Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:77574
Return-Path: <tyra3l@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 36863 invoked from network); 24 Sep 2014 09:41:28 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 24 Sep 2014 09:41:28 -0000
Authentication-Results: pb1.pair.com header.from=tyra3l@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=tyra3l@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.52 as permitted sender)
X-PHP-List-Original-Sender: tyra3l@gmail.com
X-Host-Fingerprint: 209.85.192.52 mail-qg0-f52.google.com  
Received: from [209.85.192.52] ([209.85.192.52:55486] helo=mail-qg0-f52.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 06/20-35478-6C192245 for <internals@lists.php.net>; Wed, 24 Sep 2014 05:41:27 -0400
Received: by mail-qg0-f52.google.com with SMTP id j5so4886740qga.39
        for <internals@lists.php.net>; Wed, 24 Sep 2014 02:41:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=XvXZ9jQg2Kn5hcvgykzDHq5dn1cTn86amMjKRVPi68Q=;
        b=yN/U61Kg3UmQgDY3Pz59uIDdOrPE14uZFlZe5SCQ1s6iYTP6TA/J3z6hWnKe+THp8c
         S2NdFZJcFLCEyfXcZWtpbF08gIhjG0kANVp4iBvohiccd0BKweHIEydszRDc7G0VHc/u
         P1CVm9UUdIPoIzENXqRuQTIGr2SJ2F/Dn6we735t1qZdZcpvU8+jxnKMB36c0P3A1rme
         2v+l4YD7gcLDxn71PRFYkak/MWTa1gLirY1t5qeRTB63LGKBd4uR3Q/POUevHROlXRHO
         2Xg4xkMH+ONIeZiF6uB/K7aOeGh+vU8v34GPvSJesyure5Q+YPKsCzuqwwN22xuVbCgl
         cUVg==
MIME-Version: 1.0
X-Received: by 10.229.191.2 with SMTP id dk2mr7358890qcb.8.1411551683649; Wed,
 24 Sep 2014 02:41:23 -0700 (PDT)
Received: by 10.140.91.14 with HTTP; Wed, 24 Sep 2014 02:41:23 -0700 (PDT)
In-Reply-To: <CAMUwpuTfBPxsPshC7uS9VMY-7ExZqc6FZEXyW7-h1cjO7ahZkQ@mail.gmail.com>
References: <CAH8Mpn=qMkbBjDZRe-BX2Y0yQt_yR+y+Hu_gRHu=0jFTEV0MuA@mail.gmail.com>
	<CAH-PCH63NbaEWW_uBug3Y_4GZsHo2f2E29BTfX20EGMHP4446Q@mail.gmail.com>
	<CAMUwpuTfBPxsPshC7uS9VMY-7ExZqc6FZEXyW7-h1cjO7ahZkQ@mail.gmail.com>
Date: Wed, 24 Sep 2014 11:41:23 +0200
Message-ID: <CAH-PCH7X9pZmzymRk+HW5Bjurvppy09Zg6TBr-evuyfYP5-Pmg@mail.gmail.com>
To: Julien Pauli <jpauli@php.net>
Cc: Daniel Lowrey <rdlowrey@gmail.com>, "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a1133979eafa9d70503cc7c03
Subject: Re: [PHP-DEV] Re: Re: OpenSSL bug in 5.4.33 and 5.5.17
From: tyra3l@gmail.com (Ferenc Kovacs)

--001a1133979eafa9d70503cc7c03
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Tue, Sep 23, 2014 at 4:41 PM, Julien Pauli <jpauli@php.net> wrote:

> On Tue, Sep 23, 2014 at 3:24 PM, Ferenc Kovacs <tyra3l@gmail.com> wrote:
> >
> >
> > On Tue, Sep 23, 2014 at 7:39 AM, Daniel Lowrey <rdlowrey@gmail.com>
> wrote:
> >>
> >> >> Hi,
> >> >>
> >> >> That's a bad thing we need to fix ASAP.
> >> >>
> >> >> I think for 5.6.1 we'll revert it , if not, we'll need an RC2, whic=
h
> >> >> is something we usually don't do (but as this could involve securit=
y,
> >> >> we may do it).
> >> >> The fix can be merged to 5.5.18RC1, next week, to have an RC cycle =
if
> >> >> not part of a 5.6.1RC2 (tag is tomorrow)
> >> >>
> >> >> 5.6 and 5.5 actually overlap in the release weeks. 5.6 is planned o=
n
> >> >> odd weeks whereas 5.5 is on even weeks.
> >> >>
> >> >> Waiting for Ferenc's advice anyway.
> >> >>
> >> >> Julien.P
> >> >
> >> >I have no issues with reverting at this point as that's the best rout=
e
> to
> >> >get stable releases back on track. I thought I had fixed some really
> old
> >> >bugs with those commits but the medicine turned out to be worse than
> the
> >> >disease. My apologies again for letting those problems sneak into
> >> > releases
> >> >:/
> >>
> >> I've got the necessary fixes lined up at this point, I just need to kn=
ow
> >> how you guys would prefer to proceed on this.
> >>
> >> I can commit the relevant changes to 5.4, 5.5 and 5.6 and double-check
> >> with
> >> RMs to ensure they make it into this next set of releases or we can
> revert
> >> the previous commits and forget about the bug fixes altogether.
> >>
> >> Just let me know which you prefer. Thanks.
> >
> >
> > hi,
> >
> > I would prefer reverting the regression from 5.6.1, and I would be fine
> > having the proper fix later on, but I think it would be nice if we coul=
d
> > keep that off from the stable branches until we can validate (feedback
> from
> > the Horde guys would be nice but it would really help a ton if we could
> have
> > tests for both the original problem this was intended to fix and for th=
e
> > regression introduced while doing so) that the patch is now proper (may=
be
> > keeping it in a pull request in the meanwhile).
> > What do you think?
>
> For me its all right and safe.
>
> Next week we'll have 5.5.18RC1, which could contain the fix if it's
> been validated and want to go for an RC stage.
>
> Julien.P
>

FYI: I've tagged 5.6.1 and I had to revert the following commits for this:
372844918a318ad712e16f9ec636682424a65403
f86b2193a483f56b0bd056570a0cdb57ebe66e2f
30a73658c63a91c413305a4c4d49882fda4dab3e
84a4041ba47e92e7a0ba03938d0ebf88b5fcf6cf
98e67add15a6b889efe152c23ed15a61f022a63a

98e67add15a6b889efe152c23ed15a61f022a63a and
30a73658c63a91c413305a4c4d49882fda4dab3e were merge commits with conflict
resolution

Could you review that the current status of ext/openssl/xp_ssl.c is proper
in the tag?
Thanks!

--=20
Ferenc Kov=C3=A1cs
@Tyr43l - http://tyrael.hu

--001a1133979eafa9d70503cc7c03--