View Single Post
  #1   (View Single Post)  
Old 2nd July 2008
robklg robklg is offline
New User
 
Join Date: Jul 2008
Posts: 3
Question cannot port upgrade php5-posix, complains about vulnerability

Hello. I have quite an annoying problem. This is on FreeBSD 6.3-RELEASE-p1.

Portaudit says my php5-posix-5.2.5 must be upgraded. After having done portsnap fetch update, and portsdb -F, and pkgdb, etc. To make sure everything is up to date... 'pkg_version -v | grep php5-posix' says:

Code:
php5-posix-5.2.5                    <   needs updating (port has 5.2.6)
So, I want to upgrade it to 5.2.6. However it won't let me upgrade my vulnerable package, and it says:

Code:
# portupgrade -b php5-posix-5.2.5
--->  Upgrading 'php5-posix-5.2.5' to 'php5-posix-5.2.6' (sysutils/php5-posix)
--->  Building '/usr/ports/sysutils/php5-posix'
===>  Cleaning for php5-posix-5.2.6
===>  php5-posix-5.2.6 has known vulnerabilities:
=> php -- input validation error in posix_access function.
   Reference: <http://www.FreeBSD.org/ports/portaudit/ee6fa2bd-406a-11dd-936a-0015af872849.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/sysutils/php5-posix.
** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portupgrade.84387.0 env UPGRADE_TOOL=portupgrade UPGRADE_PORT=php5-posix-5.2.5 UPGRADE_PORT_VER=5.2.5 make
** Fix the problem and try again.
** Listing the failed packages (*:skipped / !:failed)
	! sysutils/php5-posix (php5-posix-5.2.5)	(unknown build error)
--->  Packages processed: 0 done, 0 ignored, 0 skipped and 1 failed
Why does it say I need to upgrade my ports tree? I have done a portsnap update and portsdb update, I would think that is sufficient.

I cannot even upgrade it when i use portupgrade --force.
Reply With Quote