5.5.29 announcement

2026-03-23 23:02:13 +01:00 · 2015-09-04 18:04:23 +02:00
parent 17928997ee
commit cb1da7d2e3
6 changed files with 131 additions and 8 deletions
--- a/ChangeLog-5.php
+++ b/ChangeLog-5.php
@@ -8,6 +8,46 @@ site_header("PHP 5 ChangeLog", array("current" => "docs", "css" => array("change

 <h1>PHP 5 ChangeLog</h1>

+<section class="version" id="5.5.29"><!-- {{{ 5.5.29 -->
+<h3>Version 5.5.29</h3>
+<?php release_date('03-Sep-2015'); ?>
+<ul><li>Core:
+<ul>
+  <li><?php bugfix(70172); ?> (Use After Free Vulnerability in unserialize()).</li>
+  <li><?php bugfix(70219); ?> (Use after free vulnerability in session deserializer).</li>
+</ul></li>
+<li>EXIF:
+<ul>
+  <li><?php bugfix(70385); ?> (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).</li>
+</ul></li>
+<li>hash:
+<ul>
+  <li><?php bugfix(70312); ?> (HAVAL gives wrong hashes in specific cases).</li>
+</ul></li>
+<li>PCRE:
+<ul>
+  <li><?php bugfix(70345); ?> (Multiple vulnerabilities related to PCRE functions).</li>
+</ul></li>
+<li>SOAP:
+<ul>
+  <li><?php bugfix(70388); ?> (SOAP serialize_function_call() type confusion / RCE).</li>
+</ul></li>
+<li>SPL:
+<ul>
+  <li><?php bugfix(70365); ?> (Use-after-free vulnerability in unserialize() with SplObjectStorage).</li>
+  <li><?php bugfix(70366); ?> (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).</li>
+</ul></li>
+<li>XSLT:
+<ul>
+  <li><?php bugfix(69782); ?> (NULL pointer dereference).</li>
+</ul></li>
+<li>ZIP:
+<ul>
+  <li><?php bugfix(70350); ?> (ZipArchive::extractTo allows for directory traversal when creating directories).</li>
+</ul></li>
+</ul>
+<!-- }}} --></section>
+
 <section class="version" id="5.6.13"><!-- {{{ 5.6.13 -->
 <h3>Version 5.6.13</h3>
 <?php release_date('03-Sep-2015'); ?>
--- a/archive/archive.xml
+++ b/archive/archive.xml
@@ -9,6 +9,7 @@
    <uri>http://php.net/contact</uri>
    <email>php-webmaster@lists.php.net</email>
  </author>
+  <xi:include href="entries/2015-09-04-3.xml"/>
  <xi:include href="entries/2015-09-04-2.xml"/>
  <xi:include href="entries/2015-09-04-1.xml"/>
  <xi:include href="entries/2015-08-31-1.xml"/>
--- a/archive/entries/2015-09-04-3.xml
+++ b/archive/entries/2015-09-04-3.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8"?>
+<entry xmlns="http://www.w3.org/2005/Atom">
+  <title>PHP 5.5.29 is available</title>
+  <id>http://php.net/archive/2015.php#id2015-09-04-3</id>
+  <published>2015-09-04T16:00:38+00:00</published>
+  <updated>2015-09-04T16:00:38+00:00</updated>
+  <category term="frontpage" label="PHP.net frontpage news"/>
+  <category term="releases" label="New PHP release"/>
+  <link href="http://php.net/index.php#id2015-09-04-3" rel="alternate" type="text/html"/>
+  <link href="http://php.net/archive/2015.php#id2015-09-04-3" rel="via" type="text/html"/>
+  <content type="xhtml">
+    <div xmlns="http://www.w3.org/1999/xhtml">
+       <p>The PHP development team announces the immediate availability of PHP
+     5.5.29. This is a security release. Many security-related issues were fixed in this release.
+
+     All PHP 5.5 users are encouraged to upgrade to this version.
+     </p>
+
+     <p>For source downloads of PHP 5.5.29 please visit our <a href="http://www.php.net/downloads.php">downloads page</a>,
+     Windows binaries can be found on <a href="http://windows.php.net/download/">windows.php.net/download/</a>.
+     The list of changes is recorded in the <a href="http://www.php.net/ChangeLog-5.php#5.5.29">ChangeLog</a>.
+     </p>
+     
+    </div>
+  </content>
+</entry>
--- a/include/releases.inc
+++ b/include/releases.inc
@@ -2,6 +2,42 @@
 $OLDRELEASES = array (
  5 => 
  array (
+  '5.5.28' => 
+    array (
+      'announcement' => 
+      array (
+        'English' => '/releases/5_5_28.php',
+      ),
+      'source' => 
+      array (
+        0 => 
+        array (
+          'filename' => 'php-5.5.28.tar.bz2',
+          'name' => 'PHP 5.5.28 (tar.bz2)',
+          'md5' => '5595dffa11f153e5b5cb8bf57242797e',
+          'sha256' => '197d2c572e030c177e53d3763d59ac6d363d7c78dc22e6cc1e2ac65573d9c2f3',
+          'date' => '06 Aug 2015',
+        ),
+        1 => 
+        array (
+          'filename' => 'php-5.5.28.tar.gz',
+          'name' => 'PHP 5.5.28 (tar.gz)',
+          'md5' => '39cc2659f8d777e803816f7b437d9001',
+          'sha256' => '6084f25a39ab2f79ade46bf0258a1cd6c9bbb09a106b40dd996dbdf8cd3b08f2',
+          'date' => '06 Aug 2015',
+        ),
+        2 => 
+        array (
+          'filename' => 'php-5.5.28.tar.xz',
+          'name' => 'PHP 5.5.28 (tar.xz)',
+          'md5' => 'd0caf908b129f2538d942d756c4cb04e',
+          'sha256' => 'd060455c804c622cda9f3f5f084b10c6ceba73ee76c1720897e17137a0f75ecd',
+          'date' => '06 Aug 2015',
+        ),
+      ),
+      'date' => '06 Aug 2015',
+      'museum' => false,
+    ),
    '5.6.12' => 
    array (
      'announcement' => 
--- a/include/version.inc
+++ b/include/version.inc
@@ -36,17 +36,17 @@ $PHP_5_6_SHA256     = array(
 $PHP_5_5_RC =  false; // Current RC version (e.g., '5.6.7RC1') or false
 $PHP_5_5_RC_DATE = '25 Jun 2015';

-$PHP_5_5_VERSION         = "5.5.28";
-$PHP_5_5_DATE            = "06 Aug 2015";
+$PHP_5_5_VERSION         = "5.5.29";
+$PHP_5_5_DATE            = "03 Sep 2015";
 $PHP_5_5_MD5     = array(
-                       "tar.bz2"       => "5595dffa11f153e5b5cb8bf57242797e",
-                       "tar.gz"        => "4a29be836e9609d12468f8819287faec",
-                       "tar.xz"        => "d0caf908b129f2538d942d756c4cb04e",
+                       "tar.bz2"       => "2a0eadad872978ae57e6756187625c00",
+                       "tar.gz"        => "79db29eb718dc35092a5e94b81d13d07",
+                       "tar.xz"        => "05d54cad22f393f4b5b0ec0ab06a2b91",
 );
 $PHP_5_5_SHA256     = array(
-                       "tar.bz2"       => "197d2c572e030c177e53d3763d59ac6d363d7c78dc22e6cc1e2ac65573d9c2f3",
-                       "tar.gz"        => "6084f25a39ab2f79ade46bf0258a1cd6c9bbb09a106b40dd996dbdf8cd3b08f2",
-                       "tar.xz"        => "d060455c804c622cda9f3f5f084b10c6ceba73ee76c1720897e17137a0f75ecd",
+                       "tar.bz2"       => "fbcee579ecc77cad6960a541116aee669cf145c2cd9a54bf60503a870843b946",
+                       "tar.gz"        => "c25a4c4eae558cc9899d2994813dd272eafff9466926f30821a83edaafe620a9",
+                       "tar.xz"        => "22c72d1b88c8d9a8ab9ca565e9ca5844287c006134098805d9a373a862bbbcad",
 );
 /* PHP 5.4 Release */
 $PHP_5_4_RC = false; // Current RC version (e.g., '5.6.7RC1') or false
--- a/releases/5_5_29.php
+++ b/releases/5_5_29.php
@@ -0,0 +1,20 @@
+<?php
+// $Id$
+$_SERVER['BASE_PAGE'] = 'releases/5_5_29.php';
+include_once $_SERVER['DOCUMENT_ROOT'] . '/include/prepend.inc';
+site_header("PHP 5.5.29 Release Announcement");
+?>
+     <h1>PHP 5.5.29 Release Announcement</h1>
+     
+     <p>The PHP development team announces the immediate availability of PHP
+     5.5.29. This is a security release. Many security-related issues were fixed in this release.
+
+     All PHP 5.5 users are encouraged to upgrade to this version.
+     </p>
+
+     <p>For source downloads of PHP 5.5.29 please visit our <a href="http://www.php.net/downloads.php">downloads page</a>,
+     Windows binaries can be found on <a href="http://windows.php.net/download/">windows.php.net/download/</a>.
+     The list of changes is recorded in the <a href="http://www.php.net/ChangeLog-5.php#5.5.29">ChangeLog</a>.
+     </p>
+
+<?php site_footer(); ?>