All versions of php before 5.2.5_p20080602 are shipping vulnerable versions of pcre (<7.6, see bug 209067). The new snapshot of php also fixes several crash issues (wasn't possible for me to track all of them, just some examples: upstream bugs 44046, 44028, 42841, 29044 and probably more). I'm not sure about the impact of the PCRE security issue and the crash issues. The ebuild will be in the tree in some minutes, I'll update the bug accordingly.
s/p20080602/p20080206/g :)
php-5.2.5_p20080206 in the tree now. These tests are known to fail (either they have been failing for ages or they are new and test for bugs which haven't been fixed yet, so no regression): ----- PDO Common: Bug #43663 (__call on classes derived from PDO) [ext/pdo/tests/bug_43663.phpt] Bug #38759 (sqlite2 empty query causes segfault) [ext/sqlite/tests/bug38759.phpt] via [ext/sqlite/tests/pdo/common.phpt] SQLite2 PDO Common: Bug #43663 (__call on classes derived from PDO) [ext/sqlite/tests/pdo/bug_43663.phpt] Test array_merge_recursive() function : usage variations - common key and value(Bug#43559) [ext/standard/tests/array/array_merge_recursive_variation9.phpt] Test arsort() function : usage variations - sort integer/float values [ext/standard/tests/array/arsort_variation3.phpt] Test is_file() function: usage variations - diff. path notations (Bug #42027, #42638) [ext/standard/tests/file/is_file_variation4.phpt] Test rename() function: usage variations-1 (Bug#42638) [ext/standard/tests/file/rename_variation.phpt] -----
*** Bug 207752 has been marked as a duplicate of this bug. ***
Lets stabilize this... arches, have phun. :) Thanks.
x86 off the phun. Stable :)
ppc64 done
ppc stable
That's odd: >>> Source compiled. >>> Test phase [test]: dev-lang/php-5.2.5_p20080206 /dev/shm/portage/dev-lang/php-5.2.5_p20080206/temp/environment: line 4603: ./sap i/cli/php: No such file or directory * Some tests failed! >>> Install php-5.2.5_p20080206 into /dev/shm/portage/dev-lang/php-5.2.5_p200802 06/image/ category dev-lang [ebuild R ] dev-lang/php-5.2.5_p20080206 USE="apache2 berkdb bzip2 calendar cdb cgi cjk cli crypt ctype curl exif filter ftp gd gmp iconv imap iodbc ipv6 kerberos ldap mcve mhash mssql mysql mysqli ncurses nls odbc pcre pdo pic postgres qdbm readline reflection session snmp sockets spell spl sqlite ssl suhosin threads tidy tokenizer truetype unicode xml xpm xsl zip-external zlib (-adabas) -bcmath (-birdstep) -concurrentmodphp -curlwrappers (-db2) -dbase (-dbmaker) -debug -discard-path -doc (-empress) (-empress-bcs) (-esoob) -fastbuild (-fdftk) (-firebird) -flatfile -force-cgi-redirect (-frontbase) -gd-external -gdbm -hash -inifile -interbase (-java-external) -json -ldap-sasl -libedit -msql (-oci8) (-oci8-instant-client) -pcntl -posix -recode -sapdb -sharedext -sharedmem -simplexml -soap (-solid) (-sybase) (-sybase-ct) -sysvipc -wddx -xmlreader -xmlrpc -xmlwriter -yaz -zip" 0 kB With FEATURES="test userpriv" Any ideas?
Stable for HPPA (but I personally want to know about the failing test suite).
This version broke several of our (zend encoded) webapps using Zend Optimizer 3.3.0a. Backtrace doesn't give much more info than: Program terminated with signal 11, Segmentation fault. #0 0xb50508e1 in ?? () from /usr/local/Zend/lib/Optimizer-3.3.0/php-5.2.x/ZendOptimizer.so (gdb) bt #0 0xb50508e1 in ?? () from /usr/local/Zend/lib/Optimizer-3.3.0/php-5.2.x/ZendOptimizer.so previous ebuild dev-lang/php-5.2.5-r1 was fine. Reverting to this version solves the issue, so i guess i'll mask this one for now.
Meh :/ (In reply to comment #8) > That's odd: > > >>> Source compiled. > >>> Test phase [test]: dev-lang/php-5.2.5_p20080206 > /dev/shm/portage/dev-lang/php-5.2.5_p20080206/temp/environment: line 4603: > ./sap > i/cli/php: No such file or directory > * Some tests failed! > > >>> Install php-5.2.5_p20080206 into /dev/shm/portage/dev-lang/php-5.2.5_p200802 > 06/image/ category dev-lang I can't really explain (or reproduce) that. It says it can't find ./sapi/cli/php, but with USE=cli it should be there (and I guess you have it on the live system as /usr/bin/php as well). So.. must be some path related thing, maybe because of your portage tmp dir? I'll trying /dev/shm later... (In reply to comment #10) > This version broke several of our (zend encoded) webapps using Zend Optimizer > 3.3.0a. Backtrace doesn't give much more info than: > > Program terminated with signal 11, Segmentation fault. > #0 0xb50508e1 in ?? () from > /usr/local/Zend/lib/Optimizer-3.3.0/php-5.2.x/ZendOptimizer.so > (gdb) bt > #0 0xb50508e1 in ?? () from > /usr/local/Zend/lib/Optimizer-3.3.0/php-5.2.x/ZendOptimizer.so > > previous ebuild dev-lang/php-5.2.5-r1 was fine. Reverting to this version > solves the issue, so i guess i'll mask this one for now. Not so good. ;) Do you have a simple reproduce case for me or does it only happen when using your (probably big) encoded application? ZendOptimizer still works fine for me, but I haven't tried using it to parse encoded files. I can think of one patch which possibly breaks that, but I'm not sure. Could you please try php-5.2.5_p20080206-r1 from php-testing overlay (layman -a php-testing)? It omits exactly the patch I'm suspecting. If this does help I'll have to try and fix the patch as we can't simply drop it. (The ebuild does not have any KEYWORDS, so do echo '=dev-lang/php-5.2.5_p20080206* **' >> /etc/portage/package.keywords first) Thanks for pointing out the problem anyway. =)
(In reply to comment #10) > /usr/local/Zend/lib/Optimizer-3.3.0/php-5.2.x/ZendOptimizer.so We do not install anything to /usr/local; if you have issues with dev-php5/ZendOptimizer *ebuild* (after wiping all the cruft in /usr/local first and sanitizing your configuration accordingly), then file a *new* bug.
I dont use Zend Optimizer ebuild, and that is beside the point. Optimizer works fine. @Christian i will try to isolate the problem on a seperate machine and try to track down the patch which causes the problem. and if it pleases Jakub i will use the ZO ebuild there.
alpha/ia64/sparc stable
(In reply to comment #11) > > Not so good. ;) > Do you have a simple reproduce case for me or does it only happen when using > your (probably big) encoded application? ZendOptimizer still works fine for me, > but I haven't tried using it to parse encoded files. Yup its a big app so its not going to be easy to pinpoint. It is Zend encoded using Zend Guard 5. > I can think of one patch which possibly breaks that, but I'm not sure. Could > you please try php-5.2.5_p20080206-r1 from php-testing overlay (layman -a > php-testing)? It omits exactly the patch I'm suspecting. If this does help I'll > have to try and fix the patch as we can't simply drop it. > (The ebuild does not have any KEYWORDS, so do echo > '=dev-lang/php-5.2.5_p20080206* **' >> /etc/portage/package.keywords first) > > Thanks for pointing out the problem anyway. =) > I have just tried php-5.2.5_p20080206-r1 from php-testing with Zend Optimizer ebuild and this still exhibits the same problem: Core was generated by `/usr/sbin/apache2 -D DEFAULT_VHOST -D LANGUAGE -D SSL -D SSL_DEFAULT_VHOST -D U'. Program terminated with signal 11, Segmentation fault. #0 0xb5f8f8e1 in ?? () from /usr/lib/php5/lib/php/extensions/no-debug-non-zts-20060613/ZendOptimizer.so (gdb) bt #0 0xb5f8f8e1 in ?? () from /usr/lib/php5/lib/php/extensions/no-debug-non-zts-20060613/ZendOptimizer.so #1 0x00000000 in ?? () Is there an easy way for me to include/exclude patches from the patchset for testing?
(In reply to comment #15) Once again, file a *new* bug please. This bug is for security *only*. Thanks.
OK sorry. New bug at http://bugs.gentoo.org/show_bug.cgi?id=209649 I will shut up now :)
Forget this, broken... http://bugs.php.net/bug.php?id=44094 and others.
Considering the bugs in "Depend", should we revoke stable on x86 and sparc?
Never mind, it's masked. Bleh@me
I just committed =dev-lang/php-5.2.5_p20080206-r2 which includes a fix for bug 209606. Once it is confirmed that it fixes bug 209501 as well (I think it should but want to get a confirmation first), we are set for another round of stabilization. Sorry for the delays. :(
Some upstream dev argued that the recently committed patch (which we are shipping in -r2) might break other functionality (mysql_pconnect probably). There was a new patch and as such there is a new revision in the tree: php-5.2.5_p20080206-r3. I'd prefer if it could get some testing before CC'ing arches. Feel free to request stabilization in 12 hours or so and once bug 209501 is marked FIXED.
I still cannot seem to run the test suite. ------------------------ >>> Test phase [test]: dev-lang/php-5.2.5_p20080206-r3 /dev/shm/portage/dev-lang/php-5.2.5_p20080206-r3/temp/environment: line 4608: /dev/shm/portage/dev-lang/php-5.2.5_p20080206-r3/work/php-5.2.5_p20080206/sapi/cli/php: No such file or directory * Not all tests were successful! >>> Install php-5.2.5_p20080206-r3 into /dev/shm/portage/dev-lang/php-5.2.5_p20080206-r3/image/ category dev-lang ------------------------ emerge -vp --nodeps dev-lang/php: [ebuild R ] dev-lang/php-5.2.5_p20080206-r3 USE="apache2 berkdb bzip2 calendar cdb cgi cjk cli crypt ctype curl exif filter ftp gd gmp iconv imap iodbc ipv6 kerberos ldap mcve mhash mssql mysql mysqli ncurses nls odbc pcre pdo pic postgres qdbm readline reflection session snmp sockets spell spl sqlite ssl suhosin threads tidy tokenizer truetype unicode xml xpm xsl zip-external zlib (-adabas) -bcmath (-birdstep) -concurrentmodphp -curlwrappers (-db2) -dbase (-dbmaker) -debug -discard-path -doc (-empress) (-empress-bcs) (-esoob) -fastbuild (-fdftk) (-firebird) -flatfile -force-cgi-redirect (-frontbase) -gd-external -gdbm -hash -inifile -interbase (-java-external) -json -ldap-sasl -libedit -msql (-oci8) (-oci8-instant-client) -pcntl -posix -recode -sapdb -sharedext -sharedmem -simplexml -soap (-solid) (-sybase) (-sybase-ct) -sysvipc -wddx -xmlreader -xmlrpc -xmlwriter -yaz -zip" 0 kB Set on the command line: FEATURES="test userpriv" PORTAGE_TMPDIR="/dev/shm" emerge --info: Wed Feb 13 07:56:37 CET 2008 Portage 2.1.4.3 (default-linux/hppa/2007.0, gcc-4.1.2, glibc-2.7-r1, 2.6.24-gentoo-JeR parisc) ================================================================= System uname: 2.6.24-gentoo-JeR parisc PA8700 (PCX-W2) Timestamp of tree: Wed, 13 Feb 2008 05:46:01 +0000 distcc 2.18.3 hppa2.0-unknown-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.4 [disabled] app-shells/bash: 3.2_p17-r1 dev-lang/python: 2.4.4-r6 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 2.0.0_rc6-r1 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.23-r3 ACCEPT_KEYWORDS="hppa" CBUILD="hppa2.0-unknown-linux-gnu" CFLAGS="-O2 -pipe -mschedule=8000 -march=2.0 -ggdb -Wall" CHOST="hppa2.0-unknown-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/bind /var/spool/torque /var/www/localhost/htdocs/wordpress/wp-config.php" CONFIG_PROTECT_MASK="/etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-O2 -pipe -mschedule=8000 -march=2.0 -ggdb -Wall" DISTDIR="/keeps/gentoo/distfiles" FEATURES="autoaddcvs buildpkg cvs distlocks fixpackages notitles sandbox sfperms splitdebug strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://ftp.snt.utwente.nl/pub/os/linux/gentoo http://mirror.muntinternet.net/pub/gentoo/ http://gentoo.tiscali.nl/" LC_ALL="en_US.UTF-8" LINGUAS="en nl he" MAKEOPTS="-j4" PKGDIR="/keeps/gentoo/packages/elmer" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/mnt/alt/portage-tmp" PORTDIR="/keeps/gentoo/portage" PORTDIR_OVERLAY="/keeps/gentoo/local" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="7zip X Xaw3d a52 aac aalib accessibility ads alsa amr amrnb amrwb ao aoss apache2 ares arts asf async asyncns audiofile automount avfs bash-completion berkdb bidi bitmap-fonts bittorrent bl bzip2 c++ cairo caps catalogs cblas cdb cddb cdparanoia cdr chardet cjk cli cpudetection cracklib crypt cups curl custom-cflags dbtool dbus device-mapper dga dia directfb djbfft domainkeys dts dv dvd dvdr dvdread dxr3 edl elf emacs enca encode esd examples exif expat fam fame fastbuild fastcgi fbcon ffmpeg filter flac fontconfig foomaticdb fortran ftp gadu gd gdbm geoip ggi gif gimp gimpprint glep glib glut gmp gnome gnutls gphoto2 gpm gs gsl gtk gtk2 gtkhtml hal hesiod hppa ical icecast iconv idea idn imagemagick imlib immqt-bc inquisitio ipv6 isdnlog jack javascript jingle jpeg jpeg2k kde kerberos lapack lcms ldap leim libcaca libnotify libsamplerate libwww logrotate logwatch lua lzo mad matroska memcache mhash midi mikmod mmap mng modplug motif mozbranding mp3 mssql mudflap musepack mysql nas ncurses netpbm network-cron nfconntrack nfs nls nntp nptl nptlonly nsplugin offensive ogg openexr opengl openmp oss ots overlays pam pango pbs pch pcre pdf pdo-external perl php pic plotutils plugins png portage portaudio postgres povray ppds pppd pulseaudio python pyzord qdbm qt3 qt3support quotas raw readline recode reflection rpc rrdtool rtc ruby samba sasl scanner scim sdl seamonkey session sid slang slp sndfile snmp soundex speex spell spl sqlite ssl startup-notification suhosin svg swat sysfs talkfilters tcl tcpd tga theora threads thunar-vfs tidy tiff timidity tk tools truetype truetype-fonts twolame type1-fonts udev unicode unzip urandom usb userlocales utempter utf v4l v4l2 vanim vcd vidix vim-syntax vorbis wavpack webdav webinstall winbind wlan wma wmf xanim xchattext xcomposite xface xml xml2 xmpi xorg xpm xrandr xscreensaver xsettings xulrunner xv xvid xvmc zip zip-external zlib" ALSA_CARDS="ad1889 usb-audio" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev joystick" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en nl he" USERLAND="GNU" VIDEO_CARDS="stifb fbdev matrox" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Created attachment 143396 [details] gzipped build log for the build described in comment #23
At line #4197 in the build log, sapi/cli/php is created: /bin/sh /dev/shm/portage/dev-lang/php-5.2.5_p20080206-r3/work/php-5.2.5_p20080206/libtool --silent --preserve-dup-deps --mode=link /dev/shm/portage/dev-lang/php-5.2.5_p20080206-r3/work/php-5.2.5_p20080206/meta_ccld -export-dynamic -I/usr/include -O2 -pipe -mschedule=8000 -march=2.0 -ggdb -Wall -pthread -DZTS [...........] -o sapi/cli/php But line #4210 in the build log states: rm -f libphp5.la sapi/cli/php modules/* libs/*
Also, this build (r3) still segfaults on mysql_connect().
(In reply to comment #26) > Also, this build (r3) still segfaults on mysql_connect(). Does -r2 segfault as well? (I don't care about the testsuite at all ATM).
(In reply to comment #27) > (In reply to comment #26) > > Also, this build (r3) still segfaults on mysql_connect(). > > Does -r2 segfault as well? Yes.
(In reply to comment #28) Well, then you should file a separate bug because both -r2 and -r3 fixed the original issue for anyone else.
(In reply to comment #29) > (In reply to comment #28) > > Well, then you should file a separate bug because both -r2 and -r3 fixed the > original issue for anyone else. It seems this still is the original issue.
Ok, let's do the stabilization dance again. I've been running -r3 on multiple machines (x86, x86 hardened and amd64) without any problems and all regression reports (bug 209606) seem to be solved for those two arches as well. I have still no clue about the more "exotic" archs (bug 209501), but according to the comments in this bug they might still have severe problems. Arches, please extensively test and stabilize =dev-lang/php-5.2.5_p20080206-r3. Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86 ~x86-fbsd By extensive testing I mean that it would be nice if you could run some MySQL-related apps for testing, like phpmyadmin for example. If you don't have a web server setup, emerging lighttpd using this [1] config and running lighttpd -Df /path/to.conf would be the easiest way for testing, imo. Commandline php apps should be sufficient for testing as well, of course. I'll be away from Monday to Friday evening, so if it breaks again, someone please mask it (maybe even per-arch), but I can't do much about the issues on the "exotic" archs right now. [1] http://home.hoffie.info/php-testing.lighttpd.conf
===================================================================== TIME END 2008-02-21 00:35:51 ===================================================================== TEST RESULT SUMMARY --------------------------------------------------------------------- Exts skipped : 31 Exts tested : 48 --------------------------------------------------------------------- Number of tests : 5283 3799 Tests skipped : 1484 ( 28.1%) -------- Tests warned : 1 ( 0.0%) ( 0.0%) Tests failed : 83 ( 1.6%) ( 2.2%) Tests passed : 3715 ( 70.3%) ( 97.8%) --------------------------------------------------------------------- Time taken : 5067 seconds ===================================================================== Stable for HPPA.
x86 stable, no problems here (with mysql/general php stuff).
Before amd64 goes stable, i'd like to point out upstream bug http://bugs.php.net/bug.php?id=42682 (and http://bugs.php.net/bug.php?id=40735 on the same subject). Not much feedback upstream since oct 2007 but imo its a big issue (which i recently was confronted with after swapping a bunch of x86 webfarm boxes to new x86_64 boxes). All stream fread operations fail on x86_64 (x86 is fine) due to stream_select not returning the right amount of readable descriptors.
amd64 team: Compiled fine, no collisions, seems to be multilib safe, tests passed: ===================================================================== TEST RESULT SUMMARY --------------------------------------------------------------------- Exts skipped : 52 Exts tested : 27 --------------------------------------------------------------------- Number of tests : 5028 3870 Tests skipped : 1158 ( 23.0%) -------- Tests warned : 3 ( 0.1%) ( 0.1%) Tests failed : 7 ( 0.1%) ( 0.2%) Tests passed : 3860 ( 76.8%) ( 99.7%) --------------------------------------------------------------------- Time taken : 785 seconds ===================================================================== ===================================================================== FAILED TEST SUMMARY --------------------------------------------------------------------- SOAP typemap 1: SoapServer support for typemap's from_xml() [ext/soap/tests/typemap001.phpt] SOAP Typemap 3: SoapClient support for typemap's from_xml() [ext/soap/tests/typemap003.phpt] SOAP typemap 5: SoapServer support for typemap's from_xml() (without WSDL) [ext/soap/tests/typemap005.phpt] SOAP Typemap 7: SoapClient support for typemap's from_xml() (without WSDL) [ext/soap/tests/typemap007.phpt] Test array_merge_recursive() function : usage variations - common key and value(Bug#43559) [ext/standard/tests/array/array_merge_recursive_variation9.phpt] Test arsort() function : usage variations - sort integer/float values [ext/standard/tests/array/arsort_variation3.phpt] htmlentities() test 2 (setlocale / fr_FR.ISO-8859-15) [ext/standard/tests/strings/htmlentities02.phpt] (warn: possibly braindead libc) htmlentities() test 4 (setlocale / ja_JP.EUC-JP) [ext/standard/tests/strings/htmlentities04.phpt] (warn: possibly braindead libc) htmlentities() test 15 (setlocale / KOI8-R) [ext/standard/tests/strings/htmlentities15.phpt] (warn: possibly braindead libc) Test setlocale() function : usage variations - Setting all available locales in the platform [ext/standard/tests/strings/setlocale_variation2.phpt] ===================================================================== $=> emerge --info Portage 2.1.4.4 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.23-gentoo-r8 x86_64) ================================================================= System uname: 2.6.23-gentoo-r8 x86_64 AMD Sempron(tm) Processor 2600+ Timestamp of tree: Mon, 25 Feb 2008 06:30:03 +0000 app-shells/bash: 3.2_p17-r1 dev-lang/python: 2.4.4-r6 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.61-r1 sys-devel/automake: 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.23-r3 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -march=athlon64 -mtune=athlon64 -msse3 -fomit-frame-pointer" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-O2 -pipe -march=athlon64 -mtune=athlon64 -msse3 -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="buildpkg collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="ru_RU.UTF-8" LDFLAGS="-Wl,--as-needed" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="acl amd64 berkdb bitmap-fonts cli cracklib crypt cups dri fortran gdbm gpm iconv ipv6 isdnlog midi mmx mudflap ncurses nls nptl nptlonly openmp pam pcre perl pppd python readline reflection session spl sse sse2 ssl tcpd truetype-fonts type1-fonts unicode xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i810 mach64 mga neomagic nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LINGUAS, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY manitsbt works with it. Please, mark stable.
amd64 stable
Fixed in release snapshot.
This one is ready for GLSA vote.
Removing remaining arches, we're going to have another stabilization round for 5.2.6_rc1 and I guess the GLSA could wait for that as well. :)
(In reply to comment #42) > Removing remaining arches, we're going to have another stabilization round for > 5.2.6_rc1 and I guess the GLSA could wait for that as well. :) > Ehm, you are seriously thinking about stabilizing a php RC? RC1 even... History has taught me that PHP RC's are far from stable. Even final releases have been pulled in the past due to serious fuckups! Seriously, leave the testing to the PHP QA team, and don't go stabilizing PHP release candidates! I totally understand your frustration about the fuckups upstream and the constant need for patches, but i don't understand why the recent security issues with 5.2.5 resulted in the stabilization of SVN checkouts of 5.2 HEAD (and the current plan to stabilize 5.2.6RC1). Why not just wait until the final release?
(In reply to comment #43) > Ehm, you are seriously thinking about stabilizing a php RC? RC1 even... Yeah, seriously. It's no worse than stabilizing a CVS snapshot... :P See Bug 212211 for tons of other reasons.
(In reply to comment #43) Hans, we do not like stabling non-release versions of php either. We cannot leave security issues unfixed for such a long time (we are going to write an open letter regarding this to php upstream) and only have two possibilities: Grabbing all patches from CVS and patching the most recent release or packaging a snapshot. In case of php-5.2.5 we decided to go with a snapshot as the amount of patches was very high and we (or rather I) thought it would be less work for us and less troublesome for users. As you know, it turned out to be a very troublesome snapshot. I already noted on IRC that I'll probably never package a snapshot again and go through the hard process of grabbing all patches from CVS instead. This has happened and can't be reverted. I'd not consider my acting wrong, rather sub-optimal. Stabling a release candidate is still way better than leaving the snapshot latest stable, so I still think this is the right thing to do now. Sorry for any inconvenience, things simply do not work as expected everytime...
Aw crap, bug 212211 looks serious indeed. Ok i will test the rc1 ebuild on one of our dev boxes tomorrow and report back if wanted/needed. Thanks for the clear answer Christian. I understand your position, especially after seeing bug 212211 :)
This should be glsa'd together with bug #212211.
GLSA 200811-05, thanks everyone, especially hoffie.