Summary: | dev-lang/php-5.6.10 breaks www-apps/mediawiki-1.23.8 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Joerg Schaible <joerg.schaible> |
Component: | [OLD] Server | Assignee: | PHP Bugs <php-bugs> |
Status: | RESOLVED UPSTREAM | ||
Severity: | normal | CC: | torinthiel, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Joerg Schaible
2015-07-11 20:59:56 UTC
(In reply to Joerg Schaible from comment #0) > Mediawiki does no longer respond (every page) after upgrade from php-5.6.9 > to php-5.6.10. CPU usage of apache2 process goes near to 100% and the > response times out. Following entry appears in the apache error.log: > > ================ %< ================ > [Sat Jul 11 19:25:25 2015] [error] [client 192.168.13.27] PHP Fatal error: > Maximum execution time of 30 seconds exceeded in > /var/www/localhost/htdocs/mediawiki/includes/utils/MWCryptRand.php on line > 320 > ================ %< ================ > > Mediaiwki works fine after downgrade to php-5.6.9 again. > https://git.wikimedia.org/blob/mediawiki%2Fcore/3d6956afe6b897a237b7b7b48416ad4ba9fc7679/includes%2Futils%2FMWCryptRand.php shows that the line listed above is: $iv = mcrypt_create_iv( $rem, MCRYPT_DEV_URANDOM ); 5.6.10 has this in the notes which could be related: Added file descriptor caching to mcrypt_create_iv(). Possible Upstream bug : https://phabricator.wikimedia.org/T104426 See also https://secure.php.net/manual/en/function.mcrypt-create-iv.php#117047 php-5.6.12 breaks mediawiki-1.23.8 as well It's worse then just this. Basically mcrypt_create_iv is broken. Both $v=mcrypt_create_iv(64, MCRYPT_DEV_URANDOM); and $v=mcrypt_create_iv(64); just hang. Curiously this appears to be only connected to apache module, CLI works without problems. Haven't checked other SAPIs. I think this may have been fixed upstream: https://bugs.php.net/bug.php?id=69833 Can you please try dev-lang/php-5.6.16 to see if that fixes the issue? I'd rather not. Forgot to mention, this applies to me for dev-lang/php-5.5.30, I'm still fighting with (quite valid) new deprecations added by php-5.5 (having upgraded to 5.5 only because 5.4 was masked). Good thing is: manual inspection of the patch in issue you've linked to shows that it should apply cleanly. Bad thing is https://github.com/php/php-src/blob/PHP-5.5/ext/mcrypt/mcrypt.c#L494 shows it's not done upstream. The related 5.5 upstream issue https://bugs.php.net/bug.php?id=70150 is closed as duplicate without fixing it in 5.5. (In reply to Wacław Schiller from comment #6) > I'd rather not. Forgot to mention, this applies to me for > dev-lang/php-5.5.30, I'm still fighting with (quite valid) new deprecations > added by php-5.5 (having upgraded to 5.5 only because 5.4 was masked). > > Good thing is: manual inspection of the patch in issue you've linked to > shows that it should apply cleanly. Bad thing is > https://github.com/php/php-src/blob/PHP-5.5/ext/mcrypt/mcrypt.c#L494 shows > it's not done upstream. > > The related 5.5 upstream issue https://bugs.php.net/bug.php?id=70150 is > closed as duplicate without fixing it in 5.5. I understand the reluctance to upgrade anything on a live system (especially with third party code like most PHP), but php-5.6 should be a pretty safe upgrade from php-5.5: http://php.net/manual/en/migration56.incompatible.php The big one to watch out for in my opinion is the SSL/TLS verification thing. But that's a trivial fix if you notice it in the logs. We masked php-5.4 because upstream dropped support for it. With php-7.0 recently released, php-5.5 will be next on the chopping block. Upstream is only applying critical fixes at this point, and without a really good reason, we're going to follow their lead. Oh, and you wouldn't have to stick with php-5.6, it's just important that we know if the bug is really fixed there. If it is, that will help the other people with the same problem. If not, then we need to know so we can get it fixed! Verified that it works with dev-lang/php-5.6.14 (the currently stable dev-lang/php:5.6). The code from upstream patch is also there. Supposedly it'll work with 5.6.16 as well.
Have not checked using mediawiki as in original report, but using
a) custom minimal script for that bug
> $v=mcrypt_create_iv(64, MCRYPT_DEV_URANDOM);
b) SilverStripe installation
both of which hang on 5.5.30 and work on 5.6.14.
That should probably close the issue for 5.6.
(In reply to Wacław Schiller from comment #9) > Verified that it works with dev-lang/php-5.6.14 (the currently stable > dev-lang/php:5.6). Thank you for verifying. Since upstream isn't interested in backporting this, we won't either: there are simply too many fixes in 5.6.x to be in that business. However, all of the dev-lang/php ebuilds allow you to apply your own patches using the /etc/portage/patches directory: https://wiki.gentoo.org/wiki//etc/portage/patches If you are stuck on the 5.5.x series, the upstream patch can be found at, http://git.php.net/?p=php-src.git;a=patch;h=80bc2133cd453c9a5981023d27e37bfd845172a1;hp=79cd9a18b505e8d77d16abe6ef146d4b4ff02ed9 and then dropped into /etc/portage/patches/dev-lang/php:5.5. Afterwards it should be applied whenever you emerge php-5.5.x. |