mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-24 10:24:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update NEWS

Browse Source
This commit is contained in:
Stanislav Malyshev 2016-08-16 23:44:59 -07:00
parent 4bf5c3187f
commit 9e00ad2b09
1 changed files with 100 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

168
NEWS
View File

@ -30,14 +30,23 @@ PHP NEWS
18 Aug 2016, PHP 5.6.25
- Bz2:
. Fixed bug #72837 (integer overflow in bzdecompress caused heap
corruption). (Stas)
- Core:
. Fixed bug #70436 (Use After Free Vulnerability in unserialize()).
(Taoguang Chen)
. Fixed bug #72024 (microtime() leaks memory). (maroszek at gmx dot net)
. Fixed bug #72581 (previous property undefined in Exception after
deserialization). (Laruence)
. Fixed bug #72024 (microtime() leaks memory). (maroszek at gmx dot net)
. Implemented FR #72614 (Support "nmake test" on building extensions by
phpize). (Yuji Uchiyama)
. Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX).
(Yuji Uchiyama)
. Fixed bug #72663 (Create an Unexpected Object and Don't Invoke
__wakeup() in Deserialization). (Stas)
. Fixed bug #72681 (PHP Session Data Injection Vulnerability). (Stas)
- Calendar:
. Fixed bug #67976 (cal_days_month() fails for final month of the French
@ -50,11 +59,18 @@ PHP NEWS
(maroszek at gmx dot net)
. Fixed bug #71929 (Certification information (CERTINFO) data parsing error).
(Pierrick)
. Fixed bug #72807 (integer overflow in curl_escape caused heap
corruption). (Stas)
- DOM:
. Fixed bug #66502 (DOM document dangling reference). (Sean Heelan, cmb)
- Ereg:
. Fixed bug #72838 (Integer overflow lead to heap corruption in
sql_regcase). (Stas)
- EXIF:
. Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF). (Stas)
. Fixed bug #72735 (Samsung picture thumb not read (zero size)). (Kalle, Remi)
- Filter:
@ -66,14 +82,16 @@ PHP NEWS
(gooh)
- GD:
. Fixed bug #72596 (imagetypes function won't advertise WEBP support). (cmb)
. Fixed bug #72604 (imagearc() ignores thickness for full arcs). (cmb)
. Fixed bug #70315 (500 Server Error but page is fully rendered). (cmb)
. Fixed bug #43828 (broken transparency of imagearc for truecolor in
blendingmode). (cmb)
. Fixed bug #66555 (Always false condition in ext/gd/libgd/gdkanji.c). (cmb)
. Fixed bug #68712 (suspicious if-else statements). (cmb)
. Fixed bug #70315 (500 Server Error but page is fully rendered). (cmb)
. Fixed bug #72596 (imagetypes function won't advertise WEBP support). (cmb)
. Fixed bug #72604 (imagearc() ignores thickness for full arcs). (cmb)
. Fixed bug #72697 (select_colors write out-of-bounds). (Stas)
. Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles). (cmb)
. Fixed bug #72730 (imagegammacorrect allows arbitrary write access). (Stas)
- Intl:
. Partially fixed #72506 (idn_to_ascii for UTS #46 incorrect for long domain
@ -102,12 +120,17 @@ PHP NEWS
. Fixed bug #72222 (ReflectionClass::export doesn't handle array constants).
(Nikita Nefedov)
- SNMP:
. Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory
allocation). (djodjo at gmail dot com)
- Standard:
. Fixed bug #72330 (CSV fields incorrectly split if escape char followed by
UTF chars). (cmb)
- SPL:
. Fixed bug #72684 (AppendIterator segfault with closed generator). (Pierrick)
. Fixed bug #72836 (integer overflow in base64_decode). (Stas)
. Fixed bug #72848 (integer overflow in quoted_printable_encode). (Stas)
. Fixed bug #72849 (integer overflow in urlencode). (Stas)
. Fixed bug #72850 (integer overflow in php_uuencode). (Stas)
- Streams:
. Fixed bug #41021 (Problems with the ftps wrapper). (vhuk)
@ -116,11 +139,14 @@ PHP NEWS
non-existent directories). (vhuk)
. Fixed bug #72764 (ftps:// opendir wrapper data channel encryption fails
with IIS FTP 7.5, 8.5). (vhuk)
. Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol downgrade
attack). (Stas)
- SPL:
. Fixed bug #72122 (IteratorIterator breaks '@' error suppression). (kinglozzer)
. Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape
character). (cmb)
. Fixed bug #72684 (AppendIterator segfault with closed generator). (Pierrick)
- SQLite3:
. Implemented FR #72653 (SQLite should allow opening with empty filename).
@ -129,6 +155,12 @@ PHP NEWS
- Wddx:
. Fixed bug #72142 (WDDX Packet Injection Vulnerability in
wddx_serialize_value()). (Taoguang Chen)
. Fixed bug #72749 (wddx_deserialize allows illegal memory access) (Stas)
. Fixed bug #72750 (wddx_deserialize null dereference). (Stas)
. Fixed bug #72790 (wddx_deserialize null dereference with invalid xml).
(Stas)
. Fixed bug #72799 (wddx_deserialize null dereference in
php_wddx_pop_element). (Stas)
21 Jul 2016, PHP 5.6.24
@ -222,7 +254,7 @@ PHP NEWS
(cmb)
. Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas)
. Fixed bug #72337 (invalid dimensions can lead to crash). (Pierre)
. Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in
. Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in
heap overflow). (CVE-2016-5766) (Pierre)
. Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas)
. Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting
@ -296,7 +328,7 @@ PHP NEWS
- Curl:
. Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string).
(Michael Sierks)
(Michael Sierks)
- Date:
. Fixed bug #71889 (DateInterval::format Segmentation fault). (Thomas Punt)
@ -611,7 +643,7 @@ PHP NEWS
a server). (Sergei Turchanov)
- OpenSSL:
. Fixed bug #55259 (openssl extension does not get the DH parameters from
. Fixed bug #55259 (openssl extension does not get the DH parameters from
DH key resource). (Jakub Zelenka)
. Fixed bug #70395 (Missing ARG_INFO for openssl_seal()). (cmb)
. Fixed bug #60632 (openssl_seal fails with AES). (Jakub Zelenka)
@ -703,7 +735,7 @@ PHP NEWS
- Standard:
. Fixed bug #70052 (getimagesize() fails for very large and very small WBMP).
(cmb)
. Fixed bug #70157 (parse_ini_string() segmentation fault with
. Fixed bug #70157 (parse_ini_string() segmentation fault with
INI_SCANNER_TYPED). (Tjerk)
- XSLT:
@ -729,7 +761,7 @@ PHP NEWS
- CLI server:
. Fixed bug #69655 (php -S changes MKCALENDAR request method to MKCOL). (cmb)
. Fixed bug #64878 (304 responses return Content-Type header). (cmb)
- GD:
. Fixed bug #53156 (imagerectangle problem with point ordering). (cmb)
. Fixed bug #66387 (Stack overflow with imagefilltoborder). (CVE-2015-8874)
@ -810,7 +842,7 @@ PHP NEWS
- Mysqlnd:
. Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM). (CVE-2015-3152)
(Andrey)
- PCRE:
. Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the
string). (cmb)
@ -903,7 +935,7 @@ PHP NEWS
14 May 2015, PHP 5.6.9
- Core:
. Fixed bug #69467 (Wrong checked for the interface by using Trait).
. Fixed bug #69467 (Wrong checked for the interface by using Trait).
(Laruence)
. Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)
. Fixed bug #60022 ("use statement [...] has no effect" depends on leading
@ -1024,7 +1056,7 @@ PHP NEWS
(Mike)
. Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike)
. Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike)
. Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing
. Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing
".tar"). (Mike)
. Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)
. Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in
@ -1036,7 +1068,7 @@ PHP NEWS
- SOAP:
. Fixed bug #69152 (Type Confusion Infoleak Vulnerability in unserialize()
with SoapFault). (Dmitry)
. Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader
. Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader
(bisected, regression)). (Laruence)
- SPL:
@ -1058,7 +1090,7 @@ PHP NEWS
(Laruence)
. Fixed bug #69121 (Segfault in get_current_user when script owner is not
in passwd with ZTS build). (dan at syneto dot net)
. Fixed bug #65593 (Segfault when calling ob_start from output buffering
. Fixed bug #65593 (Segfault when calling ob_start from output buffering
callback). (Mike)
. Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file
not validated in memory.c). (nayana at ddproperty dot com)
@ -1095,7 +1127,7 @@ PHP NEWS
. Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol)
- Opcache:
. Fixed bug #69159 (Opcache causes problem when passing a variable variable
. Fixed bug #69159 (Opcache causes problem when passing a variable variable
to a function). (Dmitry, Laruence)
. Fixed bug #69125 (Array numeric string as key). (Laruence)
. Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence)
@ -1129,7 +1161,7 @@ PHP NEWS
- SPL:
. Fixed bug #69108 ("Segmentation fault" when (de)serializing
SplObjectStorage). (Laruence)
. Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after
. Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after
calling getChildren()). (Julien)
- ZIP:
@ -1205,7 +1237,7 @@ PHP NEWS
. Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)
- Sqlite3:
. Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
. Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
required_num_args). (Julien)
- Standard:
@ -1250,7 +1282,7 @@ PHP NEWS
CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans)
- Date:
. Implemented FR #68268 (DatePeriod: Getter for start date, end date and
. Implemented FR #68268 (DatePeriod: Getter for start date, end date and
interval). (Marc Bennewitz)
- EXIF:
@ -1327,7 +1359,7 @@ PHP NEWS
(Adam)
. Fixed bug #68104 (Segfault while pre-evaluating a disabled function).
(Laruence)
. Fixed bug #68185 ("Inconsistent insteadof definition."- incorrectly
. Fixed bug #68185 ("Inconsistent insteadof definition."- incorrectly
triggered). (Julien)
. Fixed bug #68355 (Inconsistency in example php.ini comments).
(Chris McCafferty)
@ -1374,7 +1406,7 @@ PHP NEWS
(Matteo)
- Session:
. Fixed bug #68331 (Session custom storage callable functions not being called)
. Fixed bug #68331 (Session custom storage callable functions not being called)
(Yasuo Ohgaki)
- SOAP:
@ -1399,13 +1431,13 @@ PHP NEWS
. Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in
php_getopt()). (Stas)
. Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined). (Nikita)
. Fixed bug #68129 (parse_url() - incomplete support for empty usernames
. Fixed bug #68129 (parse_url() - incomplete support for empty usernames
and passwords) (Tjerk)
. Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in
zend_hash_copy). (Dmitry)
- CURL:
. Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and
. Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and
CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl (Rasmus)
- Fileinfo:
@ -1577,7 +1609,7 @@ PHP NEWS
. Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
. Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
. Fixed bug #67249 (printf out-of-bounds read). (Stas)
. Implemented FR #64744 (Differentiate between member function call on a null
. Implemented FR #64744 (Differentiate between member function call on a null
and non-null, non-objects). (Boro Sitnikovski)
. Fixed bug #67436 (Autoloader isn't called if two method definitions don't
match). (Bob)
@ -1608,7 +1640,7 @@ PHP NEWS
(Ralf Lang, Mike)
. Reduced POST data memory usage by 200-300%. Changed INI setting
always_populate_raw_post_data to throw a deprecation warning when enabling
and to accept -1 for never populating the $HTTP_RAW_POST_DATA global
and to accept -1 for never populating the $HTTP_RAW_POST_DATA global
variable, which will be the default in future PHP versions. (Mike)
. Implemented dedicated syntax for variadic functions
(RFC: https://wiki.php.net/rfc/variadics). (Nikita)
@ -1621,9 +1653,9 @@ PHP NEWS
. Allow zero length comparison in substr_compare() (Tjerk)
. Fixed bug #60602 (proc_open() changes environment array) (Tjerk)
. Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
. Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace
. Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace
UNIX sockets). (Mike)
. Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
. Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
. Fixed bug #66736 (fpassthru broken). (Mike)
. Fixed bug #66822 (Cannot use T_POW in const expression) (Tjerk)
. Fixed bug #67043 (substr_compare broke by previous change) (Tjerk)
@ -1994,7 +2026,7 @@ PHP NEWS
(Matteo)
- PDO-ODBC:
. Fixed bug #50444 (PDO-ODBC changes for 64-bit).
. Fixed bug #50444 (PDO-ODBC changes for 64-bit).
- PDO_pgsql:
. Fixed Bug #42614 (PDO_pgsql: add pg_get_notify support). (Matteo)
@ -2053,7 +2085,7 @@ PHP NEWS
- SPL:
. Revert fix for bug #67064 (BC issues). (Bob)
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during
sorting). (CVE-2014-4698) (research at insighti dot org, Laruence)
. Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence)
. Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type
@ -2082,7 +2114,7 @@ PHP NEWS
token). (Ferenc)
- XMLReader:
. Fixed bug #55285 (XMLReader::getAttribute/No/Ns methods inconsistency).
. Fixed bug #55285 (XMLReader::getAttribute/No/Ns methods inconsistency).
(Mike)
- XSL:
@ -2102,7 +2134,7 @@ PHP NEWS
- Zlib:
. Fixed bug #67865 (internal corruption phar error). Mike
. Fixed bug #67724 (chained zlib filters silently fail with large amounts of
. Fixed bug #67724 (chained zlib filters silently fail with large amounts of
data). (Mike)
21 Aug 2014, PHP 5.5.16
@ -2127,7 +2159,7 @@ PHP NEWS
- Milter:
. Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike)
- Network:
. Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi)
@ -2181,7 +2213,7 @@ PHP NEWS
. Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi)
- Intl:
. Fixed bug #66921 (Wrong argument type hint for function
. Fixed bug #66921 (Wrong argument type hint for function
intltz_from_date_time_zone). (Stas)
. Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting).
(Stas)
@ -2198,7 +2230,7 @@ PHP NEWS
. Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske)
- SPL:
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during
sorting). (CVE-2014-4698) (research at insighti dot org, Laruence)
. Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence)
@ -2320,9 +2352,9 @@ PHP NEWS
30 Apr 2014, PHP 5.5.12
- Core:
. Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
. Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace
. Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace
UNIX sockets). (Mike)
. Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
. Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
. Fixed bug #66736 (fpassthru broken). (Mike)
. Fixed bug #67024 (getimagesize should recognize BMP files with negative
height). (Gabor Buella)
@ -2416,7 +2448,7 @@ PHP NEWS
(Nikita)
- Intl:
. Fixed bug #66873 (A reproductible crash in UConverter when given invalid
. Fixed bug #66873 (A reproductible crash in UConverter when given invalid
encoding) (Stas)
- Mail:
@ -2491,7 +2523,7 @@ PHP NEWS
(Dmitry)
. Fixed bug #66461 (PHP crashes if opcache.interned_strings_buffer=0).
(Dmitry)
. Fixed bug #66298 (ext/opcache/Optimizer/zend_optimizer.c has dos-style
. Fixed bug #66298 (ext/opcache/Optimizer/zend_optimizer.c has dos-style
^M as lineend). (Laruence)
- PDO_pgsql:
@ -2533,12 +2565,12 @@ spaces) (willfitch, iliaa)
. Fixed bug #66218 (zend_register_functions breaks reflection). (Remi)
- Date:
. Fixed bug #66060 (Heap buffer over-read in DateInterval) (CVE-2013-6712).
. Fixed bug #66060 (Heap buffer over-read in DateInterval) (CVE-2013-6712).
(Remi)
. Fixed bug #65768 (DateTimeImmutable::diff does not work). (Nikita Nefedov)
- DOM:
. Fixed bug #65196 (Passing DOMDocumentFragment to DOMDocument::saveHTML()
. Fixed bug #65196 (Passing DOMDocumentFragment to DOMDocument::saveHTML()
Produces invalid Markup). (Mike)
- Exif:
@ -2550,9 +2582,9 @@ spaces) (willfitch, iliaa)
- GD:
. Fixed bug #64405 (Use freetype-config for determining freetype2 dir(s)).
(Adam)
- PDO_odbc:
. Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries).
. Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries).
(michael at orlitzky dot com)
- MySQLi:
@ -2589,7 +2621,7 @@ spaces) (willfitch, iliaa)
server) - also implements apache_response_headers() (Andrea Faulds)
- Core:
. Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a
. Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a
string). (Laruence)
. Fixed bug #65969 (Chain assignment with T_LIST failure). (Dmitry)
@ -2609,7 +2641,7 @@ spaces) (willfitch, iliaa)
14 Nov 2013, PHP 5.5.6
- Core:
. Fixed bug #65947 (basename is no more working after fgetcsv in certain
. Fixed bug #65947 (basename is no more working after fgetcsv in certain
situation). (Laruence)
. Improved performance of array_merge() and func_get_args() by eliminating
useless copying. (Dmitry)
@ -2640,7 +2672,7 @@ spaces) (willfitch, iliaa)
32 characters). (patch submitted by: michael dot y at zend dot com, Yasuo)
- PDO:
. Fixed bug #66033 (Segmentation Fault when constructor of PDO statement
. Fixed bug #66033 (Segmentation Fault when constructor of PDO statement
throws an exception). (Laruence)
. Fixed bug 65946 (sql_parser permanently converts values bound to strings)
@ -2661,7 +2693,7 @@ spaces) (willfitch, iliaa)
- CLI server:
. Fixed bug #65633 (built-in server treat some http headers as
case-sensitive). (Adam)
. Fixed bug #65818 (Segfault with built-in webserver and chunked transfer
. Fixed bug #65818 (Segfault with built-in webserver and chunked transfer
encoding). (Felipe)
. Added application/pdf to PHP CLI Web Server mime types (Chris Jones)
@ -2714,17 +2746,17 @@ spaces) (willfitch, iliaa)
a default value). (Nikita)
- Standard:
. Fixed bug #61548 (content-type must appear at the end of headers for 201
. Fixed bug #61548 (content-type must appear at the end of headers for 201
Location to work in http). (Mike)
- XMLReader:
. Fixed bug #51936 (Crash with clone XMLReader). (Mike)
. Fixed bug #64230 (XMLReader does not suppress errors). (Mike)
- Build system:
. Fixed bug #51076 (race condition in shtool's mkdir -p implementation).
(Mike, Raphael Geissert)
. Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing
. Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing
gzencode())). (Mike)
@ -2734,7 +2766,7 @@ spaces) (willfitch, iliaa)
. Fixed bug #60598 (cli/apache sapi segfault on objects manipulation).
(Laruence)
. Improved fputcsv() to allow specifying escape character.
. Fixed bug #65490 (Duplicate calls to get lineno & filename for
. Fixed bug #65490 (Duplicate calls to get lineno & filename for
DTRACE_FUNCTION_*). (Chris Jones)
. Fixed bug #65483 (quoted-printable encode stream filter incorrectly encoding
spaces). (Michael M Slusarz)
@ -2766,21 +2798,21 @@ spaces) (willfitch, iliaa)
some cases). (Mark Jones)
- PDO:
. Fixed bug #64953 (Postgres prepared statement positional parameter
. Fixed bug #64953 (Postgres prepared statement positional parameter
casting). (Mike)
- Session:
. Fixed bug #65475 (Session ID is not initialized properly when strict session
is enabled). (Yasuo)
. Fixed bug #51127/#65359 Request #25630/#43980/#54383 (Added php_serialize
. Fixed bug #51127/#65359 Request #25630/#43980/#54383 (Added php_serialize
session serialize handler that uses plain serialize()). (Yasuo)
- Standard:
. Fix issue with return types of password API helper functions. Found via
static analysis by cjones. (Anthony Ferrara)
static analysis by cjones. (Anthony Ferrara)
- Zlib:
. Fixed bug #65391 (Unable to send vary header user-agent when
. Fixed bug #65391 (Unable to send vary header user-agent when
ob_start('ob_gzhandler') is called) (Mike)
22 Aug 2013, PHP 5.5.3
@ -2805,8 +2837,8 @@ spaces) (willfitch, iliaa)
Zend/zend_dtrace.d) (Chris Jones)
- DOM:
. Added flags option to DOMDocument::schemaValidate() and
DOMDocument::schemaValidateSource(). Added LIBXML_SCHEMA_CREATE flag.
. Added flags option to DOMDocument::schemaValidate() and
DOMDocument::schemaValidateSource(). Added LIBXML_SCHEMA_CREATE flag.
(Chris Wright)
- OPcache:
@ -2829,12 +2861,12 @@ spaces) (willfitch, iliaa)
/pg_delete()/pg_insert()). (Yasuo)
- Phar:
. Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for
. Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for
some specific contents). (Stas)
- Sessions:
. Implemented strict sessions RFC (https://wiki.php.net/rfc/strict_sessions)
which protects against session fixation attacks and session collisions.
which protects against session fixation attacks and session collisions.
(CVE-2011-4718). (Yasuo Ohgaki)
. Fixed possible buffer overflow under Windows. Note: Not a security fix.
(Yasuo)
@ -2845,9 +2877,9 @@ spaces) (willfitch, iliaa)
- SPL:
. Fixed bug #65328 (Segfault when getting SplStack object Value). (Laruence)
. Added RecursiveTreeIterator setPostfix and getPostifx methods. (Joshua
. Added RecursiveTreeIterator setPostfix and getPostifx methods. (Joshua
Thijssen)
. Fixed bug #61697 (spl_autoload_functions returns lambda functions
. Fixed bug #61697 (spl_autoload_functions returns lambda functions
incorrectly). (Laruence)
- Streams:
@ -2864,7 +2896,7 @@ spaces) (willfitch, iliaa)
with a namespace). (Laruence)
. Fixed bug #65088 (Generated configure script is malformed on OpenBSD).
(Adam)
. Fixed bug #65108 (is_callable() triggers Fatal Error).
. Fixed bug #65108 (is_callable() triggers Fatal Error).
(David Soria Parra, Laruence)
. Fixed bug #65035 (yield / exit segfault). (Nikita)
. Fixed bug #65161 (Generator + autoload + syntax error = segfault). (Nikita)
@ -3282,7 +3314,7 @@ spaces) (willfitch, iliaa)
. Fixed bug #63284 (Upgrade PCRE to 8.31). (Anatoliy)
- PDO:
. Fixed bug #63176 (Segmentation fault when instantiate 2 persistent PDO to
. Fixed bug #63176 (Segmentation fault when instantiate 2 persistent PDO to
the same db server). (Laruence)
- PDO_DBlib:
@ -3368,7 +3400,7 @@ spaces) (willfitch, iliaa)
06 Jun 2013, PHP 5.4.16
- Core:
. Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode,
. Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode,
CVE 2013-2110). (Stas)
. Fixed bug #64853 (Use of no longer available ini directives causes crash on
TS build). (Anatol)
@ -3397,7 +3429,7 @@ spaces) (willfitch, iliaa)
pointer has closed). (Laruence)
- Phar
. Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or
. Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or
with non std tmp dir). (Pierre)
- SNMP:
@ -3410,7 +3442,7 @@ spaces) (willfitch, iliaa)
on Windows x64). (Anatol)
- Zend Engine:
. Fixed bug #64821 (Custom Exceptions crash when internal properties
. Fixed bug #64821 (Custom Exceptions crash when internal properties
overridden). (Anatol)
09 May 2013, PHP 5.4.15