When attempting to upgrade a port on FreeBSD, you may run into a problem like this:
> sudo portupgrade -rR php5
---> Upgrading 'php5-5.1.6' to 'php5-5.1.6_1' (lang/php5)
---> Building '/usr/ports/lang/php5'
===> Cleaning for autoconf-2.59_2
===> Cleaning for pkg-config-0.21
===> Cleaning for libxml2-2.6.26
===> Cleaning for perl-5.8.8
===> Cleaning for m4-1.4.4
===> Cleaning for help2man-1.36.4_1
===> Cleaning for gmake-3.81_1
===> Cleaning for libiconv-1.9.2_2
===> Cleaning for p5-gettext-1.05_1
===> Cleaning for gettext-0.14.5_2
===> Cleaning for libtool-1.5.22_2
===> Cleaning for php5-5.1.6_1
===> php5-5.1.6_1 has known vulnerabilities:
=> php -- open_basedir Race Condition Vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df.html>
=> Please update your ports tree and try again.
*** Error code 1
Stop in /usr/ports/lang/php5.
Portaudit has stopped your portupgrade because one of the ports you are installing has a known security vulnerability – it’s even handy enough to provide a link to more information.
But what if you are willing to accept or mitigate the risk of the security hole – how do you build the port without portaudit stopping you? The answer is the-DDISABLE_VULNERABILITIES flag:
> sudo portupgrade -rR -m -DDISABLE_VULNERABILITIES php5
Password:
---> Upgrading 'php5-5.1.6' to 'php5-5.1.6_1' (lang/php5)
---> Building '/usr/ports/lang/php5' with make flags: -DDISABLE_VULNERABILITIES
===> Cleaning for autoconf-2.59_2
===> Cleaning for pkg-config-0.21
===> Cleaning for libxml2-2.6.26
===> Cleaning for perl-5.8.8
===> Cleaning for m4-1.4.4
===> Cleaning for help2man-1.36.4_1
===> Cleaning for gmake-3.81_1
===> Cleaning for libiconv-1.9.2_2
===> Cleaning for p5-gettext-1.05_1
===> Cleaning for gettext-0.14.5_2
===> Cleaning for libtool-1.5.22_2
===> Cleaning for php5-5.1.6_1
===> Found saved configuration for php5-5.1.6_1
[...]
Obviously, use the -DDISABLE_VULNERABILITIES flag with caution. Tip seen at TaoSecurity.
Post a Comment