ports/68461: [patch] port www/sitecopy use vulnerable libneon (bundled)
Thomas L. Kjeldsen
tlk at mayi.dk
Tue Jun 29 00:00:50 UTC 2004
>Number: 68461
>Category: ports
>Synopsis: [patch] port www/sitecopy use vulnerable libneon (bundled)
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Tue Jun 29 00:00:49 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Thomas L. Kjeldsen
>Release: 4.9-RELEASE-p5
>Organization:
mayi.dk
>Environment:
>Description:
According to http://www.openpkg.org/security/OpenPKG-SA-2004.024-neon.html sitecopy upstream is delivered with vulnerable libneon.
Quoting from http://bugs.gentoo.org/show_bug.cgi?id=51585 "The author of that package has indicated he has no immediate plans to release a new version of his program that contains the fixes for the security vulnerability."
>How-To-Repeat:
>Fix:
Kurt V. Hindenburg provided a gentoo ebuild patch to make sitecopy use libneon as a shared library instead of the bundled which is vulnerable. Here is a unified diff to make the freebsd port do the same:
--- Makefile_org Tue Jun 29 01:44:19 2004
+++ Makefile Tue Jun 29 01:44:41 2004
@@ -14,10 +14,12 @@
MAINTAINER= olgeni at FreeBSD.org
COMMENT= Maintains remote websites, uses FTP or WebDAV to sync up with local copy
+LIB_DEPENDS= neon:${PORTSDIR}/www/neon
+
GNU_CONFIGURE= yes
CONFIGURE_ENV= CC="${CC} -I${LOCALBASE}/include" \
LIBS="-L${LOCALBASE}/lib -lintl"
-CONFIGURE_ARGS= --with-included-neon --with-libxml2
+CONFIGURE_ARGS= --with-neon --with-libxml2
USE_REINPLACE= yes
USE_GETTEXT= yes
USE_GNOME= libxml2
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list