Hi!
We would like to announce the second RC of the 5.4.4 version. This
is mainly a bugfix release. The release includes a fix for a weakness
crypts() DES implementation (CVE-2012-2143). Please test it and notify
us of any problems you may encounter. The full list of the fixes is as
always in the NEWS file.
You can download the packages from:
http://downloads.php.net/stas
The Windows team provides windows binaries for the release.
As always you find them at:
http://windows.php.net/qa/
We plan the next RC for 5.4.4 in two weeks.
Regards,
Stas & David
We would like to announce the second RC of the 5.4.4 version. This
is mainly a bugfix release. The release includes a fix for a weakness
crypts() DES implementation (CVE-2012-2143). Please test it and
notify
us of any problems you may encounter. The full list of the fixes is
as
always in the NEWS file.
Sorry to bring this up again, but they aren't. 5.3 NEWS are not being
merged.
Right now, NEWS is pretty useless. If I want to know whether some
change is in one release, 5.4 NEWS won't tell me that.
For instance, 0f180a63 was committed to 5.3 in April 7 (a
stream_get_line() fix). It is most definitely in 5.4.4RC2:
$ git merge-base 0f180a63e php-5.4.4RC2
0f180a63ebb2d65bbe49b68d2430639b20443e9a
However, there's no mention in NEWS.
The current policy of changing only the lowest branch NEWS obviously
can only work if these changes are then merged to the most recent
branches on release. If the RMs are unwilling to do such merging, we
should change the policy to require updating the NEWS files in every
stable branch to which the fix was merged.
--
Gustavo Lopes
If the RMs are unwilling to do such merging, we should change the policy to require updating the
NEWS files in every stable branch to which the fix was merged.
This makes sense to me.
Chris
Hi!
Sorry to bring this up again, but they aren't. 5.3 NEWS are not being
merged.
Something weird going on with the NEWS. For example, I did cleanup in
this commit:
https://github.com/php/php-src/commit/5ebb0e520f4c31d09d9e5acd323162eca3fee0e3
However I'm looking at the tree now and it's gone. Somebody killed my
changes and I don't even see which commit did it. I think current model
of merging NEWS is not working very well.
I'll try to sort it out once again (and merge 5.3 ones missing) but in
general it looks like something needs to be done here to make it workable.
--
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227
Hi!
For instance, 0f180a63 was committed to 5.3 in April 7 (a
stream_get_line()fix). It is most definitely in 5.4.4RC2:$ git merge-base 0f180a63e php-5.4.4RC2
0f180a63ebb2d65bbe49b68d2430639b20443e9aHowever, there's no mention in NEWS.
I don't see NEWS entry for 5.3 either for that - which one specifies
that? The commit doesn't have NEWS entry and there's no bug number to
match it.
So I would be happy to merge it but please point to what I should be
merging.
--
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227