| php71-7.1.33-4.an3.src
[14.8 MiB] |
Changelog
by JoungKyun.Kim (2022-02-05):
- support TLS 1.3 (lined openssl 1.1)
- security issues
. #79812 Pcntl: Potential integer overflow in pcntl_exec()
. CVE-2020-7071 Standard: FILTER_VALIDATE_URL accepts URLs with invalid userinfo (#77423)
. CVE-2021-21706 Zip: ZipArchive::extractTo extracts outside of destinatio (#81420)
. CVE-2021-21703 FPM; PHP-FPM oob R/W in root process leading to privilege escalation (#81026)
. CVE-2021-21707 XML: special character is breaking the path in xml function (#79971)
|
| php71-7.1.33-3.an3.src
[14.8 MiB] |
Changelog
by JoungKyun.Kim (2021-01-03):
- security issues
. CVE-2020-7068 Use of freed hash key in the phar_parse_zipfile function (#79797)
. CVE-2020-7069 Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV (#79601)
. CVE-2020-7070 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent (#79699)
|
| php71-7.1.33-2.an3.src
[14.8 MiB] |
Changelog
by JoungKyun.Kim (2020-06-10):
- security issues
. CVE-2019-11048 Core: Long filenames cause OOM and temp files are not cleaned (#78875)
. CVE-2019-11048 Core: Long variables in multipart/form-data cause OOM and temp files are not cleaned (#78876)
. CVE-2020-7064 EXIF: Use-of-uninitialized-value in exif (#79282)
. CVE-2020-7066 Standard: get_headers() silently truncates after a null byte (#79329)
. CVE-2020-7063 Phar: Files added to tar with Phar::buildFromIterator have all-access permissions (#79082)
. CVE-2020-7062 Sessions: Null Pointer Dereference in PHP Session Upload Progress (#79221)
|
| php71-7.1.33-1.an3.src
[14.8 MiB] |
Changelog
by JoungKyun.Kim (2020-01-23):
- update 7.2.33
. http://php.net/ChangeLog-7.php#7.1.31
. http://php.net/ChangeLog-7.php#7.1.32
. http://php.net/ChangeLog-7.php#7.1.33
- security issues
. CVE-2019-11050 EXIF: Use-after-free in exif parsing under memory sanitizer #78793
. CVE-2019-11047 EXIF: Heap-buffer-overflow READ in exif #78910
. CVE-2019-11046 Bcmath: Buffer underflow in bc_shift_addsub #78878
. CVE-2019-11045 Core: DirectoryIterator class silently truncates after a null byte #78863
. CVE-2019-11044 Core: link() silently truncates after a null byte on Windows #78862
. CVE-2020-7060 Mbstring: global buffer-overflow in 'mbfl_filt_conv_big5_wchar' #79037
. CVE-2020-7059 Standard: OOB read in php_strip_tags_ex #79099
. CVE-2019-13224 MBString: don't allow different encodings for onig_new_deluxe
. CVE-2019-11043 FPM: env_path_info underflow in fpm_main.c can lead to RCE
. CVE-2019-11042 EXIF: heap-buffer-overflow on exif_process_user_comment
. CVE-2019-11041 EXIF: heap-buffer-overflow on exif_scan_thumbnail
|
| php71-7.1.30-1.an3.src
[14.6 MiB] |
Changelog
by JoungKyun.Kim (2019-06-09):
- update 7.2.30
. http://php.net/ChangeLog-7.php#7.1.30
. http://php.net/ChangeLog-7.php#7.1.29
. http://php.net/ChangeLog-7.php#7.1.28
. http://php.net/ChangeLog-7.php#7.1.27
. http://php.net/ChangeLog-7.php#7.1.26
- security issues:
. CVE-2019-11040 EXIF: heap-buffer-overflow on php_jpg_get16 (#77988)
. CVE-2019-11038 CD: Uninitialized read in gdImageCreateFromXbm (#77973)
. CVE-2019-11039 Iconv: Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow (#78069)
. CVE-2019-11036 EXIF: Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG (#77950)
. CVE-2019-11034 EXIF: Heap-buffer-overflow in php_ifd_get32s (#77753)
. CVE-2019-11035 EXIF: Heap-buffer-overflow in exif_iif_add_value (#77831)
. CVE-2019-9637 Core: rename() across the device may allow unwanted access during processing (#77630)
. CVE-2019-9641 EXIF: Uninitialized read in exif_process_IFD_in_TIFF (#77509)
. CVE-2019-9640 EXIF: Invalid Read on exif_process_SOFn (#77540)
. CVE-2019-9638 EXIF: Uninitialized read in exif_process_IFD_in_MAKERNOTE (#77563)
. CVE-2019-9639 EXIF: Uninitialized read in exif_process_IFD_in_MAKERNOTE (#77659)
. CVE-2019-9022 Core: memcpy with negative length via crafted DNS response (#77369)
. CVE-2016-10166 GD: efree() on uninitialized Heap data in imagescale leads to use-after-free (#77269)
. CVE-2019-6977 GD: imagecolormatch Out Of Bounds Write on Heap (#77270)
. CVE-2019-9023 Mbstring: Buffer overflow on mb regex functions - fetch_token (#77370)
. CVE-2019-9023 Mbstring: heap buffer overflow in mb regex functions - compile_string_node (#77371)
. CVE-2019-9023 Mbstring: heap buffer overflow in multibyte match_at (#77381)
. CVE-2019-9023 Mbstring: heap buffer overflow due to incorrect length in expand_case_fold_string (#77382)
. CVE-2019-9023 Mbstring: buffer overflow in fetch_token (#77385)
. CVE-2019-9023 Mbstring: Buffer overflow in multibyte case folding - unicode (#77394)
. CVE-2019-9023 Mbstring: Heap overflow in utf32be_mbc_to_code (#77418)
. CVE-2019-9021 Phar: heap buffer overflow in phar_detect_phar_fname_ext (#77247)
. CVE-2019-9020 Xmlrpc: heap out of bounds read in xmlrpc_decode() (#77242)
. CVE-2019-9024 Xmlrpc: Global out of bounds read in xmlrpc base64 code (#77380)
- 3rd party extensions
. mysql: removed and seperated by php72-mysql package
. libevent: fixed #23 Segmentation fault where there is more than one timer event
|
| php71-7.1.25-1.an3.src
[14.5 MiB] |
Changelog
by JoungKyun.Kim (2019-01-06):
- update 7.1.25
. http://php.net/ChangeLog-7.php#7.1.25
- official 7.1.25 bug fixed
. fixed #77020 IMAP: null pointer dereference in imap_mail.
- security issues:
. CVE-2018-17082 Apache2: XSS due to the header Transfer-Encoding: chunked (#76582)
. CVE-2018-14883 exif: Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c (#76423)
. CVE-2018-14851 exif: heap-buffer-overflow (READ of size 48) while reading exif data (#76557)
|
| php71-7.1.19-1.an3.src
[14.6 MiB] |
Changelog
by JoungKyun.Kim (2018-07-08):
- update 7.1.19
. http://php.net/ChangeLog-7.php#7.1.19
- official 7.1.19 bug fixed
. Fixed #76534 Core: PHP hangs on 'illegal string offset on string references with an error handler
. Fixed #76502 Core: Chain of mixed exceptions and errors does not serialize properly
. Fixed #76462 Date: Undefined property: DateInterval::$f
. Fixed #73342 FRPM: Vulnerability in php-fpm by changing stdin to non-blocking
. Fixed #74670 GMP: Integer Underflow when unserializing GMP and possible other classes
. Fixed #76556 intl: get_debug_info handler for BreakIterator shows wrong type
. Fixed #76532 mbstring: Integer overflow and excessive memory usage in mb_strimwidth
. Fixed #76548 PGSQL: pg_fetch_result did not fetch the next row
. Fixed #76536 Reflection: PHP crashes with core dump when throwing exception in error handler
. Fixed #75231 Reflection: ReflectionProperty#getValue() incorrectly works with inherited classes
. Fixed #76505 Standard: array_merge_recursive() is duplicating sub-array keys).
. Fixed #71848 Standard: getimagesize with $imageinfo returns false). (cmb)
- official 7.1.20 bug fixed
. fixed #76366 Filter: References in sub-array for filtering breaks the filter
- security issues
. CVE-2018-10549 Exif: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value (#76130)
. CVE-2018-10546 iconv: stream filter convert.iconv leads to infinite loop on invalid sequence (#76249)
. CVE-2018-10548 ldap: Malicious LDAP-Server Response causes Crash (#76248)
. CVE-2018-10547 Phar: fix for CVE-2018-5712 may not be complete (#76129)
. CVE-2018-10545 FPM: Dumpable FPM child processes allow bypassing opcache access controls (#75605)
|
| php71-7.1.15-1.an3.src
[14.6 MiB] |
Changelog
by JoungKyun.Kim (2018-03-24):
- update 7.1.15
. http://php.net/ChangeLog-7.php#7.1.15
- official 7.1.15 bug fixed
. fixed #76025 Core: Segfault while throwing exception in error_handler
. fixed #73957 GD: signed integer conversion in imagescale()
. fixed #76074 Opcache: opcache corrupts variable in for-loop
. Fixed #76085 Phar: Segmentation fault in buildFromIterator when directory name contains a \n
. fixed #74139 Standard: mail.add_x_header default inconsistent with docs
. fixed #76068 Standard: parse_ini_string fails to parse "[foo]\nbar=1|>baz" with segfault
- official 7.1.16 bug fixed
. fixed #75944 Mbstring: Wrong cp1251 detection
. fixed #76113 Mbstring: mbstring does not build with Oniguruma 6.8.1
|
| php71-7.1.14-1.an3.src
[14.4 MiB] |
Changelog
by JoungKyun.Kim (2018-02-03):
- update 7.1.14
- official 7.1.14 bug fixed
. fixed #75882 Apache2Handler: a simple way for segfaults in threadsafe php just with configuration
. fixed #75838 PGSQL: Memory leak in pg_escape_bytea()
. fieed #73725 ODBC: Unable to retrieve value of varchar(max) type
- if upload_image_check is on, only add sec and secstr member of $_FILES
|
| php71-7.1.12-1.an3.src
[14.4 MiB] |
Changelog
by JoungKyun.Kim (2017-11-25):
- officila 7.1.12 bug fixed
. fixed #74862 Unable to clone instance when private __clone defined
. fixed #60471 Random "Invalid request (unexpected EOF)" using a router script
. fixed #74183 preg_last_error not returning error code after error
. fixed #75511 fread not free unused buffer
. fixed #75514 mt_rand returns value outside [$min,$max]+ on 32-bit
. fixed #75535 Inappropriately parsing HTTP response leads to PHP segment fault
. fixed #75409 accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing
. fixed #75540 Segfault with libzip 1.3.1
- security issues
. CVE-2016-1283 PCRE: preg_match double free
|
| php71-7.1.9-1.an3.src
[14.6 MiB] |
Changelog
by JoungKyun.Kim (2017-09-01):
- official 7.1.9 bug fixed
. fixed #75093 CURL: OpenSSL support not detected
. Fixed #75124 GD: gdImageGrayScale() may produce colors
. Fixed #75090 Intl: (IntlGregorianCalendar doesn't have constants from parent class
. Fixed #74631 PDO_OCI PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up
. Fixed #75097 Standard: gethostname fails if your host name is 64 chars long
|
| php71-7.1.0-3.an3.src
[15.2 MiB] |
Changelog
by JoungKyjn.Kim (2017-01-06):
- official 7.1.0 bug fixed
. fixed bug #73792 Core: invalid foreach loop hangs script
. fixed bug #73753 Core: unserialized array pointer not advancing
. fixed bug #73783 Core: SIG_IGN doesn't work when Zend Signals is enabled
. fixed bug #67474 Dom: getElementsByTagNameNS filter on default ns
. fixed bug #73462 Mysqli: Persistent connections don't set $connect_errno
. fixed bug #73800 Mysqlnd: sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE
. fixed bug #73789 Opcache: Strange behavior of class constants in switch/case block
. fixed bug #73847 Opcache: Recursion when a variable is redefined as array
. fixed bug #70213 Standard: Unserialize context shared on double class lookup
. fixed bug #73154 Standard: serialize object with __sleep function crash
. fixed bug #31875 Standard: get_defined_functions additional param to exclude disabled functions
. fixed bug #73373 Zlib: deflate_add does not verify that output was not truncated
- official 7.1.1 bug fixed
. fixed bug #71519 Openssl: add serial hex to return value array
. fixed bug #70417 Phar: PharData::compress() doesn't close temp file
. fixed bug #70103 Zip: ZipArchive::addGlob ignores remove_all_path option
- security issues
. exec_dir: #8 backquote and $() syntax weakness after semi colon
https://github.com/OOPS-ORG-PHP/mod_execdir/issues/8
|
| php71-7.1.0-2.an3.src
[15.2 MiB] |
Changelog
by JoungKyun.Kim (2016-12-19):
- official 7.1.0 bug fixed
. fixed bug #73727 Core:ZEND_MM_BITSET_LEN is "undefined symbol" in zend_bitset.h
. fixed bug #73679 COM: DOTNET read access violation using invalid codepage
. fixed bug #73646 Mbstring: mb_ereg_search_init null pointer dereference
. fixed bug #73746 Opcache: Method that returns string returns UNKNOWN:0 instead
. fixed bug #73594 Standard: dns_get_record does not populate $additional out parameter
|
| php71-7.1.0-1.an3.src
[15.2 MiB] |
Changelog
by JoungKyun.Kim (2016-12-09):
- update 7.1.0
- remove apache module package
- official 7.1.0 bug fixed
. fixed bug #73663 Core: "Invalid opcode 65/16/8" occurs with a variable created with list()
. fixed bug #73654 Opcache: Segmentation fault in zend_call_function
. fixed bug #73668 Opcache: "SIGFPE Arithmetic exception" in opcache when divide by minus 1
. fixed bug #73686 SPL: Adding settype()ed values to ArrayObject results in references
|