Thank you very much for your response.
I have managed to upgrade now from php5-posix-5.2.5 to php5-posix-5.2.6.
I think the behaviour is very strange. First of, portaudit reports that I need to upgrade php5-posix-5.2.5 because of a vulnerability. But then, portupgrade does not allow me to upgrade to that version, because it *also* has a security vulnerability. Doesn't make sense.
So I used the DISABLE_VULNERABILITIES variable, and the upgrade worked.
But now portaudit says I need to upgrade the php5-posix-5.2.6 because of a vulnerability. However, I cannot upgrade it, because there is no later version of this package.
I begin to wonder why. Let me ask a question... in order to update my ports tree, this is the right method right?:
Code:
# portsdb -F -u
# portsnap fetch update
However:
Code:
root@hobbes:~# portsnap fetch update
Looking up portsnap.FreeBSD.org mirrors... 4 mirrors found.
Fetching snapshot tag from portsnap1.FreeBSD.org... done.
Latest snapshot on server matches what we already have.
No updates needed.
Ports tree is already up to date.
root@hobbes:~#
And:
Code:
# portaudit
Affected package: php5-posix-5.2.6
Type of problem: php -- input validation error in posix_access function.
Reference: <http://www.FreeBSD.org/ports/portaudit/ee6fa2bd-406a-11dd-936a-0015af872849.html>
1 problem(s) in your installed packages found.
You are advised to update or deinstall the affected package(s) immediately.
Code:
# pkg_version -v | grep php5-posix
php5-posix-5.2.6 = up-to-date with port
There is no information about php5-posix upgrading in /usr/ports/UPDATING.
What am I doing wrong?