new version available
Packages available. Changelog: https://www.php.net/ChangeLog-8.php#8.2.21 (will follow on 4th) Advisory will be added, when changelog is available :) This update should also fix https://bugs.mageia.org/show_bug.cgi?id=33355 Files in core/upates_testing: php-cli-8.2.21-2.mga9 php-cgi-8.2.21-2.mga9 php-fpm-8.2.21-2.mga9 phpdbg-8.2.21-2.mga9 php-debuginfo-8.2.21-2.mga9 php-intl-debuginfo-8.2.21-2.mga9 php-opcache-debuginfo-8.2.21-2.mga9 php-soap-debuginfo-8.2.21-2.mga9 php-mbstring-debuginfo-8.2.21-2.mga9 php-mbstring-8.2.21-2.mga9 php-phar-debuginfo-8.2.21-2.mga9 php-opcache-8.2.21-2.mga9 php-dom-debuginfo-8.2.21-2.mga9 php-openssl-debuginfo-8.2.21-2.mga9 php-intl-8.2.21-2.mga9 php-mysqlnd-debuginfo-8.2.21-2.mga9 php-fileinfo-8.2.21-2.mga9 php-mysqli-debuginfo-8.2.21-2.mga9 php-pdo-debuginfo-8.2.21-2.mga9 php-pgsql-debuginfo-8.2.21-2.mga9 php-fileinfo-debuginfo-8.2.21-2.mga9 php-curl-debuginfo-8.2.21-2.mga9 php-soap-8.2.21-2.mga9 php-phar-8.2.21-2.mga9 apache-mod_php-8.2.21-2.mga9 php-ini-8.2.21-2.mga9 php-session-debuginfo-8.2.21-2.mga9 php-sockets-debuginfo-8.2.21-2.mga9 php-mysqlnd-8.2.21-2.mga9 php-sodium-debuginfo-8.2.21-2.mga9 php-imap-debuginfo-8.2.21-2.mga9 php-zip-debuginfo-8.2.21-2.mga9 php-ldap-debuginfo-8.2.21-2.mga9 php-gd-debuginfo-8.2.21-2.mga9 php-dom-8.2.21-2.mga9 php-openssl-8.2.21-2.mga9 php-dba-debuginfo-8.2.21-2.mga9 php-snmp-debuginfo-8.2.21-2.mga9 php-gmp-debuginfo-8.2.21-2.mga9 php-sqlite3-debuginfo-8.2.21-2.mga9 php-mysqli-8.2.21-2.mga9 php-tidy-debuginfo-8.2.21-2.mga9 php-exif-debuginfo-8.2.21-2.mga9 php-pgsql-8.2.21-2.mga9 php-ftp-debuginfo-8.2.21-2.mga9 php-filter-debuginfo-8.2.21-2.mga9 php-odbc-debuginfo-8.2.21-2.mga9 php-doc-8.2.21-2.mga9.noarch.rpm php-pdo-8.2.21-2.mga9 php-bcmath-debuginfo-8.2.21-2.mga9 php-curl-8.2.21-2.mga9 php-session-8.2.21-2.mga9 php-gd-8.2.21-2.mga9 php-pcntl-debuginfo-8.2.21-2.mga9 php-sodium-8.2.21-2.mga9 php-xmlreader-debuginfo-8.2.21-2.mga9 php-iconv-debuginfo-8.2.21-2.mga9 php-imap-8.2.21-2.mga9 php-posix-debuginfo-8.2.21-2.mga9 php-sockets-8.2.21-2.mga9 php-pdo_pgsql-debuginfo-8.2.21-2.mga9 php-zip-8.2.21-2.mga9 php-pdo_mysql-debuginfo-8.2.21-2.mga9 php-zlib-debuginfo-8.2.21-2.mga9 php-ldap-8.2.21-2.mga9 php-xsl-debuginfo-8.2.21-2.mga9 php-exif-8.2.21-2.mga9 php-pdo_firebird-debuginfo-8.2.21-2.mga9 php-pdo_sqlite-debuginfo-8.2.21-2.mga9 php-xmlwriter-debuginfo-8.2.21-2.mga9 php-odbc-8.2.21-2.mga9 php-gmp-8.2.21-2.mga9 php-readline-debuginfo-8.2.21-2.mga9 php-tokenizer-debuginfo-8.2.21-2.mga9 php-pdo_dblib-debuginfo-8.2.21-2.mga9 php-dba-8.2.21-2.mga9 php-ftp-8.2.21-2.mga9 php-sqlite3-8.2.21-2.mga9 php-calendar-debuginfo-8.2.21-2.mga9 php-pdo_odbc-debuginfo-8.2.21-2.mga9 php-tidy-8.2.21-2.mga9 php-snmp-8.2.21-2.mga9 php-zlib-8.2.21-2.mga9 php-bz2-debuginfo-8.2.21-2.mga9 php-iconv-8.2.21-2.mga9 php-enchant-debuginfo-8.2.21-2.mga9 php-filter-8.2.21-2.mga9 php-xmlwriter-8.2.21-2.mga9 php-pdo_pgsql-8.2.21-2.mga9 php-xmlreader-8.2.21-2.mga9 php-pcntl-8.2.21-2.mga9 php-posix-8.2.21-2.mga9 php-pdo_firebird-8.2.21-2.mga9 php-bcmath-8.2.21-2.mga9 php-sysvmsg-debuginfo-8.2.21-2.mga9 php-ctype-debuginfo-8.2.21-2.mga9 php-pdo_sqlite-8.2.21-2.mga9 php-gettext-debuginfo-8.2.21-2.mga9 php-calendar-8.2.21-2.mga9 php-pdo_odbc-8.2.21-2.mga9 php-readline-8.2.21-2.mga9 php-xsl-8.2.21-2.mga9 php-pdo_dblib-8.2.21-2.mga9 php-pdo_mysql-8.2.21-2.mga9 php-tokenizer-8.2.21-2.mga9 php-sysvshm-debuginfo-8.2.21-2.mga9 php-bz2-8.2.21-2.mga9 php-sysvshm-8.2.21-2.mga9 php-sysvsem-debuginfo-8.2.21-2.mga9 php-enchant-8.2.21-2.mga9 php-shmop-debuginfo-8.2.21-2.mga9 php-sysvmsg-8.2.21-2.mga9 php-shmop-8.2.21-2.mga9 php-gettext-8.2.21-2.mga9 php-ctype-8.2.21-2.mga9 php-sysvsem-8.2.21-2.mga9 php-fpm-apache-8.2.21-2.mga9 php-fpm-nginx-8.2.21-2.mga9 php-cgi-debuginfo-8.2.21-2.mga9 php-fpm-debuginfo-8.2.21-2.mga9 apache-mod_php-debuginfo-8.2.21-2.mga9 php-cli-debuginfo-8.2.21-2.mga9 phpdbg-debuginfo-8.2.21-2.mga9 php-debugsource-8.2.21-2.mga9 php-devel-8.2.21-2.mga9 SRPM: php-8.2.21-2.mga9.src.rpm
Assignee: mageia => qa-bugs
Blocks: (none) => 33355
Blocks: 33355 => (none)
RH mageia 9 x86_64 LC_ALL=C urpmi --auto --auto-update medium "QA Testing (32-bit)" is up-to-date medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing php-zlib-8.2.21-2.mga9.x86_64.rpm php-cli-8.2.21-2.mga9.x86_64.rpm php-sysvshm-8.2.21-2.mga9.x86_64.rpm php-fpm-apache-8.2.21-2.mga9.x86_64.rpm php-fpm-8.2.21-2.mga9.x86_64.rpm php-sysvsem-8.2.21-2.mga9.x86_64.rpm php-session-8.2.21-2.mga9.x86_64.rpm php-ini-8.2.21-2.mga9.x86_64.rpm php-openssl-8.2.21-2.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/9: php-cli ################################################################################################## 2/9: php-sysvshm ################################################################################################## 3/9: php-sysvsem ################################################################################################## 4/9: php-openssl ################################################################################################## 5/9: php-ini ################################################################################################## 6/9: php-zlib ################################################################################################## 7/9: php-session ################################################################################################## 8/9: php-fpm-apache ################################################################################################## 9/9: php-fpm ################################################################################################## 1/9: removing php-fpm-apache-3:8.2.18-1.mga9.x86_64 ################################################################################################## 2/9: removing php-fpm-3:8.2.18-1.mga9.x86_64 ################################################################################################## 3/9: removing php-session-3:8.2.18-1.mga9.x86_64 ################################################################################################## 4/9: removing php-cli-3:8.2.18-1.mga9.x86_64 ################################################################################################## 5/9: removing php-sysvsem-3:8.2.18-1.mga9.x86_64 ################################################################################################## 6/9: removing php-sysvshm-3:8.2.18-1.mga9.x86_64 ################################################################################################## 7/9: removing php-ini-3:8.2.18-1.mga9.x86_64 ################################################################################################## 8/9: removing php-zlib-3:8.2.18-1.mga9.x86_64 ################################################################################################## 9/9: removing php-openssl-3:8.2.18-1.mga9.x86_64 ################################################################################################## systemctl restart php-fpm.service systemctl -l status php-fpm.service ● php-fpm.service - The PHP FastCGI Process Manager Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; preset: disabled) Active: active (running) since Wed 2024-07-03 10:43:50 CST; 11s ago Main PID: 176241 (php-fpm) Status: "Processes active: 0, idle: 20, Requests: 0, slow: 0, Traffic: 0.00req/sec" Tasks: 21 (limit: 6904) Memory: 9.3M CPU: 42ms CGroup: /system.slice/php-fpm.service ├─176241 "php-fpm: master process (/etc/php-fpm.conf)" ├─176243 "php-fpm: pool www" ├─176244 "php-fpm: pool www" ├─176245 "php-fpm: pool www" ├─176246 "php-fpm: pool www" ├─176247 "php-fpm: pool www" ├─176248 "php-fpm: pool www" ├─176249 "php-fpm: pool www" ├─176250 "php-fpm: pool www" ├─176251 "php-fpm: pool www" ├─176252 "php-fpm: pool www" ├─176253 "php-fpm: pool www" ├─176254 "php-fpm: pool www" ├─176255 "php-fpm: pool www" ├─176256 "php-fpm: pool www" ├─176257 "php-fpm: pool www" ├─176258 "php-fpm: pool www" ├─176259 "php-fpm: pool www" ├─176260 "php-fpm: pool www" ├─176261 "php-fpm: pool www" └─176262 "php-fpm: pool www" jul 03 10:43:49 jgrey.phoenix systemd[1]: Starting php-fpm.service... jul 03 10:43:50 jgrey.phoenix systemd[1]: Started php-fpm.service. Still get mixed behavior with my php pages (some works other not) :( need to check the apache update recommendation
Keywords: (none) => advisory
The problematic page fail after a require, but not have any idea of why it was working and I don't know when let of work :( I have both testing updates apache and php and still have the issue, I will have to recode the included file to see what the hell is the issue, but unless other report something similar I consider that not must stop this or apache updates
@katnatek: usually a required file is not found. You can check apache logs or php-fpm log. One of them should contain some usefull information about why require is not found (e.g. search path not set)
advisory will come tomorrow. when changelog is ready.
(In reply to Marc Krämer from comment #4) > @katnatek: usually a required file is not found. You can check apache logs > or php-fpm log. One of them should contain some usefull information about > why require is not found (e.g. search path not set) Not sure why but I have to change the folder in where the problematic page lives, a problem with paths and symlinks Now works BTW thank you for the help OK for me, but I was not affected by the bug because I use php-fpm and the rest of the pages works I also test my php script and works
Advisory: This update ships the latest version of php 8.2. It brings the usuall bug fixes. Noteable fixes: DOM: - Fixed bug GH-14343 (Memory leak in xml and dom). FPM: - Fixed bug GH-13563 (Setting bool values via env in FPM config fails). MySQLnd: - Fix bug GH-14255 (mysqli_fetch_assoc reports error from nested query). Posix: - Fix usage of reentrant functions in ext/posix. Soap: - Various memory issues SPL: - Fixed bug GH-14290 (Member access within null pointer in extension spl). Streams: - Fixed bug GH-11078 (PHP Fatal error triggers pointer being freed was not allocated and malloc: double free for ptr errors). References: https://www.php.net/ChangeLog-8.php#8.2.21 https://www.php.net/ChangeLog-8.php#8.2.20 https://www.php.net/ChangeLog-8.php#8.2.19
RH mageia 9 i586 rpm -qa|grep php php-openssl-8.2.21-2.mga9 php-cli-8.2.21-2.mga9 php-sysvshm-8.2.21-2.mga9 php-zlib-8.2.21-2.mga9 php-ini-8.2.21-2.mga9 php-sysvsem-8.2.21-2.mga9 My php script works
Please guys my use of php is too basic to give OK in base my test
Whiteboard: (none) => MGA9-64-OK
Component: RPM Packages => SecurityCC: (none) => nicolas.salgueroCVE: (none) => CVE-2024-4577, CVE-2024-5458, CVE-2024-5585QA Contact: (none) => securityBlocks: (none) => 33278Severity: normal => critical
Advisory: This update ships the latest version of php 8.2. It brings a fixed security issues and the usuall bug fixes. Vulnerability: - A code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly. (CVE-2024-5458) Noteable fixes: DOM: - Fixed bug GH-14343 (Memory leak in xml and dom). FPM: - Fixed bug GH-13563 (Setting bool values via env in FPM config fails). MySQLnd: - Fix bug GH-14255 (mysqli_fetch_assoc reports error from nested query). Posix: - Fix usage of reentrant functions in ext/posix. Soap: - Various memory issues SPL: - Fixed bug GH-14290 (Member access within null pointer in extension spl). Streams: - Fixed bug GH-11078 (PHP Fatal error triggers pointer being freed was not allocated and malloc: double free for ptr errors). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5458 https://www.php.net/ChangeLog-8.php#8.2.21 https://www.php.net/ChangeLog-8.php#8.2.20 https://www.php.net/ChangeLog-8.php#8.2.19
CVE: CVE-2024-4577, CVE-2024-5458, CVE-2024-5585 => CVE-2024-5458
Advisory updated
(In reply to katnatek from comment #9) > Please guys my use of php is too basic to give OK in base my test If you don't believe your test is sufficient, then please remove the OK. Having it there will discourage others from trying it out. BTW, my knowledge of php is even less than yours, so I can't help in this area.
CC: (none) => andrewsfarm
(In reply to Thomas Andrews from comment #12) > (In reply to katnatek from comment #9) > > Please guys my use of php is too basic to give OK in base my test > > If you don't believe your test is sufficient, then please remove the OK. > Having it there will discourage others from trying it out. > > BTW, my knowledge of php is even less than yours, so I can't help in this > area. I forget to remove the OK when send the comment, thanks
Whiteboard: MGA9-64-OK => (none)
May I ask, what is the problem here? In most cases we are monitoring and testing for packaging errors and basic failures. It is out of scope to test for specific failures. This is done and should be done upstream. @katnatek: if you installed it without errors, and your basic tests works, that should be sufficient to give it an ok state, so it can process.
(In reply to Marc Krämer from comment #14) > May I ask, what is the problem here? > In most cases we are monitoring and testing for packaging errors and basic > failures. It is out of scope to test for specific failures. This is done and > should be done upstream. > > @katnatek: if you installed it without errors, and your basic tests works, > that should be sufficient to give it an ok state, so it can process. @katnatek: Since Marc says your test was sufficient, I'm restoring the OK and validating.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA9-64-OKCC: (none) => sysadmin-bugs
(In reply to Marc Krämer from comment #14) > May I ask, what is the problem here? > In most cases we are monitoring and testing for packaging errors and basic > failures. It is out of scope to test for specific failures. This is done and > should be done upstream. > > @katnatek: if you installed it without errors, and your basic tests works, > that should be sufficient to give it an ok state, so it can process. Well as you can see I use a very small subset of packages, just I did like a test with a wide range of packages and use cases. We depend on you if something rise before the update, I`m not against the validation. Thank you
(In reply to katnatek from comment #16) > (In reply to Marc Krämer from comment #14) > > May I ask, what is the problem here? > > In most cases we are monitoring and testing for packaging errors and basic > > failures. It is out of scope to test for specific failures. This is done and > > should be done upstream. > > > > @katnatek: if you installed it without errors, and your basic tests works, > > that should be sufficient to give it an ok state, so it can process. > > Well as you can see I use a very small subset of packages, just I did like a > test with a wide range of packages and use cases. > > We depend on you if something rise , I`m not against the > validation. > > Thank you before the update -> after the update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0262.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED