Marian Hercek wrote: > GLSA 200603-22 suggests to update PHP. > > All PHP 4.x users should upgrade to the latest version: > > # emerge --sync > # emerge --ask --oneshot --verbose ">=dev-lang/php-4.4.2"
> !!! Error: The above package list contains packages which cannot be > installed on the same system. Unfortunately ridding your box of the reported vulnerability requires you to migrate to dev-lang/php, as outlined in the php migration document. Strangely none of the reference links in the glsa listed php4 as vulnerable, only php5, but better safe than sorry I guess. Just to hit the highlights on the migration... You have unmerge the existing dev-php/mod_php and/or dev-php/php. Unmerge everything listed by equery list 'dev-php/'. Set up your new USE flags, which are WAY different that the use flags required for dev-php/mod_php, emerge dev-lang/php. emerge dev-lang/php Re emerge everything discovered by the equery list command above. In my case several of them attempt to pull in the old dev-php/mod_php, which is a blocker. For these I had to do emerge --nodeps, hoping and praying everything will work correctly afterwards. Take care of any extensions you previously used, which are now separate. You then have to edit your various php.ini files and any php_admin settings specific to include paths (include_path, safe_mode_include_dir, etc..). What was previously /usr/lib/php is now /usr/share/php:/usr/share/php4. I got shared library errors, the extensions were broken for me (sql-lite.so). I had to go into /etc/php/apacheX-php4/ext-active and remove the symlinked extension, again hoping and praying that it will all work. So far so good, everything "seems" to be working. -- [email protected] mailing list
