php4 update fails

Matt Craig matcraig at nmsu.edu
Tue Oct 10 10:51:05 PDT 2006 

Running FreeBSD 6.1 stable

I tried to update php4 this morning and the update fails.  I can't find 
out exactly why and I have been unable to fix it.  Here is the command 
used and the complete output:

------------------------------------------------------------------------------------------------------------------------
# portupgrade -p php4
[Updating the pkgdb <format:dbm_hash> in /var/db/pkg ... - 337 packages 
found (-1 +0) (...) done]
--->  Installing 'php4-4.4.4' from a port (lang/php4)
--->  Building '/usr/ports/lang/php4'
===>  Cleaning for apache-1.3.37_1
===>  Cleaning for autoconf-2.59_2
===>  Cleaning for perl-5.8.8
===>  Cleaning for expat-2.0.0_1
===>  Cleaning for m4-1.4.4
===>  Cleaning for help2man-1.36.4_1
===>  Cleaning for gmake-3.81_1
===>  Cleaning for p5-gettext-1.05_1
===>  Cleaning for gettext-0.14.5_2
===>  Cleaning for libtool-1.5.22_2
===>  Cleaning for libiconv-1.9.2_2
===>  Cleaning for php4-4.4.4
===>  php4-4.4.4 has known vulnerabilities:
=> php -- open_basedir Race Condition Vulnerability.
   Reference: 
<http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/lang/php4.
** Command failed [exit code 1]: /usr/bin/script -qa 
/tmp/portupgrade.25156.0 env make DEPENDS_TARGET=package
** Fix the problem and try again.
** Listing the failed packages (*:skipped / !:failed)
        ! lang/php4     (unknown build error)
--->  Packages processed: 0 done, 0 ignored, 0 skipped and 1 failed
------------------------------------------------------------------------------------------------------------------------

I also tried portupgrade Nfp, removing the package with pkg_delete php4 
and adding it back again with pkg_add -r php4, and I get the same 
thing.  Doing a make install yields the same results as well.  I also 
get the same thing after updating the ports tree with cvsup.

Is it possible that php4 will not update because of the open_basedir 
Race Condition Vulnerability?  If so it fails to mention that.

More information about the freebsd-ports mailing list