From owner-freebsd-stable@FreeBSD.ORG  Mon Oct 16 18:47:39 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9903C16A51E
	for <freebsd-stable@freebsd.org>; Mon, 16 Oct 2006 18:47:39 +0000 (UTC)
	(envelope-from om-lists-bsd@omx.ch)
Received: from omega.omnis.ch (omega.omnis.ch [195.134.143.43])
	by mx1.FreeBSD.org (Postfix) with SMTP id 3C87443EF7
	for <freebsd-stable@freebsd.org>; Mon, 16 Oct 2006 18:43:01 +0000 (GMT)
	(envelope-from om-lists-bsd@omx.ch)
Received: (qmail 30087 invoked from network); 16 Oct 2006 18:34:47 -0000
Received: from bigapple.omnis.ch ([195.134.148.35])
	by omega.omnis.ch ([195.134.143.43])
	with ESMTP via TCP; 16 Oct 2006 18:34:47 -0000
From: Olivier Mueller <om-lists-bsd@omx.ch>
To: Dominik Zalewski <kobazik@gmail.com>
In-Reply-To: <4762624a0610161025n5524140jb063e551a189fd80@mail.gmail.com>
References: <4762624a0610161025n5524140jb063e551a189fd80@mail.gmail.com>
Content-Type: text/plain
Date: Mon, 16 Oct 2006 20:02:05 +0200
Message-Id: <1161021725.15873.7.camel@bigapple.omnis.ch>
Mime-Version: 1.0
X-Mailer: Evolution 2.6.0 
Content-Transfer-Encoding: 7bit
Cc: freebsd-stable@freebsd.org
Subject: Re: php4 update
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Oct 2006 18:47:39 -0000

On Mon, 2006-10-16 at 10:25 -0700, Dominik Zalewski wrote:
> Hi everybody,
> I'm running FreeBSD  6.1-RELEASE on i386. I wanted to upgrade my php to
> latest version 4.4.4_1 cause of security update.
> When running portupgrade php4 I got:
> 
> 
> => php -- open_basedir Race Condition Vulnerability.
>    Reference: <
> http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df.html<http://www.freebsd.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df.html>
> >
> => Please update your ports tree and try again.

Short version: add this to your /etc/make.conf:

# PHP 4 Port installation options
.if${.CURDIR:M*/lang/php4*}
DISABLE_VULNERABILITIES=yes
.endif


Long version: check in the newsgroups or mailing lists archives... :)

HTH,
Olivier