2011年8月19日

[installer 2916] PHP 5.3.7

PHP 5.3.7 出ています。

いつものように複数のセキュリティホールの修正が含まれています。

http://www.php.net/archive/2011.php#id2011-08-18-1 より:
BEGIN-----------------------------------------------------
PHP 5.3.7 Released!
[18-Aug-2011]

The PHP development team would like to announce the immediate
availability of PHP 5.3.7. This release focuses on improving the
stability of the PHP 5.3.x branch with over 90 bug fixes, some of
which are security related.

Security Enhancements and Fixes in PHP 5.3.7:

* Updated crypt_blowfish to 1.2. (CVE-2011-2483)
* Fixed crash in error_log(). Reported by Mateusz Kocielski
* Fixed buffer overflow on overlog salt in crypt().
* Fixed bug #54939 (File path injection vulnerability in RFC1867 File
upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)
* Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
* Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)

Key enhancements in PHP 5.3.7 include:

* Upgraded bundled Sqlite3 to version 3.7.7.1
* Upgraded bundled PCRE to version 8.12
* Fixed bug #54910 (Crash when calling call_user_func with unknown
function name)
* Fixed bug #54585 (track_errors causes segfault)
* Fixed bug #54262 (Crash when assigning value to a dimension in a non-array)
* Fixed a crash inside dtor for error handling
* Fixed bug #55339 (Segfault with allow_call_time_pass_reference = Off)
* Fixed bug #54935 php_win_err can lead to crash
* Fixed bug #54332 (Crash in zend_mm_check_ptr // Heap corruption)
* Fixed bug #54305 (Crash in gc_remove_zval_from_buffer)
* Fixed bug #54580 (get_browser() segmentation fault when browscap ini
directive is set through php_admin_value)
* Fixed bug #54529 (SAPI crashes on apache_config.c:197)
* Fixed bug #54283 (new DatePeriod(NULL) causes crash).
* Fixed bug #54269 (Short exception message buffer causes crash)
* Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries)
* Fixed bug #54395 (Phar::mount() crashes when calling with wrong parameters)
* Fixed bug #54384 (Dual iterators, GlobIterator, SplFileObject and
SplTempFileObject crash when user-space classes don't call the
parent constructor)
* Fixed bug #54292 (Wrong parameter causes crash in
SplFileObject::__construct())
* Fixed bug #54291 (Crash iterating DirectoryIterator for dir name
starting with \0)
* Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator)
* Fixed bug #54623 (Segfault when writing to a persistent socket after
closing a copy of the socket)
* Fixed bug #54681 (addGlob() crashes on invalid flags)
* Over 80 other bug fixes.

Windows users: please mind that we do no longer provide builds created
with Visual Studio C++ 6. It is impossible to maintain a high quality
and safe build of PHP for Windows using this unmaintained compiler.

For Apache SAPIs (php5_apache2_2.dll), be sure that you use a Visual
Studio C++ 9 version of Apache. We recommend the Apache builds as
provided by ApacheLounge. For any other SAPI (CLI, FastCGI via
mod_fcgi, FastCGI with IIS or other FastCGI capable server),
everything works as before. Third party extension providers must
rebuild their extensions to make them compatible and loadable with the
Visual Studio C++9 builds that we now provide.

All PHP users should note that the PHP 5.2 series is NOT supported
anymore. All users are strongly encouraged to upgrade to PHP 5.3.7.

For a full list of changes in PHP 5.3.7, see the ChangeLog. For source
downloads please visit our downloads page, Windows binaries can be
found on windows.php.net/download/.
END-------------------------------------------------------

☆ PHP 5.3.7
http://www.php.net/
http://www.php.net/downloads.php#v5
http://www.php.net/distributions/php-5.3.7.tar.gz
http://static.php.net/www.php.net/distributions/php-5.3.7.tar.gz

18 Aug 2011, PHP 5.3.7
- Upgraded bundled SQLite to version 3.7.7.1. (Scott)
- Upgraded bundled PCRE to version 8.12. (Scott)

- Zend Engine:
. Fixed bug #55156 (ReflectionClass::getDocComment() returns comment even
though the class has none). (Felipe)
. Fixed bug #55007 (compiler fail after previous fail). (Felipe)
. Fixed bug #54910 (Crash when calling call_user_func with unknown function
name). (Dmitry)
. Fixed bug #54804 (__halt_compiler and imported namespaces).
(Pierrick, Felipe)
. Fixed bug #54624 (class_alias and type hint). (Felipe)
. Fixed bug #54585 (track_errors causes segfault). (Dmitry)
. Fixed bug #54423 (classes from dl()'ed extensions are not destroyed).
(Tony, Dmitry)
. Fixed bug #54372 (Crash accessing global object itself returned from its
__get() handle). (Dmitry)
. Fixed bug #54367 (Use of closure causes problem in ArrayAccess). (Dmitry)
. Fixed bug #54358 (Closure, use and reference). (Dmitry)
. Fixed bug #54262 (Crash when assigning value to a dimension in a non-array).
(Dmitry)
. Fixed bug #54039 (use() of static variables in lambda functions can break
staticness). (Dmitry)

- Core
. Updated crypt_blowfish to 1.2. ((CVE-2011-2483) (Solar Designer)
. Removed warning when argument of is_a() or is_subclass_of() is not
a known class. (Stas)
. Fixed crash in error_log(). (Felipe) Reported by Mateusz Kocielski.
. Added PHP_MANDIR constant telling where the manpages were installed into,
and an --man-dir argument to php-config. (Hannes)
. Fixed a crash inside dtor for error handling. (Ilia)
. Fixed buffer overflow on overlog salt in crypt(). (Cl辿ment LECIGNE, Stas)
. Implemented FR #54459 (Range function accuracy). (Adam)

. Fixed bug #55399 (parse_url() incorrectly treats ':' as a valid path).
(Ilia)
. Fixed bug #55339 (Segfault with allow_call_time_pass_reference = Off).
(Dmitry)
. Fixed bug #55295 [NEW]: popen_ex on windows, fixed possible heap overflow
(Pierre)
. Fixed bug #55258 (Windows Version Detecting Error).
( xiaomao5 at live dot com, Pierre)
. Fixed bug #55187 (readlink returns weird characters when false result).
(Pierre)
. Fixed bug #55082 (var_export() doesn't escape properties properly).
(Gustavo)
. Fixed bug #55014 (Compile failure due to improper use of ctime_r()). (Ilia)
. Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload
filename). (Felipe) Reported by Krzysztof Kotowicz. (CVE-2011-2202)
. Fixed bug #54935 php_win_err can lead to crash. (Pierre)
. Fixed bug #54924 (assert.* is not being reset upon request shutdown). (Ilia)
. Fixed bug #54895 (Fix compiling with older gcc version without need for
membar_producer macro). (mhei at heimpold dot de)
. Fixed bug #54866 (incorrect accounting for realpath_cache_size).
(Dustin Ward)
. Fixed bug #54723 (getimagesize() doesn't check the full ico signature).
(Scott)
. Fixed bug #54721 (Different Hashes on Windows, BSD and Linux on wrong Salt
size). (Pierre, os at irj dot ru)
. Fixed bug #54580 (get_browser() segmentation fault when browscap ini
directive is set through php_admin_value). (Gustavo)
. Fixed bug #54332 (Crash in zend_mm_check_ptr // Heap corruption). (Dmitry)
. Fixed bug #54305 (Crash in gc_remove_zval_from_buffer). (Dmitry)
. Fixed bug #54238 (use-after-free in substr_replace()). (Stas)
(CVE-2011-1148)
. Fixed bug #54204 (Can't set a value with a PATH section in php.ini).
(Pierre)
. Fixed bug #54180 (parse_url() incorrectly parses path when ? in fragment).
(tomas dot brastavicius at quantum dot lt, Pierrick)
. Fixed bug #54137 (file_get_contents POST request sends additional line
break). (maurice-php at mertinkat dot net, Ilia)
. Fixed bug #53848 (fgetcsv() ignores spaces at beginnings of fields). (Ilia)
. Alternative fix for bug #52550, as applied to the round() function (signed
overflow), as the old fix impacted the algorithm for numbers with magnitude
smaller than 0. (Gustavo)
. Fixed bug #53727 (Inconsistent behavior of is_subclass_of with interfaces)
(Ralph Schindler, Dmitry)
. Fixed bug #52935 (call exit in user_error_handler cause stream relate
core). (Gustavo)
. Fixed bug #51997 (SEEK_CUR with 0 value, returns a warning). (Ilia)
. Fixed bug #50816 (Using class constants in array definition fails).
(Pierrick, Dmitry)
. Fixed bug #50363 (Invalid parsing in convert.quoted-printable-decode
filter). (slusarz at curecanti dot org)
. Fixed bug #48465 (sys_get_temp_dir() possibly inconsistent when using
TMPDIR on Windows). (Pierre)

- Apache2 Handler SAPI:
. Fixed bug #54529 (SAPI crashes on apache_config.c:197).
(hebergement at riastudio dot fr)

- CLI SAPI:
. Fixed bug #52496 (Zero exit code on option parsing failure). (Ilia)

- cURL extension:
. Added ini option curl.cainfo (support for custom cert db). (Pierre)
. Added CURLINFO_REDIRECT_URL support. (Daniel Stenberg, Pierre)
. Added support for CURLOPT_MAX_RECV_SPEED_LARGE and
CURLOPT_MAX_SEND_SPEED_LARGE. FR #51815. (Pierrick)

- DateTime extension:
. Fixed bug where the DateTime object got changed while using date_diff().
(Derick)
. Fixed bug #54340 (DateTime::add() method bug). (Adam)
. Fixed bug #54316 (DateTime::createFromFormat does not handle trailing '|'
correctly). (Adam)
. Fixed bug #54283 (new DatePeriod(NULL) causes crash). (Felipe)
. Fixed bug #51819 (Case discrepancy in timezone names cause Uncaught
exception and fatal error). (Hannes)

- DBA extension:
. Supress warning on non-existent file open with Berkeley DB 5.2 (Chris Jones)
. Fixed bug #54242 (dba_insert returns true if key already exists). (Felipe)

- Exif extesion:
. Fixed bug #54121 (error message format string typo). (Ilia)

- Fileinfo extension:
. Fixed bug #54934 (Unresolved symbol strtoull in HP-UX 11.11). (Felipe)

- Filter extension:
. Added 3rd parameter to filter_var_array() and filter_input_array()
functions that allows disabling addition of empty elements. (Ilia)
. Fixed bug #53037 (FILTER_FLAG_EMPTY_STRING_NULL is not implemented). (Ilia)

- Interbase extension:
. Fixed bug #54269 (Short exception message buffer causes crash). (Felipe)

- intl extension:
. Implemented FR #54561 (Expose ICU version info). (David Zuelke, Ilia)
. Implemented FR #54540 (Allow loading of arbitrary resource bundles when
fallback is disabled). (David Zuelke, Stas)

- Imap extension:
. Fixed bug #55313 (Number of retries not set when params specified).
(kevin at kevinlocke dot name)

- json extension:
. Fixed bug #54484 (Empty string in json_decode doesn't reset
json_last_error()). (Ilia)

- LDAP extension:
. Fixed bug #53339 (Fails to build when compilng with gcc 4.5 and DSO
libraries). (Clint Byrum, Raphael)

- libxml extension:
. Fixed bug #54601 (Removing the doctype node segfaults). (Hannes)
. Fixed bug #54440 (libxml extension ignores default context). (Gustavo)

- mbstring extension:
. Fixed bug #54494 (mb_substr() mishandles UTF-32LE and UCS-2LE). (Gustavo)

- MCrypt extension:
. Change E_ERROR to E_WARNING in mcrypt_create_iv when not enough data
has been fetched (Windows). (Pierre)
. Fixed bug #55169 (mcrypt_create_iv always fails to gather sufficient random
data on Windows). (Pierre)

- MySQL Improved extension:
. Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries).
(Andrey)

- mysqlnd
. Fixed crash when using more than 28,000 bound parameters. Workaround is to
set mysqlnd.net_cmd_buffer_size to at least 9000. (Andrey)
. Fixed bug #54674 mysqlnd valid_sjis_(head|tail) is using invalid operator
and range). (nihen at megabbs dot com, Andrey)

- MySQLi extension:
. Fixed bug #55283 (SSL options set by mysqli_ssl_set ignored for MySQLi
persistent connections). (Andrey)

- OpenSSL extension:
. openssl_encrypt()/openssl_decrypt() truncated keys of variable length
ciphers to the OpenSSL default for the algorithm. (Scott)
. On blocking SSL sockets respect the timeout option where possible.
(Scott)
. Fixed bug #54992 (Stream not closed and error not returned when SSL
CN_match fails). (Gustavo, laird_ngrps at dodo dot com dot au)

- Oracle Database extension (OCI8):
. Added oci_client_version() returning the runtime Oracle client library
version (Chris Jones)

. PCRE extension:
. Increased the backtrack limit from 100000 to 1000000 (Rasmus)

- PDO extension:
. Fixed bug #54929 (Parse error with single quote in sql comment). (Felipe)
. Fixed bug #52104 (bindColumn creates Warning regardless of ATTR_ERRMODE
settings). (Ilia)

- PDO DBlib driver:
. Fixed bug #54329 (MSSql extension memory leak).
(dotslashpok at gmail dot com)
. Fixed bug #54167 (PDO_DBLIB returns null on SQLUNIQUE field).
(mjh at hodginsmedia dot com, Felipe)

- PDO ODBC driver:
. Fixed data type usage in 64bit. (leocsilva at gmail dot com)

- PDO MySQL driver:
. Fixed bug #54644 (wrong pathes in php_pdo_mysql_int.h). (Tony, Johannes)
. Fixed bug #53782 (foreach throws irrelevant exception). (Johannes, Andrey)
. Implemented FR #48587 (MySQL PDO driver doesn't support SSL connections).
(Rob)

- PDO PostgreSQL driver:
. Fixed bug #54318 (Non-portable grep option used in PDO pgsql
configuration). (bwalton at artsci dot utoronto dot ca)

- PDO Oracle driver:
. Fixed bug #44989 (64bit Oracle RPMs still not supported by pdo-oci).
(jbnance at tresgeek dot net)

- Phar extension:
. Fixed bug #54395 (Phar::mount() crashes when calling with wrong parameters).
(Felipe)

- PHP-FPM SAPI:
. Implemented FR #54499 (FPM ping and status_path should handle HEAD request). (fat)
. Implemented FR #54172 (Overriding the pid file location of php-fpm). (fat)
. Fixed missing Expires and Cache-Control headers for ping and status pages.
(fat)
. Fixed memory leak. (fat) Reported and fixed by Giovanni Giacobbi.
. Fixed wrong value of log_level when invoking fpm with -tt. (fat)
. Added xml format to the status page. (fat)
. Removed timestamp in logs written by children processes. (fat)
. Fixed exit at FPM startup on fpm_resources_prepare() errors. (fat)
. Added master rlimit_files and rlimit_core in the global configuration
settings. (fat)
. Removed pid in debug logs written by chrildren processes. (fat)
. Added custom access log (also added per request %CPU and memory
mesurement). (fat)
. Added a real scoreboard and several improvements to the status page. (fat)

- Reflection extension:
. Fixed bug #54347 (reflection_extension does not lowercase module function
name). (Felipe, laruence at yahoo dot com dot cn)

- SOAP extension:
. Fixed bug #55323 (SoapClient segmentation fault when XSD_TYPEKIND_EXTENSION
contains itself). (Dmitry)
. Fixed bug #54312 (soap_version logic bug). (tom at samplonius dot org)

- Sockets extension:
. Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
Found by Mateusz Kocielski, Marek Kroemeke and Filip Palian. (Felipe)
. Changed socket_set_block() and socket_set_nonblock() so they emit warnings
on error. (Gustavo)
. Fixed bug #51958 (socket_accept() fails on IPv6 server sockets). (Gustavo)

- SPL extension:
. Fixed bug #54971 (Wrong result when using iterator_to_array with use_keys
on true). (Pierrick)
. Fixed bug #54970 (SplFixedArray::setSize() isn't resizing). (Felipe)
. Fixed bug #54609 (Certain implementation(s) of SplFixedArray cause hard
crash). (Felipe)
. Fixed bug #54384 (Dual iterators, GlobIterator, SplFileObject and
SplTempFileObject crash when user-space classes don't call the paren
constructor). (Gustavo)
. Fixed bug #54292 (Wrong parameter causes crash in
SplFileObject::__construct()). (Felipe)
. Fixed bug #54291 (Crash iterating DirectoryIterator for dir name starting
with \0). (Gustavo)
. Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator).
(Felipe)

- Streams:
. Fixed bug #54946 (stream_get_contents infinite loop). (Hannes)
. Fixed bug #54623 (Segfault when writing to a persistent socket after
closing a copy of the socket). (Gustavo)
. Fixed bug #54681 (addGlob() crashes on invalid flags). (Felipe)

----
こがよういちろう


投稿者 xml-rpc : 2011年8月19日 14:16
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/106094
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。