[php-maint] Bug#890266: php5-common: 0050-Detect-invalid-port-in-xp_socket-parse-ip-address.patch incomplete

jfot jfot at maxcluster.de
Mon Feb 12 18:02:19 UTC 2018 

Package: php5-common
Version: 5.6.33+dfsg-0+deb8u1
Severity: important
Tags: patch

There was a bug reported and fixed:
https://bugs.php.net/bug.php?id=74216
https://security-tracker.debian.org/tracker/CVE-2017-7272

The fix consisted of two parts, first:
https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a
the fix had a big impact on applications relying on the "feature"
```
php5 -r 'print fsockopen("tcp://127.0.0.1:80/foo");'
```

Because of the heavy impact, a fixfix was released:
https://github.com/php/php-src/commit/cda7dcf4cacef3346f9dc2a4dc947e6a74769259

Now, security.debian.org offers 5.6.33+dfsg-0+deb8u1 whcih includes the
following patch:
https://sources.debian.org/src/php5/5.6.33+dfsg-0+deb8u1/debian/patches/0050
-Detect-invalid-port-in-xp_socket-parse-ip-address.patch/

But this is only part 1 of the fix. With this patch, the provided call above
doesn't work anymore.
This means we have to hold back the update. Magento(ecommerce) + Redis won't
work with this incomplete patch.

Please consider removing the patch or completing it with the fixfix.



-- System Information:
Debian Release: stretch/sid
  APT prefers xenial-updates
  APT policy: (500, 'xenial-updates'), (500, 'xenial-security'), (500, 'xenial'), (100, 'xenial-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.10.0-42-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cda7dcf4cacef3346f9dc2a4dc947e6a74769259.patch
Type: text/x-diff
Size: 1425 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20180212/8cf02e83/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cda7dcf4cacef3346f9dc2a4dc947e6a74769259.patch
Type: text/x-diff
Size: 1425 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20180212/8cf02e83/attachment-0001.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cda7dcf4cacef3346f9dc2a4dc947e6a74769259.patch
Type: text/x-diff
Size: 1425 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20180212/8cf02e83/attachment-0002.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cda7dcf4cacef3346f9dc2a4dc947e6a74769259.patch
Type: text/x-diff
Size: 1425 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20180212/8cf02e83/attachment-0003.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cda7dcf4cacef3346f9dc2a4dc947e6a74769259.patch
Type: text/x-diff
Size: 1425 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20180212/8cf02e83/attachment-0004.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cda7dcf4cacef3346f9dc2a4dc947e6a74769259.patch
Type: text/x-diff
Size: 1425 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20180212/8cf02e83/attachment-0005.patch>

More information about the pkg-php-maint mailing list