From owner-freebsd-questions@FreeBSD.ORG  Fri Oct  6 03:52:21 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ACF0316A4AB
	for <freebsd-questions@freebsd.org>;
	Fri,  6 Oct 2006 03:52:21 +0000 (UTC)
	(envelope-from matt@gsicomp.on.ca)
Received: from daisy2.compar.com (daisy2.compar.com [216.208.38.133])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F19A943D5F
	for <freebsd-questions@freebsd.org>;
	Fri,  6 Oct 2006 03:52:18 +0000 (GMT)
	(envelope-from matt@gsicomp.on.ca)
Received: from localhost (localhost.compar.com [127.0.0.1])
	by daisy2.compar.com (Postfix) with ESMTP id DC68713C4AB;
	Thu,  5 Oct 2006 23:45:26 -0400 (EDT)
Received: from unknown by localhost (amavisd-new, unix socket)
	id client-q0Tt9YME; Thu,  5 Oct 2006 23:45:24 -0400 (EDT)
Received: from gabby.gsicomp.on.ca
	(CPE00062566c7bb-CM0011e6ede298.cpe.net.cable.rogers.com
	[70.28.254.189])
	by daisy2.compar.com (Postfix) with ESMTP id 2AA6113C47D;
	Thu,  5 Oct 2006 23:45:23 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
	by gabby.gsicomp.on.ca (Postfix) with ESMTP id EC4696128;
	Fri,  6 Oct 2006 00:24:50 -0400 (EDT)
Received: from unknown by localhost (amavisd-new, unix socket)
	id client-0i0Khj50; Fri,  6 Oct 2006 00:24:32 -0400 (EDT)
Received: from hermes (hermes.gsicomp.on.ca [192.168.0.18])
	by gabby.gsicomp.on.ca (Postfix) with ESMTP id 8AA516105;
	Fri,  6 Oct 2006 00:24:29 -0400 (EDT)
Message-ID: <00aa01c6e8fa$fe19ce90$1200a8c0@gsicomp.on.ca>
From: "Matt Emmerton" <matt@gsicomp.on.ca>
To: <freebsd-questions@freebsd.org>,
	"Alain Wolf" <wolf@k18.ch>
References: <eg4hu4$40i$1@sea.gmane.org>
Date: Thu, 5 Oct 2006 23:53:30 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1807
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807
X-Virus-Scanned: amavisd-new at gsicomp.on.ca
X-Virus-Scanned: amavisd-new at compar.com
Cc: 
Subject: Re: port php5 - what I am supposed to do here?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Oct 2006 03:52:22 -0000

> Hello List,
>
> Portuadit telles my about the "open_basedir Race Condition
> Vulnerability", OK.
>
> By reading the advisory on
> http://www.hardened-php.net/advisory_082006.132.html I can safely say
> this does not apply to our environment, we don't use open_basedir or
> safe_mode and Suhosin is planned anyway (after test).
>
> With a "portsnap fetch update" I get a new version php5-5.1.6_1 in my
> portstree, OK.
>
> But "portmanager -u" or even manually with "make install clean"
> everything fails with the following message:
>
> ===>  php5-5.1.6_1 has known vulnerabilities:
> => php -- open_basedir Race Condition Vulnerability.
>    Reference:
>
<http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df
.html>
> => Please update your ports tree and try again.
> *** Error code 1
>
> So what to do now?

You've established that the security issue doesn't apply to your
environment.

1) Add "DISABLE_VULNERABILITIES=yes" to /etc/make.conf
2) Run "portupgrade -u" or "make install clean"

Regards,
--
Matt Emmerton