Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:77847
Return-Path: <jocelyn.fournier@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 51130 invoked from network); 10 Oct 2014 11:59:40 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 10 Oct 2014 11:59:40 -0000
Authentication-Results: pb1.pair.com header.from=jocelyn.fournier@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=jocelyn.fournier@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.44 as permitted sender)
X-PHP-List-Original-Sender: jocelyn.fournier@gmail.com
X-Host-Fingerprint: 74.125.82.44 mail-wg0-f44.google.com  
Received: from [74.125.82.44] ([74.125.82.44:54381] helo=mail-wg0-f44.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id A0/F3-29144-B2AC7345 for <internals@lists.php.net>; Fri, 10 Oct 2014 07:59:40 -0400
Received: by mail-wg0-f44.google.com with SMTP id y10so3649407wgg.15
        for <internals@lists.php.net>; Fri, 10 Oct 2014 04:59:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=from:message-id:date:user-agent:mime-version:to:subject:references
         :in-reply-to:content-type:content-transfer-encoding;
        bh=pT/2VRS7r10yssQxfAwhWAdsXpNa7m/4th7/KEfCvGI=;
        b=JZ6MaMqf17PW6GH1HMz1TDUsPD/W9507RNtZOZK+pkyDW0z0CzvmAxVLDZMSu68tvX
         Q/SbAecAW4QT7x6yVRLKINW/cxP5QQ0C9uuDLBpr2uirESZ9KsHlv2oQvMQ15aoWIdo9
         ZfXg3dTMXWIl+1ZwERB+EA21lwg90ROJG9VPaVzyHjTY5VDaxCTrLDudD9NOa+ssRBi/
         PPTkersF1X5uUBvmgAY235an6HRr1aci6983BnskzPRLbdiVl5tRkExlK7O0lgpTFXVw
         /QnMShxOqF/E9zytWyM9AP59Gaw3mVe1WJVuV3WG4SclfTHeRjBu3n7yztAR5HjfG9W4
         b5uQ==
X-Received: by 10.180.9.204 with SMTP id c12mr4262833wib.47.1412942375945;
        Fri, 10 Oct 2014 04:59:35 -0700 (PDT)
Received: from MacBook-Pro-de-jocelyn-fournier.local ([2a01:e35:2ea9:c3d0:78d0:8a34:56:ac74])
        by mx.google.com with ESMTPSA id fs13sm2394634wic.19.2014.10.10.04.59.34
        for <multiple recipients>
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 10 Oct 2014 04:59:35 -0700 (PDT)
X-Google-Original-From: jocelyn fournier <jocelyn.fournier@gmail.Com>
Message-ID: <5437CA24.3050608@gmail.Com>
Date: Fri, 10 Oct 2014 13:59:32 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.1.2
MIME-Version: 1.0
To: internals@lists.php.net, rdlowrey@php.net
References: <CAH8Mpn=qMkbBjDZRe-BX2Y0yQt_yR+y+Hu_gRHu=0jFTEV0MuA@mail.gmail.com> <54306D97.8050900@gmail.Com>
In-Reply-To: <54306D97.8050900@gmail.Com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Subject: Re: [PHP-DEV] Re: Re: OpenSSL bug in 5.4.33 and 5.5.17
From: jocelyn.fournier@gmail.com (jocelyn fournier)

Hi,

When do you plan to release a new 5.4.34 / 5.5.18 version with a fix for 
those issues ? I'm concerned because our app is just broken with this 
issue. Moreover 5.4.33 / 5.5.17 are used in some PHP Buildpack on PAAS 
platform like cloudfoundry/pivotal, they are directly affected by the 
problem.

Thanks !
   Jocelyn

Le 04/10/2014 23:58, jocelyn fournier a écrit :
> Hi,
>
> It would perhaps be great to communicate on this nasty bug on the PHP
> website ?
> For example code based on amqplib + ssl
> (https://github.com/videlalvaro/php-amqplib) is not working anymore as
> well, and it could be a headache to figure out why it's not working. I
> assume a lot more libs could be affected.
>
> Thanks,
>    Jocelyn
>
>
> Le 23/09/2014 07:39, Daniel Lowrey a écrit :
>>>> Hi,
>>>>
>>>> That's a bad thing we need to fix ASAP.
>>>>
>>>> I think for 5.6.1 we'll revert it , if not, we'll need an RC2, which
>>>> is something we usually don't do (but as this could involve security,
>>>> we may do it).
>>>> The fix can be merged to 5.5.18RC1, next week, to have an RC cycle if
>>>> not part of a 5.6.1RC2 (tag is tomorrow)
>>>>
>>>> 5.6 and 5.5 actually overlap in the release weeks. 5.6 is planned on
>>>> odd weeks whereas 5.5 is on even weeks.
>>>>
>>>> Waiting for Ferenc's advice anyway.
>>>>
>>>> Julien.P
>>>
>>> I have no issues with reverting at this point as that's the best
>>> route to
>>> get stable releases back on track. I thought I had fixed some really old
>>> bugs with those commits but the medicine turned out to be worse than the
>>> disease. My apologies again for letting those problems sneak into
>>> releases
>>> :/
>>
>> I've got the necessary fixes lined up at this point, I just need to know
>> how you guys would prefer to proceed on this.
>>
>> I can commit the relevant changes to 5.4, 5.5 and 5.6 and double-check
>> with
>> RMs to ensure they make it into this next set of releases or we can
>> revert
>> the previous commits and forget about the bug fixes altogether.
>>
>> Just let me know which you prefer. Thanks.
>>