[PHP] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0
Hmmm, interesting I didn't know about this and didn't see it in the docs. So now I know for my next upgrade. Anyway, my upgrade is in, and through the mails it should be clear to those who thought how terribly difficult and time consuming it is/was to do the upgrades that it was in fact not difficult at all, and seemingly even easier that the way I did it. Ian On Wednesday 24 July 2002 01:03, Andrew Chase wrote: > If all you're doing is applying the patch (not adding/removing any > extensions), you should be able to use > > ./config.nice > > which will use all of the configuration commands from your last compile > (This is an extremely handy thing if your GD/Freetype setup was > particularly ornery the first time around! ;) ) > > -Andy > > > -Original Message- > > From: Ricky Dhatt [mailto:[EMAIL PROTECTED]] > > > > ./configure --with-mysql --with-apxs=/usr/local/apache/bin/apxs > > --with-ldap > > > > > make > > > make install > > > /usr/local/apache/bin/apachectl restart > > > > Hmm...is the configure step really necessary? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP 4.2.2 install woe: cannot stat libs/libphp.so
Assuming you are installing from your php-4.2.2 directory, it would appear the libphp4.so hasn't actually been made, which would point to a possible error in the configuration parameters. I am also assuming your php 4.2.1 made OK which would mean all necessary libraries etc are available on your system. What are you using for the configure? On my system it was ./configure --with-mysql --with-apxs=/usr/local/apache/bin/apxs I did have ldap in there too, but for most people this is not necessary. If a fresh run from the start fails, then without further information, my best suggestion is to completely delete the php-4.2.2 directory and ocntents, and start again with the tar -zxf php-4.2.2.whatever, ./configure.. Ian On Wednesday 24 July 2002 14:13, Reuben D. Budiardja wrote: > On Tue, 2002-07-23 at 21:35, David Robley wrote: > > In article <[EMAIL PROTECTED]>, > > [EMAIL PROTECTED] says... > > > > > I tried to upgrade from PHP 4.2.1 to 4.2.2 due to the security bug > > > announce in the web site. When I do make install, it stopped with > > > errors. The following are the last few lines from the output: > > > > > > [activating module `php4' in /usr/local/apache/conf/httpd.conf] > > > cp libs/libphp4.so /usr/local/apache/libexec/libphp4.so > > > cp: cannot stat `libs/libphp4.so': No such file or directory > > > apxs:Break: Command failed with rc=1 > > > make[1]: *** [install-sapi] Error 1 > > > make[1]: Leaving directory `/usr/src/php-4.2.2' > > > make: *** [install-recursive] Error 1 > > > > Did you do 'make install' as root? > > yes, I did everything (from configure to make install) as root. > > Rdb > > > -- > > David Robley > > Temporary Kiwi! > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0
[delete some flaming] Hehe, and I thought I had to go to USENET to see a flamewar. This is great, a flamewar delivered directly to my mailbox, it doesn't get better... Let me put my $0.02 in. Security holes happen, no matter what software you use. PHP and open source in general, unlike M$, does not have a new vius of the week, or security hole of the month. Their recent couple of announcements is bad luck, not bad design/development and I still happily stand by the PHP guys. I think PHP users should also be grateful that the PHP guys have said there is a need to upgrade to fix this hole, rahter than just put out a new release and hope most people see it and think "great, a new version, I will upgrade". As for the the implied terrible difficulty of upgrading, on my Linux systems it was tragically complicated - I chose to patch my 4.2.1 source, then recompile, install and restart apache: patch -p0 < php-4.2.1-to-4.2.2.patch cd php-4.2.1 ./configure --with-mysql --with-apxs=/usr/local/apache/bin/apxs --with-ldap make make install /usr/local/apache/bin/apachectl restart Yes, with a script like this, it is terribly complicated. This whole process took less than 5 minutes. I had to do it on three machines, and there were no problems to be seen. If you are going to wine about having to upgrade software because of security holes, get off the net, it would be easier and take much less precious time. That's my $0.02 (or in my case 0.02 Euro). Now I will go back to trying to work out my ldap problems. Ian -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
