Commit: 21fa9634c19210050b130bed9f3ac77c5332080b Author: Johannes Schlüter <johan...@schlueters.de> Thu, 29 Mar 2012 10:54:08 +0200 Parents: 67bf07f3e79de6653681d9317229c49b5e2415db 167e2fd78224887144496cdec2089cd5b2f3312d Branches: PHP-5.3 PHP-5.4 master PHP-5.3.11
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=21fa9634c19210050b130bed9f3ac77c5332080b Log: Merge remote branch 'security/PHP-5.3' into PHP-5.3 * security/PHP-5.3: fix bug #61367 - open_basedir bypass using libxml RSHUTDOWN open_basedir check for linkinfo NEWS entry for readline fix Add open_basedir checks to readline_write_history and readline_read_history Bugs: https://bugs.php.net/61367 Changed paths: MM NEWS Diff: 21fa9634c19210050b130bed9f3ac77c5332080b diff --combined NEWS index abda82a,366315d..8d69073 --- a/NEWS +++ b/NEWS @@@ -13,12 -13,10 +13,12 @@@ PH . Fixed bug #61072 (Memory leak when restoring an exception handler). (Nikic, Laruence) . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). - (Laruence) + (Laruence) + . Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831). + (Ondřej Surý) . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical - vars). (Laruence) - . Fix bug #60895 (Possible invalid handler usage in windows random + vars). (Laruence) + . Fixed bug #60895 (Possible invalid handler usage in windows random functions). (Pierre) . Fixed bug #60825 (Segfault when running symfony 2 tests). (Dmitry, Laruence) @@@ -27,20 -25,10 +27,20 @@@ . Fixed bug #60227 (header() cannot detect the multi-line header with CR). (rui, Gustavo) . Fixed bug #60222 (time_nanosleep() does validate input params). (Ilia) + . Fixed bug #54374 (Insufficient validating of upload name leading to + corrupted $_FILES indices). (CVE-2012-1172). (Stas, lekensteyn at + gmail dot com, Pierre) . Fixed bug #52719 (array_walk_recursive crashes if third param of the function is by reference). (Nikita Popov) . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry) +- DOM + . Added debug info handler to DOM objects. (Gustavo, Joey Smith) + +- FPM + . Fixed bug #61430 (Transposed memset() params in sapi/fpm/fpm/fpm_shm.c). + (michaelhood at gmail dot com, Ilia) + - Ibase . Fixed bug #60947 (Segmentation fault while executing ibase_db_info). (Ilia) @@@ -54,6 -42,10 +54,10 @@@ - Firebird Database extension (ibase): . Fixed bug #60802 (ibase_trans() gives segfault when passing params). + - Libxml: + . Fixed bug #61367 (open_basedir bypass using libxml RSHUTDOWN). + (Tim Starling) + - mysqli . Fixed bug #61003 (mysql_stat() require a valid connection). (Johannes). @@@ -83,6 -75,8 +87,8 @@@ - Readline: . Fixed bug #61088 (Memory leak in readline_callback_handler_install). (Nikic, Laruence) + . Add open_basedir checks to readline_write_history and readline_read_history. + (Rasmus, reported by Mateusz Goik) - Reflection: . Fixed bug #61388 (ReflectionObject:getProperties() issues invalid reads @@@ -97,8 -91,6 +103,8 @@@ User-Agent header). (carloschilazo at gmail dot com) . Fixed bug #60842, #51775 (Chunked response parsing error when chunksize length line is > 10 bytes). (Ilia) + . Fixed bug #49853 (Soap Client stream context header option ignored). + (Dmitry) - SPL . Fixed memory leak when calling SplFileInfo's constructor twice. (Felipe) @@@ -136,8 -128,7 +142,8 @@@ . Fixed bug #54682 (tidy null pointer dereference). (Tony, David Soria Parra) - XMLRPC: - . Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary variable). (Nikita Popov) + . Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary + variable). (Nikita Popov) . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikic) - Zlib: @@@ -252,8 -243,6 +258,8 @@@ for small images). (Florian) - Intl: + . Fixed bug #61487 (Incorrent bounds checking in grapheme_strpos). + (Stas) . Fixed bug #60192 (SegFault when Collator not constructed properly). (Florian) . Fixed memory leak in several Intl locale functions. (Felipe) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php