Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS (http://www.linux-archive.org/centos/)
-   -   PHP updates (http://www.linux-archive.org/centos/286289-php-updates.html)

Craig White 11-25-2009 08:13 PM

PHP updates
 
For the 2 threads going on about PHP 5.2/5.3...

CentOS tracks upstream whose version is...
php-5.1.6-23.2.el5_3

If you want something newer, you have to go off the beaten path.

try this...(as root)
wget http://dev.centos.org/centos/5/CentOS-Testing.repo
mv CentOS-Testing.repo /etc/yum.repos.d
yum --enablerepo=c5-testing check-update

and this would allow to update to version 5.2.9-2.el5.centos if you
then...

yum --enablerepo=c5-testing update php

and if enough people actually convinced the developers that
5.2.9-2.el5.centos were feasible, then they would probably move it into
the 'Extras' repository.

Craig


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Rudi Ahlers 11-25-2009 08:22 PM

PHP updates
 
On Wed, Nov 25, 2009 at 11:13 PM, Craig White <craigwhite@azapple.com> wrote:
> For the 2 threads going on about PHP 5.2/5.3...
>
> CentOS tracks upstream whose version is...
> php-5.1.6-23.2.el5_3
>
> If you want something newer, you have to go off the beaten path.
>
> try this...(as root)
> wget http://dev.centos.org/centos/5/CentOS-Testing.repo
> mv CentOS-Testing.repo /etc/yum.repos.d
> yum --enablerepo=c5-testing check-update
>
> and this would allow to update to version 5.2.9-2.el5.centos if you
> then...
>
> yum --enablerepo=c5-testing update php
>
> and if enough people actually convinced the developers that
> 5.2.9-2.el5.centos were feasible, then they would probably move it into
> the 'Extras' repository.
>
> Craig
>
>
> --


Thanx for sharing this with us. I'm sitting with a similar problem
right now, and would like to know, how can I install PHP 5.2.10?


--
Kind Regards
Rudi Ahlers
CEO, SoftDux Hosting
Web: http://www.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Craig White 11-25-2009 08:35 PM

PHP updates
 
On Wed, 2009-11-25 at 23:22 +0200, Rudi Ahlers wrote:
> On Wed, Nov 25, 2009 at 11:13 PM, Craig White <craigwhite@azapple.com> wrote:
> > For the 2 threads going on about PHP 5.2/5.3...
> >
> > CentOS tracks upstream whose version is...
> > php-5.1.6-23.2.el5_3
> >
> > If you want something newer, you have to go off the beaten path.
> >
> > try this...(as root)
> > wget http://dev.centos.org/centos/5/CentOS-Testing.repo
> > mv CentOS-Testing.repo /etc/yum.repos.d
> > yum --enablerepo=c5-testing check-update
> >
> > and this would allow to update to version 5.2.9-2.el5.centos if you
> > then...
> >
> > yum --enablerepo=c5-testing update php
> >
> > and if enough people actually convinced the developers that
> > 5.2.9-2.el5.centos were feasible, then they would probably move it into
> > the 'Extras' repository.
> >
> > Craig
> >
> >
> > --
>
>
> Thanx for sharing this with us. I'm sitting with a similar problem
> right now, and would like to know, how can I install PHP 5.2.10?
----
try downloading the source rpm, swap the php tarball with the one you
want to use, rebuild the rpm from the specfile.

Good luck

Craig


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

"Michael Kress" 11-27-2009 11:11 AM

PHP updates
 
Craig White wrote:
> and if enough people actually convinced the developers that
> 5.2.9-2.el5.centos were feasible, then they would probably move it into
> the 'Extras' repository.

... here's one trying to 'convince'! ;-)
I'm using that package from c5-testing since a month or so and I
encountered no problems.
Regards
Michael

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Bob McConnell 11-27-2009 12:34 PM

PHP updates
 
Michael Kress wrote:
> Craig White wrote:
>> and if enough people actually convinced the developers that
>> 5.2.9-2.el5.centos were feasible, then they would probably move it into
>> the 'Extras' repository.
>
> ... here's one trying to 'convince'! ;-)
> I'm using that package from c5-testing since a month or so and I
> encountered no problems.
> Regards
> Michael

I'll go one further. We run commercial web sites on CentOS 5.3 which
must also be PCI compliant. Because of the security issues, the auditors
have been complaining for two months that we don't have PHP 5.2.11
installed yet, putting our PCI certification in jeopardy. When 5.2.12 is
released, probably next month, we will have 30 days to get it installed.

We are trying to figure out how to handle this issue short of having to
compile PHP ourselves. That would violate the agreement we have with the
hosting service.

Bob McConnell
N2SPP
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Karanbir Singh 11-27-2009 12:59 PM

PHP updates
 
On 11/27/2009 01:34 PM, Bob McConnell wrote:
> We are trying to figure out how to handle this issue short of having to
> compile PHP ourselves. That would violate the agreement we have with the
> hosting service.

The whole PCI DSS issue is fairly important to many people at the
moment, and wht does not help is the general brain-dead'ness shown by
many of the so-called-experts doing the scans / checks.

Having said that, I *do* realise its a big deal and (a) we as a group of
people should be able to address is, since its something that impacts so
many and (b) most likely have the resources to do whatever is needed for
(a). So if you want to extend your 'we' to be 'we, the centos community'
- you have my attention and I know almost everyone else around here as well.

How about putting some ideas together on what needs to be done as a
whole, on the wiki - even if one idea might be to better educate the
people running these scans. Maybe even go one step further: setup the
wiki page, bring some people together who have $clue >0 and have a bit
of time, a few hours per week is plenty. And lets start thrashing out
the possible solution paths for the hundreds of people in the 'problem
area'.

I'd be happy to work with such a group of people. And I've read the PCI
spec requirements.

Disclaimer: I dont have any use for or the requirement to meet any pci
standards, but I am slightly concerned that too many people are trying
too hard to work on this in silo's where its clear that having a central
resource pool would be both a clear win and a massive saving on
individual resources.

--
Karanbir Singh
London, UK | http://www.karan.org/ | twitter.com/kbsingh
ICQ: 2522219 | Yahoo IM: z00dax | Gtalk: z00dax
GnuPG Key : http://www.karan.org/publickey.asc
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Rob Kampen 11-27-2009 01:51 PM

PHP updates
 
Michael Kress wrote:

Craig White wrote:


and if enough people actually convinced the developers that
5.2.9-2.el5.centos were feasible, then they would probably move it into
the 'Extras' repository.



... here's one trying to 'convince'! ;-)
I'm using that package from c5-testing since a month or so and I
encountered no problems.
Regards
Michael

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

I also updated to php-5.2.9 from the c5-testing repo - it was installed
just fine and everything is still working (my own php site, cms made
simple v1.6.6, gallery v2) so I am happy to see this move to extras.
Thanks guys.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

John R Pierce 11-27-2009 06:36 PM

PHP updates
 
Bob McConnell wrote:
> I'll go one further. We run commercial web sites on CentOS 5.3 which
> must also be PCI compliant. Because of the security issues, the auditors
> have been complaining for two months that we don't have PHP 5.2.11
> installed yet, putting our PCI certification in jeopardy. When 5.2.12 is
> released, probably next month, we will have 30 days to get it installed.
>

If thats their requirement, then perhaps RHEL and its derivatives aren't
the right platform for this. Or, you shouldn't be using PHP at all.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Ian Forde 11-27-2009 07:38 PM

PHP updates
 
On Fri, 2009-11-27 at 08:34 -0500, Bob McConnell wrote:
> Michael Kress wrote:
> > Craig White wrote:
> >> and if enough people actually convinced the developers that
> >> 5.2.9-2.el5.centos were feasible, then they would probably move it into
> >> the 'Extras' repository.
> >
> > ... here's one trying to 'convince'! ;-)
> > I'm using that package from c5-testing since a month or so and I
> > encountered no problems.
> > Regards
> > Michael
>
> I'll go one further. We run commercial web sites on CentOS 5.3 which
> must also be PCI compliant. Because of the security issues, the auditors
> have been complaining for two months that we don't have PHP 5.2.11
> installed yet, putting our PCI certification in jeopardy. When 5.2.12 is
> released, probably next month, we will have 30 days to get it installed.
>
> We are trying to figure out how to handle this issue short of having to
> compile PHP ourselves. That would violate the agreement we have with the
> hosting service.

Bob - there are many of us that are in that situation, but it's actually
quite an easy requirement to satisfy.

Let's start with Upstream...

Because Upstream certifies/qualifies their fixes against known
vulnerabilities, you shouldn't get dinged on version number checking as
long as you're using up to date backported fix packages from Upstream.

Now... As long as CentOS has the same backported fixes to respond to the
same CVE vulnerabilities, you should be okay. Just tell your auditors
to research "backports".

Check out the first 2 paragraphs of:
http://twiki.cpanel.net/twiki/bin/view/AllDocumentation/PCIComplianceInfo/ScanningSoftware

Also, search the mailing list archives... you'll find more information.
For proof of CVE fixes, do a:

rpm -q --changelog php |grep -i cve

As long as you've resolved outstanding known vulnerabilities, you should
be able to get exceptions/exemption granted for version numbers.

Of course, IANAL, and this does not constitute legal advise, but it's a
path that you can pursue for a speedier resolution of this issue rather
than go through the pain of finding php 5.2.10 rpms and qualifying them
yourself.

Remember - If it weren't for fixes from Upstream/CentOS, neither
Upstream nor CentOS would be able to be tested for compliancy without
MAJOR source-code hoops, which would defeat the purpose of using these
OSes in eCommerce in the first place! ;)

-I

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 03:33 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.