Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#17484 closed enhancement (fixed)

php-8.2.1

Reported by: Bruce Dubbs Owned by: blfs-book
Priority: elevated Milestone: 11.3
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by Bruce Dubbs, 2 years ago

05 Jan 2023, PHP 8.2.1

  • Core:
    • Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined).
    • Fixed bug GH-9918 (License information for xxHash is not included in README-REDIST.BINS file).
    • Fixed bug GH-9890 (OpenSSL legacy providers not available on Windows).
    • Fixed bug GH-9650 (Can't initialize heap: [0x000001e7]).
    • Fixed potentially undefined behavior in Windows ftok(3) emulation.
    • Fixed GH-9769 (Misleading error message for unpacking of objects).
  • Apache:
    • Fixed bug GH-9949 (Partial content on incomplete POST request).
  • FPM:
    • Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug 66694)
    • Fixed bug 68207 (Setting fastcgi.error_header can result in a WARNING).
    • Fixed bug 80669 (FPM numeric user fails to set groups).
    • Fixed bug GH-8517 (Random crash of FPM master process in fpm_stdio_child_said)-
  • Imap:
    • Fixed bug GH-10051 (IMAP: there's no way to check if a IMAP\Connection is still open)
  • MBString:
    • Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in PHP8-1).

  • Opcache:
    • Fixed bug GH-9968 (Segmentation Fault during OPCache Preload).
  • OpenSSL:
    • Fixed bug GH-9997 (OpenSSL engine clean up segfault).
    • Fixed bug GH-9064 (PHP fails to build if openssl was built with --no-ec).
    • Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with no-dsa)

  • Pcntl:
    • Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash).

  • PDO_Firebird:
    • Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird).
  • PDO/SQLite:
    • Fixed bug 81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)

  • Session:
    • Fixed GH-9932 (session name silently fails with . and [).
  • SPL:
    • Fixed GH-9883 (SplFileObject::toString() reads next line).
    • Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be unregistered)
  • SQLite3:
    • Fixed bug 81742 (open_basedir bypass in SQLite3 by using file URI).
  • TSRM:
    • Fixed Windows shmget() wrt. IPC_PRIVATE.

comment:2 by Bruce Dubbs, 2 years ago

Resolution: fixed
Status: newclosed

Fixed at commit e94875222aed760ebddc7885272e51d191613675

comment:3 by Douglas R. Reno, 2 years ago

Priority: normalelevated

Retroactively promote to Elevated due to CVE-2022-31631

comment:4 by Douglas R. Reno, 2 years ago

Issued SA-11.2-073

Note: See TracTickets for help on using tickets.