From owner-freebsd-questions@FreeBSD.ORG Thu Oct 4 20:45:10 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C460F16A417 for ; Thu, 4 Oct 2007 20:45:10 +0000 (UTC) (envelope-from kdk@daleco.biz) Received: from ezekiel.daleco.biz (southernuniform.com [66.76.92.18]) by mx1.freebsd.org (Postfix) with ESMTP id 686EF13C458 for ; Thu, 4 Oct 2007 20:45:10 +0000 (UTC) (envelope-from kdk@daleco.biz) Received: from localhost (localhost [127.0.0.1]) by ezekiel.daleco.biz (8.13.8/8.13.8) with ESMTP id l94Kj9Be095464; Thu, 4 Oct 2007 15:45:09 -0500 (CDT) (envelope-from kdk@daleco.biz) X-Virus-Scanned: amavisd-new at daleco.biz Received: from ezekiel.daleco.biz ([127.0.0.1]) by localhost (ezekiel.daleco.biz [127.0.0.1]) (amavisd-new, port 10024) with LMTP id kYG2dcOTmk2L; Thu, 4 Oct 2007 15:45:04 -0500 (CDT) Received: from archangel.daleco.biz (dsl.daleco.biz [209.125.108.70]) by ezekiel.daleco.biz (8.13.8/8.13.8) with ESMTP id l94Kj0cD095431; Thu, 4 Oct 2007 15:45:02 -0500 (CDT) (envelope-from kdk@daleco.biz) Message-ID: <470550C7.6020205@daleco.biz> Date: Thu, 04 Oct 2007 15:44:55 -0500 From: Kevin Kinsey User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.2) Gecko/20070418 SeaMonkey/1.1.1 MIME-Version: 1.0 To: bsd References: <0F8C62C3-CD4B-4811-A722-95C2659A5222@todoo.biz> <200710040038.08324.beech@freebsd.org> In-Reply-To: <200710040038.08324.beech@freebsd.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-questions@freebsd.org Subject: =?windows-1252?q?Re=3A_PHP4_v=2E_php4-4=2E4=2E7=5F2_refuse_to_up?= =?windows-1252?q?grade_=85?= X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2007 20:45:10 -0000 Beech Rintoul wrote: > On Wednesday 03 October 2007, bsd said: >> Hello, >> >> >> I am using >> >> FreeBSD xxx.fr 5.5-RELEASE-p9 FreeBSD 5.5-RELEASE-p9 #1: Thu Dec 14 >> 11:39:18 CET 2006 root@newmail.rmm.fr:/usr/obj/usr/src/sys/ >> GENERIC i386 >> >> >> When trying to upgrade from php php4-4.4.7_1 to php4-4.4.7_2 there >> is this strange error… >> >> >> Updating the pkgdb in /var/db/pkg ... - 209 >> packages found (-3 +1) (...). done] >> ---> Upgrading 'php4-4.4.7_1' to 'php4-4.4.7_2' (lang/php4) >> ---> Building '/usr/ports/lang/php4' >> ===> Cleaning for autoconf-2.61_2 >> ===> Cleaning for php4-4.4.7_2 >> ===> php4-4.4.7_2 has known vulnerabilities: >> => php -- multiple vulnerabilities. >> Reference: > 71d903fc-602d-11dc-898c-001921ab2fa4.html> >> => Please update your ports tree and try again. >> *** Error code 1 >> >> Stop in /usr/ports/lang/php4. >> *** Error code 1 >> >> Stop in /usr/ports/lang/php4. >> ** Command failed [exit code 1]: /usr/bin/script -qa >> /tmp/portupgrade. 24846.54 env UPGRADE_TOOL=portupgrade >> UPGRADE_PORT=php4-4.4.7_1 UPGRADE_PORT_VER=4.4.7_1 make >> ** Fix the problem and try again. >> >> >> I don't understand because my port tree is up to date !! >> >> Any idea ? > > Yes it means that the port you're trying to update to has security > issues. If you're feeling lucky you can do: > portupgrade -m DISABLE_VULNERABILITIES=yes php > > But it's not a good idea. If you build it anyway and get hacked, don't > say you weren't warned ;-) PHP4 is EOL; the fact that 4.4.7-2 has vulnerabilities is only surprising because it's still listed as the latest "historical" PHP release on php.net, and they have promised on the front page to continue to support PHP4 until the end of the year. One can't judge without further research, but perhaps the development team is dragging their feet on purpose for some reason, or they've maybe handed PHP4 off to a couple of junior guys who are pulling their hair out on it? All conjecture. I'd advise moving to PHP5 now. It doesn't hurt much. Main thing I remember is that short_tags=off and I had to replace quite a few of those.... Kevin Kinsey -- English literature's performing flea. -- Sean O'Casey on P. G. Wodehouse