Web Hosting Talk






PDA

View Full Version : Upgrade PHP 4.1.1 to 4.1.2

adad
03-03-2002, 07:25 AM
I've setup PHP 4.1.1 in my cobalt raq3 following these steps:

http://www.uk2raq.com/raqfaq/raqfaqshow.php?faq=43

Now I want to upgrade to 4.1.2, but re-compiling PHP, not just compiling the patch. Just want to learn how to re-compile it.

Do I need to uninstall php?
Do I need to re-install all those rpm files?
How about Zend?

Thank you for your help.
Daniel
Pingu
03-03-2002, 09:54 AM
You follow the same steps, except that you just download the new php4.1.2 package from php.net.
You don't need to upgrade all the other stuff. Just follow the guidance for installing php from the "wget php.tar.gz" up to "make install" and then restart apache

You already have setup a php.ini, the ZendOptimizer you have installed now works with this new php version, so no need to change anything.
adad
03-03-2002, 11:49 AM
Thank you for your help, Pingu.

Everything seems to be running fine.

Best regards,
Daniel
Pingu
03-03-2002, 12:13 PM
That's great, and you're welcome :D
NoComment
03-03-2002, 01:04 PM
I would recommend waiting a little while before upgrading your PHP installation.
4.1.2 was released because of the vulnerability related to file upload functionality. However the latest PHP (4.1.2) is potentially still vulnerable (according to Rasmus Lerdorf)

You're better of disabling file uploads for a while and installing the NEXT PHP release.

Just my 2 cents.

*NoComment*
driverdave
03-03-2002, 03:37 PM
potentially still vulnerable (according to Rasmus Lerdorf)

Can you give me a link? We can't disable file uploads, we use them. I thought I was protected with PHP 4.1.2.
NoComment
03-03-2002, 09:20 PM
This was forwarded to a mailing list I am subscribed to. It looks like it was posted to the php-cvs mailing list. You might be able to dig the archives for the original email.

*NoComment*

> > From: Rasmus Lerdorf <rasmus@lerdorf.ca>
> > Date: Thu Feb 28, 2002 04:19:21 AM US/Eastern
> > To: Edin Kadribasic <edink@proventum.net>
> > Cc: Andi Gutmans <andi@zend.com>, <php-cvs@lists.php.net>,
> > <sesser@php.net>
> > Subject: Re: [PHP-CVS] cvs: php4(PHP_4_0_7) /main rfc1867.c
> >
> > Well, I would guess that the current exploits can not be used against
> > 4.1.2, so in that sense it is still useful. But yes, this memchr()+1
> > screwup could potentially be used to create another weird exploit by
> > sending a very specific mangled file upload header. I can't quite
> > picture
> > what it would look like, and I am not completely sure it is possible.
> > This thing needs more eyes...
> >
> > -Rasmus