Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > alt.os.linux.slackware > #35524 > unrolled thread

php-7.4.33-x86_64-3_slack15.0

Started byTom Crane <Use-Author-Supplied-Address-Header@[127.1]>
First post2025-12-29 20:27 +0000
Last post2026-01-04 12:16 +0000
Articles 7 — 3 participants

Back to article view | Back to alt.os.linux.slackware


Contents

  php-7.4.33-x86_64-3_slack15.0 Tom Crane <Use-Author-Supplied-Address-Header@[127.1]> - 2025-12-29 20:27 +0000
    Re: php-7.4.33-x86_64-3_slack15.0 noel <deletethis@invalid.lan> - 2025-12-30 10:46 +1000
      Re: php-7.4.33-x86_64-3_slack15.0 Henrik Carlqvist <Henrik.Carlqvist@deadspam.com> - 2025-12-30 06:31 +0000
        Re: php-7.4.33-x86_64-3_slack15.0 noel <deletethis@invalid.lan> - 2026-01-01 22:47 +1000
          Re: php-7.4.33-x86_64-3_slack15.0 Henrik Carlqvist <Henrik.Carlqvist@deadspam.com> - 2026-01-02 06:34 +0000
            Re: php-7.4.33-x86_64-3_slack15.0 noel <deletethis@invalid.lan> - 2026-01-02 17:31 +1000
              Re: php-7.4.33-x86_64-3_slack15.0 Henrik Carlqvist <Henrik.Carlqvist@deadspam.com> - 2026-01-04 12:16 +0000

#35524 — php-7.4.33-x86_64-3_slack15.0

FromTom Crane <Use-Author-Supplied-Address-Header@[127.1]>
Date2025-12-29 20:27 +0000
Subjectphp-7.4.33-x86_64-3_slack15.0
Message-ID<10iuo7r$v5t$1@mklab.ph.rhul.ac.uk>
This is the current version of php on Slackware 15.0 but according to https://www.php.net/eol.php , version 7.4 went EOL 3 years ago.

My Central IT dept. security team flagged this up.  Could anyone comment on its maintenance status?

I notice that php 8.0, 8.1 & 8.2 are in the extra repository/directory although 8.0 is already EOL (https://www.php.net/supported-versions.php).

Slackware-current has php-8.4.

Thanks
Tom Crane

[toc] | [next] | [standalone]


#35527

Fromnoel <deletethis@invalid.lan>
Date2025-12-30 10:46 +1000
Message-ID<695320f9$1@news.ausics.net>
In reply to#35524
On Mon, 29 Dec 2025 20:27:40 +0000, Tom Crane wrote:

> This is the current version of php on Slackware 15.0 but according to
> https://www.php.net/eol.php , version 7.4 went EOL 3 years ago.
> 
> My Central IT dept. security team flagged this up.  Could anyone comment
> on its maintenance status?
> 
> I notice that php 8.0, 8.1 & 8.2 are in the extra repository/directory
> although 8.0 is already EOL
> (https://www.php.net/supported-versions.php).
> 
> Slackware-current has php-8.4.
> 
> Thanks Tom Crane

8.2 should receive security updates for 12 more months if you install it, 
it runs fine but read the  changes 7-8 8.0-8.2, some things relating to 
security have changed and wont throw errors so you might think your safe 
but not, phpinfo output will also leed you to false sense of security 
because its output values make you think they're honored,  for example, 
setting php admin value in apache vhosts for say disable_functions no 
longer works, you can only set it globally in php.ini thats been the case 
since 8.0 due to ordering in the code, although it is being looked at for 
mod_php its very low priority and changes AFAIK have not made it into the 
recently released 8.5, its not the only thing that no longer works, but 
if you use open_basedir that does still work :)

as for eol 3 years ago, yes, it was eol when Pat released 15.0 whoch he 
promised we wouldnt wait another 5 years for a release, so I suppose he's 
getting closer, in Feb it'll be 4 years since release, but then 
technically he has 13 months for it to be "before 5 years"  /sigh/

[toc] | [prev] | [next] | [standalone]


#35529

FromHenrik Carlqvist <Henrik.Carlqvist@deadspam.com>
Date2025-12-30 06:31 +0000
Message-ID<10ivrj5$1jcdj$1@dont-email.me>
In reply to#35527
On Tue, 30 Dec 2025 10:46:49 +1000, noel wrote:
> as for eol 3 years ago, yes, it was eol when Pat released 15.0

Not exactly, version 7.4.33 of PHP was released slightly more than 3 
years ago, at the third of November 2022, the same day support for PHP 7 
was discontinued.

When Slackware 15.0 was released at second of February 2022, it included 
the then considered stable package n/php-7.4.27 package as well as 
sligthly less well tested extra/php80-8.0.15 and extra/php81-8.1.2 
packages.

Since then, all these 3 versions of php has received a number of security 
updates, but PHP 7.4 obviously no longer receives any updates. On the 
other hand, PHP 8.2 has also been added in /extra. As those version 8 of 
PHP are part of /extra those updates does not come in the /patches 
directory but in the /extra directory. That is so no one by mistake would 
install a version of PHP which breaks their existing applications.

Basically, stable versions of Slackware don't receive any feature 
updates, only security updates and most importantly, those updates are 
not supposed to break anything. This means that when upstream providers 
stop supporting a release series, stable versions of Slackware will stop 
providing updates for that application. Some applications will have newer 
versions in /extra, but those newer versions might break your stuff.

Would things be better if Slackware released stable versions every year? 
No, not really, the main problem with upgrading to newer versions from 
upstream providers which break your existing configuration would still be 
there. To avoid that problem, you need to avoid getting dependent on 
tools and languages breaking backwards compatibility.

regard Henrik

[toc] | [prev] | [next] | [standalone]


#35534

Fromnoel <deletethis@invalid.lan>
Date2026-01-01 22:47 +1000
Message-ID<69566ce7$1@news.ausics.net>
In reply to#35529
On Tue, 30 Dec 2025 06:31:01 +0000, Henrik Carlqvist wrote:

> On Tue, 30 Dec 2025 10:46:49 +1000, noel wrote:
>> as for eol 3 years ago, yes, it was eol when Pat released 15.0
> 
> Not exactly, version 7.4.33 of PHP was released slightly more than 3
> years ago, at the third of November 2022, the same day support for PHP 7
> was discontinued.
> 

I stand corrected.

> When Slackware 15.0 was released at second of February 2022, it included
 
> Since then, all these 3 versions of php has received a number of
> security updates, but PHP 7.4 obviously no longer receives any updates.

8.0 EOL'd December 2023
8.1 EOL'd December 2025
8.2 ended active support 31 Dec 2024, sec updates end & total EOL Dec 2026
8.3 active support ended Dec 2025, sec updates remain until Dec 2027
8.4 active support ends Dec 2026 , sec updates till Dec 2028
8.5 active support ends Dec 2027, sec  Dec 2029



> On the other hand, PHP 8.2 has also been added in /extra. As those
> version 8 of PHP are part of /extra those updates does not come in the
> /patches directory but in the /extra directory. That is so no one by
> mistake would install a version of PHP which breaks their existing
> applications.
> 
> Basically, stable versions of Slackware don't receive any feature
> updates, only security updates and most importantly, those updates are

Not always the case, as most obvious example is, and I've lost count at 
how many times, curl has had updates


> 
> Would things be better if Slackware released stable versions every year?
> No, not really, 

some people live in hte dark, some people rely of propriatry software 
that, rightly or wrongly. is built using "modern" libraries... have we 
not had this discussion before...

/
Wed Feb  2 22:22:22 UTC 2022
Slackware 15.0 x86_64 stable is released!
  
Another too-long development cycle is behind us after we bit off more than
we could chew and then had to shine it up to a high-gloss finish. 
Hopefully we've managed to get the tricky parts out of the way so that 
we'll be able to see a 15.1 incremental update after a far shorter 
development cycle. Certainly the development infrastructure has been 
streamlined here and things should be easier moving forward.

/

I guess thats long gone by the wayside :)

[toc] | [prev] | [next] | [standalone]


#35537

FromHenrik Carlqvist <Henrik.Carlqvist@deadspam.com>
Date2026-01-02 06:34 +0000
Message-ID<10j7otr$5qcp$1@dont-email.me>
In reply to#35534
On Thu, 01 Jan 2026 22:47:35 +1000, noel wrote:

> On Tue, 30 Dec 2025 06:31:01 +0000, Henrik Carlqvist wrote:
>> Basically, stable versions of Slackware don't receive any feature
>> updates, only security updates and most importantly, those updates are
> 
> Not always the case, as most obvious example is, and I've lost count at
> how many times, curl has had updates

Yes, curl in Slackware 15.0 has been updated from version 7.81.0 to 
8.16.0, but did any of those versions break any backwards compatibility?

Another odd example is samba which have rather short life cycles. In 
Slackware 15.0 samba 4.15.13 was put into /pasture when non backwards 
compatible 4.18.5 got into /patches.

These are a few examples of backwards compatibility breaking applications 
that we are aware of. However, there are also backwards compatibility 
breaking security updates that are not so obvious. For example, in 
Slackware 14.2 the last security update of firefox was version 68.12.0 in 
august 2020. Newer versions of firefox no longer compiled on Slackware 
14.2. A user Ruari Oedegaard did provide a third party script which 
downloaded a binary distribution of firefox and repackaged that into a 
Slackware package. We can easily see security updates that come as 
patches, but it is not so easy to be aware of security holes which do not 
receive andy security updates.

When a Slackware version reaches End Of Life there is a note about that 
in ChangeLog.txt and we get aware that it will not receive any more 
security updated. However, long before that, a number of applications 
usually already has stopped receiving security updates and we are not so 
aware of that.

regards Henrik

[toc] | [prev] | [next] | [standalone]


#35538

Fromnoel <deletethis@invalid.lan>
Date2026-01-02 17:31 +1000
Message-ID<6957746e$1@news.ausics.net>
In reply to#35537
On Fri, 02 Jan 2026 06:34:35 +0000, Henrik Carlqvist wrote:

> 
> Yes, curl in Slackware 15.0 has been updated from version 7.81.0 to
> 8.16.0, but did any of those versions break any backwards compatibility?

since not even the slackware team would be aware of the real answer here 
who knows, as curl is not an everyday tool for everyone
> 
> Another odd example is samba which have rather short life cycles. In
> Slackware 15.0 samba 4.15.13 was put into /pasture when non backwards
> compatible 4.18.5 got into /patches.
>

lets be clear, only fringe cases are not backward compatible, my smb.conf 
han';t changed in many years.
 
> These are a few examples of backwards compatibility breaking
> applications that we are aware of. However, there are also backwards
> compatibility breaking security updates that are not so obvious. For
> example, in Slackware 14.2 the last security update of firefox was
> version 68.12.0 in august 2020.

14.2 was made EOL by the Pat and his slackware team in January 2024, 

a lot of the "breakages" I read on LQ are PEBKAC, or fringe use cases so 
never given high priority. 

[toc] | [prev] | [next] | [standalone]


#35543

FromHenrik Carlqvist <Henrik.Carlqvist@deadspam.com>
Date2026-01-04 12:16 +0000
Message-ID<10jdln1$1vic1$1@dont-email.me>
In reply to#35538
On Fri, 02 Jan 2026 17:31:58 +1000, noel wrote:

> On Fri, 02 Jan 2026 06:34:35 +0000, Henrik Carlqvist wrote:
>> For example, in Slackware 14.2 the last security update of firefox was
>> version 68.12.0 in august 2020.
> 
> 14.2 was made EOL by the Pat and his slackware team in January 2024,

Yes, that was more than 3 years of a provided EOL web browser in 
Slackware 14.2 without any particular note about that.

That can be compared with the number of security fixes for mozilla-
firefox in Slackware 15.0 which all did fix a number of CVEs, such 
patches were provided during 2025:

Tue Dec  9 22:13:59 UTC 2025
Tue Nov 11 23:09:47 UTC 2025
Tue Oct 14 23:11:49 UTC 2025
Tue Sep 23 20:31:08 UTC 2025 (bugfixes only)
Wed Sep 17 22:13:56 UTC 2025
Tue Aug 19 20:38:59 UTC 2025
Tue Jul 22 21:24:21 UTC 2025
Tue Jun 24 19:42:23 UTC 2025
Tue May 27 18:18:14 UTC 2025
Mon May 19 04:19:58 UTC 2025
Tue Apr 29 21:28:00 UTC 2025
Wed Apr  2 02:25:57 UTC 2025
Tue Mar  4 19:37:20 UTC 2025
Tue Feb  4 19:19:28 UTC 2025
Wed Jan  8 23:26:27 UTC 2025

regards Henrik

[toc] | [prev] | [standalone]


Back to top | Article view | alt.os.linux.slackware


csiph-web