[PHP] PHP 5.3.7 Released!
The PHP development team would like to announce the immediate availability of PHP 5.3.7. This release focuses on improving the stability of the PHP 5.3.x branch with over 90 bug fixes, some of which are security related. Security Enhancements and Fixes in PHP 5.3.7: * Updated crypt_blowfish to 1.2. (CVE-2011-2483) * Fixed crash in error_log(). Reported by Mateusz Kocielski * Fixed buffer overflow on overlog salt in crypt(). * Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202) * Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938) * Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148) Key enhancements in PHP 5.3.7 include: * Upgraded bundled Sqlite3 to version 3.7.7.1 * Upgraded bundled PCRE to version 8.12 * Fixed bug #54910 (Crash when calling call_user_func with unknown function name) * Fixed bug #54585 (track_errors causes segfault) * Fixed bug #54262 (Crash when assigning value to a dimension in a non-array) * Fixed a crash inside dtor for error handling * Fixed bug #55339 (Segfault with allow_call_time_pass_reference = Off) * Fixed bug #54935 php_win_err can lead to crash * Fixed bug #54332 (Crash in zend_mm_check_ptr // Heap corruption) * Fixed bug #54305 (Crash in gc_remove_zval_from_buffer) * Fixed bug #54580 (get_browser() segmentation fault when browscap ini directive is set through php_admin_value) * Fixed bug #54529 (SAPI crashes on apache_config.c:197) * Fixed bug #54283 (new DatePeriod(NULL) causes crash). * Fixed bug #54269 (Short exception message buffer causes crash) * Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries) * Fixed bug #54395 (Phar::mount() crashes when calling with wrong parameters) * Fixed bug #54384 (Dual iterators, GlobIterator, SplFileObject and SplTempFileObject crash when user-space classes don't call the parent constructor) * Fixed bug #54292 (Wrong parameter causes crash in SplFileObject::__construct()) * Fixed bug #54291 (Crash iterating DirectoryIterator for dir name starting with \0) * Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator) * Fixed bug #54623 (Segfault when writing to a persistent socket after closing a copy of the socket) * Fixed bug #54681 (addGlob() crashes on invalid flags) * Over 80 other bug fixes. Windows users: please mind that we do no longer provide builds created with Visual Studio C++ 6. It is impossible to maintain a high quality and safe build of PHP for Windows using this unmaintained compiler. For Apache SAPIs (php5_apache2_2.dll), be sure that you use a Visual Studio C++ 9 version of Apache. We recommend the Apache builds as provided by ApacheLounge. For any other SAPI (CLI, FastCGI via mod_fcgi, FastCGI with IIS or other FastCGI capable server), everything works as before. Third party extension providers must rebuild their extensions to make them compatible and loadable with the Visual Studio C++9 builds that we now provide./p All PHP users should note that the PHP 5.2 series is NOT supported anymore. All users are strongly encouraged to upgrade to PHP 5.3.7. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 5.3.7RC5 Released for Testing
The fifth and final release candidate of 5.3.7 was just released for testing and can be downloaded here: https://downloads.php.net/ilia/php-5.3.7RC5.tar.bz2 (md5sum: 2604b92812e213287fa0fbc5d61223db) https://downloads.php.net/ilia/php-5.3.7RC5.tar.gz (md5sum: 2d3315be5ef7ab90ca359978f36c2001) The Windows binaries are available at: http://windows.php.net/qa/ This RC is in place to validate the changes resulting from various code adjustments made to address issues identified by static analysis. If no issues arise the final release will be made next week. To make sure we can finally get 5.3.7 out of the door, I would like to ask that all developers refrain from making commits into the 5.3 branch, until the final release is made (especially those on working on Coverity identified issues). PHP 5.3.7 is focused on improving the stability and security. To ensure that the release is solid, please test this RC against your code base and report any problems that you encounter. To find out what was changed since the last release please refer to the NEWS file found within the archive or on http://svn.php.net/viewvc/php/php-src/tags/php_5_3_7RC5/NEWS?revision=HEADview=markup Windows users please mind that we don't provide VS6 builds anymore since PHP 5.3.6. Ilia Alshanetsky -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 5.3.7RC4 Released for Testing
The fourth and hopefully final release candidate of 5.3.7 was just released for testing and can be downloaded here: https://downloads.php.net/ilia/php-5.3.7RC4.tar.bz2 (md5sum: 143ae4c3c5df93e2a9efae532cb51790) https://downloads.php.net/ilia/php-5.3.7RC4.tar.gz (md5sum: 8543604a0f171424c73ccaff5061f7ba) The Windows binaries are available at: http://windows.php.net/qa/ There were a few important fixes made since RC3 and this new RC is designed to validate that these fixes have not introduced any regressions. The intent is that this is the final release candidate before the final release, which if all goes well will follow in 2 weeks. PHP 5.3.7 is focused on improving the stability and security. To ensure that the release is solid, please test this RC against your code base and report any problems that you encounter. To find out what was changed since the last release please refer to the NEWS file found within the archive or on http://svn.php.net/viewvc/php/php-src/tags/php_5_3_7RC4/NEWS?revision=HEADview=markup Windows users please mind that we don't provide VS6 builds anymore since PHP 5.3.6. Ilia Alshanetsky -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 5.3.7RC3 Released for Testing
The third and hopefully final release candidate of 5.3.7 was just released for testing and can be downloaded here: https://downloads.php.net/ilia/php-5.3.7RC3.tar.bz2 (md5sum: 0ad46340ca3d4319ab10eac4a3978ae0) https://downloads.php.net/ilia/php-5.3.7RC3.tar.gz (md5sum: eab0329078f74f6c8fe5abcf6943b262) The Windows binaries are available at: http://windows.php.net/qa/ Given the volume of fixes since RC2 it was deemed necessary to make another to ensure that there are no regressions. The intent is that this is the final release candidate before the final release, which if all goes well will follow in 2 weeks. PHP 5.3.7 is focused on improving the stability and security. To ensure that the release is solid, please test this RC against your code base and report any problems that you encounter. To find out what was changed since the last release please refer to the NEWS file found within the archive or on http://svn.php.net/viewvc/php/php-src/tags/php_5_3_7RC3/NEWS?revision=HEADview=markup Windows users please mind that we don't provide VS6 builds anymore since PHP 5.3.6. Ilia Alshanetsky -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 5.3.7RC2 Released for Testing
The second release candidate of 5.3.7 was just released for testing and can be downloaded here: https://downloads.php.net/ilia/php-5.3.7RC2.tar.bz2 (md5sum: 1f4fba48807d5d6236b24ca1f1b63e69) https://downloads.php.net/ilia/php-5.3.7RC2.tar.gz (md5sum: d57c2d49d4e9c8a90d31068d88605ef2) The Windows binaries are available at: http://windows.php.net/qa/ Given the small number of changes since the last RC, it is likely a final version will be released in 2 weeks. If it is not, a third release candidate will be available in 2 weeks. PHP 5.3.7 is focused on improving the stability and security. To ensure that the release is solid, please test this RC against your code base and report any problems that you encounter. To find out what was changed since the last release please refer to the NEWS file found within the archive or on http://svn.php.net/viewvc/php/php-src/tags/php_5_3_7RC2/NEWS?revision=HEADview=markup Windows users please mind that we don't provide VS6 builds anymore since PHP 5.3.6. When using the openssl extension please mind a known regression which might lead to a performance degression. This regression will be fixed with RC2 and the final release. Ilia Alshanetsky -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 5.2.16 Released!
The PHP development team would like to announce the immediate availability of PHP 5.2.16. This release marks the end of support for PHP 5.2. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3. This release focuses on addressing a regression in open_basedir implementation introduced in 5.2.15 in addition to fixing a crash inside PDO::pgsql on data retrieval when the server is down. All users who have upgraded to 5.2.15 and are utilizing open_basedir are strongly encouraged to upgrade to 5.2.16 or 5.3.4. For a full list of changes in PHP 5.2.16, see the ChangeLog on http://php.net/ChangeLog-5.php#5.2.16. For source downloads please visit our downloads page on http://php.net/downloads.php, Windows binaries can be found on http://windows.php.net/download/. Ilia Alshanetsky 5.2 Release Master -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 5.2.15 Released!
The PHP development team would like to announce the immediate availability of PHP 5.2.15. This release marks the end of support for PHP 5.2. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3. This release focuses on improving the security and stability of the PHP 5.2.x branch with a small number, of predominatly security fixes. Security Enhancements and Fixes in PHP 5.2.15: Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE. Fixed crash in zip extract method (possible CWE-170). Fixed a possible double free in imap extension. Fixed possible flaw in open_basedir (CVE-2010-3436). Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data). Key enhancements in PHP 5.2.15 include: Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4). Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy with SoapClient object). For a full list of changes in PHP 5.2.15, see the ChangeLog on http://php.net/ChangeLog-5.php#5.2.15. For source downloads please visit our downloads page on http://php.net/downloads.php, Windows binaries can be found on http://windows.php.net/download/. Ilia Alshanetsky 5.2 Release Master -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 5.2.15RC2 5.3.4RC2 Released for Testing
The second release candidates of 5.2.15 and 5.3.4 were just released for testing and can be downloaded here: http://downloads.php.net/ilia/php-5.2.15RC2.tar.bz2 (md5sum: 423e70e49f8defd63c6a08d824357f36) http://downloads.php.net/johannes/php-5.3.4RC2.tar.bz2 (md5sum: 36f7854304f9ecaa28d56f0eb163) The windows binaries will be available shortly at: http://windows.php.net/qa/ Since the first release candidate, we have not seen a large number of changes and and there are no show-stopper bugs for either version. At this point we both feel that the next logical step is the final release, which we would like to schedule a week from now. Given that this is the case, we would like to ask all developers to refrain making commits to the 5.3 and 5.2 branches, unless these constitue critical bug fixes, in which case please let Johannes and myself know about these fixes ahead of time. This way we can avoid last minute regressions, especially so for the 5.2.15 release, which is the final one in that series. Ilia Alshanetsky Johannes Schlüter PHP 5.2 Release Master PHP 5.3 Release Master -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 5.2.8 Released
The PHP development team would like to announce the immediate availability of PHP 5.2.8. This release addresses a regression introduced by 5.2.7 in regard to the magic_quotes functionality, that was broken by an incorrect fix to the filter extension. All users who have upgraded to 5.2.7 are encouraged to upgrade to this release, alternatively you can apply a work-around for the bug by changing filter.default_flags=0 in php.ini. For users upgrading from PHP 5.0 and PHP 5.1, an upgrade guide is available here (http://www.php.net/migration52), detailing the changes between those releases and PHP 5.2.8. For a full list of changes in PHP 5.2.8, see the ChangeLog (http://www.php.net/ChangeLog-5.php#5.2.8). Ilia Alshanetsky 5.2 Release Master -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 5.2.7 Released
The PHP development team would like to announce the immediate availability of PHP 5.2.7. This release focuses on improving the stability of the PHP 5.2.x branch with over 170 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.7: * Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371) * Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz. * Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658). * Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659). * Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz. * Fixed safe_mode related security issues detailed in CVE-2008-2665 and CVE-2008-2666. * Crash with URI/file..php (filename contains 2 dots) (Fixes CVE-2008-3660) * IMAP toolkit crash: rfc822.c legacy routine buffer overflow. (Fixes CVE-2008-2829) Some of the key enhancements in PHP 5.2.7 include: * Fixed several memory leaks inside the readline and sqlite extensions * A number of corrections relating to date parsing inside the date extension * Fixed bugs relating to data retrieval in the PDO extension * A series of crashes in various areas of code were resolved * Several corrections were made to the strip_tags() function in terms of and ?XML handling * A number of bugs were fixed in extract() function when EXTR_REFS flag is being used * Added the ability to log PHP errors to the SAPI (Ex. Apache log) logging facility * Over 170 bug fixes. For users upgrading from PHP 5.0 and PHP 5.1, an upgrade guide is available here (http://www.php.net/migration52), detailing the changes between those releases and PHP 5.2.7. For a full list of changes in PHP 5.2.7, see the ChangeLog (http://www.php.net/ChangeLog-5.php#5.2.7). Ilia Alshanetsky 5.2 Release Master -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 4.3.9 Released
Here is the proposed 4.3.9 release announcement. PHP Development Team is proud to announce the immediate release of PHP 4.3.9. This is a maintenance release that in addition to over 50 non-critical bug fixes, addresses a problem with GPC input processing. This release also re-introduces ability to write GIF images via the bundled GD extension. All Users of PHP are encouraged to upgrade to this release as soon as possible. Aside from the above mentioned issues this release includes the following important fixes: * Implemented periodic PCRE compiled regexp cache cleanup, to avoid memory exhaustion * Fixed strip_tags() to correctly handle '\0' characters. * Rewritten UNIX and Windows install help files. * Fixed a file-descriptor leak with phpinfo() and other 'special' URLs. * Fixed possible crash inside php_shutdown_config(). * Fixed isset crashes on arrays. * Fixed imagecreatefromstring() crashes with external GD library. * Fixed fgetcsv() parsing of strings ending with escaped enclosures. * Fixed overflow in array_slice(), array_splice(), substr(), substr_replace(), strspn(), strcspn(). * Fixed '\0' in Authenticate header passed via safe_mode. * Allow bundled GD to compile against freetype 2.1.2. All in all this release fixes over 50 bugs that have been discovered and resolved since the 4.3.8 release. PHP Development Team -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 4.3.7 Released
PHP Development Team is proud to announce the release of PHP 4.3.7. This is a maintenance release that in addition to several non-critical bug fixes, addresses an input validation vulnerability in escapeshellcmd() and escapeshellarg() functions on the Windows platform. Users of PHP on Windows are encouraged to upgrade to this release as soon as possible. Aside from the above mentioned issues this release includes the following important fixes: Synchronized bundled GD library with GD 2.0.23. Fixed a bug that prevented compilation of GD extensions against FreeType 2.1.0-2.1.2. Fixed thread safety issue with informix connection id. Fixed incorrect resolving of relative paths by glob() in windows. Fixed mapping of Greek letters to html entities. Fixed a bug that caused an on shutdown crash when using PHP with Apache 2.0.49. Fixed a number of crashes inside pgsql, cpdf and gd extensions. All in all this release fixes over 30 bugs that have been discovered and resolved since the 4.3.6 release. Enjoy, PHP Development Team. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 4.3.5 Released
PHP Development Team is proud to announce the release of PHP 4.3.5. This is primarily a bug fix release, without any new features or additions.PHP 4.3.5 is by far the most stable release of PHP to date and it is recommended that all users upgrade to this release whenever possible. The major fixes include: - Fixed INI leak between Apache virtual hosts. - Fixed crashes inside fgetcsv() and make the function binary safe. - Fixed compilation with early versions of GCC 3.0. - Fixed a bug that prevented feof() from working correctly with sockets. - Improved the matching algorithm inside the get_browser() function. - Fixed resolving of open_basedir on Win32 systems. - Fixed incorrect errors for non-existent directories when safe_mode is enabled. - Bundled OpenSSL dlls on Win32 upgraded to 0.9.7c - Updated bundled PostgreSQL library to version 7.4 in Windows distribution. - Bundled PCRE library upgraded to 4.5 - Synchronized bundled GD library with GD 2.0.17 - A number of fixes for 64bit systems. Aside from the above mentioned fixes, this release resolves over 140 various bugs and implementational problems. Enjoy, PHP Development Team. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 4.3.5RC4 Released for Testing
The much overdue 4.3.5RC4 is finally out and hopefully will shortly (within a week) be followed by the final release. In the meantime please download this release, which is avaliable from http://qa.php.net/ and try it with against your code as well as make test. While I do not anticipate any major problems to be discovered this will ensure that 4.3.5 will be 100% production ready. If you do come across any critical issues or are of aware of some, please report them. For those of you who will run the PHP's test suite via make test, please do not be alarmed by the following test failures: Bug #25547 (error_handler and array index with function call) [tests/lang/bug25547.phpt] Bug #24594 (Filling an area using tiles). [ext/gd/tests/bug27582_2.phpt] Download URLs: http://downloads.php.net/ilia/php-4.3.5RC4.tar.bz2 http://downloads.php.net/ilia/php-4.3.5RC4.tar.gz http://downloads.php.net/ilia/php-4.3.5RC4-Win32.zip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 4.3.4 Released
PHP 4.3.4 has been released. The focus of this release was the resolution of bugs and at the time of release some 70 bugs were resolved. All users are encouraged to upgrade to 4.3.4. PHP 4.3.4 contains, among others, following important fixes: * Fixed disk_total_space() and disk_free_space() under FreeBSD. * Fixed FastCGI being unable to bind to a specific IP. * Fixed several bugs in mail() implementation on win32. * Fixed crashes in a number of functions. * Fixed compile failure on MacOSX 10.3 Panther. Enjoy, PHP Development Team. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 4.3.3 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 After a lengthy QA process, PHP 4.3.3 is finally out! This maintenance release solves a fair number of bugs found in prior PHP versions and addresses several security issues. All users are *strongly* advised to upgrade to 4.3.3 as soon as possible. PHP 4.3.3 contains, among others, following important fixes, additions and improvements: * Improved the engine to use POSIX/socket IO where feasible. * Fixed several potentially hazardous integer and buffer overflows. * Fixed corruption of multibyte character including 0x5c as second byte in multipart/form-data. * Fixed each() to be binary safe for keys. * Major improvements to the NSAPI SAPI * Improvements to the IMAP extension * Improvements to the InterBase extension * Added DBA handler 'inifile' to support ini files. * Added long options into CLI CGI (e.g. --version). * Added a new parameter to preg_match*() that can be used to specify the starting offset in the subject string to match from. * Upgraded the bundled Expat library to version 1.95.6 * Upgraded the bundled PCRE library to version 4.3 * Upgraded the bundled GD library to version GD 2.0.15 * Over 100 various bug fixes! For a full list of changes in PHP 4.3.2, see the NEWS file. (http://www.php.net/ChangeLog-4.php#4.3.3). md5sums: 1171d96104e2ff2cff9e19789a4a1536php-4.3.3.tar.bz2 fe3fede4115354155fc6185522f7c6b2php-4.3.3.tar.gz c3497c394b3f5829136eb2ff614da241php-4.3.3-Win32.zip 140b98d796e81402776a133f273f0b38php-4.3.3-installer.exe Have fun, Ilia Alshanetsky [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE/ShTMLKekh381/CERAn5VAJ9SlW4lGGwGMXGpvs2blhS8R6Sl5ACcCkPV wWiX4ZLugm1K8xVIj2e0sKo= =xxIX -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 4.3.3RC4 Released
RC3 did not prove as stable as I hoped it would be, so here we are 20+ bug fixes later with RC4. It is my sincere hope that RC4 will be the last RC before we can proceed with the final. Please test this release as much as possible, ideally you won't find any new bugs. Once again I would like to ask that all developers refrain from making commits to the 4_3 tree until 4.3.3 final is released, unless a patch addresses a critical issue. Critical issues are defined as the following: 1) Security Fixes 2) Fixes for bugs introduced in 4.3.3X releases 3) Fixes for bugs that break backwards compatibility with older versions. Ilia -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 4.3.3RC3 Released
PHP 4.3.3RC3 was just released, hopefully this will be the final release candidate prior to the final release. Please test this release as much possible so that any new/critical bugs maybe uncovered and resolved before the final. If you do find such bugs (hopefully you won't) be sure to label them as RC3 bugs. I would like to ask that all developers refrain from making commits to the 4_3 tree until 4.3.3 final is released, unless a patch addresses a critical issue. Critical issues are defined as the following: 1) Security Fixes 2) Fixes for bugs introduced in 4.3.3X releases 3) Fixes for bugs that break backwards compatibility with older versions. Ilia -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
