Summary: | php4.4.0-pcre-security.patch generates false "possitives" on rkhunter | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | J.O. Aho <bugs-gentoo> |
Component: | [OLD] Development | Assignee: | Aaron Walker (RETIRED) <ka0ttic> |
Status: | RESOLVED UPSTREAM | ||
Severity: | normal | CC: | forensics+obsolete, php-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
J.O. Aho
2005-10-02 02:40:29 UTC
(In reply to comment #0) > Please don't add EXTRA_VERSION on applicatios that will generate false > "possitves" on security checkup programs. Not really php's fault; -pl1 is higher version then 4.4.0. (In reply to comment #0) > - PHP 4.4.0-gentoo-r1 [Unknown] Hmm, you should re-emerge php, your version is not correct (Bug 106843) This bug was fixed about a week ago or more. The initial pcre-security.patch indeed had a little mistake, as it set the EXTRA_VERSION to -gentoo-r1, wich then broken the version_compare functions and we're sorry for this. It was then changed to -pl1-gentoo, wich is valid version naming for PHP and does not break PHP's version_compare functions. So, just recompile PHP and you'll get the fixed -pl1-gentoo, and if that still breaks RKHunter, it's a RKHunter problem and not a PHP one, since -pl1-gentoo is _valid_ naming. Best regards, CHTEKK. (In reply to comment #3) > This bug was fixed about a week ago or more. The initial pcre-security.patch > indeed had a little mistake, as it set the EXTRA_VERSION to -gentoo-r1, wich > then broken the version_compare functions and we're sorry for this. It was then > changed to -pl1-gentoo, wich is valid version naming for PHP and does not break > PHP's version_compare functions. So, just recompile PHP and you'll get the fixed > -pl1-gentoo, and if that still breaks RKHunter, it's a RKHunter problem and not > a PHP one, since -pl1-gentoo is _valid_ naming. > Best regards, CHTEKK. If recompiling does not solve the issue, please file a bug with rkhunter upstream @ http://www.rkhunter.org/. |