2010年8月 3日

[installer 2461] PHP 5.2.14

PHP 5.2.14 も出ていました。

http://www.php.net/archive/2010.php#id2010-07-22-1 より:
BEGIN-----------------------------------------------------
PHP 5.2.14 Released!
[22-Jul-2010]
The PHP development team would like to announce the immediate
availability of PHP 5.2.14. This release focuses on improving the

stability of the PHP 5.2.x branch with over 60 bug fixes, some of
which are security related.

This release marks the end of the active support for PHP
5.2. Following this release the PHP 5.2 series will receive no further
active bug maintenance. Security fixes for PHP 5.2 might be published
on a case by cases basis. All users of PHP 5.2 are encouraged to
upgrade to PHP 5.3.

Security Enhancements and Fixes in PHP 5.2.14:

* Rewrote var_export() to use smart_str rather than output buffering,
prevents data disclosure if a fatal error occurs.
* Fixed a possible interruption array leak in
strrchr().(CVE-2010-2484)
* Fixed a possible interruption array leak in strchr(), strstr(),
substr(), chunk_split(), strtok(), addcslashes(), str_repeat(),
trim().
* Fixed a possible memory corruption in substr_replace().
* Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
* Fixed a possible stack exaustion inside fnmatch().
* Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288).
* Fixed handling of session variable serialization on certain prefix
characters.
* Fixed a possible arbitrary memory access inside sqlite
extension. Reported by Mateusz Kocielski.

Key enhancements in PHP 5.2.14 include:

* Upgraded bundled PCRE to version 8.02.
* Updated timezone database to version 2010.5.
* Fixed bug #52238 (Crash when an Exception occured in
iterator_to_array).
* Fixed bug #52237 (Crash when passing the reference of the property
of a non-object).
* Fixed bug #52041 (Memory leak when writing on uninitialized variable
returned from function).
* Fixed bug #51822 (Segfault with strange __destruct() for static
class variables).
* Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or
memory issues).
* Fixed bug #49267 (Linking fails for iconv on MacOS: "Undefined
symbols: _libiconv").

To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended,
a migration guide available on http://php.net/migration53, details the
changes between PHP 5.2 and PHP 5.3.

For a full list of changes in PHP 5.2.14 see the ChangeLog at
http://www.php.net/ChangeLog-5.php#5.2.14.
END-------------------------------------------------------

☆ PHP 5.2.14
http://www.php.net/
http://www.php.net/downloads.php#v5
http://www.php.net/distributions/php-5.2.14.tar.gz
http://static.php.net/www.php.net/distributions/php-5.2.14.tar.gz

22 Jul 2010, PHP 5.2.14
- Reverted bug fix #49521 (PDO fetchObject sets values before calling
constructor). (Felipe)

- Updated timezone database to version 2010.5. (Derick)
- Upgraded bundled PCRE to version 8.02. (Ilia)

- Rewrote var_export() to use smart_str rather than output buffering, prevents
data disclosure if a fatal error occurs (CVE-2010-2531). (Scott)
- Fixed a possible interruption array leak in strrchr(). Reported by
P辿ter Veres. (CVE-2010-2484) (Felipe)
- Fixed a possible interruption array leak in strchr(), strstr(), substr(),
chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). (Felipe)
- Fixed a possible memory corruption in substr_replace() (Dmitry)
- Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas)
- Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan
Esser (Ilia)
- Reset error state in PDO::beginTransaction() reset error state. (Ilia)
- Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
- Fixed handling of session variable serialization on certain prefix
characters. Reported by Stefan Esser (Ilia)
- Fixed a possible arbitrary memory access inside sqlite extension. Reported
by Mateusz Kocielski. (Ilia)
- Fixed a crash when calling an inexistent method of a class that inherits
PDOStatement if instantiated directly instead of doing by the PDO methods.
(Felipe)

- Fixed bug #52317 (Segmentation fault when using mail() on a rhel 4.x (only 64
bit)). (Adam)
- Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
(Johannes)
- Fixed bug #52237 (Crash when passing the reference of the property of a
non-object). (Dmitry)
- Fixed bug #52163 (SplFileObject::fgetss() fails due to parameter that can't
be set). (Felipe)
- Fixed bug #52162 (custom request header variables with numbers are removed).
(Sriram Natarajan)
- Fixed bug #52160 (Invalid E_STRICT redefined constructor error). (Felipe)
- Fixed bug #52061 (memory_limit above 2G). (Felipe)
- Fixed bug #52041 (Memory leak when writing on uninitialized variable returned
from function). (Dmitry)
- Fixed bug #52037 (Concurrent builds fail in install-programs). (seanius at
debian dot org, Kalle)
- Fixed bug #52019 (make lcov doesn't support TESTS variable anymore). (Patrick)
- Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command).
(Ilia, Felipe)
- Fixed bug #51943 (AIX: Several files are out of ANSI spec). (Kalle,
coreystup at gmail dot com)
- Fixed bug #51911 (ReflectionParameter::getDefaultValue() memory leaks with
constant array). (Felipe)
- Fixed bug #51905 (ReflectionParameter fails if default value is an array
with an access to self::). (Felipe)
- Fixed bug #51822 (Segfault with strange __destruct() for static class
variables). (Dmitry)
- Fixed bug #51671 (imagefill does not work correctly for small images).
(Pierre)
- Fixed bug #51670 (getColumnMeta causes segfault when re-executing query
after calling nextRowset). (Pierrick)
- Fixed bug #51629 (CURLOPT_FOLLOWLOCATION error message is misleading).
(Pierre)
- Fixed bug #51617 (PDO PGSQL still broken against PostGreSQL < 7.4).
(Felipe, wdierkes at 5dollarwhitebox dot org)
- Fixed bug #51615 (PHP crash with wrong HTML in SimpleXML). (Felipe)
- Fixed bug #51609 (pg_copy_to: Invalid results when using fourth parameter).
(Felipe)
- Fixed bug #51608 (pg_copy_to: WARNING: nonstandard use of \\ in a string
literal). (cbandy at jbandy dot com)
- Fixed bug #51607 (pg_copy_from does not allow schema in the tablename
argument). (cbandy at jbandy dot com)
- Fixed bug #51604 (newline in end of header is shown in start of message).
(Daniel Egeberg)
- Fixed bug #51562 (query timeout in mssql can not be changed per query).
(ejsmont dot artur at gmail dot com)
- Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory
issues). (Dmitry)
- Fixed bug #51532 (Wrong prototype for SplFileObject::fscanf()). (Etienne)
- Fixed bug #51445 (var_dump() invalid/slow *RECURSION* detection). (Felipe)
- Fixed bug #51393 (DateTime::createFromFormat() fails if format string contains
timezone). (Adam)
- Fixed bug #51374 (Wrongly initialized object properties). (Etienne)
- Fixed bug #51338 (URL-Rewriter is still enabled if use_only_cookies is
on). (Ilia, j dot jeising at gmail dot com)
- Fixed bug #51273 (Faultstring property does not exist when the faultstring is
empty) (Ilia, dennis at transip dot nl)
- Fixed bug #51269 (zlib.output_compression Overwrites Vary Header). (Adam)
- Fixed bug #51263 (imagettftext and rotated text uses wrong baseline)
(cschneid at cschneid dot com, Takeshi Abe)
- Fixed bug #51237 (milter SAPI crash on startup). (igmar at palsenberg dot com)
- Fixed bug #51213 (pdo_mssql is trimming value of the money column). (Ilia,
alexr at oplot dot com)
- Fixed bug #51192 (FILTER_VALIDATE_URL will invalidate a hostname that
includes '-'). (Adam, solar at azrael dot ws).
- Fixed bug #51190 (ftp_put() returns false when transfer was successful).
(Ilia)
- Fixed bug #51183 (ext/date/php_date.c fails to compile with Sun Studio).
(Sriram Natarajan)
- Fixed bug #51171 (curl_setopt() doesn't output any errors or warnings when
an invalid option is provided). (Ilia)
- Fixed bug #51128 (imagefill() doesn't work with large images). (Pierre)
- Fixed bug #51086 (DBA DB4 doesn't work with Berkeley DB 4.8). (Chris Jones)
- Fixed bug #51062 (DBA DB4 uses mismatched headers and libraries). (Chris
Jones)
- Fixed bug #51023 (filter doesn't detect int overflows with GCC 4.4).
(Raphael Geissert)
- Fixed bug #50762 (in WSDL mode Soap Header handler function only being called
if defined in WSDL). (mephius at gmail dot com)
- Fixed bug #50698 (SoapClient should handle wsdls with some incompatiable
endpoints). (Justin Dearing)
- Fixed bug #50383 (Exceptions thrown in __call() / __callStatic() do not
include file and line in trace). (Felipe)
- Fixed bug #49730 (Firebird - new PDO() returns NULL). (Felipe)
- Fixed bug #49723 (LimitIterator with empty SeekableIterator). (Etienne)
- Fixed bug #49576 (FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus)
- Fixed bug #49320 (PDO returns null when SQLite connection fails). (Felipe)
- Fixed bug #49267 (Linking fails for iconv). (Moriyosh)
- Fixed bug #48601 (xpath() returns FALSE for legitimate query). (Rob)
- Fixed bug #48289 (iconv_mime_encode() quoted-printable scheme is broken).
(Adam, patch from hiroaki dot kawai at gmail dot com).
- Fixed bug #43314 (iconv_mime_encode(), broken Q scheme). (Rasmus)
- Fixed bug #33210 (getimagesize() fails to detect width/height on certain
JPEGs). (Ilia)
- Fixed bug #23229 (syslog() truncates messages). (Adam)

----
こがよういちろう


投稿者 xml-rpc : 2010年8月 3日 12:28
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/97429
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。