php4 update

2006-10-16 Thread Dominik Zalewski 

Hi everybody,

I'm running FreeBSD  6.1-RELEASE on i386. I wanted to upgrade my php to
latest version 4.4.4_1 cause of security update.

When running portupgrade php4 I got:


=> php -- open_basedir Race Condition Vulnerability.
  Reference: <
http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df.html



=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/lang/php4.
** Command failed [exit code 1]: /usr/bin/script -qa
/tmp/portupgrade.25953.0 env PORT_UPGRADE=yes make
** Fix the problem and try again.
** Listing the failed packages (*:skipped / !:failed)
   ! lang/php4 (php4-4.4.4)(unknown build error)
--->  Packages processed: 0 done, 0 ignored, 0 skipped and 1 failed

I have the latest ports tree, portsdb and portaudit db. I updated it using :

cvsup /usr/local/etc/ports-supfile && cd /usr/ports && make fetchindex &&
pkgdb -Fa && portaudit -Fda && portupgrade -ai

probably I forgot about something :)

and ideas why I can not upgrade my php port ?

Thanks in advance,

   Dominik
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: php4 update

2006-10-16 Thread Olivier Mueller 
On Mon, 2006-10-16 at 10:25 -0700, Dominik Zalewski wrote:
> Hi everybody,
> I'm running FreeBSD  6.1-RELEASE on i386. I wanted to upgrade my php to
> latest version 4.4.4_1 cause of security update.
> When running portupgrade php4 I got:
> 
> 
> => php -- open_basedir Race Condition Vulnerability.
>Reference: <
> http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df.html
> >
> => Please update your ports tree and try again.

Short version: add this to your /etc/make.conf:

# PHP 4 Port installation options
.if${.CURDIR:M*/lang/php4*}
DISABLE_VULNERABILITIES=yes
.endif


Long version: check in the newsgroups or mailing lists archives... :)

HTH,
Olivier

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: php4 update

2006-10-16 Thread Simon L. Nielsen 
On 2006.10.16 20:02:05 +0200, Olivier Mueller wrote:
> On Mon, 2006-10-16 at 10:25 -0700, Dominik Zalewski wrote:
> > Hi everybody,
> > I'm running FreeBSD  6.1-RELEASE on i386. I wanted to upgrade my php to
> > latest version 4.4.4_1 cause of security update.
> > When running portupgrade php4 I got:
> > 
> > 
> > => php -- open_basedir Race Condition Vulnerability.
> >Reference: <
> > http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df.html
> > >
> > => Please update your ports tree and try again.
> 
> Short version: add this to your /etc/make.conf:
> 
> # PHP 4 Port installation options
> .if${.CURDIR:M*/lang/php4*}
> DISABLE_VULNERABILITIES=yes
> .endif
> 
> Long version: check in the newsgroups or mailing lists archives... :)

Only do the above if you really know what you are doing.  Just adding
code like that to make.conf which will probably be forgotten is a bad
idea.

The DISABLE_VULNERABILITIES=yes knob can just be passed directly to
make for the individual port or e.g. using the '-m DISABLE_VULNERABILITIES=yes'
as an argument to portupgrade while upgrading PHP.  This should of
cause only be done after having checked the URL from portaudit to
verify that the particular problem doesn't affect "you" (the
user/admin).

-- 
Simon L. Nielsen
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: php4 update

2006-10-16 Thread Juraj Lutter 

On 10/16/06, Simon L. Nielsen <[EMAIL PROTECTED]> wrote:

> Long version: check in the newsgroups or mailing lists archives... :)



portaudit -Fda prior to portupgrade will do the trick.

otis

--
Sincerely yours,
Juraj Lutter
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"