7.0.9 announce

Author: weltling

ChangeLog-7.php

@@ -7,6 +7,102 @@
 
 <h1>PHP 7 ChangeLog</h1>
 
+<section class="version" id="7.0.9"><!-- {{{ 7.0.9 -->
+<h3>Version 7.0.9</h3>
+<b><?php release_date('21-Jul-2016'); ?></b>
+<ul><li>Core:
+<ul>
+  <li><?php bugfix(72508); ?> (strange references after recursive function call and "switch" statement).</li>
+  <li><?php bugfix(72513); ?> (Stack-based buffer overflow vulnerability in virtual_file_ex).</li>
+  <li><?php bugfix(72573); ?> (HTTP_PROXY is improperly trusted by some PHP libraries and applications).</li>
+</ul></li>
+<li>bz2:
+<ul>
+  <li><?php bugfix(72613); ?> (Inadequate error handling in bzread()).</li>
+</ul></li>
+<li>CLI:
+<ul>
+  <li><?php bugfix(72484); ?> (SCRIPT_FILENAME shows wrong path if the user specify router.php).</li>
+</ul></li>
+<li>COM:
+<ul>
+  <li><?php bugfix(72498); ?> (variant_date_from_timestamp null dereference).</li>
+</ul></li>
+<li>Curl:
+<ul>
+  <li><?php bugfix(72541); ?> (size_t overflow lead to heap corruption).</li>
+</ul></li>
+<li>Exif:
+<ul>
+  <li><?php bugfix(72603); ?> (Out of bound read in exif_process_IFD_in_MAKERNOTE).</li>
+  <li><?php bugfix(72618); ?> (NULL Pointer Dereference in exif_process_user_comment).</li>
+</ul></li>
+<li>GD:
+<ul>
+  <li><?php bugfix(43475); ?> (Thick styled lines have scrambled patterns).</li>
+  <li><?php bugfix(53640); ?> (XBM images require width to be multiple of 8).</li>
+  <li><?php bugfix(64641); ?> (imagefilledpolygon doesn't draw horizontal line).</li>
+  <li><?php bugfix(72512); ?> (gdImageTrueColorToPaletteBody allows arbitrary write/read access).</li>
+  <li><?php bugfix(72519); ?> (imagegif/output out-of-bounds access).</li>
+  <li><?php bugfix(72558); ?> (Integer overflow error within _gdContributionsAlloc()).</li>
+  <li><?php bugfix(72482); ?> (Ilegal write/read access caused by gdImageAALine overflow).</li>
+  <li><?php bugfix(72494); ?> (imagecropauto out-of-bounds access).</li>
+</ul></li>
+<li>Intl:
+<ul>
+  <li><?php bugfix(72533); ?> (locale_accept_from_http out-of-bounds access).</li>
+</ul></li>
+<li>Mbstring:
+<ul>
+  <li><?php bugfix(72405); ?> (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access).</li>
+  <li><?php bugfix(72399); ?> (Use-After-Free in MBString (search_re)).</li>
+</ul></li>
+<li>mcrypt:
+<ul>
+  <li><?php bugfix(72551); ?>, bug <?php bugl(72552) ?> (Incorrect casting from size_t to int lead to heap overflow in mdecrypt_generic).</li>
+</ul></li>
+<li>PDO_pgsql:
+<ul>
+  <li><?php bugfix(72570); ?> (Segmentation fault when binding parameters on a query without placeholders).</li>
+</ul></li>
+<li>PCRE:
+<ul>
+  <li><?php bugfix(72476); ?> (Memleak in jit_stack).</li>
+  <li><?php bugfix(72463); ?> (mail fails with invalid argument).</li>
+</ul></li>
+<li>Readline:
+<ul>
+  <li><?php bugfix(72538); ?> (readline_redisplay crashes php).</li>
+</ul></li>
+<li>Standard:
+<ul>
+  <li><?php bugfix(72505); ?> (readfile() mangles files larger than 2G).</li>
+  <li><?php bugfix(72306); ?> (Heap overflow through proc_open and $env parameter).</li>
+</ul></li>
+<li>Session:
+<ul>
+  <li><?php bugfix(72531); ?> (ps_files_cleanup_dir Buffer overflow).</li>
+  <li><?php bugfix(72562); ?> (Use After Free in unserialize() with Unexpected Session Deserialization).</li>
+</ul></li>
+<li>SNMP:
+<ul>
+  <li><?php bugfix(72479); ?> (Use After Free Vulnerability in SNMP with GC and unserialize()).</li>
+</ul></li>
+<li>Streams:
+<ul>
+  <li><?php bugfix(72439); ?> (Stream socket with remote address leads to a segmentation fault).</li>
+</ul></li>
+<li>XMLRPC:
+<ul>
+  <li><?php bugfix(72606); ?> (heap-buffer-overflow (write) simplestring_addn simplestring.c).</li>
+</ul></li>
+<li>Zip:
+<ul>
+  <li><?php bugfix(72520); ?> (Stack-based buffer overflow vulnerability in php_stream_zip_opener).</li>
+</ul></li>
+</ul>
+<!-- }}} --></section>
+
 <section class="version" id="7.0.8"><!-- {{{ 7.0.8 -->
 <h3>Version 7.0.8</h3>
 <b><?php release_date('23-Jun-2016'); ?></b>

archive/archive.xml

@@ -9,6 +9,7 @@
     <uri>http://php.net/contact</uri>
     <email>[email protected]</email>
   </author>
+  <xi:include href="entries/2016-07-21-3.xml"/>
   <xi:include href="entries/2016-07-21-1.xml"/>
   <xi:include href="entries/2016-07-07-1.xml"/>
   <xi:include href="entries/2016-06-24-1.xml"/>

archive/entries/2016-07-21-3.xml

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<entry xmlns="http://www.w3.org/2005/Atom">
+  <title>PHP 7.0.9 Released</title>
+  <id>http://php.net/archive/2016.php#id2016-07-21-3</id>
+  <published>2016-07-21T13:00:00+01:00</published>
+  <updated>2016-07-21T13:00:00+01:00</updated>
+  <category term="releases" label="New PHP release"/>
+  <category term="frontpage" label="PHP.net frontpage news"/>
+  <link href="http://php.net/index.php#id2016-07-21-3" rel="alternate" type="text/html"/>
+  <link href="http://php.net/archive/2016.php#id2016-07-21-3" rel="via" type="text/html"/>
+  <content type="xhtml">
+    <div xmlns="http://www.w3.org/1999/xhtml">
+     <p>The PHP development team announces the immediate availability of PHP
+     7.0.9. This is a security release. Several security bugs were fixed in
+     this release, including the HTTP_PROXY issue.
+     
+     All PHP 7.0 users are encouraged to upgrade to this version.</p>
+     
+     <p>For source downloads of PHP 7.0.9 please visit our <a href="http://www.php.net/downloads.php">downloads page</a>,
+     Windows source and binaries can be found on <a href="http://windows.php.net/download/">windows.php.net/download/</a>.
+     The list of changes is recorded in the <a href="http://www.php.net/ChangeLog-7.php#7.0.9">ChangeLog</a>.
+     </p>
+    </div>
+  </content>
+</entry>

include/releases.inc

@@ -2,6 +2,42 @@
 $OLDRELEASES = array (
   7 => 
   array (
+    '7.0.8' => 
+    array (
+      'announcement' => 
+      array (
+        'English' => '/releases/7_0_8.php',
+      ),
+      'source' => 
+      array (
+        0 => 
+        array (
+          'filename' => 'php-7.0.8.tar.bz2',
+          'name' => 'PHP 7.0.8 (tar.bz2)',
+          'md5' => 'd4f67b081a3c1b0b35f729ef8131cdda',
+          'sha256' => '66dc7ba388490e07b1313fe3a06b1fa822e1310585fe29f4909995f131e27c8d',
+          'date' => '23 Jun 2016',
+        ),
+        1 => 
+        array (
+          'filename' => 'php-7.0.8.tar.gz',
+          'name' => 'PHP 7.0.8 (tar.gz)',
+          'md5' => '642d86f3269404abc1bbfd887b682ccf',
+          'sha256' => '1f024fa6d87594b99fa312e3185c357dcffa42e07d21c726f41d1fa6f773720b',
+          'date' => '23 Jun 2016',
+        ),
+        2 => 
+        array (
+          'filename' => 'php-7.0.8.tar.xz',
+          'name' => 'PHP 7.0.8 (tar.xz)',
+          'md5' => 'c4438583c95d3ddf746929d7fcb61045',
+          'sha256' => '0a2142c458b0846f556b16da1c927d74c101aa951bb840549abe5c58584fb394',
+          'date' => '23 Jun 2016',
+        ),
+      ),
+      'date' => '23 Jun 2016',
+      'museum' => false,
+    ),
     '7.0.7' => 
     array (
       'announcement' => 

include/version.inc

@@ -18,20 +18,20 @@
  */
 
 /* PHP 7.0 Release */
-$PHP_7_0_RC = "7.0.9RC1"; // Current RC version (e.g., '5.6.7RC1') or false
+$PHP_7_0_RC = false; // Current RC version (e.g., '5.6.7RC1') or false
 $PHP_7_0_RC_DATE = '07 Jul 2016';
 
-$PHP_7_0_VERSION         = "7.0.8";
-$PHP_7_0_DATE            = "23 Jun 2016";
+$PHP_7_0_VERSION         = "7.0.9";
+$PHP_7_0_DATE            = "21 Jul 2016";
 $PHP_7_0_MD5     = array(
-                       "tar.bz2"       => "d4f67b081a3c1b0b35f729ef8131cdda",
-                       "tar.gz"        => "642d86f3269404abc1bbfd887b682ccf",
-                       "tar.xz"        => "c4438583c95d3ddf746929d7fcb61045",
+                       "tar.bz2"       => "63b32d3e97df7b30c2bcd138ef0b21c0",
+                       "tar.gz"        => "32ea3ce54d7d5ed03c6c600dffd65813",
+                       "tar.xz"        => "6294813fb3c8158cfde74302f573cac7",
 );
 $PHP_7_0_SHA256     = array(
-                       "tar.bz2"       => "66dc7ba388490e07b1313fe3a06b1fa822e1310585fe29f4909995f131e27c8d",
-                       "tar.gz"        => "1f024fa6d87594b99fa312e3185c357dcffa42e07d21c726f41d1fa6f773720b",
-                       "tar.xz"        => "0a2142c458b0846f556b16da1c927d74c101aa951bb840549abe5c58584fb394",
+                       "tar.bz2"       => "2ee6968b5875f2f38700c58a189aad859a6a0b85fc337aa102ec2dc3652c3b7b",
+                       "tar.gz"        => "93895a6a610c94751c890e5ee91a7f4bc0eae476b95fe30425d13f7ae88753d5",
+                       "tar.xz"        => "970c322ba3e472cb0264b8ba9d4d92e87918da5d0cca53c4aba2a70545b8626d",
 );
 
 /* PHP 5.6 Release */

releases/7_0_9.php

@@ -0,0 +1,22 @@
+<?php
+// $Id$
+$_SERVER['BASE_PAGE'] = 'releases/7_0_9.php';
+include_once $_SERVER['DOCUMENT_ROOT'] . '/include/prepend.inc';
+site_header("PHP 7.0.9 Release Announcement");
+?>
+
+     <h1>PHP 7.0.9 Release Announcement</h1>
+     
+     <p>The PHP development team announces the immediate availability of PHP
+     7.0.9. This is a security release. Several security bugs were fixed in
+     this release, including the HTTP_PROXY issue. 
+     
+     All PHP 7.0 users are encouraged to upgrade to this version.
+     </p>
+     
+     <p>For source downloads of PHP 7.0.9 please visit our <a href="http://www.php.net/downloads.php">downloads page</a>,
+     Windows source and binaries can be found on <a href="http://windows.php.net/download/">windows.php.net/download/</a>.
+     The list of changes is recorded in the <a href="http://www.php.net/ChangeLog-7.php#7.0.9">ChangeLog</a>.
+     </p>
+
+<?php site_footer(); ?>