From owner-freebsd-security Thu Feb 28 2:47:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from straylight.ringlet.net (support.nanolink.com [217.75.134.33]) by hub.freebsd.org (Postfix) with SMTP id 30BBE37B400 for ; Thu, 28 Feb 2002 02:47:13 -0800 (PST) Received: (qmail 5479 invoked by uid 1000); 28 Feb 2002 10:47:30 -0000 Date: Thu, 28 Feb 2002 12:47:29 +0200 From: Peter Pentchev To: Michael Sharp Cc: security@FreeBSD.ORG Subject: Re: cvsup Message-ID: <20020228124729.B456@straylight.oblivion.bg> Mail-Followup-To: Michael Sharp , security@FreeBSD.ORG References: <200202272251.g1RMpor35924@probsd.ws> <20020227230332.GA42263@peitho.fxp.org> <200202272318.g1RNI2135979@probsd.ws> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="SkvwRMAIpAhPCcCJ" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200202272318.g1RNI2135979@probsd.ws>; from mds@ec.rr.com on Wed, Feb 27, 2002 at 06:18:02PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --SkvwRMAIpAhPCcCJ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 27, 2002 at 06:18:02PM -0500, Michael Sharp wrote: > On Wednesday 27 February 2002 06:03 pm, you wrote: > > This is actually more of a -ports question... > > > > On Wed, Feb 27, 2002 at 05:51:50PM -0500, Michael Sharp wrote: > > > I ran cvsup on ports 20 minutes ago and noticed that new Makefiles we= re > > > pulled down for mod_php3 and mod_php4. I then ran portsdb -U to update > > > the INDEX file, but portversion shows that the new Makefiles didnt ch= ange > > > the version number. > > > > > > So my question is this... was this the fix for the PHP issue, and all= I > > > need to do new is cd to the mod_php4 directory and run 'make deinstall > > > distclean', then do a 'make install' in mod_php4 to rebuild with the = new > > > changes? > > > > I committed an update earlier marking the ports as FORBIDDEN due to > > the security issue until the maintainer update the ports. The > > maintainer updated the ports to the non-vulnerable versions about > > 1/2 hour ago. Chances are you only received the FORBIDDEN update > > and may have to way up to another 1/2 hour until the newer changes > > have propagated. > > > > To check, see if the ports are marked with a FORBIDDEN line. You may > > also use cvsweb: > > > > http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/mod_php3/ > > http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/mod_php4/ > > > > to see if the Makefile in your ports tree matches the newest version > > in the repository. > > God forbide, I sent to the wrong list. ppl are more concerned about a pos= ting=20 > to a list than putting out something via announcements, ports, errata, sm= oke=20 > signals or something. I'll figure it out myself Erm, you did notice, did you not, that Chris actually replied to your question with a nice explanation of the FORBIDDEN tag and the updated versions? As for the advisories, I expect one would go out shortly - drafting and issuing a security advisory is not too simple, it is definitely not just a matter of sitting down for five minutes and spewing out a couple of pages of text.. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence would be seven words long if it were six words shorter. --SkvwRMAIpAhPCcCJ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjx+CsAACgkQ7Ri2jRYZRVOiUwCgs4gXY/tak4Ut4flW3G1rusZV PjcAmgIfM/Rym6UK16qa2TySeN8tqKSJ =2U9f -----END PGP SIGNATURE----- --SkvwRMAIpAhPCcCJ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message