Bug 51147 - consider using php 4.0.7-cvs
consider using php 4.0.7-cvs
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: php (Show other bugs)
7.3
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Phil Copeland
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-08-07 17:25 EDT by Chris Ricker
Modified: 2007-04-18 12:35 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-01-09 11:51:11 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Chris Ricker 2001-08-07 17:25:42 EDT
beta3 contains php-4.0.6.  4.0.7, in CVS, fixes many security and
performance problems with 4.0.6 which necessitate that many sites use the
CVS version.  Is there any possibility of including it instead of 4.0.6?

Significant fixes (to me, anyway ;-) from 4.0.6:

* includes cyrus-imap support
* lots of crashes fixed
* thread-safe performance increased
* some data corruption bugs fixed
* LDAP memory leaks plugged
* mail() exploit to spawn arbitrary processes fixed
* overflows fixed
* sessions performance improved
In addition to the security benefits, shipping php-4.0.7 would also allow
users to compile (or Red Hat to bundle) php-gtk, which requires 4.0.7....
Comment 1 Peter Bowen 2001-08-09 00:04:16 EDT
PHP 4.0.7 breaks binary compatibility for existing extensions due to recent
changes to the Zend engine.  Therefore I do not recommend upgrading to the CVS
version, or 4.0.7, during the RHL7.x series
Comment 2 Chris Ricker 2001-08-09 14:15:43 EDT
I thought the compatibility break was 4.0.4 -> 4.0.6 (which RH did an upgrade to
in RH 7.1 errata), not in 4.0.6 -> 4.0.7?
Comment 3 Phil Copeland 2002-01-08 12:05:35 EST
Anyone know the actual answer to this yet?
If not I'll stick with 4.0.6 untill I get a definitive 'you will be adorned by
millions' response

Phil
=--=
Comment 4 Chris Ricker 2002-01-08 12:37:41 EST
The actual answer is irrelevant, 'cause now I want PHP 4.1.1, which adds major
performance and security benefits.
Comment 5 Chris Ricker 2002-01-09 11:51:06 EST
To answer your question regarding backwards compatibility and binary plugins, it
looks like Red Hat has already totally thrown that out the window, so you might
as well just give your users the most functional, secure release of PHP you can
(ie, 4.1.1 or CVS).  

For example, check out
<http://www.zend.com/store/products/product_compatibility.php> for a list of
binary plugins from just one vendor, Zend.  Look at ones like the Zend
Optimizer, for example (chosen 'cause it's one I actually use).  Zend Optimizer
1.1 shipped when RH 7.1 shipped, and supported PHP 4.0.4 and 4.0.5.  When RH
released PHP 4.0.6 as errata for 7.1, RH broke Zend Optimizer 1.1 on 7.1. 
Similarly, if you installed stock 7.1 and Zend Optimizer 1.1, and then upgraded
to 7.2, the RH upgrade broke your Zend Optimizer.  The new version of Zend
Optimizer fixes that, but it also works with 4.1.1....
Comment 6 Chris Ricker 2002-02-10 16:24:51 EST
This can be closed.  hampton beta 1 includes php-4.1.1

I'm marking it rawhide for lack of a better category (NEXTRELEASE, anyone? ;-)

Note You need to log in before you can comment on or make changes to this bug.