PHP 5.6.27 has been released on October 14: http://php.net/archive/2016.php#id2016-10-14-1 It fixes several security issues: http://www.php.net/ChangeLog-5.php#5.6.27 CVE request for one of the issues: http://openwall.com/lists/oss-security/2016/10/18/1 Freeze push requested for Cauldron; update checked into Mageia 5 SVN.
Built and uploaded for Mageia 5, but was rejected in Cauldron because of build system breakage.
CC: (none) => pterjan
Cauldron update fixed by Pascal. Advisory to come later. Updated packages in core/updates_testing: ======================== php-ini-5.6.27-1.mga5 apache-mod_php-5.6.27-1.mga5 php-cli-5.6.27-1.mga5 php-cgi-5.6.27-1.mga5 libphp5_common5-5.6.27-1.mga5 php-devel-5.6.27-1.mga5 php-openssl-5.6.27-1.mga5 php-zlib-5.6.27-1.mga5 php-doc-5.6.27-1.mga5 php-bcmath-5.6.27-1.mga5 php-bz2-5.6.27-1.mga5 php-calendar-5.6.27-1.mga5 php-ctype-5.6.27-1.mga5 php-curl-5.6.27-1.mga5 php-dba-5.6.27-1.mga5 php-dom-5.6.27-1.mga5 php-enchant-5.6.27-1.mga5 php-exif-5.6.27-1.mga5 php-fileinfo-5.6.27-1.mga5 php-filter-5.6.27-1.mga5 php-ftp-5.6.27-1.mga5 php-gd-5.6.27-1.mga5 php-gettext-5.6.27-1.mga5 php-gmp-5.6.27-1.mga5 php-hash-5.6.27-1.mga5 php-iconv-5.6.27-1.mga5 php-imap-5.6.27-1.mga5 php-interbase-5.6.27-1.mga5 php-intl-5.6.27-1.mga5 php-json-5.6.27-1.mga5 php-ldap-5.6.27-1.mga5 php-mbstring-5.6.27-1.mga5 php-mcrypt-5.6.27-1.mga5 php-mssql-5.6.27-1.mga5 php-mysql-5.6.27-1.mga5 php-mysqli-5.6.27-1.mga5 php-mysqlnd-5.6.27-1.mga5 php-odbc-5.6.27-1.mga5 php-opcache-5.6.27-1.mga5 php-pcntl-5.6.27-1.mga5 php-pdo-5.6.27-1.mga5 php-pdo_dblib-5.6.27-1.mga5 php-pdo_firebird-5.6.27-1.mga5 php-pdo_mysql-5.6.27-1.mga5 php-pdo_odbc-5.6.27-1.mga5 php-pdo_pgsql-5.6.27-1.mga5 php-pdo_sqlite-5.6.27-1.mga5 php-pgsql-5.6.27-1.mga5 php-phar-5.6.27-1.mga5 php-posix-5.6.27-1.mga5 php-readline-5.6.27-1.mga5 php-recode-5.6.27-1.mga5 php-session-5.6.27-1.mga5 php-shmop-5.6.27-1.mga5 php-snmp-5.6.27-1.mga5 php-soap-5.6.27-1.mga5 php-sockets-5.6.27-1.mga5 php-sqlite3-5.6.27-1.mga5 php-sybase_ct-5.6.27-1.mga5 php-sysvmsg-5.6.27-1.mga5 php-sysvsem-5.6.27-1.mga5 php-sysvshm-5.6.27-1.mga5 php-tidy-5.6.27-1.mga5 php-tokenizer-5.6.27-1.mga5 php-xml-5.6.27-1.mga5 php-xmlreader-5.6.27-1.mga5 php-xmlrpc-5.6.27-1.mga5 php-xmlwriter-5.6.27-1.mga5 php-xsl-5.6.27-1.mga5 php-wddx-5.6.27-1.mga5 php-zip-5.6.27-1.mga5 php-fpm-5.6.27-1.mga5 phpdbg-5.6.27-1.mga5 from php-5.6.27-1.mga5.src.rpm
CC: pterjan => (none)Assignee: bugsquad => qa-bugs
In VirtualBox, M5, KDE, 32-bit Install and setup mariadb In root terminal: systemctl start mysqld.service Set password to: testphp [root@localhost wilcal]# mysqladmin -u root password type password "testphp" twice Package(s) under test: php-ini php-fpm mariadb phpmyadmin default install of php-ini php-fpm phpmyadmin [root@localhost wilcal]# urpmi php-ini Package php-ini-5.6.26-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi php-fpm Package php-fpm-5.6.26-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.27-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.4.15.8-1.mga5.noarch is already installed localhost/phpmyadmin opens and creates a database named "test01" I can close localhost/phpmyadmin then reopen and access db test01 install php-ini & php-fpm from updates_testing [root@localhost wilcal]# urpmi php-ini Package php-ini-5.6.27-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi php-fpm Package php-fpm-5.6.27-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.27-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.4.15.8-1.mga5.noarch is already installed localhost/phpmyadmin opens and I can access database "test01" localhost/phpmyadmin opens and creates a database named "test02" I can close localhost/phpmyadmin then reopen and access db's test01 & test02
CC: (none) => wilcal.int
In VirtualBox, M5, KDE, 64-bit Install and setup mariadb In root terminal: systemctl start mysqld.service Set password to: testphp [root@localhost wilcal]# mysqladmin -u root password type password "testphp" twice Package(s) under test: php-ini php-fpm mariadb phpmyadmin default install of php-ini php-fpm phpmyadmin [root@localhost wilcal]# urpmi php-ini Package php-ini-5.6.26-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi php-fpm Package php-fpm-5.6.26-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.27-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.4.15.8-1.mga5.noarch is already installed localhost/phpmyadmin opens and creates a database named "test01" I can close localhost/phpmyadmin then reopen and access db test01 install php-ini & php-fpm from updates_testing root@localhost wilcal]# urpmi php-ini Package php-ini-5.6.27-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi php-fpm Package php-fpm-5.6.27-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.27-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.4.15.8-1.mga5.noarch is already installed localhost/phpmyadmin opens and I can access database "test01" localhost/phpmyadmin opens and creates a database named "test02" I can close localhost/phpmyadmin then reopen and access db's test01 & test02
MGA5-64 on Lenovo B50 KDE No instalation issues. Installed and made sure httpd and mysqld were running, installed phpmyAdmin, and run thiswith successs : view system tables, add new table ,all OK.
CC: (none) => herman.viaene
Whiteboard: (none) => MGA5-64-OK
Rpmdrake or one of its priority dependencies needs to be updated first. Rpmdrake will then restart. The following 145 packages are going to be installed: - apache-2.4.10-16.4.mga5.i586 - apache-mod_php-5.6.27-1.mga5.i586 - autoconf-2.69-6.mga5.noarch - automake-1.14.1-3.mga5.noarch - bison-3.0.4-1.mga5.i586 - byacc-20141128-1.mga5.i586 - chrpath-0.16-3.mga5.i586 - dos2unix-6.0.6-3.mga5.i586 - flex-2.5.39-3.mga5.i586 - glibc-devel-2.20-23.mga5.i586 - kernel-userspace-headers-4.4.26-1.mga5.i586 - libapr-util1_0-1.5.4-4.mga5.i586 - libapr1_0-1.5.1-3.mga5.i586 - libaudit-devel-2.4.4-1.mga5.i586 - libc-client0-2007f-6.mga5.i586 - libfbclient2-2.5.3.26778-4.mga5.i586 - libfreetds0-0.91-8.mga5.i586 - libgcrypt-devel-1.5.4-5.3.mga5.i586 - libgpg-error-devel-1.13-3.mga5.i586 - liblzma-devel-5.2.0-1.mga5.i586 - libmbfl1-1.2.0-12.mga5.i586 - libmcrypt-2.5.8-18.mga5.i586 - libmcrypt4-2.5.8-18.mga5.i586 - libonig2-5.9.5-3.mga5.i586 - libopenssl-devel-1.0.2j-1.mga5.i586 - libpam-devel-1.1.8-10.1.mga5.i586 - libpcre-devel-8.38-1.mga5.i586 - libpcre16_0-8.38-1.mga5.i586 - libpcre32_0-8.38-1.mga5.i586 - libphp5_common5-5.6.27-1.mga5.i586 - libpq5-9.4.9-1.mga5.i586 - libstdc++5-3.3.6-11.mga5.i586 - libstdc++5-devel-3.3.6-11.mga5.i586 - libt1lib5-5.1.2-18.mga5.i586 - libtidy0.99_0-20090904-9.mga5.i586 - libtool-2.4.2-13.mga5.i586 - libtool-base-2.4.2-13.mga5.i586 - libxml2-devel-2.9.4-1.1.mga5.i586 - libxmlrpc-epi0-0.54.2-5.1.mga5.i586 - libxslt-devel-1.1.29-1.mga5.i586 - libzip2-0.11.2-4.mga5.i586 - libzlib-devel-1.2.8-7.1.mga5.i586 - m4-1.4.17-4.mga5.i586 - net-snmp-mibs-5.7.2-23.mga5.i586 - perl-URPM-5.06.2-2.mga5.i586 - php-bcmath-5.6.27-1.mga5.i586 - php-bz2-5.6.27-1.mga5.i586 - php-cli-5.6.27-1.mga5.i586 - php-ctype-5.6.27-1.mga5.i586 - php-dba-5.6.27-1.mga5.i586 - php-devel-5.6.27-1.mga5.i586 - php-doc-5.6.27-1.mga5.noarch - php-dom-5.6.27-1.mga5.i586 - php-enchant-5.6.27-1.mga5.i586 - php-exif-5.6.27-1.mga5.i586 - php-fileinfo-5.6.27-1.mga5.i586 - php-filter-5.6.27-1.mga5.i586 - php-fpm-5.6.27-1.mga5.i586 - php-ftp-5.6.27-1.mga5.i586 - php-gd-5.6.27-1.mga5.i586 - php-gettext-5.6.27-1.mga5.i586 - php-gmp-5.6.27-1.mga5.i586 - php-hash-5.6.27-1.mga5.i586 - php-iconv-5.6.27-1.mga5.i586 - php-imap-5.6.27-1.mga5.i586 - php-ini-5.6.27-1.mga5.i586 - php-interbase-5.6.27-1.mga5.i586 - php-intl-5.6.27-1.mga5.i586 - php-json-5.6.27-1.mga5.i586 - php-ldap-5.6.27-1.mga5.i586 - php-mbstring-5.6.27-1.mga5.i586 - php-mcrypt-5.6.27-1.mga5.i586 - php-mssql-5.6.27-1.mga5.i586 - php-mysql-5.6.27-1.mga5.i586 - php-mysqli-5.6.27-1.mga5.i586 - php-mysqlnd-5.6.27-1.mga5.i586 - php-odbc-5.6.27-1.mga5.i586 - php-opcache-5.6.27-1.mga5.i586 - php-openssl-5.6.27-1.mga5.i586 - php-pcntl-5.6.27-1.mga5.i586 - php-pdo-5.6.27-1.mga5.i586 - php-pdo_dblib-5.6.27-1.mga5.i586 - php-pdo_firebird-5.6.27-1.mga5.i586 - php-pdo_mysql-5.6.27-1.mga5.i586 - php-pdo_odbc-5.6.27-1.mga5.i586 - php-pdo_pgsql-5.6.27-1.mga5.i586 - php-pdo_sqlite-5.6.27-1.mga5.i586 - php-pear-1.9.5-8.mga5.noarch - php-pear-Auth-1.6.4-5.mga5.noarch - php-pear-Auth_RADIUS-1.0.7-7.mga5.noarch - php-pear-Auth_SASL-1.0.6-5.mga5.noarch - php-pear-Console_ProgressBar-0.5.2beta-8.mga5.noarch - php-pear-Crypt_CHAP-1.5.0-5.mga5.noarch - php-pear-DB-1.8.2-1.mga5.noarch - php-pear-File_Passwd-1.1.7-8.mga5.noarch - php-pear-File_SMBPasswd-1.0.3-8.mga5.noarch - php-pear-HTTP_Client-1.2.1-9.mga5.noarch - php-pear-HTTP_Request-1.4.4-9.mga5.noarch - php-pear-Log-1.12.8-3.mga5.noarch - php-pear-Mail-1.2.0-5.mga5.noarch - php-pear-Mail_mimeDecode-1.5.5-6.mga5.noarch - php-pear-MDB2-2.5.0-0.0.b9.mga5.noarch - php-pear-MDB2_Driver_mysql-1.5.0-0.0.b8.mga5.noarch - php-pear-MDB2_Driver_mysqli-1.5.0-0.0.b8.mga5.noarch - php-pear-MDB2_Driver_pgsql-1.5.0-0.0.b8.mga5.noarch - php-pear-Net_DIME-1.0.2-5.mga5.noarch - php-pear-Net_POP3-1.3.8-5.mga5.noarch - php-pear-Net_Server-1.0.3-5.mga5.noarch - php-pear-Net_SMTP-1.6.2-4.mga5.noarch - php-pear-Net_Socket-1.0.14-4.mga5.noarch - php-pear-Net_URL-1.0.15-9.mga5.noarch - php-pear-Net_Vpopmaild-0.3.2-7.mga5.noarch - php-pear-PHP_Fork-0.3.2-8.mga5.noarch - php-pear-SOAP-0.13.0-7.mga5.noarch - php-pgsql-5.6.27-1.mga5.i586 - php-phar-5.6.27-1.mga5.i586 - php-posix-5.6.27-1.mga5.i586 - php-radius-1.2.7-8.mga5.i586 - php-readline-5.6.27-1.mga5.i586 - php-recode-5.6.27-1.mga5.i586 - php-session-5.6.27-1.mga5.i586 - php-shmop-5.6.27-1.mga5.i586 - php-snmp-5.6.27-1.mga5.i586 - php-soap-5.6.27-1.mga5.i586 - php-sockets-5.6.27-1.mga5.i586 - php-sqlite3-5.6.27-1.mga5.i586 - php-suhosin-0.9.37.1-1.mga5.i586 - php-sybase_ct-5.6.27-1.mga5.i586 - php-sysvmsg-5.6.27-1.mga5.i586 - php-sysvsem-5.6.27-1.mga5.i586 - php-sysvshm-5.6.27-1.mga5.i586 - php-tidy-5.6.27-1.mga5.i586 - php-timezonedb-2016.6-1.mga5.i586 - php-tokenizer-5.6.27-1.mga5.i586 - php-xml-5.6.27-1.mga5.i586 - php-xmlreader-5.6.27-1.mga5.i586 - php-xmlrpc-5.6.27-1.mga5.i586 - php-xmlwriter-5.6.27-1.mga5.i586 - php-xsl-5.6.27-1.mga5.i586 - php-zip-5.6.27-1.mga5.i586 - php-zlib-5.6.27-1.mga5.i586 - phpdbg-5.6.27-1.mga5.i586 - re2c-0.13.6-3.mga5.i586 - t1lib-config-5.1.2-18.mga5.i586 - webserver-base-2.0-8.mga5.i586 169MB of additional disk space will be used. 34MB of packages will be retrieved. ------------------------------------ $ php --version PHP 5.6.27 (cli) (built: Oct 18 2016 18:59:42) Copyright (c) 1997-2016 The PHP Group Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies I ran some of my usual scripts it appears to be running as designed.
Keywords: (none) => validated_updateWhiteboard: MGA5-64-OK => MGA5-64-OK mga5-32-okCC: (none) => brtians1, sysadmin-bugs
Hi, please provide an advisory.
CC: (none) => mageia
Removing validated_update till the cve requests have been assigned ids.
Keywords: validated_update => (none)CC: (none) => davidwhodgins
(In reply to Dave Hodgins from comment #8) > Removing validated_update till the cve requests have been assigned ids. Why? Cannot it sit in the 'validated update' list awaiting its CVEs & advisory there? This reduces the main to-test updates list. "Below is a list of validated updates waiting to be pushed to the updates media. Those without a star* need an advisory to be uploaded, first" seems unambiguous.
CC: (none) => lewyssmith
Not waiting any more, taking too long. Advisory: ======================== Updated php packages fix security vulnerabilities: The php package has been updated to version 5.6.27, which fixes several security issues and other bugs. See the upstream ChangeLog for more details. References: http://www.php.net/ChangeLog-5.php#5.6.27
Keywords: (none) => validated_updateURL: (none) => http://lwn.net/Vulnerabilities/704466/
(In reply to David Walser from comment #10) > Not waiting any more, taking too long. Thanks David, both for the action & the advisory. Advisory uploaded.
Whiteboard: MGA5-64-OK mga5-32-ok => MGA5-64-OK mga5-32-ok advisory
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0355.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
(In reply to David Walser from comment #0) > CVE request for one of the issues: > http://openwall.com/lists/oss-security/2016/10/18/1 CVE-2016-9137 finally assigned: http://openwall.com/lists/oss-security/2016/11/01/7