[Bug 269768] apache24 pkg contains broken dependency / potential security issue

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 269768] apache24 pkg contains broken dependency / potential security issue"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 269768] www/apache24: broken dependency / potential security issue"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 23 Feb 2023 00:33:39 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269768

            Bug ID: 269768
           Summary: apache24 pkg contains broken dependency / potential
                    security issue
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: sec@42.org

current apache24 pkg for FreeBSD-13 tries to install the deprecated/EOLd db5
package:

ice:#pkg upgrade
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking for upgrades (5 candidates): 100%
Processing candidates (5 candidates): 100%
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        db5: 5.3.28_9

Installed packages to be REINSTALLED:
        apache24-2.4.55 (required shared library changed)
        apr-1.7.0.1.6.1_2 (direct dependency changed: db5)


The db5 package is marked as deprecated:

ice:/#grep DEPRECATED /usr/ports/databases/db5/Makefile
DEPRECATED=     EOLd, potential security issues, maybe use db18 instead

-- 
You are receiving this mail because:
You are the assignee for the bug.