Commit: 75ee4da9bfe8007760de404eb1ff5f0b34caac32
Author: Stanislav Malyshev <[email protected]> Thu, 16 Apr 2015
13:45:05 -0700
Parents: d63fd053f04136ecfb9801e84a5d78c448215800
Branches: master
Link:
http://git.php.net/?p=web/php.git;a=commitdiff;h=75ee4da9bfe8007760de404eb1ff5f0b34caac32
Log:
5.4.40
Changed paths:
M ChangeLog-5.php
M archive/archive.xml
A archive/entries/2015-04-16-3.xml
M include/releases.inc
M include/version.inc
A releases/5_4_40.php
diff --git a/ChangeLog-5.php b/ChangeLog-5.php
index 35d94dc..de110ab 100644
--- a/ChangeLog-5.php
+++ b/ChangeLog-5.php
@@ -74,7 +74,7 @@ site_header("PHP 5 ChangeLog", array("current" => "docs",
"css" => array("change
<li><?php bugfix(64931); ?> (phar_add_file is too restrictive on
filename).</li>
<li><?php bugfix(65467); ?> (Call to undefined method
cli_arg_typ_string).</li>
<li><?php bugfix(67761); ?> (Phar::mapPhar fails for Phars inside a path
containing ".tar").</li>
- <li><?php bugfix(69324); ?> (Buffer Over-read in unserialize when parsing
Phar).</li>
+ <li><?php bugfix(69324); ?> (Buffer Over-read in unserialize when parsing
Phar). (CVE-2015-2783)</li>
<li><?php bugfix(69441); ?> (Buffer Overflow when parsing tar/zip/phar in
phar_set_inode).</li>
</ul></li>
<li>Postgres:
@@ -161,7 +161,7 @@ site_header("PHP 5 ChangeLog", array("current" => "docs",
"css" => array("change
<li><?php bugfix(64931); ?> (phar_add_file is too restrictive on
filename).</li>
<li><?php bugfix(65467); ?> (Call to undefined method
cli_arg_typ_string).</li>
<li><?php bugfix(67761); ?> (Phar::mapPhar fails for Phars inside a path
containing ".tar").</li>
- <li><?php bugfix(69324); ?> (Buffer Over-read in unserialize when parsing
Phar).</li>
+ <li><?php bugfix(69324); ?> (Buffer Over-read in unserialize when parsing
Phar). (CVE-2015-2783)</li>
<li><?php bugfix(69441); ?> (Buffer Overflow when parsing tar/zip/phar in
phar_set_inode).</li>
</ul></li>
<li>Postgres:
@@ -184,6 +184,56 @@ site_header("PHP 5 ChangeLog", array("current" => "docs",
"css" => array("change
</ul>
<!-- }}} --></section>
+<section class="version" id="5.4.40"><!-- {{{ 5.4.40 -->
+<h3>Version 5.4.40</h3>
+<b>16-Apr-2015</b>
+<ul><li>Apache2handler:
+<ul>
+ <li><?php bugfix(69218); ?> (potential remote code execution with apache 2.4
apache2handler).</li>
+</ul></li>
+<li>Core:
+<ul>
+ <li>Additional fix for bug #69152 (Type confusion vulnerability in
exception::getTraceAsString).</li>
+ <li><?php bugfix(69337); ?> (php_stream_url_wrap_http_ex() type-confusion
vulnerability).</li>
+ <li><?php bugfix(69353); ?> (Missing null byte checks for paths in various
PHP extensions).</li>
+</ul></li>
+<li>cURL:
+<ul>
+ <li><?php bugfix(69316); ?> (Use-after-free in php_curl related to
CURLOPT_FILE/_INFILE/_WRITEHEADER).</li>
+</ul></li>
+<li>Ereg:
+<ul>
+ <li><?php bugfix(68740); ?> (NULL Pointer Dereference).</li>
+</ul></li>
+<li>Fileinfo:
+<ul>
+ <li><?php bugfix(68819); ?> (Fileinfo on specific file causes spurious OOM
and/or segfault).</li>
+</ul></li>
+<li>GD:
+<ul>
+ <li><?php bugfix(68601); ?> (buffer read overflow in gd_gif_in.c).
(CVE-2014-9709)</li>
+</ul></li>
+<li>Phar:
+<ul>
+ <li><?php bugfix(68901); ?> (use after free). (CVE-2015-2301)</li>
+ <li><?php bugfix(69324); ?> (Buffer Over-read in unserialize when parsing
Phar). (CVE-2015-2783)</li>
+ <li><?php bugfix(69441); ?> (Buffer Overflow when parsing tar/zip/phar in
phar_set_inode).</li>
+</ul></li>
+<li>Postgres:
+<ul>
+ <li><?php bugfix(68741); ?> (Null pointer deference) (CVE-2015-1352).</li>
+</ul></li>
+<li>SOAP:
+<ul>
+ <li><?php bugfix(69152); ?> (Type Confusion Infoleak Vulnerability in
unserialize() with SoapFault).</li>
+</ul></li>
+<li>Sqlite3:
+<ul>
+ <li><?php bugfix(66550); ?> (SQLite prepared statement use-after-free).</li>
+</ul></li>
+</ul>
+<!-- }}} --></section>
+
<section class="version" id="5.6.7"><!-- {{{ 5.6.7 -->
<h3>Version 5.6.7</h3>
<b>19-Mar-2015</b>
diff --git a/archive/archive.xml b/archive/archive.xml
index 1fe2e99..0694ba3 100644
--- a/archive/archive.xml
+++ b/archive/archive.xml
@@ -9,6 +9,7 @@
<uri>http://php.net/contact</uri>
<email>[email protected]</email>
</author>
+ <xi:include href="entries/2015-04-16-3.xml"/>
<xi:include href="entries/2015-04-16-2.xml"/>
<xi:include href="entries/2015-04-16-1.xml"/>
<xi:include href="entries/2015-03-20-2.xml"/>
diff --git a/archive/entries/2015-04-16-3.xml b/archive/entries/2015-04-16-3.xml
new file mode 100644
index 0000000..5f79cc8
--- /dev/null
+++ b/archive/entries/2015-04-16-3.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8"?>
+<entry xmlns="http://www.w3.org/2005/Atom";>
+ <title>PHP 5.4.40 Released</title>
+ <id>http://php.net/archive/2015.php#id2015-04-16-3</id>
+ <published>2015-04-16T13:43:02-07:00</published>
+ <updated>2015-04-16T13:43:02-07:00</updated>
+ <category term="frontpage" label="PHP.net frontpage news"/>
+ <category term="releases" label="New PHP release"/>
+ <link href="http://php.net/index.php#id2015-04-16-3"; rel="alternate"
type="text/html"/>
+ <link href="http://php.net/archive/2015.php#id2015-04-16-3"; rel="via"
type="text/html"/>
+ <content type="xhtml">
+ <div xmlns="http://www.w3.org/1999/xhtml";>
+ <p>The PHP development team announces the immediate availability of PHP
+ 5.4.40. 14 security-related bugs were fixed in this release, including
+ CVE-2014-9709, CVE-2015-2301, CVE-2015-2783, CVE-2015-1352.
+
+ All PHP 5.4 users are encouraged to upgrade to this version.
+ </p>
+
+ <p>For source downloads of PHP 5.4.40 please visit our <a
href="http://www.php.net/downloads.php";>downloads page</a>,
+ Windows binaries can be found on <a
href="http://windows.php.net/download/";>windows.php.net/download/</a>.
+ The list of changes is recorded in the <a
href="http://www.php.net/ChangeLog-5.php#5.4.40";>ChangeLog</a>.
+ </p>
+ </div>
+ </content>
+</entry>
diff --git a/include/releases.inc b/include/releases.inc
index c1afbd5..e864eb6 100644
--- a/include/releases.inc
+++ b/include/releases.inc
@@ -1051,6 +1051,37 @@ $OLDRELEASES = array (
'date' => '20 Jun 2013',
'museum' => true,
),
+ '5.4.39' =>
+ array (
+ 'announcement' =>
+ array (
+ 'English' => '/releases/5_4_39.php',
+ ),
+ 'source' =>
+ array (
+ 0 =>
+ array (
+ 'filename' => 'php-5.4.39.tar.bz2',
+ 'name' => 'PHP 5.4.39 (tar.bz2)',
+ 'md5' => '017f7ba7484e738c88bf19eec4369d78',
+ 'date' => '19 Mar 2015',
+ ),
+ 1 =>
+ array (
+ 'filename' => 'php-5.4.39.tar.gz',
+ 'name' => 'PHP 5.4.39 (tar.gz)',
+ 'md5' => '9a9376bd302020b5b89b2ce42b147e3f',
+ 'date' => '19 Mar 2015',
+ ),
+ 2 =>
+ array (
+ 'link' => 'http://windows.php.net/download/#php-5.4',
+ 'name' => 'Windows 5.4.39 binaries and source',
+ ),
+ ),
+ 'date' => '19 Mar 2015',
+ 'museum' => false,
+ ),
'5.4.38' =>
array (
'announcement' =>
@@ -1061,7 +1092,7 @@ $OLDRELEASES = array (
array (
0 =>
array (
- 'filename' => 'php-5.4.38tar.bz2',
+ 'filename' => 'php-5.4.38.tar.bz2',
'name' => 'PHP 5.4.38 (tar.bz2)',
'md5' => '2bf5007ba4bd012f9895c1b441dd4f50',
'date' => '19 Feb 2015',
@@ -1079,7 +1110,7 @@ $OLDRELEASES = array (
'name' => 'Windows 5.4.38 binaries and source',
),
),
- 'date' => '22 Jan 2015',
+ 'date' => '19 Feb 2015',
'museum' => false,
),
'5.4.37' =>
diff --git a/include/version.inc b/include/version.inc
index 6d16df1..ff58177 100644
--- a/include/version.inc
+++ b/include/version.inc
@@ -41,11 +41,11 @@ $PHP_5_5_MD5 = array(
$PHP_5_4_RC = false; // Current RC version (e.g., '5.6.7RC1') or false
$PHP_5_4_RC_DATE = '4 Sep 2014';
-$PHP_5_4_VERSION = "5.4.39";
-$PHP_5_4_DATE = "19 Mar 2015";
+$PHP_5_4_VERSION = "5.4.40";
+$PHP_5_4_DATE = "16 Apr 2015";
$PHP_5_4_MD5 = array(
- "tar.bz2" => "017f7ba7484e738c88bf19eec4369d78",
- "tar.gz" => "9a9376bd302020b5b89b2ce42b147e3f",
+ "tar.bz2" => "19dafb2b9fc31517cf5c3309fb8a9923",
+ "tar.gz" => "df24e449e79f06981a4b4162105a9cd4",
);
$RELEASES = array(
diff --git a/releases/5_4_40.php b/releases/5_4_40.php
new file mode 100644
index 0000000..d3b445f
--- /dev/null
+++ b/releases/5_4_40.php
@@ -0,0 +1,22 @@
+<?php
+// $Id$
+$_SERVER['BASE_PAGE'] = 'releases/5_4_40.php';
+include_once $_SERVER['DOCUMENT_ROOT'] . '/include/prepend.inc';
+site_header("PHP 5.4.40 Release Announcement");
+?>
+
+<h1>PHP 5.4.40 Release Announcement</h1>
+
+<p>The PHP development team announces the immediate availability of PHP
+5.4.40. 14 security-related bugs were fixed in this release, including
+CVE-2014-9709, CVE-2015-2301, CVE-2015-2783, CVE-2015-1352.
+
+All PHP 5.4 users are encouraged to upgrade to this version.
+</p>
+
+<p>For source downloads of PHP 5.4.40 please visit our <a
href="http://www.php.net/downloads.php";>downloads page</a>,
+Windows binaries can be found on <a
href="http://windows.php.net/download/";>windows.php.net/download/</a>.
+The list of changes is recorded in the <a
href="http://www.php.net/ChangeLog-5.php#5.4.40";>ChangeLog</a>.
+</p>
+
+<?php site_footer(); ?>--
PHP Webmaster List Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
