Bug 30056

Summary: PHP: update to version 8.0.16
Product: Mageia Reporter: Marc Krämer <mageia>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, davidwhodgins, fri, herman.viaene, mageia, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: php CVE: CVE-2021-21708
Status comment:

Description Marc Krämer 2022-02-16 21:55:19 CET 
new release
Comment 1 sturmvogel 2022-02-16 23:15:55 CET 
Where do you have this information from? According the manufacturer we are up to date with our old stable version 9.0.15
https://www.php.net/
https://www.php.net/downloads

Status: NEW => UNCONFIRMED
Ever confirmed: 1 => 0

Comment 2 sturmvogel 2022-02-16 23:17:11 CET 
(In reply to sturmvogel from comment #1)
>old stable version 9.0.15
old stable version 8.0.15
Comment 3 Marc Krämer 2022-02-16 23:17:26 CET 
it is released tomorrow, but already on the mirrors and already built on updates_testing :)
sturmvogel 2022-02-16 23:18:20 CET

Status: UNCONFIRMED => NEW
Ever confirmed: 0 => 1

Comment 4 Morgan Leijström 2022-02-18 23:53:55 CET 
So list of rpms to test, and assign to QA if ready for testing?

CC: (none) => fri

Comment 5 Marc Krämer 2022-02-19 11:15:22 CET 
Updated php packages fix several bugs.

References:
https://www.php.net/ChangeLog-8.php#8.0.16
========================

Updated packages in core/updates_testing:
========================
php-dom-debuginfo-8.0.16-1.mga8
php-debuginfo-8.0.16-1.mga8
php-phar-debuginfo-8.0.16-1.mga8
php-mbstring-8.0.16-1.mga8
php-mysqlnd-debuginfo-8.0.16-1.mga8
php-mbstring-debuginfo-8.0.16-1.mga8
php-openssl-debuginfo-8.0.16-1.mga8
php-pgsql-debuginfo-8.0.16-1.mga8
php-opcache-8.0.16-1.mga8
php-intl-8.0.16-1.mga8
php-mysqli-debuginfo-8.0.16-1.mga8
php-fileinfo-debuginfo-8.0.16-1.mga8
php-curl-debuginfo-8.0.16-1.mga8
php-sockets-debuginfo-8.0.16-1.mga8
php-intl-debuginfo-8.0.16-1.mga8
php-soap-debuginfo-8.0.16-1.mga8
php-ini-8.0.16-1.mga8
php-session-debuginfo-8.0.16-1.mga8
php-pdo-debuginfo-8.0.16-1.mga8
php-soap-8.0.16-1.mga8
php-gd-debuginfo-8.0.16-1.mga8
php-imap-debuginfo-8.0.16-1.mga8
php-phar-8.0.16-1.mga8
php-ldap-debuginfo-8.0.16-1.mga8
php-gmp-debuginfo-8.0.16-1.mga8
php-zip-debuginfo-8.0.16-1.mga8
php-mysqlnd-8.0.16-1.mga8
php-exif-debuginfo-8.0.16-1.mga8
php-snmp-debuginfo-8.0.16-1.mga8
php-ftp-debuginfo-8.0.16-1.mga8
php-dom-8.0.16-1.mga8
php-dba-debuginfo-8.0.16-1.mga8
php-openssl-8.0.16-1.mga8
php-doc-8.0.16-1.mga8
php-tidy-debuginfo-8.0.16-1.mga8
php-sodium-debuginfo-8.0.16-1.mga8
php-filter-debuginfo-8.0.16-1.mga8
php-bcmath-debuginfo-8.0.16-1.mga8
php-sqlite3-debuginfo-8.0.16-1.mga8
php-iconv-debuginfo-8.0.16-1.mga8
php-pgsql-8.0.16-1.mga8
php-mysqli-8.0.16-1.mga8
php-odbc-debuginfo-8.0.16-1.mga8
php-pdo_pgsql-debuginfo-8.0.16-1.mga8
php-posix-debuginfo-8.0.16-1.mga8
php-zlib-debuginfo-8.0.16-1.mga8
php-pdo-8.0.16-1.mga8
php-session-8.0.16-1.mga8
php-pdo_mysql-debuginfo-8.0.16-1.mga8
php-sockets-8.0.16-1.mga8
php-imap-8.0.16-1.mga8
php-tokenizer-debuginfo-8.0.16-1.mga8
php-xsl-debuginfo-8.0.16-1.mga8
php-pdo_firebird-debuginfo-8.0.16-1.mga8
php-curl-8.0.16-1.mga8
php-pdo_sqlite-debuginfo-8.0.16-1.mga8
php-xmlwriter-debuginfo-8.0.16-1.mga8
php-gd-8.0.16-1.mga8
php-pcntl-debuginfo-8.0.16-1.mga8
php-ldap-8.0.16-1.mga8
php-calendar-debuginfo-8.0.16-1.mga8
php-sodium-8.0.16-1.mga8
php-exif-8.0.16-1.mga8
php-readline-debuginfo-8.0.16-1.mga8
php-pdo_dblib-debuginfo-8.0.16-1.mga8
php-xmlreader-debuginfo-8.0.16-1.mga8
php-zip-8.0.16-1.mga8
php-gmp-8.0.16-1.mga8
php-sqlite3-8.0.16-1.mga8
php-dba-8.0.16-1.mga8
php-snmp-8.0.16-1.mga8
php-bz2-debuginfo-8.0.16-1.mga8
php-ftp-8.0.16-1.mga8
php-odbc-8.0.16-1.mga8
php-tidy-8.0.16-1.mga8
php-enchant-debuginfo-8.0.16-1.mga8
php-pdo_odbc-debuginfo-8.0.16-1.mga8
php-zlib-8.0.16-1.mga8
php-filter-8.0.16-1.mga8
php-pdo_pgsql-8.0.16-1.mga8
php-bcmath-8.0.16-1.mga8
php-ctype-debuginfo-8.0.16-1.mga8
php-iconv-8.0.16-1.mga8
php-xmlwriter-8.0.16-1.mga8
php-gettext-debuginfo-8.0.16-1.mga8
php-pcntl-8.0.16-1.mga8
php-sysvmsg-debuginfo-8.0.16-1.mga8
php-posix-8.0.16-1.mga8
php-pdo_sqlite-8.0.16-1.mga8
php-calendar-8.0.16-1.mga8
php-xmlreader-8.0.16-1.mga8
php-xsl-8.0.16-1.mga8
php-pdo_firebird-8.0.16-1.mga8
php-cli-8.0.16-1.mga8
php-readline-8.0.16-1.mga8
php-pdo_dblib-8.0.16-1.mga8
php-pdo_mysql-8.0.16-1.mga8
php-sysvshm-debuginfo-8.0.16-1.mga8
php-fpm-8.0.16-1.mga8
php-bz2-8.0.16-1.mga8
php-tokenizer-8.0.16-1.mga8
php-shmop-debuginfo-8.0.16-1.mga8
php-pdo_odbc-8.0.16-1.mga8
php-sysvsem-debuginfo-8.0.16-1.mga8
php-enchant-8.0.16-1.mga8
php-sysvshm-8.0.16-1.mga8
php-sysvmsg-8.0.16-1.mga8
php-shmop-8.0.16-1.mga8
php-sysvsem-8.0.16-1.mga8
php-fpm-apache-8.0.16-1.mga8
php-gettext-8.0.16-1.mga8
php-fpm-nginx-8.0.16-1.mga8
php-ctype-8.0.16-1.mga8
php-cgi-8.0.16-1.mga8
php-opcache-debuginfo-8.0.16-1.mga8
phpdbg-8.0.16-1.mga8
apache-mod_php-8.0.16-1.mga8
php-fileinfo-8.0.16-1.mga8
php-cli-debuginfo-8.0.16-1.mga8
apache-mod_php-debuginfo-8.0.16-1.mga8
php-cgi-debuginfo-8.0.16-1.mga8
php-fpm-debuginfo-8.0.16-1.mga8
phpdbg-debuginfo-8.0.16-1.mga8
php-debugsource-8.0.16-1.mga8
php-devel-8.0.16-1.mga8

SRPM:
php-8.0.16-1.mga8.src.rpm

Assignee: mageia => qa-bugs

Comment 6 PC LX 2022-02-19 21:37:06 CET 
Installed and tested without issues.

Using php-fpm instead of the default mod_php and systemd socket activation.

Tested with roundcubemail, phpmyadmin, wordpress, and other large custom scripts.
Tested HTTP 1.1, HTTP 2, TLS and CLI.
Tested xdebug from netbeans.



System: Mageia 8, x86_64, Intel CPU.



$ uname -a
Linux marte 5.15.23-desktop-1.mga8 #1 SMP Fri Feb 11 09:56:46 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep php.*8\\.0 | sort
apache-mod_php-8.0.16-1.mga8
php-bz2-8.0.16-1.mga8
php-cli-8.0.16-1.mga8
php-ctype-8.0.16-1.mga8
php-curl-8.0.16-1.mga8
php-dom-8.0.16-1.mga8
php-exif-8.0.16-1.mga8
php-fileinfo-8.0.16-1.mga8
php-filter-8.0.16-1.mga8
php-fpm-8.0.16-1.mga8
php-ftp-8.0.16-1.mga8
php-gd-8.0.16-1.mga8
php-gettext-8.0.16-1.mga8
php-iconv-8.0.16-1.mga8
php-imap-8.0.16-1.mga8
php-ini-8.0.16-1.mga8
php-intl-8.0.16-1.mga8
php-ldap-8.0.16-1.mga8
php-mbstring-8.0.16-1.mga8
php-mysqli-8.0.16-1.mga8
php-mysqlnd-8.0.16-1.mga8
php-openssl-8.0.16-1.mga8
php-pdo-8.0.16-1.mga8
php-pdo_mysql-8.0.16-1.mga8
php-pdo_sqlite-8.0.16-1.mga8
php-posix-8.0.16-1.mga8
php-session-8.0.16-1.mga8
php-sockets-8.0.16-1.mga8
php-sysvsem-8.0.16-1.mga8
php-sysvshm-8.0.16-1.mga8
php-tokenizer-8.0.16-1.mga8
php-xmlreader-8.0.16-1.mga8
php-xmlwriter-8.0.16-1.mga8
php-zip-8.0.16-1.mga8
php-zlib-8.0.16-1.mga8
$ systemctl status httpd.socket php-fpm.socket httpd.service php-fpm.service
● httpd.socket - httpd server activation socket
     Loaded: loaded (/usr/local/lib/systemd/system/httpd.socket; enabled; vendor preset: disabled)
     Active: active (running) since Sat 2022-02-19 09:20:17 WET; 5h 57min ago
   Triggers: ● httpd.service
     Listen: [::]:80 (Stream)
             [::]:443 (Stream)
      Tasks: 0 (limit: 4690)
     Memory: 8.0K
        CPU: 1ms
     CGroup: /system.slice/httpd.socket

fev 19 09:20:17 marte systemd[1]: Listening on httpd server activation socket.

● php-fpm.socket - php-fpm Server Socket
     Loaded: loaded (/usr/local/lib/systemd/system/php-fpm.socket; enabled; vendor preset: disabled)
     Active: inactive (dead) since Sat 2022-02-19 14:54:33 WET; 23min ago
   Triggers: ● php-fpm.service
     Listen: /var/lib/php-fpm/php-fpm.sock (Stream)

fev 19 09:20:18 marte systemd[1]: Listening on php-fpm Server Socket.
fev 19 14:54:33 marte systemd[1]: php-fpm.socket: Succeeded.
fev 19 14:54:33 marte systemd[1]: Closed php-fpm Server Socket.

● httpd.service - The Apache HTTP Server
     Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
     Active: active (running) since Sat 2022-02-19 10:54:56 WET; 4h 22min ago
TriggeredBy: ● httpd.socket
   Main PID: 8788 (httpd)
     Status: "Total requests: 719; Idle/Busy workers 100/0;Requests/sec: 0.0456; Bytes served/sec: 322 B/sec"
      Tasks: 54 (limit: 4690)
     Memory: 17.9M
        CPU: 1.960s
     CGroup: /system.slice/httpd.service
             ├─8788 /usr/sbin/httpd -DFOREGROUND
             ├─8790 /usr/sbin/httpd -DFOREGROUND
             └─8792 /usr/sbin/httpd -DFOREGROUND

fev 19 10:54:56 marte systemd[1]: Starting The Apache HTTP Server...
fev 19 10:54:56 marte systemd[1]: Started The Apache HTTP Server.

● php-fpm.service - The PHP FastCGI Process Manager
     Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor preset: disabled)
     Active: active (running) since Sat 2022-02-19 14:54:34 WET; 23min ago
TriggeredBy: ● php-fpm.socket
   Main PID: 22357 (php-fpm)
     Status: "Processes active: 0, idle: 2, Requests: 51, slow: 0, Traffic: 0req/sec"
      Tasks: 3 (limit: 4690)
     Memory: 87.1M
        CPU: 6.995s
     CGroup: /system.slice/php-fpm.service
             ├─22357 php-fpm: master process (/etc/php-fpm.conf)
             ├─22624 php-fpm: pool www
             └─23219 php-fpm: pool www

CC: (none) => mageia

Comment 7 Herman Viaene 2022-02-21 11:06:18 CET 
MGA8-64 Plasma on Lenovo B50 in Dutch
No installation issues after I first removed all 8.1.0 stuff from previously failed tests;
Ref bug 29775 for testing.
# systemctl start httpd
[root@mach5 ~]#  systemctl -l status httpd
● httpd.service - The Apache HTTP Server
     Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
     Active: active (running) since Mon 2022-02-21 10:57:17 CET; 6s ago
   Main PID: 11103 (/usr/sbin/httpd)
     Status: "Processing requests..."
      Tasks: 11 (limit: 9397)
     Memory: 36.2M
        CPU: 193ms
     CGroup: /system.slice/httpd.service
             ├─11103 /usr/sbin/httpd -DFOREGROUND
             ├─11106 /usr/sbin/httpd -DFOREGROUND
             ├─11108 /usr/sbin/httpd -DFOREGROUND
             ├─11110 /usr/sbin/httpd -DFOREGROUND
             ├─11112 /usr/sbin/httpd -DFOREGROUND
             └─11114 /usr/sbin/httpd -DFOREGROUND

feb 21 10:57:16 mach5.hviaene.thuis systemd[1]: Starting The Apache HTTP Server...
feb 21 10:57:17 mach5.hviaene.thuis systemd[1]: Started The Apache HTTP Server.

$ cd Documenten
$ php -S localhost:8000 -t php
[Mon Feb 21 10:58:08 2022] PHP 8.0.16 Development Server (http://localhost:8000) started

Then pointe browser at localhost:8000/create-png.php and localhost:8000/sample.ph
getting feedbac kon the CLI
[Mon Feb 21 10:58:41 2022] [::1]:41526 Accepted
[Mon Feb 21 10:58:41 2022] [::1]:41526 [200]: GET /create-png.php
[Mon Feb 21 10:58:41 2022] [::1]:41526 Closing
[Mon Feb 21 10:59:09 2022] [::1]:41528 Accepted
[Mon Feb 21 10:59:09 2022] [::1]:41528 [200]: GET /sample.php
[Mon Feb 21 10:59:09 2022] [::1]:41528 Closing
and on the browser displaying expected square and message.

Is OK for me.

CC: (none) => herman.viaene

Comment 8 PC LX 2022-02-25 18:36:11 CET 
This update has been working without issue for several days so I'm giving it an OK. Please unOK if appropriate.

Whiteboard: (none) => MGA8-64-OK

Comment 9 Thomas Andrews 2022-02-27 16:54:05 CET 
Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Marc Krämer 2022-02-28 15:10:41 CET

CVE: (none) => CVE-2021-21708
Component: RPM Packages => Security
QA Contact: (none) => security

Dave Hodgins 2022-02-28 21:45:47 CET

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 10 Mageia Robot 2022-03-02 17:54:03 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0083.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED