PR sent. Thanks very much for all of your advice,
Fred
--- Alex Dupre <[EMAIL PROTECTED]> wrote:
> Fred Cox ha scritto:
> > So how about this:
> >
> > Update the version to 2.0.4 to avoid the
> > vulnerability.
> >
> > Modify Makefile to require PHP4:
> >
> > DEFAULT_PHP_VER=4
> > WANT_PHP_W
Fred Cox ha scritto:
So how about this:
Update the version to 2.0.4 to avoid the
vulnerability.
Modify Makefile to require PHP4:
DEFAULT_PHP_VER=4
WANT_PHP_WEB= yes
IGNORE_WITH_PHP=5
Add to the files/pkg-message.in to inform the user
that they must have a remote or jailed mysql 3.23 or
make
So how about this:
Update the version to 2.0.4 to avoid the
vulnerability.
Modify Makefile to require PHP4:
DEFAULT_PHP_VER=4
WANT_PHP_WEB= yes
IGNORE_WITH_PHP=5
Add to the files/pkg-message.in to inform the user
that they must have a remote or jailed mysql 3.23 or
make the published patches.
Kris Kennaway ha scritto:
Damn, how many messages should I read?! :-)
> If there is no problem with using the mysql 5.x client, then just use
> mysql 5.x and be done with it. You need to figure out whether or not
> that is true. If it is false, then there's clearly a problem for you
I bet the
On Tue, Sep 19, 2006 at 06:49:52PM -0700, Fred Cox wrote:
> > Then you haven't explained yourself very well,
> > because at the start of
> > this thread you were talking about a conflict
> > between the mysql 3 and
> > mysql 5 *clients*, not servers.
> >
>
> I haven't been able to verify for sur
--- Kris Kennaway <[EMAIL PROTECTED]> wrote:
> On Tue, Sep 19, 2006 at 06:25:50PM -0700, Fred Cox
> wrote:
>
> > > > It's still better than the current situation.
> > >
> > > Publishing packages that will not run because
> > > they're linked to the
> > > wrong libraries is, again, not my idea of
On Tue, Sep 19, 2006 at 06:25:50PM -0700, Fred Cox wrote:
> > > It's still better than the current situation.
> >
> > Publishing packages that will not run because
> > they're linked to the
> > wrong libraries is, again, not my idea of "better".
> >
>
> There is no linkage problem. It's a clie
--- Kris Kennaway <[EMAIL PROTECTED]> wrote:
> On Tue, Sep 19, 2006 at 06:02:52PM -0700, Fred Cox
> wrote:
> > --- Kris Kennaway <[EMAIL PROTECTED]> wrote:
> >
> > > On Tue, Sep 19, 2006 at 05:15:45PM -0700, Fred
> Cox
> > > wrote:
> > >
> > > > Actually, it doesn't. It goes ahead and
> install
On Tue, Sep 19, 2006 at 06:02:52PM -0700, Fred Cox wrote:
> --- Kris Kennaway <[EMAIL PROTECTED]> wrote:
>
> > On Tue, Sep 19, 2006 at 05:15:45PM -0700, Fred Cox
> > wrote:
> >
> > > Actually, it doesn't. It goes ahead and installs
> > it,
> > > even though I specified these:
> > >
> > > WITH_M
--- Kris Kennaway <[EMAIL PROTECTED]> wrote:
> On Tue, Sep 19, 2006 at 05:15:45PM -0700, Fred Cox
> wrote:
>
> > Actually, it doesn't. It goes ahead and installs
> it,
> > even though I specified these:
> >
> > WITH_MYSQL= yes
> > WANT_MYSQL_VER= 323
> > IGNORE_WITH_MYSQL=5
> >
> > Startin
On Tue, Sep 19, 2006 at 05:15:45PM -0700, Fred Cox wrote:
> Actually, it doesn't. It goes ahead and installs it,
> even though I specified these:
>
> WITH_MYSQL= yes
> WANT_MYSQL_VER= 323
> IGNORE_WITH_MYSQL=5
>
> Starting with a system that had no MySQL or PHP
> installed on it, I did a ma
--- Kris Kennaway <[EMAIL PROTECTED]> wrote:
> On Tue, Sep 19, 2006 at 04:19:23PM -0700, Fred Cox
> wrote:
>
> > > No, I guess you've still misunderstood. I don't
> > > know how many times I
> > > can say this, but let me try to explain once
> more:
> > > your port should be
> > > buildable with
On Tue, Sep 19, 2006 at 04:19:23PM -0700, Fred Cox wrote:
> > No, I guess you've still misunderstood. I don't
> > know how many times I
> > can say this, but let me try to explain once more:
> > your port should be
> > buildable with the default settings of all ports
> > involved.
> >
> > This m
--- Kris Kennaway <[EMAIL PROTECTED]> wrote:
> On Tue, Sep 19, 2006 at 04:00:14PM -0700, Fred Cox
> wrote:
> > --- Kris Kennaway <[EMAIL PROTECTED]> wrote:
> >
> > > On Tue, Sep 19, 2006 at 03:25:45PM -0700, Fred
> Cox
> > > wrote:
> > > >
> > > >
> > > > --- Kris Kennaway <[EMAIL PROTECTED]> w
On Tue, Sep 19, 2006 at 04:00:14PM -0700, Fred Cox wrote:
> --- Kris Kennaway <[EMAIL PROTECTED]> wrote:
>
> > On Tue, Sep 19, 2006 at 03:25:45PM -0700, Fred Cox
> > wrote:
> > >
> > >
> > > --- Kris Kennaway <[EMAIL PROTECTED]> wrote:
> > >
> > > > "Will fail to package" is pretty far from
> >
--- Kris Kennaway <[EMAIL PROTECTED]> wrote:
> On Tue, Sep 19, 2006 at 03:25:45PM -0700, Fred Cox
> wrote:
> >
> >
> > --- Kris Kennaway <[EMAIL PROTECTED]> wrote:
> >
> > > "Will fail to package" is pretty far from
> perfection
> > > in my book :)
> > >
> >
> > I don't believe I ever said th
On Tue, Sep 19, 2006 at 03:25:45PM -0700, Fred Cox wrote:
>
>
> --- Kris Kennaway <[EMAIL PROTECTED]> wrote:
>
> > "Will fail to package" is pretty far from perfection
> > in my book :)
> >
>
> I don't believe I ever said that. It builds fine and
> even runs, it just has lots of bugs.
>
> Ca
--- Kris Kennaway <[EMAIL PROTECTED]> wrote:
> "Will fail to package" is pretty far from perfection
> in my book :)
>
I don't believe I ever said that. It builds fine and
even runs, it just has lots of bugs.
Can you let me know what I said that gave you that
impression?
Fred
> Mark the por
On Tue, Sep 19, 2006 at 03:18:01PM -0700, Fred Cox wrote:
> It's current state is that it will install a
> vulnerable version with either the installed php and
> mysql client or php5 and mysql5. In the latter case,
> there are many bugs in the installed port.
>
> If I submit what I have now, it w
It's current state is that it will install a
vulnerable version with either the installed php and
mysql client or php5 and mysql5. In the latter case,
there are many bugs in the installed port.
If I submit what I have now, it will install the
updated version with PHP4. The user will still have
t
On Tue, Sep 19, 2006 at 02:42:37PM -0700, Fred Cox wrote:
> Would you recommend doing the partial job of updating
> the port for the vulnerability and requiring PHP4
> while I work on the ultimate solution?
It will result in a broken port unless you can address the mysql
thing - there's no way aro
Would you recommend doing the partial job of updating
the port for the vulnerability and requiring PHP4
while I work on the ultimate solution?
Thanks,
Fred
--- Kris Kennaway <[EMAIL PROTECTED]> wrote:
> On Tue, Sep 19, 2006 at 02:15:53PM -0700, Fred Cox
> wrote:
> > For my second iteration of i
On Tue, Sep 19, 2006 at 02:15:53PM -0700, Fred Cox wrote:
> For my second iteration of installing this through the
> original port, I was able to install mysql323-client
> and php4 before installing dotproject, and everything
> worked. So it appears that php4-mysql will use
> mysql323-client if it
For my second iteration of installing this through the
original port, I was able to install mysql323-client
and php4 before installing dotproject, and everything
worked. So it appears that php4-mysql will use
mysql323-client if it's already installed. I haven't
dug through the code to see how tha
On Tue, Sep 19, 2006 at 12:23:55PM -0700, Fred Cox wrote:
> This is the first time I've tried to modify a port,
> and I'm having a bit of trouble because this port
> requires MySQL 3.23 and PHP 4. Those dependencies
> weren't specified in the port before.
>
> I've gotten PHP4 by adding:
>
> USE_
--- Simon Barner <[EMAIL PROTECTED]> wrote:
> Hi Fred,
>
> thanks for your work on this port. Could you please
> resubmit the update
> as a unified diff and send it as a problem report
> (PR).
I'm on my way towards doing that, but I want to get it
right beforehand. I want to be able to require
Hi Fred,
thanks for your work on this port. Could you please resubmit the update
as a unified diff and send it as a problem report (PR). Otherwise
your work will probably get lost in the vast amount of email that gets
posted on freebsd-ports.
More information in the Porter's Handbook
http://www.f
On 2006.09.19 12:23:55 -0700, Fred Cox wrote:
> Also, where do I go to get www/dotproject-2.0.2 marked
> as vulnerable in the portaudit database?
Your mail to secteam@ slipped through the cracks. Sorry about that.
To mark something vulnerable in portaudit it needs to be added to the
VuXML docum
This is the first time I've tried to modify a port,
and I'm having a bit of trouble because this port
requires MySQL 3.23 and PHP 4. Those dependencies
weren't specified in the port before.
I've gotten PHP4 by adding:
USE_PHP=gd mysql session
DEFAULT_PHP_VER=4
WANT_PHP_WEB= yes
IGNORE_
On Mon, Sep 18, 2006 at 07:00:02PM -0700, Fred Cox wrote:
> www/dotproject is still 2.0.2, even though 2.0.4 came
> out in June to address an XSS vulnerability. See
> http://www.dotproject.net/ for details.
>
> I've sent mail to the maintainer and the contact for
> portaudit, with no response in
30 matches
Mail list logo
