php5-5.1.6 & 5.1.6_1

Bill Blue bblue at netoldies.com
Mon Oct 16 07:04:58 PDT 2006


On Fri, 13 Oct 2006 11:20:56 -0700, Scot Hetzel <swhetzel at gmail.com> wrote:

> On 10/13/06, Bill Blue <bblue at netoldies.com> wrote:
>> Hi -
>>
>> I'm running 6.2 PRERELEASE #2 with my ports tree current to this morning (around 9am GMT-8).  i386 with a Pentium 4 3.2Ghz
>>
>> It took some massaging, but I was finally able to get all the ports re-compiled except one, that in the subject line.
>>
>> php5-5.1.6 refuses to build because of Known Vulnerabilities: php -- _ecalloc integer overflow vulnerability,
>> php5-5.1.6_1 refuses to build also because of Known Vulnerabilities: php -- open_basedir race condition vulnerabilities.
>>
>> Any suggestions?
>>
>
> You can install the port by defining DISABLE_VULNERABILITIES when
> building/installing the port.  But you must understand that the
> installed port will have a security vulnerability.

Yes, of course.  The define did the trick, thanks.

Apache+PHP is a pretty common configuration, yet with these kinds of PHP vulnerabilities it's hard to imagine them being on-line publicly as-is.  Are repairs of these vulnerabilities work in progress, or is there a different solution for public online use?

--Bill



More information about the freebsd-ports mailing list