Bug#698915: unblock: php5/5.4.4-12
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package php5
Fixes grave bug.
Infinite recursion in session handling when using
fusionforge/mediawiki after apache2 reload.
Pulled patch from upstream and from sf@debian.org.
Confirmed by the reporter that 5.4.4-12 fixes the issue.
$ diffstat php5_5.4.4-12.debdiff
debian/patches/session.c_rfc1867_crashes_php_even_though_turned_off.patch | 33 ++++++++++
php5-5.4.4/debian/changelog | 7 ++
php5-5.4.4/debian/patches/series | 1
3 files changed, 41 insertions(+)
unblock php5/5.4.4-12
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u php5-5.4.4/debian/changelog php5-5.4.4/debian/changelog
--- php5-5.4.4/debian/changelog
+++ php5-5.4.4/debian/changelog
@@ -1,3 +1,10 @@
+php5 (5.4.4-12) unstable; urgency=low
+
+ * Apply two workaround patches for crashes caused by infinite recursion
+ in php_rfc1867_callback (Closes: #694473, #691318)
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 21 Jan 2013 11:02:25 +0100
+
php5 (5.4.4-11) unstable; urgency=low
* Install logrotate script in php5-fpm package (Closes: #673558)
diff -u php5-5.4.4/debian/patches/series php5-5.4.4/debian/patches/series
--- php5-5.4.4/debian/patches/series
+++ php5-5.4.4/debian/patches/series
@@ -77,0 +78 @@
+session.c_rfc1867_crashes_php_even_though_turned_off.patch
only in patch2:
unchanged:
--- php5-5.4.4.orig/debian/patches/session.c_rfc1867_crashes_php_even_though_turned_off.patch
+++ php5-5.4.4/debian/patches/session.c_rfc1867_crashes_php_even_though_turned_off.patch
@@ -0,0 +1,33 @@
+--- a/ext/session/session.c
++++ b/ext/session/session.c
+@@ -2192,8 +2192,10 @@ static PHP_MINIT_FUNCTION(session) /* {{
+ #ifdef HAVE_LIBMM
+ PHP_MINIT(ps_mm) (INIT_FUNC_ARGS_PASSTHRU);
+ #endif
+- php_session_rfc1867_orig_callback = php_rfc1867_callback;
+- php_rfc1867_callback = php_session_rfc1867_callback;
++ if (php_rfc1867_callback != php_session_rfc1867_callback) {
++ php_session_rfc1867_orig_callback = php_rfc1867_callback;
++ php_rfc1867_callback = php_session_rfc1867_callback;
++ }
+
+ /* Register interface */
+ INIT_CLASS_ENTRY(ce, PS_IFACE_NAME, php_session_iface_functions);
+@@ -2384,13 +2386,14 @@ static int php_session_rfc1867_callback(
+ php_session_rfc1867_progress *progress;
+ int retval = SUCCESS;
+
+- if (php_session_rfc1867_orig_callback) {
+- retval = php_session_rfc1867_orig_callback(event, event_data, extra TSRMLS_CC);
+- }
+ if (!PS(rfc1867_enabled)) {
+ return retval;
+ }
+
++ if (php_session_rfc1867_orig_callback) {
++ retval = php_session_rfc1867_orig_callback(event, event_data, extra TSRMLS_CC);
++ }
++
+ progress = PS(rfc1867_progress);
+
+ switch(event) {
Reply to: