חדשות, עדכונים, מדריכים ועזרים | עדכוני תוכנות ואפליקציות - (18.08.16) - גרסה חדשה: PHP 5.6.25

(18.08.16) - גרסה חדשה: PHP 5.6.25

עדכוני תוכנות ואפליקציות

חדשות, עדכונים, מדריכים ועזרים


PHP

להורדה:
לינוקס: http://www.php.net/downloads.php
ווינדוס (Windows binaries): http://windows.php.net/download/

http://php.net/ChangeLog-5.php

מה חדש:

Core:
Fixed bug #70436 (Use After Free Vulnerability in unserialize()).
Fixed bug #72024 (microtime() leaks memory).
Fixed bug #72581 (previous property undefined in Exception after deserialization).
Implemented FR #72614 (Support "nmake test" on building extensions by phpize).
Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX).
Fixed bug #72663 (Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization).
Fixed bug #72681 (PHP Session Data Injection Vulnerability).

Bz2:
Fixed bug #72837 (integer overflow in bzdecompress caused heap corruption).

Calendar:
Fixed bug #67976 (cal_days_month() fails for final month of the French calendar).
Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in zif_cal_from_jd).

Curl:
Fixed bug #71144 (Segmentation fault when using cURL with ZTS).
Fixed bug #71929 (Certification information (CERTINFO) data parsing error).
Fixed bug #72807 (integer overflow in curl_escape caused heap corruption).

DOM:
Fixed bug #66502 (DOM document dangling reference).
Ereg:
Fixed bug #72838 (Integer overflow lead to heap corruption in sql_regcase).

EXIF:
Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF).
Fixed bug #72735 (Samsung picture thumb not read (zero size)).

Filter:
Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8 range).

FPM:
Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user).

GD:
Fixed bug #43828 (broken transparency of imagearc for truecolor in blendingmode).
Fixed bug #66555 (Always false condition in ext/gd/libgd/gdkanji.c).
Fixed bug #68712 (suspicious if-else statements).
Fixed bug #70315 (500 Server Error but page is fully rendered).
Fixed bug #72596 (imagetypes function won't advertise WEBP support).
Fixed bug #72604 (imagearc() ignores thickness for full arcs).
Fixed bug #72697 (select_colors write out-of-bounds).
Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles).
Fixed bug #72730 (imagegammacorrect allows arbitrary write access).

Intl:
Partially fixed #72506 (idn_to_ascii for UTS #46 incorrect for long domain names).

mbstring:
Fixed bug #72691 (mb_ereg_search raises a warning if a match zero-width).
Fixed bug #72693 (mb_ereg_search increments search position when a match zero-width).
Fixed bug #72694 (mb_ereg_search_setpos does not accept a string's last position).
Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error).

PCRE:
Fixed bug #72688 (preg_match missing group names in matches).

PDO_pgsql:
Fixed bug #70313 (PDO statement fails to throw exception).

Reflection:
Fixed bug #72222 (ReflectionClass::export doesn't handle array constants).

SNMP:
Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory allocation).

Standard:
Fixed bug #72330 (CSV fields incorrectly split if escape char followed by UTF chars).
Fixed bug #72836 (integer overflow in base64_decode).
Fixed bug #72848 (integer overflow in quoted_printable_encode).
Fixed bug #72849 (integer overflow in urlencode).
Fixed bug #72850 (integer overflow in php_uuencode).
Fixed bug #72716 (initialize buffer before read).

Streams:
Fixed bug #41021 (Problems with the ftps wrapper).
Fixed bug #54431 (opendir() does not work with ftps:// wrapper).
Fixed bug #72667 (opendir() with ftp:// attempts to open data stream for non-existent directories).
Fixed bug #72764 (ftps:// opendir wrapper data channel encryption fails with IIS FTP 7.5, 8.5).
Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol downgrade attack).

SPL:
Fixed bug #72122 (IteratorIterator breaks '@' error suppression).
Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape character).
Fixed bug #72684 (AppendIterator segfault with closed generator).

SQLite3:
Implemented FR #72653 (SQLite should allow opening with empty filename).

Wddx:
Fixed bug #72142 (WDDX Packet Injection Vulnerability in wddx_serialize_value()).
Fixed bug #72749 (wddx_deserialize allows illegal memory access) (Stas)
Fixed bug #72750 (wddx_deserialize null dereference).
Fixed bug #72790 (wddx_deserialize null dereference with invalid xml).
Fixed bug #72799 (wddx_deserialize null dereference in php_wddx_pop_element).