システム開発 最新版PHP5.3.3のダウンロード インストール 不具合

2010年7月22日

PHPの最新版 5.3.3がリリースされています。

幾つかのセキュリティーに関する不具合を修正されています。


http://www.php.net/


 Backwards incompatible change:

    * Methods with the same name as the last element of a namespaced class name will no longer be treated as constructor. This change doesn't affect non-namespaced classes.

      <?php
      namespace Foo;
      class Bar {
          public function Bar() {
              // treated as constructor in PHP 5.3.0-5.3.2
              // treated as regular method in PHP 5.3.3
          }
      }
      ?>

      There is no impact on migration from 5.2.x because namespaces were only introduced in PHP 5.3.

Security Enhancements and Fixes in PHP 5.3.3:

    * Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531).
    * Fixed a possible resource destruction issues in shm_put_var().
    * Fixed a possible information leak because of interruption of XOR operator.
    * Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks.
    * Fixed a possible memory corruption in ArrayObject::uasort().
    * Fixed a possible memory corruption in parse_str().
    * Fixed a possible memory corruption in pack().
    * Fixed a possible memory corruption in substr_replace().
    * Fixed a possible memory corruption in addcslashes().
    * Fixed a possible stack exhaustion inside fnmatch().
    * Fixed a possible dechunking filter buffer overflow.
    * Fixed a possible arbitrary memory access inside sqlite extension.
    * Fixed string format validation inside phar extension.
    * Fixed handling of session variable serialization on certain prefix characters.
    * Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
    * Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
    * Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user.
    * Fixed possible buffer overflows when handling error packets in mysqlnd.

Key enhancements in PHP 5.3.3 include:

    * Upgraded bundled sqlite to version 3.6.23.1.
    * Upgraded bundled PCRE to version 8.02.
    * Added FastCGI Process Manager (FPM) SAPI.
    * Added stream filter support to mcrypt extension.
    * Added full_special_chars filter to ext/filter.
    * Fixed a possible crash because of recursive GC invocation.
    * Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
    * Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
    * Fixed bug #52060 (Memory leak when passing a closure to method_exists()).
    * Fixed bug #52001 (Memory allocation problems after using variable variables).
    * Fixed bug #51723 (Content-length header is limited to 32bit integer with Apache2 on Windows).
    * Fixed bug #48930 (__COMPILER_HALT_OFFSET__ incorrect in PHP >= 5.3).