Bug 152752 - CAN-2004-0594, 0595 - PHP multiple vulnerabilities
CAN-2004-0594, 0595 - PHP multiple vulnerabilities
Status: CLOSED CURRENTRELEASE
Product: Fedora Legacy
Classification: Retired
Component: Package request (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
LEGACY, rh73, rh90
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-13 14:42 EDT by Marc Deslauriers
Modified: 2008-05-01 11:38 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:26:13 EST
CAN-2004-0594:
A vulnerability within PHP allows remote code execution on PHP servers with
activated memory_limit

http://security.e-matters.de/advisories/122004.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0594

CAN-2004-0595:
A binary safety problem within PHP's strip_tags() function may allow injection
of arbitrary tags in Internet Explorer and Safari browsers

http://security.e-matters.de/advisories/122004.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595



------- Additional Comments From mattdm@mattdm.org 2004-07-14 10:01:58 ----

This looks pretty nasty....



------- Additional Comments From michal@harddata.com 2004-07-14 18:20:52 ----

Created an attachment (id=769)
possible patch for CAN-2004-0594

Indeed this looks like something really urgent.  OTOH it seems from
descriptions
that turning off memory_limit could be a temporary countermeasure even if this
opens a possibility to DoS attacks.

Details are scarce but looking at differences in a code of a version which is
fixing the problem and a buggy one it seems that an attached patch will be
needed for 4.1.2 which is used on RH7.3 installations.	This does not cover
CAN-2004-0595.



------- Additional Comments From michal@harddata.com 2004-07-14 18:46:18 ----

A spec file for php-4.1.2-7.3.6 is missing imap-devel on BuildRequires list.



------- Additional Comments From michal@harddata.com 2004-07-15 03:58:58 ----

Mandrake made available php-4.1.2-1.3.M82mdk.src.rpm with recent security
fixes.  Their fix to CAN-2004-0594 is identical with the first chunk of what
I put in the first attachment to this report.

That rpm includes also fixes to CAN-2004-0595 and another patch with various
initialization cleanups.  Both apply to php-4.1.2-7.3.6 sources with an
exception of the last chunk of the second patch as this particular point
was already fixed, in some other way, in 4.1.2-7.3.6.

I attach these additional patches; the second one edited to remove that
conflicting chunk.  php-4.1.2-7.3.6 plus all these three patches recompiles
cleanly and even seems to run fine as far as I can tell in my limited testing.



------- Additional Comments From michal@harddata.com 2004-07-15 04:00:21 ----

Created an attachment (id=770)
Fix for CAN-2004-0595 (from Mandrake)




------- Additional Comments From michal@harddata.com 2004-07-15 04:01:53 ----

Created an attachment (id=771)
additional initialization fixes (from Madrake, slightly edited to fit)




------- Additional Comments From marcdeslauriers@videotron.ca 2004-07-15 18:47:30 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are packages for 7.3 and 9:

Changelog:
* Thu Jul 15 2004 Marc Deslauriers <marcdeslauriers@videotron.ca> 4.1.2-7.3.7.legacy
- - Added security fix for CAN-2004-0594
- - Added security fix for CAN-2004-0595
- - Added a few more fixes
- - Added imap-devel BuildRequires

7.3:
bda44c117f18eb66ea6166b036a6d56a00323b78  php-4.1.2-7.3.7.legacy.i386.rpm
fa7812b1989e86ec737cdc23bdae05d0a860da06  php-4.1.2-7.3.7.legacy.src.rpm
b0dafd3bf5c0f2910ab9904232b6a9d32bd1ddaa  php-devel-4.1.2-7.3.7.legacy.i386.rpm
460fd8d47206c75bf5f39ae6720a8dc1666661a5  php-imap-4.1.2-7.3.7.legacy.i386.rpm
e06801701cf4da9fdd1586d702f2acfca96948fe  php-ldap-4.1.2-7.3.7.legacy.i386.rpm
19d6b7afff3e8333a3d05b5809b5f9821b170803  php-manual-4.1.2-7.3.7.legacy.i386.rpm
e846fa355e88e8b89beeabf57819f33766b4eefb  php-mysql-4.1.2-7.3.7.legacy.i386.rpm
c190b13578a89a6d96802d3b05ee4cdb0ca5432b  php-odbc-4.1.2-7.3.7.legacy.i386.rpm
fb242bf40af2c15d94e06b1e6fb2b2160d98b1d3  php-pgsql-4.1.2-7.3.7.legacy.i386.rpm
8ececfc26bfea867dab5cae9f21a7aa3df99a007  php-snmp-4.1.2-7.3.7.legacy.i386.rpm

9:
28cb83d497b11c1a1b47b036cd32d8bd9b99db77  php-4.2.2-17.3.legacy.i386.rpm
ea7cd7a5f1d5cae9d3eda41e016942f31febf007  php-4.2.2-17.3.legacy.src.rpm
b611dfbf603cd8c292655748859a280fc9971e60  php-devel-4.2.2-17.3.legacy.i386.rpm
aff8252636c2f3a3287cbbc98d9d1d45b72a2782  php-imap-4.2.2-17.3.legacy.i386.rpm
96d640818d628b2d6a1ba49d5290148c39f93267  php-ldap-4.2.2-17.3.legacy.i386.rpm
befc17b7c89a1622753f449650f5f248b4f4e655  php-manual-4.2.2-17.3.legacy.i386.rpm
d6d62d927dc0bfd9c9352a898dd90117d74466a0  php-mysql-4.2.2-17.3.legacy.i386.rpm
bf33788a173e195c31d1fead442236ddd9c72689  php-odbc-4.2.2-17.3.legacy.i386.rpm
b44c5fabd889706d0d184055348b71aa9113d368  php-pgsql-4.2.2-17.3.legacy.i386.rpm
99bbac9f88209483c9c1be8aedaaa8b05718d588  php-snmp-4.2.2-17.3.legacy.i386.rpm

http://www.infostrategique.com/linuxrpms/legacy/7.3/php-4.1.2-7.3.7.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/php-4.1.2-7.3.7.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/php-devel-4.1.2-7.3.7.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/php-imap-4.1.2-7.3.7.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/php-ldap-4.1.2-7.3.7.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/php-manual-4.1.2-7.3.7.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/php-mysql-4.1.2-7.3.7.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/php-odbc-4.1.2-7.3.7.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/php-pgsql-4.1.2-7.3.7.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/php-snmp-4.1.2-7.3.7.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/php-4.2.2-17.3.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/php-4.2.2-17.3.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/php-devel-4.2.2-17.3.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/php-imap-4.2.2-17.3.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/php-ldap-4.2.2-17.3.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/php-manual-4.2.2-17.3.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/php-mysql-4.2.2-17.3.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/php-odbc-4.2.2-17.3.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/php-pgsql-4.2.2-17.3.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/php-snmp-4.2.2-17.3.legacy.i386.rpm


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA913QLMAs/0C4zNoRAvHJAJ9vJqMKa0oroh3t72q+PSN4UOhPqgCgmmfP
bKvlg5UQfcLlkIj4+dqg0ho=
=6aLc
-----END PGP SIGNATURE-----




------- Additional Comments From chrismcc@gmail.com 2004-07-22 06:17:01 ----

You might also look at:

rpmbuild --rebuild
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/php-4.1.2-2.1.8.src.rpm

which went through RH QA





------- Additional Comments From michal@harddata.com 2004-07-22 06:35:31 ----

> which went through RH QA

It does not differ that much (beyond that it is released instead of languishing
in a queue).  I looked at it quickly few days ago.  It possibly has other
"cleanu-up" patches that what is in attachments here but some other seem to
be missing.  It is also possible that both sets are equivalent but with a somewhat
different layout.  I was too busy recently for a detailed comparison.  I still
plan to do that but if somebody else would want to instead then go ahead. :-)
The crucial, in respect to remote attacks, test is everywhere the same.

I have a patched PHP running on few machine for the last week and so far
I did not hear any complaints.



------- Additional Comments From michal@harddata.com 2004-07-25 10:47:57 ----

Created an attachment (id=782)
"leftover" initialization issues




------- Additional Comments From michal@harddata.com 2004-07-25 10:50:22 ----

Created an attachment (id=783)
"New-and-improved" version of a patch for CAN-2004-0594

I revisited php patches and I believe that a patch for CAN-2004-0594
which I posted previously is not right.  The new one should be
correct.

I am also adding a patch which fixes more initialization problems (and
other minor on 32-bit platforms "gotchas").  These can get into a play
in case of allocation failures.

With these two patches resulting sources differ from php-4.1.2-2.1.8.src.rpm
(RHEL updates) as follows:
 - in Zend/zend_alloc.c some instances of CHECK_MEMORY_LIMIT
   were moved a bit and look now as in php-4.3.8
 - php-4.1.2-2.1.8.src.rpm includes fixes to curl which were not
   present in php-4.1.2-7.3.6.src.rpm (last "official" update from
   RH7.3); quite possibly that should be included too.

Whatever will be done should be done really soon.  Another possibility
is to move to php-4.3.8




------- Additional Comments From marcdeslauriers@videotron.ca 2004-07-25 13:31:26 ----

Wow. You're right, Mandrake's patch doesn't work. Good thing you noticed it.

I'll make new rpms tonight.





------- Additional Comments From marcdeslauriers@videotron.ca 2004-07-26 12:26:11 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated rpms for 7.3 and 9 with a working patch:

Changelog:
* Mon Jul 26 2004 Marc Deslauriers <marcdeslauriers@videotron.ca> 4.1.2-7.3.8.legacy
- - Added better security fix for CAN-2004-0594
- - Added fixes for various compiler warnings

7.3:
ff51f5d393c919288faeb5ed28fc7642102cafce  php-4.1.2-7.3.8.legacy.i386.rpm
06220ea0da650117bc8f850a05815e984c72729e  php-4.1.2-7.3.8.legacy.src.rpm
4da935a4b15878a42a3cebd03a223ac434ea49ee  php-devel-4.1.2-7.3.8.legacy.i386.rpm
491daaff9f9115f1d344766ef8a6787faba43ec8  php-imap-4.1.2-7.3.8.legacy.i386.rpm
39fe7ea97d349762b0c8f7ee0c313d98520011e1  php-ldap-4.1.2-7.3.8.legacy.i386.rpm
d8a41b9250265dbc31dc78898cb8b531deb40e10  php-manual-4.1.2-7.3.8.legacy.i386.rpm
1573955d1b1cd9ddf09ee77d9335455cfaee23c1  php-mysql-4.1.2-7.3.8.legacy.i386.rpm
87813b4b8b8a54385e1af761d995b859d09bec69  php-odbc-4.1.2-7.3.8.legacy.i386.rpm
cb06456128f16c0aa9fd62456e9ee02c1a90f713  php-pgsql-4.1.2-7.3.8.legacy.i386.rpm
fb4aff9480445bf5550e9a6b14af464e6dbb0c6e  php-snmp-4.1.2-7.3.8.legacy.i386.rpm

9:
083b8c2ee8d710fd8e10111d4a52ed9b04cdcfe5  php-4.2.2-17.4.legacy.i386.rpm
8f15f7d82f7c914e094aef6c05951330f767206b  php-4.2.2-17.4.legacy.src.rpm
2e9bc16857dd25cf107614267fa0429ae11f3d0c  php-devel-4.2.2-17.4.legacy.i386.rpm
18beab2c4394d6f5e7d74cdef6e9555b7dab944d  php-imap-4.2.2-17.4.legacy.i386.rpm
983b9596aef2c6ee342ef625d2a264d511f1509a  php-ldap-4.2.2-17.4.legacy.i386.rpm
b00d9df6d18cbe06f88a6fdc54d010f1efee3a8d  php-manual-4.2.2-17.4.legacy.i386.rpm
badf1f7594961303fdddf644759a96ddbacb3ad2  php-mysql-4.2.2-17.4.legacy.i386.rpm
d17a8d79685bb23bdd99d2c6bdedbf3e974e48ef  php-odbc-4.2.2-17.4.legacy.i386.rpm
0adbd3c1d5051681b54f52c99e4828d1a4481af8  php-pgsql-4.2.2-17.4.legacy.i386.rpm
7cc45af54e1202205bb5567c8c1657dfa9693bd3  php-snmp-4.2.2-17.4.legacy.i386.rpm

http://www.infostrategique.com/linuxrpms/legacy/7.3/php-4.1.2-7.3.8.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/php-4.1.2-7.3.8.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/php-devel-4.1.2-7.3.8.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/php-imap-4.1.2-7.3.8.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/php-ldap-4.1.2-7.3.8.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/php-manual-4.1.2-7.3.8.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/php-mysql-4.1.2-7.3.8.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/php-odbc-4.1.2-7.3.8.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/php-pgsql-4.1.2-7.3.8.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/php-snmp-4.1.2-7.3.8.legacy.i386.rpm

http://www.infostrategique.com/linuxrpms/legacy/9/php-4.2.2-17.4.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/php-4.2.2-17.4.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/php-devel-4.2.2-17.4.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/php-imap-4.2.2-17.4.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/php-ldap-4.2.2-17.4.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/php-manual-4.2.2-17.4.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/php-mysql-4.2.2-17.4.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/php-odbc-4.2.2-17.4.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/php-pgsql-4.2.2-17.4.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/php-snmp-4.2.2-17.4.legacy.i386.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBBYTkLMAs/0C4zNoRAoE0AKC5fKPO4HtotDDtZzU0DWCHcVNZ+ACgn8Pp
IVP3CIwNqxwg2KH4Uyk1vak=
=Pv5n
-----END PGP SIGNATURE-----




------- Additional Comments From mgabriel@geekworx.de 2004-08-14 02:11:15 ----

i know this aint quite the right place to start a discussion, but whats the
point of backporting fixes, where every php-coder out there wants php 4.3.8 with
libgd2 built in ?



------- Additional Comments From jpdalbec@ysu.edu 2004-09-01 10:48:01 ----

Created an attachment (id=828)
Differences between php-4.1.2-7.3.6 and -7.3.8.legacy SRPMs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

1daced05bdbb11ba59694f2428c764ffcb1c87d6
php-4.1.2-7.3.6-7.3.8.legacy.diff.gz
6977d0323adda3b8ff1e29c1852e059fca0ac868  php-4.1.2-7.3.6.src.rpm
06220ea0da650117bc8f850a05815e984c72729e  php-4.1.2-7.3.8.legacy.src.rpm

Good signature on legacy RPM.
Differences look OK (gzipped, attached).
Missing BuildRequires: flex (this seems to be a pattern with Red Hat).
Building with umask 077 exposes a db3-devel bug:
db3-devel doesn't own /usr/include/db3.
Missing BuildRequires: mm-devel libtool.

New RH 7.3 packages are available from
http://www.fedoralegacy.org/contrib/php/

sha1sums:
03616e9ad36ea7d8f6a39cd11ad83e4ac5413500
php-4.1.2-7.3.9.legacy.i386.rpm
5fa5b06f99e24d223ed466793074445327498aae  php-4.1.2-7.3.9.legacy.src.rpm
4edd4851498edb324ae15fbde1e5403bdaa2aa40  php-4.2.2-17.2.src.rpm
8f15f7d82f7c914e094aef6c05951330f767206b  php-4.2.2-17.4.legacy.src.rpm
3c96439ea728bacde2dc93ea89b11d3bb3f302b4
php-devel-4.1.2-7.3.9.legacy.i386.rpm
8997647b0b7c55a1b57d6c7f5d6d30aad834505b
php-imap-4.1.2-7.3.9.legacy.i386.rpm
3628c581f410ba77dea36831b1b0e316633ba536
php-ldap-4.1.2-7.3.9.legacy.i386.rpm
956b70406b5de5c7a7f7f896b9a6d7dbb2cd16f2
php-manual-4.1.2-7.3.9.legacy.i386.rpm
61ef575106aebeeea59a0ed06b71d6ee593e842b
php-mysql-4.1.2-7.3.9.legacy.i386.rpm
e7e6f7299a12181468496836383d351f71518302
php-odbc-4.1.2-7.3.9.legacy.i386.rpm
dca57fe823e6e772753c9b6b311fc001ac30a8c8
php-pgsql-4.1.2-7.3.9.legacy.i386.rpm
915d36f1e277d3227bb4183aadc700923d98ace1
php-snmp-4.1.2-7.3.9.legacy.i386.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBNjLoJL4A+ldA7asRArBfAJ40Y4p1k/L8cBZryYZ2K0js4B5g1gCgvYzR
WWzpKYO3CwGOldRFUN6XvQ0=
=snE9
-----END PGP SIGNATURE-----




------- Additional Comments From jpdalbec@ysu.edu 2004-09-02 07:30:16 ----

Created an attachment (id=830)
Differences between php-4.2.2-17.2 and -17.4.legacy SRPMs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

++PUBLISH RHL9

89ded579f9b8949ce4bbc699b62ba4d364fff908  php-4.2.2-17.2-17.4.legacy.diff.gz
4edd4851498edb324ae15fbde1e5403bdaa2aa40  php-4.2.2-17.2.src.rpm
8f15f7d82f7c914e094aef6c05951330f767206b  php-4.2.2-17.4.legacy.src.rpm

Good signature on legacy RPM.
Differences look OK (gzipped, attached).
No warnings patch on this one, eh?
Building with umask 077 required patching mach to fix ownership and
permissions on /etc/ld.so.conf after installing BuildRequires.
Builds OK.
<?php phpinfo() ?> displays OK.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBN1e1JL4A+ldA7asRApc7AKCnEq2LUkyG0Y7dLDzK05QsOOmuQgCfTl7t
lxjEMQXChtxFOztiI42OumE=
=AzJX
-----END PGP SIGNATURE-----




------- Additional Comments From ckelley@ibnads.com 2004-09-14 11:25:21 ----

I get 403 Forbidden with
http://www.fedoralegacy.org/contrib/php/php-4.1.2-7.3.9.legacy.src.rpm from
comment #15



------- Additional Comments From jpdalbec@ysu.edu 2004-09-28 02:26:59 ----

Fixed, sorry.



------- Additional Comments From ckelley@ibnads.com 2004-09-28 11:56:09 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
5fa5b06f99e24d223ed466793074445327498aae  php-4.1.2-7.3.9.legacy.src.rpm
 
This 7k patch has a lot of code changes that aren't so easy to follow;
if everyone else is comfortable with it, then that's fine:
 
  php-4.1.2-everything_except_mm.patch
 
These patches are fairly trivial and easy to understand (and good):
 
  php-4.1.2-memory_limit_in_execution.patch
  php-4.1.2-warnings.patch
  php-4.1.2-everything_except_mm.patch
 
Package builds just fine.
PHP tutorial projects (www.php.net) run fine.
 
++PUBLISH
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
 
iD8DBQFBWd3qyQ+yTHz+jJkRAloQAJ9MZzv5zmgCHIYNbfT9SHdYBh/LCACgvfja
h+wy9MSG2w8w0IiPwCTp6Us=
=/nhj
-----END PGP SIGNATURE-----




------- Additional Comments From michal@harddata.com 2004-09-28 12:05:38 ----

Let say it that way.  I am running with these patches, and in particular
with 'php-4.1.2-everything_except_mm.patch', on a site which quite heavily
is using PHP, starting from "Mon 26 Jul 2004 10:00:58 AM MDT".  I could not
afford a wait for an official release.  So far I did not hear any complaints. ;-)



------- Additional Comments From marcdeslauriers@videotron.ca 2004-09-28 16:26:20 ----

For some reason, I'm having trouble building php-4.1.2-7.3.9.legacy.src.rpm in
mach. Anyone have any ideas? Here is the end of the output:

/bin/sh /usr/src/rpm/BUILD/php-4.1.2/build-cgi/libtool --silent --mode=link gcc
-I. -I/usr/src/rpm/BUILD/php-4.1.2/
-I/usr/src/rpm/BUILD/php-4.1.2/build-cgi/main -I/usr/src/rpm/BUILD/php-4.1.2
-I/usr/src/rpm/BUILD/php-4.1.2/build-cgi/Zend -I/usr/include/libxml2
-I/usr/include/freetype2/freetype -I/usr/include/imap -I/usr/include/mysql
-I/usr/local/include -I/usr/include/pspell -I/usr/include/ucd-snmp
-I/usr/src/rpm/BUILD/php-4.1.2/main -I/usr/src/rpm/BUILD/php-4.1.2/Zend
-I/usr/src/rpm/BUILD/php-4.1.2/TSRM 
-I/usr/src/rpm/BUILD/php-4.1.2/build-cgi/TSRM -O2 -march=i386 -mcpu=i686 -fPIC 
-L/usr/kerberos/lib -o php -export-dynamic
 stub.lo libphp4.la
/usr/bin/ld: cannot find -lstdc++
collect2: ld returned 1 exit status
make[1]: *** [php] Error 1
make[1]: Leaving directory `/usr/src/rpm/BUILD/php-4.1.2/build-cgi'
make: *** [all-recursive] Error 1
error: Bad exit status from /var/tmp/rpm-tmp.94911 (%build)
 
 
RPM build errors:
    Bad exit status from /var/tmp/rpm-tmp.94911 (%build)





------- Additional Comments From ckelley@ibnads.com 2004-09-28 16:37:29 ----

Do you have libstdc++-2.96-113 (and devel) installed?

Also, in comment #19 I repeated the everything-except-mm patch twice; the second reference should 
be about the sfix patch (Patch7) being easy to read.



------- Additional Comments From marcdeslauriers@videotron.ca 2004-09-28 16:57:00 ----

In response to comment 22:

Yes, I have both libstdc++-2.96-113 and -devel installed. The -devel is a
BuildRequires in the spec file, and I checked manually.

Any other ideas?



------- Additional Comments From ckelley@ibnads.com 2004-09-28 17:04:03 ----

# cat blah.c
int main() {
return 0;
}
# gcc -o blah  -lstdc++ blah.c
#

That should work; if not, look at the loader (for some strange reason?)



------- Additional Comments From marcdeslauriers@videotron.ca 2004-09-28 17:21:53 ----

Argh...misleading error message. I'm missing gcc-c++.




------- Additional Comments From marcdeslauriers@videotron.ca 2004-09-29 12:22:06 ----

pushed to updates-testing.



------- Additional Comments From dom@earth.li 2004-09-30 06:28:58 ----

From list:

"I have a major problem with the package php-4.2.2-17.5.legacy.i386. It
doesn't support the mail() function anymore? Am I doing something wrong, and
if so, what can I do to fix it?

I get an error like this:

Warning: mail() is not supported in this PHP build

Hope to hear soon about this matter."

Needs to be rebuild with a dependency on sendmail I assume.



------- Additional Comments From madhatter@teaparty.net 2004-09-30 08:18:57 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
36beb0117341d9dae1d195195620a02f1802ab52 php-4.2.2-17.5.legacy.i386.rpm
 
works nicely on a fairly busy RH9 web server.  gallery and squirrelmail
work fine under it.  i'm sorry i don't run any more php than that, so
haven't tetsed the other packages that are part of this upgrade.
 
++VERIFY
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
 
iD8DBQFBXEmhePtvKV31zw4RAtcrAKCbJhaO/2SiIwY55i8SKM755pFwqgCgpCaZ
SIzp4n8PM74kiirCgJXZNJU=
=hGPp
-----END PGP SIGNATURE-----




------- Additional Comments From madhatter@teaparty.net 2004-10-02 01:49:53 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
modulo comment #28 above, i've now tested
 
3507dd3165e3e397a352dedadfdac0b0c3d7fdc6 php-4.2.2-17.6.legacy.i386.rpm
 
using gallery and squirrelmail under apache 2.0.40 on RH9, and it's good.
++VERIFY
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
 
iD8DBQFBXpW/ePtvKV31zw4RAtSgAKCfKZ610pUqcs16vOI5M6MXsw4j0ACgnPGq
xJxgLKHl5snUFH7hmL2U96s=
=VlkE
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers@videotron.ca 2004-10-03 08:57:02 ----

New packages for rh9 that have stripped binaries were built and will get pushed
to updates-testing at next sync



------- Additional Comments From madhatter@teaparty.net 2004-10-06 10:13:24 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
i've now tested
 
594a4c87bf2b073b681b1c94a7bcf7ee7d5bc0dd  php-4.2.2-17.7.legacy.i386.rpm
 
using gallery and squirrelmail under apache 2.0.40 on RH9, and it's good.
++VERIFY
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
 
iD8DBQFBZFG+ePtvKV31zw4RAtHrAJ9ueIpt91VvIBbSCXbW/BgKy1wvlwCgibY0
xW7ayuF4z4EyOUIuvf9mPtg=
=7Smh
-----END PGP SIGNATURE-----




------- Additional Comments From sheltren@cs.ucsb.edu 2004-10-07 06:29:29 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Verifying RH9 packages:

594a4c87bf2b073b681b1c94a7bcf7ee7d5bc0dd  php-4.2.2-17.7.legacy.i386.rpm
e1f076f96cfce7d687ad67f26f5e1c33f5993270  php-devel-4.2.2-17.7.legacy.i386.rpm
d349ace9d0a8514cd563217d56ef1f25261f2c92  php-imap-4.2.2-17.7.legacy.i386.rpm
176e15f14ec6045aefd9c924dfa383c58598e16d  php-ldap-4.2.2-17.7.legacy.i386.rpm
a6cda124e7a2de4083bec0a78f6758ab9f36a374  php-manual-4.2.2-17.7.legacy.i386.rpm
42a87a54e0502721eec4907a8cb1c8db196c442a  php-mysql-4.2.2-17.7.legacy.i386.rpm
117bc0f478babf8317812fc35c763e8afeccca49  php-odbc-4.2.2-17.7.legacy.i386.rpm
c52bb318d8b217c02b61bd277f662a483e05e61b  php-pgsql-4.2.2-17.7.legacy.i386.rpm
6ec57d0958666d97532099d7f1118a52727db02b  php-snmp-4.2.2-17.7.legacy.i386.rpm

Signatures are OK
Packages install OK
Ran a few php scripts (both command line and via httpd), works OK

VERIFY++
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFBZW6aKe7MLJjUbNMRAr1TAJ4reaMD/FvmAgNqnMD6wfPxGwQICwCggsxA
a6bb+M7OaeImkSwLZ6fkYXg=
=02nb
-----END PGP SIGNATURE-----



------- Additional Comments From ckelley@ibnads.com 2004-10-07 06:36:24 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Binaries:
6aaefdbf687f8dbf9ffc7b2ab0a0ff2914a13028  php-4.1.2-7.3.10.legacy.i386.rpm
3f38e8929822edc377f61a05c31e45c8599a4ba6  php-devel-4.1.2-7.3.10.legacy.i386.rpm
8c9ac5e7c5040b2d9cf75848acc1260842a5e4aa  php-imap-4.1.2-7.3.10.legacy.i386.rpm
d01be5026d335032486eee9f91fdc72e43d78f54  php-ldap-4.1.2-7.3.10.legacy.i386.rpm
20ed3b170959f47061fbf688bd0bf6c2380cee6c  php-manual-4.1.2-7.3.10.legacy.i386.rpm
66413adf5bf185326ea1658d837bbd34a4c2e59b  php-mysql-4.1.2-7.3.10.legacy.i386.rpm
5fd105b2b8e9aea72d4e34f4800218b40fe844b9  php-odbc-4.1.2-7.3.10.legacy.i386.rpm
3c9152d075afc06ffb2ac64deeca3b331f3a6c06  php-pgsql-4.1.2-7.3.10.legacy.i386.rpm
58027e3f2bd1485bae158cf99aebc63b631972ec  php-snmp-4.1.2-7.3.10.legacy.i386.rpm
 
Source:
bd2e823603fab8b75a17647ac396263cc1ad6d7e  php-4.1.2-7.3.10.legacy.src.rpm
 
 - source builds fine
 - binary packages ~match original redhat release and src-built release
 - tutorials on PHP site function correctly
 
++VERIFY rh73
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
 
iD8DBQFBZXB8yQ+yTHz+jJkRAtJaAKDDwp1+LL9eRxbi0DYhnaPaavBkHACgh5V5
wHngVMlb1XY0uEkf4MPpmkE=
=/t/l
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers@videotron.ca 2004-10-07 14:41:01 ----

Packages were pushed to updates directory and advisory released.



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:26 -------

This bug previously known as bug 1868 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=1868
Originally filed under the Fedora Legacy product and Package request component.

Attachments:
possible patch for CAN-2004-0594
https://bugzilla.fedora.us/attachment.cgi?action=view&id=769
Fix for CAN-2004-0595 (from Mandrake)
https://bugzilla.fedora.us/attachment.cgi?action=view&id=770
additional initialization fixes (from Madrake, slightly edited to fit)
https://bugzilla.fedora.us/attachment.cgi?action=view&id=771
"leftover" initialization issues
https://bugzilla.fedora.us/attachment.cgi?action=view&id=782
"New-and-improved" version of a patch for CAN-2004-0594
https://bugzilla.fedora.us/attachment.cgi?action=view&id=783
Differences between php-4.1.2-7.3.6 and -7.3.8.legacy SRPMs
https://bugzilla.fedora.us/attachment.cgi?action=view&id=828
Differences between php-4.2.2-17.2 and -17.4.legacy SRPMs
https://bugzilla.fedora.us/attachment.cgi?action=view&id=830

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Unknown severity major. Setting to default severity "normal".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.


Note You need to log in before you can comment on or make changes to this bug.