Re: Opera vulnerability, marked forbidden instead of update?

2012-11-24 Thread Greg Byshenk
On Fri, 23 Nov 2012 09:00:59 + Matthew Seaman matt...@freebsd.org wrote:
 On 23/11/2012 08:26, Matthieu Volat wrote:

  I've noticed that www/opera was marked FORBIDDEN because of a security hole:
  http://www.freebsd.org/cgi/getmsg.cgi?fetch=614275+0+current/svn-ports-head
  
  The opera software compagny advisory indeed mark this bug as high severity,
  and mention that there is an update to fix it.
  
  I am not familiar with the security process in ports, but would not it be
  better to update the version? Marking it FORBIDDEN do not do much for the
  userbase that does already have it installed.
  
  I've bumped the versions in the Makefile
  OPERA_VER?= 12.11
  OPERA_BUILD?=   1661
  and made a `make makesum reinstall`, there was no apparent problem.
 
 Marking a port 'FORBIDDEN' is a quick response measure that can be done
 without having to worry about time consuming testing the of port and so
 forth.  It's an interim measure taken to ensure that users do not
 unwittingly install software with known vulnerabilities.
 
 Yes, updating the port to a non-vulnerable version is the ideal
 response, but that may not be possible to do straight away.  You've
 sketched out the first couple of steps a port maintainer would take, but
 that 'there was no apparent problem' statement would need to be backed
 up by some more rigorous testing before a maintainer would feel
 confident in committing the update.

Just a comment that, for any USERS who would like to take a
chance with updating their Opera (rather than taking a chance
running the vulnerable version), just modifying the Makefile
as described above works to provide the update.

I've updated www/opera and www/opera-linuxplugins, and my new
Opera is running fine:

About Opera
Version information
Version 12.11 
Build   1661 
PlatformFreeBSD 
System  amd64, 8.3-STABLE

-- 
greg byshenk  -  gbysh...@byshenk.net  -  Leiden, NL - Portland, OR USA
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org


Re: graphics/OpenEXR: patch for gcc46+

2012-11-24 Thread Steve Wills
Thanks, I have a plan to update after 9.1 release, I'll try to include this 
patch as well.

Steve

On Nov 23, 2012, at 4:27 PM, Andriy Gapon wrote:

 --- exrenvmap/blurImage.cpp.orig  2012-11-23 23:23:48.714449156 +0200
 +++ exrenvmap/blurImage.cpp   2012-11-23 23:24:09.765447850 +0200
 @@ -45,6 +45,7 @@
 #include Iex.h
 #include iostream
 #include algorithm
 +#include cstring
 
 using namespace std;
 using namespace Imf;
 
 This patch is required because memcpy(3) is used in the file.
 
 -- 
 Andriy Gapon
 ___
 freebsd-ports@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-ports
 To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org