new version fixes a number of segfault (core, mysqli, mysqlnd, sodium)
Suggested advisory: ======================== Updated php packages to the latest version, fixing some segfaults and crashes: - Core: Fixed bug #76980 (Interface gets skipped if autoloader throws an exception). - DOM: Fixed bug #78025 (segfault when accessing properties of DOMDocumentType). MySQLi: Fixed bug #77956 (When mysqli.allow_local_infile = Off, use a meaningful error message). Fixed bug #38546 (bindParam incorrect processing of bool types). - MySQLnd: Fixed bug #77955 (Random segmentation fault in mysqlnd from php-fpm). - Opcache: Fixed bug #78015 (Incorrect evaluation of expressions involving partials arrays in SCCP). Fixed bug #78106 (Path resolution fails if opcache disabled during request). - OpenSSL: Fixed bug #78079 (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c). - phpdbg: Fixed bug #78050 (SegFault phpdbg + opcache on include file twice). - Sockets: Fixed bug #78038 (Socket_select fails when resource array contains references). - Sodium: Fixed bug #78114 (segfault when calling sodium_* functions from eval). - Standard: Fixed bug #77135 (Extract with EXTR_SKIP should skip $this). Fixed bug #77937 (preg_match failed). - Zip: Fixed bug #76345 (zip.h not found). References: https://www.php.net/ChangeLog-7.php#7.3.7 ======================== Updated packages in core/updates_testing: ======================== php-ini-7.3.7-1 apache-mod_php-7.3.7-1 php-cli-7.3.7-1 php-cgi-7.3.7-1 lib64php_common7-7.3.7-1 php-devel-7.3.7-1 php-openssl-7.3.7-1 php-zlib-7.3.7-1 php-doc-7.3.7-1 php-bcmath-7.3.7-1 php-bz2-7.3.7-1 php-calendar-7.3.7-1 php-ctype-7.3.7-1 php-curl-7.3.7-1 php-dba-7.3.7-1 php-dom-7.3.7-1 php-enchant-7.3.7-1 php-exif-7.3.7-1 php-fileinfo-7.3.7-1 php-filter-7.3.7-1 php-ftp-7.3.7-1 php-gd-7.3.7-1 php-gettext-7.3.7-1 php-gmp-7.3.7-1 php-hash-7.3.7-1 php-iconv-7.3.7-1 php-imap-7.3.7-1 php-interbase-7.3.7-1 php-intl-7.3.7-1 php-json-7.3.7-1 php-ldap-7.3.7-1 php-mbstring-7.3.7-1 php-mysqli-7.3.7-1 php-mysqlnd-7.3.7-1 php-odbc-7.3.7-1 php-opcache-7.3.7-1 php-pcntl-7.3.7-1 php-pdo-7.3.7-1 php-pdo_dblib-7.3.7-1 php-pdo_firebird-7.3.7-1 php-pdo_mysql-7.3.7-1 php-pdo_odbc-7.3.7-1 php-pdo_pgsql-7.3.7-1 php-pdo_sqlite-7.3.7-1 php-pgsql-7.3.7-1 php-phar-7.3.7-1 php-posix-7.3.7-1 php-readline-7.3.7-1 php-recode-7.3.7-1 php-session-7.3.7-1 php-shmop-7.3.7-1 php-snmp-7.3.7-1 php-soap-7.3.7-1 php-sockets-7.3.7-1 php-sodium-7.3.7-1 php-sqlite3-7.3.7-1 php-sysvmsg-7.3.7-1 php-sysvsem-7.3.7-1 php-sysvshm-7.3.7-1 php-tidy-7.3.7-1 php-tokenizer-7.3.7-1 php-xml-7.3.7-1 php-xmlreader-7.3.7-1 php-xmlrpc-7.3.7-1 php-xmlwriter-7.3.7-1 php-xsl-7.3.7-1 php-wddx-7.3.7-1 php-zip-7.3.7-1 php-fpm-7.3.7-1 phpdbg-7.3.7-1 php-debugsource-7.3.7-1 php-debuginfo-7.3.7-1 apache-mod_php-debuginfo-7.3.7-1 php-cli-debuginfo-7.3.7-1 php-cgi-debuginfo-7.3.7-1 lib64php_common7-debuginfo-7.3.7-1 php-openssl-debuginfo-7.3.7-1 php-zlib-debuginfo-7.3.7-1 php-bcmath-debuginfo-7.3.7-1 php-bz2-debuginfo-7.3.7-1 php-calendar-debuginfo-7.3.7-1 php-ctype-debuginfo-7.3.7-1 php-curl-debuginfo-7.3.7-1 php-dba-debuginfo-7.3.7-1 php-dom-debuginfo-7.3.7-1 php-enchant-debuginfo-7.3.7-1 php-exif-debuginfo-7.3.7-1 php-fileinfo-debuginfo-7.3.7-1 php-filter-debuginfo-7.3.7-1 php-ftp-debuginfo-7.3.7-1 php-gd-debuginfo-7.3.7-1 php-gettext-debuginfo-7.3.7-1 php-gmp-debuginfo-7.3.7-1 php-hash-debuginfo-7.3.7-1 php-iconv-debuginfo-7.3.7-1 php-imap-debuginfo-7.3.7-1 php-interbase-debuginfo-7.3.7-1 php-intl-debuginfo-7.3.7-1 php-json-debuginfo-7.3.7-1 php-ldap-debuginfo-7.3.7-1 php-mbstring-debuginfo-7.3.7-1 php-mysqli-debuginfo-7.3.7-1 php-mysqlnd-debuginfo-7.3.7-1 php-odbc-debuginfo-7.3.7-1 php-opcache-debuginfo-7.3.7-1 php-pcntl-debuginfo-7.3.7-1 php-pdo-debuginfo-7.3.7-1 php-pdo_dblib-debuginfo-7.3.7-1 php-pdo_firebird-debuginfo-7.3.7-1 php-pdo_mysql-debuginfo-7.3.7-1 php-pdo_odbc-debuginfo-7.3.7-1 php-pdo_pgsql-debuginfo-7.3.7-1 php-pdo_sqlite-debuginfo-7.3.7-1 php-pgsql-debuginfo-7.3.7-1 php-phar-debuginfo-7.3.7-1 php-posix-debuginfo-7.3.7-1 php-readline-debuginfo-7.3.7-1 php-recode-debuginfo-7.3.7-1 php-session-debuginfo-7.3.7-1 php-shmop-debuginfo-7.3.7-1 php-snmp-debuginfo-7.3.7-1 php-soap-debuginfo-7.3.7-1 php-sockets-debuginfo-7.3.7-1 php-sodium-debuginfo-7.3.7-1 php-sqlite3-debuginfo-7.3.7-1 php-sysvmsg-debuginfo-7.3.7-1 php-sysvsem-debuginfo-7.3.7-1 php-sysvshm-debuginfo-7.3.7-1 php-tidy-debuginfo-7.3.7-1 php-tokenizer-debuginfo-7.3.7-1 php-xml-debuginfo-7.3.7-1 php-xmlreader-debuginfo-7.3.7-1 php-xmlrpc-debuginfo-7.3.7-1 php-xmlwriter-debuginfo-7.3.7-1 php-xsl-debuginfo-7.3.7-1 php-wddx-debuginfo-7.3.7-1 php-zip-debuginfo-7.3.7-1 php-fpm-debuginfo-7.3.7-1 phpdbg-debuginfo-7.3.7-1 SRPM: php-7.3.7-1.mga7.src.rpm
Assignee: mageia => qa-bugs
Version: 6 => 7
MGA7-64 Plasma on Lenovo B50 No installation issues. Ref to bug 25045 for tests Created the phpfiles as described (I will attach these). In browser: http://localhost:8000/sample.php shows Now hear this. This is you captain speaking.All hands on deck. Abandon ship. and http://localhost:8000/create-png.php shows The picture cannot be displayed because it contains errors. but the file one.png created, displays OK in gwenview, and inthr browser as well when entered as http://localhost:8000/one.png. Asking Len to look at the php file if I made some mistake in copying.
CC: (none) => herman.viaene
Created attachment 11206 [details] create png
Created attachment 11207 [details] sample text
@herman in reply to comment 2. Nothing wrong with the text that I can see. The only difference between your and my files is the extra space before the opening "<" but would not expect that to be significant. The test fails here as well because the imagecreate function cannot be found. Checking the php function list online shows that it does exist but does not say anything about how to make it available. The similar test script from there also fails - no imagecreate. All I can do now is check the current package list against one from the earlier bug to see if there are any clues. It may have something to do with php-gd. @Marc: Have you any idea what the trouble might be?
CC: (none) => tarazed25
the opening space will lead to an invalid image, since the space is in the output stream ahead of the created image. If the "function list" tells you the function is there, it is available. What is the exact output of your call, where it tells you it is "not available"? running both scripts on command line, works as expected. Both are very very basic tests :)
Yes, very basic, like my knowledge of php. I cannot remember the exact wording of the error report but it did say that imagecreate is not a valid function. It always worked in the past which might mean that something is missing at my end.
@Marc. I am on mga6 just now but shall try to get back to it on mga7 later today.
@ Len I removed the extra space before the opening "<" and now the http://localhost:8000/create-png.php shws the blue square without problems, so OK for me. If yoou have no further problems, this can be OK'ed as far as I am conccerned.
I didn't bother to test the previous php version from bug 25024, I don't see the point in it, so that one may be OK'ed as well.
OK. Back to this. @Marc: I am not testing this - just following up Herman's request for assistance. Installing things properly removed the 'imagecreate' problem. @herman: I started from the beginning. Installed all the packages on the manifest from release. Enabled updates and performed a clean update of all the packages. Restarted httpd. Started the local development server on port 8000. Ran the hello-world scripts in a browser and they worked fine. They also worked at the cli and a leading space before the opening chevron did not make any difference. It was swallowed transparently.
ok. all as expected :)
Whiteboard: (none) => MGA7-64-OK
Summary: Update php 7.3.7 => Update php 7.3.8
updated to new version 7.3.8
Whiteboard: MGA7-64-OK => (none)Summary: Update php 7.3.8 => Update php 7.3.8 fixes two CVE's
Suggested advisory: ======================== Updated php packages to the latest version, fixing some segfaults and crashes. Additionally two heap overflows were fixed. References: https://www.php.net/ChangeLog-7.php#7.3.7 https://www.php.net/ChangeLog-7.php#7.3.8 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11042 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11041 Updated packages in core/updates_testing: ======================== php-ini-7.3.8-1.mga7 apache-mod_php-7.3.8-1.mga7 php-cli-7.3.8-1.mga7 php-cgi-7.3.8-1.mga7 libphp_common7-7.3.8-1.mga7 php-devel-7.3.8-1.mga7 php-openssl-7.3.8-1.mga7 php-zlib-7.3.8-1.mga7 php-doc-7.3.8-1.mga7.noarch php-bcmath-7.3.8-1.mga7 php-bz2-7.3.8-1.mga7 php-calendar-7.3.8-1.mga7 php-ctype-7.3.8-1.mga7 php-curl-7.3.8-1.mga7 php-dba-7.3.8-1.mga7 php-dom-7.3.8-1.mga7 php-enchant-7.3.8-1.mga7 php-exif-7.3.8-1.mga7 php-fileinfo-7.3.8-1.mga7 php-filter-7.3.8-1.mga7 php-ftp-7.3.8-1.mga7 php-gd-7.3.8-1.mga7 php-gettext-7.3.8-1.mga7 php-gmp-7.3.8-1.mga7 php-hash-7.3.8-1.mga7 php-iconv-7.3.8-1.mga7 php-imap-7.3.8-1.mga7 php-interbase-7.3.8-1.mga7 php-intl-7.3.8-1.mga7 php-json-7.3.8-1.mga7 php-ldap-7.3.8-1.mga7 php-mbstring-7.3.8-1.mga7 php-mysqli-7.3.8-1.mga7 php-mysqlnd-7.3.8-1.mga7 php-odbc-7.3.8-1.mga7 php-opcache-7.3.8-1.mga7 php-pcntl-7.3.8-1.mga7 php-pdo-7.3.8-1.mga7 php-pdo_dblib-7.3.8-1.mga7 php-pdo_firebird-7.3.8-1.mga7 php-pdo_mysql-7.3.8-1.mga7 php-pdo_odbc-7.3.8-1.mga7 php-pdo_pgsql-7.3.8-1.mga7 php-pdo_sqlite-7.3.8-1.mga7 php-pgsql-7.3.8-1.mga7 php-phar-7.3.8-1.mga7 php-posix-7.3.8-1.mga7 php-readline-7.3.8-1.mga7 php-recode-7.3.8-1.mga7 php-session-7.3.8-1.mga7 php-shmop-7.3.8-1.mga7 php-snmp-7.3.8-1.mga7 php-soap-7.3.8-1.mga7 php-sockets-7.3.8-1.mga7 php-sodium-7.3.8-1.mga7 php-sqlite3-7.3.8-1.mga7 php-sysvmsg-7.3.8-1.mga7 php-sysvsem-7.3.8-1.mga7 php-sysvshm-7.3.8-1.mga7 php-tidy-7.3.8-1.mga7 php-tokenizer-7.3.8-1.mga7 php-xml-7.3.8-1.mga7 php-xmlreader-7.3.8-1.mga7 php-xmlrpc-7.3.8-1.mga7 php-xmlwriter-7.3.8-1.mga7 php-xsl-7.3.8-1.mga7 php-wddx-7.3.8-1.mga7 php-zip-7.3.8-1.mga7 php-fpm-7.3.8-1.mga7 phpdbg-7.3.8-1.mga7 php-debugsource-7.3.8-1.mga7 php-debuginfo-7.3.8-1.mga7 apache-mod_php-debuginfo-7.3.8-1.mga7 php-cli-debuginfo-7.3.8-1.mga7 php-cgi-debuginfo-7.3.8-1.mga7 libphp_common7-debuginfo-7.3.8-1.mga7 php-openssl-debuginfo-7.3.8-1.mga7 php-zlib-debuginfo-7.3.8-1.mga7 php-bcmath-debuginfo-7.3.8-1.mga7 php-bz2-debuginfo-7.3.8-1.mga7 php-calendar-debuginfo-7.3.8-1.mga7 php-ctype-debuginfo-7.3.8-1.mga7 php-curl-debuginfo-7.3.8-1.mga7 php-dba-debuginfo-7.3.8-1.mga7 php-dom-debuginfo-7.3.8-1.mga7 php-enchant-debuginfo-7.3.8-1.mga7 php-exif-debuginfo-7.3.8-1.mga7 php-fileinfo-debuginfo-7.3.8-1.mga7 php-filter-debuginfo-7.3.8-1.mga7 php-ftp-debuginfo-7.3.8-1.mga7 php-gd-debuginfo-7.3.8-1.mga7 php-gettext-debuginfo-7.3.8-1.mga7 php-gmp-debuginfo-7.3.8-1.mga7 php-hash-debuginfo-7.3.8-1.mga7 php-iconv-debuginfo-7.3.8-1.mga7 php-imap-debuginfo-7.3.8-1.mga7 php-interbase-debuginfo-7.3.8-1.mga7 php-intl-debuginfo-7.3.8-1.mga7 php-json-debuginfo-7.3.8-1.mga7 php-ldap-debuginfo-7.3.8-1.mga7 php-mbstring-debuginfo-7.3.8-1.mga7 php-mysqli-debuginfo-7.3.8-1.mga7 php-mysqlnd-debuginfo-7.3.8-1.mga7 php-odbc-debuginfo-7.3.8-1.mga7 php-opcache-debuginfo-7.3.8-1.mga7 php-pcntl-debuginfo-7.3.8-1.mga7 php-pdo-debuginfo-7.3.8-1.mga7 php-pdo_dblib-debuginfo-7.3.8-1.mga7 php-pdo_firebird-debuginfo-7.3.8-1.mga7 php-pdo_mysql-debuginfo-7.3.8-1.mga7 php-pdo_odbc-debuginfo-7.3.8-1.mga7 php-pdo_pgsql-debuginfo-7.3.8-1.mga7 php-pdo_sqlite-debuginfo-7.3.8-1.mga7 php-pgsql-debuginfo-7.3.8-1.mga7 php-phar-debuginfo-7.3.8-1.mga7 php-posix-debuginfo-7.3.8-1.mga7 php-readline-debuginfo-7.3.8-1.mga7 php-recode-debuginfo-7.3.8-1.mga7 php-session-debuginfo-7.3.8-1.mga7 php-shmop-debuginfo-7.3.8-1.mga7 php-snmp-debuginfo-7.3.8-1.mga7 php-soap-debuginfo-7.3.8-1.mga7 php-sockets-debuginfo-7.3.8-1.mga7 php-sodium-debuginfo-7.3.8-1.mga7 php-sqlite3-debuginfo-7.3.8-1.mga7 php-sysvmsg-debuginfo-7.3.8-1.mga7 php-sysvsem-debuginfo-7.3.8-1.mga7 php-sysvshm-debuginfo-7.3.8-1.mga7 php-tidy-debuginfo-7.3.8-1.mga7 php-tokenizer-debuginfo-7.3.8-1.mga7 php-xml-debuginfo-7.3.8-1.mga7 php-xmlreader-debuginfo-7.3.8-1.mga7 php-xmlrpc-debuginfo-7.3.8-1.mga7 php-xmlwriter-debuginfo-7.3.8-1.mga7 php-xsl-debuginfo-7.3.8-1.mga7 php-wddx-debuginfo-7.3.8-1.mga7 php-zip-debuginfo-7.3.8-1.mga7 php-fpm-debuginfo-7.3.8-1.mga7 phpdbg-debuginfo-7.3.8-1.mga7 SRPM: ======================== php-7.3.8-1.mga7.src.rpm
Installed and tested without issues. Tests: - small and large scripts (e.g. wordpress, phpmyadmin); - apache plus mod_php; - php's built-in web server; - php CLI; - attached php files (no crushes or other issues noticed). WARNING: The attached create_png.php file has a space at the start of the file that needs to be removed for it to work. System: Mageia 7, x86_64, Intel CPU. $ uname -a Linux marte 5.1.20-desktop-2.mga7 #1 SMP Fri Jul 26 23:04:19 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep php | sort apache-mod_php-7.3.8-1.mga7 lib64php_common7-7.3.8-1.mga7 php-bz2-7.3.8-1.mga7 php-channel-phpunit-1.3-16.mga7 php-cli-7.3.8-1.mga7 php-ctype-7.3.8-1.mga7 php-dom-7.3.8-1.mga7 php-filter-7.3.8-1.mga7 php-ftp-7.3.8-1.mga7 php-gd-7.3.8-1.mga7 php-gettext-7.3.8-1.mga7 php-hash-7.3.8-1.mga7 php-ini-7.3.8-1.mga7 php-json-7.3.8-1.mga7 php-mbstring-7.3.8-1.mga7 phpmyadmin-4.9.0.1-1.mga7 php-mysqli-7.3.8-1.mga7 php-mysqlnd-7.3.8-1.mga7 php-openssl-7.3.8-1.mga7 php-pdo-7.3.8-1.mga7 php-pdo_mysql-7.3.8-1.mga7 php-pdo_sqlite-7.3.8-1.mga7 php-pear-1.10.9-1.mga7 php-pear-File_Iterator-1.3.4-6.mga7 php-posix-7.3.8-1.mga7 php-session-7.3.8-1.mga7 php-sysvsem-7.3.8-1.mga7 php-sysvshm-7.3.8-1.mga7 php-tokenizer-7.3.8-1.mga7 php-xml-7.3.8-1.mga7 php-xmlreader-7.3.8-1.mga7 php-xmlwriter-7.3.8-1.mga7 php-zip-7.3.8-1.mga7 php-zlib-7.3.8-1.mga7 $ php -S 127.0.0.1:8080 create-png.php PHP 7.3.8 Development Server started at Sat Aug 3 08:48:49 2019 Listening on http://127.0.0.1:8080 Document root is /tmp/ Press Ctrl-C to quit. $ php -S 127.0.0.1:8080 sample.php PHP 7.3.8 Development Server started at Sat Aug 3 08:50:50 2019 Listening on http://127.0.0.1:8080 Document root is /tmp/ Press Ctrl-C to quit.
CC: (none) => mageia
On the basis of the tests reported in comment 15 this looks good for release. Adding the 64bit OK. Thanks PC_LX.
Keywords: (none) => advisory, validated_updateCC: (none) => tmb, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0218.html
Status: NEW => RESOLVEDResolution: (none) => FIXED