Commit:    692b3bcd88ece3eefbc5131ecdf971ff18f191cf
Author:    Stanislav Malyshev <s...@php.net>         Tue, 29 May 2012 23:07:27 
-0700
Parents:   6074da9809dec8018e6affe6faf1a77f524bff97 
aab49e934de1fff046e659cbec46e3d053b41c34
Branches:  PHP-5.4

Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=692b3bcd88ece3eefbc5131ecdf971ff18f191cf

Log:
Merge branch 'PHP-5.3' into PHP-5.4

* PHP-5.3:
  fix CVE-2012-2143

Changed paths:
  MM  NEWS


Diff:
diff --cc NEWS
index 4a7cbd4,0297393..898325a
--- a/NEWS
+++ b/NEWS
@@@ -5,59 -4,13 +5,60 @@@ PH
  - COM:
    . Fixed bug #62146 com_dotnet cannot be built shared. (Johannes)
  
 +- CLI Server:
 +  . Implemented FR #61977 (Need CLI web-server support for files with .htm & 
 +    svg extensions). (Sixd, Laruence)
 +  . Improved performance while sending error page, this also fixed
 +    bug #61785 (Memory leak when access a non-exists file without router).
 +    (Laruence)
 +  . Fixed bug #61546 (functions related to current script failed when chdir() 
 +    in cli sapi). (Laruence, reeze....@gmail.com)
 +
 +- CURL:
 +  . Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction).
 +    (Laruence)
 +
  - Core:
 +  . Fixed missing bound check in iptcparse(). (chris at chiappa.net)
+   . Fixed CVE-2012-2143. (Solar Designer)
 +  . Fixed bug #62005 (unexpected behavior when incrementally assigning to a 
 +    member of a null object). (Laruence)
 +  . Fixed bug #61998 (Using traits with method aliases appears to result in
 +    crash during execution). (Dmitry)
 +  . Fixed bug #61978 (Object recursion not detected for classes that implement
 +    JsonSerializable). (Felipe)
 +  . Fixed bug #61991 (long overflow in realpath_cache_get()). (Anatoliy)
 +  . Fixed bug #61922 (ZTS build doesn't accept zend.script_encoding config).
 +    (Laruence)
 +  . Fixed bug #61827 (incorrect \e processing on Windows) (Anatoliy)
 +  . Fixed bug #61782 (__clone/__destruct do not match other methods when 
checking
 +    access controls). (Stas)
 +  . Fixed bug #61761 ('Overriding' a private static method with a different 
 +    signature causes crash). (Laruence)
 +  . Fixed bug #61730 (Segfault from array_walk modifying an array passed by
 +    reference). (Laruence)
 +  . Fixed bug #61728 (PHP crash when calling ob_start in request_shutdown 
 +    phase). (Laruence)
 +  . Fixed bug #61660 (bin2hex(hex2bin($data)) != $data). (Nikita Popov)
 +  . Fixed bug #61650 (ini parser crashes when using ${xxxx} ini variables
 +    (without apache2)). (Laruence)
 +  . Fixed bug #61605 (header_remove() does not remove all headers). (Laruence)
 +  . Fixed bug #54547 (wrong equality of string numbers). (Gustavo)
 +  . Fixed bug #54197 ([PATH=] sections incompatibility with user_ini.filename
 +    set to null). (Anatoliy)
 +  . Changed php://fd to be available only for CLI.
  
 -- Fileinfo:
 -  . Fixed magic file regex support. (Felipe)
 +- Phar:
 +  . Fix bug #61065 (Secunia SA44335, CVE-2012-2386). (Rasmus)
 +
 +- Pgsql:
 +  . Added pg_escape_identifier/pg_escape_literal. (Yasuo Ohgaki)
  
 -- FPM:
 +- Fileinfo
 +  . Fixed bug #61812 (Uninitialised value used in libmagic). 
 +    (Laruence, Gustavo)
 +
 +- FPM
    . Fixed bug #61045 (fpm don't send error log to fastcgi clients). (fat)
    . Fixed bug #61835 (php-fpm is not allowed to run as root). (fat)
    . Fixed bug #61295 (php-fpm should not fail with commented 'user'


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to