Software 42837 Published by

The following new PHP versions has been released: 7.4.4, 7.3.6, 7.2.19, and 5.6.40-11.





PHP 7.4.4

- Core:
. Fixed bug #79329 (get_headers() silently truncates after a null byte) (CVE-2020-7066) (cmb)
. Fixed bug #79244 (php crashes during parsing INI file). (Laruence)
. Fixed bug #63206 (restore_error_handler does not restore previous errors mask). (Mark Plomer)

- COM:
. Fixed bug #66322 (COMPersistHelper::SaveToFile can save to wrong location). (cmb)
. Fixed bug #79242 (COM error constants don't match com_exception codes on x86). (cmb)
. Fixed bug #79247 (Garbage collecting variant objects segfaults). (cmb)
. Fixed bug #79248 (Traversing empty VT_ARRAY throws com_exception). (cmb)
. Fixed bug #79299 (com_print_typeinfo prints duplicate variables). (Litiano Moura)
. Fixed bug #79332 (php_istreams are never freed). (cmb)
. Fixed bug #79333 (com_print_typeinfo() leaks memory). (cmb)

- CURL:
. Fixed bug #79019 (Copied cURL handles upload empty file). (cmb)
. Fixed bug #79013 (Content-Length missing when posting a curlFile with curl). (cmb)

- DOM: . Fixed bug #77569: (Write Access Violation in DomImplementation). (Nikita, cmb)
. Fixed bug #79271 (DOMDocumentType::$childNodes is NULL). (cmb)

- Enchant:
. Fixed bug #79311 (enchant_dict_suggest() fails on big endian architecture). (cmb)

- EXIF:
. Fixed bug #79282 (Use-of-uninitialized-value in exif) (CVE-2020-7064) (Nikita)

- Fileinfo:
. Fixed bug #79283 (Segfault in libmagic patch contains a buffer overflow) (cmb)

- FPM:
. Fixed bug #77653 (operator displayed instead of the real error message). (Jakub Zelenka)
. Fixed bug #79014 (PHP-FPM & Primary script unknown). (Jakub Zelenka)

- MBstring:
. Fixed bug #79371 (mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full) (CVE-2020-7065) (cmb)

- MySQLi:
. Fixed bug #64032 (mysqli reports different client_version). (cmb)

- MySQLnd:
. Implemented FR #79275 (Support auth_plugin_caching_sha2_password on Windows). (cmb)

- Opcache:
. Fixed bug #79252 (preloading causes php-fpm to segfault during exit). (Nikita)

- PCRE:
. Fixed bug #79188 (Memory corruption in preg_replace/preg_replace_callback and unicode). (Nikita)
. Fixed bug #79241 (Segmentation fault on preg_match()). (Nikita)
. Fixed bug #79257 (Duplicate named groups (?J) prefer last alternative even if not matched). (Nikita)

- PDO_ODBC:
. Fixed bug #79038 (PDOStatement::nextRowset() leaks column values). (cmb)

- Reflection:
. Fixed bug #79062 (Property with heredoc default value returns false for getDocComment). (Nikita)

- SQLite3:
. Fixed bug #79294 (::columnType() may fail after SQLite3Stmt::reset()). (cmb)

- Standard:
. Fixed bug #79254 (getenv() w/o arguments not showing changes). (cmb)
. Fixed bug #79265 (Improper injection of Host header when using fopen for http requests). (Miguel Xavier Penha Neto)

- Zip:
. Fixed bug #79315 (ZipArchive::addFile doesn't honor start/length parameters). (Remi)

Download

PHP 7.3.16

- Core:
. Fixed bug #63206 (restore_error_handler does not restore previous errors mask). (Mark Plomer)

- COM:
. Fixed bug #66322 (COMPersistHelper::SaveToFile can save to wrong location). (cmb)
. Fixed bug #79242 (COM error constants don't match com_exception codes on x86). (cmb)
. Fixed bug #79248 (Traversing empty VT_ARRAY throws com_exception). (cmb)
. Fixed bug #79299 (com_print_typeinfo prints duplicate variables). (Litiano Moura)
. Fixed bug #79332 (php_istreams are never freed). (cmb)
. Fixed bug #79333 (com_print_typeinfo() leaks memory). (cmb)

- DOM:
. Fixed bug #77569: (Write Access Violation in DomImplementation). (Nikita, cmb)
. Fixed bug #79271 (DOMDocumentType::$childNodes is NULL). (cmb)

- Enchant:
. Fixed bug #79311 (enchant_dict_suggest() fails on big endian architecture). (cmb)

- EXIF:
. Fixed bug #79282 (Use-of-uninitialized-value in exif). (CVE-2020-7064) (Nikita)

- MBstring:
. Fixed bug #79371 (mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full). (CVE-2020-7065) (cmb)

- MySQLi:
. Fixed bug #64032 (mysqli reports different client_version). (cmb)

- PCRE:
. Fixed bug #79188 (Memory corruption in preg_replace/preg_replace_callback and unicode). (Nikita)

- PDO_ODBC:
. Fixed bug #79038 (PDOStatement::nextRowset() leaks column values). (cmb)

- Reflection:
. Fixed bug #79062 (Property with heredoc default value returns false for getDocComment). (Nikita)

- SQLite3:
. Fixed bug #79294 (::columnType() may fail after SQLite3Stmt::reset()). (cmb)

- Standard:
. Fixed bug #79329 (get_headers() silently truncates after a null byte). (CVE-2020-7066) (cmb)
. Fixed bug #79254 (getenv() w/o arguments not showing changes). (cmb)
. Fixed bug #79265 (Improper injection of Host header when using fopen for http requests). (Miguel Xavier Penha Neto)

Download

PHP 7.2.29

- Core:
. Fixed bug #79329 (get_headers() silently truncates after a null byte) (CVE-2020-7066) (cmb)

- EXIF:
. Fixed bug #79282 (Use-of-uninitialized-value in exif) (CVE-2020-7064) (Nikita)

Download

PHP 5.6.40-11

Backported from 7.2.29

- Core:
. Fixed bug #79329 (get_headers() silently truncates after a null byte) (CVE-2020-7066) (cmb)

- EXIF:
. Fixed bug #79282 (Use-of-uninitialized-value in exif) (CVE-2020-7064) (Nikita)

Php56

Download