diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 277 |
1 files changed, 277 insertions, 0 deletions
@@ -1,5 +1,282 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| +18 Aug 2011, PHP 5.3.7 +- Upgraded bundled SQLite to version 3.7.7.1. (Scott) +- Upgraded bundled PCRE to version 8.12. (Scott) + +- Zend Engine: + . Fixed bug #55156 (ReflectionClass::getDocComment() returns comment even + though the class has none). (Felipe) + . Fixed bug #55007 (compiler fail after previous fail). (Felipe) + . Fixed bug #54910 (Crash when calling call_user_func with unknown function + name). (Dmitry) + . Fixed bug #54804 (__halt_compiler and imported namespaces). + (Pierrick, Felipe) + . Fixed bug #54624 (class_alias and type hint). (Felipe) + . Fixed bug #54585 (track_errors causes segfault). (Dmitry) + . Fixed bug #54423 (classes from dl()'ed extensions are not destroyed). + (Tony, Dmitry) + . Fixed bug #54372 (Crash accessing global object itself returned from its + __get() handle). (Dmitry) + . Fixed bug #54367 (Use of closure causes problem in ArrayAccess). (Dmitry) + . Fixed bug #54358 (Closure, use and reference). (Dmitry) + . Fixed bug #54262 (Crash when assigning value to a dimension in a non-array). + (Dmitry) + . Fixed bug #54039 (use() of static variables in lambda functions can break + staticness). (Dmitry) + +- Core + . Updated crypt_blowfish to 1.2. ((CVE-2011-2483) (Solar Designer) + . Removed warning when argument of is_a() or is_subclass_of() is not + a known class. (Stas) + . Fixed crash in error_log(). (Felipe) Reported by Mateusz Kocielski. + . Added PHP_MANDIR constant telling where the manpages were installed into, + and an --man-dir argument to php-config. (Hannes) + . Fixed a crash inside dtor for error handling. (Ilia) + . Fixed buffer overflow on overlog salt in crypt(). (Clément LECIGNE, Stas) + . Implemented FR #54459 (Range function accuracy). (Adam) + + . Fixed bug #55399 (parse_url() incorrectly treats ':' as a valid path). + (Ilia) + . Fixed bug #55339 (Segfault with allow_call_time_pass_reference = Off). + (Dmitry) + . Fixed bug #55295 [NEW]: popen_ex on windows, fixed possible heap overflow + (Pierre) + . Fixed bug #55258 (Windows Version Detecting Error). + ( xiaomao5 at live dot com, Pierre) + . Fixed bug #55187 (readlink returns weird characters when false result). + (Pierre) + . Fixed bug #55082 (var_export() doesn't escape properties properly). + (Gustavo) + . Fixed bug #55014 (Compile failure due to improper use of ctime_r()). (Ilia) + . Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload + filename). (Felipe) Reported by Krzysztof Kotowicz. (CVE-2011-2202) + . Fixed bug #54935 php_win_err can lead to crash. (Pierre) + . Fixed bug #54924 (assert.* is not being reset upon request shutdown). (Ilia) + . Fixed bug #54895 (Fix compiling with older gcc version without need for + membar_producer macro). (mhei at heimpold dot de) + . Fixed bug #54866 (incorrect accounting for realpath_cache_size). + (Dustin Ward) + . Fixed bug #54723 (getimagesize() doesn't check the full ico signature). + (Scott) + . Fixed bug #54721 (Different Hashes on Windows, BSD and Linux on wrong Salt + size). (Pierre, os at irj dot ru) + . Fixed bug #54580 (get_browser() segmentation fault when browscap ini + directive is set through php_admin_value). (Gustavo) + . Fixed bug #54332 (Crash in zend_mm_check_ptr // Heap corruption). (Dmitry) + . Fixed bug #54305 (Crash in gc_remove_zval_from_buffer). (Dmitry) + . Fixed bug #54238 (use-after-free in substr_replace()). (Stas) + (CVE-2011-1148) + . Fixed bug #54204 (Can't set a value with a PATH section in php.ini). + (Pierre) + . Fixed bug #54180 (parse_url() incorrectly parses path when ? in fragment). + (tomas dot brastavicius at quantum dot lt, Pierrick) + . Fixed bug #54137 (file_get_contents POST request sends additional line + break). (maurice-php at mertinkat dot net, Ilia) + . Fixed bug #53848 (fgetcsv() ignores spaces at beginnings of fields). (Ilia) + . Alternative fix for bug #52550, as applied to the round() function (signed + overflow), as the old fix impacted the algorithm for numbers with magnitude + smaller than 0. (Gustavo) + . Fixed bug #53727 (Inconsistent behavior of is_subclass_of with interfaces) + (Ralph Schindler, Dmitry) + . Fixed bug #52935 (call exit in user_error_handler cause stream relate + core). (Gustavo) + . Fixed bug #51997 (SEEK_CUR with 0 value, returns a warning). (Ilia) + . Fixed bug #50816 (Using class constants in array definition fails). + (Pierrick, Dmitry) + . Fixed bug #50363 (Invalid parsing in convert.quoted-printable-decode + filter). (slusarz at curecanti dot org) + . Fixed bug #48465 (sys_get_temp_dir() possibly inconsistent when using + TMPDIR on Windows). (Pierre) + +- Apache2 Handler SAPI: + . Fixed bug #54529 (SAPI crashes on apache_config.c:197). + (hebergement at riastudio dot fr) + +- CLI SAPI: + . Fixed bug #52496 (Zero exit code on option parsing failure). (Ilia) + +- cURL extension: + . Added ini option curl.cainfo (support for custom cert db). (Pierre) + . Added CURLINFO_REDIRECT_URL support. (Daniel Stenberg, Pierre) + . Added support for CURLOPT_MAX_RECV_SPEED_LARGE and + CURLOPT_MAX_SEND_SPEED_LARGE. FR #51815. (Pierrick) + +- DateTime extension: + . Fixed bug where the DateTime object got changed while using date_diff(). + (Derick) + . Fixed bug #54340 (DateTime::add() method bug). (Adam) + . Fixed bug #54316 (DateTime::createFromFormat does not handle trailing '|' + correctly). (Adam) + . Fixed bug #54283 (new DatePeriod(NULL) causes crash). (Felipe) + . Fixed bug #51819 (Case discrepancy in timezone names cause Uncaught + exception and fatal error). (Hannes) + +- DBA extension: + . Supress warning on non-existent file open with Berkeley DB 5.2 (Chris Jones) + . Fixed bug #54242 (dba_insert returns true if key already exists). (Felipe) + +- Exif extesion: + . Fixed bug #54121 (error message format string typo). (Ilia) + +- Fileinfo extension: + . Fixed bug #54934 (Unresolved symbol strtoull in HP-UX 11.11). (Felipe) + +- Filter extension: + . Added 3rd parameter to filter_var_array() and filter_input_array() + functions that allows disabling addition of empty elements. (Ilia) + . Fixed bug #53037 (FILTER_FLAG_EMPTY_STRING_NULL is not implemented). (Ilia) + +- Interbase extension: + . Fixed bug #54269 (Short exception message buffer causes crash). (Felipe) + +- intl extension: + . Implemented FR #54561 (Expose ICU version info). (David Zuelke, Ilia) + . Implemented FR #54540 (Allow loading of arbitrary resource bundles when + fallback is disabled). (David Zuelke, Stas) + +- Imap extension: + . Fixed bug #55313 (Number of retries not set when params specified). + (kevin at kevinlocke dot name) + +- json extension: + . Fixed bug #54484 (Empty string in json_decode doesn't reset + json_last_error()). (Ilia) + +- LDAP extension: + . Fixed bug #53339 (Fails to build when compilng with gcc 4.5 and DSO + libraries). (Clint Byrum, Raphael) + +- libxml extension: + . Fixed bug #54601 (Removing the doctype node segfaults). (Hannes) + . Fixed bug #54440 (libxml extension ignores default context). (Gustavo) + +- mbstring extension: + . Fixed bug #54494 (mb_substr() mishandles UTF-32LE and UCS-2LE). (Gustavo) + +- MCrypt extension: + . Change E_ERROR to E_WARNING in mcrypt_create_iv when not enough data + has been fetched (Windows). (Pierre) + . Fixed bug #55169 (mcrypt_create_iv always fails to gather sufficient random + data on Windows). (Pierre) + +- MySQL Improved extension: + . Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries). + (Andrey) + +- mysqlnd + . Fixed crash when using more than 28,000 bound parameters. Workaround is to + set mysqlnd.net_cmd_buffer_size to at least 9000. (Andrey) + . Fixed bug #54674 mysqlnd valid_sjis_(head|tail) is using invalid operator + and range). (nihen at megabbs dot com, Andrey) + +- MySQLi extension: + . Fixed bug #55283 (SSL options set by mysqli_ssl_set ignored for MySQLi + persistent connections). (Andrey) + +- OpenSSL extension: + . openssl_encrypt()/openssl_decrypt() truncated keys of variable length + ciphers to the OpenSSL default for the algorithm. (Scott) + . On blocking SSL sockets respect the timeout option where possible. + (Scott) + . Fixed bug #54992 (Stream not closed and error not returned when SSL + CN_match fails). (Gustavo, laird_ngrps at dodo dot com dot au) + +- Oracle Database extension (OCI8): + . Added oci_client_version() returning the runtime Oracle client library + version (Chris Jones) + +. PCRE extension: + . Increased the backtrack limit from 100000 to 1000000 (Rasmus) + +- PDO extension: + . Fixed bug #54929 (Parse error with single quote in sql comment). (Felipe) + . Fixed bug #52104 (bindColumn creates Warning regardless of ATTR_ERRMODE + settings). (Ilia) + +- PDO DBlib driver: + . Fixed bug #54329 (MSSql extension memory leak). + (dotslashpok at gmail dot com) + . Fixed bug #54167 (PDO_DBLIB returns null on SQLUNIQUE field). + (mjh at hodginsmedia dot com, Felipe) + +- PDO ODBC driver: + . Fixed data type usage in 64bit. (leocsilva at gmail dot com) + +- PDO MySQL driver: + . Fixed bug #54644 (wrong pathes in php_pdo_mysql_int.h). (Tony, Johannes) + . Fixed bug #53782 (foreach throws irrelevant exception). (Johannes, Andrey) + . Implemented FR #48587 (MySQL PDO driver doesn't support SSL connections). + (Rob) + +- PDO PostgreSQL driver: + . Fixed bug #54318 (Non-portable grep option used in PDO pgsql + configuration). (bwalton at artsci dot utoronto dot ca) + +- PDO Oracle driver: + . Fixed bug #44989 (64bit Oracle RPMs still not supported by pdo-oci). + (jbnance at tresgeek dot net) + +- Phar extension: + . Fixed bug #54395 (Phar::mount() crashes when calling with wrong parameters). + (Felipe) + +- PHP-FPM SAPI: + . Implemented FR #54499 (FPM ping and status_path should handle HEAD request). (fat) + . Implemented FR #54172 (Overriding the pid file location of php-fpm). (fat) + . Fixed missing Expires and Cache-Control headers for ping and status pages. + (fat) + . Fixed memory leak. (fat) Reported and fixed by Giovanni Giacobbi. + . Fixed wrong value of log_level when invoking fpm with -tt. (fat) + . Added xml format to the status page. (fat) + . Removed timestamp in logs written by children processes. (fat) + . Fixed exit at FPM startup on fpm_resources_prepare() errors. (fat) + . Added master rlimit_files and rlimit_core in the global configuration + settings. (fat) + . Removed pid in debug logs written by chrildren processes. (fat) + . Added custom access log (also added per request %CPU and memory + mesurement). (fat) + . Added a real scoreboard and several improvements to the status page. (fat) + +- Reflection extension: + . Fixed bug #54347 (reflection_extension does not lowercase module function + name). (Felipe, laruence at yahoo dot com dot cn) + +- SOAP extension: + . Fixed bug #55323 (SoapClient segmentation fault when XSD_TYPEKIND_EXTENSION + contains itself). (Dmitry) + . Fixed bug #54312 (soap_version logic bug). (tom at samplonius dot org) + +- Sockets extension: + . Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938) + Found by Mateusz Kocielski, Marek Kroemeke and Filip Palian. (Felipe) + . Changed socket_set_block() and socket_set_nonblock() so they emit warnings + on error. (Gustavo) + . Fixed bug #51958 (socket_accept() fails on IPv6 server sockets). (Gustavo) + +- SPL extension: + . Fixed bug #54971 (Wrong result when using iterator_to_array with use_keys + on true). (Pierrick) + . Fixed bug #54970 (SplFixedArray::setSize() isn't resizing). (Felipe) + . Fixed bug #54609 (Certain implementation(s) of SplFixedArray cause hard + crash). (Felipe) + . Fixed bug #54384 (Dual iterators, GlobIterator, SplFileObject and + SplTempFileObject crash when user-space classes don't call the paren + constructor). (Gustavo) + . Fixed bug #54292 (Wrong parameter causes crash in + SplFileObject::__construct()). (Felipe) + . Fixed bug #54291 (Crash iterating DirectoryIterator for dir name starting + with \0). (Gustavo) + . Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator). + (Felipe) + +- Streams: + . Fixed bug #54946 (stream_get_contents infinite loop). (Hannes) + . Fixed bug #54623 (Segfault when writing to a persistent socket after + closing a copy of the socket). (Gustavo) + . Fixed bug #54681 (addGlob() crashes on invalid flags). (Felipe) + + 17 Mar 2011, PHP 5.3.6 - Upgraded bundled Sqlite3 to version 3.7.4. (Ilia) - Upgraded bundled PCRE to version 8.11. (Ilia) |