--- php/php-src/branches/PHP_5_2/NEWS	2009/11/12 15:51:39	290588
+++ php/php-src/tags/php_5_2_12RC2/NEWS	2009/11/27 03:16:26	291338
@@ -1,5 +1,36 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+26 Nov 2009, PHP 5.2.12RC2
+- Updated timezone database to version 2009.19 (2009s). (Derick)
+
+- Changed "post_max_size" php.ini directive to allow unlimited post size by
+  setting it to 0. (Rasmus)
+
+- Fixed the m4 scripts to support autoconf-2.64+. (Rasmus)
+- Fixed error_log() to be binary safe when using message_type 3. (Jani)
+
+- Fixed bug #50285 (xmlrpc does not preserve keys in encoded indexed arrays).
+  (Felipe)
+- Fixed bug #50282 (xmlrpc_encode_request() changes object into array in 
+  calling function). (Felipe)
+- Fixed bug #50255 (isset() and empty() silently casts array to object).
+  (Felipe)
+- Fixed bug #50219 (soap call Segmentation fault on a redirected url).
+  (Pierrick)
+- Fixed bug #50207 (segmentation fault when concatenating very large strings
+  on 64bit linux). (Ilia)
+- Fixed bug #50195 (pg_copy_to() fails when table name contains schema. (Ilia)
+- Fixed bug #50185 (ldap_get_entries() return false instead of an empty array
+  when there is no error). (Jani)
+- Fixed bug #50174 (Incorrectly matched docComment). (Felipe)
+- Fixed bug #50158 (FILTER_VALIDATE_EMAIL fails with valid addresses
+  containing = or ?). (Pierrick)
+- Fixed bug #49677 (ini parser crashes with apache2 and using ${something}
+  ini variables). (Jani)
+- Fixed bug #49521 (PDO fetchObject sets values before calling constructor).
+  (Pierrick)
+
+
 12 Nov 2009, PHP 5.2.12RC1
 - Updated timezone database to version 2009.18 (2009r). (Derick)

--- php/php-src/branches/PHP_5_3/NEWS	2009/06/29 13:04:30	283022
+++ php/php-src/tags/php_5_3_1/NEWS	2009/11/18 20:08:14	290929
@@ -1,5 +1,253 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+19 Nov 2009, PHP 5.3.1
+
+- Added "max_file_uploads" INI directive, which can be set to limit the
+  number of file uploads per-request to 20 by default, to prevent possible
+  DOS via temporary file exhaustion. (Ilia)
+- Added missing sanity checks around exif processing. (Ilia)
+- Added error constant when json_encode() detects an invalid UTF-8 sequence.
+  (Scott)
+- Added support for ACL on Windows for thread safe SAPI (Apache2 for example)
+  and fix its support on NTS. (Pierre)
+
+- Upgraded bundled sqlite to version 3.6.19. (Scott)
+- Updated timezone database to version 2009.17 (2009q). (Derick)
+
+- Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
+- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak.  
+  (Rasmus)
+- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz 
+  Stachowiak.  (Rasmus)
+- Fixed certificate validation inside php_openssl_apply_verification_policy
+  (Ryan Sleevi, Ilia)
+- Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery()
+  when calling using Reflection. (Felipe)
+- Fixed crash when instantiating PDORow and PDOStatement through Reflection.
+  (Felipe)
+- Fixed sanity check for the color index in imagecolortransparent. (Pierre)
+- Fixed scandir/readdir when used mounted points on Windows. (Pierre)
+- Fixed zlib.deflate compress filter to actually accept level parameter. (Jani)
+- Fixed leak on error in popen/exec (and related functions) on Windows.
+  (Pierre)
+- Fixed possible bad caching of symlinked directories in the realpath cache
+  on Windows. (Pierre)
+- Fixed atime and mtime in stat related functions on Windows. (Pierre)
+- Fixed spl_autoload_unregister/spl_autoload_functions wrt. Closures and
+  Functors. (Christian Seiler)
+- Fixed open_basedir circumvention for "mail.log" ini directive.
+  (Maksymilian Arciemowicz, Stas)
+- Fixed signature generation/validation for zip archives in ext/phar. (Greg)
+- Fixed memory leak in stream_is_local(). (Felipe, Tony)
+- Fixed BC break in mime_content_type(), removes the content encoding. (Scott) 
+
+- Changed ini file directives [PATH=](on Win32) and [HOST=](on all) to be case 
+  insensitive (garretts)
+- Restored shebang line check to CGI sapi (not checked by scanner anymore).
+  (Jani)
+
+- Improve symbolic, mounted volume and junctions support for realpath on 
+  Windows. (Pierre)
+- Improved readlink on Windows, suppress \??\ and use the drive syntax only.
+  (Pierre)
+- Improved dns_get_record() AAAA support on windows. Always available when
+  IPv6 is support is installed, format is now the same than on unix. (Pierre)
+- Improved the DNS functions on OSX to use newer APIs, also use Bind 9 API
+  where available on other platforms. (Scott)
+- Improved shared extension loading on OSX to use the standard Unix dlopen()
+  API. (Scott)
+
+- Fixed bug #50063 (safe_mode_include_dir fails). (Johannes, christian at
+  elmerot dot se)
+- Fixed bug #50052 (Different Hashes on Windows and Linux on wrong Salt size).
+  (Pierre)
+- Fixed bug #49910 (no support for ././@LongLink for long filenames in phar
+  tar support). (Greg)
+- Fixed bug #49908 (throwing exception in __autoload crashes when interface
+  is not defined). (Felipe)
+- Fixed bug #49847 (exec() fails to return data inside 2nd parameter, given
+  output lines >4095 bytes). (Ilia)
+- Fixed bug #49809 (time_sleep_until() is not available on OpenSolaris). (Jani)
+- Fixed bug #49757 (long2ip() can return wrong value in a multi-threaded
+  applications). (Ilia, Florian Anderiasch)
+- Fixed bug #49738 (calling mcrypt after mcrypt_generic_deinit crashes).
+  (Sriram Natarajan)
+- Fixed bug #49732 (crashes when using fileinfo when timestamp conversion
+  fails). (Pierre)
+- Fixed bug #49698 (Unexpected change in strnatcasecmp()). (Rasmus)
+- Fixed bug #49630 (imap_listscan function missing). (Felipe)
+- Fixed bug #49572 (use of C++ style comments causes build failure).
+  (Sriram Natarajan)
+- Fixed bug #49531 (CURLOPT_INFILESIZE sometimes causes warning "CURLPROTO_FILE
+  cannot be set"). (Felipe)
+- Fixed bug #49517 (cURL's CURLOPT_FILE prevents file from being deleted after
+  fclose). (Ilia)
+- Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters).
+  (Ilia)
+- Fixed bug #49447 (php engine need to correctly check for socket API 
+  return status on windows). (Sriram Natarajan)
+- Fixed bug #49391 (ldap.c utilizing deprecated ldap_modify_s). (Ilia)
+- Fixed bug #49361 (wordwrap() wraps incorrectly on end of line boundaries).
+  (Ilia, code-it at mail dot ru)
+- Fixed bug #49372 (segfault in php_curl_option_curl). (Pierre)
+- Fixed bug #49306 (inside pdo_mysql default socket settings are ignored).
+  (Ilia)
+- Fixed bug #49289 (bcmath module doesn't compile with phpize configure).
+  (Jani)
+- Fixed bug #49286 (php://input (php_stream_input_read) is broken). (Jani)
+- Fixed bug #49269 (Ternary operator fails on Iterator object when used inside
+  foreach declaration). (Etienne, Dmitry)
+- Fixed bug #49236 (Missing PHP_SUBST(PDO_MYSQL_SHARED_LIBADD)). (Jani)
+- Fixed bug #49223 (Inconsistency using get_defined_constants). (Garrett)
+- Fixed bug #49193 (gdJpegGetVersionString() inside gd_compact identifies
+  wrong type in declaration). (Ilia)
+- Fixed bug #49183 (dns_get_record does not return NAPTR records). (Pierre)
+- Fixed bug #49144 (Import of schema from different host transmits original
+  authentication details). (Dmitry)
+- Fixed bug #49142 (crash when exception thrown from __tostring()).
+  (David Soria Parra)
+- Fixed bug #49986 (Missing ICU DLLs on windows package). (Pierre)
+- Fixed bug #49132 (posix_times returns false without error).
+  (phpbugs at gunnu dot us)
+- Fixed bug #49125 (Error in dba_exists C code). (jdornan at stanford dot edu)
+- Fixed bug #49122 (undefined reference to mysqlnd_stmt_next_result on compile
+  with --with-mysqli and MySQL 6.0). (Jani)
+- Fixed bug #49108 (2nd scan_dir produces segfault). (Felipe)
+- Fixed bug #49098 (mysqli segfault on error). (Rasmus)
+- Fixed bug #49095 (proc_get_status['exitcode'] fails on win32). (Felipe)
+- Fixed bug #49092 (ReflectionFunction fails to work with functions in fully
+  qualified namespaces). (Kalle, Jani)
+- Fixed bug #49074 (private class static fields can be modified by using
+  reflection). (Jani)
+- Fixed bug #49072 (feof never returns true for damaged file in zip). (Pierre)
+- Fixed bug #49065 ("disable_functions" php.ini option does not work on 
+  Zend extensions). (Stas)
+- Fixed bug #49064 (--enable-session=shared does not work: undefined symbol:
+  php_url_scanner_reset_vars). (Jani)
+- Fixed bug #49056 (parse_ini_file() regression in 5.3.0 when using non-ASCII
+  strings as option keys). (Jani)
+- Fixed bug #49052 (context option headers freed too early when using
+  --with-curlwrappers). (Jani)
+- Fixed bug #49047 (The function touch() fails on directories on Windows).
+  (Pierre)
+- Fixed bug #49032 (SplFileObject::fscanf() variables passed by reference).
+  (Jani)
+- Fixed bug #49027 (mysqli_options() doesn't work when using mysqlnd). (Andrey)
+- Fixed bug #49026 (proc_open() can bypass safe_mode_protected_env_vars
+  restrictions). (Ilia)
+- Fixed bug #49012 (phar tar signature algorithm reports as Unknown (0) in
+  getSignature() call). (Greg)
+- Fixed bug #49020 (phar misinterprets ustar long filename standard).
+  (Greg)
+- Fixed bug #49018 (phar tar stores long filenames wit prefix/name reversed).
+  (Greg)
+- Fixed bug #49014 (dechunked filter broken when serving more than 8192 bytes
+  in a chunk). (andreas dot streichardt at globalpark dot com, Ilia)
+- Fixed bug #49000 (PHP CLI in Interactive mode (php -a) crashes 
+  when including files from function). (Stas)
+- Fixed bug #48994 (zlib.output_compression does not output HTTP headers when
+  set to a string value). (Jani)
+- Fixed bug #48980 (Crash when compiling with pdo_firebird). (Felipe)
+- Fixed bug #48962 (cURL does not upload files with specified filename).
+  (Ilia)
+- Fixed bug #48929 (Double \r\n after HTTP headers when "header" context
+  option is an array). (David Z端lke)
+- Fixed bug #48913 (Too long error code strings in pdo_odbc driver).
+  (naf at altlinux dot ru, Felipe)
+- Fixed bug #48912 (Namespace causes unexpected strict behaviour with
+  extract()). (Dmitry)
+- Fixed bug #48909 (Segmentation fault in mysqli_stmt_execute()). (Andrey)
+- Fixed bug #48899 (is_callable returns true even if method does not exist in
+  parent class). (Felipe)
+- Fixed bug #48893 (Problems compiling with Curl). (Felipe)
+- Fixed bug #48872 (string.c: errors: duplicate case values). (Kalle)
+- Fixed bug #48854 (array_merge_recursive modifies arrays after first one).
+  (Felipe)
+- Fixed bug #48805 (IPv6 socket transport is not working). (Ilia)
+- Fixed bug #48802 (printf() returns incorrect outputted length). (Jani)
+- Fixed bug #48880 (Random Appearing open_basedir problem). (Rasmus, Gwynne)
+- Fixed bug #48791 (open office files always reported as corrupted). (Greg)
+- Fixed bug #48788 (RecursiveDirectoryIterator doesn't descend into symlinked
+  directories). (Ilia)
+- Fixed bug #48783 (make install will fail saying phar file exists). (Greg)
+- Fixed bug #48774 (SIGSEGVs when using curl_copy_handle()).
+  (Sriram Natarajan)
+- Fixed bug #48771 (rename() between volumes fails and reports no error on 
+  Windows). (Pierre)
+- Fixed bug #48768 (parse_ini_*() crash with INI_SCANNER_RAW). (Jani)
+- Fixed bug #48763 (ZipArchive produces corrupt archive). (dani dot church at 
+  gmail dot com, Pierre)
+- Fixed bug #48762 (IPv6 address filter still rejects valid address). (Felipe)
+- Fixed bug #48757 (ReflectionFunction::invoke() parameter issues). (Kalle)
+- Fixed bug #48754 (mysql_close() crash php when no handle specified).
+  (Johannes, Andrey)
+- Fixed bug #48752 (Crash during date parsing with invalid date). (Pierre)
+- Fixed bug #48746 (Unable to browse directories within Junction Points).
+  (Pierre, Kanwaljeet Singla)
+- Fixed bug #48745 (mysqlnd: mysql_num_fields returns wrong column count for
+  mysql_list_fields). (Andrey)
+- Fixed bug #48740 (PHAR install fails when INSTALL_ROOT is not the final
+  install location). (james dot cohen at digitalwindow dot com, Greg)
+- Fixed bug #48733 (CURLOPT_WRITEHEADER|CURLOPT_FILE|CURLOPT_STDERR warns on
+  files that have been opened with r+). (Ilia)
+- Fixed bug #48719 (parse_ini_*(): scanner_mode parameter is not checked for
+  sanity). (Jani)
+- Fixed bug #48718 (FILTER_VALIDATE_EMAIL does not allow numbers in domain  
+  components). (Ilia)
+- Fixed bug #48681 (openssl signature verification for tar archives broken).
+  (Greg)
+- Fixed bug #48660 (parse_ini_*(): dollar sign as last character of value
+  fails). (Jani)
+- Fixed bug #48645 (mb_convert_encoding() doesn't understand hexadecimal
+  html-entities). (Moriyoshi)
+- Fixed bug #48637 ("file" fopen wrapper is overwritten when using
+  --with-curlwrappers). (Jani)
+- Fixed bug #48608 (Invalid libreadline version not detected during configure).
+  (Jani)
+- Fixed bug #48400 (imap crashes when closing stream opened with
+  OP_PROTOTYPE flag). (Jani)
+- Fixed bug #48377 (error message unclear on converting phar with existing
+  file). (Greg)
+- Fixed bug #48247 (Infinite loop and possible crash during startup with
+  errors when errors are logged). (Jani)
+- Fixed bug #48198 error: 'MYSQLND_LLU_SPEC' undeclared. Cause for #48780 and
+  #46952 - both fixed too. (Andrey)
+- Fixed bug #48189 (ibase_execute error in return param). (Kalle)
+- Fixed bug #48182 (ssl handshake fails during asynchronous socket connection).
+  (Sriram Natarajan)
+- Fixed bug #48116 (Fixed build with Openssl 1.0). (Pierre, 
+  Al dot Smith at aeschi dot ch dot eu dot org)
+- Fixed bug #48057 (Only the date fields of the first row are fetched, others
+  are empty). (info at programmiernutte dot net)
+- Fixed bug #47481 (natcasesort() does not sort extended ASCII characters
+  correctly). (Herman Radtke)
+- Fixed bug #47351 (Memory leak in DateTime). (Derick, Tobias John)
+- Fixed bug #47273 (Encoding bug in SoapServer->fault). (Dmitry)
+- Fixed bug #46682 (touch() afield returns different values on windows).
+  (Pierre)
+- Fixed bug #46614 (Extended MySQLi class gives incorrect empty() result).
+  (Andrey)
+- Fixed bug #46020 (with Sun Java System Web Server 7.0 on HPUX, #define HPUX).
+  (Uwe Schindler)
+- Fixed bug #45905 (imagefilledrectangle() clipping error).
+  (markril at hotmail dot com, Pierre)
+- Fixed bug #45554 (Inconsistent behavior of the u format char). (Derick)
+- Fixed bug #45141 (setcookie will output expires years of >4 digits). (Ilia)
+- Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)
+- Fixed bug #43510 (stream_get_meta_data() does not return same mode as used
+  in fopen). (Jani)
+- Fixed bug #42434 (ImageLine w/ antialias = 1px shorter). (wojjie at gmail dot
+  com, Kalle)
+- Fixed bug #40013 (php_uname() does not return nodename on Netware (Guenter
+  Knauf)
+- Fixed bug #38091 (Mail() does not use FQDN when sending SMTP helo). 
+  (Kalle, Rick Yorgason)
+- Fixed bug #28038 (Sent incorrect RCPT TO commands to SMTP server) (Garrett)
+- Fixed bug #27051 (Impersonation with FastCGI does not exec process as 
+  impersonated user). (Pierre)
+- Fixed PECL bug #16842 (oci_error return false when NO_DATA_FOUND is raised).
+  (Chris Jones)
+
 30 Jun 2009, PHP 5.3.0
 - Upgraded bundled PCRE to version 7.9. (Nuno)
 - Upgraded bundled sqlite to version 3.6.15. (Scott)

--- php/php-src/branches/PHP_5_2/NEWS	2009/09/16 12:55:12	288373
+++ php/php-src/branches/PHP_5_2/NEWS	2009/11/12 15:51:39	290588
@@ -1,80 +1,132 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-17 Sep 2009, PHP 5.2.11
-- Fixed certificate validation inside php_openssl_apply_verification_policy.
-  (Ryan Sleevi, Ilia)
+12 Nov 2009, PHP 5.2.12RC1
+- Updated timezone database to version 2009.18 (2009r). (Derick)
 
+- Added "max_file_uploads" INI directive, which can be set to limit the
+  number of file uploads per-request to 20 by default, to prevent possible
+  DOS via temporary file exhaustion. (Ilia)
+
+- Fixed unnecessary invocation of setitimer when timeouts have been disabled.
+  (Arvind Srinivasan)
+- Fixed crash in com_print_typeinfo when an invalid typelib is given.
+  (Pierre)
+- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak.  
+  (Rasmus)
+- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz 
+  Stachowiak. (Rasmus)
+- Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery()
+  when calling using Reflection. (Felipe)
+- Fixed crash when instantiating PDORow and PDOStatement through Reflection.
+  (Felipe)
+- Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)

--- php/php-src/branches/PHP_5_3/NEWS	2009/10/20 20:09:24	289812
+++ php/php-src/branches/PHP_5_3/NEWS	2009/11/03 16:48:52	290172
@@ -1,18 +1,40 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 20??, PHP 5.3.2
+- Upgraded bundled PCRE to version 8.00. (Scott)
+
+- Added "max_file_uploads" INI directive, which can be set to limit the
+  number of file uploads per-request to 100 by default, to prevent possible
+  DOS via temporary file exhaustion. (Ilia)
 - Added ReflectionMethod::setAccessible() for invoking non-public methods
   through the Reflection API. (Sebastian)
-
+- Added Collator::getSortKey for intl extension. (Stas)
+  
 - Implemented FR #49571 (CURLOPT_POSTREDIR not implemented). (Sriram Natarajan)
 - Implemented FR #49253 (added support for libcurl's CERTINFO option).
   (Linus Nielsen Feltzing <linus@haxx.se>)
-  
+
+- Fixed memory leak in extension loading when an error occurs on Windows.
+  (Pierre)
+
+- Fixed bug #50023 (pdo_mysql doesn't use PHP_MYSQL_UNIX_SOCK_ADDR). (Ilia)
+- Fixed bug #49908 (throwing exception in __autoload crashes when interface
+  is not defined). (Felipe)
+- Fixed bug #49719 (ReflectionClass::hasProperty returns true for a private 
+  property in base class). (Felipe)
+- Fixed bug #49142 (crash when exception thrown from __tostring()).
+  (David Soria Parra)
+- Fixed bug #49990 (SNMP3 warning message about security level printed twice).
+  (Jani)
+- Fixed bug #49985 (pdo_pgsql prepare() re-use previous aborted
+  transaction). (ben dot pineau at gmail dot com, Ilia)  
+- Fixed bug #49921 (Curl post upload functions changed). (Ilia)
 - Fixed bug #49855 (import_request_variables() always returns NULL). (Ilia,
   sjoerd at php dot net)
 - Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning).
   (Ilia, wmeler at wp-sa dot pl)
 - Fixed bug #49647 (DOMUserData does not exist). (Rob)
+- Fixed bug #49244 (Floating point NaN cause garbage characters). (Sjoerd)
 - Fixed bug #49224 (Compile error due to old DNS functions on AIX systems).
   (Scott)