Re: [PHP] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0
Doing that right now! Just like a basic upgrade. Thanks, FletchSOD Matt Schroebel [EMAIL PROTECTED] wrote in message 4B08FD7DB3CBD4119F560002A508C453015B38DA@hsus3">news:4B08FD7DB3CBD4119F560002A508C453015B38DA@hsus3... From: Scott Fletcher [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 23, 2002 12:43 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 I don't know how to appy patches to the PHP software. I just finish upgrading the website to work with PHP 4.2.1 from PHP 4.0.6. And now this So, just patched it then configure openssl, mycrypt, curl, modssl then do the usual stuff for PHP then apache, right?? Rebuilding from source: 1. download the new php source, extract it to whereever you do. 2. cd to php-4.2.2 copy config.nice from your existing php compile dir (this has your previous complies config command). 3. Run it: ./config.nice 4. make 5. apachectl stop 6. make install 7a. i. If php is a DSO: ii. apachectl start (you're done) 7b. i. If php is compiled into apache: ii. cd to apache compile dir iii. make clean iv. ./config.status v. make vi. make install vii. apachectl start (you're done) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0
It work very nicely The whole process take 30 to 45 minutes for just one server. I wonder how does someone did 12 computers in 10 minutes. Cool! Matt Schroebel [EMAIL PROTECTED] wrote in message 4B08FD7DB3CBD4119F560002A508C453015B38DA@hsus3">news:4B08FD7DB3CBD4119F560002A508C453015B38DA@hsus3... From: Scott Fletcher [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 23, 2002 12:43 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 I don't know how to appy patches to the PHP software. I just finish upgrading the website to work with PHP 4.2.1 from PHP 4.0.6. And now this So, just patched it then configure openssl, mycrypt, curl, modssl then do the usual stuff for PHP then apache, right?? Rebuilding from source: 1. download the new php source, extract it to whereever you do. 2. cd to php-4.2.2 copy config.nice from your existing php compile dir (this has your previous complies config command). 3. Run it: ./config.nice 4. make 5. apachectl stop 6. make install 7a. i. If php is a DSO: ii. apachectl start (you're done) 7b. i. If php is compiled into apache: ii. cd to apache compile dir iii. make clean iv. ./config.status v. make vi. make install vii. apachectl start (you're done) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0
On Wednesday 24 July 2002 22:22, Scott Fletcher wrote: It work very nicely The whole process take 30 to 45 minutes for just one server. You've got a slow computer and/or you type too slow ;-) I wonder how does someone did 12 computers in 10 minutes. Cool! For me it was a case of 'typing' in 6 commands: 1) download php 2) untar it 3) cd 4) configure 5) make 6) make install Actually I just copy and pasted those commands which took me all of 5 seconds to do. So unless you count the download and compilation time, 12 systems in 10 minutes is in the ballpark. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* Yow! I just went below the poverty line! */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0
At 10:22 AM 7/24/02 -0400, Scott Fletcher wrote: It work very nicely The whole process take 30 to 45 minutes for just one server. I wonder how does someone did 12 computers in 10 minutes. Cool! For me the key to upgrading many servers is to compile once then copy the resulting files to all my other servers. I also compile Apache + mod_ssl + PHP static into one file so usually all I have to do is copy the httpd file to the other machines. The machines need similar CPUs and identical library versions, but that isn't too hard to do. With Linux it is legal to copy in the new httpd file then apachectl restart to update the server. Rick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0
I don't know how to appy patches to the PHP software. I just finish upgrading the website to work with PHP 4.2.1 from PHP 4.0.6. And now this So, just patched it then configure openssl, mycrypt, curl, modssl then do the usual stuff for PHP then apache, right?? Adam Alkins [EMAIL PROTECTED] wrote in message 050a01c231c2$d483f770$aa9303c4@alkins">news:050a01c231c2$d483f770$aa9303c4@alkins... Any real programmer should know that almost nothing is bug free, even if you test it beyond your imagination. Something is always going to elude you and be found by someone experimenting down the road. For the widespread use of PHP, I'm rather impressed by the small amount of vunerabilities discovered in PHP so far. Some humans are just never ever satisfied... -- Adam Alkins http://www.rasadam.com -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0
Amended to this recent posting. Already started a new posting from scratch. Scott Fletcher [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I don't know how to appy patches to the PHP software. I just finish upgrading the website to work with PHP 4.2.1 from PHP 4.0.6. And now this So, just patched it then configure openssl, mycrypt, curl, modssl then do the usual stuff for PHP then apache, right?? Adam Alkins [EMAIL PROTECTED] wrote in message 050a01c231c2$d483f770$aa9303c4@alkins">news:050a01c231c2$d483f770$aa9303c4@alkins... Any real programmer should know that almost nothing is bug free, even if you test it beyond your imagination. Something is always going to elude you and be found by someone experimenting down the road. For the widespread use of PHP, I'm rather impressed by the small amount of vunerabilities discovered in PHP so far. Some humans are just never ever satisfied... -- Adam Alkins http://www.rasadam.com -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0
From: Scott Fletcher [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 23, 2002 12:43 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 I don't know how to appy patches to the PHP software. I just finish upgrading the website to work with PHP 4.2.1 from PHP 4.0.6. And now this So, just patched it then configure openssl, mycrypt, curl, modssl then do the usual stuff for PHP then apache, right?? Rebuilding from source: 1. download the new php source, extract it to whereever you do. 2. cd to php-4.2.2 copy config.nice from your existing php compile dir (this has your previous complies config command). 3. Run it: ./config.nice 4. make 5. apachectl stop 6. make install 7a. i. If php is a DSO: ii. apachectl start (you're done) 7b. i. If php is compiled into apache: ii. cd to apache compile dir iii. make clean iv. ./config.status v. make vi. make install vii. apachectl start (you're done) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0
If all you're doing is applying the patch (not adding/removing any extensions), you should be able to use ./config.nice which will use all of the configuration commands from your last compile (This is an extremely handy thing if your GD/Freetype setup was particularly ornery the first time around! ;) ) -Andy -Original Message- From: Ricky Dhatt [mailto:[EMAIL PROTECTED]] ./configure --with-mysql --with-apxs=/usr/local/apache/bin/apxs --with-ldap make make install /usr/local/apache/bin/apachectl restart Hmm...is the configure step really necessary? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Hi all, Just wanting to notify everyone that the link for the PHP.4.2.2 download is broken. -Stathis. -- Rouvas Stathis [EMAIL PROTECTED] http://www.di.uoa.gr/~rouvas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0
Any real programmer should know that almost nothing is bug free, even if you test it beyond your imagination. Something is always going to elude you and be found by someone experimenting down the road. For the widespread use of PHP, I'm rather impressed by the small amount of vunerabilities discovered in PHP so far. Some humans are just never ever satisfied... -- Adam Alkins http://www.rasadam.com -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
