CloudLinux OS Blog

Alt-PHP updated

Alt-PHP updated

The new updated Alt-PHP packages are now available for download from our production repository.

Note. We still have SegFault issue with MariaDB 10.2 packages. Please, use MySQLND (mysqlnd, nd_mysql, nd_mysqli, nd_pdo_mysql) instead of mysql and mysqli extensions on servers with MariaDB 10.2 installed.

Changelog:

alt-php51-5.1.6-84

alt-php52-5.2.17-110

alt-php54-5.4.45-46

alt-php55-5.5.38-28

alt-php56-5.6.32-3

  • ALTPHP-420: phpNN.dat files are updated while installing alt-php;
  • Revert fix for MariaDB102 segfault.

alt-php53-5.3.29-65

  • CVE-2016-5773: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize;
  • ALTPHP-420: phpNN.dat files are updated while installing alt-php;
  • Revert fix for MariaDB102 segfault.

alt-php70-7.0.26-2

  • (core) 75420: crash when modifing property name in __isset for BP_VAR_IS;
  • (core) 75368: mmap/munmap trashing on unlucky allocations;
  • (cli) 75287: builtin webserver crash after chdir in a shutdown function;
  • (enchant) 53070: enchant_broker_get_path crashes if no path is set;
  • (enchant) 75365: Enchant still reports version 1.1.0;
  • (exif) 75301: Exif extension has built in revision version;
  • (gd) 65148: imagerotate may alter image dimensions;
  • (gd) 75437: wrong reflection on imagewebp;
  • (intl) 75317: UConverter::setDestinationEncoding changes source instead of destination;
  • (interbase) 75453: incorrect reflection for ibase_[p]connect;
  • (mysqli) 75434: wrong reflection for mysqli_fetch_all function;
  • (oci8): fixed valgrind issue;
  • (opcache) 75373: Warning Internal error: wrong size calculation;
  • (openssl) 75363: openssl_x509_parse leaks memory;
  • (openssl) 75307: wrong reflection for openssl_open function;
  • (pgsql) 75419: default link incorrectly cleared/linked by pg_close(;
  • (soap) 75464: wrong reflection on SoapClient::__setSoapHeaders;
  • (zlib) 75299: wrong reflection on inflate_init and inflate_add;
  • ALTPHP-420: phpNN.dat files are updated while installing alt-php;
  • fixed bug 70110: increase the PCRE JIT stack size to 512K;
  • Revert fix for MariaDB102 segfault.

alt-php71-7.1.12-2

  • (core) 75420: crash when modifing property name in __isset for BP_VAR_IS;
  • (core) 75368: mmap/munmap trashing on unlucky allocations;
  • (cli) 75287: builtin webserver crash after chdir in a shutdown function;
  • (enchant) 53070: enchant_broker_get_path crashes if no path is set;
  • (enchant) 75365: Enchant still reports version 1.1.0;
  • (exif) 75301: Exif extension has built in revision version;
  • (gd) 65148: imagerotate may alter image dimensions;
  • (gd) 75437: wrong reflection on imagewebp;
  • (intl) 75317: UConverter::setDestinationEncoding changes source instead of destination;
  • (interbase) 75453: incorrect reflection for ibase_[p]connect;
  • (mysqli) 75434: wrong reflection for mysqli_fetch_all function;
  • (oci8): fixed valgrind issue;
  • (openssl) 75363: openssl_x509_parse leaks memory;
  • (openssl) 75307: wrong reflection for openssl_open function;
  • (opcache) 75373: Warning Internal error: wrong size calculation;
  • (pgsql) 75419: default link incorrectly cleared/linked by pg_close(;
  • (soap) 75464: wrong reflection on SoapClient::__setSoapHeaders;
  • (zlib) 75299: wrong reflection on inflate_init and inflate_add;
  • ALTPHP-420: phpNN.dat files are updated while installing alt-php;
  • fixed bug 70110: increase the PCRE JIT stack size to 512K;
  • Revert fix for MariaDB102 segfault.

alt-php72-7.2.0-2/strong>

  • (bcmath) 46564: bcmod truncates fractionals;
  • (cli) 74849: process is started as interactive shell in PhpStorm;
  • (cli) 74979: interactive shell opening instead of script execution with -f flag;
  • (cli server) 60471: random "Invalid request (unexpected EOF)" using a router script;
  • (core): added ZEND_COUNT, ZEND_GET_CLASS, ZEND_GET_CALLED_CLASS, ZEND_GET_TYPE, ZEND_FUNC_NUM_ARGS, ZEND_FUNC_GET_ARGS instructions, to implement corresponding builtin functions;
  • (core): "Countable" interface is moved from SPL to Core;
  • (core): added ZEND_IN_ARRAY instruction, implementing optimized in_array() builtin function, through hash lookup in flipped array;
  • (core): removed IS_TYPE_IMMUTABLE (it's the same as COPYABLE & !REFCOUNTED);
  • (core): removed the sql.safe_mode directive;
  • (core): removed support for Netware;
  • (core): renamed ReflectionClass::isIterateable() to ReflectionClass::isIterable() (alias original name for BC);
  • (core) 54535: WSA cleanup executes before MSHUTDOWN;
  • (core) 69791: disallow mail header injections by extra headers;
  • (core) 49806: proc_nice() for Windows;
  • (core): fix pthreads detection when cross-compiling (ffontaine);
  • (core): fixed memory leaks caused by exceptions thrown from destructors;
  • (core) 73215: uniqid() should use better random source;
  • (core) 72768: add ENABLE_VIRTUAL_TERMINAL_PROCESSING flag for php.exe;
  • (core) implemented "Convert numeric keys in object/array casts" RFC, fixes bugs 53838, 61655, 66173, 70925, 72254, etc;
  • (core): implemented "Deprecate and Remove Bareword (Unquoted) Strings" RFC;
  • (core): raised minimum supported Windows versions to Windows 7/Server 2008 R2;
  • (core): implemented minor optimization in array_keys/array_values();
  • (core): added PHP_OS_FAMILY constant to determine on which OS we are;
  • (core) 73987: method compatibility check looks to original definition and not parent;
  • (core) 73991: JSON_OBJECT_AS_ARRAY not respected;
  • (core) 74053: corrupted class entries on shutdown when a destructor spawns another object;
  • (core) 73971: filename got limited to MAX_PATH on Win32 when scan directory;
  • (core) 72359: and others related to interned strings handling in TS builds;
  • (core): implemented "Trailing Commas In List Syntax" RFC for group use lists only;
  • (core) 74269: it's possible to override trait property with different loosely-equal value;
  • (core) 61970: restraining __construct() access level in subclass gives a fatal error;
  • (core) 63384: cannot override an abstract method with an abstract method;
  • (core) 74607: traits enforce different inheritance rules;
  • (core): fixed misparsing of abstract unix domain socket names;
  • (core): change PHP_OS_FAMILY value from "OSX" to "Darwin";
  • (core): allow loading PHP/Zend extensions by name in ini files (extension=);
  • (core): added object type annotation;
  • (core) 74815: crash with a combination of INI entries at startup;
  • (core) 74836: isset on zero-prefixed numeric indexes in array broken;
  • (core): added new VM instuctions ISSET_ISEMPTY_CV and UNSET_CV. Previously they were implemented as ISSET_ISEMPTY_VAR and UNSET_VAR variants with ZEND_QUICK_SET flag;
  • (core) 49649: unserialize() doesn't handle changes in property visibility;
  • (core) 74866: extension_dir = "./ext" now use current directory for base;
  • (core) 74963: improved error message on fetching property of non-object;
  • (core) 75142: buildcheck.sh check for autoconf version needs to be updated for v2.64;
  • (core) 74878: data race in ZTS builds;
  • (core) 75515: "stream_copy_to_stream" doesn't stream anymore;
  • (curl) 75093: OpenSSL support not detected;
  • (curl) 74125: use pkg-config instead of curl-config;
  • (date) 55407: impossible to prototype DateTime::createFromFormat;
  • (date) 71520: adding the DateTime constants to the DateTimeInterface interface;
  • (date) 75149: redefinition of typedefs ttinfo and t1info;
  • (date) 75222: dateInterval microseconds property always 0;
  • (dba) 72885: flatfile: dba_fetch() fails to read replaced entry;
  • (dom) 74837: implement Countable for DomNodeList and DOMNamedNodeMap;
  • (exif): added support for vendor specific tags for the following formats: Samsung, DJI, Panasonic, Sony, Pentax, Minolta, Sigma/Foveon, AGFA, Kyocera, Ricoh & Epson;
  • (exif) 72682: exif_read_data() fails to read all data for some images;
  • (exif) 71534: type confusion in exif_read_data() leading to heap overflow in debug mode;
  • (exif) 68547: Exif Header component value check error;
  • (exif) 66443: corrupt EXIF header: maximum directory nesting level reached for some cameras;
  • (exif): fixed Redhat bug #1362571 (PHP not returning full results for exif_read_data function);
  • (exif) 65187: exif_read_data/thumbnail: add support for stream resource;
  • (exif): deprecated the read_exif_data() alias;
  • (exif) 74428: exif_read_data(): "Illegal IFD size" warning occurs with correct exif format;
  • (exif) 72819: EXIF thumbnails not read anymore;
  • (exif) 62523: php crashes with segfault when exif_read_data called;
  • (exif) 50660: exif_read_data(): Illegal IFD offset (works fine with other exif readers);
  • (fileinfo): upgrade bundled libmagic to 5.31;
  • (fpm): configuration to limit fpm slow log trace callers;
  • (fpm) 75212: php_value acts like php_admin_value;
  • (ftp): implement MLSD for structured listing of directories;
  • (ftp): added ftp_append() function;
  • (gd): implemented imageresolution as getter and setter;
  • (gd) 74744: gd.h: stdarg.h include missing for va_list use in gdErrorMethod;
  • (gd) 75111: memory disclosure or DoS via crafted .bmp image;
  • (gmp) 70896: gmp_fact() silently ignores non-integer input;
  • (hash): changed HashContext from resource to object;
  • (hash): disallowed usage of non-cryptographic hash functions with HMAC and PBKDF2;
  • (hash) 75284: sha3 is not supported on bigendian machine;
  • (imap) 72324: imap_mailboxmsginfo() return wrong size;
  • (intl) 63790: test using Spoofchecker which may be unavailable;
  • (intl) 75378: [REGRESSION] IntlDateFormatter::parse() does not change $position argument;
  • (json) add JSON_INVALID_UTF8_IGNORE and JSON_INVALID_UTF8_SUBSTITUTE options for json_encode and json_decode to ignore or replace invalid UTF-8 byte sequences - it addresses request 65082;
  • (json) 75185: buffer overflow in json_decode() with JSON_INVALID_UTF8_IGNORE or JSON_INVALID;
  • (json) 68567: JSON_PARTIAL_OUTPUT_ON_ERROR can result in JSON with null key;
  • (ldap) 69445: support for LDAP EXOP operations;
  • (ldap): fixed support for LDAP_OPT_SERVER_CONTROLS and LDAP_OPT_CLIENT_CONTROLS in ldap_get_option;
  • (ldap): fixed passing an empty array to ldap_set_option for client or server controls;
  • (mbstring) 66024: mb_chr() and mb_ord();
  • (mbstring) 65081: mb_scrub();
  • (mbstring) 69086: enhancement for mb_convert_encoding() that handles multibyte replacement char nicely;
  • (mbstring): added array input support to mb_convert_encoding();
  • (mbstring): added array input support to mb_check_encoding();
  • (mbstring) 69079: enhancement for mb_substitute_character;
  • (mbstring): update to oniguruma version 6.3.0;
  • (mbstring) 69267: mb_strtolower fails on titlecase characters;
  • (mcrypt): the deprecated mcrypt extension has been moved to PECL;
  • (opcache): added global optimisation passes based on data flow analysis using Single Static Assignment (SSA) form: Sparse Conditional Constant Propagation (SCCP), Dead Code Elimination (DCE), and removal of unused local variables;
  • (opcache): fixed incorect constant conditional jump elimination;
  • (opcache) 75230: invalid opcode 49/1/8 using opcache;
  • (opcache): fixed bug (assertion fails with extended info generated);
  • (opcache): fixed bug (Phi sources removel);
  • (opcache) 75370: webserver hangs on valid PHP text;
  • (opcache) 75357: segfault loading WordPress wp-admin;
  • (openssl): use TLS_ANY for default ssl:// and tls:// negotiation;
  • (openssl): fix leak in openssl_spki_new();
  • (openssl): added openssl_pkcs7_read() and pk7 parameter to openssl_pkcs7_verify();
  • (openssl): add ssl security_level stream option to support OpenSSL security levels;
  • (openssl): allow setting SNI cert and private key in separate files;
  • (openssl) 74903: openssl_pkcs7_encrypt() uses different EOL than before;
  • (openssl): automatically load OpenSSL configuration file;
  • (pcre): added support for PCRE JIT fast path API;
  • (pcre) 61780: inconsistent PCRE captures in match results;
  • (pcre) 74873: minor BC break: PCRE_JIT changes output of preg_match();
  • (pcre) 75089: preg_grep() is not reporting PREG_BAD_UTF8_ERROR after first input string;
  • (pcre) 75223: PCRE JIT broken in 7.2;
  • (pcre) 75285: broken build when system libpcre don't have jit support;
  • (phar) 74196: phar does not correctly handle names containing dots;
  • (pdo): add "Sent SQL" to debug dump for emulated prepares;
  • (pdo): add parameter types for national character set strings;
  • (pdo_dblib) 73234: emulated statements let value dictate parameter type;
  • (pdo_dblib) 73396: bigint columns are returned as strings;
  • (pdo_dblib): expose DB-Library version as \PDO::DBLIB_ATTR_VERSION attribute on \PDO instance;
  • (pdo_dblib) add test coverage for bug 72969;
  • (pdo_oci) 74537: align --with-pdo-oci configure option with --with-oci8 syntax;
  • (pdo_sqlite): switch to sqlite3_prepare_v2() and sqlite3_close_v2() functions;
  • (phpdbg): added extended_value to opcode dump output;
  • (session) 73461: prohibit session save handler recursion;
  • (session): PR #2233 removed register_globals related code and "!" can be used as $_SESSION key name;
  • (session) 73100: fixed 'user' save handler can only be set by session_set_save_handler();
  • (session) 74514: 5 session functions incorrectly warn when calling in read-only/getter mode;
  • (session) 74936: session_cache_expire/cache_limiter/save_path() trigger a warning in read mode;
  • (session) 74941: session fails to start after having headers sent;
  • (sodium): new cryptographic extension;
  • (sodium): added missing bindings for libsodium > 1.0.13;
  • (spl) 71412: incorrect arginfo for ArrayIterator::__construct;
  • (spl): added spl_object_id();
  • (sqlite3): implement writing to blobs;
  • (sqlite3): update to Sqlite 3.20.1;
  • (standard) 69442: closing of fd incorrect when PTS enabled;
  • (standard) 74300: unserialize accepts two plus/minus signs for float number exponent part;
  • (standard): compatibility with libargon2 versions 20161029 and 20160821;
  • (standard) 74737: mysqli_get_client_info reflection info;
  • (standard): add support for extension name as argument to dl();
  • (standard) 74851: uniqid() without more_entropy performs badly;
  • (standard) 74103: heap-use-after-free when unserializing invalid array size;
  • (standard) 75054: Denial of Service Vulnerability was found when performing deserialization;
  • (standard) 75170: mt_rand() bias on 64-bit machines;
  • (standard) 75221: Argon2i always throws NUL at the end;
  • (streams): default ssl/single_dh_use and ssl/honor_cipher_order to true;
  • (xml): moved utf8_encode() and utf8_decode() to the Standard extension;
  • (xmlrpc): use Zend MM for allocation in bundled libxmlrpc;
  • (zip): add support for encrypted archives;
  • (zip): use of bundled libzip is deprecated, --with-libzip option is recommended;
  • (zip) 73803: reflection of ZipArchive does not show public properties;
  • (zip): ZipArchive implements countable, added ZipArchive::count() method;
  • (zip): fix segfault in php_stream_context_get_option call;
  • (zip) 75143: new method setEncryptionName() seems not to exist in ZipArchive;
  • (zlib): expose inflate_get_status() and inflate_get_read_len() functions;
  • Revert fix for MariaDB102 segfault.

To install please run the following command:

yum groupinstall alt-php

Topic: CloudLinux OS Blog , Tags: #alt-php,

403 people viewed this

Comments

 
No comments yet

Leave your comment

Guest, Wednesday, 13 December 2017

Captcha Image