I made a typo in the description. 7.3.19 RPMs were installed over previous 7.3.18 (not 7.3.12) release

may I ask, why you've installed apache-mod_php in parallel to php-fpm?

I think you get this error, because php-fpm should handle these requests, but is not enabled yet.

(In reply to Marc Krämer from comment #2)
> may I ask, why you've installed apache-mod_php in parallel to php-fpm?
> 
> I think you get this error, because php-fpm should handle these requests,
> but is not enabled yet.

I can't really answer your question as it is well beyond my understanding on how things work together
A bit more details:
- apache-mod_php came with task-lamp
- 00-php-fpm.conf came with apache-mod_php and requires apache-mod_proxy, which is installed
- I don't have php-fpm installed

you're right. (00,10)-php-fpm.conf should not be included in apache-mod_php, this was a packaging error.

Fixed in updates_testing as php-7.3.20

I just tried
- Re-installing apache-mod_php update 7.3.19	and then
- Removing 10-php-fpm.conf from /etc/httpd/conf/modules.d/
It works!

Updated php package to the latest version:

- Fixed an issue with apache-mod_php not running because of a faulty config "10-php-fpm.conf"
- apache-mod_php now conflicts php-cgi and php-fpm which should not be installed in parallel
- fixed phar not supporting SHA-256/SHA-512 signatures (mga#26896)

References:
https://www.php.net/ChangeLog-7.php#7.3.20

Updated packages in core/updates_testing:
========================
php-ini-7.3.20-2.mga7
apache-mod_php-7.3.20-2.mga7
php-cli-7.3.20-2.mga7
php-cgi-7.3.20-2.mga7
lib64php_common7-7.3.20-2.mga7
php-devel-7.3.20-2.mga7
php-openssl-7.3.20-2.mga7
php-zlib-7.3.20-2.mga7
php-doc-7.3.20-2.mga7.noarch
php-bcmath-7.3.20-2.mga7
php-bz2-7.3.20-2.mga7
php-calendar-7.3.20-2.mga7
php-ctype-7.3.20-2.mga7
php-curl-7.3.20-2.mga7
php-dba-7.3.20-2.mga7
php-dom-7.3.20-2.mga7
php-enchant-7.3.20-2.mga7
php-exif-7.3.20-2.mga7
php-fileinfo-7.3.20-2.mga7
php-filter-7.3.20-2.mga7
php-ftp-7.3.20-2.mga7
php-gd-7.3.20-2.mga7
php-gettext-7.3.20-2.mga7
php-gmp-7.3.20-2.mga7
php-iconv-7.3.20-2.mga7
php-imap-7.3.20-2.mga7
php-interbase-7.3.20-2.mga7
php-intl-7.3.20-2.mga7
php-json-7.3.20-2.mga7
php-ldap-7.3.20-2.mga7
php-mbstring-7.3.20-2.mga7
php-mysqli-7.3.20-2.mga7
php-mysqlnd-7.3.20-2.mga7
php-odbc-7.3.20-2.mga7
php-opcache-7.3.20-2.mga7
php-pcntl-7.3.20-2.mga7
php-pdo-7.3.20-2.mga7
php-pdo_dblib-7.3.20-2.mga7
php-pdo_firebird-7.3.20-2.mga7
php-pdo_mysql-7.3.20-2.mga7
php-pdo_odbc-7.3.20-2.mga7
php-pdo_pgsql-7.3.20-2.mga7
php-pdo_sqlite-7.3.20-2.mga7
php-pgsql-7.3.20-2.mga7
php-phar-7.3.20-2.mga7
php-posix-7.3.20-2.mga7
php-readline-7.3.20-2.mga7
php-recode-7.3.20-2.mga7
php-session-7.3.20-2.mga7
php-shmop-7.3.20-2.mga7
php-snmp-7.3.20-2.mga7
php-soap-7.3.20-2.mga7
php-sockets-7.3.20-2.mga7
php-sodium-7.3.20-2.mga7
php-sqlite3-7.3.20-2.mga7
php-sysvmsg-7.3.20-2.mga7
php-sysvsem-7.3.20-2.mga7
php-sysvshm-7.3.20-2.mga7
php-tidy-7.3.20-2.mga7
php-tokenizer-7.3.20-2.mga7
php-xml-7.3.20-2.mga7
php-xmlreader-7.3.20-2.mga7
php-xmlrpc-7.3.20-2.mga7
php-xmlwriter-7.3.20-2.mga7
php-xsl-7.3.20-2.mga7
php-wddx-7.3.20-2.mga7
php-zip-7.3.20-2.mga7
php-fpm-7.3.20-2.mga7
phpdbg-7.3.20-2.mga7
php-debugsource-7.3.20-2.mga7
php-debuginfo-7.3.20-2.mga7
apache-mod_php-debuginfo-7.3.20-2.mga7
php-cli-debuginfo-7.3.20-2.mga7
php-cgi-debuginfo-7.3.20-2.mga7
lib64php_common7-debuginfo-7.3.20-2.mga7
php-openssl-debuginfo-7.3.20-2.mga7
php-zlib-debuginfo-7.3.20-2.mga7
php-bcmath-debuginfo-7.3.20-2.mga7
php-bz2-debuginfo-7.3.20-2.mga7
php-calendar-debuginfo-7.3.20-2.mga7
php-ctype-debuginfo-7.3.20-2.mga7
php-curl-debuginfo-7.3.20-2.mga7
php-dba-debuginfo-7.3.20-2.mga7
php-dom-debuginfo-7.3.20-2.mga7
php-enchant-debuginfo-7.3.20-2.mga7
php-exif-debuginfo-7.3.20-2.mga7
php-fileinfo-debuginfo-7.3.20-2.mga7
php-filter-debuginfo-7.3.20-2.mga7
php-ftp-debuginfo-7.3.20-2.mga7
php-gd-debuginfo-7.3.20-2.mga7
php-gettext-debuginfo-7.3.20-2.mga7
php-gmp-debuginfo-7.3.20-2.mga7
php-iconv-debuginfo-7.3.20-2.mga7
php-imap-debuginfo-7.3.20-2.mga7
php-interbase-debuginfo-7.3.20-2.mga7
php-intl-debuginfo-7.3.20-2.mga7
php-json-debuginfo-7.3.20-2.mga7
php-ldap-debuginfo-7.3.20-2.mga7
php-mbstring-debuginfo-7.3.20-2.mga7
php-mysqli-debuginfo-7.3.20-2.mga7
php-mysqlnd-debuginfo-7.3.20-2.mga7
php-odbc-debuginfo-7.3.20-2.mga7
php-opcache-debuginfo-7.3.20-2.mga7
php-pcntl-debuginfo-7.3.20-2.mga7
php-pdo-debuginfo-7.3.20-2.mga7
php-pdo_dblib-debuginfo-7.3.20-2.mga7
php-pdo_firebird-debuginfo-7.3.20-2.mga7
php-pdo_mysql-debuginfo-7.3.20-2.mga7
php-pdo_odbc-debuginfo-7.3.20-2.mga7
php-pdo_pgsql-debuginfo-7.3.20-2.mga7
php-pdo_sqlite-debuginfo-7.3.20-2.mga7
php-pgsql-debuginfo-7.3.20-2.mga7
php-phar-debuginfo-7.3.20-2.mga7
php-posix-debuginfo-7.3.20-2.mga7
php-readline-debuginfo-7.3.20-2.mga7
php-recode-debuginfo-7.3.20-2.mga7
php-session-debuginfo-7.3.20-2.mga7
php-shmop-debuginfo-7.3.20-2.mga7
php-snmp-debuginfo-7.3.20-2.mga7
php-soap-debuginfo-7.3.20-2.mga7
php-sockets-debuginfo-7.3.20-2.mga7
php-sodium-debuginfo-7.3.20-2.mga7
php-sqlite3-debuginfo-7.3.20-2.mga7
php-sysvmsg-debuginfo-7.3.20-2.mga7
php-sysvsem-debuginfo-7.3.20-2.mga7
php-sysvshm-debuginfo-7.3.20-2.mga7
php-tidy-debuginfo-7.3.20-2.mga7
php-tokenizer-debuginfo-7.3.20-2.mga7
php-xml-debuginfo-7.3.20-2.mga7
php-xmlreader-debuginfo-7.3.20-2.mga7
php-xmlrpc-debuginfo-7.3.20-2.mga7
php-xmlwriter-debuginfo-7.3.20-2.mga7
php-xsl-debuginfo-7.3.20-2.mga7
php-wddx-debuginfo-7.3.20-2.mga7
php-zip-debuginfo-7.3.20-2.mga7
php-fpm-debuginfo-7.3.20-2.mga7
phpdbg-debuginfo-7.3.20-2.mga7


SRPM:
php-7.3.20-2.mga7.src.rpm

Assignee: mageia => qa-bugs

When trying to install this update I found an issue.

Before a system could have both php-fpm and apache-mod_php packages installed, and the admin could then choose which one to use by editing which module to load.

With this update these two packages are incompatible and can't be installed at the same time.

This causes a problem for systems using php-fpm since many packages require apache-mod_php (see list below).


$ urpmq --whatrequires apache-mod_php | sort -u
ampache
apache-mod_php
astpp
clusterscripts-server
egroupware
fusiondirectory
fusionpbx
galette
ganglia-web
glpi
kanboard
miniflux
mythtv-mythweb
nagios-www
nextcloud
ocsinventory-reports
pandorafms_console
php-expect
phpipam
phpldapadmin
phpludoreve
php-manual-en
php-pear-phpDocumentor
phppgadmin
pmb
roundcubemail
self-service-password
squirrelmail
stikked
task-lamp-php
vnstat-php-frontend
zoneminder
zzzt
$ urpmq --whatrequires-recursive php-fpm | sort -u
php-fpm

CC: (none) => mageia

Hi,
I just hit the same problem.
In httpd log:
[Mon Jul 13 14:30:30.739731 2020] [proxy:error] [pid 6737] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /var/lib/php-fpm/php-fpm.sock (*) failed
[Mon Jul 13 14:30:30.740174 2020] [proxy_fcgi:error] [pid 6737] [client 127.0.0.1:46912] AH01079: failed to make connection to backend: httpd-UDS, referer: http://localhost/...

Thus, I downgraded apache-mod_php to 7.3.18, deleted 10-php-fpm.conf and restarted httpd.service.
This is now running.

CC: (none) => yves.brungard_mageia

update was never moved. It is still in testing.

never moved because never validated by the QA

This is an important bugreport can we validate it ?

Severity: major => critical
CC: (none) => mageia

Installed the latest php series 7.4.8, but when trying to select apache-mod-php I get:"Sorry, the following package cannot be selected:

- apache-mod_php-7.4.8-2.mga7.x86_64 (due to unsatisfied lib64php_common7[== 3:7.4.8]).
Sure lib64php_common7 is installed, but it is 7.4.8-2.mga7 and not 3, there is not a single package like that on the repos (for now ???)

CC: (none) => herman.viaene

3: names the epoch.

Did you select backports or backports testing? are we talking about 7.4 series or like this bug suggests 7.3?!
If this is 7.4, please report to https://bugs.mageia.org/show_bug.cgi?id=26807

No backports involved.
And yes the bug suggests 7.3.20, but when I tried to get those using QArepo, I drew a blank. So enabled the core testing repo in MCC and then I found the 7.3.21 and 7.4.8 series. I first tried the 7.3.21, but got "this cannot be selected". So I guessed "the newer, the better". Mistake ?????

As is, I don't think this update should be pushed forward.


Point 1) Lots of packages require the package apache-mod_php.
Point 2) The package php-fpm conflicts with the package apache-mod_php.
These two point make it impossible to install lots of PHP based packages and still use the package php-fpm.


One possible solution is to remove the conflict between the packages apache-mod_php and php-fpm. Also make the php-fpm disabled by default.
This way, if anyone wants to use php-fpm, they need to configure the system to do so.

Another solution is to change all those packages that require apache-mod_php to require either apache-mod_php or php-fpm.


I have the release, updates and updates testing repositories enabled.

$ LANGUAGE=C urpmi --auto-update
medium "Core Release" is up-to-date
medium "Core Updates" is up-to-date
medium "Core Updates Testing" is up-to-date
medium "Nonfree Release" is up-to-date
medium "Nonfree Updates" is up-to-date
medium "Nonfree Updates Testing" is up-to-date
medium "Tainted Release" is up-to-date
medium "Tainted Updates" is up-to-date
medium "Tainted Updates Testing" is up-to-date
medium "Core 32bit Release" is up-to-date
medium "Core 32bit Updates" is up-to-date
medium "Core 32bit Updates Testing" is up-to-date
medium "Nonfree 32bit Release" is up-to-date
medium "Nonfree 32bit Updates" is up-to-date
medium "Nonfree 32bit Updates Testing" is up-to-date
medium "Tainted 32bit Release" is up-to-date
medium "Tainted 32bit Updates" is up-to-date
medium "Tainted 32bit Updates Testing" is up-to-date
A requested package cannot be installed:
apache-mod_php-7.3.21-1.mga7.x86_64 (due to conflicts with php-fpm-7.3.21-1.mga7.x86_64)
Continue installation anyway? (Y/n) 
The following packages have to be removed for others to be upgraded:
apache-mod_php-7.3.19-2.mga7.x86_64
 (due to conflicts with php-fpm-7.3.21-1.mga7.x86_64)
roundcubemail-1.3.15-1.mga7.noarch
 (due to missing apache-mod_php) (y/N) y
To satisfy dependencies, the following packages are going to be installed:
<SNIP>

7.4 was pushed to backports.
I've tested this myself, it looks like this is a mcc bug, but I'm not sure.

I had 7.4.8 installed, and had to deselect lib64php-common7 and applied this (removing all php 7.4.x packages). Afterwards I was able to select php-cli/apache_mod-php for version 7.3.21 .

After installing 7.4.8 from backports again, mcc does not even show the older 7.3.x releases. So assume it is an temporary error.

pushed a new version 7.3.21-2 without the conflict.

The conflict is introduced in backports (7.4.8) and for mga8.

E.g. Dependency of roundcube-mail will be fixed with the next release.

Updated packages in core/updates_testing:
========================
php-ini-7.3.21-2.mga7
apache-mod_php-7.3.21-2.mga7
php-cli-7.3.21-2.mga7
php-cgi-7.3.21-2.mga7
libphp_common7-7.3.21-2.mga7
php-devel-7.3.21-2.mga7
php-openssl-7.3.21-2.mga7
php-zlib-7.3.21-2.mga7
php-doc-7.3.21-2.mga7
php-bcmath-7.3.21-2.mga7
php-bz2-7.3.21-2.mga7
php-calendar-7.3.21-2.mga7
php-ctype-7.3.21-2.mga7
php-curl-7.3.21-2.mga7
php-dba-7.3.21-2.mga7
php-dom-7.3.21-2.mga7
php-enchant-7.3.21-2.mga7
php-exif-7.3.21-2.mga7
php-fileinfo-7.3.21-2.mga7
php-filter-7.3.21-2.mga7
php-ftp-7.3.21-2.mga7
php-gd-7.3.21-2.mga7
php-gettext-7.3.21-2.mga7
php-gmp-7.3.21-2.mga7
php-iconv-7.3.21-2.mga7
php-imap-7.3.21-2.mga7
php-interbase-7.3.21-2.mga7
php-intl-7.3.21-2.mga7
php-json-7.3.21-2.mga7
php-ldap-7.3.21-2.mga7
php-mbstring-7.3.21-2.mga7
php-mysqli-7.3.21-2.mga7
php-mysqlnd-7.3.21-2.mga7
php-odbc-7.3.21-2.mga7
php-opcache-7.3.21-2.mga7
php-pcntl-7.3.21-2.mga7
php-pdo-7.3.21-2.mga7
php-pdo_dblib-7.3.21-2.mga7
php-pdo_firebird-7.3.21-2.mga7
php-pdo_mysql-7.3.21-2.mga7
php-pdo_odbc-7.3.21-2.mga7
php-pdo_pgsql-7.3.21-2.mga7
php-pdo_sqlite-7.3.21-2.mga7
php-pgsql-7.3.21-2.mga7
php-phar-7.3.21-2.mga7
php-posix-7.3.21-2.mga7
php-readline-7.3.21-2.mga7
php-recode-7.3.21-2.mga7
php-session-7.3.21-2.mga7
php-shmop-7.3.21-2.mga7
php-snmp-7.3.21-2.mga7
php-soap-7.3.21-2.mga7
php-sockets-7.3.21-2.mga7
php-sodium-7.3.21-2.mga7
php-sqlite3-7.3.21-2.mga7
php-sysvmsg-7.3.21-2.mga7
php-sysvsem-7.3.21-2.mga7
php-sysvshm-7.3.21-2.mga7
php-tidy-7.3.21-2.mga7
php-tokenizer-7.3.21-2.mga7
php-xml-7.3.21-2.mga7
php-xmlreader-7.3.21-2.mga7
php-xmlrpc-7.3.21-2.mga7
php-xmlwriter-7.3.21-2.mga7
php-xsl-7.3.21-2.mga7
php-wddx-7.3.21-2.mga7
php-zip-7.3.21-2.mga7
php-fpm-7.3.21-2.mga7
phpdbg-7.3.21-2.mga7

We need an updated advisory for this update as it is 1) fixing packaging bugs 2) updating the PHP version and 3) fixing security issues (including some with CVEs).

Also, I haven't been paying attention to PHP for a while since Marc has been taking care of it, but I don't see anywhere that we've addressed the issues the PHP changelog lists that actually need to be fixed in other packages.

Such as:
GD -> libgd
Fileinfo -> file
MBString -> libmbfl / oniguruma
Zip -> libzip
PCRE -> pcre2

and maybe others I've missed, so we've pushed updates claiming to fix issues in some of these modules that we haven't actually fixed...

Installed and tested without issues.

Thanks, Marc Krämer. Good work.

Using php-fpm instead of mod_php.
Tested with various small and large scripts (e.g. phpmyadmin, roundcubemail, wordpress) using HTTP 1.1, HTTP 2, TLS and CLI.


System: Mageia 7, x86_64, Intel CPU.


$ uname -a
Linux marte 5.7.14-desktop-1.mga7 #1 SMP Fri Aug 7 14:45:09 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep php.*7.3.21 | sort
apache-mod_php-7.3.21-2.mga7
lib64php_common7-7.3.21-2.mga7
php-bz2-7.3.21-2.mga7
php-cli-7.3.21-2.mga7
php-ctype-7.3.21-2.mga7
php-curl-7.3.21-2.mga7
php-dom-7.3.21-2.mga7
php-exif-7.3.21-2.mga7
php-fileinfo-7.3.21-2.mga7
php-filter-7.3.21-2.mga7
php-fpm-7.3.21-2.mga7
php-ftp-7.3.21-2.mga7
php-gd-7.3.21-2.mga7
php-gettext-7.3.21-2.mga7
php-iconv-7.3.21-2.mga7
php-ini-7.3.21-2.mga7
php-intl-7.3.21-2.mga7
php-json-7.3.21-2.mga7
php-ldap-7.3.21-2.mga7
php-mbstring-7.3.21-2.mga7
php-mysqli-7.3.21-2.mga7
php-mysqlnd-7.3.21-2.mga7
php-openssl-7.3.21-2.mga7
php-pdo-7.3.21-2.mga7
php-pdo_mysql-7.3.21-2.mga7
php-pdo_sqlite-7.3.21-2.mga7
php-posix-7.3.21-2.mga7
php-session-7.3.21-2.mga7
php-sockets-7.3.21-2.mga7
php-sysvsem-7.3.21-2.mga7
php-sysvshm-7.3.21-2.mga7
php-tokenizer-7.3.21-2.mga7
php-xml-7.3.21-2.mga7
php-xmlreader-7.3.21-2.mga7
php-xmlwriter-7.3.21-2.mga7
php-zip-7.3.21-2.mga7
php-zlib-7.3.21-2.mga7
$ systemctl status httpd.socket php-fpm.socket httpd.service php-fpm.service 
● httpd.socket - httpd server activation socket
   Loaded: loaded (/usr/local/lib/systemd/system/httpd.socket; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2020-08-17 10:00:19 WEST; 9h ago
   Listen: [::]:80 (Stream)
           [::]:443 (Stream)
    Tasks: 0 (limit: 4697)
   Memory: 92.0K
   CGroup: /system.slice/httpd.socket

ago 17 10:00:19 marte systemd[1]: Listening on httpd server activation socket.

● php-fpm.socket - php-fpm Server Socket
   Loaded: loaded (/usr/local/lib/systemd/system/php-fpm.socket; enabled; vendor preset: disabled)
   Active: inactive (dead) since Mon 2020-08-17 19:06:20 WEST; 3min 2s ago
   Listen: /var/lib/php-fpm/php-fpm.sock (Stream)

ago 17 10:00:19 marte systemd[1]: Listening on php-fpm Server Socket.
ago 17 19:06:20 marte systemd[1]: php-fpm.socket: Succeeded.
ago 17 19:06:20 marte systemd[1]: Closed php-fpm Server Socket.

● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2020-08-17 19:06:08 WEST; 3min 14s ago
 Main PID: 17646 (httpd)
   Status: "Total requests: 180; Idle/Busy workers 96/4;Requests/sec: 0.952; Bytes served/sec:  22KB/sec"
    Tasks: 66 (limit: 4697)
   Memory: 38.3M
   CGroup: /system.slice/httpd.service
           ├─17646 /usr/sbin/httpd -DFOREGROUND
           ├─17647 /usr/sbin/httpd -DFOREGROUND
           └─17648 /usr/sbin/httpd -DFOREGROUND

ago 17 19:06:08 marte systemd[1]: Starting The Apache HTTP Server...
ago 17 19:06:08 marte systemd[1]: Started The Apache HTTP Server.

● php-fpm.service - The PHP FastCGI Process Manager
   Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2020-08-17 19:06:21 WEST; 3min 2s ago
 Main PID: 17743 (php-fpm)
   Status: "Processes active: 0, idle: 1, Requests: 44, slow: 0, Traffic: 0req/sec"
    Tasks: 2 (limit: 4697)
   Memory: 47.1M
   CGroup: /system.slice/php-fpm.service
           ├─17743 php-fpm: master process (/etc/php-fpm.conf)
           └─17744 php-fpm: pool www

ago 17 19:06:20 marte systemd[1]: Starting The PHP FastCGI Process Manager...
ago 17 19:06:21 marte php-fpm[17743]: [NOTICE] fpm is running, pid 17743
ago 17 19:06:21 marte php-fpm[17743]: [NOTICE] ready to handle connections
ago 17 19:06:21 marte php-fpm[17743]: [NOTICE] systemd monitor interval set to 10000ms
ago 17 19:06:21 marte systemd[1]: Started The PHP FastCGI Process Manager.

(In reply to David Walser from comment #18)
> We need an updated advisory for this update as it is 1) fixing packaging
> bugs 2) updating the PHP version and 3) fixing security issues (including
> some with CVEs).
> 
> Also, I haven't been paying attention to PHP for a while since Marc has been
> taking care of it, but I don't see anywhere that we've addressed the issues
> the PHP changelog lists that actually need to be fixed in other packages.
> 
> Such as:
> GD -> libgd
> Fileinfo -> file
> MBString -> libmbfl / oniguruma
> Zip -> libzip
> PCRE -> pcre2
> 
> and maybe others I've missed, so we've pushed updates claiming to fix issues
> in some of these modules that we haven't actually fixed...

Tentatively validating, but the above issues need to be addressed before it's pushed.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

in gd, fileinfo, mbstring, zip nand pcre are no relevant changes so far.

Still I don't like those cross checks.

What do you mean there are no relevant changes?  I see references to all of them in the PHP changelog, so there could be missing security fixes in any of those system libraries.

You can push this update (it still needs an updated advisory), but all of those PHP bugs in modules using system libraries need to be checked (they can be addressed in a separate bug).

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2020-0180.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

7.3.21 fixed CVE-2020-7068:
https://www.php.net/ChangeLog-7.php#7.3.21
https://bugs.php.net/bug.php?id=79797
https://lists.suse.com/pipermail/sle-security-updates/2020-September/007334.html