Bug 51147 - consider using php 4.0.7-cvs
Summary: consider using php 4.0.7-cvs
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: php   
(Show other bugs)
Version: 7.3
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Phil Copeland
QA Contact: David Lawrence
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2001-08-07 21:25 UTC by Chris Ricker
Modified: 2007-04-18 16:35 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-01-09 16:51:11 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Chris Ricker 2001-08-07 21:25:42 UTC
beta3 contains php-4.0.6.  4.0.7, in CVS, fixes many security and
performance problems with 4.0.6 which necessitate that many sites use the
CVS version.  Is there any possibility of including it instead of 4.0.6?

Significant fixes (to me, anyway ;-) from 4.0.6:

* includes cyrus-imap support
* lots of crashes fixed
* thread-safe performance increased
* some data corruption bugs fixed
* LDAP memory leaks plugged
* mail() exploit to spawn arbitrary processes fixed
* overflows fixed
* sessions performance improved
In addition to the security benefits, shipping php-4.0.7 would also allow
users to compile (or Red Hat to bundle) php-gtk, which requires 4.0.7....

Comment 1 Peter Bowen 2001-08-09 04:04:16 UTC
PHP 4.0.7 breaks binary compatibility for existing extensions due to recent
changes to the Zend engine.  Therefore I do not recommend upgrading to the CVS
version, or 4.0.7, during the RHL7.x series

Comment 2 Chris Ricker 2001-08-09 18:15:43 UTC
I thought the compatibility break was 4.0.4 -> 4.0.6 (which RH did an upgrade to
in RH 7.1 errata), not in 4.0.6 -> 4.0.7?

Comment 3 Phil Copeland 2002-01-08 17:05:35 UTC
Anyone know the actual answer to this yet?
If not I'll stick with 4.0.6 untill I get a definitive 'you will be adorned by
millions' response


Comment 4 Chris Ricker 2002-01-08 17:37:41 UTC
The actual answer is irrelevant, 'cause now I want PHP 4.1.1, which adds major
performance and security benefits.

Comment 5 Chris Ricker 2002-01-09 16:51:06 UTC
To answer your question regarding backwards compatibility and binary plugins, it
looks like Red Hat has already totally thrown that out the window, so you might
as well just give your users the most functional, secure release of PHP you can
(ie, 4.1.1 or CVS).  

For example, check out
<http://www.zend.com/store/products/product_compatibility.php> for a list of
binary plugins from just one vendor, Zend.  Look at ones like the Zend
Optimizer, for example (chosen 'cause it's one I actually use).  Zend Optimizer
1.1 shipped when RH 7.1 shipped, and supported PHP 4.0.4 and 4.0.5.  When RH
released PHP 4.0.6 as errata for 7.1, RH broke Zend Optimizer 1.1 on 7.1. 
Similarly, if you installed stock 7.1 and Zend Optimizer 1.1, and then upgraded
to 7.2, the RH upgrade broke your Zend Optimizer.  The new version of Zend
Optimizer fixes that, but it also works with 4.1.1....

Comment 6 Chris Ricker 2002-02-10 21:24:51 UTC
This can be closed.  hampton beta 1 includes php-4.1.1

I'm marking it rawhide for lack of a better category (NEXTRELEASE, anyone? ;-)

Note You need to log in before you can comment on or make changes to this bug.