Bug 771916 - php53-common does not satisfy deps
Summary: php53-common does not satisfy deps
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: php-suhosin
Version: el5
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Orphan Owner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-01-05 11:36 UTC by David Busby
Modified: 2017-04-06 10:04 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-04-06 10:04:27 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
Proposed spec file (currently testing). (3.46 KB, text/plain)
2012-01-05 13:42 UTC, David Busby 		no flags Details
Fixed proposed spec file. (3.46 KB, text/plain)
2012-01-05 13:52 UTC, David Busby 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 750547 0 medium CLOSED CVE-2011-4885 php: hash table collisions CPU usage DoS (oCERT-2011-003) 2023-05-12 18:51:59 UTC

Internal Links: 750547

Description David Busby 2012-01-05 11:36:54 UTC 
[root@espn2 ~]# yum install php-suhosin
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package php-suhosin.x86_64 0:0.9.29-3.el5 set to be updated
--> Processing Dependency: php-zend-abi = 20050922 for package: php-suhosin
--> Running transaction check
---> Package php-common.x86_64 0:5.1.6-27.el5_5.3 set to be updated
--> Processing Conflict: php53-common conflicts php-common
--> Finished Dependency Resolution
php53-common-5.3.3-1.el5_7.3.x86_64 from installed has depsolving problems
  --> php53-common conflicts with php-common
Error: php53-common conflicts with php-common
 You could try using --skip-broken to work around the problem
 You could try running: package-cleanup --problems
                        package-cleanup --dupes
                        rpm -Va --nofiles --nodigest

Unsure if this can be fixed, as php-suhosin does support php53, but this will need addressing in the spec file to require php-common or php53-common
Comment 1 David Busby 2012-01-05 13:25:05 UTC 
may be worth in this case building php53-suhosin as this helps to mitigate CVE-2011-4885 default setting

suhosin.post_max_vars = 1000 negates the issue entirely.

Which in my opinion is preferable to the upstream fix which mimicks this functionality as it can not be ovveridden via an ini_set in code, nor php_value in .htaccess,
Comment 2 David Busby 2012-01-05 13:42:03 UTC 
Created attachment 550904 [details]
Proposed spec file (currently testing).
Comment 3 David Busby 2012-01-05 13:52:45 UTC 
Created attachment 550905 [details]
Fixed proposed spec file.

Fixed typos in this spec file, build works fine when runthrough mock, initial install works just fine on RHEL 5.7 x64

However still kludge api_ver in requires, as despit chaning to php53 in spec file, keeps picking out php52 api ver and failing installation.


Requires:       php(api) = 20090626
Comment 4 Fedora End Of Life 2017-04-06 10:04:27 UTC 
Fedora EPEL 5 changed to end-of-life (EOL) status on 2017-03-31. Fedora EPEL 5
is no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of Fedora
or Fedora EPEL, please feel free to reopen this bug against that version. If
you are unable to reopen this bug, please file a new report against the current
release. If you experience problems, please add a comment to this bug.

Thank you for reporting this bug and we are sorry it could not be fixed.
Note You need to log in before you can comment on or make changes to this bug.