# New ports for Apache PHP modules



## kpa (Mar 27, 2014)

These are very very welcome I think.

www/mod_php5 and www/mod_php55.

http://svnweb.freebsd.org/ports?view=revision&revision=349342


----------



## SirDice (Mar 31, 2014)

At the moment they fail to build for me. It incorrectly names a bunch of vulnerabilities, but these have been fixed a long time ago.


```
root@c1:/usr/ports/www/mod_php5# make install
/!\ WARNING /!\
!!! If you have a threaded Apache, you must build lang/php5 with ZTS support to enable thread-safety in extensions !!!

===>  mod_php5-5.4.26 has known vulnerabilities:
mod_php5-5.4.26 is vulnerable:
php -- strip_tags cross-site scripting vulnerability
CVE: CVE-2004-0595
WWW: http://portaudit.FreeBSD.org/edf61c61-0f07-11d9-8393-000103ccf9d6.html

mod_php5-5.4.26 is vulnerable:
php -- multiple vulnerabilities
CVE: CVE-2004-1065
CVE: CVE-2004-1019
WWW: http://portaudit.FreeBSD.org/d47e9d19-5016-11d9-9b5f-0050569f0001.html

mod_php5-5.4.26 is vulnerable:
php -- memory_limit related vulnerability
CVE: CVE-2004-0594
WWW: http://portaudit.FreeBSD.org/dd7aa4f1-102f-11d9-8a8a-000c41e2cdad.html

mod_php5-5.4.26 is vulnerable:
php -- _ecalloc Integer Overflow Vulnerability
CVE: CVE-2006-4812
WWW: http://portaudit.FreeBSD.org/e329550b-54f7-11db-a5ae-00508d6a62df.html

mod_php5-5.4.26 is vulnerable:
php -- php_variables memory disclosure
WWW: http://portaudit.FreeBSD.org/ad74a1bd-16d2-11d9-bc4a-000c41e2cdad.html

mod_php5-5.4.26 is vulnerable:
php -- vulnerability in RFC 1867 file upload processing
WWW: http://portaudit.FreeBSD.org/562a3fdf-16d6-11d9-bc4a-000c41e2cdad.html

mod_php5-5.4.26 is vulnerable:
php -- open_basedir Race Condition Vulnerability
CVE: CVE-2006-5178
WWW: http://portaudit.FreeBSD.org/edabe438-542f-11db-a5ae-00508d6a62df.html
=> Please update your ports tree and try again.
*** [check-vulnerable] Error code 1

Stop in /usr/ports/www/mod_php5.
*** [install] Error code 1

Stop in /usr/ports/www/mod_php5.
root@c1:/usr/ports/www/mod_php5#
```


----------



## bzz (Apr 2, 2014)

For me it's failing as well..

Pasted in this thread, as I've overlooked this one:
https://forums.freebsd.org/viewtopic.php?f=5&t=42961&p=255833#p255833


----------



## SirDice (Apr 2, 2014)

You can get it to build if you ignore the security warnings (they're incorrect anyway), `make -DDISABLE_VULNERABILITIES install clean`. You will still get reports from periodic(8) though.


----------



## bzz (Apr 2, 2014)

SirDice said:
			
		

> You can get it to build if you ignore the security warnings (they're incorrect anyway), `make -DDISABLE_VULNERABILITIES install clean`. You will still get reports from periodic(8) though.


Great! Thanks for info!


----------



## simonepucci (Apr 17, 2014)

If I run

```
# cd /usr/ports/www/mod_php5
# make install
```
I got

```
Installing mod_php5-5.4.27,1...pkg-static: mod_php5-5.4.27,1 conflicts with php5-5.4.25 (installs files into the same place).  Problematic file: /usr/local/libexec/apache22/libphp5.so
```
Obviously, I am installing libphp5.so (from mod_php5) in the same location of libphp5.so (from php5).
What should I do?
Force installation?
What else?

Thank you


----------



## simonepucci (Apr 17, 2014)

Found the answer:

```
# cd /usr/ports/lang/php5 ; make deinstall ; make reinstall
```
Then, it is possible to install www/mod_php5 with no problem


----------

