|
FreeBSD Installation and Upgrading Installing and upgrading FreeBSD. |
|
Thread Tools | Display Modes |
|
|||
cannot port upgrade php5-posix, complains about vulnerability
Hello. I have quite an annoying problem. This is on FreeBSD 6.3-RELEASE-p1.
Portaudit says my php5-posix-5.2.5 must be upgraded. After having done portsnap fetch update, and portsdb -F, and pkgdb, etc. To make sure everything is up to date... 'pkg_version -v | grep php5-posix' says: Code:
php5-posix-5.2.5 < needs updating (port has 5.2.6) Code:
# portupgrade -b php5-posix-5.2.5 ---> Upgrading 'php5-posix-5.2.5' to 'php5-posix-5.2.6' (sysutils/php5-posix) ---> Building '/usr/ports/sysutils/php5-posix' ===> Cleaning for php5-posix-5.2.6 ===> php5-posix-5.2.6 has known vulnerabilities: => php -- input validation error in posix_access function. Reference: <http://www.FreeBSD.org/ports/portaudit/ee6fa2bd-406a-11dd-936a-0015af872849.html> => Please update your ports tree and try again. *** Error code 1 Stop in /usr/ports/sysutils/php5-posix. ** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portupgrade.84387.0 env UPGRADE_TOOL=portupgrade UPGRADE_PORT=php5-posix-5.2.5 UPGRADE_PORT_VER=5.2.5 make ** Fix the problem and try again. ** Listing the failed packages (*:skipped / !:failed) ! sysutils/php5-posix (php5-posix-5.2.5) (unknown build error) ---> Packages processed: 0 done, 0 ignored, 0 skipped and 1 failed I cannot even upgrade it when i use portupgrade --force. |
|
||||
Strange vulnerability report.
Quote:
If you'd like to disable the security check temporarily (and do so at your own risk!), set the DISABLE_VULNERABILITIES variable in your environment. For more info, see the ports(7) manpages.
__________________
Kill your t.v. Last edited by anomie; 2nd July 2008 at 05:44 PM. Reason: grammar. |
|
|||
Thank you very much for your response.
I have managed to upgrade now from php5-posix-5.2.5 to php5-posix-5.2.6. I think the behaviour is very strange. First of, portaudit reports that I need to upgrade php5-posix-5.2.5 because of a vulnerability. But then, portupgrade does not allow me to upgrade to that version, because it *also* has a security vulnerability. Doesn't make sense. So I used the DISABLE_VULNERABILITIES variable, and the upgrade worked. But now portaudit says I need to upgrade the php5-posix-5.2.6 because of a vulnerability. However, I cannot upgrade it, because there is no later version of this package. I begin to wonder why. Let me ask a question... in order to update my ports tree, this is the right method right?: Code:
# portsdb -F -u # portsnap fetch update Code:
root@hobbes:~# portsnap fetch update Looking up portsnap.FreeBSD.org mirrors... 4 mirrors found. Fetching snapshot tag from portsnap1.FreeBSD.org... done. Latest snapshot on server matches what we already have. No updates needed. Ports tree is already up to date. root@hobbes:~# Code:
# portaudit Affected package: php5-posix-5.2.6 Type of problem: php -- input validation error in posix_access function. Reference: <http://www.FreeBSD.org/ports/portaudit/ee6fa2bd-406a-11dd-936a-0015af872849.html> 1 problem(s) in your installed packages found. You are advised to update or deinstall the affected package(s) immediately. Code:
# pkg_version -v | grep php5-posix php5-posix-5.2.6 = up-to-date with port What am I doing wrong? |
|
|||
There is nothing wrong with your side, php5-posix-5 have that vulnerability by desing in all its version >5.
|
|
|||
richardpl, thanks
I guess i'll just have to wait.. not sure why we need this package anyway ;-), but i didn't set it up in the first place.. |
|
|||
I've compiled via port php5-extensions which are depending on this posix extension.
I don't need it so recompiled the port of php5-extensions w/o it. Good luck. |
Tags |
php, php5-posix, portupgrade, vulnerability |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Vulnerability | OldCoot | OpenBSD Security | 5 | 20th March 2009 07:44 PM |
Upgrade PHP4 to PHP5 | beandip | FreeBSD Ports and Packages | 0 | 11th August 2008 02:35 PM |
Problem with upgrading php5-pcre and php5-mysql | KernelPanic | FreeBSD Ports and Packages | 6 | 16th June 2008 10:00 PM |
Swfdec read-only file access vulnerability | corey_james | FreeBSD Ports and Packages | 0 | 14th May 2008 11:31 PM |
WARNING: Vulnerability database out of date, checking anyway | mfaridi | FreeBSD Security | 9 | 8th May 2008 06:13 AM |