24Sep

PHP 5.3.17 Upgrade


This evening all Mr.Host web servers have been upgraded to PHP 5.3.17. We missed a few updates between 5.3.14 and 5.3.17, so this post outlines all the changes since 5.3.14.

5.3.15

  • Zend Engine
    • Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that includes a semi-colon)
  • COM
    • Fixed bug #62146 com_dotnet cannot be built shared
  • Core
    • Fixed potential overflow in _php_stream_scandir, CVE-2012-2688
    • Fixed bug #62432 (ReflectionMethod random corrupt memory on high concurrent)
    • Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
  • Fileinfo
    • Fixed magic file regex support
  • FPM
    • Fixed bug #61045 (fpm don’t send error log to fastcgi clients)
    • Fixed bug #61835 (php-fpm is not allowed to run as root)
    • Fixed bug #61295 (php-fpm should not fail with commented ‘user’ for non-root start)
    • Fixed bug #61026 (FPM pools can listen on the same address)
    • Fixed bug #62033 (php-fpm exits with status 0 on some failures to start)
    • Fixed bug #62153 (when using unix sockets, multiples FPM instances can be launched without errors)
    • Fixed bug #62160 (Add process.priority to set nice(2) priorities)
    • Fixed bug #61218 (FPM drops connection while receiving some binary values in FastCGI requests)
    • Fixed bug #62205 (php-fpm segfaults (null passed to strstr))
  • Intl
    • Fixed bug #62083 (grapheme_extract() memory leaks)
    • Fixed bug #62081 (IntlDateFormatter constructor leaks memory when called twice)
    • Fixed bug #62070 (Collator::getSortKey() returns garbage)
    • Fixed bug #62017 (datefmt_create with incorrectly encoded timezone leaks pattern)
    • Fixed bug #60785 (memory leak in IntlDateFormatter constructor)
  • JSON
    • Reverted fix for bug #61537
  • Phar
    • Fixed bug #62227 (Invalid phar stream path causes crash)
  • Reflection
    • Fixed bug #62384 (Attempting to invoke a Closure more than once causes segfault)
    • Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory leaks with constant)
  • SPL
    • Fixed bug #62262 (RecursiveArrayIterator does not implement Countable)
  • SQLite
    • Fixed open_basedir bypass, CVE-2012-3365
  • XML Write
    • Fixed bug #62064 (memory leak in the XML Writer module)
  • Zip
    • Upgraded libzip to 0.10

5.3.16

  • Core
    • Fixed bug #62763 (register_shutdown_function and extending class).
    • Fixed bug #62744 (dangling pointers made by zend_disable_class).
    • Fixed bug #62716 (munmap() is called with the incorrect length).
    • Fixed bug #62460 (php binaries installed as binary.dSYM).
    • Fixed bug #60194 (–with-zend-multibyte and –enable-debug reports LEAK with run-test.php).
  • CURL
    • Fixed bug #62839 (curl_copy_handle segfault with CURLOPT_FILE).
    • Fixed bug #62499 (curl_setopt($ch, CURLOPT_COOKIEFILE, “”) returns false).
  • DateTime
    • Fixed bug #62500 (Segfault in DateInterval class when extended).
  • Enchant
    • Fixed bug #62838 (enchant_dict_quick_check() destroys zval, but fails to initialize it).
  • PDO
    • Fixed bug #62685 (Wrong return datatype in PDO::inTransaction()).
  • Reflection
    • Fixed bug #62715 (ReflectionParameter::isDefaultValueAvailable() wrong result).
  • Session
    • Fixed bug (segfault due to retval is not initialized).
  • SPL
    • Fixed bug #62616 (ArrayIterator::count() from IteratorIterator instance gives Segmentation fault)

5.3.17

  • Core
    • Fixed bug (segfault while build with zts and GOTO vm-kind)
    • Fixed bug #62955 (Only one directive is loaded from “Per Directory Values” Windows registry)
    • Fixed bug #62763 (register_shutdown_function and extending class)
    • Fixed bug #62744 (dangling pointers made by zend_disable_class)
    • Fixed bug #62716 (munmap() is called with the incorrect length)
    • Fixed bug ##62460 (php binaries installed as binary.dSYM)
  • CURL
    • Fixed bug #62839 (curl_copy_handle segfault with CURLOPT_FILE)
  • DateTime
    • Fixed bug #62852 (Unserialize invalid DateTime causes crash)
  • Intl
    • Fix null pointer dereferences in some classes of ext/intl
  • MySQLnd
    • Fixed bug #62885 (mysqli_poll – Segmentation fault)
  • PDO
    • Fixed bug #62685 (Wrong return datatype in PDO::inTransaction())
  • Session
    • Fixed bug (segfault due to retval is not initialized)
    • SPL Fixed bug #62904 (Crash when cloning an object which inherits SplFixedArray)
  • Enchant
    • Fixed bug #62838 (enchant_dict_quick_check() destroys zval, but fails to initialize it)