diff options
| author | mbr <mbr@FreeBSD.org> | 2002-02-06 00:18:42 +0800 |
|---|---|---|
| committer | mbr <mbr@FreeBSD.org> | 2002-02-06 00:18:42 +0800 |
| commit | 6b31ad45715876662b3c374323a1e32d4027d36f (patch) | |
| tree | 4a1d0c03f33ffb5d9d2c1aeb65b11dd1f0210a31 /www | |
| parent | fa4d7f1993874605f61d4883e674ba490026fc89 (diff) | |
| download | freebsd-ports-gnome-6b31ad45715876662b3c374323a1e32d4027d36f.tar.gz freebsd-ports-gnome-6b31ad45715876662b3c374323a1e32d4027d36f.tar.zst freebsd-ports-gnome-6b31ad45715876662b3c374323a1e32d4027d36f.zip | |
Sigh. Commit the update. I hope I will not find more security issues.
Diffstat (limited to 'www')
| -rw-r--r-- | www/mod_frontpage/Makefile | 23 | ||||
| -rw-r--r-- | www/mod_frontpage/distinfo | 2 | ||||
| -rw-r--r-- | www/mod_frontpage/pkg-message | 7 |
3 files changed, 24 insertions, 8 deletions
diff --git a/www/mod_frontpage/Makefile b/www/mod_frontpage/Makefile index fa94d75f25ae..ccb5e93c1bcd 100644 --- a/www/mod_frontpage/Makefile +++ b/www/mod_frontpage/Makefile @@ -5,14 +5,12 @@ # $FreeBSD$ PORTNAME= mod_frontpage -PORTVERSION= 1.6 +PORTVERSION= 1.6.1 CATEGORIES= www MASTER_SITES= http://people.freebsd.org/~mbr/distfiles/ MAINTAINER= mbr@FreeBSD.org -FORBIDDEN= "Buffer overflows in fpexec, exploitable locally. A fix is in work" - AP_PORT?= apache13 BUILD_DEPENDS= ${LOCALBASE}/sbin/apxs:${PORTSDIR}/www/${AP_PORT} @@ -44,6 +42,25 @@ AP_LIBEXEC?= ${PREFIX}/libexec/apache PERL_CONFIGURE= yes +pre-fetch: + @${ECHO} + @${ECHO} ****************************************************** + @${ECHO} IMPORTANT + @${ECHO} + @${ECHO} This port still has some security issues. Some buffer + @${ECHO} overflows have been fixed, but since the port depends + @${ECHO} on ENV[] variables, a local user can still gain a UID + @${ECHO} of another user. This is a design issue, and also + @${ECHO} present in the apache13-fp port. + @${ECHO} + @${ECHO} Check carefully that the Makefile has FP_UID_MIN and + @${ECHO} FP_GID_MIN set correctly. If you think security is + @${ECHO} very important for you, you shouldn't run frontpage + @${ECHO} at all. + @${ECHO} ****************************************************** + @${ECHO} + + post-install: @${CAT} ${PKGMESSAGE} diff --git a/www/mod_frontpage/distinfo b/www/mod_frontpage/distinfo index d4013517ef5c..cb80170ca20b 100644 --- a/www/mod_frontpage/distinfo +++ b/www/mod_frontpage/distinfo @@ -1 +1 @@ -MD5 (mod_frontpage-1.6.tar.gz) = 516870d6207f893ac37aaf463bf8f381 +MD5 (mod_frontpage-1.6.1.tar.gz) = ca2bc12b8398b1d82dc94fe7fda42e74 diff --git a/www/mod_frontpage/pkg-message b/www/mod_frontpage/pkg-message index d69e0fab0a5c..50b2a7ed0611 100644 --- a/www/mod_frontpage/pkg-message +++ b/www/mod_frontpage/pkg-message @@ -1,9 +1,8 @@ ************************************************************************ -mod_frontpage improved has been installed. You can turn off/on the -extensions and the frontpage administration per site in httpd.conf -and per virtual server. FrontPageAdminDisable is the default if no -option is given. +You can turn off/on the extensions and the frontpage administration +per site in httpd.conf and per virtual server. FrontPageAdminDisable +is the default if no option is given. FrontPageEnable # Enable Frontpage Extensions FrontPageDisable # Disable Frontpage Extensions |