Fedora 29: 2019-da36d5d484 Moderate: PHP Security Fix for Dynamic Web Pages

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)

which adds support for the PHP language to Apache HTTP Server.

**PHP version 7.2.17** (04 Apr 2019) **Core:** * Fixed bug php#77738 (Nullptr

deref in zend_compile_expr). (Laruence) * Fixed bug php#77660 (Segmentation

fault on break 2147483648). (Laruence) * Fixed bug php#77652 (Anonymous classes

can lose their interface information). (Nikita) * Fixed bug php#77676 (Unable to

run tests when building shared extension on AIX). (Kevin Adler) **Bcmath:** *

Fixed bug php#77742 (bcpow() implementation related to gcc compiler

optimization). (Nikita) **COM:** * Fixed bug php#77578 (Crash when php

unload). (cmb) **Date:** * Fixed bug php#50020

(DateInterval:createDateFromString() silently fails). (Derick) * Fixed bug

php#75113 (Added DatePeriod::getRecurrences() method). (Ignace Nyamagana Butera)

**EXIF:** * Fixed bug php#77753 (Heap-buffer-overflow in php_ifd_get32s).

(Stas) * Fixed bug php#77831 (Heap-buffer-overflow in exif_iif_add_value).

(Stas) **FPM:** * Fixed bug php#77677 (FPM fails to build on AIX due to

missing WCOREDUMP). (Kevin Adler) **GD:** * Fixed bug php#77700 (Writing

truecolor images as GIF ignores interlace flag). (cmb) **MySQLi:** * Fixed bug

php#77597 (mysqli_fetch_field hangs scripts). (Nikita) **Opcache:** * Fixed

bug php#77691 (Opcache passes wrong value for inline array push assignments).

(Nikita) * Fixed bug php#77743 (Incorrect pi node insertion for jmpznz with

identical successors). (Nikita) **phpdbg:** * Fixed bug php#77767 (phpdbg

break cmd aliases listed in help do not match actual aliases). (Miriam Lauter)

**sodium:** * Fixed bug php#77646 (sign_detached() strings not terminated).

(Frank) **SQLite3:** * Added sqlite3.defensive INI directive. (BohwaZ)

**Standard:** * Fixed bug php#77664 (Segmentation fault when using undefined

constant in custom wrapper). (Laruence) * Fixed bug php#77669 (Crash in

extract() when overwriting extracted array). (Nikita) * Fixed bug php#76717

(var_export() does not create a parsable value for PHP_INT_MIN). (Nikita) *

Fixed bug php#77765 (FTP stream wrapper should set the directory as executable).

(Vlad Temian)

* Wed Apr 3 2019 Remi Collet - 7.2.17-1

- Update to 7.2.17 - https://www.php.net/releases/7_2_17.php

* Wed Mar 6 2019 Remi Collet - 7.2.16-1

- Update to 7.2.16 - https://www.php.net/releases/7_2_16.php

- add upstream patch for OpenSSL 1.1.1b

- adapt systzdata patch (v17)

* Wed Feb 6 2019 Remi Collet - 7.2.15-1

- Update to 7.2.15 - https://www.php.net/releases/7_2_15.php

* Tue Jan 8 2019 Remi Collet - 7.2.14-1

- Update to 7.2.14 - https://www.php.net/releases/7_2_14.php

* Tue Dec 18 2018 Remi Collet - 7.2.14~RC1-1

- update to 7.2.14RC1

* Sat Dec 8 2018 Remi Collet - 7.2.13-2

- Fix null pointer dereference in imap_mail CVE-2018-19935

* Wed Dec 5 2018 Remi Collet - 7.2.13-1

- Update to 7.2.13 - https://www.php.net/releases/7_2_13.php

* Wed Nov 21 2018 Remi Collet - 7.2.13-0.1.RC1

- update to 7.2.13RC1

* Tue Nov 6 2018 Remi Collet - 7.2.12-1

- Update to 7.2.12 - https://www.php.net/releases/7_2_12.php

* Fri Nov 2 2018 Remi Collet - 7.2.12-0.1.RC1

- rebuild

* Tue Oct 23 2018 Remi Collet - 7.2.12~RC1-1

- update to 7.2.12RC1

* Wed Oct 10 2018 Remi Collet - 7.2.11-1

- Update to 7.2.11 - https://www.php.net/releases/7_2_11.php

su -c 'dnf upgrade --advisory FEDORA-2019-da36d5d484' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/