We have released PHP 4.4.4 packages for RHEL 3, RHEL 4 (and corresponding CentOS releases) and Fedora Core 1
The PHP development team would like to announce the immediate availability of 4.4.4. These two releases address a series of security problems that were discovered since the release of PHP 5.1.4 and 4.4.3. The new releases include the following changes:
* Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions.
* Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems.
* Fixed possible open_basedir/safe_mode bypass in cURL extension and on PHP 5.1.5 with realpath cache.
* Fixed overflow in GD extension on invalid GIF images.
* Fixed a buffer overflow inside sscanf() function.
* Fixed an out of bounds read inside stripos() function.
* Fixed memory_limit restriction on 64 bit system.
RHEL/ CentOS 3
http://mirror.cheetaweb.com/redhat/3ES/i38...86/RPMS.cheeta/
RHEL / CentOS 4
http://mirror.cheetaweb.com/redhat/4ES/i38...86/RPMS.cheeta/
Fedora Core 1
http://mirror.cheetaweb.com/fedora/1/i386/RPMS.cheeta/
Note: These packages support additional extensions. You will need the following (from dag.wieers.com/packages) to use these:
mcrypt - libmcrypt
mhash - libmhash
xslt - sablotron and js
Please feel free to contact me if you need any help with these.
Full Version: Easy PHP 4.4.4 for Ensim 3.7 - X
Safety!
So far it works perfect - thnx a lot.
Env: Centos OS 4.3 - Ensim 4.1.0.8
So far it works perfect - thnx a lot.
Env: Centos OS 4.3 - Ensim 4.1.0.8
hey, thanks a ton gpan! 
having a small problem w/ squirrelmail after the upgrade...
i was on 4.4.0, now 4.4.4
when a user attempts to upload an attachment, the message displayed is:
ERROR: Could not move/copy file. File not attached
apache access and error logs appear of no help.
my hunch is that 4.4.4, being more secure, needs to have some additional parameters specified on open_basedir or other file upload settings. but thus far, i've been unsuccessful figuring it out.
any ideas?
http://www.squirrelmail.org/wiki/Directory...missionsProblem
having a small problem w/ squirrelmail after the upgrade...
i was on 4.4.0, now 4.4.4
when a user attempts to upload an attachment, the message displayed is:
ERROR: Could not move/copy file. File not attached
apache access and error logs appear of no help.
my hunch is that 4.4.4, being more secure, needs to have some additional parameters specified on open_basedir or other file upload settings. but thus far, i've been unsuccessful figuring it out.
any ideas?
http://www.squirrelmail.org/wiki/Directory...missionsProblem
anyone else experiencing this issue?
How old is the sqmail version you are running?
I'm getting WARNINGS now in the error_log for the new php:
[error] [client xx.xx.xx.xx] PHP Warning: Unknown(): Unable to load dynamic library '/usr/lib/php4/mhash.so' - libmhash.so.2: cannot open shared object file: No such file or directory in Unknown on line 0
[Wed Sep 06 11:19:15 2006] [error] [client xx.xx.xx.xx] PHP Warning: Unknown(): Unable to load dynamic library '/usr/lib/php4/snmp.so' - libnetsnmp.so.5: cannot open shared object file: No such file or directory in Unknown on line 0
libmcrypt and libmhash are installed and current. as a matter of fact they were installed and working with php 4.4.0.
What gives?
[error] [client xx.xx.xx.xx] PHP Warning: Unknown(): Unable to load dynamic library '/usr/lib/php4/mhash.so' - libmhash.so.2: cannot open shared object file: No such file or directory in Unknown on line 0
[Wed Sep 06 11:19:15 2006] [error] [client xx.xx.xx.xx] PHP Warning: Unknown(): Unable to load dynamic library '/usr/lib/php4/snmp.so' - libnetsnmp.so.5: cannot open shared object file: No such file or directory in Unknown on line 0
libmcrypt and libmhash are installed and current. as a matter of fact they were installed and working with php 4.4.0.
What gives?
hi there gpan!
i was running 1.4.6 -- which experienced the issue.
so then i installed the new 1.4.8 rpm's you released (thanks for those too!!! ) and that's exhibiting the exact same thing.
i was running 1.4.6 -- which experienced the issue.
so then i installed the new 1.4.8 rpm's you released (thanks for those too!!!
) and that's exhibiting the exact same thing.
Are you using the current DAG ones?
QUOTE (polystigma)
libmcrypt and libmhash are installed and current. as a matter of fact they were installed and working with php 4.4.0.
What gives?
What gives?
QUOTE (gpan)
Are you using the current DAG ones?
Yes
[root@server php444]# rpm -qa |grep libmhash*
libmhash-devel-0.9.1-1.rhel3.dag
libmhash-0.9.1-1.rhel3.dag
Is this on a high sec site by any chance?
well i took the snmp rpm out, and forced libmhash back in and also forced a reinstall of the rest of the php rpms, ran through maint. twice and now its working fine.....
the lovely world of ensim
I couldn't get sablotron to take either, but I'm not to worried about it atm.
thanks geoff
the lovely world of ensim
I couldn't get sablotron to take either, but I'm not to worried about it atm.
thanks geoff
QUOTE (boing)
hey, thanks a ton gpan!
having a small problem w/ squirrelmail after the upgrade...
i was on 4.4.0, now 4.4.4
when a user attempts to upload an attachment, the message displayed is:
ERROR: Could not move/copy file. File not attached
apache access and error logs appear of no help.
my hunch is that 4.4.4, being more secure, needs to have some additional parameters specified on open_basedir or other file upload settings. but thus far, i've been unsuccessful figuring it out.
any ideas?
http://www.squirrelmail.org/wiki/Directory...missionsProblem
having a small problem w/ squirrelmail after the upgrade...
i was on 4.4.0, now 4.4.4
when a user attempts to upload an attachment, the message displayed is:
ERROR: Could not move/copy file. File not attached
apache access and error logs appear of no help.
my hunch is that 4.4.4, being more secure, needs to have some additional parameters specified on open_basedir or other file upload settings. but thus far, i've been unsuccessful figuring it out.
any ideas?
http://www.squirrelmail.org/wiki/Directory...missionsProblem
hrm.. i'm repeating this on two servers now!
ensim 4.0.3 RHEL 3 and ensim X patched all the way to rpm .21...
any ideas? thx!!
ok, uninstalled php 4.4.4, installed php 5.1.6.
ensim X
squirrelmail 1.4.8
-- same issue.
is anyone able to upload attachments in a squirrelmail email after patching to php 4.4.4 or 5.1.6?
ensim X
squirrelmail 1.4.8
-- same issue.
is anyone able to upload attachments in a squirrelmail email after patching to php 4.4.4 or 5.1.6?
Help!
Box: Ensim Pro 4.0.3-22.rhel.3ES
i upgraded to php 4.4.4 from 4.3.2 (no other ensim upgrades) and now php doesn't work!
when i did php -v on the console:
[root@server etc]# php -v
PHP 4.4.4 (cgi) (built: Aug 18 2006 03:45:59)
Copyright © 1997-2006 The PHP Group
Zend Engine v1.3.0, Copyright © 1998-2004 Zend Technologies
so that looks fine, but, when I try to run php from one of my high security sites:
[Fri Sep 29 10:04:16 2006] [error] [client x.x.x.x] php-script: line 4: /usr/bin/php: No such file or directory
[Fri Sep 29 10:04:16 2006] [error] [client x.x.x.x] Premature end of script headers: php-script
when i look in the secure site /usr/bin there is no php file there
i have run the following:
/usr/local/sbin/set_pre_maintenance
/usr/local/sbin/set_maintenance
/usr/local/sbin/set_post_maintenance
service webppliance restart
this ran without any problems. please help! no php on my server anymore!!
Box: Ensim Pro 4.0.3-22.rhel.3ES
i upgraded to php 4.4.4 from 4.3.2 (no other ensim upgrades) and now php doesn't work!
when i did php -v on the console:
[root@server etc]# php -v
PHP 4.4.4 (cgi) (built: Aug 18 2006 03:45:59)
Copyright © 1997-2006 The PHP Group
Zend Engine v1.3.0, Copyright © 1998-2004 Zend Technologies
so that looks fine, but, when I try to run php from one of my high security sites:
[Fri Sep 29 10:04:16 2006] [error] [client x.x.x.x] php-script: line 4: /usr/bin/php: No such file or directory
[Fri Sep 29 10:04:16 2006] [error] [client x.x.x.x] Premature end of script headers: php-script
when i look in the secure site /usr/bin there is no php file there
i have run the following:
/usr/local/sbin/set_pre_maintenance
/usr/local/sbin/set_maintenance
/usr/local/sbin/set_post_maintenance
service webppliance restart
this ran without any problems. please help! no php on my server anymore!!
Hi,
I installed phpgedview and was attempting to use its remote link feature. Each time I try it spits out this error:
After researching I found some people that downgraded to php 3.9.10 and it solved the problem. No way I want to do that, so I was wondering if perhaps gpan had any ideas?
I installed phpgedview and was attempting to use its remote link feature. Each time I try it spits out this error:
CODE
Warning: mb_ereg_replace() [function.mb-ereg-replace]: mbregex compile err: invalid regular expression; there's no previous pattern, to which '{' would define cardinality at 1
After researching I found some people that downgraded to php 3.9.10 and it solved the problem. No way I want to do that, so I was wondering if perhaps gpan had any ideas?
I have ENSIM pro with PHP 4.3.9 (cgi) (built: Jun 26 2006 09:46:03)
and RHEL4
I run rpm -Uvh *.rpm ,but
php = 4.4.0-1.0.rhel4.ct is needed by php-gd-4.4.0-1.0.rhel4.ct.i386
MySQL-shared is needed by postfix-2.2.3-2.MySQL.rhel4.i386
If I run rpm -Uvh *4.4.4*.rpm , but I get :
error: Failed dependencies:
php = 4.3.9-3.15 is needed by (installed) php-gd-4.3.9-3.15.i386
How can I overcome this ?
Thank you in advance!
and RHEL4
I run rpm -Uvh *.rpm ,but
php = 4.4.0-1.0.rhel4.ct is needed by php-gd-4.4.0-1.0.rhel4.ct.i386
MySQL-shared is needed by postfix-2.2.3-2.MySQL.rhel4.i386
If I run rpm -Uvh *4.4.4*.rpm , but I get :
error: Failed dependencies:
php = 4.3.9-3.15 is needed by (installed) php-gd-4.3.9-3.15.i386
How can I overcome this ?
Thank you in advance!
ok, I removed GD and everything went through ok.
Tried to reinstall it, but could not find a 4.4.4 version
But the strange thing is that GD is still there
From phpinfo.php I get :
------------------------------------------------
GD Support enabled
GD Version bundled (2.0.28 compatible)
FreeType Support enabled
FreeType Linkage with freetype
GIF Read Support enabled
GIF Create Support enabled
JPG Support enabled
PNG Support enabled
WBMP Support enabled
XBM Support enabled
--------------------------------------------------
Tried to reinstall it, but could not find a 4.4.4 version
But the strange thing is that GD is still there
From phpinfo.php I get :
------------------------------------------------
GD Support enabled
GD Version bundled (2.0.28 compatible)
FreeType Support enabled
FreeType Linkage with freetype
GIF Read Support enabled
GIF Create Support enabled
JPG Support enabled
PNG Support enabled
WBMP Support enabled
XBM Support enabled
--------------------------------------------------
any 4.4.6 releases coming for 4EL / Ensim X (10.0).
Or are we ok with going with the official php releases now, since i've heard it no longer breaks ensim (still weary about upgrading to 5.2)
Or are we ok with going with the official php releases now, since i've heard it no longer breaks ensim (still weary about upgrading to 5.2)
You can compile PHP yourself. However please note that high security sites need fastcgi enabled. So we ended up compiling it once with apxs to get the Apache module updated (used for medium and low security sites) and afterwards once again with fastcgi to make sure that the high security sites work fine as well. That's pretty much what gpan did to create the RPMs as well I think.
Last but not least make sure that your new PHP binary and its updated modules get copied to all high security sites. Otherwise they will continue to run the old version.
I think that's about it. Working fine here (Ensim X/CentOS 4.4/PHP 5.2.1)
Last but not least make sure that your new PHP binary and its updated modules get copied to all high security sites. Otherwise they will continue to run the old version.
I think that's about it. Working fine here (Ensim X/CentOS 4.4/PHP 5.2.1)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.