Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:77738 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 62184 invoked from network); 1 Oct 2014 15:51:16 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 1 Oct 2014 15:51:16 -0000 Authentication-Results: pb1.pair.com smtp.mail=julienpauli@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=julienpauli@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.176 as permitted sender) X-PHP-List-Original-Sender: julienpauli@gmail.com X-Host-Fingerprint: 209.85.216.176 mail-qc0-f176.google.com Received: from [209.85.216.176] ([209.85.216.176:43986] helo=mail-qc0-f176.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id F9/D0-58273-3F22C245 for ; Wed, 01 Oct 2014 11:51:16 -0400 Received: by mail-qc0-f176.google.com with SMTP id r5so568872qcx.7 for ; Wed, 01 Oct 2014 08:51:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=N01yLSJnx+clHOx47VvsufQhYF+pf+7p19I8nerP3yQ=; b=QMfj7vLVAgn1n8NpyuHIoAQSHo+KRRw97JHp/L390Dxptu6KSK8pG3XquSwaod6Mdr 7FSW9XpJUaRspXZ2uRkeev27wWRyhwoYJ0kz6lHNoZdYRz1MsQyIdQ4xpe5Gf8bud0vJ 4zhJUqJO5+j7RIYeFl33pVbWtegGu643cZay7ESJATDlPLC/XDgAdq+fK+3d7XGSXuoY TrAgTDxF5JkfCmDH8Q+5Ve7+nqsChO5DNDn3Hv20nbQhOKfFHLNTypAGOvCUE/G5SWH4 yKYOsOUDfeAIyyqSumbHO0dG1j4f7wtL8x4FAhOAeMK9ZdTe3Y5dWE9Rm5Y6MPmsPtzs 70PA== X-Received: by 10.140.21.177 with SMTP id 46mr33026268qgl.90.1412178658620; Wed, 01 Oct 2014 08:50:58 -0700 (PDT) MIME-Version: 1.0 Sender: julienpauli@gmail.com Received: by 10.140.101.172 with HTTP; Wed, 1 Oct 2014 08:50:18 -0700 (PDT) In-Reply-To: <54251F2E.3010408@sugarcrm.com> References: <541C5EB5.6090001@fedoraproject.org> <5423BD7F.5070800@sugarcrm.com> <5423C2B4.8030706@fedoraproject.org> <54251F2E.3010408@sugarcrm.com> Date: Wed, 1 Oct 2014 17:50:18 +0200 X-Google-Sender-Auth: 3fbcN0a1-AkBchhD2VhHtEUFNF0 Message-ID: To: Stas Malyshev Cc: Remi Collet , PHP Internals , Daniel Lowrey Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Re: OpenSSL bug in 5.4.33 and 5.5.17 From: jpauli@php.net (Julien Pauli) On Fri, Sep 26, 2014 at 10:09 AM, Stas Malyshev wrote: > Hi! > >> In released 5.4.33 (and 5.5.17) you have 6569db8 + 84a4041 + 32be79d >> (notice I have revert these 3 patches for downstream) >> >> In 5.4/5.5/5.6 you have 6569db8 + 84a4041 + 32be79d + f86b219 + 3728449 >> (all reverted in 5.6.1) >> >> As you said, "5.4 is now supposed to be security-only" so I rather >> think we should revert to 5.4.32 code and have the upcoming fix only >> in 5.5+ (so in 5.5.18RC and 5.6.2RC) > > So, I have reverted the code for xp_ssl.c in 5.4 to it's status as of > 5.4.32, and left 5.5 and above as is. Hopefully, this improves the > situation. I'd like to ask everybody involved to verify if there are no > more regressions caused by this. Just to let you know, I reverted the commits for our next 5.5.18RC1. I leaved the commits into PHP-5.5, so Daniel you still can finish your WIP. As your WIP is an improvement and not a security fix (AFAIK), I think you should take 5.5 as base branch and merge upwards as usual. 5.4 is in security only state. See that with Stas if needed. Don't forget to ping us (RMs) when you hit a stable state, so that we can together decide what we do for next releases (finally have a clean fix , or revert everything in master branches and forget about this issue and regression). Julien.Pauli