5.2.12C2 out!
RC2の登場です(1・2・3・4・5)。
5.2.12RC1から5.2.12RC2までの修正状況は以下の通り。
個人的には目立った修正は見当たりませんでした。
--- php/php-src/branches/PHP_5_2/NEWS 2009/11/12 15:51:39 290588 +++ php/php-src/tags/php_5_2_12RC2/NEWS 2009/11/27 03:16:26 291338 @@ -1,5 +1,36 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| +26 Nov 2009, PHP 5.2.12RC2 +- Updated timezone database to version 2009.19 (2009s). (Derick) + +- Changed "post_max_size" php.ini directive to allow unlimited post size by + setting it to 0. (Rasmus) + +- Fixed the m4 scripts to support autoconf-2.64+. (Rasmus) +- Fixed error_log() to be binary safe when using message_type 3. (Jani) + +- Fixed bug #50285 (xmlrpc does not preserve keys in encoded indexed arrays). + (Felipe) +- Fixed bug #50282 (xmlrpc_encode_request() changes object into array in + calling function). (Felipe) +- Fixed bug #50255 (isset() and empty() silently casts array to object). + (Felipe) +- Fixed bug #50219 (soap call Segmentation fault on a redirected url). + (Pierrick) +- Fixed bug #50207 (segmentation fault when concatenating very large strings + on 64bit linux). (Ilia) +- Fixed bug #50195 (pg_copy_to() fails when table name contains schema. (Ilia) +- Fixed bug #50185 (ldap_get_entries() return false instead of an empty array + when there is no error). (Jani) +- Fixed bug #50174 (Incorrectly matched docComment). (Felipe) +- Fixed bug #50158 (FILTER_VALIDATE_EMAIL fails with valid addresses + containing = or ?). (Pierrick) +- Fixed bug #49677 (ini parser crashes with apache2 and using ${something} + ini variables). (Jani) +- Fixed bug #49521 (PDO fetchObject sets values before calling constructor). + (Pierrick) + + 12 Nov 2009, PHP 5.2.12RC1 - Updated timezone database to version 2009.18 (2009r). (Derick)
Added "max_file_uploads" INI directive in 4.4.9
大垣さんのつぶやきで知ったのですが、正式にサポート終了しているとはいえ完全に根絶されているとは思えないのでパッチを作ってみました。
#include "zend_ini.h" を追加したら reference error undefined symbol が解消されるのは意味不明だったけど。。。生成された Makefile が腐ってる?
display_errorsをOnにしている環境だと同時にdisplay_startup_errorsをOnにしないと警告が出ないので注意してください。。。モロにハマった。_| ̄|○
diff -urN php-4.4.9,orig/main/main.c php-4.4.9/main/main.c --- php-4.4.9,orig/main/main.c 2007-12-31 16:22:54.000000000 +0900 +++ php-4.4.9/main/main.c 2009-11-25 14:45:09.000000000 +0900 @@ -357,6 +357,7 @@ PHP_INI_ENTRY("sendmail_path", DEFAULT_SENDMAIL_PATH, PHP_INI_SYSTEM, NULL) PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, NULL) PHP_INI_ENTRY("disable_classes", "", PHP_INI_SYSTEM, NULL) + PHP_INI_ENTRY("max_file_uploads", "20", PHP_INI_SYSTEM, NULL) STD_PHP_INI_BOOLEAN("allow_url_fopen", "1", PHP_INI_SYSTEM, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals) STD_PHP_INI_BOOLEAN("always_populate_raw_post_data", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, always_populate_raw_post_data, php_core_globals, core_globals) diff -urN php-4.4.9,orig/main/rfc1867.c php-4.4.9/main/rfc1867.c --- php-4.4.9,orig/main/rfc1867.c 2007-12-31 16:22:55.000000000 +0900 +++ php-4.4.9/main/rfc1867.c 2009-11-25 15:43:30.000000000 +0900 @@ -28,6 +28,7 @@ #include "php.h" #include "php_open_temporary_file.h" #include "zend_globals.h" +#include "zend_ini.h" #include "php_globals.h" #include "php_variables.h" #include "rfc1867.h" @@ -787,6 +788,12 @@ zval *array_ptr = (zval *) arg; int fd=-1; zend_llist header; + char *max_uploads = INI_STR("max_file_uploads"); + int upload_cnt = 0; + + if (max_uploads && *max_uploads) { + upload_cnt = atoi(max_uploads); + } if (SG(request_info).content_length > SG(post_max_size)) { sapi_module.sapi_error(E_WARNING, "POST Content-Length of %ld bytes exceeds the limit of %ld bytes", SG(request_info).content_length, SG(post_max_size)); @@ -933,6 +940,14 @@ continue; } + /* If file_uploads=off, skip the file part */ + if (!PG(file_uploads)) { + skip_upload = 1; + } else if (upload_cnt <= 0) { + skip_upload = 1; + sapi_module.sapi_error(E_WARNING, "Maximum number of allowable file uploads has been exceeded"); + } + /* Return with an error if the posted data is garbled */ if (!param) { sapi_module.sapi_error(E_WARNING, "File Upload Mime headers garbled"); @@ -970,6 +985,7 @@ if (!skip_upload) { /* Handle file */ fd = php_open_temporary_fd(PG(upload_tmp_dir), "php", &temp_filename TSRMLS_CC); + upload_cnt--; if (fd==-1) { sapi_module.sapi_error(E_WARNING, "File upload error - unable to create a temporary file"); cancel_upload = UPLOAD_ERROR_E;
5.3.1 ready?
この辺(1・2)を参照されたし。
時間が経てば玉(アーカイブ)もできるでしょう。。。きっと。
5.3.0から5.3.1までの修正状況は以下の通り。
メジャーアップグレード後の第一発目なので修正量も半端ではありませんね。
今回よりアップロードファイル数の制限が加わっていますので該当する方は設定値に気をつけてください。
--- php/php-src/branches/PHP_5_3/NEWS 2009/06/29 13:04:30 283022 +++ php/php-src/tags/php_5_3_1/NEWS 2009/11/18 20:08:14 290929 @@ -1,5 +1,253 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| +19 Nov 2009, PHP 5.3.1 + +- Added "max_file_uploads" INI directive, which can be set to limit the + number of file uploads per-request to 20 by default, to prevent possible + DOS via temporary file exhaustion. (Ilia) +- Added missing sanity checks around exif processing. (Ilia) +- Added error constant when json_encode() detects an invalid UTF-8 sequence. + (Scott) +- Added support for ACL on Windows for thread safe SAPI (Apache2 for example) + and fix its support on NTS. (Pierre) + +- Upgraded bundled sqlite to version 3.6.19. (Scott) +- Updated timezone database to version 2009.17 (2009q). (Derick) + +- Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre) +- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. + (Rasmus) +- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz + Stachowiak. (Rasmus) +- Fixed certificate validation inside php_openssl_apply_verification_policy + (Ryan Sleevi, Ilia) +- Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() + when calling using Reflection. (Felipe) +- Fixed crash when instantiating PDORow and PDOStatement through Reflection. + (Felipe) +- Fixed sanity check for the color index in imagecolortransparent. (Pierre) +- Fixed scandir/readdir when used mounted points on Windows. (Pierre) +- Fixed zlib.deflate compress filter to actually accept level parameter. (Jani) +- Fixed leak on error in popen/exec (and related functions) on Windows. + (Pierre) +- Fixed possible bad caching of symlinked directories in the realpath cache + on Windows. (Pierre) +- Fixed atime and mtime in stat related functions on Windows. (Pierre) +- Fixed spl_autoload_unregister/spl_autoload_functions wrt. Closures and + Functors. (Christian Seiler) +- Fixed open_basedir circumvention for "mail.log" ini directive. + (Maksymilian Arciemowicz, Stas) +- Fixed signature generation/validation for zip archives in ext/phar. (Greg) +- Fixed memory leak in stream_is_local(). (Felipe, Tony) +- Fixed BC break in mime_content_type(), removes the content encoding. (Scott) + +- Changed ini file directives [PATH=](on Win32) and [HOST=](on all) to be case + insensitive (garretts) +- Restored shebang line check to CGI sapi (not checked by scanner anymore). + (Jani) + +- Improve symbolic, mounted volume and junctions support for realpath on + Windows. (Pierre) +- Improved readlink on Windows, suppress \??\ and use the drive syntax only. + (Pierre) +- Improved dns_get_record() AAAA support on windows. Always available when + IPv6 is support is installed, format is now the same than on unix. (Pierre) +- Improved the DNS functions on OSX to use newer APIs, also use Bind 9 API + where available on other platforms. (Scott) +- Improved shared extension loading on OSX to use the standard Unix dlopen() + API. (Scott) + +- Fixed bug #50063 (safe_mode_include_dir fails). (Johannes, christian at + elmerot dot se) +- Fixed bug #50052 (Different Hashes on Windows and Linux on wrong Salt size). + (Pierre) +- Fixed bug #49910 (no support for ././@LongLink for long filenames in phar + tar support). (Greg) +- Fixed bug #49908 (throwing exception in __autoload crashes when interface + is not defined). (Felipe) +- Fixed bug #49847 (exec() fails to return data inside 2nd parameter, given + output lines >4095 bytes). (Ilia) +- Fixed bug #49809 (time_sleep_until() is not available on OpenSolaris). (Jani) +- Fixed bug #49757 (long2ip() can return wrong value in a multi-threaded + applications). (Ilia, Florian Anderiasch) +- Fixed bug #49738 (calling mcrypt after mcrypt_generic_deinit crashes). + (Sriram Natarajan) +- Fixed bug #49732 (crashes when using fileinfo when timestamp conversion + fails). (Pierre) +- Fixed bug #49698 (Unexpected change in strnatcasecmp()). (Rasmus) +- Fixed bug #49630 (imap_listscan function missing). (Felipe) +- Fixed bug #49572 (use of C++ style comments causes build failure). + (Sriram Natarajan) +- Fixed bug #49531 (CURLOPT_INFILESIZE sometimes causes warning "CURLPROTO_FILE + cannot be set"). (Felipe) +- Fixed bug #49517 (cURL's CURLOPT_FILE prevents file from being deleted after + fclose). (Ilia) +- Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters). + (Ilia) +- Fixed bug #49447 (php engine need to correctly check for socket API + return status on windows). (Sriram Natarajan) +- Fixed bug #49391 (ldap.c utilizing deprecated ldap_modify_s). (Ilia) +- Fixed bug #49361 (wordwrap() wraps incorrectly on end of line boundaries). + (Ilia, code-it at mail dot ru) +- Fixed bug #49372 (segfault in php_curl_option_curl). (Pierre) +- Fixed bug #49306 (inside pdo_mysql default socket settings are ignored). + (Ilia) +- Fixed bug #49289 (bcmath module doesn't compile with phpize configure). + (Jani) +- Fixed bug #49286 (php://input (php_stream_input_read) is broken). (Jani) +- Fixed bug #49269 (Ternary operator fails on Iterator object when used inside + foreach declaration). (Etienne, Dmitry) +- Fixed bug #49236 (Missing PHP_SUBST(PDO_MYSQL_SHARED_LIBADD)). (Jani) +- Fixed bug #49223 (Inconsistency using get_defined_constants). (Garrett) +- Fixed bug #49193 (gdJpegGetVersionString() inside gd_compact identifies + wrong type in declaration). (Ilia) +- Fixed bug #49183 (dns_get_record does not return NAPTR records). (Pierre) +- Fixed bug #49144 (Import of schema from different host transmits original + authentication details). (Dmitry) +- Fixed bug #49142 (crash when exception thrown from __tostring()). + (David Soria Parra) +- Fixed bug #49986 (Missing ICU DLLs on windows package). (Pierre) +- Fixed bug #49132 (posix_times returns false without error). + (phpbugs at gunnu dot us) +- Fixed bug #49125 (Error in dba_exists C code). (jdornan at stanford dot edu) +- Fixed bug #49122 (undefined reference to mysqlnd_stmt_next_result on compile + with --with-mysqli and MySQL 6.0). (Jani) +- Fixed bug #49108 (2nd scan_dir produces segfault). (Felipe) +- Fixed bug #49098 (mysqli segfault on error). (Rasmus) +- Fixed bug #49095 (proc_get_status['exitcode'] fails on win32). (Felipe) +- Fixed bug #49092 (ReflectionFunction fails to work with functions in fully + qualified namespaces). (Kalle, Jani) +- Fixed bug #49074 (private class static fields can be modified by using + reflection). (Jani) +- Fixed bug #49072 (feof never returns true for damaged file in zip). (Pierre) +- Fixed bug #49065 ("disable_functions" php.ini option does not work on + Zend extensions). (Stas) +- Fixed bug #49064 (--enable-session=shared does not work: undefined symbol: + php_url_scanner_reset_vars). (Jani) +- Fixed bug #49056 (parse_ini_file() regression in 5.3.0 when using non-ASCII + strings as option keys). (Jani) +- Fixed bug #49052 (context option headers freed too early when using + --with-curlwrappers). (Jani) +- Fixed bug #49047 (The function touch() fails on directories on Windows). + (Pierre) +- Fixed bug #49032 (SplFileObject::fscanf() variables passed by reference). + (Jani) +- Fixed bug #49027 (mysqli_options() doesn't work when using mysqlnd). (Andrey) +- Fixed bug #49026 (proc_open() can bypass safe_mode_protected_env_vars + restrictions). (Ilia) +- Fixed bug #49012 (phar tar signature algorithm reports as Unknown (0) in + getSignature() call). (Greg) +- Fixed bug #49020 (phar misinterprets ustar long filename standard). + (Greg) +- Fixed bug #49018 (phar tar stores long filenames wit prefix/name reversed). + (Greg) +- Fixed bug #49014 (dechunked filter broken when serving more than 8192 bytes + in a chunk). (andreas dot streichardt at globalpark dot com, Ilia) +- Fixed bug #49000 (PHP CLI in Interactive mode (php -a) crashes + when including files from function). (Stas) +- Fixed bug #48994 (zlib.output_compression does not output HTTP headers when + set to a string value). (Jani) +- Fixed bug #48980 (Crash when compiling with pdo_firebird). (Felipe) +- Fixed bug #48962 (cURL does not upload files with specified filename). + (Ilia) +- Fixed bug #48929 (Double \r\n after HTTP headers when "header" context + option is an array). (David Z端lke) +- Fixed bug #48913 (Too long error code strings in pdo_odbc driver). + (naf at altlinux dot ru, Felipe) +- Fixed bug #48912 (Namespace causes unexpected strict behaviour with + extract()). (Dmitry) +- Fixed bug #48909 (Segmentation fault in mysqli_stmt_execute()). (Andrey) +- Fixed bug #48899 (is_callable returns true even if method does not exist in + parent class). (Felipe) +- Fixed bug #48893 (Problems compiling with Curl). (Felipe) +- Fixed bug #48872 (string.c: errors: duplicate case values). (Kalle) +- Fixed bug #48854 (array_merge_recursive modifies arrays after first one). + (Felipe) +- Fixed bug #48805 (IPv6 socket transport is not working). (Ilia) +- Fixed bug #48802 (printf() returns incorrect outputted length). (Jani) +- Fixed bug #48880 (Random Appearing open_basedir problem). (Rasmus, Gwynne) +- Fixed bug #48791 (open office files always reported as corrupted). (Greg) +- Fixed bug #48788 (RecursiveDirectoryIterator doesn't descend into symlinked + directories). (Ilia) +- Fixed bug #48783 (make install will fail saying phar file exists). (Greg) +- Fixed bug #48774 (SIGSEGVs when using curl_copy_handle()). + (Sriram Natarajan) +- Fixed bug #48771 (rename() between volumes fails and reports no error on + Windows). (Pierre) +- Fixed bug #48768 (parse_ini_*() crash with INI_SCANNER_RAW). (Jani) +- Fixed bug #48763 (ZipArchive produces corrupt archive). (dani dot church at + gmail dot com, Pierre) +- Fixed bug #48762 (IPv6 address filter still rejects valid address). (Felipe) +- Fixed bug #48757 (ReflectionFunction::invoke() parameter issues). (Kalle) +- Fixed bug #48754 (mysql_close() crash php when no handle specified). + (Johannes, Andrey) +- Fixed bug #48752 (Crash during date parsing with invalid date). (Pierre) +- Fixed bug #48746 (Unable to browse directories within Junction Points). + (Pierre, Kanwaljeet Singla) +- Fixed bug #48745 (mysqlnd: mysql_num_fields returns wrong column count for + mysql_list_fields). (Andrey) +- Fixed bug #48740 (PHAR install fails when INSTALL_ROOT is not the final + install location). (james dot cohen at digitalwindow dot com, Greg) +- Fixed bug #48733 (CURLOPT_WRITEHEADER|CURLOPT_FILE|CURLOPT_STDERR warns on + files that have been opened with r+). (Ilia) +- Fixed bug #48719 (parse_ini_*(): scanner_mode parameter is not checked for + sanity). (Jani) +- Fixed bug #48718 (FILTER_VALIDATE_EMAIL does not allow numbers in domain + components). (Ilia) +- Fixed bug #48681 (openssl signature verification for tar archives broken). + (Greg) +- Fixed bug #48660 (parse_ini_*(): dollar sign as last character of value + fails). (Jani) +- Fixed bug #48645 (mb_convert_encoding() doesn't understand hexadecimal + html-entities). (Moriyoshi) +- Fixed bug #48637 ("file" fopen wrapper is overwritten when using + --with-curlwrappers). (Jani) +- Fixed bug #48608 (Invalid libreadline version not detected during configure). + (Jani) +- Fixed bug #48400 (imap crashes when closing stream opened with + OP_PROTOTYPE flag). (Jani) +- Fixed bug #48377 (error message unclear on converting phar with existing + file). (Greg) +- Fixed bug #48247 (Infinite loop and possible crash during startup with + errors when errors are logged). (Jani) +- Fixed bug #48198 error: 'MYSQLND_LLU_SPEC' undeclared. Cause for #48780 and + #46952 - both fixed too. (Andrey) +- Fixed bug #48189 (ibase_execute error in return param). (Kalle) +- Fixed bug #48182 (ssl handshake fails during asynchronous socket connection). + (Sriram Natarajan) +- Fixed bug #48116 (Fixed build with Openssl 1.0). (Pierre, + Al dot Smith at aeschi dot ch dot eu dot org) +- Fixed bug #48057 (Only the date fields of the first row are fetched, others + are empty). (info at programmiernutte dot net) +- Fixed bug #47481 (natcasesort() does not sort extended ASCII characters + correctly). (Herman Radtke) +- Fixed bug #47351 (Memory leak in DateTime). (Derick, Tobias John) +- Fixed bug #47273 (Encoding bug in SoapServer->fault). (Dmitry) +- Fixed bug #46682 (touch() afield returns different values on windows). + (Pierre) +- Fixed bug #46614 (Extended MySQLi class gives incorrect empty() result). + (Andrey) +- Fixed bug #46020 (with Sun Java System Web Server 7.0 on HPUX, #define HPUX). + (Uwe Schindler) +- Fixed bug #45905 (imagefilledrectangle() clipping error). + (markril at hotmail dot com, Pierre) +- Fixed bug #45554 (Inconsistent behavior of the u format char). (Derick) +- Fixed bug #45141 (setcookie will output expires years of >4 digits). (Ilia) +- Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre) +- Fixed bug #43510 (stream_get_meta_data() does not return same mode as used + in fopen). (Jani) +- Fixed bug #42434 (ImageLine w/ antialias = 1px shorter). (wojjie at gmail dot + com, Kalle) +- Fixed bug #40013 (php_uname() does not return nodename on Netware (Guenter + Knauf) +- Fixed bug #38091 (Mail() does not use FQDN when sending SMTP helo). + (Kalle, Rick Yorgason) +- Fixed bug #28038 (Sent incorrect RCPT TO commands to SMTP server) (Garrett) +- Fixed bug #27051 (Impersonation with FastCGI does not exec process as + impersonated user). (Pierre) +- Fixed PECL bug #16842 (oci_error return false when NO_DATA_FOUND is raised). + (Chris Jones) + 30 Jun 2009, PHP 5.3.0 - Upgraded bundled PCRE to version 7.9. (Nuno) - Upgraded bundled sqlite to version 3.6.15. (Scott)
PECL DTrace Package into core?
この辺(1・2)を見ていて気になったのが、PECL DTrace PackageがPHPアーカイブ中に含まれるようになった?
PHP Sources Snapshotsからソース一式を落としてきてgrepで確認。。。PHP6かららしい。
デフォルトでは有効にならず、コンパイル・オプションに「--enable-dtrace」が必要みたいですが、個人的にはPHPアーカイブ中に含まれるようになったのは嬉しいなっと。
それにしても、追加に関する意思決定はいつ頃行われたのだろうか。。。レポジトリには(今日時点で)役4ヶ月前くらいに投入されているようですが。
% cd /usr/local/src % gtar zxf ./php5.2-200911160130.tar.gz % gtar zxf ./php5.3-200911160130.tar.gz % gtar zxf ./php6.0-200911160130.tar.gz % grep -rn dtrace . ./php6.0-200911160130/aclocal.m4:2878:dnl Generate dtrace targets ./php6.0-200911160130/aclocal.m4:2898: dtrace -G -o $1.o -s $1 $obj ./php6.0-200911160130/aclocal.m4:2904:dnl Link given source files with dtrace ./php6.0-200911160130/aclocal.m4:2925:dnl Generate platform specific dtrace header ./php6.0-200911160130/aclocal.m4:2928: dtrace -h -C -s $1 -o $2 ./php6.0-200911160130/main/main.c:84:#include "zend_dtrace.h" ./php6.0-200911160130/configure:1068: --enable-dtrace Enable DTrace support" ./php6.0-200911160130/configure:18607:php_enable_dtrace=no ./php6.0-200911160130/configure:18611:# Check whether --enable-dtrace or --disable-dtrace was given. ./php6.0-200911160130/configure:18612:if test "${enable_dtrace+set}" = set; then ./php6.0-200911160130/configure:18613: enableval="$enable_dtrace" ./php6.0-200911160130/configure:18676: Zend/zend_dtrace.c Zend/zend.c; do ./php6.0-200911160130/configure:18686: dtrace -h -C -s Zend/zend_dtrace.d -o Zend/zend_dtrace_gen.h ./php6.0-200911160130/configure:18687: $SED -ibak 's,PHP_,DTRACE_,g' Zend/zend_dtrace_gen.h ./php6.0-200911160130/configure:108430: zend_alloc.c zend_compile.c zend_constants.c zend_dtrace.c \ ./php6.0-200911160130/configure:108604: PHP_GLOBAL_OBJS="$PHP_GLOBAL_OBJS Zend/zend_dtrace.d.o" ./php6.0-200911160130/configure:108615:Zend/zend_dtrace.d.o: \$(PHP_DTRACE_OBJS) ./php6.0-200911160130/configure:108616: dtrace -G -o Zend/zend_dtrace.d.o -s Zend/zend_dtrace.d $obj ./php6.0-200911160130/acinclude.m4:2878:dnl Generate dtrace targets ./php6.0-200911160130/acinclude.m4:2898: dtrace -G -o $1.o -s $1 $obj ./php6.0-200911160130/acinclude.m4:2904:dnl Link given source files with dtrace ./php6.0-200911160130/acinclude.m4:2925:dnl Generate platform specific dtrace header ./php6.0-200911160130/acinclude.m4:2928: dtrace -h -C -s $1 -o $2 ./php6.0-200911160130/Zend/zend_dtrace.h:33:ZEND_API zend_op_array *(*zend_dtrace_compile_file)(zend_file_handle *file_handle, int type TSRMLS_DC); ./php6.0-200911160130/Zend/zend_dtrace.h:34:ZEND_API void (*zend_dtrace_execute)(zend_op_array *op_array TSRMLS_DC); ./php6.0-200911160130/Zend/zend_dtrace.h:35:ZEND_API void (*zend_dtrace_execute_internal)(zend_execute_data *execute_data_ptr, int return_value_used TSRMLS_DC); ./php6.0-200911160130/Zend/zend_dtrace.h:37:ZEND_API zend_op_array *dtrace_compile_file(zend_file_handle *file_handle, int type TSRMLS_DC); ./php6.0-200911160130/Zend/zend_dtrace.h:38:ZEND_API void dtrace_execute(zend_op_array *op_array TSRMLS_DC); ./php6.0-200911160130/Zend/zend_dtrace.h:39:ZEND_API void dtrace_execute_internal(zend_execute_data *execute_data_ptr, int return_value_used TSRMLS_DC); ./php6.0-200911160130/Zend/zend_dtrace.h:40:#include <zend_dtrace_gen.h> ./php6.0-200911160130/Zend/zend_execute.c:40:#include "zend_dtrace.h" ./php6.0-200911160130/Zend/zend.c:33:#include "zend_dtrace.h" ./php6.0-200911160130/Zend/zend.c:1138:/* build with dtrace support */ ./php6.0-200911160130/Zend/zend.c:1139: zend_compile_file = dtrace_compile_file; ./php6.0-200911160130/Zend/zend.c:1140: zend_execute = dtrace_execute; ./php6.0-200911160130/Zend/zend.c:1141: zend_execute_internal = dtrace_execute_internal; ./php6.0-200911160130/Zend/zend.c:1595: char *dtrace_error_buffer; ./php6.0-200911160130/Zend/zend.c:1596: zend_vspprintf(&dtrace_error_buffer, 0, format, args); ./php6.0-200911160130/Zend/zend.c:1597: DTRACE_ERROR(dtrace_error_buffer, error_filename, error_lineno); ./php6.0-200911160130/Zend/zend.c:1598: efree(dtrace_error_buffer); ./php6.0-200911160130/Zend/zend_exceptions.c:30:#include "zend_dtrace.h" ./php6.0-200911160130/Zend/zend_dtrace.c:23:#include "zend_dtrace.h" ./php6.0-200911160130/Zend/zend_dtrace.c:27:static inline char *dtrace_get_executed_filename(TSRMLS_D) ./php6.0-200911160130/Zend/zend_dtrace.c:36:ZEND_API zend_op_array *dtrace_compile_file(zend_file_handle *file_handle, int type TSRMLS_DC) ./php6.0-200911160130/Zend/zend_dtrace.c:47:ZEND_API void dtrace_execute(zend_op_array *op_array TSRMLS_DC) ./php6.0-200911160130/Zend/zend_dtrace.c:59: filename = dtrace_get_executed_filename(TSRMLS_C); ./php6.0-200911160130/Zend/zend_dtrace.c:72: we use appropriate predicates in our dtrace scripts to detect if we are in class context */ ./php6.0-200911160130/Zend/zend_dtrace.c:104:ZEND_API void dtrace_execute_internal(zend_execute_data *execute_data_ptr, int return_value_used TSRMLS_DC) ./php6.0-200911160130/Zend/zend_dtrace.c:109: filename = dtrace_get_executed_filename(TSRMLS_C); ./php6.0-200911160130/configure.in:891:PHP_ARG_ENABLE(dtrace, whether to enable DTrace support, ./php6.0-200911160130/configure.in:892:[ --enable-dtrace Enable DTrace support], no, no) ./php6.0-200911160130/configure.in:898: [PHP_ADD_DTRACE([Zend/zend_dtrace.d], [main/main.c, Zend/zend_API.c \ ./php6.0-200911160130/configure.in:900: Zend/zend_dtrace.c Zend/zend.c]) ./php6.0-200911160130/configure.in:901: PHP_INIT_DTRACE([Zend/zend_dtrace.d], [Zend/zend_dtrace_gen.h]) ./php6.0-200911160130/configure.in:1365: zend_alloc.c zend_compile.c zend_constants.c zend_dtrace.c \ ./php6.0-200911160130/configure.in:1400: PHP_GENERATE_DTRACE([Zend/zend_dtrace.d],$php_build_target);; % ./php6.0-200911160130/configure --help | grep dtrace --enable-dtrace Enable DTrace support %
5.2.12C1 out!
RC1の登場です(1・2・3・4・5)。
5.2.11から5.2.12RC1までの修正状況は以下の通り。とりあえず、PHP 5.2.12RC1部分のみ抽出。
こちらのほうにも php.iniにmax_file_uploads ディレクティブが追加された模様(デフォルトは20)。個人的には10でも多いような気が。
--- php/php-src/branches/PHP_5_2/NEWS 2009/09/16 12:55:12 288373 +++ php/php-src/branches/PHP_5_2/NEWS 2009/11/12 15:51:39 290588 @@ -1,80 +1,132 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -17 Sep 2009, PHP 5.2.11 -- Fixed certificate validation inside php_openssl_apply_verification_policy. - (Ryan Sleevi, Ilia) +12 Nov 2009, PHP 5.2.12RC1 +- Updated timezone database to version 2009.18 (2009r). (Derick) +- Added "max_file_uploads" INI directive, which can be set to limit the + number of file uploads per-request to 20 by default, to prevent possible + DOS via temporary file exhaustion. (Ilia) + +- Fixed unnecessary invocation of setitimer when timeouts have been disabled. + (Arvind Srinivasan) +- Fixed crash in com_print_typeinfo when an invalid typelib is given. + (Pierre) +- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. + (Rasmus) +- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz + Stachowiak. (Rasmus) +- Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() + when calling using Reflection. (Felipe) +- Fixed crash when instantiating PDORow and PDOStatement through Reflection. + (Felipe) +- Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
5.3.1RC4 out!
RC4の登場です(1・2・3・4・5・6)。先日の予想は見事に外れました。残念。
5.3.1RC3から5.3.1RC4までの修正状況は以下の通り。。。といきたいのですが、また変なことにしまっているので「diff -u php-5.3.1RC3/NEWS php-5.3.1RC4/NEWS」の結果を貼り付けておきます。
max_file_uploads ディレクティブは100から20に変更されたようです。個人的には10でも多いような気が。
--- php-5.3.1RC3/NEWS 2009-11-04 00:36:55.000000000 +0900 +++ php-5.3.1RC4/NEWS 2009-11-13 02:48:36.000000000 +0900 @@ -1,13 +1,22 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| +12 Nov 2009, PHP 5.3.1 RC4 +- Updated timezone database to version 2009.17 (2009q). (Derick) + +- Fixed bug #50063 (safe_mode_include_dir fails). (Johannes, christian at + elmerot dot se) +- Fixed bug #49910 (no support for ././@LongLink for long filenames in phar + tar support). (Greg) +- Fixed bug #49098 (mysqli segfault on error) (Rasmus) + 03 Nov 2009, PHP 5.3.1 RC3 - Added "max_file_uploads" INI directive, which can be set to limit the - number of file uploads per-request to 100 by default, to prevent possible + number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. (Ilia) - Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre) -- Fuxed bug #50052 (Different Hashes on Windows and Linux on wrong Salt size). +- Fixed bug #50052 (Different Hashes on Windows and Linux on wrong Salt size). (Pierre) - Fixed bug #49908 (throwing exception in __autoload crashes when interface is not defined). (Felipe)
5.3.1RC3 out!
RC3の登場です(1・2・3・4・5・6・7)。
5.3.1RC2から5.3.1RC3までの修正状況は以下の通り。
修正量的に、これが最後のRCリリースになりそうな予感ですが、php.iniにmax_file_uploads ディレクティブが追加された模様(デフォルトは100)。個人的には10でも多いような気が。
5.2.12も計画中らしいです。
--- php/php-src/branches/PHP_5_3/NEWS 2009/10/20 20:09:24 289812 +++ php/php-src/branches/PHP_5_3/NEWS 2009/11/03 16:48:52 290172 @@ -1,18 +1,40 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 20??, PHP 5.3.2 +- Upgraded bundled PCRE to version 8.00. (Scott) + +- Added "max_file_uploads" INI directive, which can be set to limit the + number of file uploads per-request to 100 by default, to prevent possible + DOS via temporary file exhaustion. (Ilia) - Added ReflectionMethod::setAccessible() for invoking non-public methods through the Reflection API. (Sebastian) - +- Added Collator::getSortKey for intl extension. (Stas) + - Implemented FR #49571 (CURLOPT_POSTREDIR not implemented). (Sriram Natarajan) - Implemented FR #49253 (added support for libcurl's CERTINFO option). (Linus Nielsen Feltzing <linus@haxx.se>) - + +- Fixed memory leak in extension loading when an error occurs on Windows. + (Pierre) + +- Fixed bug #50023 (pdo_mysql doesn't use PHP_MYSQL_UNIX_SOCK_ADDR). (Ilia) +- Fixed bug #49908 (throwing exception in __autoload crashes when interface + is not defined). (Felipe) +- Fixed bug #49719 (ReflectionClass::hasProperty returns true for a private + property in base class). (Felipe) +- Fixed bug #49142 (crash when exception thrown from __tostring()). + (David Soria Parra) +- Fixed bug #49990 (SNMP3 warning message about security level printed twice). + (Jani) +- Fixed bug #49985 (pdo_pgsql prepare() re-use previous aborted + transaction). (ben dot pineau at gmail dot com, Ilia) +- Fixed bug #49921 (Curl post upload functions changed). (Ilia) - Fixed bug #49855 (import_request_variables() always returns NULL). (Ilia, sjoerd at php dot net) - Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning). (Ilia, wmeler at wp-sa dot pl) - Fixed bug #49647 (DOMUserData does not exist). (Rob) +- Fixed bug #49244 (Floating point NaN cause garbage characters). (Sjoerd) - Fixed bug #49224 (Compile error due to old DNS functions on AIX systems). (Scott)