Date: Fri, 5 Apr 2002 14:18:33 -0800 (PST) From: "Peter C. Lai" <sirmoo@cowbert.2y.net> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/36804: portupgrade of apache13+modssl causes cert + /usr/local/www overwrite Message-ID: <200204052218.g35MIXM08057@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 36804 >Category: ports >Synopsis: portupgrade of apache13+modssl causes cert + /usr/local/www overwrite >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Apr 05 14:20:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Peter C. Lai >Release: 4.5-STABLE >Organization: Cesium Hyperfine Enterprises >Environment: FreeBSD cowbert.2y.net 4.5-STABLE FreeBSD 4.5-STABLE #0: Sat Feb 2 15:36:35 EST 2002 root@cowbert.2y.net:/usr/obj/usr/src/sys/COWBERT i386 >Description: while portupgrading apache13+modssl to fix the latest vuln with overflowing session space (http://archives.neohapsis.com/archives/bugtraq/2002-02/0313.html), the installation overwrittes the server certs in /usr/local/etc/apache/ssl*/ with the "snake oil" ones. /usr/local/www/ is overwritten. /usr/local/etc/apache/httpd.conf is preserved however. >How-To-Repeat: 1. install apache13+modssl. Customize. Portupgrade apache13+modssl. >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204052218.g35MIXM08057>