On Fri, 23 Nov 2012 09:00:59 + Matthew Seaman matt...@freebsd.org wrote:
On 23/11/2012 08:26, Matthieu Volat wrote:
I've noticed that www/opera was marked FORBIDDEN because of a security hole:
http://www.freebsd.org/cgi/getmsg.cgi?fetch=614275+0+current/svn-ports-head
The opera software compagny advisory indeed mark this bug as high severity,
and mention that there is an update to fix it.
I am not familiar with the security process in ports, but would not it be
better to update the version? Marking it FORBIDDEN do not do much for the
userbase that does already have it installed.
I've bumped the versions in the Makefile
OPERA_VER?= 12.11
OPERA_BUILD?= 1661
and made a `make makesum reinstall`, there was no apparent problem.
Marking a port 'FORBIDDEN' is a quick response measure that can be done
without having to worry about time consuming testing the of port and so
forth. It's an interim measure taken to ensure that users do not
unwittingly install software with known vulnerabilities.
Yes, updating the port to a non-vulnerable version is the ideal
response, but that may not be possible to do straight away. You've
sketched out the first couple of steps a port maintainer would take, but
that 'there was no apparent problem' statement would need to be backed
up by some more rigorous testing before a maintainer would feel
confident in committing the update.
Just a comment that, for any USERS who would like to take a
chance with updating their Opera (rather than taking a chance
running the vulnerable version), just modifying the Makefile
as described above works to provide the update.
I've updated www/opera and www/opera-linuxplugins, and my new
Opera is running fine:
About Opera
Version information
Version 12.11
Build 1661
PlatformFreeBSD
System amd64, 8.3-STABLE
--
greg byshenk - gbysh...@byshenk.net - Leiden, NL - Portland, OR USA
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org