cvsup and portupgrade

Zbigniew Szalbot zbyszek at szalbot.homedns.org
Sun Oct 8 07:00:37 PDT 2006 

Hello,

On Sun, 8 Oct 2006, Armin Pirkovitsch wrote:

> Well another cvsup won't solve the problem since php hasn't been patched
> yet. However if you're really sure you need and want this kind of port
> installed just set the environment variable DISABLE_VULNERABILITIES.
> However - you should be aware that you'd install a program with a
> security hole.

You are right - it did not help. I do not so much want to install php with 
a security hole as much as I want to patch the hole. From the portaudit 
report I understood that I need to update immediately. And hence I am 
trying to do just that. But as a newbie, I guess I am making lots of 
mistakes on the way.

I would prefer to use portupgrade, since I have pkgtools.conf configured 
so that php is kept with certain flags like CLI, etc.

Here's the log:

$ sudo portupgrade
[Updating the portsdb <format:bdb1_hash> in /usr/ports ... - 15863 port 
entries found 
.........1000.........2000.........3000.........4000.........5000.........6000.........7000.........8000.........9000.........10000.........11000.........12000.........13000.........14000.........15000........ 
..... done]
--->  Upgrading 'php5-5.1.6' to 'php5-5.1.6_1' (lang/php5)
--->  Building '/usr/ports/lang/php5' with make flags: WITH_CLI=1 
WITH_CGI=1 WITH_APACHE=1 WITH_MULTIBYTE=1 WITH_IPV6=1 WITH_REDIRECT=1 
WITH_DISCARD=1 WITH_FASTCGI=1 WITH_PATHINFO=1 WITH_OPENSSL=1 
WITH_GETTEXT=1
===>  Cleaning for apache-2.0.59
===>  Cleaning for autoconf-2.59_2
===>  Cleaning for pkg-config-0.21
===>  Cleaning for libxml2-2.6.26
===>  Cleaning for perl-5.8.8
===>  Cleaning for libtool-1.5.22_2
===>  Cleaning for expat-2.0.0_1
===>  Cleaning for libiconv-1.9.2_2
===>  Cleaning for m4-1.4.4
===>  Cleaning for help2man-1.36.4_1
===>  Cleaning for gmake-3.81_1
===>  Cleaning for p5-gettext-1.05_1
===>  Cleaning for gettext-0.14.5_2
===>  Cleaning for php5-5.1.6_1
===>  php5-5.1.6_1 has known vulnerabilities:
=> php -- open_basedir Race Condition Vulnerability.
    Reference: 
<http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/lang/php5.
** Command failed [exit code 1]: /usr/bin/script -qa 
/tmp/portupgrade.16956.0 env PORT_UPGRADE=yes make WITH_CLI=1 WITH_CGI=1 
WITH_APACHE=1 WITH_MULTIBYTE=1 WITH_IPV6=1 WITH_REDIRECT=1 WITH_DISCARD=1 
WITH_FASTCGI=1 WITH_PATHINFO=1 WITH_OPENSSL=1 WITH_GETTEXT=1
** Fix the problem and try again.
** Listing the failed packages (*:skipped / !:failed)
         ! lang/php5 (php5-5.1.6)        (unknown build error)
--->  Packages processed: 0 done, 0 ignored, 0 skipped and 1 failed

Someone else asked what my cvsup file looked like. Well, the most 
important settings are these:

*default host=cvsup9.FreeBSD.org
*default base=/var/db
*default prefix=/usr
*default release=cvs tag=.
*default delete use-rel-suffix
ports-all

Many, many thanks for such prompt replies and helpful advice to you all!

--
Zbigniew Szalbot

More information about the freebsd-questions mailing list