Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 06 Oct 2006 05:18:27 +0200
From:      Alain Wolf <wolf@k18.ch>
To:        freebsd-questions@freebsd.org
Subject:   port php5 - what I am supposed to do here?
Message-ID:  <eg4hu4$40i$1@sea.gmane.org>

Next in thread | Raw E-Mail | Index | Archive | Help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello List,

Portuadit telles my about the "open_basedir Race Condition
Vulnerability", OK.

By reading the advisory on
http://www.hardened-php.net/advisory_082006.132.html I can safely say
this does not apply to our environment, we don't use open_basedir or
safe_mode and Suhosin is planned anyway (after test).

With a "portsnap fetch update" I get a new version php5-5.1.6_1 in my
portstree, OK.

But "portmanager -u" or even manually with "make install clean"
everything fails with the following message:

===>  php5-5.1.6_1 has known vulnerabilities:
=> php -- open_basedir Race Condition Vulnerability.
   Reference:
<http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df.html>;
=> Please update your ports tree and try again.
*** Error code 1

So what to do now?
There are quite a lot if dependencies which i can't update too now.

Also installing/enabling Suhosin seems not possible anymore now.

Any suggestions are welcome.

Greetings fomr Switzerland

Alain Wolf
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFJcsDV5MZZmyxvGgRAn4oAKDBqaGjcOflahgH4XRp6WCg0T6qLQCg3uni
vk77USw9+yElWvFCJBcDHxs=
=4wj4
-----END PGP SIGNATURE-----




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?eg4hu4$40i$1>