From Newsgroup: alt.os.linux.slackware

This is the current version of php on Slackware 15.0 but according to https://www.php.net/eol.php , version 7.4 went EOL 3 years ago.

My Central IT dept. security team flagged this up. Could anyone comment on its maintenance status?

I notice that php 8.0, 8.1 & 8.2 are in the extra repository/directory although 8.0 is already EOL (https://www.php.net/supported-versions.php).

Slackware-current has php-8.4.

Thanks
Tom Crane

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.os.linux.slackware

On Mon, 29 Dec 2025 20:27:40 +0000, Tom Crane wrote:

This is the current version of php on Slackware 15.0 but according to https://www.php.net/eol.php , version 7.4 went EOL 3 years ago.

My Central IT dept. security team flagged this up. Could anyone comment
on its maintenance status?

I notice that php 8.0, 8.1 & 8.2 are in the extra repository/directory although 8.0 is already EOL
(https://www.php.net/supported-versions.php).

Slackware-current has php-8.4.

Thanks Tom Crane

8.2 should receive security updates for 12 more months if you install it,
it runs fine but read the changes 7-8 8.0-8.2, some things relating to security have changed and wont throw errors so you might think your safe
but not, phpinfo output will also leed you to false sense of security
because its output values make you think they're honored, for example, setting php admin value in apache vhosts for say disable_functions no
longer works, you can only set it globally in php.ini thats been the case since 8.0 due to ordering in the code, although it is being looked at for mod_php its very low priority and changes AFAIK have not made it into the recently released 8.5, its not the only thing that no longer works, but
if you use open_basedir that does still work :)

as for eol 3 years ago, yes, it was eol when Pat released 15.0 whoch he promised we wouldnt wait another 5 years for a release, so I suppose he's getting closer, in Feb it'll be 4 years since release, but then
technically he has 13 months for it to be "before 5 years" /sigh/
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.os.linux.slackware

On Tue, 30 Dec 2025 10:46:49 +1000, noel wrote:

as for eol 3 years ago, yes, it was eol when Pat released 15.0

Not exactly, version 7.4.33 of PHP was released slightly more than 3
years ago, at the third of November 2022, the same day support for PHP 7
was discontinued.

When Slackware 15.0 was released at second of February 2022, it included
the then considered stable package n/php-7.4.27 package as well as
sligthly less well tested extra/php80-8.0.15 and extra/php81-8.1.2
packages.

Since then, all these 3 versions of php has received a number of security updates, but PHP 7.4 obviously no longer receives any updates. On the
other hand, PHP 8.2 has also been added in /extra. As those version 8 of
PHP are part of /extra those updates does not come in the /patches
directory but in the /extra directory. That is so no one by mistake would install a version of PHP which breaks their existing applications.

Basically, stable versions of Slackware don't receive any feature
updates, only security updates and most importantly, those updates are
not supposed to break anything. This means that when upstream providers
stop supporting a release series, stable versions of Slackware will stop providing updates for that application. Some applications will have newer versions in /extra, but those newer versions might break your stuff.

Would things be better if Slackware released stable versions every year?
No, not really, the main problem with upgrading to newer versions from upstream providers which break your existing configuration would still be there. To avoid that problem, you need to avoid getting dependent on
tools and languages breaking backwards compatibility.

regard Henrik
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.os.linux.slackware

On Tue, 30 Dec 2025 06:31:01 +0000, Henrik Carlqvist wrote:

On Tue, 30 Dec 2025 10:46:49 +1000, noel wrote:

as for eol 3 years ago, yes, it was eol when Pat released 15.0

Not exactly, version 7.4.33 of PHP was released slightly more than 3
years ago, at the third of November 2022, the same day support for PHP 7
was discontinued.

I stand corrected.

When Slackware 15.0 was released at second of February 2022, it included

Since then, all these 3 versions of php has received a number of
security updates, but PHP 7.4 obviously no longer receives any updates.

8.0 EOL'd December 2023
8.1 EOL'd December 2025
8.2 ended active support 31 Dec 2024, sec updates end & total EOL Dec 2026
8.3 active support ended Dec 2025, sec updates remain until Dec 2027
8.4 active support ends Dec 2026 , sec updates till Dec 2028
8.5 active support ends Dec 2027, sec Dec 2029

On the other hand, PHP 8.2 has also been added in /extra. As those
version 8 of PHP are part of /extra those updates does not come in the /patches directory but in the /extra directory. That is so no one by
mistake would install a version of PHP which breaks their existing applications.

Basically, stable versions of Slackware don't receive any feature
updates, only security updates and most importantly, those updates are

Not always the case, as most obvious example is, and I've lost count at
how many times, curl has had updates

Would things be better if Slackware released stable versions every year?
No, not really,

some people live in hte dark, some people rely of propriatry software
that, rightly or wrongly. is built using "modern" libraries... have we
not had this discussion before...

/
Wed Feb 2 22:22:22 UTC 2022
Slackware 15.0 x86_64 stable is released!

Another too-long development cycle is behind us after we bit off more than
we could chew and then had to shine it up to a high-gloss finish.
Hopefully we've managed to get the tricky parts out of the way so that
we'll be able to see a 15.1 incremental update after a far shorter
development cycle. Certainly the development infrastructure has been streamlined here and things should be easier moving forward.

/

I guess thats long gone by the wayside :)

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.os.linux.slackware

On Thu, 01 Jan 2026 22:47:35 +1000, noel wrote:

On Tue, 30 Dec 2025 06:31:01 +0000, Henrik Carlqvist wrote:

Basically, stable versions of Slackware don't receive any feature
updates, only security updates and most importantly, those updates are

Not always the case, as most obvious example is, and I've lost count at
how many times, curl has had updates

Yes, curl in Slackware 15.0 has been updated from version 7.81.0 to
8.16.0, but did any of those versions break any backwards compatibility?

Another odd example is samba which have rather short life cycles. In
Slackware 15.0 samba 4.15.13 was put into /pasture when non backwards compatible 4.18.5 got into /patches.

These are a few examples of backwards compatibility breaking applications
that we are aware of. However, there are also backwards compatibility
breaking security updates that are not so obvious. For example, in
Slackware 14.2 the last security update of firefox was version 68.12.0 in august 2020. Newer versions of firefox no longer compiled on Slackware
14.2. A user Ruari Oedegaard did provide a third party script which
downloaded a binary distribution of firefox and repackaged that into a Slackware package. We can easily see security updates that come as
patches, but it is not so easy to be aware of security holes which do not receive andy security updates.

When a Slackware version reaches End Of Life there is a note about that
in ChangeLog.txt and we get aware that it will not receive any more
security updated. However, long before that, a number of applications
usually already has stopped receiving security updates and we are not so
aware of that.

regards Henrik
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.os.linux.slackware

On Fri, 02 Jan 2026 06:34:35 +0000, Henrik Carlqvist wrote:

Yes, curl in Slackware 15.0 has been updated from version 7.81.0 to
8.16.0, but did any of those versions break any backwards compatibility?

since not even the slackware team would be aware of the real answer here
who knows, as curl is not an everyday tool for everyone

Another odd example is samba which have rather short life cycles. In Slackware 15.0 samba 4.15.13 was put into /pasture when non backwards compatible 4.18.5 got into /patches.

lets be clear, only fringe cases are not backward compatible, my smb.conf han';t changed in many years.

These are a few examples of backwards compatibility breaking
applications that we are aware of. However, there are also backwards compatibility breaking security updates that are not so obvious. For
example, in Slackware 14.2 the last security update of firefox was
version 68.12.0 in august 2020.

14.2 was made EOL by the Pat and his slackware team in January 2024,

a lot of the "breakages" I read on LQ are PEBKAC, or fringe use cases so
never given high priority.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.os.linux.slackware

On Fri, 02 Jan 2026 17:31:58 +1000, noel wrote:

On Fri, 02 Jan 2026 06:34:35 +0000, Henrik Carlqvist wrote:

For example, in Slackware 14.2 the last security update of firefox was
version 68.12.0 in august 2020.

14.2 was made EOL by the Pat and his slackware team in January 2024,

Yes, that was more than 3 years of a provided EOL web browser in
Slackware 14.2 without any particular note about that.

That can be compared with the number of security fixes for mozilla-
firefox in Slackware 15.0 which all did fix a number of CVEs, such
patches were provided during 2025:

Tue Dec 9 22:13:59 UTC 2025
Tue Nov 11 23:09:47 UTC 2025
Tue Oct 14 23:11:49 UTC 2025
Tue Sep 23 20:31:08 UTC 2025 (bugfixes only)
Wed Sep 17 22:13:56 UTC 2025
Tue Aug 19 20:38:59 UTC 2025
Tue Jul 22 21:24:21 UTC 2025
Tue Jun 24 19:42:23 UTC 2025
Tue May 27 18:18:14 UTC 2025
Mon May 19 04:19:58 UTC 2025
Tue Apr 29 21:28:00 UTC 2025
Wed Apr 2 02:25:57 UTC 2025
Tue Mar 4 19:37:20 UTC 2025
Tue Feb 4 19:19:28 UTC 2025
Wed Jan 8 23:26:27 UTC 2025

regards Henrik
--- Synchronet 3.21a-Linux NewsLink 1.2