PHP 5.6.31 available

Richard G

Verified User
Joined
Jul 6, 2008
Messages
13,704
Location
Maastricht
The PHP development team announces the immediate availability of PHP 5.6.31. This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.

06 Jul 2017

Core:
Fixed bug #73807 (Performance problem with processing post request over 2000000 chars).
Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from unserialize).
Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability).
Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via php_parse_date()).
GD:
Fixed bug #74435 (Buffer over-read into uninitialized memory).
mbstring:
Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA)
OpenSSL:
Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()).
PCRE:
Fixed bug #74087 (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).
WDDX:
Fixed bug #74145 (wddx parsing empty boolean tag leads to SIGSEGV).
 
I got a Pear error notices after compiling though:

pear/pear dependency package "pear/XML_Util" downloaded version 1.4.2 is not the recommended version 1.3.0, but may be compatible, use --force to install
pear/XML_Util cannot be installed, conflicts with installed packages

Can this be fixed some how?
 
Yes I've seen the --force option, but I don't like to force things if it might cause incompatibility troubles.
From upgrades via Directadmin I expect that they work without errors. ;)
 
I regularly upgrade all my pear packages and I never experienced any issues.
 
Oke. On Centos 6 it's just /usr/local/bin

And then this happens:
Code:
./pear upgrade --force XML_Util 
WARNING: channel "pear.php.net" has updated its protocols, use "pear channel-update pear.php.net" to update
warning: pear/pear dependency package "pear/XML_Util" downloaded version 1.4.3 is not the recommended version 1.4.2
downloading XML_Util-1.4.3.tgz ...
Starting to download XML_Util-1.4.3.tgz (18,842 bytes)
......done: 18,842 bytes
upgrade ok: channel://pear.php.net/XML_Util-1.4.3

So now it even went a version further and it looks we have to use another command to update. Looks ok though.
I'll monitor this for a couple of days before I do this on the other servers. I just don't like that kind of warnings with dependency's.
 
Just

./pear upgrade

will upgrade all libraries.

If you want to check what needs to be upgraded, do:

./pear list-upgrades

You should do the pear channel-update command once. That updates the repositories to the recent list. Looks like your pear is too old - I am unsure why.
 
Last edited:
I wouldn't know. I always to yum update and the custombuild update regularly.

The second server seems OK, the 3rd and last new installed server has this:
Code:
pear list-upgrades   
pear.php.net Available Upgrades (stable):
=========================================
Channel      Package     Local           Remote          Size
pear.php.net Archive_Tar 1.4.0 (stable)  1.4.3 (stable)  21kB
pear.php.net PEAR        1.10.1 (stable) 1.10.5 (stable) 285kB
pear.php.net XML_Util    1.3.0 (stable)  1.4.3 (stable)  18.4kB
[root@server21: ~]#
3 different local versions? Phew...

Upgraded everything. Looks good now, thank you!
 
Last edited:
On my box (it's FreeBSD) I have two different pear installations for the two different PHP versions.

You should check if you are updating the proper pear installation. Do the following:

# ./pear config-get php_dir

It should output the directory where pear adds the libraries. On FreeBSD with two PHP versions it's:

/usr/local/php71/lib/php

and

/usr/local/php56/lib/php

respectfully. Then check the php info page:

php71 -i | grep "include_path"

and make sure that the same directory is listed there.
 
I don't need to check because I only have 1 php installation on each box.
Which is php 5.6.31 (at this moment) and is present in /usr/local/lib/php where DA install's it.

But thank you for explaining.
 
Back
Top