Opened 4 weeks ago

Closed 3 weeks ago

Last modified 3 weeks ago

#19645 closed enhancement (fixed)

php-8.3.6

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: elevated Milestone: 12.2
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (5)

comment:1 by Douglas R. Reno, 4 weeks ago

Priority: normalelevated

Contains four security fixes, though I think one of them is Windows specific

comment:2 by Bruce Dubbs, 3 weeks ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:3 by Bruce Dubbs, 3 weeks ago

11 Apr 2024, PHP 8.3.6

  • Core:
    • Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps)
    • Fixed bug GH-13612 (Corrupted memory in destructor with weak references).
    • Fixed bug GH-13446 (Restore exception handler after it finishes).
    • Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure).
    • Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor)

  • DOM:
    • Add some missing ZPP checks.
    • Fix potential memory leak in XPath evaluation results.

  • FPM:
    • Fixed GH-11086 (FPM: config test runs twice in daemonised mode).
    • Fix incorrect check in fpm_shm_free().

  • GD:
    • Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests).
  • Gettext:
    • Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL-
  • MySQLnd:
    • Fix GH-13452 (Fixed handshake response [mysqlnd]).
    • Fix incorrect charset length in check_mb_eucjpms().
  • Opcache:
    • Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null).
    • Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded)-

  • Random:
    • Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes)-
    • Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used)-

  • Session:
    • Fixed bug GH-13680 (Segfault with session_decode and compilation error).

  • SPL:
    • Fixed bug GH-13685 (Unexpected null pointer in zend_string.h).

  • Standard:
    • Fixed bug GH-11808 (Live filesystem modified by tests).
    • Fixed GH-13402 (Added validation of \n in $additional_headers of mail()).
    • Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows).
    • Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open)- (CVE-2024-1874)
    • Fixed bug GHSA-wpj3-hf5j-x4v4 (Host-/Secure- cookie bypass due to partial CVE-2022-31629 fix)- (CVE-2024-2756)
    • Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk)- (CVE-2024-3096)
    • Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some inputs)- (CVE-2024-2757) (
    • Fix bug GH-13932 (Attempt to fix mbstring on windows build)

~

comment:4 by Bruce Dubbs, 3 weeks ago

Resolution: fixed
Status: assignedclosed

Fixed at commits: 

ec19fde3b8 Update to boost-1.85.0.
c2dab1b091 Update to sqlite-autoconf-3450300 (3.45.3).
d9c72a3cfd Update to php-8.3.6 (security update).

comment:5 by Douglas R. Reno, 3 weeks ago

SA-12.1-030 issued

Note: See TracTickets for help on using tickets.