PHP4 v. php4-4.4.7_2 refuse to upgrade …

[Beech Rintoul]

On Wednesday 03 October 2007, bsd said:
> Hello,
>
>
> I am using
>
> FreeBSD xxx.fr 5.5-RELEASE-p9 FreeBSD 5.5-RELEASE-p9 #1: Thu Dec 14
> 11:39:18 CET 2006     root at newmail.rmm.fr:/usr/obj/usr/src/sys/
> GENERIC  i386
>
>
> When trying to upgrade from php php4-4.4.7_1 to php4-4.4.7_2 there
> is this strange error…
>
>
> Updating the pkgdb <format:bdb_btree> in /var/db/pkg ... - 209
> packages found (-3 +1) (...). done]
> --->  Upgrading 'php4-4.4.7_1' to 'php4-4.4.7_2' (lang/php4)
> --->  Building '/usr/ports/lang/php4'
> ===>  Cleaning for autoconf-2.61_2
> ===>  Cleaning for php4-4.4.7_2
> ===>  php4-4.4.7_2 has known vulnerabilities:
> => php -- multiple vulnerabilities.
>     Reference: <http://www.FreeBSD.org/ports/portaudit/
> 71d903fc-602d-11dc-898c-001921ab2fa4.html>
> => Please update your ports tree and try again.
> *** Error code 1
>
> Stop in /usr/ports/lang/php4.
> *** Error code 1
>
> Stop in /usr/ports/lang/php4.
> ** Command failed [exit code 1]: /usr/bin/script -qa
> /tmp/portupgrade. 24846.54 env UPGRADE_TOOL=portupgrade
> UPGRADE_PORT=php4-4.4.7_1 UPGRADE_PORT_VER=4.4.7_1 make
> ** Fix the problem and try again.
>
>
> I don't understand because my port tree is up to date !!
>
> Any idea ?

Yes it means that the port you're trying to update to has security 
issues. If you're feeling lucky you can do:
portupgrade -m DISABLE_VULNERABILITIES=yes php

But it's not a good idea. If you build it anyway and get hacked, don't 
say you weren't warned ;-)

Beech

-- 
---------------------------------------------------------------------------------------
Beech Rintoul - FreeBSD Developer - beech at FreeBSD.org
/"\   ASCII Ribbon Campaign  | FreeBSD Since 4.x
\ / - NO HTML/RTF in e-mail   | http://www.freebsd.org
 X  - NO Word docs in e-mail | Latest Release:
/ \  - http://www.FreeBSD.org/releases/6.2R/announce.html
---------------------------------------------------------------------------------------