Bug 143101 - PHP 5.0.3 released & fixes CAN-2004-1019, CAN-2004-1020
Summary: PHP 5.0.3 released & fixes CAN-2004-1019, CAN-2004-1020
Alias: None
Product: Fedora
Classification: Fedora
Component: php (Show other bugs)
(Show other bugs)
Version: rawhide
Hardware: All Linux
Target Milestone: ---
Assignee: Joe Orton
QA Contact:
URL: http://www.php.net/ChangeLog-5.php#5.0.3
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2004-12-16 15:28 UTC by Robert Scheck
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version: 5.0.3-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-01-12 14:47:26 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
php-5.0.3-config.patch (3.36 KB, patch)
2004-12-16 15:32 UTC, Robert Scheck
no flags Details | Diff
php-5.0.3-umask.patch (923 bytes, patch)
2004-12-16 15:33 UTC, Robert Scheck
no flags Details | Diff
php-5.0.3-lib64.patch (27.02 KB, patch)
2004-12-16 15:59 UTC, Robert Scheck
no flags Details | Diff
php-5.0.3-db4.patch (1.54 KB, patch)
2004-12-18 19:20 UTC, Kenneth Porter
no flags Details | Diff
php.spec.diff (1.98 KB, patch)
2004-12-18 19:23 UTC, Kenneth Porter
no flags Details | Diff

Description Robert Scheck 2004-12-16 15:28:10 UTC
Description of problem:
The PHP Development Team would like to announce the immediate release 
of PHP 5.0.3. These are maintenance releases that in addition to non- 
critical bug fixes address several very serious security issues. All 
Users of PHP are strongly encouraged to upgrade to one of these 
releases as soon as possible.

Version-Release number of selected component (if applicable):

Actual results:
The following patch merging is needed at (my merged patches are
attached; I hope, I didn't make any mistakes):
Patch2, Patch3, Patch9, Patch22

The following patch can be removed (merged in upstream):

Expected results:
Upgrade to 5.0.3 ;-)

Comment 1 Robert Scheck 2004-12-16 15:32:28 UTC
Created attachment 108705 [details]

Comment 2 Robert Scheck 2004-12-16 15:33:08 UTC
Created attachment 108706 [details]

Comment 3 Robert Scheck 2004-12-16 15:59:43 UTC
Created attachment 108707 [details]

Comment 4 Robert Scheck 2004-12-16 18:33:08 UTC
Hrm, the remerged "php-5.0.3-db4.patch" always caused a problem at 
rebuilding, I noticed:

checking for GDBM support... no
checking for NDBM support... no
./configure: line 34955: "$CC: command not found
./configure: line 34955: "$CC: command not found
./configure: line 34955: "$CC: command not found
./configure: line 34955: "$CC: command not found
./configure: line 34955: "$CC: command not found
./configure: line 34955: "$CC: command not found
./configure: line 34955: "$CC: command not found
checking for db4 major version... configure: error: Header contains different version
Error: Bad exit status from /var/tmp/rpm-tmp.7381 (%build)

Whatever, the real problem behind this error is, I've no clue, the 
(my) patch merging seemed correct and the problem occured only with 
5.0.3 for me, rebuilding of 5.0.2 worked anyway.

Comment 5 Kenneth Porter 2004-12-18 19:18:01 UTC
Agreed. This looks like an autoconf issue. I'm attaching my version of
the remerged db4 patch and my spec file for comparison.

Comment 6 Kenneth Porter 2004-12-18 19:20:59 UTC
Created attachment 108849 [details]

Comment 7 Kenneth Porter 2004-12-18 19:23:51 UTC
Created attachment 108850 [details]

Comment 8 Robert Scheck 2004-12-19 10:45:54 UTC
Kenneth, your patch didn't solve the problem for me. Your patch is btw 
identical to mine... ;-)

I'm using autoconf-2.59-5, automake-1.9.3-1 and libtool-1.5.10-1 for 
rebuilding, which should be latest Rawhide.

Comment 9 Kenneth Porter 2004-12-19 18:25:31 UTC
Good to know we came to the same conclusion independently.

I commented out patch22 and now configure fails with:

checking for init_snmp in -lnetsnmp... no
configure: error: SNMP sanity check failed. Please check config.log
for more information.

The log has a C++ fragment, missing an #endif.

On Fedora Core 2, using:


Comment 10 Robert Scheck 2004-12-19 18:58:41 UTC
BTW, "db db-4.2 db-4.1 db-4.0 db-4 db4" (so without the "db-4.3") seems
to work here and even linked against the correct db4 version:

# rpm -qp --requires php-5.0.3-0.i386.rpm | grep db

Comment 11 Joe Orton 2005-01-04 09:33:00 UTC
Thanks for the patches, folks, I'll be integrating this ASAP, but
5.0.3 and 4.3.10 don't build on half the platforms in the build system
due to the new zend_strtod.c file so that's holding things up.

Comment 12 Christian Pearce 2005-01-06 21:05:10 UTC
That removing db-4.3 didn't work for me.

Comment 13 Joe Orton 2005-01-12 14:47:26 UTC
I simplified the code to just check for -ldb which should avoid all
issues; 5.0.3 packages are now on their way to Raw Hide.  Thanks
again.  Please file a new bug if you find rebuild issues with -ldb.

Note You need to log in before you can comment on or make changes to this bug.