Ondřej Surý has released PHP 5.6.40-58, 7.0.33-58, 7.1.33-45, 7.2.34-30, 7.3.33-2, 7.4.30, 8.0.20, and 8.1.7 PHP packages for Debian GNU/Linux 9 LTS, 10, and 11.

To add the repository:

#!/bin/bash # To add this repository please do:

if [ "$(whoami)" != "root" ]; then
SUDO=sudo
fi

${SUDO} apt-get -y install apt-transport-https lsb-release ca-certificates curl
${SUDO} wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
${SUDO} sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
${SUDO} apt-get update

PHP Packages
Issues Tracker

php 5.6.40-58

* Add -DOPENSSL_SUPPRESS_DEPRECATED to CFLAGS to support OpenSSL 3.0
* Use true/false instead of TRUE/FALSE in ext/intl/collator/
* Add minimal OpenSSL 3.0 patch
* Pull upstream patch to fix build with ICU >= 70
* Update the TRUE/FALSE patch
* Add #include <stdbool.h> to ext/intl/ to have true/false available
* Backported from 7.4.30
- mysqlnd:
. Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
- pgsql
. Fixed bug #81720: Uninitialized array in pg_query_params().(CVE-2022-31625)

php 7.0.33-58

* Add -DOPENSSL_SUPPRESS_DEPRECATED to CFLAGS to support OpenSSL 3.0
* Add minimal OpenSSL 3.0 patch
* Pull upstream patch to fix build with ICU >= 70
* Add #include <stdbool.h> to ext/intl/ to have true/false available
* Backported from 7.4.30
- mysqlnd:
. Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
- pgsql
. Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)

php 7.1.33-45

* Add -DOPENSSL_SUPPRESS_DEPRECATED to CFLAGS to support OpenSSL 3.0
* Add minimal OpenSSL 3.0 patch
* Pull upstream patch to fix build with ICU >= 70
* Add #include <stdbool.h> to ext/intl/ to have true/false available
* Backported from 7.4.30
- mysqlnd:
. Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
- pgsql
. Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)

php 7.2.34-30

* Backported from 7.4.30
- mysqlnd:
. Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
- pgsql
. Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)

php 7.3.33-2

* Add -DOPENSSL_SUPPRESS_DEPRECATED to CFLAGS to support OpenSSL 3.0
* Add minimal OpenSSL 3.0 patch
* Pull upstream patch to fix build with ICU >= 70
* Add #include <stdbool.h> to ext/intl/ to have true/false available
* Backported from 7.4.30
- mysqlnd:
. Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
- pgsql
. Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)

php 7.4.30

- mysqlnd:
. Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626) (c dot fol at ambionics dot io)

- pgsql
. Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625) (cmb)

php 8.0.20

- CLI:
. Fixed bug GH-8575 (CLI closes standard streams too early). (Levi Morrison)

- Core:
. Fixed Haiku ZTS builds. (David Carlier)

- Date:
. Fixed bug GH-8471 (Segmentation fault when converting immutable and mutable DateTime instances created using reflection). (Derick)

- FPM:
. Fixed ACL build check on MacOS. (David Carlier)
. Fixed bug #72185: php-fpm writes empty fcgi record causing nginx 502. (Jakub Zelenka, loveharmful)

- Mysqlnd:
. Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626) (c dot fol at ambionics dot io)

- OPcache:
. Fixed bug GH-8466 (ini_get() is optimized out when the option does not exist). (Arnaud)

- Pcntl:
. Fixed Haiku build. (David Carlier)

- Pgsql:
. Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625) (cmb)

- Soap:
. Fixed bug GH-8578 (Error on wrong parameter on SoapHeader constructor). (robertnisipeanu)
. Fixed bug GH-8538 (SoapClient may strip parts of nmtokens). (cmb)

- SPL:
. Fixed bug GH-8235 (iterator_count() may run indefinitely). (cmb)

- Zip:
. Fixed type for index in ZipArchive::replaceFile. (Martin Rehberger)

php 8.1.7

- CLI:
. Fixed bug GH-8575 (CLI closes standard streams too early). (Levi Morrison)

- Date:
. Fixed bug #51934 (strtotime plurals / incorrect time). (Derick)
. Fixed bug #51987 (Datetime fails to parse an ISO 8601 ordinal date (extended format)). (Derick)
. Fixed bug #66019 (DateTime object does not support short ISO 8601 time format - YYYY-MM-DDTHH) (cmb, Derick)
. Fixed bug #68549 (Timezones and offsets are not properly used when working with dates) (Derick, Roel Harbers)
. Fixed bug #81565 (date parsing fails when provided with timezones including seconds). (Derick)
. Fixed bug GH-7758 (Problems with negative timestamps and fractions). (Derick, Ilija)

- FPM:
. Fixed ACL build check on MacOS. (David Carlier)
. Fixed bug #72185: php-fpm writes empty fcgi record causing nginx 502. (Jakub Zelenka, loveharmful)

- mysqlnd:
. Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626) (c dot fol at ambionics dot io)

- OPcache:
. Fixed bug GH-8461 (tracing JIT crash after function/method change). (Arnaud, Dmitry)

- OpenSSL:
. Fixed bug #79589 (error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading). (Jakub Zelenka)

- Pcntl:
. Fixed Haiku build. (David Carlier)

- pgsql
. Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625) (cmb)

- Soap:
. Fixed bug GH-8578 (Error on wrong parameter on SoapHeader constructor). (robertnisipeanu)
. Fixed bug GH-8538 (SoapClient may strip parts of nmtokens). (cmb)

- SPL:
. Fixed bug GH-8235 (iterator_count() may run indefinitely). (cmb)

- Standard:
. Fixed bug GH-8185 (Crash during unloading of extension after dl() in ZTS). (Arnaud)

- Zip:
. Fixed type for index in ZipArchive::replaceFile. (Martin Rehberger)