daily security run output and joomla3

Matthew Seaman matthew at FreeBSD.org
Sun Jan 28 18:45:52 UTC 2018


On 28/01/2018 18:04, Larry Rosenman wrote:
> On Mon, Jan 29, 2018 at 02:56:51AM +0900, Yasuhiro KIMURA wrote:
>> From: Carmel NY <carmel_ny at outlook.com>
>> Subject: Re: daily security run output and joomla3
>> Date: Sun, 28 Jan 2018 17:38:10 +0000
>>
>>>> You can try "pkg check -r", see man pkg-check
>>>
>>> Unfortunately, that has no affect.
>>
>> Accoding to the messages of security periodic sript, the problrem is
>> not checksum mismatch but lost of package files. And "pkg check -r"
>> cannot recover it. So you should reinstall www/joomla3.
>>
> But as the OP notes, the joomla3 instructions *REQUIRE*
> removal of the install directory for security reasons, so 
> I understand where he is coming from. 
> 
> As the maintainer, I'm not sure how to fix it.
> 

At a minimum, the install directory parts should be moved out of the
actual package. If we had sub-packages, this would be an ideal
application -- you could make a temporary sub-package of the
installation bits.  Unfortunately we don't have sub-packages yet, so...

How about installing the installation sub-directory as part of the
examples: still part of the package, but outside the web-root so
inaccessible during normal operation?  Create a sym-link as required to
hook the installation parts into the web-root as needed -- perhaps use a
POST-INSTALL script for this?  Or write a small script and add it to the
package as an aid to adding or removing the sym-link easily.

	Cheers,

	Matthew

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 992 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20180128/47e71742/attachment.sig>


More information about the freebsd-ports mailing list