Debian Bug report logs - #806802
php5: Please update PHP 5.6 as part of the next point release or backport fixes for segfaults

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Wilhelmy <m.wilhelmy@bgcc.at>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: php5: Please update PHP 5.6 as part of the next point release or backport fixes for segfaults

Date: Tue, 01 Dec 2015 16:58:06 +0100

Package: php5
Version: 5.6.7+dfsg-1
Severity: normal
Tags: upstream

Dear PHP Maintainers,

PHP 5.6.15 fixed various segfaults, by which we were affected, and which caused
the entire php5-fpm monitor process to crash the monitored processes in the
garbage collector when using Opcache. This means that fpm would not crash
reliably, in which case we could have just restarted it, but the wonky fpm
master process would spawn subprocesses which would then reliably segfault,
causing us random downtime which required human intervention.

Since most of the changes in point-releases of PHP 5.6 are either security
fixes or fixes for rather serious bugs like the segfault above, or other cases
of PHP segfaulting: Would you please update PHP to 5.6.16 as part of the next
jessie point release, or at least backport the fixes to the current version in
the repository?

See http://www.php.net/ChangeLog-5.php#5.6.15 for the complete list of changes.

The particular bug we are affected by is https://bugs.php.net/bug.php?id=70601
but http://bugs.php.net/70631 and http://bugs.php.net/70632 also look rather grave.

I believe the bug affects all users of Opcache, not just fpm.

Our current fix is running our own PHP package which has the fixes compiled in
and has been stable so far.

Best,
Moritz

-- System Information:
Debian Release: 8.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Message #10 received at 806802@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@sury.org>

To: Moritz Wilhelmy <m.wilhelmy@bgcc.at>, Debian Bug Tracking System <806802@bugs.debian.org>

Subject: Re: [php-maint] Bug#806802: php5: Please update PHP 5.6 as part of the next point release or backport fixes for segfaults

Date: Tue, 01 Dec 2015 21:05:31 +0100

The latest available version from Debian is 5.6.14+dfsg-0+deb8u1, with
5.6.15 already in security team queue and 5.6.16 in preparation. If you
are running 5.6.7+dfsg-1 then you are doing something very wrong like
having security updates disabled.

Cheers,
Ondrej

On Tue, Dec 1, 2015, at 16:58, Moritz Wilhelmy wrote:
> Package: php5
> Version: 5.6.7+dfsg-1
> Severity: normal
> Tags: upstream
> 
> Dear PHP Maintainers,
> 
> PHP 5.6.15 fixed various segfaults, by which we were affected, and which
> caused
> the entire php5-fpm monitor process to crash the monitored processes in
> the
> garbage collector when using Opcache. This means that fpm would not crash
> reliably, in which case we could have just restarted it, but the wonky
> fpm
> master process would spawn subprocesses which would then reliably
> segfault,
> causing us random downtime which required human intervention.
> 
> Since most of the changes in point-releases of PHP 5.6 are either
> security
> fixes or fixes for rather serious bugs like the segfault above, or other
> cases
> of PHP segfaulting: Would you please update PHP to 5.6.16 as part of the
> next
> jessie point release, or at least backport the fixes to the current
> version in
> the repository?
> 
> See http://www.php.net/ChangeLog-5.php#5.6.15 for the complete list of
> changes.
> 
> The particular bug we are affected by is
> https://bugs.php.net/bug.php?id=70601
> but http://bugs.php.net/70631 and http://bugs.php.net/70632 also look
> rather grave.
> 
> I believe the bug affects all users of Opcache, not just fpm.
> 
> Our current fix is running our own PHP package which has the fixes
> compiled in
> and has been stable so far.
> 
> Best,
> Moritz
> 
> -- System Information:
> Debian Release: 8.2
>   APT prefers stable
>   APT policy: (500, 'stable')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> 
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint


-- 
Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server

Message #15 received at 806802@bugs.debian.org (full text, mbox, reply):

From: Moritz Wilhelmy <m.wilhelmy@bgcc.at>

To: Ondřej Surý <ondrej@sury.org>, 806802@bugs.debian.org

Subject: Re: [php-maint] Bug#806802: php5: Please update PHP 5.6 as part of the next point release or backport fixes for segfaults

Date: Thu, 3 Dec 2015 15:11:58 +0100

Hi Ondřej,

Great to hear, thanks.

I reported the bug from a different machine since reportbug wasn’t installed and the MTA wasn’t properly set up and got the version number wrong from the output of apt-cache. We don’t run 5.6.7+dsfg-1 anywhere. Just wanted to make sure jessie gets 5.6.16 eventually.

Best,
Moritz

Send a report that this bug log contains spam.