--- embedaddon/php/NEWS 2012/02/21 23:47:51 1.1.1.1 +++ embedaddon/php/NEWS 2013/10/14 08:02:08 1.1.1.4 @@ -1,22 +1,1808 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| +19 Sep 2013, PHP 5.4.20 + +- Core: + . Fixed bug #60598 (cli/apache sapi segfault on objects manipulation). + (Laruence) + . Fixed bug #65579 (Using traits with get_class_methods causes segfault). + (Adam) + . Fixed bug #65490 (Duplicate calls to get lineno & filename for + DTRACE_FUNCTION_*). (Chris Jones) + . Fixed bug #65483 (quoted-printable encode stream filter incorrectly encoding + spaces). (Michael M Slusarz) + . Fixed bug #65481 (shutdown segfault due to serialize) (Mike) + . Fixed bug #65470 (Segmentation fault in zend_error() with + --enable-dtrace). (Chris Jones, Kris Van Hees) + . Fixed bug #65372 (Segfault in gc_zval_possible_root when return reference + fails). (Laruence) + . Fixed bug #65304 (Use of max int in array_sum). (Laruence) + . Fixed bug #65291 (get_defined_constants() causes PHP to crash in a very + limited case). (Arpad) + . Fixed bug #65225 (PHP_BINARY incorrectly set). (Patrick Allaert) + . Improved fix for bug #63186 (compile failure on netbsd). (Matteo) + . Fixed bug #62692 (PHP fails to build with DTrace). (Chris Jones, Kris Van Hees) + . Fixed bug #61759 (class_alias() should accept classes with leading + backslashes). (Julien) + . Fixed bug #61345 (CGI mode - make install don't work). (Michael Heimpold) + . Cherry-picked some DTrace build commits (allowing builds on Linux, + bug #62691, and bug #63706) from PHP 5.5 branch + . Fixed bug #61268 (--enable-dtrace leads make to clobber + Zend/zend_dtrace.d) (Chris Jones) + +- cURL: + . Fixed bug #65458 (curl memory leak). (Adam) + +- Datetime: + . Fixed bug #65554 (createFromFormat broken when weekday name is followed + by some delimiters). (Valentin Logvinskiy, Stas). + . Fixed bug #65564 (stack-buffer-overflow in DateTimeZone stuff caught + by AddressSanitizer). (Remi). + +- Openssl: + . Fixed bug #64802 (openssl_x509_parse fails to parse subject properly in + some cases). (Mark Jones) + +- Session: + . Fixed bug #62129 (rfc1867 crashes php even though turned off). (gxd305 at + gmail dot com) + . Fixed bug #50308 (session id not appended properly for empty anchor tags). + (Arpad) + . Fixed possible buffer overflow under Windows. Note: Not a security fix. + (Yasuo) + . Changed session.auto_start to PHP_INI_PERDIR. (Yasuo) + +- SOAP: + . Fixed bug #65018 (SoapHeader problems with SoapServer). (Dmitry) + +- SPL: + . Fixed bug #65328 (Segfault when getting SplStack object Value). (Laruence) + +- PDO: + . Fixed bug #64953 (Postgres prepared statement positional parameter + casting). (Mike) + +- Phar: + . Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for + some specific contents). (Stas) + +- Pgsql: + . Fixed bug #65336 (pg_escape_literal/identifier() silently returns false). + (Yasuo) + . Fixed bug #62978 (Disallow possible SQL injections with pg_select()/pg_update() + /pg_delete()/pg_insert()). (Yasuo) + +- Zlib: + . Fixed bug #65391 (Unable to send vary header user-agent when + ob_start('ob_gzhandler') is called) (Mike) + +22 Aug 2013, PHP 5.4.19 + +- Core: + . Fixed bug #64503 (Compilation fails with error: conflicting types for + 'zendparse'). (Laruence) + +- Openssl: + . Fixed UMR in fix for CVE-2013-4248. + +15 Aug 2013, PHP 5.4.18 + +- Core: + . Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS constant (previously was + erroneously set to FILTER_SANITIZE_SPECIAL_CHARS value). (Andrey + avp200681 gmail com). + . Fixed bug #65254 (Exception not catchable when exception thrown in autoload + with a namespace). (Laruence) + . Fixed bug #65108 (is_callable() triggers Fatal Error). + (David Soria Parra, Laruence) + . Fixed bug #65088 (Generated configure script is malformed on OpenBSD). + (Adam) + . Fixed bug #62964 (Possible XSS on "Registered stream filters" info). + (david at nnucomputerwhiz dot com) + . Fixed bug #62672 (Error on serialize of ArrayObject). (Lior Kaplan) + . Fixed bug #62475 (variant_* functions causes crash when null given as an + argument). (Felipe) + . Fixed bug #60732 (php_error_docref links to invalid pages). (Jakub Vrana) + . Fixed bug #65226 (chroot() does not get enabled). (Anatol) + +- CGI: + . Fixed Bug #65143 (Missing php-cgi man page). (Remi) + +- CLI server: + . Fixed bug #65066 (Cli server not responsive when responding with 422 http + status code). (Adam) + +- CURL: + . Fixed bug #62665 (curl.cainfo doesn't appear in php.ini). (Lior Kaplan) + +- FPM: + . Fixed bug #63983 (enabling FPM borks compile on FreeBSD). + (chibisuke at web dot de, Felipe) + +- FTP: + . Fixed bug #65228 (FTPs memory leak with SSL). + (marco dot beierer at mbsecurity dot ch) + +- GMP: + . Fixed bug #65227 (Memory leak in gmp_cmp second parameter). (Felipe) + +- Imap: + . Fixed bug #64467 (Segmentation fault after imap_reopen failure). + (askalski at gmail dot com) + +- Intl: + . Fixed bug #62759 (Buggy grapheme_substr() on edge case). (Stas) + . Fixed bug #61860 (Offsets may be wrong for grapheme_stri* functions). + (Stas) + +- mysqlnd: + . Fixed segfault in mysqlnd when doing long prepare. (Andrey) + +- ODBC: + . Fixed bug #61387 (NULL valued anonymous column causes segfault in + odbc_fetch_array). (Brandon Kirsch) + +- Openssl: + . Fixed handling null bytes in subjectAltName (CVE-2013-4248). + (Christian Heimes) + +- PDO: + . Allowed PDO_OCI to compile with Oracle Database 12c client libraries. + (Chris Jones) + +- PDO_dblib: + . Fixed bug #65219 (PDO/dblib not working anymore ("use dbName" not sent)). + (Stanley Sufficool) + +- PDO_pgsql: + . Fixed meta data retrieve when OID is larger than 2^31. (Yasuo) + +- Phar: + . Fixed Bug #65142 (Missing phar man page). (Remi) + +- Session + . Fixed bug #62535 ($_SESSION[$key]["cancel_upload"] doesn't work as + documented). (Arpad) + . Fixed bug #35703 (when session_name("123") consist only digits, + should warning). (Yasuo) + . Fixed bug #49175 (mod_files.sh does not support hash bits). Patch by + oorza2k5 at gmail dot com (Yasuo) + +- Sockets: + . Implemented FR #63472 (Setting SO_BINDTODEVICE with socket_set_option). + (Damjan Cvetko) + +- SPL: + . Fixed bug #65136 (RecursiveDirectoryIterator segfault). (Laruence) + . Fixed bug #61828 (Memleak when calling Directory(Recursive)Iterator + /Spl(Temp)FileObject ctor twice). (Laruence) + . Fixed bug #60560 (SplFixedArray un-/serialize, getSize(), count() return 0, + keys are strings). (Adam) + +- XML: + . Fixed bug #65236 (heap corruption in xml parser, CVE-2013-4113). (Rob) + +04 Jul 2013, PHP 5.4.17 + +- Core: + . Fixed bug #64988 (Class loading order affects E_STRICT warning). (Laruence) + . Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC). (Laruence) + . Fixed bug #64960 (Segfault in gc_zval_possible_root). (Laruence) + . Fixed bug #64936 (doc comments picked up from previous scanner run). (Stas, + Jonathan Oddy) + . Fixed bug #64934 (Apache2 TS crash with get_browser()). (Anatol) + . Fixed bug #64166 (quoted-printable-encode stream filter incorrectly + discarding whitespace). (Michael M Slusarz) + +- DateTime: + . Fixed bug #53437 (Crash when using unserialized DatePeriod instance). + (Gustavo, Derick, Anatol) + +- FPM: + . Fixed Bug #64915 (error_log ignored when daemonize=0). (Remi) + . Implemented FR #64764 (add support for FPM init.d script). (Lior Kaplan) + +- PDO: + . Fixed bug #63176 (Segmentation fault when instantiate 2 persistent PDO to + the same db server). (Laruence) + +- PDO_DBlib: + . Fixed bug #63638 (Cannot connect to SQL Server 2008 with PDO dblib). + (Stanley Sufficool) + . Fixed bug #64338 (pdo_dblib can't connect to Azure SQL). (Stanley + Sufficool) + . Fixed bug #64808 (FreeTDS PDO getColumnMeta on a prepared but not executed + statement crashes). (Stanley Sufficool) + +- PDO_firebird: + . Fixed bug #64037 (Firebird return wrong value for numeric field). + (Matheus Degiovani, Matteo) + . Fixed bug #62024 (Cannot insert second row with null using parametrized + query). (patch by james@kenjim.com, Matheus Degiovani, Matteo) + +- PDO_mysql: + . Fixed bug #48724 (getColumnMeta() doesn't return native_type for BIT, + TINYINT and YEAR). (Antony, Daniel Beardsley) + +- PDO_pgsql: + . Fixed Bug #64949 (Buffer overflow in _pdo_pgsql_error). (Remi) + +- pgsql: + . Fixed bug #64609 (pg_convert enum type support). (Matteo) + . Fixed bug #65015 (pg_send_query does not flush send buffer) + patch submitted by: adam at vektah dot net (Yasuo) + +- Readline: + . Implement FR #55694 (Expose additional readline variable to prevent + default filename completion). (Hartmel) + +- SPL: + . Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on + 64-bits systems). (Laruence) + +06 Jun 2013, PHP 5.4.16 + +- Core: + . Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode, + CVE 2013-2110). (Stas) + . Fixed bug #64853 (Use of no longer available ini directives causes crash on + TS build). (Anatol) + . Fixed bug #64729 (compilation failure on x32). (Gustavo) + . Fixed bug #64720 (SegFault on zend_deactivate). (Dmitry) + . Fixed bug #64660 (Segfault on memory exhaustion within function definition). + (Stas, reported by Juha Kylmänen) + +- Calendar: + . Fixed bug #64895 (Integer overflow in SndToJewish). (Remi) + +- Fileinfo: + . Fixed bug #64830 (mimetype detection segfaults on mp3 file). (Anatol) + +- FPM: + . Ignore QUERY_STRING when sent in SCRIPT_FILENAME. (Remi) + . Fixed some possible memory or resource leaks and possible null dereference + detected by code coverity scan. (Remi) + . Log a warning when a syscall fails. (Remi) + . Add --with-fpm-systemd option to report health to systemd, and + systemd_interval option to configure this. The service can now use + Type=notify in the systemd unit file. (Remi) + +- MySQLi + . Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB + pointer has closed). (Laruence) + +- Phar + . Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or + with non std tmp dir). (Pierre) + +- SNMP: + . Fixed bug #64765 (Some IPv6 addresses get interpreted wrong). + (Boris Lytochkin) + . Fixed bug #64159 (Truncated snmpget). (Boris Lytochkin) + +- Streams: + . Fixed bug #64770 (stream_select() fails with pipes returned by proc_open() + on Windows x64). (Anatol) + +- Zend Engine: + . Fixed bug #64821 (Custom Exceptions crash when internal properties + overridden). (Anatol) + +09 May 2013, PHP 5.4.15 +- Core: + . Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap: + segfault). (Laruence) + . Fixed bug #64458 (dns_get_record result with string of length -1). (Stas) + . Fixed bug #64433 (follow_location parameter of context is ignored for most + response codes). (Sergey Akbarov) + . Fixed bugs #47675 and #64577 (fd leak on Solaris) + +- Fileinfo: + . Upgraded libmagic to 5.14. (Anatol) + +- MySQLi: + . Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB + pointer has closed). (Laruence) + +- Zip: + . Fixed bug #64342 (ZipArchive::addFile() has to check for file existence). + (Anatol) + +- Streams: + . Fixed Windows x64 version of stream_socket_pair() and improved error + handling. (Anatol Belski) + . Fixed bug #64770 (stream_select() fails with pipes returned by proc_open() + on Windows x64). (Anatol) + +11 Apr 2013, PHP 5.4.14 + +- Core: + . Fixed bug #64529 (Ran out of opcode space). (Dmitry) + . Fixed bug #64515 (Memoryleak when using the same variablename two times in + function declaration). (Laruence) + . Fixed bug #64432 (more empty delimiter warning in strX methods). (Laruence) + . Fixed bug #64417 (ArrayAccess::&offsetGet() in a trait causes fatal error). + (Dmitry) + . Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']). + (Anatol) + . Fixed bug #64239 (Debug backtrace changed behavior since 5.4.10 or 5.4.11). + (Dmitry, Laruence) + . Fixed bug #63976 (Parent class incorrectly using child constant in class + property). (Dmitry) + . Fixed bug #63914 (zend_do_fcall_common_helper_SPEC does not handle + exceptions properly). (Jeff Welch) + . Fixed bug #62343 (Show class_alias In get_declared_classes()) (Dmitry) + +- PCRE: + . Merged PCRE 8.32. (Anatol) + +- SNMP: + . Fixed bug #61981 (OO API, walk: $suffix_as_key is not working correctly). + (Boris Lytochkin) + +- Zip: + . Bug #64452 (Zip crash intermittently). (Anatol) + +14 Mar 2013, PHP 5.4.13 + +- Core: + . Fixed bug #64354 (Unserialize array of objects whose class can't + be autoloaded fail). (Laruence) + . Fixed bug #64235 (Insteadof not work for class method in 5.4.11). + (Laruence) + . Fixed bug #64197 (_Offsetof() macro used but not defined on ARM/Clang). + (Ard Biesheuvel) + . Implemented FR #64175 (Added HTTP codes as of RFC 6585). (Jonh Wendell) + . Fixed bug #64142 (dval to lval different behavior on ppc64). (Remi) + . Fixed bug #64070 (Inheritance with Traits failed with error). (Dmitry) + +- CLI server: + . Fixed bug #64128 (buit-in web server is broken on ppc64). (Remi) + +- Mbstring: + . mb_split() can now handle empty matches like preg_split() does. (Moriyoshi) + +- mysqlnd + . Fixed bug #63530 (mysqlnd_stmt::bind_one_parameter crashes, uses wrong alloc + for stmt->param_bind). (Andrey) + +- OpenSSL: + . New SSL stream context option to prevent CRIME attack vector. (Daniel Lowrey, + Lars) + . Fixed bug #61930 (openssl corrupts ssl key resource when using + openssl_get_publickey()). (Stas) + +- PDO_mysql: + . Fixed bug #60840 (undefined symbol: mysqlnd_debug_std_no_trace_funcs). + (Johannes) + +- Phar: + . Fixed timestamp update on Phar contents modification. (Dmitry) + +- SOAP + . Added check that soap.wsdl_cache_dir conforms to open_basedir + (CVE-2013-1635). (Dmitry) + . Disabled external entities loading (CVE-2013-1643, CVE-2013-1824). + (Dmitry) + +- SPL: + . Fixed bug #64264 (SPLFixedArray toArray problem). (Laruence) + . Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS). + (patch by kriss@krizalys.com, Laruence) + . Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended). + (Nikita Popov) + . Fixed bug #52861 (unset fails with ArrayObject and deep arrays). + (Mike Willbanks) + +- SNMP: + . Fixed bug #64124 (IPv6 malformed). (Boris Lytochkin) + +21 Feb 2013, PHP 5.4.12 + +- Core: + . Fixed bug #64099 (Wrong TSRM usage in zend_Register_class alias). (Johannes) + . Fixed bug #64011 (get_html_translation_table() output incomplete with + HTML_ENTITIES and ISO-8859-1). (Gustavo) + . Fixed bug #63982 (isset() inconsistently produces a fatal error on + protected property). (Stas) + . Fixed bug #63943 (Bad warning text from strpos() on empty needle). + (Laruence) + . Fixed bug #63899 (Use after scope error in zend_compile). (Laruence) + . Fixed bug #63893 (Poor efficiency of strtr() using array with keys of very + different length). (Gustavo) + . Fixed bug #63882 (zend_std_compare_objects crash on recursion). (Dmitry) + . Fixed bug #63462 (Magic methods called twice for unset protected + properties). (Stas) + . Fixed bug #62524 (fopen follows redirects for non-3xx statuses). + (Wes Mason) + . Support BITMAPV5HEADER in getimagesize(). (AsamK, Lars) + +- Date: + . Fixed bug #63699 (Performance improvements for various ext/date functions). + (Lars, original patch by njaguar at gmail dot com) + . Fixed bug #55397: Comparsion of incomplete DateTime causes SIGSEGV. + (Derick) + +- FPM: + . Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam) + +- Litespeed: + . Fixed bug #63228 (-Werror=format-security error in lsapi code). (George) + +- ext/sqlite3: + . Fixed bug #63921 (sqlite3::bindvalue and relative PHP functions aren't + using sqlite3_*_int64 API). (srgoogleguy, Lars) + +- PDO_OCI + . Fixed bug #57702 (Multi-row BLOB fetches). (hswong3i, Laruence) + . Fixed bug #52958 (Segfault in PDO_OCI on cleanup after running a long + testsuite). (hswong3i, Lars) + +- PDO_sqlite: + . Fixed bug #63916 (PDO::PARAM_INT casts to 32bit int internally even + on 64bit builds in pdo_sqlite). (srgoogleguy, Lars) + +17 Jan 2013, PHP 5.4.11 + +- Core: + . Fixed bug #63762 (Sigsegv when Exception::$trace is changed by user). + (Johannes) + . Fixed bug #43177 (Errors in eval()'ed code produce status code 500). + (Todd Ruth, Stas). + +- Filter: + . Fixed bug #63757 (getenv() produces memory leak with CGI SAPI). (Dmitry) + . Fixed bug #54096 (FILTER_VALIDATE_INT does not accept +0 and -0). + (martin at divbyzero dot net, Lars) + +- JSON: + . Fixed bug #63737 (json_decode does not properly decode with options + parameter). (Adam) + +- CLI server + . Update list of common mime types. Added webm, ogv, ogg. (Lars, + pascalc at gmail dot com) + +- cURL extension: + . Fixed bug (segfault due to libcurl connection caching). (Pierrick) + . Fixed bug #63859 (Memory leak when reusing curl-handle). (Pierrick) + . Fixed bug #63795 (CURL >= 7.28.0 no longer support value 1 for + CURLOPT_SSL_VERIFYHOST). (Pierrick) + . Fixed bug #63352 (Can't enable hostname validation when using curl stream + wrappers). (Pierrick) + . Fixed bug #55438 (Curlwapper is not sending http header randomly). + (phpnet@lostreality.org, Pierrick) + +20 Dec 2012, PHP 5.4.10 + +- Core: + . Fixed bug #63726 (Memleak with static properties and internal/user + classes). (Laruence) + . Fixed bug #63635 (Segfault in gc_collect_cycles). (Dmitry) + . Fixed bug #63512 (parse_ini_file() with INI_SCANNER_RAW removes quotes + from value). (Pierrick) + . Fixed bug #63468 (wrong called method as callback with inheritance). + (Laruence) + . Fixed bug #63451 (config.guess file does not have AIX 7 defined, + shared objects are not created). (kemcline at au1 dot ibm dot com) + . Fixed bug #61557 (Crasher in tt-rss backend.php). + (i dot am dot jack dot mail at gmail dot com) + . Fixed bug #61272 (ob_start callback gets passed empty string). + (Mike, casper at langemeijer dot eu) + +- Date: + . Fixed bug #63666 (Poor date() performance). (Paul Taulborg). + . Fixed bug #63435 (Datetime::format('u') sometimes wrong by 1 microsecond). + (Remi) + +- Imap: + . Fixed bug #63126 (DISABLE_AUTHENTICATOR ignores array). (Remi) + +- Json: + . Fixed bug #63588 (use php_next_utf8_char and remove duplicate + implementation). (Remi) + +- MySQLi: + . Fixed bug #63361 (missing header). (Remi) + +- MySQLnd: + . Fixed bug #63398 (Segfault when polling closed link). (Laruence) + +- Fileinfo: + . Fixed bug #63590 (Different results in TS and NTS under Windows). + (Anatoliy) + +- FPM: + . Fixed bug #63581 Possible null dereference and buffer overflow (Remi) + +- Pdo_sqlite: + . Fixed Bug #63149 getColumnMeta should return the table name + when system SQLite used. (Remi) + +- Apache2 Handler SAPI: + . Enabled Apache 2.4 configure option for Windows (Pierre, Anatoliy) + +- Reflection: + . Fixed Bug #63614 (Fatal error on Reflection). (Laruence) + +- SOAP + . Fixed bug #63271 (SOAP wsdl cache is not enabled after initial requests). + (John Jawed, Dmitry) + +- Sockets + . Fixed bug #49341 (Add SO_REUSEPORT support for socket_set_option()). + (Igor Wiedler, Lars) + +- SPL + . Fixed bug #63680 (Memleak in splfixedarray with cycle reference). (Laruence) + +22 Nov 2012, PHP 5.4.9 + +- Core: + . Fixed bug #63305 (zend_mm_heap corrupted with traits). (Dmitry, Laruence) + . Fixed bug #63369 ((un)serialize() leaves dangling pointers, causes crashes). + (Tony, Andrew Sitnikov) + . Fixed bug #63241 (PHP fails to open Windows deduplicated files). + (daniel dot stelter-gliese at innogames dot de) + . Fixed bug #62444 (Handle leak in is_readable on windows). + (krazyest at seznam dot cz) + +- Curl: + . Fixed bug #63363 (Curl silently accepts boolean true for SSL_VERIFYHOST). + Patch by John Jawed GitHub PR #221 (Anthony) + +- Fileinfo: + . Fixed bug #63248 (Load multiple magic files from a directory under Windows). + (Anatoliy) + +- Libxml + . Fixed bug #63389 (Missing context check on libxml_set_streams_context() + causes memleak). (Laruence) + +- Mbstring: + . Fixed bug #63447 (max_input_vars doesn't filter variables when + mbstring.encoding_translation = On). (Laruence) + +- OCI8: + . Fixed bug #63265 (Add ORA-00028 to the PHP_OCI_HANDLE_ERROR macro) + (Chris Jones) + +- PCRE: + . Fixed bug #63180 (Corruption of hash tables). (Dmitry) + . Fixed bug #63055 (Segfault in zend_gc with SF2 testsuite). + (Dmitry, Laruence) + . Fixed bug #63284 (Upgrade PCRE to 8.31). (Anatoliy) + +- PDO: + . Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec). + (Martin Osvald, Remi) + +- PDO_pgsql: + . Fixed bug #62593 (Emulate prepares behave strangely with PARAM_BOOL). + (Will Fitch) + +- Phar: + . Fixed bug #63297 (Phar fails to write an openssl based signature). + (Anatoliy) + +- Streams: + . Fixed bug #63240 (stream_get_line() return contains delimiter string). + (Tjerk, Gustavo) + +- Reflection: + . Fixed bug #63399 (ReflectionClass::getTraitAliases() incorrectly resolves + traitnames). (Laruence) + +18 Oct 2012, PHP 5.4.8 + +- CLI server: + . Implemented FR #63242 (Default error page in PHP built-in web server uses + outdated html/css). (pascal.chevrel@free.fr) + . Changed response to unknown HTTP method to 501 according to RFC. + (Niklas Lindgren). + . Support HTTP PATCH method. Patch by Niklas Lindgren, GitHub PR #190. + (Lars) + +- Core: + . Fixed bug #63219 (Segfault when aliasing trait method when autoloader + throws excpetion). (Laruence) + . Added optional second argument for assert() to specify custom message. Patch + by Lonny Kapelushnik (lonny@lonnylot.com). (Lars) + . Support building PHP with the native client toolchain. (Stuart Langley) + . Added --offline option for tests. (Remi) + . Fixed bug #63162 (parse_url does not match password component). (husman) + . Fixed bug #63111 (is_callable() lies for abstract static method). (Dmitry) + . Fixed bug #63093 (Segfault while load extension failed in zts-build). + (Laruence) + . Fixed bug #62976 (Notice: could not be converted to int when comparing + some builtin classes). (Laruence) + . Fixed bug #62955 (Only one directive is loaded from "Per Directory Values" + Windows registry). (aserbulov at parallels dot com) + . Fixed bug #62907 (Double free when use traits). (Dmitry) + . Fixed bug #61767 (Shutdown functions not called in certain error + situation). (Dmitry) + . Fixed bug #60909 (custom error handler throwing Exception + fatal error + = no shutdown function). (Dmitry) + . Fixed bug #60723 (error_log error time has changed to UTC ignoring default + timezone). (Laruence) + +- cURL: + . Fixed bug #62085 (file_get_contents a remote file by Curl wrapper will + cause cpu Soaring). (Pierrick) + +- Date: + . Fixed bug #62896 ("DateTime->modify('+0 days')" modifies DateTime object) + (Lonny Kapelushnik) + . Fixed bug #62561 (DateTime add 'P1D' adds 25 hours). (Lonny Kapelushnik) + +- DOM: + . Fixed bug #63015 (Incorrect arginfo for DOMErrorHandler). (Rob) + +- FPM: + . Fixed bug #62954 (startup problems fpm / php-fpm). (fat) + . Fixed bug #62886 (PHP-FPM may segfault/hang on startup). (fat) + . Fixed bug #63085 (Systemd integration and daemonize). (remi, fat) + . Fixed bug #62947 (Unneccesary warnings on FPM). (fat) + . Fixed bug #62887 (Only /status?plain&full gives "last request cpu"). (fat) + . Fixed bug #62216 (Add PID to php-fpm init.d script). (fat) + +- OCI8: + . Fixed bug #60901 (Improve "tail" syntax for AIX installation) (Chris Jones) + +- OpenSSL: + . Implemented FR #61421 (OpenSSL signature verification missing RMD160, + SHA224, SHA256, SHA384, SHA512). (Mark Jones) + +- PDO: + . Fixed bug #63258 (seg fault with PDO and dblib using DBSETOPT(H->link, + DBQUOTEDIDENT, 1)). (Laruence) + . Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec). + (Martin Osvald, Remi) + +- PDO Firebird: + . Fixed bug #63214 (Large PDO Firebird Queries). + (james at kenjim dot com) + +- SOAP + . Fixed bug #50997 (SOAP Error when trying to submit 2nd Element of a choice). + (Dmitry) + +- SPL: + . Bug #62987 (Assigning to ArrayObject[null][something] overrides all + undefined variables). (Laruence) + +- mbstring: + . Allow passing null as a default value to mb_substr() and mb_strcut(). Patch + by Alexander Moskaliov via GitHub PR #133. (Lars) + +- Filter extension: + . Bug #49510: Boolean validation fails with FILTER_NULL_ON_FAILURE with empty + string or false. (Lars) + +- Sockets + . Fixed bug #63000 (MCAST_JOIN_GROUP on OSX is broken, merge of PR 185 by + Igor Wiedler). (Lars) + +13 Sep 2012, PHP 5.4.7 + +- Core: + . Fixed bug (segfault while build with zts and GOTO vm-kind). (Laruence) + . Fixed bug #62844 (parse_url() does not recognize //). (Andrew Faulds). + . Fixed bug #62829 (stdint.h included on platform where HAVE_STDINT_H is not + set). (Felipe) + . Fixed bug #62763 (register_shutdown_function and extending class). + (Laruence) + . Fixed bug #62725 (Calling exit() in a shutdown function does not return + the exit value). (Laruence) + . Fixed bug #62744 (dangling pointers made by zend_disable_class). (Laruence) + . Fixed bug #62716 (munmap() is called with the incorrect length). + (slangley@google.com) + . Fixed bug #62358 (Segfault when using traits a lot). (Laruence) + . Fixed bug #62328 (implementing __toString and a cast to string fails) + (Laruence) + . Fixed bug #51363 (Fatal error raised by var_export() not caught by error + handler). (Lonny Kapelushnik) + . Fixed bug #40459 (Stat and Dir stream wrapper methods do not call + constructor). (Stas) + +- CURL: + . Fixed bug #62912 (CURLINFO_PRIMARY_* AND CURLINFO_LOCAL_* not exposed). + (Pierrick) + . Fixed bug #62839 (curl_copy_handle segfault with CURLOPT_FILE). (Pierrick) + +- Intl: + . Fixed Spoofchecker not being registered on ICU 49.1. (Gustavo) + . Fix bug #62933 (ext/intl compilation error on icu 3.4.1). (Gustavo) + . Fix bug #62915 (defective cloning in several intl classes). (Gustavo) + +- Installation: + . Fixed bug #62460 (php binaries installed as binary.dSYM). (Reeze Xia) + +- PCRE: + . Fixed bug #55856 (preg_replace should fail on trailing garbage). + (reg dot php at alf dot nu) + +- PDO: + . Fixed bug #62685 (Wrong return datatype in PDO::inTransaction()). (Laruence) + +- Reflection: + . Fixed bug #62892 (ReflectionClass::getTraitAliases crashes on importing + trait methods as private). (Felipe) + . Fixed bug #62715 (ReflectionParameter::isDefaultValueAvailable() wrong + result). (Laruence) + +- Session: + . Fixed bug (segfault due to retval is not initialized). (Laruence) + . Fixed bug (segfault due to PS(mod_user_implemented) not be reseted + when close handler call exit). (Laruence) + +- SOAP + . Fixed bug #50997 (SOAP Error when trying to submit 2nd Element of a choice). + (Dmitry) + +- SPL: + . Fixed bug #62904 (Crash when cloning an object which inherits SplFixedArray) + (Laruence) + . Implemented FR #62840 (Add sort flag to ArrayObject::ksort). (Laruence) + +- Standard: + . Fixed bug #62836 (Seg fault or broken object references on unserialize()). + (Laruence) + +- FPM: + . Merged PR 121 by minitux to add support for slow request counting on PHP + FPM status page. (Lars) + +16 Aug 2012, PHP 5.4.6 + +- CLI Server: + . Implemented FR #62700 (have the console output 'Listening on + http://localhost:8000'). (pascal.chevrel@free.fr) + +- Core: + . Fixed bug #62661 (Interactive php-cli crashes if include() is used in + auto_prepend_file). (Laruence) + . Fixed bug #62653: (unset($array[$float]) causes a crash). (Nikita Popov, + Laruence) + . Fixed bug #62565 (Crashes due non-initialized internal properties_table). + (Felipe) + . Fixed bug #60194 (--with-zend-multibyte and --enable-debug reports LEAK + with run-test.php). (Laruence) + +- CURL: + . Fixed bug #62499 (curl_setopt($ch, CURLOPT_COOKIEFILE, "") returns false). + (r.hampartsumyan@gmail.com, Laruence) + +- DateTime: + . Fixed Bug #62500 (Segfault in DateInterval class when extended). (Laruence) + +- Fileinfo: + . Fixed bug #61964 (finfo_open with directory causes invalid free). + (reeze.xia@gmail.com) + +- Intl: + . Fixed bug #62564 (Extending MessageFormatter and adding property causes + crash). (Felipe) + +- MySQLnd: + . Fixed bug #62594 (segfault in mysqlnd_res_meta::set_mode). (Laruence) + +- readline: + . Fixed bug #62612 (readline extension compilation fails with + sapi/cli/cli.h: No such file). (Johannes) + +- Reflection: + . Implemented FR #61602 (Allow access to name of constant used as default + value). (reeze.xia@gmail.com) + +- SimpleXML: + . Implemented FR #55218 Get namespaces from current node. (Lonny) + +- SPL: + . Fixed bug #62616 (ArrayIterator::count() from IteratorIterator instance + gives Segmentation fault). (Laruence, Gustavo) + . Fixed bug #61527 (ArrayIterator gives misleading notice on next() when + moved to the end). (reeze.xia@gmail.com) + +- Streams: + . Fixed bug #62597 (segfault in php_stream_wrapper_log_error with ZTS build). + (Laruence) + +- Zlib: + . Fixed bug #55544 (ob_gzhandler always conflicts with + zlib.output_compression). (Laruence) + +19 Jul 2012, PHP 5.4.5 + +- Core: + . Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed + Salt). (Anthony Ferrara) + . Fixed bug #62432 (ReflectionMethod random corrupt memory on high + concurrent). (Johannes) + . Fixed bug #62373 (serialize() generates wrong reference to the object). + (Moriyoshi) + . Fixed bug #62357 (compile failure: (S) Arguments missing for built-in + function __memcmp). (Laruence) + . Fixed bug #61998 (Using traits with method aliases appears to result in + crash during execution). (Dmitry) + . Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that + includes a semi-colon). (Pierrick) + . Fixed potential overflow in _php_stream_scandir (CVE-2012-2688). + (Jason Powell, Stas) + +- EXIF: + . Fixed information leak in ext exif (discovered by Martin Noga, + Matthew "j00ru" Jurczyk, Gynvael Coldwind) + +- FPM: + . Fixed bug #62205 (php-fpm segfaults (null passed to strstr)). (fat) + . Fixed bug #62160 (Add process.priority to set nice(2) priorities). (fat) + . Fixed bug #62153 (when using unix sockets, multiples FPM instances + . Fixed bug #62033 (php-fpm exits with status 0 on some failures to start). + (fat) + . Fixed bug #61839 (Unable to cross-compile PHP with --enable-fpm). (fat) + . Fixed bug #61835 (php-fpm is not allowed to run as root). (fat) + . Fixed bug #61295 (php-fpm should not fail with commented 'user' + . Fixed bug #61218 (FPM drops connection while receiving some binary values + in FastCGI requests). (fat) + . Fixed bug #61045 (fpm don't send error log to fastcgi clients). (fat) + for non-root start). (fat) + . Fixed bug #61026 (FPM pools can listen on the same address). (fat) + can be launched without errors). (fat) + +- Iconv: + . Fix bug #55042 (Erealloc in iconv.c unsafe). (Stas) + +- Intl: + . Fixed bug #62083 (grapheme_extract() memory leaks). (Gustavo) + . ResourceBundle constructor now accepts NULL for the first two arguments. + (Gustavo) + . Fixed bug #62081 (IntlDateFormatter constructor leaks memory when called + twice). (Gustavo) + . Fixed bug #62070 (Collator::getSortKey() returns garbage). (Gustavo) + . Fixed bug #62017 (datefmt_create with incorrectly encoded timezone leaks + pattern). (Gustavo) + . Fixed bug #60785 (memory leak in IntlDateFormatter constructor). (Gustavo) + +- JSON: + . Fixed bug #61359 (json_encode() calls too many reallocs). (Stas) + +- libxml: + . Fixed bug #62266 (Custom extension segfaults during xmlParseFile with FPM + SAPI). (Gustavo) + +- Phar: + . Fixed bug #62227 (Invalid phar stream path causes crash). (Felipe) + +- Readline: + . Fixed bug #62186 (readline fails to compile - void function should not + return a value). (Johannes) + +- Reflection: + . Fixed bug #62384 (Attempting to invoke a Closure more than once causes + segfault). (Felipe) + . Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory leaks + with constant). (Laruence) + +- Sockets: + . Fixed bug #62025 (__ss_family was changed on AIX 5.3). (Felipe) + +- SPL: + . Fixed bug #62433 (Inconsistent behavior of RecursiveDirectoryIterator to + dot files). (Laruence) + . Fixed bug #62262 (RecursiveArrayIterator does not implement Countable). + (Nikita Popov) + +- XML Writer: + . Fixed bug #62064 (memory leak in the XML Writer module). + (jean-pierre dot lozi at lip6 dot fr) + +- Zip: + . Upgraded libzip to 0.10.1 (Anatoliy) + +14 Jun 2012, PHP 5.4.4 + +- COM: + . Fixed bug #62146 com_dotnet cannot be built shared. (Johannes) + +- CLI Server: + . Implemented FR #61977 (Need CLI web-server support for files with .htm & + svg extensions). (Sixd, Laruence) + . Improved performance while sending error page, this also fixed + bug #61785 (Memory leak when access a non-exists file without router). + (Laruence) + . Fixed bug #61546 (functions related to current script failed when chdir() + in cli sapi). (Laruence, reeze.xia@gmail.com) + +- Core: + . Fixed missing bound check in iptcparse(). (chris at chiappa.net) + . Fixed CVE-2012-2143. (Solar Designer) + . Fixed bug #62097 (fix for for bug #54547). (Gustavo) + . Fixed bug #62005 (unexpected behavior when incrementally assigning to a + member of a null object). (Laruence) + . Fixed bug #61978 (Object recursion not detected for classes that implement + JsonSerializable). (Felipe) + . Fixed bug #61991 (long overflow in realpath_cache_get()). (Anatoliy) + . Fixed bug #61922 (ZTS build doesn't accept zend.script_encoding config). + (Laruence) + . Fixed bug #61827 (incorrect \e processing on Windows) (Anatoliy) + . Fixed bug #61782 (__clone/__destruct do not match other methods when checking + access controls). (Stas) + . Fixed bug #61764 ('I' unpacks n as signed if n > 2^31-1 on LP64). (Gustavo) + . Fixed bug #61761 ('Overriding' a private static method with a different + signature causes crash). (Laruence) + . Fixed bug #61730 (Segfault from array_walk modifying an array passed by + reference). (Laruence) + . Fixed bug #61728 (PHP crash when calling ob_start in request_shutdown + phase). (Laruence) + . Fixed bug #61713 (Logic error in charset detection for htmlentities). + (Anatoliy) + . Fixed bug #61660 (bin2hex(hex2bin($data)) != $data). (Nikita Popov) + . Fixed bug #61650 (ini parser crashes when using ${xxxx} ini variables + (without apache2)). (Laruence) + . Fixed bug #61605 (header_remove() does not remove all headers). (Laruence) + . Fixed bug #54547 (wrong equality of string numbers). (Gustavo) + . Fixed bug #54197 ([PATH=] sections incompatibility with user_ini.filename + set to null). (Anatoliy) + . Changed php://fd to be available only for CLI. + +- CURL: + . Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction). + (Laruence) + +- Fileinfo + . Fixed bug #61812 (Uninitialised value used in libmagic). + (Laruence, Gustavo) + . Fixed bug #61566 failure caused by the posix lseek and read versions + under windows in cdf_read(). (Anatoliy) + . Fixed bug #61565 where php_stream_open_wrapper_ex tries to open a + directory descriptor under windows. (Anatoliy) + +- Intl + . Fixed bug #62082 (Memory corruption in internal function + get_icu_disp_value_src_php()). (Gustavo) + +- Libxml: + . Fixed bug #61617 (Libxml tests failed(ht is already destroyed)). + (Laruence) + +- PDO: + . Fixed bug #61755 (A parsing bug in the prepared statements can lead to + access violations). (Johannes) + +- Phar: + . Fixed bug #61065 (Secunia SA44335, CVE-2012-2386). (Rasmus) + +- Pgsql: + . Added pg_escape_identifier/pg_escape_literal. (Yasuo Ohgaki) + +- Streams: + . Fixed bug #61961 (file_get_contents leaks when access empty file with + maxlen set). (Reeze) + +- Zlib: + . Fixed bug #61820 (using ob_gzhandler will complain about headers already + sent when no compression). (Mike) + . Fixed bug #61443 (can't change zlib.output_compression on the fly). (Mike) + . Fixed bug #60761 (zlib.output_compression fails on refresh). (Mike) + +08 May 2012, PHP 5.4.3 + +- CGI + . Re-Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. + (Stas) + . Fix bug #61807 - Buffer Overflow in apache_request_headers. + (nyt-php at countercultured dot net). + +03 May 2012, PHP 5.4.2 + +- Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. (Rasmus) + +26 Apr 2012, PHP 5.4.1 + +- CLI Server: + . Fixed bug #61461 (missing checks around malloc() calls). (Ilia) + . Implemented FR #60850 (Built in web server does not set + $_SERVER['SCRIPT_FILENAME'] when using router). (Laruence) + . "Connection: close" instead of "Connection: closed" (Gustavo) + +- Core: + . Fixed crash in ZTS using same class in many threads. (Johannes) + . Fixed bug #61374 (html_entity_decode tries to decode code points that don't + exist in ISO-8859-1). (Gustavo) + . Fixed bug #61273 (call_user_func_array with more than 16333 arguments + leaks / crashes). (Laruence) + . Fixed bug #61225 (Incorrect lexing of 0b00*+). (Pierrick) + . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) + . Fixed bug #61106 (Segfault when using header_register_callback). (Nikita + Popov) + . Fixed bug #61087 (Memory leak in parse_ini_file when specifying + invalid scanner mode). (Nikic, Laruence) + . Fixed bug #61072 (Memory leak when restoring an exception handler). + (Nikic, Laruence) + . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). + (Laruence) + . Fixed bug #61052 (Missing error check in trait 'insteadof' clause). (Stefan) + . Fixed bug #61011 (Crash when an exception is thrown by __autoload + accessing a static property). (Laruence) + . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical + vars). (Laruence) + . Fixed bug #60978 (exit code incorrect). (Laruence) + . Fixed bug #60911 (Confusing error message when extending traits). (Stefan) + . Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam) + . Fixed bug #60717 (Order of traits in use statement can cause a fatal + error). (Stefan) + . Fixed bug #60573 (type hinting with "self" keyword causes weird errors). + (Laruence) + . Fixed bug #60569 (Nullbyte truncates Exception $message). (Ilia) + . Fixed bug #52719 (array_walk_recursive crashes if third param of the + function is by reference). (Nikita Popov) + . Improve performance of set_exception_handler while doing reset (Laruence) + +- fileinfo: + . Fix fileinfo test problems. (Anatoliy Belsky) + +- FPM + . Fixed bug #61430 (Transposed memset() params in sapi/fpm/fpm/fpm_shm.c). + (michaelhood at gmail dot com, Ilia) + +- Ibase + . Fixed bug #60947 (Segmentation fault while executing ibase_db_info). + (Ilia) + +- Installation + . Fixed bug #61172 (Add Apache 2.4 support). (Chris Jones) + +- Intl: + . Fixed bug #61487 (Incorrent bounds checking in grapheme_strpos). + (Stas) + +- mbstring: + . MFH mb_ereg_replace_callback() for security enhancements. (Rui) + +- mysqli + . Fixed bug #61003 (mysql_stat() require a valid connection). (Johannes). + +- mysqlnd + . Fixed bug #61704 (Crash apache, phpinfo() threading issue). (Johannes) + . Fixed bug #60948 (mysqlnd FTBFS when -Wformat-security is enabled). + (Johannes) + +- PDO + . Fixed bug #61292 (Segfault while calling a method on an overloaded PDO + object). (Laruence) + +- PDO_mysql + . Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't + always work). (Johannes) + . Fixed bug #61194 (PDO should export compression flag with myslqnd). + (Johannes) + +- PDO_odbc + . Fixed bug #61212 (PDO ODBC Segfaults on SQL_SUCESS_WITH_INFO). (Ilia) + +- Phar + . Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL + bytes). (Nikita Popov) + +- Readline: + . Fixed bug #61088 (Memory leak in readline_callback_handler_install). + (Nikic, Laruence) + +- Reflection: + . Implemented FR #61602 (Allow access to the name of constant + used as function/method parameter's default value). (reeze.xia@gmail.com) + . Fixed bug #60968 (Late static binding doesn't work with + ReflectionMethod::invokeArgs()). (Laruence) + +- Session + . Fixed bug #60634 (Segmentation fault when trying to die() in + SessionHandler::write()). (Ilia) + +- SOAP + . Fixed bug #61423 (gzip compression fails). (Ilia) + . Fixed bug #60887 (SoapClient ignores user_agent option and sends no + User-Agent header). (carloschilazo at gmail dot com) + . Fixed bug #60842, #51775 (Chunked response parsing error when + chunksize length line is > 10 bytes). (Ilia) + . Fixed bug #49853 (Soap Client stream context header option ignored). + (Dmitry) + +- SPL: + . Fixed bug #61453 (SplObjectStorage does not identify objects correctly). + (Gustavo) + . Fixed bug #61347 (inconsistent isset behavior of Arrayobject). (Laruence) + +- Standard: + . Fixed memory leak in substr_replace. (Pierrick) + . Make max_file_uploads ini directive settable outside of php.ini (Rasmus) + . Fixed bug #61409 (Bad formatting on phpinfo()). (Jakub Vrana) + . Fixed bug #60222 (time_nanosleep() does validate input params). (Ilia) + . Fixed bug #60106 (stream_socket_server silently truncates long unix socket + paths). (Ilia) + +- XMLRPC: + . Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary + variable). (Nikita Popov) + . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikita + Popov) + +- Zlib: + . Fixed bug #61306 (initialization of global inappropriate for ZTS). (Gustavo) + . Fixed bug #61287 (A particular string fails to decompress). (Mike) + . Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikita Popov) + +01 Mar 2012, PHP 5.4.0 + +- Installation: + . autoconf 2.59+ is now supported (and required) for generating the + configure script with ./buildconf. Autoconf 2.60+ is desirable + otherwise the configure help order may be incorrect. (Rasmus, Chris Jones) + +- Removed legacy features: + . break/continue $var syntax. (Dmitry) + . Safe mode and all related php.ini options. (Kalle) + . register_globals and register_long_arrays php.ini options. (Kalle) + . import_request_variables(). (Kalle) + . allow_call_time_pass_reference. (Pierrick) + . define_syslog_variables php.ini option and its associated function. (Kalle) + . highlight.bg php.ini option. (Kalle) + . safe_mode, safe_mode_gid, safe_mode_include_dir, + safe_mode_exec_dir, safe_mode_allowed_env_vars and + safe_mode_protected_env_vars php.ini options. + . zend.ze1_compatibility_mode php.ini option. + . Session bug compatibility mode (session.bug_compat_42 and + session.bug_compat_warn php.ini options). (Kalle) + . session_is_registered(), session_register() and session_unregister() + functions. (Kalle) + . y2k_compliance php.ini option. (Kalle) + . magic_quotes_gpc, magic_quotes_runtime and magic_quotes_sybase + php.ini options. get_magic_quotes_gpc, get_magic_quotes_runtime are kept + but always return false, set_magic_quotes_runtime raises an + E_CORE_ERROR. (Pierrick, Pierre) + . Removed support for putenv("TZ=..") for setting the timezone. (Derick) + . Removed the timezone guessing algorithm in case the timezone isn't set with + date.timezone or date_default_timezone_set(). Instead of a guessed + timezone, "UTC" is now used instead. (Derick) + +- Moved extensions to PECL: + . ext/sqlite. (Note: the ext/sqlite3 and ext/pdo_sqlite extensions are + not affected) (Johannes) + +- General improvements: + . Added short array syntax support ([1,2,3]), see UPGRADING guide for full + details. (rsky0711 at gmail . com, sebastian.deutsch at 9elements . com, + Pierre) + . Added binary number format (0b001010). (Jonah dot Harris at gmail dot com) + . Added support for Class::{expr}() syntax (Pierrick) + . Added multibyte support by default. Previously PHP had to be compiled + with --enable-zend-multibyte. Now it can be enabled or disabled through + the zend.multibyte directive in php.ini. (Dmitry) + . Removed compile time dependency from ext/mbstring (Dmitry) + . Added support for Traits. (Stefan, with fixes by Dmitry and Laruence) + . Added closure $this support back. (Stas) + . Added array dereferencing support. (Felipe) + . Added callable typehint. (Hannes) + . Added indirect method call through array. FR #47160. (Felipe) + . Added DTrace support. (David Soria Parra) + . Added class member access on instantiation (e.g. (new foo)->bar()) support. + (Felipe) + . ). (Etienne) + . Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with + $double=false). (Gustavo) + . Fixed bug #60895 (Possible invalid handler usage in windows random + functions). (Pierre) + . Fixed bug #60879 (unserialize() Does not invoke __wakeup() on object). + (Pierre, Steve) + . Fixed bug #60825 (Segfault when running symfony 2 tests). + (Dmitry, Laruence) + . Fixed bug #60627 (httpd.worker segfault on startup with php_value). + . Fixed bug #60613 (Segmentation fault with $cls->{expr}() syntax). (Dmitry) + . Fixed bug #60611 (Segmentation fault with Cls::{expr}() syntax). (Laruence) + (Laruence) + . Fixed bug #60558 (Invalid read and writes). (Laruence) + . Fixed bug #60444 (Segmentation fault with include & class extending). + (Laruence, Dmitry). + . Fixed bug #60362 (non-existent sub-sub keys should not have values). + (Laruence, alan_k, Stas) + . Fixed bug #60350 (No string escape code for ESC (ascii 27), normally \e). + (php at mickweiss dot com) + . Fixed bug #60321 (ob_get_status(true) no longer returns an array when + buffer is empty). (Pierrick) + . Fixed bug #60282 (Segfault when using ob_gzhandler() with open buffers). + (Laruence) + . Fixed bug #60240 (invalid read/writes when unserializing specially crafted + strings). (Mike) + . Fixed bug #60227 (header() cannot detect the multi-line header with + CR(0x0D)). (rui) + . Fixed bug #60174 (Notice when array in method prototype error). + (Laruence) + . Fixed bug #60169 (Conjunction of ternary and list crashes PHP). + (Laruence) + . Fixed bug #60038 (SIGALRM cause segfault in php_error_cb). (Laruence) + (klightspeed at netspace dot net dot au) + . Fixed bug #55871 (Interruption in substr_replace()). (Stas) + . Fixed bug #55801 (Behavior of unserialize has changed). (Mike) + . Fixed bug #55758 (Digest Authenticate missed in 5.4) . (Laruence) + . Fixed bug #55748 (multiple NULL Pointer Dereference with zend_strndup()) + (CVE-2011-4153). (Stas) + . Fixed bug #55124 (recursive mkdir fails with current (dot) directory in path). + (Pierre) + . Fixed bug #55084 (Function registered by header_register_callback is + called only once per process). (Hannes) + . Implement FR #54514 (Get php binary path during script execution). + (Laruence) + . Fixed bug #52211 (iconv() returns part of string on error). (Felipe) + . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry) + +- Improved generic SAPI support: + . Added $_SERVER['REQUEST_TIME_FLOAT'] to include microsecond precision. + (Patrick) + . Added header_register_callback() which is invoked immediately + prior to the sending of headers and after default headers have + been added. (Scott) + . Added http_response_code() function. FR #52555. (Paul Dragoonis, Kalle) + . Fixed bug #55500 (Corrupted $_FILES indices lead to security concern). + (CVE-2012-1172). (Stas) + . Fixed bug #54374 (Insufficient validating of upload name leading to + corrupted $_FILES indices). (CVE-2012-1172). (Stas, lekensteyn at gmail dot com) + +- Improved CLI SAPI: + . Added built-in web server that is intended for testing purpose. + (Moriyoshi, Laruence, and fixes by Pierre, Derick, Arpad, + chobieee at gmail dot com) + . Added command line option --rz which shows information of the + named Zend extension. (Johannes) + . Interactive readline shell improvements: (Johannes) + . Added "cli.pager" php.ini setting to set a pager for output. + . Added "cli.prompt" php.ini setting to configure the shell prompt. + . Added shortcut #inisetting=value to change php.ini settings at run-time. + . Changed shell not to terminate on fatal errors. + . Interactive shell works with shared readline extension. FR #53878. + +- Improved CGI/FastCGI SAPI: (Dmitry) + . Added apache compatible functions: apache_child_terminate(), + getallheaders(), apache_request_headers() and apache_response_headers() + . Improved performance of FastCGI request parsing. + . Fixed reinitialization of SAPI callbacks after php_module_startup(). + (Dmitry) + +- Improved PHP-FPM SAPI: + . Removed EXPERIMENTAL flag. (fat) + . Fixed bug #60659 (FPM does not clear auth_user on request accept). + (bonbons at linux-vserver dot org) + +- Improved Litespeed SAPI: + . Fixed bug #55769 (Make Fails with "Missing Separator" error). (Adam) + +- Improved Date extension: + . Added the + modifier to parseFromFormat to allow trailing text in the + string to parse without throwing an error. (Stas, Derick) + +- Improved DBA extension: + . Added Tokyo Cabinet abstract DB support. (Michael Maclean) + . Added Berkeley DB 5 support. (Johannes, Chris Jones) + +- Improved DOM extension: + . Added the ability to pass options to loadHTML (Chregu, fxmulder at gmail dot com) + +- Improved filesystem functions: + . scandir() now accepts SCANDIR_SORT_NONE as a possible sorting_order value. + FR #53407. (Adam) + +- Improved HASH extension: + . Added Jenkins's one-at-a-time hash support. (Martin Jansen) + . Added FNV-1 hash support. (Michael Maclean) + . Made Adler32 algorithm faster. FR #53213. (zavasek at yandex dot ru) + . Removed Salsa10/Salsa20, which are actually stream ciphers (Mike) + . Fixed bug #60221 (Tiger hash output byte order) (Mike) + +- Improved intl extension: + . Added Spoofchecker class, allows checking for visibly confusable characters and + other security issues. (Scott) + . Added Transliterator class, allowing transliteration of strings. + (Gustavo) + . Added support for UTS #46. (Gustavo) + . Fixed build on Fedora 15 / Ubuntu 11. (Hannes) + . Fixed bug #55562 (grapheme_substr() returns false on big length). (Stas) + +- Improved JSON extension: + . Added new json_encode() option JSON_UNESCAPED_UNICODE. FR #53946. + (Alexander, Gwynne) + . Added JsonSerializable interface. (Sara) + . Added JSON_BIGINT_AS_STRING, extended json_decode() sig with $options. + (Sara) + . Added support for JSON_NUMERIC_CHECK option in json_encode() that converts + numeric strings to integers. (Ilia) + . Added new json_encode() option JSON_UNESCAPED_SLASHES. FR #49366. (Adam) + . Added new json_encode() option JSON_PRETTY_PRINT. FR #44331. (Adam) + +- Improved LDAP extension: + . Added paged results support. FR #42060. (ando@OpenLDAP.org, + iarenuno@eteo.mondragon.edu, jeanseb@au-fil-du.net, remy.saissy@gmail.com) + +- Improved mbstring extension: + . Added Shift_JIS/UTF-8 Emoji (pictograms) support. (Rui) + . Added JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004) + support. (Rui) + . Ill-formed UTF-8 check for security enhancements. (Rui) + . Added MacJapanese (Shift_JIS) and gb18030 encoding support. (Rui) + . Added encode/decode in hex format to mb_[en|de]code_numericentity(). (Rui) + . Added user JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004) + support. (Rui) + . Added the user defined area for CP936 and CP950 (Rui). + . Fixed bug #60306 (Characters lost while converting from cp936 to utf8). + (Laruence) + +- Improved MySQL extensions: + . MySQL: Deprecated mysql_list_dbs(). FR #50667. (Andrey) + . mysqlnd: Added named pipes support. FR #48082. (Andrey) + . MySQLi: Added iterator support in MySQLi. mysqli_result implements + Traversable. (Andrey, Johannes) + . PDO_mysql: Removed support for linking with MySQL client libraries older + than 4.1. (Johannes) + . ext/mysql, mysqli and pdo_mysql now use mysqlnd by default. (Johannes) + . Fixed bug #55473 (mysql_pconnect leaks file descriptors on reconnect). + (Andrey, Laruence) + . Fixed bug #55653 (PS crash with libmysql when binding same variable as + param and out). (Laruence) + +- Improved OpenSSL extension: + . Added AES support. FR #48632. (yonas dot y at gmail dot com, Pierre) + . Added no padding option to openssl_encrypt()/openssl_decrypt(). (Scott) + . Use php's implementation for Windows Crypto API in + openssl_random_pseudo_bytes. (Pierre) + . On error in openssl_random_pseudo_bytes() made sure we set strong result + to false. (Scott) + . Fixed possible attack in SSL sockets with SSL 3.0 / TLS 1.0. + CVE-2011-3389. (Scott) + . Fixed bug #61124 (Crash when decoding an invalid base64 encoded string). + (me at ktamura dot com, Scott) + +- Improved PDO: + . Fixed PDO objects binary incompatibility. (Dmitry) + +- PDO DBlib driver: + . Added nextRowset support. + . Fixed bug #50755 (PDO DBLIB Fails with OOM). + +- Improved PostgreSQL extension: + . Added support for "extra" parameter for PGNotify(). + (r dot i dot k at free dot fr, Ilia) + +- Improved PCRE extension: + . Changed third parameter of preg_match_all() to optional. FR #53238. (Adam) + +- Improved Readline extension: + . Fixed bug #54450 (Enable callback support when built against libedit). + (fedora at famillecollet dot com, Hannes) + +- Improved Reflection extension: + . Added ReflectionClass::newInstanceWithoutConstructor() to create a new + instance of a class without invoking its constructor. FR #55490. + (Sebastian) + . Added ReflectionExtension::isTemporary() and + ReflectionExtension::isPersistent() methods. (Johannes) + . Added ReflectionZendExtension class. (Johannes) + . Added ReflectionClass::isCloneable(). (Felipe) + +- Improved Session extension: + . Expose session status via new function, session_status (FR #52982) (Arpad) + . Added support for object-oriented session handlers. (Arpad) + . Added support for storing upload progress feedback in session data. (Arnaud) + . Changed session.entropy_file to default to /dev/urandom or /dev/arandom if + either is present at compile time. (Rasmus) + . Fixed bug #60860 (session.save_handler=user without defined function core + dumps). (Felipe) + . Implement FR #60551 (session_set_save_handler should support a core's + session handler interface). (Arpad) + . Fixed bug #60640 (invalid return values). (Arpad) + +- Improved SNMP extension (Boris Lytochkin): + . Added OO API. FR #53594 (php-snmp rewrite). + . Sanitized return values of existing functions. Now it returns FALSE on + failure. + . Allow ~infinite OIDs in GET/GETNEXT/SET queries. Autochunk them to max_oids + upon request. + . Introducing unit tests for extension with ~full coverage. + . IPv6 support. (FR #42918) + . Way of representing OID value can now be changed when SNMP_VALUE_OBJECT + is used for value output mode. Use or'ed SNMP_VALUE_LIBRARY(default if + not specified) or SNMP_VALUE_PLAIN. (FR #54502) + . Fixed bug #60749 (SNMP module should not strip non-standard SNMP port + from hostname). (Boris Lytochkin) + . Fixed bug #60585 (php build fails with USE flag snmp when IPv6 support + is disabled). (Boris Lytochkin) + . Fixed bug #53862 (snmp_set_oid_output_format does not allow returning to default) + . Fixed bug #46065 (snmp_set_quick_print() persists between requests) + . Fixed bug #45893 (Snmp buffer limited to 2048 char) + . Fixed bug #44193 (snmp v3 noAuthNoPriv doesn't work) + +- Improved SOAP extension: + . Added new SoapClient option "keep_alive". FR #60329. (Pierrick) + . Fixed basic HTTP authentication for WSDL sub requests. (Dmitry) + +- Improved SPL extension: + . Added RegexIterator::getRegex() method. (Joshua Thijssen) + . Added SplObjectStorage::getHash() hook. (Etienne) + . Added CallbackFilterIterator and RecursiveCallbackFilterIterator. (Arnaud) + . Added missing class_uses(..) as pointed out by #55266 (Stefan) + . Immediately reject wrong usages of directories under Spl(Temp)FileObject + and friends. (Etienne, Pierre) + . FilesystemIterator, GlobIterator and (Recursive)DirectoryIterator now use + the default stream context. (Hannes) + . Fixed bug #60201 (SplFileObject::setCsvControl does not expose third + argument via Reflection). (Peter) + . Fixed bug #55287 (spl_classes() not includes CallbackFilter classes) + (sasezaki at gmail dot com, salathe) + +- Improved Sysvshm extension: + . Fixed bug #55750 (memory copy issue in sysvshm extension). + (Ilia, jeffhuang9999 at gmail dot com) + +- Improved Tidy extension: + . Fixed bug #54682 (Tidy::diagnose() NULL pointer dereference). + (Maksymilian Arciemowicz, Felipe) + +- Improved Tokenizer extension: + . Fixed bug #54089 (token_get_all with regards to __halt_compiler is + not binary safe). (Nikita Popov) + +- Improved XSL extension: + . Added XsltProcessor::setSecurityPrefs($options) and getSecurityPrefs() to + define forbidden operations within XSLT stylesheets, default is not to + enable write operations from XSLT. Bug #54446 (Chregu, Nicolas Gregoire) + . XSL doesn't stop transformation anymore, if a PHP function can't be called + (Christian) + +- Improved ZLIB extension: + . Re-implemented non-file related functionality. (Mike) + . Fixed bug #55544 (ob_gzhandler always conflicts with zlib.output_compression). + (Mike) + +14 Jun 2012, PHP 5.3.14 + +- CLI SAPI: + . Fixed bug #61546 (functions related to current script failed when chdir() + in cli sapi). (Laruence, reeze.xia@gmail.com) + +- CURL: + . Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction). + (Laruence) + +- COM: + . Fixed bug #62146 com_dotnet cannot be built shared. (Johannes) + +- Core: + . Fixed CVE-2012-2143. (Solar Designer) + . Fixed missing bound check in iptcparse(). (chris at chiappa.net) + . Fixed bug #62373 (serialize() generates wrong reference to the object). + (Moriyoshi) + . Fixed bug #62005 (unexpected behavior when incrementally assigning to a + member of a null object). (Laruence) + . Fixed bug #61991 (long overflow in realpath_cache_get()). (Anatoliy) + . Fixed bug #61764 ('I' unpacks n as signed if n > 2^31-1 on LP64). (Gustavo) + . Fixed bug #61730 (Segfault from array_walk modifying an array passed by + reference). (Laruence) + . Fixed bug #61713 (Logic error in charset detection for htmlentities). + (Anatoliy) + . Fixed bug #54197 ([PATH=] sections incompatibility with user_ini.filename + set to null). (Anatoliy) + . Changed php://fd to be available only for CLI. + +- Fileinfo: + . Fixed bug #61812 (Uninitialised value used in libmagic). + (Laruence, Gustavo) + +- Iconv extension: + . Fixed a bug that iconv extension fails to link to the correct library + when another extension makes use of a library that links to the iconv + library. See https://bugs.gentoo.org/show_bug.cgi?id=364139 for detail. + (Moriyoshi) + +- Intl: + . Fixed bug #62082 (Memory corruption in internal function + get_icu_disp_value_src_php()). (Gustavo) + +- JSON + . Fixed bug #61537 (json_encode() incorrectly truncates/discards + information). (Adam) + +- PDO: + . Fixed bug #61755 (A parsing bug in the prepared statements can lead to + access violations). (Johannes) + +- Phar: + . Fix bug #61065 (Secunia SA44335). (Rasmus) + +- Streams: + . Fixed bug #61961 (file_get_contents leaks when access empty file with + maxlen set). (Reeze) + +08 May 2012, PHP 5.3.13 +- CGI + . Improve fix for PHP-CGI query string parameter vulnerability, CVE-2012-2311. + (Stas) + +03 May 2012, PHP 5.3.12 +- Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. (Rasmus) + +26 Apr 2012, PHP 5.3.11 + +- Core: + . Fixed bug #61605 (header_remove() does not remove all headers). + (Laruence) + . Fixed bug #61541 (Segfault when using ob_* in output_callback). + (reeze.xia@gmail.com) + . Fixed bug #61273 (call_user_func_array with more than 16333 arguments + leaks / crashes). (Laruence) + . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) + . Improved max_input_vars directive to check nested variables (Dmitry). + . Fixed bug #61095 (Incorect lexing of 0x00*+). (Etienne) + . Fixed bug #61087 (Memory leak in parse_ini_file when specifying + invalid scanner mode). (Nikic, Laruence) + . Fixed bug #61072 (Memory leak when restoring an exception handler). + (Nikic, Laruence) + . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). + (Laruence) + . Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831). + (Ondřej Surý) + . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical + vars). (Laruence) + . Fixed bug #60895 (Possible invalid handler usage in windows random + functions). (Pierre) + . Fixed bug #60825 (Segfault when running symfony 2 tests). + (Dmitry, Laruence) + . Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam) + . Fixed bug #60569 (Nullbyte truncates Exception $message). (Ilia) + . Fixed bug #60227 (header() cannot detect the multi-line header with CR). + (rui, Gustavo) + . Fixed bug #60222 (time_nanosleep() does validate input params). (Ilia) + . Fixed bug #54374 (Insufficient validating of upload name leading to + corrupted $_FILES indices). (CVE-2012-1172). (Stas, lekensteyn at + gmail dot com, Pierre) + . Fixed bug #52719 (array_walk_recursive crashes if third param of the + function is by reference). (Nikita Popov) + . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry) + +- DOM + . Added debug info handler to DOM objects. (Gustavo, Joey Smith) + +- FPM + . Fixed bug #61430 (Transposed memset() params in sapi/fpm/fpm/fpm_shm.c). + (michaelhood at gmail dot com, Ilia) + +- Ibase + . Fixed bug #60947 (Segmentation fault while executing ibase_db_info). + (Ilia) + +- Installation + . Fixed bug #61172 (Add Apache 2.4 support). (Chris Jones) + +- Fileinfo + . Fixed bug #61173 (Unable to detect error from finfo constructor). (Gustavo) + +- Firebird Database extension (ibase): + . Fixed bug #60802 (ibase_trans() gives segfault when passing params). + +- Libxml: + . Fixed bug #61617 (Libxml tests failed(ht is already destroyed)). + (Laruence) + . Fixed bug #61367 (open_basedir bypass using libxml RSHUTDOWN). + (Tim Starling) + +- mysqli + . Fixed bug #61003 (mysql_stat() require a valid connection). (Johannes). + +- PDO_mysql + . Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't + always work). (Johannes) + . Fixed bug #61194 (PDO should export compression flag with myslqnd). + (Johannes) + +- PDO_odbc + . Fixed bug #61212 (PDO ODBC Segfaults on SQL_SUCESS_WITH_INFO). (Ilia) + +- PDO_pgsql + . Fixed bug #61267 (pdo_pgsql's PDO::exec() returns the number of SELECTed + rows on postgresql >= 9). (ben dot pineau at gmail dot com) + +- PDO_Sqlite extension: + . Add createCollation support. (Damien) + +- Phar: + . Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL + bytes). (Nikic) + +- PHP-FPM SAPI: + . Fixed bug #60811 (php-fpm compilation problem). (rasmus) + +- Readline: + . Fixed bug #61088 (Memory leak in readline_callback_handler_install). + (Nikic, Laruence) + . Add open_basedir checks to readline_write_history and readline_read_history. + (Rasmus, reported by Mateusz Goik) + +- Reflection: + . Fixed bug #61388 (ReflectionObject:getProperties() issues invalid reads + when get_properties returns a hash table with (inaccessible) dynamic + numeric properties). (Gustavo) + . Fixed bug #60968 (Late static binding doesn't work with + ReflectionMethod::invokeArgs()). (Laruence) + +- SOAP + . Fixed basic HTTP authentication for WSDL sub requests. (Dmitry) + . Fixed bug #60887 (SoapClient ignores user_agent option and sends no + User-Agent header). (carloschilazo at gmail dot com) + . Fixed bug #60842, #51775 (Chunked response parsing error when + chunksize length line is > 10 bytes). (Ilia) + . Fixed bug #49853 (Soap Client stream context header option ignored). + (Dmitry) + +- SPL + . Fixed memory leak when calling SplFileInfo's constructor twice. (Felipe) + . Fixed bug #61418 (Segmentation fault when DirectoryIterator's or + FilesystemIterator's iterators are requested more than once without + having had its dtor callback called in between). (Gustavo) + . Fixed bug #61347 (inconsistent isset behavior of Arrayobject). (Laruence) + . Fixed bug #61326 (ArrayObject comparison). (Gustavo) + +- SQLite3 extension: + . Add createCollation() method. (Brad Dewar) + +- Session: + . Fixed bug #60860 (session.save_handler=user without defined function core + dumps). (Felipe) + . Fixed bug #60634 (Segmentation fault when trying to die() in + SessionHandler::write()). (Ilia) + +- Streams: + . Fixed bug #61371 (stream_context_create() causes memory leaks on use + streams_socket_create). (Gustavo) + . Fixed bug #61253 (Wrappers opened with errors concurrency problem on ZTS). + (Gustavo) + . Fixed bug #61115 (stream related segfault on fatal error in + php_stream_context_link). (Gustavo) + . Fixed bug #60817 (stream_get_line() reads from stream even when there is + already sufficient data buffered). stream_get_line() now behaves more like + fgets(), as is documented. (Gustavo) + . Further fix for bug #60455 (stream_get_line misbehaves if EOF is not + detected together with the last read). (Gustavo) + . Fixed bug #60106 (stream_socket_server silently truncates long unix + socket paths). (Ilia) + +- Tidy: + . Fixed bug #54682 (tidy null pointer dereference). (Tony, David Soria Parra) + +- XMLRPC: + . Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary + variable). (Nikita Popov) + . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikic) + +- Zlib: + . Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikic) + 02 Feb 2012, PHP 5.3.10 - Core: - . Fixed arbitrary remote code execution vulnerability reported by Stefan + . Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830. (Stas, Dmitry) 10 Jan 2012, PHP 5.3.9 - Core: . Added max_input_vars directive to prevent attacks based on hash collisions - (Dmitry). + (CVE-2011-4885) (Dmitry). . Fixed bug #60205 (possible integer overflow in content_length). (Laruence) . Fixed bug #60139 (Anonymous functions create cycles not detected by the GC). (Dmitry) . Fixed bug #60138 (GC crash with referenced array in RecursiveArrayIterator) (Dmitry). - . Fixed bug #60120 (proc_open's streams may hang with stdin/out/err when + . Fixed bug #60120 (proc_open's streams may hang with stdin/out/err when the data exceeds or is equal to 2048 bytes). (Pierre, Pascal Borreli) . Fixed bug #60099 (__halt_compiler() works in braced namespaces). (Felipe) . Fixed bug #60019 (Function time_nanosleep() is undefined on OS X). (Ilia) @@ -40,7 +1826,7 @@ PHP HTTP POST request). (Hannes) . Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to is_a and is_subclass_of). (alan_k) - . Fixed bug #52461 (Incomplete doctype and missing xmlns). + . Fixed bug #52461 (Incomplete doctype and missing xmlns). (virsacer at web dot de, Pierre) . Fixed bug #55366 (keys lost when using substr_replace an array). (Arpad) . Fixed bug #55273 (base64_decode() with strict rejects whitespace after @@ -89,7 +1875,7 @@ PHP - EXIF: . Fixed bug #60150 (Integer overflow during the parsing of invalid exif - header). (Stas, flolechaud at gmail dot com) + header). (CVE-2011-4566) (Stas, flolechaud at gmail dot com) - Fileinfo: . Fixed bug #60094 (C++ comment fails in c89). (Laruence) @@ -97,7 +1883,7 @@ PHP . Fixed memory leak when calling the Finfo constructor twice. (Felipe) - Filter: - . Fixed Bug #55478 (FILTER_VALIDATE_EMAIL fails with internationalized + . Fixed Bug #55478 (FILTER_VALIDATE_EMAIL fails with internationalized domain name addresses containing >1 -). (Ilia) - FTP: @@ -107,6 +1893,7 @@ PHP - Gd: . Fixed bug #60160 (imagefill() doesn't work correctly for small images). (Florian) + . Fixed potential memory leak on a png error (Rasmus, Paul Saab) - Intl: . Fixed bug #60192 (SegFault when Collator not constructed @@ -130,7 +1917,7 @@ PHP . Fixed bug #55859 (mysqli->stat property access gives error). (Andrey) . Fixed bug #55582 (mysqli_num_rows() returns always 0 for unbuffered, when mysqlnd is used). (Andrey) - . Fixed bug #55703 (PHP crash when calling mysqli_fetch_fields). + . Fixed bug #55703 (PHP crash when calling mysqli_fetch_fields). (eran at zend dot com, Laruence) - mysqlnd @@ -167,9 +1954,9 @@ PHP - PDO MySQL driver: . Fixed bug #60155 (pdo_mysql.default_socket ignored). (Johannes) - . Fixed bug #55870 (PDO ignores all SSL parameters when used with mysql + . Fixed bug #55870 (PDO ignores all SSL parameters when used with mysql native driver). (Pierre) - . Fixed bug #54158 (MYSQLND+PDO MySQL requires #define + . Fixed bug #54158 (MYSQLND+PDO MySQL requires #define MYSQL_OPT_LOCAL_INFILE). (Andrey) - PDO OCI driver: @@ -179,41 +1966,40 @@ PHP - Phar: . Fixed bug #60261 (NULL pointer dereference in phar). (Felipe) . Fixed bug #60164 (Stubs of a specific length break phar_open_from_fp + scanning for __HALT_COMPILER). (Ralph Schindler) . Fixed bug #53872 (internal corruption of phar). (Hannes) . Fixed bug #52013 (Unable to decompress files in a compressed phar). (Hannes) - scanning for __HALT_COMPILER). (Ralph Schindler) - PHP-FPM SAPI: + . Dropped restriction of not setting the same value multiple times, the last + one holds. (giovanni at giacobbi dot net, fat) + . Added .phar to default authorized extensions. (fat) . Fixed bug #60659 (FPM does not clear auth_user on request accept). (bonbons at linux-vserver dot org) . Fixed bug #60629 (memory corruption when web server closed the fcgi fd). (fat) + . Enhance error log when the primary script can't be open. FR #60199. (fat) . Fixed bug #60179 (php_flag and php_value does not work properly). (fat) - . Fixed bug #55526 (Heartbeat causes a lot of unnecessary events). (fat) + . Fixed bug #55577 (status.html does not install). (fat) . Fixed bug #55533 (The -d parameter doesn't work). (fat) - . Implemented FR #52569 (Add the "ondemand" process-manager - to allow zero children). (fat) + . Fixed bug #55526 (Heartbeat causes a lot of unnecessary events). (fat) . Fixed bug #55486 (status show BIG processes number). (fat) - . Fixed bug #55577 (status.html does not install). (fat) - . Backported from 5.4 branch (Dropped restriction of not setting the same - value multiple times, the last one holds). - (giovanni at giacobbi dot net, fat) - . Backported FR #55166 from 5.4 branch (Added process.max to control - the number of process FPM can fork). (fat) - . Backported FR #55181 from 5.4 branch (Enhance security by limiting access - to user defined extensions). (fat) - . Backported FR #54098 from 5.4 branch (Lowered process manager - default value). (fat) - . Backported FR #52052 from 5.4 branch (Added partial syslog support). (fat) + . Enhanced security by limiting access to user defined extensions. + FR #55181. (fat) + . Added process.max to control the number of process FPM can fork. FR #55166. + (fat) . Implemented FR #54577 (Enhanced status page with full status and details about each processes. Also provide a web page (status.html) for real-time FPM status. (fat) - . Enhance error log when the primary script can't be open. FR #60199. (fat) - . Added .phar to default authorized extensions. (fat) + . Lowered default value for Process Manager. FR #54098. (fat) + . Implemented FR #52569 (Add the "ondemand" process-manager + to allow zero children). (fat) + . Added partial syslog support (on error_log only). FR #52052. (fat) - Postgres: - . Fixed bug #60244 (pg_fetch_* functions do not validate that row param + . Fixed bug #60244 (pg_fetch_* functions do not validate that row param is >0). (Ilia) + . Added PGSQL_LIBPQ_VERSION/PGSQL_LIBPQ_VERSION_STR constants. (Yasuo) - Reflection: . Fixed bug #60367 (Reflection and Late Static Binding). (Laruence) @@ -223,7 +2009,7 @@ PHP - SimpleXML: . Reverted the SimpleXML->query() behaviour to returning empty arrays - instead of false when no nodes are found as it was since 5.3.3 + instead of false when no nodes are found as it was since 5.3.3 (bug #48601). (chregu, rrichards) - SOAP @@ -256,7 +2042,7 @@ PHP - XSL: . Added xsl.security_prefs ini option to define forbidden operations within - XSLT stylesheets, default is not to enable write operations. This option + XSLT stylesheets, default is not to enable write operations. This option won't be in 5.4, since there's a new method. Fixes Bug #54446. (Chregu, Nicolas Gregoire) @@ -284,7 +2070,7 @@ PHP (Pierrick, Felipe) . Fixed bug #54624 (class_alias and type hint). (Felipe) . Fixed bug #54585 (track_errors causes segfault). (Dmitry) - . Fixed bug #54423 (classes from dl()'ed extensions are not destroyed). + . Fixed bug #54423 (classes from dl()'ed extensions are not destroyed). (Tony, Dmitry) . Fixed bug #54372 (Crash accessing global object itself returned from its __get() handle). (Dmitry) @@ -297,13 +2083,13 @@ PHP - Core . Updated crypt_blowfish to 1.2. ((CVE-2011-2483) (Solar Designer) - . Removed warning when argument of is_a() or is_subclass_of() is not + . Removed warning when argument of is_a() or is_subclass_of() is not a known class. (Stas) . Fixed crash in error_log(). (Felipe) Reported by Mateusz Kocielski. . Added PHP_MANDIR constant telling where the manpages were installed into, and an --man-dir argument to php-config. (Hannes) . Fixed a crash inside dtor for error handling. (Ilia) - . Fixed buffer overflow on overlog salt in crypt(). (Clément LECIGNE, Stas) + . Fixed buffer overflow on overlog salt in crypt(). (Clément LECIGNE, Stas) . Implemented FR #54459 (Range function accuracy). (Adam) . Fixed bug #55399 (parse_url() incorrectly treats ':' as a valid path). @@ -312,7 +2098,7 @@ PHP (Dmitry) . Fixed bug #55295 [NEW]: popen_ex on windows, fixed possible heap overflow (Pierre) - . Fixed bug #55258 (Windows Version Detecting Error). + . Fixed bug #55258 (Windows Version Detecting Error). ( xiaomao5 at live dot com, Pierre) . Fixed bug #55187 (readlink returns weird characters when false result). (Pierre) @@ -356,7 +2142,7 @@ PHP (Pierrick, Dmitry) . Fixed bug #50363 (Invalid parsing in convert.quoted-printable-decode filter). (slusarz at curecanti dot org) - . Fixed bug #48465 (sys_get_temp_dir() possibly inconsistent when using + . Fixed bug #48465 (sys_get_temp_dir() possibly inconsistent when using TMPDIR on Windows). (Pierre) - Apache2 Handler SAPI: @@ -369,7 +2155,7 @@ PHP - cURL extension: . Added ini option curl.cainfo (support for custom cert db). (Pierre) . Added CURLINFO_REDIRECT_URL support. (Daniel Stenberg, Pierre) - . Added support for CURLOPT_MAX_RECV_SPEED_LARGE and + . Added support for CURLOPT_MAX_RECV_SPEED_LARGE and CURLOPT_MAX_SEND_SPEED_LARGE. FR #51815. (Pierrick) - DateTime extension: @@ -396,10 +2182,10 @@ PHP . Added 3rd parameter to filter_var_array() and filter_input_array() functions that allows disabling addition of empty elements. (Ilia) . Fixed bug #53037 (FILTER_FLAG_EMPTY_STRING_NULL is not implemented). (Ilia) - + - Interbase extension: . Fixed bug #54269 (Short exception message buffer causes crash). (Felipe) - + - intl extension: . Implemented FR #54561 (Expose ICU version info). (David Zuelke, Ilia) . Implemented FR #54540 (Allow loading of arbitrary resource bundles when @@ -410,7 +2196,7 @@ PHP (kevin at kevinlocke dot name) - json extension: - . Fixed bug #54484 (Empty string in json_decode doesn't reset + . Fixed bug #54484 (Empty string in json_decode doesn't reset json_last_error()). (Ilia) - LDAP extension: @@ -427,7 +2213,7 @@ PHP - MCrypt extension: . Change E_ERROR to E_WARNING in mcrypt_create_iv when not enough data has been fetched (Windows). (Pierre) - . Fixed bug #55169 (mcrypt_create_iv always fails to gather sufficient random + . Fixed bug #55169 (mcrypt_create_iv always fails to gather sufficient random data on Windows). (Pierre) - mysqlnd @@ -459,7 +2245,7 @@ PHP - PDO extension: . Fixed bug #54929 (Parse error with single quote in sql comment). (Felipe) - . Fixed bug #52104 (bindColumn creates Warning regardless of ATTR_ERRMODE + . Fixed bug #52104 (bindColumn creates Warning regardless of ATTR_ERRMODE settings). (Ilia) - PDO DBlib driver: @@ -582,7 +2368,7 @@ PHP . Fixed bug #48607 (fwrite() doesn't check reply from ftp server before exiting). (Ilia) - + - Calendar extension: . Fixed bug #53574 (Integer overflow in SdnToJulian, sometimes leading to segfault). (Gustavo) @@ -590,18 +2376,18 @@ PHP - DOM extension: . Implemented FR #39771 (Made DOMDocument::saveHTML accept an optional DOMNode like DOMDocument::saveXML). (Gustavo) - + - DateTime extension: . Fixed a bug in DateTime->modify() where absolute date/time statements had no effect. (Derick) . Fixed bug #53729 (DatePeriod fails to initialize recurrences on 64bit big-endian systems). (Derick, rein@basefarm.no) . Fixed bug #52808 (Segfault when specifying interval as two dates). (Stas) - . Fixed bug #52738 (Can't use new properties in class extended from + . Fixed bug #52738 (Can't use new properties in class extended from DateInterval). (Stas) . Fixed bug #52290 (setDate, setISODate, setTime works wrong when DateTime created from timestamp). (Stas) - . Fixed bug #52063 (DateTime constructor's second argument doesn't have a + . Fixed bug #52063 (DateTime constructor's second argument doesn't have a null default value). (Gustavo, Stas) - Exif extension: @@ -622,20 +2408,20 @@ PHP (Hannes) - Gettext - . Fixed bug #53837 (_() crashes on Windows when no LANG or LANGUAGE + . Fixed bug #53837 (_() crashes on Windows when no LANG or LANGUAGE environment variable are set). (Pierre) - IMAP extension: . Implemented FR #53812 (get MIME headers of the part of the email). (Stas) . Fixed bug #53377 (imap_mime_header_decode() doesn't ignore \t during long MIME header unfolding). (Adam) - + - Intl extension: . Fixed bug #53612 (Segmentation fault when using cloned several intl objects). (Gustavo) . Fixed bug #53512 (NumberFormatter::setSymbol crash on bogus $attr values). (Felipe) - . Implemented clone functionality for number, date & message formatters. + . Implemented clone functionality for number, date & message formatters. (Stas). - JSON extension: @@ -643,20 +2429,20 @@ PHP decodings). (Scott) - mysqlnd - . Fixed problem with always returning 0 as num_rows for unbuffered sets. + . Fixed problem with always returning 0 as num_rows for unbuffered sets. (Andrey, Ulf) - MySQL Improved extension: - . Added 'db' and 'catalog' keys to the field fetching functions (FR #39847). + . Added 'db' and 'catalog' keys to the field fetching functions (FR #39847). (Kalle) . Fixed buggy counting of affected rows when using the text protocol. The collected statistics were wrong when multi_query was used with mysqlnd (Andrey) - . Fixed bug #53795 (Connect Error from MySqli (mysqlnd) when using SSL). + . Fixed bug #53795 (Connect Error from MySqli (mysqlnd) when using SSL). (Kalle) - . Fixed bug #53503 (mysqli::query returns false after successful LOAD DATA + . Fixed bug #53503 (mysqli::query returns false after successful LOAD DATA query). (Kalle, Andrey) - . Fixed bug #53425 (mysqli_real_connect() ignores client flags when built to + . Fixed bug #53425 (mysqli_real_connect() ignores client flags when built to call libmysql). (Kalle, tre-php-net at crushedhat dot com) - OpenSSL extension: @@ -673,13 +2459,13 @@ PHP - PDO MySQL driver: . Fixed bug #53551 (PDOStatement execute segfaults for pdo_mysql driver). (Johannes) - . Implemented FR #47802 (Support for setting character sets in DSN strings). + . Implemented FR #47802 (Support for setting character sets in DSN strings). (Kalle) - PDO Oracle driver: . Fixed bug #39199 (Cannot load Lob data with more than 4000 bytes on ORACLE 10). (spatar at mail dot nnov dot ru) - + - PDO PostgreSQL driver: . Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down). (gyp at balabit dot hu) @@ -689,7 +2475,7 @@ PHP (CVE-2011-1153) . Fixed bug #53541 (format string bug in ext/phar). (crrodriguez at opensuse dot org, Ilia) - . Fixed bug #53898 (PHAR reports invalid error message, when the directory + . Fixed bug #53898 (PHAR reports invalid error message, when the directory does not exist). (Ilia) - PHP-FPM SAPI: @@ -720,7 +2506,7 @@ PHP (Mateusz Kocielski, Pierre) - SPL extension: - . Fixed memory leak in DirectoryIterator::getExtension() and + . Fixed memory leak in DirectoryIterator::getExtension() and SplFileInfo::getExtension(). (Felipe) . Fixed bug #53914 (SPL assumes HAVE_GLOB is defined). (Chris Jones) . Fixed bug #53515 (property_exists incorrect on ArrayObject null and 0 @@ -751,7 +2537,7 @@ PHP - Tokenizer Extension . Fixed bug #54089 (token_get_all() does not stop after __halt_compiler). - (Ilia) + (Nikita Popov, Ilia) - XSL extension: . Fixed memory leaked introduced by the NULL poisoning patch. @@ -770,13 +2556,13 @@ PHP (Hannes) . Fixed bug #53568 (swapped memset arguments in struct initialization). (crrodriguez at opensuse dot org) - . Fixed bug #53166 (Missing parameters in docs and reflection definition). + . Fixed bug #53166 (Missing parameters in docs and reflection definition). (Richard) . Fixed bug #49072 (feof never returns true for damaged file in zip). (Gustavo, Richard Quadling) 06 Jan 2011, PHP 5.3.5 -- Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott, +- Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott, Rasmus) 09 Dec 2010, PHP 5.3.4 @@ -784,11 +2570,11 @@ PHP - Upgraded bundled PCRE to version 8.10. (Ilia) - Security enhancements: - . Fixed crash in zip extract method (possible CWE-170). + . Fixed crash in zip extract method (possible CWE-170). (Maksymilian Arciemowicz, Pierre) . Paths with NULL in them (foo\0bar.txt) are now considered as invalid. (Rasmus) - . Fixed a possible double free in imap extension (Identified by Mateusz + . Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). (Ilia) . Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). (Maksymilian Arciemowicz) @@ -800,23 +2586,23 @@ PHP - General improvements: . Added stat support for zip stream. (Pierre) - . Added follow_location (enabled by default) option for the http stream + . Added follow_location (enabled by default) option for the http stream support. (Pierre) . Improved support for is_link and related functions on Windows. (Pierre) . Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al. (Gustavo) - + - Implemented feature requests: . Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime. (Kalle) - . Implemented FR #52173, added functions pcntl_get_last_error() and + . Implemented FR #52173, added functions pcntl_get_last_error() and pcntl_strerror(). (nick dot telford at gmail dot com, Arnaud) . Implemented symbolic links support for open_basedir checks. (Pierre) . Implemented FR #51804, SplFileInfo::getLinkTarget on Windows. (Pierre) . Implemented FR #50692, not uploaded files don't count towards max_file_uploads limit. As a side improvement, temporary files are not opened for empty uploads and, in debug mode, 0-length uploads. (Gustavo) - + - Improved MySQLnd: . Added new character sets to mysqlnd, which are available in MySQL 5.5 (Andrey) @@ -828,7 +2614,7 @@ PHP . Added '-t/--test' to php-fpm to check and validate FPM conf file. (fat) . Added statistics about listening socket queue length for FPM. (andrei dot nigmatulin at gmail dot com, fat) - + - Core: . Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE. (jorto at redhat dot com) @@ -842,7 +2628,7 @@ PHP . Fixed bug #53304 (quot_print_decode does not handle lower-case hex digits). (Ilia, daniel dot mueller at inexio dot net) . Fixed bug #53248 (rawurlencode RFC 3986 EBCDIC support misses tilde char). - (Justin Martin) + (Justin Martin) . Fixed bug #53226 (file_exists fails on big filenames). (Adam) . Fixed bug #53198 (changing INI setting "from" with ini_set did not have any effect). (Gustavo) @@ -858,7 +2644,7 @@ PHP decode " if ENT_NOQUOTES is given. (Gustavo) . Fixed bug #52931 (strripos not overloaded with function overloading enabled). (Felipe) - . Fixed bug #52772 (var_dump() doesn't check for the existence of + . Fixed bug #52772 (var_dump() doesn't check for the existence of get_class_name before calling it). (Kalle, Gustavo) . Fixed bug #52534 (var_export array with negative key). (Felipe) . Fixed bug #52327 (base64_decode() improper handling of leading padding in @@ -873,22 +2659,22 @@ PHP of reported malformed sequences). (CVE-2010-3870) (Gustavo) . Fixed bug #49407 (get_html_translation_table doesn't handle UTF-8). (Gustavo) - . Fixed bug #48831 (php -i has different output to php --ini). (Richard, + . Fixed bug #48831 (php -i has different output to php --ini). (Richard, Pierre) . Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4). (Felipe) - . Fixed bug #47168 (printf of floating point variable prints maximum of 40 + . Fixed bug #47168 (printf of floating point variable prints maximum of 40 decimal places). (Ilia) . Fixed bug #46587 (mt_rand() does not check that max is greater than min). (Ilia) . Fixed bug #29085 (bad default include_path on Windows). (Pierre) . Fixed bug #25927 (get_html_translation_table calls the ' ' instead of '). (Gustavo) - + - Zend engine: . Reverted fix for bug #51176 (Static calling in non-static method behaves like $this->). (Felipe) - . Changed deprecated ini options on startup from E_WARNING to E_DEPRECATED. + . Changed deprecated ini options on startup from E_WARNING to E_DEPRECATED. (Kalle) . Fixed NULL dereference in lex_scan on zend multibyte builds where the script had a flex incompatible encoding and there was no converter. (Gustavo) @@ -908,7 +2694,7 @@ PHP . Fixed bug #52361 (Throwing an exception in a destructor causes invalid catching). (Dmitry) . Fixed bug #51008 (Zend/tests/bug45877.phpt fails). (Dmitry) - + - Build issues: . Fixed bug #52436 (Compile error if systems do not have stdint.h) (Sriram Natarajan) @@ -919,7 +2705,7 @@ PHP - Calendar extension: . Fixed bug #52744 (cal_days_in_month incorrect for December 1 BCE). (gpap at internet dot gr, Adam) - + - cURL extension: . Fixed bug #52828 (curl_setopt does not accept persistent streams). (Gustavo, Ilia) @@ -927,7 +2713,7 @@ PHP (CURLOPT_STDERR)). (Gustavo) . Fixed bug #52202 (CURLOPT_PRIVATE gets corrupted). (Ilia) . Fixed bug #50410 (curl extension slows down PHP on Windows). (Pierre) - + - DateTime extension: . Fixed bug #53297 (gettimeofday implementation in php/win32/time.c can return 1 million microsecs). (ped at 7gods dot org) @@ -956,7 +2742,7 @@ PHP . Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). (Pierre) - GMP extension: - . Fixed bug #52906 (gmp_mod returns negative result when non-negative is + . Fixed bug #52906 (gmp_mod returns negative result when non-negative is expected). (Stas) . Fixed bug #52849 (GNU MP invalid version match). (Adam) @@ -969,7 +2755,7 @@ PHP headers). (Adam) . Fixed bug #52599 (iconv output handler outputs incorrect content type when flags are used). (Ilia) - . Fixed bug #51250 (iconv_mime_decode() does not ignore malformed Q-encoded + . Fixed bug #51250 (iconv_mime_decode() does not ignore malformed Q-encoded words). (Ilia) - Intl extension: @@ -979,7 +2765,7 @@ PHP (Stas) . Fixed bug #50590 (IntlDateFormatter::parse result is limited to the integer range). (Stas) - + - Mbstring extension: . Fixed bug #53273 (mb_strcut() returns garbage with the excessive length parameter). (CVE-2010-4156) (Mateusz Kocielski, Pierre, Moriyoshi) @@ -988,16 +2774,16 @@ PHP with the distribution) (Gustavo). . Fixed bug #52681 (mb_send_mail() appends an extra MIME-Version header). (Adam) - + - MSSQL extension: . Fixed possible crash in mssql_fetch_batch(). (Kalle) . Fixed bug #52843 (Segfault when optional parameters are not passed in to mssql_connect). (Felipe) - + - MySQL extension: - . Fixed bug #52636 (php_mysql_fetch_hash writes long value into int). + . Fixed bug #52636 (php_mysql_fetch_hash writes long value into int). (Kalle, rein at basefarm dot no) - + - MySQLi extension: . Fixed bug #52891 (Wrong data inserted with mysqli/mysqlnd when using mysqli_stmt_bind_param and value> PHP_INT_MAX). (Andrey) @@ -1014,10 +2800,10 @@ PHP (Andrey) . Fixed bug #52221 (Misbehaviour of magic_quotes_runtime (get/set)). (Andrey) . Fixed bug #45921 (Can't initialize character set hebrew). (Andrey) - + - MySQLnd: . Fixed bug #52613 (crash in mysqlnd after hitting memory limit). (Andrey) - + - ODBC extension: - Fixed bug #52512 (Broken error handling in odbc_execute). (mkoegler at auto dot tuwien dot ac dot at) @@ -1034,11 +2820,11 @@ PHP . Fixed bug #51610 (Using oci_connect causes PHP to take a long time to exit). Requires Oracle 11.2.0.2 client libraries (or Oracle bug fix 9891199) for this patch to have an effect. (Oracle Corp.) - + - PCNTL extension: . Fixed bug #52784 (Race condition when handling many concurrent signals). (nick dot telford at gmail dot com, Arnaud) - + - PCRE extension: . Fixed bug #52971 (PCRE-Meta-Characters not working with utf-8). (Felipe) . Fixed bug #52732 (Docs say preg_match() returns FALSE on error, but it @@ -1062,27 +2848,27 @@ PHP - PDO: . Fixed bug #52699 (PDO bindValue writes long int 32bit enum). - (rein at basefarm dot no) + (rein at basefarm dot no) . Fixed bug #52487 (PDO::FETCH_INTO leaks memory). (Felipe) - + - PDO DBLib driver: . Fixed bug #52546 (pdo_dblib segmentation fault when iterating MONEY values). (Felipe) - + - PDO Firebird driver: . Restored firebird support (VC9 builds only). (Pierre) . Fixed bug #53335 (pdo_firebird did not implement rowCount()). (preeves at ibphoenix dot com) . Fixed bug #53323 (pdo_firebird getAttribute() crash). (preeves at ibphoenix dot com) - + - PDO MySQL driver: . Fixed bug #52745 (Binding params doesn't work when selecting a date inside a CASE-WHEN). (Andrey) - + - PostgreSQL extension: . Fixed bug #47199 (pg_delete() fails on NULL). (ewgraf at gmail dot com) - + - Reflection extension: . Fixed ReflectionProperty::isDefault() giving a wrong result for properties obtained with ReflectionClass::getProperties(). (Gustavo) @@ -1091,11 +2877,11 @@ PHP getProperty()). (Felipe) . Fixed bug #52854 (ReflectionClass::newInstanceArgs does not work for classes without constructors). (Johannes) - + - SOAP extension: . Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy with SoapClient object). (Dmitry) - + - SPL extension: . Fixed bug #53362 (Segmentation fault when extending SplFixedArray). (Felipe) . Fixed bug #53279 (SplFileObject doesn't initialise default CSV escape @@ -1103,7 +2889,7 @@ PHP . Fixed bug #53144 (Segfault in SplObjectStorage::removeAll()). (Felipe) . Fixed bug #53071 (SPLObjectStorage defeats gc_collect_cycles). (Gustavo) . Fixed bug #52573 (SplFileObject::fscanf Segmentation fault). (Felipe) - . Fixed bug #51763 (SplFileInfo::getType() does not work symbolic link + . Fixed bug #51763 (SplFileInfo::getType() does not work symbolic link and directory). (Pierre) . Fixed bug #50481 (Storing many SPLFixedArray in an array crashes). (Felipe) . Fixed bug #50579 (RegexIterator::REPLACE doesn't work). (Felipe) @@ -1111,7 +2897,7 @@ PHP - SQLite3 extension: . Fixed bug #53463 (sqlite3 columnName() segfaults on bad column_number). (Felipe) - + - Streams: . Fixed forward stream seeking emulation in streams that don't support seeking in situations where the read operation gives back less data than requested @@ -1130,7 +2916,7 @@ PHP - WDDX extension: . Fixed bug #52468 (wddx_deserialize corrupts integer field value when left empty). (Felipe) - + - Zlib extension: . Fixed bug #52926 (zlib fopen wrapper does not use context). (Gustavo) @@ -1138,11 +2924,11 @@ PHP - Upgraded bundled sqlite to version 3.6.23.1. (Ilia) - Upgraded bundled PCRE to version 8.02. (Ilia) -- Added support for JSON_NUMERIC_CHECK option in json_encode() that converts +- Added support for JSON_NUMERIC_CHECK option in json_encode() that converts numeric strings to integers. (Ilia) - Added stream_set_read_buffer, allows to set the buffer for read operation. (Pierre) -- Added stream filter support to mcrypt extension (ported from +- Added stream filter support to mcrypt extension (ported from mcrypt_filter). (Stas) - Added full_special_chars filter to ext/filter. (Rasmus) - Added backlog socket context option for stream_socket_server(). (Mike) @@ -1151,10 +2937,10 @@ PHP Made implicit use of NULL IV a warning. (Sara) - Added openssl_cipher_iv_length(). (Sara) - Added FastCGI Process Manager (FPM) SAPI. (Tony) -- Added recent Windows versions to php_uname and fix undefined windows +- Added recent Windows versions to php_uname and fix undefined windows version support. (Pierre) - Added Berkeley DB 5 support to the DBA extension. (Johannes, Chris Jones) -- Added support for copy to/from array/file for pdo_pgsql extension. +- Added support for copy to/from array/file for pdo_pgsql extension. (Denis Gasparin, Ilia) - Added inTransaction() method to PDO, with specialized support for Postgres. (Ilia, Denis Gasparin) @@ -1174,7 +2960,7 @@ PHP Reported by Stefan Esser. (Andrey) - Fixed very rare memory leak in mysqlnd, when binding thousands of columns. (Andrey) -- Fixed a crash when calling an inexistent method of a class that inherits +- Fixed a crash when calling an inexistent method of a class that inherits PDOStatement if instantiated directly instead of doing by the PDO methods. (Felipe) @@ -1193,15 +2979,15 @@ PHP (Dmitry) - Fixed a possible memory corruption in pack(). Reported by Stefan Esser. (Dmitry) -- Fixed a possible memory corruption in substr_replace(). Reported by Stefan +- Fixed a possible memory corruption in substr_replace(). Reported by Stefan Esser. (Dmitry) -- Fixed a possible memory corruption in addcslashes(). Reported by Stefan +- Fixed a possible memory corruption in addcslashes(). Reported by Stefan Esser. (Dmitry) -- Fixed a possible stack exhaustion inside fnmatch(). Reported by Stefan +- Fixed a possible stack exhaustion inside fnmatch(). Reported by Stefan Esser. (Ilia) - Fixed a possible dechunking filter buffer overflow. Reported by Stefan Esser. (Pierre) -- Fixed a possible arbitrary memory access inside sqlite extension. Reported +- Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. (Ilia) - Fixed string format validation inside phar extension. Reported by Stefan Esser. (Ilia) @@ -1224,7 +3010,7 @@ PHP - Fixed bug #52193 (converting closure to array yields empty array). (Felipe) - Fixed bug #52183 (Reflectionfunction reports invalid number of arguments for function aliases). (Felipe) -- Fixed bug #52162 (custom request header variables with numbers are removed). +- Fixed bug #52162 (custom request header variables with numbers are removed). (Sriram Natarajan) - Fixed bug #52160 (Invalid E_STRICT redefined constructor error). (Felipe) - Fixed bug #52138 (Constants are parsed into the ini file for section names). @@ -1236,15 +3022,15 @@ PHP - Fixed bug #52082 (character_set_client & character_set_connection reset after mysqli_change_user()). (Andrey) - Fixed bug #52043 (GD doesn't recognize latest libJPEG versions). - (php at group dot apple dot com, Pierre) + (php at group dot apple dot com, Pierre) - Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function). (Dmitry) - Fixed bug #52060 (Memory leak when passing a closure to method_exists()). (Felipe) - Fixed bug #52057 (ReflectionClass fails on Closure class). (Felipe) -- Fixed bug #52051 (handling of case sensitivity of old-style constructors +- Fixed bug #52051 (handling of case sensitivity of old-style constructors changed in 5.3+). (Felipe) -- Fixed bug #52037 (Concurrent builds fail in install-programs). (seanius at +- Fixed bug #52037 (Concurrent builds fail in install-programs). (seanius at debian dot org, Kalle) - Fixed bug #52019 (make lcov doesn't support TESTS variable anymore). (Patrick) - Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command). @@ -1252,7 +3038,7 @@ PHP - Fixed bug #52001 (Memory allocation problems after using variable variables). (Dmitry) - Fixed bug #51991 (spl_autoload and *nix support with namespace). (Felipe) -- Fixed bug #51943 (AIX: Several files are out of ANSI spec). (Kalle, +- Fixed bug #51943 (AIX: Several files are out of ANSI spec). (Kalle, coreystup at gmail dot com) - Fixed bug #51911 (ReflectionParameter::getDefaultValue() memory leaks with constant array). (Felipe) @@ -1317,7 +3103,7 @@ PHP - Fixed bug #51435 (Missing ifdefs / logic bug in crypt code cause compile errors). (Felipe) - Fixed bug #51424 (crypt() function hangs after 3rd call). (Pierre, Sriram) -- Fixed bug #51394 (Error line reported incorrectly if error handler throws an +- Fixed bug #51394 (Error line reported incorrectly if error handler throws an exception). (Stas) - Fixed bug #51393 (DateTime::createFromFormat() fails if format string contains timezone). (Adam) @@ -1336,15 +3122,15 @@ PHP - Fixed bug #51242 (Empty mysql.default_port does not default to 3306 anymore, but 0). (Adam) - Fixed bug #51237 (milter SAPI crash on startup). (igmar at palsenberg dot com) -- Fixed bug #51213 (pdo_mssql is trimming value of the money column). (Ilia, +- Fixed bug #51213 (pdo_mssql is trimming value of the money column). (Ilia, alexr at oplot dot com) -- Fixed bug #51190 (ftp_put() returns false when transfer was successful). +- Fixed bug #51190 (ftp_put() returns false when transfer was successful). (Ilia) - Fixed bug #51183 (ext/date/php_date.c fails to compile with Sun Studio). (Sriram Natarajan) - Fixed bug #51176 (Static calling in non-static method behaves like $this->). (Felipe) -- Fixed bug #51171 (curl_setopt() doesn't output any errors or warnings when +- Fixed bug #51171 (curl_setopt() doesn't output any errors or warnings when an invalid option is provided). (Ilia) - Fixed bug #51128 (imagefill() doesn't work with large images). (Pierre) - Fixed bug #51096 ('last day' and 'first day' are handled incorrectly when @@ -1364,7 +3150,7 @@ PHP if defined in WSDL). (mephius at gmail dot com) - Fixed bug #50731 (Inconsistent namespaces sent to functions registered with spl_autoload_register). (Felipe) -- Fixed bug #50563 (removing E_WARNING from parse_url). (ralph at smashlabs dot +- Fixed bug #50563 (removing E_WARNING from parse_url). (ralph at smashlabs dot com, Pierre) - Fixed bug #50578 (incorrect shebang in phar.phar). (Fedora at FamilleCollet dot com) @@ -1413,7 +3199,7 @@ PHP (vincent at optilian dot com) - Fixed bug #43233 (sasl support for ldap on Windows). (Pierre) - Fixed bug #35673 (formatOutput does not work with saveHTML). (Rob) -- Fixed bug #33210 (getimagesize() fails to detect width/height on certain +- Fixed bug #33210 (getimagesize() fails to detect width/height on certain JPEGs). (Ilia) 04 Mar 2010, PHP 5.3.2 @@ -1436,7 +3222,7 @@ PHP setting it to 0. (Rasmus) - Changed tidyNode class to disallow manual node creation. (Pierrick) -- Removed automatic file descriptor unlocking happening on shutdown and/or +- Removed automatic file descriptor unlocking happening on shutdown and/or stream close (on all OSes). (Tony, Ilia) - Added libpng 1.4.0 support. (Pierre) @@ -1494,7 +3280,7 @@ PHP versions). (Derick) - Fixed bug #50907 (X-PHP-Originating-Script adding two new lines in *NIX). (Ilia) -- Fixed bug #50859 (build fails with openssl 1.0 due to md2 deprecation). +- Fixed bug #50859 (build fails with openssl 1.0 due to md2 deprecation). (Ilia, hanno at hboeck dot de) - Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long). (Ilia) @@ -1529,7 +3315,7 @@ PHP and DomDocument). (Dmitry) - Fixed bug #50508 (compile failure: Conflicting HEADER type declarations). (Jani) -- Fixed bug #50496 (Use of is valid only in a c99 compilation +- Fixed bug #50496 (Use of is valid only in a c99 compilation environment. (Sriram) - Fixed bug #50464 (declare encoding doesn't work within an included file). (Felipe) @@ -1551,7 +3337,7 @@ PHP (Ilia, Pierrick) - Fixed bug #50285 (xmlrpc does not preserve keys in encoded indexed arrays). (Felipe) -- Fixed bug #50282 (xmlrpc_encode_request() changes object into array in +- Fixed bug #50282 (xmlrpc_encode_request() changes object into array in calling function). (Felipe) - Fixed bug #50267 (get_browser(null) does not use HTTP_USER_AGENT). (Jani) - Fixed bug #50266 (conflicting types for llabs). (Jani) @@ -1571,7 +3357,7 @@ PHP (tcallawa at redhat dot com) - Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia) -- Fixed bug #50196 (stream_copy_to_stream() produces warning when source is +- Fixed bug #50196 (stream_copy_to_stream() produces warning when source is not file). (Stas) - Fixed bug #50195 (pg_copy_to() fails when table name contains schema. (Ilia) - Fixed bug #50185 (ldap_get_entries() return false instead of an empty array @@ -1599,7 +3385,7 @@ PHP - Fixed bug #49990 (SNMP3 warning message about security level printed twice). (Jani) - Fixed bug #49985 (pdo_pgsql prepare() re-use previous aborted - transaction). (ben dot pineau at gmail dot com, Ilia, Matteo) + transaction). (ben dot pineau at gmail dot com, Ilia, Matteo) - Fixed bug #49938 (Phar::isBuffering() returns inverted value). (Greg) - Fixed bug #49936 (crash with ftp stream in php_stream_context_get_option()). (Pierrick) @@ -1607,7 +3393,7 @@ PHP - Fixed bug #49866 (Making reference on string offsets crashes PHP). (Dmitry) - Fixed bug #49855 (import_request_variables() always returns NULL). (Ilia, sjoerd at php dot net) -- Fixed bug #49851, #50451 (http wrapper breaks on 1024 char long headers). +- Fixed bug #49851, #50451 (http wrapper breaks on 1024 char long headers). (Ilia) - Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning). (Ilia, wmeler at wp-sa dot pl) @@ -1657,7 +3443,7 @@ PHP - Upgraded bundled sqlite to version 3.6.19. (Scott) - Updated timezone database to version 2009.17 (2009q). (Derick) -- Changed ini file directives [PATH=](on Win32) and [HOST=](on all) to be case +- Changed ini file directives [PATH=](on Win32) and [HOST=](on all) to be case insensitive. (garretts) - Restored shebang line check to CGI sapi (not checked by scanner anymore). @@ -1672,7 +3458,7 @@ PHP - Added support for ACL on Windows for thread safe SAPI (Apache2 for example) and fix its support on NTS. (Pierre) -- Improved symbolic, mounted volume and junctions support for realpath on +- Improved symbolic, mounted volume and junctions support for realpath on Windows. (Pierre) - Improved readlink on Windows, suppress \??\ and use the drive syntax only. (Pierre) @@ -1684,9 +3470,9 @@ PHP API. (Scott) - Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre) -- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. +- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (Rasmus) -- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz +- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (Rasmus) - Fixed certificate validation inside php_openssl_apply_verification_policy (Ryan Sleevi, Ilia) @@ -1708,7 +3494,7 @@ PHP (Maksymilian Arciemowicz, Stas) - Fixed signature generation/validation for zip archives in ext/phar. (Greg) - Fixed memory leak in stream_is_local(). (Felipe, Tony) -- Fixed BC break in mime_content_type(), removes the content encoding. (Scott) +- Fixed BC break in mime_content_type(), removes the content encoding. (Scott) - Fixed PECL bug #16842 (oci_error return false when NO_DATA_FOUND is raised). (Chris Jones) @@ -1741,7 +3527,7 @@ PHP fclose). (Ilia) - Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters). (Ilia) -- Fixed bug #49447 (php engine need to correctly check for socket API +- Fixed bug #49447 (php engine need to correctly check for socket API return status on windows). (Sriram Natarajan) - Fixed bug #49391 (ldap.c utilizing deprecated ldap_modify_s). (Ilia) - Fixed bug #49372 (segfault in php_curl_option_curl). (Pierre) @@ -1776,7 +3562,7 @@ PHP - Fixed bug #49074 (private class static fields can be modified by using reflection). (Jani) - Fixed bug #49072 (feof never returns true for damaged file in zip). (Pierre) -- Fixed bug #49065 ("disable_functions" php.ini option does not work on +- Fixed bug #49065 ("disable_functions" php.ini option does not work on Zend extensions). (Stas) - Fixed bug #49064 (--enable-session=shared does not work: undefined symbol: php_url_scanner_reset_vars). (Jani) @@ -1799,7 +3585,7 @@ PHP in a chunk). (andreas dot streichardt at globalpark dot com, Ilia) - Fixed bug #49012 (phar tar signature algorithm reports as Unknown (0) in getSignature() call). (Greg) -- Fixed bug #49000 (PHP CLI in Interactive mode (php -a) crashes +- Fixed bug #49000 (PHP CLI in Interactive mode (php -a) crashes when including files from function). (Stas) - Fixed bug #48994 (zlib.output_compression does not output HTTP headers when set to a string value). (Jani) @@ -1828,10 +3614,10 @@ PHP - Fixed bug #48783 (make install will fail saying phar file exists). (Greg) - Fixed bug #48774 (SIGSEGVs when using curl_copy_handle()). (Sriram Natarajan) -- Fixed bug #48771 (rename() between volumes fails and reports no error on +- Fixed bug #48771 (rename() between volumes fails and reports no error on Windows). (Pierre) - Fixed bug #48768 (parse_ini_*() crash with INI_SCANNER_RAW). (Jani) -- Fixed bug #48763 (ZipArchive produces corrupt archive). (dani dot church at +- Fixed bug #48763 (ZipArchive produces corrupt archive). (dani dot church at gmail dot com, Pierre) - Fixed bug #48762 (IPv6 address filter still rejects valid address). (Felipe) - Fixed bug #48757 (ReflectionFunction::invoke() parameter issues). (Kalle) @@ -1848,7 +3634,7 @@ PHP files that have been opened with r+). (Ilia) - Fixed bug #48719 (parse_ini_*(): scanner_mode parameter is not checked for sanity). (Jani) -- Fixed bug #48718 (FILTER_VALIDATE_EMAIL does not allow numbers in domain +- Fixed bug #48718 (FILTER_VALIDATE_EMAIL does not allow numbers in domain components). (Ilia) - Fixed bug #48681 (openssl signature verification for tar archives broken). (Greg) @@ -1871,7 +3657,7 @@ PHP - Fixed bug #48189 (ibase_execute error in return param). (Kalle) - Fixed bug #48182 (ssl handshake fails during asynchronous socket connection). (Sriram Natarajan) -- Fixed bug #48116 (Fixed build with Openssl 1.0). (Pierre, +- Fixed bug #48116 (Fixed build with Openssl 1.0). (Pierre, Al dot Smith at aeschi dot ch dot eu dot org) - Fixed bug #48057 (Only the date fields of the first row are fetched, others are empty). (info at programmiernutte dot net) @@ -1896,10 +3682,10 @@ PHP com, Kalle) - Fixed bug #40013 (php_uname() does not return nodename on Netware (Guenter Knauf) -- Fixed bug #38091 (Mail() does not use FQDN when sending SMTP helo). +- Fixed bug #38091 (Mail() does not use FQDN when sending SMTP helo). (Kalle, Rick Yorgason) - Fixed bug #28038 (Sent incorrect RCPT TO commands to SMTP server) (Garrett) -- Fixed bug #27051 (Impersonation with FastCGI does not exec process as +- Fixed bug #27051 (Impersonation with FastCGI does not exec process as impersonated user). (Pierre) @@ -2023,17 +3809,17 @@ PHP value. (Hannes) - Improved Windows support: - . Update all libraries to their latest stable version. (Pierre, Rob, Liz, + . Update all libraries to their latest stable version. (Pierre, Rob, Liz, Garrett). . Added Windows support for stat(), touch(), filemtime(), filesize() and related functions. (Pierre) . Re-added socket_create_pair() for Windows in sockets extension. (Kalle) - . Added inet_pton() and inet_ntop() also for Windows platforms. + . Added inet_pton() and inet_ntop() also for Windows platforms. (Kalle, Pierre) . Added mcrypt_create_iv() for Windows platforms. (Pierre) . Added ACL Cache support on Windows. (Kanwaljeet Singla, Pierre, Venkat Raman Don) - . Added constants based on Windows' GetVersionEx information. + . Added constants based on Windows' GetVersionEx information. PHP_WINDOWS_VERSION_* and PHP_WINDOWS_NT_*. (Pierre) . Added support for ACL (is_writable, is_readable, reports now correct results) on Windows. (Pierre, Venkat Raman Don, Kanwaljeet Singla) @@ -2221,7 +4007,7 @@ PHP DateInterval on each iteration, up to an end date or limited by maximum number of occurences. -- Added compatibility mode in GD, imagerotate, image(filled)ellipse +- Added compatibility mode in GD, imagerotate, image(filled)ellipse imagefilter, imageconvolution and imagecolormatch are now always enabled. (Pierre) - Added array_replace() and array_replace_recursive() functions. (Matt) @@ -2263,12 +4049,12 @@ PHP - Added support for CP850 encoding in mbstring extension. (Denis Giffeler, Moriyoshi) - Added stream_cast() and stream_set_options() to user-space stream wrappers, - allowing stream_select(), stream_set_blocking(), stream_set_timeout() and + allowing stream_select(), stream_set_blocking(), stream_set_timeout() and stream_set_write_buffer() to work with user-space stream wrappers. (Arnaud) - Added header_remove() function. (chsc at peytz dot dk, Arnaud) - Added stream_context_get_params() function. (Arnaud) - Added optional parameter "new" to sybase_connect(). (Timm) -- Added parse_ini_string() function. (grange at lemonde dot fr, Arnaud) +- Added parse_ini_string() function. (grange at lemonde dot fr, Arnaud) - Added str_getcsv() function. (Sara) - Added openssl_random_pseudo_bytes() function. (Scott) - Added ability to send user defined HTTP headers with SOAP request. @@ -2345,7 +4131,7 @@ PHP prepending functions). (Scott) - Fixed bug #48215 (Calling a method with the same name as the parent class calls the constructor). (Scott) -- Fixed bug #48200 (compile failure with mbstring.c when +- Fixed bug #48200 (compile failure with mbstring.c when --enable-zend-multibyte is used). (Jani) - Fixed bug #48188 (Cannot execute a scrollable cursors twice with PDO_PGSQL). (Matteo) @@ -2477,7 +4263,7 @@ PHP - Fixed bug #46042 (memory leaks with reflection of mb_convert_encoding()). (Ilia) - Fixed bug #46039 (ArrayObject iteration is slow). (Arnaud) -- Fixed bug #46033 (Direct instantiation of SQLite3stmt and SQLite3result cause +- Fixed bug #46033 (Direct instantiation of SQLite3stmt and SQLite3result cause a segfault.) (Scott) - Fixed bug #45991 (Ini files with the UTF-8 BOM are treated as invalid). (Scott) @@ -2553,7 +4339,7 @@ PHP - Added support for Sun CC (FR #46595 and FR #46513). (David Soria Parra) - Changed default value of array_unique()'s optional sorting type parameter - back to SORT_STRING to fix backwards compatibility breakage introduced in + back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi) - Fixed memory corruptions while reading properties of zip files. (Ilia) @@ -2586,7 +4372,7 @@ PHP files). (Pierre) - Fixed bug #48359 (Script hangs on snmprealwalk if OID is not increasing). (Ilia, simonov at gmail dot com) -- Fixed bug #48336 (ReflectionProperty::getDeclaringClass() does not work +- Fixed bug #48336 (ReflectionProperty::getDeclaringClass() does not work with redeclared property). (patch by Markus dot Lidel at shadowconnect dot com) - Fixed bug #48326 (constant MSG_DONTWAIT not defined). (Arnaud) @@ -2631,7 +4417,7 @@ PHP - Fixed bug #47969 (ezmlm_hash() returns different values depend on OS). (Ilia) - Fixed bug #47946 (ImageConvolution overwrites background). (Ilia) - Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt) -- Fixed bug #47937 (system() calls sapi_flush() regardless of output +- Fixed bug #47937 (system() calls sapi_flush() regardless of output buffering). (Ilia) - Fixed bug #47903 ("@" operator does not work with string offsets). (Felipe) - Fixed bug #47893 (CLI aborts on non blocking stdout). (Arnaud) @@ -2705,7 +4491,7 @@ PHP - Fixed bug #45092 (header HTTP context option not being used when compiled using --with-curlwrappers). (Jani) - Fixed bug #44996 (xmlrpc_decode() ignores time zone on iso8601.datetime). - (Ilia, kawai at apache dot org) + (Ilia, kawai at apache dot org) - Fixed bug #44827 (define() is missing error checks for class constants). (Ilia) - Fixed bug #44214 (Crash using preg_replace_callback() and global variables). @@ -2730,7 +4516,7 @@ PHP - Added optional sorting type flag parameter to array_unique(). Default is SORT_REGULAR. (Andrei) -- Fixed a crash on extract in zip when files or directories entry names contain +- Fixed a crash on extract in zip when files or directories entry names contain a relative path. (Pierre) - Fixed error conditions handling in stream_filter_append(). (Arnaud) - Fixed zip filename property read. (Pierre) @@ -2832,11 +4618,11 @@ PHP - Added logging option for error_log to send directly to SAPI. (Stas) - Added PHP_MAJOR_VERSION, PHP_MINOR_VERSION, PHP_RELEASE_VERSION, PHP_EXTRA_VERSION, PHP_VERSION_ID, PHP_ZTS and PHP_DEBUG constants. (Pierre) -- Added "PHP_INI_SCAN_DIR" environment variable which can be used to +- Added "PHP_INI_SCAN_DIR" environment variable which can be used to either disable or change the compile time ini scan directory (FR #45114). (Jani) -- Fixed missing initialization of BG(page_uid) and BG(page_gid), +- Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz. (Stas) - Fixed memory leak inside sqlite_create_aggregate(). (Felipe) - Fixed memory leak inside PDO sqlite's sqliteCreateAggregate() method. @@ -2852,7 +4638,7 @@ PHP - Fixed a bug inside dba_replace() that could cause file truncation withinvalid keys. (Ilia) - Fixed memory leak inside readline_callback_handler_install() function.(Ilia) -- Fixed memory leak inside readline_completion_function() function. (Felipe) +- Fixed memory leak inside readline_completion_function() function. (Felipe) - Fixed stream_get_contents() when using $maxlength and socket is notclosed. indeyets [at] php [dot] net on #46049. (Arnaud) - Fixed stream_get_line() to behave as documented on non-blocking streams. @@ -2981,7 +4767,7 @@ PHP - Fixed bug #45765 (ReflectionObject with default parameters of self::xxx cause an error). (Felipe) - Fixed bug #45751 (Using auto_prepend_file crashes (out of scope stack address - use)). (basant dot kukreja at sun dot com) + use)). (basant dot kukreja at sun dot com) - Fixed bug #45722 (mb_check_encoding() crashes). (Moriyoshi) - Fixed bug #45705 (rfc822_parse_adrlist() modifies passed address parameter). (Jani) @@ -3131,7 +4917,7 @@ PHP 01 May 2008, PHP 5.2.6 - Fixed two possible crashes inside posix extension (Tony) -- Fixed incorrect heredoc handling when label is used within the block. +- Fixed incorrect heredoc handling when label is used within the block. (Matt) - Fixed possible stack buffer overflow in FastCGI SAPI. (Andrei Nigmatulin) - Fixed sending of uninitialized paddings which may contain some information. (Andrei Nigmatulin)