Ubuntu
php5 package

php5 5.3.3-1 causing segfaults -> 5.3.3-4 backport for maverick?

Bug #682501 reported by c_t
24
This bug affects 4 people
Affects Status Importance Assigned to Milestone
php
New
Undecided
Unassigned
php5 (Ubuntu)
Incomplete
Undecided
Unassigned

Bug Description

Binary package hint: php5

With the current php packages in lucid (5.3.2) and maverick (5.3.3-1) some php applications including e.g. egroupware 1.8 cause php to segfault. My apache error.log is full of messages like these:

[Sun Nov 28 23:43:18 2010] [notice] child pid 3924 exit signal Segmentation fault (11)
[Sun Nov 28 23:43:19 2010] [notice] child pid 2373 exit signal Segmentation fault (11)

Users in the egroupware mailinglist have reported (http://egroupware.219119.n3.nabble.com/Zwei-Module-UserMgmt-Dateimanager-funktionieren-nicht-out-of-the-box-tp1776310p1962159.html) that most of the segfaults are gone with php 5.3.3-4 from debian unstable (http://packages.debian.org/sid/php5).

Would it be possible to provide a package of php5 5.3.3-4 in maverick-backports?

Revision history for this message
Micah Gersten (micahg) wrote :

Unfortunately, it's not possible to provide backports of a heavily used library like PHP, but if you can find the commit that fixes the segfault you are having, we can try to SRU (https://wiki.ubuntu.com/StableReleaseUpdates) it.

Changed in php5 (Ubuntu):
status: New → Incomplete
Revision history for this message
Daniel Hahler (blueyed) wrote :

While there might be no official backports, you can always use third-parties like dotdeb, Debian or PPAs (I have e.g. a snapshot release of 5.3.4 in my PPA).

Revision history for this message
Reto Schmid (reetosh) wrote :

Where can i find a backport which contain PHP 5.3.3-4?

Revision history for this message
Ondřej Surý (ondrej) wrote :

@Micah: the diffstat between 5.3.3-1 and 5.3.3-4 is not that big:

$ git diff 3c7bc2c87fd842df1df75783e014029adae00433 | diffstat
 b/debian/patches/CVE-2010-2950.patch | 11
 b/debian/patches/CVE-2010-3436.patch | 18
 b/debian/patches/CVE-2010-3709.patch | 12
 b/debian/patches/CVE-2010-3710.patch | 35 +
 b/debian/patches/CVE-2010-3870.patch | 160 +++++
 b/debian/patches/CVE-2010-4156.patch | 13
 b/debian/patches/bug50481.patch | 27
 b/debian/patches/bug52487.patch | 11
 b/debian/patches/bug52573.patch | 15
 b/debian/patches/bug52827.patch | 45 +
 b/debian/patches/bug52843.patch | 11
 b/debian/patches/bug52947.patch | 10
 b/debian/patches/bug53070.patch | 20
 b/debian/patches/bug53323.patch | 22
 b/debian/patches/fix-open_basedir-with-separator-r305698.patch | 21
 b/debian/patches/fix_crash_in_GC.patch | 55 +
 b/debian/patches/fix_crash_in__php_mssql_get_column_content_without_type.patch | 17
 b/debian/patches/php-5.3.4-ini.patch | 30 +
 b/debian/patches/php_crypt_revamped.patch | 56 +
 b/debian/patches/reject-filenames-with-null-r305507.patch | 13
 b/debian/patches/use_system_crypt_fixes.patch | 19

Basically you should cherry-pick new patches in debian/patches/ and make SRU. And you probably already have fixes at least for CVEs, don't you?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.