>Number:         10647
>Category:       pkg
>Synopsis:       ap-ssl overwrites server keys & certificates
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jul 21 06:08:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Rhialto
>Release:        <NetBSD-current source date>
>Organization:
	
>Environment:
	
System: NetBSD azenomei.falu.nl 1.4.1 NetBSD 1.4.1 (AZENOMEI) #27: Wed Jun 14 01:41:57 CEST 2000 rhialto@azenomei.falu.nl:/usr/src/sys/arch/alpha/compile/AZENOMEI alpha


>Description:
	I had older versions of apache and ap-ssl installed.
	A make update in www/ap-ssl (eventually) re-installed the ap-ssl
	module:

===> Registering installation for ap-ssl-2.6.3
pkg_create: Overwriting /usr/pkg/etc/httpd/ssl.crt/server.crt - pkg ap-ssl-2.5.0 bogus/conflicting?
pkg_create: Overwriting /usr/pkg/etc/httpd/ssl.key/server.key - pkg ap-ssl-2.5.0 bogus/conflicting?

	hereby overwriting my only copies of this key and certificate.

	The de-installation process had left these files intact (as I
	would expect).

	The currect content is the absolutely useless text "THIS FILE
	HAS TO BE REPLACED BY A REAL SERVER CERTIFICATE! (SKIPME)".
	
>How-To-Repeat:
	
	cd www/ap-ssl && make update
>Fix:
	
	DO NOT INSTALL THESE FILES!!!

	(sorry for shouting but IMO this behaviour is absolutely
	horribly incorrect and extremely aggravating)

-Olaf.
-- 
___ Olaf 'Rhialto' Seibert - rhialto@polder   -- Ah only did well at school
\X/ land.nl      -- tae git intae an O level class tae git away fae Begbie.
>Release-Note:
>Audit-Trail:
>Unformatted: