Date: Tue, 19 Sep 2006 18:49:52 -0700 (PDT) From: Fred Cox <sailorfred@yahoo.com> To: Kris Kennaway <kris@obsecurity.org> Cc: freebsd-ports@freebsd.org, Kris Kennaway <kris@obsecurity.org> Subject: Re: www/dotproject out of date and vulnerable Message-ID: <20060920014952.25508.qmail@web31808.mail.mud.yahoo.com> In-Reply-To: <20060920013353.GA52215@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Kris Kennaway <kris@obsecurity.org> wrote:
> On Tue, Sep 19, 2006 at 06:25:50PM -0700, Fred Cox
> wrote:
>
> > > > It's still better than the current situation.
> > >
> > > Publishing packages that will not run because
> > > they're linked to the
> > > wrong libraries is, again, not my idea of
> "better".
> > >
> >
> > There is no linkage problem. It's a client/server
> > problem.
> >
> > PHP4 is perfectly happy being linked with the
> MySQL 5
> > client libraries, it's the database server that
> needs
> > to be 3.23. The SQL used in dotProject is legal
> for
> > 3.23, but not 5.
>
> Then you haven't explained yourself very well,
> because at the start of
> this thread you were talking about a conflict
> between the mysql 3 and
> mysql 5 *clients*, not servers.
>
I haven't been able to verify for sure that using a
MySQL 5 client library against a MySQL 3.23 server is
supported. I can't find any references on the
MySQL.com site.
In any case, you can't install mysql5?-client and
mysql323-server together using the ports.
Typically, people installing this would have the web
server and the mysql server on the same machine, so
the best solution (other than dotproject finally
supporting modern versions of the software) would be
to link against mysql323-client. However, there is no
build problem with linking against mysql5?-client.
dotproject is a set of scripts.
> --
> Trying to get it to install MySQL 3.23 client seems
> to
> be stymied by the php4-mysql default dependency on
> the
> MySQL 5 client. I haven't actually figured out how
> it
> specifies this dependency, since the
> php4-mysql/Makefile is very empty.
> --
>
> So, does it or does it not require the mysql 3.23
> client in
> php4-mysql and dotproject?
>
I don't know for sure. Practically speaking, for most
users, it does.
Your objection to doing an interim fix while I try to
figure out how to do what you suggest doesn't apply
though, because there is nothing broken at the package
build or linkage level. There is only a potential
protocol problem with using different versions of the
client and server together.
> > > Copy the php4-mysql port to php4-mysql3 and make
> the
> > > presumably
> > > trivial change to make it use mysql 3 instead of
> > > whatever the default
> > > is.
> > >
> >
> > It's not trivial. The current Makefile is
> trivial,
> > but a change to do what you're suggesting will
> need to
> > be more complex.
> >
> > Here's the current php4-mysql Makefile:
> >
> > CATEGORIES= databases
> >
> > MASTERDIR= ${.CURDIR}/../../lang/php4
> >
> > PKGNAMESUFFIX= -mysql
> >
> > .include "${MASTERDIR}/Makefile"
> >
> > The ${MASTERDIR}/Makefile doesn't refer to mysql
> at
> > all.
> >
> > Personally, I don't see how it knows it's supposed
> to
> > link MySQL in there. Perhaps it's because PHP4
> > defaults to including MySQL support, so this isn't
> > really doing anything. I haven't read far enough
> to
> > know for sure.
>
> Look in <bsd.php.mk> for the rest.
>
More studying,
Fred
> Kris
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060920014952.25508.qmail>