Re: [PHP-DEV] PHP 4.4.9 Released!
There are a typo in NEWS of PHP 4.4.9. #37421 should be #27421. fixed bug #27421 (by david at dfoerster dot de) mbstring.func_overload set in .htaccess becomes global Rui On Thu, 7 Aug 2008 14:09:47 -0700 Chris Stockton [EMAIL PROTECTED] wrote: Hello, Is the link in the changelog pointing to the wrong bug? Seems mb related but speaks of mysqli. Just something small I noticed. -Chris -- Rui Hirokawa [EMAIL PROTECTED] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP 4.4.9 Released!
On Fri, 8 Aug 2008, Rui Hirokawa wrote: Chris Stockton [EMAIL PROTECTED] wrote: fixed bug #27421 (by david at dfoerster dot de) mbstring.func_overload set in .htaccess becomes global There are a typo in NEWS of PHP 4.4.9. #37421 should be #27421. Fixed Derick -- HEAD before 5_3!: http://tinyurl.com/6d2esb http://derickrethans.nl | http://ezcomponents.org | http://xdebug.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] PHP 4.4.9 Released!
Hello, The PHP development team would like to announce the immediate availability of PHP 4.4.9. It continues to improve the security and the stability of the 4.4 branch and all users are strongly encouraged to upgrade to it as soon as possible. This release wraps up all the outstanding patches for the PHP 4.4 series, and is therefore the last PHP 4.4 release. Security Enhancements and Fixes in PHP 4.4.9: * Updated PCRE to version 7.7. * Fixed overflow in memnstr(). * Fixed crash in imageloadfont when an invalid font is given. * Fixed open_basedir handling issue in the curl extension. * Fixed mbstring.func_overload set in .htaccess becomes global. A separate release announcement is also available. For changes in PHP 4.4.9 since PHP 4.4.8, please consult the PHP 4 ChangeLog. Release Announcement: http://www.php.net/release_4_4_9.php Downloads:http://www.php.net/downloads.php#v4 Changelog:http://www.php.net/ChangeLog-4.php#4.4.9 regards, Derick -- http://derickrethans.nl | http://ezcomponents.org | http://xdebug.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP 4.4.9 Released!
Hello, Is the link in the changelog pointing to the wrong bug? Seems mb related but speaks of mysqli. Just something small I noticed. -Chris On Thu, Aug 7, 2008 at 1:47 PM, Derick Rethans [EMAIL PROTECTED] wrote: Hello, The PHP development team would like to announce the immediate availability of PHP 4.4.9. It continues to improve the security and the stability of the 4.4 branch and all users are strongly encouraged to upgrade to it as soon as possible. This release wraps up all the outstanding patches for the PHP 4.4 series, and is therefore the last PHP 4.4 release. Security Enhancements and Fixes in PHP 4.4.9: * Updated PCRE to version 7.7. * Fixed overflow in memnstr(). * Fixed crash in imageloadfont when an invalid font is given. * Fixed open_basedir handling issue in the curl extension. * Fixed mbstring.func_overload set in .htaccess becomes global. A separate release announcement is also available. For changes in PHP 4.4.9 since PHP 4.4.8, please consult the PHP 4 ChangeLog. Release Announcement: http://www.php.net/release_4_4_9.php Downloads:http://www.php.net/downloads.php#v4 Changelog:http://www.php.net/ChangeLog-4.php#4.4.9 regards, Derick -- http://derickrethans.nl | http://ezcomponents.org | http://xdebug.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP 4.4.9
Don't you guys have bigger fish to fry? -- - Richard Quadling Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498r=213474731 Standing on the shoulders of some very clever giants!
[PHP-DEV] PHP 4.4.9
Hello! As it's about a month until the end of PHP 4, it's time to make the last release. There have been a few important fixes, which need to be part of a release. If you have anything else, please let me know so we can integrate it in the release as well. I'm planning to make a release candidate Wednesday next week (for a release on Thursday). regards, Derick -- Derick Rethans http://derickrethans.nl | http://ezcomponents.org | http://xdebug.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP 4.4.9
On Mon, Jul 7, 2008 at 09:09, Derick Rethans [EMAIL PROTECTED] wrote: Hello! As it's about a month until the end of PHP 4, it's time to make the last release. There have been a few important fixes, which need to be part of a release. Out of curiosity, which ones and why aren't they in the NEWS file? -Hannes -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP 4.4.9
Hannes Magnusson wrote: On Mon, Jul 7, 2008 at 09:09, Derick Rethans [EMAIL PROTECTED] wrote: Hello! As it's about a month until the end of PHP 4, it's time to make the last release. There have been a few important fixes, which need to be part of a release. Out of curiosity, which ones and why aren't they in the NEWS file? I thought there'd be release only if there were some critical security fixes to fix..? --Jani -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP 4.4.9
On Mon, 7 Jul 2008, Jani Taskinen wrote: Hannes Magnusson wrote: On Mon, Jul 7, 2008 at 09:09, Derick Rethans [EMAIL PROTECTED] wrote: Hello! As it's about a month until the end of PHP 4, it's time to make the last release. There have been a few important fixes, which need to be part of a release. Out of curiosity, which ones and why aren't they in the NEWS file? I thought there'd be release only if there were some critical security fixes to fix..? There are a few issues. Not a lot, but wrapping it up before the deadline seems like a proper thing to do. regards, Derick -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP 4.4.9
PHP 4 end of life announcement: After 2007-12-31 there will be no more releases of PHP 4.4. We will continue to make critical security fixes available on a case-by-case basis until 2008-08-08. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP 4.4.9
Hello Derick, Janusz is damn right here. Make the patches available but do not make it easy for people to stick to 4 please. Instead, stick to th eplan. marcus Monday, July 7, 2008, 1:15:19 PM, you wrote: PHP 4 end of life announcement: After 2007-12-31 there will be no more releases of PHP 4.4. We will continue to make critical security fixes available on a case-by-case basis until 2008-08-08. Best regards, Marcus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP 4.4.9
On Mon, Jul 7, 2008 at 3:02 PM, Marcus Boerger [EMAIL PROTECTED] wrote: Hello Derick, Janusz is damn right here. Make the patches available but do not make it easy for people to stick to 4 please. Instead, stick to th eplan. I tend to agree here, a new release may contradict the purpose of the end of life announcement. Cheers, -- Pierre http://blog.thepimp.net | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP 4.4.9
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Janusz Lewandowski schrieb: PHP 4 end of life announcement: After 2007-12-31 there will be no more releases of PHP 4.4. We will continue to make critical security fixes available on a case-by-case basis until 2008-08-08. Considering the fact that PHP 4.4.8 is known to have several public security problems that where only fixed in PHP 5, releasing PHP 4.4.9 as last final version is the right thing todo. Stefan Esser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhyGhYACgkQSuF5XhWr2njsGACguBayiah0yj0RojBYhIIvCIqq 67kAni2syRvA1Db2mOHv96csV7pwh+tB =U9RH -END PGP SIGNATURE- -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP 4.4.9
Hi, I do not have karma, but I still think you guys missed one point in the entire thing. The end of life cycle of PHP4 is 08-08-08, so people expect one last release in this day as the last release. Some of you are telling that release something now contradicts your master plan, but you missed something. If you don't release something in 08-08-08, what will people think? That PHP4 died in 08-01-03. Why? Because their last touchable release is that one. You may tell checkout the source and you'll have 08-08-08, but most people are not interested in cvs. They are interested in .tar.gz. So, please, do not think you're contradicting something, because you aren't. If you don't release the LAST tag in the Olympics begin day, people will feel frustrated. I know thousands from userland may think the same. I already work with PHP5 only, but it's not the case here. That's just my humble opinion. Regards, On Mon, Jul 7, 2008 at 10:15 AM, Pierre Joye [EMAIL PROTECTED] wrote: On Mon, Jul 7, 2008 at 3:02 PM, Marcus Boerger [EMAIL PROTECTED] wrote: Hello Derick, Janusz is damn right here. Make the patches available but do not make it easy for people to stick to 4 please. Instead, stick to th eplan. I tend to agree here, a new release may contradict the purpose of the end of life announcement. Cheers, -- Pierre http://blog.thepimp.net | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php -- Guilherme Blanco - Web Developer CBC - Certified Bindows Consultant Cell Phone: +55 (16) 9166-6902 MSN: [EMAIL PROTECTED] URL: http://blog.bisna.com Rio de Janeiro - RJ/Brazil -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP 4.4.9
2008/7/7 Guilherme Blanco [EMAIL PROTECTED]: The end of life cycle of PHP4 is 08-08-08, so people expect one last release in this day as the last release. Some of you are telling that release something now contradicts your master plan, but you missed something. If you don't release something in 08-08-08, what will people think? That PHP4 died in 08-01-03. Why? Because their last touchable release is that one. PHP4 died 07-12-31. If PHP team will release next version of PHP4, PHP 4 end of life announcement will lose it's meaning, and the not yet upgraded webhosts won't have any reason to upgrade. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP 4.4.9
On Mon, Jul 7, 2008 at 10:39 AM, Janusz Lewandowski [EMAIL PROTECTED] wrote: 2008/7/7 Guilherme Blanco [EMAIL PROTECTED]: The end of life cycle of PHP4 is 08-08-08, so people expect one last release in this day as the last release. Some of you are telling that release something now contradicts your master plan, but you missed something. If you don't release something in 08-08-08, what will people think? That PHP4 died in 08-01-03. Why? Because their last touchable release is that one. PHP4 died 07-12-31. If PHP team will release next version of PHP4, PHP 4 end of life announcement will lose it's meaning, and the not yet upgraded webhosts won't have any reason to upgrade. When you have an application that has millions of lines and you rely of an specific major version, you'll understand my mean. I already tried to move to PHP5, without success. Lots of code changes and weird behaviors. Complete rewrite needed, no time for that. One last release to address last found issues seems perfect for this case. Otherwise... why have these fixes being applied? If it'll not be released anything after the end of support, why apply security patches there? So all the efforts of people have done to address important holes in PHP4 was useless, don't you think? Regards, -- Guilherme Blanco - Web Developer CBC - Certified Bindows Consultant Cell Phone: +55 (16) 9166-6902 MSN: [EMAIL PROTECTED] URL: http://blog.bisna.com Rio de Janeiro - RJ/Brazil -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP 4.4.9
Hi Stefan, Considering the fact that PHP 4.4.8 is known to have several public security problems that where only fixed in PHP 5, releasing PHP 4.4.9 as last final version is the right thing todo. Fixing any major security hole in 4.4 at this point would put an abrupt end to this argument ;) - Steph -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP 4.4.9
On Mon, 7 Jul 2008, Marcus Boerger wrote: Janusz is damn right here. Make the patches available but do not make it easy for people to stick to 4 please. Instead, stick to th eplan. We do, there are security fixes - we make a release. regards, Derick -- Derick Rethans http://derickrethans.nl | http://ezcomponents.org | http://xdebug.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DEV] PHP 4.4.9
-Original Message- From: Derick Rethans [mailto:[EMAIL PROTECTED] Sent: Monday, July 07, 2008 7:22 AM To: Marcus Boerger Cc: PHP Internals; Janusz Lewandowski Subject: Re: [PHP-DEV] PHP 4.4.9 On Mon, 7 Jul 2008, Marcus Boerger wrote: Janusz is damn right here. Make the patches available but do not make it easy for people to stick to 4 please. Instead, stick to th eplan. We do, there are security fixes - we make a release. I'm with Derick here. We should push out new releases when there are security issues Andi
Re: [PHP-DEV] PHP 4.4.9
Hello, On Mon, Jul 7, 2008 at 9:29 AM, Andi Gutmans [EMAIL PROTECTED] wrote: On Mon, 7 Jul 2008, Marcus Boerger wrote: Janusz is damn right here. Make the patches available but do not make it easy for people to stick to 4 please. Instead, stick to th eplan. We do, there are security fixes - we make a release. I'm with Derick here. We should push out new releases when there are security issues While I mostly observe here, I would like to add some feedback from this point of view. With PHP 4, the date still has not been reached and if there are security flaws they should be patched and released. This should not be sending mixed messages with the end of life announcement. From the enterprise perspective, we are out of compliance once the end of life has been exceeded and internal policies will force many on PHP 4 to upgrade to PHP 5 once that date has been reached. Within these environments there might be legacy applications running on PHP 4 that are either waiting to reach their end of cycle or need to be upgraded and the only way that does happen is when those timelines are reached when the language reaches the end of it's life cycle. Mike
Re: [PHP-DEV] PHP 4.4.9
On Mon, Jul 7, 2008 at 10:29 AM, Andi Gutmans [EMAIL PROTECTED] wrote: I'm with Derick here. We should push out new releases when there are security issues As am I. The EOL announcement itself justifies the release: We will continue to make critical security fixes available on a case-by-case basis until 2008-08-08. While it does contradict one sentence prior by saying this: After 2007-12-31 there will be no more releases of PHP 4.4. it's really just a matter of semantics. To end all arguments by satisfying that statement, a release could just be dubbed PHP 4.5. That meets the requirements of the EOL by making the necessary fixes, and still abides by the EOL on 4.4.x. ;-P -- /Daniel P. Brown Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just $59.99/mo. with no contract! Dedicated servers, VPS, and hosting from $2.50/mo. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP 4.4.9
Hello Stefan, this can be continued forever. Say we release 4.4.9, then sooner or later people will find another security whole, so we do another release. And another release and in the year 2134 our childrens children will release 4.4.4363 marcus :-) Monday, July 7, 2008, 3:28:54 PM, you wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Janusz Lewandowski schrieb: PHP 4 end of life announcement: After 2007-12-31 there will be no more releases of PHP 4.4. We will continue to make critical security fixes available on a case-by-case basis until 2008-08-08. Considering the fact that PHP 4.4.8 is known to have several public security problems that where only fixed in PHP 5, releasing PHP 4.4.9 as last final version is the right thing todo. Stefan Esser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhyGhYACgkQSuF5XhWr2njsGACguBayiah0yj0RojBYhIIvCIqq 67kAni2syRvA1Db2mOHv96csV7pwh+tB =U9RH -END PGP SIGNATURE- Best regards, Marcus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP 4.4.9
Hello Derick, how about this. We edit php_config.h to be version 4.4.8pl1. Then provide a patch for download. All reasonable distributions will pick up that patch anyway. But at least we didn't do a release as we promised, we wouldn't. marcus Monday, July 7, 2008, 9:09:51 AM, you wrote: Hello! As it's about a month until the end of PHP 4, it's time to make the last release. There have been a few important fixes, which need to be part of a release. If you have anything else, please let me know so we can integrate it in the release as well. I'm planning to make a release candidate Wednesday next week (for a release on Thursday). regards, Derick -- Derick Rethans http://derickrethans.nl | http://ezcomponents.org | http://xdebug.org Best regards, Marcus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP 4.4.9
On Mon, 7 Jul 2008, Marcus Boerger wrote: this can be continued forever. Say we release 4.4.9, then sooner or later people will find another security whole, so we do another release. And another release and in the year 2134 our childrens children will release 4.4.4363 Uh, no. The last date is as always has been 2008-08-08. 4.4.9 will be the last release. regards, Derick -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP 4.4.9
Derick Rethans wrote: On Mon, 7 Jul 2008, Marcus Boerger wrote: how about this. We edit php_config.h to be version 4.4.8pl1. Then provide a patch for download. All reasonable distributions will pick up that patch anyway. But at least we didn't do a release as we promised, we wouldn't. Uh, no. We didn't promise we wouldn't make releases. It clearly says that if there are security issues we look at them case-by-case to see if we should make a release. There are security issues, we make a release. There is nothing more to discuss about this. We did actually. The exact text from the announcement was: After 2007-12-31 there will be no more releases of PHP 4.4. We will continue to make critical security fixes available on a case-by-case basis until 2008-08-08. The two statements do contradict each other a little bit, and I am ok with another release, but technically Marcus is correct. -Rasmus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP 4.4.9
Derick Rethans wrote: On Mon, 7 Jul 2008, Marcus Boerger wrote: how about this. We edit php_config.h to be version 4.4.8pl1. Then provide a patch for download. All reasonable distributions will pick up that patch anyway. But at least we didn't do a release as we promised, we wouldn't. Uh, no. We didn't promise we wouldn't make releases. It clearly says that if there are security issues we look at them case-by-case to see if we should make a release. There are security issues, we make a release. There is nothing more to discuss about this. We did actually. The exact text from the announcement was: After 2007-12-31 there will be no more releases of PHP 4.4. We will continue to make critical security fixes available on a case-by-case basis until 2008-08-08. The two statements do contradict each other a little bit, and I am ok with another release, but technically Marcus is correct. -Rasmus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php