I haven't been paying attention to PHP for a while since Marc has been taking care of it, but I don't see anywhere that we've addressed the issues the PHP changelog lists that actually need to be fixed in other packages. Such as: GD -> libgd Fileinfo -> file MBString -> libmbfl / oniguruma Zip -> libzip PCRE -> pcre2 and maybe others I've missed, so we've pushed updates claiming to fix issues in some of these modules that we haven't actually fixed...
gd: no relevant change fileinfo: no relevant change libmbfl looks orphaned to me zip: php does not use libzip pcre: changes in nov 2019, our version is from Feb 2020, so these changes should be already patched upstream If I don't misunderstand you, we only fix relevant bugs in those libs. I'm not sure how to handle this, but looking through all patches and commits and checking if they are applied in our libs takes too much time. If all relevant patches come from php and the lib updates are to slow, we should use the code from php and not from the original lib.
Basically we just need to check that security issues fixed in those php modules are fixed in the system libs if that's where the affected code is. The php bugs are sometimes good about saying. The system libs don't always get fixed right away or issue new releases, so we have to check. Yes our php does use libzip, I just double checked that.
still. I don't have enough time, to check all pushed fixes in system libraries and add patches to them.
closing this.
Resolution: (none) => WONTFIXStatus: NEW => RESOLVED
Status: RESOLVED => REOPENEDResolution: WONTFIX => (none)Assignee: mageia => pkg-bugs
Changing version as I don't believe issues in third-party libraries found by PHP are being tracked still.
Version: 7 => Cauldron
Mageia 8 EOL.
Version: Cauldron => 8Status: REOPENED => RESOLVEDResolution: (none) => OLDCC: (none) => nicolas.salguero
Not sure why this was closed.
Status: RESOLVED => REOPENEDVersion: 8 => CauldronResolution: OLD => (none)