mirror of
https://github.com/php/php-src.git
synced 2024-12-13 20:05:26 +08:00
387 lines
16 KiB
Plaintext
387 lines
16 KiB
Plaintext
PHP NEWS
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
?? ??? 2014, PHP 5.6.0 Beta 2
|
|
|
|
- Core:
|
|
. Fixed bug #66015 (Unexpected array indexing in class's static property). (Bob)
|
|
. Added (constant) string/array dereferencing to static scalar expressions
|
|
to complete the set; now possible thanks to bug #66015 being fixed. (Bob)
|
|
|
|
- mysqlnd:
|
|
. Added a new fetching mode to mysqlnd. (Andrey)
|
|
|
|
- SQLite:
|
|
. Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3). (Anatol)
|
|
|
|
10 Apr 2014, PHP 5.6.0 Beta 1
|
|
|
|
- Core:
|
|
. Allow zero length comparison in substr_compare() (Tjerk)
|
|
. Fixed bug #60602 (proc_open() changes environment array) (Tjerk)
|
|
. Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
|
|
. Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace
|
|
UNIX sockets). (Mike)
|
|
. Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
|
|
. Fixed bug #66736 (fpassthru broken). (Mike)
|
|
. Fixed bug #66822 (Cannot use T_POW in const expression) (Tjerk)
|
|
. Fixed bug #67043 (substr_compare broke by previous change) (Tjerk)
|
|
|
|
- SPL:
|
|
. Added feature #65545 (SplFileObject::fread()) (Tjerk)
|
|
. Fixed bug #66834 (empty() does not work on classes that extend ArrayObject) (Tjerk)
|
|
. Fixed bug #66702 (RegexIterator::INVERT_MATCH does not invert). (Joshua
|
|
Thijssen)
|
|
|
|
- cURL:
|
|
. Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour)
|
|
(Tjerk)
|
|
. Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive.
|
|
(Adam)
|
|
|
|
- Date:
|
|
. Added DateTimeImmutable::createFromMutable to create a DateTimeImmutable
|
|
object from an existing DateTime (mutable) object (Derick)
|
|
|
|
- Embed:
|
|
. Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol).
|
|
|
|
- Fileinfo:
|
|
. Fixed bug #66820 (out-of-bounds memory access in fileinfo)
|
|
(CVE-2014-2270). (Remi)
|
|
. Fixed bug #66946i (fileinfo: extensive backtracking in awk rule regular
|
|
expression). (CVE-2013-7345) (Remi)
|
|
. Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
|
|
(Remi)
|
|
|
|
|
|
- GD:
|
|
. Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer
|
|
CVE-2013-7327). (Tomas Hoger, Remi).
|
|
. Fixed #66869 (Invalid 2nd argument crashes imageaffinematrixget) (Pierre)
|
|
. Fixed bug #66887 (imagescale - poor quality of scaled image). (Remi)
|
|
. Fixed bug #66890 (imagescale segfault). (Remi)
|
|
. Fixed bug #66893 (imagescale ignore method argument). (Remi)
|
|
|
|
- GMP:
|
|
. Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre)
|
|
|
|
- Hash:
|
|
. Fixed bug #66698 (Missing FNV1a32 and FNV1a64 hash functions).
|
|
(Michael M Slusarz).
|
|
. Implemented timing attack safe string comparison function
|
|
(RFC: https://wiki.php.net/rfc/timing_attack). (Rouven Weßling)
|
|
. hash_pbkdf2() now works correctly if the $length argument is not specified.
|
|
(Nikita)
|
|
|
|
- Intl:
|
|
. Fixed bug #66873 (A reproductible crash in UConverter when given invalid
|
|
encoding) (Stas)
|
|
|
|
- Mail:
|
|
. Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)
|
|
|
|
- Mbstring:
|
|
. Upgraded to oniguruma 5.9.5 (Anatol)
|
|
|
|
- Mcrypt:
|
|
. No longer allow invalid key sizes, invalid IV sizes or missing required IV
|
|
in mcrypt_encrypt, mcrypt_decrypt and the deprecated mode functions.
|
|
(Nikita)
|
|
. Use /dev/urandom as the default source for mcrypt_create_iv(). (Nikita)
|
|
|
|
- MySQLi:
|
|
. Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)
|
|
(Remi)
|
|
|
|
- OCI8
|
|
. Fixed Bug #66875 (Improve performance of multi-row OCI_RETURN_LOB queries)
|
|
(Perrier, Chris Jones)
|
|
|
|
- OpenSSL:
|
|
. Fixed memory leak in windows cert verification on verify failure.
|
|
(Chris Wright)
|
|
. Peer certificate capturing via SSL context options now functions even if
|
|
peer verification fails. (Daniel Lowrey)
|
|
. Encrypted TLS servers now support the server name indication TLS extension
|
|
via the new "SNI_server_certs" SSL context option. (Daniel Lowrey)
|
|
. Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)
|
|
|
|
- PCRE:
|
|
. Added support for (*MARK) backtracking verbs. (Nikita)
|
|
|
|
- PDO_firebird:
|
|
. Fixed Bug #66071 (memory corruption in error handling) (Popa)
|
|
|
|
- PDO_pgsql:
|
|
. Cleaned up code by increasing the requirements to libpq versions providing
|
|
PQexecParams, PQprepare, PQescapeStringConn, PQescapeByteaConn. According
|
|
to the release notes that means 8.0.8+ or 8.1.4+. (Matteo)
|
|
. Deprecated PDO::PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT, an
|
|
undocument constant effectively equivalent to PDO::ATTR_EMULATE_PREPARES.
|
|
(Matteo)
|
|
. Added PDO::PGSQL_ATTR_DISABLE_PREPARES constant to execute the queries
|
|
without preparing them, while still passing parameters separately from
|
|
the command text using PQexecParams. (Matteo)
|
|
|
|
- Pgsql:
|
|
. Read-only access to the socket stream underlying database connections is
|
|
exposed via a new pg_socket() function to allow read/write polling when
|
|
establishing asynchronous connections and executing queries in non-blocking
|
|
applications. (Daniel Lowrey)
|
|
. Asynchronous connections are now possible using the PGSQL_CONNECT_ASYNC
|
|
flag in conjunction with a new pg_connect_poll() function and connection
|
|
polling status constants. (Daniel Lowrey)
|
|
. New pg_flush() and pg_consume_input() functions added to manually complete
|
|
non-blocking reads/writes to underlying connection sockets. (Daniel Lowrey)
|
|
|
|
- Session
|
|
. Remove session_gc() and session_serializer_name() wich were introduced in the first 5.6.0 alpha.
|
|
|
|
- SimpleXML:
|
|
. Fixed bug #66084 (simplexml_load_string() mangles empty node name)
|
|
(Anatol)
|
|
|
|
- SQLite:
|
|
. Updated the bundled libsqlite to the version 3.8.3.1 (Anatol)
|
|
|
|
- XSL:
|
|
. Fixed bug #53965 (<xsl:include> cannot find files with relative paths
|
|
when loaded with "file://"). (Anatol)
|
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
27 Feb 2014, PHP 5.6.0 Alpha 3
|
|
|
|
- Core
|
|
. Expose get_debug_info class hook as __debugInfo() magic method. (Sara)
|
|
. Implemented unified default encoding
|
|
(RFC: https://wiki.php.net/rfc/default_encoding). (Yasuo Ohgaki)
|
|
|
|
- Curl
|
|
. Check for openssl.cafile ini directive when loading CA certs. (Daniel Lowrey)
|
|
. Remove cURL close policy related constants as these have no effect and are
|
|
no longer used in libcurl. (Chris Wright)
|
|
|
|
- Fileinfo
|
|
. Upgraded to libmagic-5.17 (Anatol)
|
|
. Fixed bug #66731 (file: infinite recursion). (CVE-2014-1943) (Remi)
|
|
|
|
- FPM:
|
|
. Added clear_env configuration directive to disable clearenv() call.
|
|
(Github PR# 598, Paul Annesley)
|
|
|
|
- GD:
|
|
. Fixed imagettftext to load the correct character map rather than the last one.
|
|
(Scott)
|
|
. Fixed bug #66714 ( imageconvolution breakage). (Brad Daily)
|
|
|
|
- JSON:
|
|
. Fixed bug #65753 (JsonSerializeable couldn't implement on module extension)
|
|
(chobieeee@php.net)
|
|
|
|
- OPCache
|
|
. Added function opcache_is_script_cached(). (Danack)
|
|
. Added information about interned strings usage. (Terry, Julien, Dmitry)
|
|
|
|
- OpenSSL
|
|
. Fallback to Windows CA cert store for peer verification if no openssl.cafile
|
|
ini directive or "cafile" SSL context option specified in Windows.
|
|
(Chris Wright)
|
|
. The openssl.cafile and openssl.capath ini directives introduced in alpha2
|
|
now have PHP_INI_PERDIR accessibility (was PHP_INI_ALL). (Daniel Lowrey)
|
|
. New "peer_name" SSL context option replaces "CN_match" (which still works
|
|
as before but triggers E_DEPRECATED). (Daniel Lowrey)
|
|
. Fixed segfault when accessing non-existent context for client SNI use
|
|
(Daniel Lowrey)
|
|
. Fixed bug #66501 (Add EC key support to php_openssl_is_private_key).
|
|
(Mark Zedwood)
|
|
. Fixed Bug #47030 (add new boolean "verify_peer_name" SSL context option
|
|
allowing clients to verify cert names separately from the cert itself).
|
|
"verify_peer_name" is enabled by default for client streams.
|
|
(Daniel Lowrey)
|
|
. Fixed Bug #65538 ("cafile" SSL context option now supports stream
|
|
wrappers). (Daniel Lowrey)
|
|
. New openssl_get_cert_locations() function to aid CA file and peer
|
|
verification debugging. (Daniel Lowrey)
|
|
. Encrypted stream wrappers now disable TLS compression by default.
|
|
(Daniel Lowrey)
|
|
. New "capture_session_meta" SSL context option allows encrypted client and
|
|
server streams access to negotiated protocol/cipher information.
|
|
(Daniel Lowrey)
|
|
. New "honor_cipher_order" SSL context option allows servers to prioritize
|
|
cipher suites of their choosing when negotiating SSL/TLS handshakes.
|
|
(Daniel Lowrey)
|
|
. New "single_ecdh_use" and "single_dh_use" SSL context options allow for
|
|
improved forward secrecy in encrypted stream servers. (Daniel Lowrey)
|
|
. New "dh_param" SSL context option allows stream servers control over
|
|
the parameters when negotiating DHE cipher suites. (Daniel Lowrey)
|
|
. New "ecdh_curve" SSL context option allowing stream servers to specify
|
|
the curve to use when negotiating ephemeral ECDHE ciphers (defaults to
|
|
NIST P-256). (Daniel Lowrey)
|
|
. New "rsa_key_size" SSL context option gives stream servers control
|
|
over the key size (in bits) used for RSA key agreements. (Daniel Lowrey)
|
|
. Crypto methods for encrypted client and server streams now use
|
|
bitwise flags for fine-grained protocol support. (Daniel Lowrey)
|
|
. Added new tlsv1.0 stream wrapper to specify TLSv1 client/server method.
|
|
tls wrapper now negotiates TLSv1, TLSv1.1 or TLSv1.2. (Daniel Lowrey)
|
|
. Encrypted client streams now enable SNI by default. (Daniel Lowrey)
|
|
. Encrypted streams now prioritize ephemeral key agreement and high strength
|
|
ciphers by default. (Daniel Lowrey)
|
|
. New OPENSSL_DEFAULT_STREAM_CIPHERS constant exposes default cipher
|
|
list. (Daniel Lowrey)
|
|
. New STREAM_CRYPTO_METHOD_* constants for enhanced control over the crypto
|
|
methods negotiated encrypted server/client sessions. (Daniel Lowrey)
|
|
. Encrypted stream servers now automatically mitigate potential DoS vector
|
|
arising from client-initiated TLS renegotiation. New "reneg_limit",
|
|
"reneg_window" and "reneg_limit_callback" SSL context options for custom
|
|
renegotiation limiting control. (Daniel Lowrey)
|
|
|
|
- Pgsql:
|
|
. pg_insert()/pg_select()/pg_update()/pg_delete() are no longer EXPERIMENTAL.
|
|
(Yasuo)
|
|
. Impremented FR #25854 Return value for pg_insert should be resource instead of bool.
|
|
(Yasuo)
|
|
. Implemented FR #41146 - Add "description" with exteneded flag pg_meta_data().
|
|
pg_meta_data(resource $conn, string $table [, bool extended])
|
|
It also made pg_meta_data() return "is enum" always.
|
|
(Yasuo)
|
|
|
|
13 Feb 2014, PHP 5.6.0 Alpha 2
|
|
- Core:
|
|
. Added T_POW (**) operator
|
|
(RFC: https://wiki.php.net/rfc/pow-operator). (Tjerk Meesters)
|
|
|
|
- mysqli
|
|
. Added new function mysqli_get_links_stats() as well as new INI variable
|
|
mysqli.rollback_on_cached_plink of type bool (Andrey)
|
|
|
|
- PCRE:
|
|
. Upgraded to PCRE 8.34. (Anatol)
|
|
|
|
- ldap
|
|
. Added new function ldap_modify_batch(). (Ondrej Hosek)
|
|
|
|
- OpenSSL
|
|
. Peer certificates now verified by default in client socket operations
|
|
(RFC: https://wiki.php.net/rfc/tls-peer-verification). (Daniel Lowrey)
|
|
. New openssl.cafile and openssl.capath ini directives. (Daniel Lowrey)
|
|
|
|
23 Jan 2014, PHP 5.6.0 Alpha 1
|
|
- CLI server:
|
|
. Added some MIME types to the CLI web server. (Chris Jones)
|
|
|
|
- Core:
|
|
. Improved IS_VAR operands fetching. (Laruence, Dmitry)
|
|
. Improved empty string handling. Now ZE uses an interned string instead of
|
|
allocation new empty string each time. (Laruence, Dmitry)
|
|
. Implemented internal operator overloading
|
|
(RFC: https://wiki.php.net/rfc/operator_overloading_gmp). (Nikita)
|
|
. Made calls from incompatible context issue an E_DEPRECATED warning instead
|
|
of E_STRICT (phase 1 of RFC: https://wiki.php.net/rfc/incompat_ctx).
|
|
(Gustavo)
|
|
. Uploads equal or greater than 2GB in size are now accepted.
|
|
(Ralf Lang, Mike)
|
|
. Reduced POST data memory usage by 200-300%. Changed INI setting
|
|
always_populate_raw_post_data to throw a deprecation warning when enabling
|
|
and to accept -1 for never populating the $HTTP_RAW_POST_DATA global
|
|
variable, which will be the default in future PHP versions. (Mike)
|
|
. Implemented dedicated syntax for variadic functions
|
|
(RFC: https://wiki.php.net/rfc/variadics). (Nikita)
|
|
. Fixed bug #50333 Improving multi-threaded scalability by using
|
|
emalloc/efree/estrdup (Anatol, Dmitry)
|
|
. Implemented constant scalar expressions (with support for constants)
|
|
(RFC: https://wiki.php.net/rfc/const_scalar_exprs). (Bob)
|
|
. Fixed bug #65784 (Segfault with finally). (Laruence, Dmitry)
|
|
. Fixed bug #66509 (copy() arginfo has changed starting from 5.4). (willfitch)
|
|
|
|
- cURL:
|
|
. Implemented FR #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir
|
|
or safe_mode). (Adam)
|
|
|
|
- FPM
|
|
. Included apparmor support in fpm
|
|
(RFC: https://wiki.php.net/rfc/fpm_change_hat). (Gernot Vormayr)
|
|
|
|
- GMP:
|
|
. Moved GMP to use object as the underlying structure and implemented various
|
|
improvements based on this.
|
|
(RFC: https://wiki.php.net/rfc/operator_overloading_gmp). (Nikita)
|
|
. Added gmp_root() and gmp_rootrem() functions for calculating nth roots.
|
|
(Nikita)
|
|
|
|
- Hash:
|
|
. Added gost-crypto (CryptoPro S-box) GOST hash algo. (Manuel Mausz)
|
|
|
|
- JSON:
|
|
. Fixed case part of bug #64874 ("json_decode handles whitespace and
|
|
case-sensitivity incorrectly")
|
|
|
|
- mysqlnd:
|
|
. Disabled flag for SP OUT variables for 5.5+ servers as they are not natively
|
|
supported by the overlying APIs. (Andrey)
|
|
|
|
- OPcache:
|
|
. Added an optimization of class constants and constant calls to some
|
|
internal functions (Laruence, Dmitry)
|
|
. Added an optimization pass to convert FCALL_BY_NAME into DO_FCALL.
|
|
(Laruence, Dmitry)
|
|
. Added an optimization pass to merged identical constants (and related
|
|
cache_slots) in op_array->literals table. (Laruence, Dmitry)
|
|
. Added script level constant replacement optimization pass. (Dmitry)
|
|
|
|
- OpenSSL:
|
|
. Added crypto_method option for the ssl stream context. (Martin Jansen)
|
|
. Added certificate fingerprint support. (Tjerk Meesters)
|
|
. Added explicit TLSv1.1 and TLSv1.2 stream transports. (Daniel Lowrey)
|
|
. Fixed bug #65729 (CN_match gives false positive). (Tjerk Meesters)
|
|
. Peer name verification matches SAN DNS names for certs using
|
|
the Subject Alternative Name x509 extension. (Daniel Lowrey)
|
|
. Fixed segfault when built against OpenSSL>=1.0.1 (Daniel Lowrey)
|
|
. Added SPKAC support. (Jason Gerfen)
|
|
|
|
- PDO_pgsql:
|
|
. Fixed Bug #42614 (PDO_pgsql: add pg_get_notify support). (Matteo)
|
|
. Fixed Bug #63657 (pgsqlCopyFromFile, pgsqlCopyToArray use Postgres < 7.3
|
|
syntax). (Matteo)
|
|
|
|
- phpdbg:
|
|
. Included phpdbg sapi (RFC: https://wiki.php.net/rfc/phpdbg).
|
|
(Felipe Pena, Joe Watkins and Bob Weinand)
|
|
|
|
- pgsql:
|
|
. pg_version() returns full report which obtained by PQparameterStatus().
|
|
(Yasuo)
|
|
. Added pg_lo_truncate(). (Yasuo)
|
|
. Added 64bit large object support for PostgreSQL 9.3 and later. (Yasuo)
|
|
|
|
- Session:
|
|
. Fixed Bug #65315 (session.hash_function silently fallback to default md5)
|
|
(Yasuo)
|
|
. Implemented Request #17860 (Session write short circuit). (Yasuo)
|
|
. Implemented Request #20421 (session_abort() and session_reset() function).
|
|
(Yasuo)
|
|
|
|
- Standard:
|
|
. Implemented FR #65634 (HTTP wrapper is very slow with protocol_version
|
|
1.1). (Adam)
|
|
. Implemented Change crypt() behavior w/o salt RFC. (Yasuo)
|
|
https://wiki.php.net/rfc/crypt_function_salt
|
|
. Implemented request #49824 (Change array_fill() to allow creating empty
|
|
array). (Nikita)
|
|
|
|
- XMLReader:
|
|
. Fixed bug #55285 (XMLReader::getAttribute/No/Ns methods inconsistency).
|
|
(Mike)
|
|
|
|
- Zip:
|
|
. update libzip to version 1.11.2.
|
|
PHP don't use any ilibzip private symbol anymore. (Pierre, Remi)
|
|
. new method ZipArchive::setPassword($password). (Pierre)
|
|
. add --with-libzip option to build with system libzip. (Remi)
|
|
. new methods:
|
|
ZipArchive::setExternalAttributesName($name, $opsys, $attr [, $flags])
|
|
ZipArchive::setExternalAttributesIndex($idx, $opsys, $attr [, $flags])
|
|
ZipArchive::getExternalAttributesName($name, &$opsys, &$attr [, $flags])
|
|
ZipArchive::getExternalAttributesIndex($idx, &$opsys, &$attr [, $flags])
|
|
|
|
<<< NOTE: Insert NEWS from last stable release here prior to actual release! >>>
|