Hi Rasmus,
On 08/03/2013 07:51 PM, Rasmus Lerdorf wrote:
Hey Johannes, could you take a look at:
https://gist.github.com/anonymous/6143477
You can reproduce in 5.5 with:
sapi/cli/php ext/mysqli/tests/mysqli_poll_kill.php
main/streams/cast.c:306 is:
if (php_stream_is_filtered(stream)) {
but
Hi,
On Mon, Aug 5, 2013 at 2:01 AM, Yasuo Ohgaki wrote:
> Thank you for noticing crash. Data can be null, so the fix is OK.
> Removing the limitation that prohibits setting session ID is fine for me,
> too.
>
> Please, apply your patch.
I thought we were in agreement about doing this properly
Hi Arpad,
On Mon, Aug 5, 2013 at 6:22 PM, Arpad Ray wrote:
> I thought we were in agreement about doing this properly in PHP.next? My
> arguments against this version of the patch still stand:
We had long discussion and decided to apply maintained branches
as security enhancement more than a y
Hi Yasuo,
On Mon, Aug 5, 2013 at 10:50 AM, Yasuo Ohgaki wrote:
> On Mon, Aug 5, 2013 at 6:22 PM, Arpad Ray wrote:
>
>> I thought we were in agreement about doing this properly in PHP.next? My
>> arguments against this version of the patch still stand:
>
>
> We had long discussion and decided to
Hi Arpad,
On Mon, Aug 5, 2013 at 7:05 PM, Arpad Ray wrote:
> I'm not against the idea in principle but still think having a security
> feature which just quietly fails if you're not using one of two modified
> handlers is really not good.
>
> I also think there's no great rush to add this, becau
Hi Yasuo,
On Mon, Aug 5, 2013 at 11:10 AM, Yasuo Ohgaki wrote:
>
> On Mon, Aug 5, 2013 at 7:05 PM, Arpad Ray wrote:
>
>> I'm not against the idea in principle but still think having a security
>> feature which just quietly fails if you're not using one of two modified
>> handlers is really not g
Hi Arpad,
On Mon, Aug 5, 2013 at 7:26 PM, Arpad Ray wrote:
> Could you point me to where this was decided please? I don't see a vote or
> anything like a consensus in the previous threads.
There isn't vote for this RFC since this is security.
It's also a consensus.
The main thread is this. It
On 08/05/2013 03:32 AM, Andrey Hristov wrote:
> I just tried the combo PHP 5.5 (git) with MySQL 5.6 (13-dev) without
> segfault. What's your setup?
This is on my Ubuntu 13.04 laptop. mysql Ver 14.14 Distrib 5.5.32 with
PHP 5.5 git just running make test. I get a core every time on that test
in th
I have added a simple test case for Linux to verify it's basic
functionality via the CLI server, and think it's ready to be merged to
master to be able to test it within a wider audience.
Objections, anyone?
https://github.com/m6w6/php-src/compare/2Guploads
Thank you Ralf!
--
Regards,
Mike
--
On 5 August 2013 14:05, Michael Wallner wrote:
> I have added a simple test case for Linux to verify it's basic
> functionality via the CLI server, and think it's ready to be merged to
> master to be able to test it within a wider audience.
>
> Objections, anyone?
> https://github.com/m6w6/php-src
Hi Mike,
On Aug 5, 2013 3:58 PM, "Michael Wallner" wrote:
>
> On 5 August 2013 14:05, Michael Wallner wrote:
> > I have added a simple test case for Linux to verify it's basic
> > functionality via the CLI server, and think it's ready to be merged to
> > master to be able to test it within a wid
On Fri, Aug 2, 2013 at 9:55 PM, Levi Morrison wrote:
> If you have ideas or things to say, I'm listening.
>> https://github.com/jpauli/php-src/compare/macroing
>
>
> Is there a reason you switched from names like `__toString` to
> `__tostring` (https://github.com/jpauli/php-src/compare/macroing#L2
Julien Pauli in php.internals (Fri, 2 Aug 2013 10:05:00 +0200):
>Please test the release carefully and report any bugs.
What is the best way to report things that are so small that opening an
issue would be overkill?
I have got some tiny remarks:
- Typo in NEWS: OPcahce should be OPcache
- Remove
On 8/5/13 8:12 AM, Jan Ehrhardt wrote:
Julien Pauli in php.internals (Fri, 2 Aug 2013 10:05:00 +0200):
Please test the release carefully and report any bugs.
What is the best way to report things that are so small that opening an
issue would be overkill?
I have got some tiny remarks:
- Typo
Hi Yasuo,
On Mon, Aug 5, 2013 at 11:38 AM, Yasuo Ohgaki wrote:
> On Mon, Aug 5, 2013 at 7:26 PM, Arpad Ray wrote:
>
>> Could you point me to where this was decided please? I don't see a vote
>> or anything like a consensus in the previous threads.
>
>
> There isn't vote for this RFC since this
On 5 August 2013 16:19, Pierre Joye wrote:
> Hi Mike,
>
> On Aug 5, 2013 3:58 PM, "Michael Wallner" wrote:
>>
>> On 5 August 2013 14:05, Michael Wallner wrote:
>> > I have added a simple test case for Linux to verify it's basic
>> > functionality via the CLI server, and think it's ready to be me
Hi Arpad,
On Tue, Aug 6, 2013 at 1:04 AM, Arpad Ray wrote:
> I think there really should be a vote.
This means you don't really understand the true risk of this vulnerability.
It allows permanent session ID fixation. This is CVE assigned vulnerability.
Details are explained in the RFC and I d
Hi Yasuo,
On Mon, Aug 5, 2013 at 7:46 PM, Yasuo Ohgaki wrote:
> On Tue, Aug 6, 2013 at 1:04 AM, Arpad Ray wrote:
>
>> I think there really should be a vote.
>
>
> This means you don't really understand the true risk of this vulnerability.
> It allows permanent session ID fixation. This is CVE
Hi!
> I'm not going to repeat my arguments against the committed solution yet
> again, but I really think we need a better one.
You are free to propose a better one. Since this topic is being
discussed for almost 2 years and nobody came with anything better, as
far as I know, I think it is reason
Hi Stas,
On Mon, Aug 5, 2013 at 8:23 PM, Stas Malyshev wrote:
> > I'm not going to repeat my arguments against the committed solution yet
> > again, but I really think we need a better one.
>
> You are free to propose a better one. Since this topic is being
> discussed for almost 2 years and nobo
Hi Arpad,
On Tue, Aug 6, 2013 at 4:17 AM, Arpad Ray wrote:
> On Mon, Aug 5, 2013 at 7:46 PM, Yasuo Ohgaki wrote:
>
>> On Tue, Aug 6, 2013 at 1:04 AM, Arpad Ray wrote:
>>
>>> I think there really should be a vote.
>>
>>
>> This means you don't really understand the true risk of this
>> vulnera
Hi Arpad,
On Tue, Aug 6, 2013 at 4:33 AM, Arpad Ray wrote:
> Hi Stas,
>
> On Mon, Aug 5, 2013 at 8:23 PM, Stas Malyshev wrote:
>
>> > I'm not going to repeat my arguments against the committed solution yet
>> > again, but I really think we need a better one.
>>
>> You are free to propose a bette
22 matches
Mail list logo
