Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:77343 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 13496 invoked from network); 19 Sep 2014 15:59:20 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 Sep 2014 15:59:20 -0000 Authentication-Results: pb1.pair.com header.from=remi@fedoraproject.org; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=remi@fedoraproject.org; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain fedoraproject.org from 217.70.183.198 cause and error) X-PHP-List-Original-Sender: remi@fedoraproject.org X-Host-Fingerprint: 217.70.183.198 relay6-d.mail.gandi.net Received: from [217.70.183.198] ([217.70.183.198:43334] helo=relay6-d.mail.gandi.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 63/00-13213-6D25C145 for ; Fri, 19 Sep 2014 11:59:18 -0400 Received: from mfilter32-d.gandi.net (mfilter32-d.gandi.net [217.70.178.163]) by relay6-d.mail.gandi.net (Postfix) with ESMTP id 896BFFB8B6 for ; Fri, 19 Sep 2014 17:59:15 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mfilter32-d.gandi.net Received: from relay6-d.mail.gandi.net ([217.70.183.198]) by mfilter32-d.gandi.net (mfilter32-d.gandi.net [10.0.15.180]) (amavisd-new, port 10024) with ESMTP id tT8+uWSWsIJE for ; Fri, 19 Sep 2014 17:59:14 +0200 (CEST) X-Originating-IP: 82.241.130.121 Received: from schrodingerscat.famillecollet.com (pom51-2-82-241-130-121.fbx.proxad.net [82.241.130.121]) (Authenticated sender: contact@ll-experts.com) by relay6-d.mail.gandi.net (Postfix) with ESMTPSA id 00A26FB87E for ; Fri, 19 Sep 2014 17:59:13 +0200 (CEST) Message-ID: <541C52D1.5000308@fedoraproject.org> Date: Fri, 19 Sep 2014 17:59:13 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.1 MIME-Version: 1.0 To: internals@lists.php.net References: In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] OpenSSL bug in 5.4.33 and 5.5.17 From: remi@fedoraproject.org (Remi Collet) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Le 19/09/2014 17:30, Daniel Lowrey a =C3=A9crit : > In an effort to fix a very old (seven years old) DoS vulnerability=20 > involving encrypted streams I created a regression where feof()=20 > notifications on encrypted sockets are broken. This is present in > both the most recent 5.4.33 and 5.5.17 releases. Can you please point us to the related commit... (which one cause the regression, which ones are useful) I saw Aug 7th Bug #41631: Observe socket read timeouts in SSL streams http://git.php.net/?p=3Dphp-src.git;a=3Dcommitdiff;h=3D6569db88081562f68a= 4f79e52cba83482bdf05fc Sep 9th Bug #67965: Fix blocking behavior in non-blocking crypto streams http://git.php.net/?p=3Dphp-src.git;a=3Dcommitdiff;h=3Df86b2193a483f56b0b= d056570a0cdb57ebe66e2f Sep 9th Bug #41631: Fix regression from first attempt (6569db8) http://git.php.net/?p=3Dphp-src.git;a=3Dcommitdiff;h=3D372844918a318ad712= e16f9ec636682424a65403 Does a revert of the first enough to get back to previous behavior ? Thanks, Remi -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlQcUtEACgkQYUppBSnxahj/JACfYlWbaXrhgyzjyGNz0yMvxv0U +GkAnRLWVtTwkS22aLqZyipO0dDxEGW8 =3Dv2OH -----END PGP SIGNATURE-----