New ports for Apache PHP modules

At the moment they fail to build for me. It incorrectly names a bunch of vulnerabilities, but these have been fixed a long time ago.

Code: 
root@c1:/usr/ports/www/mod_php5# make install
/!\ WARNING /!\
!!! If you have a threaded Apache, you must build lang/php5 with ZTS support to enable thread-safety in extensions !!!

===>  mod_php5-5.4.26 has known vulnerabilities:
mod_php5-5.4.26 is vulnerable:
php -- strip_tags cross-site scripting vulnerability
CVE: CVE-2004-0595
WWW: http://portaudit.FreeBSD.org/edf61c61-0f07-11d9-8393-000103ccf9d6.html

mod_php5-5.4.26 is vulnerable:
php -- multiple vulnerabilities
CVE: CVE-2004-1065
CVE: CVE-2004-1019
WWW: http://portaudit.FreeBSD.org/d47e9d19-5016-11d9-9b5f-0050569f0001.html

mod_php5-5.4.26 is vulnerable:
php -- memory_limit related vulnerability
CVE: CVE-2004-0594
WWW: http://portaudit.FreeBSD.org/dd7aa4f1-102f-11d9-8a8a-000c41e2cdad.html

mod_php5-5.4.26 is vulnerable:
php -- _ecalloc Integer Overflow Vulnerability
CVE: CVE-2006-4812
WWW: http://portaudit.FreeBSD.org/e329550b-54f7-11db-a5ae-00508d6a62df.html

mod_php5-5.4.26 is vulnerable:
php -- php_variables memory disclosure
WWW: http://portaudit.FreeBSD.org/ad74a1bd-16d2-11d9-bc4a-000c41e2cdad.html

mod_php5-5.4.26 is vulnerable:
php -- vulnerability in RFC 1867 file upload processing
WWW: http://portaudit.FreeBSD.org/562a3fdf-16d6-11d9-bc4a-000c41e2cdad.html

mod_php5-5.4.26 is vulnerable:
php -- open_basedir Race Condition Vulnerability
CVE: CVE-2006-5178
WWW: http://portaudit.FreeBSD.org/edabe438-542f-11db-a5ae-00508d6a62df.html
=> Please update your ports tree and try again.
*** [check-vulnerable] Error code 1

Stop in /usr/ports/www/mod_php5.
*** [install] Error code 1

Stop in /usr/ports/www/mod_php5.
root@c1:/usr/ports/www/mod_php5#
 
You can get it to build if you ignore the security warnings (they're incorrect anyway), make -DDISABLE_VULNERABILITIES install clean. You will still get reports from periodic(8) though.
 
SirDice said:
You can get it to build if you ignore the security warnings (they're incorrect anyway), make -DDISABLE_VULNERABILITIES install clean. You will still get reports from periodic(8) though.
Click to expand...
Great! Thanks for info!
 
If I run
Code: 
# cd /usr/ports/www/mod_php5
# make install
I got
Code: 
Installing mod_php5-5.4.27,1...pkg-static: mod_php5-5.4.27,1 conflicts with php5-5.4.25 (installs files into the same place).  Problematic file: /usr/local/libexec/apache22/libphp5.so
Obviously, I am installing libphp5.so (from mod_php5) in the same location of libphp5.so (from php5).
What should I do?
Force installation?
What else?

Thank you
 
Found the answer:
Code: 
# cd /usr/ports/lang/php5 ; make deinstall ; make reinstall
Then, it is possible to install www/mod_php5 with no problem
 
You must log in or register to reply here.
Back
Top