From owner-freebsd-ports-bugs@FreeBSD.ORG Sat Mar 25 01:30:34 2006 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 72AC116A41F for ; Sat, 25 Mar 2006 01:30:34 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 22C1943D49 for ; Sat, 25 Mar 2006 01:30:34 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k2P1US8l032119 for ; Sat, 25 Mar 2006 01:30:29 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k2P1USHB032118; Sat, 25 Mar 2006 01:30:28 GMT (envelope-from gnats) Date: Sat, 25 Mar 2006 01:30:28 GMT Message-Id: <200603250130.k2P1USHB032118@freefall.freebsd.org> To: freebsd-ports-bugs@FreeBSD.org From: Jeremy Chadwick Cc: Subject: Re: ports/94919: [PATCH] suPHP (www/suphp) 0.6.1 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Jeremy Chadwick List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Mar 2006 01:30:34 -0000 The following reply was made to PR ports/94919; it has been noted by GNATS. From: Jeremy Chadwick To: bug-followup@FreeBSD.org Cc: Subject: Re: ports/94919: [PATCH] suPHP (www/suphp) 0.6.1 Date: Fri, 24 Mar 2006 17:28:58 -0800 Sadly, I cannot approve this, for many of the same reasons listed in past PRs such as ports/82746. I get requests for this upgrade literally twice a week, sometimes more. I actually keep a file laying around as a template response due to the high volume of mails... > The suphp port will not be upgraded to 0.6.x until the author fixes > numerous security holes and bugs in the software. Some were fixed > with the 0.6.1 release, but there are still claims of security-related > issues with 0.6.1 (see the suphp mailing list for details). One issue > which I have personally confirmed is the module doing double-free()'s > on pieces of previously allocated memory; this still exists in 0.6.1. > > Until these issues are dealt with, the port will remain at 0.5.2; I'd > rather not unleash unstable software into the hands of BSD sysadmins > worldwide. > > If 0.6.1 is an absolute necessity for you, I'd gladly review and > agree to the commital of a www/suphp-dev port, assuming someone else > maintains it. > > I hope you understand. Thanks! I'm all for someone maintaining a new port (ex. www/suphp-dev) which contains 0.6 or 0.6.1 -- until the suphp author manages to fix the bugs in recent releases. My apologies to the PR submitter (Eugene Kim), as he obviously put in quite a lot of work. I would rather his efforts be put to use, just not in the current (stable) suphp port... -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. | On Sat, Mar 25, 2006 at 01:04:03AM +0000, Edwin Groothuis wrote: > Maintainer of www/suphp, > > Please note that PR ports/94919 has just been submitted. > > If it contains a patch for an upgrade, an enhancement or a bug fix > you agree on, reply to this email stating that you approve the patch > and a committer will take care of it. > > The full text of the PR can be found at: > http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/94919 > > -- > Edwin Groothuis > edwin@FreeBSD.org