php-src/NEWS

PHP                                                                        NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 2014, PHP 5.6.0 Beta 1

- Core:
  . Allow zero length comparison in substr_compare() (Tjerk)

- cURL:
  . Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour)
    (Tjerk)

- Date:
  . Added DateTimeImmutable::createFromMutable to create a DateTimeImmutable
    object from an existing DateTime (mutable) object (Derick)

- Mail:
  . Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)

- MySQLi:
  . Fixed bug #66762i (Segfault in mysqli_stmt::bind_result() when link closed)
    (Remi)

- Openssl:
  . Fixed memory leak in windows cert verification on verify failure.
    (Chris Wright)
  . Peer certificate capturing via SSL context options now functions even if
    peer verification fails. (Daniel Lowrey)

|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
27 Feb 2014, PHP 5.6.0 Alpha 3

- Core
  . Expose get_debug_info class hook as __debugInfo() magic method. (Sara)
  . Implemented unified default encoding
    (RFC: https://wiki.php.net/rfc/default_encoding). (Yasuo Ohgaki)

- Curl
  . Check for openssl.cafile ini directive when loading CA certs. (Daniel Lowrey)
  . Remove cURL close policy related constants as these have no effect and are
    no longer used in libcurl. (Chris Wright)

- Fileinfo
  . Upgraded to libmagic-5.17 (Anatol)
  . Fixed bug #66731 (file: infinite recursion). (CVE-2014-1943) (Remi)

- FPM:
  . Added clear_env configuration directive to disable clearenv() call.
  (Github PR# 598, Paul Annesley)

- GD:
  . Fixed imagettftext to load the correct character map rather than the last one.
    (Scott)
  . Fixed bug #66714 ( imageconvolution breakage). (Brad Daily)

- JSON:
  . Fixed bug #65753 (JsonSerializeable couldn't implement on module extension)
  (chobieeee@php.net)

- OPCache
  . Added function opcache_is_script_cached(). (Danack)
  . Added information about interned strings usage. (Terry, Julien, Dmitry)

- Openssl
  . Fallback to Windows CA cert store for peer verification if no openssl.cafile
    ini directive or "cafile" SSL context option specified in Windows.
    (Chris Wright)
  . The openssl.cafile and openssl.capath ini directives introduced in alpha2
    now have PHP_INI_PERDIR accessibility (was PHP_INI_ALL). (Daniel Lowrey)
  . New "peer_name" SSL context option replaces "CN_match" (which still works
    as before but triggers E_DEPRECATED). (Daniel Lowrey)
  . Fixed segfault when accessing non-existent context for client SNI use
    (Daniel Lowrey)
  . Fixed bug #66501 (Add EC key support to php_openssl_is_private_key).
    (Mark Zedwood)
  . Fixed Bug #47030 (add new boolean "verify_peer_name" SSL context option
    allowing clients to verify cert names separately from the cert itself).
    "verify_peer_name" is enabled by default for client streams.
    (Daniel Lowrey)
  . Fixed Bug #65538 ("cafile" SSL context option now supports stream
    wrappers). (Daniel Lowrey)
  . New openssl_get_cert_locations() function to aid CA file and peer
    verification debugging. (Daniel Lowrey)
  . Encrypted stream wrappers now disable TLS compression by default.
    (Daniel Lowrey)
  . New "capture_session_meta" SSL context option allows encrypted client and
    server streams access to negotiated protocol/cipher information.
    (Daniel Lowrey)
  . New "honor_cipher_order" SSL context option allows servers to prioritize
    cipher suites of their choosing when negotiating SSL/TLS handshakes.
    (Daniel Lowrey)
  . New "single_ecdh_use" and "single_dh_use" SSL context options allow for
    improved forward secrecy in encrypted stream servers. (Daniel Lowrey)
  . New "dh_param" SSL context option allows stream servers control over
    the parameters when negotiating DHE cipher suites. (Daniel Lowrey)
  . New "ecdh_curve" SSL context option allowing stream servers to specify
    the curve to use when negotiating ephemeral ECDHE ciphers (defaults to
    NIST P-256). (Daniel Lowrey)
  . New "rsa_key_size" SSL context option gives stream servers control
    over the key size (in bits) used for RSA key agreements. (Daniel Lowrey)
  . Crypto methods for encrypted client and server streams now use
    bitwise flags for fine-grained protocol support. (Daniel Lowrey)
  . Added new tlsv1.0 stream wrapper to specify TLSv1 client/server method.
    tls wrapper now negotiates TLSv1, TLSv1.1 or TLSv1.2. (Daniel Lowrey)
  . Encrypted client streams now enable SNI by default. (Daniel Lowrey)
  . Encrypted streams now prioritize ephemeral key agreement and high strength
    ciphers by default. (Daniel Lowrey)
  . New OPENSSL_DEFAULT_STREAM_CIPHERS constant exposes default cipher
    list. (Daniel Lowrey)
  . New STREAM_CRYPTO_METHOD_* constants for enhanced control over the crypto
    methods negotiated encrypted server/client sessions. (Daniel Lowrey)
  . Encrypted stream servers now automatically mitigate potential DoS vector
    arising from client-initiated TLS renegotiation. New "reneg_limit",
    "reneg_window" and "reneg_limit_callback" SSL context options for custom
    renegotiation limiting control. (Daniel Lowrey)

- Pgsql:
  . pg_insert()/pg_select()/pg_update()/pg_delete() are no longer EXPERIMENTAL.
    (Yasuo)
  . Impremented FR #25854 Return value for pg_insert should be resource instead of bool.
    (Yasuo)
  . Implemented FR #41146 - Add "description" with exteneded flag pg_meta_data().
    pg_meta_data(resource $conn, string $table [, bool extended])
    It also made pg_meta_data() return "is enum" always.
    (Yasuo)

13 Feb 2014, PHP 5.6.0 Alpha 2
- Core:
  . Added T_POW (**) operator
    (RFC: https://wiki.php.net/rfc/pow-operator). (Tjerk Meesters)

- mysqli
  . Added new function mysqli_get_links_stats() as well as new INI variable
    mysqli.rollback_on_cached_plink of type bool (Andrey)

- PCRE:
  . Upgraded to PCRE 8.34. (Anatol)

- ldap
  . Added new function ldap_modify_batch(). (Ondrej Hosek)

- Openssl
  . Peer certificates now verified by default in client socket operations
    (RFC: https://wiki.php.net/rfc/tls-peer-verification). (Daniel Lowrey)
  . New openssl.cafile and openssl.capath ini directives. (Daniel Lowrey)

23 Jan 2014, PHP 5.6.0 Alpha 1
- CLI server:
  . Added some MIME types to the CLI web server. (Chris Jones)

- Core:
  . Improved IS_VAR operands fetching. (Laruence, Dmitry)
  . Improved empty string handling. Now ZE uses an interned string instead of
    allocation new empty string each time. (Laruence, Dmitry)
  . Implemented internal operator overloading
    (RFC: https://wiki.php.net/rfc/operator_overloading_gmp). (Nikita)
  . Made calls from incompatible context issue an E_DEPRECATED warning instead
    of E_STRICT (phase 1 of RFC: https://wiki.php.net/rfc/incompat_ctx).
	(Gustavo)
  . Uploads equal or greater than 2GB in size are now accepted.
    (Ralf Lang, Mike)
  . Reduced POST data memory usage by 200-300%. Changed INI setting
    always_populate_raw_post_data to throw a deprecation warning when enabling
	and to accept -1 for never populating the $HTTP_RAW_POST_DATA global 
	variable, which will be the default in future PHP versions. (Mike)
  . Implemented dedicated syntax for variadic functions
    (RFC: https://wiki.php.net/rfc/variadics). (Nikita)
  . Fixed bug #50333 Improving multi-threaded scalability by using
    emalloc/efree/estrdup (Anatol, Dmitry)
  . Implemented constant scalar expressions (with support for constants)
    (RFC: https://wiki.php.net/rfc/const_scalar_exprs). (Bob)
  . Fixed bug #65784 (Segfault with finally). (Laruence, Dmitry)
  . Fixed bug #66509 (copy() arginfo has changed starting from 5.4). (willfitch)

- cURL:
  . Implemented FR #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir
    or safe_mode). (Adam)

- FPM
  . Included apparmor support in fpm
    (RFC: https://wiki.php.net/rfc/fpm_change_hat). (Gernot Vormayr)

- GMP:
  . Moved GMP to use object as the underlying structure and implemented various
    improvements based on this.
    (RFC: https://wiki.php.net/rfc/operator_overloading_gmp). (Nikita)
  . Added gmp_root() and gmp_rootrem() functions for calculating nth roots.
    (Nikita)

- Hash:
  . Added gost-crypto (CryptoPro S-box) GOST hash algo. (Manuel Mausz)

- JSON:
  . Fixed case part of bug #64874 ("json_decode handles whitespace and
    case-sensitivity incorrectly")

- mysqlnd:
  . Disabled flag for SP OUT variables for 5.5+ servers as they are not natively
    supported by the overlying APIs. (Andrey)

- OPcache:
  . Added an optimization of class constants and constant calls to some
    internal functions (Laruence, Dmitry)
  . Added an optimization pass to convert FCALL_BY_NAME into DO_FCALL.
    (Laruence, Dmitry)
  . Added an optimization pass to merged identical constants (and related
    cache_slots) in op_array->literals table. (Laruence, Dmitry)
  . Added script level constant replacement optimization pass. (Dmitry)

- Openssl:
  . Added crypto_method option for the ssl stream context. (Martin Jansen)
  . Added certificate fingerprint support. (Tjerk Meesters)
  . Added explicit TLSv1.1 and TLSv1.2 stream transports. (Daniel Lowrey)
  . Fixed bug #65729 (CN_match gives false positive). (Tjerk Meesters)
  . Peer name verification matches SAN DNS names for certs using
    the Subject Alternative Name x509 extension. (Daniel Lowrey)
  . Fixed segfault when built against OpenSSL>=1.0.1 (Daniel Lowrey)
  . Added SPKAC support. (Jason Gerfen)

- PDO_pgsql:
  . Fixed Bug #42614 (PDO_pgsql: add pg_get_notify support). (Matteo)
  . Fixed Bug #63657 (pgsqlCopyFromFile, pgsqlCopyToArray use Postgres < 7.3
    syntax). (Matteo)

- phpdbg:
  . Included phpdbg sapi (RFC: https://wiki.php.net/rfc/phpdbg).
    (Felipe Pena, Joe Watkins and Bob Weinand)

- pgsql:
  . pg_version() returns full report which obtained by PQparameterStatus().
    (Yasuo)
  . Added pg_lo_truncate(). (Yasuo)
  . Added 64bit large object support for PostgreSQL 9.3 and later. (Yasuo)

- Session:
  . Fixed Bug #65315 (session.hash_function silently fallback to default md5)
    (Yasuo)
  . Implemented Request #54649 (Create session_serializer_name()). (Yasuo)
  . Implemented Request #17860 (Session write short circuit). (Yasuo)
  . Implemented Request #20421 (session_abort() and session_reset() function).
    (Yasuo)
  . Implemented Request #11100 (session_gc() function). (Yasuo)

- Standard:
  . Implemented FR #65634 (HTTP wrapper is very slow with protocol_version
    1.1). (Adam)
  . Implemented Change crypt() behavior w/o salt RFC. (Yasuo)
    https://wiki.php.net/rfc/crypt_function_salt
  . Implemented request #49824 (Change array_fill() to allow creating empty
    array). (Nikita)

- XMLReader:
  . Fixed bug #55285 (XMLReader::getAttribute/No/Ns methods inconsistency). 
    (Mike)

- Zip:
  . update libzip to version 1.11.2.
    PHP don't use any ilibzip private symbol anymore.  (Pierre, Remi)
  . new method ZipArchive::setPassword($password). (Pierre)
  . add --with-libzip option to build with system libzip. (Remi)
  . new methods:
    ZipArchive::setExternalAttributesName($name, $opsys, $attr [, $flags])
    ZipArchive::setExternalAttributesIndex($idx, $opsys, $attr [, $flags])
    ZipArchive::getExternalAttributesName($name, &$opsys, &$attr [, $flags])
    ZipArchive::getExternalAttributesIndex($idx, &$opsys, &$attr [, $flags])

<<< NOTE: Insert NEWS from last stable release here prior to actual release! >>>