Ports depending on FORBIDDEN ports

Peter Jeremy peterjeremy at optushome.com.au
Sat Jul 21 00:53:00 UTC 2007 

The following three ports are currently FORBIDDEN due to security
vulnerabilities but are listed as dependencies by a number of other
ports:
misc/compat3x: FreeBSD-SA-03:05.xdr, FreeBSD-SA-03:08.realpath  - not fixed / no lib available
sysutils/eject: Setuid root and has security issues
www/zope: contains cross-site scripting vulnerability http://VuXML.FreeBSD.org/34414a1e-e377-11db-b8ab-000c76189c4c.html

The misc/compat3x port is unlikely to ever be fixed and therefore it would
seem reasonable to deprecate both it and the following ports that depend
on it:
audio/mbrola             MBROLA voice synthesizer
databases/java-sqlrelay  Java classes to access to SQL Relay
emulators/vmware-guestd3 VMware time synchronization daemon for FreeBSD guest OS (for VMware 3.x)
emulators/vmware-tools3  VMware tools for guest OS (for VMware 3.x, FreeBSD version)
japanese/vje30           Modern intelligent Japanese input engine (purchase version)
java/collections         JDK1.2 Collections' API for JDK1.1 environments
java/gj-jdk11            Extension of the Java programming language that supports generic types
java/infobus             Enables dynamic exchange of data between JavaBeans(TM)
java/jdk11               Java Development Kit 1.1
java/jdk12               Java Development Kit 1.2
java/jfc                 Java Foundation Classes (JFC)/Swing
java/jre                 Standard Java Platform for running Java programs
java/tya                 A ``100% unofficial'' JIT-compiler for java
lang/fesi                Free EcmaScript Interpreter written in Java
mail/pop3vscan           A transparent POP3-Proxy with virus-scanning capabilities
mail/yuzu                A nicer mail user agent powered by JavaMail and JFC/Swing
print/acrobatviewer      Viewer for the PDF files written in Java(TM)
security/amavis-perl     Mail Virus Scanner (uses external antivirus)
security/amavisd         The daemonized version of amavis-perl
security/vscan           Evaluation version of a DOS/Windows/Linux file virus scanner
www/hotjava              Sun's Hotjava web browser
www/mapedit              A WWW authoring tool to create clickable maps
www/ssserver             Adds the search capability to a Web site

I'm particularly concerned about the existence of 'java/jre' and it's
description as the 'Standard Java Platform for running Java programs'.
This appears to occasionally trap people who are looking for a current
JRE and attempt to install java/jre.

sysutils/eject only has one port depending on it.  eject-1.5 is nearly
7 years old and appears to be abandonware.  It would therefore seem
reasonable to deprecate both it and the following port that depends on it:
sysutils/cdbkup  Simple but full-featured backup/restore perl scripts (uses gnu tar)

www/zope has a significant number of ports depending on it.  This is a
very old version of zope (2.7.9) and some of these ports may be able
to be adapted to a newer version of zope (2.9, 2.10 or 3.3 - all of
which are in ports).  www/zope and any of the following ports that
can't be adapted to a later version of zope should probably be
deprecated:
japanese/zope-ejsplitter              A Japanese word splitter for searching text in Zope Products
japanese/zope-jamailhost              A Zope hotfix Product to send mail in Japanese
www/knowledgekit                      A mechanism for the automatic creation/maintenance of Knowledge Bases
www/squishdot                         A web-based news publishing and discussion product for Zope
www/znavigator                        A Zope product to simplify the construction of navigation bars
www/zope-FileSystemSite               Enable file system based sites within Zope
www/zope-annotations                  A generic way to add information to arbitrary Zope objects
www/zope-archetypes                   Framework for the development of new Content Types in Zope/CMF/Plone
www/zope-btreefolder2                 Zope product that can store many items
www/zope-calendaring                  Calendar product for Plone
www/zope-cmf                          The Zope Content Management Framework (CMF)
www/zope-cmfactionicons               CMFActionIcons product for Zope/CMF
www/zope-cmfformcontroller            CMFFormController product for Zope/CMF
www/zope-cmfforum                     A forum for ZOPE CMF with file attachments
www/zope-cmfphoto                     CMFPhoto product for Zope/CMF
www/zope-cmfphotoalbum                CMFPhotoAlbum product for Zope/CMF
www/zope-cmfquickinstaller            CMFQuickInstaller is a product for Zope/CMF
www/zope-coreblog                     A Zope Blog/Weblog/Web-nikki Product
www/zope-epoz                         A cross-browser-wysiwyg-editor for Zope/CMF
www/zope-exuserfolder                 Extensible User Folder - Custom & database authenticatoin for Zope
www/zope-formulator                   HTML form generatation and validation system for Zope
www/zope-generator                    Generator product for Zope
www/zope-groupuserfolder              GroupUserFolder product for Zope
www/zope-guf                          A roll-your-own user folder product for Zope
www/zope-i18nlayer                    I18NLayer product for Zope
www/zope-kupu                         A 'document-centric' client-side editor for Mozilla/IE
www/zope-mimetypesregistry            MimetypesRegistry product for Zope/CMF
www/zope-mindmapbbs                   A Zope product to create graphical BBS based on Mind Map
www/zope-mysqluserfolder              A Zope user folder which uses MySQL database to store user information
www/zope-parsedxml                    Access and manipulate XML documents within Zope
www/zope-placelesstranslationservice  PlacelessTranslationService product for Zope/CMF
www/zope-plonelanguagetool            PloneLanguageTool product for Zope
www/zope-portaltransforms             PortalTransforms product for Zope/CMF
www/zope-proxyindex                   Plugin catalog index using TALES instead attribute lookup/call
www/zope-silva                        Web application (CMS) to manage/edit structured documents
www/zope-silvaviews                   A component used by Silva to attach views to objects
www/zope-ttwtype                      TTWType product for CMF/Plone
www/zope-validation                   Validation product for Zope
www/zope-xmlmethods                   Provides methods to apply to Zope objects for XML/XSLT processing
www/zope-xmlwidgets                   XMLWidgets - dynamic translations of ParsedXML to HTML pages
www/zope-zmysqlda                     MySQL Database Adapter for the Zope web application framework
www/zope-zsyncer                      Allows multiple Zopes to be synchronized via xmlrpc
www/zope-zwiki                        A WikiWikiWeb product for Zope (colaborative web site system)

All relevant maintainers are copied.
-- 
Peter Jeremy

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20070721/a0ff6428/attachment.pgp

More information about the freebsd-ports mailing list