Opened 9 years ago

Closed 9 years ago

#7421 closed enhancement (fixed)

php-7.0.3

Reported by: Fernando de Oliveira Owned by: Fernando de Oliveira
Priority: high Milestone: 7.9
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description (last modified by Fernando de Oliveira)

Fixes Include Security Related Issues

http://www.php.net/distributions/php-7.0.3.tar.xz

http://www.php.net/distributions/php-7.0.3.tar.xz.asc

https://secure.php.net/downloads.php

md5: 3c5d2b5b392b78fa92c48822e25ccb56 php-7.0.3.tar.xz

https://secure.php.net/archive/2016.php#id2016-02-04-1

or

http://news.php.net/php.announce/172 

    From:   Anatol Belski   Date:   Thu Feb  4 08:25:19 2016
    Subject:  PHP 7.0.3 is available
    Groups:   php.announce

    Hi,

    The PHP development team announces the immediate availability of PHP
    7.0.3.  This is a security release. Several security bugs were fixed
    in this release. All PHP 7.0 users are encouraged to upgrade to this
    version.

...

    Regards,
        Anatol Belski and Ferenc Kovacs

http://www.php.net/ChangeLog-7.php

or

http://lxr.php.net/xref/PHP_7_0/NEWS 

04 Feb 2016 PHP 7.0.3

- Core:
  • Added support for new HTTP 451 code. (Julien)
  • Fixed bug #71039 (exec functions ignore length but look for NULL
    termination).  (Anatol)
  • Fixed bug #71089 (No check to duplicate zend_extension). (Remi)
  • Fixed bug #71201 (round() segfault on 64-bit builds). (Anatol)
  • Fixed bug #71221 (Null pointer deref (segfault) in get_defined_vars
    via ob_start). (hugh at allthethings dot co dot nz)
  • Fixed bug #71248 (Wrong interface is enforced). (Dmitry)
  • Fixed bug #71273 (A wrong ext directory setup in php.ini leads to
    crash).  (Anatol)
  • Fixed Bug #71275 (Bad method called on cloning an object having a
    trait).  (Bob)
  • Fixed bug #71297 (Memory leak with consecutive yield from). (Bob)
  • Fixed bug #71300 (Segfault in zend_fetch_string_offset). (Laruence)
  • Fixed bug #71314 (var_export(INF) prints INF.0). (Andrea)
  • Fixed bug #71323 (Output of stream_get_meta_data can be falsified by
    its input). (Leo Gaspard)
  • Fixed bug #71336 (Wrong is_ref on properties as exposed via
    get_object_vars()). (Laruence)
  • Fixed bug #71459 (Integer overflow in iptcembed()). (Stas)

- Apache2handler:
  • Fix >2G Content-Length headers in apache2handler. (Adam Harvey)

- CURL:
  • Fixed bug #71227 (Can't compile php_curl statically). (Anatol)
  • Fixed bug #71225 (curl_setopt() fails to set CURLOPT_POSTFIELDS with
    reference to CURLFile). (Laruence)

- Interbase:
  • Fixed Bug #71305 (Crash when optional resource is omitted).
    (Laruence, Anatol)

- LDAP:
  • Fixed bug #71249 (ldap_mod_replace/ldap_mod_add store value as
    string "Array"). (Laruence)

- mbstring:
  • Fixed bug #71397 (mb_send_mail segmentation fault). (Andrea, Yasuo)

- OpenSSL:
  • Fixed bug #71475 (openssl_seal() uninitialized memory usage). (Stas)

- Phar:
  • Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (Stas)
  • Fixed bug #71391 (NULL Pointer Dereference in
    phar_tar_setupmetadata()).  (Stas)
  • Fixed bug #71488 (Stack overflow when decompressing tar archives).
    (Stas)

- SOAP:
  • Fixed bug #70979 (crash with bad soap request). (Anatol)

- SPL:
  • Fixed bug #71204 (segfault if clean spl_autoload_funcs while
    autoloading).  (Laruence)
  • Fixed bug #71202 (Autoload function registered by another not
    activated immediately). (Laruence)
  • Fixed bug #71311 (Use-after-free vulnerability in SPL(ArrayObject,
    unserialize)). (Sean Heelan)
  • Fixed bug #71313 (Use-after-free vulnerability in
    SPL(SplObjectStorage, unserialize)). (Sean Heelan)

- Standard:
  • Fixed bug #71287 (Error message contains hexadecimal instead of
    decimal number). (Laruence)
  • Fixed bug #71264 (file_put_contents() returns unexpected value when
    filesystem runs full). (Laruence)
  • Fixed bug #71245 (file_get_contents() ignores "header" context
    option if it's a reference). (Laruence)
  • Fixed bug #71220 (Null pointer deref (segfault) in compact via
    ob_start).  (hugh at allthethings dot co dot nz)
  • Fixed bug #71190 (substr_replace converts integers in original
    $search array to strings). (Laruence)
  • Fixed bug #71188 (str_replace converts integers in original $search
    array to strings). (Laruence)
  • Fixed bug #71132, #71197 (range() segfaults). (Thomas Punt)

- WDDX:
  • Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization).
    (Stas)

Change History (4)

comment:1 by Fernando de Oliveira, 9 years ago

Owner: changed from blfs-book@… to Fernando de Oliveira
Status: newassigned

comment:2 by Fernando de Oliveira, 9 years ago

Will wait until Friday or tomorrow.

Apparently official release is tomorrow, News and releases pages not yet updated, but tarballs already available, with signature and md5sum not changed since yesterday.

comment:3 by Fernando de Oliveira, 9 years ago

Description: modified (diff)

Md5sum didn't change, for released tarball.

Modifying Description.

comment:4 by Fernando de Oliveira, 9 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r16902.

Note: See TracTickets for help on using tickets.