11 and 12 released!

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

11 and 12 released!

Post by feyd »

That's right kiddies, 11 and 12 have been released. What? You don't know what I'm talking about?


Okay..
PHP.net wrote:PHP development team would like to announce the immediate availability
of PHP 5.1.5 and PHP 4.4.4. The two releases address a series of
security problems discovered since PHP 5.1.4 and 4.4.3, respectively.
These include the following:
  • Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions.
  • Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems.
  • Fixed possible open_basedir/safe_mode bypass in cURL extension and on PHP 5.1.5 with realpath cache.
  • Fixed overflow in GD extension on invalid GIF images.
  • Fixed a buffer overflow inside sscanf() function.
  • Fixed an out of bounds read inside stripos() function.
  • Fixed memory_limit restriction on 64 bit system.
In addition to the security fixes, both releases include a small number
of non-security related bug fixes.

The outlined issues can only be exploited locally, however, we still
recommend that all users upgrade to either one of the new releases as
soon as possible.


Ilia Alshanetsky and Derick Rethans
Now, discuss! Image
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Re: 11 and 12 released!

Post by alex.barylski »

feyd wrote:That's right kiddies, 11 and 12 have been released. What? You don't know what I'm talking about?


Okay..
PHP.net wrote:PHP development team would like to announce the immediate availability
of PHP 5.1.5 and PHP 4.4.4. The two releases address a series of
security problems discovered since PHP 5.1.4 and 4.4.3, respectively.
These include the following:
  • Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions.
  • Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems.
  • Fixed possible open_basedir/safe_mode bypass in cURL extension and on PHP 5.1.5 with realpath cache.
  • Fixed overflow in GD extension on invalid GIF images.
  • Fixed a buffer overflow inside sscanf() function.
  • Fixed an out of bounds read inside stripos() function.
  • Fixed memory_limit restriction on 64 bit system.
In addition to the security fixes, both releases include a small number
of non-security related bug fixes.

The outlined issues can only be exploited locally, however, we still
recommend that all users upgrade to either one of the new releases as
soon as possible.


Ilia Alshanetsky and Derick Rethans
Now, discuss! Image
None of those issues will affect any of my code...I think...
Fixed overflow in GD extension on invalid GIF images
I recall Windows having a similiar problem with JPEG when using GDI+ :P

Other than that I have little more to say on the subject...I suppose I should check my shared host and make sure their up to date...

Thanks for the heads up
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Erm.. how is that 11 and 12?

(goes off to install the two new versions)
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

There isn't a lot to discuss really, is there? :P
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Ambush Commander wrote:how is that 11 and 12?
5.1.5 and 4.4.4.





5 + 1 + 5 = 11
4 + 4 + 4 = 12

Image


edit:
Jenk wrote:There isn't a lot to discuss really, is there? :P
Nope, but there is some discussion possible.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

# Fixed overflow in GD extension on invalid GIF images.
# Fixed a buffer overflow inside sscanf() function.
# Fixed an out of bounds read inside stripos() function.
those 3 were the ones that caught my attention. I've seen a fair number of broken GIF's lately, that were not before, and all of them on PHP sites..

and the other two because I use them often.

Speaking of images.. did yours melt feyd? :P
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Jenk wrote:Speaking of images.. did yours melt feyd? :P
:P Nah, I just decide, I'm going to make my spider logo look like a real spider walking. Due to various things, the resulting image for the forum is a tad bit small to see the detail. I can post the a larger version if there's interest. Otherwise, hit me on PM if you want to see it.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

honestly, I think that is one of the coolest graphics I've ever seen. Mainly because I could still recognize it being your normal avatar, but it COMPLETELY looks like a spider walking. Awesome! (I am easily impressed though)

Image
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

feyd wrote:
Ambush Commander wrote:how is that 11 and 12?
5.1.5 and 4.4.4.





5 + 1 + 5 = 11
4 + 4 + 4 = 12

Image


edit:
Jenk wrote:There isn't a lot to discuss really, is there? :P
Nope, but there is some discussion possible.
I figured that's what you meant, but I must admit, I was somewhat confused as well... :P
User avatar
Oren
DevNet Resident
Posts: 1640
Joined: Fri Apr 07, 2006 5:13 am
Location: Israel

Post by Oren »

I saw the new avatar too... It's really cool 8) Can you show us the large version?

/ Going to install 5.1.5
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

To save on clutter, I've posted the avatar in the 20K prep thread.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Also of note:
php.internals wrote:Hash: SHA1

The second release candidate of PHP 5.2.0 is now available for
testing the tar balls can be found here.

http://downloads.php.net/ilia/php-5.2.0RC2.tar.bz2
(097b97ccc92003519e1df682bdb855b4)
http://downloads.php.net/ilia/php-5.2.0RC2.tar.gz
(69c473021357a8e3b586ce55384b7186)

Windows binaries will follow shortly.

A great deal of work was done since RC1 to stabilize the code, with
over 50 bug fixes since then. Also, remaining items from the todo
such as the upgrade of the sqlite lib inside pdo_sqlite and PEAR's
phar have now been completed. At this time I would like to close
5.2.0 for any further feature additions and leave it open for bug
fixes only. If all goes well the next, and final RC will be in 2
weeks, tentative date August 31st with a final a week or two later.
I'd like to ask everyone to try this release, in particular paying
attention to input processing, something that has changed a fair bit
with the introduction of the filter extension.

Ilia Alshanetsky
5.2 Release Master
edit:

The Windows Binaries.
Edin wrote:The Windows build of PHP 5.2.0RC2 is ready and can be downloaded from:

http://downloads.php.net/edink/php-5.2.0RC2-Win32.zip
69d93c99c3aa698ab9301da99767130a
http://downloads.php.net/edink/php-debu ... -Win32.zip
0dd32e5d8b0a95e722c1da26b6f3c1b9
http://downloads.php.net/edink/pecl-5.2.0RC2-Win32.zip
a455c0af05401bfd7392325152a95a36

-Edin
Post Reply