Bug#535479: marked as done (php-openid: .*? in _tag_expr in Parse.php causes openid.server 's not parsed on some pages)

Mon, 16 Aug 2010 00:39:52 -0700 

Your message dated Mon, 16 Aug 2010 07:32:18 +0000
with message-id <[email protected]>
and subject line Bug#535479: fixed in php-openid 2.2.2-1
has caused the Debian Bug report #535479,
regarding php-openid: .*? in _tag_expr in Parse.php causes openid.server 
<link>'s not parsed on some pages
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
535479: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535479
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: php-openid
Version: 2.1.3-1
Severity: important
Tags: patch

*** Please type your report below this line ***
In Auth/OpenID/Parse.php, $_tag_expr regexp is "<%s\b(?!:)([^>]*?)(?:\/>|>(.*?)(?:<\/?%s\s*>|\Z))". And libpcre3's implementation of .*? is probably recursive. So, on big HTML pages with <link rel="openid.server">, like http://stas-fomin.blogspot.com/, <html>...</html> tag is not matched due to a stack overflow during matching of .*? (matching stops after approximately 99264 bytes). So, Auth_OpenID does not work with these pages. 
A workaround is very simple: change .*? to .*
A patch is attached.

-- System Information:
Debian Release: squeeze/sid
  APT prefers oldstable
APT policy: (500, 'oldstable'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') 
Architecture: i386 (i686)

Kernel: Linux 2.6.30-1-686 (SMP w/2 CPU cores)
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R)
Shell: /bin/sh linked to /bin/bash

Versions of packages php-openid depends on:
ii php5 5.2.10.dfsg.1-1 server-side, HTML-embedded scripti 
ii  php5-curl                5.2.10.dfsg.1-1 CURL module for php5
ii  php5-gmp                 5.2.10.dfsg.1-1 GMP module for php5

php-openid recommends no packages.

Versions of packages php-openid suggests:
pn  php-db                        <none>     (no description available)

-- no debconf information

--
Wbr,
  Vitaliy Filippov

Attachment: Parse.php.diff
Description: Binary data


--- End Message ---
--- Begin Message --- 
Source: php-openid
Source-Version: 2.2.2-1

We believe that the bug you reported is fixed in the latest version of
php-openid, which is due to be installed in the Debian FTP archive:

php-openid_2.2.2-1.debian.tar.gz
  to main/p/php-openid/php-openid_2.2.2-1.debian.tar.gz
php-openid_2.2.2-1.dsc
  to main/p/php-openid/php-openid_2.2.2-1.dsc
php-openid_2.2.2-1_all.deb
  to main/p/php-openid/php-openid_2.2.2-1_all.deb
php-openid_2.2.2.orig.tar.gz
  to main/p/php-openid/php-openid_2.2.2.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jan Hauke Rahm <[email protected]> (supplier of updated php-openid package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 16 Aug 2010 08:37:15 +0200
Source: php-openid
Binary: php-openid
Architecture: source all
Version: 2.2.2-1
Distribution: unstable
Urgency: low
Maintainer: Jan Hauke Rahm <[email protected]>
Changed-By: Jan Hauke Rahm <[email protected]>
Description: 
 php-openid - PHP OpenID library
Closes: 535479
Changes: 
 php-openid (2.2.2-1) unstable; urgency=low
 .
   * New upstream release
     + Fix regex in Auth/OpenID/Parse.php (Closes: #535479)
   * debian/watch: link to correct upstream homepage
   * Bump Standards-Version to 3.9.1
Checksums-Sha1: 
 83bbdc3b9a6050a826bd82d11b602e4fe47f7adc 1192 php-openid_2.2.2-1.dsc
 009715779b32b42223292ecb5939112bc65334b7 394018 php-openid_2.2.2.orig.tar.gz
 459c69063bbd3858bbf9f6c484c02e38e0fd9993 2204 php-openid_2.2.2-1.debian.tar.gz
 c7eda71489120d0cb537be065c88addd7fadae71 233138 php-openid_2.2.2-1_all.deb
Checksums-Sha256: 
 969bedca89845fb154b5d88764bcee3557c666f790b8455b5fb703bc8a1daeca 1192 
php-openid_2.2.2-1.dsc
 3fe7015aa54c61053cdb8d3c4302099b1ebb9820b8dee73901f76745ec53c6a6 394018 
php-openid_2.2.2.orig.tar.gz
 28e602fafb7f99145b8d0c6b248dc6172bea28a12af13a9a879c409946030d43 2204 
php-openid_2.2.2-1.debian.tar.gz
 4e3301c6cf12e7c6ef1d66da4d227d8146a2bc6842cf7f49c6a5171e5b2d705c 233138 
php-openid_2.2.2-1_all.deb
Files: 
 7cc91d27090ead08c20c746b70cac3c0 1192 php optional php-openid_2.2.2-1.dsc
 f14bfe22b553936a5648dee1ca94455a 394018 php optional 
php-openid_2.2.2.orig.tar.gz
 6a968247de46b6924f3b2b7f14da27f6 2204 php optional 
php-openid_2.2.2-1.debian.tar.gz
 0a75ad6bffff073aa5d7e1edfe3b6bdb 233138 php optional php-openid_2.2.2-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iFYEAREKAAYFAkxo3dMACgkQGOp6XeD8cQ19EQDfX9DWhrmKAwjK7wgmoSoJBmqQ
9HZhkGT5QtlUdgDeKBOYoFGM5nMoU97f9bFMsRlc6Sk4J3Bkp2l5CQ==
=nv4y
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to