[Bug 930115] Re: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
I've posted in php-internals list about this topic: http://marc.info/?l =php-internalsm=132922462700684w=2 Please tell me answers to some questions. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/930115 Title: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 930115] Re: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
The PHP-version in Hardy Heron (8.04) also has the same behaviour.
(version 5.2.4-2ubuntu5.22) This broke some of the websites hosted on my
severs that relied on magic_quotes_gpc detection with
ini_get('magic_quotes_gpc') . This always returns 0 now, even when
magic_quotes_gpc switchec On in php.ini or .htaccess.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/930115
Title:
php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 930115] Re: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
Well, it affects all versions which got that security report (i.e. all supported). As far as I understand this bug, the magic_quotes are actually set to the correct value, it's just the ini_get() which reports wrong value. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/930115 Title: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 930115] Re: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
This bug was fixed in the package php5 - 5.3.2-1ubuntu4.14 --- php5 (5.3.2-1ubuntu4.14) lucid-security; urgency=low * debian/patches/php5-CVE-2012-0831-regression.patch: fix magic_quotes_gpc ini setting regression introduced by patch for CVE-2012-0831. Thanks to Ondřej Surý for the patch. (LP: #930115) -- Steve Beattie sbeat...@ubuntu.com Fri, 10 Feb 2012 15:07:08 -0800 ** Changed in: php5 (Ubuntu Lucid) Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/930115 Title: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 930115] Re: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
This bug was fixed in the package php5 - 5.2.4-2ubuntu5.23 --- php5 (5.2.4-2ubuntu5.23) hardy-security; urgency=low * debian/patches/php5-CVE-2012-0831-regression.patch: fix magic_quotes_gpc ini setting regression introduced by patch for CVE-2012-0831. Thanks to Ondřej Surý for the patch. (LP: #930115) -- Steve Beattie sbeat...@ubuntu.com Fri, 10 Feb 2012 15:34:36 -0800 ** Changed in: php5 (Ubuntu) Status: Triaged = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/930115 Title: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 930115] Re: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
Yes, as Ondřej said, all supported releases were affected and the issue
was that ini_get('magic_quotes_gpc') was returning the wrong value,
magic_quotes_gpc would still get set correctly. Also,
get_magic_quotes_gpc() returned the correct value, too.
Fixes for all releases have gone out as
http://www.ubuntu.com/usn/usn-1358-2/. Thanks for your patience.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/930115
Title:
php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 930115] Re: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
The patch attached to PHP bug report fixes your problem: root@howl:/tmp# /tmp/buildd/php5-5.3.3/cgi-build/sapi/cli/php -c /tmp/php.ini -r 'var_dump(ini_get(magic_quotes_gpc));' string(1) 1 root@howl:/tmp# grep ^magic_quotes_gpc /tmp/php.ini magic_quotes_gpc = On root@howl:/tmp# /tmp/buildd/php5-5.3.3/cgi-build/sapi/cli/php -c /tmp/php.ini -r 'var_dump(ini_get(magic_quotes_gpc));' string(1) 1 root@howl:/tmp# emacs php.ini root@howl:/tmp# grep ^magic_quotes_gpc /tmp/php.ini magic_quotes_gpc = Off root@howl:/tmp# /tmp/buildd/php5-5.3.3/cgi-build/sapi/cli/php -c /tmp/php.ini -r 'var_dump(ini_get(magic_quotes_gpc));' string(0) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/930115 Title: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 930115] Re: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
Ondřej, thanks for diagnosing this issue! I'll review and incorporate your patch and release a regression fix for this shortly after testing locally. Thanks and my apologies for introducing this regression. ** Changed in: php5 (Ubuntu Lucid) Status: Triaged = In Progress ** Changed in: php5 (Ubuntu Lucid) Assignee: Canonical Security Team (canonical-security) = Steve Beattie (sbeattie) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/930115 Title: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
