Bug 19615

Built and uploaded for Mageia 5, but was rejected in Cauldron because of build system breakage.

CC: (none) => pterjan

Cauldron update fixed by Pascal.

Advisory to come later.

Updated packages in core/updates_testing:
========================
php-ini-5.6.27-1.mga5
apache-mod_php-5.6.27-1.mga5
php-cli-5.6.27-1.mga5
php-cgi-5.6.27-1.mga5
libphp5_common5-5.6.27-1.mga5
php-devel-5.6.27-1.mga5
php-openssl-5.6.27-1.mga5
php-zlib-5.6.27-1.mga5
php-doc-5.6.27-1.mga5
php-bcmath-5.6.27-1.mga5
php-bz2-5.6.27-1.mga5
php-calendar-5.6.27-1.mga5
php-ctype-5.6.27-1.mga5
php-curl-5.6.27-1.mga5
php-dba-5.6.27-1.mga5
php-dom-5.6.27-1.mga5
php-enchant-5.6.27-1.mga5
php-exif-5.6.27-1.mga5
php-fileinfo-5.6.27-1.mga5
php-filter-5.6.27-1.mga5
php-ftp-5.6.27-1.mga5
php-gd-5.6.27-1.mga5
php-gettext-5.6.27-1.mga5
php-gmp-5.6.27-1.mga5
php-hash-5.6.27-1.mga5
php-iconv-5.6.27-1.mga5
php-imap-5.6.27-1.mga5
php-interbase-5.6.27-1.mga5
php-intl-5.6.27-1.mga5
php-json-5.6.27-1.mga5
php-ldap-5.6.27-1.mga5
php-mbstring-5.6.27-1.mga5
php-mcrypt-5.6.27-1.mga5
php-mssql-5.6.27-1.mga5
php-mysql-5.6.27-1.mga5
php-mysqli-5.6.27-1.mga5
php-mysqlnd-5.6.27-1.mga5
php-odbc-5.6.27-1.mga5
php-opcache-5.6.27-1.mga5
php-pcntl-5.6.27-1.mga5
php-pdo-5.6.27-1.mga5
php-pdo_dblib-5.6.27-1.mga5
php-pdo_firebird-5.6.27-1.mga5
php-pdo_mysql-5.6.27-1.mga5
php-pdo_odbc-5.6.27-1.mga5
php-pdo_pgsql-5.6.27-1.mga5
php-pdo_sqlite-5.6.27-1.mga5
php-pgsql-5.6.27-1.mga5
php-phar-5.6.27-1.mga5
php-posix-5.6.27-1.mga5
php-readline-5.6.27-1.mga5
php-recode-5.6.27-1.mga5
php-session-5.6.27-1.mga5
php-shmop-5.6.27-1.mga5
php-snmp-5.6.27-1.mga5
php-soap-5.6.27-1.mga5
php-sockets-5.6.27-1.mga5
php-sqlite3-5.6.27-1.mga5
php-sybase_ct-5.6.27-1.mga5
php-sysvmsg-5.6.27-1.mga5
php-sysvsem-5.6.27-1.mga5
php-sysvshm-5.6.27-1.mga5
php-tidy-5.6.27-1.mga5
php-tokenizer-5.6.27-1.mga5
php-xml-5.6.27-1.mga5
php-xmlreader-5.6.27-1.mga5
php-xmlrpc-5.6.27-1.mga5
php-xmlwriter-5.6.27-1.mga5
php-xsl-5.6.27-1.mga5
php-wddx-5.6.27-1.mga5
php-zip-5.6.27-1.mga5
php-fpm-5.6.27-1.mga5
phpdbg-5.6.27-1.mga5

from php-5.6.27-1.mga5.src.rpm

CC: pterjan => (none)
Assignee: bugsquad => qa-bugs

In VirtualBox, M5, KDE, 32-bit

Install and setup mariadb
In root terminal: systemctl start mysqld.service
Set password to: testphp
[root@localhost wilcal]# mysqladmin -u root password
type password "testphp" twice

Package(s) under test:
php-ini php-fpm mariadb phpmyadmin

default install of php-ini php-fpm phpmyadmin

[root@localhost wilcal]# urpmi php-ini
Package php-ini-5.6.26-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi php-fpm
Package php-fpm-5.6.26-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi mariadb
Package mariadb-10.0.27-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi phpmyadmin
Package phpmyadmin-4.4.15.8-1.mga5.noarch is already installed

localhost/phpmyadmin opens and creates a database named "test01"
I can close localhost/phpmyadmin then reopen and access db test01

install php-ini & php-fpm from updates_testing

[root@localhost wilcal]# urpmi php-ini
Package php-ini-5.6.27-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi php-fpm
Package php-fpm-5.6.27-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi mariadb
Package mariadb-10.0.27-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi phpmyadmin
Package phpmyadmin-4.4.15.8-1.mga5.noarch is already installed

localhost/phpmyadmin opens and I can access database "test01"
localhost/phpmyadmin opens and creates a database named "test02"
I can close localhost/phpmyadmin then reopen and access db's test01 & test02

CC: (none) => wilcal.int

In VirtualBox, M5, KDE, 64-bit

Install and setup mariadb
In root terminal: systemctl start mysqld.service
Set password to: testphp
[root@localhost wilcal]# mysqladmin -u root password
type password "testphp" twice

Package(s) under test:
php-ini php-fpm mariadb phpmyadmin

default install of php-ini php-fpm phpmyadmin

[root@localhost wilcal]# urpmi php-ini
Package php-ini-5.6.26-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi php-fpm
Package php-fpm-5.6.26-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi mariadb
Package mariadb-10.0.27-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi phpmyadmin
Package phpmyadmin-4.4.15.8-1.mga5.noarch is already installed

localhost/phpmyadmin opens and creates a database named "test01"
I can close localhost/phpmyadmin then reopen and access db test01

install php-ini & php-fpm from updates_testing

root@localhost wilcal]# urpmi php-ini
Package php-ini-5.6.27-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi php-fpm
Package php-fpm-5.6.27-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi mariadb
Package mariadb-10.0.27-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi phpmyadmin
Package phpmyadmin-4.4.15.8-1.mga5.noarch is already installed

localhost/phpmyadmin opens and I can access database "test01"
localhost/phpmyadmin opens and creates a database named "test02"
I can close localhost/phpmyadmin then reopen and access db's test01 & test02

MGA5-64 on Lenovo B50 KDE
No instalation issues.
Installed and made sure httpd and mysqld were running, installed phpmyAdmin, and run thiswith successs : view system tables, add new table ,all OK.

CC: (none) => herman.viaene

Rpmdrake or one of its priority dependencies needs to be updated first. Rpmdrake will then restart.

The following 145 packages are going to be installed:

- apache-2.4.10-16.4.mga5.i586
- apache-mod_php-5.6.27-1.mga5.i586
- autoconf-2.69-6.mga5.noarch
- automake-1.14.1-3.mga5.noarch
- bison-3.0.4-1.mga5.i586
- byacc-20141128-1.mga5.i586
- chrpath-0.16-3.mga5.i586
- dos2unix-6.0.6-3.mga5.i586
- flex-2.5.39-3.mga5.i586
- glibc-devel-2.20-23.mga5.i586
- kernel-userspace-headers-4.4.26-1.mga5.i586
- libapr-util1_0-1.5.4-4.mga5.i586
- libapr1_0-1.5.1-3.mga5.i586
- libaudit-devel-2.4.4-1.mga5.i586
- libc-client0-2007f-6.mga5.i586
- libfbclient2-2.5.3.26778-4.mga5.i586
- libfreetds0-0.91-8.mga5.i586
- libgcrypt-devel-1.5.4-5.3.mga5.i586
- libgpg-error-devel-1.13-3.mga5.i586
- liblzma-devel-5.2.0-1.mga5.i586
- libmbfl1-1.2.0-12.mga5.i586
- libmcrypt-2.5.8-18.mga5.i586
- libmcrypt4-2.5.8-18.mga5.i586
- libonig2-5.9.5-3.mga5.i586
- libopenssl-devel-1.0.2j-1.mga5.i586
- libpam-devel-1.1.8-10.1.mga5.i586
- libpcre-devel-8.38-1.mga5.i586
- libpcre16_0-8.38-1.mga5.i586
- libpcre32_0-8.38-1.mga5.i586
- libphp5_common5-5.6.27-1.mga5.i586
- libpq5-9.4.9-1.mga5.i586
- libstdc++5-3.3.6-11.mga5.i586
- libstdc++5-devel-3.3.6-11.mga5.i586
- libt1lib5-5.1.2-18.mga5.i586
- libtidy0.99_0-20090904-9.mga5.i586
- libtool-2.4.2-13.mga5.i586
- libtool-base-2.4.2-13.mga5.i586
- libxml2-devel-2.9.4-1.1.mga5.i586
- libxmlrpc-epi0-0.54.2-5.1.mga5.i586
- libxslt-devel-1.1.29-1.mga5.i586
- libzip2-0.11.2-4.mga5.i586
- libzlib-devel-1.2.8-7.1.mga5.i586
- m4-1.4.17-4.mga5.i586
- net-snmp-mibs-5.7.2-23.mga5.i586
- perl-URPM-5.06.2-2.mga5.i586
- php-bcmath-5.6.27-1.mga5.i586
- php-bz2-5.6.27-1.mga5.i586
- php-cli-5.6.27-1.mga5.i586
- php-ctype-5.6.27-1.mga5.i586
- php-dba-5.6.27-1.mga5.i586
- php-devel-5.6.27-1.mga5.i586
- php-doc-5.6.27-1.mga5.noarch
- php-dom-5.6.27-1.mga5.i586
- php-enchant-5.6.27-1.mga5.i586
- php-exif-5.6.27-1.mga5.i586
- php-fileinfo-5.6.27-1.mga5.i586
- php-filter-5.6.27-1.mga5.i586
- php-fpm-5.6.27-1.mga5.i586
- php-ftp-5.6.27-1.mga5.i586
- php-gd-5.6.27-1.mga5.i586
- php-gettext-5.6.27-1.mga5.i586
- php-gmp-5.6.27-1.mga5.i586
- php-hash-5.6.27-1.mga5.i586
- php-iconv-5.6.27-1.mga5.i586
- php-imap-5.6.27-1.mga5.i586
- php-ini-5.6.27-1.mga5.i586
- php-interbase-5.6.27-1.mga5.i586
- php-intl-5.6.27-1.mga5.i586
- php-json-5.6.27-1.mga5.i586
- php-ldap-5.6.27-1.mga5.i586
- php-mbstring-5.6.27-1.mga5.i586
- php-mcrypt-5.6.27-1.mga5.i586
- php-mssql-5.6.27-1.mga5.i586
- php-mysql-5.6.27-1.mga5.i586
- php-mysqli-5.6.27-1.mga5.i586
- php-mysqlnd-5.6.27-1.mga5.i586
- php-odbc-5.6.27-1.mga5.i586
- php-opcache-5.6.27-1.mga5.i586
- php-openssl-5.6.27-1.mga5.i586
- php-pcntl-5.6.27-1.mga5.i586
- php-pdo-5.6.27-1.mga5.i586
- php-pdo_dblib-5.6.27-1.mga5.i586
- php-pdo_firebird-5.6.27-1.mga5.i586
- php-pdo_mysql-5.6.27-1.mga5.i586
- php-pdo_odbc-5.6.27-1.mga5.i586
- php-pdo_pgsql-5.6.27-1.mga5.i586
- php-pdo_sqlite-5.6.27-1.mga5.i586
- php-pear-1.9.5-8.mga5.noarch
- php-pear-Auth-1.6.4-5.mga5.noarch
- php-pear-Auth_RADIUS-1.0.7-7.mga5.noarch
- php-pear-Auth_SASL-1.0.6-5.mga5.noarch
- php-pear-Console_ProgressBar-0.5.2beta-8.mga5.noarch
- php-pear-Crypt_CHAP-1.5.0-5.mga5.noarch
- php-pear-DB-1.8.2-1.mga5.noarch
- php-pear-File_Passwd-1.1.7-8.mga5.noarch
- php-pear-File_SMBPasswd-1.0.3-8.mga5.noarch
- php-pear-HTTP_Client-1.2.1-9.mga5.noarch
- php-pear-HTTP_Request-1.4.4-9.mga5.noarch
- php-pear-Log-1.12.8-3.mga5.noarch
- php-pear-Mail-1.2.0-5.mga5.noarch
- php-pear-Mail_mimeDecode-1.5.5-6.mga5.noarch
- php-pear-MDB2-2.5.0-0.0.b9.mga5.noarch
- php-pear-MDB2_Driver_mysql-1.5.0-0.0.b8.mga5.noarch
- php-pear-MDB2_Driver_mysqli-1.5.0-0.0.b8.mga5.noarch
- php-pear-MDB2_Driver_pgsql-1.5.0-0.0.b8.mga5.noarch
- php-pear-Net_DIME-1.0.2-5.mga5.noarch
- php-pear-Net_POP3-1.3.8-5.mga5.noarch
- php-pear-Net_Server-1.0.3-5.mga5.noarch
- php-pear-Net_SMTP-1.6.2-4.mga5.noarch
- php-pear-Net_Socket-1.0.14-4.mga5.noarch
- php-pear-Net_URL-1.0.15-9.mga5.noarch
- php-pear-Net_Vpopmaild-0.3.2-7.mga5.noarch
- php-pear-PHP_Fork-0.3.2-8.mga5.noarch
- php-pear-SOAP-0.13.0-7.mga5.noarch
- php-pgsql-5.6.27-1.mga5.i586
- php-phar-5.6.27-1.mga5.i586
- php-posix-5.6.27-1.mga5.i586
- php-radius-1.2.7-8.mga5.i586
- php-readline-5.6.27-1.mga5.i586
- php-recode-5.6.27-1.mga5.i586
- php-session-5.6.27-1.mga5.i586
- php-shmop-5.6.27-1.mga5.i586
- php-snmp-5.6.27-1.mga5.i586
- php-soap-5.6.27-1.mga5.i586
- php-sockets-5.6.27-1.mga5.i586
- php-sqlite3-5.6.27-1.mga5.i586
- php-suhosin-0.9.37.1-1.mga5.i586
- php-sybase_ct-5.6.27-1.mga5.i586
- php-sysvmsg-5.6.27-1.mga5.i586
- php-sysvsem-5.6.27-1.mga5.i586
- php-sysvshm-5.6.27-1.mga5.i586
- php-tidy-5.6.27-1.mga5.i586
- php-timezonedb-2016.6-1.mga5.i586
- php-tokenizer-5.6.27-1.mga5.i586
- php-xml-5.6.27-1.mga5.i586
- php-xmlreader-5.6.27-1.mga5.i586
- php-xmlrpc-5.6.27-1.mga5.i586
- php-xmlwriter-5.6.27-1.mga5.i586
- php-xsl-5.6.27-1.mga5.i586
- php-zip-5.6.27-1.mga5.i586
- php-zlib-5.6.27-1.mga5.i586
- phpdbg-5.6.27-1.mga5.i586
- re2c-0.13.6-3.mga5.i586
- t1lib-config-5.1.2-18.mga5.i586
- webserver-base-2.0-8.mga5.i586

169MB of additional disk space will be used.

34MB of packages will be retrieved.

------------------------------------

$ php --version
PHP 5.6.27 (cli) (built: Oct 18 2016 18:59:42) 
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies


I ran some of my usual scripts it appears to be running as designed.

Keywords: (none) => validated_update
Whiteboard: MGA5-64-OK => MGA5-64-OK mga5-32-ok
CC: (none) => brtians1, sysadmin-bugs

Hi,

please provide an advisory.

CC: (none) => mageia

Removing validated_update till the cve requests have been assigned ids.

Keywords: validated_update => (none)
CC: (none) => davidwhodgins

(In reply to Dave Hodgins from comment #8)
> Removing validated_update till the cve requests have been assigned ids.
Why? Cannot it sit in the 'validated update' list awaiting its CVEs & advisory there? This reduces the main to-test updates list.

"Below is a list of validated updates waiting to be pushed to the updates media. Those without a star* need an advisory to be uploaded, first" seems unambiguous.

CC: (none) => lewyssmith

Not waiting any more, taking too long.

Advisory:
========================

Updated php packages fix security vulnerabilities:

The php package has been updated to version 5.6.27, which fixes several
security issues and other bugs.  See the upstream ChangeLog for more details.

References:
http://www.php.net/ChangeLog-5.php#5.6.27

Keywords: (none) => validated_update
URL: (none) => http://lwn.net/Vulnerabilities/704466/

(In reply to David Walser from comment #10)
> Not waiting any more, taking too long.
Thanks David, both for the action & the advisory.
Advisory uploaded.

Whiteboard: MGA5-64-OK mga5-32-ok => MGA5-64-OK mga5-32-ok advisory

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0355.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

(In reply to David Walser from comment #0)
> CVE request for one of the issues:
> http://openwall.com/lists/oss-security/2016/10/18/1

CVE-2016-9137 finally assigned:
http://openwall.com/lists/oss-security/2016/11/01/7