Thema: Neue Versionen der Skriptsprache PHP

[SiLæncer]

Umfangreiches Handbuch, das Sie über alle Fragen zur Opensource-Scriptsprache PHP aufklärt.

Das Handbuch erläutert Ihnen alles was Sie zu "Hypertext Preprocessor" (PHP) wissen müssen. Nach der allgemeinen Einführung erhalten Sie jede Menge Informationen zu Sprachreferenzen, Sicherheit und zusätzlichen Features von PHP. Hintergrund: Die Programmiersprache PHP wird gewöhnlich dazu verwendet,dynamisch generierte Webseiten in kurzer Zeit zu erzeugen.

Freeware

http://www.php.net/

[SiLæncer]

Release Notes

COM:
Fixed bug #41577 (DOTNET is successful once per server run)
Core:
Fixed bug #67693 (incorrect push to the empty array).
Removed inconsistency regarding behaviour of array in constants at
run-time.
Fileinfo:
Fixed bug #67705 (extensive backtracking in rule regular expression).
(CVE-2014-3538)
FPM:
Fix bug #67606 (revised fix 67541, broke mod_fastcgi BC).
GD:
Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference).
(CVE-2014-2497)
Milter:
Fixed bug #67715 (php-milter does not build and crashes randomly).
OpenSSL:
Fixed bug #41631 (socket timeouts not honored in blocking SSL reads).
SPL:
Revert fix for bug #67064 (BC issues).
Zlib:
Fixed bug #67724 (chained zlib filters silently fail with large amounts of
data).
Date:
Fixed bug #66091 (memory leaks in DateTime constructor)

[close]

http://www.php.net/

[SiLæncer]

Die mittlerweile fünf Jahre alte Version der Skriptsprache erhält fortan keine weiteren Bugfixes mehr. Spätestens jetzt ist es angeraten, auf ein aktuelleres PHP zu wechseln.

Die letzte Woche freigegebene Version PHP 5.3.29 wird aller Voraussicht nach die letzte Ausgabe des 5.3-Release-Strangs der Skriptsprache sein. Das sogenannte End of Life bedeutet, dass die in PHP 5.3.29 eingeflossenen Sicherheits- und Bugfixes die letzten sein werden, die PHP 5.3.x erhalten wird. Für PHP-Entwickler, die mit dieser alten Sprachversion arbeiten, bedeutet das, dass nun der Wechsel auf ein neueres PHP dringend anzuraten ist.

Der ganze Artikel

Quelle : www.heise.de

[SiLæncer]

Release Notes

COM:
Fixed missing type checks in com_event_sink.
Core:
Fixed bug #67693 (incorrect push to the empty array).
Fileinfo:
Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538).
Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587)).
FPM:
Fixed bug #67635 (php links to systemd libraries without using pkg-config).
GD:
Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497).
Fixed bug #67730 (Null byte injection possible with imagexxx functions). (CVE-2014-5120).
Milter:
Fixed bug #67715 (php-milter does not build and crashes randomly).
Network:
Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597).
OpenSSL:
Fixed missing type checks in OpenSSL options.
readline:
Fixed bug #55496 (Interactive mode doesn't force a newline before the prompt).
Fixed bug #67496 (Save command history when exiting interactive shell with control-c).
Sessions:
Fixed missing type checks in php_session_create_id.
ODBC:
Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte char fields).

[close]

http://www.php.net/

[SiLæncer]

Changelog : http://php.net/ChangeLog-5.php#5.6.0

http://www.php.net/

[SiLæncer]

Changelog : http://php.net/ChangeLog-5.php#5.6.1

http://www.php.net/

[SiLæncer]

Changelog : http://php.net/ChangeLog-5.php#5.6.2

http://www.php.net/

[SiLæncer]

Changelog : http://php.net/ChangeLog-5.php#5.6.3

http://www.php.net/

[SiLæncer]

Changelog : http://php.net/ChangeLog-5.php#5.6.4 (sobald verfügbar)

Download (Windows) : http://windows.php.net/downloads/releases/

Download (Linux) : http://de2.php.net/distributions/

http://www.php.net/

[SiLæncer]

Changelog

- Core:
  . Upgraded crypt_blowfish to version 1.3. (Leigh)
  . Fixed bug #60704 (unlink() bug with some files path).
  . Fixed bug #65419 (Inside trait, self::class != __CLASS__). (Julien)
  . Fixed bug #68536 (pack for 64bits integer is broken on bigendian). (Remi)
  . Fixed bug #55541 (errors spawn MessageBox, which blocks test automation).
    (Anatol)
  . Fixed bug #68297 (Application Popup provides too few information). (Anatol)
  . Fixed bug #65769 (localeconv() broken in TS builds). (Anatol)
  . Fixed bug #65230 (setting locale randomly broken). (Anatol)
  . Fixed bug #66764 (configure doesn't define EXPANDED_DATADIR / PHP_DATADIR
    correctly). (Ferenc)
  . Fixed bug #68583 (Crash in timeout thread). (Anatol)
  . Fixed bug #65576 (Constructor from trait conflicts with inherited
    constructor). (dunglas at gmail dot com)
  . Fixed bug #68676 (Explicit Double Free). (Kalle)
  . Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()).
    (CVE-2015-0231) (Stefan Esser)

- CGI:
  . Fixed bug #68618 (out of bounds read crashes php-cgi). (CVE-2014-9427)
    (Stas)

- CLI server:
  . Fixed bug #68745 (Invalid HTTP requests make web server segfault). (Adam)

- cURL:
  . Fixed bug #67643 (curl_multi_getcontent returns '' when
    CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans)

- Date:
  . Implemented FR #68268 (DatePeriod: Getter for start date, end date and
    interval). (Marc Bennewitz)

- EXIF:
  . Fixed bug #68799: Free called on unitialized pointer. (CVE-2015-0232)
    (Stas)

- Fileinfo:
  . Fixed bug #68398 (msooxml matches too many archives). (Anatol)
  . Fixed bug #68665 (invalid free in libmagic). (Joshua Rogers, Anatol Belski)
  . Fixed bug #68671 (incorrect expression in libmagic).
    (Joshua Rogers, Anatol Belski)
  . Removed readelf.c and related code from libmagic sources
    (Remi, Anatol)
  . Fixed bug #68735 (fileinfo out-of-bounds memory access).
    (Anatol)

- FPM:
  . Fixed request #68526 (Implement POSIX Access Control List for UDS). (Remi)
  . Fixed bug #68751 (listen.allowed_clients is broken). (Remi)

- GD:
  . Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Jan Bee, Remi)
  . Fixed request #68656 (Report gd library version). (Remi)

- mbstring:
  . Fixed bug #68504 (--with-libmbfl configure option not present on Windows).
    (Ashesh Vashi)

- Opcache:
  . Fixed bug #68644 (strlen incorrect : mbstring + func_overload=2 +UTF-8
    + Opcache). (Laruence)
  . Fixed bug #67111 (Memory leak when using "continue 2" inside two foreach
    loops). (Nikita)

- OpenSSL:
  . Improved handling of OPENSSL_KEYTYPE_EC keys. (Dominic Luechinger)

- pcntl:
  . Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler
    when setting SIG_DFL). (Julien)

- PCRE:
  . Fixed bug #66679 (Alignment Bug in PCRE 8.34 upstream).
    (Rainer Jung, Anatol Belski)

- pgsql:
  . Fixed bug #68697 (lo_export return -1 on failure). (Ondřej Surý)

- PDO:
  . Fixed bug #68371 (PDO#getAttribute() cannot be called with platform-specifi
    attribute names). (Matteo)

- PDO_mysql:
  . Fixed bug #68424 (Add new PDO mysql connection attr to control multi
    statements option). (peter dot wolanin at acquia dot com)

- SPL:
  . Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME
    breaks the RecursiveIterator). (Paul Garvin)
  . Fixed bug #68479 (Added escape parameter to SplFileObject::fputcsv). (Salathe)

- SQLite:
  . Fixed bug #68120 (Update bundled libsqlite to 3.8.7.2). (Anatol)

- Streams:
  . Fixed bug #68532 (convert.base64-encode omits padding bytes).
    (blaesius at krumedia dot de)

[close]

Download (Windows) : http://windows.php.net/downloads/releases/

Download (Linux) : http://de2.php.net/distributions/

http://www.php.net/

[SiLæncer]

Changelog

- Core:
  . Removed support for multi-line headers, as the are deprecated by RFC 7230.
    (Stas)
  . Fixed bug #67068 (getClosure returns somethings that's not a closure).
    (Danack at basereality dot com)
  . Fixed bug #68942 (Use after free vulnerability in unserialize() with
    DateTimeZone). (CVE-2015-0273) (Stas)
  . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname
    buffer overflow). (Stas)
  . Fixed Bug #67988 (htmlspecialchars() does not respect default_charset
    specified by ini_set) (Yasuo)
  . Added NULL byte protection to exec, system and passthru. (Yasuo)

- Dba:
  . Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)

- Enchant:
  . Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()).
    (Antony)

- Fileinfo:
  . Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)
  . Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files
    correctly). (Anatol)
  . Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with some
    gifs). (Anatol)

- FPM:
  . Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)
  . Fixed bug #68571 (core dump when webserver close the socket).
    (redfoxli069 at gmail dot com, Laruence)

- JSON:
  . Fixed bug #50224 (json_encode() does not always encode a float as a float)
    by adding JSON_PRESERVE_ZERO_FRACTION. (Juan Basso)

- LIBXML:
  . Fixed bug #64938 (libxml_disable_entity_loader setting is shared
    between threads). (Martin Jansen)

- Mysqli:
  . Fixed bug #68114 (linker error on some OS X machines with fixed
    width decimal support) (Keyur Govande)
  . Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient
    has rounding errors) (Keyur Govande)

- Opcache:
  . Fixed bug with try blocks being removed when extended_info opcode
    generation is turned on. (Laruence)

- PDO_mysql:
  . Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of
    named pipes). (steffenb198 at aol dot com)

- Phar:
  . Fixed bug #68901 (use after free). (bugreports at internot dot info)

- Pgsql:
  . Fixed Bug #65199 (pg_copy_from() modifies input array variable) (Yasuo)

- Session:
  . Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
  . Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
  . Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)

- Sqlite3:
  . Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
    required_num_args). (Julien)

- Standard:
  . Fixed bug #65272 (flock() out parameter not set correctly in windows).
    (Daniel Lowrey)
  . Fixed bug #69033 (Request may get env. variables from previous requests
    if PHP works as FastCGI). (Anatol)

- Streams:
  . Fixed bug which caused call after final close on streams filter. (Bob)

[close]

Download (Windows) : http://windows.php.net/downloads/releases/

Download (Linux) : http://de2.php.net/distributions/

http://www.php.net/

[SiLæncer]

Changelog

Core:
Fixed bug #69174 (leaks when unused inner class use traits precedence).
Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).
Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build).
Fixed bug #65593 (Segfault when calling ob_start from output buffering callback).
Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c).
Fixed bug #68166 (Exception with invalid character causes segv).
Fixed bug #69141 (Missing arguments in reflection info for some builtin functions).
Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (CVE-2015-0231)
Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options).
Fixed bug #69207 (move_uploaded_file allows nulls in path).
CGI:
Fixed bug #69015 (php-cgi's getopt does not see $argv).
CLI:
Fixed bug #67741 (auto_prepend_file messes up __LINE__).
cURL:
Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32).
Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl.
Ereg:
Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (CVE-2015-2305)
FPM:
Fixed bug #68822 (request time is reset too early).
ODBC:
Fixed bug #68964 (Allowed memory size exhausted with odbc_exec).
Opcache:
Fixed bug #69159 (Opcache causes problem when passing a variable variable to a function).
Fixed bug #69125 (Array numeric string as key).
Fixed bug #69038 (switch(SOMECONSTANT) misbehaves).
OpenSSL:
Fixed bug #68912 (Segmentation fault at openssl_spki_new).
Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe socket timeouts).
Fixed bug #68920 (use strict peer_fingerprint input checks) (Daniel Lowrey)
Fixed bug #68879 (IP Address fields in subjectAltNames not used) (Daniel Lowrey)
Fixed bug #68265 (SAN match fails with trailing DNS dot) (Daniel Lowrey)
Fixed bug #67403 (Add signatureType to openssl_x509_parse) (Daniel Lowrey)
Fixed bug #69195 (Inconsistent stream crypto values across versions) (Daniel Lowrey)
pgsql:
Fixed bug #68638 (pg_update() fails to store infinite values).
Readline:
Fixed bug #69054 (Null dereference in readline_(read|write)_history() without parameters).
SOAP:
Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()).
SPL:
Fixed bug #69108 ("Segmentation fault" when (de)serializing SplObjectStorage).
Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()).
ZIP:
Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary). (CVE-2015-2331)

[close]

Download (Windows) : http://windows.php.net/downloads/releases/

Download (Linux) : http://de2.php.net/distributions/

http://www.php.net/

[SiLæncer]

Changelog

16-Apr-2015
Apache2handler:
Fixed bug #69218 (potential remote code execution with apache 2.4 apache2handler).
Core:
Fixed bug #66609 (php crashes with __get() and ++ operator in some cases).
Fixed bug #67626 (User exceptions not properly handled in streams).
Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8 characters).
Fixed bug #68917 (parse_url fails on some partial urls).
Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options).
Additional fix for bug #69152 (Type confusion vulnerability in exception::getTraceAsString).
Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in __call/... arg passing).
Fixed bug #69221 (Segmentation fault when using a generator in combination with an Iterator).
Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability).
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions).
Curl:
Implemented FR#69278 (HTTP2 support).
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER).
Date:
Export date_get_immutable_ce so that it can be used by extensions.
Fixed bug #69336 (Issues with "last day of <monthname>").
Enchant:
Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows builds).
Fileinfo:
Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault).
Filter:
Fixed bug #69202 (FILTER_FLAG_STRIP_BACKTICK ignored unless other flags are used).
Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127).
Mbstring:
Fixed bug #68846 (False detection of CJK Unified Ideographs Extension E).
OPCache:
Fixed bug #68677 (Use After Free).
Fixed bug #69281 (opcache_is_script_cached no longer works).
OpenSSL:
Fixed bug #67403 (Add signatureType to openssl_x509_parse).
Add a check for RAND_egd to allow compiling against LibreSSL.
Phar:
Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar).
Fixed bug #64931 (phar_add_file is too restrictive on filename).
Fixed bug #65467 (Call to undefined method cli_arg_typ_string).
Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing ".tar").
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar).
Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode).
Postgres:
Fixed bug #68741 (Null pointer dereference).
SPL:
Fixed bug #69227 (Use after free in zval_scan caused by spl_object_storage_get_gc).
SOAP:
Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)).
SQLITE:
Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception).
Fixed bug #69287 (Upgrade bundled sqlite to 3.8.8.3).

[close]

Download (Windows) : http://windows.php.net/downloads/releases/

Download (Linux) : http://de2.php.net/distributions/

http://www.php.net/

[SiLæncer]

Changelog

16-Apr-2015
Core:
Fixed bug #66609 (php crashes with __get() and ++ operator in some cases).
Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8 characters).
Fixed bug #68917 (parse_url fails on some partial urls).
Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options).
Additional fix for bug #69152 (Type confusion vulnerability in exception::getTraceAsString).
Fixed bug #69210 (serialize function return corrupted data when sleep has non-string values).
Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in __call/... arg passing).
Fixed bug #69221 (Segmentation fault when using a generator in combination with an Iterator).
Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability).
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions).
Apache2handler:
Fixed bug #69218 (potential remote code execution with apache 2.4 apache2handler).
cURL:
Implemented FR #69278 (HTTP2 support).
Fixed bug #68739 (Missing break / control flow).
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER).
Date:
Fixed bug #69336 (Issues with "last day of <monthname>").
Enchant:
Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows builds).
Ereg:
Fixed bug #68740 (NULL Pointer Dereference).
Fileinfo:
Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault).
Filter:
Fixed bug #69202: (FILTER_FLAG_STRIP_BACKTICK ignored unless other flags are used).
Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127).
OPCache:
Fixed bug #69297 (function_exists strange behavior with OPCache on disabled function).
Fixed bug #69281 (opcache_is_script_cached no longer works).
Fixed bug #68677 (Use After Free). (CVE-2015-1351)
OpenSSL:
Fixed bugs #68853, #65137 (Buffered crypto stream data breaks IO polling in stream_select() contexts) (Chris Wright)
Fixed bug #69197 (openssl_pkcs7_sign handles default value incorrectly) (Daniel Lowrey)
Fixed bug #69215 (Crypto servers should send client CA list) (Daniel Lowrey)
Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)
Phar:
Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar).
Fixed bug #64931 (phar_add_file is too restrictive on filename).
Fixed bug #65467 (Call to undefined method cli_arg_typ_string).
Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing ".tar").
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar).
Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode).
Postgres:
Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352)
SPL:
Fixed bug #69227 (Use after free in zval_scan caused by spl_object_storage_get_gc).
SOAP:
Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)).
Sqlite3:
Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception).
Fixed bug #69287 (Upgrade bundled libsqlite to 3.8.8.3).
Fixed bug #66550 (SQLite prepared statement use-after-free).

[close]

Download (Windows) : http://windows.php.net/downloads/releases/

Download (Linux) : http://de2.php.net/distributions/

http://www.php.net/

[SiLæncer]

Changelog

Core:
Fixed bug #69467 (Wrong checked for the interface by using Trait).
Fixed bug #69420 (Invalid read in zend_std_get_method).
Fixed bug #60022 ("use statement [...] has no effect" depends on leading backslash).
Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer).
Fixed bug #68652 (segmentation fault in destructor).
Fixed bug #69419 (Returning compatible sub generator produces a warning).
Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA).
Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability).
Fixed bug #69403 (str_repeat() sign mismatch based memory corruption).
Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+).
Fixed bug #69522 (heap buffer overflow in unpack()).
FTP:
Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow).
ODBC:
Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0).
Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result).
Fixed bug #69381 (out of memory with sage odbc driver).
OpenSSL:
Fixed bug #69402 (Reading empty SSL stream hangs until timeout).
PCNTL:
Fixed bug #68598 (pcntl_exec() should not allow null char).
PCRE:
Upgraded pcrelib to 8.37.
Phar:
Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null).

[close]

Download (Windows) : http://windows.php.net/downloads/releases/

Download (Linux) : http://de2.php.net/distributions/

http://www.php.net/