diff --git a/NEWS b/NEWS index 30a17c1d057..1d5e5f8189e 100644 --- a/NEWS +++ b/NEWS @@ -30,14 +30,23 @@ PHP NEWS 18 Aug 2016, PHP 5.6.25 +- Bz2: + . Fixed bug #72837 (integer overflow in bzdecompress caused heap + corruption). (Stas) + - Core: + . Fixed bug #70436 (Use After Free Vulnerability in unserialize()). + (Taoguang Chen) + . Fixed bug #72024 (microtime() leaks memory). (maroszek at gmx dot net) . Fixed bug #72581 (previous property undefined in Exception after deserialization). (Laruence) - . Fixed bug #72024 (microtime() leaks memory). (maroszek at gmx dot net) . Implemented FR #72614 (Support "nmake test" on building extensions by phpize). (Yuji Uchiyama) . Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX). (Yuji Uchiyama) + . Fixed bug #72663 (Create an Unexpected Object and Don't Invoke + __wakeup() in Deserialization). (Stas) + . Fixed bug #72681 (PHP Session Data Injection Vulnerability). (Stas) - Calendar: . Fixed bug #67976 (cal_days_month() fails for final month of the French @@ -50,11 +59,18 @@ PHP NEWS (maroszek at gmx dot net) . Fixed bug #71929 (Certification information (CERTINFO) data parsing error). (Pierrick) + . Fixed bug #72807 (integer overflow in curl_escape caused heap + corruption). (Stas) - DOM: . Fixed bug #66502 (DOM document dangling reference). (Sean Heelan, cmb) +- Ereg: + . Fixed bug #72838 (Integer overflow lead to heap corruption in + sql_regcase). (Stas) + - EXIF: + . Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF). (Stas) . Fixed bug #72735 (Samsung picture thumb not read (zero size)). (Kalle, Remi) - Filter: @@ -66,14 +82,16 @@ PHP NEWS (gooh) - GD: - . Fixed bug #72596 (imagetypes function won't advertise WEBP support). (cmb) - . Fixed bug #72604 (imagearc() ignores thickness for full arcs). (cmb) - . Fixed bug #70315 (500 Server Error but page is fully rendered). (cmb) . Fixed bug #43828 (broken transparency of imagearc for truecolor in blendingmode). (cmb) . Fixed bug #66555 (Always false condition in ext/gd/libgd/gdkanji.c). (cmb) . Fixed bug #68712 (suspicious if-else statements). (cmb) + . Fixed bug #70315 (500 Server Error but page is fully rendered). (cmb) + . Fixed bug #72596 (imagetypes function won't advertise WEBP support). (cmb) + . Fixed bug #72604 (imagearc() ignores thickness for full arcs). (cmb) + . Fixed bug #72697 (select_colors write out-of-bounds). (Stas) . Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles). (cmb) + . Fixed bug #72730 (imagegammacorrect allows arbitrary write access). (Stas) - Intl: . Partially fixed #72506 (idn_to_ascii for UTS #46 incorrect for long domain @@ -102,12 +120,17 @@ PHP NEWS . Fixed bug #72222 (ReflectionClass::export doesn't handle array constants). (Nikita Nefedov) +- SNMP: + . Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory + allocation). (djodjo at gmail dot com) + - Standard: . Fixed bug #72330 (CSV fields incorrectly split if escape char followed by UTF chars). (cmb) - -- SPL: - . Fixed bug #72684 (AppendIterator segfault with closed generator). (Pierrick) + . Fixed bug #72836 (integer overflow in base64_decode). (Stas) + . Fixed bug #72848 (integer overflow in quoted_printable_encode). (Stas) + . Fixed bug #72849 (integer overflow in urlencode). (Stas) + . Fixed bug #72850 (integer overflow in php_uuencode). (Stas) - Streams: . Fixed bug #41021 (Problems with the ftps wrapper). (vhuk) @@ -116,11 +139,14 @@ PHP NEWS non-existent directories). (vhuk) . Fixed bug #72764 (ftps:// opendir wrapper data channel encryption fails with IIS FTP 7.5, 8.5). (vhuk) + . Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol downgrade + attack). (Stas) - SPL: . Fixed bug #72122 (IteratorIterator breaks '@' error suppression). (kinglozzer) . Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape character). (cmb) + . Fixed bug #72684 (AppendIterator segfault with closed generator). (Pierrick) - SQLite3: . Implemented FR #72653 (SQLite should allow opening with empty filename). @@ -129,6 +155,12 @@ PHP NEWS - Wddx: . Fixed bug #72142 (WDDX Packet Injection Vulnerability in wddx_serialize_value()). (Taoguang Chen) + . Fixed bug #72749 (wddx_deserialize allows illegal memory access) (Stas) + . Fixed bug #72750 (wddx_deserialize null dereference). (Stas) + . Fixed bug #72790 (wddx_deserialize null dereference with invalid xml). + (Stas) + . Fixed bug #72799 (wddx_deserialize null dereference in + php_wddx_pop_element). (Stas) 21 Jul 2016, PHP 5.6.24 @@ -222,7 +254,7 @@ PHP NEWS (cmb) . Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas) . Fixed bug #72337 (invalid dimensions can lead to crash). (Pierre) - . Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in + . Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (CVE-2016-5766) (Pierre) . Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas) . Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting @@ -296,7 +328,7 @@ PHP NEWS - Curl: . Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string). - (Michael Sierks) + (Michael Sierks) - Date: . Fixed bug #71889 (DateInterval::format Segmentation fault). (Thomas Punt) @@ -611,7 +643,7 @@ PHP NEWS a server). (Sergei Turchanov) - OpenSSL: - . Fixed bug #55259 (openssl extension does not get the DH parameters from + . Fixed bug #55259 (openssl extension does not get the DH parameters from DH key resource). (Jakub Zelenka) . Fixed bug #70395 (Missing ARG_INFO for openssl_seal()). (cmb) . Fixed bug #60632 (openssl_seal fails with AES). (Jakub Zelenka) @@ -703,7 +735,7 @@ PHP NEWS - Standard: . Fixed bug #70052 (getimagesize() fails for very large and very small WBMP). (cmb) - . Fixed bug #70157 (parse_ini_string() segmentation fault with + . Fixed bug #70157 (parse_ini_string() segmentation fault with INI_SCANNER_TYPED). (Tjerk) - XSLT: @@ -729,7 +761,7 @@ PHP NEWS - CLI server: . Fixed bug #69655 (php -S changes MKCALENDAR request method to MKCOL). (cmb) . Fixed bug #64878 (304 responses return Content-Type header). (cmb) - + - GD: . Fixed bug #53156 (imagerectangle problem with point ordering). (cmb) . Fixed bug #66387 (Stack overflow with imagefilltoborder). (CVE-2015-8874) @@ -810,7 +842,7 @@ PHP NEWS - Mysqlnd: . Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM). (CVE-2015-3152) (Andrey) - + - PCRE: . Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the string). (cmb) @@ -903,7 +935,7 @@ PHP NEWS 14 May 2015, PHP 5.6.9 - Core: - . Fixed bug #69467 (Wrong checked for the interface by using Trait). + . Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence) . Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence) . Fixed bug #60022 ("use statement [...] has no effect" depends on leading @@ -1024,7 +1056,7 @@ PHP NEWS (Mike) . Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike) . Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike) - . Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing + . Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing ".tar"). (Mike) . Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas) . Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in @@ -1036,7 +1068,7 @@ PHP NEWS - SOAP: . Fixed bug #69152 (Type Confusion Infoleak Vulnerability in unserialize() with SoapFault). (Dmitry) - . Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader + . Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)). (Laruence) - SPL: @@ -1058,7 +1090,7 @@ PHP NEWS (Laruence) . Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build). (dan at syneto dot net) - . Fixed bug #65593 (Segfault when calling ob_start from output buffering + . Fixed bug #65593 (Segfault when calling ob_start from output buffering callback). (Mike) . Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c). (nayana at ddproperty dot com) @@ -1095,7 +1127,7 @@ PHP NEWS . Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol) - Opcache: - . Fixed bug #69159 (Opcache causes problem when passing a variable variable + . Fixed bug #69159 (Opcache causes problem when passing a variable variable to a function). (Dmitry, Laruence) . Fixed bug #69125 (Array numeric string as key). (Laruence) . Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence) @@ -1129,7 +1161,7 @@ PHP NEWS - SPL: . Fixed bug #69108 ("Segmentation fault" when (de)serializing SplObjectStorage). (Laruence) - . Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after + . Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()). (Julien) - ZIP: @@ -1205,7 +1237,7 @@ PHP NEWS . Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo) - Sqlite3: - . Fixed bug #68260 (SQLite3Result::fetchArray declares wrong + . Fixed bug #68260 (SQLite3Result::fetchArray declares wrong required_num_args). (Julien) - Standard: @@ -1250,7 +1282,7 @@ PHP NEWS CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans) - Date: - . Implemented FR #68268 (DatePeriod: Getter for start date, end date and + . Implemented FR #68268 (DatePeriod: Getter for start date, end date and interval). (Marc Bennewitz) - EXIF: @@ -1327,7 +1359,7 @@ PHP NEWS (Adam) . Fixed bug #68104 (Segfault while pre-evaluating a disabled function). (Laruence) - . Fixed bug #68185 ("Inconsistent insteadof definition."- incorrectly + . Fixed bug #68185 ("Inconsistent insteadof definition."- incorrectly triggered). (Julien) . Fixed bug #68355 (Inconsistency in example php.ini comments). (Chris McCafferty) @@ -1374,7 +1406,7 @@ PHP NEWS (Matteo) - Session: - . Fixed bug #68331 (Session custom storage callable functions not being called) + . Fixed bug #68331 (Session custom storage callable functions not being called) (Yasuo Ohgaki) - SOAP: @@ -1399,13 +1431,13 @@ PHP NEWS . Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in php_getopt()). (Stas) . Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined). (Nikita) - . Fixed bug #68129 (parse_url() - incomplete support for empty usernames + . Fixed bug #68129 (parse_url() - incomplete support for empty usernames and passwords) (Tjerk) . Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy). (Dmitry) - CURL: - . Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and + . Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl (Rasmus) - Fileinfo: @@ -1577,7 +1609,7 @@ PHP NEWS . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas) . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas) . Fixed bug #67249 (printf out-of-bounds read). (Stas) - . Implemented FR #64744 (Differentiate between member function call on a null + . Implemented FR #64744 (Differentiate between member function call on a null and non-null, non-objects). (Boro Sitnikovski) . Fixed bug #67436 (Autoloader isn't called if two method definitions don't match). (Bob) @@ -1608,7 +1640,7 @@ PHP NEWS (Ralf Lang, Mike) . Reduced POST data memory usage by 200-300%. Changed INI setting always_populate_raw_post_data to throw a deprecation warning when enabling - and to accept -1 for never populating the $HTTP_RAW_POST_DATA global + and to accept -1 for never populating the $HTTP_RAW_POST_DATA global variable, which will be the default in future PHP versions. (Mike) . Implemented dedicated syntax for variadic functions (RFC: https://wiki.php.net/rfc/variadics). (Nikita) @@ -1621,9 +1653,9 @@ PHP NEWS . Allow zero length comparison in substr_compare() (Tjerk) . Fixed bug #60602 (proc_open() changes environment array) (Tjerk) . Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike) - . Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace + . Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace UNIX sockets). (Mike) - . Fixed bug #66182 (exit in stream filter produces segfault). (Mike) + . Fixed bug #66182 (exit in stream filter produces segfault). (Mike) . Fixed bug #66736 (fpassthru broken). (Mike) . Fixed bug #66822 (Cannot use T_POW in const expression) (Tjerk) . Fixed bug #67043 (substr_compare broke by previous change) (Tjerk) @@ -1994,7 +2026,7 @@ PHP NEWS (Matteo) - PDO-ODBC: - . Fixed bug #50444 (PDO-ODBC changes for 64-bit). + . Fixed bug #50444 (PDO-ODBC changes for 64-bit). - PDO_pgsql: . Fixed Bug #42614 (PDO_pgsql: add pg_get_notify support). (Matteo) @@ -2053,7 +2085,7 @@ PHP NEWS - SPL: . Revert fix for bug #67064 (BC issues). (Bob) - . Fixed bug #67539 (ArrayIterator use-after-free due to object change during + . Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting). (CVE-2014-4698) (research at insighti dot org, Laruence) . Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence) . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type @@ -2082,7 +2114,7 @@ PHP NEWS token). (Ferenc) - XMLReader: - . Fixed bug #55285 (XMLReader::getAttribute/No/Ns methods inconsistency). + . Fixed bug #55285 (XMLReader::getAttribute/No/Ns methods inconsistency). (Mike) - XSL: @@ -2102,7 +2134,7 @@ PHP NEWS - Zlib: . Fixed bug #67865 (internal corruption phar error). Mike - . Fixed bug #67724 (chained zlib filters silently fail with large amounts of + . Fixed bug #67724 (chained zlib filters silently fail with large amounts of data). (Mike) 21 Aug 2014, PHP 5.5.16 @@ -2127,7 +2159,7 @@ PHP NEWS - Milter: . Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike) - + - Network: . Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi) @@ -2181,7 +2213,7 @@ PHP NEWS . Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi) - Intl: - . Fixed bug #66921 (Wrong argument type hint for function + . Fixed bug #66921 (Wrong argument type hint for function intltz_from_date_time_zone). (Stas) . Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting). (Stas) @@ -2198,7 +2230,7 @@ PHP NEWS . Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske) - SPL: - . Fixed bug #67539 (ArrayIterator use-after-free due to object change during + . Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting). (CVE-2014-4698) (research at insighti dot org, Laruence) . Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence) @@ -2320,9 +2352,9 @@ PHP NEWS 30 Apr 2014, PHP 5.5.12 - Core: . Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike) - . Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace + . Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace UNIX sockets). (Mike) - . Fixed bug #66182 (exit in stream filter produces segfault). (Mike) + . Fixed bug #66182 (exit in stream filter produces segfault). (Mike) . Fixed bug #66736 (fpassthru broken). (Mike) . Fixed bug #67024 (getimagesize should recognize BMP files with negative height). (Gabor Buella) @@ -2416,7 +2448,7 @@ PHP NEWS (Nikita) - Intl: - . Fixed bug #66873 (A reproductible crash in UConverter when given invalid + . Fixed bug #66873 (A reproductible crash in UConverter when given invalid encoding) (Stas) - Mail: @@ -2491,7 +2523,7 @@ PHP NEWS (Dmitry) . Fixed bug #66461 (PHP crashes if opcache.interned_strings_buffer=0). (Dmitry) - . Fixed bug #66298 (ext/opcache/Optimizer/zend_optimizer.c has dos-style + . Fixed bug #66298 (ext/opcache/Optimizer/zend_optimizer.c has dos-style ^M as lineend). (Laruence) - PDO_pgsql: @@ -2533,12 +2565,12 @@ spaces) (willfitch, iliaa) . Fixed bug #66218 (zend_register_functions breaks reflection). (Remi) - Date: - . Fixed bug #66060 (Heap buffer over-read in DateInterval) (CVE-2013-6712). + . Fixed bug #66060 (Heap buffer over-read in DateInterval) (CVE-2013-6712). (Remi) . Fixed bug #65768 (DateTimeImmutable::diff does not work). (Nikita Nefedov) - + - DOM: - . Fixed bug #65196 (Passing DOMDocumentFragment to DOMDocument::saveHTML() + . Fixed bug #65196 (Passing DOMDocumentFragment to DOMDocument::saveHTML() Produces invalid Markup). (Mike) - Exif: @@ -2550,9 +2582,9 @@ spaces) (willfitch, iliaa) - GD: . Fixed bug #64405 (Use freetype-config for determining freetype2 dir(s)). (Adam) - + - PDO_odbc: - . Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries). + . Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries). (michael at orlitzky dot com) - MySQLi: @@ -2589,7 +2621,7 @@ spaces) (willfitch, iliaa) server) - also implements apache_response_headers() (Andrea Faulds) - Core: - . Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a + . Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string). (Laruence) . Fixed bug #65969 (Chain assignment with T_LIST failure). (Dmitry) @@ -2609,7 +2641,7 @@ spaces) (willfitch, iliaa) 14 Nov 2013, PHP 5.5.6 - Core: - . Fixed bug #65947 (basename is no more working after fgetcsv in certain + . Fixed bug #65947 (basename is no more working after fgetcsv in certain situation). (Laruence) . Improved performance of array_merge() and func_get_args() by eliminating useless copying. (Dmitry) @@ -2640,7 +2672,7 @@ spaces) (willfitch, iliaa) 32 characters). (patch submitted by: michael dot y at zend dot com, Yasuo) - PDO: - . Fixed bug #66033 (Segmentation Fault when constructor of PDO statement + . Fixed bug #66033 (Segmentation Fault when constructor of PDO statement throws an exception). (Laruence) . Fixed bug 65946 (sql_parser permanently converts values bound to strings) @@ -2661,7 +2693,7 @@ spaces) (willfitch, iliaa) - CLI server: . Fixed bug #65633 (built-in server treat some http headers as case-sensitive). (Adam) - . Fixed bug #65818 (Segfault with built-in webserver and chunked transfer + . Fixed bug #65818 (Segfault with built-in webserver and chunked transfer encoding). (Felipe) . Added application/pdf to PHP CLI Web Server mime types (Chris Jones) @@ -2714,17 +2746,17 @@ spaces) (willfitch, iliaa) a default value). (Nikita) - Standard: - . Fixed bug #61548 (content-type must appear at the end of headers for 201 + . Fixed bug #61548 (content-type must appear at the end of headers for 201 Location to work in http). (Mike) - XMLReader: . Fixed bug #51936 (Crash with clone XMLReader). (Mike) . Fixed bug #64230 (XMLReader does not suppress errors). (Mike) - + - Build system: . Fixed bug #51076 (race condition in shtool's mkdir -p implementation). (Mike, Raphael Geissert) - . Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing + . Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing gzencode())). (Mike) @@ -2734,7 +2766,7 @@ spaces) (willfitch, iliaa) . Fixed bug #60598 (cli/apache sapi segfault on objects manipulation). (Laruence) . Improved fputcsv() to allow specifying escape character. - . Fixed bug #65490 (Duplicate calls to get lineno & filename for + . Fixed bug #65490 (Duplicate calls to get lineno & filename for DTRACE_FUNCTION_*). (Chris Jones) . Fixed bug #65483 (quoted-printable encode stream filter incorrectly encoding spaces). (Michael M Slusarz) @@ -2766,21 +2798,21 @@ spaces) (willfitch, iliaa) some cases). (Mark Jones) - PDO: - . Fixed bug #64953 (Postgres prepared statement positional parameter + . Fixed bug #64953 (Postgres prepared statement positional parameter casting). (Mike) - Session: . Fixed bug #65475 (Session ID is not initialized properly when strict session is enabled). (Yasuo) - . Fixed bug #51127/#65359 Request #25630/#43980/#54383 (Added php_serialize + . Fixed bug #51127/#65359 Request #25630/#43980/#54383 (Added php_serialize session serialize handler that uses plain serialize()). (Yasuo) - Standard: . Fix issue with return types of password API helper functions. Found via - static analysis by cjones. (Anthony Ferrara) + static analysis by cjones. (Anthony Ferrara) - Zlib: - . Fixed bug #65391 (Unable to send vary header user-agent when + . Fixed bug #65391 (Unable to send vary header user-agent when ob_start('ob_gzhandler') is called) (Mike) 22 Aug 2013, PHP 5.5.3 @@ -2805,8 +2837,8 @@ spaces) (willfitch, iliaa) Zend/zend_dtrace.d) (Chris Jones) - DOM: - . Added flags option to DOMDocument::schemaValidate() and - DOMDocument::schemaValidateSource(). Added LIBXML_SCHEMA_CREATE flag. + . Added flags option to DOMDocument::schemaValidate() and + DOMDocument::schemaValidateSource(). Added LIBXML_SCHEMA_CREATE flag. (Chris Wright) - OPcache: @@ -2829,12 +2861,12 @@ spaces) (willfitch, iliaa) /pg_delete()/pg_insert()). (Yasuo) - Phar: - . Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for + . Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for some specific contents). (Stas) - Sessions: . Implemented strict sessions RFC (https://wiki.php.net/rfc/strict_sessions) - which protects against session fixation attacks and session collisions. + which protects against session fixation attacks and session collisions. (CVE-2011-4718). (Yasuo Ohgaki) . Fixed possible buffer overflow under Windows. Note: Not a security fix. (Yasuo) @@ -2845,9 +2877,9 @@ spaces) (willfitch, iliaa) - SPL: . Fixed bug #65328 (Segfault when getting SplStack object Value). (Laruence) - . Added RecursiveTreeIterator setPostfix and getPostifx methods. (Joshua + . Added RecursiveTreeIterator setPostfix and getPostifx methods. (Joshua Thijssen) - . Fixed bug #61697 (spl_autoload_functions returns lambda functions + . Fixed bug #61697 (spl_autoload_functions returns lambda functions incorrectly). (Laruence) - Streams: @@ -2864,7 +2896,7 @@ spaces) (willfitch, iliaa) with a namespace). (Laruence) . Fixed bug #65088 (Generated configure script is malformed on OpenBSD). (Adam) - . Fixed bug #65108 (is_callable() triggers Fatal Error). + . Fixed bug #65108 (is_callable() triggers Fatal Error). (David Soria Parra, Laruence) . Fixed bug #65035 (yield / exit segfault). (Nikita) . Fixed bug #65161 (Generator + autoload + syntax error = segfault). (Nikita) @@ -3282,7 +3314,7 @@ spaces) (willfitch, iliaa) . Fixed bug #63284 (Upgrade PCRE to 8.31). (Anatoliy) - PDO: - . Fixed bug #63176 (Segmentation fault when instantiate 2 persistent PDO to + . Fixed bug #63176 (Segmentation fault when instantiate 2 persistent PDO to the same db server). (Laruence) - PDO_DBlib: @@ -3368,7 +3400,7 @@ spaces) (willfitch, iliaa) 06 Jun 2013, PHP 5.4.16 - Core: - . Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode, + . Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode, CVE 2013-2110). (Stas) . Fixed bug #64853 (Use of no longer available ini directives causes crash on TS build). (Anatol) @@ -3397,7 +3429,7 @@ spaces) (willfitch, iliaa) pointer has closed). (Laruence) - Phar - . Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or + . Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or with non std tmp dir). (Pierre) - SNMP: @@ -3410,7 +3442,7 @@ spaces) (willfitch, iliaa) on Windows x64). (Anatol) - Zend Engine: - . Fixed bug #64821 (Custom Exceptions crash when internal properties + . Fixed bug #64821 (Custom Exceptions crash when internal properties overridden). (Anatol) 09 May 2013, PHP 5.4.15