Within the top-level Makefile of the distribution file, and as part of
the install target, this software decides to send, without warning,
a little "I've been installed" love note to its developers.
The doc/install.txt has the usual blurb about not using addresses
"acquired" in this manner etc.. etc..
It's also not entirely clear, and nor have the developers responded
(curiously, you think'd they'd be in to the email thang), whether
this can be automatically patched around.
Possibly worthy of a full-blown Ports Security Notification, I haven't
heard anything back from Bugtraq.
Submitted by: my laptop having a broken MTA :)
Discussed with: kris (a little tiny amount -- don't blame him, blame me)
FWIW, checkout of these things took 5+hrs, staying on the local
.freebsd.org net w/o hitting the 'net at all.
As promised,
$ time cvs ci
real 67m51.701s
user 0m1.250s
sys 0m5.345s
all the way to diffing yorick/pkg/PLIST and then died with a
"bad hostname freefall.freebsd.org" .... Hopefully that's not bad... ;-)
Hmm.. Maybe I'll try doing this from beast, next! kickme's a boring
machine, and bento is busy.
PLISTs.
Note: I know that this is going to break some symlinks and/or .so
includes, I will back some of these out as I run into these during
package building.
all the COMMENTs! No package names, no version numbers, no "this is
absolutix-3.1.2" type comments that have zero information contents.
Now, without any bad examples to follow, nobody has an excuse to import
a port with those kind of comments. :)
Phew! 238 ports modified!
