[Bug 930115] Re: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
I've posted in php-internals list about this topic: http://marc.info/?l =php-internals&m=132922462700684&w=2 Please tell me answers to some questions. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/930115 Title: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 930115] Re: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
Yes, as Ondřej said, all supported releases were affected and the issue was that ini_get('magic_quotes_gpc') was returning the wrong value, magic_quotes_gpc would still get set correctly. Also, get_magic_quotes_gpc() returned the correct value, too. Fixes for all releases have gone out as http://www.ubuntu.com/usn/usn-1358-2/. Thanks for your patience. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/930115 Title: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 930115] Re: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
This bug was fixed in the package php5 - 5.2.4-2ubuntu5.23 --- php5 (5.2.4-2ubuntu5.23) hardy-security; urgency=low * debian/patches/php5-CVE-2012-0831-regression.patch: fix magic_quotes_gpc ini setting regression introduced by patch for CVE-2012-0831. Thanks to Ondřej Surý for the patch. (LP: #930115) -- Steve BeattieFri, 10 Feb 2012 15:34:36 -0800 ** Changed in: php5 (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/930115 Title: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 930115] Re: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
This bug was fixed in the package php5 - 5.3.2-1ubuntu4.14 --- php5 (5.3.2-1ubuntu4.14) lucid-security; urgency=low * debian/patches/php5-CVE-2012-0831-regression.patch: fix magic_quotes_gpc ini setting regression introduced by patch for CVE-2012-0831. Thanks to Ondřej Surý for the patch. (LP: #930115) -- Steve BeattieFri, 10 Feb 2012 15:07:08 -0800 ** Changed in: php5 (Ubuntu Lucid) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/930115 Title: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 930115] Re: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
Well, it affects all versions which got that security report (i.e. all supported). As far as I understand this bug, the magic_quotes are actually set to the correct value, it's just the ini_get() which reports wrong value. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/930115 Title: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 930115] Re: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
The PHP-version in Hardy Heron (8.04) also has the same behaviour. (version 5.2.4-2ubuntu5.22) This broke some of the websites hosted on my severs that relied on magic_quotes_gpc detection with ini_get('magic_quotes_gpc') . This always returns 0 now, even when magic_quotes_gpc switchec On in php.ini or .htaccess. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/930115 Title: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 930115] Re: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
Ondřej, thanks for diagnosing this issue! I'll review and incorporate your patch and release a regression fix for this shortly after testing locally. Thanks and my apologies for introducing this regression. ** Changed in: php5 (Ubuntu Lucid) Status: Triaged => In Progress ** Changed in: php5 (Ubuntu Lucid) Assignee: Canonical Security Team (canonical-security) => Steve Beattie (sbeattie) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/930115 Title: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 930115] Re: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
The patch attached to PHP bug report fixes your problem: root@howl:/tmp# /tmp/buildd/php5-5.3.3/cgi-build/sapi/cli/php -c /tmp/php.ini -r 'var_dump(ini_get("magic_quotes_gpc"));' string(1) "1" root@howl:/tmp# grep ^magic_quotes_gpc /tmp/php.ini magic_quotes_gpc = On root@howl:/tmp# /tmp/buildd/php5-5.3.3/cgi-build/sapi/cli/php -c /tmp/php.ini -r 'var_dump(ini_get("magic_quotes_gpc"));' string(1) "1" root@howl:/tmp# emacs php.ini root@howl:/tmp# grep ^magic_quotes_gpc /tmp/php.ini magic_quotes_gpc = Off root@howl:/tmp# /tmp/buildd/php5-5.3.3/cgi-build/sapi/cli/php -c /tmp/php.ini -r 'var_dump(ini_get("magic_quotes_gpc"));' string(0) "" -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/930115 Title: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs