Imported Upstream version 5.3.7upstream/5.3.7

1 files changed, 277 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index e06e59aa4..c7da0dc5e 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,282 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+18 Aug 2011, PHP 5.3.7
+- Upgraded bundled SQLite to version 3.7.7.1. (Scott)
+- Upgraded bundled PCRE to version 8.12. (Scott)
+
+- Zend Engine:
+  . Fixed bug #55156 (ReflectionClass::getDocComment() returns comment even
+    though the class has none). (Felipe)
+  . Fixed bug #55007 (compiler fail after previous fail). (Felipe)
+  . Fixed bug #54910 (Crash when calling call_user_func with unknown function
+    name). (Dmitry)
+  . Fixed bug #54804 (__halt_compiler and imported namespaces).
+    (Pierrick, Felipe)
+  . Fixed bug #54624 (class_alias and type hint). (Felipe)
+  . Fixed bug #54585 (track_errors causes segfault). (Dmitry)
+  . Fixed bug #54423 (classes from dl()'ed extensions are not destroyed). 
+    (Tony, Dmitry)
+  . Fixed bug #54372 (Crash accessing global object itself returned from its
+    __get() handle). (Dmitry)
+  . Fixed bug #54367 (Use of closure causes problem in ArrayAccess). (Dmitry)
+  . Fixed bug #54358 (Closure, use and reference). (Dmitry)
+  . Fixed bug #54262 (Crash when assigning value to a dimension in a non-array).
+    (Dmitry)
+  . Fixed bug #54039 (use() of static variables in lambda functions can break
+    staticness). (Dmitry)
+
+- Core
+  . Updated crypt_blowfish to 1.2. ((CVE-2011-2483) (Solar Designer)
+  . Removed warning when argument of is_a() or is_subclass_of() is not 
+    a known class. (Stas)
+  . Fixed crash in error_log(). (Felipe) Reported by Mateusz Kocielski.
+  . Added PHP_MANDIR constant telling where the manpages were installed into,
+    and an --man-dir argument to php-config. (Hannes)
+  . Fixed a crash inside dtor for error handling. (Ilia)
+  . Fixed buffer overflow on overlog salt in crypt(). (Clément LECIGNE, Stas)  
+  . Implemented FR #54459 (Range function accuracy). (Adam)
+
+  . Fixed bug #55399 (parse_url() incorrectly treats ':' as a valid path).
+    (Ilia)
+  . Fixed bug #55339 (Segfault with allow_call_time_pass_reference = Off).
+    (Dmitry)
+  . Fixed bug #55295 [NEW]: popen_ex on windows, fixed possible heap overflow
+    (Pierre)
+  . Fixed bug #55258 (Windows Version Detecting Error). 
+    ( xiaomao5 at live dot com, Pierre)
+  . Fixed bug #55187 (readlink returns weird characters when false result).
+   (Pierre)
+  . Fixed bug #55082 (var_export() doesn't escape properties properly).
+    (Gustavo)
+  . Fixed bug #55014 (Compile failure due to improper use of ctime_r()). (Ilia)
+  . Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload
+    filename). (Felipe) Reported by Krzysztof Kotowicz. (CVE-2011-2202)
+  . Fixed bug #54935 php_win_err can lead to crash. (Pierre)
+  . Fixed bug #54924 (assert.* is not being reset upon request shutdown). (Ilia)
+  . Fixed bug #54895 (Fix compiling with older gcc version without need for
+    membar_producer macro). (mhei at heimpold dot de)
+  . Fixed bug #54866 (incorrect accounting for realpath_cache_size).
+    (Dustin Ward)
+  . Fixed bug #54723 (getimagesize() doesn't check the full ico signature).
+    (Scott)
+  . Fixed bug #54721 (Different Hashes on Windows, BSD and Linux on wrong Salt
+    size). (Pierre, os at irj dot ru)
+  . Fixed bug #54580 (get_browser() segmentation fault when browscap ini
+    directive is set through php_admin_value). (Gustavo)
+  . Fixed bug #54332 (Crash in zend_mm_check_ptr // Heap corruption). (Dmitry)
+  . Fixed bug #54305 (Crash in gc_remove_zval_from_buffer). (Dmitry)
+  . Fixed bug #54238 (use-after-free in substr_replace()). (Stas)
+    (CVE-2011-1148)
+  . Fixed bug #54204 (Can't set a value with a PATH section in php.ini).
+    (Pierre)
+  . Fixed bug #54180 (parse_url() incorrectly parses path when ? in fragment).
+    (tomas dot brastavicius at quantum dot lt, Pierrick)
+  . Fixed bug #54137 (file_get_contents POST request sends additional line
+    break). (maurice-php at mertinkat dot net, Ilia)
+  . Fixed bug #53848 (fgetcsv() ignores spaces at beginnings of fields). (Ilia)
+  . Alternative fix for bug #52550, as applied to the round() function (signed
+    overflow), as the old fix impacted the algorithm for numbers with magnitude
+    smaller than 0. (Gustavo)
+  . Fixed bug #53727 (Inconsistent behavior of is_subclass_of with interfaces)
+    (Ralph Schindler, Dmitry)
+  . Fixed bug #52935 (call exit in user_error_handler cause stream relate
+    core). (Gustavo)
+  . Fixed bug #51997 (SEEK_CUR with 0 value, returns a warning). (Ilia)
+  . Fixed bug #50816 (Using class constants in array definition fails).
+    (Pierrick, Dmitry)
+  . Fixed bug #50363 (Invalid parsing in convert.quoted-printable-decode
+    filter). (slusarz at curecanti dot org)
+  . Fixed bug #48465 (sys_get_temp_dir() possibly inconsistent when using 
+    TMPDIR on Windows). (Pierre)
+
+- Apache2 Handler SAPI:
+  . Fixed bug #54529 (SAPI crashes on apache_config.c:197).
+    (hebergement at riastudio dot fr)
+
+- CLI SAPI:
+  . Fixed bug #52496 (Zero exit code on option parsing failure). (Ilia)
+
+- cURL extension:
+  . Added ini option curl.cainfo (support for custom cert db). (Pierre)
+  . Added CURLINFO_REDIRECT_URL support. (Daniel Stenberg, Pierre)
+  . Added support for CURLOPT_MAX_RECV_SPEED_LARGE and 
+    CURLOPT_MAX_SEND_SPEED_LARGE. FR #51815. (Pierrick)
+
+- DateTime extension:
+  . Fixed bug where the DateTime object got changed while using date_diff().
+    (Derick)
+  . Fixed bug #54340 (DateTime::add() method bug). (Adam)
+  . Fixed bug #54316 (DateTime::createFromFormat does not handle trailing '|'
+    correctly). (Adam)
+  . Fixed bug #54283 (new DatePeriod(NULL) causes crash). (Felipe)
+  . Fixed bug #51819 (Case discrepancy in timezone names cause Uncaught
+    exception and fatal error). (Hannes)
+
+- DBA extension:
+  . Supress warning on non-existent file open with Berkeley DB 5.2 (Chris Jones)
+  . Fixed bug #54242 (dba_insert returns true if key already exists). (Felipe)
+
+- Exif extesion:
+  . Fixed bug #54121 (error message format string typo). (Ilia)
+
+- Fileinfo extension:
+  . Fixed bug #54934 (Unresolved symbol strtoull in HP-UX 11.11). (Felipe)
+
+- Filter extension:
+  . Added 3rd parameter to filter_var_array() and filter_input_array()
+    functions that allows disabling addition of empty elements. (Ilia)
+  . Fixed bug #53037 (FILTER_FLAG_EMPTY_STRING_NULL is not implemented). (Ilia)
+  
+- Interbase extension:
+  . Fixed bug #54269 (Short exception message buffer causes crash). (Felipe)
+  
+- intl extension:
+  . Implemented FR #54561 (Expose ICU version info). (David Zuelke, Ilia)
+  . Implemented FR #54540 (Allow loading of arbitrary resource bundles when
+    fallback is disabled). (David Zuelke, Stas)
+
+- Imap extension:
+  . Fixed bug #55313 (Number of retries not set when params specified).
+    (kevin at kevinlocke dot name)
+
+- json extension:
+  . Fixed bug #54484 (Empty string in json_decode doesn't reset 
+    json_last_error()). (Ilia)
+
+- LDAP extension:
+  . Fixed bug #53339 (Fails to build when compilng with gcc 4.5 and DSO
+    libraries). (Clint Byrum, Raphael)
+
+- libxml extension:
+  . Fixed bug #54601 (Removing the doctype node segfaults). (Hannes)
+  . Fixed bug #54440 (libxml extension ignores default context). (Gustavo)
+
+- mbstring extension:
+  . Fixed bug #54494 (mb_substr() mishandles UTF-32LE and UCS-2LE). (Gustavo)
+
+- MCrypt extension:
+  . Change E_ERROR to E_WARNING in mcrypt_create_iv when not enough data
+    has been fetched (Windows). (Pierre)
+  . Fixed bug #55169 (mcrypt_create_iv always fails to gather sufficient random 
+    data on Windows). (Pierre)
+
+- MySQL Improved extension:
+  . Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries).
+    (Andrey)
+
+- mysqlnd
+  . Fixed crash when using more than 28,000 bound parameters. Workaround is to
+    set mysqlnd.net_cmd_buffer_size to at least 9000. (Andrey)
+  . Fixed bug #54674 mysqlnd valid_sjis_(head|tail) is using invalid operator
+    and range). (nihen at megabbs dot com, Andrey)
+
+- MySQLi extension:
+  . Fixed bug #55283 (SSL options set by mysqli_ssl_set ignored for MySQLi
+    persistent connections). (Andrey)
+
+- OpenSSL extension:
+  . openssl_encrypt()/openssl_decrypt() truncated keys of variable length
+    ciphers to the OpenSSL default for the algorithm. (Scott)
+  . On blocking SSL sockets respect the timeout option where possible.
+    (Scott)
+  . Fixed bug #54992 (Stream not closed and error not returned when SSL
+    CN_match fails). (Gustavo, laird_ngrps at dodo dot com dot au)
+
+- Oracle Database extension (OCI8):
+  . Added oci_client_version() returning the runtime Oracle client library
+    version (Chris Jones)
+
+. PCRE extension:
+  . Increased the backtrack limit from 100000 to 1000000 (Rasmus)
+
+- PDO extension:
+  . Fixed bug #54929 (Parse error with single quote in sql comment). (Felipe)
+  . Fixed bug #52104 (bindColumn creates Warning regardless of ATTR_ERRMODE 
+    settings). (Ilia)
+
+- PDO DBlib driver:
+  . Fixed bug #54329 (MSSql extension memory leak).
+    (dotslashpok at gmail dot com)
+  . Fixed bug #54167 (PDO_DBLIB returns null on SQLUNIQUE field).
+    (mjh at hodginsmedia dot com, Felipe)
+
+- PDO ODBC driver:
+  . Fixed data type usage in 64bit. (leocsilva at gmail dot com)
+
+- PDO MySQL driver:
+  . Fixed bug #54644 (wrong pathes in php_pdo_mysql_int.h). (Tony, Johannes)
+  . Fixed bug #53782 (foreach throws irrelevant exception). (Johannes, Andrey)
+  . Implemented FR #48587 (MySQL PDO driver doesn't support SSL connections).
+    (Rob)
+
+- PDO PostgreSQL driver:
+  . Fixed bug #54318 (Non-portable grep option used in PDO pgsql
+    configuration). (bwalton at artsci dot utoronto dot ca)
+
+- PDO Oracle driver:
+  . Fixed bug #44989 (64bit Oracle RPMs still not supported by pdo-oci).
+    (jbnance at tresgeek dot net)
+
+- Phar extension:
+  . Fixed bug #54395 (Phar::mount() crashes when calling with wrong parameters).
+    (Felipe)
+
+- PHP-FPM SAPI:
+  . Implemented FR #54499 (FPM ping and status_path should handle HEAD request). (fat)
+  . Implemented FR #54172 (Overriding the pid file location of php-fpm). (fat)
+  . Fixed missing Expires and Cache-Control headers for ping and status pages.
+    (fat)
+  . Fixed memory leak. (fat) Reported and fixed by Giovanni Giacobbi.
+  . Fixed wrong value of log_level when invoking fpm with -tt. (fat)
+  . Added xml format to the status page. (fat)
+  . Removed timestamp in logs written by children processes. (fat)
+  . Fixed exit at FPM startup on fpm_resources_prepare() errors. (fat)
+  . Added master rlimit_files and rlimit_core in the global configuration
+    settings. (fat)
+  . Removed pid in debug logs written by chrildren processes. (fat)
+  . Added custom access log (also added per request %CPU and memory
+    mesurement). (fat)
+  . Added a real scoreboard and several improvements to the status page. (fat)
+
+- Reflection extension:
+  . Fixed bug #54347 (reflection_extension does not lowercase module function
+    name). (Felipe, laruence at yahoo dot com dot cn)
+
+- SOAP extension:
+  . Fixed bug #55323 (SoapClient segmentation fault when XSD_TYPEKIND_EXTENSION
+    contains itself). (Dmitry)
+  . Fixed bug #54312 (soap_version logic bug). (tom at samplonius dot org)
+
+- Sockets extension:
+  . Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
+    Found by Mateusz Kocielski, Marek Kroemeke and Filip Palian. (Felipe)
+  . Changed socket_set_block() and socket_set_nonblock() so they emit warnings
+    on error. (Gustavo)
+  . Fixed bug #51958 (socket_accept() fails on IPv6 server sockets). (Gustavo)
+
+- SPL extension:
+  . Fixed bug #54971 (Wrong result when using iterator_to_array with use_keys
+    on true). (Pierrick)
+  . Fixed bug #54970 (SplFixedArray::setSize() isn't resizing). (Felipe)
+  . Fixed bug #54609 (Certain implementation(s) of SplFixedArray cause hard
+    crash). (Felipe)
+  . Fixed bug #54384 (Dual iterators, GlobIterator, SplFileObject and
+    SplTempFileObject crash when user-space classes don't call the paren
+    constructor). (Gustavo)
+  . Fixed bug #54292 (Wrong parameter causes crash in
+    SplFileObject::__construct()). (Felipe)
+  . Fixed bug #54291 (Crash iterating DirectoryIterator for dir name starting
+    with \0). (Gustavo)
+  . Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator).
+    (Felipe)
+
+- Streams:
+  . Fixed bug #54946 (stream_get_contents infinite loop). (Hannes)
+  . Fixed bug #54623 (Segfault when writing to a persistent socket after
+    closing a copy of the socket). (Gustavo)
+  . Fixed bug #54681 (addGlob() crashes on invalid flags). (Felipe)
+
+
 17 Mar 2011, PHP 5.3.6
 - Upgraded bundled Sqlite3 to version 3.7.4. (Ilia)
 - Upgraded bundled PCRE to version 8.11. (Ilia)