Ondřej Surý has released PHP 7.0.23, PHP 7.1.9, and PHP 7.2.0 RC1 packages for both Debian GNU/Linux 8 and 9
What's new in PHP 7.0.23:
Core:
Fixed bug #74947 (Segfault in scanner on INF number).
Fixed bug #74954 (null deref and segfault in zend_generator_resume()).
Fixed bug #74725 (html_errors=1 breaks unhandled exceptions).
cURL:
Fixed bug #74125 (Fixed finding CURL on systems with multiarch support).
Date:
Fixed bug #75002 (Null Pointer Dereference in timelib_time_clone).
Intl:
Fixed bug #74993 (Wrong reflection on some locale_* functions).
Mbstring:
Fixed bug #71606 (Segmentation fault mb_strcut with HTML-ENTITIES encoding).
Fixed bug #62934 (mb_convert_kana() does not convert iteration marks).
Fixed bug #75001 (Wrong reflection on mb_eregi_replace).
MySQLi:
Fixed bug #74968 (PHP crashes when calling mysqli_result::fetch_object with an abstract class).
OCI8:
Expose oci_unregister_taf_callback() (Tianfang Yang)
phar:
Fixed bug #74991 (include_path has a 4096 char limit in some cases).
Reflection:
Fixed bug #74949 (null pointer dereference in _function_string).
Session:
Fixed bug #74833 (SID constant created with wrong module number).
SimpleXML:
Fixed bug #74950 (nullpointer deref in simplexml_element_getDocNamespaces).
SPL:
Fixed bug #75049 (spl_autoload_unregister can't handle spl_autoload_functions results).
Fixed bug #74669 (Unserialize ArrayIterator broken).
Fixed bug #75015 (Crash in recursive iterator destructors).
Standard:
Fixed bug #75075 (unpack with X* causes infinity loop).
Fixed bug #74103 (heap-use-after-free when unserializing invalid array size).
Fixed bug #75054 (A Denial of Service Vulnerability was found when performing deserialization).
WDDX:
Fixed bug #73793 (WDDX uses wrong decimal seperator).
XMLRPC:
Fixed bug #74975 (Incorrect xmlrpc serialization for classes with declared properties).
What's new in PHP 7.1.9:
Core:
Fixed bug #74947 (Segfault in scanner on INF number).
Fixed bug #74954 (null deref and segfault in zend_generator_resume()).
Fixed bug #74725 (html_errors=1 breaks unhandled exceptions).
Fixed bug #75063 (Main CWD initialized with wrong codepage).
cURL:
Fixed bug #74125 (Fixed finding CURL on systems with multiarch support).
Date:
Fixed bug #75002 (Null Pointer Dereference in timelib_time_clone).
Intl:
Fixed bug #74993 (Wrong reflection on some locale_* functions).
Mbstring:
Fixed bug #71606 (Segmentation fault mb_strcut with HTML-ENTITIES encoding).
Fixed bug #62934 (mb_convert_kana() does not convert iteration marks).
Fixed bug #75001 (Wrong reflection on mb_eregi_replace).
MySQLi:
Fixed bug #74968 (PHP crashes when calling mysqli_result::fetch_object with an abstract class).
OCI8:
Expose oci_unregister_taf_callback() (Tianfang Yang)
Opcache:
Fixed bug #74980 (Narrowing occurred during type inference).
phar:
Fixed bug #74991 (include_path has a 4096 char limit in some cases).
Reflection:
Fixed bug #74949 (null pointer dereference in _function_string).
Session:
Fixed bug #74892 (Url Rewriting (trans_sid) not working on urls that start with "#").
Fixed bug #74833 (SID constant created with wrong module number).
SimpleXML:
Fixed bug #74950 (nullpointer deref in simplexml_element_getDocNamespaces).
SPL:
Fixed bug #75049 (spl_autoload_unregister can't handle spl_autoload_functions results).
Fixed bug #74669 (Unserialize ArrayIterator broken).
Fixed bug #74977 (Appending AppendIterator leads to segfault).
Fixed bug #75015 (Crash in recursive iterator destructors).
Standard:
Fixed bug #75075 (unpack with X* causes infinity loop).
Fixed bug #74103 (heap-use-after-free when unserializing invalid array size).
Fixed bug #75054 (A Denial of Service Vulnerability was found when performing deserialization).
WDDX:
Fixed bug #73793 (WDDX uses wrong decimal seperator).
XMLRPC:
Fixed bug #74975 (Incorrect xmlrpc serialization for classes with declared properties).
What's new in PHP 7.2.0 RC1:
Core:
Fixed #75042 run-tests.php issues with EXTENSION block). (John Boehr)
CURL:
Fixed bug #75093 (OpenSSL support not detected). (Remi)
Better fix for #74125 (use pkg-config instead of curl-config). (Remi)
GD:
Fixed bug #75111 (Memory disclosure or DoS via crafted .bmp image). (cmb)
Fixed bug #75124 (gdImageGrayScale() may produce colors). (cmb)
Intl:
Fixed bug #75090 (IntlGregorianCalendar doesn't have constants from parent class). (tpunt)
PCRE:
Fixed bug #75089 (preg_grep() is not reporting PREG_BAD_UTF8_ERROR after first input string). (Dmitry)
PDO_OCI:
Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up). (Ingmar Runge)
SQLite3:
Update to Sqlite 3.20.1. (cmb)
Standard:
Fixed bug #75097 (gethostname fails if your host name is 64 chars long). (Andrea)
To add the deb.sury.org PHP repository to your Debian installation, run as root:
What's new in PHP 7.0.23:
Core:
Fixed bug #74947 (Segfault in scanner on INF number).
Fixed bug #74954 (null deref and segfault in zend_generator_resume()).
Fixed bug #74725 (html_errors=1 breaks unhandled exceptions).
cURL:
Fixed bug #74125 (Fixed finding CURL on systems with multiarch support).
Date:
Fixed bug #75002 (Null Pointer Dereference in timelib_time_clone).
Intl:
Fixed bug #74993 (Wrong reflection on some locale_* functions).
Mbstring:
Fixed bug #71606 (Segmentation fault mb_strcut with HTML-ENTITIES encoding).
Fixed bug #62934 (mb_convert_kana() does not convert iteration marks).
Fixed bug #75001 (Wrong reflection on mb_eregi_replace).
MySQLi:
Fixed bug #74968 (PHP crashes when calling mysqli_result::fetch_object with an abstract class).
OCI8:
Expose oci_unregister_taf_callback() (Tianfang Yang)
phar:
Fixed bug #74991 (include_path has a 4096 char limit in some cases).
Reflection:
Fixed bug #74949 (null pointer dereference in _function_string).
Session:
Fixed bug #74833 (SID constant created with wrong module number).
SimpleXML:
Fixed bug #74950 (nullpointer deref in simplexml_element_getDocNamespaces).
SPL:
Fixed bug #75049 (spl_autoload_unregister can't handle spl_autoload_functions results).
Fixed bug #74669 (Unserialize ArrayIterator broken).
Fixed bug #75015 (Crash in recursive iterator destructors).
Standard:
Fixed bug #75075 (unpack with X* causes infinity loop).
Fixed bug #74103 (heap-use-after-free when unserializing invalid array size).
Fixed bug #75054 (A Denial of Service Vulnerability was found when performing deserialization).
WDDX:
Fixed bug #73793 (WDDX uses wrong decimal seperator).
XMLRPC:
Fixed bug #74975 (Incorrect xmlrpc serialization for classes with declared properties).
What's new in PHP 7.1.9:
Core:
Fixed bug #74947 (Segfault in scanner on INF number).
Fixed bug #74954 (null deref and segfault in zend_generator_resume()).
Fixed bug #74725 (html_errors=1 breaks unhandled exceptions).
Fixed bug #75063 (Main CWD initialized with wrong codepage).
cURL:
Fixed bug #74125 (Fixed finding CURL on systems with multiarch support).
Date:
Fixed bug #75002 (Null Pointer Dereference in timelib_time_clone).
Intl:
Fixed bug #74993 (Wrong reflection on some locale_* functions).
Mbstring:
Fixed bug #71606 (Segmentation fault mb_strcut with HTML-ENTITIES encoding).
Fixed bug #62934 (mb_convert_kana() does not convert iteration marks).
Fixed bug #75001 (Wrong reflection on mb_eregi_replace).
MySQLi:
Fixed bug #74968 (PHP crashes when calling mysqli_result::fetch_object with an abstract class).
OCI8:
Expose oci_unregister_taf_callback() (Tianfang Yang)
Opcache:
Fixed bug #74980 (Narrowing occurred during type inference).
phar:
Fixed bug #74991 (include_path has a 4096 char limit in some cases).
Reflection:
Fixed bug #74949 (null pointer dereference in _function_string).
Session:
Fixed bug #74892 (Url Rewriting (trans_sid) not working on urls that start with "#").
Fixed bug #74833 (SID constant created with wrong module number).
SimpleXML:
Fixed bug #74950 (nullpointer deref in simplexml_element_getDocNamespaces).
SPL:
Fixed bug #75049 (spl_autoload_unregister can't handle spl_autoload_functions results).
Fixed bug #74669 (Unserialize ArrayIterator broken).
Fixed bug #74977 (Appending AppendIterator leads to segfault).
Fixed bug #75015 (Crash in recursive iterator destructors).
Standard:
Fixed bug #75075 (unpack with X* causes infinity loop).
Fixed bug #74103 (heap-use-after-free when unserializing invalid array size).
Fixed bug #75054 (A Denial of Service Vulnerability was found when performing deserialization).
WDDX:
Fixed bug #73793 (WDDX uses wrong decimal seperator).
XMLRPC:
Fixed bug #74975 (Incorrect xmlrpc serialization for classes with declared properties).
What's new in PHP 7.2.0 RC1:
Core:
Fixed #75042 run-tests.php issues with EXTENSION block). (John Boehr)
CURL:
Fixed bug #75093 (OpenSSL support not detected). (Remi)
Better fix for #74125 (use pkg-config instead of curl-config). (Remi)
GD:
Fixed bug #75111 (Memory disclosure or DoS via crafted .bmp image). (cmb)
Fixed bug #75124 (gdImageGrayScale() may produce colors). (cmb)
Intl:
Fixed bug #75090 (IntlGregorianCalendar doesn't have constants from parent class). (tpunt)
PCRE:
Fixed bug #75089 (preg_grep() is not reporting PREG_BAD_UTF8_ERROR after first input string). (Dmitry)
PDO_OCI:
Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up). (Ingmar Runge)
SQLite3:
Update to Sqlite 3.20.1. (cmb)
Standard:
Fixed bug #75097 (gethostname fails if your host name is 64 chars long). (Andrea)
To add the deb.sury.org PHP repository to your Debian installation, run as root:
apt-get install apt-transport-https lsb-release ca-certificatesTo install PHP 7.2 with MySQL/MariaDB and php-fpm support:
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
apt-get update
apt-get install php7.2-cgi php7.2-gd php7.2-curl php7.2-imap php7.2-sqlite3 php7.2-mysql php7.2-tidy php7.2-pspell php7.2-recode php7.2-xml php7.2-intl php7.2-enchant php7.2-gmp php7.2-mbstring php7.2-soap php7.2-xmlrpc php7.2-zip php7.2-fpmPlease note that the mcrypt package is no longer available after the support has been removed from PHP 7.2
