-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrew Daugherity wrote: > I still have a server running mysql 4.1.22, and it's marked as having the > "MyISAM table privileges secuity [sic] bypass vulnerability". According to > CVE-2008-2079 (linked from portaudit), this is fixed in 4.1.24. > > I was going to file a PR asking for an update to 4.1.24, but then I > discovered that MySQL 4.1 is in the "extended support" phase where they > aren't releasing tarballs any more (and of course no binaries). The source > *is* still available, but it's in the bazaar repo (see: > http://blogs.sun.com/datacharmer/entry/hidden_jevewls_in_mysql_bazaar ). > This can be checked out and built, but having a build-dep of bzr is probably > not wanted. > > Is it feasible (both license-wise and technically) to have a mirror of a > 4.1.24 bzr checkout in tarball form somewhere, so the port can be built?
Yes, but for this case I think the more preferred way would be to obtain the fix from repository and apply it in files/ as a patch. This makes reviewing the code much easier. Cheers, -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkjd5C0ACgkQi+vbBBjt66CQ6wCbBYJAysE7YzcCaHwRyvcVfuya GnMAnjAIHEgf5ABw2/57dmWnIy1I+ocn =WZdp -----END PGP SIGNATURE----- _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[EMAIL PROTECTED]"
