Ubuntu
php5 package

php5-cli should include readline/libedit

Bug #124846 reported by David Phillips
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libedit (Debian)
Fix Released
Unknown
php5 (Ubuntu)
Fix Released
Wishlist
Daniel Hahler

Bug Description

It would be very useful for php5-cli to include the readline module.

See original description

Related branches

lp:ubuntu/karmic/php5

CVE References

Revision history for this message
In , Wim Heirman (wim-heirman-elis) wrote : php4-cli: Problem caused by using libedit!

Package: php4-cli
Version: 4:4.3.10-2
Followup-For: Bug #286356

The problem seems to be the using_history() function of libedit, a readline replacement. I've posted a bug report for them
(http://sourceforge.net/tracker/?atid=118314&group_id=18314&func=browse).
Readline does not have this problem, so if php4 would just be configured with --with-readline instead of --with-libedit, our problem would be solved. (Why is
the non-GNU libedit used anyway?)

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.26
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages php4-cli depends on:
ii libbz2-1.0 1.0.2-2 high-quality block-sorting file co
ii libc6 2.3.2.ds1-19 GNU C Library: Shared libraries an
ii libdb4.2 4.2.52-17 Berkeley v4.2 Database Libraries [
ii libedit2 2.9.cvs.20040827-1 BSD editline and history libraries
ii libexpat1 1.95.8-1 XML parsing C library - runtime li
ii libmagic1 4.12-1 File type determination library us
ii libncurses5 5.4-4 Shared libraries for terminal hand
ii libpcre3 4.5-1.1 Perl 5 Compatible Regular Expressi
ii libssl0.9.7 0.9.7e-3 SSL shared libraries
ii mime-support 3.28-1 MIME files 'mime.types' & 'mailcap
ii php4-common 4:4.3.10-2 Common files for packages built fr
ii zlib1g 1:1.2.2-4 compression library - runtime

-- no debconf information

Revision history for this message
In , Adam Conrad (adconrad) wrote : RE: Bug#286356: php4-cli: Problem caused by using libedit!

Wim Heirman wrote:
>
> Readline does not have this problem, so if php4 would just be
> configured with --with-readline instead of --with-libedit, our
> problem would be solved. (Why is the non-GNU libedit used anyway?)

Licensing issues. Readline is GPL, and we can't link with GPL libraries
without violating their license.

... Adam

Revision history for this message
In , Adam Conrad (adconrad) wrote : Reassign

reassign 286356 libedit2
thanks

Revision history for this message
In , Pawel Wiecek (coven) wrote : Bug#286356: fixed in libedit 2.9.cvs.20050518-1

Source: libedit
Source-Version: 2.9.cvs.20050518-1

We believe that the bug you reported is fixed in the latest version of
libedit, which is due to be installed in the Debian FTP archive:

libedit-dev_2.9.cvs.20050518-1_i386.deb
  to pool/main/libe/libedit/libedit-dev_2.9.cvs.20050518-1_i386.deb
libedit2_2.9.cvs.20050518-1_i386.deb
  to pool/main/libe/libedit/libedit2_2.9.cvs.20050518-1_i386.deb
libedit_2.9.cvs.20050518-1.diff.gz
  to pool/main/libe/libedit/libedit_2.9.cvs.20050518-1.diff.gz
libedit_2.9.cvs.20050518-1.dsc
  to pool/main/libe/libedit/libedit_2.9.cvs.20050518-1.dsc
libedit_2.9.cvs.20050518.orig.tar.gz
  to pool/main/libe/libedit/libedit_2.9.cvs.20050518.orig.tar.gz

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pawel Wiecek <email address hidden> (supplier of updated libedit package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 18 May 2005 23:36:58 +0200
Source: libedit
Binary: libedit-dev libedit2
Architecture: source i386
Version: 2.9.cvs.20050518-1
Distribution: unstable
Urgency: low
Maintainer: Pawel Wiecek <email address hidden>
Changed-By: Pawel Wiecek <email address hidden>
Description:
 libedit-dev - BSD editline and history libraries (development files)
 libedit2 - BSD editline and history libraries
Closes: 286356
Changes:
 libedit (2.9.cvs.20050518-1) unstable; urgency=low
 .
   * Updated sources from CVS (closes: #286356)
Files:
 8bd3418502c9cdb6d65bf224dc085ff9 676 libs optional libedit_2.9.cvs.20050518-1.dsc
 ec0dff6f1e989b0c9f574c51d90477af 120004 libs optional libedit_2.9.cvs.20050518.orig.tar.gz
 4ef4432ac3df738d4931f7476b29c49e 6881 libs optional libedit_2.9.cvs.20050518-1.diff.gz
 fa78feae42ed29f7e92a3cafa6aba677 53824 libs optional libedit2_2.9.cvs.20050518-1_i386.deb
 3cbc546f851daf20060d2700e6906294 68378 libdevel optional libedit-dev_2.9.cvs.20050518-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCi7XLBOdjEO/Bh3ARAir3AJ0XLBcl5uPi02MZni9Ss3REvMIB7wCfWE0r
mqwO/UjO6zTtYiDfmH2D4UY=
=bx4v
-----END PGP SIGNATURE-----

Revision history for this message
David Phillips (david-acz) wrote : php5-cli should include readline

It would be very useful for php5-cli to include the readline module.

Jim Qode (jimqode)
Changed in php5:
status: New → Confirmed
Revision history for this message
Rick Clark (dendrobates) wrote :

Both libedit and readline were removed from earlier versions to allow php-cli scripts to be run in the background.

Changed in php5:
status: Confirmed → Invalid
Revision history for this message
David Phillips (david-acz) wrote : Re: [Bug 124846] Re: php5-cli should include readline

On 7/9/07, Rick Clark <email address hidden> wrote:
> Both libedit and readline were removed from earlier versions to allow
> php-cli scripts to be run in the background.

Could this problem be solved by having it available as a separate
package? The user can choose not to load the module if it causes a
problem.

Revision history for this message
Daniel Hahler (blueyed) wrote : Re: php5-cli should include readline

I'm reopening this, because it seems that the problem causing this has been fixed (this is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286356).

Adam, what do you think? Can we re-enable it?

Changed in php5:
importance: Undecided → Wishlist
status: Invalid → Confirmed
status: Confirmed → Triaged
Daniel Hahler (blueyed)
Changed in php5:
assignee: nobody → blueyed
status: Triaged → In Progress
Bug Watch Updater (bug-watch-updater)
Changed in libedit:
status: Unknown → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (5.2 KiB)

This bug was fixed in the package php5 - 5.2.4-2ubuntu1

---------------
php5 (5.2.4-2ubuntu1) hardy; urgency=low

  * Merge from Debian unstable (LP: #176011). Remaining Ubuntu changes:
    - debian/control, debian/rules: Disable a few build dependencies and
      accompanying binary packages which we do not want to support in main:
      + firebird2-dev/php5-interbase (we have a separate php-interbase source)
      + libc-client-dev/php5-imap (we have a separate php-imap source)
      + libmcrypt-dev/php5-mcrypt (separate php-mcrypt source)
    - debian/rules: Correctly mangle PHP5_* macros for lpia
    - debian/control: DebianMaintainerField
  * Builds php5-gmp (LP: #176013)
  * Fixes sybase_ct for MS SQL (LP: #21995)
  * New Ubuntu changes:
    - debian/rules: use 32M memory_limit for CLI and 16M for cgi/libapache
      (LP: #148871)
    - debian/control, debian/rules: Configure CLI with --with-libedit for
      readline support again, now that the libedit issue is fixed.
      Extended debian/patches/027-readline_is_editline.patch (LP: #124846)
    - Force build against db4.4 (by ignoring db4.5 if it is installed),
      debian/patches/use-specific-libdb-version.patch (LP: #165247)

php5 (5.2.4-2) unstable; urgency=low

  [ sean finney ]
  * for posterity revised previous changelog to reference the CVE id's
    of security issues resolved by the latest upstream release.
  * lintian: use debian/compat instead of DH_COMPAT in debian/rules.
  * lintian: use source:Version and binary:Version where appropriate,
    instead of Source-Version
  * lintian: remove a couple pieces of cruft in the changelog that were causing
    false-postive wrong-bug-number-in-closes, but were generally useless
    anyway.

  [ Raphael Geissert ]
  * Using test-results.txt as a target
  * cronjob now checks for existance of /usr/lib/php5/maxlifetime (Closes: #439286)
  * Fixed memory limit of 1232M in php.ini for cli (Closes: #440624)
  * Build the interbase extension using firebird2.0-dev (Closes: #433736)
  * Unapply patches with debian/rules clean

  [ Steve Langasek ]
  * Don't patch configure or php_config.h.in in suhosin.patch, as these are
    auto-generated and including them in the patch results in a race
    condition for the necessary build-time regeneration. Thanks to Daniel
    Schepler for reporting, and to Damyan Ivanov for helping to sort out the
    fix. Closes: #443637.
  * Also remove the modified auto-generated files in the clean target,
    which triggers a warning about disappearing files when building the
    source package but avoids carrying irrelevant diffs to these files
    in the Debian diff.
  * Now that the testsuite is being run at build time, test failures cause
    a bunch of junk files to be left around in the Debian diff. So clean up
    several false-positive failures:
    - 052-phpinfo_no_configure.patch: we're patching the output of phpinfo(),
      so patch the test as well
    - fix_broken_upstream_tests.patch: use a local directory for tests that
      use sessions, skip the phpinfo test after all because it doesn't appear
      to be compatible with current testsuite behavior, and disable the
      moneyformat test if...

Read more...

Changed in php5:
status: In Progress → Fix Released
Revision history for this message
In , Raphael Geissert (atomo64) wrote : bug still around in libedit

block 341868 by 286356
unarchive 286356
found 286356 2.9.cvs.20050518-4
thanks

With the readline extension:
$ php -r 'sleep(60);' &
[2] 32068
$

[2]+ Stopped php -r 'sleep(60);'

Without:
$ php -r 'sleep(60);' &
[2] 31465
$
[2]- Done php -r 'sleep(60);'

$ php -v
PHP 5.2.5-3 with Suhosin-Patch 0.9.6.2 (cli) (built: Feb 21 2008 02:03:40)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
    with Suhosin v0.9.23, Copyright (c) 2007, by SektionEins GmbH

The above package version modified to also build the readline extension
(--with-libedit=shared,/usr)

Cheers,
--
Atomo64 - Raphael

Please avoid sending me Word, PowerPoint or Excel attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

Revision history for this message
In , Raphael Geissert (atomo64) wrote : block 341868 with 286356

# Automatically generated email from bts, devscripts version 2.9.6
block 341868 with 286356

Bug Watch Updater (bug-watch-updater)
Changed in libedit:
status: Fix Released → New
Revision history for this message
In , Anibal Monsalve Salazar (anibal) wrote :

On Thu, May 01, 2008 at 02:44:01PM -0500, Raphael Geissert wrote:
># Automatically generated email from bts, devscripts version 2.9.6
>block 341868 with 286356

Please try the new version 2.11~20080614-1

Revision history for this message
In , Raphael Geissert (atomo64) wrote :

forwarded 286356 http://sourceforge.net/tracker/index.php?func=detail&aid=1090284&group_id=18314&atid=118314
thanks

On Monday 16 June 2008, Aníbal Monsalve Salazar wrote:
> On Thu, May 01, 2008 at 02:44:01PM -0500, Raphael Geissert wrote:
> ># Automatically generated email from bts, devscripts version 2.9.6
> >block 341868 with 286356
>
> Please try the new version 2.11~20080614-1

Just tried the latest package:

$ dpkg-query -W --showformat='${Version}\n' libedit2
2.11~20080614-1

$ cli-build/sapi/cli/php -r 'sleep(5);' &
[1] 13582
$

[1]+ Stopped cli-build/sapi/cli/php -r 'sleep(5);'

$ objdump -x cli-build/sapi/cli/php | g NEEDED | g edit
  NEEDED libedit.so.2

Regards,
--
Atomo64 - Raphael

Please avoid sending me Word, PowerPoint or Excel attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

Bug Watch Updater (bug-watch-updater)
Changed in libedit:
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in libedit (Debian):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.