PHP 5.4.5 and PHP 5.3.15 released!

nmb

Verified User
Joined
Sep 13, 2008
Messages
223
The PHP development team would like to announce the immediate availability of PHP 5.4.5 and PHP 5.3.15. This release fixes over 30 bugs and includes a fix for a security related overflow issue in the stream implementation. All users of PHP are encouraged to upgrade to PHP 5.4.5 or PHP 5.3.15.


Version 5.4.5
19-July-2012

Core
Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
Fixed bug #62432 (ReflectionMethod random corrupt memory on high concurrent)
Fixed bug #62373 (serialize() generates wrong reference to the object).
Fixed bug #62357 (compile failure: (S) Arguments missing for built-in function __memcmp)
Fixed bug #61998 (Using traits with method aliases appears to result in crash during execution)
Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that includes a semi-colon)
Fixed potential overflow in _php_stream_scandir (CVE-2012-2688)

EXIF
Fixed information leak in ext exi

FPM
Fixed bug #62205 (php-fpm segfaults (null passed to strstr)
Fixed bug #62160 (Add process.priority to set nice(2) priorities)
Fixed bug #62153 (when using unix sockets, multiples FPM instances)
Fixed bug #62033 (php-fpm exits with status 0 on some failures to start)
Fixed bug #61839 (Unable to cross-compile PHP with --enable-fpm)
Fixed bug #61835 (php-fpm is not allowed to run as root)
Fixed bug #61295 (php-fpm should not fail with commented 'user'
Fixed bug #61218 (FPM drops connection while receiving some binary values in FastCGI requests)
Fixed bug #61045 (fpm don't send error log to fastcgi clients). (fat) for non-root start)
Fixed bug #61026 (FPM pools can listen on the same address). (fat) can be launched without errors)

Iconv
Fixed bug #55042 (Erealloc in iconv.c unsafe)

Intl
Fixed bug #62083 (grapheme_extract() memory leaks)
Fixed bug #62081 (IntlDateFormatter constructor leaks memory when called twice)
Fixed bug #62070 (Collator::getSortKey() returns garbage)
Fixed bug #62017 (datefmt_create with incorrectly encoded timezone leaks pattern)
Fixed bug #60785 (memory leak in IntlDateFormatter constructor)
ResourceBundle constructor now accepts NULL for the first two arguments

JSON
Fixed bug #61359 (json_encode() calls too many reallocs)

libxml
Fixed bug #62266 (Custom extension segfaults during xmlParseFile with FPM SAPI)

Phar
Fixed bug #62227 (Invalid phar stream path causes crash)

Readline
Fixed bug #62186 (readline fails to compile - void function should not return a value)

Reflection
Fixed bug #62384 (Attempting to invoke a Closure more than once causes segfault)
Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory leaks with constant)

Sockets
Fixed bug #62025 (__ss_family was changed on AIX 5.3)

SPL
Fixed bug #62433 (Inconsistent behavior of RecursiveDirectoryIterator to dot files)
Fixed bug #62262 (RecursiveArrayIterator does not implement Countable)

XML Writer
Fixed bug #62064 (memory leak in the XML Writer module)

Zip
Upgraded libzip to 0.10.

Version 5.3.15
19-July-2012

Zend Engine
Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that includes a semi-colon)

COM
Fixed bug #62146 com_dotnet cannot be built shared

Core
Fixed potential overflow in _php_stream_scandir, CVE-2012-2688
Fixed bug #62432 (ReflectionMethod random corrupt memory on high concurrent)
Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)

Fileinfo
Fixed magic file regex support

FPM
Fixed bug #61045 (fpm don't send error log to fastcgi clients)
Fixed bug #61835 (php-fpm is not allowed to run as root)
Fixed bug #61295 (php-fpm should not fail with commented 'user' for non-root start)
Fixed bug #61026 (FPM pools can listen on the same address)
Fixed bug #62033 (php-fpm exits with status 0 on some failures to start)
Fixed bug #62153 (when using unix sockets, multiples FPM instances can be launched without errors)
Fixed bug #62160 (Add process.priority to set nice(2) priorities)
Fixed bug #61218 (FPM drops connection while receiving some binary values in FastCGI requests)
Fixed bug #62205 (php-fpm segfaults (null passed to strstr))

Intl
Fixed bug #62083 (grapheme_extract() memory leaks)
Fixed bug #62081 (IntlDateFormatter constructor leaks memory when called twice)
Fixed bug #62070 (Collator::getSortKey() returns garbage)
Fixed bug #62017 (datefmt_create with incorrectly encoded timezone leaks pattern)
Fixed bug #60785 (memory leak in IntlDateFormatter constructor)

JSON
Reverted fix for bug #61537

Phar
Fixed bug #62227 (Invalid phar stream path causes crash)

Reflection
Fixed bug #62384 (Attempting to invoke a Closure more than once causes segfault)
Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory leaks with constant)

SPL
Fixed bug #62262 (RecursiveArrayIterator does not implement Countable)

SQLite
Fixed open_basedir bypass, CVE-2012-3365

XML Write
Fixed bug #62064 (memory leak in the XML Writer module)

Zip
Upgraded libzip to 0.10
 
Back
Top