28849 – PHP 7.3.28

Bug 28849 - PHP 7.3.28

Summary: PHP 7.3.28

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	7
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:

URL:
Whiteboard:	MGA7-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:	28850
	Show dependency tree / graph

Reported:	2021-04-28 16:04 CEST by Marc Krämer
Modified:	2021-06-01 02:51 CEST (History)
CC List:	4 users (show)

See Also:
Source RPM:	php
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Marc Krämer 2021-04-28 16:04:13 CEST

updated version is available

Comment 1 Marc Krämer 2021-04-28 16:05:11 CEST

SRPM: php-7.3.28-1.mga7.src.rpm
RPMS:
php-ini-7.3.28-1.mga7
apache-mod_php-7.3.28-1.mga7
php-cli-7.3.28-1.mga7
php-cgi-7.3.28-1.mga7
lib64php_common7-7.3.28-1.mga7
php-devel-7.3.28-1.mga7
php-openssl-7.3.28-1.mga7
php-zlib-7.3.28-1.mga7
php-doc-7.3.28-1.mga7
php-bcmath-7.3.28-1.mga7
php-bz2-7.3.28-1.mga7
php-calendar-7.3.28-1.mga7
php-ctype-7.3.28-1.mga7
php-curl-7.3.28-1.mga7
php-dba-7.3.28-1.mga7
php-dom-7.3.28-1.mga7
php-enchant-7.3.28-1.mga7
php-exif-7.3.28-1.mga7
php-fileinfo-7.3.28-1.mga7
php-filter-7.3.28-1.mga7
php-ftp-7.3.28-1.mga7
php-gd-7.3.28-1.mga7
php-gettext-7.3.28-1.mga7
php-gmp-7.3.28-1.mga7
php-iconv-7.3.28-1.mga7
php-imap-7.3.28-1.mga7
php-interbase-7.3.28-1.mga7
php-intl-7.3.28-1.mga7
php-json-7.3.28-1.mga7
php-ldap-7.3.28-1.mga7
php-mbstring-7.3.28-1.mga7
php-mysqli-7.3.28-1.mga7
php-mysqlnd-7.3.28-1.mga7
php-odbc-7.3.28-1.mga7
php-opcache-7.3.28-1.mga7
php-pcntl-7.3.28-1.mga7
php-pdo-7.3.28-1.mga7
php-pdo_dblib-7.3.28-1.mga7
php-pdo_firebird-7.3.28-1.mga7
php-pdo_mysql-7.3.28-1.mga7
php-pdo_odbc-7.3.28-1.mga7
php-pdo_pgsql-7.3.28-1.mga7
php-pdo_sqlite-7.3.28-1.mga7
php-pgsql-7.3.28-1.mga7
php-phar-7.3.28-1.mga7
php-posix-7.3.28-1.mga7
php-readline-7.3.28-1.mga7
php-recode-7.3.28-1.mga7
php-session-7.3.28-1.mga7
php-shmop-7.3.28-1.mga7
php-snmp-7.3.28-1.mga7
php-soap-7.3.28-1.mga7
php-sockets-7.3.28-1.mga7
php-sodium-7.3.28-1.mga7
php-sqlite3-7.3.28-1.mga7
php-sysvmsg-7.3.28-1.mga7
php-sysvsem-7.3.28-1.mga7
php-sysvshm-7.3.28-1.mga7
php-tidy-7.3.28-1.mga7
php-tokenizer-7.3.28-1.mga7
php-xml-7.3.28-1.mga7
php-xmlreader-7.3.28-1.mga7
php-xmlrpc-7.3.28-1.mga7
php-xmlwriter-7.3.28-1.mga7
php-xsl-7.3.28-1.mga7
php-wddx-7.3.28-1.mga7
php-zip-7.3.28-1.mga7
php-fpm-7.3.28-1.mga7
php-fpm-apache-7.3.28-1.mga7
phpdbg-7.3.28-1.mga7
php-debugsource-7.3.28-1.mga7
php-debuginfo-7.3.28-1.mga7
apache-mod_php-debuginfo-7.3.28-1.mga7
php-cli-debuginfo-7.3.28-1.mga7
php-cgi-debuginfo-7.3.28-1.mga7
lib64php_common7-debuginfo-7.3.28-1.mga7
php-openssl-debuginfo-7.3.28-1.mga7
php-zlib-debuginfo-7.3.28-1.mga7
php-bcmath-debuginfo-7.3.28-1.mga7
php-bz2-debuginfo-7.3.28-1.mga7
php-calendar-debuginfo-7.3.28-1.mga7
php-ctype-debuginfo-7.3.28-1.mga7
php-curl-debuginfo-7.3.28-1.mga7
php-dba-debuginfo-7.3.28-1.mga7
php-dom-debuginfo-7.3.28-1.mga7
php-enchant-debuginfo-7.3.28-1.mga7
php-exif-debuginfo-7.3.28-1.mga7
php-fileinfo-debuginfo-7.3.28-1.mga7
php-filter-debuginfo-7.3.28-1.mga7
php-ftp-debuginfo-7.3.28-1.mga7
php-gd-debuginfo-7.3.28-1.mga7
php-gettext-debuginfo-7.3.28-1.mga7
php-gmp-debuginfo-7.3.28-1.mga7
php-iconv-debuginfo-7.3.28-1.mga7
php-imap-debuginfo-7.3.28-1.mga7
php-interbase-debuginfo-7.3.28-1.mga7
php-intl-debuginfo-7.3.28-1.mga7
php-json-debuginfo-7.3.28-1.mga7
php-ldap-debuginfo-7.3.28-1.mga7
php-mbstring-debuginfo-7.3.28-1.mga7
php-mysqli-debuginfo-7.3.28-1.mga7
php-mysqlnd-debuginfo-7.3.28-1.mga7
php-odbc-debuginfo-7.3.28-1.mga7
php-opcache-debuginfo-7.3.28-1.mga7
php-pcntl-debuginfo-7.3.28-1.mga7
php-pdo-debuginfo-7.3.28-1.mga7
php-pdo_dblib-debuginfo-7.3.28-1.mga7
php-pdo_firebird-debuginfo-7.3.28-1.mga7
php-pdo_mysql-debuginfo-7.3.28-1.mga7
php-pdo_odbc-debuginfo-7.3.28-1.mga7
php-pdo_pgsql-debuginfo-7.3.28-1.mga7
php-pdo_sqlite-debuginfo-7.3.28-1.mga7
php-pgsql-debuginfo-7.3.28-1.mga7
php-phar-debuginfo-7.3.28-1.mga7
php-posix-debuginfo-7.3.28-1.mga7
php-readline-debuginfo-7.3.28-1.mga7
php-recode-debuginfo-7.3.28-1.mga7
php-session-debuginfo-7.3.28-1.mga7
php-shmop-debuginfo-7.3.28-1.mga7
php-snmp-debuginfo-7.3.28-1.mga7
php-soap-debuginfo-7.3.28-1.mga7
php-sockets-debuginfo-7.3.28-1.mga7
php-sodium-debuginfo-7.3.28-1.mga7
php-sqlite3-debuginfo-7.3.28-1.mga7
php-sysvmsg-debuginfo-7.3.28-1.mga7
php-sysvsem-debuginfo-7.3.28-1.mga7
php-sysvshm-debuginfo-7.3.28-1.mga7
php-tidy-debuginfo-7.3.28-1.mga7
php-tokenizer-debuginfo-7.3.28-1.mga7
php-xml-debuginfo-7.3.28-1.mga7
php-xmlreader-debuginfo-7.3.28-1.mga7
php-xmlrpc-debuginfo-7.3.28-1.mga7
php-xmlwriter-debuginfo-7.3.28-1.mga7
php-xsl-debuginfo-7.3.28-1.mga7
php-wddx-debuginfo-7.3.28-1.mga7
php-zip-debuginfo-7.3.28-1.mga7
php-fpm-debuginfo-7.3.28-1.mga7
phpdbg-debuginfo-7.3.28-1.mga7

Comment 2 Marc Krämer 2021-04-30 12:29:57 CEST

Bugfix release of php updating to version 7.3.28

Imap:
Fixed bug #80710 (imap_mail_compose() header injection).

References:
https://www.php.net/ChangeLog-7.php#7.3.28
========================

Updated packages in core/updates_testing:
========================
RPMS:
php-ini-7.3.28-1.mga7
apache-mod_php-7.3.28-1.mga7
php-cli-7.3.28-1.mga7
php-cgi-7.3.28-1.mga7
lib64php_common7-7.3.28-1.mga7
php-devel-7.3.28-1.mga7
php-openssl-7.3.28-1.mga7
php-zlib-7.3.28-1.mga7
php-doc-7.3.28-1.mga7
php-bcmath-7.3.28-1.mga7
php-bz2-7.3.28-1.mga7
php-calendar-7.3.28-1.mga7
php-ctype-7.3.28-1.mga7
php-curl-7.3.28-1.mga7
php-dba-7.3.28-1.mga7
php-dom-7.3.28-1.mga7
php-enchant-7.3.28-1.mga7
php-exif-7.3.28-1.mga7
php-fileinfo-7.3.28-1.mga7
php-filter-7.3.28-1.mga7
php-ftp-7.3.28-1.mga7
php-gd-7.3.28-1.mga7
php-gettext-7.3.28-1.mga7
php-gmp-7.3.28-1.mga7
php-iconv-7.3.28-1.mga7
php-imap-7.3.28-1.mga7
php-interbase-7.3.28-1.mga7
php-intl-7.3.28-1.mga7
php-json-7.3.28-1.mga7
php-ldap-7.3.28-1.mga7
php-mbstring-7.3.28-1.mga7
php-mysqli-7.3.28-1.mga7
php-mysqlnd-7.3.28-1.mga7
php-odbc-7.3.28-1.mga7
php-opcache-7.3.28-1.mga7
php-pcntl-7.3.28-1.mga7
php-pdo-7.3.28-1.mga7
php-pdo_dblib-7.3.28-1.mga7
php-pdo_firebird-7.3.28-1.mga7
php-pdo_mysql-7.3.28-1.mga7
php-pdo_odbc-7.3.28-1.mga7
php-pdo_pgsql-7.3.28-1.mga7
php-pdo_sqlite-7.3.28-1.mga7
php-pgsql-7.3.28-1.mga7
php-phar-7.3.28-1.mga7
php-posix-7.3.28-1.mga7
php-readline-7.3.28-1.mga7
php-recode-7.3.28-1.mga7
php-session-7.3.28-1.mga7
php-shmop-7.3.28-1.mga7
php-snmp-7.3.28-1.mga7
php-soap-7.3.28-1.mga7
php-sockets-7.3.28-1.mga7
php-sodium-7.3.28-1.mga7
php-sqlite3-7.3.28-1.mga7
php-sysvmsg-7.3.28-1.mga7
php-sysvsem-7.3.28-1.mga7
php-sysvshm-7.3.28-1.mga7
php-tidy-7.3.28-1.mga7
php-tokenizer-7.3.28-1.mga7
php-xml-7.3.28-1.mga7
php-xmlreader-7.3.28-1.mga7
php-xmlrpc-7.3.28-1.mga7
php-xmlwriter-7.3.28-1.mga7
php-xsl-7.3.28-1.mga7
php-wddx-7.3.28-1.mga7
php-zip-7.3.28-1.mga7
php-fpm-7.3.28-1.mga7
php-fpm-apache-7.3.28-1.mga7
phpdbg-7.3.28-1.mga7
php-debugsource-7.3.28-1.mga7
php-debuginfo-7.3.28-1.mga7
apache-mod_php-debuginfo-7.3.28-1.mga7
php-cli-debuginfo-7.3.28-1.mga7
php-cgi-debuginfo-7.3.28-1.mga7
lib64php_common7-debuginfo-7.3.28-1.mga7
php-openssl-debuginfo-7.3.28-1.mga7
php-zlib-debuginfo-7.3.28-1.mga7
php-bcmath-debuginfo-7.3.28-1.mga7
php-bz2-debuginfo-7.3.28-1.mga7
php-calendar-debuginfo-7.3.28-1.mga7
php-ctype-debuginfo-7.3.28-1.mga7
php-curl-debuginfo-7.3.28-1.mga7
php-dba-debuginfo-7.3.28-1.mga7
php-dom-debuginfo-7.3.28-1.mga7
php-enchant-debuginfo-7.3.28-1.mga7
php-exif-debuginfo-7.3.28-1.mga7
php-fileinfo-debuginfo-7.3.28-1.mga7
php-filter-debuginfo-7.3.28-1.mga7
php-ftp-debuginfo-7.3.28-1.mga7
php-gd-debuginfo-7.3.28-1.mga7
php-gettext-debuginfo-7.3.28-1.mga7
php-gmp-debuginfo-7.3.28-1.mga7
php-iconv-debuginfo-7.3.28-1.mga7
php-imap-debuginfo-7.3.28-1.mga7
php-interbase-debuginfo-7.3.28-1.mga7
php-intl-debuginfo-7.3.28-1.mga7
php-json-debuginfo-7.3.28-1.mga7
php-ldap-debuginfo-7.3.28-1.mga7
php-mbstring-debuginfo-7.3.28-1.mga7
php-mysqli-debuginfo-7.3.28-1.mga7
php-mysqlnd-debuginfo-7.3.28-1.mga7
php-odbc-debuginfo-7.3.28-1.mga7
php-opcache-debuginfo-7.3.28-1.mga7
php-pcntl-debuginfo-7.3.28-1.mga7
php-pdo-debuginfo-7.3.28-1.mga7
php-pdo_dblib-debuginfo-7.3.28-1.mga7
php-pdo_firebird-debuginfo-7.3.28-1.mga7
php-pdo_mysql-debuginfo-7.3.28-1.mga7
php-pdo_odbc-debuginfo-7.3.28-1.mga7
php-pdo_pgsql-debuginfo-7.3.28-1.mga7
php-pdo_sqlite-debuginfo-7.3.28-1.mga7
php-pgsql-debuginfo-7.3.28-1.mga7
php-phar-debuginfo-7.3.28-1.mga7
php-posix-debuginfo-7.3.28-1.mga7
php-readline-debuginfo-7.3.28-1.mga7
php-recode-debuginfo-7.3.28-1.mga7
php-session-debuginfo-7.3.28-1.mga7
php-shmop-debuginfo-7.3.28-1.mga7
php-snmp-debuginfo-7.3.28-1.mga7
php-soap-debuginfo-7.3.28-1.mga7
php-sockets-debuginfo-7.3.28-1.mga7
php-sodium-debuginfo-7.3.28-1.mga7
php-sqlite3-debuginfo-7.3.28-1.mga7
php-sysvmsg-debuginfo-7.3.28-1.mga7
php-sysvsem-debuginfo-7.3.28-1.mga7
php-sysvshm-debuginfo-7.3.28-1.mga7
php-tidy-debuginfo-7.3.28-1.mga7
php-tokenizer-debuginfo-7.3.28-1.mga7
php-xml-debuginfo-7.3.28-1.mga7
php-xmlreader-debuginfo-7.3.28-1.mga7
php-xmlrpc-debuginfo-7.3.28-1.mga7
php-xmlwriter-debuginfo-7.3.28-1.mga7
php-xsl-debuginfo-7.3.28-1.mga7
php-wddx-debuginfo-7.3.28-1.mga7
php-zip-debuginfo-7.3.28-1.mga7
php-fpm-debuginfo-7.3.28-1.mga7
phpdbg-debuginfo-7.3.28-1.mga7


SRPM: 
php-7.3.28-1.mga7.src.rpm

Assignee: mageia => qa-bugs

Marc Krämer 2021-04-30 12:34:37 CEST

Blocks: (none) => 28850

Comment 3 PC LX 2021-05-02 15:10:06 CEST

Installed and tested without issues.

Using php-fpm instead of mod_php.


Tested several scripts (phpmyadmin, roundcubemail, mediawiki, wordpress, drupal, nagios). Tested HTTP 1.1, HTTP 2, TLS and CLI.


System: Mageia 7, x86_64, Intel CPU.


$ uname -a
Linux marte 5.10.33-desktop-1.mga7 #1 SMP Thu Apr 29 14:25:20 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep php.*7.3 | sort
apache-mod_php-7.3.28-1.mga7
lib64php_common7-7.3.28-1.mga7
php-bz2-7.3.28-1.mga7
php-cli-7.3.28-1.mga7
php-ctype-7.3.28-1.mga7
php-curl-7.3.28-1.mga7
php-dom-7.3.28-1.mga7
php-exif-7.3.28-1.mga7
php-fileinfo-7.3.28-1.mga7
php-filter-7.3.28-1.mga7
php-fpm-7.3.28-1.mga7
php-ftp-7.3.28-1.mga7
php-gd-7.3.28-1.mga7
php-gettext-7.3.28-1.mga7
php-iconv-7.3.28-1.mga7
php-ini-7.3.28-1.mga7
php-intl-7.3.28-1.mga7
php-json-7.3.28-1.mga7
php-ldap-7.3.28-1.mga7
php-mbstring-7.3.28-1.mga7
php-mysqli-7.3.28-1.mga7
php-mysqlnd-7.3.28-1.mga7
php-openssl-7.3.28-1.mga7
php-pdo-7.3.28-1.mga7
php-pdo_mysql-7.3.28-1.mga7
php-pdo_sqlite-7.3.28-1.mga7
php-pear-PHPUnit-3.7.34-4.mga7
php-posix-7.3.28-1.mga7
php-session-7.3.28-1.mga7
php-sockets-7.3.28-1.mga7
php-sysvsem-7.3.28-1.mga7
php-sysvshm-7.3.28-1.mga7
php-tokenizer-7.3.28-1.mga7
php-xml-7.3.28-1.mga7
php-xmlreader-7.3.28-1.mga7
php-xmlwriter-7.3.28-1.mga7
php-zip-7.3.28-1.mga7
php-zlib-7.3.28-1.mga7
$ systemctl status httpd.socket php-fpm.socket httpd.service php-fpm.service
● httpd.socket - httpd server activation socket
   Loaded: loaded (/usr/local/lib/systemd/system/httpd.socket; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2021-05-02 10:16:20 WEST; 3h 52min ago
   Listen: [::]:80 (Stream)
           [::]:443 (Stream)
    Tasks: 0 (limit: 4668)
   Memory: 8.0K
   CGroup: /system.slice/httpd.socket

mai 02 10:16:20 marte systemd[1]: Listening on httpd server activation socket.

● php-fpm.socket - php-fpm Server Socket
   Loaded: loaded (/usr/local/lib/systemd/system/php-fpm.socket; enabled; vendor preset: disabled)
   Active: inactive (dead) since Sun 2021-05-02 13:48:45 WEST; 19min ago
   Listen: /var/lib/php-fpm/php-fpm.sock (Stream)

mai 02 10:16:20 marte systemd[1]: Listening on php-fpm Server Socket.
mai 02 13:48:45 marte systemd[1]: php-fpm.socket: Succeeded.
mai 02 13:48:45 marte systemd[1]: Closed php-fpm Server Socket.

● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Sun 2021-05-02 13:35:29 WEST; 33min ago
 Main PID: 1200 (httpd)
   Status: "Total requests: 682; Idle/Busy workers 100/0;Requests/sec: 0.344; Bytes served/sec: 5.9KB/sec"
    Tasks: 66 (limit: 4668)
   Memory: 43.3M
   CGroup: /system.slice/httpd.service
           ├─1200 /usr/sbin/httpd -DFOREGROUND
           ├─1244 /usr/sbin/httpd -DFOREGROUND
           └─1248 /usr/sbin/httpd -DFOREGROUND

mai 02 13:35:29 marte systemd[1]: Starting The Apache HTTP Server...
mai 02 13:35:29 marte systemd[1]: Started The Apache HTTP Server.

● php-fpm.service - The PHP FastCGI Process Manager
   Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor preset: disabled)
   Active: active (running) since Sun 2021-05-02 13:48:45 WEST; 19min ago
 Main PID: 2836 (php-fpm)
   Status: "Processes active: 0, idle: 2, Requests: 95, slow: 0, Traffic: 0req/sec"
    Tasks: 3 (limit: 4668)
   Memory: 52.6M
   CGroup: /system.slice/php-fpm.service
           ├─2836 php-fpm: master process (/etc/php-fpm.conf)
           ├─3379 php-fpm: pool www
           └─3388 php-fpm: pool www

mai 02 13:48:45 marte systemd[1]: Starting The PHP FastCGI Process Manager...
mai 02 13:48:45 marte php-fpm[2836]: [NOTICE] fpm is running, pid 2836
mai 02 13:48:45 marte php-fpm[2836]: [NOTICE] ready to handle connections
mai 02 13:48:45 marte php-fpm[2836]: [NOTICE] systemd monitor interval set to 10000ms
mai 02 13:48:45 marte systemd[1]: Started The PHP FastCGI Process Manager.

CC: (none) => mageia
Whiteboard: (none) => MGA7-64-OK

Comment 4 Thomas Andrews 2021-05-05 20:53:19 CEST

Validating. Advisory in Comment 2.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Aurelien Oudelet 2021-05-06 20:27:40 CEST

CC: (none) => ouaurelien
Keywords: (none) => advisory

Comment 5 Mageia Robot 2021-05-07 07:37:01 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2021-0108.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2021-06-01 02:51:58 CEST

Summary: PHP: update to latest version => PHP 7.3.28

Note You need to log in before you can comment on or make changes to this bug.