Package "php8.1"

Name: php8.1


server-side, HTML-embedded scripting language (metapackage)

Latest version: 8.1.2-1ubuntu2.9
Release: jammy (22.04)
Level: updates
Repository: main
Homepage: http://www.php.net/


Download "php8.1"

Other versions of "php8.1" in Jammy

Repository Area Version
base universe 8.1.2-1ubuntu2
base main 8.1.2-1ubuntu2
security main 8.1.2-1ubuntu2.8
security universe 8.1.2-1ubuntu2.8
updates universe 8.1.2-1ubuntu2.9

Packages in group

Deleted packages are displayed in grey.


Version: 8.1.2-1ubuntu2.9 2022-11-24 20:06:21 UTC

  php8.1 (8.1.2-1ubuntu2.9) jammy; urgency=medium

  * d/p/0049-Preserve-file-position-when-php-temp-switches.patch: PHP provides
    a temporary data stream, php://temp, whose contents are moved to a
    temporary file when a predefined size limit is hit. In jammy, the file
    position is set to the end of the file, which results in corrupted/unwanted
    data. Fix this by preserving the file position in this situation.
    (LP: #1990302)

 -- Athos Ribeiro <email address hidden> Wed, 19 Oct 2022 11:58:09 -0300

Source diff to previous version
1990302 php://temp bug fixed in 8.1.6 is not backported to 8.1.2 release

Version: 8.1.2-1ubuntu2.8 2022-11-08 18:06:28 UTC

  php8.1 (8.1.2-1ubuntu2.8) jammy-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2022-31628-1.patch: adding a recursion limit
      in ext/phar/phar.c, ext/phar/tests/bug81726.phpt.
    - debian/source/include-binaries: add ext/phar/tests/bug81726.gz.
    - debian/patches/CVE-2022-31628-2.patch: avoid a second check in
    - CVE-2022-31628
  * SECURITY UPDATE: Cookie injection
    - debian/patches/CVE-2022-31629.patch: don't mangle HTTP
      variable names that clash with ones that have a specific semantic
      meaning in ext/standard/test/bug81727.phpt,
    - CVE-2022-31629
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2022-31630.patch: adds validation in
      imageloadfont() for OOB in ext/gd/gd.c, ext/gd/tests/bug81739.phpt.
    - CVE-2022-31630
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2022-37454.patch: fixes buffer overflow in
      hash_update() on long parameter in
    - CVE-2022-37454

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 02 Nov 2022 10:35:25 -0300

Source diff to previous version
CVE-2022-31628 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infini
CVE-2022-31629 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the
CVE-2022-37454 The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute

Version: 8.1.2-1ubuntu2.6 2022-10-25 10:07:19 UTC

  php8.1 (8.1.2-1ubuntu2.6) jammy; urgency=medium

  * d/rules: fix PHP_EXTRA_VERSION setting. (LP: #1989196)
  * Test PHP_EXTRA_VERSION setting with autopkgtest.

 -- Athos Ribeiro <email address hidden> Thu, 15 Sep 2022 08:30:49 -0300

Source diff to previous version
1989196 Fix PHP_EXTRA_VERSION setting

Version: 8.1.2-1ubuntu2.5 2022-09-22 11:07:27 UTC

  php8.1 (8.1.2-1ubuntu2.5) jammy; urgency=medium

  * d/p/0048-Clear-recorded-errors-before-executing-shutdown-func.patch:
    backport OPcache autoloading fix from 8.1.6. (LP: #1983205)

 -- <email address hidden> (Kraut.Hosting) Mon, 08 Aug 2022 09:28:23 +0200

Source diff to previous version
1983205 OPcache PHP autoloader crashes on PHP8 \u003c 8.1.6

Version: 8.1.2-1ubuntu2.4 2022-09-05 09:07:06 UTC

  php8.1 (8.1.2-1ubuntu2.4) jammy; urgency=medium

  * d/p/0047-Update-gcc-func-attr-macro.patch: fix detection of unknown gcc
    function attributes. (LP: #1882279)

 -- Athos Ribeiro <email address hidden> Wed, 17 Aug 2022 10:08:39 -0300

1882279 PHP built from source performs much better than the Ubuntu packaged version

About   -   Send Feedback to @ubuntu_updates