Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:77580 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 55482 invoked from network); 24 Sep 2014 14:18:16 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 24 Sep 2014 14:18:16 -0000 Authentication-Results: pb1.pair.com smtp.mail=rdlowrey@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=rdlowrey@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.172 as permitted sender) X-PHP-List-Original-Sender: rdlowrey@gmail.com X-Host-Fingerprint: 209.85.213.172 mail-ig0-f172.google.com Received: from [209.85.213.172] ([209.85.213.172:52172] helo=mail-ig0-f172.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C1/03-35478-5A2D2245 for ; Wed, 24 Sep 2014 10:18:14 -0400 Received: by mail-ig0-f172.google.com with SMTP id a13so6578322igq.17 for ; Wed, 24 Sep 2014 07:18:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=mxOsrX7qFBkRV2BqgaUB6avhXLln1lGXUMt6vShnvNk=; b=WuUC44e48B/zonylX1qjt0//xSM4Lch1h/bE78JRf61ofxirSQmM6BoA9QIbzuskxg MNiD6xU7PxFzGljLL3dm14k1Fs7m4QlKD1Qk4Ym0ERfi0BdzXPeLZJJERoR4u0B6c5vW RmRs32QZHcyJMmfxuAByy1VRmfctaBk050sxuMyUd1XAt/fBFV4WZ9PRopkCNTtxT2J+ By7jdaLYiKgzN51rb+lBBMkk4grM9ia/cZ7MZtq0J6TKHRWns2DYaUvxcn2tYGlh9NhY 3PHwveb7VXU6hrJFkxtxhTKz8EzphEfnyeulHU17EeaI3zd+SzIEu8WSuuFaW6itLdtJ qpkA== MIME-Version: 1.0 X-Received: by 10.50.62.50 with SMTP id v18mr31780557igr.21.1411568291235; Wed, 24 Sep 2014 07:18:11 -0700 (PDT) Sender: rdlowrey@gmail.com Received: by 10.50.197.164 with HTTP; Wed, 24 Sep 2014 07:18:11 -0700 (PDT) In-Reply-To: References: Date: Wed, 24 Sep 2014 10:18:11 -0400 X-Google-Sender-Auth: BJYqEc2HykXlEcHFH4o98tbtzvU Message-ID: To: Ferenc Kovacs Cc: Julien Pauli , "internals@lists.php.net" Content-Type: multipart/alternative; boundary=047d7bdc0854934d720503d05a59 Subject: Re: [PHP-DEV] Re: Re: OpenSSL bug in 5.4.33 and 5.5.17 From: rdlowrey@php.net (Daniel Lowrey) --047d7bdc0854934d720503d05a59 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Wed, Sep 24, 2014 at 5:41 AM, Ferenc Kovacs wrote: > > > > On Tue, Sep 23, 2014 at 4:41 PM, Julien Pauli wrote: >> >> On Tue, Sep 23, 2014 at 3:24 PM, Ferenc Kovacs wrote: >> > >> > >> > On Tue, Sep 23, 2014 at 7:39 AM, Daniel Lowrey wrote: >> >> >> >> >> Hi, >> >> >> >> >> >> That's a bad thing we need to fix ASAP. >> >> >> >> >> >> I think for 5.6.1 we'll revert it , if not, we'll need an RC2, which >> >> >> is something we usually don't do (but as this could involve security, >> >> >> we may do it). >> >> >> The fix can be merged to 5.5.18RC1, next week, to have an RC cycle if >> >> >> not part of a 5.6.1RC2 (tag is tomorrow) >> >> >> >> >> >> 5.6 and 5.5 actually overlap in the release weeks. 5.6 is planned on >> >> >> odd weeks whereas 5.5 is on even weeks. >> >> >> >> >> >> Waiting for Ferenc's advice anyway. >> >> >> >> >> >> Julien.P >> >> > >> >> >I have no issues with reverting at this point as that's the best route to >> >> >get stable releases back on track. I thought I had fixed some really old >> >> >bugs with those commits but the medicine turned out to be worse than the >> >> >disease. My apologies again for letting those problems sneak into >> >> > releases >> >> >:/ >> >> >> >> I've got the necessary fixes lined up at this point, I just need to know >> >> how you guys would prefer to proceed on this. >> >> >> >> I can commit the relevant changes to 5.4, 5.5 and 5.6 and double-chec= k >> >> with >> >> RMs to ensure they make it into this next set of releases or we can revert >> >> the previous commits and forget about the bug fixes altogether. >> >> >> >> Just let me know which you prefer. Thanks. >> > >> > >> > hi, >> > >> > I would prefer reverting the regression from 5.6.1, and I would be fin= e >> > having the proper fix later on, but I think it would be nice if we could >> > keep that off from the stable branches until we can validate (feedback from >> > the Horde guys would be nice but it would really help a ton if we could have >> > tests for both the original problem this was intended to fix and for the >> > regression introduced while doing so) that the patch is now proper (maybe >> > keeping it in a pull request in the meanwhile). >> > What do you think? >> >> For me its all right and safe. >> >> Next week we'll have 5.5.18RC1, which could contain the fix if it's >> been validated and want to go for an RC stage. >> >> Julien.P > > > FYI: I've tagged 5.6.1 and I had to revert the following commits for this= : > 372844918a318ad712e16f9ec636682424a65403 > f86b2193a483f56b0bd056570a0cdb57ebe66e2f > 30a73658c63a91c413305a4c4d49882fda4dab3e > 84a4041ba47e92e7a0ba03938d0ebf88b5fcf6cf > 98e67add15a6b889efe152c23ed15a61f022a63a > > 98e67add15a6b889efe152c23ed15a61f022a63a and 30a73658c63a91c413305a4c4d49882fda4dab3e were merge commits with conflict resolution > > Could you review that the current status of ext/openssl/xp_ssl.c is proper in the tag? > Thanks! > > -- > Ferenc Kov=C3=A1cs > @Tyr43l - http://tyrael.hu I will review and report back on the 5.6.1 later today. I've checked with the horde folks and my recent uncommitted patch resolves any bugs (both old and new). I plan to commit this for 5.4 and 5.5 today and then subsequently merge these changes so they can appear in the next 5.6.2. Starting this evening I will be travelling for the next seven days -- I can communicate during this time but will likely be unable to write/submit any code. --047d7bdc0854934d720503d05a59--