澳门新葡亰网址下载PHP 5.4.4 和 5.3.14 发布。安全更新

by admin on 2020年4月28日

PHP 7.0.9 正式发布了。

PHP 7.0.0 RC 3 发布,此版本不是正式版本,请小心升级。

PHP 5.4.14和5.3.14发布。2012-06-15
上个版本是2012-05-08的5.4.3/5.3.13修正了30多个Bug以及几个安全漏洞。

下载地址:

PHP 7.0.0 RC 3 更新记录

The release fixes multiple security issues: A weakness in the DES
implementation of crypt and a heap overflow
issue in the phar extension.PHP 5.4.4 and PHP 5.3.14 fixes over 30 bugs.
Please note that the use of php://fd streams is now restricted to the
CLI SAPI

改进日志如下:

下载地址:

完全改进:

– Core:

  •  

  •  

Version 5.4.4

06-June-2012

  • CLI SAPI
    • Implemented FR #61977 (Need CLI
      web-server support for files with .htm & svg extensions)
    • Improved performance while sending error page, this also fixed
      bug Fixed bug #61785 (Memory leak
      when access a non-exists file without router)
    • Fixed bug #61546 (functions
      related to current script failed when chdir() in cli sapi)

  • Core
    • Fixed missing bound check in iptcparse()
    • Fixed CVE-2012-2143
    • Fixed bug #62097 (fix for for bug
      #54547)
    • Fixed bug #62005 (unexpected
      behavior when incrementally assigning to a member of a null
      object)
    • Fixed bug #61978 (Object recursion
      not detected for classes that implement JsonSerializable)
    • Fixed bug #61991 (long overflow in
      realpath_cache_get())
    • Fixed bug #61922 (ZTS build
      doesn’t accept zend.script_encoding config)
    • Fixed bug #61827 (incorrect e
      processing on Windows)
    • Fixed bug #61782
      (__clone/__destruct do not match other methods when checking
      access controls)
    • Fixed bug #61761 (‘Overriding’ a
      private static method with a different signature causes crash)
    • Fixed bug #61730 (Segfault from
      array_walk modifying an array passed by reference)
    • Fixed bug #61728 (PHP crash when
      calling ob_start in request_shutdown phase)
    • Fixed bug #61660
      (bin2hex(hex2bin($data)) != $data)
    • Fixed bug #61650 (ini parser
      crashes when using ${xxxx} ini variables (without apache2))
    • Fixed bug #61605 (header_remove()
      does not remove all headers)
    • Fixed bug #54547 (wrong equality
      of string numbers)
    • Fixed bug #54197 ([PATH=]
      sections incompatibility with user_ini.filename set to null)
    • Changed php://fd to be available only for CLI

  • CURL
    • Fixed bug #61948
      (CURLOPT_COOKIEFILE ” raises open_basedir restriction)

  • COM
    • Fixed bug #62146 com_dotnet
      cannot be built shared

  • Fileinfo
    • Fixed bug #61812 (Uninitialised
      value used in libmagic)

  • FPM
    • Fixed bug #61812 (Uninitialised
      value used in libmagic)
    • Fixed bug #61565 where
      php_stream_open_wrapper_ex tries to open a directory
      descriptor under windows
    • Fixed bug #61566 failure caused by
      the posix lseek and read versions under windows in cdf_read()

  • Iconv
    • Fixed a bug that iconv extension fails to link to the correct
      library when another extension makes use of a library that links
      to the iconv library. See
      for detail

  • Intl
    • Fixed bug #62082 (Memory
      corruption in internal function
      get_icu_disp_value_src_php()

  • JSON
    • Fixed bug #61537 (json_encode()
      incorrectly truncates/discards information)

  • LibXML
    • Fixed bug #61617 (Libxml tests
      failed(ht is already destroyed))

  • PDO
    • Fixed bug #61755 (A parsing bug in
      the prepared statements can lead to access violations)

  • Phar
    • Fixed bug #61065 (Secunia SA44335)
      (CVE-2012-2386)

  • Streams
    • Fixed bug #61961
      (file_get_contents leaks when access empty file with maxlen
      set)

  • zlib
    • Fixed bug #61820 (using
      ob_gzhandler will complain about headers already sent when no
      compression)
    • Fixed bug #61443 (can’t change
      zlib.output_compression on the fly)
    • Fixed bug #60761
      (zlib.output_compression fails on refresh)

   . Fixed bug #72508 (strange references after recursive function call
and “switch” statement). (Laruence)

– Core:

Version 5.3.14

06-June-2012

  • CLI SAPI
    • Fixed bug #61546 (functions
      related to current script failed when chdir() in cli sapi)

  • Core
    • Fixed CVE-2012-2143
    • Fixed bug #62005 (unexpected
      behavior when incrementally assigning to a member of a null
      object)
    • Fixed bug #61730 (Segfault from
      array_walk modifying an array passed by reference)
    • Fixed missing bound check in iptcparse()
    • Fixed bug #61764 (‘I’ unpacks n as
      signed if n > 2^31-1 on LP64)
    • Fixed bug #54197 ([PATH=]
      sections incompatibility with user_ini.filename set to null)
    • Fixed bug #61713 (Logic error in
      charset detection for htmlentities)
    • Fixed bug #61991 (long overflow in
      realpath_cache_get())
    • Changed php://fd to be available only for CLI.

  • CURL
    • Fixed bug #61948
      (CURLOPT_COOKIEFILE ” raises open_basedir restriction)

  • COM
    • Fixed bug #62146 com_dotnet
      cannot be built shared

  • Fileinfo
    • Fixed bug #61812 (Uninitialised
      value used in libmagic)

  • Iconv
    • Fixed a bug that iconv extension fails to link to the correct
      library when another extension makes use of a library that links
      to the iconv library. See
      for detail

  • Intl
    • Fixed bug #62082 (Memory
      corruption in internal function
      get_icu_disp_value_src_php()

  • JSON
    • Fixed bug #61537 (json_encode()
      incorrectly truncates/discards information)

  • PDO
    • Fixed bug #61755 (A parsing bug in
      the prepared statements can lead to access violations)

  • Phar
    • Fixed bug #61065 (Secunia SA44335)

  • Streams
    • Fixed bug #61961
      (file_get_contents leaks when access empty file with maxlen
      set)

下载:

(文/开源中国)    

   . Fixed bug #72513 (Stack-based buffer overflow vulnerability in
virtual_file_ex). (Stas)

  . Fixed bug #70431 (Memory leak in php_ini.c). (Senthil, Laruence)
  . Fixed bug #70478 (**= does no longer work). (Bob)

   . Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP
libraries and applications). (Stas) 

  • CLI server:
      . Fixed bug #68291 (404 on urls with ‘+’). (cmb)

  • DOM:
      . Fixed bug #70001 (Assigning to DOMNode::textContent does additional
    entity
        encoding). (cmb)

  • Intl:
      . Fixed bug #70453 (IntlChar::foldCase() incorrect arguments and
    missing
        constants). (cmb)
      . Fixed bug #70454 (IntlChar::forDigit second parameter should be
    optional).
        (cmb, colinodell)

  • Mysqlnd:
      . Fixed bug #70456 (mysqlnd doesn’t activate TCP keep-alive when
    connecting to
        a server). (Sergei Turchanov)

  • Opcache:
      . Fixed bug #70423 (Warning Internal error: wrong size calculation).
    (Anatol)

  • OpenSSL
      . Fixed bug #55259 (openssl extension does not get the DH parameters
    from
        DH key resource). (Jakub Zelenka)
      . Fixed bug #70395 (Missing ARG_INFO for openssl_seal()). (cmb)
      . Fixed bug #60632 (openssl_seal fails with AES). (Jakub Zelenka)
      . Implemented FR #70438 (Add IV parameter for openssl_seal and
    openssl_open)
        (Jakub Zelenka)

 – bz2:

  • Phpdbg:
      . Fixed bug #70449 (PHP won’t compile on 10.4 and 10.5 because of
    missing
        constants). (Bob)

  • Session:
      . Fixed bug #70013 (Reference to $_SESSION is lost after a call to
        session_regenerate_id()). (Yasuo)

  • Standard:
      . Implemented the RFC `Random Functions Throwing Exceptions in PHP
    7`.
        (Sammy Kaye Powers, Anthony)
      . Fixed bug #70487 (pack(‘x’) produces an error). (Nikita)

  • Streams:
      . Fixed bug #70361 (HTTP stream wrapper doesn’t close keep-alive
    connections).
        (Niklas Keller)

  • XMLReader:
      . Fixed bug #70309 (XmlReader read generates extra output).
    (Anatol)

  • Zip:

   . Fixed bug #72613 (Inadequate error handling in bzread()).
(Stas) 

  . Fixed bug #70322 (ZipArchive::close() doesn’t indicate errors).
(cmb)

 – CLI:

随着 RC3 的发布,相信正式版将会很快到来。

   . Fixed bug #72484 (SCRIPT_FILENAME shows wrong path if the user
specify router.php). (Laruence)

文章转载自:开源中国社区 []    

 – COM:

   . Fixed bug #72498 (variant_date_from_timestamp null
dereference). (Anatol) 

 – Curl:

   . Fixed bug #72541 (size_t overflow lead to heap corruption).
(Stas)

 – Exif:

   . Fixed bug #72603 (Out of bound read in
exif_process_IFD_in_MAKERNOTE). (Stas)

   . Fixed bug #72618 (NULL Pointer Dereference in
exif_process_user_comment). (Stas) 

 – GD:

   . Fixed bug #43475 (Thick styled lines have scrambled patterns).
(cmb)

   . Fixed bug #53640 (XBM images require width to be multiple of 8).
(cmb)

   . Fixed bug #64641 (imagefilledpolygon doesn’t draw horizontal
line). (cmb)

   . Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary
write/read access). (Pierre)

   . Fixed bug #72519 (imagegif/output out-of-bounds access). (Pierre)

   . Fixed bug #72558 (Integer overflow error within
_gdContributionsAlloc()). (Pierre)

   . Fixed bug #72482 (Ilegal write/read access caused by gdImageAALine
overflow). (Pierre)

   . Fixed bug #72494 (imagecropauto out-of-bounds access). (Pierre)

 – Intl:

   . Fixed bug #72533 (locale_accept_from_http out-of-bounds
access). (Stas)

 – Mbstring:

   . Fixed bug #72405 (mb_ereg_replace – mbc_to_code (oniguruma) –
oob read access). (Laruence)

   . Fixed bug #72399 (Use-After-Free in MBString (search_re)).
(Laruence)

 – mcrypt:

   . Fixed bug #72551, bug #72552 (In correct casting from size_t to
int lead to heap overflow in mdecrypt_generic). (Stas) 

 – PDO_pgsql:

   . Fixed bug #72570 (Segmentation fault when binding parameters on a
query without placeholders). (Matteo)

  – PCRE:

   . Fixed bug #72476 (Memleak in jit_stack). (Laruence)

   . Fixed bug #72463 (mail fails with invalid argument). (Anatol)

 

 – Readline:

   . Fixed bug #72538 (readline_redisplay crashes php). (Laruence)

  – Standard:

   . Fixed bug #72505 (readfile() mangles files larger than 2G).
(Cschneid)

   . Fixed bug #72306 (Heap overflow through proc_open and $env
parameter). (Laruence) 

 – Session:

   . Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow).
(Laruence)

   . Fixed bug #72562 (Use After Free in unserialize() with Unexpected
Session Deserialization). (Stas)

 – SNMP:

   . Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and
unserialize()). (Stas) 

 – Streams:

   . Fixed bug #72439 (Stream socket with remote address leads to a
segmentation fault). (Laruence) 

 – XMLRPC:

   . Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn
simplestring.c). (Stas)

 – Zip:

   . Fixed bug #72520 (Stack-based buffer overflow vulnerability in
php_stream_zip_opener). (Stas)

文章转载自:开源中国社区 []    

发表评论

电子邮件地址不会被公开。 必填项已用*标注

网站地图xml地图