On Wed, Aug 31, 2005 at 12:08:04AM +0200, David Huecking wrote:
On Dienstag 30 August 2005 18:44, Marcus Meissner wrote:
On Tue, Aug 30, 2005 at 06:30:07PM +0200, Andy Spiers wrote:
Hi,
We've just applied the updated packages from the security announcement SUSE-SA:2005:049 that came out about 2 hours ago and we're seeing errors in PCRE functions in a PHP application that was working fine before. Is anyone else having the same problems?
Here's an example of the error generated: PHP Warning: preg_match: internal pcre_fullinfo() error -3 in /srv/www/htdocs/netcat/modules/stats/function.inc.php on line 28
Here's line 28 from the file mentioned - it looks perfectly fine to me: if (preg_match("/(netscape|mozilla|links|lynx|opera|msie|konqueror)/i",$HTTP _USER_AGENT)) {
Looking on google gives me the impression that many people have seen this bug and unfortunately the PHP team's answer seems to be "use the internal/included PCRE library and not the system one".
Do the guys from SuSE or anyone else have any comments on this or ideas on how to solve it? For the moment I've rolled back to the old versions of the RPMs.
Yes, please roll back to the old versions.
We have removed the patches on our master update staging server already, so you should get the old version via YOU again (in some minutes after the mirrors pick it up).
Our testing did not find the problematic use of the apache2 builtin pcre library, which causes php4 to crash.
We will issue fixed updates within the next day(s).
I still find the "new" php-RPMs on the SuSE-ftp-server and its mirror ftp.gwdg.de?! - Or is something wrong with my eyes (or my ftp-program...)? e.g. ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/ There is still apache2-mod_php4.rpm linked to the buggy apache2-mod_php4-4.3.3-194.i586.rpm with the md5-sum announced in the advisory...
In which way the update is "disabled?"/ "removed from the masterserver"?
I rolled back the php4 on a SuSE 9.0 based server, but I can't find any older packages anymore for a SuSE 9.2 based sysem.
So please enlighten me... 8-)
We rolled it back for the online update tool, which will not show and not download the broken patches (in the patches/directory.3 file). The broken RPMs still exist on the mirrors. Ciao, Marcus