PHP 5.3.29 (except frontpage announcement)

2026-03-24 15:22:19 +01:00 · 2014-08-14 14:24:24 +02:00
parent 75cc7f68fb
commit fa0cd6bb53
3 changed files with 99 additions and 5 deletions
--- a/ChangeLog-5.php
+++ b/ChangeLog-5.php
@@ -8,6 +8,68 @@ site_header("PHP 5 ChangeLog", array("current" => "docs", "css" => array("change

 <h1>PHP 5 ChangeLog</h1>

+<section class="version" id="5.3.29"><!-- {{{ 5.3.29 -->
+<h3>Version 5.3.29</h3>
+<?php release_date('14-Aug-2014'); ?>
+<ul><li>Core:
+<ul>
+  <li><?php bugfix(66127); ?> (Segmentation fault with ArrayObject unset).</li>
+  <li><?php bugfix(67247); ?> (spl_fixedarray_resize integer overflow).</li>
+  <li><?php bugfix(67249); ?> (printf out-of-bounds read).</li>
+  <li><?php bugfix(67250); ?> (iptcparse out-of-bounds read).</li>
+  <li><?php bugfix(67252); ?> (convert_uudecode out-of-bounds read).</li>
+  <li><?php bugfix(67359); ?> (Segfault in recursiveDirectoryIterator).</li>
+  <li><?php bugfix(67390); ?> (insecure temporary file use in the configure script). (CVE-2014-3981)</li>
+  <li><?php bugfix(67399); ?> (putenv with empty variable may lead to crash).</li>
+  <li><?php bugfix(67492); ?> (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515).</li>
+  <li><?php bugfix(67498); ?> (phpinfo() Type Confusion Information Leak Vulnerability).</li>
+</li>
+</ul></li>
+<li>COM:
+<ul>
+  <li>Fixed missing type checks in com_event_sink.</li>
+</ul></li>
+<li>Date:
+<ul>
+  <li><?php bugfix(66060); ?> (Heap buffer over-read in DateInterval). (CVE-2013-6712)</li>
+  <li><?php bugfix(67251); ?> (date_parse_from_format out-of-bounds read).</li>
+  <li><?php bugfix(67253); ?> (timelib_meridian_with_check out-of-bounds read).</li>
+</ul></li>
+<li>Exif:
+<ul>
+  <li><?php bugfix(65873); ?> (Integer overflow in exif_read_data()).</li>
+</ul></li>
+<li>Fileinfo:
+<ul>
+  <li><?php bugfix(66307); ?> (Fileinfo crashes with powerpoint files).</li>
+  <li><?php bugfix(67326); ?> (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)</li>
+  <li><?php bugfix(67327); ?> (fileinfo: CDF infinite loop in nelements DoS). (CVE-2014-0238)</li>
+  <li><?php bugfix(67328); ?> (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation). (CVE-2014-0237)</li>
+  <li><?php bugfix(67410); ?> (fileinfo: mconvert incorrect handling of truncated pascal string size).</li>
+  <li><?php bugfix(67411); ?> (fileinfo: cdf_check_stream_offset insufficient boundary check).</li>
+  <li><?php bugfix(67412); ?> (fileinfo: cdf_count_chain insufficient boundary check).</li>
+  <li><?php bugfix(67413); ?> (fileinfo: cdf_read_property_info insufficient boundary check).</li>
+</ul></li>
+<li>Intl:
+<ul>
+  <li><?php bugfix(67349); ?> (Locale::parseLocale Double Free).</li>
+  <li><?php bugfix(67397); ?> (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)).</li>
+</ul></li>
+<li>Network:
+<ul>
+  <li><?php bugfix(67432); ?> (Fix potential segfault in dns_check_record()). (CVE-2014-4049)</li>
+</ul></li>
+<li>OpenSSL:
+<ul>
+  <li>Fixed missing type checks in OpenSSL options.</li>
+</ul></li>
+<li>Session:
+<ul>
+  <li>Fixed missing type checks in php_session_create_id.</li>
+</ul></li>
+</ul>
+<!-- }}} --></section>
+
 <section class="version" id="5.5.15"><!-- {{{ 5.5.15 -->
 <h3>Version 5.5.15</h3>
 <?php release_date('24-Jul-2014'); ?>
--- a/include/releases.inc
+++ b/include/releases.inc
@@ -1431,6 +1431,37 @@ $OLDRELEASES = array (
      'date' => '01 March 2012',
      'museum' => true,
    ),
+    '5.3.28' =>
+    array (
+      'announcement' => 
+      array (
+        'English' => '/releases/5_3_28.php',
+      ),
+      'source' => 
+      array (
+        0 => 
+        array (
+          'filename' => 'php-5.3.28.tar.bz2',
+          'name' => 'PHP 5.3.28 (tar.bz2)',
+          'md5' => '56ff88934e068d142d6c0deefd1f396b',
+          'date' => '12 Dec 2013',
+        ),
+        1 => 
+        array (
+          'filename' => 'php-5.3.28.tar.gz',
+          'name' => 'PHP 5.3.28 (tar.gz)',
+          'md5' => 'eec3fb5ccb6d8c238f973d306bebb00e',
+          'date' => '12 Dec 2013',
+        ),
+        2 => 
+        array (
+          'link' => 'http://windows.php.net/download/#php-5.3',
+          'name' => 'Windows 5.3.28 binaries and source',
+        ),
+      ),
+      'date' => '11 Jul 2013',
+      'museum' => false,
+    ),
    '5.3.27' => 
    array (
      'announcement' => 
--- a/include/version.inc
+++ b/include/version.inc
@@ -37,15 +37,16 @@ $PHP_5_4_MD5     = array(
 );

 /* PHP 5.3 Release */
-$PHP_5_3_RC      = '5.3.29RC1'; // Current RC version (e.g., '5.6.7RC1') or false
+$PHP_5_3_RC      = false; //'5.3.29RC1'; // Current RC version (e.g., '5.6.7RC1') or false
 $PHP_5_3_RC_DATE = '31 Jul 2013';

-$PHP_5_3_VERSION         = "5.3.28";
-$PHP_5_3_DATE            = "12 Dec 2013";
+$PHP_5_3_VERSION         = "5.3.29";
+$PHP_5_3_DATE            = "14 Aug 2014";

 $PHP_5_3_MD5     = array(
-                       "tar.bz2"       => "56ff88934e068d142d6c0deefd1f396b",
-                       "tar.gz"        => "eec3fb5ccb6d8c238f973d306bebb00e",
+                       "tar.bz2"       => "9469e240cbe6ac865aeaec89b253dd30",
+                       "tar.gz"        => "ebfa96ea636b2a7ece71e78ad116a338",
+                       "tar.xz"        => "dcff9c881fe436708c141cfc56358075"
 );

 $RELEASES = array(