2010年12月10日

[installer 2595] PHP 5.2.15, 5.3.4

PHP 5.2.15, 5.3.4 出ました。

いつものように複数のセキュリティホールの修正が含まれています。
5.2 系はこれで最後だそうです。

http://www.php.net/archive/2010.php#id2010-12-09-1 より:
BEGIN-----------------------------------------------------
PHP 5.2.15 Released!

[09-Dec-2010]
The PHP development team would like to announce the immediate
availability of PHP 5.2.15. This release marks the end of support for
PHP 5.2. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.

This release focuses on improving the security and stability of the
PHP 5.2.x branch with a small number, of predominatly security fixes.

Security Enhancements and Fixes in PHP 5.2.15:

* Fixed extract() to do not overwrite $GLOBALS and $this when using
EXTR_OVERWRITE.
* Fixed crash in zip extract method (possible CWE-170).
* Fixed a possible double free in imap extension.
* Fixed possible flaw in open_basedir (CVE-2010-3436).
* Fixed NULL pointer dereference in
ZipArchive::getArchiveComment. (CVE-2010-3709).
* Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL
with large amount of data).

Key enhancements in PHP 5.2.15 include:

* Fixed bug #47643 (array_diff() takes over 3000 times longer than php
5.2.4).
* Fixed bug #44248 (RFC2616 transgression while HTTPS request through
proxy with SoapClient object).

To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended,
a migration guide available on http://php.net/migration53, details the
changes between PHP 5.2 and PHP 5.3.

For a full list of changes in PHP 5.2.15 see the ChangeLog at
http://www.php.net/ChangeLog-5.php#5.2.15.
END-------------------------------------------------------

http://www.php.net/archive/2010.php#id2010-12-10-1 より:
BEGIN-----------------------------------------------------
PHP 5.3.4 Released!
[10-Dec-2010]
The PHP development team is proud to announce the immediate release of
PHP 5.3.4. This is a maintenance release in the 5.3 series, which
includes a large number of bug fixes.

Security Enhancements and Fixes in PHP 5.3.4:

* Fixed crash in zip extract method (possible CWE-170).
* Paths with NULL in them (foo\0bar.txt) are now considered as invalid
(CVE-2006-7243).
* Fixed a possible double free in imap extension (Identified by
Mateusz Kocielski). (CVE-2010-4150).
* Fixed NULL pointer dereference in
ZipArchive::getArchiveComment. (CVE-2010-3709).
* Fixed possible flaw in open_basedir (CVE-2010-3436).
* Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
* Fixed symbolic resolution support when the target is a DFS share.
* Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL
with large amount of data) (CVE-2010-3710).

Key Bug Fixes in PHP 5.3.4 include:

* Added stat support for zip stream.
* Added follow_location (enabled by default) option for the http
stream support.
* Added a 3rd parameter to get_html_translation_table. It now takes a
charset hint, like htmlentities et al.
* Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect
zend multibyte at runtime.
* Multiple improvements to the FPM SAPI.
* Over 100 other bug fixes.

For users upgrading from PHP 5.2 there is a migration guide available
here, detailing the changes between those releases and PHP 5.3.

For a full list of changes in PHP 5.3.4, see the ChangeLog. For source
downloads please visit our downloads page, Windows binaries can be
found on windows.php.net/download/.
END-------------------------------------------------------

☆ PHP 5.2.15
http://www.php.net/
http://www.php.net/downloads.php#v5
http://www.php.net/distributions/php-5.2.15.tar.gz
http://static.php.net/www.php.net/distributions/php-5.2.15.tar.gz

09 Dec 2010, PHP 5.2.15
- Fixed extract() to do not overwrite $GLOBALS and $this when using
EXTR_OVERWRITE. (jorto at redhat dot com)
- Fixed crash in zip extract method (possible CWE-170).
(Maksymilian Arciemowicz, Pierre)
- Fixed a possible double free in imap extension (Identified by Mateusz
Kocielski). (CVE-2010-4150). (Ilia)
- Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
- Fixed possible crash in mssql_fetch_batch(). (Kalle)
- Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
(CVE-2010-3709). (Maksymilian Arciemowicz)

- Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). (Pierre)
- Fixed bug #53323 (pdo_firebird getAttribute() crash).
(preeves at ibphoenix dot com)
- Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
large amount of data). (CVE-2010-3709). (Adam)
- Fixed bug #52879 (Objects unreferenced in __get, __set, __isset or __unset
can be freed too early). (mail_ben_schmidt at yahoo dot com dot au, Dmitry)
- Fixed bug #52772 (var_dump() doesn't check for the existence of
get_class_name before calling it). (Kalle, Gustavo)
- Fixed bug #52546 (pdo_dblib segmentation fault when iterating MONEY values).
(Felipe, Adam)
- Fixed bug #52436 (Compile error if systems do not have stdint.h)
(Sriram Natarajan)
- Fixed bug #52390 (mysqli_report() should be per-request setting). (Kalle)
- Fixed bug #51008 (Zend/tests/bug45877.phpt fails). (Dmitry)
- Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4).
(Felipe)
- Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy
with SoapClient object). (Dmitry)


☆ PHP 5.3.4
http://www.php.net/
http://www.php.net/downloads.php#v5
http://www.php.net/distributions/php-5.3.4.tar.gz
http://static.php.net/www.php.net/distributions/php-5.3.4.tar.gz

09 Dec 2010, PHP 5.3.4
- Upgraded bundled Sqlite3 to version 3.7.3. (Ilia)
- Upgraded bundled PCRE to version 8.10. (Ilia)

- Security enhancements:
. Fixed crash in zip extract method (possible CWE-170).
(Maksymilian Arciemowicz, Pierre)
. Paths with NULL in them (foo\0bar.txt) are now considered as invalid. (Rasmus)
. Fixed a possible double free in imap extension (Identified by Mateusz
Kocielski). (CVE-2010-4150). (Ilia)
. Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
(CVE-2010-3709). (Maksymilian Arciemowicz)
. Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
. Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). (Pierre)
. Fixed symbolic resolution support when the target is a DFS share. (Pierre)
. Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
large amount of data) (CVE-2010-3710). (Adam)

- General improvements:
. Added stat support for zip stream. (Pierre)
. Added follow_location (enabled by default) option for the http stream
support. (Pierre)
. Improved support for is_link and related functions on Windows. (Pierre)
. Added a 3rd parameter to get_html_translation_table. It now takes a charset
hint, like htmlentities et al. (Gustavo)

- Implemented feature requests:
. Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect
zend multibyte at runtime. (Kalle)
. Implemented FR #52173, added functions pcntl_get_last_error() and
pcntl_strerror(). (nick dot telford at gmail dot com, Arnaud)
. Implemented symbolic links support for open_basedir checks. (Pierre)
. Implemented FR #51804, SplFileInfo::getLinkTarget on Windows. (Pierre)
. Implemented FR #50692, not uploaded files don't count towards
max_file_uploads limit. As a side improvement, temporary files are not opened
for empty uploads and, in debug mode, 0-length uploads. (Gustavo)

- Improved MySQLnd:
. Added new character sets to mysqlnd, which are available in MySQL 5.5
(Andrey)

- Improved PHP-FPM SAPI:
. Added '-p/--prefix' to php-fpm to use a custom prefix and run multiple
instances. (fat)
. Added custom process title for FPM. (fat)
. Added '-t/--test' to php-fpm to check and validate FPM conf file. (fat)
. Added statistics about listening socket queue length for FPM.
(andrei dot nigmatulin at gmail dot com, fat)

- Core:
. Fixed extract() to do not overwrite $GLOBALS and $this when using
EXTR_OVERWRITE. (jorto at redhat dot com)
. Fixed bug in the Windows implementation of dns_get_record, where the two
last parameters wouldn't be filled unless the type were DNS_ANY (Gustavo).
. Changed the $context parameter on copy() to actually have an effect. (Kalle)
. Fixed htmlentities/htmlspecialchars accepting certain ill-formed UTF-8
sequences. (Gustavo)
. Fixed bug #53409 (sleep() returns NULL on Windows). (Pierre)
. Fixed bug #53319 (strip_tags() may strip '<br />' incorrectly). (Felipe)
. Fixed bug #53304 (quot_print_decode does not handle lower-case hex digits).
(Ilia, daniel dot mueller at inexio dot net)
. Fixed bug #53248 (rawurlencode RFC 3986 EBCDIC support misses tilde char).
(Justin Martin)
. Fixed bug #53226 (file_exists fails on big filenames). (Adam)
. Fixed bug #53198 (changing INI setting "from" with ini_set did not have any
effect). (Gustavo)
. Fixed bug #53180 (post_max_size=0 not disabling the limit when the content
type is application/x-www-form-urlencoded or is not registered with PHP).
(gm at tlink dot de, Gustavo)
. Fixed bug #53141 (autoload misbehaves if called from closing session).
(ladislav at marek dot su)
. Fixed bug #53021 (In html_entity_decode, failure to convert numeric entities
with ENT_NOQUOTES and ISO-8859-1). Fixed and extended the fix of ENT_NOQUOTES
in html_entity_decode that had introduced the bug (rev #185591) to other
encodings. Additionaly, html_entity_decode() now doesn't decode " if
ENT_NOQUOTES is given. (Gustavo)
. Fixed bug #52931 (strripos not overloaded with function overloading enabled).
(Felipe)
. Fixed bug #52772 (var_dump() doesn't check for the existence of
get_class_name before calling it). (Kalle, Gustavo)
. Fixed bug #52534 (var_export array with negative key). (Felipe)
. Fixed bug #52327 (base64_decode() improper handling of leading padding in
strict mode). (Ilia)
. Fixed bug #52260 (dns_get_record fails with non-existing domain on Windows).
(a_jelly_doughnut at phpbb dot com, Pierre)
. Fixed bug #50953 (socket will not connect to IPv4 address when the host has
both IPv4 and IPv6 addresses, on Windows). (Gustavo, Pierre)
. Fixed bug #50524 (proc_open on Windows does not respect cwd as it does on
other platforms). (Pierre)
. Fixed bug #49687 (utf8_decode vulnerabilities and deficiencies in the number
of reported malformed sequences). (CVE-2010-3870) (Gustavo)
. Fixed bug #49407 (get_html_translation_table doesn't handle UTF-8). (Gustavo)
. Fixed bug #48831 (php -i has different output to php --ini). (Richard,
Pierre)
. Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4).
(Felipe)
. Fixed bug #47168 (printf of floating point variable prints maximum of 40
decimal places). (Ilia)
. Fixed bug #46587 (mt_rand() does not check that max is greater than min).
(Ilia)
. Fixed bug #29085 (bad default include_path on Windows). (Pierre)
. Fixed bug #25927 (get_html_translation_table calls the ' ' instead of
'). (Gustavo)

- Zend engine:
. Reverted fix for bug #51176 (Static calling in non-static method behaves
like $this->). (Felipe)
. Changed deprecated ini options on startup from E_WARNING to E_DEPRECATED.
(Kalle)
. Fixed NULL dereference in lex_scan on zend multibyte builds where the script
had a flex incompatible encoding and there was no converter. (Gustavo)
. Fixed covariance of return-by-ref constraints. (Etienne)
. Fixed bug #53305 (E_NOTICE when defining a constant starts with
__COMPILER_HALT_OFFSET__). (Felipe)
. Fixed bug #52939 (zend_call_function does not respect ZEND_SEND_PREFER_REF).
(Dmitry)
. Fixed bug #52879 (Objects unreferenced in __get, __set, __isset or __unset
can be freed too early). (mail_ben_schmidt at yahoo dot com dot au, Dmitry)
. Fixed bug #52786 (PHP should reset section to [PHP] after ini sections).
(Fedora at famillecollet dot com)
. Fixed bug #52508 (newline problem with parse_ini_file+INI_SCANNER_RAW).
(Felipe)
. Fixed bug #52484 (__set() ignores setting properties with empty names).
(Felipe)
. Fixed bug #52361 (Throwing an exception in a destructor causes invalid
catching). (Dmitry)
. Fixed bug #51008 (Zend/tests/bug45877.phpt fails). (Dmitry)

- Build issues:
. Fixed bug #52436 (Compile error if systems do not have stdint.h)
(Sriram Natarajan)
. Fixed bug #50345 (nanosleep not detected properly on some solaris versions).
(Ulf, Tony)
. Fixed bug #49215 (make fails on glob_wrapper). (Felipe)

- Calendar extension:
. Fixed bug #52744 (cal_days_in_month incorrect for December 1 BCE).
(gpap at internet dot gr, Adam)

- cURL extension:
. Fixed bug #52828 (curl_setopt does not accept persistent streams).
(Gustavo, Ilia)
. Fixed bug #52827 (cURL leaks handle and causes assertion error
(CURLOPT_STDERR)). (Gustavo)
. Fixed bug #52202 (CURLOPT_PRIVATE gets corrupted). (Ilia)
. Fixed bug #50410 (curl extension slows down PHP on Windows). (Pierre)

- DateTime extension:
. Fixed bug #53297 (gettimeofday implementation in php/win32/time.c can return
1 million microsecs). (ped at 7gods dot org)
. Fixed bug #52668 (Iterating over a dateperiod twice is broken). (Derick)
. Fixed bug #52454 (Relative dates and getTimestamp increments by one day).
(Derick)
. Fixed bug #52430 (date_parse parse 24:xx:xx as valid time). (Derick)
. Added support for the ( and ) delimiters/separators to
DateTime::createFromFormat(). (Derick)

- DBA extension:
. Added Berkeley DB 5.1 support to the DBA extension. (Oracle Corp.)

- DOM extension:
. Fixed bug #52656 (DOMCdataSection does not work with splitText). (Ilia)

- Filter extension:
. Fixed the filter extension accepting IPv4 octets with a leading 0 as that
belongs to the unsupported "dotted octal" representation. (Gustavo)
. Fixed bug #53236 (problems in the validation of IPv6 addresses with leading
and trailing :: in the filter extension). (Gustavo)
. Fixed bug #50117 (problems in the validation of IPv6 addresses with IPv4
addresses and ::). (Gustavo)

- GD extension:
. Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). (Pierre)

- GMP extension:
. Fixed bug #52906 (gmp_mod returns negative result when non-negative is
expected). (Stas)
. Fixed bug #52849 (GNU MP invalid version match). (Adam)

- Hash extension:
. Fixed bug #51003 (unaligned memory access in ext/hash/hash_tiger.c).
(Mike, Ilia)

- Iconv extension:
. Fixed bug #52941 (The 'iconv_mime_decode_headers' function is skipping
headers). (Adam)
. Fixed bug #52599 (iconv output handler outputs incorrect content type
when flags are used). (Ilia)
. Fixed bug #51250 (iconv_mime_decode() does not ignore malformed Q-encoded
words). (Ilia)

- Intl extension:
. Fixed crashes on invalid parameters in intl extension. (CVE-2010-4409). (Stas, Maksymilian
Arciemowicz)
. Added support for formatting the timestamp stored in a DateTime object.
(Stas)
. Fixed bug #50590 (IntlDateFormatter::parse result is limited to the integer
range). (Stas)

- Mbstring extension:
. Fixed bug #53273 (mb_strcut() returns garbage with the excessive length
parameter). (CVE-2010-4156) (Mateusz Kocielski, Pierre, Moriyoshi)
. Fixed bug #52981 (Unicode casing table was out-of-date. Updated with
UnicodeData-6.0.0d7.txt and included the source of the generator program with
the distribution) (Gustavo).
. Fixed bug #52681 (mb_send_mail() appends an extra MIME-Version header).
(Adam)

- MSSQL extension:
. Fixed possible crash in mssql_fetch_batch(). (Kalle)
. Fixed bug #52843 (Segfault when optional parameters are not passed in to
mssql_connect). (Felipe)

- MySQL extension:
. Fixed bug #52636 (php_mysql_fetch_hash writes long value into int).
(Kalle, rein at basefarm dot no)

- MySQLi extension:
. Fixed bug #52891 (Wrong data inserted with mysqli/mysqlnd when using
mysqli_stmt_bind_param and value> PHP_INT_MAX). (Andrey)
. Fixed bug #52686 (mysql_stmt_attr_[gs]et argument points to incorrect type).
(rein at basefarm dot no)
. Fixed bug #52654 (mysqli doesn't install headers with structures it uses).
(Andrey)
. Fixed bug #52433 (Call to undefined method mysqli::poll() - must be static).
(Andrey)
. Fixed bug #52417 (MySQLi build failure with mysqlnd on MacOS X). (Andrey)
. Fixed bug #52413 (MySQLi/libmysql build failure on OS X, FreeBSD). (Andrey)
. Fixed bug #52390 (mysqli_report() should be per-request setting). (Kalle)
. Fixed bug #52302 (mysqli_fetch_all does not work with MYSQLI_USE_RESULT).
(Andrey)
. Fixed bug #52221 (Misbehaviour of magic_quotes_runtime (get/set)). (Andrey)
. Fixed bug #45921 (Can't initialize character set hebrew). (Andrey)

- MySQLnd:
. Fixed bug #52613 (crash in mysqlnd after hitting memory limit). (Andrey)

- ODBC extension:
- Fixed bug #52512 (Broken error handling in odbc_execute).
(mkoegler at auto dot tuwien dot ac dot at)

- Openssl extension:
. Fixed possible blocking behavior in openssl_random_pseudo_bytes on Windows.
(Pierre)
. Fixed bug #53136 (Invalid read on openssl_csr_new()). (Felipe)
. Fixed bug #52947 (segfault when ssl stream option capture_peer_cert_chain
used). (Felipe)

- Oracle Database extension (OCI8):
. Fixed bug #53284 (Valgrind warnings in oci_set_* functions) (Oracle Corp.)
. Fixed bug #51610 (Using oci_connect causes PHP to take a long time to
exit). Requires Oracle 11.2.0.2 client libraries (or Oracle bug fix
9891199) for this patch to have an effect. (Oracle Corp.)

- PCNTL extension:
. Fixed bug #52784 (Race condition when handling many concurrent signals).
(nick dot telford at gmail dot com, Arnaud)

- PCRE extension:
. Fixed bug #52971 (PCRE-Meta-Characters not working with utf-8). (Felipe)
. Fixed bug #52732 (Docs say preg_match() returns FALSE on error, but it
returns int(0)). (slugonamission at gmail dot com)

- PHAR extension:
. Fixed bug #50987 (unaligned memory access in phar.c).
(geissert at debian dot org, Ilia)

- PHP-FPM SAPI:
. Fixed bug #53412 (segfault when using -y). (fat)
. Fixed inconsistent backlog default value (-1) in FPM on many systems. (fat)
. Fixed bug #52501 (libevent made FPM crashed when forking -- libevent has
been removed). (fat)
. Fixed bug #52725 (gcc builtin atomic functions were sometimes used when they
were not available). (fat)
. Fixed bug #52693 (configuration file errors are not logged to stderr). (fat)
. Fixed bug #52674 (FPM Status page returns inconsistent Content-Type headers).
(fat)
. Fixed bug #52498 (libevent was not only linked to php-fpm). (fat)

- PDO:
. Fixed bug #52699 (PDO bindValue writes long int 32bit enum).
(rein at basefarm dot no)
. Fixed bug #52487 (PDO::FETCH_INTO leaks memory). (Felipe)

- PDO DBLib driver:
. Fixed bug #52546 (pdo_dblib segmentation fault when iterating MONEY values).
(Felipe)

- PDO Firebird driver:
. Restored firebird support (VC9 builds only). (Pierre)
. Fixed bug #53335 (pdo_firebird did not implement rowCount()).
(preeves at ibphoenix dot com)
. Fixed bug #53323 (pdo_firebird getAttribute() crash).
(preeves at ibphoenix dot com)

- PDO MySQL driver:
. Fixed bug #52745 (Binding params doesn't work when selecting a date inside a
CASE-WHEN). (Andrey)

- PostgreSQL extension:
. Fixed bug #47199 (pg_delete() fails on NULL). (ewgraf at gmail dot com)

- Reflection extension:
. Fixed ReflectionProperty::isDefault() giving a wrong result for properties
obtained with ReflectionClass::getProperties(). (Gustavo)
- Reflection extension:
. Fixed bug #53366 (Reflection doesnt get dynamic property value from
getProperty()). (Felipe)
. Fixed bug #52854 (ReflectionClass::newInstanceArgs does not work for classes
without constructors). (Johannes)

- SOAP extension:
. Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy
with SoapClient object). (Dmitry)

- SPL extension:
. Fixed bug #53362 (Segmentation fault when extending SplFixedArray). (Felipe)
. Fixed bug #53279 (SplFileObject doesn't initialise default CSV escape
character). (Adam)
. Fixed bug #53144 (Segfault in SplObjectStorage::removeAll()). (Felipe)
. Fixed bug #53071 (SPLObjectStorage defeats gc_collect_cycles). (Gustavo)
. Fixed bug #52573 (SplFileObject::fscanf Segmentation fault). (Felipe)
. Fixed bug #51763 (SplFileInfo::getType() does not work symbolic link
and directory). (Pierre)
. Fixed bug #50481 (Storing many SPLFixedArray in an array crashes). (Felipe)
. Fixed bug #50579 (RegexIterator::REPLACE doesn't work). (Felipe)

- SQLite3 extension:
. Fixed bug #53463 (sqlite3 columnName() segfaults on bad column_number).
(Felipe)

- Streams:
. Fixed forward stream seeking emulation in streams that don't support seeking
in situations where the read operation gives back less data than requested
and when there was data in the buffer before the emulation started. Also made
more consistent its behavior -- should return failure every time less data
than was requested was skipped. (Gustavo)
. Fixed bug #53241 (stream casting that relies on fdopen/fopencookie fails
with streams opened with, inter alia, the 'xb' mode). (Gustavo)
. Fixed bug #53006 (stream_get_contents has an unpredictable behavior when the
underlying stream does not support seeking). (Gustavo)
. Fixed bug #52944 (Invalid write on second and subsequent reads with an
inflate filter fed invalid data). (Gustavo)
. Fixed bug #52820 (writes to fopencookie FILE* not commited when seeking the
stream). (Gustavo)

- WDDX extension:
. Fixed bug #52468 (wddx_deserialize corrupts integer field value when left
empty). (Felipe)

- Zlib extension:
. Fixed bug #52926 (zlib fopen wrapper does not use context). (Gustavo)

----
こがよういちろう


投稿者 xml-rpc : 2010年12月10日 19:46
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/100616
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。