Php5?

Deleted member 2077 · May 7, 2012

I have a web app that requires "PHP 5+", but the 3 php5x ports in /usr/ports/lang are all deprecated/broken, etc. I tried php5, php52 and php53 (see output below). The author of the webapp says php4 won't work. Any ideas?

I'm not to familiar with this, but isn't php a fairly mainstream and common port? Seems strange that it's not working. My port tree was updated right before I tried installing them.

Code:

[root]# cd ../php5
[root]# make
===>  php5-5.3.11 has known vulnerabilities:
Affected package: php5-5.3.11
Type of problem: php -- vulnerability in certain CGI-based setups.
Reference: http://portaudit.FreeBSD.org/60de13d5-95f0-11e1-806a-001143cd36d8.html
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/lang/php5.
*** Error code 1

Stop in /usr/ports/lang/php5.
[root]# cd ../php52
[root]# make
===>   NOTICE:

This port is deprecated; you may wish to reconsider installing it:

PHP 5.2 series is strongly discouraged for new  installations, migrate now.

It is scheduled to be removed on or after 2013-03-01.

===>  php52-5.2.17_8 has known vulnerabilities:
Affected package: php52-5.2.17_8
Type of problem: php -- NULL byte poisoning.
Reference: http://portaudit.FreeBSD.org/3761df02-0f9c-11e0-becc-0022156e8794.html
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/lang/php52.
*** Error code 1

Stop in /usr/ports/lang/php52.
[root]# cd ..
[root]# cd php53
[root]# make
===>  php5-5.3.11 not usable until php5.4.x is in lang/php5.
*** Error code 1

Stop in /usr/ports/lang/php53.

kpa · May 7, 2012

http://forums.freebsd.org/showthread.php?t=31798, lang/php5 version 5.3.12 with a fix for the vulnerability is not out yet. If you use fastcgi you shouldn't need to worry about the security vulnerabilty, as far as I understand it's limited to cases where a PHP program is used as an old style CGI script.

Deleted member 2077 · May 7, 2012

kpa said:
http://forums.freebsd.org/showthread.php?t=31798, lang/php5 version 5.3.12 with a fix for the vulnerability is not out yet. If you use fastcgi you shouldn't need to worry about the security vulnerabilty, as far as I understand it's limited to cases where a PHP program is used as an old style CGI script.

Thanks. Is there a way to get lang/php5 to build (securely) with fast cgi disabled? I unchecked

Code:

[ ] CGI        Build CGI version

in the make config, but it still fails to build.

ondra_knezour · May 7, 2012

feralape said:

Code:

# cd ../php5
# make
===>  php5-5.3.11 has known vulnerabilities:
Affected package: php5-5.3.11
Type of problem: php -- vulnerability in certain CGI-based setups.
Reference: http://portaudit.FreeBSD.org/60de13d5-95f0-11e1-806a-001143cd36d8.html
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/lang/php5.
*** Error code 1

Stop in /usr/ports/lang/php5.

If you are sure you are not affected with this vulnerability, use
# make -DDISABLE_VULNERABILITIES install

kpa · May 7, 2012

If you're not going to use fastcgi nor cgi then how are you going to call your PHP program?

Fastcgi should be safe to use for now.

Zare · May 7, 2012

Apache module, or from CLI...

Php5?

Deleted member 2077

Guest

kpa

Deleted member 2077

Guest

ondra_knezour

kpa

Zare