www/dotproject out of date and vulnerable

Kris Kennaway kris at obsecurity.org
Tue Sep 19 16:30:17 PDT 2006 

On Tue, Sep 19, 2006 at 04:19:23PM -0700, Fred Cox wrote:

> > No, I guess you've still misunderstood.  I don't
> > know how many times I
> > can say this, but let me try to explain once more:
> > your port should be
> > buildable with the default settings of all ports
> > involved.
> > 
> > This means that you can't place special requirements
> > like "you have to
> > first install mysql 3.x, then install the php4-mysql
> > port, then
> > install this port", because that is too non-generic
> > and will not be
> > true on systems that already have php4-mysql
> > installed with the
> > default mysql client.
> > 
> > The solution, which I explained several messages
> > ago, is to make an
> > alternative php4-mysql3 port, which always depends
> > on mysql 3.x, and
> > use that instead of php4-mysql (it may need to
> > conflict with
> > php4-mysql, I don't know).  This really isn't very
> > hard and you
> > perhaps could have done it already by now :)
> > 
> 
> When I was trying to install this in first place, I
> couldn't install mysql323-client when mysql5-client
> was already installed.  It refused to install.  I had
> to install it into a jail by itself with msyql323 and
> php4.

Right, they conflict.  There's nothing you can do about that; they
want to install files on top of each other, breaking one or the other
installation.

> I assume that will break the requirement that it be
> buildable with defaults, assuming that some other port
> that requires mysql has already been built.  Is that a
> bad assumption?

Yes, with the above solution mysql 4.x or 5.x do not get installed
when you build your port on a clean system (no ports installed, and no
non-default settings), only mysql 3.x, so there's no conflict.

If someone has mysql 4.x or 5.x installed already, they get a warning
from the conflict checking telling them it's impossible to install the
port without first deinstalling mysql 4.x and 5.x, which is true and
unavoidable.

With your proposed version, a conflicting mysql version would first be
installed by php4-mysql and the build of your port will subsequently
fail when it tries to install mysql3 (or vice versa, depending on
which happens first), which is precisely the problem.

Hope this has clarified things sufficiently now,
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20060919/fce5f930/attachment.pgp

More information about the freebsd-ports mailing list