In FreeBSD, please try to search for clues in �/usr/ports/UPDATING whenever you encounter a weird issue.
Also try and use pkg instead of ports whenever you can:
man pkg
I hope you are using FreeBSD 10.3 now that you are just starting and it was released this week:)
On 6 April 2016 at 08:55, Helmut Fritz <helmut@fritz.us.com> wrote:
OK � in general just ignore the below.
�
I redid all the php stuff (make deinstall, make clean, make install clean) in the default php5, all good,� same thing in php5-extensions, except this time I unchecked php-phar since it was not in the list of required modules.� Everything went well.
�
Sorry to potentially have wasted anybody�s time, I might get the hang of this UNIX stuff (again) yet.
�
The only mild concern is that the default version of php5 is deprecated, which will lead to an php-mbstrings STOP (unless is it overridden as I noted below) if php56 is attempted.
�
From: users [mailto:users-bounces@exim4u.org] On Behalf Of Helmut Fritz
Sent: Tuesday, April 05, 2016 9:21 PM
To: 'Exim4U General Discussion'
Subject: [SPAM] [Exim4U] issues with php-extesions install�
OK, first issue, probably minor.
�
I get this installing the default php:
�
�This port is deprecated; you may wish to reconsider installing it:
�
PHP 5.4 is End of Life http://php.net/supported-versions.php.
�
It is scheduled to be removed on or after 2016-01-15.�
�
Figuring I should go to the latest version then, I installed php56 and then progressed to php56-extensions.� All good except that I found two of the extensions listed as required in the appendix for BSD are not present in the extensions setup to select.� Those two are:
�
php-spl
php-pcre
�
unfortunately the same issue is present in the base/default php-extensions as I went back there to see if they were present.
�
I also get a STOP when php-mbstring comes up, saying it has vulnerabilities in the latest php56.� I get a deprecated in the base/default php-extensions build.
�
While compiling the default/base php5-extensions I get a STOP on building php5-phar.� This is not in the list of required extensions but is listed as a dependency for php5-pdo (during its make).
�
�===>� php5-phar-5.4.45 has known vulnerabilities:
php5-phar-5.4.45 is vulnerable:
php -- multiple vulnerabilities
CVE: CVE-2015-7804
CVE: CVE-2015-7803
WWW: https://vuxml.FreeBSD.org/freebsd/c1da8b75-6aef-11e5-9909-002590263bf5.html�
�
So maybe three questions:
�
1.������ Should I use the deprecated (but seemingly default/base) php5 (5.4.x) or the newer php56?
2.������ Do the two missing extensions matter?� if so, where do I get them? (see 2.a below!)
3.������ For the default php5-phar, am I safe setting �DISABLE_VULNERABILITIES=yes' for make?� I could do the same for the newer version and ignore the mbstring vulnerability.
�
2.a. Interestingly enough when I run php �m, it shows both SPL and pcre as loaded � I think they are actually in core for quite a long while now?� perhaps they should be removed from the required list (unless it is assumed people are smarter than I and know they are part of core?)?
�
So this whole thing is probably OK except for the issues with mbstring and phar vulnerabilities?
�
�
�
�
�
_______________________________________________
users mailing list
users@exim4u.org
https://exim4u.org/mailman/listinfo/users
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
_______________________________________________ users mailing list users@exim4u.org https://exim4u.org/mailman/listinfo/users