Bug 269768 - www/apache24: broken dependency / potential security issue
Summary: www/apache24: broken dependency / potential security issue
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Package Infrastructure (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-apache (Nobody)
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2023-02-23 00:33 UTC by sec
Modified: 2023-04-01 15:57 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description sec 2023-02-23 00:33:39 UTC
current apache24 pkg for FreeBSD-13 tries to install the deprecated/EOLd db5 package:

ice:#pkg upgrade
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking for upgrades (5 candidates): 100%
Processing candidates (5 candidates): 100%
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        db5: 5.3.28_9

Installed packages to be REINSTALLED:
        apache24-2.4.55 (required shared library changed)
        apr-1.7.0.1.6.1_2 (direct dependency changed: db5)


The db5 package is marked as deprecated:

ice:/#grep DEPRECATED /usr/ports/databases/db5/Makefile
DEPRECATED=     EOLd, potential security issues, maybe use db18 instead