PHP vulnerabilities?
Michal Jaegermann
michal at harddata.com
Tue Dec 21 04:38:51 UTC 2004
On Mon, Dec 20, 2004 at 08:52:52PM -0500, Jim Popovitch wrote:
> On Fri, 2004-12-17 at 20:41 -0500, Jim Popovitch wrote:
> > Given the considerable amount of changes in PHP since v4.1.2 (current FL
> > release), what is the possibility about just releasing a v4.3.10 rpm?
> > One could sorta argue that the number of security problems necessitates
> > more than just a point fix here and a point fix there (in no way
> > implying that any part of this is trivial)
> >
>
> Let me put this issue to rest. I spent some time investigating this and
> there are just too many newer dependencies that aren't currently
> available on RH73. So, there is slim chance that PHP 4.3.10 could even
> be ported to RH73, at least not without significant work.
php-4.3.10-1.rh73.hd
This is what I am running right now on some RH7.3 systems and I
compiled that on Saturday together with the following:
php-4.3.10-1.rh73.hd.i386.rpm
php-devel-4.3.10-1.rh73.hd.i386.rpm
php-imap-4.3.10-1.rh73.hd.i386.rpm
php-ldap-4.3.10-1.rh73.hd.i386.rpm
php-manual-4.3.10-1.rh73.hd.i386.rpm
php-mysql-4.3.10-1.rh73.hd.i386.rpm
php-odbc-4.3.10-1.rh73.hd.i386.rpm
php-pgsql-4.3.10-1.rh73.hd.i386.rpm
php-snmp-4.3.10-1.rh73.hd.i386.rpm
It was rather simple to compile although quite possibly various
things in packaging could be improved. If somebody would want
my spec file just drop me a line.
I skipped xslt support; that would complicate things although on
22 Jul 2004 on this list, with a subject "New PHP 4.3.8 RPMS
Released", Stuart Low wrote:
> I've just released PHP RPMs for Redhat 7.3, 9, Enterprise 3 &
> Fedora Core 1/2.
> Announcement here: http://www.seekbrain.com/archives/000059.html
> Repository here: http://www.seekbrain.com/downloads/psa/
That particular set included xslt and 4.3.10 is not that different
from 4.3.8. As a matter of fact now you can find there 4.3.9 under
http://www.seekbrain.com/downloads/psa/obsolete/7.3/RPMS/
which suggests that 4.3.10 is coming (I do not know that).
php-4.3.9-sp.rh73.1.src.rpm is also close by. If you plan to make
your own rpms you may want rather to start with that.
As I wrote before in this thread 4.3.10 wants a newer curl, unless
you want to configure that without curl, but one from RH9, i.e.
curl-7.9.8, is sufficient and compiles on RH7.3 system without any
troubles. I see also that you can find curl-7.10.4-2.i386.rpm, and
other libraries you may possibly want for a "full house" php-4.3.10,
at http://www.seekbrain.com/downloads/psa/7.3/
That repository is clearly set for yum.
You may _not want_ to use that for other reasons, like compatibility
with your applications, but a "slim chance" is not one of those.
Michal
More information about the fedora-legacy-list
mailing list