summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Blapp <mbr@FreeBSD.org>2002-02-05 16:18:42 +0000
committerMartin Blapp <mbr@FreeBSD.org>2002-02-05 16:18:42 +0000
commitd18c02a92a0b54e96ab20cda93b9ebece0dfe1fd (patch)
tree3d97109b3d10282cdec06d16f92418b3aaf43e7c
parentUpdate to new distfile (20020130). (diff)
Sigh. Commit the update. I hope I will not find more security issues.
Notes
Notes: svn path=/head/; revision=54241
-rw-r--r--www/mod_frontpage/Makefile23
-rw-r--r--www/mod_frontpage/distinfo2
-rw-r--r--www/mod_frontpage/pkg-message7
3 files changed, 24 insertions, 8 deletions
diff --git a/www/mod_frontpage/Makefile b/www/mod_frontpage/Makefile
index fa94d75f25ae..ccb5e93c1bcd 100644
--- a/www/mod_frontpage/Makefile
+++ b/www/mod_frontpage/Makefile
@@ -5,14 +5,12 @@
# $FreeBSD$
PORTNAME= mod_frontpage
-PORTVERSION= 1.6
+PORTVERSION= 1.6.1
CATEGORIES= www
MASTER_SITES= http://people.freebsd.org/~mbr/distfiles/
MAINTAINER= mbr@FreeBSD.org
-FORBIDDEN= "Buffer overflows in fpexec, exploitable locally. A fix is in work"
-
AP_PORT?= apache13
BUILD_DEPENDS= ${LOCALBASE}/sbin/apxs:${PORTSDIR}/www/${AP_PORT}
@@ -44,6 +42,25 @@ AP_LIBEXEC?= ${PREFIX}/libexec/apache
PERL_CONFIGURE= yes
+pre-fetch:
+ @${ECHO}
+ @${ECHO} ******************************************************
+ @${ECHO} IMPORTANT
+ @${ECHO}
+ @${ECHO} This port still has some security issues. Some buffer
+ @${ECHO} overflows have been fixed, but since the port depends
+ @${ECHO} on ENV[] variables, a local user can still gain a UID
+ @${ECHO} of another user. This is a design issue, and also
+ @${ECHO} present in the apache13-fp port.
+ @${ECHO}
+ @${ECHO} Check carefully that the Makefile has FP_UID_MIN and
+ @${ECHO} FP_GID_MIN set correctly. If you think security is
+ @${ECHO} very important for you, you shouldn't run frontpage
+ @${ECHO} at all.
+ @${ECHO} ******************************************************
+ @${ECHO}
+
+
post-install:
@${CAT} ${PKGMESSAGE}
diff --git a/www/mod_frontpage/distinfo b/www/mod_frontpage/distinfo
index d4013517ef5c..cb80170ca20b 100644
--- a/www/mod_frontpage/distinfo
+++ b/www/mod_frontpage/distinfo
@@ -1 +1 @@
-MD5 (mod_frontpage-1.6.tar.gz) = 516870d6207f893ac37aaf463bf8f381
+MD5 (mod_frontpage-1.6.1.tar.gz) = ca2bc12b8398b1d82dc94fe7fda42e74
diff --git a/www/mod_frontpage/pkg-message b/www/mod_frontpage/pkg-message
index d69e0fab0a5c..50b2a7ed0611 100644
--- a/www/mod_frontpage/pkg-message
+++ b/www/mod_frontpage/pkg-message
@@ -1,9 +1,8 @@
************************************************************************
-mod_frontpage improved has been installed. You can turn off/on the
-extensions and the frontpage administration per site in httpd.conf
-and per virtual server. FrontPageAdminDisable is the default if no
-option is given.
+You can turn off/on the extensions and the frontpage administration
+per site in httpd.conf and per virtual server. FrontPageAdminDisable
+is the default if no option is given.
FrontPageEnable # Enable Frontpage Extensions
FrontPageDisable # Disable Frontpage Extensions