Date: Tue, 19 Sep 2006 21:12:15 -0400 From: Kris Kennaway <kris@obsecurity.org> To: Fred Cox <sailorfred@yahoo.com> Cc: freebsd-ports@freebsd.org, Kris Kennaway <kris@obsecurity.org> Subject: Re: www/dotproject out of date and vulnerable Message-ID: <20060920011215.GA51890@xor.obsecurity.org> In-Reply-To: <20060920010252.67572.qmail@web31815.mail.mud.yahoo.com> References: <20060920005641.GB51684@xor.obsecurity.org> <20060920010252.67572.qmail@web31815.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Sep 19, 2006 at 06:02:52PM -0700, Fred Cox wrote: > --- Kris Kennaway <kris@obsecurity.org> wrote: > > > On Tue, Sep 19, 2006 at 05:15:45PM -0700, Fred Cox > > wrote: > > > > > Actually, it doesn't. It goes ahead and installs > > it, > > > even though I specified these: > > > > > > WITH_MYSQL= yes > > > WANT_MYSQL_VER= 323 > > > IGNORE_WITH_MYSQL=5 > > > > > > Starting with a system that had no MySQL or PHP > > > installed on it, I did a make install in the > > > dotproject port with the Makefile and distinfo I > > > specified earlier. > > > > > > It seems to look for mysql.so, and if that's > > found, it > > > doesn't worry about the version. > > > > OK, so it's just silently broken, which is worse. > > > > It's still better than the current situation. Publishing packages that will not run because they're linked to the wrong libraries is, again, not my idea of "better". > > > See the log at http://fcox.net/dp.log, when no > > mysql > > > or php was installed on the system. > > > > > > Perhaps this is a bug in the dependencies system. > > > > Dunno without investigating. Anyway, the correct > > solution is the > > same. > > > > OK, so if you had a pointer on how to depend on that > alternate version, it would help. Copy the php4-mysql port to php4-mysql3 and make the presumably trivial change to make it use mysql 3 instead of whatever the default is. > Right now, the > dependencies are specified with the WITH and IGNORE > variables, but it seems that with your proposal I > won't be able to do that. Maybe tonight I will fall > asleep reading the Porter's Handbook. OK. Kris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060920011215.GA51890>