On Thu, 04 Sep 2008 17:38:52 +0200 Miroslav Lachman <[EMAIL PROTECTED]> wrote:
> Morgan Wesström wrote: > > Portaudit has complained for a few days about vulnerabilities in > > sysutils/php5-posix but there seems to be no update yet. When I now try > > to recompile all my ports with portmaster it stops with an error when it > > reaches this port. > > > > ===> php5-posix-5.2.6_1 has known vulnerabilities: > > => php -- input validation error in posix_access function. > > Reference: > > <http://www.FreeBSD.org/ports/portaudit/ee6fa2bd-406a-11dd-936a-0015af872849.html> > > > > > > => Please update your ports tree and try again. > > *** Error code 1 > > > > > > How do I continue? Is there anyway I can force portmaster to skip this > > port and continue where it left off or do I have to deinstall it and > > recompile everything all over again? > > You can recompile / install vulnerable applications by giving portmaster > option: -m "DISABLE_VULNERABILITIES=yes". > !!You are using it at your own risk!! I also use this option for all of my port updating. I figure that updating to a newer version "probably" won't make the security any worse if I've already got a vulnerable application. > If you don't need php5-posix, it is better to deinstall it and uncheck > from php5-extensions (with `make config` in /usr/ports/lang/php5-extensions) Actually, I think a fix was just committed: http://docs.freebsd.org/cgi/mid.cgi?200809041355.m84DtBLn072467 So give it a little time for propagation, then re-csup and try it again. HTH, Randy -- _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[EMAIL PROTECTED]"
