PHP-4.4.4 SRPM full Iworx compliant


We’ve created all the RPMs (php and all php modules) for PHP-4.4.4 based on the configure used by Interworx php-4.3.11

The SRPM is also based on the interworx’ SRPM PHP-4.3.11

We had to create patchs for some ext modules in file config.m4 to allow an installation on x86_64 box (grrr !!! :mad: ) .

The installation have been tested on I386 and X86_64 boxes ! :slight_smile:

See the phpinfo

Download the SRPM

1- Rebuild the SRPM with (in the srpm dir)

rpmbuild --rebuild --with ARCH ./php-4.4.4-100.rhe4x.carat.src.rpm

2- Update your PHP install

a. Check which modules are already installed

rpm -qa | grep ‘php-’

Note the list

b. Update your php RPMs

rpm -Uvh php-4.4.4-100.rhe4x.carat.x86_64.rpm php-mysql-4.4.4-100.rhe4x.carat.x86_64.rpm AND-ALL-OTHERS-ALREADY-INSTALLED

c. Restart apache

service httpd restart

d. test

/usr/bin/php -v

You should see something like this

Enjoy !!!


Any big differences between the two versions? I don’t want to break anything.

Yes, the 4.4 branch of php has a some back ported php5 code in it which will break a lot of scripts. I’d upgrade with caution unless you know that all of the scripts you are using are php 4.4 compliant. Someone more knowlegeble than I could maybe comment on the benefits of 4.4 but with php newer is NOT always better.

Oh and Pascal, thanks for posting the SRPM and HowTo. It will help a lot of clients as we do get requests for this every once in a while :slight_smile:

[QUOTE=IWorx-Tim;11392]Yes, the 4.4 branch of php has a some back ported php5 code in it which will break a lot of scripts. I’d upgrade with caution unless you know that all of the scripts you are using are php 4.4 compliant. Someone more knowlegeble than I could maybe comment on the benefits of 4.4 but with php newer is NOT always better.

Oh and Pascal, thanks for posting the SRPM and HowTo. It will help a lot of clients as we do get requests for this every once in a while :-)[/QUOTE]

Absolutly NOt !

I have more than 1 000 accounts using it a NO ONE had breaked something !


In fact they have changed the major number of this version only for one reason :

This is a maintenance release that addresses a serious memory corruption problem within PHP concerning references. If references were used in a wrong way, PHP would often create memory corruptions which would not always surface or be visible. In other cases it could cause variables and objects to change type or class unexpectedly. If you encountered strange behavior like this, this release might fix it. The increased middle digit was required because the fix that corrected the problem with references changed PHP’s internal API, breaking binary compatibility with the PHP 4.3.* series. This means that all binary extension modules need to be recompiled in order to work with this release.

For us this release and the ones after 4.0 are important because they fixe some 64Bits pbm, memory pbm, and also GD2 pbm and a lot of open_basedir test which was not done in few functions !

Version 4.4.0

* Added man pages for "phpize" and "php-config" scripts.
* Added support for .cc files in extensions.
* Added the sorting flag SORT_LOCALE_STRING to the sort() functions which makes them sort based on the current locale.
* Changed sha1_file() and md5_file() functions to use streams instead of low level IO.
* Fixed memory corruptions when using references in a wrong way.
* Fixed memory corruption in pg_copy_from() in case the as_null parameter was passed.
* Fixed memory corruption in stristr().
* Fixed bug #32685, Fixed bug #29423 (Segfault when using assignment by reference within function).
* Fixed bug #33242 (Mangled error message when stream fails).
* Fixed bug #33222 (segfault when CURL handle is closed in a callback).
* Fixed bug #33214 (odbc_next_result does not signal SQL errors with 2-statement SQL batches).
* Fixed bug #33210 (relax jpeg recursive loop protection).
* Fixed bug #33200 (preg_replace(): magic_quotes_sybase=On makes 'e' modifier misbehave).
* Fixed bug #33150 (shtool: insecure temporary file creation).
* Fixed bug #33072 (Add a safemode/open_basedir check for runtime save_path change).
* Fixed bug #33070 (Improved performance of bzdecompress() by several orders of magnitude).
* Fixed bug #33057 (Don't send extraneous entity-headers on a 304 as per RFC 2616 section 10.3.5).
* Fixed bug #33019 (socket errors cause memory leaks in php_strerror()).
* Fixed bug #33017 ("make distclean" gives an error with VPATH build).
* Fixed bug #33013 ("next month" was handled wrong while parsing dates).
* Fixed bug #32974 (pcntl calls malloc() from a signal handler).
* Fixed bug #32944 (Disabling session.use_cookies doesn't prevent reading session cookies).
* Fixed bug #32936 (http redirects URLs are not checked for control chars).
* Fixed bug #32932 (Oracle LDAP: ldap_get_entries invalid pointer).
* Fixed bug #32904 (pg_get_notify() ignores result_type parameter).
* Fixed bug #32813 (parse_url() does not handle scheme-only urls properly).
* Fixed bug #32810 (temporary files not using plain file wrapper).
* Fixed bug #32802 (General cookie overrides more specific cookie).
* Fixed bug #32800, Fixed bug #32830 (ext/odbc: Problems with 64bit systems).
* Fixed bug #32773 (GMP functions break when second parameter is 0).
* Fixed bug #32742 (segmentation fault when the stream with a wrapper is not closed).
* Fixed bug #32730 (ext/crack.c fails to compile with cracklib-2.8.3).
* Fixed bug #32670 (foreach() does not issue warning on unset array arg).
* Fixed bug #32699 (pg_affected_rows() was defined when it was not available).
* Fixed bug #32682 (ext/mssql: Error on module shutdown when called from activescript).
* Fixed bug #32647 (Using register_shutdown_function() with invalid callback can crash PHP).
* Fixed bug #32591 (ext/mysql: Unsatisfied symbol: ntohs with HP-UX).
* Fixed bug #32589 (Possible crash inside imap_mail_compose, with charsets).
* Fixed bug #32587 (Apache2: errors sent to error_log do not include timestamps).
* Fixed bug #32567 (ext/gmp fails to compile in threadsafe mode).
* Fixed bug #32538 (ext/swf/swf.c does not compile with gcc-3.4.x or newer).
* Fixed bug #32530 (chunk_split() does not append endstr if chunklen is longer then the original string).
* Fixed bug #32491 (File upload error - unable to create a temporary file).
* Fixed bug #32311 (mb_encode_mimeheader() does not properly escape characters).
* Fixed bug #32245 (xml_parser_free() in a function assigned to the xml parser gives a segfault).
* Fixed bug #32116 (mysql compressed connection doesn't work under windows).
* Fixed bug #31887 (ISAPI: Custom 5xx error does not return correct HTTP response message).
* Fixed bug #31583 (php_std_date() uses short day names in non-y2k_compliance mode).
* Fixed bug #31213 (Sideeffects caused by fix of bug Fixed bug #29493).
* Fixed bug #30052 (Crash on shutdown after odbc_pconnect()).
* Fixed bug #29975 (memory leaks when set_error_handler() is used inside error handler).
* Fixed bug #29944 (Function defined in switch, crashes).
* Fixed bug #29338 (unencoded spaces get ignored after certain tags).
* Fixed bug #28605 (Need to use -[m]ieee option for Alpha CPUs).
* Fixed bug #28377 (debug_backtrace is intermittently passing args).


And changelog for others release

Version 4.4.4

* Fixed memory_limit on 64bit systems.
* Fixed overflow on 64bit systems in str_repeat() and wordwrap().
* Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or safe_mode are enabled.
* Fixed a memory corruption error with an invalid foreach() call.
* Fixed bug #38431 (xmlrpc_get_type() crashes PHP on objects).
* Fixed bug #38377 (session_destroy() gives warning after session_regenerate_id()).
* Fixed bug #38322 (reading past array in sscanf() leads to arbitary code execution).
* Fixed bug #38278 (session_cache_expire()'s value does not match phpinfo's session.cache_expire).
* Fixed bug #38251 (socket_select() and invalid arguments).
* Fixed bug #38183 (disable_classes=Foobar causes disabled class to be called Foo).
* Fixed bug #38112 (corrupted gif segfaults).
* Fixed bug #37265 (Added missing safe_mode & open_basedir checks to imap_body()).
* Fixed bug #29538 (number_format and problem with 0).

There is a separate announcement available for this release.
Version 4.4.3

* Added control character checks for cURL extension's open_basedir/safe_mode checks.
* Added overflow checks to wordwrap() function.
* Added a check for special characters in the session name.
* Improved safe_mode check for the error_log() function.
* Updated PCRE to version 6.6.
* Fixed handling of extremely long paths inside tempnam() function.
* Fixed XSS inside phpinfo() with long inputs.
* Fixed a possible buffer overflow inside create_named_pipe() for Win32 systems in libmysql.c.
* Fixed bug #37720 (merge_php_config scrambles values).
* Fixed bug #37569 (WDDX incorrectly encodes high-ascii characters).
* Fixed bug #37510 (session_regenerate_id changes session_id() even on failure).
* Fixed bug #37360 (Memory errors with a corrupt GIF file).
* Fixed bug #37348 (Make PEAR install ignore open_basedir).
* Fixed bug #37346 (Crashes when using an invalid colormap format).
* Fixed bug #37162 (wddx does not build as a shared extension).
* Fixed bug #37046 (foreach breaks static scope).
* Fixed bug #37045 (Fixed check for special chars for http redirects).
* Fixed bug #36857 (Added support for partial content fetching to the HTTP streams wrapper).
* Fixed bug #36776 (node_list_wrapper_dtor segfault).
* Fixed bug #36459 (Incorrect adding PHPSESSID to links, which contains 

* Fixed bug #36458 (sleep() accepts negative values).
* Fixed bug #36242 (Possible memory corruption in stream_select()).
* Fixed bug #36223 (curl bypasses open_basedir restrictions).
* Fixed bug #36205 (Memory leaks on duplicate cookies).
* Fixed bug #36148 (unpack(“H*hex”, $data) is adding an extra character to the end of the string).
* Fixed bug #36017 (fopen() crashes PHP when opening a URL).

There is a separate announcement available for this release.
Version 4.4.2

* Added missing safe_mode/open_basedir checks into cURL extension.
* Backported missing imap_mailcompose() fixes from PHP 5.x.
* Prevent header injection by limiting each header to a single line.
* Fixed possible XSS inside error reporting functionality.
* Fixed Apache 2 regression with sub-request handling on non-linux systems.
* Fixed bug #35817 (unpack() does not decode odd number of hexadecimal values).
* Fixed bug #35735 ($EGREP not defined in configure).
* Fixed bug #35669 (imap_mail_compose() crashes with multipart-multiboundary-email).
* Fixed bug #35655 (whitespace following end of heredoc is lost).
* Fixed bug #35646 (%{mod_php_memory_usage}n is not reset after exit).
* Fixed bug #35594 (Multiple calls to getopt() may result in a crash).
* Fixed bug #35571 (Fixed crash in Apache 2 SAPI when more then one php script is loaded via SSI include).
* Fixed bug #35536 (mysql_field_type() doesn't handle NEWDECIMAL).
* Fixed bug #35410 (wddx_deserialize() doesn't handle large ints as keys properly).
* Fixed bug #35341 (Fix for bug #33760 breaks build with older curl).
* Fixed bug #35278 (Multiple virtual() calls crash Apache 2 php module).
* Fixed bug #35257 (Calling ob_flush after creating an ob callback causes segfault).
* Fixed bug #35079 (stream_set_blocking(true) toggles, not enables blocking).
* Fixed bug #35078 (configure does not find ldap_start_tls_s).
* Fixed bug #35071 (Wrong fopen mode used in GD safe-mode checks).
* Fixed bug #35067, Fixed bug #35063 (key(),current() need to work by reference).
* Fixed bug #35062 (socket_read() produces warnings on non blocking sockets).
* Fixed bug #35059 (Apache2 crash with mod_rewrite).
* Fixed bug #35009 (ZTS: Persistent resource destruct crashes when extension is compiled as shared).
* Fixed bug #34996 (ImageTrueColorToPalette() crashes when ncolors is zero).
* Fixed bug #34851 (SO_RECVTIMEO and SO_SNDTIMEO socket options expect integer parameter on Windows).
* Fixed bug #34830 (the 5th argument of mb_send_mail does not work).
* Fixed bug #34359 (Possible crash inside fopen http wrapper).
* Fixed bug #33963 (mssql_bind() fails on input parameters).
* Fixed bug #33760 (cURL needs CRYPTO_callback functions to prevent locking).
* Fixed bug #33720 (mb_encode_mimeheader does not work for multibyte chars).
* Fixed bug #33523 (Memory leak in xmlrpc_encode_request()).
* Fixed bug #33201 (Crash when fetching some data types).
* Fixed bug #33153 (crash in mssql_next result).
* Fixed bug #32009 (crash when mssql_bind() is called more than once).
* Fixed bug #31971 (ftp_login fails on some SSL servers).
* Fixed bug #30760 (Remove MessageBox on win32 for E_CORE errors if display_startup_error is off).
* Fixed bug #27678 (number_format() crashes with large numbers).

There is a separate announcement available for this release.
Version 4.4.1

* Added missing safe_mode checks for image* functions and cURL.
* Added missing safe_mode/open_basedir checks for file uploads.
* Fixed a memory corruption bug regarding included files.
* Fixed possible INI setting leak via virtual() in Apache 2 sapi.
* Fixed possible crash and/or memory corruption in import_request_variables().
* Fixed potential GLOBALS overwrite via import_request_variables().
* Fixed possible GLOBALS variable override when register_globals are ON.
* Fixed possible register_globals toggle via parse_str().
* Added "new_link" parameter to mssql_connect(). Bug #34369.
* Fixed bug #34850 (--program-suffix and --program-prefix not included in man page names).
* Fixed bug #34790 (preg_match_all(), named capturing groups, variable assignment/return => crash).
* Fixed bug #34742 (ftp wrapper failures caused from segmented command transfer).
* Fixed bug #34704 (Infinite recursion due to corrupt JPEG).
* Fixed bug #34645 (ctype corrupts memory when validating large numbers).
* Fixed bug #34565 (mb_send_mail does not fetch mail.force_extra_parameters).
* Fixed bug #34557 (php -m exits with "error" 1).
* Fixed bug #34456 (Possible crash inside pspell extension).
* Fixed bug #34311 (unserialize() crashes with chars above 191 dec).
* Fixed bug #34307 (on_modify handler not called to set the default value if setting from php.ini was invalid).
* Fixed bug #34302 (date('W') do not return leading zeros for week 1 to 9).
* Fixed bug #34277 (array_filter() crashes with references and objects).
* Fixed bug #34191 (ob_gzhandler does not enforce trailing \0).
* Fixed bug #34156 (memory usage remains elevated after memory limit is reached).
* Fixed bug #34148 (+,- and . not supported as parts of scheme).
* Fixed bug #34137 (assigning array element by reference causes binary mess).
* Fixed bug #34068 (Numeric string as array key not cast to integer in wddx_deserialize()).
* Fixed bug #34064 (arr[] as param to function is allowed only if function receives argument by reference).
* Fixed bug #33989 (extract($GLOBALS,EXTR_REFS) crashes PHP).
* Fixed bug #33987 (php script as ErrorDocument causes crash in Apache 2).
* Fixed bug #33940 (array_map() fails to pass by reference when called recursively).
* Fixed bug #33690 (Crash setting some ini directives in httpd.conf).
* Fixed bug #33673 (Added detection for partially uploaded files).
* Fixed bug #33648 (Using --with-regex=system causes compile failure).
* Fixed bug #33558 (Warning with nested calls to functions returning by reference).
* Fixed bug #33383 (crash when retrieving empty LOBs).
* Fixed bug #33156 (cygwin version of setitimer doesn't accept ITIMER_PROF).
* Fixed bug #32937 (open_basedir looses trailing / in the limiter).
* Fixed bug #32589 (possible crash inside imap_mail_compose() function).
* Fixed bug #32179 (xmlrpc_encode() segfaults with recursive references).
* Fixed bug #32160 (copying a file into itself leads to data loss).
* Fixed bug #31158 (array_splice on $GLOBALS crashes).
* Fixed bug #29983 (PHP does not explicitly set mime type & charset).
* Fixed bug #29253 (array_diff with $GLOBALS argument fails).
* Fixed bug #21306 (ext/sesssion: catch bailouts of write handler during RSHUTDOWN).

There is a separate announcement available for this release.

hi, have you already created the php-4.4.6 srpm?
Greetings - Michael