From 7fb06ce4d388740d79e18b2a15b5ad5020f38a0f Mon Sep 17 00:00:00 2001 From: Julien Pauli Date: Wed, 18 Mar 2015 10:45:50 +0100 Subject: 5.5.23 --- NEWS | 29 ++++++++++++++++++++--------- configure.in | 2 +- main/php_version.h | 4 ++-- 3 files changed, 23 insertions(+), 12 deletions(-) diff --git a/NEWS b/NEWS index da64d8545e..88609532b6 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,6 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -05 Mar 2015, PHP 5.5.23RC1 +19 Mar 2015, PHP 5.5.23 - Core: . Fixed bug #69174 (leaks when unused inner class use traits precedence). @@ -18,6 +18,16 @@ PHP NEWS . Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus) . Fixed bug #69141 (Missing arguments in reflection info for some builtin functions). (kostyantyn dot lysyy at oracle dot com) + . Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (Stas) + . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM + configuration options). (Anatol Belski) + . Fixed bug #69207 (move_uploaded_file allows nulls in path). (Stas) + +- CGI: + . Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence) + +- CLI: + . Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia) - cURL: . Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on @@ -25,6 +35,12 @@ PHP NEWS . Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl. (Linus Unneback) +- Ereg: + . Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (Stas) + +- FPM: + . Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com) + - ODBC: . Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol) @@ -54,14 +70,9 @@ PHP NEWS . Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()). (Julien) -- CGI: - . Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence) - -- CLI: - . Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia) - -- FPM: - . Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com) +- ZIP: + . Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap + boundary) (CVE-2015-2331). (Stas) 19 Feb 2015, PHP 5.5.22 diff --git a/configure.in b/configure.in index a0f4c5ea7c..961377137b 100644 --- a/configure.in +++ b/configure.in @@ -120,7 +120,7 @@ int zend_sprintf(char *buffer, const char *format, ...); PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=5 PHP_RELEASE_VERSION=23 -PHP_EXTRA_VERSION="RC1" +PHP_EXTRA_VERSION="" PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION" PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` diff --git a/main/php_version.h b/main/php_version.h index f7a83aeb80..7108a35deb 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 5 #define PHP_RELEASE_VERSION 23 -#define PHP_EXTRA_VERSION "RC1" -#define PHP_VERSION "5.5.23RC1" +#define PHP_EXTRA_VERSION "" +#define PHP_VERSION "5.5.23" #define PHP_VERSION_ID 50523 -- cgit v1.2.1