Opened 7 months ago

Closed 7 months ago

#14473 closed enhancement (fixed)

php-8.0.1

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: high Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (3)

comment:1 by Douglas R. Reno, 7 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 7 months ago

Priority: normalhigh
Version 8.0.1
07 Jan 2021

    Core:
        Fixed bug #80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION).
        Fixed bug #72964 (White space not unfolded for CC/Bcc headers).
        Fixed bug #80391 (Iterable not covariant to mixed).
        Fixed bug #80393 (Build of PHP extension fails due to configuration gap with libtool).
        Fixed bug #77069 (stream filter loses final block of data).
    Fileinfo:
        Fixed bug #77961 (finfo_open crafted magic parsing SIGABRT).
    FPM:
        Fixed bug #69625 (FPM returns 200 status on request without SCRIPT_FILENAME env).
    IMAP:
        Fixed bug #80438 (imap_msgno() incorrectly warns and return false on valid UIDs in PHP 8).
        Fix a regression with valid UIDs in imap_savebody().
        Make warnings for invalid message numbers/UIDs between functions consistent.
    Intl:
        Fixed bug #80425 (MessageFormatAdapter::getArgTypeList redefined).
    Opcache:
        Fixed bug #80404 (Incorrect range inference result when division results in float).
        Fixed bug #80377 (Opcache misses executor_globals).
        Fixed bug #80433 (Unable to disable the use of the AVX command when using JIT).
        Fixed bug #80447 (Strange out of memory error when running with JIT).
        Fixed bug #80480 (Segmentation fault with JIT enabled).
        Fixed bug #80506 (Immediate SIGSEGV upon ini_set("opcache.jit_debug", 1)).
    OpenSSL:
        Fixed bug #80368 (OpenSSL extension fails to build against LibreSSL due to lack of OCB support).
    PDO MySQL:
        Fixed bug #80458 (PDOStatement::fetchAll() throws for upsert queries).
        Fixed bug #63185 (nextRowset() ignores MySQL errors with native prepared statements).
        Fixed bug #78152 (PDO::exec() - Bad error handling with multiple commands).
        Fixed bug #66878 (Multiple rowsets not returned unless PDO statement object is unset()).
        Fixed bug #70066 (Unexpected "Cannot execute queries while other unbuffered queries").
        Fixed bug #71145 (Multiple statements in init command triggers unbuffered query error).
        Fixed bug #76815 (PDOStatement cannot be GCed/closeCursor-ed when a PROCEDURE resultset SIGNAL).
        Fixed bug #79872 (Can't execute query with pending result sets).
        Fixed bug #79131 (PDO does not throw an exception when parameter values are missing).
        Fixed bug #72368 (PdoStatement->execute() fails but does not throw an exception).
        Fixed bug #62889 (LOAD DATA INFILE broken).
        Fixed bug #67004 (Executing PDOStatement::fetch() more than once prevents releasing resultset).
        Fixed bug #79132 (PDO re-uses parameter values from earlier calls to execute()).
    Phar:
        Fixed bug #73809 (Phar Zip parse crash - mmap fail).
        Fixed bug #75102 (`PharData` says invalid checksum for valid tar).
        Fixed bug #77322 (PharData::addEmptyDir('/') Possible integer overflow).
    Phpdbg:
        Fixed bug #76813 (Access violation near NULL on source operand).
    SPL:
        Fixed bug #62004 (SplFileObject: fgets after seek returns wrong line).
    Standard:
        Fixed bug #80366 (Return Value of zend_fstat() not Checked).
        Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)
    Tidy:
        Fixed bug #77594 (ob_tidyhandler is never reset).
    Tokenizer:
        Fixed bug #80462 (Nullsafe operator tokenize with TOKEN_PARSE flag fails).
    XML:
        XmlParser opaque object renamed to XMLParser for consistency with other XML objects.
    Zlib:
        Fixed bug #48725 (Support for flushing in zlib stream).

Contains a fix for CVE-2020-7071, "FILTER_VALIDATE_URL accepts URLs with invalid userinfo". This vulnerability is rated 8.2/10 by Red Hat and is considered High risk, and is network exploitable.

comment:3 by Douglas R. Reno, 7 months ago

Resolution: fixed
Status: assignedclosed

Fixed at r24097

Note: See TracTickets for help on using tickets.