登录站点

用户名

密码

注册

蓝天

蓝天的日志

蓝天的主页 | 查看全部日志
查看日志|返回日志列表

PHP 5.4.5 和 5.3.15 发布

标签related  includes  security  release  2012-07-20 14:03
PHP 5.4.5和5.3.15发布。
上个版本是2012-06-15的5.4.4/5.3.14修正了30多个Bug以及几个安全漏洞。经过1个RC.

This release fixes over 30 bugs and includes a fix for a security related overflow issue in the stream implementation.

Version 5.4.5
19-July-2012

  • Core
  • Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
  • Fixed bug #62432 (ReflectionMethod random corrupt memory on high concurrent)
  • Fixed bug #62373 (serialize() generates wrong reference to the object).
  • Fixed bug #62357 (compile failure: (S) Arguments missing for built-in function __memcmp)
  • Fixed bug #61998 (Using traits with method aliases appears to result in crash during execution)
  • Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that includes a semi-colon)
  • Fixed potential overflow in _php_stream_scandir (CVE-2012-2688)
  • EXIF
  • Fixed information leak in ext exi
  • FPM
  • Fixed bug #62205 (php-fpm segfaults (null passed to strstr)
  • Fixed bug #62160 (Add process.priority to set nice(2) priorities)
  • Fixed bug #62153 (when using unix sockets, multiples FPM instances)
  • Fixed bug #62033 (php-fpm exits with status 0 on some failures to start)
  • Fixed bug #61839 (Unable to cross-compile PHP with --enable-fpm)
  • Fixed bug #61835 (php-fpm is not allowed to run as root)
  • Fixed bug #61295 (php-fpm should not fail with commented 'user'
  • Fixed bug #61218 (FPM drops connection while receiving some binary values in FastCGI requests)
  • Fixed bug #61045 (fpm don't send error log to fastcgi clients). (fat) for non-root start)
  • Fixed bug #61026 (FPM pools can listen on the same address). (fat) can be launched without errors)
  • Iconv
  • Fixed bug #55042 (Erealloc in iconv.c unsafe)
  • Intl
  • Fixed bug #62083 (grapheme_extract() memory leaks)
  • Fixed bug #62081 (IntlDateFormatter constructor leaks memory when called twice)
  • Fixed bug #62070 (Collator::getSortKey() returns garbage)
  • Fixed bug #62017 (datefmt_create with incorrectly encoded timezone leaks pattern)
  • Fixed bug #60785 (memory leak in IntlDateFormatter constructor)
  • ResourceBundle constructor now accepts NULL for the first two arguments
  • JSON
  • Fixed bug #61359 (json_encode() calls too many reallocs)
  • libxml
  • Fixed bug #62266 (Custom extension segfaults during xmlParseFile with FPM SAPI)
  • Phar
  • Fixed bug #62227 (Invalid phar stream path causes crash)
  • Readline
  • Fixed bug #62186 (readline fails to compile - void function should not return a value)
  • Reflection
  • Fixed bug #62384 (Attempting to invoke a Closure more than once causes segfault)
  • Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory leaks with constant)
  • Sockets
  • Fixed bug #62025 (__ss_family was changed on AIX 5.3)
  • SPL
  • Fixed bug #62433 (Inconsistent behavior of RecursiveDirectoryIterator to dot files)
  • Fixed bug #62262 (RecursiveArrayIterator does not implement Countable)
  • XML Writer
  • Fixed bug #62064 (memory leak in the XML Writer module)
  • Zip
  • Upgraded libzip to 0.10.

    Version 5.3.15
    19-July-2012
  • Zend Engine
  • Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that includes a semi-colon)
  • COM
  • Fixed bug #62146 com_dotnet cannot be built shared
  • Core
  • Fixed potential overflow in _php_stream_scandir, CVE-2012-2688
  • Fixed bug #62432 (ReflectionMethod random corrupt memory on high concurrent)
  • Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
  • Fileinfo
  • Fixed magic file regex support
  • FPM
  • Fixed bug #61045 (fpm don't send error log to fastcgi clients)
  • Fixed bug #61835 (php-fpm is not allowed to run as root)
  • Fixed bug #61295 (php-fpm should not fail with commented 'user' for non-root start)
  • Fixed bug #61026 (FPM pools can listen on the same address)
  • Fixed bug #62033 (php-fpm exits with status 0 on some failures to start)
  • Fixed bug #62153 (when using unix sockets, multiples FPM instances can be launched without errors)
  • Fixed bug #62160 (Add process.priority to set nice(2) priorities)
  • Fixed bug #61218 (FPM drops connection while receiving some binary values in FastCGI requests)
  • Fixed bug #62205 (php-fpm segfaults (null passed to strstr))
  • Intl
  • Fixed bug #62083 (grapheme_extract() memory leaks)
  • Fixed bug #62081 (IntlDateFormatter constructor leaks memory when called twice)
  • Fixed bug #62070 (Collator::getSortKey() returns garbage)
  • Fixed bug #62017 (datefmt_create with incorrectly encoded timezone leaks pattern)
  • Fixed bug #60785 (memory leak in IntlDateFormatter constructor)
  • JSON
  • Reverted fix for bug #61537
  • Phar
  • Fixed bug #62227 (Invalid phar stream path causes crash)
  • Reflection
  • Fixed bug #62384 (Attempting to invoke a Closure more than once causes segfault)
  • Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory leaks with constant)
  • SPL
  • Fixed bug #62262 (RecursiveArrayIterator does not implement Countable)
  • SQLite
  • Fixed open_basedir bypass, CVE-2012-3365
  • XML Write
  • Fixed bug #62064 (memory leak in the XML Writer module)
  • Zip
  • Upgraded libzip to 0.10
    下载:
    http://us3.php.net/distributions/php-5.4.5.tar.bz2
    http://us3.php.net/distributions/php-5.3.15.tar.bz2
    • 分享
    举报|
    578 次阅读 | 0 个评论

    留下脚印

    评论