Commit: ca55104ae262d35cfd6864e6968648cb1f568445
Author: kovacs.ferenc <[email protected]> Fri, 19 Aug 2016
01:47:33 +0200
Parents: 3eba7bb46503699f9a688c6fdac8b033934eab25
Branches: master
Link:
http://git.php.net/?p=web/php.git;a=commitdiff;h=ca55104ae262d35cfd6864e6968648cb1f568445
Log:
announce 5.6.25
Changed paths:
M ChangeLog-5.php
M archive/archive.xml
A archive/entries/2016-08-18-2.xml
M include/releases.inc
M include/version.inc
A releases/5_6_25.php
diff --git a/ChangeLog-5.php b/ChangeLog-5.php
index 44559b3..188c493 100644
--- a/ChangeLog-5.php
+++ b/ChangeLog-5.php
@@ -7,6 +7,132 @@ site_header("PHP 5 ChangeLog", array("current" => "docs",
"css" => array("change
?>
<h1>PHP 5 ChangeLog</h1>
+<section class="version" id="5.6.25"><!-- {{{ 5.6.25 -->
+<h3>Version 5.6.25</h3>
+<b><?php release_date('18-Aug-2016'); ?></b>
+<ul><li>Bz2:
+<ul>
+ <li><?php bugfix(72837); ?> (integer overflow in bzdecompress caused heap
corruption).</li>
+</ul></li>
+<li>Core:
+<ul>
+ <li><?php bugfix(70436); ?> (Use After Free Vulnerability in
unserialize()).</li>
+ <li><?php bugfix(72024); ?> (microtime() leaks memory).</li>
+ <li><?php bugfix(72581); ?> (previous property undefined in Exception after
deserialization).</li>
+ <li>Implemented FR <?php bugl(72614); ?> (Support "nmake test" on building
extensions by phpize).</li>
+ <li><?php bugfix(72641); ?> (phpize (on Windows) ignores PHP_PREFIX).</li>
+ <li><?php bugfix(72663); ?> (Create an Unexpected Object and Don't Invoke
__wakeup() in Deserialization).</li>
+ <li><?php bugfix(72681); ?> (PHP Session Data Injection Vulnerability).</li>
+</ul></li>
+<li>Calendar:
+<ul>
+ <li><?php bugfix(67976); ?> (cal_days_month() fails for final month of the
French calendar).</li>
+ <li><?php bugfix(71894); ?> (AddressSanitizer: global-buffer-overflow in
zif_cal_from_jd).</li>
+</ul></li>
+<li>Curl:
+<ul>
+ <li><?php bugfix(71144); ?> (Segmentation fault when using cURL with
ZTS).</li>
+ <li><?php bugfix(71929); ?> (Certification information (CERTINFO) data
parsing error).</li>
+ <li><?php bugfix(72807); ?> (integer overflow in curl_escape caused heap
corruption).</li>
+</ul></li>
+<li>DOM:
+<ul>
+ <li><?php bugfix(66502); ?> (DOM document dangling reference).</li>
+</ul></li>
+<li>Ereg:
+<ul>
+ <li><?php bugfix(72838); ?> (Integer overflow lead to heap corruption in
sql_regcase).</li>
+</ul></li>
+<li>EXIF:
+<ul>
+ <li><?php bugfix(72627); ?> (Memory Leakage In
exif_process_IFD_in_TIFF).</li>
+ <li><?php bugfix(72735); ?> (Samsung picture thumb not read (zero
size)).</li>
+</ul></li>
+<li>Filter:
+<ul>
+ <li><?php bugfix(71745); ?> (FILTER_FLAG_NO_RES_RANGE does not cover whole
127.0.0.0/8 range).</li>
+</ul></li>
+<li>FPM:
+<ul>
+ <li><?php bugfix(72575); ?> (using --allow-to-run-as-root should ignore
missing user).</li>
+</ul></li>
+<li>GD:
+<ul>
+ <li><?php bugfix(43828); ?> (broken transparency of imagearc for truecolor
in blendingmode).</li>
+ <li><?php bugfix(66555); ?> (Always false condition in
ext/gd/libgd/gdkanji.c).</li>
+ <li><?php bugfix(68712); ?> (suspicious if-else statements).</li>
+ <li><?php bugfix(70315); ?> (500 Server Error but page is fully
rendered).</li>
+ <li><?php bugfix(72596); ?> (imagetypes function won't advertise WEBP
support).</li>
+ <li><?php bugfix(72604); ?> (imagearc() ignores thickness for full
arcs).</li>
+ <li><?php bugfix(72697); ?> (select_colors write out-of-bounds).</li>
+ <li><?php bugfix(72709); ?> (imagesetstyle() causes OOB read for empty
$styles).</li>
+ <li><?php bugfix(72730); ?> (imagegammacorrect allows arbitrary write
access).</li>
+</ul></li>
+<li>Intl:
+<ul>
+ <li>Partially fixed <?php bugl(72506); ?> (idn_to_ascii for UTS #46
incorrect for long domain names).</li>
+</ul></li>
+<li>mbstring:
+<ul>
+ <li><?php bugfix(72691); ?> (mb_ereg_search raises a warning if a match
zero-width).</li>
+ <li><?php bugfix(72693); ?> (mb_ereg_search increments search position when
a match zero-width).</li>
+ <li><?php bugfix(72694); ?> (mb_ereg_search_setpos does not accept a
string's last position).</li>
+ <li><?php bugfix(72710); ?> (`mb_ereg` causes buffer overflow on regexp
compile error).</li>
+</ul></li>
+<li>PCRE:
+<ul>
+ <li><?php bugfix(72688); ?> (preg_match missing group names in matches).</li>
+</ul></li>
+<li>PDO_pgsql:
+<ul>
+ <li><?php bugfix(70313); ?> (PDO statement fails to throw exception).</li>
+</ul></li>
+<li>Reflection:
+<ul>
+ <li><?php bugfix(72222); ?> (ReflectionClass::export doesn't handle array
constants).</li>
+</ul></li>
+<li>SNMP:
+<ul>
+ <li><?php bugfix(72708); ?> (php_snmp_parse_oid integer overflow in memory
allocation).</li>
+</ul></li>
+<li>Standard:
+<ul>
+ <li><?php bugfix(72330); ?> (CSV fields incorrectly split if escape char
followed by UTF chars).</li>
+ <li><?php bugfix(72836); ?> (integer overflow in base64_decode).</li>
+ <li><?php bugfix(72848); ?> (integer overflow in
quoted_printable_encode).</li>
+ <li><?php bugfix(72849); ?> (integer overflow in urlencode).</li>
+ <li><?php bugfix(72850); ?> (integer overflow in php_uuencode).</li>
+ <li><?php bugfix(72716); ?> (initialize buffer before read).</li>
+</ul></li>
+<li>Streams:
+<ul>
+ <li><?php bugfix(41021); ?> (Problems with the ftps wrapper).</li>
+ <li><?php bugfix(54431); ?> (opendir() does not work with ftps://
wrapper).</li>
+ <li><?php bugfix(72667); ?> (opendir() with ftp:// attempts to open data
stream for non-existent directories).</li>
+ <li><?php bugfix(72764); ?> (ftps:// opendir wrapper data channel encryption
fails with IIS FTP 7.5, 8.5).</li>
+ <li><?php bugfix(72771); ?> (ftps:// wrapper is vulnerable to protocol
downgrade attack).</li>
+</ul></li>
+<li>SPL:
+<ul>
+ <li><?php bugfix(72122); ?> (IteratorIterator breaks '@' error
suppression).</li>
+ <li><?php bugfix(72646); ?> (SplFileObject::getCsvControl does not return
the escape character).</li>
+ <li><?php bugfix(72684); ?> (AppendIterator segfault with closed
generator).</li>
+</ul></li>
+<li>SQLite3:
+<ul>
+ <li>Implemented FR <?php bugl(72653); ?> (SQLite should allow opening with
empty filename).</li>
+</ul></li>
+<li>Wddx:
+<ul>
+ <li><?php bugfix(72142); ?> (WDDX Packet Injection Vulnerability in
wddx_serialize_value()).</li>
+ <li><?php bugfix(72749); ?> (wddx_deserialize allows illegal memory access)
(Stas)</li>
+ <li><?php bugfix(72750); ?> (wddx_deserialize null dereference).</li>
+ <li><?php bugfix(72790); ?> (wddx_deserialize null dereference with invalid
xml).</li>
+ <li><?php bugfix(72799); ?> (wddx_deserialize null dereference in
php_wddx_pop_element).</li>
+</ul></li>
+</ul>
+<!-- }}} --></section>
+
<section class="version" id="5.6.24"><!-- {{{ 5.6.24 -->
<h3>Version 5.6.24</h3>
<b><?php release_date('21-Jul-2016'); ?></b>
diff --git a/archive/archive.xml b/archive/archive.xml
index cdc681f..cc5e826 100644
--- a/archive/archive.xml
+++ b/archive/archive.xml
@@ -9,6 +9,7 @@
<uri>http://php.net/contact</uri>
<email>[email protected]</email>
</author>
+ <xi:include href="entries/2016-08-18-2.xml"/>
<xi:include href="entries/2016-08-18-1.xml"/>
<xi:include href="entries/2016-08-16-2.xml"/>
<xi:include href="entries/2016-08-16-1.xml"/>
diff --git a/archive/entries/2016-08-18-2.xml b/archive/entries/2016-08-18-2.xml
new file mode 100644
index 0000000..acc7bca
--- /dev/null
+++ b/archive/entries/2016-08-18-2.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<entry xmlns="http://www.w3.org/2005/Atom";>
+ <title>PHP 5.6.25 is released</title>
+ <id>http://php.net/archive/2016.php#id2016-08-18-2</id>
+ <published>2016-08-18T16:43:25-07:00</published>
+ <updated>2016-08-18T16:43:25-07:00</updated>
+ <category term="frontpage" label="PHP.net frontpage news"/>
+ <category term="releases" label="New PHP release"/>
+ <link href="http://php.net/index.php#id2016-08-18-2"; rel="alternate"
type="text/html"/>
+ <link href="http://php.net/archive/2016.php#id2016-08-18-2"; rel="via"
type="text/html"/>
+ <content type="xhtml">
+ <div xmlns="http://www.w3.org/1999/xhtml";>
+ <p>The PHP development team announces the immediate availability of PHP
+ 7.6.25. This is a security release. Several security bugs were fixed in
+ this release.
+
+ All PHP 5.6 users are encouraged to upgrade to this version.</p>
+
+ <p>For source downloads of PHP 5.6.25 please visit our <a
href="http://www.php.net/downloads.php";>downloads page</a>,
+ Windows source and binaries can be found on <a
href="http://windows.php.net/download/";>windows.php.net/download/</a>.
+ The list of changes is recorded in the <a
href="http://www.php.net/ChangeLog-5.php#5.6.25";>ChangeLog</a>.
+ </p>
+ </div>
+ </content>
+</entry>
diff --git a/include/releases.inc b/include/releases.inc
index 8f5e052..0466f88 100644
--- a/include/releases.inc
+++ b/include/releases.inc
@@ -365,6 +365,42 @@ $OLDRELEASES = array (
),
5 =>
array (
+ '5.6.24' =>
+ array (
+ 'announcement' =>
+ array (
+ 'English' => '/releases/5_6_24.php',
+ ),
+ 'source' =>
+ array (
+ 0 =>
+ array (
+ 'filename' => 'php-5.6.24.tar.bz2',
+ 'name' => 'PHP 5.6.24 (tar.bz2)',
+ 'md5' => '2ab124d58b7b763ca453f6a18ec3866b',
+ 'sha256' =>
'bf23617ec3ed0a125ec8bde2b7bca9d3804b2ff4df8de192890c84dc9fac38c6',
+ 'date' => '21 Jul 2016',
+ ),
+ 1 =>
+ array (
+ 'filename' => 'php-5.6.24.tar.gz',
+ 'name' => 'PHP 5.6.24 (tar.gz)',
+ 'md5' => 'dfa2e90085516cc817a8a9568e2a374e',
+ 'sha256' =>
'5f8b2e4e00360fee6eb1b89447266ae45993265955bd1ea9866270d75cdb6ec1',
+ 'date' => '21 Jul 2016',
+ ),
+ 2 =>
+ array (
+ 'filename' => 'php-5.6.24.tar.xz',
+ 'name' => 'PHP 5.6.24 (tar.xz)',
+ 'md5' => '3ef6e3573698b9b444be88edd3b23494',
+ 'sha256' =>
'ed7c38c6dac539ade62e08118258f4dac0c49beca04d8603bee4e0ea6ca8250b',
+ 'date' => '21 Jul 2016',
+ ),
+ ),
+ 'date' => '21 Jul 2016',
+ 'museum' => false,
+ ),
'5.6.23' =>
array (
'announcement' =>
diff --git a/include/version.inc b/include/version.inc
index 3271f3a..8e7bc8a 100644
--- a/include/version.inc
+++ b/include/version.inc
@@ -38,17 +38,17 @@ $PHP_7_0_SHA256 = array(
$PHP_5_6_RC = false; // Current RC version (e.g., '5.6.7RC1') or false
$PHP_5_6_RC_DATE = '07 Jul 2016';
-$PHP_5_6_VERSION = "5.6.24";
-$PHP_5_6_DATE = "21 Jul 2016";
+$PHP_5_6_VERSION = "5.6.25";
+$PHP_5_6_DATE = "18 Aug 2016";
$PHP_5_6_MD5 = array(
- "tar.bz2" => "2ab124d58b7b763ca453f6a18ec3866b",
- "tar.gz" => "dfa2e90085516cc817a8a9568e2a374e",
- "tar.xz" => "3ef6e3573698b9b444be88edd3b23494",
+ "tar.bz2" => "f63b9956c25f1ae0433015a80b44224c",
+ "tar.gz" => "75f90f5bd7d0076a0dcc5f3205ce260e",
+ "tar.xz" => "81cb8c0de0d0b714587edbd27a2a75bb",
);
$PHP_5_6_SHA256 = array(
- "tar.bz2" =>
"bf23617ec3ed0a125ec8bde2b7bca9d3804b2ff4df8de192890c84dc9fac38c6",
- "tar.gz" =>
"5f8b2e4e00360fee6eb1b89447266ae45993265955bd1ea9866270d75cdb6ec1",
- "tar.xz" =>
"ed7c38c6dac539ade62e08118258f4dac0c49beca04d8603bee4e0ea6ca8250b",
+ "tar.bz2" =>
"58ce6032aced7f3e42ced492bd9820e5b3f2a3cd3ef71429aa92fd7b3eb18dde",
+ "tar.gz" =>
"733f1c811d51c2d4031a0c058dc94d09d03858d781ca2eb2cce78853bc76db58",
+ "tar.xz" =>
"7535cd6e20040ccec4594cc386c6f15c3f2c88f24163294a31068cf7dfe7f644",
);
/* PHP 5.5 Release */
$PHP_5_5_RC = false; // Current RC version (e.g., '5.6.7RC1') or false
diff --git a/releases/5_6_25.php b/releases/5_6_25.php
new file mode 100644
index 0000000..bcdef2b
--- /dev/null
+++ b/releases/5_6_25.php
@@ -0,0 +1,22 @@
+<?php
+// $Id$
+$_SERVER['BASE_PAGE'] = 'releases/5_6_25.php';
+include_once $_SERVER['DOCUMENT_ROOT'] . '/include/prepend.inc';
+site_header("PHP 5.6.25 Release Announcement");
+?>
+
+ <h1>PHP 5.6.25 Release Announcement</h1>
+
+ <p>The PHP development team announces the immediate availability of PHP
+ 5.6.25. This is a security release. Several security bugs were fixed in
+ this release.
+
+ All PHP 5.6 users are encouraged to upgrade to this version.
+ </p>
+
+ <p>For source downloads of PHP 5.6.25 please visit our <a
href="http://www.php.net/downloads.php";>downloads page</a>,
+ Windows source and binaries can be found on <a
href="http://windows.php.net/download/";>windows.php.net/download/</a>.
+ The list of changes is recorded in the <a
href="http://www.php.net/ChangeLog-5.php#5.6.25";>ChangeLog</a>.
+ </p>
+
+<?php site_footer(); ?>--
PHP Webmaster List Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
