the usual bug fixes and 1 potential cve: https://www.php.net/ChangeLog-8.php#8.0.13
QA Contact: (none) => securityComponent: RPM Packages => Security
Updated php package fix bugs: - Header injection via default_mimetype / default_charset - mbstring may use pointer from some previous request - Unexpected behavior with arrays and JIT - special character is breaking the path in xml function [2] - XMLReader::getParserProperty may throw with a valid property References: [1] https://www.php.net/ChangeLog-8.php#8.0.13 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707 ======================== Updated packages in core/updates_testing: ======================== php-cgi-8.0.13-1.mga8 php-cli-8.0.13-1.mga8 php-fpm-8.0.13-1.mga8 phpdbg-8.0.13-1.mga8 php-opcache-debuginfo-8.0.13-1.mga8 php-soap-debuginfo-8.0.13-1.mga8 php-intl-debuginfo-8.0.13-1.mga8 php-opcache-8.0.13-1.mga8 php-mbstring-8.0.13-1.mga8 php-mbstring-debuginfo-8.0.13-1.mga8 php-debuginfo-8.0.13-1.mga8 php-phar-debuginfo-8.0.13-1.mga8 php-mysqlnd-debuginfo-8.0.13-1.mga8 php-openssl-debuginfo-8.0.13-1.mga8 php-dom-debuginfo-8.0.13-1.mga8 php-intl-8.0.13-1.mga8 php-pgsql-debuginfo-8.0.13-1.mga8 php-fileinfo-debuginfo-8.0.13-1.mga8 php-mysqli-debuginfo-8.0.13-1.mga8 php-curl-debuginfo-8.0.13-1.mga8 apache-mod_php-8.0.13-1.mga8 php-pdo-debuginfo-8.0.13-1.mga8 php-ini-8.0.13-1.mga8 php-sockets-debuginfo-8.0.13-1.mga8 php-soap-8.0.13-1.mga8 php-session-debuginfo-8.0.13-1.mga8 php-phar-8.0.13-1.mga8 php-mysqlnd-8.0.13-1.mga8 php-gmp-debuginfo-8.0.13-1.mga8 php-imap-debuginfo-8.0.13-1.mga8 php-gd-debuginfo-8.0.13-1.mga8 php-ldap-debuginfo-8.0.13-1.mga8 php-zip-debuginfo-8.0.13-1.mga8 php-exif-debuginfo-8.0.13-1.mga8 php-ftp-debuginfo-8.0.13-1.mga8 php-snmp-debuginfo-8.0.13-1.mga8 php-dba-debuginfo-8.0.13-1.mga8 php-openssl-8.0.13-1.mga8 php-sodium-debuginfo-8.0.13-1.mga8 php-tidy-debuginfo-8.0.13-1.mga8 php-doc-8.0.13-1.mga8 php-dom-8.0.13-1.mga8 php-bcmath-debuginfo-8.0.13-1.mga8 php-filter-debuginfo-8.0.13-1.mga8 php-sqlite3-debuginfo-8.0.13-1.mga8 php-iconv-debuginfo-8.0.13-1.mga8 php-mysqli-8.0.13-1.mga8 php-odbc-debuginfo-8.0.13-1.mga8 php-pgsql-8.0.13-1.mga8 php-posix-debuginfo-8.0.13-1.mga8 php-zlib-debuginfo-8.0.13-1.mga8 php-pdo_pgsql-debuginfo-8.0.13-1.mga8 php-pdo-8.0.13-1.mga8 php-session-8.0.13-1.mga8 php-pdo_mysql-debuginfo-8.0.13-1.mga8 php-gd-8.0.13-1.mga8 php-curl-8.0.13-1.mga8 php-pdo_firebird-debuginfo-8.0.13-1.mga8 php-sockets-8.0.13-1.mga8 php-xsl-debuginfo-8.0.13-1.mga8 php-pdo_sqlite-debuginfo-8.0.13-1.mga8 php-imap-8.0.13-1.mga8 php-xmlwriter-debuginfo-8.0.13-1.mga8 php-tokenizer-debuginfo-8.0.13-1.mga8 php-calendar-debuginfo-8.0.13-1.mga8 php-xmlreader-debuginfo-8.0.13-1.mga8 php-sodium-8.0.13-1.mga8 php-pdo_dblib-debuginfo-8.0.13-1.mga8 php-readline-debuginfo-8.0.13-1.mga8 php-exif-8.0.13-1.mga8 php-ldap-8.0.13-1.mga8 php-pcntl-debuginfo-8.0.13-1.mga8 php-zip-8.0.13-1.mga8 php-gmp-8.0.13-1.mga8 php-ftp-8.0.13-1.mga8 php-odbc-8.0.13-1.mga8 php-pdo_odbc-debuginfo-8.0.13-1.mga8 php-dba-8.0.13-1.mga8 php-sqlite3-8.0.13-1.mga8 php-bz2-debuginfo-8.0.13-1.mga8 php-snmp-8.0.13-1.mga8 php-tidy-8.0.13-1.mga8 php-enchant-debuginfo-8.0.13-1.mga8 php-iconv-8.0.13-1.mga8 php-filter-8.0.13-1.mga8 php-pdo_pgsql-8.0.13-1.mga8 php-zlib-8.0.13-1.mga8 php-bcmath-8.0.13-1.mga8 php-gettext-debuginfo-8.0.13-1.mga8 php-xmlwriter-8.0.13-1.mga8 php-ctype-debuginfo-8.0.13-1.mga8 php-pdo_firebird-8.0.13-1.mga8 php-pcntl-8.0.13-1.mga8 php-posix-8.0.13-1.mga8 php-sysvmsg-debuginfo-8.0.13-1.mga8 php-xsl-8.0.13-1.mga8 php-readline-8.0.13-1.mga8 php-xmlreader-8.0.13-1.mga8 php-pdo_sqlite-8.0.13-1.mga8 php-fileinfo-8.0.13-1.mga8 php-bz2-8.0.13-1.mga8 php-pdo_dblib-8.0.13-1.mga8 php-calendar-8.0.13-1.mga8 php-pdo_mysql-8.0.13-1.mga8 php-sysvshm-debuginfo-8.0.13-1.mga8 php-tokenizer-8.0.13-1.mga8 php-sysvsem-debuginfo-8.0.13-1.mga8 php-shmop-debuginfo-8.0.13-1.mga8 php-enchant-8.0.13-1.mga8 php-pdo_odbc-8.0.13-1.mga8 php-shmop-8.0.13-1.mga8 php-sysvmsg-8.0.13-1.mga8 php-sysvsem-8.0.13-1.mga8 php-sysvshm-8.0.13-1.mga8 php-gettext-8.0.13-1.mga8 php-fpm-apache-8.0.13-1.mga8 php-fpm-nginx-8.0.13-1.mga8 php-ctype-8.0.13-1.mga8 php-cgi-debuginfo-8.0.13-1.mga8 php-cli-debuginfo-8.0.13-1.mga8 php-fpm-debuginfo-8.0.13-1.mga8 phpdbg-debuginfo-8.0.13-1.mga8 apache-mod_php-debuginfo-8.0.13-1.mga8 php-debugsource-8.0.13-1.mga8 php-devel-8.0.13-1.mga8 SRPM: php-8.0.13-1.mga8.src.rpm
Assignee: mageia => qa-bugs
MGA8-64 Plasma on Lenovo B50 No installation issues, omitting al debuginfo and php-fpm-apache-8.0.13-1.mga8. Used the files and commands from Len's bug 25045 Comment 5, and image and text displayed OK. Note that in contrast with bug 29586 Comment 10, the "https://localhost:8000/create-png.php" results in a "Secure connection failed. Error while connecting with localhost:8000. PR_END_OF_FILE_ERROR" (not 100% sure about the text, since this is a manual translation from Dutch), while "http://localhost:8000/create-png.php" works OK. In view of previous updates, this seems good enough.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
@Herman: I assume your ssl connection is not set-up correctly. For php there is no difference :)
@Marc: your assumption is totally correct. I only bother about SSL on this testing laptop when I really have to, which hasn't been the case up to now.
Validating. Advisory in Comment 1.
CC: (none) => andrewsfarm
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0519.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED