The PHP development team would like to announce the immediate
availability of PHP 5.2.15. This release marks the end of support for
PHP 5.2. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.
This release focuses on improving the security and stability of the
PHP 5.2.x branch with a small number, of predominatly security fixes.
Security Enhancements and Fixes in PHP 5.2.15:
* Fixed extract() to do not overwrite $GLOBALS and $this when using
EXTR_OVERWRITE.
* Fixed crash in zip extract method (possible CWE-170).
* Fixed a possible double free in imap extension.
* Fixed possible flaw in open_basedir (CVE-2010-3436).
* Fixed NULL pointer dereference in
ZipArchive::getArchiveComment. (CVE-2010-3709).
* Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
large amount of data).
Key enhancements in PHP 5.2.15 include:
* Fixed bug #47643 (array_diff() takes over 3000 times longer than php
5.2.4).
* Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy
with SoapClient object).
* To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a
migration guide available on http://php.net/migration53, details the changes
between PHP 5.2 and PHP 5.3.
For a full list of changes in PHP 5.2.15 see the ChangeLog at
http://www.php.net/ChangeLog-5.php#5.2.15.
- Reverted bug fix#49521 (PDO fetchObject sets values before calling
constructor). (Felipe)
- Updated timezone database to version 2010.5. (Derick)
- Upgraded bundled PCRE to version 8.02. (Ilia)
- Rewrote var_export() to use smart_str rather than output buffering, prevents
data disclosure if a fatal error occurs (CVE-2010-2531). (Scott)
- Fixed a possible interruption array leak in strrchr(). Reported by
Péter Veres. (CVE-2010-2484) (Felipe)
- Fixed a possible interruption array leak in strchr(), strstr(), substr(),
chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). (Felipe)
- Fixed a possible memory corruption in substr_replace() (Dmitry)
- Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas)
- Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan
Esser (Ilia)
- Reset error state in PDO::beginTransaction() reset error state. (Ilia)
- Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
- Fixed handling of session variable serialization on certain prefix
characters. Reported by Stefan Esser (Ilia)
- Fixed a possible arbitrary memory access inside sqlite extension. Reported
by Mateusz Kocielski. (Ilia)
- Fixed a crash when calling an inexistent method of a class that inherits
PDOStatement if instantiated directly instead of doing by the PDO methods.
(Felipe)
- Fixed bug #52317 (Segmentation fault when using mail() on a rhel 4.x (only 64
bit)). (Adam)
- Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
(Johannes)
- Fixed bug #52237 (Crash when passing the reference of the property of a
non-object). (Dmitry)
- Fixed bug #52163 (SplFileObject::fgetss() fails due to parameter that can't
be set). (Felipe)
- Fixed bug #52162 (custom request header variables with numbers are removed).
(Sriram Natarajan)
- Fixed bug #52160 (Invalid E_STRICT redefined constructor error). (Felipe)
- Fixed bug #52061 (memory_limit above 2G). (Felipe)
- Fixed bug #52041 (Memory leak when writing on uninitialized variable returned
from function). (Dmitry)
- Fixed bug #52037 (Concurrent builds fail in install-programs). (seanius at
debian dot org, Kalle)
- Fixed bug #52019 (make lcov doesn't support TESTS variable anymore). (Patrick)
- Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command).
(Ilia, Felipe)
- Fixed bug #51943 (AIX: Several files are out of ANSI spec). (Kalle,
coreystup at gmail dot com)
- Fixed bug #51911 (ReflectionParameter::getDefaultValue() memory leaks with
constant array). (Felipe)
- Fixed bug #51905 (ReflectionParameter fails if default value is an array
with an access to self::). (Felipe)
- Fixed bug #51822 (Segfault with strange __destruct() for static class
variables). (Dmitry)
- Fixed bug #51671 (imagefill does not work correctly for small images).
(Pierre)
- Fixed bug #51670 (getColumnMeta causes segfault when re-executing query
after calling nextRowset). (Pierrick)
- Fixed bug #51629 (CURLOPT_FOLLOWLOCATION error message is misleading).
(Pierre)
- Fixed bug #51617 (PDO PGSQL still broken against PostGreSQL < 7.4).
(Felipe, wdierkes at 5dollarwhitebox dot org)
- Fixed bug #51615 (PHP crash with wrong HTML in SimpleXML). (Felipe)
- Fixed bug #51609 (pg_copy_to: Invalid results when using fourth parameter).
(Felipe)
- Fixed bug #51608 (pg_copy_to: WARNING: nonstandard use of \\ in a string
literal). (cbandy at jbandy dot com)
- Fixed bug #51607 (pg_copy_from does not allow schema in the tablename
argument). (cbandy at jbandy dot com)
- Fixed bug #51604 (newline in end of header is shown in start of message).
(Daniel Egeberg)
- Fixed bug #51562 (query timeout in mssql can not be changed per query).
(ejsmont dot artur at gmail dot com)
- Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory
issues). (Dmitry)
- Fixed bug #51532 (Wrong prototype for SplFileObject::fscanf()). (Etienne)
- Fixed bug #51445 (var_dump() invalid/slow *RECURSION* detection). (Felipe)
- Fixed bug #51393 (DateTime::createFromFormat() fails if format string contains
timezone). (Adam)
- Fixed bug #51374 (Wrongly initialized object properties). (Etienne)
- Fixed bug #51338 (URL-Rewriter is still enabled if use_only_cookies is
on). (Ilia, j dot jeising at gmail dot com)
- Fixed bug #51273 (Faultstring property does not exist when the faultstring is
empty) (Ilia, dennis at transip dot nl)
- Fixed bug #51269 (zlib.output_compression Overwrites Vary Header). (Adam)
- Fixed bug #51263 (imagettftext and rotated text uses wrong baseline)
(cschneid at cschneid dot com, Takeshi Abe)
- Fixed bug #51237 (milter SAPI crash on startup). (igmar at palsenberg dot com)
- Fixed bug #51213 (pdo_mssql is trimming value of the money column). (Ilia,
alexr at oplot dot com)
- Fixed bug #51192 (FILTER_VALIDATE_URL will invalidate a hostname that
includes '-'). (Adam, solar at azrael dot ws).
- Fixed bug #51190 (ftp_put() returns false when transfer was successful).
(Ilia)
- Fixed bug #51183 (ext/date/php_date.c fails to compile with Sun Studio).
(Sriram Natarajan)
- Fixed bug #51171 (curl_setopt() doesn't output any errors or warnings when
an invalid option is provided). (Ilia)
- Fixed bug #51128 (imagefill() doesn't work with large images). (Pierre)
- Fixed bug #51086 (DBA DB4 doesn't work with Berkeley DB 4.8). (Chris Jones)
- Fixed bug #51062 (DBA DB4 uses mismatched headers and libraries). (Chris
Jones)
- Fixed bug #51023 (filter doesn't detect int overflows with GCC 4.4).
(Raphael Geissert)
- Fixed bug #50762 (in WSDL mode Soap Header handler function only being called
if defined in WSDL). (mephius at gmail dot com)
- Fixed bug #50698 (SoapClient should handle wsdls with some incompatiable
endpoints). (Justin Dearing)
- Fixed bug #50383 (Exceptions thrown in __call() / __callStatic() do not
include file and line in trace). (Felipe)
- Fixed bug #49730 (Firebird - new PDO() returns NULL). (Felipe)
- Fixed bug #49723 (LimitIterator with empty SeekableIterator). (Etienne)
- Fixed bug #49576 (FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus)
- Fixed bug #49320 (PDO returns null when SQLite connection fails). (Felipe)
- Fixed bug #49267 (Linking fails for iconv). (Moriyosh)
- Fixed bug #48601 (xpath() returns FALSE for legitimate query). (Rob)
- Fixed bug #48289 (iconv_mime_encode() quoted-printable scheme is broken).
(Adam, patch from hiroaki dot kawai at gmail dot com).
- Fixed bug #43314 (iconv_mime_encode(), broken Q scheme). (Rasmus)
- Fixed bug #33210 (getimagesize() fails to detect width/height on certain
JPEGs). (Ilia)
- Fixed bug #23229 (syslog() truncates messages). (Adam)
Security Enhancements and Fixes in PHP 5.2.12:
* Fixed a safe_mode bypass in tempnam() identified by Grzegorz
Stachowiak. (CVE-2009-3557, Rasmus)
* Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
Stachowiak. (CVE-2009-3558, Rasmus)
* Added "max_file_uploads" INI directive, which can be set to limit the
number of file uploads per-request to 20 by default, to prevent possible
DOS via temporary file exhaustion, identified by Bogdan
Calin. (CVE-2009-4017, Ilia)
* Added protection for $_SESSION from interrupt corruption and improved
"session.save_path" check, identified by Stefan Esser. (CVE-2009-4143,
Stas)
* Fixed bug #49785 (insufficient input string validation of
htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)
Key enhancements in PHP 5.2.12 include:
* Fixed unnecessary invocation of setitimer when timeouts have been
disabled. (Arvind Srinivasan)
* Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
* Fixed crash in SQLiteDatabase::ArrayQuery() and
SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
* Fixed crash when instantiating PDORow and PDOStatement through
Reflection. (Felipe)
* Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
* Fixed bug #50207 (segmentation fault when concatenating very large strings
on 64bit linux). (Ilia)
* Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle
database). (Felipe)
* Fixed bug #50006 (Segfault caused by uksort()). (Felipe)
* Fixed bug #50005 (Throwing through Reflection modified Exception object
makes segmentation fault). (Felipe)
* Fixed bug #49174 (crash when extending PDOStatement and trying to set
queryString property). (Felipe)
* Fixed bug #49098 (mysqli segfault on error). (Rasmus)
* Over 50 other bug fixes.
Security Enhancements and Fixes in PHP 5.2.10:
* Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre)
Key enhancements in PHP 5.2.10 include:
* Added "ignore_errors" option to http fopen wrapper. (David Zulke, Sara)
* Fixed memory corruptions while reading properties of zip files. (Ilia)
* Fixed memory leak in ob_get_clean/ob_get_flush. (Christian)
* Fixed segfault on invalid session.save_path. (Hannes)
* Fixed leaks in imap when a mail_criteria is used. (Pierre)
* Changed default value of array_unique()'s optional sorting type parameter back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi)
* Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt)
* Fixed bug #47903 ("@" operator does not work with string offsets). (Felipe)
* Fixed bug #47644 (Valid integers are truncated with json_decode()). (Scott)
* Fixed bug #47564 (unpacking unsigned long 32bit big endian returns wrong result). (Ilia)
* Fixed bug #47365 (ip2long() may allow some invalid values on certain 64bit systems).
* Over 100 bug fixes.
that databases/php-pdo compiles and works as shared module on Mac OS X
after the package has been modified to use modules shipped with PHP instead
of (obsolete) PCRE versions
Security Enhancements and Fixes in PHP 5.2.9:
* Fixed security issue in imagerotate(), background colour isn't validated correctly with a non truecolour image. Reported by Hamid Ebadi, APA Laboratory (Fixes CVE-2008-5498). (Scott)
* Fixed a crash on extract in zip when files or directories entry names contain a relative path. (Pierre)
* Fixed explode() behavior with empty string to respect negative limit. (Shire)
* Fixed a segfault when malformed string is passed to json_decode(). (Scott)
Key enhancements in PHP 5.2.9 include:
* Added optional sorting type flag parameter to array_unique(). Default is SORT_REGULAR. (Andrei)
* Fixed bug #45996 (libxml2 2.7 causes breakage with character data in xml_parse()). (Rob)
* A number of fixes in the mbstring extension (Moriyoshi)
* Fixed bug #44336 (Improve pcre UTF-8 string matching performance). (frode at coretrek dot com, Nuno)
* Fixed bug #46699 (xml_parse crash when parser is namespace aware). (Rob)
* Fixed bug #46748 (Segfault when an SSL error has more than one error). (Scott)
* Fixed bug #46889 (Memory leak in strtotime()). (Derick)
* Fixed bug #47049 (SoapClient::__soapCall causes a segmentation fault). (Dmitry)
* Fixed bug #47165 (Possible memory corruption when passing return value by reference). (Dmitry)
* Fixed bug #47282 (FILTER_VALIDATE_EMAIL is marking valid email addresses as invalid). (Ilia)
* Fixed bug #47422 (modulus operator returns incorrect results on 64 bit linux). (Matt)
* Over 50 bug fixes.
OpenSSL install is split between /lib and /usr/include/openssl with plays
havoc with the php ./configure as it assumes both have the same base
directory (e.g. /usr). This patch uses a modified inbuilt check for
OpenSSL instead of explicitly specifying a base using --with-openssl.
Security Enhancements and Fixes in PHP 5.2.7:
Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371)
Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz.
Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz.
Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666.
Fixed bug #45151 (Crash with URI/file..php (filename contains 2 dots)).(Fixes CVE-2008-3660)
Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829)
Key enhancements in PHP 5.2.7 include:
Fixed several memory leaks inside the readline and sqlite extensions
A number of corrections relating to date parsing inside the date extension
Fixed bugs relating to data retrieval in the PDO extension
A series of crashes in various areas of code were resolved
Several corrections were made to the strip_tags() function in terms of < and <?XML handling
A number of bugs were fixed in extract() function when EXTR_REFS flag is being used
Added the ability to log PHP errors to the SAPI (Ex. Apache log) logging facility
Over 170 bug fixes.
long. Patch appended to PHP bug 42862, so the fix may be incorporated in
later PHP releases and thus this patch can be reverted.
http://bugs.php.net/bug.php?id=42862
Bump PKGREVISION of php-imap
* Security Enhancements and Fixes in PHP 5.2.5:
Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie.
Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf
Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason.
Fixed bug 42869 (automatic session id insertion adds sessions id to non-local forms).
Fixed bug 41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).
* Key enhancements in PHP 5.2.5 include:
Upgraded PCRE to version 7.3
Updated timezone database to version 2007.9
Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable.
Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc() functions
Fixed bug 43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll())
Fixed bug 42785 (json_encode() formats doubles according to locale rather then following standard syntax)
Fixed bug 42549 (ext/mysql failed to compile with libmysql 3.23)
Over 60 bug fixes.
For all the details see:
http://www.php.net/ChangeLog-5.php#5.2.5
extension loading code to export all symbols (i.e. do equivalent
of dlopen(..., RTLD_GLOBAL)), so that older Mac OS X without dlopen()
(before 10.4) also load extensions properly
patch also submitted as PHP bug# 42629
so that symbols of loaded modules are available for other, dependant modules;
dlopen() is native function since 10.4, so actually apparently preferable interface
now
this is necessary for PDO family of modules (pdo_* depends on symbols of PDO module),
and for XSL module (which depends on symbols of DOM module); doing it this way
allows for PDO and DOM modules to be also shared and dynamically loaded, this avoids
need to compile them into main PHP binary
bump PKGREVISION, this is functionality change for Mac OS X (no change for other
platforms)
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals
(MOPB-26 by Stefan Esser)
* Fixed unallocated memory access/double free in in array_user_key_compare()
(MOPB-24 by Stefan Esser)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
* Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers.
(MOPB-21 by Stefan Esser).
* Limit nesting level of input variables with max_input_nesting_level as fix for
(MOPB-03 by Stefan Esser)
* Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
* Fixed a possible super-global overwrite inside import_request_variables().
(by Stefano Di Paola, Stefan Esser)
* Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc
library. (by Stanislav Malyshev)
* Fixed a header injection via Subject and To parameters to the mail() function
(MOPB-34 by Stefan Esser)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser)
* Fixed substr_compare and substr_count information leak
(MOPB-14 by Stefan Esser) (Stas, Ilia)
* Fixed a remotely trigger-able buffer overflow inside make_http_soap_request()
(by Ilia Alshanetsky)
* Fixed a buffer overflow inside user_filter_factory_create().
(by Ilia Alshanetsky)
Changes since 5.1.6:
The key features of PHP 5.2.0 include:
* New memory manager for the Zend Engine with improved performance and a more
accurate memory usage tracking.
* Input filtering extension was added and enabled by default.
* JSON extension was added and enabled by default.
* ZIP extension for creating and editing zip files was introduced.
* Hooks for tracking file upload progress were introduced.
* Introduced E_RECOVERABLE_ERROR error mode.
* Introduced DateTime and DateTimeZone objects with methods to manipulate
date/time information.
* Upgraded bundled SQLite, PCRE libraries.
* Upgraded OpenSSL, MySQL and PostgreSQL client libraries for Windows
installations.
* Many performance improvements.
* Over 200 bug fixes.
Security Enhancements and Fixes in PHP 5.2.0:
* Made PostgreSQL escaping functions in PostgreSQL and PDO extension keep
track of character set encoding whenever possible.
* Added allow_url_include, set to Off by default to disallow use of URLs
for include and require.
* Disable realpath cache when open_basedir and safe_mode are being used.
* Improved safe_mode enforcement for error_log() function.
* Fixed a possible buffer overflow in the underlying code responsible
for htmlspecialchars() and htmlentities() functions.
* Added missing safe_mode and open_basedir checks for the cURL extension.
* Fixed overflow is str_repeat() & wordwrap() functions on 64bit machines.
* Fixed handling of long paths inside the tempnam() function.
* Fixed safe_mode/open_basedir checks for session.save_path, allowing them
to account for extra parameters.
* Fixed ini setting overload in the ini_restore() function.
For a full list of changes in PHP 5.2.0, see the ChangeLog:
http://www.php.net/ChangeLog-5.php#5.2.0
Also other notable extensions changes:
* filePRO extension removed (not in PECL yet, php-filepro disabled for PHP5)
* JSON added (not enabled by default, packaged in php-json)
* filter added (enabled by default)
* wddx rewritten to native libxml2, fixing several encoding bugs
