abmatten.de Forum

[catreaper]

Nach dem "Month of PHP-Bugs" wurden nun neue Versionen der beliebten Scriptsprache veröffentlicht. Hier mal der Changelog zur 5er Version von php:

[quote="Changelog PHP 5"]
Security Fixes
Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers. (MOPB-20, MOPB-21 by Stefan Esser). (Ilia)
Fixed substr_compare and substr_count information leak (MOPB-14 by Stefan Esser) (Stas, Ilia)
Limit nesting level of input variables with max_input_nesting_level as fix for (MOPB-03 by Stefan Esser) (Stas)
Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team) (Ilia)
Fixed a possible super-global overwrite inside import_request_variables(). (by Stefano Di Paola, Steffan Esser) (Ilia)
Fixed a remotely trigger-able buffer overflow inside make_http_soap_request(). (Ilia)
Fixed a buffer overflow inside user_filter_factory_create(). (Ilia)
Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. (Stas)
Improved bundled GD
Sync to 2.0.35
Added imagegrabwindow and imagegrabscreen, capture a screen or a window using its handle (Pierre)
colors allocated henceforth from the resulting image overwrite the palette colors (Rob Leslie)
Improved thread safety of the gif support (Roman Nemecek, Nuno, Pierre)
Use the dimension of the GIF frame to create the destination image (Pierre)
Load only once the local color map from a GIF data (Pierre)
Improved thread safety of the freetype cache (Scott MacVicar, Nuno, Pierre)
imagearc huge CPU usage with large angles, libgd bug #74 (Pierre)
Improved FastCGI SAPI to support external pipe and socket servers on win32. (Dmitry)
Improved Zend Memory Manager
guarantee of reasonable time for worst cases of best-fit free block searching algorithm. (Dmitry)
better cache usage and less fragmentation on erealloc() (Tony, Dmitry)
Improved SPL (Marcus)
Added SplFileInfo::getBasename(), DirectoryIterator::getBasename().
Added SplFileInfo::getLinkTarget(), SplFileInfo::getRealPath().
Made RecursiveFilterIterator::accept() abstract as stated in documentation.
Improved SOAP
Added ability to encode arrays with "SOAP-ENC:Array" type instead of WSDL type. To activate the ability use "feature"=>SOAP_USE_XSI_ARRAY_TYPE option in SoapClient/SoapServer constructors. (Rob, Dmitry)
Added GMP_VERSION constant. (Tony)
Added --ri switch to CLI which allows to check extension information. (Marcus)
Added tidyNode::getParent() method (John, Nuno)
Added openbasedir and safemode checks in zip:// stream wrapper and ZipArchive::open (Pierre)
Added php_pdo_sqlite_external.dll, a version of the PDO SQLite driver that links against an external sqlite3.dll. This provides Windows users to upgrade their sqlite3 version outside of the PHP release cycle. (Wez, Edin)
Added linenumbers to array returned by token_get_all(). (Johannes)
Implement #40947, allow a single filter as argument for filter_var_array (Pierre)
Implement #39867 (openssl PKCS#12 support) (Marc Delling, Pierre)
Upgraded SQLite 3 to version 3.3.16 (Ilia)
Upgraded libraries bundled in the Windows distribution. (Edin)
c-client (imap) to version 2006e
libpq (PostgreSQL) to version 8.2.3
libmysql (MySQL) to version 5.0.37
openssl to version 0.9.8e
Upgraded PCRE to version 7.0 (Nuno)
Updated timezone database to version 2007.5. (Derick)
Fixed commandline handling for CLI and CGI. (Marcus, Johannes)
Fixed iterator_apply() with a callback using __call(). (Johannes)
Fixed possible multi bytes issues in openssl csr parser (Pierre)
Fixed shmop_open() with IPC_CREAT|IPC_EXCL flags on Windows. (Vladimir Kamaev, Tony).
Fixed possible leak in ZipArchive::extractTo when safemode checks fails (Ilia)
Fixed possible relative path issues in zip_open and TS mode (old API) (Pierre)
Fixed zend_llist_remove_tail (Michael Wallner, Dmitry)
Fixed a thread safety issue in gd gif read code (Nuno, Roman Nemecek)
Fixed crash on op-assign where argument is string offset (Brian, Stas)
Fixed bug #41215 (setAttribute return code reversed). (Ilia)
Fixed bug #41192 (Per Directory Values only work for one key). (Dmitry)
Fixed bug #41175 (addAttribute() fails to add an attribute with an empty value). (Ilia)
Fixed bug #41159 (mysql_pconnect() hash does not account for connect flags). (Ilia)
Fixed bug #41121 (range() overflow handling for large numbers on 32bit machines). (Ilia)
Fixed bug #41118 (PHP does not handle overflow of octal integers). (Tony)
Fixed bug #41109 (recursiveiterator.inc says "implements" Iterator instead of "extends"). (Marcus)
Fixed bug #40130 (TTF usage doesn't work properly under Netware). (Scott, gk at gknw dot de)
Fixed bug #41093 (magic_quotes_gpc ignores first arrays keys). (Arpad, Ilia)
Fixed bug #41075 (memleak when creating default object caused exception). (Dmitry)
Fixed bug #41067 (json_encode() problem with UTF-16 input). (jp at df5ea dot net. Ilia)
Fixed bug #41063 (chdir doesn't like root paths). (Dmitry)
Fixed bug #41061 ("visibility error" in ReflectionFunction::export()). (Johannes)
Fixed bug #41043 (pdo_oci crash when freeing error text with persistent connection). (Tony)
Fixed bug #41037 (unregister_tick_function() inside the tick function crash PHP). (Tony)
Fixed bug #41034 (json_encode() ignores null byte started keys in arrays). (Ilia)
Fixed bug #41026 (segfault when calling "self::method()" in shutdown functions). (Tony)
Fixed bug #40999 (mcrypt_create_iv() not using random seed). (Ilia)
Fixed bug #40998 (long session array keys are truncated). (Tony)
Fixed bug #40935 (pdo_mysql does not raise an exception on empty fetchAll()). (Ilia)
Fixed bug #40931 (open_basedir bypass via symlink and move_uploaded_file()). (Tony)
Fixed bug #40921 (php_default_post_reader crashes when post_max_size is exceeded). (trickie at gmail dot com, Ilia)
Fixed bug #40915 (addcslashes unexpected behavior with binary input). (Tony)
Fixed bug #40899 (memory leak when nesting list()). (Dmitry)
Fixed bug #40897 (error_log file not locked). (Ilia)
Fixed bug #40883 (mysql_query() is allocating memory incorrectly). (Tony)
Fixed bug #40872 (inconsistency in offsetSet, offsetExists treatment of string enclosed integers). (Marcus)
Fixed bug #40861 (strtotime() doesn't handle double negative relative time units correctly). (Derick, Ilia)
Fixed bug #40854 (imap_mail_compose() creates an invalid terminator for multipart e-mails). (Ilia)
Fixed bug #40848 (sorting issue on 64-bit Solaris). (Wez)
Fixed bug #40836 (Segfault in ext/dom). (Rob)
Fixed bug #40833 (Crash when using unset() on an ArrayAccess object retrieved via __get()). (Dmitry)
Fixed bug #40822 (pdo_mysql does not return rowCount() on select). (Ilia)
Fixed bug #40815 (using strings like "class::func" and static methods in set_exception_handler() might result in crash). (Tony)
Fixed bug #40809 (Poor performance of ".="). (Dmitry)
Fixed bug #40805 (Failure executing function ibase_execute()). (Tony)
Fixed bug #40800 (cannot disable memory_limit with -1). (Dmitry, Tony)
Fixed bug #40794 (ReflectionObject::getValues() may crash when used with dynamic properties). (Tony)
Fixed bug #40784 (Case sensitivity in constructor's fallback). (Tony)
Fixed bug #40770 (Apache child exits when PHP memory limit reached). (Dmitry)
Fixed bug #40764 (line thickness not respected for horizontal and vertical lines). (Pierre)
Fixed bug #40758 (Test fcgi_is_fastcgi() is wrong on windows). (Dmitry)
Fixed bug #40754 (added substr() & substr_replace() overflow checks). (Ilia)
Fixed bug #40752 (parse_ini_file() segfaults when a scalar setting is redeclared as an array). (Tony)
Fixed bug #40750 (openssl stream wrapper ignores default_stream_timeout). (Tony)
Fixed bug #40727 (segfault in PDO when failed to bind parameters). (Tony)
Fixed bug #40709 (array_reduce() behaves strange with one item stored arrays). (Ilia)
Fixed bug #40703 (Resolved a possible namespace conflict between libxmlrpc and MySQL's NDB table handler). (Ilia)
Fixed bug #40961 (Incorrect results of DateTime equality check). (Mike)
Fixed bug #40678 (Cross compilation fails). (Tony)
Fixed bug #40621 (Crash when constructor called inappropriately). (Tony)
Fixed bug #40609 (Segfaults when using more than one SoapVar in a request). (Rob, Dmitry)
Fixed bug #40606 (umask is not being restored when request is finished). (Tony)
Fixed bug #40598 (libxml segfault). (Rob)
Fixed
bug #40591 (list()="string"; gives invalid opcode). (Dmitry)
Fixed bug #40578 (imagettftext() multithreading issue). (Tony, Pierre)
Fixed bug #40576 (double values are truncated to 6 decimal digits when encoding). (Tony)
Fixed bug #40560 (DIR functions do not work on root UNC path). (Dmitry)
Fixed bug #40548 (SplFileInfo::getOwner/getGroup give a warning on broken symlink). (Marcus)
Fixed bug #40546 (SplFileInfo::getPathInfo() throws an exception if directory is in root dir). (Marcus)
Fixed bug #40545 (multithreading issue in zend_strtod()). (Tony)
Fixed bug #40503 (json_encode() value corruption on 32bit systems with overflown values). (Ilia)
Fixed bug #40467 (Partial SOAP request sent when XSD sequence or choice include minOccurs=0). (Dmitry)
Fixed bug #40465 (Ensure that all PHP elements are printed by var_dump). (wharmby at uk dot ibm dot com, Ilia)
Fixed bug #40464 (session.save_path wont use default-value when safe_mode or open_basedir is enabled). (Ilia)
Fixed bug #40455 (proc_open() uses wrong command line when safe_mode_exec_dir is set). (Tony)
Fixed bug #40432 (strip_tags() fails with greater than in attribute). (Ilia)
Fixed bug #40431 (dynamic properties may cause crash in ReflectionProperty methods). (Tony)
Fixed bug #40451 (addAttribute() may crash when used with non-existent child node). (Tony)
Fixed bug #40442 (ArrayObject::offsetExists broke in 5.2.1, works in 5.2.0). (olivier at elma dot fr, Marcus)
Fixed bug #40428 (imagepstext() doesn't accept optional parameter). (Pierre)
Fixed bug #40417 (Allow multiple instances of the same named PDO token in prepared statement emulation code). (Ilia)
Fixed bug #40414 (possible endless fork() loop when running fastcgi). (Dmitry)
Fixed bug #40410 (ext/posix does not compile on MacOS 10.3.9). (Tony)
Fixed bug #40392 (memory leaks in PHP milter SAPI). (tuxracer69 at gmail dot com, Tony)
Fixed bug #40371 (pg_client_encoding() not working on Windows). (Edin)
Fixed bug #40352 (FCGI_WEB_SERVER_ADDRS function get lost). (Dmitry)
Fixed bug #40290 (strtotime() returns unexpected result with particular timezone offset). (Derick)
Fixed bug #40286 (PHP fastcgi with PHP_FCGI_CHILDREN don't kill children when parent is killed). (Dmitry)
Fixed bug #40261 (Extremely slow data handling due to memory fragmentation). (Dmitry)
Fixed bug #40236 (php -a function allocation eats memory). (Dmitry)
Fixed bug #40109 (iptcembed fails on non-jfif jpegs). (Tony)
Fixed bug #39965 (Latitude and longitude are backwards in date_sun_info()). (Derick)
Fixed bug #39836 (SplObjectStorage empty after unserialize). (Marcus)
Fixed bug #39416 (Milliseconds in date()). (Derick)
Fixed bug #39396 (stream_set_blocking crashes on Win32). (Ilia, maurice at iceblog dot de)
Fixed bug #39351 (relative include fails on Solaris). (Dmitry, Tony)
Fixed bug #39322 (proc_terminate() destroys process resource). (Nuno)
Fixed bug #38406 (crash when assigning objects to SimpleXML attributes). (Tony)
Fixed bug #37799 (ftp_ssl_connect() falls back to non-ssl connection). (Nuno)
Fixed bug #36496 (SSL support in imap_open() not working on Windows). (Edin)
Fixed bug #36226 (Inconsistent handling when passing nillable arrays). (Dmitry)
Fixed bug #35872 (Avoid crash caused by object store being referenced during RSHUTDOWN). (Andy)
Fixed bug #34794 (proc_close() hangs when used with two processes). (jdolecek at netbsd dot org, Nuno)
Fixed bug #38710 (data leakage because of nonexisting boundary checking in statements in mysqli) (Stas)
Fixed bug #37386 (autocreating element doesn't assign value to first node). (Rob)
Fixed bug #37013 (server hangs when returning circular object references). (Dmitry)
Fixed bug #33664 Console window appears when using exec() (Richard Quadling, Stas)
Fixed PECL bug #10194 (crash in Oracle client when memory limit reached in the callback). (Tony)[/quote]