Red Hat 7.x PHP confusion

Ville Herva vherva at viasys.com
Thu Mar 18 08:21:13 UTC 2004 

On Wed, Mar 17, 2004 at 10:43:41AM -0600, you [Chris Spencer] wrote:
> On Wed, 2004-03-17 at 01:31, Ville Herva wrote:
> >   - Would anyone happen to know if php-4.1.2-7.x.6 is vulnerable to the 
> >     Bugtraq ID : 7187,7197,7198,7199,7210 issue?
> 
> Probably vulnerable.  RH7 has been unsupported for some time now.  

--8<-----------------------------------------------------------------------
Date:   Fri, 12 Dec 2003 10:38:06 +0000 (GMT)                                   
From:   Mark J Cox <mjc at redhat.com>                                             
Subject: End of Life for Red Hat Linux 7.1, 7.2, 7.3, 8.0                       
To:     redhat-watch-list at redhat.com                                            

(...)                                                                                
                                                                                
Red Hat Linux 7.1, 7.2, 7.3, and 8.0 distributions will reach their             
end-of-life for errata maintenance on the 31st December 2003.  
                                          ~~~~~~~~~~~~~~~~~~ 
--8<-----------------------------------------------------------------------

Some time, yes. But the vulnerability was discovered in March 2003 - yet no
PHP updates were released for RH7.x since late 2002.

> Your research seems good enough to convince me.

But I found nothing explicit to suggest php-4.1.2-7.x.6 is vulnerable...
 
> >   - Has anyone had success in compiling php-4.3.4 rpm for Red Hat 7.x?
> 
> I haven't but this probably isn't an issue really.  

Are you implying that it should be easy? I mean easier than trying to
backport the fixes to php-4.1.2-7.x.6?

> Your scripts will almost certainly have issues.  I don't know if apache
> will need a recompile but I doubt it.

I hope not. I just wasn't even sure the latest PHP supports Apache 1.3.x,
but apparently it does.

> Recompiling the php modules will be needed, I imagine.

Ugh, that, too. Well, I'm still stumbling with the PHP-4.3.4 compilation.
Perhaps I'll just have to wrap up my sleeves and do it.

> Hope that's helpful.

Yes, thanks.
 
> I'd suggest if you are going to upgrade just grabbing source RPMs from a
> current distro and trying to recompile them.  (May or may not work, but
> seems more likely to).

I did (before I posted the question); I took the Red Hat 8 and Red Hat 9
errata .src.rpm's but both of them are for apache-2 only. The Red Hat 9
.spec is even uncompatible with the RH7.x rpm build system (or at least it
gives as error.) On top of that, they require a huge pile of devel libraries
-- moreover, recent versions of them, which would mean I have to upgrade
things like openldpa, cyrus-sasl, and install freetype and gd... Surely,
with heavy massaging the .spec could be made to work (by disabling
configuration options (although even with --without-freetype it still barfs
on lack of -lttf), but I was trying to imply I didn't find it easy. Hence I
asked íf someone had done it already and could perhaps provide some tips.



-- v -- 

v at iki.fi

More information about the fedora-legacy-list mailing list