Version 5.6.18 04 Feb 2016 Core: Fixed bug #71039 (exec functions ignore length but look for NULL termination). Fixed bug #71089 (No check to duplicate zend_extension). Fixed bug #71201 (round() segfault on 64-bit builds). Added support for new HTTP 451 code. Fixed bug #71273 (A wrong ext directory setup in php.ini leads to crash). Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its input). Fixed bug #71459 (Integer overflow in iptcembed()). Apache2handler: Fix >2G Content-Length headers in apache2handler. FTP: Implemented FR #55651 (Option to ignore the returned FTP PASV address). Opcache: Fixed bug #71127 (Define in auto_prepend_file is overwrite). Fixed bug #71024 (Unable to use PHP 7.0 x64 side-by-side with PHP 5.6 x32 on the same server). PCRE: Upgraded bundled PCRE library to 8.38. Phar: Fixed bug #71354 (Heap corruption in tar/zip/phar parser). Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()). Fixed bug #71488 (Stack overflow when decompressing tar archives). Session: Fixed bug #69111 (Crash in SessionHandler::read()). SOAP: Fixed bug #70979 (crash with bad soap request). SPL: Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading). WDDX: Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization). Version 5.5.32 04 Feb 2016 Core: Fixed bug #71039 (exec functions ignore length but look for NULL termination). Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its input). Fixed bug #71459 (Integer overflow in iptcembed()). GD: Improved the fix for bug #70976. PCRE: Upgraded pcrelib to 8.38. Phar: Fixed bug #71354 (Heap corruption in tar/zip/phar parser). Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()). Fixed bug #71488 (Stack overflow when decompressing tar archives). WDDX: Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization).
Thanks, let's include php-7.0.3 in this too: http://www.php.net/ChangeLog-7.php#7.0.3
Fixed versions are in the tree: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1bd543020b616c0cec56007ee7b2c3c4900b9f7
Thank you Michael.
I'm using 5.6.18 for several days on production server. Works fine for me. Any plans for stabilization?
Arches, please stabilize: =dev-lang/php-5.5.32 stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 =dev-lang/php-5.6.18 stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
no >>> Creating Manifest for /home/zlogene/gentoo/dev-lang/php dependency.bad [fatal] 28 dev-lang/php/php-5.6.18.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]'] dev-lang/php/php-5.6.18.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]'] dev-lang/php/php-5.6.18.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]'] dev-lang/php/php-5.6.18.ebuild: RDEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]'] dev-lang/php/php-5.6.18.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop/gnome) ['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]'] dev-lang/php/php-5.6.18.ebuild: RDEPEND: amd64(default/linux/amd64/13.0/desktop/gnome) ['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]'] dev-lang/php/php-5.6.18.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop/gnome/systemd) ['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]'] dev-lang/php/php-5.6.18.ebuild: RDEPEND: amd64(default/linux/amd64/13.0/desktop/gnome/systemd) ['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]'] dev-lang/php/php-5.6.18.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop/kde) ['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]'] dev-lang/php/php-5.6.18.ebuild: RDEPEND: amd64(default/linux/amd64/13.0/desktop/kde) ['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]'] dev-lang/php/php-5.6.18.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop/kde/systemd) ['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]'] dev-lang/php/php-5.6.18.ebuild: RDEPEND: amd64(default/linux/amd64/13.0/desktop/kde/systemd) ['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]']
(In reply to Kristian Fiskerstrand from comment #5) > Arches, please stabilize: > =dev-lang/php-5.5.32 > stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 > > =dev-lang/php-5.6.18 > stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 this also requires =app-eselect/eselect-php-0.9.1 stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
(In reply to Kristian Fiskerstrand from comment #7) > > this also requires > =app-eselect/eselect-php-0.9.1 > stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Yeah, sorry -- I fixed two bugs in revisions of 5.6.17 and 7.0.2 by adding calls to "eselect cleanup..." in pkg_postinst(). To do that I wanted to be sure I had a version of eselect-php that I trust to cleanup. Stabilizing eselect-php-0.9.1 is going to introduce the -DPHP change to stable users, but, 1) It's going to happen eventually. 2) I believe we're fully backwards compatible now (see the news item discussion on -dev). So all things considered, I think eselect-php-0.9.1 can be stabilized too. I would have liked it to sit in ~arch a little longer, but find me 30 days where PHP doesn't have a security bug...
Stable on alpha.
amd64 stable
Stable for HPPA PPC64.
@arches, please stabilize.
x86 stable
ppc stable
sparc stable
ia64 stable
This issue was resolved and addressed in GLSA 201606-10 at https://security.gentoo.org/glsa/201606-10 by GLSA coordinator Kristian Fiskerstrand (K_F).