From owner-freebsd-ports Sat Aug 11 0:20:14 2001 Delivered-To: freebsd-ports@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id EBD0E37B401 for ; Sat, 11 Aug 2001 00:20:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f7B7K2D23135; Sat, 11 Aug 2001 00:20:02 -0700 (PDT) (envelope-from gnats) Date: Sat, 11 Aug 2001 00:20:02 -0700 (PDT) Message-Id: <200108110720.f7B7K2D23135@freefall.freebsd.org> To: freebsd-ports@FreeBSD.org Cc: From: John Merryweather Cooper Subject: Re: ports/29112: Potential security issues in Balsa & Encompass Reply-To: John Merryweather Cooper Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR ports/29112; it has been noted by GNATS. From: John Merryweather Cooper To: freebsd-gnats-submit@FreeBSD.org, quik@quikbox.ca Cc: Subject: Re: ports/29112: Potential security issues in Balsa & Encompass Date: Sat, 11 Aug 2001 00:16:04 -0700 tmpnam() comes from Xlib The other symbols appear to come Balsa's linkage with libc itself. Curiously, none of these symbols are used/called by Balsa or it's support libraries. About the best that can be said is that the linkage warnings are set at a (perhaps appropriate) low threshold. The setkey(), des_setkey(), and des_cipher() warnings can be made to go away for this (and other) ports by linking with libcipher. Perhaps the ports widgets can be modified to add libcipher to the library chain with libc in appropriate circumstances. However, no additional functionality results from this. Short of expunging the remaining symbols from libc (far from likely--they're all standard calls), there's nothing more to do. jmc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message