Page 1 of 1
11 and 12 released!
Posted: Thu Aug 17, 2006 1:40 pm
by feyd
That's right kiddies, 11 and 12 have been released. What? You don't know what I'm talking about?
Okay..
PHP.net wrote:PHP development team would like to announce the immediate availability
of PHP
5.1.5 and PHP
4.4.4. The two releases address a series of
security problems discovered since PHP 5.1.4 and 4.4.3, respectively.
These include the following:
- Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions.
- Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems.
- Fixed possible open_basedir/safe_mode bypass in cURL extension and on PHP 5.1.5 with realpath cache.
- Fixed overflow in GD extension on invalid GIF images.
- Fixed a buffer overflow inside sscanf() function.
- Fixed an out of bounds read inside stripos() function.
- Fixed memory_limit restriction on 64 bit system.
In addition to the security fixes, both releases include a small number
of non-security related bug fixes.
The outlined issues can only be exploited locally, however, we still
recommend that all users upgrade to either one of the new releases as
soon as possible.
Ilia Alshanetsky and Derick Rethans
Now, discuss!

Re: 11 and 12 released!
Posted: Thu Aug 17, 2006 1:53 pm
by alex.barylski
feyd wrote:That's right kiddies, 11 and 12 have been released. What? You don't know what I'm talking about?
Okay..
PHP.net wrote:PHP development team would like to announce the immediate availability
of PHP
5.1.5 and PHP
4.4.4. The two releases address a series of
security problems discovered since PHP 5.1.4 and 4.4.3, respectively.
These include the following:
- Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions.
- Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems.
- Fixed possible open_basedir/safe_mode bypass in cURL extension and on PHP 5.1.5 with realpath cache.
- Fixed overflow in GD extension on invalid GIF images.
- Fixed a buffer overflow inside sscanf() function.
- Fixed an out of bounds read inside stripos() function.
- Fixed memory_limit restriction on 64 bit system.
In addition to the security fixes, both releases include a small number
of non-security related bug fixes.
The outlined issues can only be exploited locally, however, we still
recommend that all users upgrade to either one of the new releases as
soon as possible.
Ilia Alshanetsky and Derick Rethans
Now, discuss!

None of those issues will affect any of my code...I think...
Fixed overflow in GD extension on invalid GIF images
I recall Windows having a similiar problem with JPEG when using GDI+
Other than that I have little more to say on the subject...I suppose I should check my shared host and make sure their up to date...
Thanks for the heads up
Posted: Thu Aug 17, 2006 2:16 pm
by Ambush Commander
Erm.. how is that 11 and 12?
(goes off to install the two new versions)
Posted: Thu Aug 17, 2006 2:18 pm
by Jenk
There isn't a lot to discuss really, is there?

Posted: Thu Aug 17, 2006 2:19 pm
by feyd
Ambush Commander wrote:how is that 11 and 12?
5.1.5 and 4.4.4.
5 + 1 + 5 = 11
4 + 4 + 4 = 12
edit:
Jenk wrote:There isn't a lot to discuss really, is there?

Nope, but there is some discussion possible.
Posted: Thu Aug 17, 2006 2:30 pm
by Jenk
# Fixed overflow in GD extension on invalid GIF images.
# Fixed a buffer overflow inside sscanf() function.
# Fixed an out of bounds read inside stripos() function.
those 3 were the ones that caught my attention. I've seen a fair number of broken GIF's lately, that were not before, and all of them on PHP sites..
and the other two because I use them often.
Speaking of images.. did yours melt feyd?

Posted: Thu Aug 17, 2006 2:35 pm
by feyd
Jenk wrote:Speaking of images.. did yours melt feyd?


Nah, I just decide, I'm going to make my spider logo look like a real spider walking. Due to various things, the resulting image for the forum is a tad bit small to see the detail. I can post the a larger version if there's interest. Otherwise, hit me on PM if you want to see it.
Posted: Thu Aug 17, 2006 2:38 pm
by Luke
honestly, I think that is one of the coolest graphics I've ever seen. Mainly because I could still recognize it being your normal avatar, but it COMPLETELY looks like a spider walking. Awesome! (I am easily impressed though)

Posted: Thu Aug 17, 2006 2:46 pm
by alex.barylski
feyd wrote:Ambush Commander wrote:how is that 11 and 12?
5.1.5 and 4.4.4.
5 + 1 + 5 = 11
4 + 4 + 4 = 12
edit:
Jenk wrote:There isn't a lot to discuss really, is there?

Nope, but there is some discussion possible.
I figured that's what you meant, but I must admit, I was somewhat confused as well...

Posted: Thu Aug 17, 2006 2:51 pm
by Oren
I saw the new avatar too... It's really cool

Can you show us the large version?
/ Going to install 5.1.5
Posted: Thu Aug 17, 2006 3:02 pm
by feyd
To save on clutter, I've posted the avatar in the
20K prep thread.
Posted: Thu Aug 17, 2006 5:22 pm
by feyd
Also of note:
php.internals wrote:Hash: SHA1
The second release candidate of PHP 5.2.0 is now available for
testing the tar balls can be found here.
http://downloads.php.net/ilia/php-5.2.0RC2.tar.bz2
(097b97ccc92003519e1df682bdb855b4)
http://downloads.php.net/ilia/php-5.2.0RC2.tar.gz
(69c473021357a8e3b586ce55384b7186)
Windows binaries will follow shortly.
A great deal of work was done since RC1 to stabilize the code, with
over 50 bug fixes since then. Also, remaining items from the todo
such as the upgrade of the sqlite lib inside pdo_sqlite and PEAR's
phar have now been completed. At this time I would like to close
5.2.0 for any further feature additions and leave it open for bug
fixes only. If all goes well the next, and final RC will be in 2
weeks, tentative date August 31st with a final a week or two later.
I'd like to ask everyone to try this release, in particular paying
attention to input processing, something that has changed a fair bit
with the introduction of the filter extension.
Ilia Alshanetsky
5.2 Release Master
edit:
The Windows Binaries.