Opera vulnerability, marked forbidden instead of update?

Greg Byshenk freebsd at byshenk.net
Sat Nov 24 23:13:31 UTC 2012 

On Fri, 23 Nov 2012 09:00:59 +0000 Matthew Seaman <matthew at freebsd.org> wrote:
> On 23/11/2012 08:26, Matthieu Volat wrote:

> > I've noticed that www/opera was marked FORBIDDEN because of a security hole:
> > http://www.freebsd.org/cgi/getmsg.cgi?fetch=614275+0+current/svn-ports-head
> > 
> > The opera software compagny advisory indeed mark this bug as high severity,
> > and mention that there is an update to fix it.
> > 
> > I am not familiar with the security process in ports, but would not it be
> > better to update the version? Marking it FORBIDDEN do not do much for the
> > userbase that does already have it installed.
> > 
> > I've bumped the versions in the Makefile
> > OPERA_VER?=     12.11
> > OPERA_BUILD?=   1661
> > and made a `make makesum reinstall`, there was no apparent problem.
> 
> Marking a port 'FORBIDDEN' is a quick response measure that can be done
> without having to worry about time consuming testing the of port and so
> forth.  It's an interim measure taken to ensure that users do not
> unwittingly install software with known vulnerabilities.
> 
> Yes, updating the port to a non-vulnerable version is the ideal
> response, but that may not be possible to do straight away.  You've
> sketched out the first couple of steps a port maintainer would take, but
> that 'there was no apparent problem' statement would need to be backed
> up by some more rigorous testing before a maintainer would feel
> confident in committing the update.

Just a comment that, for any USERS who would like to take a
chance with updating their Opera (rather than taking a chance
running the vulnerable version), just modifying the Makefile
as described above works to provide the update.

I've updated www/opera and www/opera-linuxplugins, and my new
Opera is running fine:

	About Opera
	Version information
	Version		12.11 
	Build		1661 
	Platform	FreeBSD 
	System		amd64, 8.3-STABLE

-- 
greg byshenk  -  gbyshenk at byshenk.net  -  Leiden, NL - Portland, OR USA

More information about the freebsd-ports mailing list