diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 264 |
1 files changed, 258 insertions, 6 deletions
@@ -1,5 +1,259 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| +10 Jan 2012, PHP 5.3.9 + +- Core: + . Added max_input_vars directive to prevent attacks based on hash collisions + (Dmitry). + . Fixed bug #60205 (possible integer overflow in content_length). (Laruence) + . Fixed bug #60139 (Anonymous functions create cycles not detected by the + GC). (Dmitry) + . Fixed bug #60138 (GC crash with referenced array in RecursiveArrayIterator) + (Dmitry). + . Fixed bug #60120 (proc_open's streams may hang with stdin/out/err when + the data exceeds or is equal to 2048 bytes). (Pierre, Pascal Borreli) + . Fixed bug #60099 (__halt_compiler() works in braced namespaces). (Felipe) + . Fixed bug #60019 (Function time_nanosleep() is undefined on OS X). (Ilia) + . Fixed bug #55874 (GCC does not provide __sync_fetch_and_add on some archs). + (klightspeed at netspace dot net dot au) + . Fixed bug #55798 (serialize followed by unserialize with numeric object + prop. gives integer prop). (Gustavo) + . Fixed bug #55749 (TOCTOU issue in getenv() on Windows builds). (Pierre) + . Fixed bug #55707 (undefined reference to `__sync_fetch_and_add_4' on Linux + parisc). (Felipe) + . Fixed bug #55674 (fgetcsv & str_getcsv skip empty fields in some + tab-separated records). (Laruence) + . Fixed bug #55649 (Undefined function Bug()). (Laruence) + . Fixed bug #55622 (memory corruption in parse_ini_string). (Pierre) + . Fixed bug #55576 (Cannot conditionally move uploaded file without race + condition). (Gustavo) + . Fixed bug #55510: $_FILES 'name' missing first character after upload. + (Arpad) + . Fixed bug #55509 (segfault on x86_64 using more than 2G memory). (Laruence) + . Fixed bug #55504 (Content-Type header is not parsed correctly on + HTTP POST request). (Hannes) + . Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to + is_a and is_subclass_of). (alan_k) + . Fixed bug #52461 (Incomplete doctype and missing xmlns). + (virsacer at web dot de, Pierre) + . Fixed bug #55366 (keys lost when using substr_replace an array). (Arpad) + . Fixed bug #55273 (base64_decode() with strict rejects whitespace after + pad). (Ilia) + . Fixed bug #52624 (tempnam() by-pass open_basedir with nonnexistent + directory). (Felipe) + . Fixed bug #50982 (incorrect assumption of PAGE_SIZE size). (Dmitry) + . Fixed invalid free in call_user_method() function. (Felipe) + . Fixed bug #43200 (Interface implementation / inheritence not possible in + abstract classes). (Felipe) + + +- BCmath: + . Fixed bug #60377 (bcscale related crashes on 64bits platforms). (shm) + +- Calendar: + . Fixed bug #55797 (Integer overflow in SdnToGregorian leads to segfault (in + optimized builds). (Gustavo) + +- cURL: + . Fixed bug #60439 (curl_copy_handle segfault when used with + CURLOPT_PROGRESSFUNCTION). (Pierrick) + . Fixed bug #54798 (Segfault when CURLOPT_STDERR file pointer is closed + before calling curl_exec). (Hannes) + . Fixed issues were curl_copy_handle() would sometimes lose copied + preferences. (Hannes) + +- DateTime: + . Fixed bug #60373 (Startup errors with log_errors on cause segfault). + (Derick) + . Fixed bug #60236 (TLA timezone dates are not converted properly from + timestamp). (Derick) + . Fixed bug #55253 (DateTime::add() and sub() result -1 hour on objects with + time zone type 2). (Derick) + . Fixed bug #54851 (DateTime::createFromFormat() doesn't interpret "D"). + (Derick) + . Fixed bug #53502 (strtotime with timezone memory leak). (Derick) + . Fixed bug #52062 (large timestamps with DateTime::getTimestamp and + DateTime::setTimestamp). (Derick) + . Fixed bug #51994 (date_parse_from_format is parsing invalid date using 'yz' + format). (Derick) + . Fixed bug #52113 (Seg fault while creating (by unserialization) + DatePeriod). (Derick) + . Fixed bug #48476 (cloning extended DateTime class without calling + parent::__constr crashed PHP). (Hannes) + +- EXIF: + . Fixed bug #60150 (Integer overflow during the parsing of invalid exif + header). (Stas, flolechaud at gmail dot com) + +- Fileinfo: + . Fixed bug #60094 (C++ comment fails in c89). (Laruence) + . Fixed possible memory leak in finfo_open(). (Felipe) + . Fixed memory leak when calling the Finfo constructor twice. (Felipe) + +- Filter: + . Fixed Bug #55478 (FILTER_VALIDATE_EMAIL fails with internationalized + domain name addresses containing >1 -). (Ilia) + +- FTP: + . Fixed bug #60183 (out of sync ftp responses). (bram at ebskamp dot me, + rasmus) + +- Gd: + . Fixed bug #60160 (imagefill() doesn't work correctly + for small images). (Florian) + +- Intl: + . Fixed bug #60192 (SegFault when Collator not constructed + properly). (Florian) + . Fixed memory leak in several Intl locale functions. (Felipe) + +- Json: + . Fixed bug #55543 (json_encode() with JSON_NUMERIC_CHECK fails on objects + with numeric string properties). (Ilia, dchurch at sciencelogic dot com) + +- Mbstring: + . Fixed possible crash in mb_ereg_search_init() using empty pattern. (Felipe) + +- MS SQL: + . Fixed bug #60267 (Compile failure with freetds 0.91). (Felipe) + +- MySQL: + . Fixed bug #55550 (mysql.trace_mode miscounts result sets). (Johannes) + +- MySQLi extension: + . Fixed bug #55859 (mysqli->stat property access gives error). (Andrey) + . Fixed bug #55582 (mysqli_num_rows() returns always 0 for unbuffered, when + mysqlnd is used). (Andrey) + . Fixed bug #55703 (PHP crash when calling mysqli_fetch_fields). + (eran at zend dot com, Laruence) + +- mysqlnd + . Fixed bug #55609 (mysqlnd cannot be built shared). (Johannes) + . Fixed bug #55067 (MySQL doesn't support compression - wrong config option). + (Andrey) + +- NSAPI SAPI: + . Don't set $_SERVER['HTTPS'] on unsecure connection (bug #55403). (Uwe + Schindler) + +- OpenSSL: + . Fixed bug #60279 (Fixed NULL pointer dereference in + stream_socket_enable_crypto, case when ssl_handle of session_stream is not + initialized.) (shm) + . Fix segfault with older versions of OpenSSL. (Scott) + +- Oracle Database extension (OCI8): + . Fixed bug #59985 (show normal warning text for OCI_NO_DATA). + (Chris Jones) + . Increased maximum Oracle error message buffer length for new 11.2.0.3 size. + (Chris Jones) + . Improve internal initalization failure error messages. (Chris Jones) + +- PDO + . Fixed bug #55776 (PDORow to session bug). (Johannes) + +- PDO Firebird: + . Fixed bug #48877 ("bindValue" and "bindParam" do not work for PDO Firebird). + (Mariuz) + . Fixed bug #47415 (PDO_Firebird segfaults when passing lowercased column name to bindColumn). + . Fixed bug #53280 (PDO_Firebird segfaults if query column count less than param count). + (Mariuz) + +- PDO MySQL driver: + . Fixed bug #60155 (pdo_mysql.default_socket ignored). (Johannes) + . Fixed bug #55870 (PDO ignores all SSL parameters when used with mysql + native driver). (Pierre) + . Fixed bug #54158 (MYSQLND+PDO MySQL requires #define + MYSQL_OPT_LOCAL_INFILE). (Andrey) + +- PDO OCI driver: + . Fixed bug #55768 (PDO_OCI can't resume Oracle session after it's been + killed). (mikhail dot v dot gavrilov at gmail dot com, Chris Jones, Tony) + +- Phar: + . Fixed bug #60261 (NULL pointer dereference in phar). (Felipe) + . Fixed bug #60164 (Stubs of a specific length break phar_open_from_fp + . Fixed bug #53872 (internal corruption of phar). (Hannes) + . Fixed bug #52013 (Unable to decompress files in a compressed phar). (Hannes) + scanning for __HALT_COMPILER). (Ralph Schindler) + +- PHP-FPM SAPI: + . Fixed bug #60659 (FPM does not clear auth_user on request accept). + (bonbons at linux-vserver dot org) + . Fixed bug #60629 (memory corruption when web server closed the fcgi fd). + (fat) + . Fixed bug #60179 (php_flag and php_value does not work properly). (fat) + . Fixed bug #55526 (Heartbeat causes a lot of unnecessary events). (fat) + . Fixed bug #55533 (The -d parameter doesn't work). (fat) + . Implemented FR #52569 (Add the "ondemand" process-manager + to allow zero children). (fat) + . Fixed bug #55486 (status show BIG processes number). (fat) + . Fixed bug #55577 (status.html does not install). (fat) + . Backported from 5.4 branch (Dropped restriction of not setting the same + value multiple times, the last one holds). + (giovanni at giacobbi dot net, fat) + . Backported FR #55166 from 5.4 branch (Added process.max to control + the number of process FPM can fork). (fat) + . Backported FR #55181 from 5.4 branch (Enhance security by limiting access + to user defined extensions). (fat) + . Backported FR #54098 from 5.4 branch (Lowered process manager + default value). (fat) + . Backported FR #52052 from 5.4 branch (Added partial syslog support). (fat) + . Implemented FR #54577 (Enhanced status page with full status and details + about each processes. Also provide a web page (status.html) for + real-time FPM status. (fat) + . Enhance error log when the primary script can't be open. FR #60199. (fat) + . Added .phar to default authorized extensions. (fat) + +- Postgres: + . Fixed bug #60244 (pg_fetch_* functions do not validate that row param + is >0). (Ilia) + +- Reflection: + . Fixed bug #60367 (Reflection and Late Static Binding). (Laruence) + +- Session: + . Fixed bug #55267 (session_regenerate_id fails after header sent). (Hannes) + +- SimpleXML: + . Reverted the SimpleXML->query() behaviour to returning empty arrays + instead of false when no nodes are found as it was since 5.3.3 + (bug #48601). (chregu, rrichards) + +- SOAP + . Fixed bug #54911 (Access to a undefined member in inherit SoapClient may + cause Segmentation Fault). (Dmitry) + . Fixed bug #48216 (PHP Fatal error: SOAP-ERROR: Parsing WSDL: + Extra content at the end of the doc, when server uses chunked transfer + encoding with spaces after chunk size). (Dmitry) + . Fixed bug #44686 (SOAP-ERROR: Parsing WSDL with references). (Dmitry) + +- Sockets: + . Fixed bug #60048 (sa_len a #define on IRIX). (china at thewrittenword dot + com) + +- SPL: + . Fixed bug #60082 (Crash in ArrayObject() when using recursive references). + (Tony) + . Fixed bug #55807 (Wrong value for splFileObject::SKIP_EMPTY). + (jgotti at modedemploi dot fr, Hannes) + . Fixed bug #54304 (RegexIterator::accept() doesn't work with scalar values). + (Hannes) + +- Streams: + . Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected together + with the last read). (Gustavo) + +- Tidy: + . Fixed bug #54682 (Tidy::diagnose() NULL pointer dereference). + (Maksymilian Arciemowicz, Felipe) + +- XSL: + . Added xsl.security_prefs ini option to define forbidden operations within + XSLT stylesheets, default is not to enable write operations. This option + won't be in 5.4, since there's a new method. Fixes Bug #54446. (Chregu, + Nicolas Gregoire) + 23 Aug 2011, PHP 5.3.8 - Core: @@ -123,7 +377,7 @@ PHP NEWS exception and fatal error). (Hannes) - DBA extension: - . Supress warning on non-existent file open with Berkeley DB 5.2 (Chris Jones) + . Supress warning on non-existent file open with Berkeley DB 5.2. (Chris Jones) . Fixed bug #54242 (dba_insert returns true if key already exists). (Felipe) - Exif extesion: @@ -170,10 +424,6 @@ PHP NEWS . Fixed bug #55169 (mcrypt_create_iv always fails to gather sufficient random data on Windows). (Pierre) -- MySQL Improved extension: - . Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries). - (Andrey) - - mysqlnd . Fixed crash when using more than 28,000 bound parameters. Workaround is to set mysqlnd.net_cmd_buffer_size to at least 9000. (Andrey) @@ -183,6 +433,8 @@ PHP NEWS - MySQLi extension: . Fixed bug #55283 (SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections). (Andrey) + . Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries). + (Andrey) - OpenSSL extension: . openssl_encrypt()/openssl_decrypt() truncated keys of variable length @@ -194,7 +446,7 @@ PHP NEWS - Oracle Database extension (OCI8): . Added oci_client_version() returning the runtime Oracle client library - version (Chris Jones) + version. (Chris Jones) . PCRE extension: . Increased the backtrack limit from 100000 to 1000000 (Rasmus) |