PHP 5.4.5 和 5.3.15 发布

上个版本是2012-06-15的5.4.4/5.3.14修正了30多个Bug以及几个安全漏洞。经过1个RC.

PHP 5.4.14和5.3.14发布。2012-06-15
上个版本是2012-05-08的5.4.3/5.3.13修正了30多个Bug以及几个安全漏洞。

This release fixes over 30 bugs and includes a fix for a security
related overflow issue in the stream implementation.

The release fixes multiple security issues: A weakness in the DES
implementation of crypt and a heap overflow
issue in the phar extension.PHP 5.4.4 and PHP 5.3.14 fixes over 30 bugs.
Please note that the use of php://fd streams is now restricted to the
CLI SAPI

Version 5.4.5
19-July-2012

完全改进:

Core

Version 5.4.4

06-June-2012

  • CLI SAPI
    • Implemented FR #61977 (Need CLI
      web-server support for files with .htm & svg extensions)
    • Improved performance while sending error page, this also fixed
      bug Fixed bug #61785 (Memory leak
      when access a non-exists file without router)
    • Fixed bug #61546 (functions
      related to current script failed when chdir() in cli sapi)

  • Core
    • Fixed missing bound check in iptcparse()
    • Fixed CVE-2012-2143
    • Fixed bug #62097 (fix for for bug
      #54547)
    • Fixed bug #62005 (unexpected
      behavior when incrementally assigning to a member of a null
      object)
    • Fixed bug #61978 (Object recursion
      not detected for classes that implement JsonSerializable)
    • Fixed bug #61991 (long overflow in
      realpath_cache_get())
    • Fixed bug #61922 (ZTS build
      doesn’t accept zend.script_encoding config)
    • Fixed bug #61827 (incorrect e
      processing on Windows)
    • Fixed bug #61782
      (__clone/__destruct do not match other methods when checking
      access controls)
    • Fixed bug #61761 (‘Overriding’ a
      private static method with a different signature causes crash)
    • Fixed bug #61730 (Segfault from
      array_walk modifying an array passed by reference)
    • Fixed bug #61728 (PHP crash when
      calling ob_start in request_shutdown phase)
    • Fixed bug #61660
      (bin2hex(hex2bin($data)) != $data)
    • Fixed bug #61650 (ini parser
      crashes when using ${xxxx} ini variables (without apache2))
    • Fixed bug #61605 (header_remove()
      does not remove all headers)
    • Fixed bug #54547 (wrong equality
      of string numbers)
    • Fixed bug #54197 ([PATH=]
      sections incompatibility with user_ini.filename set to null)
    • Changed php://fd to be available only for CLI

  • CURL
    • Fixed bug #61948
      (CURLOPT_COOKIEFILE ” raises open_basedir restriction)

  • COM
    • Fixed bug #62146 com_dotnet
      cannot be built shared

  • Fileinfo
    • Fixed bug #61812 (Uninitialised
      value used in libmagic)

  • FPM
    • Fixed bug #61812 (Uninitialised
      value used in libmagic)
    • Fixed bug #61565 where
      php_stream_open_wrapper_ex tries to open a directory
      descriptor under windows
    • Fixed bug #61566 failure caused by
      the posix lseek and read versions under windows in cdf_read()

  • Iconv
    • Fixed a bug that iconv extension fails to link to the correct
      library when another extension makes use of a library that links
      to the iconv library. See
      for detail

  • Intl
    • Fixed bug #62082 (Memory
      corruption in internal function
      get_icu_disp_value_src_php()

  • JSON
    • Fixed bug #61537 (json_encode()
      incorrectly truncates/discards information)

  • LibXML
    • Fixed bug #61617 (Libxml tests
      failed(ht is already destroyed))

  • PDO
    • Fixed bug #61755 (A parsing bug in
      the prepared statements can lead to access violations)

  • Phar
    • Fixed bug #61065 (Secunia SA44335)
      (CVE-2012-2386)

  • Streams
    • Fixed bug #61961
      (file_get_contents leaks when access empty file with maxlen
      set)

  • zlib
    • Fixed bug #61820 (using
      ob_gzhandler will complain about headers already sent when no
      compression)
    • Fixed bug #61443 (can’t change
      zlib.output_compression on the fly)
    • Fixed bug #60761
      (zlib.output_compression fails on refresh)

Fixed bug #62443 (Crypt SHA256/512
Segfaults With Malformed Salt)

Version 5.3.14

06-June-2012

  • CLI SAPI
    • Fixed bug #61546 (functions
      related to current script failed when chdir() in cli sapi)

  • Core
    • Fixed CVE-2012-2143
    • Fixed bug #62005 (unexpected
      behavior when incrementally assigning to a member of a null
      object)
    • Fixed bug #61730 (Segfault from
      array_walk modifying an array passed by reference)
    • Fixed missing bound check in iptcparse()
    • Fixed bug #61764 (‘I’ unpacks n as
      signed if n > 2^31-1 on LP64)
    • Fixed bug #54197 ([PATH=]
      sections incompatibility with user_ini.filename set to null)
    • Fixed bug #61713 (Logic error in
      charset detection for htmlentities)
    • Fixed bug #61991 (long overflow in
      realpath_cache_get())
    • Changed php://fd to be available only for CLI.

  • CURL
    • Fixed bug #61948
      (CURLOPT_COOKIEFILE ” raises open_basedir restriction)

  • COM
    • Fixed bug #62146 com_dotnet
      cannot be built shared

  • Fileinfo
    • Fixed bug #61812 (Uninitialised
      value used in libmagic)

  • Iconv
    • Fixed a bug that iconv extension fails to link to the correct
      library when another extension makes use of a library that links
      to the iconv library. See
      for detail

  • Intl
    • Fixed bug #62082 (Memory
      corruption in internal function
      get_icu_disp_value_src_php()

  • JSON
    • Fixed bug #61537 (json_encode()
      incorrectly truncates/discards information)

  • PDO
    • Fixed bug #61755 (A parsing bug in
      the prepared statements can lead to access violations)

  • Phar
    • Fixed bug #61065 (Secunia SA44335)

  • Streams
    • Fixed bug #61961
      (file_get_contents leaks when access empty file with maxlen
      set)

下载:

(文/开源中国)    

Fixed bug #62432 (ReflectionMethod random
corrupt memory on high concurrent)

Fixed bug #62373 (serialize() generates
wrong reference to the object).

Fixed bug #62357 (compile failure: (S)
Arguments missing for built-in function __memcmp)

Fixed bug #61998 (Using traits with method
aliases appears to result in crash during execution)

Fixed bug #51094 (parse_ini_file() with
INI_SCANNER_RAW cuts a value that includes a semi-colon)

Fixed potential overflow in _php_stream_scandir (CVE-2012-2688)

EXIF

Fixed information leak in ext exi

FPM

Fixed bug #62205 (php-fpm segfaults (null
passed to strstr)

Fixed bug #62160 (Add process.priority to
set nice(2) priorities)

Fixed bug #62153 (when using unix sockets,
multiples FPM instances)

Fixed bug #62033 (php-fpm exits with
status 0 on some failures to start)

Fixed bug #61839 (Unable to cross-compile
PHP with –enable-fpm)

Fixed bug #61835 (php-fpm is not allowed
to run as root)

Fixed bug #61295 (php-fpm should not fail
with commented ‘user’

Fixed bug #61218 (FPM drops connection
while receiving some binary values in FastCGI requests)

Fixed bug #61045 (fpm don’t send error log
to fastcgi clients). (fat) for non-root start)

Fixed bug #61026 (FPM pools can listen on
the same address). (fat) can be launched without errors)

Iconv

Fixed bug #55042 (Erealloc in iconv.c
unsafe)

Intl

Fixed bug #62083 (grapheme_extract()
memory leaks)

Fixed bug #62081 (IntlDateFormatter
constructor leaks memory when called twice)

澳门新萄京官方网站,Fixed bug #62070 (Collator::getSortKey()
returns garbage)

Fixed bug #62017 (datefmt_create with
incorrectly encoded timezone leaks pattern)

Fixed bug #60785 (memory leak in
IntlDateFormatter constructor)

ResourceBundle constructor now accepts NULL for the first two arguments

JSON

Fixed bug #61359 (json_encode() calls too
many reallocs)

libxml

Fixed bug #62266 (Custom extension
segfaults during xmlParseFile with FPM SAPI)

Phar

Fixed bug #62227 (Invalid phar stream path
causes crash)

Readline

Fixed bug #62186 (readline fails to
compile – void function should not return a value)

Reflection

Fixed bug #62384 (Attempting to invoke a
Closure more than once causes segfault)

Fixed bug #62202
(ReflectionParameter::getDefaultValue() memory leaks with constant)

Sockets

Fixed bug #62025 (__ss_family was
changed on AIX 5.3)

SPL

Fixed bug #62433 (Inconsistent behavior of
RecursiveDirectoryIterator to dot files)

网站地图xml地图