php5-5.1.6 & 5.1.6_1
Bill Blue
bblue at netoldies.com
Mon Oct 16 07:04:58 PDT 2006
On Fri, 13 Oct 2006 11:20:56 -0700, Scot Hetzel <swhetzel at gmail.com> wrote:
> On 10/13/06, Bill Blue <bblue at netoldies.com> wrote:
>> Hi -
>>
>> I'm running 6.2 PRERELEASE #2 with my ports tree current to this morning (around 9am GMT-8). i386 with a Pentium 4 3.2Ghz
>>
>> It took some massaging, but I was finally able to get all the ports re-compiled except one, that in the subject line.
>>
>> php5-5.1.6 refuses to build because of Known Vulnerabilities: php -- _ecalloc integer overflow vulnerability,
>> php5-5.1.6_1 refuses to build also because of Known Vulnerabilities: php -- open_basedir race condition vulnerabilities.
>>
>> Any suggestions?
>>
>
> You can install the port by defining DISABLE_VULNERABILITIES when
> building/installing the port. But you must understand that the
> installed port will have a security vulnerability.
Yes, of course. The define did the trick, thanks.
Apache+PHP is a pretty common configuration, yet with these kinds of PHP vulnerabilities it's hard to imagine them being on-line publicly as-is. Are repairs of these vulnerabilities work in progress, or is there a different solution for public online use?
--Bill
More information about the freebsd-ports
mailing list