I am using 4.0.6 as a apache module in a redhat server, compiling the src
rpm with a couple of custom commands in the spec file. I can't upgrade to a
newer version due to changes in the xmltree() function that breaks some of
my projects.
With the recent vunerability, I needed to generate a patched version. I ran
rpm -Uvh on the src rpm, then
rpm -bp to clean up

vi php-4.06.spec
and changed the version number,
made a couple of changes
saved the spec file

cd to /usr/src/redhat/BUILD/php-4.0.6/main
cp /root/rfc1867.c.diff-4.0.6.gz .
patch -p0 rfc1867.c rfc1867.c.diff-4.0.6.gz
cd /usr/src/redhat/SPEC
rpm -bb --short-circuit php-4.0.6.spec

cd ../RPM/i386
rpm -Uvh php-4.0.6.cm.i386.rpm

/etc/init.d/httpd restart

Apache works fine, I have a patched server....or do I?

How can I check I have actually fixed it?

Is there a test i can run. I don;t need the whole exploit, I don't think,
just some kind of test.

Chris Mason
Box 340, The Valley, Anguilla, British West Indies
Tel: 264 497 5670 Fax: 264 497 8463
Take a virtual tour of the island
http://www.anguillaguide.com/ The Anguilla Guide
Find your perfect rental villa www.mycaribbean.com
Talk to me in real time:
MSN Instant Messenger: [EMAIL PROTECTED]
ICQ 118159388 Yahoo:netconcepts_anguilla
US Fax and Voicemail: (605)253-1759

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to