| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Changes:
Core:
Fixed bug #73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c).
Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by password_verify).
Fixed bug #73058 (crypt broken when salt is 'too' long).
Fixed bug #69579 (Invalid free in extension trait).
Fixed bug #73156 (segfault on undefined function).
Fixed bug #73163 (PHP hangs if error handler throws while accessing undef const in default value).
Fixed bug #73172 (parse error: Invalid numeric literal).
Fixed for #73240 (Write out of bounds at number_format).
Fixed bug #73147 (Use After Free in PHP7 unserialize()).
Fixed bug #73189 (Memcpy negative size parameter php_resolve_path).
BCmath:
Fixed bug #73190 (memcpy negative parameter _bc_new_num_ex).
COM:
Fixed bug #73126 (Cannot pass parameter 1 by reference).
Date:
Fixed bug #73091 (Unserializing DateInterval object may lead to __toString invocation).
DOM:
Fixed bug #73150 (missing NULL check in dom_document_save_html).
Filter:
Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE).
Fixed bug #73054 (default option ignored when object passed to int filter).
GD:
Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette).
Fixed bug #50194 (imagettftext broken on transparent background w/o alphablending).
Fixed bug #73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c).
Fixed bug #53504 (imagettfbbox gives incorrect values for bounding box).
Fixed bug #73157 (imagegd2() ignores 3rd param if 4 are given).
Fixed bug #73155 (imagegd2() writes wrong chunk sizes on boundaries).
Fixed bug #73159 (imagegd2(): unrecognized formats may result in corrupted files).
Fixed bug #73161 (imagecreatefromgd2() may leak memory).
Intl:
Fixed bug #73218 (add mitigation for ICU int overflow).
Mbstring:
Fixed bug #66797 (mb_substr only takes 32-bit signed integer).
Fixed bug #66964 (mb_convert_variables() cannot detect recursion).
Fixed bug #72992 (mbstring.internal_encoding doesn't inherit default_charset).
Mysqlnd:
Fixed bug #72489 (PHP Crashes When Modifying Array Containing MySQLi Result Data).
Opcache:
Fixed bug #72982 (Memory leak in zend_accel_blacklist_update_regexp() function).
OpenSSL:
Fixed bug #73072 (Invalid path SNI_server_certs causes segfault).
Fixed bug #73276 (crash in openssl_random_pseudo_bytes function).
Fixed bug #73275 (crash in openssl_encrypt function).
PCRE:
Fixed bug #73121 (Bundled PCRE doesn't compile because JIT isn't supported on s390).
Fixed bug #73174 (heap overflow in php_pcre_replace_impl).
PDO_DBlib:
Fixed bug #72414 (Never quote values as raw binary data).
Allow \PDO::setAttribute() to set query timeouts.
Handle SQLDECIMAL/SQLNUMERIC types, which are used by later TDS versions.
Add common PDO test suite.
Free error and message strings when cleaning up PDO instances.
Fixed bug #67130 (\PDOStatement::nextRowset() should succeed when all rows in current rowset haven't been fetched).
Ignore potentially misleading dberr values.
phpdbg:
Fixed bug #72996 (phpdbg_prompt.c undefined reference to DL_LOAD).
Fixed next command not stopping when leaving function.
Session:
Fixed bug #68015 (Session does not report invalid uid for files save handler).
Fixed bug #73100 (session_destroy null dereference in ps_files_path_create).
SimpleXML:
Fixed bug #73293 (NULL pointer dereference in SimpleXMLElement::asXML()).
SOAP:
Fixed bug #71711 (Soap Server Member variables reference bug).
Fixed bug #71996 (Using references in arrays doesn't work like expected).
SPL:
Fixed bug #73257, Fixed bug #73258 (SplObjectStorage unserialize allows use of non-object as key).
SQLite3:
Updated bundled SQLite3 to 3.14.2.
Zip:
Fixed bug #70752 (Depacking with wrong password leaves 0 length files).
|
|
Changes:
- Core:
. Fixed bug #73156 (segfault on undefined function). (Dmitry)
. Fixed bug #73163 (PHP hangs if error handler throws while accessing undef
const in default value). (Nikita)
. Fixed bug #73172 (parse error: Invalid numeric literal). (Nikita, Anatol)
. Fixed bug #73181 (parse_str() without a second argument leads to crash).
(Nikita)
- COM:
. Fixed bug #73126 (Cannot pass parameter 1 by reference). (Anatol)
. Fixed bug #69579 (Invalid free in extension trait). (John Boehr)
- GD:
. Fixed bug #50194 (imagettftext broken on transparent background w/o
alphablending). (cmb)
. Fixed bug #73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c). (trylab,
cmb)
. Fixed bug #53504 (imagettfbbox gives incorrect values for bounding box).
(Mark Plomer, cmb)
. Fixed bug #73157 (imagegd2() ignores 3rd param if 4 are given). (cmb)
. Fixed bug #73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb)
. Fixed bug #73159 (imagegd2(): unrecognized formats may result in corrupted
files). (cmb)
. Fixed bug #73161 (imagecreatefromgd2() may leak memory). (cmb)
- JSON:
. Fixed bug #73113 (Segfault with throwing JsonSerializable). (julien)
- PCRE:
. Fixed bug #73121 (Bundled PCRE doesn't compile because JIT isn't supported
on s390). (Anatol)
- PDO_DBlib:
. Fixed bug #72414 (Never quote values as raw binary data). (Adam Baratz)
. Allow \PDO::setAttribute() to set query timeouts. (Adam Baratz)
. Handle SQLDECIMAL/SQLNUMERIC types, which are used by later TDS versions.
(Adam Baratz)
. Add common PDO test suite. (Adam Baratz)
. Free error and message strings when cleaning up PDO instances.
(Adam Baratz)
. Fixed bug #67130 (\PDOStatement::nextRowset() should succeed when all rows
in current rowset haven't been fetched). (Peter LeBrun)
. Ignore potentially misleading dberr values. (Chris Kings-Lynne)
- phpdbg:
. Added generator command for inspection of currently alive generators. (Bob)
- Reflection
. Undo backwards compatiblity break in ReflectionType->__toString() and
deprecate via documentation instead. (Nikita)
- Session:
. Fixed bug #73100 (session_destroy null dereference in ps_files_path_create).
(cmb)
|
|
Thanks for wiz@ who noted me via private e-mail.
|
|
15 Sep 2016 PHP 7.0.11
- Core:
. Fixed bug #72944 (Null pointer deref in zval_delref_p). (Dmitry)
. Fixed bug #72943 (assign_dim on string doesn't reset hval). (Laruence)
. Fixed bug #72911 (Memleak in zend_binary_assign_op_obj_helper). (Laruence)
. Fixed bug #72813 (Segfault with __get returned by ref). (Laruence)
. Fixed bug #72767 (PHP Segfaults when trying to expand an infinite operator).
(Nikita)
. Fixed bug #72854 (PHP Crashes on duplicate destructor call). (Nikita)
. Fixed bug #72857 (stream_socket_recvfrom read access violation). (Anatol)
- COM:
. Fixed bug #72922 (COM called from PHP does not return out parameters).
(Anatol)
- Dba:
. Fixed bug #70825 (Cannot fetch multiple values with group in ini file).
(cmb)
- FTP:
. Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with
require_ssl_reuse). (Benedict Singer)
- GD:
. Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles). (cmb)
. Fixed bug #66005 (imagecopy does not support 1bit transparency on truecolor
images). (cmb)
. Fixed bug #72913 (imagecopy() loses single-color transparency on palette
images). (cmb)
. Fixed bug #68716 (possible resource leaks in _php_image_convert()). (cmb)
- iconv:
. Fixed bug #72320 (iconv_substr returns false for empty strings). (cmb)
- IMAP:
. Fixed bug #72852 (imap_mail null dereference). (Anatol)
- Intl:
. Fixed bug #65732 (grapheme_*() is not Unicode compliant on CR LF
sequence). (cmb)
. Fixed bug #73007 (add locale length check). (Stas)
- Mysqlnd:
. Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields). (Stas)
- OCI8
. Fixed invalid handle error with Implicit Result Sets. (Chris Jones)
. Fixed bug #72524 (Binding null values triggers ORA-24816 error). (Chris Jones)
- Opcache:
. Fixed bug #72949 (Typo in opcache error message). (cmb)
- PDO:
. Fixed bug #72788 (Invalid memory access when using persistent PDO
connection). (Keyur)
. Fixed bug #72791 (Memory leak in PDO persistent connection handling). (Keyur)
. Fixed bug #60665 (call to empty() on NULL result using PDO::FETCH_LAZY
returns false). (cmb)
- PDO_DBlib:
. Implemented stringify 'uniqueidentifier' fields.
(Alexander Zhuravlev, Adam Baratz)
- PDO_pgsql:
. Implemented FR #72633 (Postgres PDO lastInsertId() should work without
specifying a sequence). (Pablo Santiago Sánchez, Matteo)
. Fixed bug #72759 (Regression in pgo_pgsql). (Anatol)
- Phar:
. Fixed bug #72928 (Out of bound when verify signature of zip phar in
phar_parse_zipfile). (Stas)
. Fixed bug #73035 (Out of bound when verify signature of tar phar in
phar_parse_tarfile). (Stas)
- Reflection:
. Fixed bug #72846 (getConstant for a array constant with constant values
returns NULL/NFC/UKNOWN). (Laruence)
- Session:
. Fixed bug #72724 (PHP7: session-uploadprogress kills httpd). (Nikita)
. Fixed bug #72940 (SID always return "name=ID", even if session
cookie exist). (Yasuo)
- SimpleXML:
. Fixed bug #72971 (SimpleXML isset/unset do not respect namespace). (Nikita)
. Fixed bug #72957 (Null coalescing operator doesn't behave as expected with
SimpleXMLElement). (Nikita)
- SPL:
. Fixed bug #73029 (Missing type check when unserializing SplArray). (Stas)
- Standard:
. Fixed bug #55451 (substr_compare NULL length interpreted as 0). (Lauri
Kenttä)
. Fixed bug #72278 (getimagesize returning FALSE on valid jpg). (cmb)
. Fixed bug #65550 (get_browser() incorrectly parses entries with "+" sign).
(cmb)
- Streams:
. Fixed bug #72853 (stream_set_blocking doesn't work). (Laruence)
. Fixed bug #72764 (ftps:// opendir wrapper data channel encryption fails
with IIS FTP 7.5, 8.5). (vhuk)
. Fixed bug #71882 (Negative ftruncate() on php://memory exhausts memory).
(cmb)
- SQLite3:
. Downgraded bundled SQLite to 3.8.10.2. (Anatol);
- Sysvshm:
. Fixed bug #72858 (shm_attach null dereference). (Anatol)
- XML:
. Fixed bug #72085 (SEGV on unknown address zif_xml_parse). (cmb)
. Fixed bug #72714 (_xml_startElementHandler() segmentation fault). (cmb)
- Wddx:
. Fixed bug #72860 (wddx_deserialize use-after-free). (Stas)
. Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element). (Stas)
- ZIP:
. Fixed bug #68302 (impossible to compile php with zip support). (cmb)
|
|
15 Sep 2016, PHP 5.6.26
- Core:
. Fixed bug #72907 (null pointer deref, segfault in gc_remove_zval_from_buffer
(zend_gc.c:260)). (Laruence)
- Dba:
. Fixed bug #71514 (Bad dba_replace condition because of wrong API usage).
(cmb)
. Fixed bug #70825 (Cannot fetch multiple values with group in ini file).
(cmb)
- EXIF:
. Fixed bug #72926 (Uninitialized Thumbail Data Leads To Memory Leakage in
exif_process_IFD_in_TIFF). (Stas)
- FTP:
. Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with
require_ssl_reuse). (Benedict Singer)
- GD:
. Fixed bug #66005 (imagecopy does not support 1bit transparency on truecolor
images). (cmb)
. Fixed bug #72913 (imagecopy() loses single-color transparency on palette
images). (cmb)
. Fixed bug #68716 (possible resource leaks in _php_image_convert()). (cmb)
- Intl:
. Fixed bug #73007 (add locale length check). (Stas)
- JSON:
. Fixed bug #72787 (json_decode reads out of bounds). (Jakub Zelenka)
- mbstring:
. Fixed bug #66797 (mb_substr only takes 32-bit signed integer). (cmb)
. Fixed bug #72910 (Out of bounds heap read in mbc_to_code() / triggered by
mb_ereg_match()). (Stas)
- MSSQL:
. Fixed bug #72039 (Use of uninitialised value on mssql_guid_string). (Kalle)
- Mysqlnd:
. Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields). (Stas)
- Phar:
. Fixed bug #72928 (Out of bound when verify signature of zip phar in
phar_parse_zipfile). (Stas)
. Fixed bug #73035 (Out of bound when verify signature of tar phar in
phar_parse_tarfile). (Stas)
- PDO:
. Fixed bug #60665 (call to empty() on NULL result using PDO::FETCH_LAZY
returns false). (cmb)
- PDO_pgsql:
. Implemented FR #72633 (Postgres PDO lastInsertId() should work without
specifying a sequence). (Pablo Santiago Sánchez, Matteo)
. Fixed bug #72759 (Regression in pgo_pgsql). (Anatol)
- SPL:
. Fixed bug #73029 (Missing type check when unserializing SplArray). (Stas)
- Standard:
. Fixed bug #72823 (strtr out-of-bound access). (cmb)
. Fixed bug #72278 (getimagesize returning FALSE on valid jpg). (cmb)
. Fixed bug #65550 (get_browser() incorrectly parses entries with "+" sign).
(cmb)
. Fixed bug #71882 (Negative ftruncate() on php://memory exhausts memory).
(cmb)
. Fixed bug #73011 (integer overflow in fgets cause heap corruption). (Stas)
. Fixed bug #73017 (memory corruption in wordwrap function). (Stas)
. Fixed bug #73045 (integer overflow in fgetcsv caused heap corruption). (Stas)
. Fixed bug #73052 (Memory Corruption in During Deserialized-object Destruction)
(Stas)
- Streams:
. Fixed bug #72853 (stream_set_blocking doesn't work). (Laruence)
- Wddx:
. Fixed bug #72860 (wddx_deserialize use-after-free). (Stas)
. Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element). (Stas)
- XML:
. Fixed bug #72085 (SEGV on unknown address zif_xml_parse). (cmb)
. Fixed bug #72927 (integer overflow in xml_utf8_encode). (Stas)
- ZIP:
. Fixed bug #68302 (impossible to compile php with zip support). (cmb)
|
|
01 Sep 2016, PHP 7.1.0RC1
- Core:
. Fixed bug #72944 (Null pointer deref in zval_delref_p). (Dmitry)
. Fixed bug #72943 (assign_dim on string doesn't reset hval). (Laruence)
. Fixed bug #72598 (Reference is lost after array_slice()) (Nikita)
. Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by
password_verify). (Anatol)
. Implement \ArgumentCountError when passing in too few arguments (Davey)
- COM:
. Fixed bug #72922 (COM called from PHP does not return out parameters).
(Anatol)
- Dba:
. Fixed bug #70825 (Cannot fetch multiple values with group in ini file).
(cmb)
- GD:
. Fixed bug #66005 (imagecopy does not support 1bit transparency on truecolor
images). (cmb)
. Fixed bug #72913 (imagecopy() loses single-color transparency on palette
images). (cmb)
. Fixed bug #68716 (possible resource leaks in _php_image_convert()). (cmb)
- iconv:
. Fixed bug #72320 (iconv_substr returns false for empty strings). (cmb)
- Intl:
. Fixed bug #65732 (grapheme_*() is not Unicode compliant on CR LF
sequence). (cmb)
- JSON:
. Implemented earlier return when json_encode fails, fixes bugs #68992
(Stacking exceptions thrown by JsonSerializable) and #70275 (On recursion
error, json_encode can eat up all system memory). (Jakub Zelenka)
- mbstring:
. Fixed bug #66797 (mb_substr only takes 32-bit signed integer). (cmb)
- Opcache:
. Fixed bug #72949 (Typo in opcache error message). (cmb)
- PDO_DBlib:
. Implemented stringify 'uniqueidentifier' fields.
(Alexander Zhuravlev, Adam Baratz)
- Reflection:
. Reverted prepending \ for class names. (Trowski)
- Session:
. Fixed bug #72940 (SID always return "name=ID", even if session
cookie exist). (Yasuo)
. Implemented session_gc() and session_create_id() functions. (Yasuo)
- SimpleXML:
. Fixed bug #72971 (SimpleXML isset/unset do not respect namespace). (Nikita)
. Fixed bug #72957 (Null coalescing operator doesn't behave as expected with
SimpleXMLElement). (Nikita)
- SOAP:
. Fixed bug #71711 (Soap Server Member variables reference bug). (Nikita)
. Fixed bug #71996 (Using references in arrays doesn't work like expected).
(Nikita)
- Standard:
. Fixed bug #72920 (Accessing a private constant using constant() creates
an exception AND warning). (Laruence)
. Fixed bug #65550 (get_browser() incorrectly parses entries with "+" sign).
(cmb)
. Fixed bug #71882 (Negative ftruncate() on php://memory exhausts memory).
(cmb)
- XML:
. Fixed bug #72714 (_xml_startElementHandler() segmentation fault). (cmb)
|
|
7.1.0beta3 was upgraded to 7.1.0RC1 without a corresponding update to
the distinfo file.
|
|
|
|
|
|
especially if a package requires newer versions.
|
|
18 Aug 2016, PHP 7.1.0beta3
- Core:
. Fixed bug #72813 (Segfault with __get returned by ref). (Laruence)
. Fixed bug #72767 (PHP Segfaults when trying to expand an infinite operator).
(Nikita)
. TypeError messages for arg_info type checks will now say "must be ...
or null" where the parameter or return type accepts null. (Andrea)
. Fixed bug #72857 (stream_socket_recvfrom read access violation). (Anatol)
. Fixed bug #72663 (Create an Unexpected Object and Don't Invoke
__wakeup() in Deserialization). (Stas)
. Fixed bug #72681 (PHP Session Data Injection Vulnerability). (Stas)
. Fixed bug #72742 (memory allocator fails to realloc small block to large
one). (Stas)
- Bz2:
. Fixed bug #72837 (integer overflow in bzdecompress caused heap
corruption). (Stas)
- Curl
. Fixed bug #72674 (Heap overflow in curl_escape). (Stas)
- EXIF:
. Fixed bug #72735 (Samsung picture thumb not read (zero size)). (Kalle, Remi)
. Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF). (Stas)
- FTP:
. Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with
require_ssl_reuse). (Benedict Singer)
- mbstring:
. Fixed bug #72711 (`mb_ereg` does not clear the `$regs` parameter on
failure). (ju1ius)
- Mcrypt:
. Fixed bug #72782 (Heap Overflow due to integer overflows). (Stas)
- OCI8
. Fixed invalid handle error with Implicit Result Sets. (Chris Jones)
. Fixed bug #72524 (Binding null values triggers ORA-24816 error). (Chris Jones)
- Opcache:
. Fixed bug #72762 (Infinite loop while parsing a file with opcache enabled).
(Nikita)
- PDO:
. Fixed bug #72788 (Invalid memory access when using persistent PDO
connection). (Keyur)
. Fixed bug #72791 (Memory leak in PDO persistent connection handling). (Keyur)
. Fixed bug #60665 (call to empty() on NULL result using PDO::FETCH_LAZY
returns false). (cmb)
- Reflection:
. Implemented request #38992 (invoke() and invokeArgs() static method calls
should match). (cmb).
. Add ReflectionNamedType::getName() and return leading "?" for nullable types
from ReflectionType::__toString(). (Trowski)
- Session:
. Implemented RFC: Session ID without hashing. (Yasuo)
https://wiki.php.net/rfc/session-id-without-hashing
- SPL:
. Fixed bug #72888 (Segfault on clone on splFileObject). (Laruence)
- SQLite3:
. Updated to SQLite3 3.14.0. (cmb)
- Standard:
. Fixed bug #55451 (substr_compare NULL length interpreted as 0). (Lauri
Kenttä)
. Fixed bug #72278 (getimagesize returning FALSE on valid jpg). (cmb)
- Stream:
. Fixed bug #72853 (stream_set_blocking doesn't work). (Laruence)
. Fixed bug #72743 (Out-of-bound read in php_stream_filter_create).
(Loianhtuan)
. Implemented FR #27814 (Multiple small packets send for HTTP request).
(vhuk)
. Fixed bug #72764 (ftps:// opendir wrapper data channel encryption fails
with IIS FTP 7.5, 8.5). (vhuk)
. Fixed bug #72810 (Missing SKIP_ONLINE_TESTS checks). (vhuk)
- sysvshm:
. Fixed bug #72858 (shm_attach null dereference). (Anatol)
- XML:
. Fixed bug #72085 (SEGV on unknown address zif_xml_parse). (cmb)
- ZIP:
. Fixed bug #68302 (impossible to compile php with zip support). (cmb)
|
|
18 Aug 2016 PHP 7.0.10
- Core:
. Fixed bug #72629 (Caught exception assignment to variables ignores
references). (Laruence)
. Fixed bug #72594 (Calling an earlier instance of an included anonymous
class fatals). (Laruence)
. Fixed bug #72581 (previous property undefined in Exception after
deserialization). (Laruence)
. Fixed bug #72496 (Cannot declare public method with signature incompatible
with parent private method). (Pedro Magalhães)
. Fixed bug #72024 (microtime() leaks memory). (maroszek at gmx dot net)
. Fixed bug #71911 (Unable to set --enable-debug on building extensions by
phpize on Windows). (Yuji Uchiyama)
. Fixed bug causing ClosedGeneratorException being thrown into the calling
code instead of the Generator yielding from. (Bob)
. Implemented FR #72614 (Support "nmake test" on building extensions by
phpize). (Yuji Uchiyama)
. Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX).
(Yuji Uchiyama)
. Fixed potential segfault in object storage freeing in shutdown sequence.
(Bob)
. Fixed bug #72663 (Create an Unexpected Object and Don't Invoke
__wakeup() in Deserialization). (Stas)
. Fixed bug #72681 (PHP Session Data Injection Vulnerability). (Stas)
. Fixed bug #72683 (getmxrr broken). (Anatol)
. Fixed bug #72742 (memory allocator fails to realloc small block to large
one). (Stas)
- Bz2:
. Fixed bug #72837 (integer overflow in bzdecompress caused heap
corruption). (Stas)
- Calendar:
. Fixed bug #67976 (cal_days_month() fails for final month of the French
calendar). (cmb)
. Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in
zif_cal_from_jd). (cmb)
- COM:
. Fixed bug #72569 (DOTNET/COM array parameters broke in PHP7). (Anatol)
- CURL:
. Fixed bug #71709 (curl_setopt segfault with empty CURLOPT_HTTPHEADER).
(Pierrick)
. Fixed bug #71929 (CURLINFO_CERTINFO data parsing error). (Pierrick)
. Fixed bug #72674 (Heap overflow in curl_escape). (Stas)
- DOM:
. Fixed bug #66502 (DOM document dangling reference). (Sean Heelan, cmb)
- EXIF:
. Fixed bug #72735 (Samsung picture thumb not read (zero size)). (Kalle, Remi)
. Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF). (Stas)
- Filter:
. Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8
range). (bugs dot php dot net at majkl578 dot cz)
- FPM:
. Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user).
(gooh)
- GD:
. Fixed bug #72596 (imagetypes function won't advertise WEBP support). (cmb)
. Fixed bug #72604 (imagearc() ignores thickness for full arcs). (cmb)
. Fixed bug #70315 (500 Server Error but page is fully rendered). (cmb)
. Fixed bug #43828 (broken transparency of imagearc for truecolor in
blendingmode). (cmb)
. Fixed bug #66555 (Always false condition in ext/gd/libgd/gdkanji.c). (cmb)
. Fixed bug #68712 (suspicious if-else statements). (cmb)
. Fixed bug #72697 (select_colors write out-of-bounds). (Stas)
. Fixed bug #72730 (imagegammacorrect allows arbitrary write access). (Stas)
- Intl:
. Fixed bug #72639 (Segfault when instantiating class that extends
IntlCalendar and adds a property). (Laruence)
. Partially fixed #72506 (idn_to_ascii for UTS #46 incorrect for long domain
names). (cmb)
- mbstring:
. Fixed bug #72691 (mb_ereg_search raises a warning if a match zero-width).
(cmb)
. Fixed bug #72693 (mb_ereg_search increments search position when a match
zero-width). (cmb)
. Fixed bug #72694 (mb_ereg_search_setpos does not accept a string's last
position). (cmb)
. Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error).
(ju1ius)
- Mcrypt:
. Fixed bug #72782 (Heap Overflow due to integer overflows). (Stas)
- Opcache:
. Fixed bug #72590 (Opcache restart with kill_all_lockers does not work).
(Keyur)
- PCRE:
. Fixed bug #72688 (preg_match missing group names in matches). (cmb)
- PDO_pgsql:
. Fixed bug #70313 (PDO statement fails to throw exception). (Matteo)
- Reflection:
. Fixed bug #72222 (ReflectionClass::export doesn't handle array constants).
(Nikita Nefedov)
- SimpleXML:
. Fixed bug #72588 (Using global var doesn't work while accessing SimpleXML
element). (Laruence)
- SNMP:
. Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory
allocation). (djodjo at gmail dot com)
- SPL:
. Fixed bug #55701 (GlobIterator throws LogicException). (Valentin VĂLCIU)
. Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape
character). (cmb)
. Fixed bug #72684 (AppendIterator segfault with closed generator). (Pierrick)
- SQLite3:
. Fixed bug #72668 (Spurious warning when exception is thrown in user defined
function). (Laruence)
. Fixed bug #72571 (SQLite3::bindValue, SQLite3::bindParam crash). (Laruence)
. Implemented FR #72653 (SQLite should allow opening with empty filename).
(cmb)
. Updated to SQLite3 3.13.0. (cmb)
- Standard:
. Fixed bug #72622 (array_walk + array_replace_recursive create references
from nothing). (Laruence)
. Fixed bug #72152 (base64_decode $strict fails to detect null byte).
(Lauri Kenttä)
. Fixed bug #72263 (base64_decode skips a character after padding in strict
mode). (Lauri Kenttä)
. Fixed bug #72264 (base64_decode $strict fails with whitespace between
padding). (Lauri Kenttä)
. Fixed bug #72330 (CSV fields incorrectly split if escape char followed by
UTF chars). (cmb)
- Streams:
. Fixed bug #41021 (Problems with the ftps wrapper). (vhuk)
. Fixed bug #54431 (opendir() does not work with ftps:// wrapper). (vhuk)
. Fixed bug #72667 (opendir() with ftp:// attempts to open data stream for
non-existent directories). (vhuk)
. Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol downgrade
attack). (Stas)
- XMLRPC:
. Fixed bug #72647 (xmlrpc_encode() unexpected output after referencing
array elements). (Laruence)
- Wddx:
. Fixed bug #72564 (boolean always deserialized as "true") (Remi)
. Fixed bug #72142 (WDDX Packet Injection Vulnerability in
wddx_serialize_value()). (Taoguang Chen)
. Fixed bug #72749 (wddx_deserialize allows illegal memory access) (Stas)
. Fixed bug #72750 (wddx_deserialize null dereference). (Stas)
. Fixed bug #72790 (wddx_deserialize null dereference with invalid xml).
(Stas)
. Fixed bug #72799 (wddx_deserialize null dereference in
php_wddx_pop_element). (Stas)
- Zip:
. Fixed bug #72660 (NULL Pointer dereference in zend_virtual_cwd).
(Laruence)
|
|
18 Aug 2016, PHP 5.6.25
- Bz2:
. Fixed bug #72837 (integer overflow in bzdecompress caused heap
corruption). (Stas)
- Core:
. Fixed bug #70436 (Use After Free Vulnerability in unserialize()).
(Taoguang Chen)
. Fixed bug #72024 (microtime() leaks memory). (maroszek at gmx dot net)
. Fixed bug #72581 (previous property undefined in Exception after
deserialization). (Laruence)
. Implemented FR #72614 (Support "nmake test" on building extensions by
phpize). (Yuji Uchiyama)
. Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX).
(Yuji Uchiyama)
. Fixed bug #72663 (Create an Unexpected Object and Don't Invoke
__wakeup() in Deserialization). (Stas)
. Fixed bug #72681 (PHP Session Data Injection Vulnerability). (Stas)
- Calendar:
. Fixed bug #67976 (cal_days_month() fails for final month of the French
calendar). (cmb)
. Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in
zif_cal_from_jd). (cmb)
- Curl:
. Fixed bug #71144 (Segmentation fault when using cURL with ZTS).
(maroszek at gmx dot net)
. Fixed bug #71929 (Certification information (CERTINFO) data parsing error).
(Pierrick)
. Fixed bug #72807 (integer overflow in curl_escape caused heap
corruption). (Stas)
- DOM:
. Fixed bug #66502 (DOM document dangling reference). (Sean Heelan, cmb)
- Ereg:
. Fixed bug #72838 (Integer overflow lead to heap corruption in
sql_regcase). (Stas)
- EXIF:
. Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF). (Stas)
. Fixed bug #72735 (Samsung picture thumb not read (zero size)). (Kalle, Remi)
- Filter:
. Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8
range). (bugs dot php dot net at majkl578 dot cz)
- FPM:
. Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user).
(gooh)
- GD:
. Fixed bug #43828 (broken transparency of imagearc for truecolor in
blendingmode). (cmb)
. Fixed bug #66555 (Always false condition in ext/gd/libgd/gdkanji.c). (cmb)
. Fixed bug #68712 (suspicious if-else statements). (cmb)
. Fixed bug #70315 (500 Server Error but page is fully rendered). (cmb)
. Fixed bug #72596 (imagetypes function won't advertise WEBP support). (cmb)
. Fixed bug #72604 (imagearc() ignores thickness for full arcs). (cmb)
. Fixed bug #72697 (select_colors write out-of-bounds). (Stas)
. Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles). (cmb)
. Fixed bug #72730 (imagegammacorrect allows arbitrary write access). (Stas)
- Intl:
. Partially fixed #72506 (idn_to_ascii for UTS #46 incorrect for long domain
names). (cmb)
- mbstring:
. Fixed bug #72691 (mb_ereg_search raises a warning if a match zero-width).
(cmb)
. Fixed bug #72693 (mb_ereg_search increments search position when a match
zero-width). (cmb)
. Fixed bug #72694 (mb_ereg_search_setpos does not accept a string's last
position). (cmb)
. Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error).
(ju1ius)
- PCRE:
. Fixed bug #72688 (preg_match missing group names in matches). (cmb)
- PDO_pgsql:
. Fixed bug #70313 (PDO statement fails to throw exception). (Matteo)
- Reflection:
. Fixed bug #72222 (ReflectionClass::export doesn't handle array constants).
(Nikita Nefedov)
- SNMP:
. Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory
allocation). (djodjo at gmail dot com)
- Standard:
. Fixed bug #72330 (CSV fields incorrectly split if escape char followed by
UTF chars). (cmb)
. Fixed bug #72836 (integer overflow in base64_decode). (Stas)
. Fixed bug #72848 (integer overflow in quoted_printable_encode). (Stas)
. Fixed bug #72849 (integer overflow in urlencode). (Stas)
. Fixed bug #72850 (integer overflow in php_uuencode). (Stas)
. Fixed bug #72716 (initialize buffer before read). (Stas)
- Streams:
. Fixed bug #41021 (Problems with the ftps wrapper). (vhuk)
. Fixed bug #54431 (opendir() does not work with ftps:// wrapper). (vhuk)
. Fixed bug #72667 (opendir() with ftp:// attempts to open data stream for
non-existent directories). (vhuk)
. Fixed bug #72764 (ftps:// opendir wrapper data channel encryption fails
with IIS FTP 7.5, 8.5). (vhuk)
. Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol downgrade
attack). (Stas)
- SPL:
. Fixed bug #72122 (IteratorIterator breaks '@' error suppression). (kinglozzer)
. Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape
character). (cmb)
. Fixed bug #72684 (AppendIterator segfault with closed generator). (Pierrick)
- SQLite3:
. Implemented FR #72653 (SQLite should allow opening with empty filename).
(cmb)
- Wddx:
. Fixed bug #72142 (WDDX Packet Injection Vulnerability in
wddx_serialize_value()). (Taoguang Chen)
. Fixed bug #72749 (wddx_deserialize allows illegal memory access) (Stas)
. Fixed bug #72750 (wddx_deserialize null dereference). (Stas)
. Fixed bug #72790 (wddx_deserialize null dereference with invalid xml).
(Stas)
. Fixed bug #72799 (wddx_deserialize null dereference in
php_wddx_pop_element). (Stas)
|
|
|
|
|
|
|
|
2016-12-31, but quite a few modules don't have versions with PHP7 support yet, so 7.0 is not quite good default yet
|
|
MODNAME, but use PKGMODNAME as the base for extension file to load; this deals with modules like apcu_bc, which has extension name 'apc', but needs to be loaded after 'apcu' since it uses it's symbols
|
|
PKGMODNAME such as php-pdflib; problem reported by Uwe Klaus
|
|
21 Jul 2016 PHP 7.0.9
- Core:
. Fixed bug #72508 (strange references after recursive function call and
"switch" statement). (Laruence)
. Fixed bug #72513 (Stack-based buffer overflow vulnerability in
virtual_file_ex). (Stas)
. Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries
and applications). (Stas)
- bz2:
. Fixed bug #72613 (Inadequate error handling in bzread()). (Stas)
- CLI:
. Fixed bug #72484 (SCRIPT_FILENAME shows wrong path if the user specify
router.php). (Laruence)
- COM:
. Fixed bug #72498 (variant_date_from_timestamp null dereference). (Anatol)
- Curl:
. Fixed bug #72541 (size_t overflow lead to heap corruption). (Stas)
- Exif:
. Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
(Stas)
. Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).
(Stas)
- GD:
. Fixed bug #43475 (Thick styled lines have scrambled patterns). (cmb)
. Fixed bug #53640 (XBM images require width to be multiple of 8). (cmb)
. Fixed bug #64641 (imagefilledpolygon doesn't draw horizontal line). (cmb)
. Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read
access). (Pierre)
. Fixed bug #72519 (imagegif/output out-of-bounds access). (Pierre)
. Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).
(Pierre)
. Fixed bug #72482 (Ilegal write/read access caused by gdImageAALine
overflow). (Pierre)
. Fixed bug #72494 (imagecropauto out-of-bounds access). (Pierre)
- Intl:
. Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (Stas)
- Mbstring:
. Fixed bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) -
oob read access). (Laruence)
. Fixed bug #72399 (Use-After-Free in MBString (search_re)). (Laruence)
- mcrypt:
. Fixed bug #72551, bug #72552 (In correct casting from size_t to int lead to
heap overflow in mdecrypt_generic). (Stas)
- PDO_pgsql:
. Fixed bug #72570 (Segmentation fault when binding parameters on a query
without placeholders). (Matteo)
- PCRE:
. Fixed bug #72476 (Memleak in jit_stack). (Laruence)
. Fixed bug #72463 (mail fails with invalid argument). (Anatol)
- Readline:
. Fixed bug #72538 (readline_redisplay crashes php). (Laruence)
- Standard:
. Fixed bug #72505 (readfile() mangles files larger than 2G). (Cschneid)
. Fixed bug #72306 (Heap overflow through proc_open and $env parameter).
(Laruence)
- Session:
. Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow). (Laruence)
. Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session
Deserialization). (Stas)
- SNMP:
. Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and
unserialize()). (Stas)
- Streams:
. Fixed bug #72439 (Stream socket with remote address leads to a segmentation
fault). (Laruence)
- XMLRPC:
. Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn
simplestring.c). (Stas)
- Zip:
. Fixed bug #72520 (Stack-based buffer overflow vulnerability in
php_stream_zip_opener). (Stas)
|
|
21 Jul 2016, PHP 5.6.24
- Core:
. Fixed bug #71936 (Segmentation fault destroying HTTP_RAW_POST_DATA).
(mike dot laspina at gmail dot com, Remi)
. Fixed bug #72496 (Cannot declare public method with signature incompatible
with parent private method). (Pedro Magalhães)
. Fixed bug #72138 (Integer Overflow in Length of String-typed ZVAL). (Stas)
. Fixed bug #72513 (Stack-based buffer overflow vulnerability in
virtual_file_ex). (loianhtuan at gmail dot com)
. Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session
Deserialization). (taoguangchen at icloud dot com)
. Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and
applications). (CVE-2016-5385) (Stas)
- bz2:
. Fixed bug #72447 (Type Confusion in php_bz2_filter_create()). (gogil at
stealien dot com).
. Fixed bug #72613 (Inadequate error handling in bzread()). (Stas)
- EXIF:
. Fixed bug #50845 (exif_read_data() returns corrupted exif headers).
(Bartosz Dziewoński)
- EXIF:
. Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
(Stas)
. Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).
(Stas)
- GD:
. Fixed bug #43475 (Thick styled lines have scrambled patterns). (cmb)
. Fixed bug #53640 (XBM images require width to be multiple of 8). (cmb)
. Fixed bug #64641 (imagefilledpolygon doesn't draw horizontal line). (cmb)
. Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read
access). (Pierre)
. Fixed bug #72519 (imagegif/output out-of-bounds access). (Pierre)
. Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).
(CVE-2016-6207) (Pierre)
- Intl:
. Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (Stas)
- ODBC:
. Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns)
- OpenSSL:
. Fixed bug #71915 (openssl_random_pseudo_bytes is not fork-safe).
(Jakub Zelenka)
. Fixed bug #72336 (openssl_pkey_new does not fail for invalid DSA params).
(Jakub Zelenka)
- SNMP:
. Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and
unserialize()). (taoguangchen at icloud dot com)
- SPL:
. Fixed bug #55701 (GlobIterator throws LogicException). (Valentin VĂLCIU)
- SQLite3:
. Fixed bug #70628 (Clearing bindings on an SQLite3 statement doesn't work).
(cmb)
- Streams:
. Fixed bug #72439 (Stream socket with remote address leads to a segmentation
fault). (Laruence)
- Xmlrpc:
. Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c).
(Stas)
- Zip:
. Fixed bug #72520 (Stack-based buffer overflow vulnerability in
php_stream_zip_opener). (loianhtuan at gmail dot com)
|
|
Quote from release note:
Note that according to our release schedule, PHP 5.5.38 is the last release
of the PHP 5.5 branch. There may be additional release if we discover
important security issues that warrant it, otherwise this release will be
the final one in the PHP 5.5 branch. If your PHP installation is based on
PHP 5.5, it may be a good time to start making the plans for the upgrade to
PHP 5.6 or PHP 7.0.
21 Jul 2016, PHP 5.5.38
- BZip2:
. Fixed bug #72613 (Inadequate error handling in bzread()). (Stas)
- Core:
. Fixed bug #70480 (php_url_parse_ex() buffer overflow read). (Stas)
. Fixed bug #72513 (Stack-based buffer overflow vulnerability in
virtual_file_ex). (loianhtuan at gmail dot com)
. Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session
Deserialization). (taoguangchen at icloud dot com)
. Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and
applications). (CVE-2016-5385) (Stas)
- EXIF:
. Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
(Stas)
. Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).
(Stas)
- GD:
. Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read
access). (Pierre)
. Fixed bug #72519 (imagegif/output out-of-bounds access). (Pierre)
. Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).
(CVE-2016-6207) (Pierre)
- Intl:
. Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (Stas)
- ODBC:
. Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns)
- SNMP:
. Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and
unserialize()). (taoguangchen at icloud dot com)
- Xmlrpc:
. Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c).
(Stas)
- Zip:
. Fixed bug #72520 (Stack-based buffer overflow vulnerability in
php_stream_zip_opener). (loianhtuan at gmail dot com)
|
|
instead of requiring manual configuration of ${PKG_SYSCONFDIR}/php.ini - put a module-specific .ini file for this into ${PKG_SYSCONFDIR}/php.d
|
|
pkgsrc change:
* remove confiugre from SUBST_FILES.path.
* Remove --with-regex=system and --without-mysql from CONFIGURE_ARGS.
* Add --without-mysqli to CONFIGURE_ARGS.
23 Jun 2016 PHP 7.0.8
- Core:
. Fixed bug #72218 (If host name cannot be resolved then PHP 7 crashes).
(Esminis at esminis dot lt)
. Fixed bug #72221 (segfault, past-the-end access). (Lauri Kenttä)
. Fixed bug #72268 (Integer Overflow in nl2br()). (Stas)
. Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/
json_utf8_to_utf16()). (Stas)
. Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Stas)
. Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL). (Stas)
- FPM:
. Fixed bug #72308 (fastcgi_finish_request and logging environment
variables). (Laruence)
- GD:
. Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas)
. Fixed bug #72337 (invalid dimensions can lead to crash) (Pierre)
. Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in
heap overflow). (Pierre)
. Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas)
- Intl:
. Fixed bug #64524 (Add intl.use_exceptions to php.ini-*). (Anatol)
- mbstring:
. Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas)
- mcrypt:
. Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas)
- PCRE:
. Fixed bug #72143 (preg_replace uses int instead of size_t). (Joe)
- PDO_pgsql:
. Fixed bug #71573 (Segfault (core dumped) if paramno beyond bound).
(Laruence)
. Fixed bug #72294 (Segmentation fault/invalid pointer in connection
with pgsql_stmt_dtor). (Anatol)
- Phpdbg:
. Fixed bug #72284 (phpdbg fatal errors with coverage). (Bob)
- Postgres:
. Fixed bug #72195 (pg_pconnect/pg_connect cause use-after-free). (Laruence)
. Fixed bug #72197 (pg_lo_create arbitrary read). (Anatol)
- SPL:
. Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas)
. Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and
unserialize). (Dmitry)
- Standard:
. Fixed bug #72017 (range() with float step produces unexpected result).
(Thomas Punt)
. Fixed bug #72193 (dns_get_record returns array containing elements of
type 'unknown'). (Laruence)
. Fixed bug #72229 (Wrong reference when serialize/unserialize an object).
(Laruence)
. Fixed bug #72300 (ignore_user_abort(false) has no effect). (Laruence)
- XML:
. Fixed bug #72206 (xml_parser_create/xml_parser_free leaks mem). (Joe)
- XMLRPC:
. Fixed bug #72155 (use-after-free caused by get_zval_xmlrpc_type).
(Joe, Laruence)
- WDDX:
. Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas)
- Zip:
. Fixed ug #72258 (ZipArchive converts filenames to unrecoverable form).
(Anatol)
. Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC
algorithm and unserialize). (Dmitry)
|
|
pkgsrc change: remove confiugre from SUBST_FILES.path.
23 Jun 2016, PHP 5.6.23
- Core:
. Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/
json_utf8_to_utf16()). (Stas)
. Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Stas)
. Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL). (Stas)
- GD:
. Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas)
. Fixed bug #72337 (invalid dimensions can lead to crash) (Pierre)
. Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in
heap overflow). (Pierre)
. Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas)
. Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting
in heap overflow). (Pierre)
- Intl:
. Fixed bug #70484 (selectordinal doesn't work with named parameters).
(Anatol)
- mbstring:
. Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas)
- mcrypt:
. Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas)
- Phar:
. Fixed bug #72321 (invalid free in phar_extract_file()).
(hji at dyntopia dot com)
- SPL:
. Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas)
. Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and
unserialize). (Dmitry)
- OpenSSL:
. Fixed bug #72140 (segfault after calling ERR_free_strings()).
(Jakub Zelenka)
- WDDX:
. Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas)
- zip:
. Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC
algorithm and unserialize). (Dmitry)
|
|
pkgsrc change: remove confiugre from SUBST_FILES.path.
23 Jun 2016, PHP 5.5.37
- Core:
. Fixed bug #72268 (Integer Overflow in nl2br()). (Stas)
. Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/
json_utf8_to_utf16()). (Stas)
. Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Stas)
. Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL). (Stas)
- GD:
. Fixed bug #66387 (Stack overflow with imagefilltoborder) (CVE-2015-8874).
(cmb)
. Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas)
. Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in
heap overflow). (Pierre)
. Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas)
. Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting
in heap overflow). (Pierre)
- mbstring:
. Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas)
- mcrypt:
. Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas)
- SPL:
. Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas)
. Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and
unserialize). (Dmitry)
- WDDX:
. Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas)
- zip:
. Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC
algorithm and unserialize). (Dmitry)
|
|
26 May 2016 PHP 7.0.7
- Core:
. Fixed bug #72162 (use-after-free - error_reporting). (Laruence)
. Add compiler option to disable special case function calls. (Joe)
. Fixed bug #72101 (crash on complex code). (Dmitry)
. Fixed bug #72100 (implode() inserts garbage into resulting string when
joins very big integer). (Mikhail Galanin)
. Fixed bug #72057 (PHP Hangs when using custom error handler and typehint).
(Nikita Nefedov)
. Fixed bug #72038 (Function calls with values to a by-ref parameter don't
always throw a notice). (Bob)
. Fixed bug #71737 (Memory leak in closure with parameter named $this).
(Nikita)
. Fixed bug #72059 (?? is not allowed on constant expressions). (Bob, Marcio)
. Fixed bug #72159 (Imported Class Overrides Local Class Name). (Nikita)
- Curl:
. Fixed bug #68658 (Define CURLE_SSL_CACERT_BADFILE). (Pierrick)
- DBA:
. Fixed bug #72157 (use-after-free caused by dba_open). (Shm, Laruence)
- GD:
. Fixed bug #72227 (imagescale out-of-bounds read). (Stas)
- Intl:
. Fixed #72241 (get_icu_value_internal out-of-bounds read). (Stas)
- JSON:
. Fixed bug #72069 (Behavior \JsonSerializable different from json_encode).
(Laruence)
- Mbstring:
. Fixed bug #72164 (Null Pointer Dereference - mb_ereg_replace). (Laruence)
- OCI8:
. Fixed bug #71600 (oci_fetch_all segfaults when selecting more than eight
columns). (Tian Yang)
- Opcache:
. Fixed bug #72014 (Including a file with anonymous classes multiple times
leads to fatal error). (Laruence)
- OpenSSL:
. Fixed bug #72165 (Null pointer dereference - openssl_csr_new). (Anatol)
- PCNTL:
. Fixed bug #72154 (pcntl_wait/pcntl_waitpid array internal structure
overwrite). (Laruence)
- POSIX:
. Fixed bug #72133 (php_posix_group_to_array crashes if gr_passwd is NULL).
(esminis at esminis dot lt)
- Postgres:
. Fixed bug #72028 (pg_query_params(): NULL converts to empty string).
(Laruence)
. Fixed bug #71062 (pg_convert() doesn't accept ISO 8601 for datatype
timestamp). (denver at timothy dot io)
. Fixed bug #72151 (mysqli_fetch_object changed behaviour). (Anatol)
- Reflection:
. Fixed bug #72174 (ReflectionProperty#getValue() causes __isset call).
(Nikita)
- Session:
. Fixed bug #71972 (Cyclic references causing session_start(): Failed to
decode session object). (Laruence)
- Sockets:
. Added socket_export_stream() function for getting a stream compatible
resource from a socket resource. (Chris Wright, Bob)
- SPL:
. Fixed bug #72051 (The reference in CallbackFilterIterator doesn't work as
expected). (Laruence)
- SQLite3:
. Fixed bug #68849 (bindValue is not using the right data type). (Anatol)
- Standard:
. Fixed bug #72075 (Referencing socket resources breaks stream_select).
(Laruence)
. Fixed bug #72031 (array_column() against an array of objects discards all
values matching null). (Nikita)
|
|
26 May 2016, PHP 5.6.22
- Core:
. Fixed bug #72172 (zend_hex_strtod should not use strlen).
(bwitz at hotmail dot com )
. Fixed bug #72114 (Integer underflow / arbitrary null write in
fread/gzread). (Stas)
. Fixed bug #72135 (Integer Overflow in php_html_entities). (Stas)
- GD:
. Fixed bug #72227 (imagescale out-of-bounds read). (Stas)
- Intl
. Fixed bug #64524 (Add intl.use_exceptions to php.ini-*). (Anatol)
. Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (Stas)
- Postgres:
. Fixed bug #72151 (mysqli_fetch_object changed behaviour). (Anatol)
|
|
26 May 2016, PHP 5.5.36
- Core:
. Fixed bug #72114 (Integer underflow / arbitrary null write in
fread/gzread). (Stas)
. Fixed bug #72135 (Integer Overflow in php_html_entities). (Stas)
- GD:
. Fixed bug #72227 (imagescale out-of-bounds read). (Stas)
- Intl:
. Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (Stas)
- Phar:
. Fixed bug #71331 (Uninitialized pointer in phar_make_dirstream()).
(CVE-2016-4343) (Stas)
|
|
pkgsrc change: Fix build problem on Linux noted by Matthias Ferdinand on
pkgsrc-users@.
28 Apr 2016 PHP 7.0.6
- Core:
. Fixed bug #71930 (_zval_dtor_func: Assertion `(arr)->gc.refcount <= 1'
failed). (Laruence)
. Fixed bug #71922 (Crash on assert(new class{})). (Nikita)
. Fixed bug #71914 (Reference is lost in "switch"). (Laruence)
. Fixed bug #71871 (Interfaces allow final and abstract functions). (Nikita)
. Fixed Bug #71859 (zend_objects_store_call_destructors operates on realloced
memory, crashing). (Laruence)
. Fixed bug #71841 (EG(error_zval) is not handled well). (Laruence)
. Fixed bug #71750 (Multiple Heap Overflows in php_raw_url_encode/
php_url_encode). (Stas)
. Fixed bug #71731 (Null coalescing operator and ArrayAccess). (Nikita)
. Fixed bug #71609 (Segmentation fault on ZTS with gethostbyname). (krakjoe)
. Fixed bug #71428 (inheritance and allow_null). (krakjoe)
. Fixed bug #71414 (Inheritance, traits and interfaces). (krakjoe)
. Fixed bug #71359 (Null coalescing operator and magic). (krakjoe)
. Fixed bug #71334 (Cannot access array keys while uksort()). (Nikita)
. Fixed bug #69659 (ArrayAccess, isset() and the offsetExists method).
(Nikita)
. Fixed bug #69537 (__debugInfo with empty string for key gives error).
(krakjoe)
. Fixed bug #62059 (ArrayObject and isset are not friends). (Nikita)
. Fixed bug #71980 (Decorated/Nested Generator is Uncloseable in Finally).
(Nikita)
- BCmath:
. Fixed bug #72093 (bcpowmod accepts negative scale and corrupts
_one_ definition). (Stas)
- Curl:
. Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string).
(Michael Sierks)
- Date:
. Fixed bug #71889 (DateInterval::format Segmentation fault). (Thomas Punt)
- EXIF:
. Fixed bug #72094 (Out of bounds heap read access in exif header processing). (Stas)
- GD:
. Fixed bug #71912 (libgd: signedness vulnerability). (Stas)
- Intl:
. Fixed bug #71516 (IntlDateFormatter looses locale if pattern is set via
constructor). (Anatol)
. Fixed bug #70455 (Missing constant: IntlChar::NO_NUMERIC_VALUE). (Anatol)
. Fixed bug #70451, #70452 (Inconsistencies in return values of IntlChar
methods). (Daniel Persson)
. Fixed bug #68893 (Stackoverflow in datefmt_create). (Anatol)
. Fixed bug #66289 (Locale::lookup incorrectly returns en or en_US if locale
is empty). (Anatol)
. Fixed bug #70484 (selectordinal doesn't work with named parameters).
(Anatol)
. Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative
offset). (Stas)
- ODBC:
. Fixed bug #63171 (Script hangs after max_execution_time). (Remi)
- Opcache:
. Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER).
(Laruence)
- PDO:
. Fixed bug #52098 (Own PDOStatement implementation ignore __call()).
(Daniel kalaspuffar, Julien)
. Fixed bug #71447 (Quotes inside comments not properly handled). (Matteo)
- PDO_DBlib:
. Fixed bug #71943 (dblib_handle_quoter needs to allocate an extra byte).
(Adam Baratz)
. Add DBLIB-specific attributes for controlling timeouts. (Adam Baratz)
- PDO_pgsql:
. Fixed bug #62498 (pdo_pgsql inefficient when getColumnMeta() is used).
(Joseph Bylund)
- Postgres:
. Fixed bug #71820 (pg_fetch_object binds parameters before call
constructor). (Anatol)
. Fixed bug #71998 (Function pg_insert does not insert when column
type = inet). (Anatol)
- SOAP:
. Fixed bug #71986 (Nested foreach assign-by-reference creates broken
variables). (Laruence)
- SPL:
. Fixed bug #71838 (Deserializing serialized SPLObjectStorage-Object can't
access properties in PHP). (Nikita)
. Fixed bug #71735 (Double-free in SplDoublyLinkedList::offsetSet). (Stas)
. Fixed bug #67582 (Cloned SplObjectStorage with overwritten getHash fails
offsetExists()). (Nikita)
. Fixed bug #52339 (SPL autoloader breaks class_exists()). (Nikita)
- Standard:
. Fixed bug #71995 (Returning the same var twice from __sleep() produces
broken serialized data). (Laruence)
. Fixed bug #71940 (Unserialize crushes on restore object reference).
(Laruence)
. Fixed bug #71969 (str_replace returns an incorrect resulting array after
a foreach by reference). (Laruence)
. Fixed bug #71891 (header_register_callback() and
register_shutdown_function()). (Laruence)
. Fixed bug #71884 (Null pointer deref (segfault) in
stream_context_get_default). (Laruence)
. Fixed bug #71840 (Unserialize accepts wrongly data). (Ryat, Laruence)
. Fixed bug #71837 (Wrong arrays behaviour). (Laruence)
. Fixed bug #71827 (substr_replace bug, string length). (krakjoe)
. Fixed bug #67512 (php_crypt() crashes if crypt_r() does not exist or
_REENTRANT is not defined). (Nikita)
. Fixed bug #72116 (array_fill optimization breaks implementation). (Bob)
- XML:
. Fixed bug #72099 (xml_parse_into_struct segmentation fault). (Stas)
- Zip:
. Fixed bug #71923 (integer overflow in ZipArchive::getFrom*). (Stas)
|
|
pkgsrc change: Fix build problem on Linux noted by Matthias Ferdinand on
pkgsrc-users@.
28 Apr 2016, PHP 5.6.21
- Core:
. Fixed bug #69537 (__debugInfo with empty string for key gives error).
(krakjoe)
. Fixed bug #71841 (EG(error_zval) is not handled well). (Laruence)
- BCmath:
. Fixed bug #72093 (bcpowmod accepts negative scale and corrupts
_one_ definition). (Stas)
- Curl:
. Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string).
(Michael Sierks)
- Date:
. Fixed bug #71889 (DateInterval::format Segmentation fault). (Thomas Punt)
- EXIF:
. Fixed bug #72094 (Out of bounds heap read access in exif header processing). (Stas)
- GD:
. Fixed bug #71952 (Corruption inside imageaffinematrixget). (Stas)
. Fixed bug #71912 (libgd: signedness vulnerability). (Stas)
- Intl:
. Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative
offset). (Stas)
- OCI8:
. Fixed bug #71422 (Fix ORA-01438: value larger than specified precision
allowed for this column). (Chris Jones)
- ODBC:
. Fixed bug #63171 (Script hangs after max_execution_time). (Remi)
- Opcache:
. Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER).
(Laruence)
- PDO:
. Fixed bug #52098 (Own PDOStatement implementation ignore __call()).
(Daniel Kalaspuffar, Julien)
. Fixed bug #71447 (Quotes inside comments not properly handled). (Matteo)
- Postgres:
. Fixed bug #71820 (pg_fetch_object binds parameters before call
constructor). (Anatol)
- SPL:
. Fixed bug #67582 (Cloned SplObjectStorage with overwritten getHash fails
offsetExists()). (Nikita)
- Standard:
. Fixed bug #71840 (Unserialize accepts wrongly data). (Ryat, Laruence)
. Fixed bug #67512 (php_crypt() crashes if crypt_r() does not exist or
_REENTRANT is not defined). (Nikita)
- XML:
. Fixed bug #72099 (xml_parse_into_struct segmentation fault). (Stas)
|
|
pkgsrc change: Fix build problem on Linux noted by Matthias Ferdinand on
pkgsrc-users@.
28 Apr 2016, PHP 5.5.35
- BCMath:
. Fix bug #72093 (bcpowmod accepts negative scale and corrupts _one_
definition). (Stas)
- Exif:
. Fix bug #72094 (Out of bounds heap read access in exif header
processing). (Stas)
- GD:
. Fix bug #71912 (libgd: signedness vulnerability). (Stas)
- Intl:
. Fix bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative
offset). (Stas)
- XML:
. Fix bug #72099 (xml_parse_into_struct segmentation fault). (Stas)
|
|
Addresses PR 50957.
|
|
USE_DESTDIR.
|
|
Add add an patch to fix memory leak noted from Zafer Aydoğan via
private mail.
31 Mar 2016 PHP 7.0.5
- Core:
. Huge pages disabled by default. (Rasmus)
. Added ability to enable huge pages in Zend Memory Manager through
the environment variable USE_ZEND_ALLOC_HUGE_PAGES=1. (Dmitry)
. Fixed bug #71756 (Call-by-reference widens scope to uninvolved functions
when used in switch). (Laruence)
. Fixed bug #71729 (Possible crash in zend_bin_strtod, zend_oct_strtod,
zend_hex_strtod). (Laruence)
. Fixed bug #71695 (Global variables are reserved before execution).
(Laruence)
. Fixed bug #71629 (Out-of-bounds access in php_url_decode in context
php_stream_url_wrap_rfc2397). (mt at debian dot org)
. Fixed bug #71622 (Strings used in pass-as-reference cannot be used to
invoke C::$callable()). (Bob)
. Fixed bug #71596 (Segmentation fault on ZTS with date function
(setlocale)). (Anatol)
. Fixed bug #71535 (Integer overflow in zend_mm_alloc_heap()). (Dmitry)
. Fixed bug #71470 (Leaked 1 hashtable iterators). (Nikita)
. Fixed bug #71575 (ISO C does not allow extra ‘;’ outside of a function).
(asgrim)
. Fixed bug #71724 (yield from does not count EOLs). (Nikita)
. Fixed bug #71767 (ReflectionMethod::getDocComment returns the wrong
comment). (Grigorii Sokolik)
. Fixed bug #71806 (php_strip_whitespace() fails on some numerical values).
(Nikita)
. Fixed bug #71624 (`php -R` (PHP_MODE_PROCESS_STDIN) is broken).
(Sean DuBois)
- CLI Server:
. Fixed bug #69953 (Support MKCALENDAR request method). (Christoph)
- Curl:
. Fixed bug #71694 (Support constant CURLM_ADDED_ALREADY). (mpyw)
- Date:
. Fixed bug #71635 (DatePeriod::getEndDate segfault). (Thomas Punt)
- Fileinfo:
. Fixed bug #71527 (Buffer over-write in finfo_open with malformed magic
file). (Anatol)
- libxml:
. Fixed bug #71536 (Access Violation crashes php-cgi.exe). (Anatol)
- mbstring:
. Fixed bug #71906 (AddressSanitizer: negative-size-param (-1) in
mbfl_strcut). (Stas)
- ODBC:
. Fixed bug #47803, #69526 (Executing prepared statements is succesfull only
for the first two statements). (einavitamar at gmail dot com, Anatol)
- PCRE:
. Fixed bug #71659 (segmentation fault in pcre running twig tests).
(nish dot aravamudan at canonical dot com)
- PDO_DBlib:
. Bug #54648 (PDO::MSSQL forces format of datetime fields).
(steven dot lambeth at gmx dot de, Anatol)
- Phar:
. Fixed bug #71625 (Crash in php7.dll with bad phar filename).
(Anatol)
. Fixed bug #71317 (PharData fails to open specific file). (Jos Elstgeest)
. Fixed bug #71860 (Invalid memory write in phar on filename with \0 in
name). (Stas)
- phpdbg:
. Fixed crash when advancing (except step) inside an internal function. (Bob)
- Session:
. Fixed Bug #71683 (Null pointer dereference in zend_hash_str_find_bucket).
(Yasuo)
- SNMP:
. Fixed bug #71704 (php_snmp_error() Format String Vulnerability).
(andrew at jmpesp dot org)
- SPL:
. Fixed bug #71617 (private properties lost when unserializing ArrayObject).
(Nikita)
- Standard:
. Fixed bug #71660 (array_column behaves incorrectly after foreach by
reference). (Laruence)
. Fixed bug #71798 (Integer Overflow in php_raw_url_encode).
(taoguangchen at icloud dot com, Stas)
- Zip:
. Update bundled libzip to 1.1.2. (Remi, Anatol)
|
|
Add add an patch to fix memory leak noted from Zafer Aydo«»an via
private mail.
31 Mar 2016, PHP 5.6.20
- CLI Server:
. Fixed bug #69953 (Support MKCALENDAR request method). (Christoph)
- Core:
. Fixed bug #71596 (Segmentation fault on ZTS with date function
(setlocale)). (Anatol)
- Curl:
. Fixed bug #71694 (Support constant CURLM_ADDED_ALREADY). (mpyw)
- Date:
. Fixed bug #71635 (DatePeriod::getEndDate segfault). (Thomas Punt)
- Fileinfo:
. Fixed bug #71527 (Buffer over-write in finfo_open with malformed magic
file). (Anatol)
- Mbstring:
. Fixed bug #71906 (AddressSanitizer: negative-size-param (-1) in
mbfl_strcut). (Stas)
- ODBC:
. Fixed bug #47803, #69526 (Executing prepared statements is succesfull only
for the first two statements). (einavitamar at gmail dot com, Anatol)
. Fixed bug #71860 (Invalid memory write in phar on filename with \0 in
name). (Stas)
- PDO_DBlib:
. Bug #54648 (PDO::MSSQL forces format of datetime fields).
(steven dot lambeth at gmx dot de, Anatol)
- Phar:
. Fixed bug #71625 (Crash in php7.dll with bad phar filename).
(Anatol)
. Fixed bug #71504 (Parsing of tar file with duplicate filenames causes
memory leak). (Jos Elstgeest)
- SNMP:
. Fixed bug #71704 (php_snmp_error() Format String Vulnerability).
(andrew at jmpesp dot org)
- Standard
. Fixed bug #71798 (Integer Overflow in php_raw_url_encode).
(taoguangchen at icloud dot com, Stas)
|
|
Add add an patch to fix memory leak noted from Zafer Aydo«»an via
private mail.
31 Mar 2016, PHP 5.5.34
- Fileinfo:
. Fixed bug #71527 (Buffer over-write in finfo_open with malformed magic
file). (Anatol)
- Mbstring:
. Fixed bug #71906 (AddressSanitizer: negative-size-param (-1) in
mbfl_strcut). (Stas)
- OBBC
. Fixed bug #71860 (Invalid memory write in phar on filename with \0 in
name). (Stas)
- SNMP:
. Fixed bug #71704 (php_snmp_error() Format String Vulnerability).
(andrew at jmpesp dot org)
- Standard
. Fixed bug #71798 (Integer Overflow in php_raw_url_encode).
(taoguangchen at icloud dot com, Stas)
|
|
|
|
03 Mar 2016 PHP 7.0.4
- Core:
. Fixed bug (Low probability segfault in zend_arena). (Laruence)
. Fixed bug #71441 (Typehinted Generator with return in try/finally crashes).
(Bob)
. Fixed bug #71442 (forward_static_call crash). (Laruence)
. Fixed bug #71443 (Segfault using built-in webserver with intl using
symfony). (Laruence)
. Fixed bug #71449 (An integer overflow bug in php_implode()). (Stas)
. Fixed bug #71450 (An integer overflow bug in php_str_to_str_ex()). (Stas)
. Fixed bug #71474 (Crash because of VM stack corruption on Magento2).
(Dmitry)
. Fixed bug #71485 (Return typehint on internal func causes Fatal error
when it throws exception). (Laruence)
. Fixed bug #71529 (Variable references on array elements don't work when
using count). (Nikita)
. Fixed bug #71601 (finally block not executed after yield from). (Bob)
. Fixed bug #71637 (Multiple Heap Overflow due to integer overflows in
xml/filter_url/addcslashes). (Stas)
- CLI server:
. Fixed bug #71559 (Built-in HTTP server, we can download file in web by bug).
(Johannes, Anatol)
- CURL:
. Fixed bug #71523 (Copied handle with new option CURLOPT_HTTPHEADER crashes
while curl_multi_exec). (Laruence)
. Fixed memory leak in curl_getinfo(). (Leigh)
- Date:
. Fixed bug #71525 (Calls to date_modify will mutate timelib_rel_time,
causing date_date_set issues). (Sean DuBois)
- Fileinfo:
. Fixed bug #71434 (finfo throws notice for specific python file). (Laruence)
- FPM:
. Fixed bug #62172 (FPM not working with Apache httpd 2.4 balancer/fcgi
setup). (Matt Haught, Remi)
. Fixed bug #71269 (php-fpm dumped core). (Mickaël)
- Opcache:
. Fixed bug #71584 (Possible use-after-free of ZCG(cwd) in Zend Opcache).
(Yussuf Khalil)
- PCRE:
. Fixed bug #71537 (PCRE segfault from Opcache). (Laruence)
- phpdbg:
. Fixed inherited functions from unspecified files being included in
phpdbg_get_executable(). (Bob)
- SOAP:
. Fixed bug #71610 (Type Confusion Vulnerability - SOAP /
make_http_soap_request()). (Stas)
- Standard:
. Fixed bug #71603 (compact() maintains references in php7). (Laruence)
. Fixed bug #70720 (strip_tags improper php code parsing). (Julien)
- XMLRPC:
. Fixed bug #71501 (xmlrpc_encode_request ignores encoding option). (Hieu Le)
- Zip:
. Fixed bug #71561 (NULL pointer dereference in Zip::ExtractTo). (Laruence)
|
|
03 Mar 2016, PHP 5.6.19
- CLI server:
. Fixed bug #71559 (Built-in HTTP server, we can download file in web by bug).
(Johannes, Anatol)
- CURL:
. Fixed bug #71523 (Copied handle with new option CURLOPT_HTTPHEADER crashes
while curl_multi_exec). (Laruence)
- Date:
. Fixed bug #68078 (Datetime comparisons ignore microseconds). (Willem-Jan
Zijderveld)
. Fixed bug #71525 (Calls to date_modify will mutate timelib_rel_time,
causing date_date_set issues). (Sean DuBois)
- Fileinfo:
. Fixed bug #71434 (finfo throws notice for specific python file). (Laruence)
- FPM:
. Fixed bug #62172 (FPM not working with Apache httpd 2.4 balancer/fcgi
setup). (Matt Haught, Remi)
- Opcache:
. Fixed bug #71584 (Possible use-after-free of ZCG(cwd) in Zend Opcache).
(Yussuf Khalil)
- PDO MySQL:
. Fixed bug #71569 (#70389 fix causes segmentation fault). (Nikita)
- Phar:
. Fixed bug #71498 (Out-of-Bound Read in phar_parse_zipfile()). (Stas)
- Standard:
. Fixed bug #70720 (strip_tags improper php code parsing). (Julien)
- WDDX:
. Fixed bug #71587 (Use-After-Free / Double-Free in WDDX Deserialize). (Stas)
- XSL:
. Fixed bug #71540 (NULL pointer dereference in xsl_ext_function_php()).
(Stas)
- Zip:
. Fixed bug #71561 (NULL pointer dereference in Zip::ExtractTo). (Laruence)
|
|
03 Mar 2016, PHP 5.5.33
- Phar:
. Fixed bug #71498 (Out-of-Bound Read in phar_parse_zipfile()). (Stas)
- WDDX:
. Fixed bug #71587 (Use-After-Free / Double-Free in WDDX Deserialize). (Stas)
|
|
php is invoked to generate the PLIST and will re-create the files,
despite them already having been removed in post-install.
|
|
04 Feb 2016 PHP 7.0.3
- Core:
. Added support for new HTTP 451 code. (Julien)
. Fixed bug #71039 (exec functions ignore length but look for NULL termination).
(Anatol)
. Fixed bug #71089 (No check to duplicate zend_extension). (Remi)
. Fixed bug #71201 (round() segfault on 64-bit builds). (Anatol)
. Fixed bug #71221 (Null pointer deref (segfault) in get_defined_vars via
ob_start). (hugh at allthethings dot co dot nz)
. Fixed bug #71248 (Wrong interface is enforced). (Dmitry)
. Fixed bug #71273 (A wrong ext directory setup in php.ini leads to crash).
(Anatol)
. Fixed Bug #71275 (Bad method called on cloning an object having a trait).
(Bob)
. Fixed bug #71297 (Memory leak with consecutive yield from). (Bob)
. Fixed bug #71300 (Segfault in zend_fetch_string_offset). (Laruence)
. Fixed bug #71314 (var_export(INF) prints INF.0). (Andrea)
. Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its
input). (Leo Gaspard)
. Fixed bug #71336 (Wrong is_ref on properties as exposed via
get_object_vars()). (Laruence)
. Fixed bug #71459 (Integer overflow in iptcembed()). (Stas)
- Apache2handler:
. Fix >2G Content-Length headers in apache2handler. (Adam Harvey)
- CURL:
. Fixed bug #71227 (Can't compile php_curl statically). (Anatol)
. Fixed bug #71225 (curl_setopt() fails to set CURLOPT_POSTFIELDS with
reference to CURLFile). (Laruence)
- Interbase:
. Fixed Bug #71305 (Crash when optional resource is omitted).
(Laruence, Anatol)
- LDAP:
. Fixed bug #71249 (ldap_mod_replace/ldap_mod_add store value as string
"Array"). (Laruence)
- mbstring:
. Fixed bug #71397 (mb_send_mail segmentation fault). (Andrea, Yasuo)
- OpenSSL:
. Fixed bug #71475 (openssl_seal() uninitialized memory usage). (Stas)
- Phar:
. Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (Stas)
. Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()).
(Stas)
. Fixed bug #71488 (Stack overflow when decompressing tar archives). (Stas)
- SOAP:
. Fixed bug #70979 (crash with bad soap request). (Anatol)
- SPL:
. Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading).
(Laruence)
. Fixed bug #71202 (Autoload function registered by another not activated
immediately). (Laruence)
. Fixed bug #71311 (Use-after-free vulnerability in SPL(ArrayObject,
unserialize)). (Sean Heelan)
. Fixed bug #71313 (Use-after-free vulnerability in SPL(SplObjectStorage,
unserialize)). (Sean Heelan)
- Standard:
. Fixed bug #71287 (Error message contains hexadecimal instead of decimal
number). (Laruence)
. Fixed bug #71264 (file_put_contents() returns unexpected value when
filesystem runs full). (Laruence)
. Fixed bug #71245 (file_get_contents() ignores "header" context option if
it's a reference). (Laruence)
. Fixed bug #71220 (Null pointer deref (segfault) in compact via ob_start).
(hugh at allthethings dot co dot nz)
. Fixed bug #71190 (substr_replace converts integers in original $search
array to strings). (Laruence)
. Fixed bug #71188 (str_replace converts integers in original $search array
to strings). (Laruence)
. Fixed bug #71132, #71197 (range() segfaults). (Thomas Punt)
- WDDX:
. Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization). (Stas)
|
|
04 Feb 2016, PHP 5.6.18
- Core:
. Fixed bug #71039 (exec functions ignore length but look for NULL termination).
(Anatol)
. Fixed bug #71089 (No check to duplicate zend_extension). (Remi)
. Fixed bug #71201 (round() segfault on 64-bit builds). (Anatol)
. Added support for new HTTP 451 code. (Julien)
. Fixed bug #71273 (A wrong ext directory setup in php.ini leads to crash).
(Anatol)
. Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its
input). (Leo Gaspard)
. Fixed bug #71459 (Integer overflow in iptcembed()). (Stas)
- Apache2handler:
. Fix >2G Content-Length headers in apache2handler. (Adam Harvey)
- FTP:
. Implemented FR #55651 (Option to ignore the returned FTP PASV address).
(abrender at elitehosts dot com)
- Opcache:
. Fixed bug #71127 (Define in auto_prepend_file is overwrite). (Laruence)
. Fixed bug #71024 (Unable to use PHP 7.0 x64 side-by-side with PHP 5.6 x32
on the same server). (Anatol)
- Phar:
. Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (Stas)
. Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()).
(Stas)
. Fixed bug #71488 (Stack overflow when decompressing tar archives). (Stas)
- Session:
. Fixed bug #69111 (Crash in SessionHandler::read()). (Anatol)
- SOAP:
. Fixed bug #70979 (crash with bad soap request). (Anatol)
- SPL:
. Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading).
(Laruence)
- WDDX:
. Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization). (Stas)
|
|
04 Feb 2016, PHP 5.5.32
- Core:
. Fixed bug #71039 (exec functions ignore length but look for NULL termination).
(Anatol)
. Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its
input). (Leo Gaspard)
. Fixed bug #71459 (Integer overflow in iptcembed()). (Stas)
- GD:
. Improved the fix for bug #70976. (Remi)
- PCRE:
. Upgraded pcrelib to 8.38.
- Phar:
. Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (Stas)
. Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()).
(Stas)
. Fixed bug #71488 (Stack overflow when decompressing tar archives). (Stas)
- WDDX:
. Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization). (Stas)
|
|
07 Jan 2016 PHP 7.0.2
- Core:
. Fixed bug #71165 (-DGC_BENCH=1 doesn't work on PHP7).
(y dot uchiyama dot 1015 at gmail dot com)
. Fixed bug #71163 (Segmentation Fault: cleanup_unfinished_calls). (Laruence)
. Fixed bug #71109 (ZEND_MOD_CONFLICTS("xdebug") doesn't work). (Laruence)
. Fixed bug #71092 (Segmentation fault with return type hinting). (Laruence)
. Fixed bug memleak in header_register_callback. (Laruence)
. Fixed bug #71067 (Local object in class method stays in memory for each
call). (Laruence)
. Fixed bug #66909 (configure fails utf8_to_mutf7 test). (Michael Orlitzky)
. Fixed bug #70781 (Extension tests fail on dynamic ext dependency).
(Francois Laupretre)
. Fixed bug #71089 (No check to duplicate zend_extension). (Remi)
. Fixed bug #71086 (Invalid numeric literal parse error within
highlight_string() function). (Nikita)
. Fixed bug #71154 (Incorrect HT iterator invalidation causes iterator reuse).
(Nikita)
. Fixed bug #52355 (Negating zero does not produce negative zero). (Andrea)
. Fixed bug #66179 (var_export() exports float as integer). (Andrea)
. Fixed bug #70804 (Unary add on negative zero produces positive zero).
(Andrea)
- CURL:
. Fixed bug #71144 (Sementation fault when using cURL with ZTS).
(Michael Maroszek, Laruence)
- DBA:
. Fixed key leak with invalid resource. (Laruence)
- Filter:
. Fixed bug #71063 (filter_input(INPUT_ENV, ..) does not work). (Reeze Xia)
- FTP:
. Implemented FR #55651 (Option to ignore the returned FTP PASV address).
(abrender at elitehosts dot com)
- FPM:
. Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (Stas)
- GD:
. Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index
Out of Bounds). (emmanuel dot law at gmail dot com).
- Mbstring:
. Fixed bug #71066 (mb_send_mail: Program terminated with signal SIGSEGV,
Segmentation fault). (Laruence)
- Opcache:
. Fixed bug #71127 (Define in auto_prepend_file is overwrite). (Laruence)
- PCRE:
. Fixed bug #71178 (preg_replace with arrays creates [0] in replace array
if not already set). (Laruence)
- Readline:
. Fixed bug #71094 (readline_completion_function corrupts static array on
second TAB). (Nikita)
- Session:
. Fixed bug #71122 (Session GC may not remove obsolete session data). (Yasuo)
- SPL:
. Fixed bug #71077 (ReflectionMethod for ArrayObject constructor returns
wrong number of parameters). (Laruence)
. Fixed bug #71153 (Performance Degradation in ArrayIterator with large
arrays). (Nikita)
- Standard:
. Fixed bug #71270 (Heap BufferOver Flow in escapeshell functions).
(emmanuel dot law at gmail dot com)
- WDDX:
. Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization).
(taoguangchen at icloud dot com)
. Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion
Vulnerability). (taoguangchen at icloud dot com)
- XMLRPC
. Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker).
(Julien)
|
|
07 Jan 2016, PHP 5.6.17
- Core:
. Fixed bug #66909 (configure fails utf8_to_mutf7 test). (Michael Orlitzky)
. Fixed bug #70958 (Invalid opcode while using ::class as trait method
paramater default value). (Laruence)
. Fixed bug #70957 (self::class can not be resolved with reflection for
abstract class). (Laruence)
. Fixed bug #70944 (try{ } finally{} can create infinite chains of
exceptions). (Laruence)
. Fixed bug #61751 (SAPI build problem on AIX: Undefined symbol:
php_register_internal_extensions). (Lior Kaplan)
- FPM:
. Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (Stas)
- GD:
. Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index
Out of Bounds). (emmanuel dot law at gmail dot com).
- Mysqlnd:
. Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction).
(Laruence)
- SOAP:
. Fixed bug #70900 (SoapClient systematic out of memory error). (Dmitry)
- Standard:
. Fixed bug #70960 (ReflectionFunction for array_unique returns wrong number
of parameters). (Laruence)
- PDO_Firebird:
. Fixed bug #60052 (Integer returned as a 64bit integer on X64_86). (Mariuz)
- WDDX:
. Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization).
(taoguangchen at icloud dot com)
. Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion
Vulnerability). (taoguangchen at icloud dot com)
- XMLRPC:
. Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker()).
(Julien)
|
|
07 Jan 2015, PHP 5.5.31
- FPM:
. Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (Stas)
- GD:
. Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index
Out of Bounds). (emmanuel dot law at gmail dot com).
- WDDX:
. Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization).
(taoguangchen at icloud dot com)
. Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion
Vulnerability). (taoguangchen at icloud dot com)
- XMLRPC:
. Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker()).
(Julien)
|
|
17 Dec 2015, PHP 7.0.1
- Core:
. Fixed bug #71105 (Format String Vulnerability in Class Name Error Message).
(andrew at jmpesp dot org)
. Fixed bug #70831 (Compile fails on system with 160 CPUs).
(Daniel Axtens)
. Fixed bug #71006 (symbol referencing errors on Sparc/Solaris). (Dmitry)
. Fixed bug #70997 (When using parentClass:: instead of parent::, static
context changed). (Dmitry)
. Fixed bug #70970 (Segfault when combining error handler with output
buffering). (Laruence)
. Fixed bug #70967 (Weird error handling for __toString when Error is
thrown). (Laruence)
. Fixed bug #70958 (Invalid opcode while using ::class as trait method
paramater default value). (Laruence)
. Fixed bug #70944 (try{ } finally{} can create infinite chains of
exceptions). (Laruence)
. Fixed bug #70931 (Two errors messages are in conflict). (dams, Laruence)
. Fixed bug #70904 (yield from incorrectly marks valid generator as finished).
(Bob)
. Fixed bug #70899 (buildconf failure in extensions). (Bob, Reeze)
. Fixed bug #61751 (SAPI build problem on AIX: Undefined symbol:
php_register_internal_extensions). (Lior Kaplan)
. Fixed \int (or generally every scalar type name with leading backslash)
to not be accepted as type name. (Bob)
. Fixed exception not being thrown immediately into a generator yielding
from an array. (Bob)
. Fixed bug #70987 (static::class within Closure::call() causes segfault).
(Andrea)
. Fixed bug #71013 (Incorrect exception handler with yield from). (Bob)
. Fixed double free in error condition of format printer. (Bob)
- CLI server:
. Fixed bug #71005 (Segfault in php_cli_server_dispatch_router()). (Adam)
- Intl:
. Fixed bug #71020 (Use after free in Collator::sortWithSortKeys).
(emmanuel dot law at gmail dot com, Laruence)
- Mysqlnd:
. Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction).
(Laruence)
. Fixed bug #68344 (MySQLi does not provide way to disable peer certificate
validation) by introducing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT
connection flag. (Andrey)
- OCI8:
. Fixed LOB implementation size_t/zend_long mismatch reported
by gcov. (Senthil)
- Opcache:
. Fixed #71024 (Unable to use PHP 7.0 x64 side-by-side with PHP 5.6 x32 on
the same server). (Anatol)
. Fixed bug #70991 (zend_file_cache.c:710: error: array type has incomplete
element type). (Laruence)
. Fixed bug #70977 (Segmentation fault with opcache.huge_code_pages=1).
(Laruence)
- Phpdbg:
. Fixed stderr being written to stdout. (Bob)
- Reflection:
. Fixed bug #71018 (ReflectionProperty::setValue() behavior changed).
(Laruence)
. Fixed bug #70982 (setStaticPropertyValue behaviors inconsistently with
5.6). (Laruence)
- SPL:
. Fixed bug #71028 (Undefined index with ArrayIterator). (Laruence)
- SQLite3:
. Fixed bug #71049 (SQLite3Stmt::execute() releases bound parameter instead
of internal buffer). (Laruence)
- Standard:
. Fixed bug #70999 (php_random_bytes: called object is not a function).
(Scott)
. Fixed bug #70960 (ReflectionFunction for array_unique returns wrong number
of parameters). (Laruence)
- Streams/Socket:
. Add IPV6_V6ONLY constant / make it usable in stream contexts. (Bob)
- Soap:
. Fixed bug #70993 (Array key references break argument processing).
(Laruence)
- PDO_Firebird:
. Fixed bug #60052 (Integer returned as a 64bit integer on X64_86). (Mariuz)
|
|
|
