Debian 10260 Published by

Ondřej Surý has released PHP 8.2.7, 8.1.20, 8.0.29,  7.4.33-6, 7.3.33-11, 7.2.34-39, 7.1.33-53, 7.0.33-66, and 5.6.40-66 packages for Debian GNU/Linux 10 LTS, 11, and 12.





To add the repository:
#!/bin/bash # To add this repository please do:

if [ "$(whoami)" != "root" ]; then
SUDO=sudo
fi

${SUDO} apt-get -y install apt-transport-https lsb-release ca-certificates curl
${SUDO} wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
${SUDO} sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
${SUDO} apt-get update

PHP 8.2.7

- Core:
. Fixed bug GH-11152 (Unable to alias namespaces containing reserved class names). (ilutov)
. Fixed bug GH-9068 (Conditional jump or move depends on uninitialised value(s)). (nielsdos)
. Fixed bug GH-11189 (Exceeding memory limit in zend_hash_do_resize leaves the array in an invalid state). (Bob)
. Fixed bug GH-11063 (Compilation error on old GCC versions). (ingamedeo)
. Fixed bug GH-11222 (foreach by-ref may jump over keys during a rehash). (Bob)

- Date:
. Fixed bug GH-11281 (DateTimeZone::getName() does not include seconds in offset). (nielsdos)

- Exif:
. Fixed bug GH-10834 (exif_read_data() cannot read smaller stream wrapper chunk sizes). (nielsdos)

- FPM:
. Fixed bug GH-10461 (PHP-FPM segfault due to after free usage of child->ev_std(out|err)). (Jakub Zelenka)
. Fixed bug #64539 (FPM status page: query_string not properly JSON encoded). (Jakub Zelenka)
. Fixed memory leak for invalid primary script file handle. (Jakub Zelenka)

- Hash:
. Fixed bug GH-11180 (hash_file() appears to be restricted to 3 arguments). (nielsdos)

- LibXML:
. Fixed bug GH-11160 (Few tests failed building with new libxml 2.11.0). (nielsdos)

- MBString:
. Fix bug GH-11217 (Segfault in mb_strrpos / mb_strripos when using negative offset and ASCII encoding). (ilutov)

- Opcache:
. Fixed bug GH-11134 (Incorrect match default branch optimization). (ilutov)
. Fixed too wide OR and AND range inference. (nielsdos)
. Fixed missing class redeclaration error with OPcache enabled. (ilutov)
. Fixed bug GH-11245 (In some specific cases SWITCH with one default statement will cause segfault). (nielsdos)

- PCNTL:
. Fixed maximum argument count of pcntl_forkx(). (nielsdos)

- PGSQL:
. Fixed parameter parsing of pg_lo_export(). (kocsismate)

- Phar:
. Fixed bug GH-11099 (Generating phar.php during cross-compile can't be
done). (peter279k)

- Soap:
. Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla)
. Fixed bug GH-8426 (make test fail while soap extension build). (nielsdos)

- SPL:
. Fixed bug GH-11178 (Segmentation fault in spl_array_it_get_current_data (PHP 8.1.18)). (nielsdos)

- Standard:
. Fixed bug GH-11138 (move_uploaded_file() emits open_basedir warning for source file). (ilutov)
. Fixed bug GH-11274 (POST/PATCH request switches to GET after a HTTP 308 redirect). (nielsdos)

- Streams:
. Fixed bug GH-10031 ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data). (nielsdos)
. Fixed bug GH-11175 (Stream Socket Timeout). (nielsdos)
. Fixed bug GH-11177 (ASAN UndefinedBehaviorSanitizer when timeout = -1 passed to stream_socket_accept/stream_socket_client). (nielsdos)

PHP 8.1.20

- Core:
. Fixed bug GH-9068 (Conditional jump or move depends on uninitialised value(s)). (nielsdos)
. Fixed bug GH-11189 (Exceeding memory limit in zend_hash_do_resize leaves the array in an invalid state). (Bob)
. Fixed bug GH-11222 (foreach by-ref may jump over keys during a rehash). (Bob)
- Date:
. Fixed bug GH-11281 (DateTimeZone::getName() does not include seconds in offset). (nielsdos)

- Exif:
. Fixed bug GH-10834 (exif_read_data() cannot read smaller stream wrapper chunk sizes). (nielsdos)

- FPM:
. Fixed bug GH-10461 (PHP-FPM segfault due to after free usage of child->ev_std(out|err)). (Jakub Zelenka)
. Fixed bug #64539 (FPM status page: query_string not properly JSON encoded). (Jakub Zelenka)
. Fixed memory leak for invalid primary script file handle. (Jakub Zelenka)

- Hash:
. Fixed bug GH-11180 (hash_file() appears to be restricted to 3 arguments). (nielsdos)

- LibXML:
. Fixed bug GH-11160 (Few tests failed building with new libxml 2.11.0). (nielsdos)

- Opcache:
. Fixed bug GH-11134 (Incorrect match default branch optimization). (ilutov)
. Fixed too wide OR and AND range inference. (nielsdos)
. Fixed bug GH-11245 (In some specific cases SWITCH with one default statement will cause segfault). (nielsdos)

- PGSQL:
. Fixed parameter parsing of pg_lo_export(). (kocsismate)

- Phar:
. Fixed bug GH-11099 (Generating phar.php during cross-compile can't be done). (peter279k)

- Soap:
. Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla)
. Fixed bug GH-8426 (make test fail while soap extension build). (nielsdos)

- SPL:
. Fixed bug GH-11178 (Segmentation fault in spl_array_it_get_current_data (PHP 8.1.18)). (nielsdos)

- Standard:
. Fixed bug GH-11138 (move_uploaded_file() emits open_basedir warning for source file). (ilutov)
. Fixed bug GH-11274 (POST/PATCH request switches to GET after a HTTP 308 redirect). (nielsdos)

- Streams:
. Fixed bug GH-10031 ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data). (nielsdos)
. Fixed bug GH-11175 (Stream Socket Timeout). (nielsdos)
. Fixed bug GH-11177 (ASAN UndefinedBehaviorSanitizer when timeout = -1 passed to stream_socket_accept/stream_socket_client). (nielsdos)

PHP 8.0.29, 7.4.33-6, 7.3.33-11, 7.2.34-39, 7.1.33-53, 7.0.33-66, 5.6.40-66

- Core:
. Fixed bug #81744 (Password_verify() always return true with some hash). (CVE-2023-0567). (Tim Düsterhus)
. Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568). (Niels Dossche)
- SAPI:
. Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662) (Jakub Zelenka)

PHP 8.2.0

PHP Packages
Issues Tracker