Date: Mon, 16 Oct 2006 07:04:46 -0700 From: "Bill Blue" <bblue@netoldies.com> To: "Scot Hetzel" <swhetzel@gmail.com> Cc: "freebsd-ports@freebsd.org" <freebsd-ports@freebsd.org> Subject: Re: php5-5.1.6 & 5.1.6_1 Message-ID: <op.thipd8gazq5pz4@sovaio.netoldies.com> In-Reply-To: <790a9fff0610131120u7b1b375cmfebeb4bc939ab3e0@mail.gmail.com> References: <op.thdfjfi1zq5pz4@sovaio.netoldies.com> <790a9fff0610131120u7b1b375cmfebeb4bc939ab3e0@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 13 Oct 2006 11:20:56 -0700, Scot Hetzel <swhetzel@gmail.com> wrote: > On 10/13/06, Bill Blue <bblue@netoldies.com> wrote: >> Hi - >> >> I'm running 6.2 PRERELEASE #2 with my ports tree current to this morning (around 9am GMT-8). i386 with a Pentium 4 3.2Ghz >> >> It took some massaging, but I was finally able to get all the ports re-compiled except one, that in the subject line. >> >> php5-5.1.6 refuses to build because of Known Vulnerabilities: php -- _ecalloc integer overflow vulnerability, >> php5-5.1.6_1 refuses to build also because of Known Vulnerabilities: php -- open_basedir race condition vulnerabilities. >> >> Any suggestions? >> > > You can install the port by defining DISABLE_VULNERABILITIES when > building/installing the port. But you must understand that the > installed port will have a security vulnerability. Yes, of course. The define did the trick, thanks. Apache+PHP is a pretty common configuration, yet with these kinds of PHP vulnerabilities it's hard to imagine them being on-line publicly as-is. Are repairs of these vulnerabilities work in progress, or is there a different solution for public online use? --Bill
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.thipd8gazq5pz4>