Odhiambo is spot on here.� You don't need to compile most of the software that you are going to use with FreeBSD.� You can if� you want, but that will be alot more time consuming.� The "pkg" command is equivalent to "yum" in CentOS.� However, "yum" refreshes the repositories automatically whereas you need to run "pkg update"� to refresh repositories and then "pkg install" or "pkg update" to install or update packages.� AFAIK, there are only two packages that you will need to compile using the ports collection in order to get Exim4U working: exim and dovecot2.� You should compile these two packages in order to customize the configurations to work with mysql, sqlite, etc.� Otherwise, you should be able to install everything� with the "pkg" command.

Also, FreeBSD has another command that maintains the main operating system called "freebsd-update".� "freebsd-update" manages the kernel and the core operating system components. Use "freebsd-update fetch", freebsd-update install" to keep the core FreeBSD components up to date.

You also need to manage your ports collection to make sure that you have the most up to date source code.� To do that, use the "portsnap" command.� For example: "portsnap fetch" and "portsnap update"

These are your friends:

man freebsd-update
man portsnap
man pkg

FYI,

Gordon



On 04/06/2016 06:54 AM, Odhiambo Washington wrote:
In FreeBSD, please try to search for clues in �/usr/ports/UPDATING whenever you encounter a weird issue.

Also try and use pkg instead of ports whenever you can:

man pkg

I hope you are using FreeBSD 10.3 now that you are just starting and it was released this week:)



On 6 April 2016 at 08:55, Helmut Fritz <helmut@fritz.us.com> wrote:

OK � in general just ignore the below.

I redid all the php stuff (make deinstall, make clean, make install clean) in the default php5, all good,� same thing in php5-extensions, except this time I unchecked php-phar since it was not in the list of required modules.� Everything went well.

Sorry to potentially have wasted anybody�s time, I might get the hang of this UNIX stuff (again) yet.

The only mild concern is that the default version of php5 is deprecated, which will lead to an php-mbstrings STOP (unless is it overridden as I noted below) if php56 is attempted.

From: users [mailto:users-bounces@exim4u.org] On Behalf Of Helmut Fritz
Sent: Tuesday, April 05, 2016 9:21 PM
To: 'Exim4U General Discussion'
Subject: [SPAM] [Exim4U] issues with php-extesions install

OK, first issue, probably minor.

I get this installing the default php:

�This port is deprecated; you may wish to reconsider installing it:

PHP 5.4 is End of Life http://php.net/supported-versions.php.

It is scheduled to be removed on or after 2016-01-15.�

Figuring I should go to the latest version then, I installed php56 and then progressed to php56-extensions.� All good except that I found two of the extensions listed as required in the appendix for BSD are not present in the extensions setup to select.� Those two are:

php-spl

php-pcre

unfortunately the same issue is present in the base/default php-extensions as I went back there to see if they were present.

I also get a STOP when php-mbstring comes up, saying it has vulnerabilities in the latest php56.� I get a deprecated in the base/default php-extensions build.

While compiling the default/base php5-extensions I get a STOP on building php5-phar.� This is not in the list of required extensions but is listed as a dependency for php5-pdo (during its make).

�===>� php5-phar-5.4.45 has known vulnerabilities:

php5-phar-5.4.45 is vulnerable:

php -- multiple vulnerabilities

CVE: CVE-2015-7804

CVE: CVE-2015-7803

WWW: https://vuxml.FreeBSD.org/freebsd/c1da8b75-6aef-11e5-9909-002590263bf5.html

So maybe three questions:

1.������ Should I use the deprecated (but seemingly default/base) php5 (5.4.x) or the newer php56?

2.������ Do the two missing extensions matter?� if so, where do I get them? (see 2.a below!)

3.������ For the default php5-phar, am I safe setting �DISABLE_VULNERABILITIES=yes' for make?� I could do the same for the newer version and ignore the mbstring vulnerability.

2.a. Interestingly enough when I run php �m, it shows both SPL and pcre as loaded � I think they are actually in core for quite a long while now?� perhaps they should be removed from the required list (unless it is assumed people are smarter than I and know they are part of core?)?

So this whole thing is probably OK except for the issues with mbstring and phar vulnerabilities?


_______________________________________________
users mailing list
users@exim4u.org
https://exim4u.org/mailman/listinfo/users




--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."


_______________________________________________
users mailing list
users@exim4u.org
https://exim4u.org/mailman/listinfo/users