diff options
author | Martin Blapp <mbr@FreeBSD.org> | 2002-02-05 16:18:42 +0000 |
---|---|---|
committer | Martin Blapp <mbr@FreeBSD.org> | 2002-02-05 16:18:42 +0000 |
commit | d18c02a92a0b54e96ab20cda93b9ebece0dfe1fd (patch) | |
tree | 3d97109b3d10282cdec06d16f92418b3aaf43e7c | |
parent | Update to new distfile (20020130). (diff) |
Sigh. Commit the update. I hope I will not find more security issues.
Notes
Notes:
svn path=/head/; revision=54241
-rw-r--r-- | www/mod_frontpage/Makefile | 23 | ||||
-rw-r--r-- | www/mod_frontpage/distinfo | 2 | ||||
-rw-r--r-- | www/mod_frontpage/pkg-message | 7 |
3 files changed, 24 insertions, 8 deletions
diff --git a/www/mod_frontpage/Makefile b/www/mod_frontpage/Makefile index fa94d75f25ae..ccb5e93c1bcd 100644 --- a/www/mod_frontpage/Makefile +++ b/www/mod_frontpage/Makefile @@ -5,14 +5,12 @@ # $FreeBSD$ PORTNAME= mod_frontpage -PORTVERSION= 1.6 +PORTVERSION= 1.6.1 CATEGORIES= www MASTER_SITES= http://people.freebsd.org/~mbr/distfiles/ MAINTAINER= mbr@FreeBSD.org -FORBIDDEN= "Buffer overflows in fpexec, exploitable locally. A fix is in work" - AP_PORT?= apache13 BUILD_DEPENDS= ${LOCALBASE}/sbin/apxs:${PORTSDIR}/www/${AP_PORT} @@ -44,6 +42,25 @@ AP_LIBEXEC?= ${PREFIX}/libexec/apache PERL_CONFIGURE= yes +pre-fetch: + @${ECHO} + @${ECHO} ****************************************************** + @${ECHO} IMPORTANT + @${ECHO} + @${ECHO} This port still has some security issues. Some buffer + @${ECHO} overflows have been fixed, but since the port depends + @${ECHO} on ENV[] variables, a local user can still gain a UID + @${ECHO} of another user. This is a design issue, and also + @${ECHO} present in the apache13-fp port. + @${ECHO} + @${ECHO} Check carefully that the Makefile has FP_UID_MIN and + @${ECHO} FP_GID_MIN set correctly. If you think security is + @${ECHO} very important for you, you shouldn't run frontpage + @${ECHO} at all. + @${ECHO} ****************************************************** + @${ECHO} + + post-install: @${CAT} ${PKGMESSAGE} diff --git a/www/mod_frontpage/distinfo b/www/mod_frontpage/distinfo index d4013517ef5c..cb80170ca20b 100644 --- a/www/mod_frontpage/distinfo +++ b/www/mod_frontpage/distinfo @@ -1 +1 @@ -MD5 (mod_frontpage-1.6.tar.gz) = 516870d6207f893ac37aaf463bf8f381 +MD5 (mod_frontpage-1.6.1.tar.gz) = ca2bc12b8398b1d82dc94fe7fda42e74 diff --git a/www/mod_frontpage/pkg-message b/www/mod_frontpage/pkg-message index d69e0fab0a5c..50b2a7ed0611 100644 --- a/www/mod_frontpage/pkg-message +++ b/www/mod_frontpage/pkg-message @@ -1,9 +1,8 @@ ************************************************************************ -mod_frontpage improved has been installed. You can turn off/on the -extensions and the frontpage administration per site in httpd.conf -and per virtual server. FrontPageAdminDisable is the default if no -option is given. +You can turn off/on the extensions and the frontpage administration +per site in httpd.conf and per virtual server. FrontPageAdminDisable +is the default if no option is given. FrontPageEnable # Enable Frontpage Extensions FrontPageDisable # Disable Frontpage Extensions |