[php-maint] Bug#806802: Bug#806802: php5: Please update PHP 5.6 as part of the next point release or backport fixes for segfaults

Ondřej Surý ondrej at sury.org
Tue Dec 1 20:05:31 UTC 2015 

The latest available version from Debian is 5.6.14+dfsg-0+deb8u1, with
5.6.15 already in security team queue and 5.6.16 in preparation. If you
are running 5.6.7+dfsg-1 then you are doing something very wrong like
having security updates disabled.

Cheers,
Ondrej

On Tue, Dec 1, 2015, at 16:58, Moritz Wilhelmy wrote:
> Package: php5
> Version: 5.6.7+dfsg-1
> Severity: normal
> Tags: upstream
> 
> Dear PHP Maintainers,
> 
> PHP 5.6.15 fixed various segfaults, by which we were affected, and which
> caused
> the entire php5-fpm monitor process to crash the monitored processes in
> the
> garbage collector when using Opcache. This means that fpm would not crash
> reliably, in which case we could have just restarted it, but the wonky
> fpm
> master process would spawn subprocesses which would then reliably
> segfault,
> causing us random downtime which required human intervention.
> 
> Since most of the changes in point-releases of PHP 5.6 are either
> security
> fixes or fixes for rather serious bugs like the segfault above, or other
> cases
> of PHP segfaulting: Would you please update PHP to 5.6.16 as part of the
> next
> jessie point release, or at least backport the fixes to the current
> version in
> the repository?
> 
> See http://www.php.net/ChangeLog-5.php#5.6.15 for the complete list of
> changes.
> 
> The particular bug we are affected by is
> https://bugs.php.net/bug.php?id=70601
> but http://bugs.php.net/70631 and http://bugs.php.net/70632 also look
> rather grave.
> 
> I believe the bug affects all users of Opcache, not just fpm.
> 
> Our current fix is running our own PHP package which has the fixes
> compiled in
> and has been stable so far.
> 
> Best,
> Moritz
> 
> -- System Information:
> Debian Release: 8.2
>   APT prefers stable
>   APT policy: (500, 'stable')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> 
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint


-- 
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server

More information about the pkg-php-maint mailing list