- Go with 4.4.3.

2026-03-23 23:02:13 +01:00 · 2006-08-03 07:10:14 +00:00
parent 81085e7b9d
commit 535f6d580a
5 changed files with 147 additions and 17 deletions
--- a/ChangeLog-4.php
+++ b/ChangeLog-4.php
@@ -9,6 +9,42 @@ function bugl($number)   { echo "<a href=\"http://bugs.php.net/$number\">#$numbe

 <h1>PHP 4 ChangeLog</h1>

+<hr/>
+
+<a name="4.4.3"></a>
+<h3>Version 4.4.3</h3>
+<b>03-Aug-2006</b>
+<ul>
+<li>Added control character checks for cURL extension's open_basedir/safe_mode checks.</li>
+<li>Added overflow checks to wordwrap() function.</li>
+<li>Added a check for special characters in the session name.</li>
+<li>Improved safe_mode check for the error_log() function.</li>
+<li>Updated PCRE to version 6.6.</li>
+<li>Fixed handling of extremely long paths inside tempnam() function.</li>
+<li>Fixed XSS inside phpinfo() with long inputs.</li>
+<li>Fixed a possible buffer overflow inside create_named_pipe() for Win32 systems in libmysql.c.</li>
+<li><?php bugfix(37720); ?> (merge_php_config scrambles values).</li>
+<li><?php bugfix(37569); ?> (WDDX incorrectly encodes high-ascii characters).</li>
+<li><?php bugfix(37510); ?> (session_regenerate_id changes session_id() even on failure).</li>
+<li><?php bugfix(37360); ?> (Memory errors with a corrupt GIF file).</li>
+<li><?php bugfix(37348); ?> (Make PEAR install ignore open_basedir).</li>
+<li><?php bugfix(37346); ?> (Crashes when using an invalid colormap format).</li>
+<li><?php bugfix(37162); ?> (wddx does not build as a shared extension).</li>
+<li><?php bugfix(37046); ?> (foreach breaks static scope).</li>
+<li><?php bugfix(37045); ?> (Fixed check for special chars for http redirects).</li>
+<li><?php bugfix(36857); ?> (Added support for partial content fetching to the HTTP streams wrapper).</li>
+<li><?php bugfix(36776); ?> (node_list_wrapper_dtor segfault).</li>
+<li><?php bugfix(36459); ?> (Incorrect adding PHPSESSID to links, which contains \r\n).</li>
+<li><?php bugfix(36458); ?> (sleep() accepts negative values).</li>
+<li><?php bugfix(36242); ?> (Possible memory corruption in stream_select()).</li>
+<li><?php bugfix(36223); ?> (curl bypasses open_basedir restrictions).</li>
+<li><?php bugfix(36205); ?> (Memory leaks on duplicate cookies).</li>
+<li><?php bugfix(36148); ?> (unpack("H*hex", $data) is adding an extra character to the end of the string).</li>
+<li><?php bugfix(36017); ?> (fopen() crashes PHP when opening a URL).</li>
+</ul>
+
+There is a <a href="release_4_4_3.php">separate announcement</a> available for this release.<br />
+
 <hr />

 <a name="4.4.2"></a>
--- a/downloads.php
+++ b/downloads.php
@@ -112,31 +112,33 @@ site_header("Downloads");


 <a name="v4"></a>
-<h1>PHP 4.4.2</h1>
+<h1>PHP 4.4.3</h1>

 <h2>Complete Source Code</h2>
 <ul>
 <li>
-  <?php download_link('php-4.4.2.tar.bz2','PHP 4.4.2 (tar.bz2)'); ?> - 13 Jan 2006<br />
-  <span class="md5sum">md5: 28051cd9ef43490dd9727a4d442011b5</span>
+  <?php download_link('php-4.4.3.tar.bz2','PHP 4.4.3 (tar.bz2)'); ?> - 03 Aug 2006<br />
+  <span class="md5sum">md5: 9542117551c0e79f5bf21f46493094e7</span>
 </li>
 <li>
-  <?php download_link('php-4.4.2.tar.gz', 'PHP 4.4.2 (tar.gz)');  ?> - 13 Jan 2006<br />
-  <span class="md5sum">md5: a7ae7ed8f2edf1592bd94eab91c634fa</span>
+  <?php download_link('php-4.4.3.tar.gz', 'PHP 4.4.3 (tar.gz)');  ?> - 03 Aug 2006<br />
+  <span class="md5sum">md5: f991b9a18ae167c436783bd0976ad749</span>
 </li>
 </ul>

 <p>
- See the <a href="/ChangeLog-4.php">ChangeLog</a> for a complete list of changes,
- or the <a href="/release_4_4_2.php">release notes</a> for more information on
- this particular release. Daily snapshots are also available from
- <a href="http://snaps.php.net/">snaps.php.net</a> (not intended for production use!).
+ See the <a href="/ChangeLog-4.php">ChangeLog</a> for a complete list of
+ changes, or the <a href="/release_4_4_3.php">release notes</a> for more
+ information on this particular release. Daily snapshots are also available
+ from <a href="http://snaps.php.net/">snaps.php.net</a> (not intended for
+ production use!).
 </p>

-<hÆ2>Windows Binaries</h2>
+<h2>Windows Binaries</h2>

 <p>
- All Windows binaries can be used on Windows 98/Me and on Windows NT/2000/XP/2003.
+ All Windows binaries can be used on Windows 98/Me and on Windows
+ NT/2000/XP/2003.
 </p>

 <ul>
@@ -147,19 +149,19 @@ site_header("Downloads");
 -->

 <li>
-  <?php download_link('php-4.4.2-Win32.zip', 'PHP 4.4.2 zip package'); ?> - 13 Jan 2006<br />
+  <?php download_link('php-4.4.3-Win32.zip', 'PHP 4.4.3 zip package'); ?> - 03 Aug 2006<br />
  (CGI binary plus server API versions for Apache, Apache2 (experimental),
  ISAPI, NSAPI, Servlet and Pi3Web. MySQL support built-in, many extensions
  included, packaged as zip)<br />
-  <span class="md5sum">md5: 7ab55b81832050439df570b97076b4f1</span>
+  <span class="md5sum">md5: 9355a754c56857d921b3a945a91d729f</span>
 </li>
 <li>
-  <?php download_link('php-4.4.2-installer.exe', 'PHP 4.4.2 installer'); ?> - 13 Jan 2006<br />
+  <?php download_link('php-4.4.3-installer.exe', 'PHP 4.4.3 installer'); ?> - 03 Aug 2006<br />
  (CGI only, MySQL support built-in, packaged as Windows installer to install
  and configure PHP, and automatically configure IIS, PWS and Xitami, with
  manual configuration for other servers. N.B. no external extensions
  included)<br />
-  <span class="md5sum">md5: 28dab297d8b7242723a0a4b095f87a14</span>
+  <span class="md5sum">md5: b5b7e1953c62393cff7d7d065fb74e99</span>
 </li>
 </ul>

--- a/index.php
+++ b/index.php
@@ -148,6 +148,32 @@ commonHeader("Hypertext Preprocessor");
 // DO NOT REMOVE THIS COMMENT (the RSS parser is dependant on it)
 ?>

+<h1>PHP 4.4.3 Released</h1>
+<p>
+ <span class="newsdate">[03-Aug-2006]</span>
+ The PHP development team is proud to announce the release of <a
+ href="/downloads.php#v4">PHP 4.4.3</a>.  This release combines small number of
+ bug fixes and resolves a number of security issues.  Some of the key changes
+ of PHP 4.4.3 include:
+</p>
+<ul>
+<li>Disallow certain characters in session names.</li>
+<li>Fixed a buffer overflow inside the wordwrap() function.</li>
+<li>Prevent jumps to parent directory via the 2nd parameter of the tempnam() function.</li>
+<li>Improved safe_mode check for the error_log() function.</li>
+<li>Fixed cross-site scripting inside the phpinfo() function.</li>
+<li>Fixed offset/length parameter validation inside the substr_compare() function.</li>
+<li>Upgraded bundled PCRE library to version 6.6</li>
+<li>Over 20 various bug fixes.</li>
+</ul>
+<p>
+Further details about this release can be found in the <a
+href="/release_4_4_3.php">release announcement</a> and the full list of changes
+is available in the <a href="/ChangeLog-4.php#4.4.3">PHP 4 ChangeLog</a>.
+</p>
+
+<hr />
+
 <?php news_image("http://www.phparch.com/works/", "phpworks.png", "php|works / db|works 2006"); ?>
 <h1>php/db|works 2006 Schedule Now Online</h1>
 <p>
--- a/release_4_4_3.php
+++ b/release_4_4_3.php
@@ -0,0 +1,37 @@
+<?php
+// $Id$
+$_SERVER['BASE_PAGE'] = 'release_4_4_3.php';
+include_once $_SERVER['DOCUMENT_ROOT'] . '/include/prepend.inc';
+site_header("PHP 4.4.3 Release Announcement");
+?>
+
+<h1>PHP 4.4.3. Release Announcement</h1>
+<p>
+The PHP development team is proud to announce the release of <a href="/downloads.php#v4">PHP 4.4.3</a>.
+This release combines small number of bug fixes and resolves a number of security issues.
+All PHP users are encouraged to upgrade to this release as soon as possible.
+</p>
+
+<p>
+The security issues resolved include the following:
+<ul>
+	<li>Disallow certain characters in session names.</li>
+	<li>Fixed a buffer overflow inside the wordwrap() function.</li>
+	<li>Prevent jumps to parent directory via the 2nd parameter of the tempnam() function.</li>
+	<li>Improved safe_mode check for the error_log() function.</li>
+	<li>Fixed cross-site scripting inside the phpinfo() function.</li>
+	<li>Fixed offset/length parameter validation inside the substr_compare() function.</li>
+</ul>
+</p>
+
+<p>
+The release also includes about 20 bug fixes and an upgraded PCRE library
+(version 6.6).
+</p>
+
+<p>
+ For a full list of changes in PHP 4.4.3, see the
+ <a href="/ChangeLog-4.php#4.4.3">ChangeLog</a>.
+</p>
+
+<?php site_footer(); ?>
--- a/releases.php
+++ b/releases.php
@@ -76,6 +76,7 @@ $SIDEBAR_DATA = '
   <option value="php-4.3.11.tar.gz">4.3.11</option>
   <option value="php-4.4.0.tar.gz">4.4.0</option>
   <option value="php-4.4.1.tar.gz">4.4.1</option>
+   <option value="php-4.4.2.tar.gz">4.4.2</option>
   <option value="">--------</option>
   <option value="php-5.0.0.tar.gz">5.0.0</option>
   <option value="php-5.0.1.tar.gz">5.0.1</option>
@@ -177,7 +178,6 @@ site_header("Releases");
 </ul>


-<a name="v5"></a>
 <a name="5.1.1"></a>
 <h2>5.1.1</h2>

@@ -212,7 +212,6 @@ site_header("Releases");
 </li>
 </ul>

-<a name="v5"></a>
 <a name="5.1.0"></a>
 <h2>5.1.0</h2>

@@ -409,6 +408,36 @@ site_header("Releases");
 <hr />

 <a name="v4"></a>
+<a name="4.4.2"></a>
+<h2>4.4.2</h2>
+
+<ul>
+ <li>Released: 13 Jan 2006</li>
+ <li>Announcement: <a href="/release_4_4_2.php">English</a></li>
+ <li><a href="/ChangeLog-4.php#4.4.2">ChangeLog</a></li>
+ <li>
+  Download:
+  <ul>
+   <li>
+    <?php download_link('php-4.4.2.tar.bz2','PHP 4.4.2 (tar.bz2)'); ?> - 13 Jan 2006<br />
+    <span class="md5sum">md5: 28051cd9ef43490dd9727a4d442011b5</span>
+   </li>
+   <li>
+    <?php download_link('php-4.4.2.tar.gz', 'PHP 4.4.2 (tar.gz)');  ?> - 13 Jan 2006<br />
+    <span class="md5sum">md5: a7ae7ed8f2edf1592bd94eab91c634fa</span>
+   </li>
+   <li>
+    <?php download_link('php-4.4.2-Win32.zip','Windows binary'); ?><br />
+    <span class="md5sum">md5: 7ab55b81832050439df570b97076b4f1</span>
+   </li>
+   <li>
+    <?php download_link('php-4.4.2-installer.exe','Windows installer'); ?><br />
+    <span class="md5sum">md5: 28dab297d8b7242723a0a4b095f87a14</span>
+   </li>
+  </ul>
+ </li>
+</ul>
+
 <a name="4.4.1"></a>
 <h2>4.4.1</h2>