#7421: php-7.0.3
-------------------------+-------------------------
Reporter: fo | Owner: blfs-book@…
Type: enhancement | Status: new
Priority: high | Milestone: 7.9
Component: BOOK | Version: SVN
Severity: normal | Keywords:
-------------------------+-------------------------
== Fixes Include Security Related Issues ==
[http://www.php.net/distributions/php-7.0.3.tar.xz]
[http://www.php.net/distributions/php-7.0.3.tar.xz.asc]
[https://secure.php.net/downloads.php]
md5: 3c5d2b5b392b78fa92c48822e25ccb56 php-7.0.3.tar.xz
[https://secure.php.net/archive/2016.php]
or
[http://news.php.net/php.announce]
or
[http://lxr.php.net/xref/PHP_7_0/NEWS]
{{{
04 Feb 2016 PHP 7.0.3
- Core:
• Added support for new HTTP 451 code. (Julien)
• Fixed bug #71039 (exec functions ignore length but look for NULL
termination). (Anatol)
• Fixed bug #71089 (No check to duplicate zend_extension). (Remi)
• Fixed bug #71201 (round() segfault on 64-bit builds). (Anatol)
• Fixed bug #71221 (Null pointer deref (segfault) in get_defined_vars
via ob_start). (hugh at allthethings dot co dot nz)
• Fixed bug #71248 (Wrong interface is enforced). (Dmitry)
• Fixed bug #71273 (A wrong ext directory setup in php.ini leads to
crash). (Anatol)
• Fixed Bug #71275 (Bad method called on cloning an object having a
trait). (Bob)
• Fixed bug #71297 (Memory leak with consecutive yield from). (Bob)
• Fixed bug #71300 (Segfault in zend_fetch_string_offset). (Laruence)
• Fixed bug #71314 (var_export(INF) prints INF.0). (Andrea)
• Fixed bug #71323 (Output of stream_get_meta_data can be falsified by
its input). (Leo Gaspard)
• Fixed bug #71336 (Wrong is_ref on properties as exposed via
get_object_vars()). (Laruence)
• Fixed bug #71459 (Integer overflow in iptcembed()). (Stas)
- Apache2handler:
• Fix >2G Content-Length headers in apache2handler. (Adam Harvey)
- CURL:
• Fixed bug #71227 (Can't compile php_curl statically). (Anatol)
• Fixed bug #71225 (curl_setopt() fails to set CURLOPT_POSTFIELDS with
reference to CURLFile). (Laruence)
- Interbase:
• Fixed Bug #71305 (Crash when optional resource is omitted).
(Laruence, Anatol)
- LDAP:
• Fixed bug #71249 (ldap_mod_replace/ldap_mod_add store value as
string "Array"). (Laruence)
- mbstring:
• Fixed bug #71397 (mb_send_mail segmentation fault). (Andrea, Yasuo)
- OpenSSL:
• Fixed bug #71475 (openssl_seal() uninitialized memory usage). (Stas)
- Phar:
• Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (Stas)
• Fixed bug #71391 (NULL Pointer Dereference in
phar_tar_setupmetadata()). (Stas)
• Fixed bug #71488 (Stack overflow when decompressing tar archives).
(Stas)
- SOAP:
• Fixed bug #70979 (crash with bad soap request). (Anatol)
- SPL:
• Fixed bug #71204 (segfault if clean spl_autoload_funcs while
autoloading). (Laruence)
• Fixed bug #71202 (Autoload function registered by another not
activated immediately). (Laruence)
• Fixed bug #71311 (Use-after-free vulnerability in SPL(ArrayObject,
unserialize)). (Sean Heelan)
• Fixed bug #71313 (Use-after-free vulnerability in
SPL(SplObjectStorage, unserialize)). (Sean Heelan)
- Standard:
• Fixed bug #71287 (Error message contains hexadecimal instead of
decimal number). (Laruence)
• Fixed bug #71264 (file_put_contents() returns unexpected value when
filesystem runs full). (Laruence)
• Fixed bug #71245 (file_get_contents() ignores "header" context
option if it's a reference). (Laruence)
• Fixed bug #71220 (Null pointer deref (segfault) in compact via
ob_start). (hugh at allthethings dot co dot nz)
• Fixed bug #71190 (substr_replace converts integers in original
$search array to strings). (Laruence)
• Fixed bug #71188 (str_replace converts integers in original $search
array to strings). (Laruence)
• Fixed bug #71132, #71197 (range() segfaults). (Thomas Punt)
- WDDX:
• Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization).
(Stas)
}}}
[https://secure.php.net/ChangeLog-7.php]
{{{
PHP 7 ChangeLog
Not yet available
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/7421>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
