[pkg-php-pear] Fwd: [php-maint] Bug#812788: php5: php security update breaks php-net-ldap2

Ondřej Surý ondrej at sury.org
Tue Jan 26 16:15:10 UTC 2016 

The patch is in fact very simple. Benoit, Prach, could you prepare the
updated packages swiftly or should I do it?

https://github.com/pear/Net_LDAP2/commit/df99b63de9b2459b5e0cd94bd26f38f3010f992e

Cheers,
-- 
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server

----- Original message -----
From: michael-dev at fami-braun.de
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: [php-maint] Bug#812788: php5: php security update breaks
php-net-ldap2
Date: Tue, 26 Jan 2016 16:45:48 +0100

Package: php5-common
Version: 5.6.17+dfsg-0+deb8u1
Severity: normal

Dear Maintainer,

   * What led up to the situation?

unattended upgrades upgraded php5 from 5.6.14+dfsg-0+deb8u1 to
5.6.17+dfsg-0+deb8u1 in jessie automatically.
php-net-ldap2 is version 2.0.12-1 from debian stable.

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

Visiting a php based website that required Net::LDAP2.

   * What was the outcome of this action?

An empty website with PHP error:

PHP message: PHP Fatal error:  Access level to
Net_LDAP2_RootDSE::__construct() must be public (as in class PEAR) in
/usr/share/php/Net/LDAP2/RootDSE.php on line 0

   * What outcome did you expect instead?

I did not expect php5 stable updates to break a debian stable package.

Regards,
 M. Braun

-- Package-specific info:
==== Additional PHP 5 information ====

++++ PHP 5 SAPI (php5query -S): ++++
fpm
cli
cgi

++++ PHP 5 Extensions (php5query -M -v): ++++
memcached (Enabled for fpm by local administrator)
memcached (Enabled for cli by local administrator)
memcached (Enabled for cgi by local administrator)
json (Enabled for fpm by maintainer script)
json (Enabled for cli by maintainer script)
json (Enabled for cgi by maintainer script)
curl (Enabled for fpm by maintainer script)
curl (Enabled for cli by maintainer script)
curl (Enabled for cgi by maintainer script)
mcrypt (Enabled for fpm by maintainer script)
mcrypt (Enabled for cli by maintainer script)
mcrypt (Enabled for cgi by maintainer script)
svn (Enabled for fpm by maintainer script)
svn (Enabled for cli by maintainer script)
svn (Enabled for cgi by maintainer script)
pdo_pgsql (Enabled for fpm by maintainer script)
pdo_pgsql (Enabled for cli by maintainer script)
pdo_pgsql (Enabled for cgi by maintainer script)
opcache (Enabled for fpm by maintainer script)
opcache (Enabled for cli by maintainer script)
opcache (Enabled for cgi by maintainer script)
readline (Enabled for fpm by maintainer script)
readline (Enabled for cli by maintainer script)
readline (Enabled for cgi by maintainer script)
pgsql (Enabled for fpm by maintainer script)
pgsql (Enabled for cli by maintainer script)
pgsql (Enabled for cgi by maintainer script)
pdo (Enabled for fpm by maintainer script)
pdo (Enabled for cli by maintainer script)
pdo (Enabled for cgi by maintainer script)
tidy (Enabled for fpm by maintainer script)
tidy (Enabled for cli by maintainer script)
tidy (Enabled for cgi by maintainer script)
xdebug (Enabled for fpm by maintainer script)
xdebug (Enabled for cli by maintainer script)
xdebug (Enabled for cgi by maintainer script)
gd (Enabled for fpm by maintainer script)
gd (Enabled for cli by maintainer script)
gd (Enabled for cgi by maintainer script)
xmlrpc (Enabled for fpm by maintainer script)
xmlrpc (Enabled for cli by maintainer script)
xmlrpc (Enabled for cgi by maintainer script)
pdo_mysql (Enabled for fpm by maintainer script)
pdo_mysql (Enabled for cli by maintainer script)
pdo_mysql (Enabled for cgi by maintainer script)
imagick (Enabled for fpm by maintainer script)
imagick (Enabled for cli by maintainer script)
imagick (Enabled for cgi by maintainer script)
intl (Enabled for fpm by maintainer script)
intl (Enabled for cli by maintainer script)
intl (Enabled for cgi by maintainer script)
mysqli (Enabled for fpm by maintainer script)
mysqli (Enabled for cli by maintainer script)
mysqli (Enabled for cgi by maintainer script)
redis (Enabled for fpm by local administrator)
redis (Enabled for cli by local administrator)
redis (Enabled for cgi by local administrator)
apcu (Enabled for fpm by maintainer script)
apcu (Enabled for cli by maintainer script)
apcu (Enabled for cgi by maintainer script)
ldap (Enabled for fpm by maintainer script)
ldap (Enabled for cli by maintainer script)
ldap (Enabled for cgi by maintainer script)
memcache (Enabled for fpm by local administrator)
memcache (Enabled for cli by local administrator)
memcache (Enabled for cgi by local administrator)
mysql (Enabled for fpm by maintainer script)
mysql (Enabled for cli by maintainer script)
mysql (Enabled for cgi by maintainer script)

++++ Configuration files: ++++
**** /etc/php5/mods-available/pdo.ini ****
extension=pdo.so

**** /etc/php5/mods-available/opcache.ini ****
zend_extension=opcache.so


-- System Information:
Debian Release: 8.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages php5 depends on:
ii  php5-cgi     5.6.17+dfsg-0+deb8u1
ii  php5-common  5.6.17+dfsg-0+deb8u1
ii  php5-fpm     5.6.17+dfsg-0+deb8u1

php5 recommends no packages.

php5 suggests no packages.

Versions of packages php5-common depends on:
ii  libc6   2.19-18+deb8u2
ii  lsof    4.86+dfsg-1
ii  psmisc  22.21-2
ii  sed     4.2.2-4+b1
ii  ucf     3.0030

Versions of packages php5-common suggests:
ii  php5-apcu [php5-user-cache]  4.0.7-1

-- no debconf information

_______________________________________________
pkg-php-maint mailing list
pkg-php-maint at lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint

More information about the pkg-php-pear mailing list