www/dotproject out of date and vulnerable

Fred Cox sailorfred at yahoo.com
Tue Sep 19 12:24:00 PDT 2006


This is the first time I've tried to modify a port,
and I'm having a bit of trouble because this port
requires MySQL 3.23 and PHP 4.  Those dependencies
weren't specified in the port before.

I've gotten PHP4 by adding:

USE_PHP=        gd mysql session
DEFAULT_PHP_VER=4
WANT_PHP_WEB=   yes
IGNORE_WITH_PHP=5

Trying to get it to install MySQL 3.23 client seems to
be stymied by the php4-mysql default dependency on the
MySQL 5 client.  I haven't actually figured out how it
specifies this dependency, since the
php4-mysql/Makefile is very empty.

I'm attaching what I think is right for the Makefile
and distinfo.

Any hints?

Also, where do I go to get www/dotproject-2.0.2 marked
as vulnerable in the portaudit database?

Thanks,

Fred

--- Kris Kennaway <kris at obsecurity.org> wrote:

> On Mon, Sep 18, 2006 at 07:00:02PM -0700, Fred Cox
> wrote:
> > www/dotproject is still 2.0.2, even though 2.0.4
> came
> > out in June to address an XSS vulnerability.  See
> > http://www.dotproject.net/ for details.
> > 
> > I've sent mail to the maintainer and the contact
> for
> > portaudit, with no response in over 2 weeks and 1
> week
> > respectively.  Portaudit does not report any
> problem
> > with dotproject.
> > 
> > What's the next step?
> 
> If you submit the update as a PR, it can be
> committed under maintainer
> timeout.
> 
> Kris
> 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Makefile
Type: application/octet-stream
Size: 930 bytes
Desc: 402397780-Makefile
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20060919/f269d38d/Makefile.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: distinfo
Type: application/octet-stream
Size: 206 bytes
Desc: 1721150501-distinfo
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20060919/f269d38d/distinfo.obj


More information about the freebsd-ports mailing list