ius-coredev team mailing list archive
-
ius-coredev team
-
Mailing list archive
-
Message #00173
[Bug 531451] [NEW] SRC: Upstream Source Update for PHP 5.2.13
Public bug reported:
PHP 5 ChangeLog
Version 5.2.13
25-February-2010
* Security Fixes
o Improved LCG entropy. (Rasmus, Samy Kamkar)
o Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
o Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)
* Updated timezone database to version 2010.2. (Derick)
* Upgraded bundled PCRE to version 7.9. (Ilia)
* Removed automatic file descriptor unlocking happening on shutdown and/or stream close (on all OSes excluding Windows). (Tony, Ilia)
* Changed tidyNode class to disallow manual node creation. (Pierrick)
* Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL. (Ilia)
* Fixed bug in bundled libgd causing spurious horizontal lines drawn by gdImageFilledPolygon (libgd #100). (Takeshi Abe)
* Fixed build of mysqli with MySQL 5.5.0-m2. (Andrey)
* Fixed bug #50940 (Custom content-length set incorrectly in Apache sapis). (Brian France, Rasmus)
* Fixed bug #50930 (Wrong date by php_date.c patch with ancient gcc/glibc versions). (Derick)
* Fixed bug #50859 (build fails with openssl 1.0 due to md2 deprecation). (Ilia, hanno at hboeck dot de)
* Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long). (Ilia)
* Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP authentication). (Jani)
* Fixed bug #50823 (ReflectionFunction::isDeprecated producing "cannot be called statically" error). (Jani, Felipe)
* Fixed bug #50791 (Compile failure: Bad logic in defining fopencookie emulation). (Jani)
* Fixed bug #50787 (stream_set_write_buffer() has no effect on socket streams). (vnegrier at optilian dot com, Ilia)
* Fixed bug #50772 (mysqli constructor without parameters does not return a working mysqli object). (Andrey)
* Fixed bug #50761 (system.multiCall crashes in xmlrpc extension). (hiroaki dot kawai at gmail dot com, Ilia)
* Fixed bug #50732 (exec() adds single byte twice to $output array). (Ilia)
* Fixed bug #50728 (All PDOExceptions hardcode 'code' property to 0). (Joey, Ilia)
* Fixed bug #50727 (Accessing mysqli->affected_rows on no connection causes segfault). (Andrey, Johannes)
* Fixed bug #50680 (strtotime() does not support eighth ordinal number). (Ilia)
* Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16). (Rob)
* Fixed bug #50657 (copy() with an empty (zero-byte) HTTP source succeeds but returns false). (Ilia)
* Fixed bug #50636 (MySQLi_Result sets values before calling constructor). (Pierrick)
* Fixed bug #50632 (filter_input() does not return default value if the variable does not exist). (Ilia)
* Fixed bug #50576 (XML_OPTION_SKIP_TAGSTART option has no effect). (Pierrick)
* Fixed bug #50575 (PDO_PGSQL LOBs are not compatible with PostgreSQL 8.5). (Matteo)
* Fixed bug #50558 (Broken object model when extending tidy). (Pierrick)
* Fixed bug #50540 (Crash while running ldap_next_reference test cases). (Sriram)
* Fixed bug #50508 (compile failure: Conflicting HEADER type declarations). (Jani)
* Fixed bug #50394 (Reference argument converted to value in __call). (Stas)
* Fixed bug #49851 (http wrapper breaks on 1024 char long headers). (Ilia)
* Fixed bug #49600 (imageTTFText text shifted right). (Takeshi Abe)
* Fixed bug #49585 (date_format buffer not long enough for >4 digit years). (Derick, Adam)
* Fixed bug #49463 (setAttributeNS fails setting default namespace). (Rob)
* Fixed bug #48667 (Implementing Iterator and IteratorAggregate). (Etienne)
* Fixed bug #48590 (SoapClient does not honor max_redirects). (Sriram)
* Fixed bug #48190 (Content-type parameter "boundary" is not case-insensitive in HTTP uploads). (Ilia)
* Fixed bug #47601 (defined() requires class to exist when testing for class constants). (Ilia)
* Fixed bug #47409 (extract() problem with array containing word "this"). (Ilia, chrisstocktonaz at gmail dot com)
* Fixed bug #47002 (Field truncation when reading from dbase dbs with more then 1024 fields). (Ilia, sjoerd-php at linuxonly dot nl)
* Fixed bug #45599 (strip_tags() truncates rest of string with invalid attribute). (Ilia, hradtke)
* Fixed bug #44827 (define() allows :: in constant names). (Ilia)
** Affects: ius
Importance: Medium
Assignee: BJ Dierkes (derks)
Status: In Progress
** Affects: ius/php52
Importance: Medium
Assignee: BJ Dierkes (derks)
Status: In Progress
** Also affects: ius/php52
Importance: Undecided
Status: New
** Changed in: ius/php52
Milestone: None => php52-5.2.13-1
** Changed in: ius
Milestone: None => php52-5.2.13-1
** Changed in: ius/php52
Status: New => In Progress
** Changed in: ius
Importance: Undecided => Medium
** Changed in: ius/php52
Importance: Undecided => Medium
** Changed in: ius
Assignee: (unassigned) => BJ Dierkes (derks)
** Changed in: ius/php52
Assignee: (unassigned) => BJ Dierkes (derks)
** Branch linked: lp:ius/php52
--
SRC: Upstream Source Update for PHP 5.2.13
https://bugs.launchpad.net/bugs/531451
You received this bug notification because you are a member of IUS Core
Development, which is subscribed to IUS Community Project.
Status in IUS Community Project: In Progress
Status in IUS Community Project php52 series: In Progress
Bug description:
PHP 5 ChangeLog
Version 5.2.13
25-February-2010
* Security Fixes
o Improved LCG entropy. (Rasmus, Samy Kamkar)
o Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
o Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)
* Updated timezone database to version 2010.2. (Derick)
* Upgraded bundled PCRE to version 7.9. (Ilia)
* Removed automatic file descriptor unlocking happening on shutdown and/or stream close (on all OSes excluding Windows). (Tony, Ilia)
* Changed tidyNode class to disallow manual node creation. (Pierrick)
* Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL. (Ilia)
* Fixed bug in bundled libgd causing spurious horizontal lines drawn by gdImageFilledPolygon (libgd #100). (Takeshi Abe)
* Fixed build of mysqli with MySQL 5.5.0-m2. (Andrey)
* Fixed bug #50940 (Custom content-length set incorrectly in Apache sapis). (Brian France, Rasmus)
* Fixed bug #50930 (Wrong date by php_date.c patch with ancient gcc/glibc versions). (Derick)
* Fixed bug #50859 (build fails with openssl 1.0 due to md2 deprecation). (Ilia, hanno at hboeck dot de)
* Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long). (Ilia)
* Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP authentication). (Jani)
* Fixed bug #50823 (ReflectionFunction::isDeprecated producing "cannot be called statically" error). (Jani, Felipe)
* Fixed bug #50791 (Compile failure: Bad logic in defining fopencookie emulation). (Jani)
* Fixed bug #50787 (stream_set_write_buffer() has no effect on socket streams). (vnegrier at optilian dot com, Ilia)
* Fixed bug #50772 (mysqli constructor without parameters does not return a working mysqli object). (Andrey)
* Fixed bug #50761 (system.multiCall crashes in xmlrpc extension). (hiroaki dot kawai at gmail dot com, Ilia)
* Fixed bug #50732 (exec() adds single byte twice to $output array). (Ilia)
* Fixed bug #50728 (All PDOExceptions hardcode 'code' property to 0). (Joey, Ilia)
* Fixed bug #50727 (Accessing mysqli->affected_rows on no connection causes segfault). (Andrey, Johannes)
* Fixed bug #50680 (strtotime() does not support eighth ordinal number). (Ilia)
* Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16). (Rob)
* Fixed bug #50657 (copy() with an empty (zero-byte) HTTP source succeeds but returns false). (Ilia)
* Fixed bug #50636 (MySQLi_Result sets values before calling constructor). (Pierrick)
* Fixed bug #50632 (filter_input() does not return default value if the variable does not exist). (Ilia)
* Fixed bug #50576 (XML_OPTION_SKIP_TAGSTART option has no effect). (Pierrick)
* Fixed bug #50575 (PDO_PGSQL LOBs are not compatible with PostgreSQL 8.5). (Matteo)
* Fixed bug #50558 (Broken object model when extending tidy). (Pierrick)
* Fixed bug #50540 (Crash while running ldap_next_reference test cases). (Sriram)
* Fixed bug #50508 (compile failure: Conflicting HEADER type declarations). (Jani)
* Fixed bug #50394 (Reference argument converted to value in __call). (Stas)
* Fixed bug #49851 (http wrapper breaks on 1024 char long headers). (Ilia)
* Fixed bug #49600 (imageTTFText text shifted right). (Takeshi Abe)
* Fixed bug #49585 (date_format buffer not long enough for >4 digit years). (Derick, Adam)
* Fixed bug #49463 (setAttributeNS fails setting default namespace). (Rob)
* Fixed bug #48667 (Implementing Iterator and IteratorAggregate). (Etienne)
* Fixed bug #48590 (SoapClient does not honor max_redirects). (Sriram)
* Fixed bug #48190 (Content-type parameter "boundary" is not case-insensitive in HTTP uploads). (Ilia)
* Fixed bug #47601 (defined() requires class to exist when testing for class constants). (Ilia)
* Fixed bug #47409 (extract() problem with array containing word "this"). (Ilia, chrisstocktonaz at gmail dot com)
* Fixed bug #47002 (Field truncation when reading from dbase dbs with more then 1024 fields). (Ilia, sjoerd-php at linuxonly dot nl)
* Fixed bug #45599 (strip_tags() truncates rest of string with invalid attribute). (Ilia, hradtke)
* Fixed bug #44827 (define() allows :: in constant names). (Ilia)
Follow ups
References
