Date: Mon, 16 Oct 2006 21:18:48 +0200 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Olivier Mueller <om-lists-bsd@omx.ch> Cc: freebsd-stable@freebsd.org, Dominik Zalewski <kobazik@gmail.com> Subject: Re: php4 update Message-ID: <20061016191847.GD1040@zaphod.nitro.dk> In-Reply-To: <1161021725.15873.7.camel@bigapple.omnis.ch> References: <4762624a0610161025n5524140jb063e551a189fd80@mail.gmail.com> <1161021725.15873.7.camel@bigapple.omnis.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2006.10.16 20:02:05 +0200, Olivier Mueller wrote: > On Mon, 2006-10-16 at 10:25 -0700, Dominik Zalewski wrote: > > Hi everybody, > > I'm running FreeBSD 6.1-RELEASE on i386. I wanted to upgrade my php to > > latest version 4.4.4_1 cause of security update. > > When running portupgrade php4 I got: > > > > > > => php -- open_basedir Race Condition Vulnerability. > > Reference: < > > http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df.html<http://www.freebsd.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df.html>; > > > > > => Please update your ports tree and try again. > > Short version: add this to your /etc/make.conf: > > # PHP 4 Port installation options > .if${.CURDIR:M*/lang/php4*} > DISABLE_VULNERABILITIES=yes > .endif > > Long version: check in the newsgroups or mailing lists archives... :) Only do the above if you really know what you are doing. Just adding code like that to make.conf which will probably be forgotten is a bad idea. The DISABLE_VULNERABILITIES=yes knob can just be passed directly to make for the individual port or e.g. using the '-m DISABLE_VULNERABILITIES=yes' as an argument to portupgrade while upgrading PHP. This should of cause only be done after having checked the URL from portaudit to verify that the particular problem doesn't affect "you" (the user/admin). -- Simon L. Nielsen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061016191847.GD1040>