1 |
Marian Hercek wrote: |
2 |
|
3 |
> GLSA 200603-22 suggests to update PHP. |
4 |
> |
5 |
> All PHP 4.x users should upgrade to the latest version: |
6 |
> |
7 |
> # emerge --sync |
8 |
> # emerge --ask --oneshot --verbose ">=dev-lang/php-4.4.2" |
9 |
|
10 |
> !!! Error: The above package list contains packages which cannot be |
11 |
> installed on the same system. |
12 |
|
13 |
Unfortunately ridding your box of the reported vulnerability requires you to |
14 |
migrate to dev-lang/php, as outlined in the php migration document. |
15 |
Strangely none of the reference links in the glsa listed php4 as |
16 |
vulnerable, only php5, but better safe than sorry I guess. |
17 |
|
18 |
Just to hit the highlights on the migration... |
19 |
|
20 |
You have unmerge the existing dev-php/mod_php and/or dev-php/php. |
21 |
|
22 |
Unmerge everything listed by equery list 'dev-php/'. |
23 |
|
24 |
Set up your new USE flags, which are WAY different that the use flags |
25 |
required for dev-php/mod_php, emerge dev-lang/php. |
26 |
|
27 |
emerge dev-lang/php |
28 |
|
29 |
Re emerge everything discovered by the equery list command above. In my |
30 |
case several of them attempt to pull in the old dev-php/mod_php, which is a |
31 |
blocker. For these I had to do emerge --nodeps, hoping and praying |
32 |
everything will work correctly afterwards. |
33 |
|
34 |
Take care of any extensions you previously used, which are now separate. |
35 |
|
36 |
You then have to edit your various php.ini files and any php_admin settings |
37 |
specific to include paths (include_path, safe_mode_include_dir, etc..). |
38 |
What was previously /usr/lib/php is now /usr/share/php:/usr/share/php4. I |
39 |
got shared library errors, the extensions were broken for me (sql-lite.so). |
40 |
I had to go into /etc/php/apacheX-php4/ext-active and remove the symlinked |
41 |
extension, again hoping and praying that it will all work. |
42 |
|
43 |
So far so good, everything "seems" to be working. |
44 |
|
45 |
-- |
46 |
gentoo-server@g.o mailing list |