2010年2月27日

[installer 2260] PHP 5.2.13

PHP 5.2.13 出ています。

http://www.php.net/archive/2010.php#id2010-02-25-1 によると:

PHP 5.2.13 Released!
[25-Feb-2010]
The PHP development team would like to announce the immediate
availability of PHP 5.2.13. This release focuses on improving the

stability of the PHP 5.2.x branch with over 40 bug fixes, some of
which are security related. All users of PHP 5.2 are encouraged to
upgrade to this release.

Security Enhancements and Fixes in PHP 5.2.13:

o Fixed safe_mode validation inside tempnam() when the directory path
does not end with a /). (Martin Jansen)
o Fixed a possible open_basedir/safe_mode bypass in session extension
identified by Grzegorz Stachowiak. (Ilia)
o Improved LCG entropy. (Rasmus, Samy Kamkar)

ということで、複数のセキュリティホールの修正が含まれています。

☆ PHP 5.2.13
http://www.php.net/
http://www.php.net/downloads.php#v5
http://www.php.net/distributions/php-5.2.13.tar.gz
http://static.php.net/www.php.net/distributions/php-5.2.12.tar.gz

25 Feb 2010, PHP 5.2.13
- Updated timezone database to version 2010.2. (Derick)
- Upgraded bundled PCRE to version 7.9. (Ilia)

- Removed automatic file descriptor unlocking happening on shutdown and/or
stream close (on all OSes excluding Windows). (Tony, Ilia)

- Changed tidyNode class to disallow manual node creation. (Pierrick)

- Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL.
(Ilia)

- Improved LCG entropy. (Rasmus, Samy Kamkar)

- Fixed safe_mode validation inside tempnam() when the directory path does
not end with a /). (Martin Jansen)
- Fixed a possible open_basedir/safe_mode bypass in session extension
identified by Grzegorz Stachowiak. (Ilia)
- Fixed bug in bundled libgd causing spurious horizontal lines drawn by
gdImageFilledPolygon (libgd #100). (Takeshi Abe)
- Fixed build of mysqli with MySQL 5.5.0-m2. (Andrey)

- Fixed bug #50940 Custom content-length set incorrectly in Apache sapis.
(Brian France, Rasmus)
- Fixed bug #50930 (Wrong date by php_date.c patch with ancient gcc/glibc
versions). (Derick)
- Fixed bug #50859 (build fails with openssl 1.0 due to md2 deprecation).
(Ilia, hanno at hboeck dot de)
- Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes
long). (Ilia)
- Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP
authentication). (Jani)
- Fixed bug #50823 (ReflectionFunction::isDeprecated producing "cannot be called
statically" error). (Jani, Felipe)
- Fixed bug #50791 (Compile failure: Bad logic in defining fopencookie
emulation). (Jani)
- Fixed bug #50787 (stream_set_write_buffer() has no effect on socket
streams). (vnegrier at optilian dot com, Ilia)
- Fixed bug #50772 (mysqli constructor without parameters does not return a
working mysqli object). (Andrey)
- Fixed bug #50761 (system.multiCall crashes in xmlrpc extension). (hiroaki
dot kawai at gmail dot com, Ilia)
- Fixed bug #50732 (exec() adds single byte twice to $output array). (Ilia)
- Fixed bug #50728 (All PDOExceptions hardcode 'code' property to 0). (Joey,
Ilia)
- Fixed bug #50727 (Accessing mysqli->affected_rows on no connection causes
segfault). (Andrey, Johannes)
- Fixed bug #50680 (strtotime() does not support eighth ordinal number).
(Ilia)
- Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16). (Rob)
- Fixed bug #50657 (copy() with an empty (zero-byte) HTTP source succeeds but
returns false). (Ilia)
- Fixed bug #50636 (MySQLi_Result sets values before calling constructor).
(Pierrick)
- Fixed bug #50632 (filter_input() does not return default value if the
variable does not exist). (Ilia)
- Fixed bug #50576 (XML_OPTION_SKIP_TAGSTART option has no effect). (Pierrick)
- Fixed bug #50575 (PDO_PGSQL LOBs are not compatible with PostgreSQL 8.5).
(Matteo)
- Fixed bug #50558 (Broken object model when extending tidy). (Pierrick)
- Fixed bug #50540 (Crash while running ldap_next_reference test cases).
(Sriram)
- Fixed bug #50508 (compile failure: Conflicting HEADER type declarations).
(Jani)
- Fixed bug #50394 (Reference argument converted to value in __call). (Stas)
- Fixed bug #49851 (http wrapper breaks on 1024 char long headers). (Ilia)
- Fixed bug #49600 (imageTTFText text shifted right). (Takeshi Abe)
- Fixed bug #49585 (date_format buffer not long enough for >4 digit years).
(Derick, Adam)
- Fixed bug #49463 (setAttributeNS fails setting default namespace). (Rob)
- Fixed bug #48667 (Implementing Iterator and IteratorAggregate). (Etienne)
- Fixed bug #48590 (SoapClient does not honor max_redirects). (Sriram)
- Fixed bug #48190 (Content-type parameter "boundary" is not case-insensitive
in HTTP uploads). (Ilia)
- Fixed bug #47601 (defined() requires class to exist when testing for class
constants). (Ilia)
- Fixed bug #47409 (extract() problem with array containing word "this").
(Ilia, chrisstocktonaz at gmail dot com)
- Fixed bug #47002 (Field truncation when reading from dbase dbs with more
then 1024 fields). (Ilia, sjoerd-php at linuxonly dot nl)
- Fixed bug #45599 (strip_tags() truncates rest of string with invalid
attribute). (Ilia, hradtke)
- Fixed bug #44827 (define() allows :: in constant names). (Ilia)

----
こがよういちろう


投稿者 xml-rpc : 2010年2月27日 10:33
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/93695
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。