diff --git a/ChangeLog-5.php b/ChangeLog-5.php
index fd3cf1a68..b22a6150a 100644
--- a/ChangeLog-5.php
+++ b/ChangeLog-5.php
@@ -13,6 +13,169 @@ function peclbugl($number) { echo "Version 5.3.1
+19-November-2009
+
+Security Fixes
+
+ Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. (Ilia)
+ Added missing sanity checks around exif processing. (Ilia)
+ Fixed a safe_mode bypass in tempnam(). (Rasmus)
+ Fixed a open_basedir bypass in posix_mkfifo(). (Rasmus)
+ (safe_mode_include_dir fails). (Johannes, christian at elmerot dot se)
+
+
+
+Added error constant when json_encode() detects an invalid UTF-8 sequence. (Scott)
+Added support for ACL on Windows for thread safe SAPI (Apache2 for example) and fix its support on NTS. (Pierre)
+
+Upgraded bundled sqlite to version 3.6.19. (Scott)
+Updated timezone database to version 2009.17 (2009q). (Derick)
+
+Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
+Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (Rasmus)
+Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (Rasmus)
+Fixed certificate validation inside php_openssl_apply_verification_policy (Ryan Sleevi, Ilia)
+Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
+Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe)
+Fixed sanity check for the color index in imagecolortransparent. (Pierre)
+Fixed scandir/readdir when used mounted points on Windows. (Pierre)
+Fixed zlib.deflate compress filter to actually accept level parameter. (Jani)
+Fixed leak on error in popen/exec (and related functions) on Windows. (Pierre)
+Fixed possible bad caching of symlinked directories in the realpath cache on Windows. (Pierre)
+Fixed atime and mtime in stat related functions on Windows. (Pierre)
+Fixed spl_autoload_unregister/spl_autoload_functions wrt. Closures and Functors. (Christian Seiler)
+Fixed open_basedir circumvention for "mail.log" ini directive. (Maksymilian Arciemowicz, Stas)
+Fixed signature generation/validation for zip archives in ext/phar. (Greg)
+Fixed memory leak in stream_is_local(). (Felipe, Tony)
+Fixed BC break in mime_content_type(), removes the content encoding. (Scott)
+
+Changed ini file directives [PATH=](on Win32) and [HOST=](on all) to be case insensitive (garretts)
+Restored shebang line check to CGI sapi (not checked by scanner anymore). (Jani)
+
+Improve symbolic, mounted volume and junctions support for realpath on Windows. (Pierre)
+Improved readlink on Windows, suppress \??\ and use the drive syntax only. (Pierre)
+Improved dns_get_record() AAAA support on windows. Always available when IPv6 is support is installed, format is now the same than on unix. (Pierre)
+Improved the DNS functions on OSX to use newer APIs, also use Bind 9 API where available on other platforms. (Scott)
+Improved shared extension loading on OSX to use the standard Unix dlopen() API. (Scott)
+ (safe_mode_include_dir fails). (Johannes, christian at elmerot dot se)
+ (Different Hashes on Windows and Linux on wrong Salt size). (Pierre)
+ (no support for ././@LongLink for long filenames in phar tar support). (Greg)
+ (throwing exception in __autoload crashes when interface is not defined). (Felipe)
+ (exec() fails to return data inside 2nd parameter, given output lines >4095 bytes). (Ilia)
+ (time_sleep_until() is not available on OpenSolaris). (Jani)
+ (long2ip() can return wrong value in a multi-threaded applications). (Ilia, Florian Anderiasch)
+ (calling mcrypt after mcrypt_generic_deinit crashes). (Sriram Natarajan)
+ (crashes when using fileinfo when timestamp conversion fails). (Pierre)
+ (Unexpected change in strnatcasecmp()). (Rasmus)
+ (imap_listscan function missing). (Felipe)
+ (use of C++ style comments causes build failure). (Sriram Natarajan)
+ (CURLOPT_INFILESIZE sometimes causes warning "CURLPROTO_FILE cannot be set"). (Felipe)
+ (cURL's CURLOPT_FILE prevents file from being deleted after fclose). (Ilia)
+ (FILTER_SANITIZE_EMAIL allows disallowed characters). (Ilia)
+ (php engine need to correctly check for socket API return status on windows). (Sriram Natarajan)
+ (ldap.c utilizing deprecated ldap_modify_s). (Ilia)
+ (wordwrap() wraps incorrectly on end of line boundaries). (Ilia, code-it at mail dot ru)
+ (segfault in php_curl_option_curl). (Pierre)
+ (inside pdo_mysql default socket settings are ignored). (Ilia)
+ (bcmath module doesn't compile with phpize configure). (Jani)
+ (php://input (php_stream_input_read) is broken). (Jani)
+ (Ternary operator fails on Iterator object when used inside foreach declaration). (Etienne, Dmitry)
+ (Missing PHP_SUBST(PDO_MYSQL_SHARED_LIBADD)). (Jani)
+ (Inconsistency using get_defined_constants). (Garrett)
+ (gdJpegGetVersionString() inside gd_compact identifies wrong type in declaration). (Ilia)
+ (dns_get_record does not return NAPTR records). (Pierre)
+ (Import of schema from different host transmits original authentication details). (Dmitry)
+ (crash when exception thrown from __tostring()). (David Soria Parra)
+ (Missing ICU DLLs on windows package). (Pierre)
+ (posix_times returns false without error). (phpbugs at gunnu dot us)
+ (Error in dba_exists C code). (jdornan at stanford dot edu)
+ (undefined reference to mysqlnd_stmt_next_result on compile with --with-mysqli and MySQL 6.0). (Jani)
+ (2nd scan_dir produces segfault). (Felipe)
+ (mysqli segfault on error). (Rasmus)
+ (proc_get_status['exitcode'] fails on win32). (Felipe)
+ (ReflectionFunction fails to work with functions in fully qualified namespaces). (Kalle, Jani)
+ (private class static fields can be modified by using reflection). (Jani)
+ (feof never returns true for damaged file in zip). (Pierre)
+ ("disable_functions" php.ini option does not work on Zend extensions). (Stas)
+ (--enable-session=shared does not work: undefined symbol: php_url_scanner_reset_vars). (Jani)
+ (parse_ini_file() regression in 5.3.0 when using non-ASCII strings as option keys). (Jani)
+ (context option headers freed too early when using --with-curlwrappers). (Jani)
+ (The function touch() fails on directories on Windows). (Pierre)
+ (SplFileObject::fscanf() variables passed by reference). (Jani)
+ (mysqli_options() doesn't work when using mysqlnd). (Andrey)
+ (proc_open() can bypass safe_mode_protected_env_vars restrictions). (Ilia)
+ (phar tar signature algorithm reports as Unknown (0) in getSignature() call). (Greg)
+ (phar misinterprets ustar long filename standard). (Greg)
+ (phar tar stores long filenames wit prefix/name reversed). (Greg)
+ (dechunked filter broken when serving more than 8192 bytes in a chunk). (andreas dot streichardt at globalpark dot com, Ilia)
+ (PHP CLI in Interactive mode (php -a) crashes when including files from function). (Stas)
+ (zlib.output_compression does not output HTTP headers when set to a string value). (Jani)
+ (Crash when compiling with pdo_firebird). (Felipe)
+ (cURL does not upload files with specified filename). (Ilia)
+ (Double \r\n after HTTP headers when "header" context option is an array). (David Zülke)
+ (Too long error code strings in pdo_odbc driver). (naf at altlinux dot ru, Felipe)
+ (Namespace causes unexpected strict behaviour with extract()). (Dmitry)
+ (Segmentation fault in mysqli_stmt_execute()). (Andrey)
+ (is_callable returns true even if method does not exist in parent class). (Felipe)
+ (Problems compiling with Curl). (Felipe)
+ (string.c: errors: duplicate case values). (Kalle)
+ (array_merge_recursive modifies arrays after first one). (Felipe)
+ (IPv6 socket transport is not working). (Ilia)
+ (printf() returns incorrect outputted length). (Jani)
+ (Random Appearing open_basedir problem). (Rasmus, Gwynne)
+ (open office files always reported as corrupted). (Greg)
+ (RecursiveDirectoryIterator doesn't descend into symlinked directories). (Ilia)
+ (make install will fail saying phar file exists). (Greg)
+ (SIGSEGVs when using curl_copy_handle()). (Sriram Natarajan)
+ (rename() between volumes fails and reports no error on Windows). (Pierre)
+ (parse_ini_*() crash with INI_SCANNER_RAW). (Jani)
+ (ZipArchive produces corrupt archive). (dani dot church at gmail dot com, Pierre)
+ (IPv6 address filter still rejects valid address). (Felipe)
+ (ReflectionFunction::invoke() parameter issues). (Kalle)
+ (mysql_close() crash php when no handle specified). (Johannes, Andrey)
+ (Crash during date parsing with invalid date). (Pierre)
+ (Unable to browse directories within Junction Points). (Pierre, Kanwaljeet Singla)
+ (mysqlnd: mysql_num_fields returns wrong column count for mysql_list_fields). (Andrey)
+ (PHAR install fails when INSTALL_ROOT is not the final install location). (james dot cohen at digitalwindow dot com, Greg)
+ (CURLOPT_WRITEHEADER|CURLOPT_FILE|CURLOPT_STDERR warns on files that have been opened with r+). (Ilia)
+ (parse_ini_*(): scanner_mode parameter is not checked for sanity). (Jani)
+ (FILTER_VALIDATE_EMAIL does not allow numbers in domain components). (Ilia)
+ (openssl signature verification for tar archives broken). (Greg)
+ (parse_ini_*(): dollar sign as last character of value fails). (Jani)
+ (mb_convert_encoding() doesn't understand hexadecimal html-entities). (Moriyoshi)
+ ("file" fopen wrapper is overwritten when using --with-curlwrappers). (Jani)
+ (Invalid libreadline version not detected during configure). (Jani)
+ (imap crashes when closing stream opened with OP_PROTOTYPE flag). (Jani)
+ (error message unclear on converting phar with existing file). (Greg)
+ (Infinite loop and possible crash during startup with errors when errors are logged). (Jani)
+ error: 'MYSQLND_LLU_SPEC' undeclared. Cause for #48780 and #46952 - both fixed too. (Andrey)
+ (ibase_execute error in return param). (Kalle)
+ (ssl handshake fails during asynchronous socket connection). (Sriram Natarajan)
+ (Fixed build with Openssl 1.0). (Pierre, Al dot Smith at aeschi dot ch dot eu dot org)
+ (Only the date fields of the first row are fetched, others are empty). (info at programmiernutte dot net)
+ (natcasesort() does not sort extended ASCII characters correctly). (Herman Radtke)
+ (Memory leak in DateTime). (Derick, Tobias John)
+ (Encoding bug in SoapServer->fault). (Dmitry)
+ (touch() afield returns different values on windows). (Pierre)
+ (Extended MySQLi class gives incorrect empty() result). (Andrey)
+ (with Sun Java System Web Server 7.0 on HPUX, #define HPUX). (Uwe Schindler)
+ (imagefilledrectangle() clipping error). (markril at hotmail dot com, Pierre)
+ (Inconsistent behavior of the u format char). (Derick)
+ (setcookie will output expires years of >4 digits). (Ilia)
+ (popen crashes when an invalid mode is passed). (Pierre)
+ (stream_get_meta_data() does not return same mode as used in fopen). (Jani)
+ (ImageLine w/ antialias = 1px shorter). (wojjie at gmail dot com, Kalle)
+ (php_uname() does not return nodename on Netware (Guenter Knauf)
+ (Mail() does not use FQDN when sending SMTP helo). (Kalle, Rick Yorgason)
+ (Sent incorrect RCPT TO commands to SMTP server) (Garrett)
+ (Impersonation with FastCGI does not exec process as impersonated user). (Pierre)
+Fixed PECL bug #16842 (oci_error return false when NO_DATA_FOUND is raised). (Chris Jones)
+
+
+Version 5.2.11
16-September-2009
diff --git a/archive/archive.xml b/archive/archive.xml
index 46ceb2797..053457d51 100644
--- a/archive/archive.xml
+++ b/archive/archive.xml
@@ -9,6 +9,7 @@
http://php.net/contact
php-webmaster@lists.php.net
+
+ PHP 5.3.1 Released!
+ http://www.php.net/archive/2009.php#id2009-11-19-1
+ 2009-11-19T17:41:11+00:00
+ 2009-11-19T17:41:11+00:00
+
+
+
The PHP development team would like to announce the immediate
+ availability of PHP 5.3.1. This release focuses on improving the
+ stability of the PHP 5.3.x branch with over 100 bug fixes, some of
+ which are security related. All users of PHP are encouraged to
+ upgrade to this release.
+
Security Enhancements and Fixes in PHP 5.3.1:
+
+ Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.
+ Added missing sanity checks around exif processing.
+ Fixed a safe_mode bypass in tempnam().
+ Fixed a open_basedir bypass in posix_mkfifo().
+ Fixed failing safe_mode_include_dir.
+
+
Further details about the PHP 5.3.1 release can be found in the release announcement , and the full list of changes are available in the ChangeLog.
+
+
diff --git a/include/releases.inc b/include/releases.inc
index 72721804f..5e448c44f 100644
--- a/include/releases.inc
+++ b/include/releases.inc
@@ -2,6 +2,32 @@
$OLDRELEASES = array (
5 =>
array (
+ '5.3.0' =>
+ array (
+ 'announcement' =>
+ array (
+ 'English' => '/releases/5_3_0.php',
+ ),
+ 'source' =>
+ array (
+ 0 =>
+ array (
+ 'filename' => 'php-5.3.0.tar.bz2',
+ 'name' => 'PHP 5.3.0 (tar.bz2)',
+ 'md5' => '846760cd655c98dfd86d6d97c3d964b0',
+ 'date' => '30 June 2009',
+ ),
+ 1 =>
+ array (
+ 'filename' => 'php-5.3.0.tar.gz',
+ 'name' => 'PHP 5.3.0 (tar.gz)',
+ 'md5' => 'f4905eca4497da3f0beb5c96863196b4',
+ 'date' => '30 June 2009',
+ ),
+ ),
+ 'date' => NULL,
+ 'museum' => false,
+ ),
'5.2.10' =>
array (
'announcement' =>
diff --git a/include/version.inc b/include/version.inc
index b44a0ae52..28feb8036 100644
--- a/include/version.inc
+++ b/include/version.inc
@@ -17,15 +17,15 @@
*/
/* PHP 5.3 Release */
-$PHP_5_3_RC = '5.3.1RC4';
+$PHP_5_3_RC = false; /* '5.3.1RC4'; */
$PHP_5_3_RC_DATE = "12 Nov 2009";
-$PHP_5_3_VERSION = "5.3.0";
-$PHP_5_3_DATE = "30 June 2009";
+$PHP_5_3_VERSION = "5.3.1";
+$PHP_5_3_DATE = "19 Nov 2009";
$PHP_5_3_MD5 = array(
- "tar.bz2" => "846760cd655c98dfd86d6d97c3d964b0",
- "tar.gz" => "f4905eca4497da3f0beb5c96863196b4",
+ "tar.bz2" => "63e97ad450f0f7259e785100b634c797",
+ "tar.gz" => "41fbb368d86acb13fc3519657d277681",
);
/* PHP 5.2 Release */
diff --git a/releases/5_3_1.php b/releases/5_3_1.php
new file mode 100644
index 000000000..09e81c53b
--- /dev/null
+++ b/releases/5_3_1.php
@@ -0,0 +1,51 @@
+
+
+PHP 5.3.1 Release Announcement
+
+The PHP development team is proud to announce the immediate release of PHP
+5.3.1. This is a maitenance in the 5.3 series, which includes a
+large number of bug fixes.
+
+
+
+Security Enhancements and Fixes in PHP 5.3.1:
+
+
+ Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.
+ Added missing sanity checks around exif processing.
+ Fixed a safe_mode bypass in tempnam().
+ Fixed a open_basedir bypass in posix_mkfifo().
+ (safe_mode_include_dir fails).
+ Fixed bug #44683 (popen crashes when an invalid mode is passed).
+
+
+
+Key enhancements in PHP 5.2.11 include:
+
+
+ Fixed crash in com_print_typeinfo when an invalid typelib is given.
+ Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection.
+ Fixed crash when instantiating PDORow and PDOStatement through Reflection.
+ Fixed bug #49910 (no support for ././@LongLink for long filenames in phar
+ tar support).
+ (throwing exception in __autoload crashes when interface is not defined).
+ Around 100 other bug fixes
+
+
+
+For users upgrading from PHP 5.2 there is a migration guide
+available here , detailing
+the changes between those releases and PHP 5.3.
+
+
+
+ For a full list of changes in PHP 5.3.1, see the
+ ChangeLog .
+
+
+