# pkg install php5 and libphp5.so



## ericmacmini (Nov 3, 2013)

Yesterday I tried the pkg repository following these instructions.

I upgraded php5 by issueing `pkg install php5`. However, the php5 binary package doesn't install libphp5.so which is necessary for apache2. 
So, to have libphp5.so available I went back to the ports with `make install clean`.

I am wondering where to find how the binary packages in the repository are default configured, i.e. which options are enabled/disabled ?

Regards


----------



## Beeblebrox (Nov 3, 2013)

The pkg system is planned to have more than one binary for each port and will check the port configuration settings against the available variants of the available package versions. To put it another way, lang/php5 will have something like php5-5.4.21a, php5-5.4.21b, php5-5.4.21c, etc in the repository, all built with different options.

This is probably not implemented to its fullest as yet, and will take some time before it is in place. The process also involves gradual trimming of some available options so that the package binaries enabled options checking does not go completely insane. Maybe not a direct answer, but an explanation as to why you had to build from ports.

P.S. I looked for the link on where I read this but could not locate it.


----------



## ericmacmini (Nov 3, 2013)

`pkg rquery %Ok=%Ov php5` is the command I was looking for. It shows the pre-compiled options.


----------



## Ripman (Dec 17, 2013)

Any news regarding php the PHP package? I mean, I don't want to mix ports with precompiled packages. Does someone has an ETA when php5 with 
	
	



```
APACHE=on
```
 will be available in _the_ repository?

Thanks*.*


----------



## kpa (Dec 18, 2013)

Most likely not before the so called "subpackages" feature is widely supported by the ports(7) system and the PKG tools. This requires that the staging support is in for all the involved ports and that could take some time.


----------



## peter77 (Feb 2, 2014)

I have set[]up an*d* configure*d* my laptop with the PKGNG. All installed packages are from pkg. I do not want to confuse my binary installed packages with source files from ports. So what are the options to have the binary package php5 support for FPM (nginx) or Apache? Is there a repository somewhere with php5 with support for FPM (and) or Apache? Thanks in advance.


----------



## SirDice (Feb 3, 2014)

For FPM support you can use the package, it just doesn't contain the Apache module. The port would need to be built for each web server we support (which would result in the same package name although it's been built for different Apache versions). That's one of the reasons why it's not in the package.


----------



## peter77 (Feb 5, 2014)

How can be enabled the FPM (fastCGI) support ? I installed php55 from pkg.


----------



## Carpetsmoker (Feb 5, 2014)

FPM support is disabled by default, so the package doesn't have it... Unless there's some pkgng-fu I'm unaware of ...

Just use the port. Make sure to select *FPM* when the config dialog opens.

Mixing packages & ports is not that much of an issue, most problems occur when you chiefly use ports, and then install a binary package (and those problems can also be avoided to a degree when you know what you're doing).


----------



## peter77 (Feb 5, 2014)

Seems that all packages which uses php55 must be removed and next install again from ports, for enable the fpm support. I haven' t other option.


----------



## Carpetsmoker (Feb 5, 2014)

You don't need to.


```
$ cd /usr/ports/lang/php55
$ make clean build deinstall install
```

this should™ work fine.


----------



## kamihouse (Apr 1, 2014)

Hello everybody. 

I need some help: my ports are updated, I already have Apache24 installed (Fig1), but when trying to install php55-5.5.10 I don't have the Apache Build Option (Fig2). Is anyone else experiencing this?

- Fig1


- Fig2


----------



## wblock@ (Apr 1, 2014)

Always check /usr/ports/UPDATING before installing or upgrading ports.  In this case, see entry 20140327:


```
20140327:
  AFFECTS: users of lang/php5 and lang/php55 with Apache module
  AUTHOR: ale@FreeBSD.org

  The Apache PHP module has been separated from the main PHP port.
  If it is needed, install either www/mod_php5 or www/mod_php55.
```


----------



## kamihouse (Apr 1, 2014)

Thanks @wblock@, it works.


----------



## bzz (Apr 2, 2014)

Quick question... 
Do I have broken ports? Or it's broken in ports? 
(I've updated ports collection several times)


```
/usr/ports/www/mod_php5 #make install clean
/!\ WARNING /!\
!!! If you have a threaded Apache, you must build lang/php5 with ZTS support to enable thread-safety in extensions !!!

===>  mod_php5-5.4.26 has known vulnerabilities:
mod_php5-5.4.26 is vulnerable:
php -- strip_tags cross-site scripting vulnerability
CVE: CVE-2004-0595
WWW: http://portaudit.FreeBSD.org/edf61c61-0f07-11d9-8393-000103ccf9d6.html

mod_php5-5.4.26 is vulnerable:
php -- multiple vulnerabilities
CVE: CVE-2004-1065
CVE: CVE-2004-1019
WWW: http://portaudit.FreeBSD.org/d47e9d19-5016-11d9-9b5f-0050569f0001.html

mod_php5-5.4.26 is vulnerable:
php -- memory_limit related vulnerability
CVE: CVE-2004-0594
WWW: http://portaudit.FreeBSD.org/dd7aa4f1-102f-11d9-8a8a-000c41e2cdad.html

mod_php5-5.4.26 is vulnerable:
php -- php_variables memory disclosure
WWW: http://portaudit.FreeBSD.org/ad74a1bd-16d2-11d9-bc4a-000c41e2cdad.html

mod_php5-5.4.26 is vulnerable:
php -- vulnerability in RFC 1867 file upload processing
WWW: http://portaudit.FreeBSD.org/562a3fdf-16d6-11d9-bc4a-000c41e2cdad.html
=> Please update your ports tree and try again.
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/www/mod_php5
*** Error code 1

Stop.
make: stopped in /usr/ports/www/mod_php5
```


----------



## kamihouse (Apr 2, 2014)

@bzz you can use this command: `make reinstall clean`
*Ps:* Remember to update Ports Tree with command: `portsnap fetch update`


----------



## bzz (Apr 2, 2014)

kamihouse said:
			
		

> @bzz you can use this command: `make reinstall clean`
> *Ps:* Remember to update Ports Tree with command: `portsnap fetch update`



Thanks, but this actually doesnt work.. I've updated ports collection several times already. 


```
portsnap fetch update
Looking up portsnap.FreeBSD.org mirrors... 7 mirrors found.
Fetching snapshot tag from ec2-eu-west-1.portsnap.freebsd.org... done.
Fetching snapshot metadata... done.
Updating from Tue Apr  1 20:03:57 CEST 2014 to Wed Apr  2 16:46:42 CEST 2014.
Fetching 4 metadata patches... done.
Applying metadata patches... done.
Fetching 0 metadata files... done.
Fetching 58 patches. 
(58/58) 100.00%  done.                                 
done.
Applying patches... 
done.
Fetching 4 new ports or files... done.
Removing old files and directories... done.
Extracting new files:
/usr/ports/LEGAL
/usr/ports/MOVED
/usr/ports/UPDATING
/usr/ports/audio/ncmpcpp/
/usr/ports/comms/xlog/
/usr/ports/databases/Makefile
/usr/ports/databases/galera/
/usr/ports/deskutils/calibre/
/usr/ports/devel/Makefile
/usr/ports/devel/aifad/
/usr/ports/devel/codeblocks/
/usr/ports/devel/cvschangelogbuilder/
/usr/ports/devel/pccts/
/usr/ports/devel/py-msgpack/
/usr/ports/devel/py-sysctl/
/usr/ports/games/bs/
/usr/ports/games/openttd/
/usr/ports/games/searchandrescue/
/usr/ports/games/xkoules/
/usr/ports/games/ztrack/
/usr/ports/irc/epic4/
/usr/ports/japanese/Makefile
/usr/ports/lang/Makefile
/usr/ports/lang/pypy-devel/
/usr/ports/lang/pypy/
/usr/ports/lang/pypy3-devel/
/usr/ports/mail/Makefile
/usr/ports/mail/vexim/
/usr/ports/mail/vpopmail/
/usr/ports/math/glm/
/usr/ports/multimedia/Makefile
/usr/ports/multimedia/smplayer/
/usr/ports/net-p2p/cpuminer/
/usr/ports/net-p2p/qbittorrent/
/usr/ports/net/cnd/
/usr/ports/net/p5-POE-Component-Spread/
/usr/ports/net/p5-Spread-Message/
/usr/ports/net/p5-Spread-Session/
/usr/ports/news/Makefile
/usr/ports/ports-mgmt/pkg/
/usr/ports/print/Makefile
/usr/ports/print/foo2zjs/
/usr/ports/security/Makefile
/usr/ports/security/amavis-stats/
/usr/ports/security/gnutls3/
/usr/ports/security/openconnect/
/usr/ports/sysutils/Makefile
/usr/ports/sysutils/cfengine/
/usr/ports/sysutils/cfengine36/
/usr/ports/sysutils/di/
/usr/ports/sysutils/nbosd/
/usr/ports/sysutils/ua/
/usr/ports/sysutils/zfstools/
/usr/ports/textproc/libyaml/
/usr/ports/www/c-icap/
/usr/ports/www/mediawiki119/
/usr/ports/www/py-cssselect/
/usr/ports/www/tomcat-native/
/usr/ports/www/xshttpd-devel/
/usr/ports/x11-toolkits/p5-Prima/
/usr/ports/x11-wm/awesome/
/usr/ports/x11-wm/evilwm/
Building new INDEX files... done.

/usr/ports/www/mod_php5 #make reinstall clean
/!\ WARNING /!\
!!! If you have a threaded Apache, you must build lang/php5 with ZTS support to enable thread-safety in extensions !!!

===>  mod_php5-5.4.26 has known vulnerabilities:
mod_php5-5.4.26 is vulnerable:
php -- strip_tags cross-site scripting vulnerability
CVE: CVE-2004-0595
WWW: http://portaudit.FreeBSD.org/edf61c61-0f07-11d9-8393-000103ccf9d6.html

mod_php5-5.4.26 is vulnerable:
php -- multiple vulnerabilities
CVE: CVE-2004-1065
CVE: CVE-2004-1019
WWW: http://portaudit.FreeBSD.org/d47e9d19-5016-11d9-9b5f-0050569f0001.html

mod_php5-5.4.26 is vulnerable:
php -- memory_limit related vulnerability
CVE: CVE-2004-0594
WWW: http://portaudit.FreeBSD.org/dd7aa4f1-102f-11d9-8a8a-000c41e2cdad.html

mod_php5-5.4.26 is vulnerable:
php -- php_variables memory disclosure
WWW: http://portaudit.FreeBSD.org/ad74a1bd-16d2-11d9-bc4a-000c41e2cdad.html

mod_php5-5.4.26 is vulnerable:
php -- vulnerability in RFC 1867 file upload processing
WWW: http://portaudit.FreeBSD.org/562a3fdf-16d6-11d9-bc4a-000c41e2cdad.html
=> Please update your ports tree and try again.
*** Error code 1

Stop.
make[2]: stopped in /usr/ports/www/mod_php5
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/www/mod_php5
*** Error code 1

Stop.
make: stopped in /usr/ports/www/mod_php5
/usr/ports/www/mod_php5 #
```


----------



## 0perator00 (Apr 3, 2014)

```
root@XXX:/usr/ports/www/mod_php5 # make -DDISABLE_VULNERABILITIES
```

 I was having the same problem, it's the vulnerabilities that's failing, run the make as per the above. Also, I thought everyone switched to svn instead of portsnap?


----------



## wblock@ (Apr 3, 2014)

When mentioning DISABLE_VULNERABILITIES, always point out that this is an explicit override that allows installation of software with known vulnerabilities.  Nobody should use it without good reason.  The last one is a vulnerability that was released just a few days ago.

svn(1) and portsnap(8) are alternate methods for updating the ports tree.  Both work, but differently.


----------



## bzz (Apr 3, 2014)

0perator00 said:
			
		

> Also, I thought everyone switched to `svn` instead of `portsnap`?



Normally I use `svn`:
`/usr/local/bin/svn update /usr/ports`
but was not sure, so I've used portsnap as well as test....


----------



## kpa (Apr 3, 2014)

Portsnap is still fully supported and there are no plans whatsoever to deprecate it. Use it if you are not interested in making your own modifications to the ports tree but just want to stay up to date with the least amount of effort.


----------



## 0perator00 (Apr 4, 2014)

Thank you for the answers on portsnap, I apologize for diverting the conversation.

 Concerning the vulnerabilities, it just seems kind of silly this is failing now, I mean, has PHP ever been considered "secure" ?

 Looks like there's now been an update and the security warning is gone;
http://www.freshports.org/www/mod_php5/


----------



## wblock@ (Apr 4, 2014)

0perator00 said:
			
		

> Concerning the vulnerabilities, it just seems kind of silly this is failing now, I mean, has PHP ever been considered "secure"?



No, but consider the difference between "probably" and "definitely".


----------

