5.6.24php-5.6.24PHP-5.6.24

3 files changed, 43 insertions, 8 deletions

diff --git a/NEWS b/NEWS
index 6215ecc3e0..987102f11a 100644
--- a/NEWS
+++ b/NEWS
@@ -1,26 +1,49 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-07 Jul 2016, PHP 5.6.24RC1
+21 Jul 2016, PHP 5.6.24
 
 - Core:
-  . Fix bug #71936 (Segmentation fault destroying HTTP_RAW_POST_DATA).
+  . Fixed bug #71936 (Segmentation fault destroying HTTP_RAW_POST_DATA).
     (mike dot laspina at gmail dot com, Remi)
-  . Fix bug #72496 (Cannot declare public method with signature incompatible
+  . Fixed bug #72496 (Cannot declare public method with signature incompatible
     with parent private method). (Pedro Magalhães)
-  . Fix bug #72138 (Integer Overflow in Length of String-typed ZVAL). (Stas)
+  . Fixed bug #72138 (Integer Overflow in Length of String-typed ZVAL). (Stas)
+  . Fixed bug #72513 (Stack-based buffer overflow vulnerability in
+    virtual_file_ex). (loianhtuan at gmail dot com)
+  . Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session
+    Deserialization). (taoguangchen at icloud dot com)
+  . Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and
+    applications). (CVE-2016-5385) (Stas)
 
 - bz2:
-  . Fix bug #72447 (Type Confusion in php_bz2_filter_create()). (gogil at 
+  . Fixed bug #72447 (Type Confusion in php_bz2_filter_create()). (gogil at 
     stealien dot com).
+  . Fixed bug #72613 (Inadequate error handling in bzread()). (Stas)
 
 - EXIF:
   . Fixed bug #50845 (exif_read_data() returns corrupted exif headers).
     (Bartosz Dziewoński)
+- EXIF:
+  . Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
+    (Stas)
+  . Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).
+    (Stas)
 
 - GD:
   . Fixed bug #43475 (Thick styled lines have scrambled patterns). (cmb)
   . Fixed bug #53640 (XBM images require width to be multiple of 8). (cmb)
   . Fixed bug #64641 (imagefilledpolygon doesn't draw horizontal line). (cmb)
+  . Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read
+    access). (Pierre)
+  . Fixed bug #72519 (imagegif/output out-of-bounds access). (Pierre)
+  . Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).
+    (CVE-2016-6207) (Pierre)
+
+- Intl:
+  . Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (Stas)
+
+- ODBC:
+  . Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns)
 
 - OpenSSL:
   . Fixed bug #71915 (openssl_random_pseudo_bytes is not fork-safe).
@@ -28,6 +51,10 @@ PHP                                                                        NEWS
   . Fixed bug #72336 (openssl_pkey_new does not fail for invalid DSA params).
     (Jakub Zelenka)
 
+- SNMP:
+  . Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and
+    unserialize()). (taoguangchen at icloud dot com)
+
 - SPL:
   . Fixed bug #55701 (GlobIterator throws LogicException). (Valentin VĂLCIU)
 
@@ -39,6 +66,14 @@ PHP                                                                        NEWS
   . Fixed bug #72439 (Stream socket with remote address leads to a segmentation
     fault). (Laruence)
 
+- Xmlrpc:
+  . Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c).
+    (Stas)
+
+- Zip:
+  . Fixed bug #72520 (Stack-based buffer overflow vulnerability in
+    php_stream_zip_opener). (loianhtuan at gmail dot com)
+
 23 Jun 2016, PHP 5.6.23
 
 - Core:
diff --git a/configure.in b/configure.in
index d3b20561de..dc5333d3c9 100644
--- a/configure.in
+++ b/configure.in
@@ -120,7 +120,7 @@ int zend_sprintf(char *buffer, const char *format, ...);
 PHP_MAJOR_VERSION=5
 PHP_MINOR_VERSION=6
 PHP_RELEASE_VERSION=24
-PHP_EXTRA_VERSION="RC1"
+PHP_EXTRA_VERSION=""
 PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION"
 PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION`
 
diff --git a/main/php_version.h b/main/php_version.h
index 2f8f634feb..e2029cea2c 100644
--- a/main/php_version.h
+++ b/main/php_version.h
@@ -3,6 +3,6 @@
 #define PHP_MAJOR_VERSION 5
 #define PHP_MINOR_VERSION 6
 #define PHP_RELEASE_VERSION 24
-#define PHP_EXTRA_VERSION "RC1"
-#define PHP_VERSION "5.6.24RC1"
+#define PHP_EXTRA_VERSION ""
+#define PHP_VERSION "5.6.24"
 #define PHP_VERSION_ID 50624