[php-maint] Bug#447432: Fwd: Bug#447432: suhosin patch breaks realpath() royally

Raphael atomo64 at gmail.com
Sun Oct 21 20:59:47 UTC 2007 

forwarded 447432 suhosin-bugs at hardened-php.net
thanks

Message to suhosin-bugs:
I'm forwarding a bug report received about suhosin breaking realpath()
when checking symlinks (see message below for more specific
information).
When replying please do so by sending the email to
447432 at bugs.debian.org so we keep the record.

Message to BTS:
I'm forwarding the bug report to upstream.
Steve: did you test with the new package version? maybe something
differs between -1 and -2.


---------- Forwarded message ----------
From: Steve Langasek <vorlon at debian.org>
Date: 21 Oct 2007 03:16
Subject: [php-maint] Bug#447432: suhosin patch breaks realpath() royally
To: submit at bugs.debian.org


Package: php5
Version: 5.2.4-1
Severity: important

The suhosin patch that's been applied to the Debian packages breaks
realpath()'s resolution of filenames where the last component of the path
(the filename) is a symlink.  This causes all but two of the readlink tests
in ext/standard/tests/file to fail in the current build, e.g.
<http://buildd.debian.org/fetch.cgi?pkg=php5&arch=alpha&ver=5.2.4-1&stamp=1190131371&file=log&as=rawhttp://buildd.debian.org/fetch.cgi?pkg=php5&arch=alpha&ver=5.2.4-1&stamp=1190131371&file=log&as=raw>:

TEST 2628/3217 [ext/standard/tests/file/readlink_realpath_basic1.phpt]
FAIL Test readlink() and realpath functions: basic functionality -
diff. path notation for links
[ext/standard/tests/file/readlink_realpath_basic1.phpt]
TEST 2629/3217 [ext/standard/tests/file/readlink_realpath_basic2.phpt]
FAIL Test readlink() and realpath functions: basic functionality -
diff. path notation for files
[ext/standard/tests/file/readlink_realpath_basic2.phpt]
TEST 2630/3217 [ext/standard/tests/file/readlink_realpath_error.phpt]
PASS Test readlink() and realpath() functions: error conditions
[ext/standard/tests/file/readlink_realpath_error.phpt]
TEST 2631/3217 [ext/standard/tests/file/readlink_realpath_variation1.phpt]
FAIL Test readlink() and realpath() functions: usage variation -
linkname/filename stored in object
[ext/standard/tests/file/readlink_realpath_variation1.phpt]
TEST 2632/3217 [ext/standard/tests/file/readlink_realpath_variation2.phpt]
FAIL Test readlink() and realpath() functions: usage variation -
linkname/filename stored in array
[ext/standard/tests/file/readlink_realpath_variation2.phpt]
TEST 2633/3217 [ext/standard/tests/file/readlink_realpath_variation3.phpt]
PASS Test readlink() and realpath() functions: usage variation -
invalid args [ext/standard/tests/file/readlink_realpath_variation3.phpt]

I think the suhosin patch should be unapplied until it stops causing
regressions in such straightforward functions.

--
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/


-- 
Atomo64 - Raphael

Please avoid sending me Word, PowerPoint or Excel attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

Say NO to Microsoft Office broken standard.
See http://www.noooxml.org/petition

More information about the pkg-php-maint mailing list