Bug 27239 - PHP Security update to version 7.3.23 (CVE-2020-7070)
Summary: PHP Security update to version 7.3.23 (CVE-2020-7070)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on: 27265
Blocks: 27245 27259
  Show dependency treegraph
 
Reported: 2020-09-03 12:39 CEST by Marc Krämer
Modified: 2020-10-16 19:05 CEST (History)
5 users (show)

See Also:
Source RPM: php-7.3.21-2.mga7.src.rpm
CVE: CVE-2020-7070
Status comment:


Attachments
Installation session then restart (14.73 KB, text/plain)
2020-09-08 23:11 CEST, papoteur
Details

Description Marc Krämer 2020-09-03 12:39:28 CEST
Some bugs fixed in the last 2 releases, nothing "really" critical.

Still, want to push an update to resolve the mentioned bugfixes.
Comment 1 Marc Krämer 2020-09-03 12:47:32 CEST
Updated php packages fix some bugs.

Core:
- realpath() erroneously resolves link to link
-Stack use-after-scope in define()
- getimagesize function silently truncates after a null byte

Fileinfo:
- finfo_file crash (FILEINFO_MIME)

LDAP:
-Fixed memory leaks.

Standard:
Memory leak in str_replace of empty string

References:
https://www.php.net/ChangeLog-7.php#PHP_7_3_22
https://www.php.net/ChangeLog-7.php#PHP_7_3_21
========================

Updated packages in core/{updates,backports}_testing:
========================
php-ini-7.3.22-1.mga7
apache-mod_php-7.3.22-1.mga7
php-cli-7.3.22-1.mga7
php-cgi-7.3.22-1.mga7
libphp_common7-7.3.22-1.mga7
php-devel-7.3.22-1.mga7
php-openssl-7.3.22-1.mga7
php-zlib-7.3.22-1.mga7
php-doc-7.3.22-1.mga7
php-bcmath-7.3.22-1.mga7
php-bz2-7.3.22-1.mga7
php-calendar-7.3.22-1.mga7
php-ctype-7.3.22-1.mga7
php-curl-7.3.22-1.mga7
php-dba-7.3.22-1.mga7
php-dom-7.3.22-1.mga7
php-enchant-7.3.22-1.mga7
php-exif-7.3.22-1.mga7
php-fileinfo-7.3.22-1.mga7
php-filter-7.3.22-1.mga7
php-ftp-7.3.22-1.mga7
php-gd-7.3.22-1.mga7
php-gettext-7.3.22-1.mga7
php-gmp-7.3.22-1.mga7
php-iconv-7.3.22-1.mga7
php-imap-7.3.22-1.mga7
php-interbase-7.3.22-1.mga7
php-intl-7.3.22-1.mga7
php-json-7.3.22-1.mga7
php-ldap-7.3.22-1.mga7
php-mbstring-7.3.22-1.mga7
php-mysqli-7.3.22-1.mga7
php-mysqlnd-7.3.22-1.mga7
php-odbc-7.3.22-1.mga7
php-opcache-7.3.22-1.mga7
php-pcntl-7.3.22-1.mga7
php-pdo-7.3.22-1.mga7
php-pdo_dblib-7.3.22-1.mga7
php-pdo_firebird-7.3.22-1.mga7
php-pdo_mysql-7.3.22-1.mga7
php-pdo_odbc-7.3.22-1.mga7
php-pdo_pgsql-7.3.22-1.mga7
php-pdo_sqlite-7.3.22-1.mga7
php-pgsql-7.3.22-1.mga7
php-phar-7.3.22-1.mga7
php-posix-7.3.22-1.mga7
php-readline-7.3.22-1.mga7
php-recode-7.3.22-1.mga7
php-session-7.3.22-1.mga7
php-shmop-7.3.22-1.mga7
php-snmp-7.3.22-1.mga7
php-soap-7.3.22-1.mga7
php-sockets-7.3.22-1.mga7
php-sodium-7.3.22-1.mga7
php-sqlite3-7.3.22-1.mga7
php-sysvmsg-7.3.22-1.mga7
php-sysvsem-7.3.22-1.mga7
php-sysvshm-7.3.22-1.mga7
php-tidy-7.3.22-1.mga7
php-tokenizer-7.3.22-1.mga7
php-xml-7.3.22-1.mga7
php-xmlreader-7.3.22-1.mga7
php-xmlrpc-7.3.22-1.mga7
php-xmlwriter-7.3.22-1.mga7
php-xsl-7.3.22-1.mga7
php-wddx-7.3.22-1.mga7
php-zip-7.3.22-1.mga7
php-fpm-7.3.22-1.mga7
phpdbg-7.3.22-1.mga7
php-debugsource-7.3.22-1.mga7
php-debuginfo-7.3.22-1.mga7
apache-mod_php-debuginfo-7.3.22-1.mga7
php-cli-debuginfo-7.3.22-1.mga7
php-cgi-debuginfo-7.3.22-1.mga7
libphp_common7-debuginfo-7.3.22-1.mga7
php-openssl-debuginfo-7.3.22-1.mga7
php-zlib-debuginfo-7.3.22-1.mga7
php-bcmath-debuginfo-7.3.22-1.mga7
php-bz2-debuginfo-7.3.22-1.mga7
php-calendar-debuginfo-7.3.22-1.mga7
php-ctype-debuginfo-7.3.22-1.mga7
php-curl-debuginfo-7.3.22-1.mga7
php-dba-debuginfo-7.3.22-1.mga7
php-dom-debuginfo-7.3.22-1.mga7
php-enchant-debuginfo-7.3.22-1.mga7
php-exif-debuginfo-7.3.22-1.mga7
php-fileinfo-debuginfo-7.3.22-1.mga7
php-filter-debuginfo-7.3.22-1.mga7
php-ftp-debuginfo-7.3.22-1.mga7
php-gd-debuginfo-7.3.22-1.mga7
php-gettext-debuginfo-7.3.22-1.mga7
php-gmp-debuginfo-7.3.22-1.mga7
php-iconv-debuginfo-7.3.22-1.mga7
php-imap-debuginfo-7.3.22-1.mga7
php-interbase-debuginfo-7.3.22-1.mga7
php-intl-debuginfo-7.3.22-1.mga7
php-json-debuginfo-7.3.22-1.mga7
php-ldap-debuginfo-7.3.22-1.mga7
php-mbstring-debuginfo-7.3.22-1.mga7
php-mysqli-debuginfo-7.3.22-1.mga7
php-mysqlnd-debuginfo-7.3.22-1.mga7
php-odbc-debuginfo-7.3.22-1.mga7
php-opcache-debuginfo-7.3.22-1.mga7
php-pcntl-debuginfo-7.3.22-1.mga7
php-pdo-debuginfo-7.3.22-1.mga7
php-pdo_dblib-debuginfo-7.3.22-1.mga7
php-pdo_firebird-debuginfo-7.3.22-1.mga7
php-pdo_mysql-debuginfo-7.3.22-1.mga7
php-pdo_odbc-debuginfo-7.3.22-1.mga7
php-pdo_pgsql-debuginfo-7.3.22-1.mga7
php-pdo_sqlite-debuginfo-7.3.22-1.mga7
php-pgsql-debuginfo-7.3.22-1.mga7
php-phar-debuginfo-7.3.22-1.mga7
php-posix-debuginfo-7.3.22-1.mga7
php-readline-debuginfo-7.3.22-1.mga7
php-recode-debuginfo-7.3.22-1.mga7
php-session-debuginfo-7.3.22-1.mga7
php-shmop-debuginfo-7.3.22-1.mga7
php-snmp-debuginfo-7.3.22-1.mga7
php-soap-debuginfo-7.3.22-1.mga7
php-sockets-debuginfo-7.3.22-1.mga7
php-sodium-debuginfo-7.3.22-1.mga7
php-sqlite3-debuginfo-7.3.22-1.mga7
php-sysvmsg-debuginfo-7.3.22-1.mga7
php-sysvsem-debuginfo-7.3.22-1.mga7
php-sysvshm-debuginfo-7.3.22-1.mga7
php-tidy-debuginfo-7.3.22-1.mga7
php-tokenizer-debuginfo-7.3.22-1.mga7
php-xml-debuginfo-7.3.22-1.mga7
php-xmlreader-debuginfo-7.3.22-1.mga7
php-xmlrpc-debuginfo-7.3.22-1.mga7
php-xmlwriter-debuginfo-7.3.22-1.mga7
php-xsl-debuginfo-7.3.22-1.mga7
php-wddx-debuginfo-7.3.22-1.mga7
php-zip-debuginfo-7.3.22-1.mga7
php-fpm-debuginfo-7.3.22-1.mga7
phpdbg-debuginfo-7.3.22-1.mga7

--
php-ini-7.4.10-2.mga7
apache-mod_php-7.4.10-2.mga7
php-cli-7.4.10-2.mga7
php-cgi-7.4.10-2.mga7
libphp_common7-7.4.10-2.mga7
php-devel-7.4.10-2.mga7
php-openssl-7.4.10-2.mga7
php-zlib-7.4.10-2.mga7
php-doc-7.4.10-2.mga7
php-bcmath-7.4.10-2.mga7
php-bz2-7.4.10-2.mga7
php-calendar-7.4.10-2.mga7
php-ctype-7.4.10-2.mga7
php-curl-7.4.10-2.mga7
php-dba-7.4.10-2.mga7
php-dom-7.4.10-2.mga7
php-enchant-7.4.10-2.mga7
php-exif-7.4.10-2.mga7
php-fileinfo-7.4.10-2.mga7
php-filter-7.4.10-2.mga7
php-ftp-7.4.10-2.mga7
php-gd-7.4.10-2.mga7
php-gettext-7.4.10-2.mga7
php-gmp-7.4.10-2.mga7
php-iconv-7.4.10-2.mga7
php-imap-7.4.10-2.mga7
php-intl-7.4.10-2.mga7
php-json-7.4.10-2.mga7
php-ldap-7.4.10-2.mga7
php-mbstring-7.4.10-2.mga7
php-mysqli-7.4.10-2.mga7
php-mysqlnd-7.4.10-2.mga7
php-odbc-7.4.10-2.mga7
php-opcache-7.4.10-2.mga7
php-pcntl-7.4.10-2.mga7
php-pdo-7.4.10-2.mga7
php-pdo_dblib-7.4.10-2.mga7
php-pdo_firebird-7.4.10-2.mga7
php-pdo_mysql-7.4.10-2.mga7
php-pdo_odbc-7.4.10-2.mga7
php-pdo_pgsql-7.4.10-2.mga7
php-pdo_sqlite-7.4.10-2.mga7
php-pgsql-7.4.10-2.mga7
php-phar-7.4.10-2.mga7
php-posix-7.4.10-2.mga7
php-readline-7.4.10-2.mga7
php-session-7.4.10-2.mga7
php-shmop-7.4.10-2.mga7
php-snmp-7.4.10-2.mga7
php-soap-7.4.10-2.mga7
php-sockets-7.4.10-2.mga7
php-sodium-7.4.10-2.mga7
php-sqlite3-7.4.10-2.mga7
php-sysvmsg-7.4.10-2.mga7
php-sysvsem-7.4.10-2.mga7
php-sysvshm-7.4.10-2.mga7
php-tidy-7.4.10-2.mga7
php-tokenizer-7.4.10-2.mga7
php-xmlreader-7.4.10-2.mga7
php-xmlrpc-7.4.10-2.mga7
php-xmlwriter-7.4.10-2.mga7
php-xsl-7.4.10-2.mga7
php-zip-7.4.10-2.mga7
php-fpm-7.4.10-2.mga7
phpdbg-7.4.10-2.mga7
php-debugsource-7.4.10-2.mga7
php-debuginfo-7.4.10-2.mga7
apache-mod_php-debuginfo-7.4.10-2.mga7
php-cli-debuginfo-7.4.10-2.mga7
php-cgi-debuginfo-7.4.10-2.mga7
libphp_common7-debuginfo-7.4.10-2.mga7
php-openssl-debuginfo-7.4.10-2.mga7
php-zlib-debuginfo-7.4.10-2.mga7
php-bcmath-debuginfo-7.4.10-2.mga7
php-bz2-debuginfo-7.4.10-2.mga7
php-calendar-debuginfo-7.4.10-2.mga7
php-ctype-debuginfo-7.4.10-2.mga7
php-curl-debuginfo-7.4.10-2.mga7
php-dba-debuginfo-7.4.10-2.mga7
php-dom-debuginfo-7.4.10-2.mga7
php-enchant-debuginfo-7.4.10-2.mga7
php-exif-debuginfo-7.4.10-2.mga7
php-fileinfo-debuginfo-7.4.10-2.mga7
php-filter-debuginfo-7.4.10-2.mga7
php-ftp-debuginfo-7.4.10-2.mga7
php-gd-debuginfo-7.4.10-2.mga7
php-gettext-debuginfo-7.4.10-2.mga7
php-gmp-debuginfo-7.4.10-2.mga7
php-iconv-debuginfo-7.4.10-2.mga7
php-imap-debuginfo-7.4.10-2.mga7
php-intl-debuginfo-7.4.10-2.mga7
php-json-debuginfo-7.4.10-2.mga7
php-ldap-debuginfo-7.4.10-2.mga7
php-mbstring-debuginfo-7.4.10-2.mga7
php-mysqli-debuginfo-7.4.10-2.mga7
php-mysqlnd-debuginfo-7.4.10-2.mga7
php-odbc-debuginfo-7.4.10-2.mga7
php-opcache-debuginfo-7.4.10-2.mga7
php-pcntl-debuginfo-7.4.10-2.mga7
php-pdo-debuginfo-7.4.10-2.mga7
php-pdo_dblib-debuginfo-7.4.10-2.mga7
php-pdo_firebird-debuginfo-7.4.10-2.mga7
php-pdo_mysql-debuginfo-7.4.10-2.mga7
php-pdo_odbc-debuginfo-7.4.10-2.mga7
php-pdo_pgsql-debuginfo-7.4.10-2.mga7
php-pdo_sqlite-debuginfo-7.4.10-2.mga7
php-pgsql-debuginfo-7.4.10-2.mga7
php-phar-debuginfo-7.4.10-2.mga7
php-posix-debuginfo-7.4.10-2.mga7
php-readline-debuginfo-7.4.10-2.mga7
php-session-debuginfo-7.4.10-2.mga7
php-shmop-debuginfo-7.4.10-2.mga7
php-snmp-debuginfo-7.4.10-2.mga7
php-soap-debuginfo-7.4.10-2.mga7
php-sockets-debuginfo-7.4.10-2.mga7
php-sodium-debuginfo-7.4.10-2.mga7
php-sqlite3-debuginfo-7.4.10-2.mga7
php-sysvmsg-debuginfo-7.4.10-2.mga7
php-sysvsem-debuginfo-7.4.10-2.mga7
php-sysvshm-debuginfo-7.4.10-2.mga7
php-tidy-debuginfo-7.4.10-2.mga7
php-tokenizer-debuginfo-7.4.10-2.mga7
php-xmlreader-debuginfo-7.4.10-2.mga7
php-xmlrpc-debuginfo-7.4.10-2.mga7
php-xmlwriter-debuginfo-7.4.10-2.mga7
php-xsl-debuginfo-7.4.10-2.mga7
php-zip-debuginfo-7.4.10-2.mga7
php-fpm-debuginfo-7.4.10-2.mga7
phpdbg-debuginfo-7.4.10-2.mga7

SRPM:
php-7.3.22-1.mga7.src.rpm
php-7.4.10-2.mga7.src.rpm

Assignee: mageia => qa-bugs
Whiteboard: (none) => CAULDRON_TOO

Comment 2 David Walser 2020-09-03 16:03:07 CEST
Please clone this bug, as we can't do a regular update and backport in the same bug.  Hopefully this fixes the issue people were having with mod_php or php-fpm that were mentioned on IRC.  We should test this on the Mageia infrastructure.

Whiteboard: CAULDRON_TOO => (none)

Comment 3 Marc Krämer 2020-09-03 16:51:26 CEST
"issue people were having with mod_php or php-fpm"
not exactly, this has only todo with the configs we ship for apache.

The only question is, if we want to have configs for apache with php-fpm or not.
As stated by the original bug report, it is no good idea to have mod_php and php-fpm installed in parallel, but if you like to have it, we can't ship a config that works for both in parallel.

I can just split this one up to a package providing the config for apache which conflicts apache_mod-php
Comment 4 David Walser 2020-09-03 16:55:47 CEST
OK.  I really don't know anything about php-fpm, so I asked neoclust and papoteur (the ones who had talked about this on IRC) to comment here.  Thanks.

Summary: PHP regular bugfix update 7.3.22 / 7.4.10 => PHP regular bugfix update 7.3.22

Comment 5 papoteur 2020-09-03 17:07:54 CEST
Hello,
This is not clear to me why there is a conflict.
The phpmyadmin in our installation uses php_mod, for what I know. Thus, if we use it, this would say that we can't use php_fpm.
When I deleted /etc/httpd/conf/modules.d/10-php-fpm.conf, I could have applications working either with php_fpm and php_mod
For reminder: https://bugs.mageia.org/show_bug.cgi?id=26922

Summary: PHP regular bugfix update 7.3.22 => PHP regular bugfix update 7.3.22 / 7.4.10
CC: (none) => yves.brungard_mageia

Comment 6 Marc Krämer 2020-09-03 17:14:43 CEST
phpmyadmin requires php-webinterface, which is provided either php-fpm or apache_mod-php; so you can uninstall apache_mod-php now.

And yes 10-php-fpm.conf provides a configuration pointing to work with php-fpm out of the box. As it is a config, it can be changed to whatever you need.

I've moved the config to a new package in cauldron, so maybe this will solve it for you. Waiting for the build to finish.
David Walser 2020-09-03 23:46:08 CEST

Summary: PHP regular bugfix update 7.3.22 / 7.4.10 => PHP regular bugfix update 7.3.22

Comment 7 PC LX 2020-09-04 12:08:55 CEST
Installed and tested without issues.

For now I'm testing version 7.3.22. In a few months, when full support ends for version 7.3.X, I will switch to version 7.4.X.

Using php-fpm instead of mod_php.

Tested with various small and large scripts (e.g. custom, wordpress, drupal, phpmyadmin, roundcubemail). Tested HTTP 1.1, HTTP 2, TLS and CLI.


System: Mageia 7, x86_64, Intel CPU.


$ uname -a
Linux marte 5.7.19-desktop-1.mga7 #1 SMP Thu Aug 27 20:27:55 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep php.*7.3.22 | sort
apache-mod_php-7.3.22-1.mga7
lib64php_common7-7.3.22-1.mga7
php-bz2-7.3.22-1.mga7
php-cli-7.3.22-1.mga7
php-ctype-7.3.22-1.mga7
php-curl-7.3.22-1.mga7
php-dom-7.3.22-1.mga7
php-exif-7.3.22-1.mga7
php-fileinfo-7.3.22-1.mga7
php-filter-7.3.22-1.mga7
php-fpm-7.3.22-1.mga7
php-ftp-7.3.22-1.mga7
php-gd-7.3.22-1.mga7
php-gettext-7.3.22-1.mga7
php-iconv-7.3.22-1.mga7
php-ini-7.3.22-1.mga7
php-intl-7.3.22-1.mga7
php-json-7.3.22-1.mga7
php-ldap-7.3.22-1.mga7
php-mbstring-7.3.22-1.mga7
php-mysqli-7.3.22-1.mga7
php-mysqlnd-7.3.22-1.mga7
php-openssl-7.3.22-1.mga7
php-pdo-7.3.22-1.mga7
php-pdo_mysql-7.3.22-1.mga7
php-pdo_sqlite-7.3.22-1.mga7
php-posix-7.3.22-1.mga7
php-session-7.3.22-1.mga7
php-sockets-7.3.22-1.mga7
php-sysvsem-7.3.22-1.mga7
php-sysvshm-7.3.22-1.mga7
php-tokenizer-7.3.22-1.mga7
php-xml-7.3.22-1.mga7
php-xmlreader-7.3.22-1.mga7
php-xmlwriter-7.3.22-1.mga7
php-zip-7.3.22-1.mga7
php-zlib-7.3.22-1.mga7
$ systemctl status httpd.socket php-fpm.socket httpd.service php-fpm.service 
● httpd.socket - httpd server activation socket
   Loaded: loaded (/usr/local/lib/systemd/system/httpd.socket; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2020-09-04 10:13:01 WEST; 49min ago
   Listen: [::]:80 (Stream)
           [::]:443 (Stream)
    Tasks: 0 (limit: 4697)
   Memory: 92.0K
   CGroup: /system.slice/httpd.socket

set 04 10:13:01 marte systemd[1]: Listening on httpd server activation socket.

● php-fpm.socket - php-fpm Server Socket
   Loaded: loaded (/usr/local/lib/systemd/system/php-fpm.socket; enabled; vendor preset: disabled)
   Active: inactive (dead) since Fri 2020-09-04 11:02:09 WEST; 21s ago
   Listen: /var/lib/php-fpm/php-fpm.sock (Stream)

set 04 10:13:01 marte systemd[1]: Listening on php-fpm Server Socket.
set 04 11:02:09 marte systemd[1]: php-fpm.socket: Succeeded.
set 04 11:02:09 marte systemd[1]: Closed php-fpm Server Socket.

● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2020-09-04 10:52:40 WEST; 9min ago
 Main PID: 2819 (httpd)
   Status: "Total requests: 52; Idle/Busy workers 100/0;Requests/sec: 0.0883; Bytes served/sec: 2.8KB/sec"
    Tasks: 66 (limit: 4697)
   Memory: 36.9M
   CGroup: /system.slice/httpd.service
           ├─2819 /usr/sbin/httpd -DFOREGROUND
           ├─2820 /usr/sbin/httpd -DFOREGROUND
           └─2821 /usr/sbin/httpd -DFOREGROUND

set 04 10:52:40 marte systemd[1]: Starting The Apache HTTP Server...
set 04 10:52:40 marte systemd[1]: Started The Apache HTTP Server.

● php-fpm.service - The PHP FastCGI Process Manager
   Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2020-09-04 11:02:10 WEST; 21s ago
 Main PID: 3415 (php-fpm)
   Status: "Processes active: 0, idle: 1, Requests: 4, slow: 0, Traffic: 0req/sec"
    Tasks: 2 (limit: 4697)
   Memory: 39.4M
   CGroup: /system.slice/php-fpm.service
           ├─3415 php-fpm: master process (/etc/php-fpm.conf)
           └─3449 php-fpm: pool www

set 04 11:02:09 marte systemd[1]: Starting The PHP FastCGI Process Manager...
set 04 11:02:10 marte php-fpm[3415]: [NOTICE] fpm is running, pid 3415
set 04 11:02:10 marte php-fpm[3415]: [NOTICE] ready to handle connections
set 04 11:02:10 marte php-fpm[3415]: [NOTICE] systemd monitor interval set to 10000ms
set 04 11:02:10 marte systemd[1]: Started The PHP FastCGI Process Manager.

CC: (none) => mageia

Comment 8 Marc Krämer 2020-09-05 12:13:53 CEST
updated package to provide php-fpm-apache which will provide the config which conflicts apache_mod-php
Marc Krämer 2020-09-05 12:18:18 CEST

Blocks: (none) => 27245

Comment 9 David Walser 2020-09-07 19:34:24 CEST
We cleared updates_testing.  I can't even re-push this to updates_testing because:
error: line 2054: %files fpm-apache
: package php-fpm-apache does not exist

Keywords: (none) => feedback

Comment 10 Marc Krämer 2020-09-07 21:19:09 CEST
strange. fixed.
Comment 11 David Walser 2020-09-07 21:43:48 CEST
Thanks.  Updated package list:

php-ini-7.3.22-2.mga7
apache-mod_php-7.3.22-2.mga7
php-cli-7.3.22-2.mga7
php-cgi-7.3.22-2.mga7
libphp_common7-7.3.22-2.mga7
php-devel-7.3.22-2.mga7
php-openssl-7.3.22-2.mga7
php-zlib-7.3.22-2.mga7
php-doc-7.3.22-2.mga7
php-bcmath-7.3.22-2.mga7
php-bz2-7.3.22-2.mga7
php-calendar-7.3.22-2.mga7
php-ctype-7.3.22-2.mga7
php-curl-7.3.22-2.mga7
php-dba-7.3.22-2.mga7
php-dom-7.3.22-2.mga7
php-enchant-7.3.22-2.mga7
php-exif-7.3.22-2.mga7
php-fileinfo-7.3.22-2.mga7
php-filter-7.3.22-2.mga7
php-ftp-7.3.22-2.mga7
php-gd-7.3.22-2.mga7
php-gettext-7.3.22-2.mga7
php-gmp-7.3.22-2.mga7
php-iconv-7.3.22-2.mga7
php-imap-7.3.22-2.mga7
php-interbase-7.3.22-2.mga7
php-intl-7.3.22-2.mga7
php-json-7.3.22-2.mga7
php-ldap-7.3.22-2.mga7
php-mbstring-7.3.22-2.mga7
php-mysqli-7.3.22-2.mga7
php-mysqlnd-7.3.22-2.mga7
php-odbc-7.3.22-2.mga7
php-opcache-7.3.22-2.mga7
php-pcntl-7.3.22-2.mga7
php-pdo-7.3.22-2.mga7
php-pdo_dblib-7.3.22-2.mga7
php-pdo_firebird-7.3.22-2.mga7
php-pdo_mysql-7.3.22-2.mga7
php-pdo_odbc-7.3.22-2.mga7
php-pdo_pgsql-7.3.22-2.mga7
php-pdo_sqlite-7.3.22-2.mga7
php-pgsql-7.3.22-2.mga7
php-phar-7.3.22-2.mga7
php-posix-7.3.22-2.mga7
php-readline-7.3.22-2.mga7
php-recode-7.3.22-2.mga7
php-session-7.3.22-2.mga7
php-shmop-7.3.22-2.mga7
php-snmp-7.3.22-2.mga7
php-soap-7.3.22-2.mga7
php-sockets-7.3.22-2.mga7
php-sodium-7.3.22-2.mga7
php-sqlite3-7.3.22-2.mga7
php-sysvmsg-7.3.22-2.mga7
php-sysvsem-7.3.22-2.mga7
php-sysvshm-7.3.22-2.mga7
php-tidy-7.3.22-2.mga7
php-tokenizer-7.3.22-2.mga7
php-xml-7.3.22-2.mga7
php-xmlreader-7.3.22-2.mga7
php-xmlrpc-7.3.22-2.mga7
php-xmlwriter-7.3.22-2.mga7
php-xsl-7.3.22-2.mga7
php-wddx-7.3.22-2.mga7
php-zip-7.3.22-2.mga7
php-fpm-7.3.22-2.mga7
php-fpm-apache-7.3.22-2.mga7
phpdbg-7.3.22-2.mga7

from php-7.3.22-2.mga7.src.rpm

Keywords: feedback => (none)

Comment 12 PC LX 2020-09-08 00:30:19 CEST
When I try to install the package php-fpm-apache I get the following:

$ LANGUAGE=C urpmi php-fpm-apache
The following packages have to be removed for others to be upgraded:
apache-mod_php-7.3.22-2.mga7.x86_64
 (due to conflicts with php-fpm-apache)
roundcubemail-1.3.15-1.mga7.noarch
 (due to missing apache-mod_php) (y/N) 


It seems that roundcube mail and several other packages still require the package apache-mod_php.


$ urpmq --whatrequires apache-mod_php | sort -u
ampache
apache-mod_php
astpp
clusterscripts-server
egroupware
fusiondirectory
fusionpbx
galette
ganglia-web
glpi
kanboard
miniflux
mythtv-mythweb
nagios-www
nextcloud
ocsinventory-reports
pandorafms_console
php-expect
phpipam
phpldapadmin
phpludoreve
php-manual-en
php-pear-phpDocumentor
phppgadmin
pmb
roundcubemail
self-service-password
squirrelmail
stikked
task-lamp-php
vnstat-php-frontend
zoneminder
zzzt
Comment 13 Marc Krämer 2020-09-08 01:26:53 CEST
true. This is fixed in mga8. For mga7 there is no regular way to fix and ship this.
Comment 14 David Walser 2020-09-08 10:38:15 CEST
Maybe just remove the explicit package conflicts for now.
Comment 15 Marc Krämer 2020-09-08 11:39:54 CEST
if this is removed, we end up where we started. If this config for apache is installed, mod_apache MUST be uninstalled, or the config has to be adjusted to meet the behaviour.
It is intended that this config conflicts!
Comment 16 David Walser 2020-09-08 15:20:00 CEST
Is that really true though?  Or can mod_php just not be *used* if the fpm config is installed?

Blocks: (none) => 27259

Comment 17 Marc Krämer 2020-09-08 16:20:12 CEST
before bugfix the fpm-config was non-functional, which is exactly the same, as not installing it.
After bugfix, the config is working and therefore redirecting ALL php-scripts to php-fpm. That is the reason why installing this config conflicts apache-mod_php.

At any point it is still no good idea to install apache-mod_php in parallel to php-fpm. The only reason we accept this, is (in mga7) that other packages require apache-mod_php. This is fixed in mga8. If we want to get this clean, we will have to push the listed packages of PC LX NOT to require apache-mod_php. If we change this by the usual bugs of mageia, I must open ~30 bugs.... And the only change in those packages would be to change "Require: apache-mod_php" to "Require: php-webinterface"
Comment 18 David Walser 2020-09-08 18:44:21 CEST
Yeah but if you can install them in parallel without breaking anything (other than mod_php), then we should allow that for now, as that would solve the issue.
Comment 19 papoteur 2020-09-08 23:10:26 CEST
Hello,
Installing the update of php-fpm
See the journal with the transaction.
php_mod has been uninstalled.
During the installation, and after, apache server can't restart.

sept. 08 21:15:20 httpd[29494]: AH00526: Syntax error on line 26 of /etc/httpd/conf/sites.d/phpmyadmin.conf:
sept. 08 21:15:20 httpd[29494]: Invalid command 'php_flag', perhaps misspelled or defined by a module not included in the server configuration
Comment 20 papoteur 2020-09-08 23:11:34 CEST
Created attachment 11873 [details]
Installation session then restart
Comment 21 Marc Krämer 2020-09-09 10:20:51 CEST
removed flag from phpmyadmin, update in updates_testing
Marc Krämer 2020-09-09 11:07:10 CEST

Depends on: (none) => 27265

Comment 22 papoteur 2020-09-09 11:23:55 CEST
Today, I withdraw /etc/conf/sites.d/phpmyadmin.conf
Then, apache started.
Applications configured with php-fpm now work.
I will try phpmyadmin when it will land in my mirror.
Comment 23 papoteur 2020-09-09 17:50:46 CEST
Installed phpmyadmin-4.9.5-2.mga7
/etc/conf/sites.d/phpmyadmin.conf is restored after the installation.
httpd can restart.
(phpmyadmin doesn't work, but this is expected when using php-fpm)
Comment 24 David Walser 2020-09-10 22:48:27 CEST
Adding feedback tag until we have a real solution to the fpm/mod_php conflict.  I don't know what the state was a few versions ago, other than that users didn't have to remove the fpm config or deal with conflicts to have things working.  papoteur and neoclust would know more.

Keywords: (none) => feedback

Comment 25 papoteur 2020-09-21 15:18:14 CEST
Hello,
I can't add more feedback.
I was using both php mod and fpm until now without issue on my side. I use one application configured with php-fpm because I had issue with lagging responses and tried something to solve that. The problem was outside, with name resolution, but then I still use this application, another one and phpmyadmin not configured for php-fpm.
Comment 26 Aurelien Oudelet 2020-09-21 17:48:01 CEST
So what can we do for this?

CC: (none) => ouaurelien

Comment 27 David Walser 2020-09-23 01:00:26 CEST
(In reply to papoteur from comment #25)
> I was using both php mod and fpm until now without issue on my side.

What I'm asking is how was it that worked before and doesn't now?  What change was made that broke it?
Comment 28 Marc Krämer 2020-09-28 16:31:46 CEST
As stated:
a) this update depends on phpmyadmin update!!!
This is, because phpmyadmin requests apache-mod_php which is a packaging error, as we have in other php-packages

b) because packages request apache-mod_php, you have to install this module, even if you don't want/use it (same old packaging error)

c) php-fpm before 7.3.19 (?) shipped with a config for apache which does not work. After this config is set to work, all php-scripts are handled by php-fpm and not by apache-mod_php (which is intentional); since many people have installed both (even they use it or not), I added the package "php-fpm-apache" (suggest) which adds the config for apache in case you want to use php-fpm to serve php scripts in apache.
Comment 29 David Walser 2020-09-29 14:54:30 CEST
OK, since we still have packages explicitly depending on apache-mod_php, it sounds like the conflicts with that and php-fpm-apache should be removed in mga7.

Summary: PHP regular bugfix update 7.3.22 => PHP regular bugfix update 7.3.23

Comment 30 Marc Krämer 2020-09-29 15:31:28 CEST
there are no conflicts.
You are able to install both packages, if you want to. Only php-fpm-apache can't be installed in parallel with apache-mod_php which is INTENTINAL (and new). This package provides the config to run only php-fpm with apache.
Comment 31 David Walser 2020-09-29 15:41:33 CEST
But since some packages explicitly require apache-mod_php, you can't run them with fpm with that Conflicts.  I believe that's what's causing problems.
Comment 32 Marc Krämer 2020-09-29 15:51:43 CEST
no that's not true. 
As you can see, in comment 12, when the config is installed, there is a conflict raised and this must be raised. Without manual editing the config both modules CAN't coexist.

The config says everting that is called a php script has to handeled by php-fpm which obviously conflicts a built in apache module requesting the same action.

Everyone can manually edit the vhost files and do explicit forwards to php-fpm. But if you install php-fpm alone with apache and without this config, no php-script will run. So this config is just a starting point to run out of the box.
Comment 33 Marc Krämer 2020-09-29 15:59:33 CEST
I just tested it again. Setup a new mga7,
installed task-lamp; installed php-fpm
enabled updates_testing
updated all installed packages

started apache; created file
/var/www/html/index.php with "<?php phpinfo();"
using links
links http://localhost/index.php

showing the requested php-info-page - which indicates apache-mod_php is running as expected.
Comment 34 David Walser 2020-09-29 17:51:43 CEST
Makes sense to me.  We need an updated advisory.  Don't forget about Bug 27131.

Thanks!

Keywords: feedback => (none)

Comment 35 papoteur 2020-09-30 10:12:41 CEST
Hello,
I said that after the update, I could not launch phpmyadmin.
After further investigation I found why.
In /etc/httpd/conf/modules.d/10_php-fpm.conf, I had:
	<FilesMatch \.php$>
		# SetHandler "proxy:fcgi://127.0.0.1:9000"
		SetHandler "proxy:unix:/var/lib/php-fpm/php-fpm.sock|fcgi://localhost/"
	</FilesMatch>

Thus, requests was sent by default to socket. However, in the same time, php-fpm is configured to listen on 127.0.0.1:9000, not on the socket.
After setting SetHandler "proxy:fcgi://127.0.0.1:9000", I can access to phpmyadmin again.
I have not checked what is the default configuration at installation.
Comment 36 Marc Krämer 2020-09-30 13:13:25 CEST
@papoteur: thanks, I'll check that if we have a mismatch in fpm-configs; maybe I've copied sth. from production which does not meet our installation environment
Comment 37 Marc Krämer 2020-10-03 12:07:40 CEST
@papoteur. Default config is  to listen to the socket /var/lib/php-fpm/php-fpm.sock, so I assume there is no error.
Comment 38 Marc Krämer 2020-10-03 12:19:17 CEST
Updated php packages fix some bugs.

Core:
- realpath() erroneously resolves link to link
-Stack use-after-scope in define()
- getimagesize function silently truncates after a null byte
- Memleak when coercing integers to string via variadic argument
- PHP parses encoded cookie names so malicious `__Host-` cookies can be sent [4]

Fileinfo:
- finfo_file crash (FILEINFO_MIME)

LDAP:
-Fixed memory leaks.

OPCache:
- opcache.file_cache causes SIGSEGV when custom opcode handlers changed

Standard:
- Memory leak in str_replace of empty string

References:
[1] https://www.php.net/ChangeLog-7.php#PHP_7_3_23
[2] https://www.php.net/ChangeLog-7.php#PHP_7_3_22
[3] https://www.php.net/ChangeLog-7.php#PHP_7_3_21
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7070

========================

Updated packages in core/updates_testing:
========================
php-ini-7.3.23-1.mga7
apache-mod_php-7.3.23-1.mga7
php-cli-7.3.23-1.mga7
php-cgi-7.3.23-1.mga7
libphp_common7-7.3.23-1.mga7
php-devel-7.3.23-1.mga7
php-openssl-7.3.23-1.mga7
php-zlib-7.3.23-1.mga7
php-doc-7.3.23-1.mga7
php-bcmath-7.3.23-1.mga7
php-bz2-7.3.23-1.mga7
php-calendar-7.3.23-1.mga7
php-ctype-7.3.23-1.mga7
php-curl-7.3.23-1.mga7
php-dba-7.3.23-1.mga7
php-dom-7.3.23-1.mga7
php-enchant-7.3.23-1.mga7
php-exif-7.3.23-1.mga7
php-fileinfo-7.3.23-1.mga7
php-filter-7.3.23-1.mga7
php-ftp-7.3.23-1.mga7
php-gd-7.3.23-1.mga7
php-gettext-7.3.23-1.mga7
php-gmp-7.3.23-1.mga7
php-iconv-7.3.23-1.mga7
php-imap-7.3.23-1.mga7
php-interbase-7.3.23-1.mga7
php-intl-7.3.23-1.mga7
php-json-7.3.23-1.mga7
php-ldap-7.3.23-1.mga7
php-mbstring-7.3.23-1.mga7
php-mysqli-7.3.23-1.mga7
php-mysqlnd-7.3.23-1.mga7
php-odbc-7.3.23-1.mga7
php-opcache-7.3.23-1.mga7
php-pcntl-7.3.23-1.mga7
php-pdo-7.3.23-1.mga7
php-pdo_dblib-7.3.23-1.mga7
php-pdo_firebird-7.3.23-1.mga7
php-pdo_mysql-7.3.23-1.mga7
php-pdo_odbc-7.3.23-1.mga7
php-pdo_pgsql-7.3.23-1.mga7
php-pdo_sqlite-7.3.23-1.mga7
php-pgsql-7.3.23-1.mga7
php-phar-7.3.23-1.mga7
php-posix-7.3.23-1.mga7
php-readline-7.3.23-1.mga7
php-recode-7.3.23-1.mga7
php-session-7.3.23-1.mga7
php-shmop-7.3.23-1.mga7
php-snmp-7.3.23-1.mga7
php-soap-7.3.23-1.mga7
php-sockets-7.3.23-1.mga7
php-sodium-7.3.23-1.mga7
php-sqlite3-7.3.23-1.mga7
php-sysvmsg-7.3.23-1.mga7
php-sysvsem-7.3.23-1.mga7
php-sysvshm-7.3.23-1.mga7
php-tidy-7.3.23-1.mga7
php-tokenizer-7.3.23-1.mga7
php-xml-7.3.23-1.mga7
php-xmlreader-7.3.23-1.mga7
php-xmlrpc-7.3.23-1.mga7
php-xmlwriter-7.3.23-1.mga7
php-xsl-7.3.23-1.mga7
php-wddx-7.3.23-1.mga7
php-zip-7.3.23-1.mga7
php-fpm-7.3.23-1.mga7
phpdbg-7.3.23-1.mga7
php-debugsource-7.3.23-1.mga7
php-debuginfo-7.3.23-1.mga7
apache-mod_php-debuginfo-7.3.23-1.mga7
php-cli-debuginfo-7.3.23-1.mga7
php-cgi-debuginfo-7.3.23-1.mga7
libphp_common7-debuginfo-7.3.23-1.mga7
php-openssl-debuginfo-7.3.23-1.mga7
php-zlib-debuginfo-7.3.23-1.mga7
php-bcmath-debuginfo-7.3.23-1.mga7
php-bz2-debuginfo-7.3.23-1.mga7
php-calendar-debuginfo-7.3.23-1.mga7
php-ctype-debuginfo-7.3.23-1.mga7
php-curl-debuginfo-7.3.23-1.mga7
php-dba-debuginfo-7.3.23-1.mga7
php-dom-debuginfo-7.3.23-1.mga7
php-enchant-debuginfo-7.3.23-1.mga7
php-exif-debuginfo-7.3.23-1.mga7
php-fileinfo-debuginfo-7.3.23-1.mga7
php-filter-debuginfo-7.3.23-1.mga7
php-ftp-debuginfo-7.3.23-1.mga7
php-gd-debuginfo-7.3.23-1.mga7
php-gettext-debuginfo-7.3.23-1.mga7
php-gmp-debuginfo-7.3.23-1.mga7
php-iconv-debuginfo-7.3.23-1.mga7
php-imap-debuginfo-7.3.23-1.mga7
php-interbase-debuginfo-7.3.23-1.mga7
php-intl-debuginfo-7.3.23-1.mga7
php-json-debuginfo-7.3.23-1.mga7
php-ldap-debuginfo-7.3.23-1.mga7
php-mbstring-debuginfo-7.3.23-1.mga7
php-mysqli-debuginfo-7.3.23-1.mga7
php-mysqlnd-debuginfo-7.3.23-1.mga7
php-odbc-debuginfo-7.3.23-1.mga7
php-opcache-debuginfo-7.3.23-1.mga7
php-pcntl-debuginfo-7.3.23-1.mga7
php-pdo-debuginfo-7.3.23-1.mga7
php-pdo_dblib-debuginfo-7.3.23-1.mga7
php-pdo_firebird-debuginfo-7.3.23-1.mga7
php-pdo_mysql-debuginfo-7.3.23-1.mga7
php-pdo_odbc-debuginfo-7.3.23-1.mga7
php-pdo_pgsql-debuginfo-7.3.23-1.mga7
php-pdo_sqlite-debuginfo-7.3.23-1.mga7
php-pgsql-debuginfo-7.3.23-1.mga7
php-phar-debuginfo-7.3.23-1.mga7
php-posix-debuginfo-7.3.23-1.mga7
php-readline-debuginfo-7.3.23-1.mga7
php-recode-debuginfo-7.3.23-1.mga7
php-session-debuginfo-7.3.23-1.mga7
php-shmop-debuginfo-7.3.23-1.mga7
php-snmp-debuginfo-7.3.23-1.mga7
php-soap-debuginfo-7.3.23-1.mga7
php-sockets-debuginfo-7.3.23-1.mga7
php-sodium-debuginfo-7.3.23-1.mga7
php-sqlite3-debuginfo-7.3.23-1.mga7
php-sysvmsg-debuginfo-7.3.23-1.mga7
php-sysvsem-debuginfo-7.3.23-1.mga7
php-sysvshm-debuginfo-7.3.23-1.mga7
php-tidy-debuginfo-7.3.23-1.mga7
php-tokenizer-debuginfo-7.3.23-1.mga7
php-xml-debuginfo-7.3.23-1.mga7
php-xmlreader-debuginfo-7.3.23-1.mga7
php-xmlrpc-debuginfo-7.3.23-1.mga7
php-xmlwriter-debuginfo-7.3.23-1.mga7
php-xsl-debuginfo-7.3.23-1.mga7
php-wddx-debuginfo-7.3.23-1.mga7
php-zip-debuginfo-7.3.23-1.mga7
php-fpm-debuginfo-7.3.23-1.mga7
phpdbg-debuginfo-7.3.23-1.mga7


SRPM:
php-7.3.23-1.mga7.src.rpm
Comment 39 Herman Viaene 2020-10-16 15:32:14 CEST
MGA7-64 Plasma on Lenovo B50
Installation:
This laptop had already 7.4.10 from bug 27245, so first get ridof this one.
My normal way of working: put the whole list (not the debuginfo packages) on QARepo and use MCC to select the update packages.
First hurdle: selecting apache-mod_php-7.3.23-1.mga7 wants to draw in lib64php7.4.8, so try to install first lib64php_common7-7.3.23-1.mga7. That gives "package cannot be selected"
Back to CLI:
# urpmi lib64php_common7-7.3.23-1.mga7
In order to satisfy the 'php[== 3:7.3.23]' dependency, one of the following packages is needed:
 1- php-cgi-7.3.23-1.mga7.x86_64: PHP CGI interface (to install)
 2- php-cli-7.3.23-1.mga7.x86_64: PHP CLI interface (to install)
 3- php-fpm-7.3.23-1.mga7.x86_64: PHP FastCGI Process Manager (to install)
What is your choice? (1-3) 1
Marking lib64php_common7 as manually installed, it won't be auto-orphaned
writing /var/lib/rpm/installed-through-deps.list
To satisfy dependencies, the following packages are going to be installed:
  Package                        Version      Release       Arch    
(medium "QA Testing (64-bit)")
  lib64php_common7               7.3.23       1.mga7        x86_64  
  php-cgi                        7.3.23       1.mga7        x86_64  
  php-ctype                      7.3.23       1.mga7        x86_64  
  php-dom                        7.3.23       1.mga7        x86_64  
  php-filter                     7.3.23       1.mga7        x86_64  
  php-ftp                        7.3.23       1.mga7        x86_64  
  php-gettext                    7.3.23       1.mga7        x86_64  
  php-ini                        7.3.23       1.mga7        x86_64  
  php-json                       7.3.23       1.mga7        x86_64  
  php-openssl                    7.3.23       1.mga7        x86_64  
  php-posix                      7.3.23       1.mga7        x86_64  
  php-session                    7.3.23       1.mga7        x86_64  
  php-sysvsem                    7.3.23       1.mga7        x86_64  
  php-sysvshm                    7.3.23       1.mga7        x86_64  
  php-tokenizer                  7.3.23       1.mga7        x86_64  
  php-xml                        7.3.23       1.mga7        x86_64  
  php-xmlreader                  7.3.23       1.mga7        x86_64  
  php-xmlwriter                  7.3.23       1.mga7        x86_64  
  php-zlib                       7.3.23       1.mga7        x86_64  
6.7MB of additional disk space will be used.
2MB of packages will be retrieved.
Proceed with the installation of the 19 packages? (Y/n) y
Installation of these works OK.
Then back to MCC: trying to select php-bcmath and php-bz2: OK.Selecting php-calendar complains "lib64php_common7-7.3.23-1.mga7 not fulfilled". Installed first two packages, that seemed to cure the rpmdatabase enugh to be able to proceed with the rest of the installation. Not encouraging.
Now looking to test this with phpmyadmin + something else ???

CC: (none) => herman.viaene

Comment 40 Herman Viaene 2020-10-16 15:40:37 CEST
PHP Version => 7.3.23

System => Linux mach5.hviaene.thuis 5.7.19-desktop-1.mga7 #1 SMP Thu Aug 27 20:27:55 UTC 2020 x86_64
Build Date => Sep 29 2020 12:12:29
Configure Command =>  './configure'  '--with-apxs2=/usr/bin/apxs' '--with-pic' '--build=x86_64-mageia-linux-gnu' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bi
n' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var
/lib' '--mandir=/usr/share/man' '--enable-shared=yes' '--enable-static=no' '--disable-debug' '--enable-bcmath=shared' '--enable-calendar=shared' '--enable-ctype=shared
' '--enable-dba=shared' '--enable-dom=shared,/usr' '--enable-exif=shared' '--enable-fileinfo=shared' '--enable-filter=shared' '--enable-ftp=shared' '--enable-gd-native
-ttf' '--enable-hash' '--enable-inline-optimization' '--enable-intl=shared' '--enable-json=shared' '--enable-libxml=/usr' '--enable-mbregex' '--enable-mbstring=shared,
and a lot more ......

Used phpmyadmin to access the testdatabase from the last phpmyadmin update and inserted values in it. Works OK.
For me it's good to go, wait for others with more php experience.
Comment 41 papoteur 2020-10-16 16:54:01 CEST
After updating the repo updates_testing:
urpmi lib64php_common7
Pour satisfaire les dépendances, les paquetages suivants vont être installés :
  Paquetage                      Version      Révision      Arch    
(média « Core Updates Testing »)
  lib64php_common7               7.3.23       1.mga7        x86_64  
  php-bz2                        7.3.23       1.mga7        x86_64  
  php-cli                        7.3.23       1.mga7        x86_64  
  php-ctype                      7.3.23       1.mga7        x86_64  
  php-curl                       7.3.23       1.mga7        x86_64  
  php-dom                        7.3.23       1.mga7        x86_64  
  php-filter                     7.3.23       1.mga7        x86_64  
  php-fpm                        7.3.23       1.mga7        x86_64  
  php-ftp                        7.3.23       1.mga7        x86_64  
  php-gd                         7.3.23       1.mga7        x86_64  
  php-gettext                    7.3.23       1.mga7        x86_64  
  php-ini                        7.3.23       1.mga7        x86_64  
  php-json                       7.3.23       1.mga7        x86_64  
  php-mbstring                   7.3.23       1.mga7        x86_64  
  php-mysqli                     7.3.23       1.mga7        x86_64  
  php-mysqlnd                    7.3.23       1.mga7        x86_64  
  php-openssl                    7.3.23       1.mga7        x86_64  
  php-pdo                        7.3.23       1.mga7        x86_64  
  php-pdo_mysql                  7.3.23       1.mga7        x86_64  
  php-phar                       7.3.23       1.mga7        x86_64  
  php-posix                      7.3.23       1.mga7        x86_64  
  php-session                    7.3.23       1.mga7        x86_64  
  php-sysvsem                    7.3.23       1.mga7        x86_64  
  php-sysvshm                    7.3.23       1.mga7        x86_64  
  php-tokenizer                  7.3.23       1.mga7        x86_64  
  php-xml                        7.3.23       1.mga7        x86_64  
  php-xmlreader                  7.3.23       1.mga7        x86_64  
  php-xmlwriter                  7.3.23       1.mga7        x86_64  
  php-zlib                       7.3.23       1.mga7        x86_64  
un espace additionnel de 8.8Ko sera utilisé.
4.3Mo de paquets seront récupérés.
Procéder à l'installation des 29 paquetages ? (O/n) o

After the installation, I browsed phpmyadmin, and two other applications using php (confgured to use php-fpm).
All seems OK.
Comment 42 David Walser 2020-10-16 17:27:37 CEST
Advisory and package list in Comment 38.

CC: (none) => sysadmin-bugs
Whiteboard: (none) => MGA7-64-OK
Keywords: (none) => validated_update

Comment 43 Marc Krämer 2020-10-16 17:29:47 CEST
can we validate #27245 too?
Comment 44 Aurelien Oudelet 2020-10-16 17:57:48 CEST
@David, this is a

QA Contact: (none) => security
CVE: (none) => CVE-2020-7070
Source RPM: php => php-7.3.21-2.mga7.src.rpm
Component: RPM Packages => Security
Summary: PHP regular bugfix update 7.3.23 => PHP Security update 7.3.23 CVE-2020-7070

Comment 45 Aurelien Oudelet 2020-10-16 18:13:04 CEST
Advisory done.
Updated this bug to a security one.
Updated title of bug.

Summary: PHP Security update 7.3.23 CVE-2020-7070 => PHP Security update to version 7.3.23 (CVE-2020-7070)
Keywords: (none) => advisory

Comment 46 Mageia Robot 2020-10-16 19:05:53 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0387.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.