5.4.45

2026-03-23 23:02:13 +01:00 · 2015-09-04 12:39:23 -07:00
parent dfe2ca5a14
commit 0c1f39588d
8 changed files with 138 additions and 8 deletions
--- a/ChangeLog-5.php
+++ b/ChangeLog-5.php
@@ -117,6 +117,46 @@ site_header("PHP 5 ChangeLog", array("current" => "docs", "css" => array("change
 </ul>
 <!-- }}} --></section>

+<section class="version" id="5.4.45"><!-- {{{ 5.4.45 -->
+<h3>Version 5.4.45</h3>
+<b><?php release_date('03-Sep-2015'); ?></b>
+<ul><li>Core:
+<ul>
+  <li><?php bugfix(70172); ?> (Use After Free Vulnerability in unserialize()).</li>
+  <li><?php bugfix(70219); ?> (Use after free vulnerability in session deserializer).</li>
+</ul></li>
+<li>EXIF:
+<ul>
+  <li><?php bugfix(70385); ?> (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).</li>
+</ul></li>
+<li>hash:
+<ul>
+  <li><?php bugfix(70312); ?> (HAVAL gives wrong hashes in specific cases).</li>
+</ul></li>
+<li>PCRE:
+<ul>
+  <li><?php bugfix(70345); ?> (Multiple vulnerabilities related to PCRE functions).</li>
+</ul></li>
+<li>SOAP:
+<ul>
+  <li><?php bugfix(70388); ?> (SOAP serialize_function_call() type confusion / RCE).</li>
+</ul></li>
+<li>SPL:
+<ul>
+  <li><?php bugfix(70365); ?> (Use-after-free vulnerability in unserialize() with SplObjectStorage).</li>
+  <li><?php bugfix(70366); ?> (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).</li>
+</ul></li>
+<li>XSLT:
+<ul>
+  <li><?php bugfix(69782); ?> (NULL pointer dereference).</li>
+</ul></li>
+<li>ZIP:
+<ul>
+  <li><?php bugfix(70350); ?> (ZipArchive::extractTo allows for directory traversal when creating directories).</li>
+</ul></li>
+</ul>
+<!-- }}} --></section>
+
 <section class="version" id="5.6.12"><!-- {{{ 5.6.12 -->
 <h3>Version 5.6.12</h3>
 <?php release_date('06-Aug-2015'); ?>
--- a/archive/archive.xml
+++ b/archive/archive.xml
@@ -9,6 +9,7 @@
    <uri>http://php.net/contact</uri>
    <email>php-webmaster@lists.php.net</email>
  </author>
+  <xi:include href="entries/2015-09-04-4.xml"/>
  <xi:include href="entries/2015-09-04-3.xml"/>
  <xi:include href="entries/2015-09-04-2.xml"/>
  <xi:include href="entries/2015-09-04-1.xml"/>
--- a/archive/entries/2015-08-06-2.xml
+++ b/archive/entries/2015-08-06-2.xml
@@ -21,7 +21,7 @@
     </p>
     
     <p>Please note that PHP 5.4 branch is nearing the end of its <a href="http://php.net/supported-versions.php">support timeframe</a>. Either September or October release, depending on discovered issues, will be the last official release of PHP 5.4.
-     If your PHP installations is based on PHP 5.4, it may be a good time to start making the plans for the upgrade.
+     If your PHP installation is based on PHP 5.4, it may be a good time to start making the plans for the upgrade.
     </p>
    </div>
  </content>
--- a/archive/entries/2015-09-04-4.xml
+++ b/archive/entries/2015-09-04-4.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="utf-8"?>
+<entry xmlns="http://www.w3.org/2005/Atom">
+  <title>PHP 5.4.45 Released</title>
+  <id>http://php.net/archive/2015.php#id2015-09-04-4</id>
+  <published>2015-09-04T12:37:46-07:00</published>
+  <updated>2015-09-04T12:37:46-07:00</updated>
+  <category term="frontpage" label="PHP.net frontpage news"/>
+  <category term="releases" label="New PHP release"/>
+  <link href="http://php.net/index.php#id2015-09-04-4" rel="alternate" type="text/html"/>
+  <link href="http://php.net/archive/2015.php#id2015-09-04-4" rel="via" type="text/html"/>
+  <content type="xhtml">
+    <div xmlns="http://www.w3.org/1999/xhtml">
+     <p>The PHP development team announces the immediate availability of PHP
+     5.4.45. Ten security-related issues were fixed in this release.
+     All PHP 5.4 users are encouraged to upgrade to this version.
+     </p>
+     
+     <p>For source downloads of PHP 5.4.45 please visit our <a href="http://www.php.net/downloads.php">downloads page</a>,
+     Windows binaries can be found on <a href="http://windows.php.net/download/">windows.php.net/download/</a>.
+     The list of changes is recorded in the <a href="http://www.php.net/ChangeLog-5.php#5.4.45">ChangeLog</a>.
+     </p>
+     
+     <p>Please note that according to the <a href="http://php.net/supported-versions.php">PHP version support timelines</a>,
+     PHP 5.4.45 is the last scheduled release of PHP 5.4 branch. There may be additional release if we discover
+     important security issues that warrant it, otherwise this release will be the final one in the PHP 5.4
+     If your PHP installation is based on PHP 5.4, it may be a good time to start making the plans for the upgrade to PHP 5.5 or PHP 5.6.
+     </p>
+    </div>
+  </content>
+</entry>
--- a/include/releases.inc
+++ b/include/releases.inc
@@ -1411,6 +1411,39 @@ $OLDRELEASES = array (
      'date' => '20 Jun 2013',
      'museum' => true,
    ),
+    '5.4.44' => 
+    array (
+      'announcement' => 
+      array (
+        'English' => '/releases/5_4_44.php',
+      ),
+      'source' => 
+      array (
+        0 => 
+        array (
+          'filename' => 'php-5.4.44.tar.bz2',
+          'name' => 'PHP 5.4.44 (tar.bz2)',
+          'md5' => '25725eb0dff0d45351b01fb483709b8d',
+          'sha256' => '8dd59e5ce9248cf36ac3de5412a518b8b24c01ace6c46ce3d12e4ce981a3856d',
+          'date' => '06 Aug 2015',
+        ),
+        1 => 
+        array (
+          'filename' => 'php-5.4.44.tar.gz',
+          'name' => 'PHP 5.4.44 (tar.gz)',
+          'md5' => '9a6f79bc68eb926d230448905229dd1c',
+          'sha256' => '1799998e48da3d8f34722840628e18789e26ea21741d4e498ade6749b3266602',
+          'date' => '06 Aug 2015',
+        ),
+        2 => 
+        array (
+          'link' => 'http://windows.php.net/download/#php-5.4',
+          'name' => 'Windows 5.4.44 binaries and source',
+        ),
+      ),
+      'date' => '06 Aug 2015',
+      'museum' => false,
+    ),
    '5.4.43' => 
    array (
      'announcement' => 
--- a/include/version.inc
+++ b/include/version.inc
@@ -52,15 +52,15 @@ $PHP_5_5_SHA256     = array(
 $PHP_5_4_RC = false; // Current RC version (e.g., '5.6.7RC1') or false
 $PHP_5_4_RC_DATE = '4 Sep 2014';

-$PHP_5_4_VERSION         = "5.4.44";
-$PHP_5_4_DATE            = "06 Aug 2015";
+$PHP_5_4_VERSION         = "5.4.45";
+$PHP_5_4_DATE            = "03 Sep 2015";
 $PHP_5_4_MD5     = array(
-                       "tar.bz2"       => "25725eb0dff0d45351b01fb483709b8d",
-                       "tar.gz"        => "9a6f79bc68eb926d230448905229dd1c",
+                       "tar.bz2"       => "185f67f1ca652b18bc0cca9d7edbde7c",
+                       "tar.gz"        => "ba580e774ed1ab256f22d1fa69a59311",
 );
 $PHP_5_4_SHA256     = array(
-                       "tar.bz2"       => "8dd59e5ce9248cf36ac3de5412a518b8b24c01ace6c46ce3d12e4ce981a3856d",
-                       "tar.gz"        => "1799998e48da3d8f34722840628e18789e26ea21741d4e498ade6749b3266602",
+                       "tar.bz2"       => "4e0d28b1554c95cfaea6fa2b64aac85433f158ce72bb571bcd5574f98f4c6582",
+                       "tar.gz"        => "25bc4723955f4e352935258002af14a14a9810b491a19400d76fcdfa9d04b28f",
 );

 $RELEASES = array(
--- a/releases/5_4_44.php
+++ b/releases/5_4_44.php
@@ -18,7 +18,7 @@ The list of changes is recorded in the <a href="http://www.php.net/ChangeLog-5.p
 </p>

 <p>Please note that PHP 5.4 branch is nearing the end of its <a href="http://php.net/supported-versions.php">support timeframe</a>. Either September or October release, depending on discovered issues, will be the last official release of PHP 5.4. 
-If your PHP installations is based on PHP 5.4, it may be a good time to start making the plans for the upgrade.
+If your PHP installation is based on PHP 5.4, it may be a good time to start making the plans for the upgrade.
 </p> 

 <?php site_footer(); ?>
--- a/releases/5_4_45.php
+++ b/releases/5_4_45.php
@@ -0,0 +1,26 @@
+<?php
+// $Id$
+$_SERVER['BASE_PAGE'] = 'releases/5_4_45.php';
+include_once $_SERVER['DOCUMENT_ROOT'] . '/include/prepend.inc';
+site_header("PHP 5.4.45 Release Announcement");
+?>
+
+<h1>PHP 5.4.45 Release Announcement</h1>
+
+<p>The PHP development team announces the immediate availability of PHP
+5.4.45. Ten security-related issues were fixed in this release.
+All PHP 5.4 users are encouraged to upgrade to this version.
+</p>
+
+<p>For source downloads of PHP 5.4.45 please visit our <a href="http://www.php.net/downloads.php">downloads page</a>,
+Windows binaries can be found on <a href="http://windows.php.net/download/">windows.php.net/download/</a>.
+The list of changes is recorded in the <a href="http://www.php.net/ChangeLog-5.php#5.4.45">ChangeLog</a>.
+</p>
+
+<p>Please note that according to the <a href="http://php.net/supported-versions.php">PHP version support timelines</a>, 
+PHP 5.4.45 is the last scheduled release of PHP 5.4 branch. There may be additional release if we discover 
+important security issues that warrant it, otherwise this release will be the final one in the PHP 5.4 
+If your PHP installation is based on PHP 5.4, it may be a good time to start making the plans for the upgrade to PHP 5.5 or PHP 5.6.
+</p> 
+
+<?php site_footer(); ?>