UbuntuUpdates.org

Package "php8.1"

Name: php8.1

Description:

server-side, HTML-embedded scripting language (metapackage)
Latest version: 8.1.2-1ubuntu2.15
Release: jammy (22.04)
Level: updates
Repository: main
Homepage: http://www.php.net/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "php8.1"

All arch deb package
APT INSTALL

Other versions of "php8.1" in Jammy

Repository Area Version
base universe 8.1.2-1ubuntu2
base main 8.1.2-1ubuntu2
security main 8.1.2-1ubuntu2.14
security universe 8.1.2-1ubuntu2.14
updates universe 8.1.2-1ubuntu2.15
proposed universe 8.1.2-1ubuntu2.16
proposed main 8.1.2-1ubuntu2.16

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 8.1.2-1ubuntu2.9 2022-11-24 20:06:21 UTC

  php8.1 (8.1.2-1ubuntu2.9) jammy; urgency=medium

  * d/p/0049-Preserve-file-position-when-php-temp-switches.patch: PHP provides
    a temporary data stream, php://temp, whose contents are moved to a
    temporary file when a predefined size limit is hit. In jammy, the file
    position is set to the end of the file, which results in corrupted/unwanted
    data. Fix this by preserving the file position in this situation.
    (LP: #1990302)

 -- Athos Ribeiro <email address hidden> Wed, 19 Oct 2022 11:58:09 -0300
Source diff to previous version
1990302 php://temp bug fixed in 8.1.6 is not backported to 8.1.2 release

Version: 8.1.2-1ubuntu2.8 2022-11-08 18:06:28 UTC

  php8.1 (8.1.2-1ubuntu2.8) jammy-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2022-31628-1.patch: adding a recursion limit
      in ext/phar/phar.c, ext/phar/tests/bug81726.phpt.
    - debian/source/include-binaries: add ext/phar/tests/bug81726.gz.
    - debian/patches/CVE-2022-31628-2.patch: avoid a second check in
      ext/phar/phar.c.
    - CVE-2022-31628
  * SECURITY UPDATE: Cookie injection
    - debian/patches/CVE-2022-31629.patch: don't mangle HTTP
      variable names that clash with ones that have a specific semantic
      meaning in ext/standard/test/bug81727.phpt,
      main/php_variables.c.
    - CVE-2022-31629
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2022-31630.patch: adds validation in
      imageloadfont() for OOB in ext/gd/gd.c, ext/gd/tests/bug81739.phpt.
    - CVE-2022-31630
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2022-37454.patch: fixes buffer overflow in
      hash_update() on long parameter in
      ext/hash/sha3/generic32lc/KeccakSponge.inc,
      ext/hash/sha3/generic64lc/KeccakSponge.inc.
    - CVE-2022-37454

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 02 Nov 2022 10:35:25 -0300
Source diff to previous version
CVE-2022-31628 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infini
CVE-2022-31629 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the
CVE-2022-37454 The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute

Version: 8.1.2-1ubuntu2.6 2022-10-25 10:07:19 UTC

  php8.1 (8.1.2-1ubuntu2.6) jammy; urgency=medium

  * d/rules: fix PHP_EXTRA_VERSION setting. (LP: #1989196)
  * Test PHP_EXTRA_VERSION setting with autopkgtest.

 -- Athos Ribeiro <email address hidden> Thu, 15 Sep 2022 08:30:49 -0300
Source diff to previous version
1989196 Fix PHP_EXTRA_VERSION setting

Version: 8.1.2-1ubuntu2.5 2022-09-22 11:07:27 UTC

  php8.1 (8.1.2-1ubuntu2.5) jammy; urgency=medium

  * d/p/0048-Clear-recorded-errors-before-executing-shutdown-func.patch:
    backport OPcache autoloading fix from 8.1.6. (LP: #1983205)

 -- <email address hidden> (Kraut.Hosting) Mon, 08 Aug 2022 09:28:23 +0200
Source diff to previous version
1983205 OPcache PHP autoloader crashes on PHP8 \u003c 8.1.6

Version: 8.1.2-1ubuntu2.4 2022-09-05 09:07:06 UTC

  php8.1 (8.1.2-1ubuntu2.4) jammy; urgency=medium

  * d/p/0047-Update-gcc-func-attr-macro.patch: fix detection of unknown gcc
    function attributes. (LP: #1882279)

 -- Athos Ribeiro <email address hidden> Wed, 17 Aug 2022 10:08:39 -0300
1882279 PHP built from source performs much better than the Ubuntu packaged version


About   -   Send Feedback to @ubuntu_updates