www/dotproject out of date and vulnerable
Fred Cox
sailorfred at yahoo.com
Tue Sep 19 12:24:00 PDT 2006
This is the first time I've tried to modify a port,
and I'm having a bit of trouble because this port
requires MySQL 3.23 and PHP 4. Those dependencies
weren't specified in the port before.
I've gotten PHP4 by adding:
USE_PHP= gd mysql session
DEFAULT_PHP_VER=4
WANT_PHP_WEB= yes
IGNORE_WITH_PHP=5
Trying to get it to install MySQL 3.23 client seems to
be stymied by the php4-mysql default dependency on the
MySQL 5 client. I haven't actually figured out how it
specifies this dependency, since the
php4-mysql/Makefile is very empty.
I'm attaching what I think is right for the Makefile
and distinfo.
Any hints?
Also, where do I go to get www/dotproject-2.0.2 marked
as vulnerable in the portaudit database?
Thanks,
Fred
--- Kris Kennaway <kris at obsecurity.org> wrote:
> On Mon, Sep 18, 2006 at 07:00:02PM -0700, Fred Cox
> wrote:
> > www/dotproject is still 2.0.2, even though 2.0.4
> came
> > out in June to address an XSS vulnerability. See
> > http://www.dotproject.net/ for details.
> >
> > I've sent mail to the maintainer and the contact
> for
> > portaudit, with no response in over 2 weeks and 1
> week
> > respectively. Portaudit does not report any
> problem
> > with dotproject.
> >
> > What's the next step?
>
> If you submit the update as a PR, it can be
> committed under maintainer
> timeout.
>
> Kris
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Makefile
Type: application/octet-stream
Size: 930 bytes
Desc: 402397780-Makefile
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20060919/f269d38d/Makefile.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: distinfo
Type: application/octet-stream
Size: 206 bytes
Desc: 1721150501-distinfo
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20060919/f269d38d/distinfo.obj
More information about the freebsd-ports
mailing list