suPHP End of Life Notice

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,354
suPHP End of Life Notice https://lists.marsching.com/pipermail/suphp/2013-May/002554.html

Code:
[suPHP] suPHP End of Life Notice
Sebastian Marsching sebastian at marsching.com 
Wed May 22 14:29:10 CEST 2013

Dear suPHP community,

suPHP has been around for more than ten years now.

As some of you have noticed, the development activity has declined with 
time, in particular over the last four years.

I started the suPHP project when I was sharing a server with some 
friends and thus we wanted each user to have her individual space. As 
over time servers became cheaper and cheaper, each person started to use 
a server of her own. For about the last six years, I have only been 
using suPHP because my server had been setup this way and there was no 
immediate reason to change.

Thus, I have not been personally interested in further developing suPHP 
for quite some time. In addition to that I hardly found time to take 
care of suPHP in the last few years. I am still very interested and 
active in the idea of open-source software, however as my interests 
shifted, the projects I have been working on lately shifted as well.

If you want to get an idea about which kind of projects I am talking 
about, you might want to have a look at my personal projects at 
http://projects.marsching.org/ and my company's open-source projects at 
http://oss.aquenos.com/.

In conclusion this has left suPHP in a state where it would be 
irresponsible to suggest to users that it is being actively maintained. 
For example the latest security update has been lying around for years 
before actually being released.

Therefore, I officially announce that suPHP has reached its end of life 
and will not be maintained by me in the future.

So does this mean that suPHP is dead? This entirely depends on you, the 
community.

At some points in time during the last years, I have seen quite some 
activity on the mailing-list, including people discussing bugs and new 
features and writing patches for them.

As suPHP is open-source software, everyone is free to keep building on 
top of it. Actually I hope that someone might be interested in 
maintaining suPHP in the future.

While I will not take an active role in this process, be assured that I 
will support it (e.g. by keeping this mailing-list available as long as 
needed or making the existing code-base available under a different OSS 
license, if this helps).

I want to thank all people who helped me with the suPHP project, be it 
by reporting bugs, sharing their ideas, writing patches or answering 
questions on the mailing-list. Thanks to all of you!

- Sebastian
 
Lol nice. Glad I switch to fastcgi now. Hopefully someone else will take over it so people arent left in the dust.
 
I am using SuPHP as PHP2 (the first one is mod_php) on FreeBSD.

Is the switching to FCGI just a change in the options.conf and then ./build update_versions ?
 
I am using SuPHP as PHP2 (the first one is mod_php) on FreeBSD.

Is the switching to FCGI just a change in the options.conf and then ./build update_versions ?

If you are using CB 2.0, then you should execute the following commands to switch to fastcgi mode:
Code:
cd /usr/local/directadmin/custombuild
./build update
./build set php2_mode fastcgi
./build php n
 
No you just change to custombuild 2.0.

Code:
./build set custombuild 2.0
./build update
 
Or just use mod_ruid2, standard availabel in Custombuild 2.0 and uses less memory then fastcgi if I'm correct.
 
Did you noticed that there is a new version - 0.7.2? It's from May 20th.

suPHP 0.7.2 has been released.
This release fixes a security issue that was introduced with the 0.7.0 release. This issue affected the source-highlighting feature and could only be exploited, if the suPHP_PHPPath option was set. In this case local users which could create or edit .htaccess files could possibly execute arbitrary code with the privileges of the user the webserver was running as.
 
Did you noticed that there is a new version - 0.7.2? It's from May 20th.

Yes, but the download of the new version is missing a lot of files, and can't be used. But now that suphp is end of life, why not just convert to something better right away? Also the security bug seem to have existed for several years, so in my eyes it does not matter anymore. Convert to something else, don't use suphp.

Here is a quote about the new suphp version from DirectAdmin support, sent on email 05-21-2013:

John: «I've tested it, but the package is missing numerous files, so I've not set it in custombuid. (the new tar.gz is quite a bit smaller than the last one) Comparing to 0.7.1, many files are missing from the ./config diretory, as well as the main source tree. We'll have to wait for a new version (I would guess I won't take long for them to notice)»
 
Last edited:
Why cant it be used? I used it fine.

You just have to run autoreconf -vif before you do ./configure
 
Hello,

If anyone wants to try 0.7.2, I've managed to add a few workaround into the custombuild scripts:
http://forum.directadmin.com/showthread.php?t=47272

which doesn't work for all OSs (FreeBSD is out of luck).. and does take a few tries to meet it's needs, hence it's turned off by default:
Code:
new_suphp=no

In any case, mod_ruid2, fastcgi or php-fpm are going to be other alternatives to suPhp.
At the time of this posting, mod_ruid2 (with php CLI) is probably going to give you the least number of issues.
Fastcgi is fairly good, as long as you have the lastest pre-release templates...
And lastly, php-fpm has great potential, also needs the the latest templates/binaries, but has such a different design, we're not sure what has not yet shown itself (if anything).

John
 
Back
Top