From 7991a88675a2a1d8a7683f88b301b11080b4093d Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Thu, 6 Jul 2017 00:05:14 +0200 Subject: [PATCH 1/2] move NEWS entry to the correct place, also bump the version --- NEWS | 10 +++++++--- configure.in | 2 +- main/php_version.h | 6 +++--- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/NEWS b/NEWS index 432cc80283b..b69d04f37c4 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,8 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -?? ?? 2017, PHP 5.6.31 +?? ?? 2017, PHP 5.6.32 + +06 Jul 2017, PHP 5.6.31 - Core: . Fixed bug #73807 (Performance problem with processing post request over @@ -15,6 +17,10 @@ PHP NEWS GD: . Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb) +mbstring: + . Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, + CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA) + OpenSSL: . Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (Stas) @@ -259,8 +265,6 @@ WDDX: . Fixed bug #66797 (mb_substr only takes 32-bit signed integer). (cmb) . Fixed bug #72910 (Out of bounds heap read in mbc_to_code() / triggered by mb_ereg_match()). (Stas) - . Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, - CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA) - MSSQL: . Fixed bug #72039 (Use of uninitialised value on mssql_guid_string). (Kalle) diff --git a/configure.in b/configure.in index 33c771428c1..5813b5b8fff 100644 --- a/configure.in +++ b/configure.in @@ -119,7 +119,7 @@ int zend_sprintf(char *buffer, const char *format, ...); PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=6 -PHP_RELEASE_VERSION=31 +PHP_RELEASE_VERSION=32 PHP_EXTRA_VERSION="-dev" PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION" PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` diff --git a/main/php_version.h b/main/php_version.h index becb2f7730b..3237383da17 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 6 -#define PHP_RELEASE_VERSION 31 +#define PHP_RELEASE_VERSION 32 #define PHP_EXTRA_VERSION "-dev" -#define PHP_VERSION "5.6.31-dev" -#define PHP_VERSION_ID 50631 +#define PHP_VERSION "5.6.32-dev" +#define PHP_VERSION_ID 50632 From 390f64701de2ca12a7ece2e0df26c495900cab97 Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Thu, 6 Jul 2017 00:10:07 +0200 Subject: [PATCH 2/2] add missing NEWS entry for #74087 and also fix the formatting --- NEWS | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index b69d04f37c4..7680270cba2 100644 --- a/NEWS +++ b/NEWS @@ -14,18 +14,22 @@ PHP NEWS . Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via php_parse_date()). (Derick) -GD: +- GD: . Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb) -mbstring: +- mbstring: . Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA) -OpenSSL: +- OpenSSL: . Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (Stas) -WDDX: +- PCRE: + . Fixed bug #74087 (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)). + (Stas) + +- WDDX: . Fixed bug #74145 (wddx parsing empty boolean tag leads to SIGSEGV). (Stas) 19 Jan 2017, PHP 5.6.30