php-7.0.12-2.fc25

13 Oct 2016 – **PHP version 7.0.12**

**Core:**

* Fixed bug php#73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c). (cmb)
* Fixed bug php#72703 (Out of bounds global memory read in BF_crypt triggered by password_verify). (Anatol)
* Fixed bug php#73058 (crypt broken when salt is ‘too’ long). (Anatol)
* Fixed bug php#69579 (Invalid free in extension trait). (John Boehr)
* Fixed bug php#73156 (segfault on undefined function). (Dmitry)
* Fixed bug php#73163 (PHP hangs if error handler throws while accessing undef const in default value). (Nikita)
* Fixed bug php#73172 (parse error: Invalid numeric literal). (Nikita, Anatol)
* Fixed for php#73240 (Write out of bounds at number_format). (Stas)
* Fixed bug php#73147 (Use After Free in PHP7 unserialize()). (Stas)
* Fixed bug php#73189 (Memcpy negative size parameter php_resolve_path). (Stas)

**BCmath:**

* Fix bug php#73190 (memcpy negative parameter _bc_new_num_ex). (Stas)

**Date:**

* Fixed bug php#73091 (Unserializing DateInterval object may lead to __toString invocation). (Stas)

**DOM:**

* Fixed bug php#73150 (missing NULL check in dom_document_save_html). (Stas)

**Filter:**

* Fixed bug php#72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE). (julien)
* Fixed bug php#73054 (default option ignored when object passed to int filter). (cmb)

**GD:**

* Fixed bug php#67325 (imagetruecolortopalette: white is duplicated in palette). (cmb)
* Fixed bug php#50194 (imagettftext broken on transparent background w/o alphablending). (cmb)
* Fixed bug php#73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c). (trylab, cmb)
* Fixed bug php#53504 (imagettfbbox gives incorrect values for bounding box). (Mark Plomer, cmb)
* Fixed bug php#73157 (imagegd2() ignores 3rd param if 4 are given). (cmb)
* Fixed bug php#73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb)
* Fixed bug php#73159 (imagegd2(): unrecognized formats may result in corrupted files). (cmb)
* Fixed bug php#73161 (imagecreatefromgd2() may leak memory). (cmb)

**Intl:**

* Fixed bug php#73218 (add mitigation for ICU int overflow). (Stas)

**Mbstring:**

* Fixed bug php#66797 (mb_substr only takes 32-bit signed integer). (cmb)
* Fixed bug php#66964 (mb_convert_variables() cannot detect recursion) (Yasuo)
* Fixed bug php#72992 (mbstring.internal_encoding doesn’t inherit default_charset). (Yasuo)

**Mysqlnd:**

* Fixed bug php#72489 (PHP Crashes When Modifying Array Containing MySQLi Result Data). (Nikita)

**Opcache:**

* Fixed bug php#72982 (Memory leak in zend_accel_blacklist_update_regexp() function). (Laruence)

**OpenSSL:**

* Fixed bug php#73072 (Invalid path SNI_server_certs causes segfault). (Jakub Zelenka)
* Fixed bug php#73276 (crash in openssl_random_pseudo_bytes function). (Stas)
* Fixed bug php#73275 (crash in openssl_encrypt function). (Stas)

**PCRE:**

* Fixed bug php#73121 (Bundled PCRE doesn’t compile because JIT isn’t supported on s390). (Anatol)
* Fixed bug php#73174 (heap overflow in php_pcre_replace_impl). (Stas)

**PDO_DBlib:**

* Fixed bug php#72414 (Never quote values as raw binary data). (Adam Baratz)
* Allow PDO::setAttribute() to set query timeouts. (Adam Baratz)
* Handle SQLDECIMAL/SQLNUMERIC types, which are used by later TDS versions. (Adam Baratz)
* Add common PDO test suite. (Adam Baratz)
* Free error and message strings when cleaning up PDO instances. (Adam Baratz)
* Fixed bug php#67130 (PDOStatement::nextRowset() should succeed when all rows in current rowset haven’t been fetched). (Peter LeBrun)
* Ignore potentially misleading dberr values. (Chris Kings-Lynne)

**phpdbg:**

* Fixed bug php#72996 (phpdbg_prompt.c undefined reference to DL_LOAD). (Nikita)
* Fixed next command not stopping when leaving function. (Bob)

**Session:**

* Fixed bug php#68015 (Session does not report invalid uid for files save handler). (Yasuo)
* Fixed bug php#73100 (session_destroy null dereference in ps_files_path_create). (cmb)

**SimpleXML:**

* Fixed bug php#73293 (NULL pointer dereference in SimpleXMLElement::asXML()). (Stas)

**SOAP:**

* Fixed bug php#71711 (Soap Server Member variables reference bug). (Nikita)
* Fixed bug php#71996 (Using references in arrays doesn’t work like expected). (Nikita)

**SPL:**

* Fixed bug php#73257, php#73258 (SplObjectStorage unserialize allows use of non-object as key). (Stas)

Leave a Reply