Safely update php 5.3.3 to >=5.3.4 on centos 6
Solution 1:
For people running PHP-based web sites, it's almost always required to track bug fix changes as well as the security fixes that Red Hat might provide. As you know they rarely provide bug fix updates, due to "enterprise" version locking, even for something like PHP where you really need them.
On my production web servers I have used the remi repository for many years. It provides current versions of PHP, MySQL, Symfony, and many related packages that need such updates on a regular basis. As of this writing, it provides PHP 5.4.33 and MySQL 5.5.40. (PHP 5.5 is available in remi-php55.)
The main difference you will notice is that your PHP bugs start going away... :)
Solution 2:
As madhatter reminded me, a yum update will bring you up to the latest redhat php release, at the time of writing this appears to be: 5.3.3-14.el6_3
In any event your plan of action should be something along the lines of:
- Schedule a maintenance window
- Create a test plan
- Shutdown apache
- update php
yum update php
- start apache
- Execute test plan
If your test plan fails you can downgrade php, yum downgrade php
that said I would test this all using a "throw away" vm, that way you can run through all of this without any risk to the production system.
Is there a particular need for 5.3.4 or is this just a security concern?
Note: redhat backport security and bug fixes into their releases.
5.3.3-14 for instance indicates php 5.3.3 with 14 redhat itterations:
i.e.
- Mon Jun 25 2012 Joe Orton - 5.3.3-14
add security fix for CVE-2010-2950
Wed Jun 13 2012 Joe Orton - 5.3.3-13
fix tests for CVE-2012-2143, CVE-2012-0789
Tue Jun 12 2012 Joe Orton - 5.3.3-12
- add fix for CVE-2012-2336
Solution 3:
CentOS 6 does not have PHP 5.3.4 in the standard repositories, which you can see here. yum update php
will not upgrade you to 5.3.4.
Think long and hard about why you want to upgrade. CentOS and it's upstream vendor have not included 5.3.4 yet because it has not been tested.
If you really want to continue, you can check out the list of Third Party Repositories. I don't actually see any that have PHP 5.3.4 but I didn't look too hard.
Once you find a repo with the packages you want, gather your current list of PHP packages with rpm -qa | grep php
. Run yum update php
and it should show you what it wants to update. It should match everything in your currently installed list but have newer versions. If yum doesn't match your currently installed list, don't update.