Hatton --
Security Analyst and FIRST Representative | Hotline: +61 7 3365 4417
AusCERT - Australia's national CERT | Fax: +61 7 3365 7031
The University of Queensland | WWW: www.auscert.org.au
Qld 4072 Australia | Email: auscert at auscert.org.au
More information about the freebsd-stable
mailing list