| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
13 Nov 2014, PHP 5.5.19
- Core:
. Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in
php_getopt()). (Stas)
. Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined). (Nikita)
. Fixed bug #68129 (parse_url() - incomplete support for empty usernames
and passwords) (Tjerk)
Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in
zend_hash_copy). (Dmitry)
- Fileinfo:
. Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB)
. Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers).
(CVE-2014-3710) (Remi)
- FPM:
. Implemented FR #55508 (listen and listen.allowed_clients should take IPv6
addresses). (Robin Gloster)
- GD:
. Fixed bug #65171 (imagescale() fails without height param). (Remi)
- GMP:
. Fixed bug #63595 (GMP memory management conflicts with other libraries
using GMP). (Remi)
- Mysqli:
. Fixed bug #68114 (linker error on some OS X machines with fixed width
decimal support) (Keyur Govande)
- ODBC:
. Fixed bug #68087 (ODBC not correctly reading DATE column when preceded by
a VARCHAR column) (Keyur Govande)
- SPL:
. Fixed bug #68128 (Regression in RecursiveRegexIterator) (Tjerk)
- CURL:
. Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and
CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl (Rasmus)
|
|
13 Nov 2014 PHP 5.4.35
- Core:
. Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in
zend_hash_copy). (Dmitry)
- Fileinfo:
. Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers).
(CVE-2014-3710) (Remi)
- GMP:
. Fixed bug #63595 (GMP memory management conflicts with other libraries
using GMP). (Remi)
- PDO_pgsql:
. Fixed bug #66584 (Segmentation fault on statement deallocation) (Matteo)
|
|
16 Oct 2014, PHP 5.4.34
- Fileinfo:
. Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB)
- Core:
. Fixed bug #67985 (Incorrect last used array index copied to new array after
unset). (Tjerk)
. Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)).
(CVE-2014-3669) (Stas)
- cURL:
. Fixed bug #68089 (NULL byte injection - cURL lib). (Stas)
- EXIF:
. Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
(Stas)
- OpenSSL:
. Reverted fixes for bug #41631, due to regressions. (Stas)
- XMLRPC:
. Fixed bug #68027 (Global buffer overflow in mkgmtime() function).
(CVE-2014-3668) (Stas)
|
|
16 Oct 2014, PHP 5.5.18
- Core:
. Fixed bug #67985 (Incorrect last used array index copied to new array after
unset). (Tjerk)
. Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported
as 6.2 (instead of 6.3)). (Christian Wenz)
. Fixed bug #67633 (A foreach on an array returned from a function not doing
copy-on-write). (Nikita)
. Fixed bug #51800 (proc_open on Windows hangs forever). (Anatol)
. Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)).
(CVE-2014-3669) (Stas)
- cURL:
. Fixed bug #68089 (NULL byte injection - cURL lib). (Stas)
- EXIF:
. Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
(Stas)
- FPM:
. Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable
when using Apache, mod_proxy-fcgi and ProxyPass). (Remi)
- OpenSSL:
. Revert regression introduced by fix of bug #41631
- Reflection:
. Fixed bug #68103 (Duplicate entry in Reflection for class alias). (Remi)
- Session:
. Fixed bug #67972 (SessionHandler Invalid memory read create_sid()). (Adam)
- XMLRPC:
. Fixed bug #68027 (Global buffer overflow in mkgmtime() function).
(CVE-2014-3668) (Stas)
|
|
18 Sep 2014, PHP 5.4.33
- Core:
. Fixed bug #47358 (glob returns error, should be empty array()). (Pierre)
. Fixed bug #65463 (SIGSEGV during zend_shutdown()). (Keyur Govande)
. Fixed bug #66036 (Crash on SIGTERM in apache process). (Keyur Govande)
- OpenSSL:
. Fixed bug #41631 (socket timeouts not honored in blocking SSL reads).
(Daniel Lowrey)
- Date:
. Fixed bug #66091 (memory leaks in DateTime constructor). (Tjerk)
- FPM:
. Fixed #67606 (FPM with mod_fastcgi/apache2.4 is broken). (David Zuelke)
- GD:
. Made fontFetch's path parser thread-safe. (Sara)
- Wddx:
. Fixed bug #67873 (Segfaults in php_wddx_serialize_var). (Anatol, Remi)
- Zlib:
. Fixed bug #67724 (chained zlib filters silently fail with large amounts of
data). (Mike)
. Fixed bug #67865 (internal corruption phar error). (Mike)
|
|
18 Sep 2014, PHP 5.5.17
- Core:
. Fixed bug #47358 (glob returns error, should be empty array()). (Pierre)
. Fixed bug #65463 (SIGSEGV during zend_shutdown()). (Keyur Govande)
. Fixed bug #66036 (Crash on SIGTERM in apache process). (Keyur Govande)
. Fixed bug #67878 (program_prefix not honoured in man pages). (Remi)
- COM:
. Fixed bug #41577 (DOTNET is successful once per server run)
(Aidas Kasparas)
- FPM:
. Fixed #67606 (FPM with mod_fastcgi/apache2.4 is broken). (David Zuelke)
- OpenSSL:
. Fixed bug #41631 (socket timeouts not honored in blocking SSL reads).
(Daniel Lowrey)
. Fixed bug #67850 (extension won't build if openssl compiled without SSLv3)
(Daniel Lowrey)
- SPL:
. Fixed bug #67813 (CachingIterator::__construct InvalidArgumentException
wrong message). (tim_siebels_aurich at yahoo dot de)
- Date:
. Fixed bug #66091 (memory leaks in DateTime constructor). (Tjerk)
. Fixed bug #66985 (Some timezones are no longer valid in PHP 5.5.10).
(Derick)
. Fixed bug #67109 (First uppercase letter breaks date string parsing).
(Derick)
- GD
. Made fontFetch's path parser thread-safe. (Sara).
- MySQLi:
. Fixed bug #67839 (mysqli does not handle 4-byte floats correctly). (Keyur)
- Zlib:
. Fixed bug #67724 (chained zlib filters silently fail with large amounts of
data). (Mike)
. Fixed bug #67865 (internal corruption phar error). Mike
|
|
21 Aug 2014, PHP 5.5.16
- COM:
. Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas).
- Fileinfo:
. Fixed bug #67705 (extensive backtracking in rule regular expression).
(CVE-2014-3538) (Remi)
. Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi)
- FPM:
. Fixed bug #67635 (php links to systemd libraries without using pkg-config).
(pacho@gentoo.org, Remi)
- GD:
. Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference).
(CVE-2014-2497) (Remi)
. Fixed bug #67730 (Null byte injection possible with imagexxx functions).
(CVE-2014-5120) (Ryan Mauger)
- Milter:
. Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike)
- OpenSSL:
. Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).
- readline:
. Fixed bug #55496 (Interactive mode doesn't force a newline before the
prompt). (Bob, Johannes)
. Fixed bug #67496 (Save command history when exiting interactive shell
with control-c). (Dmitry Saprykin, Johannes)
- Sessions:
. Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).
- Core:
. Fixed bug #67693 (incorrect push to the empty array) (Tjerk)
. Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi)
- ODBC:
. Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte
char fields). (Keyur)
|
|
07 Aug 2014, PHP 5.4.32
- Core:
. Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi)
- COM:
. Fixed missing type checks in com_event_sink. (Yussuf Khalil, Stas)
- Fileinfo:
. Fixed bug #67705 (extensive backtracking in rule regular expression).
(CVE-2014-3538) (Remi)
. Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi)
- GD:
. Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference).
(CVE-2014-2497) (Remi)
. Fixed bug #67730 (Null byte injection possible with imagexxx functions).
(CVE-2014-5120) (Ryan Mauger)
- Milter:
. Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike)
- OpenSSL:
. Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).
- Readline:
. Fixed bug #55496 (Interactive mode doesn't force a newline before the
prompt). (Bob, Johannes)
. Fixed bug #67496 (Save command history when exiting interactive shell
with control-c). (Dmitry Saprykin, Johannes)
- Sessions:
. Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).
- SPL:
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during
sorting). (research at insighti dot org, Laruence)
. Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence)
- Core:
. Fixed bug #67693 (incorrect push to the empty array) (Tjerk)
- ODBC:
. Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte
char fields). (Keyur)
- Zlib:
. Fixed bug #67724 (chained zlib filters silently fail with large amounts of
data). (Mike)
|
|
14 Aug 2014, PHP 5.3.29
- Core:
. Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)
. Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
. Fixed bug #67249 (printf out-of-bounds read). (Stas)
. Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
. Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
. Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence)
. Fixed bug #67390 (insecure temporary file use in the configure script).
(Remi) (CVE-2014-3981)
. Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas)
. Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type
Confusion) (CVE-2014-3515). (Stefan Esser)
. Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability).
(Stefan Esser)
- COM:
. Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas).
- Date:
. Fixed bug #66060 (Heap buffer over-read in DateInterval). (CVE-2013-6712)
(Remi)
. Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
. Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
- Exif:
. Fixed bug #65873 (Integer overflow in exif_read_data()). (Stas)
- Fileinfo:
. Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
. Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary
check). (CVE-2014-0207)
. Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS).
(CVE-2014-0238)
. Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting
in performance degradation). (CVE-2014-0237)
. Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal
string size). (Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary
check). (Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check).
(Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary
check). (Francisco Alonso, Jan Kaluza, Remi)
- Intl:
. Fixed bug #67349 (Locale::parseLocale Double Free). (Stas)
. Fixed bug #67397 (Buffer overflow in locale_get_display_name and
uloc_getDisplayName (libicu 4.8.1)). (Stas)
- Network:
. Fixed bug #67432 (Fix potential segfault in dns_check_record()).
(CVE-2014-4049). (Sara)
- OpenSSL:
. Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).
- Session:
. Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).
|
|
24 Jul 2014, PHP 5.4.31
- Core:
. Fixed bug #67428 (header('Location: foo') will override a 308-399 response
code). (Adam)
. Fixed bug #67436 (Autoloader isn't called if two method definitions don't
match). (Bob)
. Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0).
(Ferenc)
. Fixed bug #67151 (strtr with empty array crashes). (Nikita)
. Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server
2012). (Christian Wenz)
- CLI server:
. Implemented FR #67429 (CLI server is missing some new HTTP response codes).
(Adam)
. Fixed bug #66830 (Empty header causes PHP built-in web server to hang).
(Adam)
- FPM:
. Fixed bug #67530 (error_log=syslog ignored). (Remi)
. Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi)
- Intl:
. Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting).
(Stas)
- pgsql:
. Fixed bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756),
which affected builds against libpq < 7.3. (Adam)
- Phar:
. Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske)
- Streams:
. Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam)
|
|
24 Jul 2014, PHP 5.5.15
- Core:
. Fixed bug #67428 (header('Location: foo') will override a 308-399 response
code). (Adam)
. Fixed bug #67436 (Autoloader isn't called if two method definitions don't
match). (Bob)
. Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0).
(Ferenc)
. Fixed bug #67497 (eval with parse error causes segmentation fault in
generator). (Nikita)
. Fixed bug #67151 (strtr with empty array crashes). (Nikita)
. Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server
2012). (Christian Wenz)
- CLI server:
. Implemented FR #67429 (CLI server is missing some new HTTP response codes).
(Adam)
. Fixed bug #66830 (Empty header causes PHP built-in web server to hang).
(Adam)
- FPM:
. Fixed bug #67530 (error_log=syslog ignored). (Remi)
. Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi)
- Intl:
. Fixed bug #66921 (Wrong argument type hint for function
intltz_from_date_time_zone). (Stas)
. Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting).
(Stas)
- OPCache:
. Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault
happen) (Dmitry, Laruence)
- pgsql:
. Fixed bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756),
which affected builds against libpq < 7.3. (Adam)
- Phar:
. Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske)
- SPL:
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during
sorting). (research at insighti dot org, Laruence)
. Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence)
- Streams:
. Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam)
|
|
26 Jun 2014, PHP 5.5.14
- Core:
. Fixed BC break introduced by patch for bug #67072. (Anatol, Stas)
. Fixed bug #66622 (Closures do not correctly capture the late bound class
(static::) in some cases). (Levi Morrison)
. Fixed bug #67390 (insecure temporary file use in the configure script).
(CVE-2014-3981) (Remi)
. Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas)
. Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability).
(Stefan Esser)
- CLI server:
. Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi)
- Date:
. Fixed bug #67308 (Serialize of DateTime truncates fractions of second).
(Adam)
. Fixed regression in fix for bug #67118 (constructor can't be called twice).
(Remi)
- Fileinfo:
. Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check).
(CVE-2014-0207)
. Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal
string size). (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary
check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check).
(CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary
check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi)
- Intl:
. Fixed bug #67349 (Locale::parseLocale Double Free). (Stas)
. Fixed bug #67397 (Buffer overflow in locale_get_display_name and
uloc_getDisplayName (libicu 4.8.1)). (Stas)
- Network:
. Fixed bug #67432 (Fix potential segfault in dns_get_record()).
(CVE-2014-4049). (Sara)
- OPCache:
. Fixed issue #183 (TMP_VAR is not only used once). (Dmitry, Laruence)
- OpenSSL:
. Fixed bug #65698 (certificates validity parsing does not work past 2050).
(Paul Oehler)
. Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).
(Paul Oehler)
- PDO-ODBC:
. Fixed bug #50444 (PDO-ODBC changes for 64-bit).
- SOAP:
. Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski)
- SPL:
. Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)
. Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence)
. Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam)
. Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type
Confusion). (CVE-2014-3515) (Stefan Esser)
. Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
. Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
. Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
- DOM:
. Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
not only the subset). (Anatol)
- Fileinfo:
. Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
. Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238).
. Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
performance degradation) (CVE-2014-0237).
- FPM:
. Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
(Julio Pintos)
- GD:
. Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)
- PCRE:
. Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch
from the upstream). (Anatol)
- Phar:
. Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
in its name). (PR #588)
|
|
26 Jun 2014, PHP 5.4.30
- Core:
. Fixed BC break introduced by patch for bug #67072. (Anatol, Stas)
. Fixed bug #66622 (Closures do not correctly capture the late bound class
(static::) in some cases). (Levi Morrison)
. Fixed bug #67390 (insecure temporary file use in the configure script).
(CVE-2014-3981) (Remi)
. Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas)
. Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability).
(Stefan Esser)
- CLI server:
. Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi)
- Date:
. Fixed bug #67308 (Serialize of DateTime truncates fractions of second).
(Adam)
. Fixed regression in fix for bug #67118 (constructor can't be called twice).
(Remi)
- Fileinfo:
. Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary
check). (CVE-2014-0207)
. Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal
string size). (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary
check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check).
(CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary
check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi)
- Intl:
. Fixed bug #67349 (Locale::parseLocale Double Free). (Stas)
. Fixed bug #67397 (Buffer overflow in locale_get_display_name and
uloc_getDisplayName (libicu 4.8.1)). (Stas)
- Network:
. Fixed bug #67432 (Fix potential segfault in dns_get_record()).
(CVE-2014-4049). (Sara)
- OpenSSL:
. Fixed bug #65698 (certificates validity parsing does not work past 2050).
(Paul Oehler)
. Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).
(Paul Oehler)
- SOAP:
. Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski)
- SPL:
. Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)
. Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence)
. Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam)
. Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type
Confusion) (CVE-2014-3515). (Stefan Esser)
|
|
29 May 2014, PHP 5.4.29
- COM:
. Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)
- Core:
. Fixed bug #65701 (copy() doesn't work when destination filename is created
by tempnam()). (Boro Sitnikovski)
. Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
. Fixed bug #67245 (usage of memcpy() with overlapping src and dst in
zend_exceptions.c). (Bob)
. Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
. Fixed bug #67249 (printf out-of-bounds read). (Stas)
. Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
. Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
- Date:
. Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
. Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
. Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
- DOM:
. Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
not only the subset). (Anatol)
- Fileinfo:
. Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
. Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS).
(CVE-2014-0238)
. Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
performance degradation). (CVE-2014-0237)
- FPM:
. Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
(Julio Pintos)
- Phar:
. Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
in its name). (PR #588)
|
|
29 May 2014, PHP 5.5.13
- CLI server:
. Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol)
- COM:
. Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)
- Core:
. Fixed bug #65701 (copy() doesn't work when destination filename is created
by tempnam()). (Boro Sitnikovski)
. Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
. Fixed bug #67245 (usage of memcpy() with overlapping src and dst in
zend_exceptions.c). (Bob)
. Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
. Fixed bug #67249 (printf out-of-bounds read). (Stas)
. Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
. Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
- Curl:
. Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike)
- Date:
. Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
. Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
. Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
- DOM:
. Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
not only the subset). (Anatol)
- Fileinfo:
. Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
. Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238).
. Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
performance degradation) (CVE-2014-0237).
- FPM:
. Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
(Julio Pintos)
- GD:
. Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)
- PCRE:
. Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch
from the upstream). (Anatol)
- Phar:
. Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
in its name). (PR #588)
|
|
01 May 2014, PHP 5.4.28
- Core:
. Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
. Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace
UNIX sockets). (Mike)
. Fixed bug #66171 (Symlinks and session handler allow open_basedir bypass).
(Jann Horn, Stas)
. Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
. Fixed bug #66736 (fpassthru broken). (Mike)
. Fixed bug #67024 (getimagesize should recognize BMP files with negative
height). (Gabor Buella)
- cURL:
. Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
(Freek Lijten)
- Date:
. Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is
supplied). (Boro Sitnikovski)
- Embed:
. Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol)
- Fileinfo:
. Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
(Remi)
- FPM:
. Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
. Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure
default configuration) (CVE-2014-0185). (Stas)
- JSON:
. Fixed bug #66021 (Blank line inside empty array/object when
JSON_PRETTY_PRINT is set). (Kevin Israel)
- LDAP:
. Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
- OpenSSL:
. Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
. Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)
- SimpleXML:
. Fixed bug #66084 (simplexml_load_string() mangles empty node name)
(Anatol)
- XSL:
. Fixed bug #53965 (<xsl:include> cannot find files with relative paths
when loaded with "file://"). (Anatol)
- Apache2 Handler SAPI:
. Fixed Apache log issue caused by APR's lack of support for %zu
(APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120).
(Jeff Trawick)
|
|
01 May 2014, PHP 5.5.12
- Core:
. Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
. Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace
UNIX sockets). (Mike)
. Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
. Fixed bug #66736 (fpassthru broken). (Mike)
. Fixed bug #67024 (getimagesize should recognize BMP files with negative
height). (Gabor Buella)
. Fixed bug #67043 (substr_compare broke by previous change) (Tjerk)
- cURL:
. Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
(Freek Lijten)
- Date:
. Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is
supplied). (Boro Sitnikovski)
- Embed:
. Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol).
- Fileinfo:
. Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
(Remi)
- FPM:
. Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
. Fixed bug #67060 (possible privilege escalation due to insecure default configuration). (CVE-2014-0185) (christian at hoffie dot info)
- JSON:
. Fixed bug #66021 (Blank line inside empty array/object when
JSON_PRETTY_PRINT is set). (Kevin Israel)
- LDAP:
. Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
- mysqli:
. Fixed problem in mysqli_commit()/mysqli_rollback() with second parameter
(extra comma) and third parameters (lack of escaping). (Andrey)
- OpenSSL:
. Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
. Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)
- SimpleXML:
. Fixed bug #66084 (simplexml_load_string() mangles empty node name)
(Anatol)
- SQLite:
. Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3). (Anatol)
- XSL:
. Fixed bug #53965 (<xsl:include> cannot find files with relative paths
when loaded with "file://"). (Anatol)
- Apache2 Handler SAPI:
. Fixed Apache log issue caused by APR's lack of support for %zu
(APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120).
(Jeff Trawick)
|
|
03 Apr 2014, PHP 5.4.27
- Core:
. Fixed bug #60602 (proc_open() changes environment array) (Tjerk)
- Fileinfo:
. Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular
expression). (CVE-2013-7345) (Remi)
- FPM:
. Added clear_env configuration directive to disable clearenv() call.
(Github PR# 598, Paul Annesley)
- GMP
. fixed bug#66872 (invalid argument crashes gmp_testbit) (Pierre)
- Mail:
. Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)
- MySQLi:
. Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)
(Remi)
- Openssl:
. Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)
|
|
CVE-2013-7345 is already fixed in 5.5.10nb2.
03 Apr 2014, PHP 5.5.11
- Core:
. Allow zero length comparison in substr_compare() (Tjerk)
. Fixed bug #60602 (proc_open() changes environment array) (Tjerk)
- SPL:
. Added feature #65545 (SplFileObject::fread()) (Tjerk)
- cURL:
. Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour) (Tjerk)
. Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive.
(Adam)
- FPM:
. Added clear_env configuration directive to disable clearenv() call.
(Github PR# 598, Paul Annesley)
- Fileinfo:
. Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular
expression). (CVE-2013-7345) (Remi)
- GD:
. Fixed bug #66714 (imageconvolution breakage). (Brad Daily)
. Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget) (Pierre)
. Fixed bug #66887 (imagescale - poor quality of scaled image). (Remi)
. Fixed bug #66890 (imagescale segfault). (Remi)
. Fixed bug #66893 (imagescale ignore method argument). (Remi)
- Hash:
. hash_pbkdf2() now works correctly if the $length argument is not specified.
(Nikita)
- Intl:
. Fixed bug #66873 (A reproductible crash in UConverter when given invalid
encoding) (Stas)
- Mail:
. Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)
- MySQLi:
. Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)
(Remi)
- OPCache
. Added function opcache_is_script_cached(). (Danack)
. Added information about interned strings usage. (Terry, Julien, Dmitry)
- Openssl:
. Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)
- GMP
. Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre)
- SQLite:
. Updated bundled libsqlite to 3.8.3.1 (Anatol)
|
|
Version 5.5.10
6-Mar-2014
* Core:
- Fixed bug #66574 (Allow multiple paths in php_ini_scanned_path).
* Date:
- Fixed bug #45528 (Allow the DateTimeZone constructor to accept timezones
per offset too).
* Fileinfo:
- Fixed bug #66731 (file: infinite recursion (CVE-2014-1943)).
- Fixed bug #66820 (out-of-bounds memory access in fileinfo (CVE-2014-2270)).
* GD:
- Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer
(CVE-2013-7327)).
* JSON:
- Fixed bug #65753 (JsonSerializeable couldn't implement on module extension).
* LDAP:
- Implemented ldap_modify_batch (https://wiki.php.net/rfc/ldap_modify_batch).
* Openssl:
- Fixed bug #66501 (Add EC key support to php_openssl_is_private_key).
* PCRE:
- Upgraded to PCRE 8.34.
* Pgsql:
- Added warning for dangerous client encoding and remove possible injections
for pg_insert()/pg_update()/pg_delete()/pg_select().
|
|
Version 5.4.26
06-Mar-2014
* JSON:
- Fixed bug #65753 (JsonSerializeable couldn't implement on module extension)
* Fileinfo:
- Fixed bug #66731 (file: infinite recursion) (CVE-2014-1943).
- Fixed bug #66820 (out-of-bounds memory access in fileinfo) (CVE-2014-2270).
* LDAP:
- Implemented ldap_modify_batch (https://wiki.php.net/rfc/ldap_modify_batch).
* Openssl:
- Fixed bug #66501 (Add EC key support to php_openssl_is_private_key).
* Pgsql:
- Added warning for dangerous client encoding and remove possible injections
for pg_insert()/pg_update()/pg_delete()/pg_select().
|
|
06 Feb 2014, PHP 5.4.25
- Core:
. Fixed bug #66286 (Incorrect object comparison with inheritance). (Nikita)
. Fixed bug #66509 (copy() arginfo has changed starting from 5.4).
(Will Fitch)
- mysqlnd
. Fixed bug #66283 (Segmentation fault after memory_limit). (Johannes)
- PDO_pgsql:
. Fixed bug #62479 (PDO-psql cannot connect if password contains spaces).
(Will Fitch, Ilia)
- Session:
. Fixed bug #66481 (Calls to session_name() segfault when session.name is
null). (Laruence)
|
|
06 Feb 2014, PHP 5.5.9
- Core:
. Fixed bug #66509 (copy() arginfo has changed starting from 5.4). (willfitch)
- GD:
. Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop()).
(Laruence, Remi)
- OPCache:
. Fixed bug #66474 (Optimizer bug in constant string to boolean conversion).
(Dmitry)
. Fixed bug #66461 (PHP crashes if opcache.interned_strings_buffer=0).
(Dmitry)
. Fixed bug #66298 (ext/opcache/Optimizer/zend_optimizer.c has dos-style
^M as lineend). (Laruence)
- PDO_pgsql:
. Fixed bug #62479 (PDO-psql cannot connect if password contains
spaces) (willfitch, iliaa)
- Readline
. Fixed Bug #66412 (readline_clear_history() with libedit causes segfault after
#65714). (Remi)
- Session
. Fixed bug #66469 (Session module is sending multiple set-cookie headers when
session.use_strict_mode=1) (Yasuo)
. Fixed bug #66481 (Segfaults on session_name()).
(cmcdermottroe at engineyard dot com, Yasuo)
- Standard
. Fixed bug #66395 (basename function doesn't remove drive letter). (Anatol)
- Sockets:
. Fixed bug #66381 (__ss_family was changed on AIX 5.3). (Felipe)
- Zend Engine
. Fixed bug #66009 (Failed compilation of PHP extension with C++ std
library using VS 2012). (Anatol)
|
|
9 Jan 2014, PHP 5.5.8
- Core:
. Disallowed JMP into a finally block. (Laruence)
. Added validation of class names in the autoload process. (Dmitry)
. Fixed invalid C code in zend_strtod.c. (Lior Kaplan)
. Fixed bug #66041 (list() fails to unpack yielded ArrayAccess object).
(Nikita)
. Fixed bug #65764 (generators/throw_rethrow FAIL with
ZEND_COMPILE_EXTENDED_INFO). (Nikita)
. Fixed bug #61645 (fopen and O_NONBLOCK). (Mike)
. Fixed bug #66218 (zend_register_functions breaks reflection). (Remi)
- Date:
. Fixed bug #66060 (Heap buffer over-read in DateInterval). (Remi)
. Fixed bug #65768 (DateTimeImmutable::diff does not work). (Nikita Nefedov)
- DOM:
. Fixed bug #65196 (Passing DOMDocumentFragment to DOMDocument::saveHTML()
Produces invalid Markup). (Mike)
- Exif:
. Fixed bug #65873 (Integer overflow in exif_read_data()). (Stas)
- Filter:
. Fixed bug #66229 (128.0.0.0/16 isn't reserved any longer). (Adam)
- GD:
. Fixed bug #64405 (Use freetype-config for determining freetype2 dir(s)).
(Adam)
- PDO_odbc:
. Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries).
(michael at orlitzky dot com)
- MySQLi:
. Fixed bug #65486 (mysqli_poll() is broken on win x64). (Anatol)
- OPCache:
. Fixed reavlidate_path=1 behavior to avoid caching of symlinks values.
(Dmitry)
. Fixed Issue #140: "opcache.enable_file_override" doesn't respect
"opcache.revalidate_freq". (Dmitry).
- SNMP:
. Fixed SNMP_ERR_TOOBIG handling for bulk walk operations. (Boris Lytochkin)
- SOAP
. Fixed bug #66112 (Use after free condition in SOAP extension).
(martin dot koegler at brz dot gv dot at)
- Sockets:
. Fixed bug #65923 (ext/socket assumes AI_V4MAPPED is defined). (Felipe)
- XSL
. Fixed bug #49634 (Segfault throwing an exception in a XSL registered
function). (Mike)
- ZIP:
. Fixed Bug #66321 (ZipArchive::open() ze_obj->filename_len not real). (Remi)
|
|
09 Jan 2014, PHP 5.4.24
- Core:
. Added validation of class names in the autoload process. (Dmitry)
. Fixed invalid C code in zend_strtod.c. (Lior Kaplan)
. Fixed bug #61645 (fopen and O_NONBLOCK). (Mike)
- Date:
. Fixed bug #66060 (Heap buffer over-read in DateInterval). (Remi)
. Fixed bug #63391 (Incorrect/inconsistent day of week prior to the year
1600). (Derick, T. Carter)
. Fixed bug #61599 (Wrong Day of Week). (Derick, T. Carter)
- DOM:
. Fixed bug #65196 (Passing DOMDocumentFragment to DOMDocument::saveHTML()
Produces invalid Markup). (Mike)
- Exif:
. Fixed bug #65873 (Integer overflow in exif_read_data()). (Stas)
- Filter:
. Fixed bug #66229 (128.0.0.0/16 isn't reserved any longer). (Adam)
- GD:
. Fixed bug #64405 (Use freetype-config for determining freetype2 dir(s)).
(Adam)
- PDO_odbc:
. Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries).
(michael at orlitzky dot com)
- SNMP:
. Fixed SNMP_ERR_TOOBIG handling for bulk walk operations. (Boris Lytochkin)
- XSL
. Fixed bug #49634 (Segfault throwing an exception in a XSL registered
function). (Mike)
- ZIP:
. Fixed Bug #66321 (ZipArchive::open() ze_obj->filename_len not real). (Remi)
|
|
12 Dec 2013, PHP 5.5.7
- CLI server:
. Added some MIME types to the CLI web server (Chris Jones)
. Implemented FR #65917 (getallheaders() is not supported by the built-in web
server) - also implements apache_response_headers() (Andrea Faulds)
- Core:
. Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a
string). (Laruence)
- OPCache
. Fixed bug #66176 (Invalid constant substitution). (Dmitry)
. Fixed bug #65915 (Inconsistent results with require return value). (Dmitry)
. Fixed bug #65559 (Opcache: cache not cleared if changes occur while
running). (Dmitry)
- OpenSSL:
. Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420).
(Stefan Esser).
- readline
. Fixed Bug #65714 (PHP cli forces the tty to cooked mode). (Remi)
|
|
28 Nov 2013, PHP 5.4.23
- Core:
. Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a
string). (Laruence)
. Fixed bug #65947 (basename is no more working after fgetcsv in certain
situation). (Laruence)
- JSON
. Fixed whitespace part of bug #64874 ("json_decode handles whitespace and
case-sensitivity incorrectly"). (Andrea Faulds)
- MySQLi:
. Fixed bug #66043 (Segfault calling bind_param() on mysqli). (Laruence)
- mysqlnd:
. Fixed bug #66124 (mysqli under mysqlnd loses precision when bind_param
with 'i'). (Andrey)
. Fixed bug #66141 (mysqlnd quote function is wrong with NO_BACKSLASH_ESCAPES
after failed query). (Andrey)
- OpenSSL:
. Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420).
(Stefan Esser).
- PDO
. Fixed bug 65946 (sql_parser permanently converts values bound to strings)
|
|
12 Dec 2013, PHP 5.3.28
- Openssl:
. Fixed handling null bytes in subjectAltName (CVE-2013-4073).
(Christian Heimes)
. Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420).
(Stefan Esser).
|
|
Version 5.4.22
14-Nov-2013
* Core:
- Fixed bug #65911 (scope resolution operator - strange behavior with
$this).
CLI server:
- Fixed bug #65818 (Segfault with built-in webserver and chunked transfer
encoding).
* Exif:
- Fixed crash on unknown encoding.
* FTP:
- Fixed bug #65667 (ftp_nb_continue produces segfault).
* ODBC:
- Fixed bug #65950 (Field name truncation if the field name is bigger than
32 characters).
* Sockets:
- Fixed bug #65808 (the socket_connect() won't work with IPv6 address).
* Standard:
- Fixed bug #64760 (var_export() does not use full precision for
floating-point numbers).
* XMLReader:
- Fixed bug #51936 (Crash with clone XMLReader).
- Fixed bug #64230 (XMLReader does not suppress errors).
|
|
14 Nov 2013, PHP 5.5.6
- Core:
. Fixed bug #65947 (basename is no more working after fgetcsv in certain
situation). (Laruence)
. Improved performance of array_merge() and func_get_args() by eliminating
useless copying. (Dmitry)
. Fixed bug #65939 (Space before ";" breaks php.ini parsing).
(brainstorm at nopcode dot org)
. Fixed bug #65911 (scope resolution operator - strange behavior with $this).
(Bob Weinand)
. Fixed bug #65936 (dangling context pointer causes crash). (Tony)
- FPM:
. Changed default listen() backlog to 65535. (Tony)
- MySQLi:
. Fixed bug #66043 (Segfault calling bind_param() on mysqli). (Laruence)
- OPcache
. Increased limit for opcache.max_accelerated_files to 1,000,000. (Chris)
. Fixed issue #115 (path issue when using phar). (Dmitry)
. Fixed issue #149 (Phar mount points not working with OPcache enabled).
(Dmitry)
- ODBC
. Fixed bug #65950 (Field name truncation if the field name is bigger than
32 characters). (patch submitted by: michael dot y at zend dot com, Yasuo)
- PDO:
. Fixed bug #66033 (Segmentation Fault when constructor of PDO statement
throws an exception). (Laruence)
. Fixed bug 65946 (sql_parser permanently converts values bound to strings)
- Standard:
. Fixed bug #64760 (var_export() does not use full precision for floating-point
numbers) (Yasuo)
|
|
17 Oct 2013, PHP 5.5.5
- Core:
. Fixed bug #64979 (Wrong behavior of static variables in closure generators).
(Nikita)
. Fixed bug #65322 (compile time errors won't trigger auto loading). (Nikita)
. Fixed bug #65821 (By-ref foreach on property access of string offset
segfaults). (Nikita)
- CLI server:
. Fixed bug #65633 (built-in server treat some http headers as
case-sensitive). (Adam)
. Fixed bug #65818 (Segfault with built-in webserver and chunked transfer
encoding). (Felipe)
. Added application/pdf to PHP CLI Web Server mime types (Chris Jones)
- Datetime:
. Fixed bug #64157 (DateTime::createFromFormat() reports confusing error
message). (Boro Sitnikovski)
. Fixed bug #65502 (DateTimeImmutable::createFromFormat returns DateTime).
(Boro Sitnikovski)
. Fixed bug #65548 (Comparison for DateTimeImmutable doesn't work).
(Boro Sitnikovski)
- DBA extension:
. Fixed bug #65708 (dba functions cast $key param to string in-place,
bypassing copy on write). (Adam)
- Filter:
. Add RFC 6598 IPs to reserved addresses. (Sebastian Nohn)
. Fixed bug #64441 (FILTER_VALIDATE_URL rejects fully qualified domain names).
(Syra)
- FTP:
. Fixed bug #65667 (ftp_nb_continue produces segfault). (Philip Hofstetter)
- GD
. Ensure that the defined interpolation method is used with the generic
scaling methods. (Pierre)
- IMAP:
. Fixed bug #65721 (configure script broken in 5.5.4 and 5.4.20 when enabling
imap). (ryotakatsuki at gmail dot com)
- OPcache:
. Added support for GNU Hurd. (Svante Signell)
. Added function opcache_compile_file() to load PHP scripts into cache
without execution. (Julien)
. Fixed bug #65845 (Error when Zend Opcache Optimizer is fully enabled).
(Dmitry)
. Fixed bug #65665 (Exception not properly caught when opcache enabled).
(Laruence)
. Fixed bug #65510 (5.5.2 crashes in _get_zval_ptr_ptr_var). (Dmitry)
. Fixed issue #135 (segfault in interned strings if initial memory is too
low). (Julien)
- Sockets:
. Fixed bug #65808 (the socket_connect() won't work with IPv6 address).
(Mike)
- SPL:
. Fix bug #64782 (SplFileObject constructor make $context optional / give it
a default value). (Nikita)
- Standard:
. Fixed bug #61548 (content-type must appear at the end of headers for 201
Location to work in http). (Mike)
- XMLReader:
. Fixed bug #51936 (Crash with clone XMLReader). (Mike)
. Fixed bug #64230 (XMLReader does not suppress errors). (Mike)
- Build system:
. Fixed bug #51076 (race condition in shtool's mkdir -p implementation).
(Mike, Raphael Geissert)
. Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing
gzencode())). (Mike)
|
|
17 Oct 2013, PHP 5.4.21
- Core:
. Fixed bug #65322 (compile time errors won't trigger auto loading). (Nikita)
- CLI server:
. Fixed bug #65633 (built-in server treat some http headers as
case-sensitive). (Adam)
- Datetime:
. Fixed bug #64157 (DateTime::createFromFormat() reports confusing error
message). (Boro Sitnikovski)
- DBA extension:
. Fixed bug #65708 (dba functions cast $key param to string in-place,
bypassing copy on write). (Adam)
- Filter:
. Add RFC 6598 IPs to reserved addresses. (Sebastian Nohn)
. Fixed bug #64441 (FILTER_VALIDATE_URL rejects fully qualified domain names).
(Syra)
- IMAP:
. Fixed bug #65721 (configure script broken in 5.5.4 and 5.4.20 when enabling
imap). (ryotakatsuki at gmail dot com)
- Standard:
. Fixed bug #61548 (content-type must appear at the end of headers for 201
Location to work in http). (Mike)
- Build system:
. Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing
gzencode())). (Mike)
|
|
18 Sep 2013, PHP 5.5.4
- Core:
. Fixed bug #60598 (cli/apache sapi segfault on objects manipulation).
(Laruence)
. Improved fputcsv() to allow specifying escape character.
. Fixed bug #65490 (Duplicate calls to get lineno & filename for
DTRACE_FUNCTION_*). (Chris Jones)
. Fixed bug #65483 (quoted-printable encode stream filter incorrectly encoding
spaces). (Michael M Slusarz)
. Fixed bug #65470 (Segmentation fault in zend_error() with
--enable-dtrace). (Chris Jones, Kris Van Hees)
. Fixed bug #65225 (PHP_BINARY incorrectly set). (Patrick Allaert)
. Fixed bug #62692 (PHP fails to build with DTrace). (Chris Jones, Kris Van Hees)
. Fixed bug #61759 (class_alias() should accept classes with leading
backslashes). (Julien)
. Fixed bug #46311 (Pointer aliasing issue results in miscompile on gcc4.4).
(Nikita Popov)
- cURL:
. Fixed bug #65458 (curl memory leak). (Adam)
- Datetime:
. Fixed bug #65554 (createFromFormat broken when weekday name is followed
by some delimiters). (Valentin Logvinskiy, Stas).
. Fixed bug #65564 (stack-buffer-overflow in DateTimeZone stuff caught
by AddressSanitizer). (Remi).
- OPCache:
. Fixed bug #65561 (Zend Opcache on Solaris 11 x86 needs ZEND_MM_ALIGNMENT=4).
(Terry Ellison)
- Openssl:
. Fixed bug #64802 (openssl_x509_parse fails to parse subject properly in
some cases). (Mark Jones)
- Session:
. Fixed bug #65475 (Session ID is not initialized properly when strict session
is enabled). (Yasuo)
. Fixed bug #51127/#65359 Request #25630/#43980/#54383 (Added php_serialize
session serialize handler that uses plain serialize()). (Yasuo)
- Standard:
. Fix issue with return types of password API helper functions. Found via
static analysis by cjones. (Anthony Ferrara)
|
|
19 Sep 2013, PHP 5.4.20
- Core:
. Fixed bug #60598 (cli/apache sapi segfault on objects manipulation).
(Laruence)
. Fixed bug #65579 (Using traits with get_class_methods causes segfault).
(Adam)
. Fixed bug #65490 (Duplicate calls to get lineno & filename for
DTRACE_FUNCTION_*). (Chris Jones)
. Fixed bug #65483 (quoted-printable encode stream filter incorrectly encoding
spaces). (Michael M Slusarz)
. Fixed bug #65481 (shutdown segfault due to serialize) (Mike)
. Fixed bug #65470 (Segmentation fault in zend_error() with
--enable-dtrace). (Chris Jones, Kris Van Hees)
. Fixed bug #65372 (Segfault in gc_zval_possible_root when return reference
fails). (Laruence)
. Fixed bug #65304 (Use of max int in array_sum). (Laruence)
. Fixed bug #65291 (get_defined_constants() causes PHP to crash in a very
limited case). (Arpad)
. Fixed bug #65225 (PHP_BINARY incorrectly set). (Patrick Allaert)
. Improved fix for bug #63186 (compile failure on netbsd). (Matteo)
. Fixed bug #62692 (PHP fails to build with DTrace). (Chris Jones, Kris Van Hees)
. Fixed bug #61759 (class_alias() should accept classes with leading
backslashes). (Julien)
. Fixed bug #61345 (CGI mode - make install don't work). (Michael Heimpold)
. Cherry-picked some DTrace build commits (allowing builds on Linux,
bug #62691, and bug #63706) from PHP 5.5 branch
. Fixed bug #61268 (--enable-dtrace leads make to clobber
Zend/zend_dtrace.d) (Chris Jones)
- cURL:
. Fixed bug #65458 (curl memory leak). (Adam)
- Datetime:
. Fixed bug #65554 (createFromFormat broken when weekday name is followed
by some delimiters). (Valentin Logvinskiy, Stas).
. Fixed bug #65564 (stack-buffer-overflow in DateTimeZone stuff caught
by AddressSanitizer). (Remi).
- Openssl:
. Fixed bug #64802 (openssl_x509_parse fails to parse subject properly in
some cases). (Mark Jones)
- Session:
. Fixed bug #62129 (rfc1867 crashes php even though turned off). (gxd305 at
gmail dot com)
. Fixed bug #50308 (session id not appended properly for empty anchor tags).
(Arpad)
. Fixed possible buffer overflow under Windows. Note: Not a security fix.
(Yasuo)
. Changed session.auto_start to PHP_INI_PERDIR. (Yasuo)
- SOAP:
. Fixed bug #65018 (SoapHeader problems with SoapServer). (Dmitry)
- SPL:
. Fixed bug #65328 (Segfault when getting SplStack object Value). (Laruence)
- PDO:
. Fixed bug #64953 (Postgres prepared statement positional parameter
casting). (Mike)
- Phar:
. Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for
some specific contents). (Stas)
- Pgsql:
. Fixed bug #65336 (pg_escape_literal/identifier() silently returns false).
(Yasuo)
. Fixed bug #62978 (Disallow possible SQL injections with pg_select()/pg_update()
/pg_delete()/pg_insert()). (Yasuo)
- Zlib:
. Fixed bug #65391 (Unable to send vary header user-agent when
ob_start('ob_gzhandler') is called) (Mike)
|
|
22 Aug 2013, PHP 5.5.3
- Openssl:
. Fixed UMR in fix for CVE-2013-4248.
|
|
22 Aug 2013, PHP 5.4.19
- Core:
. Fixed bug #64503 (Compilation fails with error: conflicting types for
'zendparse'). (Laruence)
- Openssl:
. Fixed UMR in fix for CVE-2013-4248.
|
|
|
|
15 Aug 2013, PHP 5.4.18
- Core:
. Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS constant (previously was
erroneously set to FILTER_SANITIZE_SPECIAL_CHARS value). (Andrey
avp200681 gmail com).
. Fixed bug #65254 (Exception not catchable when exception thrown in autoload
with a namespace). (Laruence)
. Fixed bug #65108 (is_callable() triggers Fatal Error).
(David Soria Parra, Laruence)
. Fixed bug #65088 (Generated configure script is malformed on OpenBSD).
(Adam)
. Fixed bug #62964 (Possible XSS on "Registered stream filters" info).
(david at nnucomputerwhiz dot com)
. Fixed bug #62672 (Error on serialize of ArrayObject). (Lior Kaplan)
. Fixed bug #62475 (variant_* functions causes crash when null given as an
argument). (Felipe)
. Fixed bug #60732 (php_error_docref links to invalid pages). (Jakub Vrana)
. Fixed bug #65226 (chroot() does not get enabled). (Anatol)
- CGI:
. Fixed Bug #65143 (Missing php-cgi man page). (Remi)
- CLI server:
. Fixed bug #65066 (Cli server not responsive when responding with 422 http
status code). (Adam)
- CURL:
. Fixed bug #62665 (curl.cainfo doesn't appear in php.ini). (Lior Kaplan)
- FPM:
. Fixed bug #63983 (enabling FPM borks compile on FreeBSD).
(chibisuke at web dot de, Felipe)
- FTP:
. Fixed bug #65228 (FTPs memory leak with SSL).
(marco dot beierer at mbsecurity dot ch)
- GMP:
. Fixed bug #65227 (Memory leak in gmp_cmp second parameter). (Felipe)
- Imap:
. Fixed bug #64467 (Segmentation fault after imap_reopen failure).
(askalski at gmail dot com)
- Intl:
. Fixed bug #62759 (Buggy grapheme_substr() on edge case). (Stas)
. Fixed bug #61860 (Offsets may be wrong for grapheme_stri* functions).
(Stas)
- mysqlnd:
. Fixed segfault in mysqlnd when doing long prepare. (Andrey)
- ODBC:
. Fixed bug #61387 (NULL valued anonymous column causes segfault in
odbc_fetch_array). (Brandon Kirsch)
- Openssl:
. Fixed handling null bytes in subjectAltName (CVE-2013-4073).
(Christian Heimes)
- PDO:
. Allowed PDO_OCI to compile with Oracle Database 12c client libraries.
(Chris Jones)
- PDO_dblib:
. Fixed bug #65219 (PDO/dblib not working anymore ("use dbName" not sent)).
(Stanley Sufficool)
- PDO_pgsql:
. Fixed meta data retrieve when OID is larger than 2^31. (Yasuo)
- Phar:
. Fixed Bug #65142 (Missing phar man page). (Remi)
- Session
. Fixed bug #62535 ($_SESSION[$key]["cancel_upload"] doesn't work as
documented). (Arpad)
. Fixed bug #35703 (when session_name("123") consist only digits,
should warning). (Yasuo)
. Fixed bug #49175 (mod_files.sh does not support hash bits). Patch by
oorza2k5 at gmail dot com (Yasuo)
- Sockets:
. Implemented FR #63472 (Setting SO_BINDTODEVICE with socket_set_option).
(Damjan Cvetko)
- SPL:
. Fixed bug #65136 (RecursiveDirectoryIterator segfault). (Laruence)
. Fixed bug #61828 (Memleak when calling Directory(Recursive)Iterator
/Spl(Temp)FileObject ctor twice). (Laruence)
. Fixed bug #60560 (SplFixedArray un-/serialize, getSize(), count() return 0,
keys are strings). (Adam)
- XML:
. Fixed bug #65236 (heap corruption in xml parser, CVE-2013-4113). (Rob)
|
|
|
|
* Make PKG_PHP's value as description in comment.
|
|
* Define PHP's version at one place.
* Remove obsolete description in comments.
* Add "used by www/php-fpm/Makefile" in php5[34]/Makefile.php.
* Remove commented out support for suhosin extension from php54.
* Add PHP_CHECK_INSTALLED and PHP_EXTENSION_DIR to php/phpversion.mk.
No functional should be made.
|
|
|
|
|
|
|
|
last update of php53/php54.
|
|
|
|
* Update PHP53_VERSION and PHP54_VERSION.
|
|
|
|
|
