Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:46459
Return-Path: <ilia@ilia.ws>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 58309 invoked from network); 17 Dec 2009 15:15:53 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 17 Dec 2009 15:15:53 -0000
Authentication-Results: pb1.pair.com smtp.mail=ilia@ilia.ws; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=ilia@ilia.ws; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ilia.ws designates 209.85.221.201 as permitted sender)
X-PHP-List-Original-Sender: ilia@ilia.ws
X-Host-Fingerprint: 209.85.221.201 mail-qy0-f201.google.com  
Received: from [209.85.221.201] ([209.85.221.201:34911] helo=mail-qy0-f201.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id A3/49-10317-82B4A2B4 for <internals@lists.php.net>; Thu, 17 Dec 2009 10:15:52 -0500
Received: by mail-qy0-f201.google.com with SMTP id 39so1012404qyk.27
        for <internals@lists.php.net>; Thu, 17 Dec 2009 07:15:52 -0800 (PST)
Received: by 10.224.43.96 with SMTP id v32mr1679511qae.171.1261062952670;
        Thu, 17 Dec 2009 07:15:52 -0800 (PST)
Received: from ilappy.local (dev.centah.com [67.215.199.37])
        by mx.google.com with ESMTPS id 2sm5749597qwi.47.2009.12.17.07.15.51
        (version=SSLv3 cipher=RC4-MD5);
        Thu, 17 Dec 2009 07:15:51 -0800 (PST)
Message-ID: <4B2A4B26.3050109@prohost.org>
Date: Thu, 17 Dec 2009 10:15:50 -0500
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-GB; rv:1.9.1.5) Gecko/20091204 Lightning/1.0b2pre Thunderbird/3.0
MIME-Version: 1.0
To: internals@lists.php.net
X-Enigmail-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: PHP 5.2.12 Released!
From: ilia@ilia.ws (Ilia Alshanetsky)

The PHP development team would like to announce the immediate
availability of PHP 5.2.12. This release focuses on improving the
stability of the PHP 5.2.x branch with over 60 bug fixes, some of which
are security related.  All users of PHP 5.2 are encouraged to upgrade to
this release.

Security Enhancements and Fixes in PHP 5.2.12:

- Fixed a safe_mode bypass in tempnam() identified by Grzegorz
Stachowiak. (CVE-2009-3557, Rasmus)
- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
Stachowiak. (CVE-2009-3558, Rasmus)
- Added "max_file_uploads" INI directive, which can be set to limit the
number of file uploads per-request to 20 by default, to prevent possible
DOS via temporary file exhaustion, identified by Bogdan Calin.
(CVE-2009-4017, Ilia)
- Added protection for $_SESSION from interrupt corruption and improved
"session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas)
- Fixed bug #49785 (insufficient input string validation of
htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)

Key enhancements in PHP 5.2.12 include:

- Fixed unnecessary invocation of setitimer when timeouts have been
disabled. (Arvind Srinivasan)
- Fixed crash in com_print_typeinfo when an invalid typelib is given.
(Pierre)
- Fixed crash in SQLiteDatabase::ArrayQuery() and
SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
- Fixed crash when instantiating PDORow and PDOStatement through
Reflection. (Felipe)
- Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
- Fixed bug #50207 (segmentation fault when concatenating very large
strings on 64bit linux). (Ilia)
- Fixed bug #50162 (Memory leak when fetching timestamp column from
Oracle database). (Felipe)
- Fixed bug #50006 (Segfault caused by uksort()). (Felipe)
- Fixed bug #50005 (Throwing through Reflection modified Exception
object makes segmentation fault). (Felipe)
- Fixed bug #49174 (crash when extending PDOStatement and trying to set
queryString property). (Felipe)
- Fixed bug #49098 (mysqli segfault on error). (Rasmus)
- Over 50 other bug fixes.


Ilia Alshanetsky
5.2 Release Master