Date: Fri, 06 Oct 2006 05:18:27 +0200 From: Alain Wolf <wolf@k18.ch> To: freebsd-questions@freebsd.org Subject: port php5 - what I am supposed to do here? Message-ID: <eg4hu4$40i$1@sea.gmane.org>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello List, Portuadit telles my about the "open_basedir Race Condition Vulnerability", OK. By reading the advisory on http://www.hardened-php.net/advisory_082006.132.html I can safely say this does not apply to our environment, we don't use open_basedir or safe_mode and Suhosin is planned anyway (after test). With a "portsnap fetch update" I get a new version php5-5.1.6_1 in my portstree, OK. But "portmanager -u" or even manually with "make install clean" everything fails with the following message: ===> php5-5.1.6_1 has known vulnerabilities: => php -- open_basedir Race Condition Vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df.html>; => Please update your ports tree and try again. *** Error code 1 So what to do now? There are quite a lot if dependencies which i can't update too now. Also installing/enabling Suhosin seems not possible anymore now. Any suggestions are welcome. Greetings fomr Switzerland Alain Wolf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFJcsDV5MZZmyxvGgRAn4oAKDBqaGjcOflahgH4XRp6WCg0T6qLQCg3uni vk77USw9+yElWvFCJBcDHxs= =4wj4 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?eg4hu4$40i$1>