Univention Bugzilla – Bug 40693
UCS 3.3 PHP update
Last modified: 2016-06-07 21:35:46 CEST
PHP should be updated to 5.4.45 (Debian Wheezy) in UCS 3.3.
cherry picked php from errata4.0-3 and built in 3.3 Successful build Package: php5 Version: 5.4.45-0~ucs3.3.225.201602261219 User: fbotner Branch: ucs_3.3-0 and cherry picked psmisc from 4.0-0 and built in 3.3 Successful build Package: psmisc Version: 22.19-1~ucs3.3.17.201602261438 User: fbotner Branch: ucs_3.3-0
5.4.45-0+deb7u1 imported on 2015-09-17 17:30:20.536353 Included in release tag 3.3-0-0 (75797) Included in release tag 4.1-0-0 (75797) Included in scope errata4.0-3 for release tag 4.0-0-0 (75797) Included in scope php54 for release tag 3.2-0-0 (75797) seems that php in php54 has a higher version, rebuild in 3.3 with version>php54<4.0-0
5.4.45-0~ucs3.3.226.201602291614 0 500 http://192.168.0.10/build2/ ucs_3.3-0/amd64/ Packages 5.4.4-14.204.201411010701 0 500 http://univention-repository.knut.univention.de/4.0/maintained/ 4.0-0/amd64/ Packages 5.4.4-14.199.201407221444 0 500 http://univention-repository.knut.univention.de/3.2/maintained/component/ php54/amd64/ Packages 5.3.3.1-7.218.201511161319 0 500 http://univention-repository.knut.univention.de/3.2/maintained/ 3.2-8/amd64/ Packages 5.4.45 is imported into 3.2-php54 but actually shipped is 5.4.4-14, so 3.3 has a higher php4 version, ok 4.0-0 php5 version is smaller than 3.3 but that is ok for now, we explicitly want 5.4.45 in 3.3.
cherrypicked from 4.0-0 / built in 3.3 the following packages: * php-imagick graphviz swig2.0 guile-1.8 * php-geoip * php-memcache * php-ssh2 Now i can install univention-mail-horde on 3.3
OK: changelog entry OK: manual test: # echo '<?php phpinfo(); ?>' > /var/www/phpinfo.php ; wget -q -O - http://127.0.0.1/phpinfo.php | egrep '5.4.45-0~ucs3.3' && echo OK <tr><td class="e">PHP Version </td><td class="v">5.4.45-0~ucs3.3.230.201603072027 </td></tr> OK OK: manual test: install Horde from AppCenter (In reply to Felix Botner from comment #4) > Now i can install univention-mail-horde on 3.3 I had to version bump univention-mail-postfix (r68291) to get it to work.
A libgd2 backport is required as well for this current issue (see Bug 41208): * Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow (CVE-2016-3074) In Debian libgd2 is used by php5.
Had to backport d-shlibs and libjpeg8 as well. -> repo_admin.py --cherrypick -r 4.0 --releasedest 3.3 -p d-shlibs -> b33 d-shlibs -> repo_admin.py --cherrypick -r 4.0 -s errata4.0-5 --releasedest 3.3 -p libgd2 -> repo_stat.py libgd2 libgd2-noxpm: Installiert: 2.0.36~rc1~dfsg-5.28.201104280307 Kandidat: 2.0.36~rc1~dfsg-6.1.35.201605091028 2.0.36~rc1~dfsg-6.1.35.201605091028 0 500 http://192.168.0.10/build2/ ucs_4.1-0-errata4.1-1/amd64/ Packages 2.0.36~rc1~dfsg-6.1.34.201605091025 0 500 http://192.168.0.10/build2/ ucs_4.0-0-errata4.0-5/amd64/ Packages 2.0.36~rc1~dfsg-6.1~ucs3.3.37.201605091248 0 500 http://192.168.0.10/build2/ ucs_3.3-0/amd64/ Packages
OK: confirmed backports of libgd2, d-shlibs and libjpeg8. OK: update & install OK: libgd2 works: webpng -d /var/www/ucs-overview/img/welcome.png OK libgd works in php5: (from http://php.net/manual/en/book.image.php) # cat > /var/www/gdtest.php <?php $im = imagecreatetruecolor(300, 50); $text_color = imagecolorallocate($im, 233, 14, 91); imagestring($im, 1, 5, 5, 'A Simple Text String', $text_color); ob_start(); imagejpeg($im, NULL, 85); $contents = ob_get_contents(); ob_end_clean(); imagedestroy($im); $fh = fopen("/tmp/img.jpg", "a+" ); fwrite( $fh, $contents ); fclose( $fh ); ?> # wget -q http://localhost/gdtest.php # file /tmp/img.jpg /tmp/img.jpg: JPEG image data, JFIF standard 1.01, comment: "CREATOR: gd-jpeg v1.0 (using IJ"
UCS 3.3 has been released: https://docs.software-univention.de/release-notes-3.3-0-en.html https://docs.software-univention.de/release-notes-3.3-0-de.html If this error occurs again, please use "Clone This Bug".