From owner-freebsd-ports@FreeBSD.ORG Sun Jan 16 17:17:42 2005 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 90A2616A4CE for ; Sun, 16 Jan 2005 17:17:42 +0000 (GMT) Received: from obsecurity.dyndns.org (CPE0050040655c8-CM00111ae02aac.cpe.net.cable.rogers.com [69.199.47.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id E079843D45 for ; Sun, 16 Jan 2005 17:17:41 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 2D57451506; Sun, 16 Jan 2005 09:17:40 -0800 (PST) Date: Sun, 16 Jan 2005 09:17:40 -0800 From: Kris Kennaway To: "Daniel S. Haischt" Message-ID: <20050116171740.GE42327@xor.obsecurity.org> References: <41EA6D32.1040701@daniel.stefan.haischt.name> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="HnQK338I3UIa/qiP" Content-Disposition: inline In-Reply-To: <41EA6D32.1040701@daniel.stefan.haischt.name> User-Agent: Mutt/1.4.2.1i cc: ports@FreeBSD.org Subject: Re: FreeBSD Port: compat3x-i386-5.0.20020925 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Jan 2005 17:17:42 -0000 --HnQK338I3UIa/qiP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jan 16, 2005 at 02:33:38PM +0100, Daniel S. Haischt wrote: > Hello, >=20 > I would like to install /usr/ports/java/jdk12 > on my FreeBSD 5.3-STABLE System. >=20 > jdk1.2 depends on jdk11 which depends on > compat3x-i386-5.0.20020925. The latter port > is marked as FORBIDDEN because of ... >=20 > * FreeBSD-SA-03:05.xdr > * FreeBSD-SA-03:08.realpath >=20 > Are those vulnerabilities fixed in 5.3-STABLE, > or do I still have to patch the system's source > tree to be able to install the just mentioned ports? The vulnerabilities in the compat3x distribution are not fixed. FreeBSD 3.x is essentially a dead branch, and no-one is likely to fix these problems. The real question is perhaps "Why do you want to install an obsolete version of java on your system?" Kris --HnQK338I3UIa/qiP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFB6qGzWry0BWjoQKURAk7BAJwPMcatP2g2Os0R092VXKqdLQKCuwCffbpc yhYQHL9XTX8/aj+0WDFdPG4= =cuZq -----END PGP SIGNATURE----- --HnQK338I3UIa/qiP--