Re: [blfs-book] [BLFS Trac] #7421: php-7.0.3

Thu, 04 Feb 2016 06:59:14 -0800 

#7421: php-7.0.3
-------------------------+-----------------------
 Reporter:  fo           |       Owner:  fo
     Type:  enhancement  |      Status:  assigned
 Priority:  high         |   Milestone:  7.9
Component:  BOOK         |     Version:  SVN
 Severity:  normal       |  Resolution:
 Keywords:               |
-------------------------+-----------------------

Old description:

> == Fixes Include Security Related Issues ==
>
> [http://www.php.net/distributions/php-7.0.3.tar.xz]
>
> [http://www.php.net/distributions/php-7.0.3.tar.xz.asc]
>
> [https://secure.php.net/downloads.php]
>
> md5: 3c5d2b5b392b78fa92c48822e25ccb56  php-7.0.3.tar.xz
>
> [https://secure.php.net/archive/2016.php]
>
> or
>
> [http://news.php.net/php.announce]
>
> or
>
> [http://lxr.php.net/xref/PHP_7_0/NEWS]
>
> {{{
> 04 Feb 2016 PHP 7.0.3
>
> - Core:
>   • Added support for new HTTP 451 code. (Julien)
>   • Fixed bug #71039 (exec functions ignore length but look for NULL
>     termination).  (Anatol)
>   • Fixed bug #71089 (No check to duplicate zend_extension). (Remi)
>   • Fixed bug #71201 (round() segfault on 64-bit builds). (Anatol)
>   • Fixed bug #71221 (Null pointer deref (segfault) in get_defined_vars
>     via ob_start). (hugh at allthethings dot co dot nz)
>   • Fixed bug #71248 (Wrong interface is enforced). (Dmitry)
>   • Fixed bug #71273 (A wrong ext directory setup in php.ini leads to
>     crash).  (Anatol)
>   • Fixed Bug #71275 (Bad method called on cloning an object having a
>     trait).  (Bob)
>   • Fixed bug #71297 (Memory leak with consecutive yield from). (Bob)
>   • Fixed bug #71300 (Segfault in zend_fetch_string_offset). (Laruence)
>   • Fixed bug #71314 (var_export(INF) prints INF.0). (Andrea)
>   • Fixed bug #71323 (Output of stream_get_meta_data can be falsified by
>     its input). (Leo Gaspard)
>   • Fixed bug #71336 (Wrong is_ref on properties as exposed via
>     get_object_vars()). (Laruence)
>   • Fixed bug #71459 (Integer overflow in iptcembed()). (Stas)
>
> - Apache2handler:
>   • Fix >2G Content-Length headers in apache2handler. (Adam Harvey)
>
> - CURL:
>   • Fixed bug #71227 (Can't compile php_curl statically). (Anatol)
>   • Fixed bug #71225 (curl_setopt() fails to set CURLOPT_POSTFIELDS with
>     reference to CURLFile). (Laruence)
>
> - Interbase:
>   • Fixed Bug #71305 (Crash when optional resource is omitted).
>     (Laruence, Anatol)
>
> - LDAP:
>   • Fixed bug #71249 (ldap_mod_replace/ldap_mod_add store value as
>     string "Array"). (Laruence)
>
> - mbstring:
>   • Fixed bug #71397 (mb_send_mail segmentation fault). (Andrea, Yasuo)
>
> - OpenSSL:
>   • Fixed bug #71475 (openssl_seal() uninitialized memory usage). (Stas)
>
> - Phar:
>   • Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (Stas)
>   • Fixed bug #71391 (NULL Pointer Dereference in
>     phar_tar_setupmetadata()).  (Stas)
>   • Fixed bug #71488 (Stack overflow when decompressing tar archives).
>     (Stas)
>
> - SOAP:
>   • Fixed bug #70979 (crash with bad soap request). (Anatol)
>
> - SPL:
>   • Fixed bug #71204 (segfault if clean spl_autoload_funcs while
>     autoloading).  (Laruence)
>   • Fixed bug #71202 (Autoload function registered by another not
>     activated immediately). (Laruence)
>   • Fixed bug #71311 (Use-after-free vulnerability in SPL(ArrayObject,
>     unserialize)). (Sean Heelan)
>   • Fixed bug #71313 (Use-after-free vulnerability in
>     SPL(SplObjectStorage, unserialize)). (Sean Heelan)
>
> - Standard:
>   • Fixed bug #71287 (Error message contains hexadecimal instead of
>     decimal number). (Laruence)
>   • Fixed bug #71264 (file_put_contents() returns unexpected value when
>     filesystem runs full). (Laruence)
>   • Fixed bug #71245 (file_get_contents() ignores "header" context
>     option if it's a reference). (Laruence)
>   • Fixed bug #71220 (Null pointer deref (segfault) in compact via
>     ob_start).  (hugh at allthethings dot co dot nz)
>   • Fixed bug #71190 (substr_replace converts integers in original
>     $search array to strings). (Laruence)
>   • Fixed bug #71188 (str_replace converts integers in original $search
>     array to strings). (Laruence)
>   • Fixed bug #71132, #71197 (range() segfaults). (Thomas Punt)
>
> - WDDX:
>   • Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization).
>     (Stas)
> }}}
>
> [https://secure.php.net/ChangeLog-7.php]
>
> {{{
> PHP 7 ChangeLog
>
> Not yet available
> }}}

New description:

 == Fixes Include Security Related Issues ==

 [http://www.php.net/distributions/php-7.0.3.tar.xz]

 [http://www.php.net/distributions/php-7.0.3.tar.xz.asc]

 [https://secure.php.net/downloads.php]

 md5: 3c5d2b5b392b78fa92c48822e25ccb56  php-7.0.3.tar.xz

 [https://secure.php.net/archive/2016.php#id2016-02-04-1]

 or

 [http://news.php.net/php.announce/172]

 {{{
     From:   Anatol Belski   Date:   Thu Feb  4 08:25:19 2016
     Subject:  PHP 7.0.3 is available
     Groups:   php.announce

     Hi,

     The PHP development team announces the immediate availability of PHP
     7.0.3.  This is a security release. Several security bugs were fixed
     in this release. All PHP 7.0 users are encouraged to upgrade to this
     version.

 ...

     Regards,
         Anatol Belski and Ferenc Kovacs
 }}}

 [http://www.php.net/ChangeLog-7.php]

 or

 [http://lxr.php.net/xref/PHP_7_0/NEWS]

 {{{
 04 Feb 2016 PHP 7.0.3

 - Core:
   • Added support for new HTTP 451 code. (Julien)
   • Fixed bug #71039 (exec functions ignore length but look for NULL
     termination).  (Anatol)
   • Fixed bug #71089 (No check to duplicate zend_extension). (Remi)
   • Fixed bug #71201 (round() segfault on 64-bit builds). (Anatol)
   • Fixed bug #71221 (Null pointer deref (segfault) in get_defined_vars
     via ob_start). (hugh at allthethings dot co dot nz)
   • Fixed bug #71248 (Wrong interface is enforced). (Dmitry)
   • Fixed bug #71273 (A wrong ext directory setup in php.ini leads to
     crash).  (Anatol)
   • Fixed Bug #71275 (Bad method called on cloning an object having a
     trait).  (Bob)
   • Fixed bug #71297 (Memory leak with consecutive yield from). (Bob)
   • Fixed bug #71300 (Segfault in zend_fetch_string_offset). (Laruence)
   • Fixed bug #71314 (var_export(INF) prints INF.0). (Andrea)
   • Fixed bug #71323 (Output of stream_get_meta_data can be falsified by
     its input). (Leo Gaspard)
   • Fixed bug #71336 (Wrong is_ref on properties as exposed via
     get_object_vars()). (Laruence)
   • Fixed bug #71459 (Integer overflow in iptcembed()). (Stas)

 - Apache2handler:
   • Fix >2G Content-Length headers in apache2handler. (Adam Harvey)

 - CURL:
   • Fixed bug #71227 (Can't compile php_curl statically). (Anatol)
   • Fixed bug #71225 (curl_setopt() fails to set CURLOPT_POSTFIELDS with
     reference to CURLFile). (Laruence)

 - Interbase:
   • Fixed Bug #71305 (Crash when optional resource is omitted).
     (Laruence, Anatol)

 - LDAP:
   • Fixed bug #71249 (ldap_mod_replace/ldap_mod_add store value as
     string "Array"). (Laruence)

 - mbstring:
   • Fixed bug #71397 (mb_send_mail segmentation fault). (Andrea, Yasuo)

 - OpenSSL:
   • Fixed bug #71475 (openssl_seal() uninitialized memory usage). (Stas)

 - Phar:
   • Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (Stas)
   • Fixed bug #71391 (NULL Pointer Dereference in
     phar_tar_setupmetadata()).  (Stas)
   • Fixed bug #71488 (Stack overflow when decompressing tar archives).
     (Stas)

 - SOAP:
   • Fixed bug #70979 (crash with bad soap request). (Anatol)

 - SPL:
   • Fixed bug #71204 (segfault if clean spl_autoload_funcs while
     autoloading).  (Laruence)
   • Fixed bug #71202 (Autoload function registered by another not
     activated immediately). (Laruence)
   • Fixed bug #71311 (Use-after-free vulnerability in SPL(ArrayObject,
     unserialize)). (Sean Heelan)
   • Fixed bug #71313 (Use-after-free vulnerability in
     SPL(SplObjectStorage, unserialize)). (Sean Heelan)

 - Standard:
   • Fixed bug #71287 (Error message contains hexadecimal instead of
     decimal number). (Laruence)
   • Fixed bug #71264 (file_put_contents() returns unexpected value when
     filesystem runs full). (Laruence)
   • Fixed bug #71245 (file_get_contents() ignores "header" context
     option if it's a reference). (Laruence)
   • Fixed bug #71220 (Null pointer deref (segfault) in compact via
     ob_start).  (hugh at allthethings dot co dot nz)
   • Fixed bug #71190 (substr_replace converts integers in original
     $search array to strings). (Laruence)
   • Fixed bug #71188 (str_replace converts integers in original $search
     array to strings). (Laruence)
   • Fixed bug #71132, #71197 (range() segfaults). (Thomas Punt)

 - WDDX:
   • Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization).
     (Stas)
 }}}

--

Comment (by fo):

 Md5sum didn't change, for released tarball.

 Modifying ''Description'''.

--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/7421#comment:3>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to