5.5.3

NEWS

@@ -1,32 +1,12 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+22 Aug 2013, PHP 5.5.3
+
+- Openssl:
+  . Fixed UMR in fix for CVE-2013-4248.
+
 15 Aug 2013, PHP 5.5.2
 
-- Core:
-  . Fixed bug #62691 (solaris sed has no -i switch). (Chris Jones)
-  . Fixed bug #61345 (CGI mode - make install don't work). (Michael Heimpold)
-  . Fixed bug #61268 (--enable-dtrace leads make to clobber
-    Zend/zend_dtrace.d) (Chris Jones)
-
-- DOM:
-  . Added flags option to DOMDocument::schemaValidate() and 
-    DOMDocument::schemaValidateSource(). Added LIBXML_SCHEMA_CREATE flag. 
-    (Chris Wright)
-
-- Sessions:
-  . Implemented strict sessions RFC (https://wiki.php.net/rfc/strict_sessions)
-    which protects against session fixation attacks and session collisions.    
-    (Yasuo Ohgaki)
-  . Fixed possible buffer overflow under Windows. Note: Not a security fix.
-    (Yasuo)
-  . Changed session.auto_start to PHP_INI_PERDIR. (Yasuo)
-
-- Pgsql:
-  . Fixed bug #62978 (Disallow possible SQL injections with pg_select()/pg_update()
-    /pg_delete()/pg_insert()). (Yasuo)
-
-?? ??? 2013, PHP 5.5.2
-
 - Core:
   . Fixed bug #65372 (Segfault in gc_zval_possible_root when return reference
     fails). (Laruence)
@@ -36,26 +16,47 @@ PHP                                                                        NEWS
   . Fixed bug #65304 (Use of max int in array_sum). (Laruence)
   . Fixed bug #65291 (get_defined_constants() causes PHP to crash in a very
     limited case). (Arpad)
+  . Fixed bug #62691 (solaris sed has no -i switch). (Chris Jones)
+  . Fixed bug #61345 (CGI mode - make install don't work). (Michael Heimpold)
+  . Fixed bug #61268 (--enable-dtrace leads make to clobber
+    Zend/zend_dtrace.d) (Chris Jones)
+
+- DOM:
+  . Added flags option to DOMDocument::schemaValidate() and 
+    DOMDocument::schemaValidateSource(). Added LIBXML_SCHEMA_CREATE flag. 
+    (Chris Wright)
 
 - OPcache:
   . Added opcache.restrict_api configuration directive that may limit
-    usage of OPcahce API functions only to patricular script(s). (Dmitry)
+    usage of OPcache API functions only to particular script(s). (Dmitry)
   . Added support for glob symbols in blacklist entries (?, *, **).
     (Terry Elison, Dmitry)
   . Fixed bug #65338 (Enabling both php_opcache and php_wincache AVs on
     shutdown). (Dmitry)
 
 - Openssl:
-  . Fixed handling null bytes in subjectAltName (CVE-2013-4073).
+  . Fixed handling null bytes in subjectAltName (CVE-2013-4248).
     (Christian Heimes)
 
 - PDO_mysql:
   . Fixed bug #65299 (pdo mysql parsing errors). (Johannes)
 
+- Pgsql:
+  . Fixed bug #62978 (Disallow possible SQL injections with pg_select()/pg_update()
+    /pg_delete()/pg_insert()). (Yasuo)
+
 - Phar:
   . Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for 
     some specific contents). (Stas)
 
+- Sessions:
+  . Implemented strict sessions RFC (https://wiki.php.net/rfc/strict_sessions)
+    which protects against session fixation attacks and session collisions.    
+    (CVE-2011-4718). (Yasuo Ohgaki)
+  . Fixed possible buffer overflow under Windows. Note: Not a security fix.
+    (Yasuo)
+  . Changed session.auto_start to PHP_INI_PERDIR. (Yasuo)
+
 - SOAP:
   . Fixed bug #65018 (SoapHeader problems with SoapServer). (Dmitry)
 

configure.in

@@ -119,7 +119,7 @@ int zend_sprintf(char *buffer, const char *format, ...);
 
 PHP_MAJOR_VERSION=5
 PHP_MINOR_VERSION=5
-PHP_RELEASE_VERSION=2
+PHP_RELEASE_VERSION=3
 PHP_EXTRA_VERSION=""
 PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION"
 PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION`

main/php_version.h

@@ -2,7 +2,7 @@
 /* edit configure.in to change version number */
 #define PHP_MAJOR_VERSION 5
 #define PHP_MINOR_VERSION 5
-#define PHP_RELEASE_VERSION 2
+#define PHP_RELEASE_VERSION 3
 #define PHP_EXTRA_VERSION ""
-#define PHP_VERSION "5.5.2"
-#define PHP_VERSION_ID 50502
+#define PHP_VERSION "5.5.3"
+#define PHP_VERSION_ID 50503