Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#13285 closed enhancement (fixed)

php-7.4.4

Reported by: Douglas R. Reno Owned by: Bruce Dubbs
Priority: high Milestone: 10.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version

Change History (6)

comment:1 by Bruce Dubbs, 4 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 4 years ago

19 Mar 2020, PHP 7.4.4

  • Core:
    • Fixed bug 79329 (get_headers() silently truncates after a null byte)
    • Fixed bug 79244 (php crashes during parsing INI file). (Laruence)
    • Fixed bug 63206 (restore_error_handler does not restore previous errors mask)
  • COM:
    • Fixed bug 66322 (COMPersistHelper::SaveToFile can save to wrong location).
    • Fixed bug 79242 (COM error constants don't match com_exception codes on x86)
    • Fixed bug 79247 (Garbage collecting variant objects segfaults).
    • Fixed bug 79248 (Traversing empty VT_ARRAY throws com_exception).
    • Fixed bug 79299 (com_print_typeinfo prints duplicate variables).
    • Fixed bug 79332 (php_istreams are never freed).
    • Fixed bug 79333 (com_print_typeinfo() leaks memory).
  • CURL:
    • Fixed bug 79019 (Copied cURL handles upload empty file).
    • Fixed bug 79013 (Content-Length missing when posting a curlFile with curl)-
  • DOM:
    • Fixed bug 77569: (Write Access Violation in DomImplementation).
    • Fixed bug 79271 (DOMDocumentType::$childNodes is NULL).
  • Enchant:
    • Fixed bug 79311 (enchant_dict_suggest() fails on big endian architecture).
  • EXIF:
    • Fixed bug 79282 (Use-of-uninitialized-value in exif) (CVE-2020-7064)
  • Fileinfo:
    • Fixed bug 79283 (Segfault in libmagic patch contains a buffer overflow)
  • FPM:
    • Fixed bug 77653 (operator displayed instead of the real error message).
    • Fixed bug 79014 (PHP-FPM & Primary script unknown).
  • MBstring:
    • Fixed bug 79371 (mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full) (CVE-2020-7065)
  • MySQLi:
    • Fixed bug 64032 (mysqli reports different client_version).

  • MySQLnd:
    • Implemented FR 79275 (Support auth_plugin_caching_sha2_password on Windows)
  • Opcache:
    • Fixed bug 79252 (preloading causes php-fpm to segfault during exit).
  • PCRE:
    • Fixed bug 79188 (Memory corruption in preg_replace/preg_replace_callback and unicode)
    • Fixed bug 79241 (Segmentation fault on preg_match()).
    • Fixed bug 79257 (Duplicate named groups (?J) prefer last alternative even if not matched)
  • PDO_ODBC:
    • Fixed bug 79038 (PDOStatement::nextRowset() leaks column values).
  • Reflection:
    • Fixed bug 79062 (Property with heredoc default value returns false for getDocComment)
  • SQLite3:
    • Fixed bug 79294 (::columnType() may fail after SQLite3Stmt::reset()).
  • Standard:
    • Fixed bug 79254 (getenv() w/o arguments not showing changes).
    • Fixed bug 79265 (Improper injection of Host header when using fopen for http requests)
  • Zip:
    • Fixed bug 79315 (ZipArchive::addFile doesn't honor start/length parameters)

comment:3 by Bruce Dubbs, 4 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 22867.

comment:4 by Douglas R. Reno, 4 years ago

Priority: normalhigh

Retroactively promote to High for CVE-2020-7065 and CVE-2020-7064

comment:5 by Bruce Dubbs, 4 years ago

Milestone: 9.210,0

Milestone renamed

comment:6 by Bruce Dubbs, 4 years ago

Milestone: 10,010.0

Milestone renamed

Note: See TracTickets for help on using tickets.