Re: cvsup

From: Peter Pentchev (roam@ringlet.net)
Date: 02/28/02


Date: Thu, 28 Feb 2002 12:47:29 +0200
From: Peter Pentchev <roam@ringlet.net>
To: Michael Sharp <mds@ec.rr.com>


On Wed, Feb 27, 2002 at 06:18:02PM -0500, Michael Sharp wrote:
> On Wednesday 27 February 2002 06:03 pm, you wrote:
> > This is actually more of a -ports question...
> >
> > On Wed, Feb 27, 2002 at 05:51:50PM -0500, Michael Sharp wrote:
> > > I ran cvsup on ports 20 minutes ago and noticed that new Makefiles were
> > > pulled down for mod_php3 and mod_php4. I then ran portsdb -U to update
> > > the INDEX file, but portversion shows that the new Makefiles didnt change
> > > the version number.
> > >
> > > So my question is this... was this the fix for the PHP issue, and all I
> > > need to do new is cd to the mod_php4 directory and run 'make deinstall
> > > distclean', then do a 'make install' in mod_php4 to rebuild with the new
> > > changes?
> >
> > I committed an update earlier marking the ports as FORBIDDEN due to
> > the security issue until the maintainer update the ports. The
> > maintainer updated the ports to the non-vulnerable versions about
> > 1/2 hour ago. Chances are you only received the FORBIDDEN update
> > and may have to way up to another 1/2 hour until the newer changes
> > have propagated.
> >
> > To check, see if the ports are marked with a FORBIDDEN line. You may
> > also use cvsweb:
> >
> > http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/mod_php3/
> > http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/mod_php4/
> >
> > to see if the Makefile in your ports tree matches the newest version
> > in the repository.
>
> God forbide, I sent to the wrong list. ppl are more concerned about a posting
> to a list than putting out something via announcements, ports, errata, smoke
> signals or something. I'll figure it out myself

Erm, you did notice, did you not, that Chris actually replied to your
question with a nice explanation of the FORBIDDEN tag and the updated
versions?

As for the advisories, I expect one would go out shortly - drafting
and issuing a security advisory is not too simple, it is definitely
not just a matter of sitting down for five minutes and spewing out
a couple of pages of text..

G'luck,
Peter

-- 
Peter Pentchev	roam@ringlet.net	roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
This sentence would be seven words long if it were six words shorter.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message