2009年3月 2日

[installer 1846] PHP 5.2.9

PHP 5.2.9 出ています。

今回も複数のセキュリティホールの修正が含まれています。
CVE 番号が載っているものは CVE-2008-5498 ですが、他にもありそうです。

☆ PHP 5.2.9
http://www.php.net/
http://www.php.net/downloads.php#v5

http://www.php.net/distributions/php-5.2.9.tar.gz
http://static.php.net/www.php.net/distributions/php-5.2.9.tar.gz

26 Feb 2009, PHP 5.2.9
- Changed __call() to be invoked on private/protected method access, similar to
properties and __get(). (Andrei)

- Added optional sorting type flag parameter to array_unique(). Default is
SORT_REGULAR. (Andrei)

- Fixed a crash on extract in zip when files or directories entry names contain
a relative path. (Pierre)
- Fixed error conditions handling in stream_filter_append(). (Arnaud)
- Fixed zip filename property read. (Pierre)
- Fixed explode() behavior with empty string to respect negative limit. (Shire)
- Fixed security issue in imagerotate(), background colour isn't validated
correctly with a non truecolour image. Reported by Hamid Ebadi,
APA Laboratory (Fixes CVE-2008-5498). (Scott)
- Fixed a segfault when malformed string is passed to json_decode(). (Scott)
- Fixed bug in xml_error_string() which resulted in messages being
off by one. (Scott)

- Fixed bug #47422 (modulus operator returns incorrect results on 64 bit
linux). (Matt)
- Fixed bug #47399 (mb_check_encoding() returns true for some illegal SJIS
characters). (for-bugs at hnw dot jp, Moriyoshi)
- Fixed bug #47353 (crash when creating a lot of objects in object
destructor). (Tony)
- Fixed bug #47322 (sscanf %d doesn't work). (Felipe)
- Fixed bug #47282 (FILTER_VALIDATE_EMAIL is marking valid email addresses
as invalid). (Ilia)
- Fixed bug #47220 (segfault in dom_document_parser in recovery mode). (Rob)
- Fixed bug #47217 (content-type is not set properly for file uploads). (Ilia)
- Fixed bug #47174 (base64_decode() interprets pad char in mid string as
terminator). (Ilia)
- Fixed bug #47165 (Possible memory corruption when passing return value by
reference). (Dmitry)
- Fixed bug #47152 (gzseek/fseek using SEEK_END produces strange results).
(Felipe)
- Fixed bug #47131 (SOAP Extension ignores "user_agent" ini setting). (Ilia)
- Fixed bug #47109 (Memory leak on $a->{"a"."b"} when $a is not an object).
(Etienne, Dmitry)
- Fixed bug #47104 (Linking shared extensions fails with icc). (Jani)
- Fixed bug #47049 (SoapClient::__soapCall causes a segmentation fault).
(Dmitry)
- Fixed bug #47048 (Segfault with new pg_meta_data). (Felipe)
- Fixed bug #47042 (PHP cgi sapi is removing SCRIPT_FILENAME for non
apache). (Sriram Natarajan)
- Fixed bug #47037 (No error when using fopen with empty string). (Cristian
Rodriguez R., Felipe)
- Fixed bug #47035 (dns_get_record returns a garbage byte at the end of a
TXT record). (Felipe)
- Fixed bug #47027 (var_export doesn't show numeric indices on ArrayObject).
(Derick)
- Fixed bug #46985 (OVERWRITE and binary mode does not work, regression
introduced in 5.2.8). (Pierre)
- Fixed bug #46973 (IPv6 address filter rejects valid address). (Felipe)
- Fixed bug #46964 (Fixed pdo_mysql build with older version of MySQL). (Ilia)
- Fixed bug #46959 (Unable to disable PCRE). (Scott)
- Fixed bug #46918 (imap_rfc822_parse_adrlist host part not filled in
correctly). (Felipe)
- Fixed bug #46889 (Memory leak in strtotime()). (Derick)
- Fixed bug #46887 (Invalid calls to php_error_docref()). (oeriksson at
mandriva dot com, Ilia)
- Fixed bug #46873 (extract($foo) crashes if $foo['foo'] exists). (Arnaud)
- Fixed bug #46843 (CP936 euro symbol is not converted properly). (ty_c at
cybozuy dot co dot jp, Moriyoshi)
- Fixed bug #46798 (Crash in mssql extension when retrieving a NULL value
inside a binary or image column type). (Ilia)
- Fixed bug #46782 (fastcgi.c parse error). (Matt)
- Fixed bug #46760 (SoapClient doRequest fails when proxy is used). (Felipe)
- Fixed bug #46748 (Segfault when an SSL error has more than one error).
(Scott)
- Fixed bug #46739 (array returned by curl_getinfo should contain
content_type key). (Mikko)
- Fixed bug #46699 (xml_parse crash when parser is namespace aware). (Rob)
- Fixed bug #46419 (Elements of associative arrays with NULL value are
lost). (Dmitry)
- Fixed bug #46282 (Corrupt DBF When Using DATE). (arne at bukkie dot nl)
- Fixed bug #46026 (bz2.decompress/zlib.inflate filter tries to decompress
after end of stream). (Greg)
- Fixed bug #46005 (User not consistently logged under Apache2). (admorten
at umich dot edu, Stas)
- Fixed bug #45996 (libxml2 2.7 causes breakage with character data in
xml_parse()). (Rob)
- Fixed bug #45940 (MySQLI OO does not populate connect_error property on
failed connect). (Johannes)
- Fixed bug #45923 (mb_st[r]ripos() offset not handled correctly). (Moriyoshi)
- Fixed bug #45327 (memory leak if offsetGet throws exception). (Greg)
- Fixed bug #45239 (Encoding detector hangs with mbstring.strict_detection
enabled). (Moriyoshi)
- Fixed bug #45161 (Reusing a curl handle leaks memory). (Mark Karpeles, Jani)
- Fixed bug #44336 (Improve pcre UTF-8 string matching performance). (frode
at coretrek dot com, Nuno)
- Fixed bug #43841 (mb_strrpos() offset is byte count for negative values).
(Moriyoshi)
- Fixed bug #37209 (mssql_execute with non fatal errors). (Kalle)
- Fixed bug #35975 (Session cookie expires date format isn't the most
compatible. Now matches that of setcookie()). (Scott)


08 Dec 2008, PHP 5.2.8
- Reverted bug fix #42718 that broke magic_quotes_gpc (Scott)

----
こがよういちろう


投稿者 xml-rpc : 2009年3月 2日 13:22
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/82701
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。