4.3.10 release.

2026-03-23 23:02:13 +01:00 · 2004-12-15 15:21:28 +00:00
parent 24f12169a2
commit a36170f2b3
5 changed files with 162 additions and 22 deletions
--- a/ChangeLog-4.php
+++ b/ChangeLog-4.php
@@ -11,6 +11,51 @@ function bugl($number)   { echo "<a href=\"http://bugs.php.net/$number\">#$numbe

 <hr />

+<a name="4.3.10"></a>
+<h3>Version 4.3.10</h3>
+<b>14-Dec-2004</b>
+<ul>
+<li>Added the %F modifier to *printf to render a non-locale-aware representation of a float with the . as decimal separator.</li>
+<li>Fixed a bug in addslashes() handling of the '\0' character.</li>
+<li>Backported Marcus' foreach() speedup patch from PHP 5.x.</li>
+<li>Fixed potential problems with unserializing invalid serialize data.</li>
+<li><?php bugfix(31034); ?> (Problem with non-existing iconv header file).</li>
+<li><?php bugfix(31024); ?> (Crash in fgetcsv() with negative length).</li>
+<li><?php bugfix(31019); ?> (Logic error mssql library checking).</li>
+<li><?php bugfix(30995); ?> (snmp extension does not build with net-snmp 5.2).</li>
+<li><?php bugfix(30990); ?> (allow popen() on *NIX to accept 'b' flag).</li>
+<li><?php bugfix(30826); ?> (Certain reference relations cannot be unserialized properly).</li>
+<li><?php bugfix(30750); ?> (Meaningful error message when upload directory is not  accessible).</li>
+<li><?php bugfix(30739); ?> (imagefill does not set back alphablending mode).</li>
+<li><?php bugfix(30672); ?> (Problem handling exif data in jpeg images at unusual places).</li>
+<li><?php bugfix(30658); ?> (Ensure that temporary files created by GD are removed).</li>
+<li><?php bugfix(30654); ?> (oci8 persistent connection is deleted from hash if there was exclusive connection with the same credentials).</li>
+<li><?php bugfix(30613); ?> (Prevent infinite recursion in url redirection).</li>
+<li><?php bugfix(30587); ?> (array_multisort doesn't separate zvals before changing them).</li>
+<li><?php bugfix(30475); ?> (curl_getinfo() may crash in some situations).</li>
+<li><?php bugfix(30442); ?> (segfault when parsing ?getvariable[][ ).</li>
+<li><?php bugfix(30388); ?> (rename across filesystems loses ownership and permission info).</li>
+<li><?php bugfix(30282); ?> (segfault when using unknown/unsupported session.save_handler and/or session.serialize_handler).</li>
+<li><?php bugfix(30281); ?> (Prevent non-wbmp images from being detected as such).</li>
+<li><?php bugfix(30276); ?> (Possible crash in ctype_digit on large numbers).</li>
+<li><?php bugfix(30229); ?> (imagerectangle and imagefilledrectangle do work well with alpha channel, corners are drawn twice).</li>
+<li><?php bugfix(30224); ?> (Sybase date strings are sometimes not null terminated).</li>
+<li><?php bugfix(30133); ?> (get_current_user() crashes on Windows).</li>
+<li><?php bugfix(30057); ?> (did not detect IPV6 on FreeBSD 4.1).</li>
+<li><?php bugfix(30027); ?> (Possible crash inside ftp_get()).</li>
+<li><?php bugfix(29805); ?> (HTTP Authentication Issues).</li>
+<li><?php bugfix(29418); ?> (double free when openssl_csr_new fails)..</li>
+<li><?php bugfix(28598); ?> (Lost support for MS Symbol fonts).</li>
+<li><?php bugfix(28325); ?> (Circular references not properly serialized).</li>
+<li><?php bugfix(28228); ?> (NULL decimal separator is not being handled correctly).</li>
+<li><?php bugfix(27469); ?> (serialize() objects of incomplete class).</li>
+
+</ul>
+
+There is a <a href="release_4_3_10.php">separate announcement</a> available for this release.<br />
+
+<hr />
+
 <a name="4.3.9"></a>
 <h3>Version 4.3.9</h3>
 <b>22-Sep-2004</b>
--- a/downloads.php
+++ b/downloads.php
@@ -67,23 +67,23 @@ site_header("Downloads");
 ?>

 <a name="v4"></a>
-<h1>PHP 4.3.9</h1>
+<h1>PHP 4.3.10</h1>

 <h2>Complete Source Code</h2>
 <ul>
 <li>
-  <?php download_link('php-4.3.9.tar.bz2','PHP 4.3.9 (tar.bz2)'); ?> - 22 Sep 2004<br />
-  <span class="md5sum">md5: b799bbb330da60324d972641baab693c</span>
+  <?php download_link('php-4.3.10.tar.bz2','PHP 4.3.10 (tar.bz2)'); ?> - 15 Dec 2004<br />
+  <span class="md5sum">md5: 7e56824dae9679c59a8234eb848aa542</span>
 </li>
 <li>
-  <?php download_link('php-4.3.9.tar.gz', 'PHP 4.3.9 (tar.gz)');  ?> - 22 Sep 2004<br />
-  <span class="md5sum">md5: c685cb76bff996a4dff87097c43e6987</span>
+  <?php download_link('php-4.3.10.tar.gz', 'PHP 4.3.10 (tar.gz)');  ?> - 15 Dec 2004<br />
+  <span class="md5sum">md5: 73f5d1f42e34efa534a09c6091b5a21e</span>
 </li>
 </ul>

 <p>
 See the <a href="/ChangeLog-4.php">ChangeLog</a> for a complete list of changes,
- or the <a href="/release_4_3_9.php">release notes</a> for more information on
+ or the <a href="/release_4_3_10.php">release notes</a> for more information on
 this particular release. Daily snapshots are also available from
 <a href="http://snaps.php.net/">snaps.php.net</a> (not intended for production use!).
 </p>
@@ -96,19 +96,19 @@ site_header("Downloads");

 <ul>
 <li>
-  <?php download_link('php-4.3.9-Win32.zip', 'PHP 4.3.9 zip package'); ?> - 22 Sep 2004<br />
+  <?php download_link('php-4.3.10-Win32.zip', 'PHP 4.3.10 zip package'); ?> - 15 Dec 2004<br />
  (CGI binary plus server API versions for Apache, Apache2 (experimental),
  ISAPI, NSAPI, Servlet and Pi3Web. MySQL support built-in, many extensions
  included, packaged as zip)<br />
-  <span class="md5sum">md5: c4a4c349e729b339a27c72abe833c58d</span>
+  <span class="md5sum">md5: 0bb30525512ea686abf22c8fe61e1bb6</span>
 </li>
 <li>
-  <?php download_link('php-4.3.9-installer.exe', 'PHP 4.3.9 installer'); ?> - 22 Sep 2004<br />
+  <?php download_link('php-4.3.10-installer.exe', 'PHP 4.3.10 installer'); ?> - 15 Dec 2004<br />
  (CGI only, MySQL support built-in, packaged as Windows installer to install
  and configure PHP, and automatically configure IIS, PWS and Xitami, with
  manual configuration for other servers. N.B. no external extensions
  included)<br />
-  <span class="md5sum">md5: 4a2af567ba607e40e4ca4e58adba5cc0</span>
+  <span class="md5sum">md5: 6d60129d738e16ea0b69f3fd6646bf3a</span>
 </li>
 </ul>

--- a/index.php
+++ b/index.php
@@ -145,6 +145,26 @@ commonHeader("Hypertext Preprocessor");
 // DO NOT REMOVE THIS COMMENT (the RSS parser is dependant on it)
 ?>

+<?php news_image("/downloads.php#v4", "php-version4.gif", "PHP 4"); ?>
+<h1>PHP 4.3.10 released!</h1>
+<p>
+ <span class="newsdate">[15-Dec-2004]</span>
+  PHP Development Team would like to announce the immediate release of 
+  <a href="/downloads.php">PHP 4.3.10</a>. This is a maintenance release 
+  that in addition to over 30 non-critical bug fixes addresses several very 
+  serious security issues. All Users of PHP are strongly encouraged to upgrade 
+  to this release as soon as possible.
+</p>
+
+<p>
+ For changes since PHP 4.3.9, please consult the
+ <a href="/ChangeLog-4.php#4.3.10">ChangeLog</a>.
+</p>
+
+
+<hr />
+
+
 <?php news_image("/downloads.php#v5", "php-version5.gif", "PHP 5"); ?>
 <h1>PHP 5.0.3RC2 released!</h1>
 <p>
@@ -157,18 +177,6 @@ commonHeader("Hypertext Preprocessor");

 <hr />

-<?php news_image("/downloads.php#v4", "php-version4.gif", "PHP 4"); ?>
-<h1>PHP 4.3.10RC2 released!</h1>
-<p>
- <span class="newsdate">[08-Dec-2004]</span>
- <a href="http://qa.php.net/">PHP 4.3.10RC2</a> has been released for testing.
- This is the second release candidate and should be very near production quality.
- Nevertheless, please download and test it as much as possible on real-life 
- applications to uncover any remaining issues.
-</p>
-
-<hr />
-
 <?php news_image("http://www.phpwest.com/", "phpwest.gif", "PHP West Conferences"); ?>
 <h1>PHP West Conferences: Web Services - Vancouver, BC</h1>
 <p>
--- a/release_4_3_10.php
+++ b/release_4_3_10.php
@@ -0,0 +1,55 @@
+<?php
+// $Id$
+$_SERVER['BASE_PAGE'] = 'release_4_3_10.php';
+include_once $_SERVER['DOCUMENT_ROOT'] . '/include/prepend.inc';
+site_header("PHP 4.3.10 Release Announcement");
+?>
+
+<h1>PHP 4.3.10 Release Announcement</h1>
+<!-- <p>[ <a href="/release_4_3_10_fr.php">Version Fran&ccedil;aise</a> ]</p> -->
+<p>
+PHP Development Team would like to announce the immediate release of <a href="/downloads.php">PHP 4.3.10</a>. This is a 
+maintenance release that in addition to over 30 non-critical bug fixes addresses several very 
+serious security issues. 
+</p>
+<p />
+These include the following:
+<p />
+<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1018">CAN-2004-1018</a> - shmop_write() out of bounds memory write access.<br />
+<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1018">CAN-2004-1018</a> - integer overflow/underflow in pack() and unpack() functions.<br />
+<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1019">CAN-2004-1019</a> - possible information disclosure, double free and negative reference index array underflow in deserialization code.<br />
+<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1020">CAN-2004-1020</a> - addslashes not escaping \0 correctly.<br />
+<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1063">CAN-2004-1063</a> - safe_mode execution directory bypass.<br />
+<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1064">CAN-2004-1064</a> - arbitrary file access through path truncation.<br />
+<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1065">CAN-2004-1065</a> - exif_read_data() overflow on long sectionname.<br />
+magic_quotes_gpc could lead to one level directory traversal with file uploads.
+<p />
+All Users of PHP are strongly encouraged to upgrade to this release as soon as possible.<p /> 
+
+<h2>Bugfix release</h2>
+
+<p>
+ Aside from the above mentioned issues this release includes the following important fixes:
+</p>
+
+<ul>
+<li> Possible crash inside ftp_get().</li>
+<li> get_current_user() crashes on Windows.</li>
+<li> Possible crash in ctype_digit on large numbers.</li>
+<li> Crash when parsing <i>?getvariable[][</i>.</li>
+<li> Possible crash in the curl_getinfo() function.</li>
+<li> Double free when openssl_csr_new fails.</li>
+<li> Crash when using unknown/unsupported session.save_handler and/or session.serialize_handler.</li>
+<li> Prevent infinite recursion in url redirection.</li>
+<li> Ensure that temporary files created by GD are removed.</li>
+<li> Crash in fgetcsv() with negative length.</li>
+<li> Improved performance of the foreach() construct.</li>
+<li> Improved number handling on non-English locales.</li>
+</ul>
+
+<p>
+ For a full list of changes in PHP 4.3.10, see the
+ <a href="/ChangeLog-4.php#4.3.10">ChangeLog</a>.
+ </p>
+
+<?php site_footer(); ?>
--- a/releases.php
+++ b/releases.php
@@ -71,6 +71,7 @@ $SIDEBAR_DATA = '
   <option value="php-4.3.6.tar.gz">4.3.6</option>
   <option value="php-4.3.7.tar.gz">4.3.7</option>
   <option value="php-4.3.8.tar.gz">4.3.8</option>
+   <option value="php-4.3.9.tar.gz">4.3.9</option>
   <option value="">--------</option>
   <option value="php-5.0.0.tar.gz">5.0.0</option>
  </select>
@@ -121,6 +122,37 @@ site_header("Releases");
 </li>
 </ul>

+<a name="4.3.9"></a>
+<h2>4.3.9</h2>
+
+<ul>
+ <li>Released: 22 Sep 2004</li>
+ <li>Announcement: <a href="/release_4_3_9.php">English</a></li>
+ <li><a href="/ChangeLog-4.php#4.3.9">ChangeLog</a></li>
+ <li>
+  Download:
+  <ul>
+   <li>
+    <?php download_link('php-4.3.9.tar.bz2','Source (tar.bz2)'); ?><br />
+    <span class="md5sum">md5: b799bbb330da60324d972641baab693c</span>
+   </li>
+   <li>
+    <?php download_link('php-4.3.9.tar.gz','Source (tar.gz)'); ?><br />
+    <span class="md5sum">md5: c685cb76bff996a4dff87097c43e6987</span>
+   </li>
+   <li>
+    <?php download_link('php-4.3.9-Win32.zip','Windows binary'); ?><br />
+    <span class="md5sum">md5: c4a4c349e729b339a27c72abe833c58d</span>
+   </li>
+   <li>
+    <?php download_link('php-4.3.9-installer.exe','Windows installer'); ?><br />
+    <span class="md5sum">md5: 4a2af567ba607e40e4ca4e58adba5cc0</span>
+   </li>
+  </ul>
+ </li>
+</ul>
+
+
 <a name="4.3.8"></a>
 <h2>4.3.8</h2>