Hello. I have quite an annoying problem. This is on FreeBSD 6.3-RELEASE-p1.
Portaudit says my php5-posix-5.2.5 must be upgraded. After having done portsnap fetch update, and portsdb -F, and pkgdb, etc. To make sure everything is up to date... 'pkg_version -v | grep php5-posix' says:
php5-posix-5.2.5 < needs updating (port has 5.2.6)
So, I want to upgrade it to 5.2.6. However it won't let me upgrade my vulnerable package, and it says:
# portupgrade -b php5-posix-5.2.5
---> Upgrading 'php5-posix-5.2.5' to 'php5-posix-5.2.6' (sysutils/php5-posix)
---> Building '/usr/ports/sysutils/php5-posix'
===> Cleaning for php5-posix-5.2.6
===> php5-posix-5.2.6 has known vulnerabilities:
=> php -- input validation error in posix_access function.
=> Please update your ports tree and try again.
*** Error code 1
Stop in /usr/ports/sysutils/php5-posix.
** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portupgrade.84387.0 env UPGRADE_TOOL=portupgrade UPGRADE_PORT=php5-posix-5.2.5 UPGRADE_PORT_VER=5.2.5 make
** Fix the problem and try again.
** Listing the failed packages (*:skipped / !:failed)
! sysutils/php5-posix (php5-posix-5.2.5) (unknown build error)
---> Packages processed: 0 done, 0 ignored, 0 skipped and 1 failed
Why does it say I need to upgrade my ports tree? I have done a portsnap update and portsdb update, I would think that is sufficient.
I cannot even upgrade it when i use portupgrade --force.