PHP5.2.3 released

JDiel

JDiel

Verified User
Joined
Feb 13, 2006
Messages
64
Location
Netherlands
Hey all,

Just wanted to let you call know that PHP5.2.3 is released!

The PHP development team would like to announce the immediate availability of PHP 5.2.3. This release continues to improve the security and the stability of the 5.X branch as well as addressing two regressions introduced by the previous 5.2 releases. These regressions relate to the timeout handling over non-blocking SSL connections and the lack of HTTP_RAW_POST_DATA in certain conditions. All users are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.2.3:

* Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872)
* Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756)
* Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900)
* Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()) (by bugs dot php dot net at chsc dot dk)
* Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.
* Added mysql_set_charset() to allow runtime altering of connection encoding.

The key improvements of PHP 5.2.3 include:

* Improved compilation of heredocs and interpolated strings.
* Optimized out a couple of per-request syscalls.
* Optimized digest generation in md5() and sha1() functions.
* Fixed bug #41236 (Regression in timeout handling of non-blocking SSL connections during reads and writes)
* Fixed bug #39542 (Behavior of require/include different to < 5.2.0)
* Fixed bug #41293 (Fixed creation of HTTP_RAW_POST_DATA when there is no default post handler)
* Fixed bug #41347 (checkdnsrr() segfaults on empty hostname)
* Fixed bug #41353 (crash in openssl_pkcs12_read() on invalid input)
* Fixed bug #41403 (json_decode cannot decode floats if localeconv decimal_point is not '.')
* Fixed bug #41421 (Uncaught exception from a stream wrapper segfaults)
* Fixed bug #41504 (json_decode() incorrectly decodes JSON arrays with empty string keys).
* Over 40 bug fixes.
Click to expand...

Regards, Jeroen
 
Just a heads up... I haven't dug into this much, but it looks like PHP 5.2.3 does not work with (my config anyways) of suPHP 0.6.2

I'll dig into this more over the weekend, but with 5.2.3 two of my dev boxes chuck 500 errors with no useful log entries, yet when I revert back to 5.2.2 all is well.
 
NVarra said:
Just a heads up... I haven't dug into this much, but it looks like PHP 5.2.3 does not work with (my config anyways) of suPHP 0.6.2

I'll dig into this more over the weekend, but with 5.2.3 two of my dev boxes chuck 500 errors with no useful log entries, yet when I revert back to 5.2.2 all is well.
Click to expand...

PHP 5.2.3 changelog said:
  • Changed CGI install target to php-cgi and 'make install' to install CLI when CGI is selected. (Jani)
Click to expand...

I'll fix it into custombuild soon.
 
5.1.6 is teh latest version I can get tio work with the sites on my server, with latest php some remote uinclude stuff dont work along with ioncube
 
felosi said:
5.1.6 is teh latest version I can get tio work with the sites on my server, with latest php some remote uinclude stuff dont work along with ioncube
Click to expand...

I believe in 5.2 a new config option was introduced for security reasons which defaults to off, enabling it will get the remote includes to work again.
 
Custombuild is now working perfectly with PHP 5.2.3 and suPHP.
 
What have you added to fix this? It's handy to know because I'm doing to normally by hand ;).
 
Just change PHP binary path to php-cgi at the end (not php).

E.g. if it was "/usr/local/bin/php", change it to "/usr/local/bin/php-cgi".
 
Ah, yes, that's it alright. I see, funny that they change the names now. Oh well, easy fix ;) Thanks for your quick reply man!
 
Thanks for the notification. Just going to do the upgrade on the company servers now.
 
You must log in or register to reply here.
Back
Top