cvsup and portupgrade

Armin Pirkovitsch a.pirko at
Sun Oct 8 07:12:08 PDT 2006

Zbigniew Szalbot wrote:
> Hello,
> On Sun, 8 Oct 2006, Armin Pirkovitsch wrote:
>> Well another cvsup won't solve the problem since php hasn't been patched
>> yet. However if you're really sure you need and want this kind of port
>> installed just set the environment variable DISABLE_VULNERABILITIES.
>> However - you should be aware that you'd install a program with a
>> security hole.
> You are right - it did not help. I do not so much want to install php
> with a security hole as much as I want to patch the hole. From the
> portaudit report I understood that I need to update immediately. And
> hence I am trying to do just that. But as a newbie, I guess I am making
> lots of mistakes on the way.
> I would prefer to use portupgrade, since I have pkgtools.conf configured
> so that php is kept with certain flags like CLI, etc.

>    Reference:
> <>

> Many, many thanks for such prompt replies and helpful advice to you all!

Just have a look at the reference - to be exactly at the Affects: list.
It concerns all versions ( >0 ) which means there is no patch yet.
So best thing to do is to watch that page and update as soon as there is
a patch.

Armin Pirkovitsch
a.pirko at

More information about the freebsd-questions mailing list