From owner-cvs-all@FreeBSD.ORG Tue Feb 14 23:31:31 2012 Return-Path: Delivered-To: cvs-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3B16E106566B; Tue, 14 Feb 2012 23:31:31 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from mail.vx.sk (mail.vx.sk [IPv6:2a01:4f8:150:6101::4]) by mx1.freebsd.org (Postfix) with ESMTP id EE46D8FC08; Tue, 14 Feb 2012 23:31:30 +0000 (UTC) Received: from core2.vx.sk (localhost [127.0.0.2]) by mail.vx.sk (Postfix) with ESMTP id 2B6341F3F8; Wed, 15 Feb 2012 00:31:29 +0100 (CET) X-Virus-Scanned: amavisd-new at mail.vx.sk Received: from mail.vx.sk by core2.vx.sk (amavisd-new, unix socket) with LMTP id PXbjnFhEotbx; Wed, 15 Feb 2012 00:31:27 +0100 (CET) Received: from [10.9.8.1] (188-167-78-15.dynamic.chello.sk [188.167.78.15]) by mail.vx.sk (Postfix) with ESMTPSA id DE6991F3ED; Wed, 15 Feb 2012 00:31:26 +0100 (CET) Message-ID: <4F3AEECF.8070805@FreeBSD.org> Date: Wed, 15 Feb 2012 00:31:27 +0100 From: Martin Matuska User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.1) Gecko/20120208 Thunderbird/10.0.1 MIME-Version: 1.0 To: ohauer@FreeBSD.org References: <201202141135.q1EBZptq054425@repoman.freebsd.org> <4F3AB761.2090500@FreeBSD.org> In-Reply-To: <4F3AB761.2090500@FreeBSD.org> X-Enigmail-Version: 1.3.5 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/www/horde-base Makefile distinfo pkg-plist X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: **OBSOLETE** CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Feb 2012 23:31:31 -0000 On 14.2.2012 20:34, Olli Hauer wrote: > On 2012-02-14 12:35, Martin Matuska wrote: >> mm 2012-02-14 11:35:51 UTC >> >> FreeBSD ports repository >> >> Modified files: >> www/horde-base Makefile distinfo pkg-plist >> Log: >> Update to 3.3.13 >> >> Revision Changes Path >> 1.91 +1 -2 ports/www/horde-base/Makefile >> 1.40 +2 -2 ports/www/horde-base/distinfo >> 1.36 +20 -0 ports/www/horde-base/pkg-plist >> >> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/www/horde-base/Makefile.diff?&r1=1.90&r2=1.91&f=h >> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/www/horde-base/distinfo.diff?&r1=1.39&r2=1.40&f=h >> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/www/horde-base/pkg-plist.diff?&r1=1.35&r2=1.36&f=h >> > Hi Martin, > > shouldn't we push a vuxml for the update? > > Seems version 3.3.12 contains a backdor. > http://dev.horde.org/h/jonah/stories/view.php?channel_id=1&id=155 > > -- > Regards, > olli Hi Olli, as of the Horde report the problem affects "Horde 3.3.12 downloaded between November 15 and February 7". Our port and the SHA256 checksums have been updated shortly after release to 3.3.12 on July, 28, 2011. The altered file on the Horde server must have had an invalid checksum and should have been failing to install. Therefore I see no point in adding this to vuxml, as our users were not affected by this issue. -- Martin Matuska FreeBSD committer http://blog.vx.sk