| php72-7.2.34-3.an3.src
[11.9 MiB] |
Changelog
by JoungKyun.Kim (2022-02-05):
- security issues
. #79812 Pcntl: Potential integer overflow in pcntl_exec()
. CVE-2021-21706 Zip: ZipArchive::extractTo extracts outside of destination (#81420)
. CVE-2021-21703 FPM: PHP-FPM oob R/W in root process leading to privilege escalation (#81026)
. CVE-2021-21707 XML: special character is breaking the path in xml function (#79971)
|
| php72-7.2.34-2.an3.src
[11.9 MiB] |
Changelog
by JoungKyun.Kim (2021-03-15):
- security issues
. CVE-2020-7071 Standard: FILTER_VALIDATE_URL accepts URLs with invalid userinfo (#77423)
. CVE-2021-21702 Soap: Null Dereference in SoapClient (#80672)
|
| php72-7.2.34-1.an3.src
[11.9 MiB] |
Changelog
by JoungKyun.Kim (2021-01-03):
- update 7.2.34
. http://www.php.net/ChangeLog-7.php#7.2.33
. http://www.php.net/ChangeLog-7.php#7.2.34
- security issues
. CVE-2020-7068 Use of freed hash key in the phar_parse_zipfile function (#79797)
. CVE-2020-7069 Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV (#79601)
. CVE-2020-7070 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent (#79699)
|
| php72-7.2.31-1.an3.src
[11.9 MiB] |
Changelog
by JoungKyun.Kim (2020-06-10):
- update 7.2.31
. http://www.php.net/ChangeLog-7.php#7.2.27
. http://www.php.net/ChangeLog-7.php#7.2.28
. http://www.php.net/ChangeLog-7.php#7.2.29
. http://www.php.net/ChangeLog-7.php#7.2.30
. http://www.php.net/ChangeLog-7.php#7.2.31
- security issues
. CVE-2019-11048 Core: #78875 Long variables in multipart/form-data cause OOM and temp files are not cleaned
. CVE-2019-11048 Core: #78876 Long filenames cause OOM and temp files are not cleaned
. CVE-2020-7066 Standard: #79329 get_headers() silently truncates after a null byte
. CVE-2020-7064 EXIF: #79282 Use-of-uninitialized-value in exif
. CVE-2020-7063 Phar: #79082 (Files added to tar with Phar::buildFromIterator have all-access permissions
. CVE-2020-7062 Session: #79221 (Null Pointer Dereference in PHP Session Upload Progress
|
| php72-7.2.26-1.an3.src
[14.6 MiB] |
Changelog
by JoungKyun.Kim (2020-01-23):
- update 7.2.26
. http://www.php.net/ChangeLog-7.php#7.2.26
. http://www.php.net/ChangeLog-7.php#7.2.25
. http://www.php.net/ChangeLog-7.php#7.2.24
. http://www.php.net/ChangeLog-7.php#7.2.23
. http://www.php.net/ChangeLog-7.php#7.2.22
. http://www.php.net/ChangeLog-7.php#7.2.21
. http://www.php.net/ChangeLog-7.php#7.2.20
- 7.2.26 official bugs
. fixed #79099 Standard: OOB read in php_strip_tags_ex
. fixed #79091 Session: heap use-after-free in session_create_id()
. fixed #79037 Mbstring: global buffer-overflow in 'mbfl_filt_conv_big5_wchar'
- security issues
. CVE-2019-11041 EXIF: heap-buffer-overflow on exif_process_user_comment
. CVE-2019-11042 EXIF: heap-buffer-overflow on exif_scan_thumbnail
. CVE-2019-11043 FPM: env_path_info underflow in fpm_main.c can lead to RCE
. CVE-2019-11047 EXIF: Heap-buffer-overflow READ in exif
. CVE-2019-11050 EXIF: Use-after-free in exif parsing under memory sanitizer
. CVE-2019-11044 Core: link() silently truncates after a null byte on Windows
. CVE-2019-11045 Core: DirectoryIterator class silently truncates after a null byte
. CVE-2019-11046 Bcmath: Buffer underflow in bc_shift_addsub
. CVE-2020-7059 Standard: OOB read in php_strip_tags_ex
. CVE-2020-7060 Mbstring: global buffer-overflow in 'mbfl_filt_conv_big5_wchar'
|
| php72-7.2.19-1.an3.src
[14.5 MiB] |
Changelog
by JoungKyun.Kim (2019-06-08):
- update 7.2.19
. http://www.php.net/ChangeLog-7.php#7.2.19
. http://www.php.net/ChangeLog-7.php#7.2.18
. http://www.php.net/ChangeLog-7.php#7.2.17
. http://www.php.net/ChangeLog-7.php#7.2.16
. http://www.php.net/ChangeLog-7.php#7.2.15
- 7.2.19 official bugs
. fixed #76980 Core: Interface gets skipped if autoloader throws an exception).
. fixed #78025 DOM: segfault when accessing properties of DOMDocumentType).
. fixed #77956 MySQLi: When mysqli.allow_local_infile = Off, use a meaningful
. fixed #38546 MySQLi: bindParam incorrect processing of bool types).
. fixed #78079 OpenSSL: openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c).
. fixed #78038 Sockets: Socket_select fails when resource array contains
. fixed #77135 Standard: Extract with EXTR_SKIP should skip $this).
. fixed #76345 Zip: zip.h not found). (Michael Maroszek)
- security issues
. CVE-2019-11040 EXIF: heap-buffer-overflow on php_jpg_get16 (#77988)
. CVE-2019-11038 GD: Uninitialized read in gdImageCreateFromXbm (#77973)
. CVE-2019-11039 Iconv: Out-of-bounds read in iconv.c:_php_iconv_mime_decode()
due to integer overflow (#78069)
. CVE-2019-11036 EXIF: Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG (#77950)
. CVE-2019-11035 EXIF: Heap-buffer-overflow in exif_iif_add_value (#77831)
. CVE-2019-11034 EXIF: Heap-buffer-overflow in php_ifd_get32s (#77753)
- link openssl 1.1 (openssl11)
. support TLS 1.3
- 3rd party extensions
. mysql: removed and seperated by php72-mysql package
. libevent: fixed #23 Segmentation fault where there is more than one timer event
|
| php72-7.2.14-1.an3.src
[14.5 MiB] |
Changelog
by JoungKyun.Kim (2019-01-11):
- update 7.2.14
- update ncurses extension
- 7.2.14 official bugs
. fixed #77339 Core: __callStatic may get incorrect arguments
. fixed #73281 GD: imagescale(…, IMG_BILINEAR_FIXED) can cause black border
. fixed #77272 GD: imagescale() may return image resource on failure
. fixed #77439 Standard: parse_str segfaults when inserting item into existing array
. fixed #76839 Sockets: socket_recvfrom may return an invalid 'from' address on MacOS
|
| php72-7.2.13-1.an3.src
[14.5 MiB] |
Changelog
by JoungKyun.Kim (2019-01-06):
- update 7.2.13
. http://www.php.net/ChangeLog-7.php#7.2.13
. http://www.php.net/ChangeLog-7.php#7.2.12
. http://www.php.net/ChangeLog-7.php#7.2.11
. http://www.php.net/ChangeLog-7.php#7.2.10
. http://www.php.net/ChangeLog-7.php#7.2.9
. http://www.php.net/ChangeLog-7.php#7.2.8
- 7.2.13 official bugs
. fixed #71041 Core: zend_signal_startup() needs ZEND_API
. fixed #76046 Core: PHP generates "FE_FREE" opcode on the wrong line
. fixed #77339 Core: __callStatic may get incorrect arguments
. fixed #77097 Date: DateTime::diff gives wrong diff when the actual diff is less than 1 second.
. fixed #77184 Exif: Unsigned rational numbers are written out as signed rationals.
. fixed #77195 GD: Incorrect error handling of imagecreatefromjpeg().
. fixed #77198 GD: auto cropping has insufficient precision.
. fixed #77200 GD: imagecropauto(…, GD_CROP_SIDES) crops left but not right.
. fixed #77020 IMAP: null pointer dereference in imap_mail.
. fixed #76804 OCI8: oci_pconnect with OCI_CRED_EXT not working.
. OCI8: Added oci_set_call_timeout() for call timeouts.
. OCI8: Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute.
. fixed #77215 Opcache: CFG assertion failure on multiple finalizing switch frees in one block.
. PDO: Handle invalid index passed to PDOStatement::fetchColumn() as error.
. fixed #77051 SQLite3: Issue with re-binding on SQLite3.
- 7.2.14 official bugs
. fixed #77391 GD: 1bpp BMPs may fail to be loaded.
. fixed #75684 MySQLnd: In mysqlnd_ext_plugin.h the plugin methods family has no external visibility.
. fixed #77273 PD0: array_walk_recursive corrupts value types leading to PDO failure.
. fixed #77395 Standard: segfault about array_multisort.
- security issues:
. CVE-2018-17082 Apache2: XSS due to the header Transfer-Encoding: chunked (#76582)
. CVE-2018-12882 EXIF: heap use after free in _php_stream_free (#76409)
. CVE-2018-14883 EXIF: Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c (#76423)
. CVE-2018-14851 EXIF: heap-buffer-overflow (READ of size 48) while reading exif data (#76557)
|
| php72-7.2.7-1.an3.src
[14.5 MiB] |
Changelog
by JoungKyun.Kim (2018-07-07):
- update 7.2.7
. http://www.php.net/ChangeLog-7.php#7.2.7
- 7.2.7 official bugs
. fixed #76534 Core: PHP hangs on 'illegal string offset on string references with an error handler
. fixed #76520 Core: Object creation leaks memory when executed over HTTP
. fixed #76502 Core: Chain of mixed exceptions and errors does not serialize properly
. fixed #76462 Date: Undefined property: DateInterval::$f
. fixed #76409 EXIF: heap use after free in _php_stream_free
. fixed #73342 FPM: Vulnerability in php-fpm by changing stdin to non-blocking
. fixed #74670 GMP: Integer Underflow when unserializing GMP and possible other classes
. fixed #76556 intl: get_debug_info handler for BreakIterator shows wrong type
. fixed #76532 mbstring: Integer overflow and excessive memory usage in mb_strimwidth
. fixed #76477 Opcache: Opcache causes empty return value
. fixed #76548 PGSQL: pg_fetch_result did not fetch the next row
. fixed #76536 Reflection: PHP crashes with core dump when throwing exception in error handler
. fixed #75231 Reflection: ReflectionProperty#getValue() incorrectly works with inherited classes
. fixed #76505 Standard: array_merge_recursive() is duplicating sub-array keys
. fixed #71848 Standard: getimagesize with $imageinfo returns false
. fixed #76461 ZIP: OPSYS_Z_CPM defined instead of OPSYS_CPM
- 7.2.8 official bugs
. Fixed bug #76366 Filter: References in sub-array for filtering breaks the filter
- security issues
. CVE-2018-10549 Exif: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value (#76130)
. CVE-2018-10546 iconv: stream filter convert.iconv leads to infinite loop on invalid sequence (#76249)
. CVE-2018-10548 ldap: Malicious LDAP-Server Response causes Crash (#76248)
. CVE-2018-10547 Phar: fix for CVE-2018-5712 may not be complete (#76129)
. CVE-2018-10545 FPM: Dumpable FPM child processes allow bypassing opcache access controls (#75605)
|
| php72-7.2.3-1.an3.src
[14.5 MiB] |
Changelog
by JoungKyun.Kim (2018-03-19):
- update 7.2.3
. http://www.php.net/ChangeLog-7.php#7.2.3
- 7.2.3 official bugs
. fixed #76025 Core: Segfault while throwing exception in error_handler
. fixed #73957 GD: signed integer conversion in imagescale()
. fixed #76041 GD: null pointer access crashed php
. fixed #62545 Mbstring: wrong unicode mapping in some charsets
. fixed #75969 Opcache: Assertion failure in live range DCE due to block pass misoptimization
. fixed #76085 Phar: Segmentation fault in buildFromIterator when directory name contains a \n
. fixed #76068 Standard: parse_ini_string fails to parse "[foo]\nbar=1|>baz" with segfault
- 7.2.4 official bugs
. fixed #76094 Opcache: Access violation when using opcache
. fixed #74139 Standard: mail.add_x_header default inconsistent with docs
- security issues
. CVE-2018-7584 stack-buffer-overflow while parsing HTTP response (#75981)
|
| php72-7.2.2-2.an3.src
[14.1 MiB] |
Changelog
by JoungKyun.Kim (2018-02-16):
- 7.2.2 official bugs
. fixed #75916 Standard: DNS_CAA record results contain garbage
. fixed #75928 Date: Argument 2 for `DateTimeZone::listIdentifiers()` should accept `null`
. fixed #75857 Date: Timezone gets truncated when formatted
. fixed #68406 Date: calling var_dump on a DateTimeZone object modifies it
. fixed #49876 LDAP: Fix LDAP path lookup on 64-bit distros
. fixed #75838 PGSQL: Memory leak in pg_escape_bytea()
. fixed #54289 Phar: Phar::extractTo() does not accept specific directories to be extracted
. fixed #65414 Phar: deal with leading slash while adding files correctly
. fixed #73725 ODBC: Unable to retrieve value of varchar(max) type
. fixed #75729 Opcache: opcache segfault when installing Bitrix
. fixed #75893 Opcache: file_get_contents $http_response_header variable bugged with opcache
. fixed #75938 Opcache: Modulus value not stored in variable
. fixed #74519 SPL: strange behavior of AppendIterator
|
| php72-7.2.2-1.an3.src
[14.1 MiB] |
Changelog
by JoungKyun.Kim (2018-02-08):
- udpate 7.2.2
|