security vulnerability. Quoting from their e-mail announcement:
There is a security vulnerability in all versions of
htsearch between 3.1.0b2 and 3.1.5 . . . The hole can
allow a remote user to pick a file on your system for
the config file that the UID running the webserver
can read.
With a default ports install the httpd user should be nobody, which
makes the vulnerability small.
PR: ports/12488
Submitted by: Palle Girgensohn <girgen@partitur.se>
NOTE: This patch actually patches two files, which is normally frowned
upon. However, one of these files generates the other and really
isn't used by the port, just for people who would use the port
to make their own custom ht://dig. I don't think this is a problem.
[Has anyone figured-out what makes the number 393 so interesting to PW, now?]
I wonder what was going through Jordan's head during his infamous
$Id$-smashing commit.
Before I forget....
Thanks to naddy@mips.rhein-neckar.de (Christian Weisgerber) for prompting
this commit. See msg-id: 7geokh$tje$1@mips.rhein-neckar.de
never updated the Makefile. I was trying to avoid using sed and patch, and
just ended up breaking it by my indeciveness. :>
It's fixed now, and packages no less.
Remind by: Satoshi
===
===> Building package for htdig-3.1.0
Creating package /usr/ports/packages/All/htdig-3.1.0.tgz
Registering depends:.
Creating gzip'd tar ball in '/usr/ports/packages/All/htdig-3.1.0.tgz'
tar: can't add file etc/htdig.conf : No such file or directory
tar: can't add file share/htdig/footer.html : No such file or directory
tar: can't add file share/htdig/bad_words : No such file or directory
tar: can't add file share/htdig/header.html : No such file or directory
tar: can't add file share/htdig/nomatch.html : No such file or directory
tar: can't add file share/htdig/syntax.html : No such file or directory
tar: can't add file share/htdig/english.0 : No such file or directory
tar: can't add file share/htdig/english.aff : No such file or directory
tar: can't add file share/htdig/synonyms : No such file or directory
pkg_create: tar command failed with code 256
*** Error code 1
Stop.