[csw-users] Build php5 from scratch...

Turnquist, Greg gturnqui at harris.com
Tue Apr 4 21:06:49 CEST 2006 

I can't promise what the hardening patch accomplishes. I am tasked to
figure this out myself. I don't know what level of regression testing
would be stipulated to release this to blastwave. I was thinking it
would be great if the hardening was a standard feature. If you were to
make a test build, I would be glad to try deploying it, and testing my
mediawiki web site, to see if that still works.

Another option is to build two php packages, one with and one without
the hardening. Does this build procedure go towards every php module at
blastwave? If that is so, then I guess building two-for-one would
greatly increase the build effort and testing requirements. Or does this
only have to be applied to a few core packages? I guess you would have
to inspect the patch file to determine which modules are impacted by
this.

-----Original Message-----
From: users-bounces+gturnqui=harris.com at lists.blastwave.org
[mailto:users-bounces+gturnqui=harris.com at lists.blastwave.org] On Behalf
Of Cory Omand
Sent: Tuesday, April 04, 2006 2:42 PM
To: questions and discussions
Subject: Re: [csw-users] Build php5 from scratch...

On 4/4/06, Turnquist, Greg <gturnqui at harris.com> wrote:
>
>
> I am looking into building php5 from scratch so that I can apply the
patches
> from http://www.hardened-php.net/hardening_patch.14.html. I
> would like to start from the baseline of building with the same config
> arguments as ap2_modphp5 was build with. Is the configuration
information
> for blastwave packages published anywhere, so that I can look this up.
If I
> can successfully build the package, then I can proceed to apply the
patches
> and rebuild it.

If this is something that would not affect regular PHP5 applications
adversely, then I can arrange to apply the hardening patch prior to
the next blastwave release of the php5 package set.  That would save
you having to compile and manage this change locally.  The php5 build
is non-trivial, given the number of extensions that are enabled.  For
your reference, however, you can examine the blastwave php5 build
config via the web.  The most interesting file for your purpose is
probably:

http://svn.blastwave.org/browser/csw/trunk/lang/php5/files/config.mk

Regards,
Cory.
_______________________________________________
users mailing list
users at lists.blastwave.org
https://lists.blastwave.org/mailman/listinfo/users

More information about the users mailing list