Supplied sample config for apache? But we supplying it for nginx. See readme.freebsd

(In reply to Ivan from comment #1)
I mean the sample config supplied in the distfile

But what should I do as port maintainer? Port doesn't consist these sample configs and security flaw is a little bit obvious (at least in my readme I wrote about the possibility to leave img folder exposed).

In this case, you can safely ignore adding the vuxml if the supplied apache sample config is never used. Patch the file in the workdir as a common courtesy?

Comment 5 Nikolai Lifanov 2017-02-05 16:51:55 UTC

Sevan, is there a published disclosure for this somewhere?
Can you provide a link to any of a reference, CVE, etc.?

Comment 6 Nikolai Lifanov 2017-02-05 16:53:05 UTC

Ohh, OK. I see the CVE in the title.
We probably should have a vuxml entry for this but the decision should be made by bsd@abinet.ru.

Hello, Nikolai,
can you tell me what should I do? I am not very experienced porter, but I can tell you that this very port in unaffected by CVE.

Comment 8 Jason Unovitch 2017-02-06 02:49:14 UTC

(In reply to Sevan Janiyan from comment #4)
> ... the supplied apache sample config is never used. Patch the file in the workdir as a common courtesy?

I see no reason to add Makefile patching for a file that never gets installed.

(In reply to Ivan from comment #7)

If there were an OPTIONS for a vulnerability, even a non-default option, we would most definitely patch and document it. However there is nothing to do as the port could never have been vulnerable through any user configurable option.