FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Development

 
 
LinkBack Thread Tools
 
Old 08-18-2011, 02:32 PM
Pierre Schmitz
 
Default PHP: Dropping Suhosin patch and PEAR

Hi all,

The recent PHP 5.3.7 packages will be shipped without the Suhosin patch
and there also wont be a PEAR package.

While I like the suhosin project I have to assume that this is stalled
at best. There are no new releases since PHP 5.3.4 was released. I also
wasn't able to contact the author to ask about the current state. Even
though porting the patch to new minor php releases is quite easy, I
don't feel comfortable about this; doing so wont also be "the Arch way".
If anybody knows more about the current state of Suhosin, please let me
know. Note: I'll keep the Suhosin extension as long as it works though.

In addition to this I removed the php-pear package. The main problem is
that the recent version of PEAR does not support the installation to a
destination directory. There are quite a lot of bug reports about this;
some of them are very old.* I am not really interested to add any hacks
to make it working. This has to be fixed upstream once and for all;
unless they really don't want to have pear redistributed. For anybody
interested in using pear I'd suggest creating a separate PKGBUILD and
put it into AUR. The Fedora spec file might be a good start:

http://pkgs.fedoraproject.org/gitweb/?p=php-pear.git;a=blob;f=php-pear.spec

Greetings,

Pierre


*) https://bugs.php.net/bug.php?id=18568
http://pear.php.net/bugs/bug.php?id=6154
https://bugs.php.net/bug.php?id=50509
https://pear.php.net/bugs/bug.php?id=17067

--
Pierre Schmitz, https://users.archlinux.de/~pierre
 
Old 08-18-2011, 02:32 PM
Pierre Schmitz
 
Default PHP: Dropping Suhosin patch and PEAR

Hi all,

The recent PHP 5.3.7 packages will be shipped without the Suhosin patch
and there also wont be a PEAR package.

While I like the suhosin project I have to assume that this is stalled
at best. There are no new releases since PHP 5.3.4 was released. I also
wasn't able to contact the author to ask about the current state. Even
though porting the patch to new minor php releases is quite easy, I
don't feel comfortable about this; doing so wont also be "the Arch way".
If anybody knows more about the current state of Suhosin, please let me
know. Note: I'll keep the Suhosin extension as long as it works though.

In addition to this I removed the php-pear package. The main problem is
that the recent version of PEAR does not support the installation to a
destination directory. There are quite a lot of bug reports about this;
some of them are very old.* I am not really interested to add any hacks
to make it working. This has to be fixed upstream once and for all;
unless they really don't want to have pear redistributed. For anybody
interested in using pear I'd suggest creating a separate PKGBUILD and
put it into AUR. The Fedora spec file might be a good start:

http://pkgs.fedoraproject.org/gitweb/?p=php-pear.git;a=blob;f=php-pear.spec

Greetings,

Pierre


*) https://bugs.php.net/bug.php?id=18568
http://pear.php.net/bugs/bug.php?id=6154
https://bugs.php.net/bug.php?id=50509
https://pear.php.net/bugs/bug.php?id=17067

--
Pierre Schmitz, https://users.archlinux.de/~pierre
 
Old 08-18-2011, 03:17 PM
Pierre Schmitz
 
Default PHP: Dropping Suhosin patch and PEAR

On Thu, 18 Aug 2011 16:32:15 +0200, Pierre Schmitz wrote:
> Hi all,
>
> The recent PHP 5.3.7 packages will be shipped without the Suhosin patch
> and there also wont be a PEAR package.
>
> While I like the suhosin project I have to assume that this is stalled
> at best. There are no new releases since PHP 5.3.4 was released. I also
> wasn't able to contact the author to ask about the current state. Even
> though porting the patch to new minor php releases is quite easy, I
> don't feel comfortable about this; doing so wont also be "the Arch way".
> If anybody knows more about the current state of Suhosin, please let me
> know. Note: I'll keep the Suhosin extension as long as it works though.

Now that is perfect timing :-)
https://twitter.com/#!/i0n1c/status/104194056384552960

I'll have a look at that then.


--
Pierre Schmitz, https://users.archlinux.de/~pierre
 
Old 08-19-2011, 10:29 PM
"David C. Rankin"
 
Default PHP: Dropping Suhosin patch and PEAR

On 08/18/2011 10:17 AM, Pierre Schmitz wrote:

On Thu, 18 Aug 2011 16:32:15 +0200, Pierre Schmitz wrote:

Hi all,

The recent PHP 5.3.7 packages will be shipped without the Suhosin patch
and there also wont be a PEAR package.

While I like the suhosin project I have to assume that this is stalled
at best. There are no new releases since PHP 5.3.4 was released. I also
wasn't able to contact the author to ask about the current state. Even
though porting the patch to new minor php releases is quite easy, I
don't feel comfortable about this; doing so wont also be "the Arch way".
If anybody knows more about the current state of Suhosin, please let me
know. Note: I'll keep the Suhosin extension as long as it works though.


Now that is perfect timing :-)
https://twitter.com/#!/i0n1c/status/104194056384552960

I'll have a look at that then.




That is good timing, the additional security is welcomed.

The pear issue is also relatively critical. Removal of pear will break groupware
packages (egroupware, etc..) until users manually install it separately.


--
David C. Rankin, J.D.,P.E.
 

Thread Tools




All times are GMT. The time now is 06:59 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org