Beruflich Dokumente
Kultur Dokumente
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
03 Dec 2015, PHP 7.0.0
- Core:
. Fixed bug #70947 (INI parser segfault with INI_SCANNER_TYPED). (Laruence)
. Fixed bug #70914 (zend_throw_or_error() format string vulnerability).
(Taoguang Chen)
. Fixed bug #70912 (Null ptr dereference instantiating class with invalid
array property). (Laruence)
. Fixed bug #70895, #70898 (null ptr deref and segfault with crafted calable).
(Anatol, Laruence)
. Fixed bug #70249 (Segmentation fault while running PHPUnit tests on
phpBB 3.2-dev). (Laruence)
. Fixed bug #70805 (Segmentation faults whilst running Drupal 8 test suite).
(Dmitry, Laruence)
. Fixed bug #70842 (Persistent Stream Segmentation Fault). (Caleb Champlin)
. Fixed bug #70862 (Several functions do not check return code of
php_stream_copy_to_mem()). (Anatol)
. Fixed bug #70863 (Incorect logic to increment_function for proxy objects).
(Anatol)
. Fixed bug #70323 (Regression in zend_fetch_debug_backtrace() can cause
segfaults). (Aharvey, Laruence)
. Fixed bug #70873 (Regression on private static properties access).
(Laruence)
. Fixed bug #70748 (Segfault in ini_lex () at Zend/zend_ini_scanner.l).
(Laruence)
. Fixed bug #70689 (Exception handler does not work as expected). (Laruence)
. Fixed bug #70430 (Stack buffer overflow in zend_language_parser()). (Nikita)
. Fixed bug #70782 (null ptr deref and segfault (zend_get_class_fetch_type)).
(Nikita)
. Fixed bug #70785 (Infinite loop due to exception during identical
comparison). (Laruence)
. Fixed bug #70630 (Closure::call/bind() crash with ReflectionFunction->
getClosure()). (Dmitry, Bob)
. Fixed bug #70662 (Duplicate array key via undefined index error handler).
(Nikita)
. Fixed bug #70681 (Segfault when binding $this of internal instance method
to null). (Nikita)
. Fixed bug #70685 (Segfault for getClosure() internal method rebind with
invalid $this). (Nikita)
. Added zend_internal_function.reserved[] fields. (Dmitry)
. Fixed bug #70557 (Memleak on return type verifying failed). (Laruence)
. Fixed bug #70555 (fun_get_arg() on unsetted vars return UNKNOW). (Laruence)
. Fixed bug #70548 (Redundant information printed in case of uncaught engine
exception). (Laruence)
. Fixed bug #70547 (unsetting function variables corrupts backtrace).
(Laruence)
. Fixed bug #70528 (assert() with instanceof adds apostrophes around class
name). (Laruence)
. Fixed bug #70481 (Memory leak in auto_global_copy_ctor() in ZTS build).
(Laruence)
. Fixed bug #70431 (Memory leak in php_ini.c). (Senthil, Laruence)
. Fixed bug #70478 (**= does no longer work). (Bob)
. Fixed bug #70398 (SIGSEGV, Segmentation fault zend_ast_destroy_ex).
(Dmitry, Bob, Laruence)
. Fixed bug #70332 (Wrong behavior while returning reference on object).
(Laruence, Dmitry)
. Fixed bug #70300 (Syntactical inconsistency with new group use syntax).
(marcio dot web2 at gmail dot com)
. Fixed bug #70321 (Magic getter breaks reference to array property).
(Laruence)
. Fixed bug #70187 (Notice: unserialize(): Unexpected end of serialized
data). (Dmitry)
. Fixed bug #70145 (From field incorrectly parsed from headers). (Anatol)
. Fixed bug #70370 (Bundled libtool.m4 doesn't handle FreeBSD 10 when
building extensions). (Adam)
. Fixed bug causing exception traces with anon classes to be truncated. (Bob)
. Fixed bug #70397 (Segmentation fault when using Closure::call and yield).
(Bob)
. Fixed bug #70299 (Memleak while assigning object offsetGet result).
(Laruence)
. Fixed bug #70288 (Apache crash related to ZEND_SEND_REF). (Laruence)
. Fixed bug #70262 (Accessing array crashes PHP 7.0beta3).
(Laruence, Dmitry)
. Fixed bug #70258 (Segfault if do_resize fails to allocated memory).
(Laruence)
. Fixed bug #70253 (segfault at _efree () in zend_alloc.c:1389). (Laruence)
. Fixed bug #70240 (Segfault when doing unset($var());). (Laruence)
. Fixed bug #70223 (Incrementing value returned by magic getter). (Laruence)
. Fixed bug #70215 (Segfault when __invoke is static). (Bob)
. Fixed bug #70207 (Finally is broken with opcache). (Laruence, Dmitry)
. Fixed bug #70173 (ZVAL_COPY_VALUE_EX broken for 32bit Solaris Sparc).
(Laruence, cmb)
. Fixed bug #69487 (SAPI may truncate POST data). (cmb)
. Fixed bug #70198 (Checking liveness does not work as expected).
(Shafreeck Sea, Anatol Belski)
. Fixed bug #70241/#70293 (Skipped assertions affect Generator returns). (Bob)
. Fixed bug #70239 (Creating a huge array doesn't result in exhausted,
but segfault). (Laruence, Anatol)
. Fixed "finally" issues. (Nikita, Dmitry)
. Fixed bug #70098 (Real memory usage doesn't decrease). (Dmitry)
. Fixed bug #70159 (__CLASS__ is lost in closures). (Julien)
. Fixed bug #70156 (Segfault in zend_find_alias_name). (Laruence)
. Fixed bug #70124 (null ptr deref / seg fault in ZEND_HANDLE_EXCEPTION).
(Laruence)
. Fixed bug #70117 (Unexpected return type error). (Laruence)
. Fixed bug #70106 (Inheritance by anonymous class). (Bob)
. Fixed bug #69674 (SIGSEGV array.c:953). (cmb)
. Fixed bug #70164 (__COMPILER_HALT_OFFSET__ under namespace is not defined).
(Bob)
. Fixed bug #70108 (sometimes empty $_SERVER['QUERY_STRING']). (Anatol)
. Fixed bug #70179 ($this refcount issue). (Bob)
. Fixed bug #69896 ('asm' operand has impossible constraints). (Anatol)
. Fixed bug #70183 (null pointer deref (segfault) in zend_eval_const_expr).
(Hugh Davenport)
. Fixed bug #70182 (Segfault in ZEND_ASSIGN_DIV_SPEC_CV_UNUSED_HANDLER).
(Hugh Davenport)
. Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive
method calls). (Stas)
. Fixed bug #69892 (Different arrays compare indentical due to integer key
truncation). (Nikita)
. Fixed bug #70121 (unserialize() could lead to unexpected methods execution
/ NULL pointer deref). (Stas)
. Fixed bug #70089 (segfault at ZEND_FETCH_DIM_W_SPEC_VAR_CONST_HANDLER ()).
(Laruence)
. Fixed bug #70057 (Build failure on 32-bit Mac OS X 10.6.8: recursive
inlining). (Laruence)
. Fixed bug #70012 (Exception lost with nested finally block). (Laruence)
. Fixed bug #69996 (Changing the property of a cloned object affects the
original). (Dmitry, Laruence)
. Fixed bug #70083 (Use after free with assign by ref to overloaded objects).
(Bob)
. Fixed bug #70006 (cli - function with default arg = STDOUT crash output).
(Laruence)
. Fixed bug #69521 (Segfault in gc_collect_cycles()).
(arjen at react dot com, Laruence)
. Improved zend_string API (Francois Laupretre)
. Fixed bug #69955 (Segfault when trying to combine [] and assign-op on
ArrayAccess object). (Laruence)
. Fixed bug #69957 (Different ways of handling div/mod/intdiv). (Bob)
. Fixed bug #69900 (Too long timeout on pipes). (Anatol)
. Fixed bug #69872 (uninitialised value in strtr with array). (Laruence)
. Fixed bug #69868 (Invalid read of size 1 in zend_compile_short_circuiting).
(Laruence)
. Fixed bug #69849 (Broken output of apache_request_headers). (Kalle)
. Fixed bug #69840 (iconv_substr() doesn't work with UTF-16BE). (Kalle)
. Fixed bug #69823 (PHP 7.0.0alpha1 segmentation fault when exactly 33
extensions are loaded). (Laruence)
. Fixed bug #69805 (null ptr deref and seg fault in zend_resolve_class_name).
(Laruence)
. Fixed bug #69802 (Reflection on Closure::__invoke borks type hint class
name). (Dmitry)
. Fixed bug #69761 (Serialization of anonymous classes should be prevented).
(Laruence)
. Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation
fault). (Christoph M. Becker)
. Fixed bug #69781 (phpinfo() reports Professional Editions of Windows
7/8/8.1/10 as "Business"). (Christian Wenz)
. Fixed bug #69835 (phpinfo() does not report many Windows SKUs).
(Christian Wenz)
. Fixed bug #69889 (Null coalesce operator doesn't work for string offsets).
(Nikita)
. Fixed bug #69891 (Unexpected array comparison result). (Nikita)
. Fixed bug #69892 (Different arrays compare indentical due to integer key
truncation). (Nikita)
. Fixed bug #69893 (Strict comparison between integer and empty string keys
crashes). (Nikita)
. Fixed bug #69767 (Default parameter value with wrong type segfaults).
(cmb, Laruence)
. Fixed bug #69756 (Fatal error: Nesting level too deep - recursive dependency
? with ===). (Dmitry, Laruence)
. Fixed bug #69758 (Item added to array not being removed by array_pop/shift
). (Laruence)
. Fixed bug #68475 (Add support for $callable() sytnax with 'Class::method').
(Julien, Aaron Piotrowski)
. Fixed bug #69485 (Double free on zend_list_dtor). (Laruence)
. Fixed bug #69427 (Segfault on magic method __call of private method in
superclass). (Laruence)
. Improved __call() and __callStatic() magic method handling. Now they are
called in a stackless way using ZEND_CALL_TRAMPOLINE opcode, without
additional stack frame. (Laruence, Dmitry)
. Optimized strings concatenation. (Dmitry, Laruence)
. Fixed weird operators behavior. Division by zero now emits warning and
returns +/-INF, modulo by zero and intdid() throws an exception, shifts
by negative offset throw exceptions. Compile-time evaluation of division
by zero is disabled. (Dmitry, Andrea, Nikita)
. Fixed bug #69371 (Hash table collision leads to inaccessible array keys).
(Laruence)
. Fixed bug #68933 (Invalid read of size 8 in zend_std_read_property).
(Laruence, arjen at react dot com)
. Fixed bug #68252 (segfault in Zend/zend_hash.c in function
_zend_hash_del_el). (Laruence)
. Fixed bug #65598 (Closure executed via static autoload incorrectly marked as
static). (Nikita)
. Fixed bug #66811 (Cannot access static::class in lambda, writen outside of a
class). (Nikita)
. Fixed bug #69568 (call a private function in closure failed). (Nikita)
. Added PHP_INT_MIN constant. (Andrea)
. Added Closure::call() method. (Andrea)
. Fixed bug #67959 (Segfault when calling phpversion('spl')). (Florian)
. Implemented the RFC `Catchable "Call to a member function bar() on a
non-object"`. (Timm)
. Added options parameter for unserialize allowing to specify acceptable
classes (https://wiki.php.net/rfc/secure_unserialize). (Stas)
. Fixed bug #63734 (Garbage collector can free zvals that are still
referenced). (Dmitry)
. Removed ZEND_ACC_FINAL_CLASS, promoting ZEND_ACC_FINAL as final class
modifier. (Guilherme Blanco)
. is_long() & is_integer() is now an alias of is_int(). (Kalle)
. Implemented FR #55467 (phpinfo: PHP Variables with $ and single quotes).
(Kalle)
. Added ?? operator. (Andrea)
. Added <=> operator. (Andrea)
. Added \u{xxxxx} Unicode Codepoint Escape Syntax. (Andrea)
. Fixed oversight where define() did not support arrays yet const syntax did.
(Andrea, Dmitry)
. Use "integer" and "float" instead of "long" and "double" in ZPP, type hint
and conversion error messages. (Andrea)
. Implemented FR #55428 (E_RECOVERABLE_ERROR when output buffering in output
buffering handler). (Kalle)
. Removed scoped calls of non-static methods from an incompatible $this
context. (Nikita)
. Removed support for #-style comments in ini files. (Nikita)
. Removed support for assigning the result of new by reference. (Nikita)
. Invalid octal literals in source code now produce compile errors, fixes
PHPSadness #31. (Andrea)
. Removed dl() function on fpm-fcgi. (Nikita)
. Removed support for hexadecimal numeric strings. (Nikita)
. Removed obsolete extensions and SAPIs. See the full list in UPGRADING. (Anatol)
. Added NULL byte protection to exec, system and passthru. (Yasuo)
. Added error_clear_last() function. (Reeze Xia)
. Fixed bug #68797 (Number 2.2250738585072012e-308 converted incorrectly).
(Anatol)
. Improved zend_qsort(using hybrid sorting algo) for better performance,
and also renamed zend_qsort to zend_sort. (Laruence)
. Added stable sorting algo zend_insert_sort. (Laruence)
. Improved zend_memnchr(using sunday algo) for better performance. (Laruence)
. Implemented the RFC `Scalar Type Decalarations v0.5`. (Anthony)
. Implemented the RFC `Group Use Declarations`. (Marcio)
. Implemented the RFC `Continue Output Buffering`. (Mike)
. Implemented the RFC `Constructor behaviour of internal classes`. (Dan, Dmitry)
. Implemented the RFC `Fix "foreach" behavior`. (Dmitry)
. Implemented the RFC `Generator Delegation`. (Bob)
. Implemented the RFC `Anonymous Class Support`. (Joe, Nikita, Dmitry)
. Implemented the RFC `Context Sensitive Lexer`. (Marcio Almada)
. Fixed bug #69511 (Off-by-one buffer overflow in php_sys_readlink).
(Jan Starke, Anatol)
- CLI server:
. Fixed bug #68291 (404 on urls with '+'). (cmb)
. Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE).
(wusuopu, cmb)
. Fixed bug #70264 (CLI server directory traversal). (cmb)
. Fixed bug #69655 (php -S changes MKCALENDAR request method to MKCOL). (cmb)
. Fixed bug #64878 (304 responses return Content-Type header). (cmb)
. Refactor MIME type handling to use a hash table instead of linear search.
(Adam)
. Update the MIME type list from the one shipped by Apache HTTPD. (Adam)
. Added support for SEARCH WebDav method. (Mats Lindh)
- COM:
. Fixed bug #69939 (Casting object to bool returns false). (Kalle)
- Curl:
. Fixed bug #70330 (Segmentation Fault with multiple "curl_copy_handle").
(Laruence)
. Fixed bug #70163 (curl_setopt_array() type confusion). (Laruence)
. Fixed bug #70065 (curl_getinfo() returns corrupted values). (Anatol)
. Fixed bug #69831 (Segmentation fault in curl_getinfo). (im dot denisenko at
yahoo dot com)
. Fixed bug #68937 (Segfault in curl_multi_exec). (Laruence)
. Removed support for unsafe file uploads. (Nikita)
- Date:
. Fixed bug #70245 (strtotime does not emit warning when 2nd parameter is
object or string). (cmb)
. Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to
be optional). (cmb)
. Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).
(cmb)
. Fixed day_of_week function as it could sometimes return negative values
internally. (Derick)
. Removed $is_dst parameter from mktime() and gmmktime(). (Nikita)
. Removed date.timezone warning
(https://wiki.php.net/rfc/date.timezone_warning_removal). (Bob)
. Added "v" DateTime format modifier to get the 3-digit version of fraction
of seconds. (Mariano Iglesias)
. Implemented FR #69089: Added DateTime::RFC3339_EXTENDED to output in
RFC3339 Extended format which includes fraction of seconds. (Mariano
Iglesias)
- DBA:
. Fixed bug #62490 (dba_delete returns true on missing item (inifile)). (Mike)
. Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)
- DOM:
. Fixed bug #70558 ("Couldn't fetch" error in
DOMDocument::registerNodeClass()). (Laruence)
. Fixed bug #70001 (Assigning to DOMNode::textContent does additional entity
encoding). (cmb)
. Fixed bug #69846 (Segmenation fault (access violation) when iterating over
DOMNodeList). (Anatol Belski)
. Made DOMNode::textContent writeable. (Tjerk)
- EXIF:
. Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte
value of 32 bytes). (Stas)
- Fileinfo:
. Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB)
- Filter:
. New FILTER_VALIDATE_DOMAIN and better RFC conformance for FILTER_VALIDATE_URL.
(Kevin Dunglas)
- FPM:
. Fixed bug #70538 ("php-fpm -i" crashes). (rainer dot jung at
kippdata dot de)
. Fixed bug #70279 (HTTP Authorization Header is sometimes passed to newer
reqeusts). (Laruence)
. Fixed bug #68945 (Unknown admin values segfault pools). (Laruence)
. Fixed bug #65933 (Cannot specify config lines longer than 1024 bytes). (Chris
Wright)
. Implement request #67106 (Split main fpm config). (Elan Ruusamäe, Remi)
- FTP:
. Fixed bug #69082 (FTPS support on Windows). (Anatol)
- GD:
. Fixed bug #53156 (imagerectangle problem with point ordering). (cmb)
. Fixed bug #66387 (Stack overflow with imagefilltoborder). (cmb)
. Fixed bug #70102 (imagecreatefromwebm() shifts colors). (cmb)
. Fixed bug #66590 (imagewebp() doesn't pad to even length). (cmb)
. Fixed bug #66882 (imagerotate by -90 degrees truncates image by 1px). (cmb)
. Fixed bug #70064 (imagescale(..., IMG_BICUBIC) leaks memory). (cmb)
. Fixed bug #69024 (imagescale segfault with palette based image). (cmb)
. Fixed bug #53154 (Zero-height rectangle has whiskers). (cmb)
. Fixed bug #67447 (imagecrop() add a black line when cropping). (cmb)
. Fixed bug #68714 (copy 'n paste error). (cmb)
. Fixed bug #66339 (PHP segfaults in imagexbm). (cmb)
. Fixed bug #70047 (gd_info() doesn't report WebP support). (cmb)
. Replace libvpx with libwebp for bundled libgd. (cmb, Anatol)
. Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb)
. Made fontFetch's path parser thread-safe. (Sara)
. Removed T1Lib support. (Kalle)
- GMP:
. Fixed bug #70284 (Use after free vulnerability in unserialize() with GMP).
(stas)
- hash:
. Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee
at naver dot com)
- IMAP:
. Fixed bug #70158 (Building with static imap fails). (cmb)
. Fixed bug #69998 (curl multi leaking memory). (Pierrick)
- Intl:
. Fixed bug #70453 (IntlChar::foldCase() incorrect arguments and missing
constants). (cmb)
. Fixed bug #70454 (IntlChar::forDigit second parameter should be optional).
(cmb, colinodell)
. Removed deprecated aliases datefmt_set_timezone_id() and
IntlDateFormatter::setTimeZoneID(). (Nikita)
- JSON:
. Fixed bug #62010 (json_decode produces invalid byte-sequences).
(Jakub Zelenka)
. Fixed bug #68546 (json_decode() Fatal error: Cannot access property
started with '\0'). (Jakub Zelenka)
. Replace non-free JSON parser with a parser from Jsond extension, fixes #63520
(JSON extension includes a problematic license statement). (Jakub Zelenka)
. Fixed bug #68938 (json_decode() decodes empty string without error).
(jeremy at bat-country dot us)
- LDAP:
. Fixed bug #47222 (Implement LDAP_OPT_DIAGNOSTIC_MESSAGE). (Andreas Heigl)
- LiteSpeed:
. Updated LiteSpeed SAPI code from V5.5 to V6.6. (George Wang)
- libxml:
. Fixed handling of big lines in error messages with libxml >= 2.9.0.
(Christoph M. Becker)
- Mcrypt:
. Fixed bug #70625 (mcrypt_encrypt() won't return data when no IV was
specified under RC4). (Nikita)
. Fixed bug #69833 (mcrypt fd caching not working). (Anatol)
. Fixed possible read after end of buffer and use after free. (Dmitry)
. Removed mcrypt_generic_end() alias. (Nikita)
. Removed mcrypt_ecb(), mcrypt_cbc(), mcrypt_cfb(), mcrypt_ofb(). (Nikita)
- Mysqli:
. Fixed bug #32490 (constructor of mysqli has wrong name). (cmb)
- Mysqlnd:
. Fixed bug #70949 (SQL Result Sets With NULL Can Cause Fatal Memory Errors).
(Laruence)
. Fixed bug #70384 (mysqli_real_query():Unknown type 245 sent by the server).
(Andrey)
. Fixed bug #70456 (mysqlnd doesn't activate TCP keep-alive when connecting to
a server). (Sergei Turchanov)
. Fixed bug #70572 segfault in mysqlnd_connect. (Andrey, Remi)
. Fixed Bug #69796 (mysqli_stmt::fetch doesn't assign null values to
bound variables). (Laruence)
- OCI8:
. Fixed memory leak with LOBs. (Senthil)
. Fixed bug #68298 (OCI int overflow) (Senthil).
. Corrected oci8 hash destructors to prevent segfaults, and a few other fixes.
(Cameron Porter)
- ODBC:
. Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined
columns). (cmb)
- Opcache:
. Fixed bug #70656 (require() statement broken after opcache_reset() or a
few hours of use). (Laruence)
. Fixed bug #70843 (Segmentation fault on MacOSX with
opcache.file_cache_only=1). (Laruence)
. Fixed bug #70724 (Undefined Symbols from opcache.so on Mac OS X 10.10).
(Laruence)
. Fixed compatibility with Windows 10 (see also bug #70652). (Anatol)
. Attmpt to fix "Unable to reattach to base address" problem. (Matt Ficken)
. Fixed bug #70423 (Warning Internal error: wrong size calculation). (Anatol)
. Fixed bug #70237 (Empty while and do-while segmentation fault with opcode
on CLI enabled). (Dmitry, Laruence)
. Fixed bug #70111 (Segfault when a function uses both an explicit return
type and an explicit cast). (Laruence)
. Fixed bug #70058 (Build fails when building for i386). (Laruence)
. Fixed bug #70022 (Crash with opcache using opcache.file_cache_only=1).
(Anatol)
. Removed opcache.load_comments configuration directive. Now doc comments
loading costs nothing and always enabled. (Dmitry)
. Fixed bug #69838 (Wrong size calculation for function table). (Anatol)
. Fixed bug #69688 (segfault with eval and opcache fast shutdown).
(Laruence)
. Added experimental (disabled by default) file based opcode cache.
(Dmitry, Laruence, Anatol)
. Fixed bug with try blocks being removed when extended_info opcode
generation is turned on. (Laruence)
. Fixed bug #68644 (strlen incorrect : mbstring + func_overload=2 +UTF-8
+ Opcache). (Laruence)
- OpenSSL:
. Require at least OpenSSL version 0.9.8. (Jakub Zelenka)
. Fixed bug #68312 (Lookup for openssl.cnf causes a message box). (Anatol)
. Fixed bug #55259 (openssl extension does not get the DH parameters from
DH key resource). (Jakub Zelenka)
. Fixed bug #70395 (Missing ARG_INFO for openssl_seal()). (cmb)
. Fixed bug #60632 (openssl_seal fails with AES). (Jakub Zelenka)
. Implemented FR #70438 (Add IV parameter for openssl_seal and openssl_open)
(Jakub Zelenka)
. Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically
secure). (Stas)
. Fixed bug #69882 (OpenSSL error "key values mismatch" after
openssl_pkcs12_read with extra cert). (Tomasz Sawicki)
. Added "alpn_protocols" SSL context option allowing encrypted client/server
streams to negotiate alternative protocols using the ALPN TLS extension when
built against OpenSSL 1.0.2 or newer. Negotiated protocol information is
accessible through stream_get_meta_data() output.
. Removed "CN_match" and "SNI_server_name" SSL context options. Use automatic
detection or the "peer_name" option instead. (Nikita)
- Pcntl:
. Fixed bug #70386 (Can't compile on NetBSD because of missing WCONTINUED
and WIFCONTINUED). (Matteo)
. Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler
when setting SIG_DFL). (Julien)
. Request #68505 (Added wifcontinued and wcontinued). (xilon-jul)
. Added rusage support to pcntl_wait() and pcntl_waitpid(). (Anton Stepanenko,
Tony)
- PCRE:
. Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string
match). (cmb)
. Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
(Anatol Belski)
. Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string
match). (cmb)
. Fixed bug #53823 (preg_replace: * qualifier on unicode replace garbles the
string). (cmb)
. Fixed bug #69864 (Segfault in preg_replace_callback). (cmb, ab)
- PDO:
. Fix bug #70861 (Segmentation fault in pdo_parse_params() during Drupal 8
test suite). (Anatol)
. Fixed bug #70389 (PDO constructor changes unrelated variables). (Laruence)
. Fixed bug #70272 (Segfault in pdo_mysql). (Laruence)
. Fixed bug #70221 (persistent sqlite connection + custom function
segfaults). (Laruence)
. Removed support for the /e (PREG_REPLACE_EVAL) modifier. (Nikita)
. Fixed bug #59450 (./configure fails with "Cannot find php_pdo_driver.h").
(maxime dot besson at smile dot fr)
- PDO_DBlib:
. Fixed bug #69757 (Segmentation fault on nextRowset).
(miracle at rpz dot name)
- PDO_mysql:
. Fixed bug #68424 (Add new PDO mysql connection attr to control multi
statements option). (peter dot wolanin at acquia dot com)
- PDO_OCI:
. Fixed bug #70308 (PDO::ATTR_PREFETCH is ignored). (Chris Jones)
- PDO_pgsql:
. Fixed bug #69752 (PDOStatement::execute() leaks memory with DML
Statements when closeCuror() is u). (Philip Hofstetter)
. Removed PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT attribute in favor of
ATTR_EMULATE_PREPARES). (Nikita)
- Phar:
. Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()). (Stas)
. FIxed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip
entry filename is "/"). (Stas)
. Improved fix for bug #69441. (Anatol Belski)
. Fixed bug #70019 (Files extracted from archive may be placed outside of
destination directory). (Anatol Belski)
- Phpdbg:
. Fixed bug #70614 (incorrect exit code in -rr mode with Exceptions). (Bob)
. Fixed bug #70532 (phpdbg must respect set_exception_handler). (Bob)
. Fixed bug #70531 (Run and quit mode (-qrr) should not fallback to
interactive mode). (Bob)
. Fixed bug #70533 (Help overview (-h) does not rpint anything under Windows).
(Anatol)
. Fixed bug #70449 (PHP won't compile on 10.4 and 10.5 because of missing
constants). (Bob)
. Fixed bug #70214 (FASYNC not defined, needs sys/file.h include). (Bob)
. Fixed bug #70138 (Segfault when displaying memory leaks). (Bob)
- Reflection:
. Fixed bug #70650 (Wrong docblock assignment). (Marcio)
. Fixed bug #70674 (ReflectionFunction::getClosure() leaks memory when used
for internal functions). (Dmitry, Bob)
. Fixed bug causing bogus traces for ReflectionGenerator::getTrace(). (Bob)
. Fixed inheritance chain of Reflector interface. (Tjerk)
. Added ReflectionGenerator class. (Bob)
. Added reflection support for return types and type declarations. (Sara,
Matteo)
- Session:
. Fixed bug #70876 (Segmentation fault when regenerating session id with
strict mode). (Laruence)
. Fixed bug #70529 (Session read causes "String is not zero-terminated" error).
(Yasuo)
. Fixed bug #70013 (Reference to $_SESSION is lost after a call to
session_regenerate_id()). (Yasuo)
. Fixed bug #69952 (Data integrity issues accessing superglobals by
reference). (Bob)
. Fixed bug #67694 (Regression in session_regenerate_id()). (Tjerk)
. Fixed bug #68941 (mod_files.sh is a bash-script). (bugzilla at ii.nl, Yasuo)
- SOAP:
. Fixed bug #70940 (Segfault in soap / type_to_string). (Remi)
. Fixed bug #70900 (SoapClient systematic out of memory error). (Dmitry)
. Fixed bug #70875 (Segmentation fault if wsdl has no targetNamespace
attribute). (Matteo)
. Fixed bug #70715 (Segmentation fault inside soap client). (Laruence)
. Fixed bug #70709 (SOAP Client generates Segfault). (Laruence)
. Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
(Stas)
. Fixed bug #70081 (SoapClient info leak / null pointer dereference via
multiple type confusions). (Stas)
. Fixed bug #70079 (Segmentation fault after more than 100 SoapClient
calls). (Laruence)
. Fixed bug #70032 (make_http_soap_request calls
zend_hash_get_current_key_ex(,,,NULL). (Laruence)
. Fixed bug #68361 (Segmentation fault on SoapClient::__getTypes). (Laruence)
- SPL:
. Fixed bug #70959 (ArrayObject unserialize does not restore protected
fields). (Laruence)
. Fixed bug #70853 (SplFixedArray throws exception when using ref variable
as index). (Laruence)
. Fixed bug #70868 (PCRE JIT and pattern reuse segfault). (Laruence)
. Fixed bug #70730 (Incorrect ArrayObject serialization if unset is called
in serialize()). (Laruence)
. Fixed bug #70573 (Cloning SplPriorityQueue leads to memory leaks). (Dmitry)
. Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb)
. Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject
items). (sean.heelan)
. Fixed bug #70166 (Use After Free Vulnerability in unserialize() with
SPLArrayObject). (taoguangchen at icloud dot com)
. Fixed bug #70168 (Use After Free Vulnerability in unserialize() with
SplObjectStorage). (taoguangchen at icloud dot com)
. Fixed bug #70169 (Use After Free Vulnerability in unserialize() with
SplDoublyLinkedList). (taoguangchen at icloud dot com)
. Fixed bug #70053 (MutlitpleIterator array-keys incompatible change in
PHP 7). (Tjerk)
. Fixed bug #69970 (Use-after-free vulnerability in
spl_recursive_it_move_forward_ex()). (Laruence)
. Fixed bug #69845 (ArrayObject with ARRAY_AS_PROPS broken). (Dmitry)
. Changed ArrayIterator implementation using zend_hash_iterator_... API.
Allowed modification of iterated ArrayObject using the same behavior
as proposed in `Fix "foreach" behavior`. Removed "Array was modified
outside object and internal position is no longer valid" hack. (Dmitry)
. Implemented #67886 (SplPriorityQueue/SplHeap doesn't expose extractFlags
nor curruption state). (Julien)
. Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME
breaks the RecursiveIterator). (Paul Garvin)
- SQLite3:
. Fixed bug #70571 (Memory leak in sqlite3_do_callback). (Adam)
. Fixed bug #69972 (Use-after-free vulnerability in
sqlite3SafetyCheckSickOrOk()). (Laruence)
. Fixed bug #69897 (segfault when manually constructing SQLite3Result).
(Kalle)
. Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
required_num_args). (Julien)
- Standard:
. Fixed count on symbol tables. (Laruence)
. Fixed bug #70963 (Unserialize shows UNKNOWN in result). (Laruence)
. Fixed bug #70910 (extract() breaks variable references). (Laruence)
. Fixed bug #70808 (array_merge_recursive corrupts memory of unset items).
(Laruence)
. Fixed bug #70667 (strtr() causes invalid writes and a crashes). (Dmitry)
. Fixed bug #70668 (array_keys() doesn't respect references when $strict is
true). (Bob, Dmitry)
. Implemented the RFC `Random Functions Throwing Exceptions in PHP 7`.
(Sammy Kaye Powers, Anthony)
. Fixed bug #70487 (pack('x') produces an error). (Nikita)
. Fixed bug #70342 (changing configuration with ignore_user_abort(true) isn't
working). (Laruence)
. Fixed bug #70295 (Segmentation fault with setrawcookie). (Bob)
. Fixed bug #67131 (setcookie() conditional for empty values not met). (cmb)
. Fixed bug #70365 (Use-after-free vulnerability in unserialize() with
SplObjectStorage). (taoguangchen at icloud dot com)
. Fixed bug #70366 (Use-after-free vulnerability in unserialize() with
SplDoublyLinkedList). (taoguangchen at icloud dot com)
. Fixed bug #70250 (extract() turns array elements to references).
(Laruence)
. Fixed bug #70211 (php 7 ZEND_HASH_IF_FULL_DO_RESIZE use after free).
(Laruence)
. Fixed bug #70208 (Assert breaking access on objects). (Bob)
. Fixed bug #70140 (str_ireplace/php_string_tolower - Arbitrary Code
Execution). (CVE-2015-6527) (Laruence)
. Implemented FR #70112 (Allow "dirname" to go up various times). (Remi)
. Fixed bug #36365 (scandir duplicates file name at every 65535th file). (cmb)
. Fixed bug #70096 (Repeated iptcembed() adds superfluous FF bytes). (cmb)
. Fixed bug #70018 (exec does not strip all whitespace). (Laruence)
. Fixed bug #69983 (get_browser fails with user agent of null).
(Kalle, cmb, Laruence)
. Fixed bug #69976 (Unable to parse "all" urls with colon char). (cmb)
. Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb)
. Fixed bug #62922 (Truncating entire string should result in string).
(Nikita)
. Fixed bug #69723 (Passing parameters by reference and array_column).
(Laruence)
. Fixed bug #69523 (Cookie name cannot be empty). (Christoph M. Becker)
. Fixed bug #69325 (php_copy_file_ex does not pass the argument).
(imbolk at gmail dot com)
. Fixed bug #69299 (Regression in array_filter's $flag argument in PHP 7).
(Laruence)
. Removed call_user_method() and call_user_method_array() functions. (Kalle)
. Fixed user session handlers (See rfc:session.user.return-value). (Sara)
. Added intdiv() function. (Andrea)
. Improved precision of log() function for base 2 and 10. (Marc Bennewitz)
. Remove string category support in setlocale(). (Nikita)
. Remove set_magic_quotes_runtime() and its alias magic_quotes_runtime().
(Nikita)
. Fixed bug #65272 (flock() out parameter not set correctly in windows).
(Daniel Lowrey)
. Added preg_replace_callback_array function. (Wei Dai)
. Deprecated salt option to password_hash. (Anthony)
. Fixed bug #69686 (password_verify reports back error on PHP7 will null
string). (Anthony)
. Added Windows support for getrusage(). (Kalle)
. Removed hardcoded limit on number of pipes in proc_open(). (Tony)
- Streams:
. Fixed bug #70361 (HTTP stream wrapper doesn't close keep-alive connections).
(Niklas Keller)
. Fixed bug #68532 (convert.base64-encode omits padding bytes).
(blaesius at krumedia dot de)
. Removed set_socket_blocking() in favor of its alias stream_set_blocking().
(Nikita)
- Tokenizer:
. Fixed bug #69430 (token_get_all has new irrecoverable errors). (Nikita)
- XMLReader:
. Fixed bug #70309 (XmlReader read generates extra output). (Anatol)
- XMLRPC
. Fixed bug #70526 (xmlrpc_set_type returns false on success). (Laruence)
- XSL:
. Fixed bug #70678 (PHP7 returns true when false is expected). (Felipe)
. Fixed bug #70535 (XSLT: free(): invalid pointer). (Laruence)
. Fixed bug #69782 (NULL pointer dereference). (Stas)
. Fixed bug #64776 (The XSLT extension is not thread safe). (Mike)
. Removed xsl.security_prefs ini option. (Nikita)
- Zlib:
. Added deflate_init(), deflate_add(), inflate_init(), inflate_add()
functions allowing incremental/streaming compression/decompression.
(Daniel Lowrey & Bob Weinand)
- Zip:
. Fixed bug #70322 (ZipArchive::close() doesn't indicate errors). (cmb)
. Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when
creating directories). (neal at fb dot com)
. Added ZipArchive::setCompressionName and ZipArchive::setCompressionIndex
methods. (Remi, Cedric Delmas)
. Update bundled libzip to 1.0.1. (Remi, Anatol)
. Fixed bug #67161 (ZipArchive::getStream() returns NULL for certain file).
(Christoph M. Becker)
- Core:
. Fixed bug #70828 (php-fpm 5.6 with opcache crashes when referencing a
non-existent constant). (Laruence)
. Fixed bug #70748 (Segfault in ini_lex () at Zend/zend_ini_scanner.l).
(Laruence)
- Mysqlnd:
. Fixed bug #68344 (MySQLi does not provide way to disable peer certificate
validation) by introducing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT
connection flag. (Andrey)
- OCI8:
. Fixed bug #68298 (OCI int overflow). (Senthil)
- PDO_DBlib:
. Fixed bug #69757 (Segmentation fault on nextRowset).
(miracle at rpz dot name)
- SOAP:
. Fixed bug #70875 (Segmentation fault if wsdl has no targetNamespace
attribute). (Matteo)
- SPL:
. Fixed bug #70852 (Segfault getting NULL offset of an ArrayObject).
(Reeze Xia)
- Core:
. Fixed bug #70681 (Segfault when binding $this of internal instance method
to null). (Nikita)
. Fixed bug #70685 (Segfault for getClosure() internal method rebind with
invalid $this). (Nikita)
- Date:
. Fixed bug #70619 (DateTimeImmutable segfault). (Laruence)
- Mcrypt:
. Fixed bug #70625 (mcrypt_encrypt() won't return data when no IV was
specified under RC4). (Nikita)
- Mysqlnd:
. Fixed bug #70384 (mysqli_real_query():Unknown type 245 sent by the server).
(Andrey)
. Fixed bug #70572 segfault in mysqlnd_connect. (Andrey, Remi)
- Opcache:
. Fixed bug #70632 (Third one of segfault in gc_remove_from_buffer).
(Laruence)
. Fixed bug #70631 (Another Segfault in gc_remove_from_buffer()). (Laruence)
. Fixed bug #70601 (Segfault in gc_remove_from_buffer()). (Laruence)
. Fixed compatibility with Windows 10 (see also bug #70652). (Anatol)
- Core:
. Fixed bug #70370 (Bundled libtool.m4 doesn't handle FreeBSD 10 when
building extensions). (Adam)
- CLI server:
. Fixed bug #68291 (404 on urls with '+'). (cmb)
- DOM:
. Fixed bug #70001 (Assigning to DOMNode::textContent does additional entity
encoding). (cmb)
- ldap
. Fixed bug #70465 (Bug in ldap_search() modifies LDAP_OPT_TIMELIMIT/DEREF's
values). (Tyson Andre)
. Fixed bug #69574 (ldap timeouts not enforced). (Côme Bernigaud)
- Mysqlnd:
. Fixed bug #70456 (mysqlnd doesn't activate TCP keep-alive when connecting to
a server). (Sergei Turchanov)
- OpenSSL:
. Fixed bug #55259 (openssl extension does not get the DH parameters from
DH key resource). (Jakub Zelenka)
. Fixed bug #70395 (Missing ARG_INFO for openssl_seal()). (cmb)
. Fixed bug #60632 (openssl_seal fails with AES). (Jakub Zelenka)
. Fixed bug #68312 (Lookup for openssl.cnf causes a message box). (Anatol)
- PDO:
. Fixed bug #70389 (PDO constructor changes unrelated variables). (Laruence)
- Phar:
. Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()). (Stas)
. FIxed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip
entry filename is "/"). (Stas)
- Phpdbg:
. Fix phpdbg_break_next() sometimes not breaking. (Bob)
- Standard:
. Fixed bug #67131 (setcookie() conditional for empty values not met). (cmb)
- Streams:
. Fixed bug #70361 (HTTP stream wrapper doesn't close keep-alive connections).
(Niklas Keller)
- Zip:
. Fixed bug #70322 (ZipArchive::close() doesn't indicate errors). (cmb)
- Core:
. Fixed bug #69900 (Too long timeout on pipes). (Anatol)
. Fixed bug #69487 (SAPI may truncate POST data). (cmb)
. Fixed bug #70198 (Checking liveness does not work as expected).
(Shafreeck Sea, Anatol Belski)
. Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas)
. Fixed bug #70219 (Use after free vulnerability in session deserializer).
(taoguangchen at icloud dot com)
- CLI server:
. Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE).
(wusuopu, cmb)
. Fixed bug #70264 (CLI server directory traversal). (cmb)
- Date:
. Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to
be optional). (cmb)
. Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).
(cmb)
- EXIF:
. Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte
value of 32 bytes). (Stas)
- GMP:
. Fixed bug #70284 (Use after free vulnerability in unserialize() with GMP).
(stas)
- hash:
. Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee
at naver dot com)
- MCrypt:
. Fixed bug #69833 (mcrypt fd caching not working). (Anatol)
- Opcache:
. Fixed bug #70237 (Empty while and do-while segmentation fault with opcode
on CLI enabled). (Dmitry, Laruence)
- PCRE:
. Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string
match). (cmb)
. Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
(Anatol Belski)
- SOAP:
. Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
(Stas)
- SPL:
. Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via
ob_start). (hugh at allthethings dot co dot nz)
. Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb)
. Fixed bug #70365 (Use-after-free vulnerability in unserialize() with
SplObjectStorage). (taoguangchen at icloud dot com)
. Fixed bug #70366 (Use-after-free vulnerability in unserialize() with
SplDoublyLinkedList). (taoguangchen at icloud dot com)
- Standard:
. Fixed bug #70052 (getimagesize() fails for very large and very small WBMP).
(cmb)
. Fixed bug #70157 (parse_ini_string() segmentation fault with
INI_SCANNER_TYPED). (Tjerk)
- XSLT:
. Fixed bug #69782 (NULL pointer dereference). (Stas)
- ZIP:
. Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when
creating directories). (neal at fb dot com)
- CLI server:
. Fixed bug #69655 (php -S changes MKCALENDAR request method to MKCOL). (cmb)
. Fixed bug #64878 (304 responses return Content-Type header). (cmb)
- GD:
. Fixed bug #53156 (imagerectangle problem with point ordering). (cmb)
. Fixed bug #66387 (Stack overflow with imagefilltoborder). (cmb)
. Fixed bug #70102 (imagecreatefromwebm() shifts colors). (cmb)
. Fixed bug #66590 (imagewebp() doesn't pad to even length). (cmb)
. Fixed bug #66882 (imagerotate by -90 degrees truncates image by 1px). (cmb)
. Fixed bug #70064 (imagescale(..., IMG_BICUBIC) leaks memory). (cmb)
. Fixed bug #69024 (imagescale segfault with palette based image). (cmb)
. Fixed bug #53154 (Zero-height rectangle has whiskers). (cmb)
. Fixed bug #67447 (imagecrop() add a black line when cropping). (cmb)
. Fixed bug #68714 (copy 'n paste error). (cmb)
. Fixed bug #66339 (PHP segfaults in imagexbm). (cmb)
. Fixed bug #70047 (gd_info() doesn't report WebP support). (cmb)
- ODBC:
. Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined
columns). (cmb)
- OpenSSL:
. Fixed bug #69882 (OpenSSL error "key values mismatch" after
openssl_pkcs12_read with extra cert). (Tomasz Sawicki)
. Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically
secure). (Stas)
- Phar:
. Improved fix for bug #69441. (Anatol Belski)
. Fixed bug #70019 (Files extracted from archive may be placed outside of
destination directory). (Anatol Belski)
- SOAP:
. Fixed bug #70081 (SoapClient info leak / null pointer dereference via
multiple type confusions). (Stas)
- SPL:
. Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject
items). (sean.heelan)
. Fixed bug #70166 (Use After Free Vulnerability in unserialize() with
SPLArrayObject). (taoguangchen at icloud dot com)
. Fixed bug #70168 (Use After Free Vulnerability in unserialize() with
SplObjectStorage). (taoguangchen at icloud dot com)
. Fixed bug #70169 (Use After Free Vulnerability in unserialize() with
SplDoublyLinkedList). (taoguangchen at icloud dot com)
- Standard:
. Fixed bug #70096 (Repeated iptcembed() adds superfluous FF bytes). (cmb)
09 Jul 2015, PHP 5.6.11
- Core:
. Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb)
. Fixed bug #69703 (Use __builtin_clzl on PowerPC).
(dja at axtens dot net, Kalle)
. Fixed bug #69732 (can induce segmentation fault with basic php code).
(Dmitry)
. Fixed bug #69642 (Windows 10 reported as Windows 8).
(Christian Wenz, Anatol Belski)
. Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation
fault). (Christoph M. Becker)
. Fixed bug #69781 (phpinfo() reports Professional Editions of Windows
7/8/8.1/10 as "Business"). (Christian Wenz)
. Fixed bug #69740 (finally in generator (yield) swallows exception in
iteration). (Nikita)
. Fixed bug #69835 (phpinfo() does not report many Windows SKUs).
(Christian Wenz)
. Fixed bug #69892 (Different arrays compare indentical due to integer key
truncation). (Nikita)
. Fixed bug #69874 (Can't set empty additional_headers for mail()), regression
from fix to bug #68776. (Yasuo)
- GD:
. Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb)
- GMP:
. Fixed bug #69803 (gmp_random_range() modifies second parameter if GMP
number). (Nikita)
- Mysqlnd:
. Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM). (CVE-2015-3152)
(Andrey)
- PCRE:
. Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the
string). (cmb)
. Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab)
- PDO_pgsql:
. Fixed bug #69752 (PDOStatement::execute() leaks memory with DML
Statements when closeCuror() is u). (Philip Hofstetter)
. Fixed bug #69362 (PDO-pgsql fails to connect if password contains a
leading single quote). (Matteo)
. Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps).
(Matteo)
- Phar:
. Fixed bug #69958 (Segfault in Phar::convertToData on invalid file).
(CVE-2015-5589) (Stas)
. Fixed bug #69923 (Buffer overflow and stack smashing error in
phar_fix_filepath). (CVE-2015-5590) (Stas)
- SimpleXML:
. Refactored the fix for bug #66084 (simplexml_load_string() mangles empty
node name). (Christoph Michael Becker)
- SPL:
. Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error).
(Stas)
. Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian Gustavo Veiga).
. Fixed bug #69970 (Use-after-free vulnerability in
spl_recursive_it_move_forward_ex()). (Laruence)
- Sqlite3:
. Fixed bug #69972 (Use-after-free vulnerability in
sqlite3SafetyCheckSickOrOk()). (Laruence)
- Core:
. Fixed bug #66048 (temp. directory is cached during multiple requests).
(Julien)
. Fixed bug #69566 (Conditional jump or move depends on uninitialised value
in extension trait). (jbboehr at gmail dot com)
. Fixed bug #69599 (Strange generator+exception+variadic crash). (Nikita)
. Fixed bug #69628 (complex GLOB_BRACE fails on Windows).
(Christoph M. Becker)
. Fixed POST data processing slowdown due to small input buffer size
on Windows. (Jorge Oliveira, Anatol)
. Fixed bug #69646 (OS command injection vulnerability in escapeshellarg).
(CVE-2015-4642) (Anatol Belski)
. Fixed bug #69719 (Incorrect handling of paths with NULs). (Stas)
- FTP
. Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in
heap overflow). (CVE-2015-4643) (Max Spelsberg)
- GD:
. Fixed bug #69479 (GD fails to build with newer libvpx). (Remi)
- Iconv:
. Fixed bug #48147 (iconv with //IGNORE cuts the string). (Stas)
- Litespeed SAPI:
. Fixed bug #68812 (Unchecked return value). (George Wang)
- Mail:
. Fixed bug #68776 (mail() does not have mail header injection prevention for
additional headers). (Yasuo)
- MCrypt:
. Added file descriptor caching to mcrypt_create_iv() (Leigh)
- Opcache
. Fixed bug #69549 (Memory leak with opcache.optimization_level=0xFFFFFFFF).
(Laruence, Dmitry)
- PCRE
. Upgraded pcrelib to 8.37. (CVE-2015-2325, CVE-2015-2326)
- Phar:
. Fixed bug #69680 (phar symlink in binary directory broken).
(Matteo Bernardini, Remi)
- Postgres:
. Fixed bug #69667 (segfault in php_pgsql_meta_data). (CVE-2015-4644) (Remi)
- Sqlite3:
. Upgrade bundled sqlite to 3.8.10.2. (CVE-2015-3414, CVE-2015-3415,
CVE-2015-3416) (Kaplan)
- Core:
. Fixed bug #69467 (Wrong checked for the interface by using Trait).
(Laruence)
. Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)
. Fixed bug #60022 ("use statement [...] has no effect" depends on leading
backslash). (Nikita)
. Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer).
(Dmitry)
. Fixed bug #68652 (segmentation fault in destructor). (Dmitry)
. Fixed bug #69419 (Returning compatible sub generator produces a warning).
(Nikita)
. Fixed bug #69472 (php_sys_readlink ignores misc errors from
GetFinalPathNameByHandleA). (Jan Starke)
. Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability).
(CVE-2015-4024) (Stas)
. Fixed bug #69403 (str_repeat() sign mismatch based memory corruption).
(Stas)
. Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (CVE-2015-4025)
(Stas)
. Fixed bug #69522 (heap buffer overflow in unpack()). (Stas)
- FTP:
. Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap
overflow). (CVE-2015-4022) (Stas)
- ODBC:
. Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0).
(Anatol)
. Fixed bug #69474 (ODBC: Query with same field name from two tables returns
incorrect result). (Anatol)
. Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall,
Anatol Belski)
- OpenSSL:
. Fixed bug #69402 (Reading empty SSL stream hangs until timeout).
(Daniel Lowrey)
- PCNTL:
. Fixed bug #68598 (pcntl_exec() should not allow null char). (CVE-2015-4026)
(Stas)
- Phar:
. Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry
filename starts with null). (CVE-2015-4021) (Stas)
- Core:
. Fixed bug #66609 (php crashes with __get() and ++ operator in some cases).
(Dmitry, Laruence)
. Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8
characters). (Tjerk)
. Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai)
. Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
configuration options). (Anatol Belski)
. Additional fix for bug #69152 (Type confusion vulnerability in
exception::getTraceAsString). (Stas)
. Fixed bug #69210 (serialize function return corrupted data when sleep has
non-string values). (Juan Basso)
. Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in
__call/... arg passing). (Nikita)
. Fixed bug #69221 (Segmentation fault when using a generator in combination
with an Iterator). (Nikita)
. Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion
vulnerability). (Stas)
. Fixed bug #69353 (Missing null byte checks for paths in various PHP
extensions). (Stas)
- Apache2handler:
. Fixed bug #69218 (potential remote code execution with apache 2.4
apache2handler). (Gerrit Venema)
- cURL:
. Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)
. Fixed bug #68739 (Missing break / control flow). (Laruence)
. Fixed bug #69316 (Use-after-free in php_curl related to
CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)
- Date:
. Fixed bug #69336 (Issues with "last day of <monthname>"). (Derick Rethans)
- Enchant:
. Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows
builds). (Anatol)
- Ereg:
. Fixed bug #68740 (NULL Pointer Dereference). (Laruence)
- Fileinfo:
. Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or
segfault). (Anatol Belski)
- Filter:
. Fixed bug #69202 (FILTER_FLAG_STRIP_BACKTICK ignored unless other
flags are used). (Jeff Welch)
. Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff
Welch)
- Mbstring:
. Fixed bug #68846 (False detection of CJK Unified Ideographs Extension E).
(Masaki Kagaya)
- OPCache:
. Fixed bug #69297 (function_exists strange behavior with OPCache on
disabled function). (Laruence)
. Fixed bug #69281 (opcache_is_script_cached no longer works). (danack)
. Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence)
- OpenSSL:
. Fixed bugs #68853, #65137 (Buffered crypto stream data breaks IO polling
in stream_select() contexts) (Chris Wright)
. Fixed bug #69197 (openssl_pkcs7_sign handles default value incorrectly)
(Daniel Lowrey)
. Fixed bug #69215 (Crypto servers should send client CA list)
(Daniel Lowrey)
. Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)
- Phar:
. Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar).
(Mike)
. Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike)
. Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike)
. Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing
".tar"). (Mike)
. Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)
. Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in
phar_set_inode). (Stas)
- Postgres:
. Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence)
- SOAP:
. Fixed bug #69152 (Type Confusion Infoleak Vulnerability in unserialize()
with SoapFault). (Dmitry)
. Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader
(bisected, regression)). (Laruence)
- SPL:
. Fixed bug #69227 (Use after free in zval_scan caused by
spl_object_storage_get_gc). (adam dot scarr at 99designs dot com)
- Sqlite3:
. Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception).
(Dan Ackroyd)
. Fixed bug #69287 (Upgrade bundled libsqlite to 3.8.8.3). (Anatol)
. Fixed bug #66550 (SQLite prepared statement use-after-free). (Sean Heelan)
- Core:
. Fixed bug #69174 (leaks when unused inner class use traits precedence).
(Laruence)
. Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).
(Laruence)
. Fixed bug #69121 (Segfault in get_current_user when script owner is not
in passwd with ZTS build). (dan at syneto dot net)
. Fixed bug #65593 (Segfault when calling ob_start from output buffering
callback). (Mike)
. Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file
not validated in memory.c). (nayana at ddproperty dot com)
. Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus)
. Fixed bug #69141 (Missing arguments in reflection info for some builtin
functions). (kostyantyn dot lysyy at oracle dot com)
. Fixed bug #68976 (Use After Free Vulnerability in unserialize()).
(CVE-2015-2787) (Stas)
. Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
configuration options). (Anatol Belski)
. Fixed bug #69207 (move_uploaded_file allows nulls in path). (CVE-2015-2348)
(Stas)
- CGI:
. Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence)
- CLI:
. Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia)
- cURL:
. Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on
Win32). (Grant Pannell)
. Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported
by libcurl. (Linus Unneback)
- Ereg:
. Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (CVE-2015-2305)
(Stas)
- FPM:
. Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com)
- ODBC:
. Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol)
- Opcache:
. Fixed bug #69159 (Opcache causes problem when passing a variable variable
to a function). (Dmitry, Laruence)
. Fixed bug #69125 (Array numeric string as key). (Laruence)
. Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence)
- OpenSSL:
. Fixed bug #68912 (Segmentation fault at openssl_spki_new). (Laruence)
. Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe
socket timeouts). (Brad Broerman)
. Fixed bug #68920 (use strict peer_fingerprint input checks)
(Daniel Lowrey)
. Fixed bug #68879 (IP Address fields in subjectAltNames not used)
(Daniel Lowrey)
. Fixed bug #68265 (SAN match fails with trailing DNS dot) (Daniel Lowrey)
. Fixed bug #67403 (Add signatureType to openssl_x509_parse) (Daniel Lowrey)
. Fixed bug (#69195 Inconsistent stream crypto values across versions)
(Daniel Lowrey)
- pgsql:
. Fixed bug #68638 (pg_update() fails to store infinite values).
(william dot welter at 4linux dot com dot br, Laruence)
- Readline:
. Fixed bug #69054 (Null dereference in readline_(read|write)_history() without
parameters). (Laruence)
- SOAP:
. Fixed bug #69085 (SoapClient's __call() type confusion through
unserialize()). (CVE-2015-4147, CVE-2015-4148) (andrea dot palazzo at truel
dot it, Laruence)
- SPL:
. Fixed bug #69108 ("Segmentation fault" when (de)serializing
SplObjectStorage). (Laruence)
. Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after
calling getChildren()). (Julien)
- ZIP:
. Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap
boundary). (CVE-2015-2331) (Stas)
- Core:
. Removed support for multi-line headers, as the are deprecated by RFC 7230.
(Stas)
. Fixed bug #67068 (getClosure returns somethings that's not a closure).
(Danack at basereality dot com)
. Fixed bug #68942 (Use after free vulnerability in unserialize() with
DateTimeZone). (CVE-2015-0273) (Stas)
. Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname
buffer overflow). (Stas)
. Fixed Bug #67988 (htmlspecialchars() does not respect default_charset
specified by ini_set) (Yasuo)
. Added NULL byte protection to exec, system and passthru. (Yasuo)
- Dba:
. Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)
- Enchant:
. Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()).
(CVE-2014-9705) (Antony)
- Fileinfo:
. Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)
. Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files
correctly). (Anatol)
. Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with some
gifs). (Anatol)
- FPM:
. Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)
. Fixed bug #68571 (core dump when webserver close the socket).
(redfoxli069 at gmail dot com, Laruence)
- JSON:
. Fixed bug #50224 (json_encode() does not always encode a float as a float)
by adding JSON_PRESERVE_ZERO_FRACTION. (Juan Basso)
- LIBXML:
. Fixed bug #64938 (libxml_disable_entity_loader setting is shared
between threads). (Martin Jansen)
- Mysqli:
. Fixed bug #68114 (linker error on some OS X machines with fixed
width decimal support) (Keyur Govande)
. Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient
has rounding errors) (Keyur Govande)
- Opcache:
. Fixed bug with try blocks being removed when extended_info opcode
generation is turned on. (Laruence)
- PDO_mysql:
. Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of
named pipes). (steffenb198 at aol dot com)
- Phar:
. Fixed bug #68901 (use after free). (CVE-2015-2301)
(bugreports at internot dot info)
- Pgsql:
. Fixed Bug #65199 (pg_copy_from() modifies input array variable) (Yasuo)
- Session:
. Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
. Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
. Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)
- Sqlite3:
. Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
required_num_args). (Julien)
- Standard:
. Fixed bug #65272 (flock() out parameter not set correctly in windows).
(Daniel Lowrey)
. Fixed bug #69033 (Request may get env. variables from previous requests
if PHP works as FastCGI). (Anatol)
- Streams:
. Fixed bug which caused call after final close on streams filter. (Bob)
- Core:
. Upgraded crypt_blowfish to version 1.3. (Leigh)
. Fixed bug #60704 (unlink() bug with some files path).
. Fixed bug #65419 (Inside trait, self::class != __CLASS__). (Julien)
. Fixed bug #68536 (pack for 64bits integer is broken on bigendian). (Remi)
. Fixed bug #55541 (errors spawn MessageBox, which blocks test automation).
(Anatol)
. Fixed bug #68297 (Application Popup provides too few information). (Anatol)
. Fixed bug #65769 (localeconv() broken in TS builds). (Anatol)
. Fixed bug #65230 (setting locale randomly broken). (Anatol)
. Fixed bug #66764 (configure doesn't define EXPANDED_DATADIR / PHP_DATADIR
correctly). (Ferenc)
. Fixed bug #68583 (Crash in timeout thread). (Anatol)
. Fixed bug #65576 (Constructor from trait conflicts with inherited
constructor). (dunglas at gmail dot com)
. Fixed bug #68676 (Explicit Double Free). (CVE-2014-9425) (Kalle)
. Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()).
(CVE-2015-0231) (Stefan Esser)
- CGI:
. Fixed bug #68618 (out of bounds read crashes php-cgi). (CVE-2014-9427)
(Stas)
- CLI server:
. Fixed bug #68745 (Invalid HTTP requests make web server segfault). (Adam)
- cURL:
. Fixed bug #67643 (curl_multi_getcontent returns '' when
CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans)
- Date:
. Implemented FR #68268 (DatePeriod: Getter for start date, end date and
interval). (Marc Bennewitz)
- EXIF:
. Fixed bug #68799: Free called on uninitialized pointer. (CVE-2015-0232)
(Stas)
- Fileinfo:
. Fixed bug #68398 (msooxml matches too many archives). (Anatol)
. Fixed bug #68665 (invalid free in libmagic). (Joshua Rogers, Anatol Belski)
. Fixed bug #68671 (incorrect expression in libmagic).
(Joshua Rogers, Anatol Belski)
. Removed readelf.c and related code from libmagic sources
(Remi, Anatol)
. Fixed bug #68735 (fileinfo out-of-bounds memory access). (CVE-2014-9652)
(Anatol)
- FPM:
. Fixed request #68526 (Implement POSIX Access Control List for UDS). (Remi)
. Fixed bug #68751 (listen.allowed_clients is broken). (Remi)
- GD:
. Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (CVE-2014-9709)
(Jan Bee, Remi)
. Fixed request #68656 (Report gd library version). (Remi)
- mbstring:
. Fixed bug #68504 (--with-libmbfl configure option not present on Windows).
(Ashesh Vashi)
- Opcache:
. Fixed bug #68644 (strlen incorrect : mbstring + func_overload=2 +UTF-8
+ Opcache). (Laruence)
. Fixed bug #67111 (Memory leak when using "continue 2" inside two foreach
loops). (Nikita)
- OpenSSL:
. Improved handling of OPENSSL_KEYTYPE_EC keys. (Dominic Luechinger)
- pcntl:
. Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler
when setting SIG_DFL). (Julien)
- PCRE:
. Fixed bug #66679 (Alignment Bug in PCRE 8.34 upstream).
(Rainer Jung, Anatol Belski)
- pgsql:
. Fixed bug #68697 (lo_export return -1 on failure). (Ondřej Surý)
- PDO:
. Fixed bug #68371 (PDO#getAttribute() cannot be called with platform-specifi
attribute names). (Matteo)
- PDO_mysql:
. Fixed bug #68424 (Add new PDO mysql connection attr to control multi
statements option). (peter dot wolanin at acquia dot com)
- SPL:
. Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME
breaks the RecursiveIterator). (Paul Garvin)
. Fixed bug #68479 (Added escape parameter to SplFileObject::fputcsv). (Salathe)
- SQLite:
. Fixed bug #68120 (Update bundled libsqlite to 3.8.7.2). (Anatol)
- Streams:
. Fixed bug #68532 (convert.base64-encode omits padding bytes).
(blaesius at krumedia dot de)
- Core:
. Fixed bug #68091 (Some Zend headers lack appropriate extern "C" blocks).
(Adam)
. Fixed bug #68104 (Segfault while pre-evaluating a disabled function).
(Laruence)
. Fixed bug #68185 ("Inconsistent insteadof definition."- incorrectly
triggered). (Julien)
. Fixed bug #68355 (Inconsistency in example php.ini comments).
(Chris McCafferty)
. Fixed bug #68370 ("unset($this)" can make the program crash). (Laruence)
. Fixed bug #68422 (Incorrect argument reflection info for array_multisort()).
(Alexander Lisachenko)
. Fixed bug #68545 (NULL pointer dereference in unserialize.c). (Anatol)
. Fixed bug #68446 (Array constant not accepted for array parameter default).
(Bob, Dmitry)
. Fixed bug #68594 (Use after free vulnerability in unserialize()).
(CVE-2014-8142) (Stefan Esser)
- Date:
. Fixed day_of_week function as it could sometimes return negative values
internally. (Derick)
- FPM:
. Fixed bug #68381 (fpm_unix_init_main ignores log_level).
(David Zuelke, Remi)
. Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all
addresses). (Remi)
. Fixed bug #68421 (access.format='%R' doesn't log ipv6 address). (Remi)
. Fixed bug #68423 (PHP-FPM will no longer load all pools). (Remi)
. Fixed bug #68428 (listen.allowed_clients is IPv4 only). (Remi)
. Fixed bug #68452 (php-fpm man page is oudated). (Remi)
. Fixed request #68458 (Change pm.start_servers default warning to
notice). (David Zuelke, Remi)
. Fixed bug #68463 (listen.allowed_clients can silently result
in no allowed access). (Remi)
. Fixed request #68391 (php-fpm conf files loading order).
(Florian Margaine, Remi)
. Fixed bug #68478 (access.log don't use prefix). (Remi)
- Mcrypt:
. Fixed possible read after end of buffer and use after free. (Dmitry)
- GMP:
. Fixed bug #68419 (build error with gmp 4.1). (Remi)
- PDO_pgsql:
. Fixed bug #67462 (PDO_PGSQL::beginTransaction() wrongly throws exception
when not in transaction) (Matteo)
. Fixed bug #68351 (PDO::PARAM_BOOL and ATTR_EMULATE_PREPARES misbehaving)
(Matteo)
- Session:
. Fixed bug #68331 (Session custom storage callable functions not being called)
(Yasuo Ohgaki)
- SOAP:
. Fixed bug #68361 (Segmentation fault on SoapClient::__getTypes).
(Laruence)
- zlib:
. Fixed bug #53829 (Compiling PHP with large file support will replace
function gzopen by gzopen64) (Sascha Kettler, Matteo)
- Core:
. Implemented 64-bit format codes for pack() and unpack(). (Leigh)
. Fixed bug #51800 (proc_open on Windows hangs forever). (Anatol)
. Fixed bug #67633 (A foreach on an array returned from a function not doing
copy-on-write). (Nikita)
. Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported
as 6.2 (instead of 6.3)). (Christian Wenz)
. Fixed bug #67949 (DOMNodeList elements should be accessible through
array notation) (Florian)
. Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in
php_getopt()). (Stas)
. Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined). (Nikita)
. Fixed bug #68129 (parse_url() - incomplete support for empty usernames
and passwords) (Tjerk)
. Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in
zend_hash_copy). (Dmitry)
- CURL:
. Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and
CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl (Rasmus)
- Fileinfo:
. Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB)
. Fixed bug #68224 (buffer-overflow in libmagic/readcdf.c caught by
AddressSanitizer). (Remi)
. Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers).
(CVE-2014-3710) (Remi)
- FPM:
. Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable
when using Apache, mod_proxy-fcgi and ProxyPass). (Remi)
. Implemented FR #55508 (listen and listen.allowed_clients should take IPv6
addresses). (Robin Gloster)
- GD:
. Fixed bug #65171 (imagescale() fails without height param). (Remi)
- GMP:
. Implemented gmp_random_range() and gmp_random_bits(). (Leigh)
. Fixed bug #63595 (GMP memory management conflicts with other libraries
using GMP). (Remi)
- Mysqli:
. Fixed bug #68114 (linker error on some OS X machines with fixed width
decimal support) (Keyur Govande)
- ODBC:
. Fixed bug #68087 (ODBC not correctly reading DATE column when preceded by
a VARCHAR column) (Keyur Govande)
- OpenSSL:
. Fixed bug #68074 (Allow to use system cipher list instead of hardcoded
value). (Remi)
- PDO_pgsql:
. Fixed bug #68199 (PDO::pgsqlGetNotify doesn't support NOTIFY payloads)
(Matteo, Alain Laporte)
. Fixed bug #66584 (Segmentation fault on statement deallocation) (Matteo)
- OpenSSL:
. Revert regression introduced by fix of bug #41631
- Reflection:
. Fixed bug #68103 (Duplicate entry in Reflection for class alias). (Remi)
- SPL:
. Fixed bug #68128 (Regression in RecursiveRegexIterator) (Tjerk)
- Core:
. Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)).
(CVE-2014-3669) (Stas)
- cURL:
. Fixed bug #68089 (NULL byte injection - cURL lib). (Stas)
- EXIF:
. Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
(Stas)
- XMLRPC:
. Fixed bug #68027 (Global buffer overflow in mkgmtime() function).
(CVE-2014-3668) (Stas)
- Core:
. Implemented FR #38409 (parse_ini_file() looses the type of booleans). (Tjerk)
. Fixed bug #65463 (SIGSEGV during zend_shutdown()). (Keyur Govande)
. Fixed bug #66036 (Crash on SIGTERM in apache process). (Keyur Govande)
. Fixed bug #67878 (program_prefix not honoured in man pages). (Remi)
. Fixed bug #67938 (Segfault when extending interface method with variadic).
(Nikita)
. Fixed bug #67985 (Incorrect last used array index copied to new array after
unset). (Tjerk)
. Fixed bug #68088 (New Posthandler Potential Illegal efree() vulnerability).
(Mike) (CVE-2014-3622)
- DOM:
. Made DOMNode::textContent writeable. (Tjerk)
- Fileinfo:
. Fixed bug #67731 (finfo::file() returns invalid mime type
for binary files). (Anatol)
- GD:
. Made fontFetch's path parser thread-safe. (Sara)
- GMP:
. Fixed bug #67917 (Using GMP objects with overloaded operators can cause
memory exhaustion). (Nikita)
. Fixed bug #50175 (gmp_init() results 0 on given base and number starting
with 0x or 0b). (Nikita)
. Implemented gmp_import() and gmp_export(). (Leigh, Nikita)
- MySQLi:
. Fixed bug #67839 (mysqli does not handle 4-byte floats correctly). (Keyur)
- OpenSSL:
. Fixed bug #67850 (extension won't build if openssl compiled without SSLv3).
(Daniel Lowrey)
- phpdbg:
. Fixed issue krakjoe/phpdbg#111 (compile error without ZEND_SIGNALS). (Bob)
- SOAP:
. Fixed bug #67955 (SoapClient prepends 0-byte to cookie names). (Philip
Hofstetter)
- Session:
. Fixed bug #67972 (SessionHandler Invalid memory read create_sid()). (Adam)
- Sysvsem:
. Implemented FR #67990 (Add optional nowait argument to sem_acquire).
(Matteo)
- CLI server:
. Added some MIME types to the CLI web server. (Chris Jones)
. Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol)
. Fixed bug #66830 (Empty header causes PHP built-in web server to hang).
(Adam)
. Fixed bug #67594 (Unable to access to apache_request_headers() elements).
(Tjerk)
. Implemented FR #67429 (CLI server is missing some new HTTP response codes).
(Adam)
. Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi)
- COM:
. Fixed bug #41577 (DOTNET is successful once per server run)
(Aidas Kasparas)
. Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas).
. Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)
- Core:
. Improved phpinfo() stylesheets. (Colin Viebrock)
. Fixed bug #67693 (incorrect push to the empty array). (Tjerk)
. Removed inconsistency regarding behaviour of array in constants at
run-time. (Bob)
. Fixed bug #67497 (eval with parse error causes segmentation fault in
generator). (Nikita)
. Fixed bug #67151 (strtr with empty array crashes). (Nikita)
. Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server
2012). (Christian Wenz)
. Fixed bug #66608 (Incorrect behavior with nested "finally" blocks).
(Laruence, Dmitry)
. Implemented FR #34407 (ucwords and Title Case). (Tjerk)
. Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0).
(Ferenc)
. Fixed bug #67368 (Memory leak with immediately dereferenced array in class
constant). (Laruence)
. Fixed bug #67468 (Segfault in highlight_file()/highlight_string()).
(Andreas Ferber)
. Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability).
(Stefan Esser)
. Fixed bug #67551 (php://input temp file will be located in sys_temp_dir
instead of upload_tmp_dir). (Mike)
. Fixed bug #67169 (array_splice all elements, then []= gives wrong index).
(Nikita)
. Fixed bug #67198 (php://input regression). (Mike)
. Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
. Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
. Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
. Fixed bug #67249 (printf out-of-bounds read). (Stas)
. Implemented FR #64744 (Differentiate between member function call on a null
and non-null, non-objects). (Boro Sitnikovski)
. Fixed bug #67436 (Autoloader isn't called if two method definitions don't
match). (Bob)
. Fixed bug #66622 (Closures do not correctly capture the late bound class
(static::) in some cases). (Levi Morrison)
. Fixed bug #67390 (insecure temporary file use in the configure script).
(Remi) (CVE-2014-3981)
. Fixed bug #67392 (dtrace breaks argument unpack). (Nikita)
. Fixed bug #67428 (header('Location: foo') will override a 308-399 response
code). (Adam)
. Fixed bug #67433 (SIGSEGV when using count() on an object implementing
Countable). (Matteo)
. Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas)
. Expose get_debug_info class hook as __debugInfo() magic method. (Sara)
. Implemented unified default encoding
(RFC: https://wiki.php.net/rfc/default_encoding). (Yasuo Ohgaki)
. Added T_POW (**) operator
(RFC: https://wiki.php.net/rfc/pow-operator). (Tjerk Meesters)
. Improved IS_VAR operands fetching. (Laruence, Dmitry)
. Improved empty string handling. Now ZE uses an interned string instead of
allocation new empty string each time. (Laruence, Dmitry)
. Implemented internal operator overloading
(RFC: https://wiki.php.net/rfc/operator_overloading_gmp). (Nikita)
. Made calls from incompatible context issue an E_DEPRECATED warning instead
of E_STRICT (phase 1 of RFC: https://wiki.php.net/rfc/incompat_ctx).
(Gustavo)
. Uploads equal or greater than 2GB in size are now accepted.
(Ralf Lang, Mike)
. Reduced POST data memory usage by 200-300%. Changed INI setting
always_populate_raw_post_data to throw a deprecation warning when enabling
and to accept -1 for never populating the $HTTP_RAW_POST_DATA global
variable, which will be the default in future PHP versions. (Mike)
. Implemented dedicated syntax for variadic functions
(RFC: https://wiki.php.net/rfc/variadics). (Nikita)
. Fixed bug #50333 Improving multi-threaded scalability by using
emalloc/efree/estrdup (Anatol, Dmitry)
. Implemented constant scalar expressions (with support for constants)
(RFC: https://wiki.php.net/rfc/const_scalar_exprs). (Bob)
. Fixed bug #65784 (Segfault with finally). (Laruence, Dmitry)
. Fixed bug #66509 (copy() arginfo has changed starting from 5.4). (willfitch)
. Allow zero length comparison in substr_compare() (Tjerk)
. Fixed bug #60602 (proc_open() changes environment array) (Tjerk)
. Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
. Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace
UNIX sockets). (Mike)
. Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
. Fixed bug #66736 (fpassthru broken). (Mike)
. Fixed bug #66822 (Cannot use T_POW in const expression) (Tjerk)
. Fixed bug #67043 (substr_compare broke by previous change) (Tjerk)
. Fixed bug #65701 (copy() doesn't work when destination filename is created
by tempnam()). (Boro Sitnikovski)
. Fixed bug #66015 (Unexpected array indexing in class's static property). (Bob)
. Added (constant) string/array dereferencing to static scalar expressions
to complete the set; now possible thanks to bug #66015 being fixed. (Bob)
. Fixed bug #66568 (Update reflection information for unserialize() function).
(Ferenc)
. Fixed bug #66660 (Composer.phar install/update fails). (Ferenc)
. Fixed bug #67024 (getimagesize should recognize BMP files with negative
height). (Gabor Buella)
. Fixed bug #67064 (Countable interface prevents using 2nd parameter
($mode) of count() function). (Bob)
. Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
. Fixed bug #67033 (Remove reference to Windows 95). (Anatol)
- Curl:
. Implemented FR #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir
or safe_mode). (Adam)
. Check for openssl.cafile ini directive when loading CA certs. (Daniel Lowrey)
. Remove cURL close policy related constants as these have no effect and are
no longer used in libcurl. (Chris Wright)
. Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour)
(Tjerk)
. Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive.
(Adam)
. Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike)
. Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
(Freek Lijten)
- Date:
. Fixed bug #66060 (Heap buffer over-read in DateInterval). (CVE-2013-6712)
(Remi)
. Fixed bug #66091 (memory leaks in DateTime constructor) (Tjerk).
. Fixed bug #67308 (Serialize of DateTime truncates fractions of second).
(Adam)
. Fixed regression in fix for bug #67118 (constructor can't be called twice).
(Remi)
. Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
. Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
. Added DateTimeImmutable::createFromMutable to create a DateTimeImmutable
object from an existing DateTime (mutable) object (Derick)
. Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is
supplied). (Boro Sitnikovski)
. Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
- DOM:
. Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
not only the subset). (Anatol)
- Embed:
. Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol).
- Fileinfo:
. Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi)
. Fixed bug #67705 (extensive backtracking in rule regular expression).
(CVE-2014-3538) (Remi)
. Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS).
(CVE-2014-0238)
. Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
performance degradation). (CVE-2014-0237)
. Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check).
(CVE-2014-0207)
. Fixed bug #67329 (fileinfo: NULL pointer deference flaw by processing certain
CDF files). (CVE-2014-0236)
. Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal
string size). (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary
check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check).
(CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary
check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi)
. Upgraded to libmagic-5.17 (Anatol)
. Fixed bug #66731 (file: infinite recursion). (CVE-2014-1943) (Remi)
. Fixed bug #66820 (out-of-bounds memory access in fileinfo).
(CVE-2014-2270). (Remi)
. Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular
expression). (CVE-2013-7345) (Remi)
. Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
(Remi)
. Fixed bug #66907 (Solaris 10 is missing strcasestr and needs substitute).
(Anatol)
. Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
- FPM:
. Fixed bug #67606 (revised fix 67541, broke mod_fastcgi BC). (David Zuelke)
. Fixed bug #67530 (error_log=syslog ignored). (Remi)
. Fixed bug #67635 (php links to systemd libraries without using pkg-config).
(pacho at gentoo dot org, Remi)
. Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi)
. Fixed bug #67541 (Fix Apache 2.4.10+ SetHandler proxy:fcgi://
incompatibilities). (David Zuelke)
. Included apparmor support in fpm
(RFC: https://wiki.php.net/rfc/fpm_change_hat). (Gernot Vormayr)
. Added clear_env configuration directive to disable clearenv() call.
(Github PR# 598, Paul Annesley)
. Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
. Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
(Julio Pintos)
. Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure
default configuration) (CVE-2014-0185). (Stas)
- GD
. Fixed bug #67730 (Null byte injection possible with imagexxx functions).
(CVE-2014-5120) (Ryan Mauger)
. Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference).
(CVE-2014-2497) (Remi)
. Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)
. Fixed imagettftext to load the correct character map rather than the last one.
(Scott)
. Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop()).
(CVE-2013-7226)
. Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer).
(CVE-2013-7327). (Tomas Hoger, Remi).
. Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget) (Pierre)
. Fixed bug #66887 (imagescale - poor quality of scaled image). (Remi)
. Fixed bug #66890 (imagescale segfault). (Remi)
. Fixed bug #66893 (imagescale ignore method argument). (Remi)
- GMP:
. Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre)
. Fixed crashes in serialize/unserialize. (Stas)
. Moved GMP to use object as the underlying structure and implemented various
improvements based on this.
(RFC: https://wiki.php.net/rfc/operator_overloading_gmp). (Nikita)
. Added gmp_root() and gmp_rootrem() functions for calculating nth roots.
(Nikita)
- Hash:
. Added gost-crypto (CryptoPro S-box) GOST hash algo. (Manuel Mausz)
. Fixed bug #66698 (Missing FNV1a32 and FNV1a64 hash functions).
(Michael M Slusarz).
. Implemented timing attack safe string comparison function
(RFC: https://wiki.php.net/rfc/timing_attack). (Rouven Weßling)
. hash_pbkdf2() now works correctly if the $length argument is not specified.
(Nikita)
- Intl:
. Fixed bug #66873 (A reproductible crash in UConverter when given invalid
encoding) (Stas)
. Fixed bug #66921 (Wrong argument type hint for function
intltz_from_date_time_zone). (Stas)
. Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting).
(Stas)
. Fixed bug #67349 (Locale::parseLocale Double Free). (Stas)
. Fixed bug #67397 (Buffer overflow in locale_get_display_name and
uloc_getDisplayName (libicu 4.8.1)). (Stas)
- JSON:
. Fixed case part of bug #64874 ("json_decode handles whitespace and
case-sensitivity incorrectly")
. Fixed bug #65753 (JsonSerializeable couldn't implement on module extension)
(chobieeee@php.net)
. Fixed bug #66021 (Blank line inside empty array/object when
JSON_PRETTY_PRINT is set). (Kevin Israel)
- ldap
. Added new function ldap_modify_batch(). (Ondrej Hosek)
. Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
- litespeed
. Updated LiteSpeed SAPI code to V6.6 (George Wang)
. Fixed bug #63228 (-Werror=format-security error in lsapi code).
(Elan Ruusamäe, George)
- Mail:
. Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)
- Mcrypt:
. No longer allow invalid key sizes, invalid IV sizes or missing required IV
in mcrypt_encrypt, mcrypt_decrypt and the deprecated mode functions.
(Nikita)
. Use /dev/urandom as the default source for mcrypt_create_iv(). (Nikita)
- Mbstring:
. Upgraded to oniguruma 5.9.5 (Anatol)
. Fixed bug #67199 (mb_regex_encoding mismatch). (Yasuo)
- Milter:
. Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike)
- mysqli
. Added new function mysqli_get_links_stats() as well as new INI variable
mysqli.rollback_on_cached_plink of type bool (Andrey)
. Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)
(Remi)
. Fixed building against an external libmysqlclient. (Adam)
- mysqlnd:
. Disabled flag for SP OUT variables for 5.5+ servers as they are not natively
supported by the overlying APIs. (Andrey)
. Added a new fetching mode to mysqlnd. (Andrey)
. Added support for gb18030 from MySQL 5.7. (Andrey)
- Network:
. Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi)
. Fixed bug #67432 (Fix potential segfault in dns_get_record()).
(CVE-2014-4049). (Sara)
- OCI8
. Fixed Bug #66875 (Improve performance of multi-row OCI_RETURN_LOB queries)
(Perrier, Chris Jones)
- ODBC:
. Fixed bug #60616 (odbc_fetch_into returns junk at end of multi-byte char
fields). (Keyur Govande)
- OpenSSL:
. Fixed bug #41631 (socket timeouts not honored in blocking SSL reads)
(Daniel Lowrey).
. Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).
. Fixed bug #67609 (TLS connections fail behind HTTP proxy). (Daniel Lowrey)
. Fixed broken build against OpenSSL older than 0.9.8 where ECDH unavailable.
(Lior Kaplan)
. Fixed bug #67666 (Subject altNames doesn't support wildcard matching). (Tjerk)
. Fixed bug #67224 (Fall back to crypto_type from context if not specified
explicitly in stream_socket_enable_crypto). (Chris Wright)
. Fixed bug #65698 (certificates validity parsing does not work past 2050).
(Paul Oehler)
. Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).
(Paul Oehler)
. Peer certificates now verified by default in client socket operations
(RFC: https://wiki.php.net/rfc/tls-peer-verification). (Daniel Lowrey)
. New openssl.cafile and openssl.capath ini directives. (Daniel Lowrey)
. Added crypto_method option for the ssl stream context. (Martin Jansen)
. Added certificate fingerprint support. (Tjerk Meesters)
. Added explicit TLSv1.1 and TLSv1.2 stream transports. (Daniel Lowrey)
. Fixed bug #65729 (CN_match gives false positive). (Tjerk Meesters)
. Peer name verification matches SAN DNS names for certs using
the Subject Alternative Name x509 extension. (Daniel Lowrey)
. Fixed segfault when built against OpenSSL>=1.0.1 (Daniel Lowrey)
. Added SPKAC support. (Jason Gerfen)
. Fallback to Windows CA cert store for peer verification if no openssl.cafile
ini directive or "cafile" SSL context option specified in Windows.
(Chris Wright)
. The openssl.cafile and openssl.capath ini directives introduced in alpha2
now have PHP_INI_PERDIR accessibility (was PHP_INI_ALL). (Daniel Lowrey)
. New "peer_name" SSL context option replaces "CN_match" (which still works
as before but triggers E_DEPRECATED). (Daniel Lowrey)
. Fixed segfault when accessing non-existent context for client SNI use
(Daniel Lowrey)
. Fixed bug #66501 (Add EC key support to php_openssl_is_private_key).
(Mark Zedwood)
. Fixed Bug #47030 (add new boolean "verify_peer_name" SSL context option
allowing clients to verify cert names separately from the cert itself).
"verify_peer_name" is enabled by default for client streams.
(Daniel Lowrey)
. Fixed Bug #65538 ("cafile" SSL context option now supports stream
wrappers). (Daniel Lowrey)
. New openssl_get_cert_locations() function to aid CA file and peer
verification debugging. (Daniel Lowrey)
. Encrypted stream wrappers now disable TLS compression by default.
(Daniel Lowrey)
. New "capture_session_meta" SSL context option allows encrypted client and
server streams access to negotiated protocol/cipher information.
(Daniel Lowrey)
. New "honor_cipher_order" SSL context option allows servers to prioritize
cipher suites of their choosing when negotiating SSL/TLS handshakes.
(Daniel Lowrey)
. New "single_ecdh_use" and "single_dh_use" SSL context options allow for
improved forward secrecy in encrypted stream servers. (Daniel Lowrey)
. New "dh_param" SSL context option allows stream servers control over
the parameters when negotiating DHE cipher suites. (Daniel Lowrey)
. New "ecdh_curve" SSL context option allowing stream servers to specify
the curve to use when negotiating ephemeral ECDHE ciphers (defaults to
NIST P-256). (Daniel Lowrey)
. New "rsa_key_size" SSL context option gives stream servers control
over the key size (in bits) used for RSA key agreements. (Daniel Lowrey)
. Crypto methods for encrypted client and server streams now use
bitwise flags for fine-grained protocol support. (Daniel Lowrey)
. Added new tlsv1.0 stream wrapper to specify TLSv1 client/server method.
tls wrapper now negotiates TLSv1, TLSv1.1 or TLSv1.2. (Daniel Lowrey)
. Encrypted client streams now enable SNI by default. (Daniel Lowrey)
. Encrypted streams now prioritize ephemeral key agreement and high strength
ciphers by default. (Daniel Lowrey)
. New OPENSSL_DEFAULT_STREAM_CIPHERS constant exposes default cipher
list. (Daniel Lowrey)
. New STREAM_CRYPTO_METHOD_* constants for enhanced control over the crypto
methods negotiated encrypted server/client sessions. (Daniel Lowrey)
. Encrypted stream servers now automatically mitigate potential DoS vector
arising from client-initiated TLS renegotiation. New "reneg_limit",
"reneg_window" and "reneg_limit_callback" SSL context options for custom
renegotiation limiting control. (Daniel Lowrey)
. Fixed memory leak in windows cert verification on verify failure.
(Chris Wright)
. Peer certificate capturing via SSL context options now functions even if
peer verification fails. (Daniel Lowrey)
. Encrypted TLS servers now support the server name indication TLS extension
via the new "SNI_server_certs" SSL context option. (Daniel Lowrey)
. Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)
. Fixed bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
. Fixed bug #66952 (memory leak in openssl_open()). (Chuan Ma)
. Fixed bug #66840 (Fix broken build when extension built separately).
(Daniel Lowrey)
- OPcache:
. Added an optimization of class constants and constant calls to some
internal functions (Laruence, Dmitry)
. Added an optimization pass to convert FCALL_BY_NAME into DO_FCALL.
(Laruence, Dmitry)
. Added an optimization pass to merged identical constants (and related
cache_slots) in op_array->literals table. (Laruence, Dmitry)
. Added script level constant replacement optimization pass. (Dmitry)
. Added function opcache_is_script_cached(). (Danack)
. Added information about interned strings usage. (Terry, Julien, Dmitry)
. Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault
happen) (Dmitry, Laruence)
- PCRE:
. Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch
from the upstream). (Anatol)
. Upgraded to PCRE 8.34. (Anatol)
. Added support for (*MARK) backtracking verbs. (Nikita)
- pgsql:
. Fixed bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756),
which affected builds against libpq < 7.3. (Adam)
. pg_insert()/pg_select()/pg_update()/pg_delete() are no longer EXPERIMENTAL.
(Yasuo)
. Impremented FR #25854 Return value for pg_insert should be resource instead of
bool.
(Yasuo)
. Implemented FR #41146 - Add "description" with exteneded flag pg_meta_data().
pg_meta_data(resource $conn, string $table [, bool extended])
It also made pg_meta_data() return "is enum" always.
(Yasuo)
. Read-only access to the socket stream underlying database connections is
exposed via a new pg_socket() function to allow read/write polling when
establishing asynchronous connections and executing queries in non-blocking
applications. (Daniel Lowrey)
. Asynchronous connections are now possible using the PGSQL_CONNECT_ASYNC
flag in conjunction with a new pg_connect_poll() function and connection
polling status constants. (Daniel Lowrey)
. New pg_flush() and pg_consume_input() functions added to manually complete
non-blocking reads/writes to underlying connection sockets. (Daniel Lowrey)
. pg_version() returns full report which obtained by PQparameterStatus().
(Yasuo)
. Added pg_lo_truncate(). (Yasuo)
. Added 64bit large object support for PostgreSQL 9.3 and later. (Yasuo)
. Fixed bug #67555 (Cannot build against libpq 7.3). (Adam)
- phpdbg
. Fixed bug #67575 (Compilation fails for phpdbg when the
build directory != src directory). (Andy Thompson)
. Fixed Bug #67499 (readline feature not enabled when build with libedit). (Remi)
. Fix issue krakjoe/phpdbg#94 (List behavior is inconsistent). (Bob)
. Fix issue krakjoe/phpdbg#97 (The prompt should always ensure it is on a
newline). (Bob)
. Fix issue krakjoe/phpdbg#98 (break if does not seem to work). (Bob)
. Fix issue krakjoe/phpdbg#99 (register function has the same behavior as
run). (Bob)
. Fix issue krakjoe/phpdbg#100 (No way to list the current stack/frames)
(Help entry was missing). (Bob)
. Fixed bug which caused phpdbg to fail immediately on startup in non-debug
builds. (Bob)
. Fixed bug #67212 (phpdbg uses non-standard TIOCGWINSZ). (Ferenc)
. Included phpdbg sapi (RFC: https://wiki.php.net/rfc/phpdbg).
(Felipe Pena, Joe Watkins and Bob Weinand)
. Added watchpoints (watch command). (Bob)
. Renamed some commands (next => continue and how to step). (Joe)
. Fixed issue #85 (https://github.com/krakjoe/phpdbg/issues/85)
(Added stdin/stdout/stderr constants and their php:// wrappers). (Bob)
- PDO:
. Fixed bug #66604 ('pdo/php_pdo_error.h' not copied to the include dir).
(Matteo)
- PDO-ODBC:
. Fixed bug #50444 (PDO-ODBC changes for 64-bit).
- PDO_pgsql:
. Fixed Bug #42614 (PDO_pgsql: add pg_get_notify support). (Matteo)
. Fixed Bug #63657 (pgsqlCopyFromFile, pgsqlCopyToArray use Postgres < 7.3
syntax). (Matteo)
. Cleaned up code by increasing the requirements to libpq versions providing
PQexecParams, PQprepare, PQescapeStringConn, PQescapeByteaConn. According
to the release notes that means 8.0.8+ or 8.1.4+. (Matteo)
. Deprecated PDO::PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT, an
undocument constant effectively equivalent to PDO::ATTR_EMULATE_PREPARES.
(Matteo)
. Added PDO::PGSQL_ATTR_DISABLE_PREPARES constant to execute the queries
without preparing them, while still passing parameters separately from
the command text using PQexecParams. (Matteo)
- PDO_firebird:
. Fixed Bug #66071 (memory corruption in error handling) (Popa)
- Phar:
. Fixed bug #64498 ($phar->buildFromDirectory can't compress file with an accent
in its name). (PR #588)
. Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske)
- readline:
. Fixed bug #55496 (Interactive mode doesn't force a newline before the
prompt). (Bob, Johannes)
. Fixed bug #67496 (Save command history when exiting interactive shell
with control-c). (Dmitry Saprykin, Johannes)
- Reflection:
. Implemented FR #67713 (loosen the restrictions on
ReflectionClass::newInstanceWithoutConstructor()). (Ferenc)
- Session:
. Fixed bug #67694 (Regression in session_regenerate_id()). (Tjerk)
. Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).
. Fixed bug #66827 (Session raises E_NOTICE when session name variable is array).
(Yasuo)
. Fixed Bug #65315 (session.hash_function silently fallback to default md5)
(Yasuo)
. Implemented Request #17860 (Session write short circuit). (Yasuo)
. Implemented Request #20421 (session_abort() and session_reset() function).
(Yasuo)
. Remove session_gc() and session_serializer_name() wich were introduced in the
first 5.6.0 alpha.
- SimpleXML:
. Fixed bug #66084 (simplexml_load_string() mangles empty node name)
(Anatol)
- SQLite:
. Updated the bundled libsqlite to the version 3.8.3.1 (Anatol)
. Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3). (Anatol)
- SOAP:
. Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski)
- SPL:
. Revert fix for bug #67064 (BC issues). (Bob)
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during
sorting). (CVE-2014-4698) (research at insighti dot org, Laruence)
. Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence)
. Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type
Confusion) (CVE-2014-3515). (Stefan Esser)
. Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence)
. Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)
. Fixed request #67453 (Allow to unserialize empty data). (Remi)
. Added feature #65545 (SplFileObject::fread()) (Tjerk)
. Fixed bug #66834 (empty() does not work on classes that extend ArrayObject)
(Tjerk)
. Fixed bug #66702 (RegexIterator::INVERT_MATCH does not invert). (Joshua
Thijssen)
- Standard:
. Implemented FR #65634 (HTTP wrapper is very slow with protocol_version
1.1). (Adam)
. Implemented Change crypt() behavior w/o salt RFC. (Yasuo)
https://wiki.php.net/rfc/crypt_function_salt
. Implemented request #49824 (Change array_fill() to allow creating empty
array). (Nikita)
- Streams:
. Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam)
- Tokenizer:
. Fixed bug #67395 (token_name() does not return name for T_POW and T_POW_EQUAL
token). (Ferenc)
- XMLReader:
. Fixed bug #55285 (XMLReader::getAttribute/No/Ns methods inconsistency).
(Mike)
- XSL:
. Fixed bug #53965 (<xsl:include> cannot find files with relative paths
when loaded with "file://"). (Anatol)
- Zip:
. update libzip to version 1.11.2.
PHP don't use any ilibzip private symbol anymore. (Pierre, Remi)
. new method ZipArchive::setPassword($password). (Pierre)
. add --with-libzip option to build with system libzip. (Remi)
. new methods:
ZipArchive::setExternalAttributesName($name, $opsys, $attr [, $flags])
ZipArchive::setExternalAttributesIndex($idx, $opsys, $attr [, $flags])
ZipArchive::getExternalAttributesName($name, &$opsys, &$attr [, $flags])
ZipArchive::getExternalAttributesIndex($idx, &$opsys, &$attr [, $flags])
- Zlib:
. Fixed bug #67865 (internal corruption phar error). Mike
. Fixed bug #67724 (chained zlib filters silently fail with large amounts of
data). (Mike)
- COM:
. Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas).
- Fileinfo:
. Fixed bug #67705 (extensive backtracking in rule regular expression).
(CVE-2014-3538) (Remi)
. Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi)
- FPM:
. Fixed bug #67635 (php links to systemd libraries without using pkg-config).
(pacho at gentoo dot org, Remi)
- GD:
. Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference).
(CVE-2014-2497) (Remi)
. Fixed bug #67730 (Null byte injection possible with imagexxx functions).
(CVE-2014-5120) (Ryan Mauger)
- Milter:
. Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike)
- Network:
. Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi)
- OpenSSL:
. Fixed missing type checks in OpenSSL options. (Yussuf Khalil, Stas)
- readline:
. Fixed bug #55496 (Interactive mode doesn't force a newline before the
prompt). (Bob, Johannes)
. Fixed bug #67496 (Save command history when exiting interactive shell
with control-c). (Dmitry Saprykin, Johannes)
- Sessions:
. Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).
- Core:
. Fixed bug #67693 (incorrect push to the empty array) (Tjerk)
- ODBC:
. Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte
char fields). (Keyur)
- Core:
. Fixed bug #67428 (header('Location: foo') will override a 308-399 response
code). (Adam)
. Fixed bug #67436 (Autoloader isn't called if two method definitions don't
match). (Bob)
. Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0).
(Ferenc)
. Fixed bug #67497 (eval with parse error causes segmentation fault in
generator). (Nikita)
. Fixed bug #67151 (strtr with empty array crashes). (Nikita)
. Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server
2012). (Christian Wenz)
. Fixed bug #66608 (Incorrect behavior with nested "finally" blocks).
(Laruence, Dmitry)
. Implemented FR #34407 (ucwords and Title Case). (Tjerk)
- CLI server:
. Implemented FR #67429 (CLI server is missing some new HTTP response codes).
(Adam)
. Fixed bug #66830 (Empty header causes PHP built-in web server to hang).
(Adam)
. Fixed bug #67594 (Unable to access to apache_request_headers() elements).
(Tjerk)
- FPM:
. Fixed bug #67530 (error_log=syslog ignored). (Remi)
. Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi)
- Intl:
. Fixed bug #66921 (Wrong argument type hint for function
intltz_from_date_time_zone). (Stas)
. Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting).
(Stas)
- OPCache:
. Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault
happen) (Dmitry, Laruence)
- pgsql:
. Fixed bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756),
which affected builds against libpq < 7.3. (Adam)
- Phar:
. Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske)
- SPL:
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during
sorting). (CVE-2014-4698) (research at insighti dot org, Laruence)
. Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence)
- Streams:
. Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam)
- Session:
. Fixed bug #66827 (Session raises E_NOTICE when session name variable is array).
(Yasuo)
- Core:
. Fixed BC break introduced by patch for bug #67072. (Anatol, Stas)
. Fixed bug #66622 (Closures do not correctly capture the late bound class
(static::) in some cases). (Levi Morrison)
. Fixed bug #67390 (insecure temporary file use in the configure script).
(Remi) (CVE-2014-3981)
. Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas)
- CLI server:
. Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi)
- Date:
. Fixed bug #67308 (Serialize of DateTime truncates fractions of second).
(Adam)
. Fixed regression in fix for bug #67118 (constructor can't be called twice).
(Remi)
- Fileinfo:
. Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check).
. Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal
string size). (Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary
check). (Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check).
(Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary
check). (Francisco Alonso, Jan Kaluza, Remi)
- Network:
. Fixed bug #67432 (Fix potential segfault in dns_get_record()).
(CVE-2014-4049). (Sara)
- OPCache:
. Fixed issue #183 (TMP_VAR is not only used once). (Dmitry, Laruence)
- OpenSSL:
. Fixed bug #65698 (certificates validity parsing does not work past 2050).
(Paul Oehler)
. Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).
(Paul Oehler)
- PDO-ODBC:
. Fixed bug #50444 (PDO-ODBC changes for 64-bit).
- SOAP:
. Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski)
- SPL:
. Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)
. Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence)
. Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam)
. Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type
Confusion). (CVE-2014-3515) (Stefan Esser)
- CLI server:
. Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol)
- COM:
. Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)
- Core:
. Fixed bug #65701 (copy() doesn't work when destination filename is created
by tempnam()). (Boro Sitnikovski)
. Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
. Fixed bug #67245 (usage of memcpy() with overlapping src and dst in
zend_exceptions.c). (Bob)
. Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
. Fixed bug #67249 (printf out-of-bounds read). (Stas)
. Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
. Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
- Curl:
. Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike)
- Date:
. Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
. Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
. Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
- DOM:
. Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
not only the subset). (Anatol)
- Fileinfo:
. Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
. Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-
0238).
. Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
performance degradation) (CVE-2014-0237).
- FPM:
. Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
(Julio Pintos)
- GD:
. Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)
- PCRE:
. Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch
from the upstream). (Anatol)
- Phar:
. Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
in its name). (PR #588)
- cURL:
. Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
(Freek Lijten)
- Date:
. Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is
supplied). (Boro Sitnikovski)
- Embed:
. Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol).
- Fileinfo:
. Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
(Remi)
- FPM:
. Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
. Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure
default configuration) (CVE-2014-0185). (Stas)
- JSON:
. Fixed bug #66021 (Blank line inside empty array/object when
JSON_PRETTY_PRINT is set). (Kevin Israel)
- LDAP:
. Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
- mysqli:
. Fixed problem in mysqli_commit()/mysqli_rollback() with second parameter
(extra comma) and third parameters (lack of escaping). (Andrey)
- OpenSSL:
. Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
. Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)
- SimpleXML:
. Fixed bug #66084 (simplexml_load_string() mangles empty node name)
(Anatol)
- SQLite:
. Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3). (Anatol)
- XSL:
. Fixed bug #53965 (<xsl:include> cannot find files with relative paths
when loaded with "file://"). (Anatol)
- Core:
. Allow zero length comparison in substr_compare() (Tjerk)
. Fixed bug #60602 (proc_open() changes environment array) (Tjerk)
- SPL:
. Added feature #65545 (SplFileObject::fread()) (Tjerk)
. Fixed bug #66702 (RegexIterator::INVERT_MATCH does not invert). (Joshua
Thijssen)
- cURL:
. Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour)
(Tjerk)
. Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive.
(Adam)
- Fileinfo:
. Fixed bug #66946i (fileinfo: extensive backtracking in awk rule regular
expression). (CVE-2013-7345) (Remi)
- FPM:
. Added clear_env configuration directive to disable clearenv() call.
(Github PR# 598, Paul Annesley)
- GD:
. Fixed bug #66714 (imageconvolution breakage). (Brad Daily)
. Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget) (Pierre)
. Fixed bug #66887 (imagescale - poor quality of scaled image). (Remi)
. Fixed bug #66890 (imagescale segfault). (Remi)
. Fixed bug #66893 (imagescale ignore method argument). (Remi)
- Hash:
. hash_pbkdf2() now works correctly if the $length argument is not specified.
(Nikita)
- Intl:
. Fixed bug #66873 (A reproductible crash in UConverter when given invalid
encoding) (Stas)
- Mail:
. Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)
- MySQLi:
. Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)
(Remi)
- OPCache
. Added function opcache_is_script_cached(). (Danack)
. Added information about interned strings usage. (Terry, Julien, Dmitry)
- Openssl:
. Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)
- GMP
. Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre)
- SQLite:
. Updated bundled libsqlite to 3.8.3.1 (Anatol)
- Core:
. Fixed Request #66574i (Allow multiple paths in php_ini_scanned_path). (Remi)
- Date:
. Fixed bug #45528 (Allow the DateTimeZone constructor to accept timezones
per offset too). (Derick)
- Fileinfo:
. Bug #66731 (file: infinite recursion) (CVE-2014-1943). (Remi)
. Fixed bug #66820 (out-of-bounds memory access in fileinfo)
(CVE-2014-2270). (Remi)
- GD
. Fixed Bug #66815 (imagecrop(): insufficient fix for NULL defer
CVE-2013-7327). (Tomas Hoger, Remi)
- JSON:
. Fixed bug #65753 (JsonSerializeable couldn't implement on module extension)
(chobieeee@php.net)
- LDAP:
. Implemented ldap_modify_batch (https://wiki.php.net/rfc/ldap_modify_batch).
(Ondřej Hošek)
- Openssl:
. Fixed bug #66501 (Add EC key support to php_openssl_is_private_key).
(Mark Zedwood)
- PCRE:
. Upgraded to PCRE 8.34. (Anatol)
- Pgsql:
. Added warning for dangerous client encoding and remove possible injections
for pg_insert()/pg_update()/pg_delete()/pg_select(). (Yasuo)
- Core:
. Fixed bug #66509 (copy() arginfo has changed starting from 5.4). (willfitch)
- GD:
. Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop()).
(Laruence, Remi)
- OPCache:
. Fixed bug #66474 (Optimizer bug in constant string to boolean conversion).
(Dmitry)
. Fixed bug #66461 (PHP crashes if opcache.interned_strings_buffer=0).
(Dmitry)
. Fixed bug #66298 (ext/opcache/Optimizer/zend_optimizer.c has dos-style
^M as lineend). (Laruence)
- PDO_pgsql:
. Fixed bug #62479 (PDO-psql cannot connect if password contains
spaces) (willfitch, iliaa)
- Readline
. Fixed Bug #66412 (readline_clear_history() with libedit causes segfault after
#65714). (Remi)
- Session
. Fixed bug #66469 (Session module is sending multiple set-cookie headers when
session.use_strict_mode=1) (Yasuo)
. Fixed bug #66481 (Segfaults on session_name()).
(cmcdermottroe at engineyard dot com, Yasuo)
- Standard
. Fixed bug #66395 (basename function doesn't remove drive letter). (Anatol)
- Sockets:
. Fixed bug #66381 (__ss_family was changed on AIX 5.3). (Felipe)
- Zend Engine
. Fixed bug #66009 (Failed compilation of PHP extension with C++ std
library using VS 2012). (Anatol)
- Core:
. Disallowed JMP into a finally block. (Laruence)
. Added validation of class names in the autoload process. (Dmitry)
. Fixed invalid C code in zend_strtod.c. (Lior Kaplan)
. Fixed ZEND_MM_MEM_TYPE=mmap_zero. (Dmitry, Tony)
. Fixed bug #66041 (list() fails to unpack yielded ArrayAccess object).
(Nikita)
. Fixed bug #65764 (generators/throw_rethrow FAIL with
ZEND_COMPILE_EXTENDED_INFO). (Nikita)
. Fixed bug #61645 (fopen and O_NONBLOCK). (Mike)
. Fixed bug #66218 (zend_register_functions breaks reflection). (Remi)
- Date:
. Fixed bug #66060 (Heap buffer over-read in DateInterval) (CVE-2013-6712).
(Remi)
. Fixed bug #65768 (DateTimeImmutable::diff does not work). (Nikita Nefedov)
- DOM:
. Fixed bug #65196 (Passing DOMDocumentFragment to DOMDocument::saveHTML()
Produces invalid Markup). (Mike)
- Exif:
. Fixed bug #65873 (Integer overflow in exif_read_data()). (Stas)
- Filter:
. Fixed bug #66229 (128.0.0.0/16 isn't reserved any longer). (Adam)
- GD:
. Fixed bug #64405 (Use freetype-config for determining freetype2 dir(s)).
(Adam)
- PDO_odbc:
. Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries).
(michael at orlitzky dot com)
- MySQLi:
. Fixed bug #65486 (mysqli_poll() is broken on win x64). (Anatol)
- OPCache:
. Fixed revalidate_path=1 behavior to avoid caching of symlinks values.
(Dmitry)
. Fixed Issue #140: "opcache.enable_file_override" doesn't respect
"opcache.revalidate_freq". (Dmitry).
- SNMP:
. Fixed SNMP_ERR_TOOBIG handling for bulk walk operations. (Boris Lytochkin)
- SOAP
. Fixed bug #66112 (Use after free condition in SOAP extension).
(martin dot koegler at brz dot gv dot at)
- Sockets:
. Fixed bug #65923 (ext/socket assumes AI_V4MAPPED is defined). (Felipe)
- XSL
. Fixed bug #49634 (Segfault throwing an exception in a XSL registered
function). (Mike)
- ZIP:
. Fixed Bug #66321 (ZipArchive::open() ze_obj->filename_len not real). (Remi)
- CLI server:
. Added some MIME types to the CLI web server (Chris Jones)
. Implemented FR #65917 (getallheaders() is not supported by the built-in web
server) - also implements apache_response_headers() (Andrea Faulds)
- Core:
. Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a
string). (Laruence)
. Fixed bug #65969 (Chain assignment with T_LIST failure). (Dmitry)
- OPCache
. Fixed bug #66176 (Invalid constant substitution). (Dmitry)
. Fixed bug #65915 (Inconsistent results with require return value). (Dmitry)
. Fixed bug #65559 (Opcache: cache not cleared if changes occur while
running). (Dmitry)
- readline
. Fixed Bug #65714 (PHP cli forces the tty to cooked mode). (Remi)
- Openssl:
. Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420).
(Stefan Esser).
- Core:
. Fixed bug #65947 (basename is no more working after fgetcsv in certain
situation). (Laruence)
. Improved performance of array_merge() and func_get_args() by eliminating
useless copying. (Dmitry)
. Fixed bug #65939 (Space before ";" breaks php.ini parsing).
(brainstorm at nopcode dot org)
. Fixed bug #65911 (scope resolution operator - strange behavior with $this).
(Bob Weinand)
. Fixed bug #65936 (dangling context pointer causes crash). (Tony)
- FPM:
. Changed default listen() backlog to 65535. (Tony)
- JSON
. Fixed whitespace part of bug #64874 ("json_decode handles whitespace and
case-sensitivity incorrectly"). (Andrea Faulds)
- MySQLi:
. Fixed bug #66043 (Segfault calling bind_param() on mysqli). (Laruence)
- OPcache
. Increased limit for opcache.max_accelerated_files to 1,000,000. (Chris)
. Fixed issue #115 (path issue when using phar). (Dmitry)
. Fixed issue #149 (Phar mount points not working with OPcache enabled).
(Dmitry)
- ODBC
. Fixed bug #65950 (Field name truncation if the field name is bigger than
32 characters). (patch submitted by: michael dot y at zend dot com, Yasuo)
- PDO:
. Fixed bug #66033 (Segmentation Fault when constructor of PDO statement
throws an exception). (Laruence)
. Fixed bug 65946 (sql_parser permanently converts values bound to strings)
- Standard:
. Fixed bug #64760 (var_export() does not use full precision for floating-point
numbers) (Yasuo)
- Core:
. Fixed bug #64979 (Wrong behavior of static variables in closure generators).
(Nikita)
. Fixed bug #65322 (compile time errors won't trigger auto loading). (Nikita)
. Fixed bug #65821 (By-ref foreach on property access of string offset
segfaults). (Nikita)
- CLI server:
. Fixed bug #65633 (built-in server treat some http headers as
case-sensitive). (Adam)
. Fixed bug #65818 (Segfault with built-in webserver and chunked transfer
encoding). (Felipe)
. Added application/pdf to PHP CLI Web Server mime types (Chris Jones)
- Datetime:
. Fixed bug #64157 (DateTime::createFromFormat() reports confusing error
message). (Boro Sitnikovski)
. Fixed bug #65502 (DateTimeImmutable::createFromFormat returns DateTime).
(Boro Sitnikovski)
. Fixed bug #65548 (Comparison for DateTimeImmutable doesn't work).
(Boro Sitnikovski)
- DBA extension:
. Fixed bug #65708 (dba functions cast $key param to string in-place,
bypassing copy on write). (Adam)
- Filter:
. Add RFC 6598 IPs to reserved addresses. (Sebastian Nohn)
. Fixed bug #64441 (FILTER_VALIDATE_URL rejects fully qualified domain names).
(Syra)
- FTP:
. Fixed bug #65667 (ftp_nb_continue produces segfault). (Philip Hofstetter)
- GD
. Ensure that the defined interpolation method is used with the generic
scaling methods. (Pierre)
- IMAP:
. Fixed bug #65721 (configure script broken in 5.5.4 and 5.4.20 when enabling
imap). (ryotakatsuki at gmail dot com)
- OPcache:
. Added support for GNU Hurd. (Svante Signell)
. Added function opcache_compile_file() to load PHP scripts into cache
without execution. (Julien)
. Fixed bug #65845 (Error when Zend Opcache Optimizer is fully enabled).
(Dmitry)
. Fixed bug #65665 (Exception not properly caught when opcache enabled).
(Laruence)
. Fixed bug #65510 (5.5.2 crashes in _get_zval_ptr_ptr_var). (Dmitry)
. Fixed issue #135 (segfault in interned strings if initial memory is too
low). (Julien)
- Sockets:
. Fixed bug #65808 (the socket_connect() won't work with IPv6 address).
(Mike)
- SPL:
. Fix bug #64782 (SplFileObject constructor make $context optional / give it
a default value). (Nikita)
- Standard:
. Fixed bug #61548 (content-type must appear at the end of headers for 201
Location to work in http). (Mike)
- XMLReader:
. Fixed bug #51936 (Crash with clone XMLReader). (Mike)
. Fixed bug #64230 (XMLReader does not suppress errors). (Mike)
- Build system:
. Fixed bug #51076 (race condition in shtool's mkdir -p implementation).
(Mike, Raphael Geissert)
. Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing
gzencode())). (Mike)
- Core:
. Fixed bug #60598 (cli/apache sapi segfault on objects manipulation).
(Laruence)
. Improved fputcsv() to allow specifying escape character.
. Fixed bug #65490 (Duplicate calls to get lineno & filename for
DTRACE_FUNCTION_*). (Chris Jones)
. Fixed bug #65483 (quoted-printable encode stream filter incorrectly encoding
spaces). (Michael M Slusarz)
. Fixed bug #65481 (shutdown segfault due to serialize) (Mike)
. Fixed bug #65470 (Segmentation fault in zend_error() with
--enable-dtrace). (Chris Jones, Kris Van Hees)
. Fixed bug #65225 (PHP_BINARY incorrectly set). (Patrick Allaert)
. Fixed bug #62692 (PHP fails to build with DTrace). (Chris Jones, Kris Van Hees)
. Fixed bug #61759 (class_alias() should accept classes with leading
backslashes). (Julien)
. Fixed bug #46311 (Pointer aliasing issue results in miscompile on gcc4.4).
(Nikita Popov)
- cURL:
. Fixed bug #65458 (curl memory leak). (Adam)
- Datetime:
. Fixed bug #65554 (createFromFormat broken when weekday name is followed
by some delimiters). (Valentin Logvinskiy, Stas).
. Fixed bug #65564 (stack-buffer-overflow in DateTimeZone stuff caught
by AddressSanitizer). (Remi).
- OPCache:
. Fixed bug #65561 (Zend Opcache on Solaris 11 x86 needs ZEND_MM_ALIGNMENT=4).
(Terry Ellison)
- Openssl:
. Fixed bug #64802 (openssl_x509_parse fails to parse subject properly in
some cases). (Mark Jones)
- PDO:
. Fixed bug #64953 (Postgres prepared statement positional parameter
casting). (Mike)
- Session:
. Fixed bug #65475 (Session ID is not initialized properly when strict session
is enabled). (Yasuo)
. Fixed bug #51127/#65359 Request #25630/#43980/#54383 (Added php_serialize
session serialize handler that uses plain serialize()). (Yasuo)
- Standard:
. Fix issue with return types of password API helper functions. Found via
static analysis by cjones. (Anthony Ferrara)
- Zlib:
. Fixed bug #65391 (Unable to send vary header user-agent when
ob_start('ob_gzhandler') is called) (Mike)
- Openssl:
. Fixed UMR in fix for CVE-2013-4248.
- Core:
. Fixed bug #65372 (Segfault in gc_zval_possible_root when return reference
fails). (Laruence)
. Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS constant (previously was
erroneously set to FILTER_SANITIZE_SPECIAL_CHARS value). (Andrey
avp200681 gmail com).
. Fixed bug #65304 (Use of max int in array_sum). (Laruence)
. Fixed bug #65291 (get_defined_constants() causes PHP to crash in a very
limited case). (Arpad)
. Fixed bug #62691 (solaris sed has no -i switch). (Chris Jones)
. Fixed bug #61345 (CGI mode - make install don't work). (Michael Heimpold)
. Fixed bug #61268 (--enable-dtrace leads make to clobber
Zend/zend_dtrace.d) (Chris Jones)
- DOM:
. Added flags option to DOMDocument::schemaValidate() and
DOMDocument::schemaValidateSource(). Added LIBXML_SCHEMA_CREATE flag.
(Chris Wright)
- OPcache:
. Added opcache.restrict_api configuration directive that may limit
usage of OPcache API functions only to particular script(s). (Dmitry)
. Added support for glob symbols in blacklist entries (?, *, **).
(Terry Elison, Dmitry)
. Fixed bug #65338 (Enabling both php_opcache and php_wincache AVs on
shutdown). (Dmitry)
- Openssl:
. Fixed handling null bytes in subjectAltName (CVE-2013-4248).
(Christian Heimes)
- PDO_mysql:
. Fixed bug #65299 (pdo mysql parsing errors). (Johannes)
- Pgsql:
. Fixed bug #62978 (Disallow possible SQL injections with pg_select()/pg_update()
/pg_delete()/pg_insert()). (Yasuo)
- Phar:
. Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for
some specific contents). (Stas)
- Sessions:
. Implemented strict sessions RFC (https://wiki.php.net/rfc/strict_sessions)
which protects against session fixation attacks and session collisions.
(CVE-2011-4718). (Yasuo Ohgaki)
. Fixed possible buffer overflow under Windows. Note: Not a security fix.
(Yasuo)
. Changed session.auto_start to PHP_INI_PERDIR. (Yasuo)
- SOAP:
. Fixed bug #65018 (SoapHeader problems with SoapServer). (Dmitry)
- SPL:
. Fixed bug #65328 (Segfault when getting SplStack object Value). (Laruence)
. Added RecursiveTreeIterator setPostfix and getPostifx methods. (Joshua
Thijssen)
. Fixed bug #61697 (spl_autoload_functions returns lambda functions
incorrectly). (Laruence)
- Streams:
. Fixed bug #65268 (select() implementation uses outdated tick API). (Anatol)
- Pgsql:
. Fixed bug #65336 (pg_escape_literal/identifier() scilently returns false).
(Yasuo)
- Core:
. Fixed bug #65254 (Exception not catchable when exception thrown in autoload
with a namespace). (Laruence)
. Fixed bug #65088 (Generated configure script is malformed on OpenBSD).
(Adam)
. Fixed bug #65108 (is_callable() triggers Fatal Error).
(David Soria Parra, Laruence)
. Fixed bug #65035 (yield / exit segfault). (Nikita)
. Fixed bug #65161 (Generator + autoload + syntax error = segfault). (Nikita)
. hex2bin() raises E_WARNING for invalid hex string. (Yasuo)
. Fixed bug #65226 (chroot() does not get enabled). (Anatol)
- OPcache
. Fixed bug #64827 (Segfault in zval_mark_grey (zend_gc.c)). (Laruence)
. OPcache must be compatible with LiteSpeed SAPI (Dmitry)
- CGI:
. Fixed Bug #65143 (Missing php-cgi man page). (Remi)
- CLI server:
. Fixed bug #65066 (Cli server not responsive when responding with 422 http
status code). (Adam)
- DateTime
. Fixed fug #65184 (strftime() returns insufficient-length string under
multibyte locales). (Anatol)
- GD
. Fixed #65070 (bgcolor does not use the same format as the input image with
imagerotate). (Pierre)
. Fixed Bug #65060 (imagecreatefrom... crashes with user streams). (Remi)
. Fixed Bug #65084 (imagecreatefromjpeg fails with URL). (Remi)
. Fix gdImageCreateFromWebpCtx and use same logic to load WebP image
that other formats. (Remi)
- Intl:
. Add IntlCalendar::setMinimalDaysInFirstWeek()/
intlcal_set_minimal_days_in_first_week().
. Fixed trailing space in name of constant IntlCalendar::FIELD_FIELD_COUNT.
. Fixed bug #62759 (Buggy grapheme_substr() on edge case). (Stas)
. Fixed bug #61860 (Offsets may be wrong for grapheme_stri* functions).
(Stas)
- OCI8:
. Bump PECL package info version check to allow PECL installs with PHP 5.5+
- PDO:
. Allowed PDO_OCI to compile with Oracle Database 12c client libraries.
(Chris Jones)
- Pgsql
. pg_unescape_bytea() raises E_WARNING for invalid inputs. (Yasuo)
- Phar:
. Fixed Bug #65142 (Missing phar man page). (Remi)
- Session:
. Added optional create_sid() argument to session_set_save_handler(),
SessionHandler and new SessionIdInterface. (Leigh, Arpad)
- Sockets:
. Implemented FR #63472 (Setting SO_BINDTODEVICE with socket_set_option).
(Damjan Cvetko)
. Allowed specifying paths in the abstract namespace for the functions
socket_bind(), socket_connect() and socket_sendmsg(). (Gustavo)
. Fixed bug #65260 (sendmsg() ancillary data construction for SCM_RIGHTS is
faulty). (Gustavo)
- SPL:
. Fixed bug #65136 (RecursiveDirectoryIterator segfault). (Laruence)
. Fixed bug #61828 (Memleak when calling Directory(Recursive)Iterator
/Spl(Temp)FileObject ctor twice). (Laruence)
- CGI/FastCGI SAPI:
. Added PHP_FCGI_BACKLOG, overrides the default listen backlog. (Arnaud Le
Blanc)
- Core:
. Added Zend Opcache extension and enable building it by default.
More details here: https://wiki.php.net/rfc/optimizerplus. (Dmitry)
. Added generators and coroutines (https://wiki.php.net/rfc/generators).
(Nikita Popov)
. Added "finally" keyword (https://wiki.php.net/rfc/finally). (Laruence)
. Added simplified password hashing API
(https://wiki.php.net/rfc/password_hash). (Anthony Ferrara)
. Added support for constant array/string dereferencing. (Laruence)
. Added array_column function which returns a column in a multidimensional
array. https://wiki.php.net/rfc/array_column. (Ben Ramsey)
. Added boolval(). (Jille Timmermans)
. Added "Z" option to pack/unpack. (Gustavo)
. Added Generator::throw() method. (Nikita Popov)
. Added Class Name Resolution As Scalar Via "class" Keyword.
(Ralph Schindler, Nikita Popov, Lars)
. Added optional second argument for assert() to specify custom message. Patch
by Lonny Kapelushnik (lonny@lonnylot.com). (Lars)
. Added support for using empty() on the result of function calls and
other expressions (https://wiki.php.net/rfc/empty_isset_exprs).
(Nikita Popov)
. Added support for non-scalar Iterator keys in foreach
(https://wiki.php.net/rfc/foreach-non-scalar-keys). (Nikita Popov)
. Added support for list in foreach (https://wiki.php.net/rfc/foreachlist).
(Laruence)
. Added support for changing the process's title in CLI/CLI-Server SAPIs.
The implementation is more robust that the proctitle PECL module. More
details here: https://wiki.php.net/rfc/cli_process_title. (Keyur)
. Added ARMv7/v8 versions of various Zend arithmetic functions that are
implemented using inline assembler (Ard Biesheuvel)
. Added systemtap support by enabling systemtap compatible dtrace probes on
linux. (David Soria Parra)
. Optimized access to temporary and compiled VM variables. 8% less memory
reads. (Dmitry)
. The VM stacks for passing function arguments and syntaticaly nested calls
were merged into a single stack. The stack size needed for op_array
execution is calculated at compile time and preallocated at once. As result
all the stack push operatins don't require checks for stack overflow
any more. (Dmitry)
. Improve set_exception_handler while doing reset. (Laruence)
. Return previous handler when passing NULL to set_error_handler and
set_exception_handler. (Nikita Popov)
. Remove php_logo_guid(), php_egg_logo_guid(), php_real_logo_guid(),
zend_logo_guid(). (Adnrew Faulds)
. Drop Windows XP and 2003 support. (Pierre)
. Implemented FR #64175 (Added HTTP codes as of RFC 6585). (Jonh Wendell)
. Implemented FR #60738 (Allow 'set_error_handler' to handle NULL).
(Laruence, Nikita Popov)
. Implemented FR #60524 (specify temp dir by php.ini). (ALeX Kazik).
. Implemented FR #46487 (Dereferencing process-handles no longer waits on
those processes). (Jille Timmermans)
. Fixed bug #65051 (count() off by one inside unset()). (Nikita)
. Fixed bug #64988 (Class loading order affects E_STRICT warning). (Laruence)
. Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC). (Laruence)
. Fixed bug #64960 (Segfault in gc_zval_possible_root). (Laruence)
. Fixed bug #64936 (doc comments picked up from previous scanner run). (Stas,
Jonathan Oddy)
. Fixed bug #64934 (Apache2 TS crash with get_browser()). (Anatol)
. Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode,
CVE 2013-2110). (Stas)
. Fixed bug #64853 (Use of no longer available ini directives causes crash
on TS build). (Anatol)
. Fixed bug #64821 (Custom Exceptions crash when internal properties overridden).
(Anatol)
. Fixed bug #64720 (SegFault on zend_deactivate). (Dmitry)
. Fixed bug #64677 (execution operator `` stealing surrounding arguments).
. Fixed bug #64660 (Segfault on memory exhaustion within function definition).
(Stas, reported by Juha Kylmänen)
. Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap:
segfault). (Laruence)
. Fixed bug #64565 (copy doesn't report failure on partial copy). (Remi)
. Fixed bug #64555 (foreach no longer copies keys if they are interned).
(Nikita Popov)
. Fixed bugs #47675 and #64577 (fd leak on Solaris)
. Fixed bug #64544 (Valgrind warnings after using putenv). (Laruence)
. Fixed bug #64515 (Memoryleak when using the same variablename 2times in
function declaration). (Laruence)
. Fixed bug #64503 (Compilation fails with error: conflicting types for
'zendparse'). (Laruence)
. Fixed bug #64239 (Debug backtrace changed behavior since 5.4.10 or 5.4.11).
(Dmitry, Laruence)
. Fixed bug #64523, allow XOR in php.ini. (Dejan Marjanovic, Lars)
. Fixed bug #64354 (Unserialize array of objects whose class can't
be autoloaded fail). (Laruence)
. Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']).
(Anatol)
. Fixed bug #64166 (quoted-printable-encode stream filter incorrectly
discarding whitespace). (Michael M Slusarz)
(Laruence)
. Fixed bug #64142 (dval to lval different behavior on ppc64). (Remi)
. Fixed bug #64135 (Exceptions from set_error_handler are not always
propagated). (Laruence)
. Fixed bug #63980 (object members get trimmed by zero bytes). (Laruence)
. Fixed bug #63874 (Segfault if php_strip_whitespace has heredoc). (Pierrick)
. Fixed bug #63830 (Segfault on undefined function call in nested generator).
(Nikita Popov)
. Fixed bug #63822 (Crash when using closures with ArrayAccess).
(Nikita Popov)
. Fixed bug #61681 (Malformed grammar). (Nikita Popov, Etienne, Laruence)
. Fixed bug #61038 (unpack("a5", "str\0\0") does not work as expected).
(srgoogleguy, Gustavo)
. Fixed bug #61025 (__invoke() visibility not honored). (Laruence)
. Fixed bug #60833 (self, parent, static behave inconsistently
case-sensitive). (Stas, mario at include-once dot org)
. Fixed Bug #52126: timestamp for mail.log (Martin Jansen, Lars)
. Fixed bug #49348 (Uninitialized ++$foo->bar; does not cause a notice).
(Stas)
. Fixed Bug #23955: allow specifying Max-Age attribute in setcookie() (narfbg,
Lars)
. Fixed bug #18556 (Engine uses locale rules to handle class names). (Stas)
. Fix undefined behavior when converting double variables to integers.
The double is now always rounded towards zero, the remainder of its division
by 2^32 or 2^64 (depending on sizeof(long)) is calculated and it's made
signed assuming a two's complement representation. (Gustavo)
. Drop support for bison < 2.4 when building PHP from GIT source.
(Laruence)
- Calendar:
. Fixed bug #64895 (Integer overflow in SndToJewish). (Remi)
. Fixed bug #54254 (cal_from_jd returns month = 6 when there is only one Adar)
(Stas, Eitan Mosenkis)
- CLI server:
. Fixed bug #64128 (buit-in web server is broken on ppc64). (Remi)
- CURL:
. Remove curl stream wrappers. (Pierrick)
. Implemented FR #46439 - added CURLFile for safer file uploads.
(Stas)
. Added support for CURLOPT_FTP_RESPONSE_TIMEOUT, CURLOPT_APPEND,
CURLOPT_DIRLISTONLY, CURLOPT_NEW_DIRECTORY_PERMS, CURLOPT_NEW_FILE_PERMS,
CURLOPT_NETRC_FILE, CURLOPT_PREQUOTE, CURLOPT_KRBLEVEL, CURLOPT_MAXFILESIZE,
CURLOPT_FTP_ACCOUNT, CURLOPT_COOKIELIST, CURLOPT_IGNORE_CONTENT_LENGTH,
CURLOPT_CONNECT_ONLY, CURLOPT_LOCALPORT, CURLOPT_LOCALPORTRANGE,
CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_SSL_SESSIONID_CACHE,
CURLOPT_FTP_SSL_CCC, CURLOPT_HTTP_CONTENT_DECODING,
CURLOPT_HTTP_TRANSFER_DECODING, CURLOPT_PROXY_TRANSFER_MODE,
CURLOPT_ADDRESS_SCOPE, CURLOPT_CRLFILE, CURLOPT_ISSUERCERT,
CURLOPT_USERNAME, CURLOPT_PASSWORD, CURLOPT_PROXYUSERNAME,
CURLOPT_PROXYPASSWORD, CURLOPT_NOPROXY, CURLOPT_SOCKS5_GSSAPI_NEC,
CURLOPT_SOCKS5_GSSAPI_SERVICE, CURLOPT_TFTP_BLKSIZE,
CURLOPT_SSH_KNOWNHOSTS, CURLOPT_FTP_USE_PRET, CURLOPT_MAIL_FROM,
CURLOPT_MAIL_RCPT, CURLOPT_RTSP_CLIENT_CSEQ, CURLOPT_RTSP_SERVER_CSEQ,
CURLOPT_RTSP_SESSION_ID, CURLOPT_RTSP_STREAM_URI, CURLOPT_RTSP_TRANSPORT,
CURLOPT_RTSP_REQUEST, CURLOPT_RESOLVE, CURLOPT_ACCEPT_ENCODING,
CURLOPT_TRANSFER_ENCODING, CURLOPT_DNS_SERVERS and CURLOPT_USE_SSL.
(Pierrick)
. Added new functions curl_escape, curl_multi_setopt, curl_multi_strerror
curl_pause, curl_reset, curl_share_close, curl_share_init,
curl_share_setopt curl_strerror and curl_unescape. (Pierrick)
. Addes new curl options CURLOPT_TELNETOPTIONS, CURLOPT_GSSAPI_DELEGATION,
CURLOPT_ACCEPTTIMEOUT_MS, CURLOPT_SSL_OPTIONS, CURLOPT_TCP_KEEPALIVE,
CURLOPT_TCP_KEEPIDLE and CURLOPT_TCP_KEEPINTVL. (Pierrick)
. Fixed bug #55635 (CURLOPT_BINARYTRANSFER no longer used. The constant
still exists for backward compatibility but is doing nothing). (Pierrick)
. Fixed bug #54995 (Missing CURLINFO_RESPONSE_CODE support). (Pierrick)
- DateTime
. Added DateTimeImmutable - a variant of DateTime that only returns the
modified state instead of changing itself. (Derick)
. Fixed bug #64825 (Invalid free when unserializing DateTimeZone).
(Anatol)
. Fixed bug #64359 (strftime crash with VS2012). (Anatol)
. Fixed bug #62852 (Unserialize Invalid Date causes crash). (Anatol)
. Fixed bug #61642 (modify("+5 weekdays") returns Sunday).
(Dmitri Iouchtchenko)
. Fixed bug #60774 (DateInterval::format("%a") is always zero when an
interval is created using the createFromDateString method) (Lonny
Kapelushnik, Derick)
. Fixed bug #54567 (DateTimeZone serialize/unserialize) (Lonny
Kapelushnik, Derick)
. Fixed bug #53437 (Crash when using unserialized DatePeriod instance).
(Gustavo, Derick, Anatol)
- dba:
. Bug #62489: dba_insert not working as expected.
(marc-bennewitz at arcor dot de, Lars)
- Filter:
. Implemented FR #49180 - added MAC address validation. (Martin)
- Fileinfo:
. Upgraded libmagic to 5.14. (Anatol)
. Fixed bug #64830 (mimetype detection segfaults on mp3 file). (Anatol)
. Fixed bug #63590 (Different results in TS and NTS under Windows).
(Anatoliy)
. Fixed bug #63248 (Load multiple magic files from a directory under Windows).
(Anatoliy)
- FPM:
. Add --with-fpm-systemd option to report health to systemd, and
systemd_interval option to configure this. The service can now use
Type=notify in the systemd unit file. (Remi)
. Ignore QUERY_STRING when sent in SCRIPT_FILENAME. (Remi)
. Log a warning when a syscall fails. (Remi)
. Implemented FR #64764 (add support for FPM init.d script). (Lior Kaplan)
. Fixed Bug #64915 (error_log ignored when daemonize=0). (Remi)
. Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam)
. Fixed some possible memory or resource leaks and possible null dereference
detected by code coverity scan. (Remi)
- GD:
. Fixed Bug #64962 (imagerotate produces corrupted image). (Remi)
. Fixed Bug #64961 (segfault in imagesetinterpolation). (Remi)
. Fix build with system libgd >= 2.1 which is now the minimal
version required (as build with previous version is broken).
No change when bundled libgd is used. (Ondrej Sury, Remi)
- Hash:
. Added support for PBKDF2 via hash_pbkdf2(). (Anthony Ferrara)
. Fixed Bug #64745 (hash_pbkdf2() truncates data when using default length
and hex output). (Anthony Ferrara)
- Intl:
. Added UConverter wrapper.
. The intl extension now requires ICU 4.0+.
. Added intl.use_exceptions INI directive, which controls what happens when
global errors are set together with intl.error_level. (Gustavo)
. MessageFormatter::format() and related functions now accepted named
arguments and mixed numeric/named arguments in ICU 4.8+. (Gustavo)
. MessageFormatter::format() and related functions now don't error out when
an insufficient argument count is provided. Instead, the placeholders will
remain unsubstituted. (Gustavo)
. MessageFormatter::parse() and MessageFormat::format() (and their static
equivalents) don't throw away better than second precision in the arguments.
(Gustavo)
. IntlDateFormatter::__construct and datefmt_create() now accept for the
$timezone argument time zone identifiers, IntlTimeZone objects, DateTimeZone
objects and NULL. (Gustavo)
. IntlDateFormatter::__construct and datefmt_create() no longer accept invalid
timezone identifiers or empty strings. (Gustavo)
. The default time zone used in IntlDateFormatter::__construct and
datefmt_create() (when the corresponding argument is not passed or NULL is
passed) is now the one given by date_default_timezone_get(), not the
default ICU time zone. (Gustavo)
. The time zone passed to the IntlDateFormatter is ignored if it is NULL and
if the calendar passed is an IntlCalendar object -- in this case, the
IntlCalendar's time zone will be used instead. Otherwise, the time zone
specified in the $timezone argument is used instead. This does not affect
old code, as IntlCalendar was introduced in this version. (Gustavo)
. IntlDateFormatter::__construct and datefmt_create() now accept for the
$calendar argument also IntlCalendar objects. (Gustavo)
. IntlDateFormatter::getCalendar() and datefmt_get_calendar() return false
if the IntlDateFormatter was set up with an IntlCalendar instead of the
constants IntlDateFormatter::GREGORIAN/TRADITIONAL. IntlCalendar did not
exist before this version. (Gustavo)
. IntlDateFormatter::setCalendar() and datefmt_set_calendar() now also accept
an IntlCalendar object, in which case its time zone is taken. Passing a
constant is still allowed, and still keeps the time zone. (Gustavo)
. IntlDateFormatter::setTimeZoneID() and datefmt_set_timezone_id() are
deprecated. Use IntlDateFormatter::setTimeZone() or datefmt_set_timezone()
instead. (Gustavo)
. IntlDateFormatter::format() and datefmt_format() now also accept an
IntlCalendar object for formatting. (Gustavo)
. Added the classes: IntlCalendar, IntlGregorianCalendar, IntlTimeZone,
IntlBreakIterator, IntlRuleBasedBreakIterator and
IntlCodePointBreakIterator. (Gustavo)
. Added the functions: intlcal_get_keyword_values_for_locale(),
intlcal_get_now(), intlcal_get_available_locales(), intlcal_get(),
intlcal_get_time(), intlcal_set_time(), intlcal_add(),
intlcal_set_time_zone(), intlcal_after(), intlcal_before(), intlcal_set(),
intlcal_roll(), intlcal_clear(), intlcal_field_difference(),
intlcal_get_actual_maximum(), intlcal_get_actual_minimum(),
intlcal_get_day_of_week_type(), intlcal_get_first_day_of_week(),
intlcal_get_greatest_minimum(), intlcal_get_least_maximum(),
intlcal_get_locale(), intlcal_get_maximum(),
intlcal_get_minimal_days_in_first_week(), intlcal_get_minimum(),
intlcal_get_time_zone(), intlcal_get_type(),
intlcal_get_weekend_transition(), intlcal_in_daylight_time(),
intlcal_is_equivalent_to(), intlcal_is_lenient(), intlcal_is_set(),
intlcal_is_weekend(), intlcal_set_first_day_of_week(),
intlcal_set_lenient(), intlcal_equals(),
intlcal_get_repeated_wall_time_option(),
intlcal_get_skipped_wall_time_option(),
intlcal_set_repeated_wall_time_option(),
intlcal_set_skipped_wall_time_option(), intlcal_from_date_time(),
intlcal_to_date_time(), intlcal_get_error_code(),
intlcal_get_error_message(), intlgregcal_create_instance(),
intlgregcal_set_gregorian_change(), intlgregcal_get_gregorian_change() and
intlgregcal_is_leap_year(). (Gustavo)
. Added the functions: intltz_create_time_zone(), intltz_create_default(),
intltz_get_id(), intltz_get_gmt(), intltz_get_unknown(),
intltz_create_enumeration(), intltz_count_equivalent_ids(),
intltz_create_time_zone_id_enumeration(), intltz_get_canonical_id(),
intltz_get_region(), intltz_get_tz_data_version(),
intltz_get_equivalent_id(), intltz_use_daylight_time(), intltz_get_offset(),
intltz_get_raw_offset(), intltz_has_same_rules(), intltz_get_display_name(),
intltz_get_dst_savings(), intltz_from_date_time_zone(),
intltz_to_date_time_zone(), intltz_get_error_code(),
intltz_get_error_message(). (Gustavo)
. Added the methods: IntlDateFormatter::formatObject(),
IntlDateFormatter::getCalendarObject(), IntlDateFormatter::getTimeZone(),
IntlDateFormatter::setTimeZone(). (Gustavo)
. Added the functions: datefmt_format_object(), datefmt_get_calendar_object(),
datefmt_get_timezone(), datefmt_set_timezone(),
datefmt_get_calendar_object(), intlcal_create_instance(). (Gustavo)
- mbstring:
. Fixed bug #64769 (mbstring PHPTs crash on Windows x64). (Anatol)
- MCrypt
. mcrypt_ecb(), mcrypt_cbc(), mcrypt_cfb() and mcrypt_ofb() now throw
E_DEPRECATED. (GoogleGuy)
- mysql
. This extension is now deprecated, and deprecation warnings will be generated
when connections are established to databases via mysql_connect(),
mysql_pconnect(), or through implicit connection: use MySQLi or PDO_MySQL
instead (https://wiki.php.net/rfc/mysql_deprecation). (Adam)
. Dropped support for LOAD DATA LOCAL INFILE handlers when using libmysql.
Known for stability problems. (Andrey)
. Added support for SHA256 authentication available with MySQL 5.6.6+.
(Andrey)
- mysqli:
. Added mysqli_begin_transaction()/mysqli::begin_transaction(). Implemented
all options, per MySQL 5.6, which can be used with START TRANSACTION, COMMIT
and ROLLBACK through options to mysqli_commit()/mysqli_rollback() and their
respective OO counterparts. They work in libmysql and mysqlnd mode. (Andrey)
. Added mysqli_savepoint(), mysqli_release_savepoint(). (Andrey)
. Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB
pointer has closed). (Laruence)
. Fixed bug #64394 (MYSQL_OPT_CAN_HANDLE_EXPIRED_PASSWORDS undeclared when
using Connector/C). (Andrey)
- mysqlnd
. Add new begin_transaction() call to the connection object. Implemented all
options, per MySQL 5.6, which can be used with START TRANSACTION, COMMIT
and ROLLBACK. (Andrey)
. Added mysqlnd_savepoint(), mysqlnd_release_savepoint(). (Andrey)
. Fixed bug #63530 (mysqlnd_stmt::bind_one_parameter crashes, uses wrong alloc
for stmt->param_bind). (Andrey)
. Fixed return value of mysqli_stmt_affected_rows() in the time after
prepare() and before execute(). (Andrey)
- PCRE:
. Merged PCRE 8.32. (Anatol)
. Deprecated the /e modifier
(https://wiki.php.net/rfc/remove_preg_replace_eval_modifier). (Nikita Popov)
. Fixed bug #63284 (Upgrade PCRE to 8.31). (Anatoliy)
- PDO:
. Fixed bug #63176 (Segmentation fault when instantiate 2 persistent PDO to
the same db server). (Laruence)
- PDO_DBlib:
. Fixed bug #63638 (Cannot connect to SQL Server 2008 with PDO dblib).
(Stanley Sufficool)
. Fixed bug #64338 (pdo_dblib can't connect to Azure SQL). (Stanley
Sufficool)
. Fixed bug #64808 (FreeTDS PDO getColumnMeta on a prepared but not executed
statement crashes). (Stanley Sufficool)
- PDO_pgsql:
. Fixed Bug #64949 (Buffer overflow in _pdo_pgsql_error). (Remi)
- PDO_mysql:
. Fixed bug #48724 (getColumnMeta() doesn't return native_type for BIT,
TINYINT and YEAR). (Antony, Daniel Beardsley)
- pgsql:
. Added pg_escape_literal() and pg_escape_identifier() (Yasuo)
. Bug #46408: Locale number format settings can cause pg_query_params to
break with numerics. (asmecher, Lars)
- Phar:
. Fixed timestamp update on Phar contents modification. (Dmitry)
- Readline:
. Implement FR #55694 (Expose additional readline variable to prevent
default filename completion). (Hartmel)
- Reflection:
. Fixed bug #64007 (There is an ability to create instance of Generator by
hand). (Laruence)
- Sockets:
. Added recvmsg() and sendmsg() wrappers. (Gustavo)
See https://wiki.php.net/rfc/sendrecvmsg
. Fixed bug #64508 (Fails to build with --disable-ipv6). (Gustavo)
. Fixed bug #64287 (sendmsg/recvmsg shutdown handler causes segfault).
(Gustavo)
- SPL:
. Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on
64-bits systems). (Laruence)
. Fixed bug #64264 (SPLFixedArray toArray problem). (Laruence)
. Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS).
(patch by kriss@krizalys.com, Laruence)
. Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended).
(Nikita Popov)
. Fix bug #60560 (SplFixedArray un-/serialize, getSize(), count() return 0,
keys are strings). (Adam)
. Fixed bug #52861 (unset fails with ArrayObject and deep arrays).
(Mike Willbanks)
. Implement FR #48358 (Add SplDoublyLinkedList::add() to insert an element
at a given offset). (Mark Baker, David Soria Parra)
- SNMP:
. Fixed bug #64765 (Some IPv6 addresses get interpreted wrong).
(Boris Lytochkin)
. Fixed bug #64159 (Truncated snmpget). (Boris Lytochkin)
. Fixed bug #64124 (IPv6 malformed). (Boris Lytochkin)
. Fixed bug #61981 (OO API, walk: $suffix_as_key is not working correctly).
(Boris Lytochkin)
- SOAP:
. Added SoapClient constructor option 'ssl_method' to specify ssl method.
(Eric Iversen)
- Streams:
. Fixed bug #64770 (stream_select() fails with pipes returned by proc_open()
on Windows x64). (Anatol)
. Fixed Windows x64 version of stream_socket_pair() and improved error
handling. (Anatol Belski)
- Tokenizer:
. Fixed bug #60097 (token_get_all fails to lex nested heredoc). (Nikita Popov)
- Zip:
. Upgraded libzip to 0.10.1 (Anatoliy)
. Bug #64452 (Zip crash intermittently). (Anatol)
. Fixed bug #64342 (ZipArchive::addFile() has to check for file existence).
(Anatol)
- Calendar:
. Fixed bug #64895 (Integer overflow in SndToJewish). (Remi)
- Fileinfo:
. Fixed bug #64830 (mimetype detection segfaults on mp3 file). (Anatol)
- FPM:
. Ignore QUERY_STRING when sent in SCRIPT_FILENAME. (Remi)
. Fixed some possible memory or resource leaks and possible null dereference
detected by code coverity scan. (Remi)
. Log a warning when a syscall fails. (Remi)
. Add --with-fpm-systemd option to report health to systemd, and
systemd_interval option to configure this. The service can now use
Type=notify in the systemd unit file. (Remi)
- MySQLi
. Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB
pointer has closed). (Laruence)
- Phar
. Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or
with non std tmp dir). (Pierre)
- SNMP:
. Fixed bug #64765 (Some IPv6 addresses get interpreted wrong).
(Boris Lytochkin)
. Fixed bug #64159 (Truncated snmpget). (Boris Lytochkin)
- Streams:
. Fixed bug #64770 (stream_select() fails with pipes returned by proc_open()
on Windows x64). (Anatol)
- Zend Engine:
. Fixed bug #64821 (Custom Exceptions crash when internal properties
overridden). (Anatol)
- Fileinfo:
. Upgraded libmagic to 5.14. (Anatol)
- MySQLi:
. Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB
pointer has closed). (Laruence)
- Zip:
. Fixed bug #64342 (ZipArchive::addFile() has to check for file existence).
(Anatol)
- Streams:
. Fixed Windows x64 version of stream_socket_pair() and improved error
handling. (Anatol Belski)
. Fixed bug #64770 (stream_select() fails with pipes returned by proc_open()
on Windows x64). (Anatol)
- Core:
. Fixed bug #64529 (Ran out of opcode space). (Dmitry)
. Fixed bug #64515 (Memoryleak when using the same variablename two times in
function declaration). (Laruence)
. Fixed bug #64432 (more empty delimiter warning in strX methods). (Laruence)
. Fixed bug #64417 (ArrayAccess::&offsetGet() in a trait causes fatal error).
(Dmitry)
. Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']).
(Anatol)
. Fixed bug #64239 (Debug backtrace changed behavior since 5.4.10 or 5.4.11).
(Dmitry, Laruence)
. Fixed bug #63976 (Parent class incorrectly using child constant in class
property). (Dmitry)
. Fixed bug #63914 (zend_do_fcall_common_helper_SPEC does not handle
exceptions properly). (Jeff Welch)
. Fixed bug #62343 (Show class_alias In get_declared_classes()) (Dmitry)
- PCRE:
. Merged PCRE 8.32. (Anatol)
- SNMP:
. Fixed bug #61981 (OO API, walk: $suffix_as_key is not working correctly).
(Boris Lytochkin)
- Zip:
. Bug #64452 (Zip crash intermittently). (Anatol)
- Core:
. Fixed bug #64354 (Unserialize array of objects whose class can't
be autoloaded fail). (Laruence)
. Fixed bug #64235 (Insteadof not work for class method in 5.4.11).
(Laruence)
. Fixed bug #64197 (_Offsetof() macro used but not defined on ARM/Clang).
(Ard Biesheuvel)
. Implemented FR #64175 (Added HTTP codes as of RFC 6585). (Jonh Wendell)
. Fixed bug #64142 (dval to lval different behavior on ppc64). (Remi)
. Fixed bug #64070 (Inheritance with Traits failed with error). (Dmitry)
- CLI server:
. Fixed bug #64128 (buit-in web server is broken on ppc64). (Remi)
- Mbstring:
. mb_split() can now handle empty matches like preg_split() does. (Moriyoshi)
- mysqlnd
. Fixed bug #63530 (mysqlnd_stmt::bind_one_parameter crashes, uses wrong alloc
for stmt->param_bind). (Andrey)
- OpenSSL:
. New SSL stream context option to prevent CRIME attack vector. (Daniel Lowrey,
Lars)
. Fixed bug #61930 (openssl corrupts ssl key resource when using
openssl_get_publickey()). (Stas)
- PDO_mysql:
. Fixed bug #60840 (undefined symbol: mysqlnd_debug_std_no_trace_funcs).
(Johannes)
- Phar:
. Fixed timestamp update on Phar contents modification. (Dmitry)
- SOAP
. Added check that soap.wsdl_cache_dir conforms to open_basedir
(CVE-2013-1635). (Dmitry)
. Disabled external entities loading (CVE-2013-1643, CVE-2013-1824).
(Dmitry)
- Phar:
. Fixed timestamp update on Phar contents modification. (Dmitry)
- SPL:
. Fixed bug #64264 (SPLFixedArray toArray problem). (Laruence)
. Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS).
(patch by kriss@krizalys.com, Laruence)
. Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended).
(Nikita Popov)
. Fixed bug #52861 (unset fails with ArrayObject and deep arrays).
(Mike Willbanks)
- SNMP:
. Fixed bug #64124 (IPv6 malformed). (Boris Lytochkin)
- Core:
. Fixed bug #64099 (Wrong TSRM usage in zend_Register_class alias). (Johannes)
. Fixed bug #64011 (get_html_translation_table() output incomplete with
HTML_ENTITIES and ISO-8859-1). (Gustavo)
. Fixed bug #63982 (isset() inconsistently produces a fatal error on
protected property). (Stas)
. Fixed bug #63943 (Bad warning text from strpos() on empty needle).
(Laruence)
. Fixed bug #63899 (Use after scope error in zend_compile). (Laruence)
. Fixed bug #63893 (Poor efficiency of strtr() using array with keys of very
different length). (Gustavo)
. Fixed bug #63882 (zend_std_compare_objects crash on recursion). (Dmitry)
. Fixed bug #63462 (Magic methods called twice for unset protected
properties). (Stas)
. Fixed bug #62524 (fopen follows redirects for non-3xx statuses).
(Wes Mason)
. Support BITMAPV5HEADER in getimagesize(). (AsamK, Lars)
- Date:
. Fixed bug #63699 (Performance improvements for various ext/date functions).
(Lars, original patch by njaguar at gmail dot com)
. Fixed bug #55397: Comparsion of incomplete DateTime causes SIGSEGV.
(Derick)
- FPM:
. Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam)
- Litespeed:
. Fixed bug #63228 (-Werror=format-security error in lsapi code).
(Elan Ruusamäe, George)
- ext/sqlite3:
. Fixed bug #63921 (sqlite3::bindvalue and relative PHP functions aren't
using sqlite3_*_int64 API). (srgoogleguy, Lars)
- PDO_OCI
. Fixed bug #57702 (Multi-row BLOB fetches). (hswong3i, Laruence)
. Fixed bug #52958 (Segfault in PDO_OCI on cleanup after running a long
testsuite). (hswong3i, Lars)
- PDO_sqlite:
. Fixed bug #63916 (PDO::PARAM_INT casts to 32bit int internally even
on 64bit builds in pdo_sqlite). (srgoogleguy, Lars)
- Core:
. Fixed bug #63762 (Sigsegv when Exception::$trace is changed by user).
(Johannes)
. Fixed bug #43177 (Errors in eval()'ed code produce status code 500).
(Todd Ruth, Stas).
- Filter:
. Fixed bug #63757 (getenv() produces memory leak with CGI SAPI). (Dmitry)
. Fixed bug #54096 (FILTER_VALIDATE_INT does not accept +0 and -0).
(martin at divbyzero dot net, Lars)
- JSON:
. Fixed bug #63737 (json_decode does not properly decode with options
parameter). (Adam)
- CLI server
. Update list of common mime types. Added webm, ogv, ogg. (Lars,
pascalc at gmail dot com)
- cURL extension:
. Fixed bug (segfault due to libcurl connection caching). (Pierrick)
. Fixed bug #63859 (Memory leak when reusing curl-handle). (Pierrick)
. Fixed bug #63795 (CURL >= 7.28.0 no longer support value 1 for
CURLOPT_SSL_VERIFYHOST). (Pierrick)
. Fixed bug #63352 (Can't enable hostname validation when using curl stream
wrappers). (Pierrick)
. Fixed bug #55438 (Curlwapper is not sending http header randomly).
(phpnet@lostreality.org, Pierrick)
20 Dec 2012, PHP 5.4.10
- Core:
. Fixed bug #63726 (Memleak with static properties and internal/user
classes). (Laruence)
. Fixed bug #63635 (Segfault in gc_collect_cycles). (Dmitry)
. Fixed bug #63512 (parse_ini_file() with INI_SCANNER_RAW removes quotes
from value). (Pierrick)
. Fixed bug #63468 (wrong called method as callback with inheritance).
(Laruence)
. Fixed bug #63451 (config.guess file does not have AIX 7 defined,
shared objects are not created). (kemcline at au1 dot ibm dot com)
. Fixed bug #61557 (Crasher in tt-rss backend.php).
(i dot am dot jack dot mail at gmail dot com)
. Fixed bug #61272 (ob_start callback gets passed empty string).
(Mike, casper at langemeijer dot eu)
- Date:
. Fixed bug #63666 (Poor date() performance). (Paul Taulborg).
. Fixed bug #63435 (Datetime::format('u') sometimes wrong by 1 microsecond).
(Remi)
- Imap:
. Fixed bug #63126 (DISABLE_AUTHENTICATOR ignores array). (Remi)
- Json:
. Fixed bug #63588 (use php_next_utf8_char and remove duplicate
implementation). (Remi)
- MySQLi:
. Fixed bug #63361 (missing header). (Remi)
- MySQLnd:
. Fixed bug #63398 (Segfault when polling closed link). (Laruence)
- Fileinfo:
. Fixed bug #63590 (Different results in TS and NTS under Windows).
(Anatoliy)
- FPM:
. Fixed bug #63581 Possible null dereference and buffer overflow (Remi)
- Pdo_sqlite:
. Fixed Bug #63149 getColumnMeta should return the table name
when system SQLite used. (Remi)
- Reflection:
. Fixed Bug #63614 (Fatal error on Reflection). (Laruence)
- SOAP
. Fixed bug #63271 (SOAP wsdl cache is not enabled after initial requests).
(John Jawed, Dmitry)
- Sockets
. Fixed bug #49341 (Add SO_REUSEPORT support for socket_set_option()).
(Igor Wiedler, Lars)
- SPL
. Fixed bug #63680 (Memleak in splfixedarray with cycle reference). (Laruence)
- Core:
. Fixed bug #63305 (zend_mm_heap corrupted with traits). (Dmitry, Laruence)
. Fixed bug #63369 ((un)serialize() leaves dangling pointers, causes crashes).
(Tony, Andrew Sitnikov)
. Fixed bug #63241 (PHP fails to open Windows deduplicated files).
(daniel dot stelter-gliese at innogames dot de)
. Fixed bug #62444 (Handle leak in is_readable on windows).
(krazyest at seznam dot cz)
- Curl:
. Fixed bug #63363 (Curl silently accepts boolean true for SSL_VERIFYHOST).
Patch by John Jawed GitHub PR #221 (Anthony)
- Fileinfo:
. Fixed bug #63248 (Load multiple magic files from a directory under Windows).
(Anatoliy)
- Libxml
. Fixed bug #63389 (Missing context check on libxml_set_streams_context()
causes memleak). (Laruence)
- Mbstring:
. Fixed bug #63447 (max_input_vars doesn't filter variables when
mbstring.encoding_translation = On). (Laruence)
- OCI8:
. Fixed bug #63265 (Add ORA-00028 to the PHP_OCI_HANDLE_ERROR macro)
(Chris Jones)
- PCRE:
. Fixed bug #63180 (Corruption of hash tables). (Dmitry)
. Fixed bug #63055 (Segfault in zend_gc with SF2 testsuite).
(Dmitry, Laruence)
. Fixed bug #63284 (Upgrade PCRE to 8.31). (Anatoliy)
- PDO:
. Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec).
(Martin Osvald, Remi)
- PDO_pgsql:
. Fixed bug #62593 (Emulate prepares behave strangely with PARAM_BOOL).
(Will Fitch)
- Phar:
. Fixed bug #63297 (Phar fails to write an openssl based signature).
(Anatoliy)
- Streams:
. Fixed bug #63240 (stream_get_line() return contains delimiter string).
(Tjerk, Gustavo)
- Reflection:
. Fixed bug #63399 (ReflectionClass::getTraitAliases() incorrectly resolves
traitnames). (Laruence)
- CLI server:
. Implemented FR #63242 (Default error page in PHP built-in web server uses
outdated html/css). (pascal.chevrel@free.fr)
. Changed response to unknown HTTP method to 501 according to RFC.
(Niklas Lindgren).
. Support HTTP PATCH method. Patch by Niklas Lindgren, GitHub PR #190.
(Lars)
- Core:
. Fixed bug #63219 (Segfault when aliasing trait method when autoloader
throws excpetion). (Laruence)
. Added optional second argument for assert() to specify custom message. Patch
by Lonny Kapelushnik (lonny@lonnylot.com). (Lars)
. Support building PHP with the native client toolchain. (Stuart Langley)
. Added --offline option for tests. (Remi)
. Fixed bug #63162 (parse_url does not match password component). (husman)
. Fixed bug #63111 (is_callable() lies for abstract static method). (Dmitry)
. Fixed bug #63093 (Segfault while load extension failed in zts-build).
(Laruence)
. Fixed bug #62976 (Notice: could not be converted to int when comparing
some builtin classes). (Laruence)
. Fixed bug #62955 (Only one directive is loaded from "Per Directory Values"
Windows registry). (aserbulov at parallels dot com)
. Fixed bug #62907 (Double free when use traits). (Dmitry)
. Fixed bug #61767 (Shutdown functions not called in certain error
situation). (Dmitry)
. Fixed bug #60909 (custom error handler throwing Exception + fatal error
= no shutdown function). (Dmitry)
. Fixed bug #60723 (error_log error time has changed to UTC ignoring default
timezone). (Laruence)
- cURL:
. Fixed bug #62085 (file_get_contents a remote file by Curl wrapper will
cause cpu Soaring). (Pierrick)
- Date:
. Fixed bug #62896 ("DateTime->modify('+0 days')" modifies DateTime object)
(Lonny Kapelushnik)
. Fixed bug #62561 (DateTime add 'P1D' adds 25 hours). (Lonny Kapelushnik)
- DOM:
. Fixed bug #63015 (Incorrect arginfo for DOMErrorHandler). (Rob)
- FPM:
. Fixed bug #62954 (startup problems fpm / php-fpm). (fat)
. Fixed bug #62886 (PHP-FPM may segfault/hang on startup). (fat)
. Fixed bug #63085 (Systemd integration and daemonize). (remi, fat)
. Fixed bug #62947 (Unneccesary warnings on FPM). (fat)
. Fixed bug #62887 (Only /status?plain&full gives "last request cpu"). (fat)
. Fixed bug #62216 (Add PID to php-fpm init.d script). (fat)
- OCI8:
. Fixed bug #60901 (Improve "tail" syntax for AIX installation) (Chris Jones)
- OpenSSL:
. Implemented FR #61421 (OpenSSL signature verification missing RMD160,
SHA224, SHA256, SHA384, SHA512). (Mark Jones)
- PDO:
. Fixed bug #63258 (seg fault with PDO and dblib using DBSETOPT(H->link,
DBQUOTEDIDENT, 1)). (Laruence)
. Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec).
(Martin Osvald, Remi)
- PDO Firebird:
. Fixed bug #63214 (Large PDO Firebird Queries).
(james at kenjim dot com)
- SOAP
. Fixed bug #50997 (SOAP Error when trying to submit 2nd Element of a choice).
(Dmitry)
- SPL:
. Bug #62987 (Assigning to ArrayObject[null][something] overrides all
undefined variables). (Laruence)
- mbstring:
. Allow passing null as a default value to mb_substr() and mb_strcut(). Patch
by Alexander Moskaliov via GitHub PR #133. (Lars)
- Filter extension:
. Bug #49510: Boolean validation fails with FILTER_NULL_ON_FAILURE with empty
string or false. (Lars)
- Sockets
. Fixed bug #63000 (MCAST_JOIN_GROUP on OSX is broken, merge of PR 185 by
Igor Wiedler). (Lars)
- Core:
. Fixed bug (segfault while build with zts and GOTO vm-kind). (Laruence)
. Fixed bug #62844 (parse_url() does not recognize //). (Andrew Faulds).
. Fixed bug #62829 (stdint.h included on platform where HAVE_STDINT_H is not
set). (Felipe)
. Fixed bug #62763 (register_shutdown_function and extending class).
(Laruence)
. Fixed bug #62725 (Calling exit() in a shutdown function does not return
the exit value). (Laruence)
. Fixed bug #62744 (dangling pointers made by zend_disable_class). (Laruence)
. Fixed bug #62716 (munmap() is called with the incorrect length).
(slangley@google.com)
. Fixed bug #62358 (Segfault when using traits a lot). (Laruence)
. Fixed bug #62328 (implementing __toString and a cast to string fails)
(Laruence)
. Fixed bug #51363 (Fatal error raised by var_export() not caught by error
handler). (Lonny Kapelushnik)
. Fixed bug #40459 (Stat and Dir stream wrapper methods do not call
constructor). (Stas)
- CURL:
. Fixed bug #62912 (CURLINFO_PRIMARY_* AND CURLINFO_LOCAL_* not exposed).
(Pierrick)
. Fixed bug #62839 (curl_copy_handle segfault with CURLOPT_FILE). (Pierrick)
- Intl:
. Fixed Spoofchecker not being registered on ICU 49.1. (Gustavo)
. Fix bug #62933 (ext/intl compilation error on icu 3.4.1). (Gustavo)
. Fix bug #62915 (defective cloning in several intl classes). (Gustavo)
- Installation:
. Fixed bug #62460 (php binaries installed as binary.dSYM). (Reeze Xia)
- PCRE:
. Fixed bug #55856 (preg_replace should fail on trailing garbage).
(reg dot php at alf dot nu)
- PDO:
. Fixed bug #62685 (Wrong return datatype in PDO::inTransaction()). (Laruence)
- Reflection:
. Fixed bug #62892 (ReflectionClass::getTraitAliases crashes on importing
trait methods as private). (Felipe)
. Fixed bug #62715 (ReflectionParameter::isDefaultValueAvailable() wrong
result). (Laruence)
- Session:
. Fixed bug (segfault due to retval is not initialized). (Laruence)
. Fixed bug (segfault due to PS(mod_user_implemented) not be reseted
when close handler call exit). (Laruence)
- SOAP
. Fixed bug #50997 (SOAP Error when trying to submit 2nd Element of a choice).
(Dmitry)
- SPL:
. Fixed bug #62904 (Crash when cloning an object which inherits SplFixedArray)
(Laruence)
. Implemented FR #62840 (Add sort flag to ArrayObject::ksort). (Laruence)
- Standard:
. Fixed bug #62836 (Seg fault or broken object references on unserialize()).
(Laruence)
- FPM:
. Merged PR 121 by minitux to add support for slow request counting on PHP
FPM status page. (Lars)
- CLI Server:
. Implemented FR #62700 (have the console output 'Listening on
http://localhost:8000'). (pascal.chevrel@free.fr)
- Core:
. Fixed bug #62661 (Interactive php-cli crashes if include() is used in
auto_prepend_file). (Laruence)
. Fixed bug #62653: (unset($array[$float]) causes a crash). (Nikita Popov,
Laruence)
. Fixed bug #62565 (Crashes due non-initialized internal properties_table).
(Felipe)
. Fixed bug #60194 (--with-zend-multibyte and --enable-debug reports LEAK
with run-test.php). (Laruence)
- CURL:
. Fixed bug #62499 (curl_setopt($ch, CURLOPT_COOKIEFILE, "") returns false).
(r.hampartsumyan@gmail.com, Laruence)
- DateTime:
. Fixed Bug #62500 (Segfault in DateInterval class when extended). (Laruence)
- Fileinfo:
. Fixed bug #61964 (finfo_open with directory causes invalid free).
(reeze.xia@gmail.com)
- Intl:
. Fixed bug #62564 (Extending MessageFormatter and adding property causes
crash). (Felipe)
- MySQLnd:
. Fixed bug #62594 (segfault in mysqlnd_res_meta::set_mode). (Laruence)
- readline:
. Fixed bug #62612 (readline extension compilation fails with
sapi/cli/cli.h: No such file). (Johannes)
- Reflection:
. Implemented FR #61602 (Allow access to name of constant used as default
value). (reeze.xia@gmail.com)
- SimpleXML:
. Implemented FR #55218 Get namespaces from current node. (Lonny)
- SPL:
. Fixed bug #62616 (ArrayIterator::count() from IteratorIterator instance
gives Segmentation fault). (Laruence, Gustavo)
. Fixed bug #61527 (ArrayIterator gives misleading notice on next() when
moved to the end). (reeze.xia@gmail.com)
- Streams:
. Fixed bug #62597 (segfault in php_stream_wrapper_log_error with ZTS build).
(Laruence)
- Zlib:
. Fixed bug #55544 (ob_gzhandler always conflicts with
zlib.output_compression). (Laruence)
- Core:
. Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed
Salt). (Anthony Ferrara)
. Fixed bug #62432 (ReflectionMethod random corrupt memory on high
concurrent). (Johannes)
. Fixed bug #62373 (serialize() generates wrong reference to the object).
(Moriyoshi)
. Fixed bug #62357 (compile failure: (S) Arguments missing for built-in
function __memcmp). (Laruence)
. Fixed bug #61998 (Using traits with method aliases appears to result in
crash during execution). (Dmitry)
. Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that
includes a semi-colon). (Pierrick)
. Fixed potential overflow in _php_stream_scandir (CVE-2012-2688).
(Jason Powell, Stas)
- EXIF:
. Fixed information leak in ext exif (discovered by Martin Noga,
Matthew "j00ru" Jurczyk, Gynvael Coldwind)
- FPM:
. Fixed bug #62205 (php-fpm segfaults (null passed to strstr)). (fat)
. Fixed bug #62160 (Add process.priority to set nice(2) priorities). (fat)
. Fixed bug #62153 (when using unix sockets, multiples FPM instances
. Fixed bug #62033 (php-fpm exits with status 0 on some failures to start).
(fat)
. Fixed bug #61839 (Unable to cross-compile PHP with --enable-fpm). (fat)
. Fixed bug #61835 (php-fpm is not allowed to run as root). (fat)
. Fixed bug #61295 (php-fpm should not fail with commented 'user'
. Fixed bug #61218 (FPM drops connection while receiving some binary values
in FastCGI requests). (fat)
. Fixed bug #61045 (fpm don't send error log to fastcgi clients). (fat)
for non-root start). (fat)
. Fixed bug #61026 (FPM pools can listen on the same address). (fat)
can be launched without errors). (fat)
- Iconv:
. Fix bug #55042 (Erealloc in iconv.c unsafe). (Stas)
- Intl:
. Fixed bug #62083 (grapheme_extract() memory leaks). (Gustavo)
. ResourceBundle constructor now accepts NULL for the first two arguments.
(Gustavo)
. Fixed bug #62081 (IntlDateFormatter constructor leaks memory when called
twice). (Gustavo)
. Fixed bug #62070 (Collator::getSortKey() returns garbage). (Gustavo)
. Fixed bug #62017 (datefmt_create with incorrectly encoded timezone leaks
pattern). (Gustavo)
. Fixed bug #60785 (memory leak in IntlDateFormatter constructor). (Gustavo)
- JSON:
. Fixed bug #61359 (json_encode() calls too many reallocs). (Stas)
- libxml:
. Fixed bug #62266 (Custom extension segfaults during xmlParseFile with FPM
SAPI). (Gustavo)
- Phar:
. Fixed bug #62227 (Invalid phar stream path causes crash). (Felipe)
- Readline:
. Fixed bug #62186 (readline fails to compile - void function should not
return a value). (Johannes)
- Reflection:
. Fixed bug #62384 (Attempting to invoke a Closure more than once causes
segfault). (Felipe)
. Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory leaks
with constant). (Laruence)
- Sockets:
. Fixed bug #62025 (__ss_family was changed on AIX 5.3). (Felipe)
- SPL:
. Fixed bug #62433 (Inconsistent behavior of RecursiveDirectoryIterator to
dot files). (Laruence)
. Fixed bug #62262 (RecursiveArrayIterator does not implement Countable).
(Nikita Popov)
- XML Writer:
. Fixed bug #62064 (memory leak in the XML Writer module).
(jean-pierre dot lozi at lip6 dot fr)
- Zip:
. Upgraded libzip to 0.10.1 (Anatoliy)
- COM:
. Fixed bug #62146 com_dotnet cannot be built shared. (Johannes)
- CLI Server:
. Implemented FR #61977 (Need CLI web-server support for files with .htm &
svg extensions). (Sixd, Laruence)
. Improved performance while sending error page, this also fixed
bug #61785 (Memory leak when access a non-exists file without router).
(Laruence)
. Fixed bug #61546 (functions related to current script failed when chdir()
in cli sapi). (Laruence, reeze.xia@gmail.com)
- Core:
. Fixed missing bound check in iptcparse(). (chris at chiappa.net)
. Fixed CVE-2012-2143. (Solar Designer)
. Fixed bug #62097 (fix for for bug #54547). (Gustavo)
. Fixed bug #62005 (unexpected behavior when incrementally assigning to a
member of a null object). (Laruence)
. Fixed bug #61978 (Object recursion not detected for classes that implement
JsonSerializable). (Felipe)
. Fixed bug #61991 (long overflow in realpath_cache_get()). (Anatoliy)
. Fixed bug #61922 (ZTS build doesn't accept zend.script_encoding config).
(Laruence)
. Fixed bug #61827 (incorrect \e processing on Windows) (Anatoliy)
. Fixed bug #61782 (__clone/__destruct do not match other methods when checking
access controls). (Stas)
. Fixed bug #61764 ('I' unpacks n as signed if n > 2^31-1 on LP64). (Gustavo)
. Fixed bug #61761 ('Overriding' a private static method with a different
signature causes crash). (Laruence)
. Fixed bug #61730 (Segfault from array_walk modifying an array passed by
reference). (Laruence)
. Fixed bug #61728 (PHP crash when calling ob_start in request_shutdown
phase). (Laruence)
. Fixed bug #61713 (Logic error in charset detection for htmlentities).
(Anatoliy)
. Fixed bug #61660 (bin2hex(hex2bin($data)) != $data). (Nikita Popov)
. Fixed bug #61650 (ini parser crashes when using ${xxxx} ini variables
(without apache2)). (Laruence)
. Fixed bug #61605 (header_remove() does not remove all headers). (Laruence)
. Fixed bug #54547 (wrong equality of string numbers). (Gustavo)
. Fixed bug #54197 ([PATH=] sections incompatibility with user_ini.filename
set to null). (Anatoliy)
. Changed php://fd to be available only for CLI.
- CURL:
. Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction).
(Laruence)
- Fileinfo
. Fixed bug #61812 (Uninitialised value used in libmagic).
(Laruence, Gustavo)
. Fixed bug #61566 failure caused by the posix lseek and read versions
under windows in cdf_read(). (Anatoliy)
. Fixed bug #61565 where php_stream_open_wrapper_ex tries to open a
directory descriptor under windows. (Anatoliy)
- Intl
. Fixed bug #62082 (Memory corruption in internal function
get_icu_disp_value_src_php()). (Gustavo)
- Libxml:
. Fixed bug #61617 (Libxml tests failed(ht is already destroyed)).
(Laruence)
- PDO:
. Fixed bug #61755 (A parsing bug in the prepared statements can lead to
access violations). (Johannes)
- Phar:
. Fixed bug #61065 (Secunia SA44335, CVE-2012-2386). (Rasmus)
- Pgsql:
. Added pg_escape_identifier/pg_escape_literal. (Yasuo Ohgaki)
- Streams:
. Fixed bug #61961 (file_get_contents leaks when access empty file with
maxlen set). (Reeze)
- Zlib:
. Fixed bug #61820 (using ob_gzhandler will complain about headers already
sent when no compression). (Mike)
. Fixed bug #61443 (can't change zlib.output_compression on the fly). (Mike)
. Fixed bug #60761 (zlib.output_compression fails on refresh). (Mike)
- CGI
. Re-Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823.
(Stas)
. Fix bug #61807 - Buffer Overflow in apache_request_headers.
(nyt-php at countercultured dot net).
- CLI Server:
. Fixed bug #61461 (missing checks around malloc() calls). (Ilia)
. Implemented FR #60850 (Built in web server does not set
$_SERVER['SCRIPT_FILENAME'] when using router). (Laruence)
. "Connection: close" instead of "Connection: closed" (Gustavo)
- Core:
. Fixed crash in ZTS using same class in many threads. (Johannes)
. Fixed bug #61374 (html_entity_decode tries to decode code points that don't
exist in ISO-8859-1). (Gustavo)
. Fixed bug #61273 (call_user_func_array with more than 16333 arguments
leaks / crashes). (Laruence)
. Fixed bug #61225 (Incorrect lexing of 0b00*+<NUM>). (Pierrick)
. Fixed bug #61165 (Segfault - strip_tags()). (Laruence)
. Fixed bug #61106 (Segfault when using header_register_callback). (Nikita
Popov)
. Fixed bug #61087 (Memory leak in parse_ini_file when specifying
invalid scanner mode). (Nikic, Laruence)
. Fixed bug #61072 (Memory leak when restoring an exception handler).
(Nikic, Laruence)
. Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX).
(Laruence)
. Fixed bug #61052 (Missing error check in trait 'insteadof' clause). (Stefan)
. Fixed bug #61011 (Crash when an exception is thrown by __autoload
accessing a static property). (Laruence)
. Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical
vars). (Laruence)
. Fixed bug #60978 (exit code incorrect). (Laruence)
. Fixed bug #60911 (Confusing error message when extending traits). (Stefan)
. Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam)
. Fixed bug #60717 (Order of traits in use statement can cause a fatal
error). (Stefan)
. Fixed bug #60573 (type hinting with "self" keyword causes weird errors).
(Laruence)
. Fixed bug #60569 (Nullbyte truncates Exception $message). (Ilia)
. Fixed bug #52719 (array_walk_recursive crashes if third param of the
function is by reference). (Nikita Popov)
. Improve performance of set_exception_handler while doing reset (Laruence)
- fileinfo:
. Fix fileinfo test problems. (Anatoliy Belsky)
- FPM
. Fixed bug #61430 (Transposed memset() params in sapi/fpm/fpm/fpm_shm.c).
(michaelhood at gmail dot com, Ilia)
- Ibase
. Fixed bug #60947 (Segmentation fault while executing ibase_db_info).
(Ilia)
- Installation
. Fixed bug #61172 (Add Apache 2.4 support). (Chris Jones)
- Intl:
. Fixed bug #61487 (Incorrent bounds checking in grapheme_strpos).
(Stas)
- mbstring:
. MFH mb_ereg_replace_callback() for security enhancements. (Rui)
- mysqli
. Fixed bug #61003 (mysql_stat() require a valid connection). (Johannes).
- mysqlnd
. Fixed bug #61704 (Crash apache, phpinfo() threading issue). (Johannes)
. Fixed bug #60948 (mysqlnd FTBFS when -Wformat-security is enabled).
(Johannes)
- PDO
. Fixed bug #61292 (Segfault while calling a method on an overloaded PDO
object). (Laruence)
- PDO_mysql
. Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't
always work). (Johannes)
. Fixed bug #61194 (PDO should export compression flag with myslqnd).
(Johannes)
- PDO_odbc
. Fixed bug #61212 (PDO ODBC Segfaults on SQL_SUCESS_WITH_INFO). (Ilia)
- Phar
. Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL
bytes). (Nikita Popov)
- Readline:
. Fixed bug #61088 (Memory leak in readline_callback_handler_install).
(Nikic, Laruence)
- Reflection:
. Implemented FR #61602 (Allow access to the name of constant
used as function/method parameter's default value). (reeze.xia@gmail.com)
. Fixed bug #60968 (Late static binding doesn't work with
ReflectionMethod::invokeArgs()). (Laruence)
- Session
. Fixed bug #60634 (Segmentation fault when trying to die() in
SessionHandler::write()). (Ilia)
- SOAP
. Fixed bug #61423 (gzip compression fails). (Ilia)
. Fixed bug #60887 (SoapClient ignores user_agent option and sends no
User-Agent header). (carloschilazo at gmail dot com)
. Fixed bug #60842, #51775 (Chunked response parsing error when
chunksize length line is > 10 bytes). (Ilia)
. Fixed bug #49853 (Soap Client stream context header option ignored).
(Dmitry)
- SPL:
. Fixed bug #61453 (SplObjectStorage does not identify objects correctly).
(Gustavo)
. Fixed bug #61347 (inconsistent isset behavior of Arrayobject). (Laruence)
- Standard:
. Fixed memory leak in substr_replace. (Pierrick)
. Make max_file_uploads ini directive settable outside of php.ini (Rasmus)
. Fixed bug #61409 (Bad formatting on phpinfo()). (Jakub Vrana)
. Fixed bug #60222 (time_nanosleep() does validate input params). (Ilia)
. Fixed bug #60106 (stream_socket_server silently truncates long unix socket
paths). (Ilia)
- XMLRPC:
. Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary
variable). (Nikita Popov)
. Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikita
Popov)
- Zlib:
. Fixed bug #61306 (initialization of global inappropriate for ZTS). (Gustavo)
. Fixed bug #61287 (A particular string fails to decompress). (Mike)
. Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikita Popov)
- Installation:
. autoconf 2.59+ is now supported (and required) for generating the
configure script with ./buildconf. Autoconf 2.60+ is desirable
otherwise the configure help order may be incorrect. (Rasmus, Chris Jones)
- General improvements:
. Added short array syntax support ([1,2,3]), see UPGRADING guide for full
details. (rsky0711 at gmail . com, sebastian.deutsch at 9elements . com,
Pierre)
. Added binary number format (0b001010). (Jonah dot Harris at gmail dot com)
. Added support for Class::{expr}() syntax (Pierrick)
. Added multibyte support by default. Previously PHP had to be compiled
with --enable-zend-multibyte. Now it can be enabled or disabled through
the zend.multibyte directive in php.ini. (Dmitry)
. Removed compile time dependency from ext/mbstring (Dmitry)
. Added support for Traits. (Stefan, with fixes by Dmitry and Laruence)
. Added closure $this support back. (Stas)
. Added array dereferencing support. (Felipe)
. Added callable typehint. (Hannes)
. Added indirect method call through array. FR #47160. (Felipe)
. Added DTrace support. (David Soria Parra)
. Added class member access on instantiation (e.g. (new foo)->bar()) support.
(Felipe)
. <?= is now always available regardless of the short_open_tag setting. (Rasmus)
. Implemented Zend Signal Handling (configurable option --enable-zend-signals,
off by default). (Lucas Nealan, Arnaud Le Blanc, Brian Shire, Ilia)
. Improved output layer, see README.NEW-OUTPUT-API for internals. (Mike)
. Improved UNIX build system to allow building multiple PHP binary SAPIs and
one SAPI module the same time. FR #53271, FR #52419. (Jani)
. Implemented closure rebinding as parameter to bindTo. (Gustavo Lopes)
. Improved the warning message of incompatible arguments. (Laruence)
. Improved ternary operator performance when returning arrays. (Arnaud, Dmitry)
. Changed error handlers to only generate docref links when the docref_root
php.ini setting is not empty. (Derick)
. Changed silent conversion of array to string to produce a notice. (Patrick)
. Changed default encoding from ISO-8859-1 to UTF-8 when not specified in
htmlspecialchars and htmlentities. (Rasmus)
. Changed casting of null/''/false into an Object when adding a property
from E_STRICT into a warning. (Scott)
. Changed E_ALL to include E_STRICT. (Stas)
. Disabled Windows CRT warning by default, can be enabled again using the
php.ini directive windows_show_crt_warnings. (Pierre)
. Fixed bug #55378: Binary number literal returns float number though its
value is small enough. (Derick)
- Improved PDO:
. Fixed PDO objects binary incompatibility. (Dmitry)
- CLI SAPI:
. Fixed bug #61546 (functions related to current script failed when chdir()
in cli sapi). (Laruence, reeze.xia@gmail.com)
- CURL:
. Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction).
(Laruence)
- COM:
. Fixed bug #62146 com_dotnet cannot be built shared. (Johannes)
- Core:
. Fixed CVE-2012-2143. (Solar Designer)
. Fixed missing bound check in iptcparse(). (chris at chiappa.net)
. Fixed bug #62373 (serialize() generates wrong reference to the object).
(Moriyoshi)
. Fixed bug #62005 (unexpected behavior when incrementally assigning to a
member of a null object). (Laruence)
. Fixed bug #61991 (long overflow in realpath_cache_get()). (Anatoliy)
. Fixed bug #61764 ('I' unpacks n as signed if n > 2^31-1 on LP64). (Gustavo)
. Fixed bug #61730 (Segfault from array_walk modifying an array passed by
reference). (Laruence)
. Fixed bug #61713 (Logic error in charset detection for htmlentities).
(Anatoliy)
. Fixed bug #54197 ([PATH=] sections incompatibility with user_ini.filename
set to null). (Anatoliy)
. Changed php://fd to be available only for CLI.
- Fileinfo:
. Fixed bug #61812 (Uninitialised value used in libmagic).
(Laruence, Gustavo)
- Iconv extension:
. Fixed a bug that iconv extension fails to link to the correct library
when another extension makes use of a library that links to the iconv
library. See https://bugs.gentoo.org/show_bug.cgi?id=364139 for detail.
(Moriyoshi)
- Intl:
. Fixed bug #62082 (Memory corruption in internal function
get_icu_disp_value_src_php()). (Gustavo)
- JSON
. Fixed bug #61537 (json_encode() incorrectly truncates/discards
information). (Adam)
- PDO:
. Fixed bug #61755 (A parsing bug in the prepared statements can lead to
access violations). (Johannes)
- Phar:
. Fix bug #61065 (Secunia SA44335). (Rasmus)
- Streams:
. Fixed bug #61961 (file_get_contents leaks when access empty file with
maxlen set). (Reeze)
- Core:
. Fixed bug #61605 (header_remove() does not remove all headers).
(Laruence)
. Fixed bug #61541 (Segfault when using ob_* in output_callback).
(reeze.xia@gmail.com)
. Fixed bug #61273 (call_user_func_array with more than 16333 arguments
leaks / crashes). (Laruence)
. Fixed bug #61165 (Segfault - strip_tags()). (Laruence)
. Improved max_input_vars directive to check nested variables (Dmitry).
. Fixed bug #61095 (Incorect lexing of 0x00*+<NUM>). (Etienne)
. Fixed bug #61087 (Memory leak in parse_ini_file when specifying
invalid scanner mode). (Nikic, Laruence)
. Fixed bug #61072 (Memory leak when restoring an exception handler).
(Nikic, Laruence)
. Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX).
(Laruence)
. Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).
(Ondřej Surý)
. Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical
vars). (Laruence)
. Fixed bug #60895 (Possible invalid handler usage in windows random
functions). (Pierre)
. Fixed bug #60825 (Segfault when running symfony 2 tests).
(Dmitry, Laruence)
. Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam)
. Fixed bug #60569 (Nullbyte truncates Exception $message). (Ilia)
. Fixed bug #60227 (header() cannot detect the multi-line header with CR).
(rui, Gustavo)
. Fixed bug #60222 (time_nanosleep() does validate input params). (Ilia)
. Fixed bug #54374 (Insufficient validating of upload name leading to
corrupted $_FILES indices). (CVE-2012-1172). (Stas, lekensteyn at
gmail dot com, Pierre)
. Fixed bug #52719 (array_walk_recursive crashes if third param of the
function is by reference). (Nikita Popov)
. Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry)
- DOM
. Added debug info handler to DOM objects. (Gustavo, Joey Smith)
- FPM
. Fixed bug #61430 (Transposed memset() params in sapi/fpm/fpm/fpm_shm.c).
(michaelhood at gmail dot com, Ilia)
- Ibase
. Fixed bug #60947 (Segmentation fault while executing ibase_db_info).
(Ilia)
- Installation
. Fixed bug #61172 (Add Apache 2.4 support). (Chris Jones)
- Fileinfo
. Fixed bug #61173 (Unable to detect error from finfo constructor). (Gustavo)
- Libxml:
. Fixed bug #61617 (Libxml tests failed(ht is already destroyed)).
(Laruence)
. Fixed bug #61367 (open_basedir bypass using libxml RSHUTDOWN).
(Tim Starling)
- mysqli
. Fixed bug #61003 (mysql_stat() require a valid connection). (Johannes).
- PDO_mysql
. Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't
always work). (Johannes)
. Fixed bug #61194 (PDO should export compression flag with myslqnd).
(Johannes)
- PDO_odbc
. Fixed bug #61212 (PDO ODBC Segfaults on SQL_SUCESS_WITH_INFO). (Ilia)
- PDO_pgsql
. Fixed bug #61267 (pdo_pgsql's PDO::exec() returns the number of SELECTed
rows on postgresql >= 9). (ben dot pineau at gmail dot com)
- PDO_Sqlite extension:
. Add createCollation support. (Damien)
- Phar:
. Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL
bytes). (Nikic)
- PHP-FPM SAPI:
. Fixed bug #60811 (php-fpm compilation problem). (rasmus)
- Readline:
. Fixed bug #61088 (Memory leak in readline_callback_handler_install).
(Nikic, Laruence)
. Add open_basedir checks to readline_write_history and readline_read_history.
(Rasmus, reported by Mateusz Goik)
- Reflection:
. Fixed bug #61388 (ReflectionObject:getProperties() issues invalid reads
when get_properties returns a hash table with (inaccessible) dynamic
numeric properties). (Gustavo)
. Fixed bug #60968 (Late static binding doesn't work with
ReflectionMethod::invokeArgs()). (Laruence)
- SOAP
. Fixed basic HTTP authentication for WSDL sub requests. (Dmitry)
. Fixed bug #60887 (SoapClient ignores user_agent option and sends no
User-Agent header). (carloschilazo at gmail dot com)
. Fixed bug #60842, #51775 (Chunked response parsing error when
chunksize length line is > 10 bytes). (Ilia)
. Fixed bug #49853 (Soap Client stream context header option ignored).
(Dmitry)
- SPL
. Fixed memory leak when calling SplFileInfo's constructor twice. (Felipe)
. Fixed bug #61418 (Segmentation fault when DirectoryIterator's or
FilesystemIterator's iterators are requested more than once without
having had its dtor callback called in between). (Gustavo)
. Fixed bug #61347 (inconsistent isset behavior of Arrayobject). (Laruence)
. Fixed bug #61326 (ArrayObject comparison). (Gustavo)
- SQLite3 extension:
. Add createCollation() method. (Brad Dewar)
- Session:
. Fixed bug #60860 (session.save_handler=user without defined function core
dumps). (Felipe)
. Fixed bug #60634 (Segmentation fault when trying to die() in
SessionHandler::write()). (Ilia)
- Streams:
. Fixed bug #61371 (stream_context_create() causes memory leaks on use
streams_socket_create). (Gustavo)
. Fixed bug #61253 (Wrappers opened with errors concurrency problem on ZTS).
(Gustavo)
. Fixed bug #61115 (stream related segfault on fatal error in
php_stream_context_link). (Gustavo)
. Fixed bug #60817 (stream_get_line() reads from stream even when there is
already sufficient data buffered). stream_get_line() now behaves more like
fgets(), as is documented. (Gustavo)
. Further fix for bug #60455 (stream_get_line misbehaves if EOF is not
detected together with the last read). (Gustavo)
. Fixed bug #60106 (stream_socket_server silently truncates long unix
socket paths). (Ilia)
- Tidy:
. Fixed bug #54682 (tidy null pointer dereference). (Tony, David Soria Parra)
- XMLRPC:
. Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary
variable). (Nikita Popov)
. Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikic)
- Zlib:
. Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikic)
- Core:
. Fixed arbitrary remote code execution vulnerability reported by Stefan
Esser, CVE-2012-0830. (Stas, Dmitry)
- Core:
. Added max_input_vars directive to prevent attacks based on hash collisions
(CVE-2011-4885) (Dmitry).
. Fixed bug #60205 (possible integer overflow in content_length). (Laruence)
. Fixed bug #60139 (Anonymous functions create cycles not detected by the
GC). (Dmitry)
. Fixed bug #60138 (GC crash with referenced array in RecursiveArrayIterator)
(Dmitry).
. Fixed bug #60120 (proc_open's streams may hang with stdin/out/err when
the data exceeds or is equal to 2048 bytes). (Pierre, Pascal Borreli)
. Fixed bug #60099 (__halt_compiler() works in braced namespaces). (Felipe)
. Fixed bug #60019 (Function time_nanosleep() is undefined on OS X). (Ilia)
. Fixed bug #55874 (GCC does not provide __sync_fetch_and_add on some archs).
(klightspeed at netspace dot net dot au)
. Fixed bug #55798 (serialize followed by unserialize with numeric object
prop. gives integer prop). (Gustavo)
. Fixed bug #55749 (TOCTOU issue in getenv() on Windows builds). (Pierre)
. Fixed bug #55707 (undefined reference to `__sync_fetch_and_add_4' on Linux
parisc). (Felipe)
. Fixed bug #55674 (fgetcsv & str_getcsv skip empty fields in some
tab-separated records). (Laruence)
. Fixed bug #55649 (Undefined function Bug()). (Laruence)
. Fixed bug #55622 (memory corruption in parse_ini_string). (Pierre)
. Fixed bug #55576 (Cannot conditionally move uploaded file without race
condition). (Gustavo)
. Fixed bug #55510: $_FILES 'name' missing first character after upload.
(Arpad)
. Fixed bug #55509 (segfault on x86_64 using more than 2G memory). (Laruence)
. Fixed bug #55504 (Content-Type header is not parsed correctly on
HTTP POST request). (Hannes)
. Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to
is_a and is_subclass_of). (alan_k)
. Fixed bug #52461 (Incomplete doctype and missing xmlns).
(virsacer at web dot de, Pierre)
. Fixed bug #55366 (keys lost when using substr_replace an array). (Arpad)
. Fixed bug #55273 (base64_decode() with strict rejects whitespace after
pad). (Ilia)
. Fixed bug #52624 (tempnam() by-pass open_basedir with nonnexistent
directory). (Felipe)
. Fixed bug #50982 (incorrect assumption of PAGE_SIZE size). (Dmitry)
. Fixed invalid free in call_user_method() function. (Felipe)
. Fixed bug #43200 (Interface implementation / inheritence not possible in
abstract classes). (Felipe)
- BCmath:
. Fixed bug #60377 (bcscale related crashes on 64bits platforms). (shm)
- Calendar:
. Fixed bug #55797 (Integer overflow in SdnToGregorian leads to segfault (in
optimized builds). (Gustavo)
- cURL:
. Fixed bug #60439 (curl_copy_handle segfault when used with
CURLOPT_PROGRESSFUNCTION). (Pierrick)
. Fixed bug #54798 (Segfault when CURLOPT_STDERR file pointer is closed
before calling curl_exec). (Hannes)
. Fixed issues were curl_copy_handle() would sometimes lose copied
preferences. (Hannes)
- DateTime:
. Fixed bug #60373 (Startup errors with log_errors on cause segfault).
(Derick)
. Fixed bug #60236 (TLA timezone dates are not converted properly from
timestamp). (Derick)
. Fixed bug #55253 (DateTime::add() and sub() result -1 hour on objects with
time zone type 2). (Derick)
. Fixed bug #54851 (DateTime::createFromFormat() doesn't interpret "D").
(Derick)
. Fixed bug #53502 (strtotime with timezone memory leak). (Derick)
. Fixed bug #52062 (large timestamps with DateTime::getTimestamp and
DateTime::setTimestamp). (Derick)
. Fixed bug #51994 (date_parse_from_format is parsing invalid date using 'yz'
format). (Derick)
. Fixed bug #52113 (Seg fault while creating (by unserialization)
DatePeriod). (Derick)
. Fixed bug #48476 (cloning extended DateTime class without calling
parent::__constr crashed PHP). (Hannes)
- EXIF:
. Fixed bug #60150 (Integer overflow during the parsing of invalid exif
header). (CVE-2011-4566) (Stas, flolechaud at gmail dot com)
- Fileinfo:
. Fixed bug #60094 (C++ comment fails in c89). (Laruence)
. Fixed possible memory leak in finfo_open(). (Felipe)
. Fixed memory leak when calling the Finfo constructor twice. (Felipe)
- Filter:
. Fixed Bug #55478 (FILTER_VALIDATE_EMAIL fails with internationalized
domain name addresses containing >1 -). (Ilia)
- FTP:
. Fixed bug #60183 (out of sync ftp responses). (bram at ebskamp dot me,
rasmus)
- Gd:
. Fixed bug #60160 (imagefill() doesn't work correctly
for small images). (Florian)
. Fixed potential memory leak on a png error (Rasmus, Paul Saab)
- Intl:
. Fixed bug #60192 (SegFault when Collator not constructed
properly). (Florian)
. Fixed memory leak in several Intl locale functions. (Felipe)
- Json:
. Fixed bug #55543 (json_encode() with JSON_NUMERIC_CHECK fails on objects
with numeric string properties). (Ilia, dchurch at sciencelogic dot com)
- Mbstring:
. Fixed possible crash in mb_ereg_search_init() using empty pattern. (Felipe)
- MS SQL:
. Fixed bug #60267 (Compile failure with freetds 0.91). (Felipe)
- MySQL:
. Fixed bug #55550 (mysql.trace_mode miscounts result sets). (Johannes)
- MySQLi extension:
. Fixed bug #55859 (mysqli->stat property access gives error). (Andrey)
. Fixed bug #55582 (mysqli_num_rows() returns always 0 for unbuffered, when
mysqlnd is used). (Andrey)
. Fixed bug #55703 (PHP crash when calling mysqli_fetch_fields).
(eran at zend dot com, Laruence)
- mysqlnd
. Fixed bug #55609 (mysqlnd cannot be built shared). (Johannes)
. Fixed bug #55067 (MySQL doesn't support compression - wrong config option).
(Andrey)
- NSAPI SAPI:
. Don't set $_SERVER['HTTPS'] on unsecure connection (bug #55403). (Uwe
Schindler)
- OpenSSL:
. Fixed bug #60279 (Fixed NULL pointer dereference in
stream_socket_enable_crypto, case when ssl_handle of session_stream is not
initialized.) (shm)
. Fix segfault with older versions of OpenSSL. (Scott)
- PDO
. Fixed bug #55776 (PDORow to session bug). (Johannes)
- PDO Firebird:
. Fixed bug #48877 ("bindValue" and "bindParam" do not work for PDO Firebird).
(Mariuz)
. Fixed bug #47415 (PDO_Firebird segfaults when passing lowercased column name to
bindColumn).
. Fixed bug #53280 (PDO_Firebird segfaults if query column count less than param
count).
(Mariuz)
- Phar:
. Fixed bug #60261 (NULL pointer dereference in phar). (Felipe)
. Fixed bug #60164 (Stubs of a specific length break phar_open_from_fp
scanning for __HALT_COMPILER). (Ralph Schindler)
. Fixed bug #53872 (internal corruption of phar). (Hannes)
. Fixed bug #52013 (Unable to decompress files in a compressed phar). (Hannes)
- PHP-FPM SAPI:
. Dropped restriction of not setting the same value multiple times, the last
one holds. (giovanni at giacobbi dot net, fat)
. Added .phar to default authorized extensions. (fat)
. Fixed bug #60659 (FPM does not clear auth_user on request accept).
(bonbons at linux-vserver dot org)
. Fixed bug #60629 (memory corruption when web server closed the fcgi fd).
(fat)
. Enhance error log when the primary script can't be open. FR #60199. (fat)
. Fixed bug #60179 (php_flag and php_value does not work properly). (fat)
. Fixed bug #55577 (status.html does not install). (fat)
. Fixed bug #55533 (The -d parameter doesn't work). (fat)
. Fixed bug #55526 (Heartbeat causes a lot of unnecessary events). (fat)
. Fixed bug #55486 (status show BIG processes number). (fat)
. Enhanced security by limiting access to user defined extensions.
FR #55181. (fat)
. Added process.max to control the number of process FPM can fork. FR #55166.
(fat)
. Implemented FR #54577 (Enhanced status page with full status and details
about each processes. Also provide a web page (status.html) for
real-time FPM status. (fat)
. Lowered default value for Process Manager. FR #54098. (fat)
. Implemented FR #52569 (Add the "ondemand" process-manager
to allow zero children). (fat)
. Added partial syslog support (on error_log only). FR #52052. (fat)
- Postgres:
. Fixed bug #60244 (pg_fetch_* functions do not validate that row param
is >0). (Ilia)
. Added PGSQL_LIBPQ_VERSION/PGSQL_LIBPQ_VERSION_STR constants. (Yasuo)
- Reflection:
. Fixed bug #60367 (Reflection and Late Static Binding). (Laruence)
- Session:
. Fixed bug #55267 (session_regenerate_id fails after header sent). (Hannes)
- SimpleXML:
. Reverted the SimpleXML->query() behaviour to returning empty arrays
instead of false when no nodes are found as it was since 5.3.3
(bug #48601). (chregu, rrichards)
- SOAP
. Fixed bug #54911 (Access to a undefined member in inherit SoapClient may
cause Segmentation Fault). (Dmitry)
. Fixed bug #48216 (PHP Fatal error: SOAP-ERROR: Parsing WSDL:
Extra content at the end of the doc, when server uses chunked transfer
encoding with spaces after chunk size). (Dmitry)
. Fixed bug #44686 (SOAP-ERROR: Parsing WSDL with references). (Dmitry)
- Sockets:
. Fixed bug #60048 (sa_len a #define on IRIX). (china at thewrittenword dot
com)
- SPL:
. Fixed bug #60082 (Crash in ArrayObject() when using recursive references).
(Tony)
. Fixed bug #55807 (Wrong value for splFileObject::SKIP_EMPTY).
(jgotti at modedemploi dot fr, Hannes)
. Fixed bug #54304 (RegexIterator::accept() doesn't work with scalar values).
(Hannes)
- Streams:
. Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected together
with the last read). (Gustavo)
- Tidy:
. Fixed bug #54682 (Tidy::diagnose() NULL pointer dereference).
(Maksymilian Arciemowicz, Felipe)
- XSL:
. Added xsl.security_prefs ini option to define forbidden operations within
XSLT stylesheets, default is not to enable write operations. This option
won't be in 5.4, since there's a new method. Fixes Bug #54446. (Chregu,
Nicolas Gregoire)
- Core:
. Fixed bug #55439 (crypt() returns only the salt for MD5). (Stas)
- OpenSSL:
. Reverted a change in timeout handling restoring PHP 5.3.6 behavior,
as the new behavior caused mysqlnd SSL connections to hang (#55283).
(Pierre, Andrey, Johannes)
- Zend Engine:
. Fixed bug #55156 (ReflectionClass::getDocComment() returns comment even
though the class has none). (Felipe)
. Fixed bug #55007 (compiler fail after previous fail). (Felipe)
. Fixed bug #54910 (Crash when calling call_user_func with unknown function
name). (Dmitry)
. Fixed bug #54804 (__halt_compiler and imported namespaces).
(Pierrick, Felipe)
. Fixed bug #54624 (class_alias and type hint). (Felipe)
. Fixed bug #54585 (track_errors causes segfault). (Dmitry)
. Fixed bug #54423 (classes from dl()'ed extensions are not destroyed).
(Tony, Dmitry)
. Fixed bug #54372 (Crash accessing global object itself returned from its
__get() handle). (Dmitry)
. Fixed bug #54367 (Use of closure causes problem in ArrayAccess). (Dmitry)
. Fixed bug #54358 (Closure, use and reference). (Dmitry)
. Fixed bug #54262 (Crash when assigning value to a dimension in a non-array).
(Dmitry)
. Fixed bug #54039 (use() of static variables in lambda functions can break
staticness). (Dmitry)
- Core
. Updated crypt_blowfish to 1.2. ((CVE-2011-2483) (Solar Designer)
. Removed warning when argument of is_a() or is_subclass_of() is not
a known class. (Stas)
. Fixed crash in error_log(). (Felipe) Reported by Mateusz Kocielski.
. Added PHP_MANDIR constant telling where the manpages were installed into,
and an --man-dir argument to php-config. (Hannes)
. Fixed a crash inside dtor for error handling. (Ilia)
. Fixed buffer overflow on overlog salt in crypt(). (Clément LECIGNE, Stas)
. Implemented FR #54459 (Range function accuracy). (Adam)
- CLI SAPI:
. Fixed bug #52496 (Zero exit code on option parsing failure). (Ilia)
- cURL extension:
. Added ini option curl.cainfo (support for custom cert db). (Pierre)
. Added CURLINFO_REDIRECT_URL support. (Daniel Stenberg, Pierre)
. Added support for CURLOPT_MAX_RECV_SPEED_LARGE and
CURLOPT_MAX_SEND_SPEED_LARGE. FR #51815. (Pierrick)
- DateTime extension:
. Fixed bug where the DateTime object got changed while using date_diff().
(Derick)
. Fixed bug #54340 (DateTime::add() method bug). (Adam)
. Fixed bug #54316 (DateTime::createFromFormat does not handle trailing '|'
correctly). (Adam)
. Fixed bug #54283 (new DatePeriod(NULL) causes crash). (Felipe)
. Fixed bug #51819 (Case discrepancy in timezone names cause Uncaught
exception and fatal error). (Hannes)
- DBA extension:
. Supress warning on non-existent file open with Berkeley DB 5.2. (Chris Jones)
. Fixed bug #54242 (dba_insert returns true if key already exists). (Felipe)
- Exif extesion:
. Fixed bug #54121 (error message format string typo). (Ilia)
- Fileinfo extension:
. Fixed bug #54934 (Unresolved symbol strtoull in HP-UX 11.11). (Felipe)
- Filter extension:
. Added 3rd parameter to filter_var_array() and filter_input_array()
functions that allows disabling addition of empty elements. (Ilia)
. Fixed bug #53037 (FILTER_FLAG_EMPTY_STRING_NULL is not implemented). (Ilia)
- Interbase extension:
. Fixed bug #54269 (Short exception message buffer causes crash). (Felipe)
- intl extension:
. Implemented FR #54561 (Expose ICU version info). (David Zuelke, Ilia)
. Implemented FR #54540 (Allow loading of arbitrary resource bundles when
fallback is disabled). (David Zuelke, Stas)
- Imap extension:
. Fixed bug #55313 (Number of retries not set when params specified).
(kevin at kevinlocke dot name)
- json extension:
. Fixed bug #54484 (Empty string in json_decode doesn't reset
json_last_error()). (Ilia)
- LDAP extension:
. Fixed bug #53339 (Fails to build when compilng with gcc 4.5 and DSO
libraries). (Clint Byrum, Raphael)
- libxml extension:
. Fixed bug #54601 (Removing the doctype node segfaults). (Hannes)
. Fixed bug #54440 (libxml extension ignores default context). (Gustavo)
- mbstring extension:
. Fixed bug #54494 (mb_substr() mishandles UTF-32LE and UCS-2LE). (Gustavo)
- MCrypt extension:
. Change E_ERROR to E_WARNING in mcrypt_create_iv when not enough data
has been fetched (Windows). (Pierre)
. Fixed bug #55169 (mcrypt_create_iv always fails to gather sufficient random
data on Windows). (Pierre)
- mysqlnd
. Fixed crash when using more than 28,000 bound parameters. Workaround is to
set mysqlnd.net_cmd_buffer_size to at least 9000. (Andrey)
. Fixed bug #54674 mysqlnd valid_sjis_(head|tail) is using invalid operator
and range). (nihen at megabbs dot com, Andrey)
- MySQLi extension:
. Fixed bug #55283 (SSL options set by mysqli_ssl_set ignored for MySQLi
persistent connections). (Andrey)
. Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries).
(Andrey)
- OpenSSL extension:
. openssl_encrypt()/openssl_decrypt() truncated keys of variable length
ciphers to the OpenSSL default for the algorithm. (Scott)
. On blocking SSL sockets respect the timeout option where possible.
(Scott)
. Fixed bug #54992 (Stream not closed and error not returned when SSL
CN_match fails). (Gustavo, laird_ngrps at dodo dot com dot au)
. PCRE extension:
. Increased the backtrack limit from 100000 to 1000000 (Rasmus)
- PDO extension:
. Fixed bug #54929 (Parse error with single quote in sql comment). (Felipe)
. Fixed bug #52104 (bindColumn creates Warning regardless of ATTR_ERRMODE
settings). (Ilia)
- Phar extension:
. Fixed bug #54395 (Phar::mount() crashes when calling with wrong parameters).
(Felipe)
- PHP-FPM SAPI:
. Implemented FR #54499 (FPM ping and status_path should handle HEAD request).
(fat)
. Implemented FR #54172 (Overriding the pid file location of php-fpm). (fat)
. Fixed missing Expires and Cache-Control headers for ping and status pages.
(fat)
. Fixed memory leak. (fat) Reported and fixed by Giovanni Giacobbi.
. Fixed wrong value of log_level when invoking fpm with -tt. (fat)
. Added xml format to the status page. (fat)
. Removed timestamp in logs written by children processes. (fat)
. Fixed exit at FPM startup on fpm_resources_prepare() errors. (fat)
. Added master rlimit_files and rlimit_core in the global configuration
settings. (fat)
. Removed pid in debug logs written by chrildren processes. (fat)
. Added custom access log (also added per request %CPU and memory
mesurement). (fat)
. Added a real scoreboard and several improvements to the status page. (fat)
- Reflection extension:
. Fixed bug #54347 (reflection_extension does not lowercase module function
name). (Felipe, laruence at yahoo dot com dot cn)
- SOAP extension:
. Fixed bug #55323 (SoapClient segmentation fault when XSD_TYPEKIND_EXTENSION
contains itself). (Dmitry)
. Fixed bug #54312 (soap_version logic bug). (tom at samplonius dot org)
- Sockets extension:
. Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
Found by Mateusz Kocielski, Marek Kroemeke and Filip Palian. (Felipe)
. Changed socket_set_block() and socket_set_nonblock() so they emit warnings
on error. (Gustavo)
. Fixed bug #51958 (socket_accept() fails on IPv6 server sockets). (Gustavo)
- SPL extension:
. Fixed bug #54971 (Wrong result when using iterator_to_array with use_keys
on true). (Pierrick)
. Fixed bug #54970 (SplFixedArray::setSize() isn't resizing). (Felipe)
. Fixed bug #54609 (Certain implementation(s) of SplFixedArray cause hard
crash). (Felipe)
. Fixed bug #54384 (Dual iterators, GlobIterator, SplFileObject and
SplTempFileObject crash when user-space classes don't call the paren
constructor). (Gustavo)
. Fixed bug #54292 (Wrong parameter causes crash in
SplFileObject::__construct()). (Felipe)
. Fixed bug #54291 (Crash iterating DirectoryIterator for dir name starting
with \0). (Gustavo)
. Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator).
(Felipe)
- Streams:
. Fixed bug #54946 (stream_get_contents infinite loop). (Hannes)
. Fixed bug #54623 (Segfault when writing to a persistent socket after
closing a copy of the socket). (Gustavo)
. Fixed bug #54681 (addGlob() crashes on invalid flags). (Felipe)
- Zend Engine:
. Indirect reference to $this fails to resolve if direct $this is never used
in method. (Scott)
. Added options to debug backtrace functions. (Stas)
. Fixed bug numerous crashes due to setlocale (crash on error, pcre, mysql
etc.) on Windows in thread safe mode. (Pierre)
. Fixed Bug #53971 (isset() and empty() produce apparently spurious runtime
error). (Dmitry)
. Fixed Bug #53958 (Closures can't 'use' shared variables by value and by
reference). (Dmitry)
. Fixed Bug #53629 (memory leak inside highlight_string()). (Hannes, Ilia)
. Fixed Bug #51458 (Lack of error context with nested exceptions). (Stas)
. Fixed Bug #47143 (Throwing an exception in a destructor causes a fatal
error). (Stas)
. Fixed bug #43512 (same parameter name can be used multiple times in
method/function definition). (Felipe)
- Core:
. Added ability to connect to HTTPS sites through proxy with basic
authentication using stream_context/http/header/Proxy-Authorization (Dmitry)
. Changed default value of ini directive serialize_precision from 100 to 17.
(Gustavo)
. Fixed bug #54055 (buffer overrun with high values for precision ini
setting). (Gustavo)
. Fixed bug #53959 (reflection data for fgetcsv out-of-date). (Richard)
. Fixed bug #53577 (Regression introduced in 5.3.4 in open_basedir with a
trailing forward slash). (lekensteyn at gmail dot com, Pierre)
. Fixed bug #53682 (Fix compile on the VAX). (Rasmus, jklos)
. Fixed bug #48484 (array_product() always returns 0 for an empty array).
(Ilia)
. Fixed bug #48607 (fwrite() doesn't check reply from ftp server before
exiting). (Ilia)
- Calendar extension:
. Fixed bug #53574 (Integer overflow in SdnToJulian, sometimes leading to
segfault). (Gustavo)
- DOM extension:
. Implemented FR #39771 (Made DOMDocument::saveHTML accept an optional DOMNode
like DOMDocument::saveXML). (Gustavo)
- DateTime extension:
. Fixed a bug in DateTime->modify() where absolute date/time statements had
no effect. (Derick)
. Fixed bug #53729 (DatePeriod fails to initialize recurrences on 64bit
big-endian systems). (Derick, rein@basefarm.no)
. Fixed bug #52808 (Segfault when specifying interval as two dates). (Stas)
. Fixed bug #52738 (Can't use new properties in class extended from
DateInterval). (Stas)
. Fixed bug #52290 (setDate, setISODate, setTime works wrong when DateTime
created from timestamp). (Stas)
. Fixed bug #52063 (DateTime constructor's second argument doesn't have a
null default value). (Gustavo, Stas)
- Exif extension:
. Fixed bug #54002 (crash on crafted tag, reported by Luca Carettoni).
(Pierre) (CVE-2011-0708)
- Filter extension:
. Fixed bug #53924 (FILTER_VALIDATE_URL doesn't validate port number).
(Ilia, Gustavo)
. Fixed bug #53150 (FILTER_FLAG_NO_RES_RANGE is missing some IP ranges).
(Ilia)
. Fixed bug #52209 (INPUT_ENV returns NULL for set variables (CLI)). (Ilia)
. Fixed bug #47435 (FILTER_FLAG_NO_RES_RANGE don't work with ipv6).
(Ilia, valli at icsurselva dot ch)
- Fileinfo extension:
. Fixed bug #54016 (finfo_file() Cannot determine filetype in archives).
(Hannes)
- Gettext
. Fixed bug #53837 (_() crashes on Windows when no LANG or LANGUAGE
environment variable are set). (Pierre)
- IMAP extension:
. Implemented FR #53812 (get MIME headers of the part of the email). (Stas)
. Fixed bug #53377 (imap_mime_header_decode() doesn't ignore \t during long
MIME header unfolding). (Adam)
- Intl extension:
. Fixed bug #53612 (Segmentation fault when using cloned several intl
objects). (Gustavo)
. Fixed bug #53512 (NumberFormatter::setSymbol crash on bogus $attr values).
(Felipe)
. Implemented clone functionality for number, date & message formatters.
(Stas).
- JSON extension:
. Fixed bug #53963 (Ensure error_code is always set during some failed
decodings). (Scott)
- mysqlnd
. Fixed problem with always returning 0 as num_rows for unbuffered sets.
(Andrey, Ulf)
- OpenSSL extension:
. Fixed stream_socket_enable_crypto() not honoring the socket timeout in
server mode. (Gustavo)
. Fixed bug #54060 (Memory leaks when openssl_encrypt). (Pierre)
. Fixed bug #54061 (Memory leaks when openssl_decrypt). (Pierre)
. Fixed bug #53592 (stream_socket_enable_crypto() busy-waits in client mode).
(Gustavo)
. Implemented FR #53447 (Cannot disable SessionTicket extension for servers
that do not support it) by adding a no_ticket SSL context option. (Adam,
Tony)
- Phar extension:
. Fixed bug #54247 (format-string vulnerability on Phar). (Felipe)
(CVE-2011-1153)
. Fixed bug #53541 (format string bug in ext/phar).
(crrodriguez at opensuse dot org, Ilia)
. Fixed bug #53898 (PHAR reports invalid error message, when the directory
does not exist). (Ilia)
- PHP-FPM SAPI:
. Enforce security in the fastcgi protocol parsing.
(ef-lists at email dotde)
. Fixed bug #53777 (php-fpm log format now match php_error log format). (fat)
. Fixed bug #53527 (php-fpm --test doesn't set a valuable return value). (fat)
. Fixed bug #53434 (php-fpm slowlog now also logs the original request). (fat)
- Readline extension:
. Fixed bug #53630 (Fixed parameter handling inside readline() function).
(jo at feuersee dot de, Ilia)
- Reflection extension:
. Fixed bug #53915 (ReflectionClass::getConstant(s) emits fatal error on
constants with self::). (Gustavo)
- Shmop extension:
. Fixed bug #54193 (Integer overflow in shmop_read()). (Felipe)
Reported by Jose Carlos Norte <jose at eyeos dot org> (CVE-2011-1092)
- SNMP extension:
. Fixed bug #51336 (snmprealwalk (snmp v1) does not handle end of OID tree
correctly). (Boris Lytochkin)
- SOAP extension:
. Fixed possible crash introduced by the NULL poisoning patch.
(Mateusz Kocielski, Pierre)
- SPL extension:
. Fixed memory leak in DirectoryIterator::getExtension() and
SplFileInfo::getExtension(). (Felipe)
. Fixed bug #53914 (SPL assumes HAVE_GLOB is defined). (Chris Jones)
. Fixed bug #53515 (property_exists incorrect on ArrayObject null and 0
values). (Felipe)
. Fixed bug #49608 (Using CachingIterator on DirectoryIterator instance
segfaults). (Felipe)
- SQLite3 extension:
. Fixed memory leaked introduced by the NULL poisoning patch.
(Mateusz Kocielski, Pierre)
. Fixed memory leak on SQLite3Result and SQLite3Stmt when assigning to a
reference. (Felipe)
. Add SQlite3_Stmt::readonly() for checking if a statement is read only.
(Scott)
. Implemented FR #53466 (SQLite3Result::columnType() should return false after
all of the rows have been fetched). (Scott)
- Streams:
. Fixed bug #54092 (Segmentation fault when using HTTP proxy with the FTP
wrapper). (Gustavo)
. Fixed bug #53913 (Streams functions assume HAVE_GLOB is defined). (Chris
Jones)
. Fixed bug #53903 (userspace stream stat callback does not separate the
elements of the returned array before converting them). (Gustavo)
. Implemented FR #26158 (open arbitrary file descriptor with fopen). (Gustavo)
- Tokenizer Extension
. Fixed bug #54089 (token_get_all() does not stop after __halt_compiler).
(Nikita Popov, Ilia)
- XSL extension:
. Fixed memory leaked introduced by the NULL poisoning patch.
(Mateusz Kocielski, Pierre)
- Zip extension:
. Added the filename into the return value of stream_get_meta_data(). (Hannes)
. Fixed bug #53923 (Zip functions assume HAVE_GLOB is defined). (Adam)
. Fixed bug #53893 (Wrong return value for ZipArchive::extractTo()). (Pierre)
. Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive).
(Stas, Maksymilian Arciemowicz). (CVE-2011-0421)
. Fixed bug #53854 (Missing constants for compression type). (Richard, Adam)
. Fixed bug #53603 (ZipArchive should quiet stat errors). (brad dot froehle at
gmail dot com, Gustavo)
. Fixed bug #53579 (stream_get_contents() segfaults on ziparchive streams).
(Hannes)
. Fixed bug #53568 (swapped memset arguments in struct initialization).
(crrodriguez at opensuse dot org)
. Fixed bug #53166 (Missing parameters in docs and reflection definition).
(Richard)
. Fixed bug #49072 (feof never returns true for damaged file in zip).
(Gustavo, Richard Quadling)
- Security enhancements:
. Fixed crash in zip extract method (possible CWE-170).
(Maksymilian Arciemowicz, Pierre)
. Paths with NULL in them (foo\0bar.txt) are now considered as invalid.
(Rasmus)
. Fixed a possible double free in imap extension (Identified by Mateusz
Kocielski). (CVE-2010-4150). (Ilia)
. Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
(CVE-2010-3709). (Maksymilian Arciemowicz)
. Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
. Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). (Pierre)
. Fixed symbolic resolution support when the target is a DFS share. (Pierre)
. Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
large amount of data) (CVE-2010-3710). (Adam)
- General improvements:
. Added stat support for zip stream. (Pierre)
. Added follow_location (enabled by default) option for the http stream
support. (Pierre)
. Improved support for is_link and related functions on Windows. (Pierre)
. Added a 3rd parameter to get_html_translation_table. It now takes a charset
hint, like htmlentities et al. (Gustavo)
- Implemented feature requests:
. Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect
zend multibyte at runtime. (Kalle)
. Implemented FR #52173, added functions pcntl_get_last_error() and
pcntl_strerror(). (nick dot telford at gmail dot com, Arnaud)
. Implemented symbolic links support for open_basedir checks. (Pierre)
. Implemented FR #51804, SplFileInfo::getLinkTarget on Windows. (Pierre)
. Implemented FR #50692, not uploaded files don't count towards
max_file_uploads limit. As a side improvement, temporary files are not
opened for empty uploads and, in debug mode, 0-length uploads. (Gustavo)
- Improved MySQLnd:
. Added new character sets to mysqlnd, which are available in MySQL 5.5
(Andrey)
- Core:
. Fixed extract() to do not overwrite $GLOBALS and $this when using
EXTR_OVERWRITE. (jorto at redhat dot com)
. Fixed bug in the Windows implementation of dns_get_record, where the two
last parameters wouldn't be filled unless the type were DNS_ANY (Gustavo).
. Changed the $context parameter on copy() to actually have an effect. (Kalle)
. Fixed htmlentities/htmlspecialchars accepting certain ill-formed UTF-8
sequences. (Gustavo)
. Fixed bug #53409 (sleep() returns NULL on Windows). (Pierre)
. Fixed bug #53319 (strip_tags() may strip '<br />' incorrectly). (Felipe)
. Fixed bug #53304 (quot_print_decode does not handle lower-case hex digits).
(Ilia, daniel dot mueller at inexio dot net)
. Fixed bug #53248 (rawurlencode RFC 3986 EBCDIC support misses tilde char).
(Justin Martin)
. Fixed bug #53226 (file_exists fails on big filenames). (Adam)
. Fixed bug #53198 (changing INI setting "from" with ini_set did not have any
effect). (Gustavo)
. Fixed bug #53180 (post_max_size=0 not disabling the limit when the content
type is application/x-www-form-urlencoded or is not registered with PHP).
(gm at tlink dot de, Gustavo)
. Fixed bug #53141 (autoload misbehaves if called from closing session).
(ladislav at marek dot su)
. Fixed bug #53021 (In html_entity_decode, failure to convert numeric entities
with ENT_NOQUOTES and ISO-8859-1). Fixed and extended the fix of
ENT_NOQUOTES in html_entity_decode that had introduced the bug (rev
#185591) to other encodings. Additionaly, html_entity_decode() now doesn't
decode " if ENT_NOQUOTES is given. (Gustavo)
. Fixed bug #52931 (strripos not overloaded with function overloading
enabled). (Felipe)
. Fixed bug #52772 (var_dump() doesn't check for the existence of
get_class_name before calling it). (Kalle, Gustavo)
. Fixed bug #52534 (var_export array with negative key). (Felipe)
. Fixed bug #52327 (base64_decode() improper handling of leading padding in
strict mode). (Ilia)
. Fixed bug #52260 (dns_get_record fails with non-existing domain on Windows).
(a_jelly_doughnut at phpbb dot com, Pierre)
. Fixed bug #50953 (socket will not connect to IPv4 address when the host has
both IPv4 and IPv6 addresses, on Windows). (Gustavo, Pierre)
. Fixed bug #50524 (proc_open on Windows does not respect cwd as it does on
other platforms). (Pierre)
. Fixed bug #49687 (utf8_decode vulnerabilities and deficiencies in the number
of reported malformed sequences). (CVE-2010-3870) (Gustavo)
. Fixed bug #49407 (get_html_translation_table doesn't handle UTF-8).
(Gustavo)
. Fixed bug #48831 (php -i has different output to php --ini). (Richard,
Pierre)
. Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4).
(Felipe)
. Fixed bug #47168 (printf of floating point variable prints maximum of 40
decimal places). (Ilia)
. Fixed bug #46587 (mt_rand() does not check that max is greater than min).
(Ilia)
. Fixed bug #29085 (bad default include_path on Windows). (Pierre)
. Fixed bug #25927 (get_html_translation_table calls the ' ' instead of
'). (Gustavo)
- Zend engine:
. Reverted fix for bug #51176 (Static calling in non-static method behaves
like $this->). (Felipe)
. Changed deprecated ini options on startup from E_WARNING to E_DEPRECATED.
(Kalle)
. Fixed NULL dereference in lex_scan on zend multibyte builds where the script
had a flex incompatible encoding and there was no converter. (Gustavo)
. Fixed covariance of return-by-ref constraints. (Etienne)
. Fixed bug #53305 (E_NOTICE when defining a constant starts with
__COMPILER_HALT_OFFSET__). (Felipe)
. Fixed bug #52939 (zend_call_function does not respect ZEND_SEND_PREFER_REF).
(Dmitry)
. Fixed bug #52879 (Objects unreferenced in __get, __set, __isset or __unset
can be freed too early). (mail_ben_schmidt at yahoo dot com dot au, Dmitry)
. Fixed bug #52786 (PHP should reset section to [PHP] after ini sections).
(Fedora at famillecollet dot com)
. Fixed bug #52508 (newline problem with parse_ini_file+INI_SCANNER_RAW).
(Felipe)
. Fixed bug #52484 (__set() ignores setting properties with empty names).
(Felipe)
. Fixed bug #52361 (Throwing an exception in a destructor causes invalid
catching). (Dmitry)
. Fixed bug #51008 (Zend/tests/bug45877.phpt fails). (Dmitry)
- Build issues:
. Fixed bug #52436 (Compile error if systems do not have stdint.h)
(Sriram Natarajan)
. Fixed bug #50345 (nanosleep not detected properly on some solaris versions).
(Ulf, Tony)
. Fixed bug #49215 (make fails on glob_wrapper). (Felipe)
- Calendar extension:
. Fixed bug #52744 (cal_days_in_month incorrect for December 1 BCE).
(gpap at internet dot gr, Adam)
- cURL extension:
. Fixed bug #52828 (curl_setopt does not accept persistent streams).
(Gustavo, Ilia)
. Fixed bug #52827 (cURL leaks handle and causes assertion error
(CURLOPT_STDERR)). (Gustavo)
. Fixed bug #52202 (CURLOPT_PRIVATE gets corrupted). (Ilia)
. Fixed bug #50410 (curl extension slows down PHP on Windows). (Pierre)
- DateTime extension:
. Fixed bug #53297 (gettimeofday implementation in php/win32/time.c can return
1 million microsecs). (ped at 7gods dot org)
. Fixed bug #52668 (Iterating over a dateperiod twice is broken). (Derick)
. Fixed bug #52454 (Relative dates and getTimestamp increments by one day).
(Derick)
. Fixed bug #52430 (date_parse parse 24:xx:xx as valid time). (Derick)
. Added support for the ( and ) delimiters/separators to
DateTime::createFromFormat(). (Derick)
- DBA extension:
. Added Berkeley DB 5.1 support to the DBA extension. (Oracle Corp.)
- DOM extension:
. Fixed bug #52656 (DOMCdataSection does not work with splitText). (Ilia)
- Filter extension:
. Fixed the filter extension accepting IPv4 octets with a leading 0 as that
belongs to the unsupported "dotted octal" representation. (Gustavo)
. Fixed bug #53236 (problems in the validation of IPv6 addresses with leading
and trailing :: in the filter extension). (Gustavo)
. Fixed bug #50117 (problems in the validation of IPv6 addresses with IPv4
addresses and ::). (Gustavo)
- GD extension:
. Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). (Pierre)
- GMP extension:
. Fixed bug #52906 (gmp_mod returns negative result when non-negative is
expected). (Stas)
. Fixed bug #52849 (GNU MP invalid version match). (Adam)
- Hash extension:
. Fixed bug #51003 (unaligned memory access in ext/hash/hash_tiger.c).
(Mike, Ilia)
- Iconv extension:
. Fixed bug #52941 (The 'iconv_mime_decode_headers' function is skipping
headers). (Adam)
. Fixed bug #52599 (iconv output handler outputs incorrect content type
when flags are used). (Ilia)
. Fixed bug #51250 (iconv_mime_decode() does not ignore malformed Q-encoded
words). (Ilia)
- Intl extension:
. Fixed crashes on invalid parameters in intl extension. (CVE-2010-4409).
(Stas, Maksymilian Arciemowicz)
. Added support for formatting the timestamp stored in a DateTime object.
(Stas)
. Fixed bug #50590 (IntlDateFormatter::parse result is limited to the integer
range). (Stas)
- Mbstring extension:
. Fixed bug #53273 (mb_strcut() returns garbage with the excessive length
parameter). (CVE-2010-4156) (Mateusz Kocielski, Pierre, Moriyoshi)
. Fixed bug #52981 (Unicode casing table was out-of-date. Updated with
UnicodeData-6.0.0d7.txt and included the source of the generator program
with the distribution) (Gustavo).
. Fixed bug #52681 (mb_send_mail() appends an extra MIME-Version header).
(Adam)
- MSSQL extension:
. Fixed possible crash in mssql_fetch_batch(). (Kalle)
. Fixed bug #52843 (Segfault when optional parameters are not passed in to
mssql_connect). (Felipe)
- MySQL extension:
. Fixed bug #52636 (php_mysql_fetch_hash writes long value into int).
(Kalle, rein at basefarm dot no)
- MySQLi extension:
. Fixed bug #52891 (Wrong data inserted with mysqli/mysqlnd when using
mysqli_stmt_bind_param and value> PHP_INT_MAX). (Andrey)
. Fixed bug #52686 (mysql_stmt_attr_[gs]et argument points to incorrect type).
(rein at basefarm dot no)
. Fixed bug #52654 (mysqli doesn't install headers with structures it uses).
(Andrey)
. Fixed bug #52433 (Call to undefined method mysqli::poll() - must be static).
(Andrey)
. Fixed bug #52417 (MySQLi build failure with mysqlnd on MacOS X). (Andrey)
. Fixed bug #52413 (MySQLi/libmysql build failure on OS X, FreeBSD). (Andrey)
. Fixed bug #52390 (mysqli_report() should be per-request setting). (Kalle)
. Fixed bug #52302 (mysqli_fetch_all does not work with MYSQLI_USE_RESULT).
(Andrey)
. Fixed bug #52221 (Misbehaviour of magic_quotes_runtime (get/set)). (Andrey)
. Fixed bug #45921 (Can't initialize character set hebrew). (Andrey)
- MySQLnd:
. Fixed bug #52613 (crash in mysqlnd after hitting memory limit). (Andrey)
- ODBC extension:
- Fixed bug #52512 (Broken error handling in odbc_execute).
(mkoegler at auto dot tuwien dot ac dot at)
- Openssl extension:
. Fixed possible blocking behavior in openssl_random_pseudo_bytes on Windows.
(Pierre)
. Fixed bug #53136 (Invalid read on openssl_csr_new()). (Felipe)
. Fixed bug #52947 (segfault when ssl stream option capture_peer_cert_chain
used). (Felipe)
- PCNTL extension:
. Fixed bug #52784 (Race condition when handling many concurrent signals).
(nick dot telford at gmail dot com, Arnaud)
- PCRE extension:
. Fixed bug #52971 (PCRE-Meta-Characters not working with utf-8). (Felipe)
. Fixed bug #52732 (Docs say preg_match() returns FALSE on error, but it
returns int(0)). (slugonamission at gmail dot com)
- PHAR extension:
. Fixed bug #50987 (unaligned memory access in phar.c).
(geissert at debian dot org, Ilia)
- PHP-FPM SAPI:
. Fixed bug #53412 (segfault when using -y). (fat)
. Fixed inconsistent backlog default value (-1) in FPM on many systems. (fat)
. Fixed bug #52501 (libevent made FPM crashed when forking -- libevent has
been removed). (fat)
. Fixed bug #52725 (gcc builtin atomic functions were sometimes used when they
were not available). (fat)
. Fixed bug #52693 (configuration file errors are not logged to stderr). (fat)
. Fixed bug #52674 (FPM Status page returns inconsistent Content-Type
headers). (fat)
. Fixed bug #52498 (libevent was not only linked to php-fpm). (fat)
- PDO:
. Fixed bug #52699 (PDO bindValue writes long int 32bit enum).
(rein at basefarm dot no)
. Fixed bug #52487 (PDO::FETCH_INTO leaks memory). (Felipe)
- PostgreSQL extension:
. Fixed bug #47199 (pg_delete() fails on NULL). (ewgraf at gmail dot com)
- Reflection extension:
. Fixed ReflectionProperty::isDefault() giving a wrong result for properties
obtained with ReflectionClass::getProperties(). (Gustavo)
- Reflection extension:
. Fixed bug #53366 (Reflection doesnt get dynamic property value from
getProperty()). (Felipe)
. Fixed bug #52854 (ReflectionClass::newInstanceArgs does not work for classes
without constructors). (Johannes)
- SOAP extension:
. Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy
with SoapClient object). (Dmitry)
- SPL extension:
. Fixed bug #53362 (Segmentation fault when extending SplFixedArray). (Felipe)
. Fixed bug #53279 (SplFileObject doesn't initialise default CSV escape
character). (Adam)
. Fixed bug #53144 (Segfault in SplObjectStorage::removeAll()). (Felipe)
. Fixed bug #53071 (SPLObjectStorage defeats gc_collect_cycles). (Gustavo)
. Fixed bug #52573 (SplFileObject::fscanf Segmentation fault). (Felipe)
. Fixed bug #51763 (SplFileInfo::getType() does not work symbolic link
and directory). (Pierre)
. Fixed bug #50481 (Storing many SPLFixedArray in an array crashes). (Felipe)
. Fixed bug #50579 (RegexIterator::REPLACE doesn't work). (Felipe)
- SQLite3 extension:
. Fixed bug #53463 (sqlite3 columnName() segfaults on bad column_number).
(Felipe)
- Streams:
. Fixed forward stream seeking emulation in streams that don't support seeking
in situations where the read operation gives back less data than requested
and when there was data in the buffer before the emulation started. Also
made more consistent its behavior -- should return failure every time less
data than was requested was skipped. (Gustavo)
. Fixed bug #53241 (stream casting that relies on fdopen/fopencookie fails
with streams opened with, inter alia, the 'xb' mode). (Gustavo)
. Fixed bug #53006 (stream_get_contents has an unpredictable behavior when the
underlying stream does not support seeking). (Gustavo)
. Fixed bug #52944 (Invalid write on second and subsequent reads with an
inflate filter fed invalid data). (Gustavo)
. Fixed bug #52820 (writes to fopencookie FILE* not commited when seeking the
stream). (Gustavo)
- WDDX extension:
. Fixed bug #52468 (wddx_deserialize corrupts integer field value when left
empty). (Felipe)
- Zlib extension:
. Fixed bug #52926 (zlib fopen wrapper does not use context). (Gustavo)
- Fixed bug #52317 (Segmentation fault when using mail() on a rhel 4.x (only 64
bit)). (Adam)
- Fixed bug #52262 (json_decode() shows no errors on invalid UTF-8).
(Scott)
- Fixed bug #52240 (hash_copy() does not copy the HMAC key, causes wrong
results and PHP crashes). (Felipe)
- Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
(Johannes)
- Fixed bug #52193 (converting closure to array yields empty array). (Felipe)
- Fixed bug #52183 (Reflectionfunction reports invalid number of arguments for
function aliases). (Felipe)
- Fixed bug #52162 (custom request header variables with numbers are removed).
(Sriram Natarajan)
- Fixed bug #52160 (Invalid E_STRICT redefined constructor error). (Felipe)
- Fixed bug #52138 (Constants are parsed into the ini file for section names).
(Felipe)
- Fixed bug #52115 (mysqli_result::fetch_all returns null, not an empty array).
(Andrey)
- Fixed bug #52101 (dns_get_record() garbage in 'ipv6' field on Windows).
(Pierre)
- Fixed bug #52082 (character_set_client & character_set_connection reset after
mysqli_change_user()). (Andrey)
- Fixed bug #52043 (GD doesn't recognize latest libJPEG versions).
(php at group dot apple dot com, Pierre)
- Fixed bug #52041 (Memory leak when writing on uninitialized variable returned
from function). (Dmitry)
- Fixed bug #52060 (Memory leak when passing a closure to method_exists()).
(Felipe)
- Fixed bug #52057 (ReflectionClass fails on Closure class). (Felipe)
- Fixed bug #52051 (handling of case sensitivity of old-style constructors
changed in 5.3+). (Felipe)
- Fixed bug #52037 (Concurrent builds fail in install-programs). (seanius at
debian dot org, Kalle)
- Fixed bug #52019 (make lcov doesn't support TESTS variable anymore). (Patrick)
- Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command).
(Ilia)
- Fixed bug #52001 (Memory allocation problems after using variable variables).
(Dmitry)
- Fixed bug #51991 (spl_autoload and *nix support with namespace). (Felipe)
- Fixed bug #51943 (AIX: Several files are out of ANSI spec). (Kalle,
coreystup at gmail dot com)
- Fixed bug #51911 (ReflectionParameter::getDefaultValue() memory leaks with
constant array). (Felipe)
- Fixed bug #51905 (ReflectionParameter fails if default value is an array
with an access to self::). (Felipe)
- Fixed bug #51899 (Parse error in parse_ini_file() function when empy value
followed by no newline). (Felipe)
- Fixed bug #51844 (checkdnsrr does not support types other than MX). (Pierre)
- Fixed bug #51827 (Bad warning when register_shutdown_function called with
wrong num of parameters). (Felipe)
- Fixed bug #51822 (Segfault with strange __destruct() for static class
variables). (Dmitry)
- Fixed bug #51791 (constant() aborts execution when fail to check undefined
constant). (Felipe)
- Fixed bug #51732 (Fileinfo __construct or open does not work with NULL).
(Pierre)
- Fixed bug #51725 (xmlrpc_get_type() returns true on invalid dates). (Mike)
- Fixed bug #51723 (Content-length header is limited to 32bit integer with
Apache2 on Windows). (Pierre)
- Fixed bug #51721 (mark DOMNodeList and DOMNamedNodeMap as Traversable).
(David Zuelke)
- Fixed bug #51712 (Test mysql_mysqlnd_read_timeout_long must fail on MySQL4).
(Andrey)
- Fixed bug #51697 (Unsafe operations in free_storage of SPL iterators,
causes crash during shutdown). (Etienne)
- Fixed bug #51690 (Phar::setStub looks for case-sensitive
__HALT_COMPILER()). (Ilia)
- Fixed bug #51688 (ini per dir crashes when invalid document root are given).
(Pierre)
- Fixed bug #51671 (imagefill does not work correctly for small images).
(Pierre)
- Fixed bug #51670 (getColumnMeta causes segfault when re-executing query
after calling nextRowset). (Pierrick)
- Fixed bug #51647 Certificate file without private key (pk in another file)
doesn't work. (Andrey)
- Fixed bug #51629 (CURLOPT_FOLLOWLOCATION error message is misleading).
(Pierre)
- Fixed bug #51627 (script path not correctly evaluated).
(russell dot tempero at rightnow dot com)
- Fixed bug #51624 (Crash when calling mysqli_options()). (Felipe)
- Fixed bug #51615 (PHP crash with wrong HTML in SimpleXML). (Felipe)
- Fixed bug #51609 (pg_copy_to: Invalid results when using fourth parameter).
(Felipe)
- Fixed bug #51608 (pg_copy_to: WARNING: nonstandard use of \\ in a string
literal). (cbandy at jbandy dot com)
- Fixed bug #51607 (pg_copy_from does not allow schema in the tablename
argument). (cbandy at jbandy dot com)
- Fixed bug #51605 (Mysqli - zombie links). (Andrey)
- Fixed bug #51604 (newline in end of header is shown in start of message).
(Daniel Egeberg)
- Fixed bug #51590 (JSON_ERROR_UTF8 is undefined). (Felipe)
- Fixed bug #51583 (Bus error due to wrong alignment in mysqlnd). (Rainer Jung)
- Fixed bug #51582 (Don't assume UINT64_C it's ever available).
(reidrac at usebox dot net, Pierre)
- Fixed bug #51577 (Uninitialized memory reference with oci_bind_array_by_name)
(Oracle Corp.)
- Fixed bug #51562 (query timeout in mssql can not be changed per query).
(ejsmont dot artur at gmail dot com)
- Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory
issues). (Dmitry)
- Fixed bug #51445 (var_dump() invalid/slow *RECURSION* detection). (Felipe)
- Fixed bug #51435 (Missing ifdefs / logic bug in crypt code cause compile
errors). (Felipe)
- Fixed bug #51424 (crypt() function hangs after 3rd call). (Pierre, Sriram)
- Fixed bug #51394 (Error line reported incorrectly if error handler throws an
exception). (Stas)
- Fixed bug #51393 (DateTime::createFromFormat() fails if format string contains
timezone). (Adam)
- Fixed bug #51347 (mysqli_close / connection memory leak). (Andrey, Johannes)
- Fixed bug #51338 (URL-Rewriter is still enabled if use_only_cookies is
on). (Ilia, j dot jeising at gmail dot com)
- Fixed bug #51291 (oci_error doesn't report last error when called two times)
(Oracle Corp.)
- Fixed bug #51276 (php_load_extension() is missing when HAVE_LIBDL is
undefined). (Tony)
- Fixed bug #51273 (Faultstring property does not exist when the faultstring is
empty) (Ilia, dennis at transip dot nl)
- Fixed bug #51269 (zlib.output_compression Overwrites Vary Header). (Adam)
- Fixed bug #51257 (CURL_VERSION_LARGEFILE incorrectly used after libcurl
version 7.10.1). (aron dot ujvari at microsec dot hu)
- Fixed bug #51242 (Empty mysql.default_port does not default to 3306 anymore,
but 0). (Adam)
- Fixed bug #51237 (milter SAPI crash on startup). (igmar at palsenberg dot com)
- Fixed bug #51213 (pdo_mssql is trimming value of the money column). (Ilia,
alexr at oplot dot com)
- Fixed bug #51190 (ftp_put() returns false when transfer was successful).
(Ilia)
- Fixed bug #51183 (ext/date/php_date.c fails to compile with Sun Studio).
(Sriram Natarajan)
- Fixed bug #51176 (Static calling in non-static method behaves like $this->).
(Felipe)
- Fixed bug #51171 (curl_setopt() doesn't output any errors or warnings when
an invalid option is provided). (Ilia)
- Fixed bug #51128 (imagefill() doesn't work with large images). (Pierre)
- Fixed bug #51096 ('last day' and 'first day' are handled incorrectly when
parsing date strings). (Derick)
- Fixed bug #51086 (DBA DB4 doesn't work with Berkeley DB 4.8). (Chris Jones)
- Fixed bug #51062 (DBA DB4 uses mismatched headers and libraries). (Chris
Jones)
- Fixed bug #51026 (mysqli_ssl_set not working). (Andrey)
- Fixed bug #51023 (filter doesn't detect int overflows with GCC 4.4).
(Raphael Geissert)
- Fixed bug #50999 (unaligned memory access in dba_fetch()). (Felipe)
- Fixed bug #50976 (Soap headers Authorization not allowed).
(Brain France, Dmitry)
- Fixed bug #50828 (DOMNotation is not subclass of DOMNode). (Rob)
- Fixed bug #50810 (property_exists does not work for private). (Felipe)
- Fixed bug #50762 (in WSDL mode Soap Header handler function only being called
if defined in WSDL). (mephius at gmail dot com)
- Fixed bug #50731 (Inconsistent namespaces sent to functions registered with
spl_autoload_register). (Felipe)
- Fixed bug #50563 (removing E_WARNING from parse_url). (ralph at smashlabs dot
com, Pierre)
- Fixed bug #50578 (incorrect shebang in phar.phar). (Fedora at FamilleCollet
dot com)
- Fixed bug #50392 (date_create_from_format enforces 6 digits for 'u' format
character). (Derick)
- Fixed bug #50383 (Exceptions thrown in __call / __callStatic do not include
file and line in trace). (Felipe)
- Fixed bug #50358 (Compile failure compiling ext/phar/util.lo). (Felipe)
- Fixed bug #50101 (name clash between global and local variable).
(patch by yoarvi at gmail dot com)
- Fixed bug #50055 (DateTime::sub() allows 'relative' time modifications).
(Derick)
- Fixed bug #51002 (fix possible memory corruption with very long names).
(Pierre)
- Fixed bug #49893 (Crash while creating an instance of Zend_Mail_Storage_Pop3).
(Dmitry)
- Fixed bug #49819 (STDOUT losing data with posix_isatty()). (Mike)
- Fixed bug #49778 (DateInterval::format("%a") is always zero when an interval
is created from an ISO string). (Derick)
- Fixed bug #49700 (memory leaks in php_date.c if garbage collector is
enabled). (Dmitry)
- Fixed bug #49576 (FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus)
- Fixed bug #49490 (XPath namespace prefix conflict). (Rob)
- Fixed bug #49429 (odbc_autocommit doesn't work). (Felipe)
- Fixed bug #49320 (PDO returns null when SQLite connection fails). (Felipe)
- Fixed bug #49234 (mysqli_ssl_set not found). (Andrey)
- Fixed bug #49216 (Reflection doesn't seem to work properly on MySqli).
(Andrey)
- Fixed bug #49192 (PHP crashes when GC invoked on COM object). (Stas)
- Fixed bug #49081 (DateTime::diff() mistake if start in January and interval >
28 days). (Derick)
- Fixed bug #49059 (DateTime::diff() repeats previous sub() operation).
(yoarvi@gmail.com, Derick)
- Fixed bug #48983 (DomDocument : saveHTMLFile wrong charset). (Rob)
- Fixed bug #48930 (__COMPILER_HALT_OFFSET__ incorrect in PHP >= 5.3). (Felipe)
- Fixed bug #48902 (Timezone database fallback map is outdated). (Derick)
- Fixed bug #48781 (Cyclical garbage collector memory leak). (Dmitry)
- Fixed bug #48601 (xpath() returns FALSE for legitimate query). (Rob)
- Fixed bug #48361 (SplFileInfo::getPathInfo should return the
parent dir). (Etienne)
- Fixed bug #48289 (iconv_mime_encode() quoted-printable scheme is broken).
(Adam, patch from hiroaki dot kawai at gmail dot com).
- Fixed bug #47842 (sscanf() does not support 64-bit values). (Mike)
- Fixed bug #46111 (Some timezone identifiers can not be parsed). (Derick)
- Fixed bug #45808 (stream_socket_enable_crypto() blocks and eats CPU).
(vincent at optilian dot com)
- Fixed bug #43233 (sasl support for ldap on Windows). (Pierre)
- Fixed bug #35673 (formatOutput does not work with saveHTML). (Rob)
- Fixed bug #33210 (getimagesize() fails to detect width/height on certain
JPEGs). (Ilia)
- Reverted fix for bug #49521 (PDO fetchObject sets values before calling
constructor). (Pierrick, Johannes)
- Changed gmp_strval() to use full range from 2 to 62, and -2 to -36. FR #50283
(David Soria Parra)
- Changed "post_max_size" php.ini directive to allow unlimited post size by
setting it to 0. (Rasmus)
- Changed tidyNode class to disallow manual node creation. (Pierrick)
- Fixed mysqlnd hang when queries exactly 16777214 bytes long are sent. (Andrey)
- Fixed incorrect decoding of 5-byte BIT sequences in mysqlnd. (Andrey)
- Fixed error_log() to be binary safe when using message_type 3. (Jani)
- Fixed unnecessary invocation of setitimer when timeouts have been disabled.
(Arvind Srinivasan)
- Fixed memory leak in extension loading when an error occurs on Windows.
(Pierre)
- Fixed safe_mode validation inside tempnam() when the directory path does
not end with a /). (Martin Jansen)
- Fixed a possible open_basedir/safe_mode bypass in session extension
identified by Grzegorz Stachowiak. (Ilia)
- Fixed possible crash when a error/warning is raised during php startup.
(Pierre)
- Fixed possible bad behavior of rename on windows when used with symbolic
links or invalid paths. (Pierre)
- Fixed error output to stderr on Windows. (Pierre)
- Fixed memory leaks in is_writable/readable/etc on Windows. (Pierre)
- Fixed memory leaks in the ACL function on Windows. (Pierre)
- Fixed memory leak in the realpath cache on Windows. (Pierre)
- Fixed memory leak in zip_close. (Pierre)
- Fixed crypt's blowfish sanity check of the "setting" string, to reject
iteration counts encoded as 36 through 39. (Solar Designer, Joey, Pierre)
- Fixed bug #51059 (crypt crashes when invalid salt are given). (Pierre)
- Fixed bug #50952 (allow underscore _ in constants parsed in php.ini files).
(Jani)
- Fixed bug #50940 (Custom content-length set incorrectly in Apache SAPIs).
(Brian France, Rasmus)
- Fixed bug #50930 (Wrong date by php_date.c patch with ancient gcc/glibc
versions). (Derick)
- Fixed bug #50907 (X-PHP-Originating-Script adding two new lines in *NIX).
(Ilia)
- Fixed bug #50859 (build fails with openssl 1.0 due to md2 deprecation).
(Ilia, hanno at hboeck dot de)
- Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes
long). (Ilia)
- Fixed bug #50829 (php.ini directive pdo_mysql.default_socket is ignored).
(Ilia)
- Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP
authentication). (Jani)
- Fixed bug #50787 (stream_set_write_buffer() has no effect on socket streams).
(vnegrier at optilian dot com, Ilia)
- Fixed bug #50761 (system.multiCall crashes in xmlrpc extension).
(hiroaki dot kawai at gmail dot com, Ilia)
- Fixed bug #50756 (CURLOPT_FTP_SKIP_PASV_IP does not exist). (Sriram)
- Fixed bug #50732 (exec() adds single byte twice to $output array). (Ilia)
- Fixed bug #50728 (All PDOExceptions hardcode 'code' property to 0).
(Joey, Ilia)
- Fixed bug #50723 (Bug in garbage collector causes crash). (Dmitry)
- Fixed bug #50690 (putenv does not set ENV when the value is only one char).
(Pierre)
- Fixed bug #50680 (strtotime() does not support eighth ordinal number). (Ilia)
- Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16). (Rob)
- Fixed bug #50657 (copy() with an empty (zero-byte) HTTP source succeeds but
returns false). (Ilia)
- Fixed bug #50636 (MySQLi_Result sets values before calling constructor).
(Pierrick)
- Fixed bug #50632 (filter_input() does not return default value if the
variable does not exist). (Ilia)
- Fixed bug #50576 (XML_OPTION_SKIP_TAGSTART option has no effect). (Pierrick)
- Fixed bug #50558 (Broken object model when extending tidy). (Pierrick)
- Fixed bug #50540 (Crash while running ldap_next_reference test cases).
(Sriram)
- Fixed bug #50519 (segfault in garbage collection when using set_error_handler
and DomDocument). (Dmitry)
- Fixed bug #50508 (compile failure: Conflicting HEADER type declarations).
(Jani)
- Fixed bug #50496 (Use of <stdbool.h> is valid only in a c99 compilation
environment. (Sriram)
- Fixed bug #50464 (declare encoding doesn't work within an included file).
(Felipe)
- Fixed bug #50458 (PDO::FETCH_FUNC fails with Closures). (Felipe, Pierrick)
- Fixed bug #50445 (PDO-ODBC stored procedure call from Solaris 64-bit causes
seg fault). (davbrown4 at yahoo dot com, Felipe)
- Fixed bug #50416 (PROCEDURE db.myproc can't return a result set in the given
context). (Andrey)
- Fixed bug #50394 (Reference argument converted to value in __call). (Stas)
- Fixed bug #50351 (performance regression handling objects, ten times slower
in 5.3 than in 5.2). (Dmitry)
- Fixed bug #50392 (date_create_from_format() enforces 6 digits for 'u'
format character). (Ilia)
- Fixed bug #50345 (nanosleep not detected properly on some solaris versions).
(Jani)
- Fixed bug #50340 (php.ini parser does not allow spaces in ini keys). (Jani)
- Fixed bug #50334 (crypt ignores sha512 prefix). (Pierre)
- Fixed bug #50323 (Allow use of ; in values via ;; in PDO DSN).
(Ilia, Pierrick)
- Fixed bug #50285 (xmlrpc does not preserve keys in encoded indexed arrays).
(Felipe)
- Fixed bug #50282 (xmlrpc_encode_request() changes object into array in
calling function). (Felipe)
- Fixed bug #50267 (get_browser(null) does not use HTTP_USER_AGENT). (Jani)
- Fixed bug #50266 (conflicting types for llabs). (Jani)
- Fixed bug #50261 (Crash When Calling Parent Constructor with
call_user_func()). (Dmitry)
- Fixed bug #50255 (isset() and empty() silently casts array to object).
(Felipe)
- Fixed bug #50240 (pdo_mysql.default_socket in php.ini shouldn't used
if it is empty). (foutrelis at gmail dot com, Ilia)
- Fixed bug #50231 (Socket path passed using --with-mysql-sock is ignored when
mysqlnd is enabled). (Jani)
- Fixed bug #50219 (soap call Segmentation fault on a redirected url).
(Pierrick)
- Fixed bug #50212 (crash by ldap_get_option() with LDAP_OPT_NETWORK_TIMEOUT).
(Ilia, shigeru_kitazaki at cybozu dot co dot jp)
- Fixed bug #50209 (Compiling with libedit cannot find readline.h).
(tcallawa at redhat dot com)
- Fixed bug #50207 (segmentation fault when concatenating very large strings on
64bit linux). (Ilia)
- Fixed bug #50196 (stream_copy_to_stream() produces warning when source is
not file). (Stas)
- Fixed bug #50195 (pg_copy_to() fails when table name contains schema. (Ilia)
- Fixed bug #50185 (ldap_get_entries() return false instead of an empty array
when there is no error). (Jani)
- Fixed bug #50174 (Incorrectly matched docComment). (Felipe)
- Fixed bug #50168 (FastCGI fails with wrong error on HEAD request to
non-existant file). (Dmitry)
- Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle
database). (Felipe)
- Fixed bug #50159 (wrong working directory in symlinked files). (Dmitry)
- Fixed bug #50158 (FILTER_VALIDATE_EMAIL fails with valid addresses
containing = or ?). (Pierrick)
- Fixed bug #50152 (ReflectionClass::hasProperty behaves like isset() not
property_exists). (Felipe)
- Fixed bug #50146 (property_exists: Closure object cannot have properties).
(Felipe)
- Fixed bug #50145 (crash while running bug35634.phpt). (Felipe)
- Fixed bug #50140 (With default compilation option, php symbols are unresolved
for nsapi). (Uwe Schindler)
- Fixed bug #50087 (NSAPI performance improvements). (Uwe Schindler)
- Fixed bug #50073 (parse_url() incorrect when ? in fragment). (Ilia)
- Fixed bug #50023 (pdo_mysql doesn't use PHP_MYSQL_UNIX_SOCK_ADDR). (Ilia)
- Fixed bug #50005 (Throwing through Reflection modified Exception object
makes segmentation fault). (Felipe)
- Fixed bug #49990 (SNMP3 warning message about security level printed twice).
(Jani)
- Fixed bug #49985 (pdo_pgsql prepare() re-use previous aborted
transaction). (ben dot pineau at gmail dot com, Ilia, Matteo)
- Fixed bug #49938 (Phar::isBuffering() returns inverted value). (Greg)
- Fixed bug #49936 (crash with ftp stream in php_stream_context_get_option()).
(Pierrick)
- Fixed bug #49921 (Curl post upload functions changed). (Ilia)
- Fixed bug #49866 (Making reference on string offsets crashes PHP). (Dmitry)
- Fixed bug #49855 (import_request_variables() always returns NULL). (Ilia,
sjoerd at php dot net)
- Fixed bug #49851, #50451 (http wrapper breaks on 1024 char long headers).
(Ilia)
- Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning).
(Ilia, wmeler at wp-sa dot pl)
- Fixed bug #49719 (ReflectionClass::hasProperty returns true for a private
property in base class). (Felipe)
- Fixed bug #49677 (ini parser crashes with apache2 and using ${something}
ini variables). (Jani)
- Fixed bug #49660 (libxml 2.7.3+ limits text nodes to 10MB). (Felipe)
- Fixed bug #49647 (DOMUserData does not exist). (Rob)
- Fixed bug #49600 (imageTTFText text shifted right). (Takeshi Abe)
- Fixed bug #49585 (date_format buffer not long enough for >4 digit years).
(Derick, Adam)
- Fixed bug #49560 (oci8: using LOBs causes slow PHP shutdown). (Oracle Corp.)
- Fixed bug #49521 (PDO fetchObject sets values before calling constructor).
(Pierrick)
- Fixed bug #49472 (Constants defined in Interfaces can be overridden).
(Felipe)
- Fixed bug #49463 (setAttributeNS fails setting default namespace). (Rob)
- Fixed bug #49244 (Floating point NaN cause garbage characters). (Sjoerd)
- Fixed bug #49224 (Compile error due to old DNS functions on AIX systems).
(Scott)
- Fixed bug #49174 (crash when extending PDOStatement and trying to set
queryString property). (Felipe)
- Fixed bug #48811 (Directives in PATH section do not get applied to
subdirectories). (Patch by: ct at swin dot edu dot au)
- Fixed bug #48590 (SoapClient does not honor max_redirects). (Sriram)
- Fixed bug #48190 (Content-type parameter "boundary" is not case-insensitive
in HTTP uploads). (Ilia)
- Fixed bug #47848 (importNode doesn't preserve attribute namespaces). (Rob)
- Fixed bug #47409 (extract() problem with array containing word "this").
(Ilia, chrisstocktonaz at gmail dot com)
- Fixed bug #47281 ($php_errormsg is limited in size of characters)
(Oracle Corp.)
- Fixed bug #46478 (htmlentities() uses obsolete mapping table for character
entity references). (Moriyoshi)
- Fixed bug #45599 (strip_tags() truncates rest of string with invalid
attribute). (Ilia, hradtke)
- Fixed bug #45120 (PDOStatement->execute() returns true then false for same
statement). (Pierrick)
- Fixed bug #44827 (define() allows :: in constant names). (Ilia)
- Fixed bug #44098 (imap_utf8() returns only capital letters).
(steffen at dislabs dot de, Pierre)
- Fixed bug #34852 (Failure in odbc_exec() using oracle-supplied odbc
driver). (tim dot tassonis at trivadis dot com)
- Changed ini file directives [PATH=](on Win32) and [HOST=](on all) to be case
insensitive. (garretts)
- Restored shebang line check to CGI sapi (not checked by scanner anymore).
(Jani)
- Fixed PECL bug #16842 (oci_error return false when NO_DATA_FOUND is raised).
(Chris Jones)
- Improved streams:
. Fixed confusing error message on failure when no errors are logged. (Greg)
. Added stream_supports_lock() function. (Benjamin Schulz)
. Added context parameter for copy() function. (Sara)
. Added "glob://" stream wrapper. (Marcus)
. Added "params" as optional parameter for stream_context_create(). (Sara)
. Added ability to use stream wrappers in include_path. (Gregory, Dmitry)
- Fixed a crash on extract in zip when files or directories entry names contain
a relative path. (Pierre)
- Fixed error conditions handling in stream_filter_append(). (Arnaud)
- Fixed zip filename property read. (Pierre)
- Fixed explode() behavior with empty string to respect negative limit. (Shire)
- Fixed security issue in imagerotate(), background colour isn't validated
correctly with a non truecolour image. Reported by Hamid Ebadi,
APA Laboratory (Fixes CVE-2008-5498). (Scott)
- Fixed a segfault when malformed string is passed to json_decode(). (Scott)
- Fixed bug in xml_error_string() which resulted in messages being
off by one. (Scott)
- Fixed PECL Bug #11345 (PDO_OCI crash after National language Support "NLS"
environment initialization error). (Chris Jones)
- Fixed PECL bug #11216 (crash in ZipArchive::addEmptyDir when a directory
already exists). (Pierre)
- Removed current working directory from the php.ini search path for CLI and
re-added it for other SAPIs (restore to pre 5.1.x behavior). (Edin)
- Moved extensions to PECL:
. ext/filepro (Derick, Tony)
. ext/hwapi (Derick, Tony)
- Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or
safe_mode are enabled. (Stefan E., Ilia)
- Increased default memory limit to 16 megabytes to accommodate for a more
accurate memory utilization measurement.
- In addition to path to php.ini, PHPRC now may specify full file name.
(Dmitry)
- Changed type hints to allow "null" as default value for class and array.
(Marcus, Derick, Dmitry)
- Changed SQLite extension to be a shared module in Windows distribution.
(Edin)
- Changed "instanceof" and "catch" operators, is_a() and is_subclass_of()
functions to not call __autoload(). (Dmitry)
- Changed sha1_file() and md5_file() functions to use streams instead of low
level IO. (Uwe)
- Changed abstract private methods to be not allowed anymore. (Stas)
- Changed stream_filter_(ap|pre)pend() to return resource. (Sara)
- Changed mysqli_exception and sqlite_exception to use RuntimeException as
base if SPL extension is present. (Georg, Marcus)