2010-11-13 19:12:07 +08:00
|
|
|
PHP NEWS
|
1999-07-23 07:54:54 +08:00
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
2014-08-14 08:17:55 +08:00
|
|
|
?? ??? 2014, PHP 5.6.0 ???
|
|
|
|
|
2014-08-21 15:12:16 +08:00
|
|
|
- Core:
|
|
|
|
. Fixed bug #67878 (program_prefix not honoured in man pages). (Remi)
|
|
|
|
|
2014-08-15 09:16:33 +08:00
|
|
|
- Fileinfo:
|
|
|
|
. Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi)
|
|
|
|
|
2014-08-20 03:46:53 +08:00
|
|
|
- GD
|
2014-08-20 04:22:14 +08:00
|
|
|
. Made fontFetch's path parser thread-safe. (Sara)
|
2014-08-20 06:34:57 +08:00
|
|
|
. Fixed bug #67730 (Null byte injection possible with imagexxx functions).
|
|
|
|
(CVE-2014-5120) (Ryan Mauger)
|
2014-08-20 03:46:53 +08:00
|
|
|
|
2014-08-21 17:34:38 +08:00
|
|
|
- Zlib:
|
2014-08-22 04:42:14 +08:00
|
|
|
. Fixed bug #67865 (internal corruption phar error). Mike
|
2014-08-21 17:34:38 +08:00
|
|
|
|
2014-08-14 08:17:55 +08:00
|
|
|
14 Aug 2014, PHP 5.6.0 Release Candidate 4
|
2014-07-30 16:51:28 +08:00
|
|
|
|
2014-08-12 17:52:50 +08:00
|
|
|
- COM:
|
|
|
|
. Fixed bug #41577 (DOTNET is successful once per server run)
|
|
|
|
(Aidas Kasparas)
|
|
|
|
|
2014-07-30 18:17:36 +08:00
|
|
|
- Core:
|
2014-07-30 23:18:05 +08:00
|
|
|
. Fixed bug #67693 (incorrect push to the empty array). (Tjerk)
|
2014-07-30 23:57:07 +08:00
|
|
|
. Removed inconsistency regarding behaviour of array in constants at
|
|
|
|
run-time. (Bob)
|
2014-07-30 23:18:05 +08:00
|
|
|
|
2014-08-04 15:08:35 +08:00
|
|
|
- Fileinfo:
|
|
|
|
. Fixed bug #67705 (extensive backtracking in rule regular expression).
|
|
|
|
(CVE-2014-3538) (Remi)
|
|
|
|
|
2014-08-09 14:30:50 +08:00
|
|
|
- FPM:
|
|
|
|
. Fix bug #67606 (revised fix 67541, broke mod_fastcgi BC). (David Zuelke)
|
|
|
|
|
2014-08-04 16:50:56 +08:00
|
|
|
- GD:
|
2014-08-04 17:09:18 +08:00
|
|
|
. Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference).
|
2014-08-04 16:50:56 +08:00
|
|
|
(CVE-2014-2497) (Remi)
|
|
|
|
|
2014-07-31 02:14:03 +08:00
|
|
|
- Milter:
|
|
|
|
. Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike)
|
|
|
|
|
2014-08-19 14:41:42 +08:00
|
|
|
- Network:
|
|
|
|
. Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi)
|
|
|
|
|
2014-08-08 00:40:52 +08:00
|
|
|
- OpenSSL:
|
|
|
|
. Fixed bug #41631 (socket timeouts not honored in blocking SSL reads)
|
|
|
|
(Daniel Lowrey).
|
|
|
|
|
2014-07-31 02:14:03 +08:00
|
|
|
- SPL:
|
2014-07-30 23:18:05 +08:00
|
|
|
. Revert fix for bug #67064 (BC issues). (Bob)
|
2014-07-30 18:17:36 +08:00
|
|
|
|
2014-08-05 21:48:35 +08:00
|
|
|
- Zlib:
|
|
|
|
. Fixed bug #67724 (chained zlib filters silently fail with large amounts of
|
|
|
|
data). (Mike)
|
|
|
|
|
2014-08-13 20:20:54 +08:00
|
|
|
- Date:
|
|
|
|
. Fixed bug #66091 (memory leaks in DateTime constructor) (Tjerk).
|
|
|
|
|
2014-08-16 07:49:07 +08:00
|
|
|
- MySQLi:
|
|
|
|
. Fixed bug #67839 (mysqli does not handle 4-byte floats correctly). (Keyur)
|
|
|
|
|
2014-07-30 16:51:28 +08:00
|
|
|
31 Jul 2014, PHP 5.6.0 Release Candidate 3
|
2014-07-02 07:39:26 +08:00
|
|
|
|
2014-06-13 08:35:05 +08:00
|
|
|
- Core:
|
2014-07-03 04:33:57 +08:00
|
|
|
. Fixed bug #67497 (eval with parse error causes segmentation fault in
|
2014-07-02 23:33:31 +08:00
|
|
|
generator). (Nikita)
|
2014-07-03 04:31:52 +08:00
|
|
|
. Fixed bug #67151 (strtr with empty array crashes). (Nikita)
|
2014-07-08 16:08:10 +08:00
|
|
|
. Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server
|
|
|
|
2012). (Christian Wenz)
|
2014-07-18 15:51:10 +08:00
|
|
|
. Fixed bug #66608 (Incorrect behavior with nested "finally" blocks).
|
|
|
|
(Laruence, Dmitry)
|
2014-07-12 11:14:18 +08:00
|
|
|
. Implemented FR #34407 (ucwords and Title Case). (Tjerk)
|
2014-06-11 14:03:40 +08:00
|
|
|
|
2014-07-28 15:37:32 +08:00
|
|
|
- COM:
|
|
|
|
. Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas).
|
|
|
|
|
2014-06-13 08:54:29 +08:00
|
|
|
- CLI server:
|
2014-07-08 04:36:06 +08:00
|
|
|
. Fixed bug #66830 (Empty header causes PHP built-in web server to hang).
|
|
|
|
(Adam)
|
2014-07-12 15:11:05 +08:00
|
|
|
. Fixed bug #67594 (Unable to access to apache_request_headers() elements).
|
|
|
|
(Tjerk)
|
2014-06-11 14:03:40 +08:00
|
|
|
|
2014-07-08 14:33:39 +08:00
|
|
|
- FPM:
|
|
|
|
. Fixed bug #67530 (error_log=syslog ignored). (Remi)
|
2014-07-20 00:47:14 +08:00
|
|
|
. Fixed bug #67635 (php links to systemd libraries without using pkg-config).
|
|
|
|
(pacho@gentoo.org, Remi)
|
2014-07-08 14:33:39 +08:00
|
|
|
|
2014-07-07 15:36:57 +08:00
|
|
|
- Intl:
|
2014-07-07 15:49:33 +08:00
|
|
|
. Fixed bug #66921 (Wrong argument type hint for function
|
2014-07-07 15:48:44 +08:00
|
|
|
intltz_from_date_time_zone). (Stas)
|
2014-07-07 15:37:24 +08:00
|
|
|
. Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting).
|
2014-07-07 15:36:57 +08:00
|
|
|
(Stas)
|
2014-06-27 15:50:01 +08:00
|
|
|
|
2014-07-03 03:30:06 +08:00
|
|
|
- pgsql:
|
2014-07-07 15:49:33 +08:00
|
|
|
. Fixed bug #67555 (Cannot build against libpq 7.3). (Adam)
|
2014-07-03 03:30:06 +08:00
|
|
|
|
2014-07-30 17:47:14 +08:00
|
|
|
- ODBC:
|
|
|
|
. Fixed bug #60616 (odbc_fetch_into returns junk at end of multi-byte char
|
|
|
|
fields). (Keyur Govande)
|
|
|
|
|
2014-07-12 22:49:42 +08:00
|
|
|
- OpenSSL:
|
2014-07-28 15:37:32 +08:00
|
|
|
. Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).
|
2014-07-12 22:49:42 +08:00
|
|
|
. Fixed bug #67609 (TLS connections fail behind HTTP proxy). (Daniel Lowrey)
|
2014-07-16 11:55:30 +08:00
|
|
|
. Fixed broken build against OpenSSL older than 0.9.8 where ECDH unavailable.
|
2014-07-16 22:45:23 +08:00
|
|
|
(Lior Kaplan)
|
2014-07-24 14:39:18 +08:00
|
|
|
. Fixed bug #67666 (Subject altNames doesn't support wildcard matching). (Tjerk)
|
2014-07-12 22:49:42 +08:00
|
|
|
|
2014-07-09 06:04:42 +08:00
|
|
|
- Phar:
|
|
|
|
. Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske)
|
|
|
|
|
2014-07-30 17:26:55 +08:00
|
|
|
- readline:
|
|
|
|
. Fixed bug #55496 (Interactive mode doesn't force a newline before the
|
|
|
|
prompt). (Bob, Johannes)
|
|
|
|
. Fixed bug #67496 (Save command history when exiting interactive shell
|
|
|
|
with control-c). (Dmitry Saprykin, Johannes)
|
|
|
|
|
2014-07-30 16:45:35 +08:00
|
|
|
- Reflection:
|
|
|
|
. Implemented FR #67713 (loosen the restrictions on
|
|
|
|
ReflectionClass::newInstanceWithoutConstructor()). (Ferenc)
|
|
|
|
|
2014-07-03 10:51:24 +08:00
|
|
|
- SPL:
|
|
|
|
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during
|
2014-08-20 06:18:15 +08:00
|
|
|
sorting). (CVE-2014-4698) (research at insighti dot org, Laruence)
|
2014-07-03 10:51:24 +08:00
|
|
|
. Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence)
|
|
|
|
|
2014-07-19 09:13:15 +08:00
|
|
|
- Session:
|
2014-07-28 15:37:32 +08:00
|
|
|
. Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).
|
2014-07-19 09:13:15 +08:00
|
|
|
. Fixed bug #66827 (Session raises E_NOTICE when session name variable is array).
|
|
|
|
(Yasuo)
|
|
|
|
|
2014-07-03 14:59:14 +08:00
|
|
|
- OPCache:
|
|
|
|
. Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault
|
|
|
|
happen) (Dmitry, Laruence)
|
2014-07-02 23:35:03 +08:00
|
|
|
|
2014-07-06 07:20:46 +08:00
|
|
|
- phpdbg
|
2014-07-06 19:34:03 +08:00
|
|
|
. Fixed bug #67575 (Compilation fails for phpdbg when the
|
|
|
|
build directory != src directory). (Andy Thompson)
|
2014-07-06 07:20:46 +08:00
|
|
|
|
2014-07-02 07:39:26 +08:00
|
|
|
03 Jul 2014, PHP 5.6.0 Release Candidate 2
|
2014-06-19 07:34:25 +08:00
|
|
|
|
2014-06-21 06:06:51 +08:00
|
|
|
- Core:
|
2014-07-03 01:46:56 +08:00
|
|
|
. Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0).
|
|
|
|
(Ferenc)
|
2014-06-24 13:53:05 +08:00
|
|
|
. Fixed bug #67368 (Memory leak with immediately dereferenced array in class
|
|
|
|
constant). (Laruence)
|
2014-06-21 06:06:51 +08:00
|
|
|
. Fixed bug #67468 (Segfault in highlight_file()/highlight_string()).
|
|
|
|
(Andreas Ferber)
|
2014-07-02 08:18:48 +08:00
|
|
|
. Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability).
|
|
|
|
(Stefan Esser)
|
2014-07-03 01:48:36 +08:00
|
|
|
. Fixed bug #67551 (php://input temp file will be located in sys_temp_dir
|
|
|
|
instead of upload_tmp_dir). (Mike)
|
2014-06-21 06:06:51 +08:00
|
|
|
|
2014-06-27 15:51:34 +08:00
|
|
|
- FPM:
|
|
|
|
. Fix bug #67531 (syslog cannot be set in pool configuration). (Remi)
|
2014-06-30 08:32:06 +08:00
|
|
|
. Fix bug #67541 (Fix Apache 2.4.10+ SetHandler proxy:fcgi://
|
|
|
|
incompatibilities). (David Zuelke)
|
2014-06-27 15:51:34 +08:00
|
|
|
|
2014-07-02 08:18:48 +08:00
|
|
|
- Intl:
|
|
|
|
. Fixed bug #67349 (Locale::parseLocale Double Free). (Stas)
|
|
|
|
. Fixed bug #67397 (Buffer overflow in locale_get_display_name and
|
|
|
|
uloc_getDisplayName (libicu 4.8.1)). (Stas)
|
|
|
|
|
2014-07-02 04:19:22 +08:00
|
|
|
- pgsql:
|
|
|
|
. Fix bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756),
|
|
|
|
which affected builds against libpq < 7.3. (Adam)
|
|
|
|
|
2014-06-23 16:39:06 +08:00
|
|
|
- phpdbg:
|
|
|
|
. Fix Bug #67499 (readline feature not enabled when build with libedit). (Remi)
|
2014-06-29 18:54:33 +08:00
|
|
|
. Fix issue krakjoe/phpdbg#94 (List behavior is inconsistent). (Bob)
|
|
|
|
. Fix issue krakjoe/phpdbg#97 (The prompt should always ensure it is on a
|
|
|
|
newline). (Bob)
|
|
|
|
. Fix issue krakjoe/phpdbg#98 (break if does not seem to work). (Bob)
|
|
|
|
. Fix issue krakjoe/phpdbg#99 (register function has the same behavior as
|
|
|
|
run). (Bob)
|
|
|
|
. Fix issue krakjoe/phpdbg#100 (No way to list the current stack/frames)
|
|
|
|
(Help entry was missing). (Bob)
|
2014-06-23 16:39:06 +08:00
|
|
|
|
2014-07-02 08:18:48 +08:00
|
|
|
- SPL:
|
|
|
|
. Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type
|
|
|
|
Confusion) (CVE-2014-3515). (Stefan Esser)
|
|
|
|
|
2014-06-19 07:34:25 +08:00
|
|
|
19 Jun 2014, PHP 5.6.0 Release Candidate 1
|
2014-06-03 16:27:42 +08:00
|
|
|
|
2014-06-06 23:09:49 +08:00
|
|
|
- Core:
|
2014-06-09 10:47:14 +08:00
|
|
|
. Implemented FR #64744 (Differentiate between member function call on a null
|
|
|
|
and non-null, non-objects). (Boro Sitnikovski)
|
2014-06-16 04:32:47 +08:00
|
|
|
. Fixed bug #67436 (Autoloader isn't called if two method definitions don't
|
|
|
|
match). (Bob)
|
2014-06-09 10:03:31 +08:00
|
|
|
. Fixed bug #66622 (Closures do not correctly capture the late bound class
|
|
|
|
(static::) in some cases). (Levi Morrison)
|
2014-06-06 23:19:35 +08:00
|
|
|
. Fixed bug #67390 (insecure temporary file use in the configure script).
|
|
|
|
(Remi) (CVE-2014-3981)
|
2014-06-06 23:09:49 +08:00
|
|
|
. Fixed bug #67392 (dtrace breaks argument unpack). (Nikita)
|
2014-06-13 08:40:51 +08:00
|
|
|
. Fixed bug #67428 (header('Location: foo') will override a 308-399 response
|
|
|
|
code). (Adam)
|
2014-06-13 19:14:12 +08:00
|
|
|
. Fixed bug #67433 (SIGSEGV when using count() on an object implementing
|
|
|
|
Countable). (Matteo)
|
2014-06-19 08:18:26 +08:00
|
|
|
. Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas)
|
2014-06-06 23:09:49 +08:00
|
|
|
|
2014-06-10 16:32:15 +08:00
|
|
|
- CLI server:
|
2014-06-13 08:57:36 +08:00
|
|
|
. Implemented FR #67429 (CLI server is missing some new HTTP response codes).
|
2014-05-22 03:55:09 +08:00
|
|
|
(Adam)
|
2014-06-19 08:29:27 +08:00
|
|
|
. Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi)
|
2014-06-05 19:46:13 +08:00
|
|
|
|
2014-06-10 20:05:34 +08:00
|
|
|
- Fileinfo:
|
|
|
|
. Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal
|
2014-06-10 20:24:22 +08:00
|
|
|
string size). (Francisco Alonso, Jan Kaluza, Remi)
|
2014-06-10 20:16:58 +08:00
|
|
|
. Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary
|
2014-06-10 20:24:22 +08:00
|
|
|
check). (Francisco Alonso, Jan Kaluza, Remi)
|
|
|
|
. Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check).
|
2014-06-10 20:36:31 +08:00
|
|
|
(Francisco Alonso, Jan Kaluza, Remi)
|
|
|
|
. Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary
|
|
|
|
check). (Francisco Alonso, Jan Kaluza, Remi)
|
2014-06-10 20:05:34 +08:00
|
|
|
|
2014-06-19 02:53:34 +08:00
|
|
|
- mysqlnd:
|
|
|
|
. Added support for gb18030 from MySQL 5.7. (Andrey)
|
|
|
|
|
2014-06-12 05:24:50 +08:00
|
|
|
- Network:
|
2014-06-15 16:07:39 +08:00
|
|
|
. Fixed bug #67432 (Fix potential segfault in dns_get_record()).
|
|
|
|
(CVE-2014-4049). (Sara)
|
2014-06-12 05:24:50 +08:00
|
|
|
|
2014-06-09 05:19:25 +08:00
|
|
|
- OpenSSL:
|
|
|
|
. Fixed bug #65698 (certificates validity parsing does not work past 2050).
|
|
|
|
(Paul Oehler)
|
|
|
|
. Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).
|
|
|
|
(Paul Oehler)
|
|
|
|
|
2014-06-15 21:50:36 +08:00
|
|
|
- phpdbg:
|
|
|
|
. Fixed bug #67212 (phpdbg uses non-standard TIOCGWINSZ). (Ferenc)
|
|
|
|
|
2014-06-09 10:47:14 +08:00
|
|
|
- SOAP:
|
|
|
|
. Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski)
|
|
|
|
|
2014-05-30 01:49:32 +08:00
|
|
|
- SPL:
|
2014-06-11 14:23:37 +08:00
|
|
|
. Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)
|
2014-06-17 15:41:10 +08:00
|
|
|
. Fixed request #67453 (Allow to unserialize empty data). (Remi)
|
2014-04-15 23:57:27 +08:00
|
|
|
|
2014-06-13 09:17:18 +08:00
|
|
|
- Streams:
|
|
|
|
. Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam)
|
2014-04-15 23:57:27 +08:00
|
|
|
|
2014-06-07 21:27:54 +08:00
|
|
|
- Tokenizer:
|
|
|
|
. Fixed bug #67395 (token_name() does not return name for T_POW and T_POW_EQUAL
|
|
|
|
token). (Ferenc)
|
|
|
|
|
2014-06-03 16:27:42 +08:00
|
|
|
05 Jun 2014, PHP 5.6.0 Beta 4
|
2014-05-14 15:14:04 +08:00
|
|
|
|
2014-05-28 03:11:07 +08:00
|
|
|
- Core:
|
|
|
|
. Fixed bug #67249 (printf out-of-bounds read). (Stas)
|
2014-05-14 16:24:32 +08:00
|
|
|
|
2014-05-22 03:55:09 +08:00
|
|
|
- Date:
|
|
|
|
. Fixed bug #67308 (Serialize of DateTime truncates fractions of second).
|
|
|
|
(Adam)
|
2014-06-05 19:46:55 +08:00
|
|
|
. Fixed regression in fix for bug #67118 (constructor can't be called twice).
|
|
|
|
(Remi)
|
|
|
|
|
2014-05-22 03:55:09 +08:00
|
|
|
|
2014-05-27 09:11:07 +08:00
|
|
|
- Fileinfo:
|
|
|
|
. Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS).
|
|
|
|
. Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
|
|
|
|
performance degradation).
|
2014-06-03 17:09:52 +08:00
|
|
|
. Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check).
|
2014-06-03 17:37:20 +08:00
|
|
|
. Fixed bug #67329 (fileinfo: NULL pointer deference flaw by processing certain
|
|
|
|
CDF files).
|
2014-05-27 09:11:07 +08:00
|
|
|
|
2014-06-01 19:42:39 +08:00
|
|
|
- SPL:
|
|
|
|
. Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence)
|
|
|
|
|
2014-06-04 05:18:24 +08:00
|
|
|
- phpdbg:
|
|
|
|
. Fixed bug which caused phpdbg to fail immediately on startup in non-debug
|
|
|
|
builds. (Bob)
|
|
|
|
|
2014-05-14 15:14:04 +08:00
|
|
|
15 May 2014, PHP 5.6.0 Beta 3
|
2014-05-01 22:24:49 +08:00
|
|
|
|
2014-05-02 18:48:43 +08:00
|
|
|
- Core:
|
|
|
|
. Fixed bug #67169 (array_splice all elements, then []= gives wrong index).
|
|
|
|
(Nikita)
|
2014-05-06 18:39:23 +08:00
|
|
|
. Fixed bug #67198 (php://input regression). (Mike)
|
2014-05-12 08:54:27 +08:00
|
|
|
. Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
|
2014-05-14 08:09:16 +08:00
|
|
|
. Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
|
|
|
|
. Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
|
|
|
|
|
|
|
|
- Date:
|
|
|
|
. Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
|
|
|
|
. Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
|
2014-04-14 16:02:11 +08:00
|
|
|
|
2014-05-12 09:14:57 +08:00
|
|
|
- GD:
|
|
|
|
. Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)
|
|
|
|
|
2014-05-07 21:55:40 +08:00
|
|
|
- OpenSSL:
|
|
|
|
. Fixed bug #67224 (Fall back to crypto_type from context if not specified
|
|
|
|
explicitly in stream_socket_enable_crypto). (Chris Wright)
|
|
|
|
|
2014-05-10 04:17:22 +08:00
|
|
|
- PCRE:
|
|
|
|
. Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch
|
|
|
|
from the upstream). (Anatol)
|
|
|
|
|
2014-05-12 13:58:46 +08:00
|
|
|
- mbstring
|
|
|
|
. Fixed bug #67199 (mb_regex_encoding mismatch). (Yasuo)
|
|
|
|
|
2014-05-01 22:24:49 +08:00
|
|
|
01 May 2014, PHP 5.6.0 Beta 2
|
2014-04-10 12:22:43 +08:00
|
|
|
|
2014-04-16 15:49:48 +08:00
|
|
|
- CLI server:
|
|
|
|
. Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol)
|
|
|
|
|
2014-04-29 19:47:09 +08:00
|
|
|
- COM:
|
|
|
|
. Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)
|
|
|
|
|
2014-04-11 16:10:36 +08:00
|
|
|
- Core:
|
2014-04-21 06:26:51 +08:00
|
|
|
. Fixed bug #65701 (copy() doesn't work when destination filename is created
|
|
|
|
by tempnam()). (Boro Sitnikovski)
|
2014-04-11 16:10:36 +08:00
|
|
|
. Fixed bug #66015 (Unexpected array indexing in class's static property). (Bob)
|
2014-04-12 00:30:14 +08:00
|
|
|
. Added (constant) string/array dereferencing to static scalar expressions
|
|
|
|
to complete the set; now possible thanks to bug #66015 being fixed. (Bob)
|
2014-04-13 08:49:35 +08:00
|
|
|
. Fixed bug #66568 (Update reflection information for unserialize() function).
|
|
|
|
(Ferenc)
|
2014-04-13 16:45:46 +08:00
|
|
|
. Fixed bug #66660 (Composer.phar install/update fails). (Ferenc)
|
2014-04-14 06:22:21 +08:00
|
|
|
. Fixed bug #67024 (getimagesize should recognize BMP files with negative
|
2014-04-05 06:17:25 +08:00
|
|
|
height). (Gabor Buella)
|
2014-04-14 06:08:36 +08:00
|
|
|
. Fixed bug #67064 (Countable interface prevents using 2nd parameter
|
|
|
|
($mode) of count() function). (Bob)
|
2014-04-21 06:26:51 +08:00
|
|
|
. Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
|
2014-05-01 16:56:39 +08:00
|
|
|
. Fixed bug #67033 (Remove reference to Windows 95). (Anatol)
|
2014-04-11 16:10:36 +08:00
|
|
|
|
2014-01-28 18:47:14 +08:00
|
|
|
- cURL:
|
2014-04-30 15:29:37 +08:00
|
|
|
. Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike)
|
2014-01-28 18:47:14 +08:00
|
|
|
. Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
|
|
|
|
(Freek Lijten)
|
|
|
|
|
2014-02-17 08:07:52 +08:00
|
|
|
- Date:
|
|
|
|
. Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is
|
|
|
|
supplied). (Boro Sitnikovski)
|
2014-04-25 23:27:07 +08:00
|
|
|
. Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
|
2014-02-17 08:07:52 +08:00
|
|
|
|
2014-04-16 20:16:36 +08:00
|
|
|
- DOM:
|
|
|
|
. Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
|
|
|
|
not only the subset). (Anatol)
|
|
|
|
|
2014-04-16 01:26:49 +08:00
|
|
|
- Fileinfo:
|
|
|
|
. Fixed bug #66907 (Solaris 10 is missing strcasestr and needs substitute).
|
|
|
|
(Anatol)
|
2014-04-25 01:35:52 +08:00
|
|
|
. Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
|
2014-04-16 01:26:49 +08:00
|
|
|
|
2014-01-16 16:34:39 +08:00
|
|
|
- FPM:
|
2014-04-14 08:31:14 +08:00
|
|
|
. Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
|
2014-04-21 07:24:15 +08:00
|
|
|
. Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
|
|
|
|
(Julio Pintos)
|
2014-04-30 00:14:40 +08:00
|
|
|
. Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure
|
2014-04-16 01:43:24 +08:00
|
|
|
default configuration) (CVE-2014-0185). (Stas)
|
2014-04-14 08:31:14 +08:00
|
|
|
|
2014-04-28 16:01:54 +08:00
|
|
|
- GMP:
|
|
|
|
. Fixed crashes in serialize/unserialize. (Stas)
|
|
|
|
|
2014-04-14 09:54:54 +08:00
|
|
|
- JSON:
|
|
|
|
. Fixed bug #66021 (Blank line inside empty array/object when
|
|
|
|
JSON_PRETTY_PRINT is set). (Kevin Israel)
|
|
|
|
|
2014-04-14 11:43:46 +08:00
|
|
|
- LDAP:
|
|
|
|
. Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
|
|
|
|
|
2014-05-01 16:43:34 +08:00
|
|
|
- litespeed
|
|
|
|
. Fixed bug #63228 (-Werror=format-security error in lsapi code).
|
2014-05-03 01:25:42 +08:00
|
|
|
(Elan Ruusamäe, George)
|
2014-05-01 16:43:34 +08:00
|
|
|
|
2014-05-03 05:33:52 +08:00
|
|
|
- mysqli:
|
|
|
|
. Fixed building against an external libmysqlclient. (Adam)
|
|
|
|
|
2014-04-10 23:15:42 +08:00
|
|
|
- mysqlnd:
|
|
|
|
. Added a new fetching mode to mysqlnd. (Andrey)
|
|
|
|
|
2014-03-25 11:24:41 +08:00
|
|
|
- OpenSSL:
|
|
|
|
. Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
|
|
|
|
. Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)
|
2014-05-01 16:43:34 +08:00
|
|
|
. Fix bug #66840 (Fix broken build when extension built separately).
|
|
|
|
(Daniel Lowrey)
|
2014-03-25 11:24:41 +08:00
|
|
|
|
2014-05-01 16:50:41 +08:00
|
|
|
- phpdbg:
|
|
|
|
. Added watchpoints (watch command). (Bob)
|
|
|
|
. Renamed some commands (next => continue and how to step). (Joe)
|
2014-05-01 23:10:00 +08:00
|
|
|
. Fixed issue #85 (https://github.com/krakjoe/phpdbg/issues/85)
|
|
|
|
(Added stdin/stdout/stderr constants and their php:// wrappers). (Bob)
|
2014-05-01 16:50:41 +08:00
|
|
|
|
2014-04-13 14:53:21 +08:00
|
|
|
- PDO:
|
|
|
|
. Fixed bug #66604 ('pdo/php_pdo_error.h' not copied to the include dir).
|
|
|
|
(Matteo)
|
|
|
|
|
2014-02-25 01:01:58 +08:00
|
|
|
- PDO-ODBC:
|
|
|
|
. Fixed bug #50444 (PDO-ODBC changes for 64-bit).
|
|
|
|
|
2014-04-21 08:23:15 +08:00
|
|
|
- Phar:
|
|
|
|
. Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
|
|
|
|
in its name). (PR #588)
|
2014-04-05 15:48:20 +08:00
|
|
|
|
2014-04-11 17:01:42 +08:00
|
|
|
- SQLite:
|
|
|
|
. Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3). (Anatol)
|
|
|
|
|
2014-04-14 04:37:16 +08:00
|
|
|
- Apache2 Handler SAPI:
|
2014-04-14 06:37:19 +08:00
|
|
|
. Fixed Apache log issue caused by APR's lack of support for %zu
|
2014-04-14 04:37:16 +08:00
|
|
|
(APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120).
|
|
|
|
(Jeff Trawick)
|
|
|
|
|
2014-04-10 12:22:43 +08:00
|
|
|
10 Apr 2014, PHP 5.6.0 Beta 1
|
2014-02-26 22:08:08 +08:00
|
|
|
|
2014-03-03 03:13:26 +08:00
|
|
|
- Core:
|
|
|
|
. Allow zero length comparison in substr_compare() (Tjerk)
|
2014-03-03 05:59:07 +08:00
|
|
|
. Fixed bug #60602 (proc_open() changes environment array) (Tjerk)
|
2014-04-02 21:39:07 +08:00
|
|
|
. Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
|
2014-04-02 17:14:34 +08:00
|
|
|
. Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace
|
|
|
|
UNIX sockets). (Mike)
|
2014-04-03 15:09:51 +08:00
|
|
|
. Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
|
2014-04-03 16:41:45 +08:00
|
|
|
. Fixed bug #66736 (fpassthru broken). (Mike)
|
2014-03-06 08:33:01 +08:00
|
|
|
. Fixed bug #66822 (Cannot use T_POW in const expression) (Tjerk)
|
2014-04-09 07:36:34 +08:00
|
|
|
. Fixed bug #67043 (substr_compare broke by previous change) (Tjerk)
|
2014-03-03 03:13:26 +08:00
|
|
|
|
2014-03-07 18:57:55 +08:00
|
|
|
- SPL:
|
|
|
|
. Added feature #65545 (SplFileObject::fread()) (Tjerk)
|
2014-03-25 18:16:30 +08:00
|
|
|
. Fixed bug #66834 (empty() does not work on classes that extend ArrayObject) (Tjerk)
|
2014-04-10 12:21:31 +08:00
|
|
|
. Fixed bug #66702 (RegexIterator::INVERT_MATCH does not invert). (Joshua
|
|
|
|
Thijssen)
|
2014-03-07 18:57:55 +08:00
|
|
|
|
2014-03-03 03:13:26 +08:00
|
|
|
- cURL:
|
|
|
|
. Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour)
|
|
|
|
(Tjerk)
|
2014-03-12 02:04:26 +08:00
|
|
|
. Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive.
|
|
|
|
(Adam)
|
2014-02-27 15:50:29 +08:00
|
|
|
|
2014-02-12 17:55:49 +08:00
|
|
|
- Date:
|
|
|
|
. Added DateTimeImmutable::createFromMutable to create a DateTimeImmutable
|
|
|
|
object from an existing DateTime (mutable) object (Derick)
|
|
|
|
|
2014-03-24 17:31:08 +08:00
|
|
|
- Embed:
|
|
|
|
. Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol).
|
|
|
|
|
2014-03-25 18:04:49 +08:00
|
|
|
- Fileinfo:
|
2014-04-10 12:21:31 +08:00
|
|
|
. Fixed bug #66820 (out-of-bounds memory access in fileinfo)
|
|
|
|
(CVE-2014-2270). (Remi)
|
2014-03-25 18:04:49 +08:00
|
|
|
. Fixed bug #66946i (fileinfo: extensive backtracking in awk rule regular
|
|
|
|
expression). (CVE-2013-7345) (Remi)
|
2014-04-10 13:07:11 +08:00
|
|
|
. Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
|
2014-03-31 22:58:10 +08:00
|
|
|
(Remi)
|
|
|
|
|
2014-03-25 18:04:49 +08:00
|
|
|
|
2014-03-05 17:45:50 +08:00
|
|
|
- GD:
|
|
|
|
. Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer
|
|
|
|
CVE-2013-7327). (Tomas Hoger, Remi).
|
2014-04-10 12:21:31 +08:00
|
|
|
. Fixed #66869 (Invalid 2nd argument crashes imageaffinematrixget) (Pierre)
|
2014-03-13 00:13:47 +08:00
|
|
|
. Fixed bug #66887 (imagescale - poor quality of scaled image). (Remi)
|
2014-03-12 22:36:38 +08:00
|
|
|
. Fixed bug #66890 (imagescale segfault). (Remi)
|
|
|
|
. Fixed bug #66893 (imagescale ignore method argument). (Remi)
|
2014-03-05 17:45:50 +08:00
|
|
|
|
2014-04-10 12:21:31 +08:00
|
|
|
- GMP:
|
|
|
|
. Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre)
|
|
|
|
|
2014-02-12 17:55:49 +08:00
|
|
|
- Hash:
|
2014-03-11 20:42:16 +08:00
|
|
|
. Fixed bug #66698 (Missing FNV1a32 and FNV1a64 hash functions).
|
2014-02-12 17:55:49 +08:00
|
|
|
(Michael M Slusarz).
|
2014-03-19 21:24:01 +08:00
|
|
|
. Implemented timing attack safe string comparison function
|
|
|
|
(RFC: https://wiki.php.net/rfc/timing_attack). (Rouven Weßling)
|
2014-04-10 12:21:31 +08:00
|
|
|
. hash_pbkdf2() now works correctly if the $length argument is not specified.
|
|
|
|
(Nikita)
|
2014-03-03 03:17:16 +08:00
|
|
|
|
2014-03-17 16:17:09 +08:00
|
|
|
- Intl:
|
2014-03-17 16:19:45 +08:00
|
|
|
. Fixed bug #66873 (A reproductible crash in UConverter when given invalid
|
2014-03-17 16:17:09 +08:00
|
|
|
encoding) (Stas)
|
|
|
|
|
2014-03-01 12:27:36 +08:00
|
|
|
- Mail:
|
|
|
|
. Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)
|
|
|
|
|
2014-03-16 01:00:16 +08:00
|
|
|
- Mbstring:
|
|
|
|
. Upgraded to oniguruma 5.9.5 (Anatol)
|
|
|
|
|
2014-03-05 22:36:00 +08:00
|
|
|
- Mcrypt:
|
|
|
|
. No longer allow invalid key sizes, invalid IV sizes or missing required IV
|
|
|
|
in mcrypt_encrypt, mcrypt_decrypt and the deprecated mode functions.
|
|
|
|
(Nikita)
|
2014-03-11 20:42:16 +08:00
|
|
|
. Use /dev/urandom as the default source for mcrypt_create_iv(). (Nikita)
|
2014-03-05 22:36:00 +08:00
|
|
|
|
2014-03-03 03:13:26 +08:00
|
|
|
- MySQLi:
|
2014-03-11 07:33:35 +08:00
|
|
|
. Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)
|
2014-03-03 03:13:26 +08:00
|
|
|
(Remi)
|
2014-03-01 12:27:36 +08:00
|
|
|
|
2014-03-11 07:33:35 +08:00
|
|
|
- OCI8
|
|
|
|
. Fixed Bug #66875 (Improve performance of multi-row OCI_RETURN_LOB queries)
|
|
|
|
(Perrier, Chris Jones)
|
|
|
|
|
2014-03-06 01:49:21 +08:00
|
|
|
- OpenSSL:
|
2014-03-02 22:03:39 +08:00
|
|
|
. Fixed memory leak in windows cert verification on verify failure.
|
|
|
|
(Chris Wright)
|
|
|
|
. Peer certificate capturing via SSL context options now functions even if
|
|
|
|
peer verification fails. (Daniel Lowrey)
|
2014-03-06 01:49:21 +08:00
|
|
|
. Encrypted TLS servers now support the server name indication TLS extension
|
|
|
|
via the new "SNI_server_certs" SSL context option. (Daniel Lowrey)
|
2014-03-14 16:53:11 +08:00
|
|
|
. Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)
|
2014-03-02 22:03:39 +08:00
|
|
|
|
2014-03-01 00:14:26 +08:00
|
|
|
- PCRE:
|
|
|
|
. Added support for (*MARK) backtracking verbs. (Nikita)
|
|
|
|
|
2014-04-10 12:21:31 +08:00
|
|
|
- PDO_firebird:
|
|
|
|
. Fixed Bug #66071 (memory corruption in error handling) (Popa)
|
|
|
|
|
2014-03-12 06:28:53 +08:00
|
|
|
- PDO_pgsql:
|
|
|
|
. Cleaned up code by increasing the requirements to libpq versions providing
|
|
|
|
PQexecParams, PQprepare, PQescapeStringConn, PQescapeByteaConn. According
|
|
|
|
to the release notes that means 8.0.8+ or 8.1.4+. (Matteo)
|
|
|
|
. Deprecated PDO::PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT, an
|
|
|
|
undocument constant effectively equivalent to PDO::ATTR_EMULATE_PREPARES.
|
|
|
|
(Matteo)
|
|
|
|
. Added PDO::PGSQL_ATTR_DISABLE_PREPARES constant to execute the queries
|
|
|
|
without preparing them, while still passing parameters separately from
|
|
|
|
the command text using PQexecParams. (Matteo)
|
|
|
|
|
2014-03-17 20:45:37 +08:00
|
|
|
- Pgsql:
|
|
|
|
. Read-only access to the socket stream underlying database connections is
|
|
|
|
exposed via a new pg_socket() function to allow read/write polling when
|
|
|
|
establishing asynchronous connections and executing queries in non-blocking
|
|
|
|
applications. (Daniel Lowrey)
|
|
|
|
. Asynchronous connections are now possible using the PGSQL_CONNECT_ASYNC
|
|
|
|
flag in conjunction with a new pg_connect_poll() function and connection
|
|
|
|
polling status constants. (Daniel Lowrey)
|
|
|
|
. New pg_flush() and pg_consume_input() functions added to manually complete
|
|
|
|
non-blocking reads/writes to underlying connection sockets. (Daniel Lowrey)
|
|
|
|
|
2014-04-10 12:21:31 +08:00
|
|
|
- Session
|
|
|
|
. Remove session_gc() and session_serializer_name() wich were introduced in the first 5.6.0 alpha.
|
|
|
|
|
2014-04-05 15:49:51 +08:00
|
|
|
- SimpleXML:
|
|
|
|
. Fixed bug #66084 (simplexml_load_string() mangles empty node name)
|
|
|
|
(Anatol)
|
|
|
|
|
2014-03-09 20:06:32 +08:00
|
|
|
- SQLite:
|
|
|
|
. Updated the bundled libsqlite to the version 3.8.3.1 (Anatol)
|
|
|
|
|
2014-04-01 16:14:38 +08:00
|
|
|
- XSL:
|
|
|
|
. Fixed bug #53965 (<xsl:include> cannot find files with relative paths
|
|
|
|
when loaded with "file://"). (Anatol)
|
|
|
|
|
2014-02-26 22:08:08 +08:00
|
|
|
27 Feb 2014, PHP 5.6.0 Alpha 3
|
2014-02-06 20:48:57 +08:00
|
|
|
|
2014-02-26 22:28:36 +08:00
|
|
|
- Core
|
|
|
|
. Expose get_debug_info class hook as __debugInfo() magic method. (Sara)
|
2014-02-26 22:29:40 +08:00
|
|
|
. Implemented unified default encoding
|
|
|
|
(RFC: https://wiki.php.net/rfc/default_encoding). (Yasuo Ohgaki)
|
2014-02-17 13:53:19 +08:00
|
|
|
|
2014-02-27 04:06:08 +08:00
|
|
|
- Curl
|
|
|
|
. Check for openssl.cafile ini directive when loading CA certs. (Daniel Lowrey)
|
2014-02-27 04:29:10 +08:00
|
|
|
. Remove cURL close policy related constants as these have no effect and are
|
|
|
|
no longer used in libcurl. (Chris Wright)
|
2014-02-27 04:06:08 +08:00
|
|
|
|
2014-02-19 18:28:55 +08:00
|
|
|
- Fileinfo
|
|
|
|
. Upgraded to libmagic-5.17 (Anatol)
|
2014-02-27 08:12:17 +08:00
|
|
|
. Fixed bug #66731 (file: infinite recursion). (CVE-2014-1943) (Remi)
|
2014-02-19 18:28:55 +08:00
|
|
|
|
2014-02-27 08:26:23 +08:00
|
|
|
- FPM:
|
|
|
|
. Added clear_env configuration directive to disable clearenv() call.
|
|
|
|
(Github PR# 598, Paul Annesley)
|
|
|
|
|
2014-02-27 08:19:08 +08:00
|
|
|
- GD:
|
2014-02-26 22:28:36 +08:00
|
|
|
. Fixed imagettftext to load the correct character map rather than the last one.
|
|
|
|
(Scott)
|
2014-02-27 08:19:08 +08:00
|
|
|
. Fixed bug #66714 ( imageconvolution breakage). (Brad Daily)
|
2014-02-26 22:28:36 +08:00
|
|
|
|
2014-02-17 18:16:32 +08:00
|
|
|
- JSON:
|
|
|
|
. Fixed bug #65753 (JsonSerializeable couldn't implement on module extension)
|
|
|
|
(chobieeee@php.net)
|
|
|
|
|
2014-02-27 08:22:15 +08:00
|
|
|
- OPCache
|
|
|
|
. Added function opcache_is_script_cached(). (Danack)
|
2014-02-27 08:23:58 +08:00
|
|
|
. Added information about interned strings usage. (Terry, Julien, Dmitry)
|
2014-02-27 08:22:15 +08:00
|
|
|
|
2014-03-06 01:49:21 +08:00
|
|
|
- OpenSSL
|
2014-02-26 04:22:16 +08:00
|
|
|
. Fallback to Windows CA cert store for peer verification if no openssl.cafile
|
|
|
|
ini directive or "cafile" SSL context option specified in Windows.
|
|
|
|
(Chris Wright)
|
2014-02-27 04:06:08 +08:00
|
|
|
. The openssl.cafile and openssl.capath ini directives introduced in alpha2
|
|
|
|
now have PHP_INI_PERDIR accessibility (was PHP_INI_ALL). (Daniel Lowrey)
|
|
|
|
. New "peer_name" SSL context option replaces "CN_match" (which still works
|
|
|
|
as before but triggers E_DEPRECATED). (Daniel Lowrey)
|
2014-02-15 01:26:42 +08:00
|
|
|
. Fixed segfault when accessing non-existent context for client SNI use
|
|
|
|
(Daniel Lowrey)
|
2014-02-15 12:44:05 +08:00
|
|
|
. Fixed bug #66501 (Add EC key support to php_openssl_is_private_key).
|
|
|
|
(Mark Zedwood)
|
2014-02-27 04:06:08 +08:00
|
|
|
. Fixed Bug #47030 (add new boolean "verify_peer_name" SSL context option
|
|
|
|
allowing clients to verify cert names separately from the cert itself).
|
|
|
|
"verify_peer_name" is enabled by default for client streams.
|
2014-02-22 00:38:15 +08:00
|
|
|
(Daniel Lowrey)
|
|
|
|
. Fixed Bug #65538 ("cafile" SSL context option now supports stream
|
|
|
|
wrappers). (Daniel Lowrey)
|
|
|
|
. New openssl_get_cert_locations() function to aid CA file and peer
|
|
|
|
verification debugging. (Daniel Lowrey)
|
|
|
|
. Encrypted stream wrappers now disable TLS compression by default.
|
|
|
|
(Daniel Lowrey)
|
|
|
|
. New "capture_session_meta" SSL context option allows encrypted client and
|
|
|
|
server streams access to negotiated protocol/cipher information.
|
|
|
|
(Daniel Lowrey)
|
|
|
|
. New "honor_cipher_order" SSL context option allows servers to prioritize
|
|
|
|
cipher suites of their choosing when negotiating SSL/TLS handshakes.
|
|
|
|
(Daniel Lowrey)
|
|
|
|
. New "single_ecdh_use" and "single_dh_use" SSL context options allow for
|
|
|
|
improved forward secrecy in encrypted stream servers. (Daniel Lowrey)
|
|
|
|
. New "dh_param" SSL context option allows stream servers control over
|
|
|
|
the parameters when negotiating DHE cipher suites. (Daniel Lowrey)
|
|
|
|
. New "ecdh_curve" SSL context option allowing stream servers to specify
|
|
|
|
the curve to use when negotiating ephemeral ECDHE ciphers (defaults to
|
|
|
|
NIST P-256). (Daniel Lowrey)
|
|
|
|
. New "rsa_key_size" SSL context option gives stream servers control
|
|
|
|
over the key size (in bits) used for RSA key agreements. (Daniel Lowrey)
|
|
|
|
. Crypto methods for encrypted client and server streams now use
|
|
|
|
bitwise flags for fine-grained protocol support. (Daniel Lowrey)
|
|
|
|
. Added new tlsv1.0 stream wrapper to specify TLSv1 client/server method.
|
|
|
|
tls wrapper now negotiates TLSv1, TLSv1.1 or TLSv1.2. (Daniel Lowrey)
|
|
|
|
. Encrypted client streams now enable SNI by default. (Daniel Lowrey)
|
|
|
|
. Encrypted streams now prioritize ephemeral key agreement and high strength
|
|
|
|
ciphers by default. (Daniel Lowrey)
|
|
|
|
. New OPENSSL_DEFAULT_STREAM_CIPHERS constant exposes default cipher
|
|
|
|
list. (Daniel Lowrey)
|
|
|
|
. New STREAM_CRYPTO_METHOD_* constants for enhanced control over the crypto
|
|
|
|
methods negotiated encrypted server/client sessions. (Daniel Lowrey)
|
|
|
|
. Encrypted stream servers now automatically mitigate potential DoS vector
|
|
|
|
arising from client-initiated TLS renegotiation. New "reneg_limit",
|
|
|
|
"reneg_window" and "reneg_limit_callback" SSL context options for custom
|
|
|
|
renegotiation limiting control. (Daniel Lowrey)
|
2014-02-15 01:26:42 +08:00
|
|
|
|
2014-02-16 13:21:05 +08:00
|
|
|
- Pgsql:
|
|
|
|
. pg_insert()/pg_select()/pg_update()/pg_delete() are no longer EXPERIMENTAL.
|
2014-02-17 08:59:58 +08:00
|
|
|
(Yasuo)
|
|
|
|
. Impremented FR #25854 Return value for pg_insert should be resource instead of bool.
|
|
|
|
(Yasuo)
|
|
|
|
. Implemented FR #41146 - Add "description" with exteneded flag pg_meta_data().
|
|
|
|
pg_meta_data(resource $conn, string $table [, bool extended])
|
|
|
|
It also made pg_meta_data() return "is enum" always.
|
|
|
|
(Yasuo)
|
2014-02-16 13:21:05 +08:00
|
|
|
|
2014-02-12 13:39:10 +08:00
|
|
|
13 Feb 2014, PHP 5.6.0 Alpha 2
|
2014-02-06 21:45:22 +08:00
|
|
|
- Core:
|
|
|
|
. Added T_POW (**) operator
|
|
|
|
(RFC: https://wiki.php.net/rfc/pow-operator). (Tjerk Meesters)
|
|
|
|
|
2014-01-29 21:27:43 +08:00
|
|
|
- mysqli
|
|
|
|
. Added new function mysqli_get_links_stats() as well as new INI variable
|
|
|
|
mysqli.rollback_on_cached_plink of type bool (Andrey)
|
|
|
|
|
2014-02-04 17:39:18 +08:00
|
|
|
- PCRE:
|
|
|
|
. Upgraded to PCRE 8.34. (Anatol)
|
|
|
|
|
2014-02-14 06:21:28 +08:00
|
|
|
- ldap
|
|
|
|
. Added new function ldap_modify_batch(). (Ondrej Hosek)
|
2013-11-27 16:34:40 +08:00
|
|
|
|
2014-03-06 01:49:21 +08:00
|
|
|
- OpenSSL
|
2014-02-14 07:22:31 +08:00
|
|
|
. Peer certificates now verified by default in client socket operations
|
|
|
|
(RFC: https://wiki.php.net/rfc/tls-peer-verification). (Daniel Lowrey)
|
2014-02-22 00:38:15 +08:00
|
|
|
. New openssl.cafile and openssl.capath ini directives. (Daniel Lowrey)
|
2014-02-14 07:22:31 +08:00
|
|
|
|
2014-01-21 18:20:40 +08:00
|
|
|
23 Jan 2014, PHP 5.6.0 Alpha 1
|
2013-11-16 04:37:52 +08:00
|
|
|
- CLI server:
|
2013-12-13 21:32:14 +08:00
|
|
|
. Added some MIME types to the CLI web server. (Chris Jones)
|
2013-11-16 04:37:52 +08:00
|
|
|
|
2013-05-17 17:35:32 +08:00
|
|
|
- Core:
|
|
|
|
. Improved IS_VAR operands fetching. (Laruence, Dmitry)
|
2013-12-26 18:47:13 +08:00
|
|
|
. Improved empty string handling. Now ZE uses an interned string instead of
|
|
|
|
allocation new empty string each time. (Laruence, Dmitry)
|
2013-06-18 00:27:22 +08:00
|
|
|
. Implemented internal operator overloading
|
|
|
|
(RFC: https://wiki.php.net/rfc/operator_overloading_gmp). (Nikita)
|
2013-09-03 05:19:53 +08:00
|
|
|
. Made calls from incompatible context issue an E_DEPRECATED warning instead
|
|
|
|
of E_STRICT (phase 1 of RFC: https://wiki.php.net/rfc/incompat_ctx).
|
|
|
|
(Gustavo)
|
2013-09-17 14:04:07 +08:00
|
|
|
. Uploads equal or greater than 2GB in size are now accepted.
|
|
|
|
(Ralf Lang, Mike)
|
2014-01-17 19:18:16 +08:00
|
|
|
. Reduced POST data memory usage by 200-300%. Changed INI setting
|
|
|
|
always_populate_raw_post_data to throw a deprecation warning when enabling
|
|
|
|
and to accept -1 for never populating the $HTTP_RAW_POST_DATA global
|
|
|
|
variable, which will be the default in future PHP versions. (Mike)
|
2013-09-27 00:39:17 +08:00
|
|
|
. Implemented dedicated syntax for variadic functions
|
|
|
|
(RFC: https://wiki.php.net/rfc/variadics). (Nikita)
|
2013-11-06 02:54:50 +08:00
|
|
|
. Fixed bug #50333 Improving multi-threaded scalability by using
|
|
|
|
emalloc/efree/estrdup (Anatol, Dmitry)
|
2013-11-28 20:46:51 +08:00
|
|
|
. Implemented constant scalar expressions (with support for constants)
|
|
|
|
(RFC: https://wiki.php.net/rfc/const_scalar_exprs). (Bob)
|
2013-12-13 00:15:50 +08:00
|
|
|
. Fixed bug #65784 (Segfault with finally). (Laruence, Dmitry)
|
2014-01-21 01:18:20 +08:00
|
|
|
. Fixed bug #66509 (copy() arginfo has changed starting from 5.4). (willfitch)
|
2013-05-17 17:35:32 +08:00
|
|
|
|
2013-09-11 02:42:42 +08:00
|
|
|
- cURL:
|
|
|
|
. Implemented FR #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir
|
|
|
|
or safe_mode). (Adam)
|
|
|
|
|
2014-02-27 19:43:42 +08:00
|
|
|
- FPM
|
|
|
|
. Included apparmor support in fpm
|
|
|
|
(RFC: https://wiki.php.net/rfc/fpm_change_hat). (Gernot Vormayr)
|
|
|
|
|
2013-09-12 05:37:07 +08:00
|
|
|
- GMP:
|
|
|
|
. Moved GMP to use object as the underlying structure and implemented various
|
|
|
|
improvements based on this.
|
|
|
|
(RFC: https://wiki.php.net/rfc/operator_overloading_gmp). (Nikita)
|
2013-11-29 06:42:23 +08:00
|
|
|
. Added gmp_root() and gmp_rootrem() functions for calculating nth roots.
|
|
|
|
(Nikita)
|
2013-08-09 17:05:07 +08:00
|
|
|
|
2013-10-03 22:23:59 +08:00
|
|
|
- Hash:
|
|
|
|
. Added gost-crypto (CryptoPro S-box) GOST hash algo. (Manuel Mausz)
|
|
|
|
|
2013-09-18 03:12:29 +08:00
|
|
|
- JSON:
|
|
|
|
. Fixed case part of bug #64874 ("json_decode handles whitespace and
|
|
|
|
case-sensitivity incorrectly")
|
|
|
|
|
2013-07-22 17:02:48 +08:00
|
|
|
- mysqlnd:
|
|
|
|
. Disabled flag for SP OUT variables for 5.5+ servers as they are not natively
|
|
|
|
supported by the overlying APIs. (Andrey)
|
|
|
|
|
2013-05-17 17:35:32 +08:00
|
|
|
- OPcache:
|
2013-11-27 01:38:40 +08:00
|
|
|
. Added an optimization of class constants and constant calls to some
|
|
|
|
internal functions (Laruence, Dmitry)
|
2013-05-17 17:35:32 +08:00
|
|
|
. Added an optimization pass to convert FCALL_BY_NAME into DO_FCALL.
|
|
|
|
(Laruence, Dmitry)
|
|
|
|
. Added an optimization pass to merged identical constants (and related
|
|
|
|
cache_slots) in op_array->literals table. (Laruence, Dmitry)
|
|
|
|
. Added script level constant replacement optimization pass. (Dmitry)
|
|
|
|
|
2014-03-06 01:49:21 +08:00
|
|
|
- OpenSSL:
|
2013-10-08 22:20:07 +08:00
|
|
|
. Added crypto_method option for the ssl stream context. (Martin Jansen)
|
|
|
|
. Added certificate fingerprint support. (Tjerk Meesters)
|
2013-10-17 21:47:55 +08:00
|
|
|
. Added explicit TLSv1.1 and TLSv1.2 stream transports. (Daniel Lowrey)
|
2013-10-08 22:20:07 +08:00
|
|
|
. Fixed bug #65729 (CN_match gives false positive). (Tjerk Meesters)
|
2014-01-28 05:58:04 +08:00
|
|
|
. Peer name verification matches SAN DNS names for certs using
|
|
|
|
the Subject Alternative Name x509 extension. (Daniel Lowrey)
|
|
|
|
. Fixed segfault when built against OpenSSL>=1.0.1 (Daniel Lowrey)
|
2014-02-03 11:20:16 +08:00
|
|
|
. Added SPKAC support. (Jason Gerfen)
|
2014-01-28 05:58:04 +08:00
|
|
|
|
2013-06-18 00:27:22 +08:00
|
|
|
- PDO_pgsql:
|
2013-06-07 15:27:42 +08:00
|
|
|
. Fixed Bug #42614 (PDO_pgsql: add pg_get_notify support). (Matteo)
|
2013-06-07 15:36:41 +08:00
|
|
|
. Fixed Bug #63657 (pgsqlCopyFromFile, pgsqlCopyToArray use Postgres < 7.3
|
|
|
|
syntax). (Matteo)
|
2013-06-07 15:27:42 +08:00
|
|
|
|
2013-12-20 21:56:03 +08:00
|
|
|
- phpdbg:
|
|
|
|
. Included phpdbg sapi (RFC: https://wiki.php.net/rfc/phpdbg).
|
|
|
|
(Felipe Pena, Joe Watkins and Bob Weinand)
|
|
|
|
|
2014-01-14 09:10:48 +08:00
|
|
|
- pgsql:
|
|
|
|
. pg_version() returns full report which obtained by PQparameterStatus().
|
2014-01-15 13:37:24 +08:00
|
|
|
(Yasuo)
|
|
|
|
. Added pg_lo_truncate(). (Yasuo)
|
|
|
|
. Added 64bit large object support for PostgreSQL 9.3 and later. (Yasuo)
|
2014-01-14 09:10:48 +08:00
|
|
|
|
2013-09-12 05:37:07 +08:00
|
|
|
- Session:
|
|
|
|
. Fixed Bug #65315 (session.hash_function silently fallback to default md5)
|
|
|
|
(Yasuo)
|
|
|
|
. Implemented Request #17860 (Session write short circuit). (Yasuo)
|
|
|
|
. Implemented Request #20421 (session_abort() and session_reset() function).
|
|
|
|
(Yasuo)
|
2013-06-18 00:27:22 +08:00
|
|
|
|
Request non-keep-alive connections by default in HTTP 1.1 requests.
As noted in FR #65634, at present we don't send a Connection request header
when the protocol version is set to 1.1, which means that RFC-compliant Web
servers should respond with keep-alive connections. Since there's no way of
reusing the HTTP connection at present, this simply means that PHP will appear
to hang until the remote server hits its connection timeout, which may be quite
some time.
This commit sends a "Connection: close" header by default when HTTP 1.1 (or
later) is requested by the user via the context options. It can be overridden
by specifying a Connection header in the context options. It isn't possible to
disable sending of the Connection header, but given "Connection: keep-alive" is
the same as the default HTTP 1.1 behaviour, I don't see this as a significant
issue — users who want to opt in for that still can.
As a note, although I've removed an efree(protocol_version), this doesn't
result in a memory leak: protocol_version is freed in the out: block at the end
of the function anyway, and there are no returns between the removed efree()
and the later call. Yes, I ran the tests with valgrind to check that. ☺
Implements FR #65634 (HTTP wrapper is very slow with protocol_version 1.1).
2013-09-12 05:11:29 +08:00
|
|
|
- Standard:
|
|
|
|
. Implemented FR #65634 (HTTP wrapper is very slow with protocol_version
|
|
|
|
1.1). (Adam)
|
2013-10-29 17:53:45 +08:00
|
|
|
. Implemented Change crypt() behavior w/o salt RFC. (Yasuo)
|
|
|
|
https://wiki.php.net/rfc/crypt_function_salt
|
2013-11-13 04:56:50 +08:00
|
|
|
. Implemented request #49824 (Change array_fill() to allow creating empty
|
|
|
|
array). (Nikita)
|
Request non-keep-alive connections by default in HTTP 1.1 requests.
As noted in FR #65634, at present we don't send a Connection request header
when the protocol version is set to 1.1, which means that RFC-compliant Web
servers should respond with keep-alive connections. Since there's no way of
reusing the HTTP connection at present, this simply means that PHP will appear
to hang until the remote server hits its connection timeout, which may be quite
some time.
This commit sends a "Connection: close" header by default when HTTP 1.1 (or
later) is requested by the user via the context options. It can be overridden
by specifying a Connection header in the context options. It isn't possible to
disable sending of the Connection header, but given "Connection: keep-alive" is
the same as the default HTTP 1.1 behaviour, I don't see this as a significant
issue — users who want to opt in for that still can.
As a note, although I've removed an efree(protocol_version), this doesn't
result in a memory leak: protocol_version is freed in the out: block at the end
of the function anyway, and there are no returns between the removed efree()
and the later call. Yes, I ran the tests with valgrind to check that. ☺
Implements FR #65634 (HTTP wrapper is very slow with protocol_version 1.1).
2013-09-12 05:11:29 +08:00
|
|
|
|
2013-10-03 21:23:05 +08:00
|
|
|
- XMLReader:
|
|
|
|
. Fixed bug #55285 (XMLReader::getAttribute/No/Ns methods inconsistency).
|
|
|
|
(Mike)
|
|
|
|
|
2013-11-04 20:32:45 +08:00
|
|
|
- Zip:
|
2013-12-30 14:45:09 +08:00
|
|
|
. update libzip to version 1.11.2.
|
2013-11-04 20:32:45 +08:00
|
|
|
PHP don't use any ilibzip private symbol anymore. (Pierre, Remi)
|
|
|
|
. new method ZipArchive::setPassword($password). (Pierre)
|
|
|
|
. add --with-libzip option to build with system libzip. (Remi)
|
2013-12-30 14:45:09 +08:00
|
|
|
. new methods:
|
|
|
|
ZipArchive::setExternalAttributesName($name, $opsys, $attr [, $flags])
|
|
|
|
ZipArchive::setExternalAttributesIndex($idx, $opsys, $attr [, $flags])
|
|
|
|
ZipArchive::getExternalAttributesName($name, &$opsys, &$attr [, $flags])
|
|
|
|
ZipArchive::getExternalAttributesIndex($idx, &$opsys, &$attr [, $flags])
|
2013-11-04 20:32:45 +08:00
|
|
|
|
2013-05-17 17:22:04 +08:00
|
|
|
<<< NOTE: Insert NEWS from last stable release here prior to actual release! >>>
|