Bugzilla Bug 150261

An integer overflow was discovered in the PHP memory handling routines. If
a script can cause memory allocation based on untrusted user data, a remote
attacker sending a carefully crafted request could execute arbitrary code
as the 'apache' user.


http://rhn.redhat.com/errata/RHSA-2006-0708.html

The errata is against an ancient version of PHP (4.1.2) which we don't
distribute.  This bug should be marked as INVALID.

Best regards,
Stu

Are you sure that it isn't just Red Hat shipping old stuff!? The corresponding
patch

Are you sure that it isn't just Red Hat shipping old stuff!? The corresponding
patch¹ seems rather new to me.


[1] http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162

according to http://www.heise.de/newsticker/meldung/79120 (german) this is
indeed new

up-to-date php-4.x versions are said to be not affected
mandriva has issued an advisory at
http://archives.mandrivalinux.com/security-announce/2006-10/msg00004.php

linking to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4812

I just confirmed this with Stefan Esser from the Hardened PHP Project. We need
to act on this. I suggest that we use UPSTREAM's patch in a revision bump for
the affected packages.

I'm working on it, as well as other misc issues, I should have fixed and fully
tested ebuilds out by tomorrow evening at the latest.
Best regards, CHTEKK.

Fixed in dev-lang/php-4.4.4-r6 and dev-lang/php-5.1.6-r6, arches please stable
those two versions. AMD64 is already done. Expected test results, as well as
instructions, are the same as for the last stabling of 4.4.4-r4/5.1.6-r4.
Best regards, CHTEKK.

arches pls test and mark stable (s. comment #6)

dev-lang:php-4.4.4-r6
 1.) emerges on x86, with the following QA Notice:
QA Notice: the following files contain runtime text relocations
 Text relocations force the dynamic linker to perform extra
 work at startup, waste system resources, and may pose a security
 risk.  On some architectures, the code may not even function
 properly, if at all.
 For more information, see http://hardened.gentoo.org/pic-fix-guide.xml
 Please include this file in your report:
 /var/tmp/portage/php-4.4.4-r6/temp/scanelf-textrel.log
TEXTREL usr/lib/apache2/modules/libphp4.so

 2.) passes collision test
 3.) fails the following tests (on an other box, the last two test didn't
fail):
Simple POST Method test [tests/basic/002.phpt]
GET and POST Method combined [tests/basic/003.phpt]
Two variables in POST data [tests/basic/004.phpt]
Three variables in POST data [tests/basic/005.phpt]
Testing $argc and $argv handling (GET) [tests/basic/011.phpt]
Bug #25145 (SEGV on recpt of form input with name like "123[]")
[tests/lang/bug25145.phpt]
Bug #35239 (Objects can lose references) [tests/lang/bug35239.phpt]
Bug #24155 (gdImageRotate270 rotation problem). [ext/gd/tests/bug24155.phpt]
Bug #27582 (ImageFillToBorder() on alphablending image looses alpha on fill
color) [ext/gd/tests/bug27582_1.phpt]
mb_http_input() [ext/mbstring/tests/mb_http_input.phpt]
Bug #26938 (exec does not read consecutive long lines correctly)
[ext/standard/tests/file/bug26938.phpt]
proc_open() regression test 1 (proc_open() leak)
[ext/standard/tests/file/proc_open01.phpt]

 4.) works, apache reports the following in error_log
PHP Warning:  Unknown(): Unable to load dynamic library
'/usr/lib/php4/lib/php/extensions/no-debug-non-zts-20020429/apc.so' -
/usr/lib/php4/lib/php/extensions/no-debug-non-zts-20020429/apc.so: cannot open
shared object file: No such file or directory in Unknown on line 0


dev-lang/php-5.1.6-r6
 1.) emerges on x86, with the following QA Notices
QA Notice: the following files contain runtime text relocations
 Text relocations force the dynamic linker to perform extra
 work at startup, waste system resources, and may pose a security
 risk.  On some architectures, the code may not even function
 properly, if at all.
 For more information, see http://hardened.gentoo.org/pic-fix-guide.xml
 Please include this file in your report:
 /var/tmp/portage/php-5.1.6-r6/temp/scanelf-textrel.log
TEXTREL usr/lib/apache2/modules/libphp5.so

 2.) passes collision test
 3.) the following tests failed (on another box, the last 3 tests didn't fail):
Test for buffering in core functions with implicit flush off
[tests/func/008.phpt]
Test for abstract static classes [Zend/tests/abstract-static.phpt]
HTML input/output [ext/mbstring/tests/htmlent.phpt]
mb_output_handler() (Shift_JIS)
[ext/mbstring/tests/mb_output_handler_shift_jis.phpt]
Bug #26615 (exec crash on long input lines)
[ext/standard/tests/file/bug26615.phpt]
Bug #26938 (exec does not read consecutive long lines correctly)
[ext/standard/tests/file/bug26938.phpt]
proc_open() regression test 1 (proc_open() leak)
[ext/standard/tests/file/proc_open01.phpt]

 4.) works, apache reports the following in error_log
PHP Warning:  PHP Startup: Unable to load dynamic library
'/usr/lib/php5/lib/php/extensions/no-debug-non-zts-20050922/apc.so' -
/usr/lib/php5/lib/php/extensions/no-debug-non-zts-20050922/apc.so: cannot ope
n shared object file: No such file or directory in Unknown on line 0


emerge --info
Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3,
2.6.17.13 i686)
=================================================================
System uname: 2.6.17.13 i686 AMD Athlon(TM) XP1800+
Gentoo Base System version 1.12.5
Last Sync: Wed, 11 Oct 2006 07:50:01 +0000
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.2.11-r1
dev-lang/python:     2.3.5-r3, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo
/etc/texmf/web2c"
CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distlocks fixpackages
metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv
usersandbox"
GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/"
LANG="en_GB.utf8"
LINGUAS="en de en_GB"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/normal /usr/local/portage/testing"
SYNC="rsync://192.168.2.1/gentoo-portage"
USE="x86 3dnow 3dnowext X a52 aac acpi alsa apache2 bash-completion berkdb
bitmap-fonts bzip2 cairo cdr cli crypt css cups dbus divx4linux dlloader dri
dts dvd dvdr dvdread elibc_glibc emboss exif fam ffmpeg firefox font-server
fortran gdbm gif gnome gphoto2 gpm gstreamer gtk gtk2 gtkhtml hal
input_devices_keyboard input_devices_mouse ipv6 isdnlog java jpeg kde
kernel_linux ldap libclamav libg++ linguas_de linguas_en linguas_en_GB
logitech-mouse mad mikmod mmx mmxext mono mozcalendar mozdevelop mozsvg mp3
mpeg ncurses network nls nptl nptlonly nvidia oav ogg opengl oss pam pcre perl
png ppds pppd python qt qt3 qt4 quicktime readline reflection samba sdl
seamonkey session spell spl ssl tcltk tcpd test tetex tiff truetype
truetype-fonts type1-fonts udev unicode usb userland_GNU vcd video_cards_none
video_cards_nv vorbis win32codecs xine xinerama xml xorg xorg-x11 xprint xv xvg
xvid zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, MAKEOPTS,
PORTAGE_RSYNC_EXTRA_OPTS

(In reply to comment #8)
> dev-lang:php-4.4.4-r6
>  3.) fails the following tests (on an other box, the last two test didn't
> fail):
> Simple POST Method test [tests/basic/002.phpt]
> GET and POST Method combined [tests/basic/003.phpt]
> Two variables in POST data [tests/basic/004.phpt]
> Three variables in POST data [tests/basic/005.phpt]
> Testing $argc and $argv handling (GET) [tests/basic/011.phpt]
> Bug #25145 (SEGV on recpt of form input with name like "123[]")
> [tests/lang/bug25145.phpt]
> Bug #35239 (Objects can lose references) [tests/lang/bug35239.phpt]
> Bug #24155 (gdImageRotate270 rotation problem). [ext/gd/tests/bug24155.phpt]
> Bug #27582 (ImageFillToBorder() on alphablending image looses alpha on fill
> color) [ext/gd/tests/bug27582_1.phpt]
> mb_http_input() [ext/mbstring/tests/mb_http_input.phpt]
> Bug #26938 (exec does not read consecutive long lines correctly)
> [ext/standard/tests/file/bug26938.phpt]
> proc_open() regression test 1 (proc_open() leak)
> [ext/standard/tests/file/proc_open01.phpt]

Last two failed tests are new from currently stable version (bug #147061)

> dev-lang/php-5.1.6-r6
>  3.) the following tests failed (on another box, the last 3 tests didn't fail):
> Test for buffering in core functions with implicit flush off
> [tests/func/008.phpt]
> Test for abstract static classes [Zend/tests/abstract-static.phpt]
> HTML input/output [ext/mbstring/tests/htmlent.phpt]
> mb_output_handler() (Shift_JIS)
> [ext/mbstring/tests/mb_output_handler_shift_jis.phpt]
> Bug #26615 (exec crash on long input lines)
> [ext/standard/tests/file/bug26615.phpt]
> Bug #26938 (exec does not read consecutive long lines correctly)
> [ext/standard/tests/file/bug26938.phpt]
> proc_open() regression test 1 (proc_open() leak)
> [ext/standard/tests/file/proc_open01.phpt]

All except "Test for abstract static classes [Zend/tests/abstract-static.phpt]"
are new from current stable version (bug #147061)

php team, what about these failed tests?

(In reply to comment #9)
> php team, what about these failed tests?

Strange... I got consistent test results while running the tests on my systems
with the latest stable test results... None of the added patches could afaik
justify those failures... Remember to test with USE=cgi enabled too, that's
from where a good number of those failures come from.
Wrt the QA notice: it's expected, just turn USE=pic on.
Wrt the APC error, it seems you don't have dev-php{4,5}/pecl-apc installed
anymore... Either reinstall those or clear out their .ini files from
/etc/php/*/ext/, as the ebuild itself can't be going around /etc and killing
files. :)
Best regards, CHTEKK.

ppc stable

sparc stable.

(In reply to comment #10)
> (In reply to comment #9)
> > php team, what about these failed tests?
> 
> Strange... I got consistent test results while running the tests on my systems
> with the latest stable test results... None of the added patches could afaik
> justify those failures... Remember to test with USE=cgi enabled too, that's
> from where a good number of those failures come from.
> Wrt the QA notice: it's expected, just turn USE=pic on.
> Wrt the APC error, it seems you don't have dev-php{4,5}/pecl-apc installed
> anymore... Either reinstall those or clear out their .ini files from
> /etc/php/*/ext/, as the ebuild itself can't be going around /etc and killing
> files. :)
> Best regards, CHTEKK.
> 

Looks good now, thanks for the input Luca. Recompiled with USE="cgi" and
removed unneeded .ini files. 
Failed tests on php-4 (the same on both boxes):
Bug #35239 (Objects can lose references) [tests/lang/bug35239.phpt]
Bug #24155 (gdImageRotate270 rotation problem). [ext/gd/tests/bug24155.phpt]
Bug #27582 (ImageFillToBorder() on alphablending image looses alpha on fill
color) [ext/gd/tests/bug27582_1.phpt]

php-5 (also the same on both boxes):
Test for buffering in core functions with implicit flush off
[tests/func/008.phpt]
Test for abstract static classes [Zend/tests/abstract-static.phpt]
HTML input/output [ext/mbstring/tests/htmlent.phpt]
mb_output_handler() (Shift_JIS)
[ext/mbstring/tests/mb_output_handler_shift_jis.phpt]

ppc64 stable

(In reply to comment #13)
> Failed tests on php-4 (the same on both boxes):
> Bug #35239 (Objects can lose references) [tests/lang/bug35239.phpt]
> Bug #24155 (gdImageRotate270 rotation problem). [ext/gd/tests/bug24155.phpt]
> Bug #27582 (ImageFillToBorder() on alphablending image looses alpha on fill
> color) [ext/gd/tests/bug27582_1.phpt]

Yup all those are expected to fail, your PHP4 is consistent with my results.
All good for stabling!

> php-5 (also the same on both boxes):
> Test for buffering in core functions with implicit flush off
> [tests/func/008.phpt]
> Test for abstract static classes [Zend/tests/abstract-static.phpt]
> HTML input/output [ext/mbstring/tests/htmlent.phpt]
> mb_output_handler() (Shift_JIS)
> [ext/mbstring/tests/mb_output_handler_shift_jis.phpt]

Uhmmm strange, I don't get failures on those tests at all... Please contact me
off-bug (via mail possibly) and tell me the USE flags (emerge -pv output) for
php5 and, if possible, if the tests gave any reason when failing (that's
printed out when the test is executed and marked as FAIL). The failure of "Test
for abstract static classes" is expected I'd say if PDO is disabled, this was
fixed in the soon to be released PHP 5.2.0. I'm just curious/interested in what
is causing those failures for you, as I can't reproduce them, and the PHP test
system is a strange beast, with not really consistent results depending on your
config/platform and some tests expected to fail... So I'd say PHP5 too is all
good for stabling, go for it arches! ;)
Best regards, CHTEKK.

Alpha'lized !

Here it fails on the following tests:

=====================================================================
FAILED TEST SUMMARY
---------------------------------------------------------------------
Test for buffering in core functions with implicit flush off
[tests/func/008.phpt]
Test for abstract static classes [Zend/tests/abstract-static.phpt]
=====================================================================

[ebuild   R   ] dev-lang/php-5.1.6-r6  USE="berkdb bzip2 cli crypt curl exif
ftp gdbm imap ipv6 ldap mhash ncurses nls pcre readline reflection session
spell spl ssl truetype xml zlib -adabas -apache -apache2 -bcmath -birdstep
-calendar -cdb -cgi -cjk -concurrentmodphp -ctype -curlwrappers -db2 -dbase
-dbmaker -debug -discard-path -doc -empress -empress-bcs -esoob -fastbuild
-fdftk -filepro -firebird -flatfile -force-cgi-redirect -frontbase -gd
-gd-external -gmp -hardenedphp -hash -hyperwave-api -iconv -informix -inifile
-interbase -iodbc -java-external -kerberos -libedit -mcve -memlimit -ming -msql
-mssql -mysql -mysqli -oci8 -oci8-instant-client -odbc -pcntl -pdo
-pdo-external -pic -posix -postgres -qdbm -recode -sapdb -sasl -sharedext
-sharedmem -simplexml -snmp -soap -sockets -solid -sqlite -sybase -sybase-ct
-sysvipc -threads -tidy -tokenizer -unicode -vm-goto -vm-switch -wddx
-xmlreader -xmlrpc -xmlwriter -xpm -xsl -yaz -zip" 0 kB 

Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3,
2.6.17-gentoo-r8 i686)
=================================================================
System uname: 2.6.17-gentoo-r8 i686 AMD Athlon(tm) XP 2500+
Gentoo Base System version 1.12.5
Last Sync: Thu, 12 Oct 2006 05:20:01 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer
parallel-fetch sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo/"
LANG="de_DE@euro"
LC_ALL="de_DE@euro"
LINGUAS="de"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.informatik.rwth-aachen.de/gentoo-portage"
USE="x86 3dnow 3dnowext X Xaw3d a52 alsa artworkextra asf audiofile
bash-completion beagle berkdb bidi bitmap-fonts bootsplash branding bzip2 cairo
cdda cddb cdparanoia cdr cli cracklib crypt css cups curl custom-cflags dbus
dga directfb divx4linux dlloader dri dts dvd dvdr dvdread dvi eds elibc_glibc
emacs emboss encode esd evo exif expat fam fat fbcon ffmpeg firefox fortran ftp
gb gcj gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml hal icq idn imagemagick
imap input_devices_keyboard input_devices_mouse ipv6 isdnlog java javascript
jikes jpeg jpeg2k kde kernel_linux ldap leim libg++ linguas_de lm_sensors mad
maildir matroska mbox mhash mikmod mime mmx mmxext mng mono mp3 mpeg mpeg2 mule
nautilus ncurses nforce2 nls nocardbus nptl nptlonly nsplugin nvidia objc ogg
opengl pam pcre pdf perl plotutils pmu png ppds pppd preview-latex print python
qt3 qt4 quicktime readline reflection reiserfs samba sdk session slang spell
spl sse ssl svg svga t1lib tcltk tcpd tetex theora thunderbird tiff truetype
truetype-fonts type1-fonts udev usb userland_GNU vcd video_cards_fbdev
video_cards_radeon video_cards_vesa videos vorbis win32codecs wmf wxwindows
xine xml xorg xosd xv xvid zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS,
PORTAGE_RSYNC_EXTRA_OPTS

HELP: file-uploads don't work anymore since upgrading to dev-lang/php-5.1.6-r6

We always retrieve the following warnings while trying to upload files:
[12-Oct-2006 11:34:31] PHP Warning:  Unknown: open_basedir restriction in
effect. File(/tmp) is not within the allowed path(s):
(/bla/bla/htdocs/:/var/log/bla/bla/:/tmp/) in Unknown on line 0
[12-Oct-2006 11:34:31] PHP Warning:  File upload error - unable to create a
temporary file in Unknown on line 0

Yes, we have open_basedir enabled. As you can see in the warning, the /tmp/
directory is part of the open_basedir. All the settings and configurations
worked flawlessly with dev-lang/php-5.1.6-r4

Any Ideas?

Here some information:
[ebuild   R   ] dev-lang/php-5.1.6-r6  USE="apache2 cli crypt ctype curl exif
fastbuild gd-external gdbm hash iconv imap memlimit ming mysql mysqli nls pcre
pdo pic posix reflection session simplexml soap sockets spell spl ssl tokenizer
truetype unicode xml xmlreader xmlwriter xsl zlib (-adabas) -apache -bcmath
-berkdb (-birdstep) -bzip2 -calendar -cdb -cgi -cjk -concurrentmodphp
-curlwrappers -db2 -dbase (-dbmaker) -debug -discard-path -doc (-empress)
(-empress-bcs) (-esoob) (-fdftk) (-filepro) (-firebird) -flatfile
-force-cgi-redirect (-frontbase) -ftp -gd -gmp -hardenedphp -hyperwave-api
(-informix) -inifile -interbase -iodbc -ipv6 -java-external -kerberos -ldap
-libedit -mcve -mhash -msql -mssql -ncurses -oci8 (-oci8-instant-client) -odbc
-pcntl -pdo-external -postgres -qdbm -readline -recode -sapdb -sasl -sharedext
-sharedmem -snmp (-solid) -sqlite (-sybase) (-sybase-ct) -sysvipc -threads
-tidy -vm-goto -vm-switch -wddx -xmlrpc -xpm -yaz -zip" 0 kB 

Portage 2.1.1-r1 (default-linux/amd64/2006.0, gcc-3.4.6, glibc-2.3.6-r4,
2.6.15.1-web01-1.0 x86_64)
=================================================================
System uname: 2.6.15.1-web01-1.0 x86_64 Intel(R) Xeon(TM) CPU 3.20GHz
Gentoo Base System version 1.12.5
Last Sync: Thu, 12 Oct 2006 09:20:01 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: [Not Present]
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=nocona -O3 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=nocona -O3 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/
http://distfiles.gentoo.org
http://www.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="amd64 apache2 avi berkdb crypt elibc_glibc encode gdbm gif imlib
input_devices_evdev input_devices_keyboard input_devices_mouse jpeg
kernel_linux libg++ libwww lzw mp3 mpeg mysql ncurses nls nptl pam pdflib perl
png python quicktime readline sdl session spell ssl tcpd tiff truetype usb
userland_GNU userlocales video_cards_apm video_cards_ark video_cards_ati
video_cards_chips video_cards_cirrus video_cards_cyrix video_cards_dummy
video_cards_fbdev video_cards_glint video_cards_i128 video_cards_i810
video_cards_mga video_cards_neomagic video_cards_nv video_cards_rendition
video_cards_s3 video_cards_s3virge video_cards_savage video_cards_siliconmotion
video_cards_sis video_cards_sisusb video_cards_tdfx video_cards_tga
video_cards_trident video_cards_tseng video_cards_v4l video_cards_vesa
video_cards_vga video_cards_via video_cards_vmware video_cards_voodoo xml zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS,
LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS

(In reply to comment #18)
> HELP: file-uploads don't work anymore since upgrading to dev-lang/php-5.1.6-r6
> ...
> Any Ideas?

Hmm this could be due to some new open_basedir checks we added... One of them
was just improved by the PHP team today, I've prepared a new release with this
improved patch, maybe it fixes your problem, maybe not, nfc as I don't have any
information on how to reproduce... ;) Please test dev-lang/php-5.1.6-r8 from
the PHP Overlay testing-branch (emerge layman && layman -f && layman -a
php-testing) and report back if that fixes anything for you, thanks!
Best regards, CHTEKK.

hppa stable

x86 team, what's about this problem ? can it be solved ?

Falco: what's about this problem ? can it be solved ? <---erm....what is this
problem and can it be solved? Why are we being asked about php test failures?
I'm failing to see how and why we need to solve it? Overall I'm just confused
as to that reply...

I was holding off personally because of the person who talked about upload
problems..see if something came of it, but appears the person posted and didn't
add themselves to cc *shrugs*

OK, so maybe you could mark stable php-4.4.4-r6 and php-5.1.6-r6 if nothing
blocks it ?

Hello, I'm the person who talked about upload problems.

Sorry, for not responding to this issue anymore.
Unfortunatelly, I didn't found the time to test dev-lang/php-5.1.6-r8 from
the PHP Overlay. (... and I'll not find it in the near future; because
my system was not a test machine)
My solution was downgrading to dev-lang/php-5.1.6-r4.
Afterwards the problem disappeared.

tsunam, what do you eventually decide ?

I decided to just move forward with it >_> <_< stable in otherwords

/me happy !  Thanks Tsunam

Readd IA64 and SH arch-teams...
SH: still need to keyword it. ;)
IA64: it seems you forgot dev-lang/php-4.4.4-r6?
Thanks and best regards, CHTEKK.

ia64 done.

GLSA 200610-14