2012年6月16日

[installer 3255] PHP 5.3.14, 5.4.4

PHP 5.3.14, 5.4.4 出ました。

複数のセキュリティホールの修正が含まれています (ひとつは DES の crypt()
の CVE-2012-2143 です)。

☆ PHP 5.3.14
http://www.php.net/
http://www.php.net/downloads.php#v5

http://www.php.net/distributions/php-5.3.14.tar.gz
http://static.php.net/www.php.net/distributions/php-5.3.14.tar.gz

14 Jun 2012, PHP 5.3.14

- CLI SAPI:
. Fixed bug #61546 (functions related to current script failed when chdir()
in cli sapi). (Laruence, reeze.xia@xxxxx)

- CURL:
. Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction).
(Laruence)

- COM:
. Fixed bug #62146 com_dotnet cannot be built shared. (Johannes)

- Core:
. Fixed CVE-2012-2143. (Solar Designer)
. Fixed bug #62005 (unexpected behavior when incrementally assigning to a
member of a null object). (Laruence)
. Fixed bug #61730 (Segfault from array_walk modifying an array passed by
reference). (Laruence)
. Fixed missing bound check in iptcparse(). (chris at chiappa.net)
. Fixed bug #61764 ('I' unpacks n as signed if n > 2^31-1 on LP64). (Gustavo)
. Fixed bug #54197 ([PATH=] sections incompatibility with user_ini.filename
set to null). (Anatoliy)
. Fixed bug #61713 (Logic error in charset detection for htmlentities).
(Anatoliy)
. Fixed bug #61991 (long overflow in realpath_cache_get()). (Anatoliy)
. Changed php://fd to be available only for CLI.

- Fileinfo:
. Fixed bug #61812 (Uninitialised value used in libmagic).
(Laruence, Gustavo)

- Iconv extension:
. Fixed a bug that iconv extension fails to link to the correct library
when another extension makes use of a library that links to the iconv
library. See https://bugs.gentoo.org/show_bug.cgi?id=364139 for detail.
(Moriyoshi)

- Intl:
. Fixed bug #62082 (Memory corruption in internal function
get_icu_disp_value_src_php()). (Gustavo)

- JSON
. Fixed bug #61537 (json_encode() incorrectly truncates/discards
information). (Adam)

- PDO:
. Fixed bug #61755 (A parsing bug in the prepared statements can lead to
access violations). (Johannes)

- Phar:
. Fix bug #61065 (Secunia SA44335). (Rasmus)

- Streams:
. Fixed bug #61961 (file_get_contents leaks when access empty file with
maxlen set). (Reeze)


☆ PHP 5.4.4
http://www.php.net/
http://www.php.net/downloads.php#v5
http://www.php.net/distributions/php-5.4.4.tar.gz
http://static.php.net/www.php.net/distributions/php-5.4.4.tar.gz

14 Jun 2012, PHP 5.4.4

- CLI Server:
. Implemented FR #61977 (Need CLI web-server support for files with .htm &
svg extensions). (Sixd, Laruence)
. Improved performance while sending error page, this also fixed
bug #61785 (Memory leak when access a non-exists file without router).
(Laruence)
. Fixed bug #61546 (functions related to current script failed when chdir()
in cli sapi). (Laruence, reeze.xia@xxxxx)

- COM:
. Fixed bug #62146 com_dotnet cannot be built shared. (Johannes)

- Core:
. Fixed missing bound check in iptcparse(). (chris at chiappa.net)
. Fixed CVE-2012-2143. (Solar Designer)
. Fixed bug #62097 (fix for for bug #54547). (Gustavo)
. Fixed bug #62005 (unexpected behavior when incrementally assigning to a
member of a null object). (Laruence)
. Fixed bug #61978 (Object recursion not detected for classes that implement
JsonSerializable). (Felipe)
. Fixed bug #61991 (long overflow in realpath_cache_get()). (Anatoliy)
. Fixed bug #61922 (ZTS build doesn't accept zend.script_encoding config).
(Laruence)
. Fixed bug #61827 (incorrect \e processing on Windows) (Anatoliy)
. Fixed bug #61782 (__clone/__destruct do not match other methods when checking
access controls). (Stas)
. Fixed bug #61761 ('Overriding' a private static method with a different
signature causes crash). (Laruence)
. Fixed bug #61730 (Segfault from array_walk modifying an array passed by
reference). (Laruence)
. Fixed bug #61728 (PHP crash when calling ob_start in request_shutdown
phase). (Laruence)
. Fixed bug #61660 (bin2hex(hex2bin($data)) != $data). (Nikita Popov)
. Fixed bug #61650 (ini parser crashes when using ${xxxx} ini variables
(without apache2)). (Laruence)
. Fixed bug #61605 (header_remove() does not remove all headers). (Laruence)
. Fixed bug #54547 (wrong equality of string numbers). (Gustavo)
. Fixed bug #54197 ([PATH=] sections incompatibility with user_ini.filename
set to null). (Anatoliy)
. Changed php://fd to be available only for CLI.

- CURL:
. Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction).
(Laruence)

- Intl:
. Fixed bug #62082 (Memory corruption in internal function
get_icu_disp_value_src_php()). (Gustavo)

- PDO:
. Fixed bug #61755 (A parsing bug in the prepared statements can lead to
access violations). (Johannes)

- Phar:
. Fix bug #61065 (Secunia SA44335, CVE-2012-2386). (Rasmus)

- Pgsql:
. Added pg_escape_identifier/pg_escape_literal. (Yasuo Ohgaki)

- FPM
. Fixed bug #61812 (Uninitialised value used in libmagic).
(Laruence, Gustavo)
. Fixed bug #61565 where php_stream_open_wrapper_ex tries to open a
directory descriptor under windows. (Anatoliy)
. Fixed bug #61566 failure caused by the posix lseek and read versions
under windows in cdf_read(). (Anatoliy)

- Libxml:
. Fixed bug #61617 (Libxml tests failed(ht is already destroyed)).
(Laruence)

- Zlib:
. Fixed bug #61820 (using ob_gzhandler will complain about headers already
sent when no compression). (Mike)
. Fixed bug #61443 (can't change zlib.output_compression on the fly). (Mike)
. Fixed bug #60761 (zlib.output_compression fails on refresh). (Mike)

----
こがよういちろう


投稿者 xml-rpc : 2012年6月16日 11:25
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/110774
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。