[Security] PHP 5.5.11 and 5.4.27

interfasys

interfasys

Verified User
Joined
Oct 31, 2003
Messages
1,816
Location
Switzerland
Version 5.5.11

03 Apr 2014
Core:
Fixed bug #60602 (proc_open() changes environment array).
Allow zero length comparison in substr_compare().
cURL:
Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour).
Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive.
Fileinfo:
Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular expression (CVE-2013-7345)).
FPM:
Added clear_env configuration directive to disable clearenv() call.
GD:
Fixed bug #66714 (imageconvolution breakage).
Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget).
Fixed bug #66887 (imagescale - poor quality of scaled image).
Fixed bug #66890 (imagescale segfault).
Fixed bug #66893 (imagescale ignore method argument).
GMP:
Fixed bug #66872 (invalid argument crashes gmp_testbit).
Hash:
hash_pbkdf2() now works correctly if the $length argument is not specified.
Intl:
Fixed bug #66873 A reproductible crash in UConverter when given invalid encoding.
Mail:
Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script).
MySQLi:
Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed).
OPCache:
Added function opcache_is_script_cached().
Added information about interned strings usage.
Openssl:
Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1).
SQLite:
Updated bundled libsqlite to 3.8.3.1.
SPL:
Added feature #65545 (SplFileObject::fread()).

http://www.php.net/get/php-5.5.11.tar.gz/from/a/mirror
md5: 9156fcd4b254cbfa9a7535f931da29d5


Version 5.4.27

03 Apr 2014
Core:
Fixed bug #60602 (proc_open() changes environment array)
Fileinfo:
Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular expression (CVE-2013-7345))
FPM:
Added clear_env configuration directive to disable clearenv() call.
GMP:
Fixed bug #66872 (invalid argument crashes gmp_testbit)
Mail:
Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script)
MySQLi:
Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)
Openssl:
Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1)

http://www.php.net/get/php-5.4.27.tar.gz/from/a/mirror
md5: 3080690bbb14d798a511e325a81a6f32
 
Last edited:
Ran updates on 22 servers today. Most servers do not see an update for php to 5.4.27, some however do. So now we have servers that are not the same.
 
It is because of the fileservers used. MIrrors that provide the best speed for you might not be synced yet. It may take up to 24 hours for them to appear on the mirrors.
 
I would like to add that at the time @interfasys started this forum thread, at that time only PHP 5.5.11 was official released, but PHP 5.4.27 was not yet official released (not posted at php.net), and only available on a few of php.net's mirrors.

PHP 5.5.11 was added to custombuild only a few hours after it was official released at php.net

Later when PHP 5.4.27 was official released/announced at php.net, it was added to custombuild only 13 hours after it was released/announced at php.net

You will not find any other control panel out there wich add the new php versions so very quick after they are official released at php.net. Remember that PHP 5.4.27 was not yet official released at the time of this forum thread was started.
 
We always start with updating 1 server. This server pulled down php 5.4.27 and installed it. We didn't count on that happening. At that point, 5.4.27 had already been released a day prior.

I made a mistake during the updates and ran it again. This time the same server pulled down 5.4.26. Out of 22 servers 8 got 5.4.27. Since they are all in the same location.

We ended up tarring and transferring custombuild's files to the servers that didn't install 5.4.27 so they are all the same once more.

Thanks for the replies, I just thought I'd mention it. I could've worded it better I suppose. :)
 
If you don't want to wait for all custombuild mirrors to be updated with new version, then you can change downloadserver in /usr/local/directadmin/custombuild/options.conf , change it to this then run ./build update:

Code: 
downloadserver=files1.directadmin.com

(files1 is the first server/mirror that is updated, so it will always have the most recent version available)
 
I cannot upgrade on Debian 7, any hint?

Code: 
checking for ENCHANT support... no
checking whether to enable EXIF (metadata from images) support... no
checking for fileinfo support... yes
checking for utimes... yes
checking for strndup... yes
checking whether to enable input filter support... yes
checking pcre install prefix... no
checking whether to enable FTP support... yes
checking OpenSSL dir for FTP... no
checking for GD support... yes
checking for the location of libvpx... no
checking for the location of libjpeg... /usr/local/lib
checking for the location of libpng... /usr/local/lib
checking for the location of libXpm... no
checking for FreeType 2... /usr/local/lib
checking for T1lib support... no
checking whether to enable truetype string function in GD... yes
checking whether to enable JIS-mapped Japanese font support in GD... no
If configure fails try --with-vpx-dir=<DIR>
checking for jpeg_read_header in -ljpeg... yes
checking for png_write_image in -lpng... yes
If configure fails try --with-xpm-dir=<DIR>
checking for fabsf... no
checking for floorf... no
configure: error: GD build test failed. Please check the config.log for details.

*** There was an error while trying to configure php. Check the configure file
 
Fixed installing libbz2-dev




Derevko said:
I cannot upgrade on Debian 7, any hint?

Code: 
checking for ENCHANT support... no
checking whether to enable EXIF (metadata from images) support... no
checking for fileinfo support... yes
checking for utimes... yes
checking for strndup... yes
checking whether to enable input filter support... yes
checking pcre install prefix... no
checking whether to enable FTP support... yes
checking OpenSSL dir for FTP... no
checking for GD support... yes
checking for the location of libvpx... no
checking for the location of libjpeg... /usr/local/lib
checking for the location of libpng... /usr/local/lib
checking for the location of libXpm... no
checking for FreeType 2... /usr/local/lib
checking for T1lib support... no
checking whether to enable truetype string function in GD... yes
checking whether to enable JIS-mapped Japanese font support in GD... no
If configure fails try --with-vpx-dir=<DIR>
checking for jpeg_read_header in -ljpeg... yes
checking for png_write_image in -lpng... yes
If configure fails try --with-xpm-dir=<DIR>
checking for fabsf... no
checking for floorf... no
configure: error: GD build test failed. Please check the config.log for details.

*** There was an error while trying to configure php. Check the configure file
Click to expand...
 
You must log in or register to reply here.
Back
Top