Date: Sun, 8 Oct 2006 16:00:50 +0200 (CEST) From: Zbigniew Szalbot <zbyszek@szalbot.homedns.org> To: Armin Pirkovitsch <a.pirko@inode.at> Cc: freebsd-questions@freebsd.org Subject: Re: cvsup and portupgrade Message-ID: <20061008155535.M17026@192.168.11.51> In-Reply-To: <452902EF.3080701@inode.at> References: <20061008130817.G95896@192.168.11.51> <4528EB74.3060401@locolomo.org> <20061008142037.S97136@192.168.11.51> <4528F097.7010300@inode.at> <20061008154335.K98037@192.168.11.51> <452902EF.3080701@inode.at>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello,
On Sun, 8 Oct 2006, Armin Pirkovitsch wrote:
> Well another cvsup won't solve the problem since php hasn't been patched
> yet. However if you're really sure you need and want this kind of port
> installed just set the environment variable DISABLE_VULNERABILITIES.
> However - you should be aware that you'd install a program with a
> security hole.
You are right - it did not help. I do not so much want to install php with
a security hole as much as I want to patch the hole. From the portaudit
report I understood that I need to update immediately. And hence I am
trying to do just that. But as a newbie, I guess I am making lots of
mistakes on the way.
I would prefer to use portupgrade, since I have pkgtools.conf configured
so that php is kept with certain flags like CLI, etc.
Here's the log:
$ sudo portupgrade
[Updating the portsdb <format:bdb1_hash> in /usr/ports ... - 15863 port
entries found
.........1000.........2000.........3000.........4000.........5000.........6000.........7000.........8000.........9000.........10000.........11000.........12000.........13000.........14000.........15000........
..... done]
---> Upgrading 'php5-5.1.6' to 'php5-5.1.6_1' (lang/php5)
---> Building '/usr/ports/lang/php5' with make flags: WITH_CLI=1
WITH_CGI=1 WITH_APACHE=1 WITH_MULTIBYTE=1 WITH_IPV6=1 WITH_REDIRECT=1
WITH_DISCARD=1 WITH_FASTCGI=1 WITH_PATHINFO=1 WITH_OPENSSL=1
WITH_GETTEXT=1
===> Cleaning for apache-2.0.59
===> Cleaning for autoconf-2.59_2
===> Cleaning for pkg-config-0.21
===> Cleaning for libxml2-2.6.26
===> Cleaning for perl-5.8.8
===> Cleaning for libtool-1.5.22_2
===> Cleaning for expat-2.0.0_1
===> Cleaning for libiconv-1.9.2_2
===> Cleaning for m4-1.4.4
===> Cleaning for help2man-1.36.4_1
===> Cleaning for gmake-3.81_1
===> Cleaning for p5-gettext-1.05_1
===> Cleaning for gettext-0.14.5_2
===> Cleaning for php5-5.1.6_1
===> php5-5.1.6_1 has known vulnerabilities:
=> php -- open_basedir Race Condition Vulnerability.
Reference:
<http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df.html>;
=> Please update your ports tree and try again.
*** Error code 1
Stop in /usr/ports/lang/php5.
** Command failed [exit code 1]: /usr/bin/script -qa
/tmp/portupgrade.16956.0 env PORT_UPGRADE=yes make WITH_CLI=1 WITH_CGI=1
WITH_APACHE=1 WITH_MULTIBYTE=1 WITH_IPV6=1 WITH_REDIRECT=1 WITH_DISCARD=1
WITH_FASTCGI=1 WITH_PATHINFO=1 WITH_OPENSSL=1 WITH_GETTEXT=1
** Fix the problem and try again.
** Listing the failed packages (*:skipped / !:failed)
! lang/php5 (php5-5.1.6) (unknown build error)
---> Packages processed: 0 done, 0 ignored, 0 skipped and 1 failed
Someone else asked what my cvsup file looked like. Well, the most
important settings are these:
*default host=cvsup9.FreeBSD.org
*default base=/var/db
*default prefix=/usr
*default release=cvs tag=.
*default delete use-rel-suffix
ports-all
Many, many thanks for such prompt replies and helpful advice to you all!
--
Zbigniew Szalbot
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061008155535.M17026>