51147 – consider using php 4.0.7-cvs

Bug 51147 - consider using php 4.0.7-cvs

Summary: consider using php 4.0.7-cvs

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	php
Sub Component:
Version:	7.3
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Phil Copeland
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2001-08-07 21:25 UTC by Chris Ricker
Modified:	2007-04-18 16:35 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2002-01-09 16:51:11 UTC
Embargoed:

Attachments	(Terms of Use)

Description Chris Ricker 2001-08-07 21:25:42 UTC

beta3 contains php-4.0.6.  4.0.7, in CVS, fixes many security and
performance problems with 4.0.6 which necessitate that many sites use the
CVS version.  Is there any possibility of including it instead of 4.0.6?

Significant fixes (to me, anyway ;-) from 4.0.6:

* includes cyrus-imap support
* lots of crashes fixed
* thread-safe performance increased
* some data corruption bugs fixed
* LDAP memory leaks plugged
* mail() exploit to spawn arbitrary processes fixed
* overflows fixed
* sessions performance improved
In addition to the security benefits, shipping php-4.0.7 would also allow
users to compile (or Red Hat to bundle) php-gtk, which requires 4.0.7....

Comment 1 Peter Bowen 2001-08-09 04:04:16 UTC

PHP 4.0.7 breaks binary compatibility for existing extensions due to recent
changes to the Zend engine.  Therefore I do not recommend upgrading to the CVS
version, or 4.0.7, during the RHL7.x series

Comment 2 Chris Ricker 2001-08-09 18:15:43 UTC

I thought the compatibility break was 4.0.4 -> 4.0.6 (which RH did an upgrade to
in RH 7.1 errata), not in 4.0.6 -> 4.0.7?

Comment 3 Phil Copeland 2002-01-08 17:05:35 UTC

Anyone know the actual answer to this yet?
If not I'll stick with 4.0.6 untill I get a definitive 'you will be adorned by
millions' response

Phil
=--=

Comment 4 Chris Ricker 2002-01-08 17:37:41 UTC

The actual answer is irrelevant, 'cause now I want PHP 4.1.1, which adds major
performance and security benefits.

Comment 5 Chris Ricker 2002-01-09 16:51:06 UTC

To answer your question regarding backwards compatibility and binary plugins, it
looks like Red Hat has already totally thrown that out the window, so you might
as well just give your users the most functional, secure release of PHP you can
(ie, 4.1.1 or CVS).  

For example, check out
<http://www.zend.com/store/products/product_compatibility.php> for a list of
binary plugins from just one vendor, Zend.  Look at ones like the Zend
Optimizer, for example (chosen 'cause it's one I actually use).  Zend Optimizer
1.1 shipped when RH 7.1 shipped, and supported PHP 4.0.4 and 4.0.5.  When RH
released PHP 4.0.6 as errata for 7.1, RH broke Zend Optimizer 1.1 on 7.1. 
Similarly, if you installed stock 7.1 and Zend Optimizer 1.1, and then upgraded
to 7.2, the RH upgrade broke your Zend Optimizer.  The new version of Zend
Optimizer fixes that, but it also works with 4.1.1....

Comment 6 Chris Ricker 2002-02-10 21:24:51 UTC

This can be closed.  hampton beta 1 includes php-4.1.1

I'm marking it rawhide for lack of a better category (NEXTRELEASE, anyone? ;-)

Note You need to log in before you can comment on or make changes to this bug.