Details on a security issue in php-fpm have been made public on April 29: http://openwall.com/lists/oss-security/2014/04/29/5 I have confirmed the issue is present in Mageia 3 and Mageia 4 (and therefore Cauldron). Reproducible: Steps to Reproduce:
This has been fixed upstream in the 5.5 branch with 5.5.12: http://www.php.net/ChangeLog-5.php#5.5.12
This has been fixed in the 5.4 branch with 5.4.28: http://www.php.net/ChangeLog-5.php#5.4.28 There's also a 5.6.0 beta 2 available now, so Cauldron can be updated.
Whiteboard: (none) => MGA4TOO, MGA3TOO
Oden has uploaded php-5.6.0-0.0.beta2.1.mga5 for Cauldron. Oden has also built php-5.4.28-1.mga3 and php-5.5.12-1.mga4 in updates_testing. Waiting for any other needed package rebuilds before assigning to QA. Fedora has issued an advisory for this on May 3: https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132546.html
URL: (none) => http://lwn.net/Vulnerabilities/597468/Version: Cauldron => 4
There's an interesting note about this issue in RedHat's Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1092815#c6
Whiteboard: MGA4TOO, MGA3TOO => MGA3TOOSeverity: normal => major
It seems one will have to do like in https://bugzilla.redhat.com/show_bug.cgi?id=1095239#c3 which is logical. Or revert the CVE-2014-0185 fix by using "listen.mode = 0666" in the config.
Oden has rebuilt the needed packages. Thanks Oden! Assigning to QA. Advisory: ======================== Updated php packages fix security vulnerability: PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user (CVE-2014-0185). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185 http://openwall.com/lists/oss-security/2014/04/29/5 http://www.php.net/ChangeLog-5.php#5.4.28 http://www.php.net/ChangeLog-5.php#5.5.12 https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132546.html ======================== Updated packages in core/updates_testing: ======================== php-ini-5.4.28-1.mga3 apache-mod_php-5.4.28-1.mga3 php-cli-5.4.28-1.mga3 php-cgi-5.4.28-1.mga3 libphp5_common5-5.4.28-1.mga3 php-devel-5.4.28-1.mga3 php-openssl-5.4.28-1.mga3 php-zlib-5.4.28-1.mga3 php-doc-5.4.28-1.mga3 php-bcmath-5.4.28-1.mga3 php-bz2-5.4.28-1.mga3 php-calendar-5.4.28-1.mga3 php-ctype-5.4.28-1.mga3 php-curl-5.4.28-1.mga3 php-dba-5.4.28-1.mga3 php-dom-5.4.28-1.mga3 php-enchant-5.4.28-1.mga3 php-exif-5.4.28-1.mga3 php-fileinfo-5.4.28-1.mga3 php-filter-5.4.28-1.mga3 php-ftp-5.4.28-1.mga3 php-gd-5.4.28-1.mga3 php-gettext-5.4.28-1.mga3 php-gmp-5.4.28-1.mga3 php-hash-5.4.28-1.mga3 php-iconv-5.4.28-1.mga3 php-imap-5.4.28-1.mga3 php-interbase-5.4.28-1.mga3 php-intl-5.4.28-1.mga3 php-json-5.4.28-1.mga3 php-ldap-5.4.28-1.mga3 php-mbstring-5.4.28-1.mga3 php-mcrypt-5.4.28-1.mga3 php-mssql-5.4.28-1.mga3 php-mysql-5.4.28-1.mga3 php-mysqli-5.4.28-1.mga3 php-mysqlnd-5.4.28-1.mga3 php-odbc-5.4.28-1.mga3 php-pcntl-5.4.28-1.mga3 php-pdo-5.4.28-1.mga3 php-pdo_dblib-5.4.28-1.mga3 php-pdo_firebird-5.4.28-1.mga3 php-pdo_mysql-5.4.28-1.mga3 php-pdo_odbc-5.4.28-1.mga3 php-pdo_pgsql-5.4.28-1.mga3 php-pdo_sqlite-5.4.28-1.mga3 php-pgsql-5.4.28-1.mga3 php-phar-5.4.28-1.mga3 php-posix-5.4.28-1.mga3 php-readline-5.4.28-1.mga3 php-recode-5.4.28-1.mga3 php-session-5.4.28-1.mga3 php-shmop-5.4.28-1.mga3 php-snmp-5.4.28-1.mga3 php-soap-5.4.28-1.mga3 php-sockets-5.4.28-1.mga3 php-sqlite3-5.4.28-1.mga3 php-sybase_ct-5.4.28-1.mga3 php-sysvmsg-5.4.28-1.mga3 php-sysvsem-5.4.28-1.mga3 php-sysvshm-5.4.28-1.mga3 php-tidy-5.4.28-1.mga3 php-tokenizer-5.4.28-1.mga3 php-xml-5.4.28-1.mga3 php-xmlreader-5.4.28-1.mga3 php-xmlrpc-5.4.28-1.mga3 php-xmlwriter-5.4.28-1.mga3 php-xsl-5.4.28-1.mga3 php-wddx-5.4.28-1.mga3 php-zip-5.4.28-1.mga3 php-fpm-5.4.28-1.mga3 php-gd-bundled-5.4.28-1.mga3 php-apc-3.1.14-7.8.mga3 php-apc-admin-3.1.14-7.8.mga3 php-ini-5.5.12-1.mga4 apache-mod_php-5.5.12-1.mga4 php-cli-5.5.12-1.mga4 php-cgi-5.5.12-1.mga4 libphp5_common5-5.5.12-1.mga4 php-devel-5.5.12-1.mga4 php-openssl-5.5.12-1.mga4 php-zlib-5.5.12-1.mga4 php-doc-5.5.12-1.mga4 php-bcmath-5.5.12-1.mga4 php-bz2-5.5.12-1.mga4 php-calendar-5.5.12-1.mga4 php-ctype-5.5.12-1.mga4 php-curl-5.5.12-1.mga4 php-dba-5.5.12-1.mga4 php-dom-5.5.12-1.mga4 php-enchant-5.5.12-1.mga4 php-exif-5.5.12-1.mga4 php-fileinfo-5.5.12-1.mga4 php-filter-5.5.12-1.mga4 php-ftp-5.5.12-1.mga4 php-gd-5.5.12-1.mga4 php-gettext-5.5.12-1.mga4 php-gmp-5.5.12-1.mga4 php-hash-5.5.12-1.mga4 php-iconv-5.5.12-1.mga4 php-imap-5.5.12-1.mga4 php-interbase-5.5.12-1.mga4 php-intl-5.5.12-1.mga4 php-json-5.5.12-1.mga4 php-ldap-5.5.12-1.mga4 php-mbstring-5.5.12-1.mga4 php-mcrypt-5.5.12-1.mga4 php-mssql-5.5.12-1.mga4 php-mysql-5.5.12-1.mga4 php-mysqli-5.5.12-1.mga4 php-mysqlnd-5.5.12-1.mga4 php-odbc-5.5.12-1.mga4 php-opcache-5.5.12-1.mga4 php-pcntl-5.5.12-1.mga4 php-pdo-5.5.12-1.mga4 php-pdo_dblib-5.5.12-1.mga4 php-pdo_firebird-5.5.12-1.mga4 php-pdo_mysql-5.5.12-1.mga4 php-pdo_odbc-5.5.12-1.mga4 php-pdo_pgsql-5.5.12-1.mga4 php-pdo_sqlite-5.5.12-1.mga4 php-pgsql-5.5.12-1.mga4 php-phar-5.5.12-1.mga4 php-posix-5.5.12-1.mga4 php-readline-5.5.12-1.mga4 php-recode-5.5.12-1.mga4 php-session-5.5.12-1.mga4 php-shmop-5.5.12-1.mga4 php-snmp-5.5.12-1.mga4 php-soap-5.5.12-1.mga4 php-sockets-5.5.12-1.mga4 php-sqlite3-5.5.12-1.mga4 php-sybase_ct-5.5.12-1.mga4 php-sysvmsg-5.5.12-1.mga4 php-sysvsem-5.5.12-1.mga4 php-sysvshm-5.5.12-1.mga4 php-tidy-5.5.12-1.mga4 php-tokenizer-5.5.12-1.mga4 php-xml-5.5.12-1.mga4 php-xmlreader-5.5.12-1.mga4 php-xmlrpc-5.5.12-1.mga4 php-xmlwriter-5.5.12-1.mga4 php-xsl-5.5.12-1.mga4 php-wddx-5.5.12-1.mga4 php-zip-5.5.12-1.mga4 php-fpm-5.5.12-1.mga4 php-apc-3.1.15-4.3.mga4 php-apc-admin-3.1.15-4.3.mga4 from SRPMS: php-5.4.28-1.mga3.src.rpm php-gd-bundled-5.4.28-1.mga3.src.rpm php-apc-3.1.14-7.8.mga3.src.rpm php-5.5.12-1.mga4.src.rpm php-apc-3.1.15-4.3.mga4.src.rpm
CC: (none) => oeAssignee: oe => qa-bugs
To help select pkgs to install or update for this Update, here they are sorted. MGA3 apache-mod_php-5.4.28-1.mga3 libphp5_common5-5.4.28-1.mga3 php-apc-3.1.14-7.8.mga3 php-apc-admin-3.1.14-7.8.mga3 php-bcmath-5.4.28-1.mga3 php-bz2-5.4.28-1.mga3 php-calendar-5.4.28-1.mga3 php-cgi-5.4.28-1.mga3 php-cli-5.4.28-1.mga3 php-ctype-5.4.28-1.mga3 php-curl-5.4.28-1.mga3 php-dba-5.4.28-1.mga3 php-devel-5.4.28-1.mga3 php-doc-5.4.28-1.mga3 php-dom-5.4.28-1.mga3 php-enchant-5.4.28-1.mga3 php-exif-5.4.28-1.mga3 php-fileinfo-5.4.28-1.mga3 php-filter-5.4.28-1.mga3 php-fpm-5.4.28-1.mga3 php-ftp-5.4.28-1.mga3 php-gd-5.4.28-1.mga3 php-gd-bundled-5.4.28-1.mga3 php-gettext-5.4.28-1.mga3 php-gmp-5.4.28-1.mga3 php-hash-5.4.28-1.mga3 php-iconv-5.4.28-1.mga3 php-imap-5.4.28-1.mga3 php-ini-5.4.28-1.mga3 php-interbase-5.4.28-1.mga3 php-intl-5.4.28-1.mga3 php-json-5.4.28-1.mga3 php-ldap-5.4.28-1.mga3 php-mbstring-5.4.28-1.mga3 php-mcrypt-5.4.28-1.mga3 php-mssql-5.4.28-1.mga3 php-mysql-5.4.28-1.mga3 php-mysqli-5.4.28-1.mga3 php-mysqlnd-5.4.28-1.mga3 php-odbc-5.4.28-1.mga3 php-openssl-5.4.28-1.mga3 php-pcntl-5.4.28-1.mga3 php-pdo-5.4.28-1.mga3 php-pdo_dblib-5.4.28-1.mga3 php-pdo_firebird-5.4.28-1.mga3 php-pdo_mysql-5.4.28-1.mga3 php-pdo_odbc-5.4.28-1.mga3 php-pdo_pgsql-5.4.28-1.mga3 php-pdo_sqlite-5.4.28-1.mga3 php-pgsql-5.4.28-1.mga3 php-posix-5.4.28-1.mga3 php-phar-5.4.28-1.mga3 php-readline-5.4.28-1.mga3 php-recode-5.4.28-1.mga3 php-session-5.4.28-1.mga3 php-shmop-5.4.28-1.mga3 php-snmp-5.4.28-1.mga3 php-soap-5.4.28-1.mga3 php-sockets-5.4.28-1.mga3 php-sqlite3-5.4.28-1.mga3 php-sybase_ct-5.4.28-1.mga3 php-sysvmsg-5.4.28-1.mga3 php-sysvsem-5.4.28-1.mga3 php-sysvshm-5.4.28-1.mga3 php-tidy-5.4.28-1.mga3 php-tokenizer-5.4.28-1.mga3 php-wddx-5.4.28-1.mga3 php-xml-5.4.28-1.mga3 php-xmlreader-5.4.28-1.mga3 php-xmlrpc-5.4.28-1.mga3 php-xmlwriter-5.4.28-1.mga3 php-xsl-5.4.28-1.mga3 php-zip-5.4.28-1.mga3 php-zlib-5.4.28-1.mga3 MGA4 apache-mod_php-5.5.12-1.mga4 libphp5_common5-5.5.12-1.mga4 php-apc-3.1.15-4.3.mga4 php-apc-admin-3.1.15-4.3.mga4 php-bcmath-5.5.12-1.mga4 php-bz2-5.5.12-1.mga4 php-calendar-5.5.12-1.mga4 php-cgi-5.5.12-1.mga4 php-cli-5.5.12-1.mga4 php-ctype-5.5.12-1.mga4 php-curl-5.5.12-1.mga4 php-dba-5.5.12-1.mga4 php-devel-5.5.12-1.mga4 php-doc-5.5.12-1.mga4 php-dom-5.5.12-1.mga4 php-enchant-5.5.12-1.mga4 php-exif-5.5.12-1.mga4 php-fileinfo-5.5.12-1.mga4 php-filter-5.5.12-1.mga4 php-fpm-5.5.12-1.mga4 php-ftp-5.5.12-1.mga4 php-gd-5.5.12-1.mga4 php-gettext-5.5.12-1.mga4 php-gmp-5.5.12-1.mga4 php-hash-5.5.12-1.mga4 php-iconv-5.5.12-1.mga4 php-imap-5.5.12-1.mga4 php-ini-5.5.12-1.mga4 php-interbase-5.5.12-1.mga4 php-intl-5.5.12-1.mga4 php-json-5.5.12-1.mga4 php-ldap-5.5.12-1.mga4 php-mbstring-5.5.12-1.mga4 php-mcrypt-5.5.12-1.mga4 php-mssql-5.5.12-1.mga4 php-mysql-5.5.12-1.mga4 php-mysqli-5.5.12-1.mga4 php-mysqlnd-5.5.12-1.mga4 php-odbc-5.5.12-1.mga4 php-opcache-5.5.12-1.mga4 php-openssl-5.5.12-1.mga4 php-pcntl-5.5.12-1.mga4 php-pdo-5.5.12-1.mga4 php-pdo_dblib-5.5.12-1.mga4 php-pdo_firebird-5.5.12-1.mga4 php-pdo_mysql-5.5.12-1.mga4 php-pdo_odbc-5.5.12-1.mga4 php-pdo_pgsql-5.5.12-1.mga4 php-pdo_sqlite-5.5.12-1.mga4 php-pgsql-5.5.12-1.mga4 php-posix-5.5.12-1.mga4 php-phar-5.5.12-1.mga4 php-readline-5.5.12-1.mga4 php-recode-5.5.12-1.mga4 php-session-5.5.12-1.mga4 php-shmop-5.5.12-1.mga4 php-snmp-5.5.12-1.mga4 php-soap-5.5.12-1.mga4 php-sockets-5.5.12-1.mga4 php-sqlite3-5.5.12-1.mga4 php-sybase_ct-5.5.12-1.mga4 php-sysvmsg-5.5.12-1.mga4 php-sysvsem-5.5.12-1.mga4 php-sysvshm-5.5.12-1.mga4 php-tidy-5.5.12-1.mga4 php-tokenizer-5.5.12-1.mga4 php-wddx-5.5.12-1.mga4 php-xml-5.5.12-1.mga4 php-xmlreader-5.5.12-1.mga4 php-xmlrpc-5.5.12-1.mga4 php-xmlwriter-5.5.12-1.mga4 php-xsl-5.5.12-1.mga4 php-zip-5.5.12-1.mga4 php-zlib-5.5.12-1.mga4
CC: (none) => lewyssmith
As the update involves php-fpm see here for testing it specifically https://bugs.mageia.org/show_bug.cgi?id=4390#c6 General testing of php can be done using php webapps such as phpmyadmin, wordpress, drupal, owncloud etc.
Whiteboard: MGA3TOO => MGA3TOO has_procedure
In VirtualBox, M3, KDE, 32-bit Package(s) under test: php-ini phpmyadmin glpi owncloud php-fpm drupal default install of php-ini [root@localhost wilcal]# urpmi php-ini Package php-ini-5.4.27-1.mga3.i586 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.1.8-1.mga3.noarch is already installed [root@localhost wilcal]# urpmi glpi Package glpi-0.83.91-1.1.mga3.noarch is already installed [root@localhost wilcal]# urpmi owncloud Package owncloud-5.0.16-1.mga3.noarch is already installed [root@localhost wilcal]# urpmi php-fpm Package php-fpm-5.4.28-1.mga3.i586 is already installed [root@localhost wilcal]# urpmi drupal Package drupal-7.26-1.mga3.noarch is already installed set up phpmyadmin config file su - kwrite /etc/phpmyadmin/config.inc.php line 36 to: $cfg['Servers'][$i]['AllowNoPassword'] = true; User: root PW: (blank) localhost/phpmyadmin opens and works localhost/glpi opens localhost/owncloud opens and runs install php-ini from updates_testing [root@localhost wilcal]# urpmi php-ini Package php-ini-5.4.28-1.mga3.i586 is already installed localhost/phpmyadmin opens and works localhost/glpi opens localhost/owncloud opens and runs localhost/drupal opens [root@localhost wilcal]# ps ax | grep fpm 18352 ? Ss 0:00 php-fpm: master process (/etc/php-fpm.conf) 18353 ? S 0:00 php-fpm: pool www 18354 ? S 0:00 php-fpm: pool www 18355 ? S 0:00 php-fpm: pool www 18356 ? S 0:00 php-fpm: pool www 18357 ? S 0:00 php-fpm: pool www 18358 ? S 0:00 php-fpm: pool www 18359 ? S 0:00 php-fpm: pool www 18360 ? S 0:00 php-fpm: pool www 18363 ? S 0:00 php-fpm: pool www 18364 ? S 0:00 php-fpm: pool www 18365 ? S 0:00 php-fpm: pool www 18366 ? S 0:00 php-fpm: pool www 18367 ? S 0:00 php-fpm: pool www 18368 ? S 0:00 php-fpm: pool www 18369 ? S 0:00 php-fpm: pool www 18370 ? S 0:00 php-fpm: pool www 18371 ? S 0:00 php-fpm: pool www 18372 ? S 0:00 php-fpm: pool www 18373 ? S 0:00 php-fpm: pool www 18374 ? S 0:00 php-fpm: pool www 18387 pts/2 S+ 0:00 grep --color fpm Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
CC: (none) => wilcal.int
(In reply to William Kenney from comment #9) > In VirtualBox, M3, KDE, 32-bit Just to say I am trying MGA4 64-bit, real hardware.
(In reply to Lewis Smith from comment #10) > Just to say I am trying MGA4 64-bit, real hardware. Thanks Lewis. I've been poke'n at PHP today and at least on M3 32-bit was fairly successful. But, once I got to M3 64-bit and M4 32-bit I was unable to get into phpmyadmin. The tweek to the /etc/phpmyadmin/config.inc.php file was not working and I was unable to get into phpmyadmin. The other apps I was using - glpi owncloud php-fpm drupal, were all working. Are you able to modify the config.inc.php and get in? Thanks.
phpmyadmin is working oob without changing config.inc.php just remember you need a password for root in the mysql / mariadb database in order to log in
CC: (none) => tmb
Ahhh, thank you Thomas for stepping in here. What I'm driving for here is a simple from scratch test for this highly complex application, PHP. Lets assume that your a newbee to testing this and you've never set up a mysql/mariadb database for this test. In fairly simple steps could you describe here how to do this. I think once we document that here then future testing of PHP will be quite easy. How to set it up and where to put it? Thanks
When you have mariadb installed and started, set password for root with: mysqladmin -u root password after that go to http://localhost/phpmyadmin and login as root with the password you created above
(In reply to Thomas Backlund from comment #14) > When you have mariadb installed and started..... [root@localhost wilcal]# urpmi mariadb Package mariadb-5.5.36-1.mga4.i586 is already installed And you start this by????
Mageia Control Center -> System -> Manage System services... or in console as root systemctl start mysqld.service
[wilcal@localhost ~]$ su Password: xxxxxxx [root@localhost wilcal]# systemctl start mysqld.service Mageia Control Center -> System -> Manage System services it's running [root@localhost wilcal]# mysqladmin -u root testphb mysqladmin: Unknown command: 'testphb' [root@localhost wilcal]# mysqladmin mysqladmin Ver 9.0 Distrib 5.5.36-MariaDB, for Linux on i686 Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others....... FWIW I have all day long tomorrow ( Sunday ) to work on this. Thanks for the help.
You need to write _exactly_ this: mysqladmin -u root password then you will get a password dialog
In VirtualBox, M4, KDE, 32-bit Package(s) under test: php-ini php-fpm phpmyadmin mariadb glpi owncloud drupal Setup db In root terminal: systemctl start mysqld.service Set password to: testphp [root@localhost wilcal]# mysqladmin -u root password [root@localhost wilcal]# urpmi php-ini Package php-ini-5.5.11-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi php-fpm Package php-fpm-5.5.11-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.1.8-1.mga4.noarch is already installed [root@localhost wilcal]# urpmi mariadb Package mariadb-5.5.36-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi owncloud Package owncloud-6.0.3-1.mga4.noarch is already installed [root@localhost wilcal]# urpmi drupal Package drupal-7.26-1.mga4.noarch is already installed localhost/phpmyadmin opens and works localhost/glpi opens localhost/owncloud opens and runs localhost/drupal opens and installs [root@localhost wilcal]# ps ax | grep fpm 9105 pts/1 S+ 0:00 grep --color fpm install php-ini & php-fpm from updates_testing [root@localhost wilcal]# urpmi php-ini Package php-ini-5.5.12-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi php-fpm Package php-fpm-5.5.12-1.mga4.i586 is already installed localhost/phpmyadmin opens and works localhost/glpi opens localhost/owncloud opens and runs localhost/drupal opens and runs [root@localhost wilcal]# ps ax | grep fpm 11464 pts/1 S+ 0:00 grep --color fpm Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
In VirtualBox, M4, KDE, 64-bit Package(s) under test: php-ini php-fpm phpmyadmin mariadb glpi owncloud drupal Setup db In root terminal: systemctl start mysqld.service Set password to: testphp [root@localhost wilcal]# mysqladmin -u root password [root@localhost wilcal]# urpmi php-ini Package php-ini-5.5.11-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi php-fpm Package php-fpm-5.5.11-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.1.8-1.mga4.noarch is already installed [root@localhost wilcal]# urpmi mariadb Package mariadb-5.5.36-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi glpi Package glpi-0.84.3-1.mga4.noarch is already installed [root@localhost wilcal]# urpmi owncloud Package owncloud-6.0.3-1.mga4.noarch is already installed [root@localhost wilcal]# urpmi drupal Package drupal-7.26-1.mga4.noarch is already installed localhost/phpmyadmin opens and works localhost/glpi opens localhost/owncloud opens and runs localhost/drupal opens and installs [wilcal@localhost ~]$ ps ax | grep fpm 3118 pts/1 S+ 0:00 grep --color fpm install php-ini & php-fpm from updates_testing [root@localhost wilcal]# urpmi php-ini Package php-ini-5.5.12-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi php-fpm Package php-fpm-5.5.12-1.mga4.x86_64 is already installed localhost/phpmyadmin opens and works localhost/glpi opens localhost/owncloud opens and runs localhost/drupal opens [wilcal@localhost ~]$ ps ax | grep fpm 3751 pts/1 R+ 0:00 grep --color fpm Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
In VirtualBox, M3, KDE, 32-bit Package(s) under test: php-ini php-fpm phpmyadmin mariadb glpi owncloud drupal Setup db In root terminal: systemctl start mysqld.service Set password to: testphp [root@localhost wilcal]# mysqladmin -u root password [root@localhost wilcal]# urpmi php-ini Package php-ini-5.4.27-1.mga3.i586 is already installed [root@localhost wilcal]# urpmi php-fpm Package php-fpm-5.4.27-1.mga3.i586 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.1.8-1.mga3.noarch is already installed [root@localhost wilcal]# urpmi mariadb Package mariadb-5.5.36-1.mga3.i586 is already installed [root@localhost wilcal]# urpmi glpi Package glpi-0.83.91-1.1.mga3.noarch is already installed [root@localhost wilcal]# urpmi owncloud Package owncloud-5.0.16-1.mga3.noarch is already installed [root@localhost wilcal]# urpmi drupal Package drupal-7.26-1.mga3.noarch is already installed localhost/phpmyadmin opens and works localhost/glpi opens localhost/owncloud opens and runs localhost/drupal opens and installs [wilcal@localhost ~]$ ps ax | grep fpm 3717 pts/1 S+ 0:00 grep --color fpm install php-ini & php-fpm from updates_testing [root@localhost wilcal]# urpmi php-ini Package php-ini-5.4.28-1.mga3.i586 is already installed [root@localhost wilcal]# urpmi php-fpm Package php-fpm-5.4.28-1.mga3.i586 is already installed localhost/phpmyadmin opens and works localhost/glpi opens localhost/owncloud opens and runs localhost/drupal opens [wilcal@localhost ~]$ ps ax | grep fpm 4421 pts/1 S+ 0:00 grep --color fpm Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
In VirtualBox, M3, KDE, 64-bit Package(s) under test: php-ini php-fpm phpmyadmin mariadb glpi owncloud drupal Setup db In root terminal: systemctl start mysqld.service Set password to: testphp [root@localhost wilcal]# mysqladmin -u root password [root@localhost wilcal]# urpmi php-ini Package php-ini-5.4.27-1.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi php-fpm Package php-fpm-5.4.27-1.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.1.8-1.mga3.noarch is already installed [root@localhost wilcal]# urpmi mariadb Package mariadb-5.5.36-1.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi glpi Package glpi-0.83.91-1.1.mga3.noarch is already installed [root@localhost wilcal]# urpmi owncloud Package owncloud-5.0.16-1.mga3.noarch is already installed [root@localhost wilcal]# urpmi drupal Package drupal-7.26-1.mga3.noarch is already installed localhost/phpmyadmin opens and works localhost/glpi opens localhost/owncloud opens and runs localhost/drupal opens and installs [wilcal@localhost ~]$ ps ax | grep fpm 3493 pts/1 S+ 0:00 grep --color fpm install php-ini & php-fpm from updates_testing [root@localhost wilcal]# urpmi php-ini Package php-ini-5.4.28-1.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi php-fpm Package php-fpm-5.4.28-1.mga3.x86_64 is already installed [wilcal@localhost ~]$ ps ax | grep fpm 4110 pts/1 S+ 0:00 grep --color fpm localhost/phpmyadmin opens and works localhost/glpi opens localhost/owncloud opens and runs localhost/drupal opens [wilcal@localhost ~]$ ps ax | grep fpm 4421 pts/1 S+ 0:00 grep --color fpm Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
Anything or anyone else have something to test this with? I'm not very good at glpi and drupal but at least they work after the updates. Many thanks to tmb for the coaching.
Testing MGA4 64-bit real hardware. After applying [most of] the updated pkgs, I tried a few relevant PHP based applications: - as referenced from comment 8, & apparently what is expected... # service php-fpm start Redirecting to /bin/systemctl start php-fpm.service # ps ax | grep fpm 11010 ? Ss 0:00 php-fpm: master process (/etc/php-fpm.conf) 11011 ? S 0:00 php-fpm: pool www ... repeated for 11012 - 11029 ... 11030 ? S 0:00 php-fpm: pool www - phpmyadmin worked OK. - moodle worked OK (as little as I could do, having forgotten its username/password). - owncloud worked OK.
Whiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure MGA4-64-OK
Almost there Bill. The packages being updated are all those Lewis listed in alphabetical order in comment 7. Make sure you've updated all those and if your php webapps work ok afterwards then it's ok. php-apc and php-apc-webapps can be tested at http://localhost/php-apc - it's a cache to help speed up php webapps so you should see bits there that it is caching.
(In reply to claire robinson from comment #25) > Make sure you've updated all those and if your php webapps work ok > afterwards then it's ok. php-apc and php-apc-webapps can be tested at > http://localhost/php-apc - it's a cache to help speed up php webapps so you > should see bits there that it is caching. Is there a terminal command that I can use to generate a listing of the php packages and their revision level?
(In reply to William Kenney from comment #26) > Is there a terminal command that I can use to generate > a listing of the php packages and their revision level? You could do something like "rpm -qa '*php*", which would (at least in many cases) probably be more useful than running urpmi on packages you already have installed (which messes up your orphans stuff BTW). BTW, has anyone verified that with the update, php-fpm's socket no longer has world-writable permissions? (run ls -l /var/lib/php-fpm while the php-fpm service is running to check)
(In reply to David Walser from comment #27) > You could do something like "rpm -qa '*php*" How about: rpm -qa | grep php- I've generated an attachment ( php_installed_rpms.txt ) with a listing of after the update php files. Also in the listing are the i586 rpms before the update.
Created attachment 5146 [details] php_installed_rpms.txt
(In reply to William Kenney from comment #28) > (In reply to David Walser from comment #27) > > > You could do something like "rpm -qa '*php*" > > How about: > > rpm -qa | grep php- Slower and less efficient. There's no need for grep here. rpm -qa 'php-*'
I just submitted php-suhosin-0.9.35-1.mga3 & php-suhosin-0.9.35-1.mga4 that hopefully will address reported (which bug?) problems. Please test.
Basic install of php-ini php-fpm M4 i586 Before update After update libphp5_common5-5.5.11-1.mga4 libphp5_common5-5.5.12-1.mga4 php-ctype-5.5.11-1.mga4 php-ctype-5.5.12-1.mga4 php-dom-5.5.11-1.mga4 php-dom-5.5.11-1.mga4 php-filter-5.5.11-1.mga4 php-filter-5.5.12-1.mga4 php-fpm-5.5.11-1.mga4 php-fpm-5.5.12-1.mga4 php-ftp-5.5.11-1.mga4 php-ftp-5.5.12-1.mga4 php-gettext-5.5.11-1.mga4 php-gettext-5.5.12-1.mga4 php-hash-5.5.11-1.mga4 php-hash-5.5.12-1.mga4 php-ini-5.5.11-1.mga4 php-ini-5.5.12-1.mga4 php-json-5.5.11-1.mga4 php-json-5.5.12-1.mga4 php-openssl-5.5.11-1.mga4 php-openssl-5.5.12-1.mga4 php-posix-5.5.11-1.mga4 php-posix-5.5.12-1.mga4 php-session-5.5.11-1.mga4 php-session-5.5.12-1.mga4 php-suhosin-0.9.33-5.mga4 php-suhosin-0.9.33-5.mga4 php-sysvsem-5.5.11-1.mga4 php-sysvsem-5.5.12-1.mga4 php-sysvshm-5.5.11-1.mga4 php-sysvshm-5.5.12-1.mga4 php-timezonedb-2014.2-1.mga4 php-timezonedb-2014.2-1.mga4 php-tokenizer-5.5.11-1.mga4 php-tokenizer-5.5.12-1.mga4 php-xml-5.5.11-1.mga4 php-xml-5.5.12-1.mga4 php-xmlreader-5.5.11-1.mga4 php-xmlreader-5.5.12-1.mga4 php-xmlwriter-5.5.11-1.mga4 php-xmlwriter-5.5.12-1.mga4 php-zlib-5.5.11-1.mga4 php-zlib-5.5.12-1.mga4
(In reply to Oden Eriksson from comment #31) > I just submitted php-suhosin-0.9.35-1.mga3 & php-suhosin-0.9.35-1.mga4 that > hopefully will address reported (which bug?) problems. Please test. No bug report has been opened for that yet, but the complaints about suhosin were raised on the bug for the owncloud update that we just issued.
Basic install of php-ini php-fpm M3 i586 Before update After update libphp5_common5-5.4.27-1.mga3 libphp5_common5-5.4.28-1.mga3 php-ctype-5.4.27-1.mga3 php-ctype-5.4.28-1.mga3 php-dom-5.4.27-1.mga3 php-dom-5.4.27-1.mga3 php-filter-5.4.27-1.mga3 php-filter-5.4.28-1.mga3 php-fpm-5.4.27-1.mga3 php-fpm-5.4.28-1.mga3 php-ftp-5.4.27-1.mga3 php-ftp-5.4.28-1.mga3 php-gettext-5.4.27-1.mga3 php-gettext-5.4.28-1.mga3 php-hash-5.4.27-1.mga3 php-hash-5.4.28-1.mga3 php-ini-5.4.27-1.mga3 php-ini-5.4.28-1.mga3 php-json-5.4.27-1.mga3 php-json-5.4.28-1.mga3 php-openssl-5.4.27-1.mga3 php-openssl-5.4.28-1.mga3 php-posix-5.4.27-1.mga3 php-posix-5.4.28-1.mga3 php-session-5.4.27-1.mga3 php-session-5.4.28-1.mga3 php-suhosin-0.9.34-0.0.git1fba865.4.mga3 php-suhosin-0.9.34-0.0.git1fba865.4.mga3 php-sysvsem-5.4.27-1.mga3 php-sysvsem-5.4.28-1.mga3 php-sysvshm-5.4.27-1.mga3 php-sysvshm-5.4.28-1.mga3 php-timezonedb-2014.2-1.mga3 php-timezonedb-2014.2-1.mga3 php-tokenizer-5.4.27-1.mga3 php-tokenizer-5.4.28-1.mga3 php-xml-5.4.27-1.mga3 php-xml-5.4.28-1.mga3 php-xmlreader-5.4.27-1.mga3 php-xmlreader-5.4.28-1.mga3 php-xmlwriter-5.4.27-1.mga3 php-xmlwriter-5.4.28-1.mga3 php-zlib-5.4.27-1.mga3 php-zlib-5.4.28-1.mga3
We could probably test this update forever. What say ye all?
William, I noticed that you haven't updated the php-dom package in either of your lists. You should make sure all the packages are up to date when testing. Other than that, if someone has verified the socket permissions for php-fpm are fixed (I haven't seen anyone say that yet), and it's been tested on both releases and arches, this one should be good to go.
(In reply to David Walser from comment #37) > William, I noticed that you haven't updated the php-dom package in either of > your lists. You should make sure all the packages are up to date when > testing. The title of this Bug is " php (php-fpm)...." I think if php-dom is part of it then it should have been in the title. What I'm driving for here is the next time we do this test for php this process will be very precise on how to test it.
William, when we assign bugs to QA, we always include the package lists. No matter what the package is, the process is the same as far as ensuring that you've updated all packages that are listed there. php-fpm is a subpackage of the php SRPM, which also includes several other packages including php-dom. You can see them all listed in Comment 6. You don't need to install all of those packages, but you should ensure that any that you already have installed have been updated.
(In reply to David Walser from comment #27) > BTW, has anyone verified that with the update, php-fpm's socket no longer > has world-writable permissions? (run ls -l /var/lib/php-fpm while the > php-fpm service is running to check) Sorry, I OK'd this bug without doing this test, which happily *is* OK: # service php-fpm start Redirecting to /bin/systemctl start php-fpm.service # ls -l /var/lib/php-fpm total 0 srw-rw---- 1 root root 0 Mai 12 20:22 php-fpm.sock=
(In reply to claire robinson from comment #25) > php-apc and php-apc-webapps can be tested at > http://localhost/php-apc - it's a cache to help speed up php webapps so you > should see bits there that it is caching. Another thing I overlooked :-( Installed from Core Updates Testing (I do not know why it got missed first time around): php-apc-3.1.15-4.3.mga4.x86_64.rpm php-apc-admin-3.1.15-4.3.mga4.x86_64.rpm http://localhost/php-apc did indeed throw up a screenfull of sensible looking info, and the few buttons at the top all worked (except the need to login for User Cache Entries). It reported itself as "You are running the latest version of APC (3.1.15-dev)". OK again. No idea how to try php-apc-admin - which had to be explicitly installed; it is not a dependancy of php-apc.
(In reply to Lewis Smith from comment #41) > No idea how to try php-apc-admin - which had to be explicitly installed; it > is not a dependancy of php-apc. It's an optional component, and you just tested it, it provides the http://localhost/php-apc page.
Confirmed php-suhosin fixes the previous issue with owncloud, thanks Oden! Validating. Advisory uploaded. Could sysadmin please push to 3 & 4 updates Thanks
Whiteboard: MGA3TOO has_procedure MGA4-64-OK => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok MGA4-64-OK
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok MGA4-64-OK => MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-32-ok MGA4-64-OKCC: (none) => sysadmin-bugs
Shouldn't the suhosin update go in a different bug with its own advisory? It's not really related to this PHP update.
Not really necessary. I've added some info to the advisory now to explain suhosin being updated at the same time.
Super job to everyone for assisting on this complex app.
just submitted php-timezonedb-2014.3-1.mga3, php-timezonedb-2014.3-1.mga4 & php-timezonedb-2014.3-1.mga5.
It's a bit late in the day, but simple to test, so I'll do that now and add it to the srpm list. https://bugs.mageia.org/show_bug.cgi?id=12842#c16 php -r 'echo date("l, F d, Y h:i:s A" ,time()). "\n";'
Testing complete mga3 32 & 64 and mga4 32 & 64 Advisory updated. Ready for push please.
Update pushed: http://advisories.mageia.org/MGASA-2014-0215.html
Status: NEW => RESOLVEDResolution: (none) => FIXED