aboutsummaryrefslogtreecommitdiffstats
path: root/www/mod_frontpage
diff options
context:
space:
mode:
authormbr <mbr@FreeBSD.org>2002-02-06 00:18:42 +0800
committermbr <mbr@FreeBSD.org>2002-02-06 00:18:42 +0800
commit6b31ad45715876662b3c374323a1e32d4027d36f (patch)
tree4a1d0c03f33ffb5d9d2c1aeb65b11dd1f0210a31 /www/mod_frontpage
parentfa4d7f1993874605f61d4883e674ba490026fc89 (diff)
downloadfreebsd-ports-gnome-6b31ad45715876662b3c374323a1e32d4027d36f.tar.gz
freebsd-ports-gnome-6b31ad45715876662b3c374323a1e32d4027d36f.tar.zst
freebsd-ports-gnome-6b31ad45715876662b3c374323a1e32d4027d36f.zip
Sigh. Commit the update. I hope I will not find more security issues.
Diffstat (limited to 'www/mod_frontpage')
-rw-r--r--www/mod_frontpage/Makefile23
-rw-r--r--www/mod_frontpage/distinfo2
-rw-r--r--www/mod_frontpage/pkg-message7
3 files changed, 24 insertions, 8 deletions
diff --git a/www/mod_frontpage/Makefile b/www/mod_frontpage/Makefile
index fa94d75f25ae..ccb5e93c1bcd 100644
--- a/www/mod_frontpage/Makefile
+++ b/www/mod_frontpage/Makefile
@@ -5,14 +5,12 @@
# $FreeBSD$
PORTNAME= mod_frontpage
-PORTVERSION= 1.6
+PORTVERSION= 1.6.1
CATEGORIES= www
MASTER_SITES= http://people.freebsd.org/~mbr/distfiles/
MAINTAINER= mbr@FreeBSD.org
-FORBIDDEN= "Buffer overflows in fpexec, exploitable locally. A fix is in work"
-
AP_PORT?= apache13
BUILD_DEPENDS= ${LOCALBASE}/sbin/apxs:${PORTSDIR}/www/${AP_PORT}
@@ -44,6 +42,25 @@ AP_LIBEXEC?= ${PREFIX}/libexec/apache
PERL_CONFIGURE= yes
+pre-fetch:
+ @${ECHO}
+ @${ECHO} ******************************************************
+ @${ECHO} IMPORTANT
+ @${ECHO}
+ @${ECHO} This port still has some security issues. Some buffer
+ @${ECHO} overflows have been fixed, but since the port depends
+ @${ECHO} on ENV[] variables, a local user can still gain a UID
+ @${ECHO} of another user. This is a design issue, and also
+ @${ECHO} present in the apache13-fp port.
+ @${ECHO}
+ @${ECHO} Check carefully that the Makefile has FP_UID_MIN and
+ @${ECHO} FP_GID_MIN set correctly. If you think security is
+ @${ECHO} very important for you, you shouldn't run frontpage
+ @${ECHO} at all.
+ @${ECHO} ******************************************************
+ @${ECHO}
+
+
post-install:
@${CAT} ${PKGMESSAGE}
diff --git a/www/mod_frontpage/distinfo b/www/mod_frontpage/distinfo
index d4013517ef5c..cb80170ca20b 100644
--- a/www/mod_frontpage/distinfo
+++ b/www/mod_frontpage/distinfo
@@ -1 +1 @@
-MD5 (mod_frontpage-1.6.tar.gz) = 516870d6207f893ac37aaf463bf8f381
+MD5 (mod_frontpage-1.6.1.tar.gz) = ca2bc12b8398b1d82dc94fe7fda42e74
diff --git a/www/mod_frontpage/pkg-message b/www/mod_frontpage/pkg-message
index d69e0fab0a5c..50b2a7ed0611 100644
--- a/www/mod_frontpage/pkg-message
+++ b/www/mod_frontpage/pkg-message
@@ -1,9 +1,8 @@
************************************************************************
-mod_frontpage improved has been installed. You can turn off/on the
-extensions and the frontpage administration per site in httpd.conf
-and per virtual server. FrontPageAdminDisable is the default if no
-option is given.
+You can turn off/on the extensions and the frontpage administration
+per site in httpd.conf and per virtual server. FrontPageAdminDisable
+is the default if no option is given.
FrontPageEnable # Enable Frontpage Extensions
FrontPageDisable # Disable Frontpage Extensions