Topic: PHP Security Update 4.3.10

[egerards]

I also tried the php upgrade script. As Greg pointed out, the unixODBC rpm will never be installed. As we like all rpm files in the temporary 'phpupgrade' subdir to be installed, 'rpm -Uvh --nodeps php*.rpm' could be changed to 'rpm -Uvh --nodeps *.rpm' and that should do the job.

Here the link to the unixODBC rpm seems to work fine...

And so far all my PHP applications seem to work fine, so thanks for the efforts!

[ergozd]

Hello Greg!

I modified the script so

Code: [Select]

if [ $IS_ODBC -eq 0 ]
then
    rpm -Uvh http://download.fedoralegacy.org/redhat/7.3/os/i386/unixODBC-2.2.0-5.i386.rpm
else
    echo "unixODBC installed skipping download"
fi


As for if these are the best php-rpms to use, there are two options as of now, either these RHX releases or NORLUG releases.

Neither Laurent Dinclaux nor Dan Brown has not yet compiled any newer RPMS yet so I simply scripted one which exist. (I try to check their contrib areas as often as I can).

As soon as newer RPMS is release by any of above mentioned contributors I'll update the script.

I personally think no need to rush for an upgrade unless you have a phpbb forum running, therefore I've not announced the script.

[Normando]

Thanks Ergin, the script run OK!!!!

[Rigger]

The script downloads all the rpm's before installing them. Either will work but it was just easier at the time cutting and pasting similar lines and editing the minor changes.

As far as better if the 4.3.9 have a know security bug then it doesn't matter the compile. Upgrade and then wait to see if the author of the 4.3.9 does another special build.


php4.3.10-upgrade.sh

#!/bin/sh
# Ergin ™zdemir ergin@ergin.net
#
# 2004-12-24 Rigger
# Udated for php release 4.3.10
# There are NO builds for postgre-sql or the manual for 4.3.10 at the known download location
# so uncommenting to install packages will not work.
#
# 2004-09-29 Laurent Dinclaux relased php-4.3.9
# I have released PHP 4.3.9 RPMs. In addition of Dan Brown releases:
# - Curl extension
# - Compiled with options
#     --enable-sockets --enable-pcntl --enable-sigchild
#
# Based on Rigger's (Doug Musty <doug@musty.us>) script & Dan Brown's RPMS
# 2004-07-23 Latest update from Rigger   
# Recognize that the unixODBC package is already installed and skip downloading it...
# Also changed the pear install commands to pear upgrade. This will stop the failure
# notice if already installed and will still install the package if not installed already.

mkdir phpupgrade
cd phpupgrade

wget http://open.rhx.it/apt/redhat/7.3/i386/RPMS.rhx/php-4.3.10-0.i386.rpm
wget http://open.rhx.it/apt/redhat/7.3/i386/RPMS.rhx/php-devel-4.3.10-0.i386.rpm
wget http://open.rhx.it/apt/redhat/7.3/i386/RPMS.rhx/php-imap-4.3.10-0.i386.rpm
wget http://open.rhx.it/apt/redhat/7.3/i386/RPMS.rhx/php-mysql-4.3.10-0.i386.rpm
wget http://open.rhx.it/apt/redhat/7.3/i386/RPMS.rhx/php-ldap-4.3.10-0.i386.rpm
wget http://open.rhx.it/apt/redhat/7.3/i386/RPMS.rhx/php-odbc-4.3.10-0.i386.rpm
wget http://open.rhx.it/apt/redhat/7.3/i386/RPMS.rhx/php-snmp-4.3.10-0.i386.rpm


# Uncomment next line if you are using postgre sql
# wget http://www.ibiblio.org/pub/Linux/distributions/smeserver/contribs/ldinclaux/SME6.x/Contribs/RPMS/php-pgsql-4.3.9-3ld.i386.rpm

# Uncomment next line if you want to install the manual.
# wget http://www.ibiblio.org/pub/Linux/distributions/smeserver/contribs/ldinclaux/SME6.x/Contribs/RPMS/php-manual-4.3.9-3ld.i386.rpm

# Install unixOBDC if not installed.
rpm -qa > rpmlist

IS_ODBC=pic rpmlist | grep -c unixODBC

if [ $IS_ODBC -eq 0 ]
then
   wget ftp://ftp.rediris.es/sites/ftp.redhat.com/pub/redhat/linux/7.3/en/os/i386/RedHat/RPMS/unixODBC-2.2.0-5.i386.rpm
else
   echo "unixODBC installed skipping download"
fi

rpm -Uvh *.rpm

mkdir -p /etc/e-smith/templates-custom/etc/php.ini
touch /etc/e-smith/templates-custom/etc/php.ini/50PathsDirectories
echo 'include_path        = ".:/usr/share/pear"' > /etc/e-smith/templates-custom/etc/php.ini/50PathsDirectories
echo 'doc_root            =' >> /etc/e-smith/templates-custom/etc/php.ini/50PathsDirectories
echo 'user_dir            =' >> /etc/e-smith/templates-custom/etc/php.ini/50PathsDirectories
echo 'extension_dir       = /usr/lib/php4' >> /etc/e-smith/templates-custom/etc/php.ini/50PathsDirectories
echo 'enable_dl           = On' >> /etc/e-smith/templates-custom/etc/php.ini/50PathsDirectories

pear upgrade Log
pear upgrade Date

/sbin/e-smith/expand-template /etc/php.ini

service httpd restart

rm * -f
cd ..
rmdir phpupgrade

echo " DONE........"

[/quote]

[smeghead]

Ergin, the perms on the 4.3.10 script files on your ftp site are wrong so people can't d/l them.  Could you fix this please.

[ergozd]

DL should work now.

http://ergin.dyndns.org/download/php4.3.10-upgrade.sh
OR
http://mirror.contribs.org/smeserver/contribs/ergozd/scripts/php4.3.10-upgrade.sh

Best rgds, Ergin

[Snoopyski]

Thats what I get when I try to run the script...


unixODBC installed skipping download
error: failed dependencies:
        libsnmp.so.0   is needed by php-snmp-4.3.10-0


Help ...  

Thanks,

Snoopyski

[gregswallow]

Help ...  

try this:

Code: [Select]

rpm -Uvh --force http://www.ibiblio.org/pub/linux/distributions/smeserver/releases/6.0.1/os/e-smith/RPMS/ucd-snmp-4.2.5-7.73.0.i386.rpm

http://rpm.pbone.net has a search function that lets you search for what rpm contains libsnmp.so.0 for example.  Maybe you deleted ucd-snmp?

[Snoopyski]

Thanks,

OK Now the script goes fine BUT My PHP still stay at 4.3.9 !!!!!!!!!!!

Snoopyski

[Snoopyski]

THATS WATH i GET NOW !!!

Warning: Illegal offset type in Common.php on line 91

Warning: Illegal offset type in Common.php on line 108

after I removed the snmp package and run the script again !!!!!

Now I'm to PHP 4.3.10 BUT My Apache server doesn't work fine !

Any idea ?

Thanks

Snoopyski

[Snoopyski]

Any Idea My web site is DOWN now !!!

Thanks !

Snoopyski

[Snoopyski]

OK now I removed the uc**-snmp-***.rpm...

AND I be able to DOWNGRADE to 4.3.9 !!! with a --oldpackages and --force..

My web site is UP and running now with PHP 4.3.9...

Any Idea to upgrade to the last version ?

thanks,

Snoopyski

[smeghead]

You were probably using the rpms built by Laurent Dinclaux that had some extra stuff compiled in; the standard 4.3.10 rpms do not have these extensions.

You site may have broken with the 4.3.10 upgrade due to the loss of these extensions.

Did you read the scripts BEFORE running them to check to see what they did & to read the notes inside?

[ergozd]

Hi!

smeghead is on right track here. The latest I heard from Laurent that he complied newer version BUT he had problem with his DSL so he has NOT yet uploaded those RPMS.

The latest PHP RPMS used in php-upgrade script uses RPMS from RHX and they are NOT complied with --enable-sockets --enable-pcntl --enable-sigchild


If your applications need those option(-s) either you build your own RPMS or wait until Laurent can upload his files.

Best rgds, Ergin

[guest22]

YFYI,

Dan Brown (Long time PHP/Horde enthousiast and contribs.org memeber) has put out his RPM's. You will find them in 'dbrown' contribs area.