Bug 68461

Summary: [patch] port www/sitecopy use vulnerable libneon (bundled)
Product: Ports & Packages Reporter: Thomas L. Kjeldsen <tlk>
Component: Individual Port(s)Assignee: Jimmy Olgeni <olgeni>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description Thomas L. Kjeldsen 2004-06-29 01:00:49 UTC 
According to http://www.openpkg.org/security/OpenPKG-SA-2004.024-neon.html sitecopy upstream is delivered with vulnerable libneon.

Quoting from http://bugs.gentoo.org/show_bug.cgi?id=51585 "The author of that package has indicated he has no immediate plans to release a new version of his program that contains the fixes for the security vulnerability."

Fix: Kurt V. Hindenburg provided a gentoo ebuild patch to make sitecopy use libneon as a shared library instead of the bundled which is vulnerable. Here is a unified diff to make the freebsd port do the same:
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2004-06-29 06:59:43 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->olgeni

Over to maintainer.
Comment 2 Jimmy Olgeni freebsd_committer freebsd_triage 2004-06-29 07:45:48 UTC 
State Changed
From-To: open->closed

Committed, thanks!