Commit: 002d17677f39d17f797b5f57e13c8a06a2f71a23 Author: Christoph M. Becker <[email protected]> Wed, 18 Dec 2019 13:34:07 +0100 Parents: 24631b19101d4ae184e9543872f7576723d0d928 Branches: master
Link: http://git.php.net/?p=web/php.git;a=commitdiff;h=002d17677f39d17f797b5f57e13c8a06a2f71a23 Log: Announce 7.3.13 Changed paths: M ChangeLog-7.php M archive/archive.xml A archive/entries/2019-12-18-2.xml M include/releases.inc M include/version.inc A releases/7_3_13.php Diff: diff --git a/ChangeLog-7.php b/ChangeLog-7.php index 3554cead7..df943180a 100644 --- a/ChangeLog-7.php +++ b/ChangeLog-7.php @@ -480,6 +480,57 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change <a name="PHP_7_3"></a> +<section class="version" id="7.3.13"><!-- {{{ 7.3.13 --> +<h3>Version 7.3.13</h3> +<b><?php release_date('19-Dec-2019'); ?></b> +<ul><li>Bcmath: +<ul> + <li><?php bugfix(78878); ?> (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)</li> +</ul></li> +<li>Core: +<ul> + <li><?php bugfix(78862); ?> (link() silently truncates after a null byte on Windows). (CVE-2019-11044)</li> + <li><?php bugfix(78863); ?> (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045)</li> + <li><?php bugfix(78943); ?> (mail() may release string with refcount==1 twice). (CVE-2019-11049)</li> + <li><?php bugfix(78787); ?> (Segfault with trait overriding inherited private shadow property).</li> + <li><?php bugfix(78868); ?> (Calling __autoload() with incorrect EG(fake_scope) value).</li> + <li><?php bugfix(78296); ?> (is_file fails to detect file).</li> +</ul></li> +<li>EXIF: +<ul> + <li><?php bugfix(78793); ?> (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050)</li> + <li><?php bugfix(78910); ?> (Heap-buffer-overflow READ in exif) (CVE-2019-11047).</li> +</ul></li> +<li>GD: +<ul> + <li><?php bugfix(78849); ?> (GD build broken with -D SIGNED_COMPARE_SLOW).</li> +</ul></li> +<li>MBString: +<ul> + <li>Upgraded bundled Oniguruma to 6.9.4.</li> +</ul></li> +<li>OPcache: +<ul> + <li>Fixed potential ASLR related invalid opline handler issues.</li> + <li>Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).</li> +</ul></li> +<li>PCRE: +<ul> + <li><?php bugfix(78853); ?> (preg_match() may return integer > 1).</li> +</ul></li> +<li>Standard: +<ul> + <li><?php bugfix(78759); ?> (array_search in $GLOBALS).</li> + <li><?php bugfix(77638); ?> (var_export'ing certain class instances segfaults).</li> + <li><?php bugfix(78840); ?> (imploding $GLOBALS crashes).</li> + <li><?php bugfix(78833); ?> (Integer overflow in pack causes out-of-bound access).</li> + <li><?php bugfix(78814); ?> (strip_tags allows / in tag name => whitelist bypass).</li> +</ul></li> +</ul> +<!-- }}} --></section> + + + <section class="version" id="7.3.12"><!-- {{{ 7.3.12 --> <h3>Version 7.3.12</h3> <b><?php release_date('21-Nov-2019'); ?></b> diff --git a/archive/archive.xml b/archive/archive.xml index f7be29de9..a9c0abc9f 100644 --- a/archive/archive.xml +++ b/archive/archive.xml @@ -9,6 +9,7 @@ <uri>http://php.net/contact</uri> <email>[email protected]</email> </author> + <xi:include href="entries/2019-12-18-2.xml"/> <xi:include href="entries/2019-12-18-1.xml"/> <xi:include href="entries/2019-12-12-1.xml"/> <xi:include href="entries/2019-11-28-1.xml"/> diff --git a/archive/entries/2019-12-18-2.xml b/archive/entries/2019-12-18-2.xml new file mode 100644 index 000000000..cd1cd27e4 --- /dev/null +++ b/archive/entries/2019-12-18-2.xml @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="utf-8"?> +<entry xmlns="http://www.w3.org/2005/Atom";> + <title>PHP 7.3.13 Released</title> + <id>https://www.php.net/archive/2019.php#2019-12-18-2</id> + <published>2019-12-18T12:33:05+00:00</published> + <updated>2019-12-18T12:33:05+00:00</updated> + <link href="https://www.php.net/index.php#id2019-12-18-2"; rel="alternate" type="text/html"/> + <link href="https://www.php.net/archive/2019.php#2019-12-18-2"; rel="via" type="text/html"/> + <category term="frontpage" label="PHP.net frontpage news"/> + <category term="releases" label="New PHP release"/> + <content type="xhtml"> + <div xmlns="http://www.w3.org/1999/xhtml";> + <p>The PHP development team announces the immediate availability of PHP + 7.3.13. This is a security release which also contains several bug fixes.</p> + + <p>All PHP 7.3 users are encouraged to upgrade to this version.</p> + + <p>For source downloads of PHP 7.3.13 please visit our <a href="https://www.php.net/downloads.php";>downloads page</a>, + Windows source and binaries can be found on <a href="https://windows.php.net/download/";>windows.php.net/download/</a>. + The list of changes is recorded in the <a href="https://www.php.net/ChangeLog-7.php#7.3.12";>ChangeLog</a>. + </p> + + </div> + </content> +</entry> diff --git a/include/releases.inc b/include/releases.inc index 8911de83e..c0aa5ea26 100644 --- a/include/releases.inc +++ b/include/releases.inc @@ -2,6 +2,42 @@ $OLDRELEASES = array ( 7 => array ( + '7.3.12' => + array ( + 'announcement' => + array ( + 'English' => '/releases/7_3_12.php', + ), + 'tags' => + array ( + ), + 'date' => '21 Nov 2019', + 'source' => + array ( + 0 => + array ( + 'filename' => 'php-7.3.12.tar.bz2', + 'name' => 'PHP 7.3.12 (tar.bz2)', + 'sha256' => 'd317b029f991410578cc38ba4b76c9f764ec29c67e7124e1fec57bceb3ad8c39', + 'date' => '21 Nov 2019', + ), + 1 => + array ( + 'filename' => 'php-7.3.12.tar.gz', + 'name' => 'PHP 7.3.12 (tar.gz)', + 'sha256' => 'd617e5116f8472a628083f448ebe4afdbc4ac013c9a890b08946649dcbe61b34', + 'date' => '21 Nov 2019', + ), + 2 => + array ( + 'filename' => 'php-7.3.12.tar.xz', + 'name' => 'PHP 7.3.12 (tar.xz)', + 'sha256' => 'aafe5e9861ad828860c6af8c88cdc1488314785962328eb1783607c1fdd855df', + 'date' => '21 Nov 2019', + ), + ), + 'museum' => false, + ), '7.4.0' => array ( 'announcement' => diff --git a/include/version.inc b/include/version.inc index e22888c80..5b2a9e837 100644 --- a/include/version.inc +++ b/include/version.inc @@ -27,13 +27,13 @@ $RELEASES = (function() { ); /* PHP 7.3 Release */ - $PHP_7_3_VERSION = "7.3.12"; - $PHP_7_3_DATE = "21 Nov 2019"; - $PHP_7_3_TAGS = []; // Set to ['security'] for security releases. + $PHP_7_3_VERSION = "7.3.13"; + $PHP_7_3_DATE = "18 Dec 2019"; + $PHP_7_3_TAGS = ['security']; // Set to ['security'] for security releases. $PHP_7_3_SHA256 = array( - "tar.bz2" => "d317b029f991410578cc38ba4b76c9f764ec29c67e7124e1fec57bceb3ad8c39", - "tar.gz" => "d617e5116f8472a628083f448ebe4afdbc4ac013c9a890b08946649dcbe61b34", - "tar.xz" => "aafe5e9861ad828860c6af8c88cdc1488314785962328eb1783607c1fdd855df", + "tar.bz2" => "5c7b89062814f3c3953d1518f63ed463fd452929e3a37110af4170c5d23267bc", + "tar.gz" => "9cf835416a3471d7e6615e9288e76813d55ffaf60e0aa9ce74884a7c228cb6dd", + "tar.xz" => "57ac55fe442d2da650abeb9e6fa161bd3a98ba6528c029f076f8bba43dd5c228", ); /* PHP 7.2 Release */ diff --git a/releases/7_3_13.php b/releases/7_3_13.php new file mode 100644 index 000000000..7aa6a58be --- /dev/null +++ b/releases/7_3_13.php @@ -0,0 +1,19 @@ +<?php +$_SERVER['BASE_PAGE'] = 'releases/7_3_13.php'; +include_once __DIR__ . '/../include/prepend.inc'; +site_header("PHP 7.3.13 Release Announcement"); +?> + + <h1>PHP 7.3.13 Release Announcement</h1> + + <p>The PHP development team announces the immediate availability of PHP + 7.3.13. This is a security release which also contains several bug fixes.</p> + + <p>All PHP 7.3 users are encouraged to upgrade to this version.</p> + + <p>For source downloads of PHP 7.3.13 please visit our <a href="https://www.php.net/downloads.php";>downloads page</a>, + Windows source and binaries can be found on <a href="https://windows.php.net/download/";>windows.php.net/download/</a>. + The list of changes is recorded in the <a href="https://www.php.net/ChangeLog-7.php#7.3.12";>ChangeLog</a>. + </p> + +<?php site_footer(); ?> -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
