• Registered: 2012-02-10
  • Posts: 0

Topic: PHP-FPM in 5.3.9 and new security.limit_extensions variable

Hi Remi,

At first of all great thanks for your repo and your work for maintaining this!

And about the problem. Recently we have updated our servers with new PHP packages and suddenly found that some part of our site has failed to work with "403 Access denied" errors. I was breaking my head trying to figure out this problem because there no any errors in logs. And at the end I was googled and carefully read the PHP 5.3.9 changelog and found that new variable was introduced  in php-fpm config - "security.limit_extensions" and if it is unset, so it's limited to ".php" by default. This is not documented yet. But we use some ".php5" scripts and so they didn't work.

So could you please add this variable into the php-fpm.conf in your packages and warn users about this change? I think this will help many guys to save their time and nervous system.

Thanks and regards,
Pavel

  • Remi
  • Remi
  • Administrateur
  • Offline
  • From: Champagne...
  • Registered: 2009-04-28
  • Posts: 3,836

Re: PHP-FPM in 5.3.9 and new security.limit_extensions variable

Thanks for the notice.
I will try to fix the .conf in next build

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Remi's Website

  • Registered: 2012-02-13
  • Posts: 1

Re: PHP-FPM in 5.3.9 and new security.limit_extensions variable

Hi,

Can you please fix the php/php-cgi/curl as I have the error message:

php -v
PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/curl.so' - libcurl.so.3: cannot open shared object file: No such file or directory in Unknown on line 0
PHP 5.3.10 (cli) (built: Feb  4 2012 07:16:16)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
    with eAccelerator v0.9.6.1, Copyright (c) 2004-2010 eAccelerator, by eAccelerator

We have spoken about this issue a while ago.

Note: I helped you with my generous donation (via Paypal).

Looking forward to hear from you soon.

  • Remi
  • Remi
  • Administrateur
  • Offline
  • From: Champagne...
  • Registered: 2009-04-28
  • Posts: 3,836

Re: PHP-FPM in 5.3.9 and new security.limit_extensions variable

For now php 5.3.10 in remi (stable) repository use standard curl 7.15 (or compat-libcurl3 in remi-test)

curl 7.21.7 is only available in remi-test because I want to avoid new breakage, such as PHP 5.3.8 Curl SSL CA no longer functions.

So, only php (5.4.0RC7) available in remi-test use this new version.

If all goes well, curl 7.21 will go to remi, with php 5.4.0, later

And then, curl 7.24 will go to remi-test

curl is really to much "sensible" to break it...

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Remi's Website