Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > alt.os.linux.slackware > #35524 > unrolled thread
| Started by | Tom Crane <Use-Author-Supplied-Address-Header@[127.1]> |
|---|---|
| First post | 2025-12-29 20:27 +0000 |
| Last post | 2026-01-04 12:16 +0000 |
| Articles | 7 — 3 participants |
Back to article view | Back to alt.os.linux.slackware
php-7.4.33-x86_64-3_slack15.0 Tom Crane <Use-Author-Supplied-Address-Header@[127.1]> - 2025-12-29 20:27 +0000
Re: php-7.4.33-x86_64-3_slack15.0 noel <deletethis@invalid.lan> - 2025-12-30 10:46 +1000
Re: php-7.4.33-x86_64-3_slack15.0 Henrik Carlqvist <Henrik.Carlqvist@deadspam.com> - 2025-12-30 06:31 +0000
Re: php-7.4.33-x86_64-3_slack15.0 noel <deletethis@invalid.lan> - 2026-01-01 22:47 +1000
Re: php-7.4.33-x86_64-3_slack15.0 Henrik Carlqvist <Henrik.Carlqvist@deadspam.com> - 2026-01-02 06:34 +0000
Re: php-7.4.33-x86_64-3_slack15.0 noel <deletethis@invalid.lan> - 2026-01-02 17:31 +1000
Re: php-7.4.33-x86_64-3_slack15.0 Henrik Carlqvist <Henrik.Carlqvist@deadspam.com> - 2026-01-04 12:16 +0000
| From | Tom Crane <Use-Author-Supplied-Address-Header@[127.1]> |
|---|---|
| Date | 2025-12-29 20:27 +0000 |
| Subject | php-7.4.33-x86_64-3_slack15.0 |
| Message-ID | <10iuo7r$v5t$1@mklab.ph.rhul.ac.uk> |
This is the current version of php on Slackware 15.0 but according to https://www.php.net/eol.php , version 7.4 went EOL 3 years ago. My Central IT dept. security team flagged this up. Could anyone comment on its maintenance status? I notice that php 8.0, 8.1 & 8.2 are in the extra repository/directory although 8.0 is already EOL (https://www.php.net/supported-versions.php). Slackware-current has php-8.4. Thanks Tom Crane
[toc] | [next] | [standalone]
| From | noel <deletethis@invalid.lan> |
|---|---|
| Date | 2025-12-30 10:46 +1000 |
| Message-ID | <695320f9$1@news.ausics.net> |
| In reply to | #35524 |
On Mon, 29 Dec 2025 20:27:40 +0000, Tom Crane wrote: > This is the current version of php on Slackware 15.0 but according to > https://www.php.net/eol.php , version 7.4 went EOL 3 years ago. > > My Central IT dept. security team flagged this up. Could anyone comment > on its maintenance status? > > I notice that php 8.0, 8.1 & 8.2 are in the extra repository/directory > although 8.0 is already EOL > (https://www.php.net/supported-versions.php). > > Slackware-current has php-8.4. > > Thanks Tom Crane 8.2 should receive security updates for 12 more months if you install it, it runs fine but read the changes 7-8 8.0-8.2, some things relating to security have changed and wont throw errors so you might think your safe but not, phpinfo output will also leed you to false sense of security because its output values make you think they're honored, for example, setting php admin value in apache vhosts for say disable_functions no longer works, you can only set it globally in php.ini thats been the case since 8.0 due to ordering in the code, although it is being looked at for mod_php its very low priority and changes AFAIK have not made it into the recently released 8.5, its not the only thing that no longer works, but if you use open_basedir that does still work :) as for eol 3 years ago, yes, it was eol when Pat released 15.0 whoch he promised we wouldnt wait another 5 years for a release, so I suppose he's getting closer, in Feb it'll be 4 years since release, but then technically he has 13 months for it to be "before 5 years" /sigh/
[toc] | [prev] | [next] | [standalone]
| From | Henrik Carlqvist <Henrik.Carlqvist@deadspam.com> |
|---|---|
| Date | 2025-12-30 06:31 +0000 |
| Message-ID | <10ivrj5$1jcdj$1@dont-email.me> |
| In reply to | #35527 |
On Tue, 30 Dec 2025 10:46:49 +1000, noel wrote: > as for eol 3 years ago, yes, it was eol when Pat released 15.0 Not exactly, version 7.4.33 of PHP was released slightly more than 3 years ago, at the third of November 2022, the same day support for PHP 7 was discontinued. When Slackware 15.0 was released at second of February 2022, it included the then considered stable package n/php-7.4.27 package as well as sligthly less well tested extra/php80-8.0.15 and extra/php81-8.1.2 packages. Since then, all these 3 versions of php has received a number of security updates, but PHP 7.4 obviously no longer receives any updates. On the other hand, PHP 8.2 has also been added in /extra. As those version 8 of PHP are part of /extra those updates does not come in the /patches directory but in the /extra directory. That is so no one by mistake would install a version of PHP which breaks their existing applications. Basically, stable versions of Slackware don't receive any feature updates, only security updates and most importantly, those updates are not supposed to break anything. This means that when upstream providers stop supporting a release series, stable versions of Slackware will stop providing updates for that application. Some applications will have newer versions in /extra, but those newer versions might break your stuff. Would things be better if Slackware released stable versions every year? No, not really, the main problem with upgrading to newer versions from upstream providers which break your existing configuration would still be there. To avoid that problem, you need to avoid getting dependent on tools and languages breaking backwards compatibility. regard Henrik
[toc] | [prev] | [next] | [standalone]
| From | noel <deletethis@invalid.lan> |
|---|---|
| Date | 2026-01-01 22:47 +1000 |
| Message-ID | <69566ce7$1@news.ausics.net> |
| In reply to | #35529 |
On Tue, 30 Dec 2025 06:31:01 +0000, Henrik Carlqvist wrote: > On Tue, 30 Dec 2025 10:46:49 +1000, noel wrote: >> as for eol 3 years ago, yes, it was eol when Pat released 15.0 > > Not exactly, version 7.4.33 of PHP was released slightly more than 3 > years ago, at the third of November 2022, the same day support for PHP 7 > was discontinued. > I stand corrected. > When Slackware 15.0 was released at second of February 2022, it included > Since then, all these 3 versions of php has received a number of > security updates, but PHP 7.4 obviously no longer receives any updates. 8.0 EOL'd December 2023 8.1 EOL'd December 2025 8.2 ended active support 31 Dec 2024, sec updates end & total EOL Dec 2026 8.3 active support ended Dec 2025, sec updates remain until Dec 2027 8.4 active support ends Dec 2026 , sec updates till Dec 2028 8.5 active support ends Dec 2027, sec Dec 2029 > On the other hand, PHP 8.2 has also been added in /extra. As those > version 8 of PHP are part of /extra those updates does not come in the > /patches directory but in the /extra directory. That is so no one by > mistake would install a version of PHP which breaks their existing > applications. > > Basically, stable versions of Slackware don't receive any feature > updates, only security updates and most importantly, those updates are Not always the case, as most obvious example is, and I've lost count at how many times, curl has had updates > > Would things be better if Slackware released stable versions every year? > No, not really, some people live in hte dark, some people rely of propriatry software that, rightly or wrongly. is built using "modern" libraries... have we not had this discussion before... / Wed Feb 2 22:22:22 UTC 2022 Slackware 15.0 x86_64 stable is released! Another too-long development cycle is behind us after we bit off more than we could chew and then had to shine it up to a high-gloss finish. Hopefully we've managed to get the tricky parts out of the way so that we'll be able to see a 15.1 incremental update after a far shorter development cycle. Certainly the development infrastructure has been streamlined here and things should be easier moving forward. / I guess thats long gone by the wayside :)
[toc] | [prev] | [next] | [standalone]
| From | Henrik Carlqvist <Henrik.Carlqvist@deadspam.com> |
|---|---|
| Date | 2026-01-02 06:34 +0000 |
| Message-ID | <10j7otr$5qcp$1@dont-email.me> |
| In reply to | #35534 |
On Thu, 01 Jan 2026 22:47:35 +1000, noel wrote: > On Tue, 30 Dec 2025 06:31:01 +0000, Henrik Carlqvist wrote: >> Basically, stable versions of Slackware don't receive any feature >> updates, only security updates and most importantly, those updates are > > Not always the case, as most obvious example is, and I've lost count at > how many times, curl has had updates Yes, curl in Slackware 15.0 has been updated from version 7.81.0 to 8.16.0, but did any of those versions break any backwards compatibility? Another odd example is samba which have rather short life cycles. In Slackware 15.0 samba 4.15.13 was put into /pasture when non backwards compatible 4.18.5 got into /patches. These are a few examples of backwards compatibility breaking applications that we are aware of. However, there are also backwards compatibility breaking security updates that are not so obvious. For example, in Slackware 14.2 the last security update of firefox was version 68.12.0 in august 2020. Newer versions of firefox no longer compiled on Slackware 14.2. A user Ruari Oedegaard did provide a third party script which downloaded a binary distribution of firefox and repackaged that into a Slackware package. We can easily see security updates that come as patches, but it is not so easy to be aware of security holes which do not receive andy security updates. When a Slackware version reaches End Of Life there is a note about that in ChangeLog.txt and we get aware that it will not receive any more security updated. However, long before that, a number of applications usually already has stopped receiving security updates and we are not so aware of that. regards Henrik
[toc] | [prev] | [next] | [standalone]
| From | noel <deletethis@invalid.lan> |
|---|---|
| Date | 2026-01-02 17:31 +1000 |
| Message-ID | <6957746e$1@news.ausics.net> |
| In reply to | #35537 |
On Fri, 02 Jan 2026 06:34:35 +0000, Henrik Carlqvist wrote: > > Yes, curl in Slackware 15.0 has been updated from version 7.81.0 to > 8.16.0, but did any of those versions break any backwards compatibility? since not even the slackware team would be aware of the real answer here who knows, as curl is not an everyday tool for everyone > > Another odd example is samba which have rather short life cycles. In > Slackware 15.0 samba 4.15.13 was put into /pasture when non backwards > compatible 4.18.5 got into /patches. > lets be clear, only fringe cases are not backward compatible, my smb.conf han';t changed in many years. > These are a few examples of backwards compatibility breaking > applications that we are aware of. However, there are also backwards > compatibility breaking security updates that are not so obvious. For > example, in Slackware 14.2 the last security update of firefox was > version 68.12.0 in august 2020. 14.2 was made EOL by the Pat and his slackware team in January 2024, a lot of the "breakages" I read on LQ are PEBKAC, or fringe use cases so never given high priority.
[toc] | [prev] | [next] | [standalone]
| From | Henrik Carlqvist <Henrik.Carlqvist@deadspam.com> |
|---|---|
| Date | 2026-01-04 12:16 +0000 |
| Message-ID | <10jdln1$1vic1$1@dont-email.me> |
| In reply to | #35538 |
On Fri, 02 Jan 2026 17:31:58 +1000, noel wrote: > On Fri, 02 Jan 2026 06:34:35 +0000, Henrik Carlqvist wrote: >> For example, in Slackware 14.2 the last security update of firefox was >> version 68.12.0 in august 2020. > > 14.2 was made EOL by the Pat and his slackware team in January 2024, Yes, that was more than 3 years of a provided EOL web browser in Slackware 14.2 without any particular note about that. That can be compared with the number of security fixes for mozilla- firefox in Slackware 15.0 which all did fix a number of CVEs, such patches were provided during 2025: Tue Dec 9 22:13:59 UTC 2025 Tue Nov 11 23:09:47 UTC 2025 Tue Oct 14 23:11:49 UTC 2025 Tue Sep 23 20:31:08 UTC 2025 (bugfixes only) Wed Sep 17 22:13:56 UTC 2025 Tue Aug 19 20:38:59 UTC 2025 Tue Jul 22 21:24:21 UTC 2025 Tue Jun 24 19:42:23 UTC 2025 Tue May 27 18:18:14 UTC 2025 Mon May 19 04:19:58 UTC 2025 Tue Apr 29 21:28:00 UTC 2025 Wed Apr 2 02:25:57 UTC 2025 Tue Mar 4 19:37:20 UTC 2025 Tue Feb 4 19:19:28 UTC 2025 Wed Jan 8 23:26:27 UTC 2025 regards Henrik
[toc] | [prev] | [standalone]
Back to top | Article view | alt.os.linux.slackware
csiph-web