diff options
author | Ondřej Surý <ondrej@sury.org> | 2011-03-18 11:28:21 +0100 |
---|---|---|
committer | Ondřej Surý <ondrej@sury.org> | 2011-03-18 11:28:21 +0100 |
commit | 038ba12e8724d537040e88ec794354b0c063f0a6 (patch) | |
tree | a7181b4f4d10e3a154522d4b96fdf42f4597bf2a /NEWS | |
parent | fd5a0b31640419ca63d1ddeaffd6d3cf2a741814 (diff) | |
download | php-038ba12e8724d537040e88ec794354b0c063f0a6.tar.gz |
Imported Upstream version 5.3.6upstream/5.3.6
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 275 |
1 files changed, 254 insertions, 21 deletions
@@ -1,7 +1,238 @@ -PHP NEWS +PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| +17 Mar 2011, PHP 5.3.6 +- Upgraded bundled Sqlite3 to version 3.7.4. (Ilia) +- Upgraded bundled PCRE to version 8.11. (Ilia) + +- Zend Engine: + . Indirect reference to $this fails to resolve if direct $this is never used + in method. (Scott) + . Added options to debug backtrace functions. (Stas) + . Fixed bug numerous crashes due to setlocale (crash on error, pcre, mysql + etc.) on Windows in thread safe mode. (Pierre) + . Fixed Bug #53971 (isset() and empty() produce apparently spurious runtime + error). (Dmitry) + . Fixed Bug #53958 (Closures can't 'use' shared variables by value and by + reference). (Dmitry) + . Fixed Bug #53629 (memory leak inside highlight_string()). (Hannes, Ilia) + . Fixed Bug #51458 (Lack of error context with nested exceptions). (Stas) + . Fixed Bug #47143 (Throwing an exception in a destructor causes a fatal + error). (Stas) + . Fixed bug #43512 (same parameter name can be used multiple times in + method/function definition). (Felipe) + +- Core: + . Added ability to connect to HTTPS sites through proxy with basic + authentication using stream_context/http/header/Proxy-Authorization (Dmitry) + . Changed default value of ini directive serialize_precision from 100 to 17. + (Gustavo) + . Fixed bug #54055 (buffer overrun with high values for precision ini + setting). (Gustavo) + . Fixed bug #53959 (reflection data for fgetcsv out-of-date). (Richard) + . Fixed bug #53577 (Regression introduced in 5.3.4 in open_basedir with a + trailing forward slash). (lekensteyn at gmail dot com, Pierre) + . Fixed bug #53682 (Fix compile on the VAX). (Rasmus, jklos) + . Fixed bug #48484 (array_product() always returns 0 for an empty array). + (Ilia) + . Fixed bug #48607 (fwrite() doesn't check reply from ftp server before + exiting). (Ilia) + + +- Calendar extension: + . Fixed bug #53574 (Integer overflow in SdnToJulian, sometimes leading to + segfault). (Gustavo) + +- DOM extension: + . Implemented FR #39771 (Made DOMDocument::saveHTML accept an optional DOMNode + like DOMDocument::saveXML). (Gustavo) + +- DateTime extension: + . Fixed a bug in DateTime->modify() where absolute date/time statements had + no effect. (Derick) + . Fixed bug #53729 (DatePeriod fails to initialize recurrences on 64bit + big-endian systems). (Derick, rein@basefarm.no) + . Fixed bug #52808 (Segfault when specifying interval as two dates). (Stas) + . Fixed bug #52738 (Can't use new properties in class extended from + DateInterval). (Stas) + . Fixed bug #52290 (setDate, setISODate, setTime works wrong when DateTime + created from timestamp). (Stas) + . Fixed bug #52063 (DateTime constructor's second argument doesn't have a + null default value). (Gustavo, Stas) + +- Exif extension: + . Fixed bug #54002 (crash on crafted tag, reported by Luca Carettoni). + (Pierre) (CVE-2011-0708) + +- Filter extension: + . Fixed bug #53924 (FILTER_VALIDATE_URL doesn't validate port number). + (Ilia, Gustavo) + . Fixed bug #53150 (FILTER_FLAG_NO_RES_RANGE is missing some IP ranges). + (Ilia) + . Fixed bug #52209 (INPUT_ENV returns NULL for set variables (CLI)). (Ilia) + . Fixed bug #47435 (FILTER_FLAG_NO_RES_RANGE don't work with ipv6). + (Ilia, valli at icsurselva dot ch) + +- Fileinfo extension: + . Fixed bug #54016 (finfo_file() Cannot determine filetype in archives). + (Hannes) + +- Gettext + . Fixed bug #53837 (_() crashes on Windows when no LANG or LANGUAGE + environment variable are set). (Pierre) + +- IMAP extension: + . Implemented FR #53812 (get MIME headers of the part of the email). (Stas) + . Fixed bug #53377 (imap_mime_header_decode() doesn't ignore \t during long + MIME header unfolding). (Adam) + +- Intl extension: + . Fixed bug #53612 (Segmentation fault when using cloned several intl + objects). (Gustavo) + . Fixed bug #53512 (NumberFormatter::setSymbol crash on bogus $attr values). + (Felipe) + . Implemented clone functionality for number, date & message formatters. + (Stas). + +- JSON extension: + . Fixed bug #53963 (Ensure error_code is always set during some failed + decodings). (Scott) + +- mysqlnd + . Fixed problem with always returning 0 as num_rows for unbuffered sets. + (Andrey, Ulf) + +- MySQL Improved extension: + . Added 'db' and 'catalog' keys to the field fetching functions (FR #39847). + (Kalle) + . Fixed buggy counting of affected rows when using the text protocol. The + collected statistics were wrong when multi_query was used with mysqlnd + (Andrey) + . Fixed bug #53795 (Connect Error from MySqli (mysqlnd) when using SSL). + (Kalle) + . Fixed bug #53503 (mysqli::query returns false after successful LOAD DATA + query). (Kalle, Andrey) + . Fixed bug #53425 (mysqli_real_connect() ignores client flags when built to + call libmysql). (Kalle, tre-php-net at crushedhat dot com) + +- OpenSSL extension: + . Fixed stream_socket_enable_crypto() not honoring the socket timeout in + server mode. (Gustavo) + . Fixed bug #54060 (Memory leaks when openssl_encrypt). (Pierre) + . Fixed bug #54061 (Memory leaks when openssl_decrypt). (Pierre) + . Fixed bug #53592 (stream_socket_enable_crypto() busy-waits in client mode). + (Gustavo) + . Implemented FR #53447 (Cannot disable SessionTicket extension for servers + that do not support it) by adding a no_ticket SSL context option. (Adam, + Tony) + +- PDO MySQL driver: + . Fixed bug #53551 (PDOStatement execute segfaults for pdo_mysql driver). + (Johannes) + . Implemented FR #47802 (Support for setting character sets in DSN strings). + (Kalle) + +- PDO Oracle driver: + . Fixed bug #39199 (Cannot load Lob data with more than 4000 bytes on + ORACLE 10). (spatar at mail dot nnov dot ru) + +- PDO PostgreSQL driver: + . Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down). + (gyp at balabit dot hu) + +- Phar extension: + . Fixed bug #54247 (format-string vulnerability on Phar). (Felipe) + (CVE-2011-1153) + . Fixed bug #53541 (format string bug in ext/phar). + (crrodriguez at opensuse dot org, Ilia) + . Fixed bug #53898 (PHAR reports invalid error message, when the directory + does not exist). (Ilia) + +- PHP-FPM SAPI: + . Enforce security in the fastcgi protocol parsing. + (ef-lists at email dotde) + . Fixed bug #53777 (php-fpm log format now match php_error log format). (fat) + . Fixed bug #53527 (php-fpm --test doesn't set a valuable return value). (fat) + . Fixed bug #53434 (php-fpm slowlog now also logs the original request). (fat) + +- Readline extension: + . Fixed bug #53630 (Fixed parameter handling inside readline() function). + (jo at feuersee dot de, Ilia) + +- Reflection extension: + . Fixed bug #53915 (ReflectionClass::getConstant(s) emits fatal error on + constants with self::). (Gustavo) + +- Shmop extension: + . Fixed bug #54193 (Integer overflow in shmop_read()). (Felipe) + Reported by Jose Carlos Norte <jose at eyeos dot org> (CVE-2011-1092) + +- SNMP extension: + . Fixed bug #51336 (snmprealwalk (snmp v1) does not handle end of OID tree + correctly). (Boris Lytochkin) + +- SOAP extension: + . Fixed possible crash introduced by the NULL poisoning patch. + (Mateusz Kocielski, Pierre) + +- SPL extension: + . Fixed memory leak in DirectoryIterator::getExtension() and + SplFileInfo::getExtension(). (Felipe) + . Fixed bug #53914 (SPL assumes HAVE_GLOB is defined). (Chris Jones) + . Fixed bug #53515 (property_exists incorrect on ArrayObject null and 0 + values). (Felipe) + . Fixed bug #49608 (Using CachingIterator on DirectoryIterator instance + segfaults). (Felipe) + + . Added SplFileInfo::getExtension(). FR #48767. (Peter Cowburn) + +- SQLite3 extension: + . Fixed memory leaked introduced by the NULL poisoning patch. + (Mateusz Kocielski, Pierre) + . Fixed memory leak on SQLite3Result and SQLite3Stmt when assigning to a + reference. (Felipe) + . Add SQlite3_Stmt::readonly() for checking if a statement is read only. + (Scott) + . Implemented FR #53466 (SQLite3Result::columnType() should return false after + all of the rows have been fetched). (Scott) + +- Streams: + . Fixed bug #54092 (Segmentation fault when using HTTP proxy with the FTP + wrapper). (Gustavo) + . Fixed bug #53913 (Streams functions assume HAVE_GLOB is defined). (Chris + Jones) + . Fixed bug #53903 (userspace stream stat callback does not separate the + elements of the returned array before converting them). (Gustavo) + . Implemented FR #26158 (open arbitrary file descriptor with fopen). (Gustavo) + +- Tokenizer Extension + . Fixed bug #54089 (token_get_all() does not stop after __halt_compiler). + (Ilia) + +- XSL extension: + . Fixed memory leaked introduced by the NULL poisoning patch. + (Mateusz Kocielski, Pierre) + +- Zip extension: + . Added the filename into the return value of stream_get_meta_data(). (Hannes) + . Fixed bug #53923 (Zip functions assume HAVE_GLOB is defined). (Adam) + . Fixed bug #53893 (Wrong return value for ZipArchive::extractTo()). (Pierre) + . Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). + (Stas, Maksymilian Arciemowicz). (CVE-2011-0421) + . Fixed bug #53854 (Missing constants for compression type). (Richard, Adam) + . Fixed bug #53603 (ZipArchive should quiet stat errors). (brad dot froehle at + gmail dot com, Gustavo) + . Fixed bug #53579 (stream_get_contents() segfaults on ziparchive streams). + (Hannes) + . Fixed bug #53568 (swapped memset arguments in struct initialization). + (crrodriguez at opensuse dot org) + . Fixed bug #53166 (Missing parameters in docs and reflection definition). + (Richard) + . Fixed bug #49072 (feof never returns true for damaged file in zip). + (Gustavo, Richard Quadling) + 06 Jan 2011, PHP 5.3.5 -- Fixed Bug #53632 (infinite loop with x87 fpu). (Scott, Rasmus) +- Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott, + Rasmus) 09 Dec 2010, PHP 5.3.4 - Upgraded bundled Sqlite3 to version 3.7.3. (Ilia) @@ -10,7 +241,8 @@ - Security enhancements: . Fixed crash in zip extract method (possible CWE-170). (Maksymilian Arciemowicz, Pierre) - . Paths with NULL in them (foo\0bar.txt) are now considered as invalid. (Rasmus) + . Paths with NULL in them (foo\0bar.txt) are now considered as invalid. + (Rasmus) . Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). (Ilia) . Fixed NULL pointer dereference in ZipArchive::getArchiveComment. @@ -37,8 +269,8 @@ . Implemented symbolic links support for open_basedir checks. (Pierre) . Implemented FR #51804, SplFileInfo::getLinkTarget on Windows. (Pierre) . Implemented FR #50692, not uploaded files don't count towards - max_file_uploads limit. As a side improvement, temporary files are not opened - for empty uploads and, in debug mode, 0-length uploads. (Gustavo) + max_file_uploads limit. As a side improvement, temporary files are not + opened for empty uploads and, in debug mode, 0-length uploads. (Gustavo) - Improved MySQLnd: . Added new character sets to mysqlnd, which are available in MySQL 5.5 @@ -75,12 +307,12 @@ . Fixed bug #53141 (autoload misbehaves if called from closing session). (ladislav at marek dot su) . Fixed bug #53021 (In html_entity_decode, failure to convert numeric entities - with ENT_NOQUOTES and ISO-8859-1). Fixed and extended the fix of ENT_NOQUOTES - in html_entity_decode that had introduced the bug (rev #185591) to other - encodings. Additionaly, html_entity_decode() now doesn't decode " if - ENT_NOQUOTES is given. (Gustavo) - . Fixed bug #52931 (strripos not overloaded with function overloading enabled). - (Felipe) + with ENT_NOQUOTES and ISO-8859-1). Fixed and extended the fix of + ENT_NOQUOTES in html_entity_decode that had introduced the bug (rev + #185591) to other encodings. Additionaly, html_entity_decode() now doesn't + decode " if ENT_NOQUOTES is given. (Gustavo) + . Fixed bug #52931 (strripos not overloaded with function overloading + enabled). (Felipe) . Fixed bug #52772 (var_dump() doesn't check for the existence of get_class_name before calling it). (Kalle, Gustavo) . Fixed bug #52534 (var_export array with negative key). (Felipe) @@ -94,7 +326,8 @@ other platforms). (Pierre) . Fixed bug #49687 (utf8_decode vulnerabilities and deficiencies in the number of reported malformed sequences). (CVE-2010-3870) (Gustavo) - . Fixed bug #49407 (get_html_translation_table doesn't handle UTF-8). (Gustavo) + . Fixed bug #49407 (get_html_translation_table doesn't handle UTF-8). + (Gustavo) . Fixed bug #48831 (php -i has different output to php --ini). (Richard, Pierre) . Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4). @@ -195,8 +428,8 @@ words). (Ilia) - Intl extension: - . Fixed crashes on invalid parameters in intl extension. (CVE-2010-4409). (Stas, Maksymilian - Arciemowicz) + . Fixed crashes on invalid parameters in intl extension. (CVE-2010-4409). + (Stas, Maksymilian Arciemowicz) . Added support for formatting the timestamp stored in a DateTime object. (Stas) . Fixed bug #50590 (IntlDateFormatter::parse result is limited to the integer @@ -206,8 +439,8 @@ . Fixed bug #53273 (mb_strcut() returns garbage with the excessive length parameter). (CVE-2010-4156) (Mateusz Kocielski, Pierre, Moriyoshi) . Fixed bug #52981 (Unicode casing table was out-of-date. Updated with - UnicodeData-6.0.0d7.txt and included the source of the generator program with - the distribution) (Gustavo). + UnicodeData-6.0.0d7.txt and included the source of the generator program + with the distribution) (Gustavo). . Fixed bug #52681 (mb_send_mail() appends an extra MIME-Version header). (Adam) @@ -278,8 +511,8 @@ . Fixed bug #52725 (gcc builtin atomic functions were sometimes used when they were not available). (fat) . Fixed bug #52693 (configuration file errors are not logged to stderr). (fat) - . Fixed bug #52674 (FPM Status page returns inconsistent Content-Type headers). - (fat) + . Fixed bug #52674 (FPM Status page returns inconsistent Content-Type + headers). (fat) . Fixed bug #52498 (libevent was not only linked to php-fpm). (fat) - PDO: @@ -337,9 +570,9 @@ - Streams: . Fixed forward stream seeking emulation in streams that don't support seeking in situations where the read operation gives back less data than requested - and when there was data in the buffer before the emulation started. Also made - more consistent its behavior -- should return failure every time less data - than was requested was skipped. (Gustavo) + and when there was data in the buffer before the emulation started. Also + made more consistent its behavior -- should return failure every time less + data than was requested was skipped. (Gustavo) . Fixed bug #53241 (stream casting that relies on fdopen/fopencookie fails with streams opened with, inter alia, the 'xb' mode). (Gustavo) . Fixed bug #53006 (stream_get_contents has an unpredictable behavior when the |