Hi, We've just applied the updated packages from the security announcement SUSE-SA:2005:049 that came out about 2 hours ago and we're seeing errors in PCRE functions in a PHP application that was working fine before. Is anyone else having the same problems? Here's an example of the error generated: PHP Warning: preg_match: internal pcre_fullinfo() error -3 in /srv/www/htdocs/netcat/modules/stats/function.inc.php on line 28 Here's line 28 from the file mentioned - it looks perfectly fine to me: if (preg_match("/(netscape|mozilla|links|lynx|opera|msie|konqueror)/i",$HTTP_USER_AGENT)) { Looking on google gives me the impression that many people have seen this bug and unfortunately the PHP team's answer seems to be "use the internal/included PCRE library and not the system one". Do the guys from SuSE or anyone else have any comments on this or ideas on how to solve it? For the moment I've rolled back to the old versions of the RPMs. Best regards, Andy Spiers
On Tue, Aug 30, 2005 at 06:30:07PM +0200, Andy Spiers wrote:
Hi,
We've just applied the updated packages from the security announcement SUSE-SA:2005:049 that came out about 2 hours ago and we're seeing errors in PCRE functions in a PHP application that was working fine before. Is anyone else having the same problems?
Here's an example of the error generated: PHP Warning: preg_match: internal pcre_fullinfo() error -3 in /srv/www/htdocs/netcat/modules/stats/function.inc.php on line 28
Here's line 28 from the file mentioned - it looks perfectly fine to me: if (preg_match("/(netscape|mozilla|links|lynx|opera|msie|konqueror)/i",$HTTP_USER_AGENT)) {
Looking on google gives me the impression that many people have seen this bug and unfortunately the PHP team's answer seems to be "use the internal/included PCRE library and not the system one".
Do the guys from SuSE or anyone else have any comments on this or ideas on how to solve it? For the moment I've rolled back to the old versions of the RPMs.
Yes, please roll back to the old versions. We have removed the patches on our master update staging server already, so you should get the old version via YOU again (in some minutes after the mirrors pick it up). Our testing did not find the problematic use of the apache2 builtin pcre library, which causes php4 to crash. We will issue fixed updates within the next day(s). Sorry for the inconvience. Ciao, Marcus
On Tuesday 30 August 2005 18:44, you wrote:
Yes, please roll back to the old versions. We have removed the patches on our master update staging server already, so you should get the old version via YOU again (in some minutes after the mirrors pick it up). Our testing did not find the problematic use of the apache2 builtin pcre library, which causes php4 to crash. We will issue fixed updates within the next day(s). Sorry for the inconvience.
No problem. Thanks for the very rapid response. Best regards, Andy
On Dienstag 30 August 2005 18:44, Marcus Meissner wrote:
On Tue, Aug 30, 2005 at 06:30:07PM +0200, Andy Spiers wrote:
Hi,
We've just applied the updated packages from the security announcement SUSE-SA:2005:049 that came out about 2 hours ago and we're seeing errors in PCRE functions in a PHP application that was working fine before. Is anyone else having the same problems?
Here's an example of the error generated: PHP Warning: preg_match: internal pcre_fullinfo() error -3 in /srv/www/htdocs/netcat/modules/stats/function.inc.php on line 28
Here's line 28 from the file mentioned - it looks perfectly fine to me: if (preg_match("/(netscape|mozilla|links|lynx|opera|msie|konqueror)/i",$HTTP _USER_AGENT)) {
Looking on google gives me the impression that many people have seen this bug and unfortunately the PHP team's answer seems to be "use the internal/included PCRE library and not the system one".
Do the guys from SuSE or anyone else have any comments on this or ideas on how to solve it? For the moment I've rolled back to the old versions of the RPMs.
Yes, please roll back to the old versions.
We have removed the patches on our master update staging server already, so you should get the old version via YOU again (in some minutes after the mirrors pick it up).
Our testing did not find the problematic use of the apache2 builtin pcre library, which causes php4 to crash.
We will issue fixed updates within the next day(s).
I still find the "new" php-RPMs on the SuSE-ftp-server and its mirror ftp.gwdg.de?! - Or is something wrong with my eyes (or my ftp-program...)? e.g. ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/ There is still apache2-mod_php4.rpm linked to the buggy apache2-mod_php4-4.3.3-194.i586.rpm with the md5-sum announced in the advisory... In which way the update is "disabled?"/ "removed from the masterserver"? I rolled back the php4 on a SuSE 9.0 based server, but I can't find any older packages anymore for a SuSE 9.2 based sysem. So please enlighten me... 8-) -- Eat, sleep and go running, David Hücking. Encrypted eMail welcome! GnuPG/ PGP-Key: 0x57809216. Fingerprint: 3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216
On Wed, Aug 31, 2005 at 12:08:04AM +0200, David Huecking wrote:
On Dienstag 30 August 2005 18:44, Marcus Meissner wrote:
On Tue, Aug 30, 2005 at 06:30:07PM +0200, Andy Spiers wrote:
Hi,
We've just applied the updated packages from the security announcement SUSE-SA:2005:049 that came out about 2 hours ago and we're seeing errors in PCRE functions in a PHP application that was working fine before. Is anyone else having the same problems?
Here's an example of the error generated: PHP Warning: preg_match: internal pcre_fullinfo() error -3 in /srv/www/htdocs/netcat/modules/stats/function.inc.php on line 28
Here's line 28 from the file mentioned - it looks perfectly fine to me: if (preg_match("/(netscape|mozilla|links|lynx|opera|msie|konqueror)/i",$HTTP _USER_AGENT)) {
Looking on google gives me the impression that many people have seen this bug and unfortunately the PHP team's answer seems to be "use the internal/included PCRE library and not the system one".
Do the guys from SuSE or anyone else have any comments on this or ideas on how to solve it? For the moment I've rolled back to the old versions of the RPMs.
Yes, please roll back to the old versions.
We have removed the patches on our master update staging server already, so you should get the old version via YOU again (in some minutes after the mirrors pick it up).
Our testing did not find the problematic use of the apache2 builtin pcre library, which causes php4 to crash.
We will issue fixed updates within the next day(s).
I still find the "new" php-RPMs on the SuSE-ftp-server and its mirror ftp.gwdg.de?! - Or is something wrong with my eyes (or my ftp-program...)? e.g. ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/ There is still apache2-mod_php4.rpm linked to the buggy apache2-mod_php4-4.3.3-194.i586.rpm with the md5-sum announced in the advisory...
In which way the update is "disabled?"/ "removed from the masterserver"?
I rolled back the php4 on a SuSE 9.0 based server, but I can't find any older packages anymore for a SuSE 9.2 based sysem.
So please enlighten me... 8-)
We rolled it back for the online update tool, which will not show and not download the broken patches (in the patches/directory.3 file). The broken RPMs still exist on the mirrors. Ciao, Marcus
Marcus Meissner wrote:
On Wed, Aug 31, 2005 at 12:08:04AM +0200, David Huecking wrote:
On Dienstag 30 August 2005 18:44, Marcus Meissner wrote:
On Tue, Aug 30, 2005 at 06:30:07PM +0200, Andy Spiers wrote:
Hi,
We've just applied the updated packages from the security announcement SUSE-SA:2005:049 that came out about 2 hours ago and we're seeing errors in PCRE functions in a PHP application that was working fine before. Is anyone else having the same problems?
Here's an example of the error generated: PHP Warning: preg_match: internal pcre_fullinfo() error -3 in /srv/www/htdocs/netcat/modules/stats/function.inc.php on line 28
Here's line 28 from the file mentioned - it looks perfectly fine to me: if (preg_match("/(netscape|mozilla|links|lynx|opera|msie|konqueror)/i",$HTTP _USER_AGENT)) {
Looking on google gives me the impression that many people have seen this bug and unfortunately the PHP team's answer seems to be "use the internal/included PCRE library and not the system one".
Do the guys from SuSE or anyone else have any comments on this or ideas on how to solve it? For the moment I've rolled back to the old versions of the RPMs.
Yes, please roll back to the old versions.
We have removed the patches on our master update staging server already, so you should get the old version via YOU again (in some minutes after the mirrors pick it up).
Our testing did not find the problematic use of the apache2 builtin pcre library, which causes php4 to crash.
We will issue fixed updates within the next day(s).
I still find the "new" php-RPMs on the SuSE-ftp-server and its mirror ftp.gwdg.de?! - Or is something wrong with my eyes (or my ftp-program...)? e.g. ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/ There is still apache2-mod_php4.rpm linked to the buggy apache2-mod_php4-4.3.3-194.i586.rpm with the md5-sum announced in the advisory...
In which way the update is "disabled?"/ "removed from the masterserver"?
I rolled back the php4 on a SuSE 9.0 based server, but I can't find any older packages anymore for a SuSE 9.2 based sysem.
So please enlighten me... 8-)
We rolled it back for the online update tool, which will not show and not download the broken patches (in the patches/directory.3 file).
The broken RPMs still exist on the mirrors.
Ciao, Marcus
... and those are obviously being discovered by fou4s. People using fou4s should add pcre to the list of updates to ignore. For SuSE Linux 9.3 add the following line to your /etc/fou4s.conf: IgnoreList=pcre-5.0-3.2 hth, FRagGel.
On Wed, Aug 31, 2005 at 11:46:39AM +0200, Frank Huebsch wrote:
Marcus Meissner wrote:
On Wed, Aug 31, 2005 at 12:08:04AM +0200, David Huecking wrote:
On Dienstag 30 August 2005 18:44, Marcus Meissner wrote:
On Tue, Aug 30, 2005 at 06:30:07PM +0200, Andy Spiers wrote:
Hi,
We've just applied the updated packages from the security announcement SUSE-SA:2005:049 that came out about 2 hours ago and we're seeing errors in PCRE functions in a PHP application that was working fine before. Is anyone else having the same problems?
Here's an example of the error generated: PHP Warning: preg_match: internal pcre_fullinfo() error -3 in /srv/www/htdocs/netcat/modules/stats/function.inc.php on line 28
Here's line 28 from the file mentioned - it looks perfectly fine to me: if (preg_match("/(netscape|mozilla|links|lynx|opera|msie|konqueror)/i",$HTTP _USER_AGENT)) {
Looking on google gives me the impression that many people have seen this bug and unfortunately the PHP team's answer seems to be "use the internal/included PCRE library and not the system one".
Do the guys from SuSE or anyone else have any comments on this or ideas on how to solve it? For the moment I've rolled back to the old versions of the RPMs.
Yes, please roll back to the old versions.
We have removed the patches on our master update staging server already, so you should get the old version via YOU again (in some minutes after the mirrors pick it up).
Our testing did not find the problematic use of the apache2 builtin pcre library, which causes php4 to crash.
We will issue fixed updates within the next day(s).
I still find the "new" php-RPMs on the SuSE-ftp-server and its mirror ftp.gwdg.de?! - Or is something wrong with my eyes (or my ftp-program...)? e.g. ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/ There is still apache2-mod_php4.rpm linked to the buggy apache2-mod_php4-4.3.3-194.i586.rpm with the md5-sum announced in the advisory...
In which way the update is "disabled?"/ "removed from the masterserver"?
I rolled back the php4 on a SuSE 9.0 based server, but I can't find any older packages anymore for a SuSE 9.2 based sysem.
So please enlighten me... 8-)
We rolled it back for the online update tool, which will not show and not download the broken patches (in the patches/directory.3 file).
The broken RPMs still exist on the mirrors.
Ciao, Marcus
... and those are obviously being discovered by fou4s.
People using fou4s should add pcre to the list of updates to ignore. For SuSE Linux 9.3 add the following line to your /etc/fou4s.conf: IgnoreList=pcre-5.0-3.2
No. The pcre update is fine and totally unrelated to the PHP problems. Ciao, Marcus
participants (4)
-
Andy Spiers -
David Huecking -
Frank Huebsch -
Marcus Meissner