announce 5.6.26

Tyrael · Tyrael · commit bb43f818c79c · 2016-09-16T08:41:17.000+02:00
diff --git a/ChangeLog-5.php b/ChangeLog-5.php
@@ -7,6 +7,103 @@
 ?>
 
 <h1>PHP 5 ChangeLog</h1>
+<section class="version" id="5.6.26"><!-- {{{ 5.6.26 -->
+<h3>Version 5.6.26</h3>
+<b><?php release_date('15-Sep-2016'); ?></b>
+<ul><li>Core:
+<ul>
+  <li><?php bugfix(72907); ?> (null pointer deref, segfault in gc_remove_zval_from_buffer (zend_gc.c:260)).</li>
+</ul></li>
+<li>Dba:
+<ul>
+  <li><?php bugfix(71514); ?> (Bad dba_replace condition because of wrong API usage).</li>
+  <li><?php bugfix(70825); ?> (Cannot fetch multiple values with group in ini file).</li>
+</ul></li>
+<li>EXIF:
+<ul>
+  <li><?php bugfix(72926); ?> (Uninitialized Thumbail Data Leads To Memory Leakage in exif_process_IFD_in_TIFF).</li>
+</ul></li>
+<li>FTP:
+<ul>
+  <li><?php bugfix(70195); ?> (Cannot upload file using ftp_put to FTPES with require_ssl_reuse).</li>
+</ul></li>
+<li>GD:
+<ul>
+  <li><?php bugfix(66005); ?> (imagecopy does not support 1bit transparency on truecolor images).</li>
+  <li><?php bugfix(72913); ?> (imagecopy() loses single-color transparency on palette images).</li>
+  <li><?php bugfix(68716); ?> (possible resource leaks in _php_image_convert()).</li>
+</ul></li>
+<li>Intl:
+<ul>
+  <li><?php bugfix(73007); ?> (add locale length check).</li>
+</ul></li>
+<li>JSON:
+<ul>
+  <li><?php bugfix(72787); ?> (json_decode reads out of bounds).</li>
+</ul></li>
+<li>mbstring:
+<ul>
+  <li><?php bugfix(66797); ?> (mb_substr only takes 32-bit signed integer).</li>
+  <li><?php bugfix(72910); ?> (Out of bounds heap read in mbc_to_code() / triggered by mb_ereg_match()).</li>
+</ul></li>
+<li>MSSQL:
+<ul>
+  <li><?php bugfix(72039); ?> (Use of uninitialised value on mssql_guid_string).</li>
+</ul></li>
+<li>Mysqlnd:
+<ul>
+  <li><?php bugfix(72293); ?> (Heap overflow in mysqlnd related to BIT fields).</li>
+</ul></li>
+<li>Phar:
+<ul>
+  <li><?php bugfix(72928); ?> (Out of bound when verify signature of zip phar in phar_parse_zipfile).</li>
+  <li><?php bugfix(73035); ?> (Out of bound when verify signature of tar phar in phar_parse_tarfile).</li>
+</ul></li>
+<li>PDO:
+<ul>
+  <li><?php bugfix(60665); ?> (call to empty() on NULL result using PDO::FETCH_LAZY returns false).</li>
+</ul></li>
+<li>PDO_pgsql:
+<ul>
+  <li>Implemented FR <?php bugl(72633); ?> (Postgres PDO lastInsertId() should work without specifying a sequence).</li>
+  <li><?php bugfix(72759); ?> (Regression in pgo_pgsql).</li>
+</ul></li>
+<li>SPL:
+<ul>
+  <li><?php bugfix(73029); ?> (Missing type check when unserializing SplArray).</li>
+</ul></li>
+<li>Standard:
+<ul>
+  <li><?php bugfix(72823); ?> (strtr out-of-bound access).</li>
+  <li><?php bugfix(72278); ?> (getimagesize returning FALSE on valid jpg).</li>
+  <li><?php bugfix(65550); ?> (get_browser() incorrectly parses entries with "+" sign).</li>
+  <li><?php bugfix(71882); ?> (Negative ftruncate() on php://memory exhausts memory).</li>
+  <li><?php bugfix(73011); ?> (integer overflow in fgets cause heap corruption).</li>
+  <li><?php bugfix(73017); ?> (memory corruption in wordwrap function).</li>
+  <li><?php bugfix(73045); ?> (integer overflow in fgetcsv caused heap corruption).</li>
+  <li><?php bugfix(73052); ?> (Memory Corruption in During Deserialized-object Destruction) (Stas)</li>
+</ul></li>
+<li>Streams:
+<ul>
+  <li><?php bugfix(72853); ?> (stream_set_blocking doesn't work).</li>
+</ul></li>
+<li>Wddx:
+<ul>
+  <li><?php bugfix(72860); ?> (wddx_deserialize use-after-free).</li>
+  <li><?php bugfix(73065); ?> (Out-Of-Bounds Read in php_wddx_push_element).</li>
+</ul></li>
+<li>XML:
+<ul>
+  <li><?php bugfix(72085); ?> (SEGV on unknown address zif_xml_parse).</li>
+  <li><?php bugfix(72927); ?> (integer overflow in xml_utf8_encode).</li>
+</ul></li>
+<li>ZIP:
+<ul>
+  <li><?php bugfix(68302); ?> (impossible to compile php with zip support).</li>
+</ul></li>
+</ul>
+<!-- }}} --></section>
+
 <section class="version" id="5.6.25"><!-- {{{ 5.6.25 -->
 <h3>Version 5.6.25</h3>
 <b><?php release_date('18-Aug-2016'); ?></b>
diff --git a/archive/archive.xml b/archive/archive.xml
@@ -9,6 +9,7 @@
     <uri>http://php.net/contact</uri>
     <email>php-webmaster@lists.php.net</email>
   </author>
+  <xi:include href="entries/2016-09-16-1.xml"/>
   <xi:include href="entries/2016-09-15-1.xml"/>
   <xi:include href="entries/2016-09-09-1.xml"/>
   <xi:include href="entries/2016-09-06-1.xml"/>
diff --git a/archive/entries/2016-09-16-1.xml b/archive/entries/2016-09-16-1.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<entry xmlns="http://www.w3.org/2005/Atom">
+  <title>PHP 5.6.26 is released</title>
+  <id>http://php.net/archive/2016.php#id2016-09-16-1</id>
+  <published>2016-09-16T06:39:08+00:00</published>
+  <updated>2016-09-16T06:39:08+00:00</updated>
+  <category term="frontpage" label="PHP.net frontpage news"/>
+  <category term="releases" label="New PHP release"/>
+  <link href="http://php.net/index.php#id2016-09-16-1" rel="alternate" type="text/html"/>
+  <link href="http://php.net/archive/2016.php#id2016-09-16-1" rel="via" type="text/html"/>
+  <content type="xhtml">
+    <div xmlns="http://www.w3.org/1999/xhtml">
+     <p>The PHP development team announces the immediate availability of PHP
+     5.6.26. This is a security release. Several security bugs were fixed in
+     this release.
+
+     All PHP 5.6 users are encouraged to upgrade to this version.</p>
+
+     <p>For source downloads of PHP 5.6.26 please visit our <a href="http://www.php.net/downloads.php">downloads page</a>,
+     Windows source and binaries can be found on <a href="http://windows.php.net/download/">windows.php.net/download/</a>.
+     The list of changes is recorded in the <a href="http://www.php.net/ChangeLog-5.php#5.6.26">ChangeLog</a>.
+     </p>
+    </div>
+  </content>
+</entry>
diff --git a/include/releases.inc b/include/releases.inc
@@ -401,6 +401,42 @@ $OLDRELEASES = array (
   ),
   5 => 
   array (
+    '5.6.25' => 
+    array (
+      'announcement' => 
+      array (
+        'English' => '/releases/5_6_25.php',
+      ),
+      'source' => 
+      array (
+        0 => 
+        array (
+          'filename' => 'php-5.6.25.tar.bz2',
+          'name' => 'PHP 5.6.25 (tar.bz2)',
+          'md5' => 'f63b9956c25f1ae0433015a80b44224c',
+          'sha256' => '58ce6032aced7f3e42ced492bd9820e5b3f2a3cd3ef71429aa92fd7b3eb18dde',
+          'date' => '18 Aug 2016',
+        ),
+        1 => 
+        array (
+          'filename' => 'php-5.6.25.tar.gz',
+          'name' => 'PHP 5.6.25 (tar.gz)',
+          'md5' => '75f90f5bd7d0076a0dcc5f3205ce260e',
+          'sha256' => '733f1c811d51c2d4031a0c058dc94d09d03858d781ca2eb2cce78853bc76db58',
+          'date' => '18 Aug 2016',
+        ),
+        2 => 
+        array (
+          'filename' => 'php-5.6.25.tar.xz',
+          'name' => 'PHP 5.6.25 (tar.xz)',
+          'md5' => '81cb8c0de0d0b714587edbd27a2a75bb',
+          'sha256' => '7535cd6e20040ccec4594cc386c6f15c3f2c88f24163294a31068cf7dfe7f644',
+          'date' => '18 Aug 2016',
+        ),
+      ),
+      'date' => '18 Aug 2016',
+      'museum' => false,
+    ),
     '5.6.24' => 
     array (
       'announcement' => 
diff --git a/include/version.inc b/include/version.inc
@@ -35,20 +35,20 @@ $PHP_7_0_SHA256     = array(
 );
 
 /* PHP 5.6 Release */
-$PHP_5_6_RC = '5.6.26RC1'; // Current RC version (e.g., '5.6.7RC1') or false
+$PHP_5_6_RC = false; // Current RC version (e.g., '5.6.7RC1') or false
 $PHP_5_6_RC_DATE = '01 Sep 2016';
 
-$PHP_5_6_VERSION         = "5.6.25";
-$PHP_5_6_DATE            = "18 Aug 2016";
+$PHP_5_6_VERSION         = "5.6.26";
+$PHP_5_6_DATE            = "15 Sep 2016";
 $PHP_5_6_MD5     = array(
-                       "tar.bz2"       => "f63b9956c25f1ae0433015a80b44224c",
-                       "tar.gz"        => "75f90f5bd7d0076a0dcc5f3205ce260e",
-                       "tar.xz"        => "81cb8c0de0d0b714587edbd27a2a75bb",
+                       "tar.bz2"       => "cb424b705cfb715fc04f499f8a8cf52e",
+                       "tar.gz"        => "6aa387761ee6afa1e3be7ee94a1e8c03",
+                       "tar.xz"        => "c51e9115263b4d63ef8f68935cefd7d4",
 );
 $PHP_5_6_SHA256     = array(
-                       "tar.bz2"       => "58ce6032aced7f3e42ced492bd9820e5b3f2a3cd3ef71429aa92fd7b3eb18dde",
-                       "tar.gz"        => "733f1c811d51c2d4031a0c058dc94d09d03858d781ca2eb2cce78853bc76db58",
-                       "tar.xz"        => "7535cd6e20040ccec4594cc386c6f15c3f2c88f24163294a31068cf7dfe7f644",
+                       "tar.bz2"       => "d47aab8083a4284b905777e1b45dd7735adc53be827b29f896684750ac8b6236",
+                       "tar.gz"        => "f76b6cc23739d9dabf875aee57d91ae73f15e88ddf78803369b8b4728b19b924",
+                       "tar.xz"        => "203a854f0f243cb2810d1c832bc871ff133eccdf1ff69d32846f93bc1bef58a8",
 );
 /* PHP 5.5 Release */
 $PHP_5_5_RC =  false; // Current RC version (e.g., '5.6.7RC1') or false
diff --git a/releases/5_6_26.php b/releases/5_6_26.php
@@ -0,0 +1,22 @@
+<?php
+// $Id$
+$_SERVER['BASE_PAGE'] = 'releases/5_6_26.php';
+include_once $_SERVER['DOCUMENT_ROOT'] . '/include/prepend.inc';
+site_header("PHP 5.6.26 Release Announcement");
+?>
+
+     <h1>PHP 5.6.26 Release Announcement</h1>
+
+     <p>The PHP development team announces the immediate availability of PHP
+     5.6.26. This is a security release. Several security bugs were fixed in
+     this release.
+
+     All PHP 5.6 users are encouraged to upgrade to this version.
+     </p>
+
+     <p>For source downloads of PHP 5.6.26 please visit our <a href="http://www.php.net/downloads.php">downloads page</a>,
+     Windows source and binaries can be found on <a href="http://windows.php.net/download/">windows.php.net/download/</a>.
+     The list of changes is recorded in the <a href="http://www.php.net/ChangeLog-5.php#5.6.26">ChangeLog</a>.
+     </p>
+
+<?php site_footer(); ?>
