Date: Tue, 19 Sep 2006 18:25:50 -0700 (PDT) From: Fred Cox <sailorfred@yahoo.com> To: Kris Kennaway <kris@obsecurity.org> Cc: freebsd-ports@freebsd.org, Kris Kennaway <kris@obsecurity.org> Subject: Re: www/dotproject out of date and vulnerable Message-ID: <20060920012550.92109.qmail@web31806.mail.mud.yahoo.com> In-Reply-To: <20060920011215.GA51890@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Kris Kennaway <kris@obsecurity.org> wrote: > On Tue, Sep 19, 2006 at 06:02:52PM -0700, Fred Cox > wrote: > > --- Kris Kennaway <kris@obsecurity.org> wrote: > > > > > On Tue, Sep 19, 2006 at 05:15:45PM -0700, Fred > Cox > > > wrote: > > > > > > > Actually, it doesn't. It goes ahead and > installs > > > it, > > > > even though I specified these: > > > > > > > > WITH_MYSQL= yes > > > > WANT_MYSQL_VER= 323 > > > > IGNORE_WITH_MYSQL=5 > > > > > > > > Starting with a system that had no MySQL or > PHP > > > > installed on it, I did a make install in the > > > > dotproject port with the Makefile and distinfo > I > > > > specified earlier. > > > > > > > > It seems to look for mysql.so, and if that's > > > found, it > > > > doesn't worry about the version. > > > > > > OK, so it's just silently broken, which is > worse. > > > > > > > It's still better than the current situation. > > Publishing packages that will not run because > they're linked to the > wrong libraries is, again, not my idea of "better". > There is no linkage problem. It's a client/server problem. PHP4 is perfectly happy being linked with the MySQL 5 client libraries, it's the database server that needs to be 3.23. The SQL used in dotProject is legal for 3.23, but not 5. > > > > See the log at http://fcox.net/dp.log, when no > > > mysql > > > > or php was installed on the system. > > > > > > > > Perhaps this is a bug in the dependencies > system. > > > > > > Dunno without investigating. Anyway, the > correct > > > solution is the > > > same. > > > > > > > OK, so if you had a pointer on how to depend on > that > > alternate version, it would help. > > Copy the php4-mysql port to php4-mysql3 and make the > presumably > trivial change to make it use mysql 3 instead of > whatever the default > is. > It's not trivial. The current Makefile is trivial, but a change to do what you're suggesting will need to be more complex. Here's the current php4-mysql Makefile: CATEGORIES= databases MASTERDIR= ${.CURDIR}/../../lang/php4 PKGNAMESUFFIX= -mysql .include "${MASTERDIR}/Makefile" The ${MASTERDIR}/Makefile doesn't refer to mysql at all. Personally, I don't see how it knows it's supposed to link MySQL in there. Perhaps it's because PHP4 defaults to including MySQL support, so this isn't really doing anything. I haven't read far enough to know for sure. > > Right now, the > > dependencies are specified with the WITH and > IGNORE > > variables, but it seems that with your proposal I > > won't be able to do that. Maybe tonight I will > fall > > asleep reading the Porter's Handbook. > > OK. > > Kris > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060920012550.92109.qmail>