|
version 1.1.1.4, 2013/10/14 08:02:08
|
version 1.1.1.5, 2014/06/15 20:03:41
|
|
Line 1
|
Line 1
|
| PHP NEWS |
PHP NEWS |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| |
| |
29 May 2014, PHP 5.4.29 |
| |
|
| |
- COM: |
| |
. Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol) |
| |
|
| |
- Core: |
| |
. Fixed bug #65701 (copy() doesn't work when destination filename is created |
| |
by tempnam()). (Boro Sitnikovski) |
| |
. Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol) |
| |
. Fixed bug #67245 (usage of memcpy() with overlapping src and dst in |
| |
zend_exceptions.c). (Bob) |
| |
. Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas) |
| |
. Fixed bug #67249 (printf out-of-bounds read). (Stas) |
| |
. Fixed bug #67250 (iptcparse out-of-bounds read). (Stas) |
| |
. Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas) |
| |
|
| |
- Date: |
| |
. Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol) |
| |
. Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas) |
| |
. Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas) |
| |
|
| |
- DOM: |
| |
. Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, |
| |
not only the subset). (Anatol) |
| |
|
| |
- Fileinfo: |
| |
. Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol) |
| |
. Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS). |
| |
(CVE-2014-0238) |
| |
. Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in |
| |
performance degradation). (CVE-2014-0237) |
| |
|
| |
- FPM: |
| |
. Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor). |
| |
(Julio Pintos) |
| |
|
| |
- Phar: |
| |
. Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent |
| |
in its name). (PR #588) |
| |
|
| |
01 May 2014, PHP 5.4.28 |
| |
|
| |
- Core: |
| |
. Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike) |
| |
. Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace |
| |
UNIX sockets). (Mike) |
| |
. Fixed bug #66171 (Symlinks and session handler allow open_basedir bypass). |
| |
(Jann Horn, Stas) |
| |
. Fixed bug #66182 (exit in stream filter produces segfault). (Mike) |
| |
. Fixed bug #66736 (fpassthru broken). (Mike) |
| |
. Fixed bug #67024 (getimagesize should recognize BMP files with negative |
| |
height). (Gabor Buella) |
| |
. Fixed bug #67033 (Remove reference to Windows 95). (Anatol) |
| |
|
| |
- cURL: |
| |
. Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent). |
| |
(Freek Lijten) |
| |
|
| |
- Date: |
| |
. Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is |
| |
supplied). (Boro Sitnikovski) |
| |
|
| |
- Embed: |
| |
. Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol) |
| |
|
| |
- Fileinfo: |
| |
. Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian). |
| |
(Remi) |
| |
|
| |
- FPM: |
| |
. Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf). |
| |
. Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure |
| |
default configuration) (CVE-2014-0185). (Stas) |
| |
|
| |
- JSON: |
| |
. Fixed bug #66021 (Blank line inside empty array/object when |
| |
JSON_PRETTY_PRINT is set). (Kevin Israel) |
| |
|
| |
- LDAP: |
| |
. Fixed issue with null bytes in LDAP bindings. (Matthew Daley) |
| |
|
| |
- OpenSSL: |
| |
. Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma) |
| |
. Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma) |
| |
|
| |
- SimpleXML: |
| |
. Fixed bug #66084 (simplexml_load_string() mangles empty node name) |
| |
(Anatol) |
| |
|
| |
- XSL: |
| |
. Fixed bug #53965 (<xsl:include> cannot find files with relative paths |
| |
when loaded with "file://"). (Anatol) |
| |
|
| |
- Apache2 Handler SAPI: |
| |
. Fixed Apache log issue caused by APR's lack of support for %zu |
| |
(APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120). |
| |
(Jeff Trawick) |
| |
|
| |
03 Apr 2014, PHP 5.4.27 |
| |
|
| |
- Core: |
| |
. Fixed bug #60602 (proc_open() changes environment array) (Tjerk) |
| |
|
| |
- Fileinfo: |
| |
. Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular |
| |
expression). (CVE-2013-7345) (Remi) |
| |
|
| |
- FPM: |
| |
. Added clear_env configuration directive to disable clearenv() call. |
| |
(Github PR# 598, Paul Annesley) |
| |
|
| |
- GMP |
| |
. Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre) |
| |
|
| |
- Mail: |
| |
. Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk) |
| |
|
| |
- MySQLi: |
| |
. Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed) |
| |
(Remi) |
| |
|
| |
- Openssl: |
| |
. Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi) |
| |
|
| |
06 Mar 2014, PHP 5.4.26 |
| |
|
| |
- JSON: |
| |
. Fixed bug #65753 (JsonSerializeable couldn't implement on module extension) |
| |
(chobieeee@php.net) |
| |
|
| |
- Fileinfo: |
| |
. Fixed bug #66731 (file: infinite recursion). (CVE-2014-1943) (Remi) |
| |
. Fixed bug #66820 (out-of-bounds memory access in fileinfo). (Remi) |
| |
|
| |
- LDAP: |
| |
. Implemented ldap_modify_batch (https://wiki.php.net/rfc/ldap_modify_batch). |
| |
(Ondřej Hošek) |
| |
|
| |
- Openssl: |
| |
. Fixed bug #66501 (Add EC key support to php_openssl_is_private_key). |
| |
(Mark Zedwood) |
| |
|
| |
- Pgsql: |
| |
. Added warning for dangerous client encoding and remove possible injections |
| |
for pg_insert()/pg_update()/pg_delete()/pg_select(). (Yasuo) |
| |
|
| |
06 Feb 2014, PHP 5.4.25 |
| |
|
| |
- Core: |
| |
. Fixed bug #66286 (Incorrect object comparison with inheritance). (Nikita) |
| |
. Fixed bug #66509 (copy() arginfo has changed starting from 5.4). |
| |
(Will Fitch) |
| |
|
| |
- mysqlnd: |
| |
. Fixed bug #66283 (Segmentation fault after memory_limit). (Johannes) |
| |
|
| |
- PDO_pgsql: |
| |
. Fixed bug #62479 (PDO-psql cannot connect if password contains spaces). |
| |
(Will Fitch, Ilia) |
| |
|
| |
- Session: |
| |
. Fixed bug #66481 (Calls to session_name() segfault when session.name is |
| |
null). (Laruence) |
| |
|
| |
10 Jan 2014, PHP 5.4.24 |
| |
|
| |
- Core: |
| |
. Added validation of class names in the autoload process. (Dmitry) |
| |
. Fixed invalid C code in zend_strtod.c. (Lior Kaplan) |
| |
. Fixed bug #61645 (fopen and O_NONBLOCK). (Mike) |
| |
|
| |
- Date: |
| |
. Fixed bug #66060 (Heap buffer over-read in DateInterval). (CVE-2013-6712) |
| |
(Remi) |
| |
. Fixed bug #63391 (Incorrect/inconsistent day of week prior to the year |
| |
1600). (Derick, T. Carter) |
| |
. Fixed bug #61599 (Wrong Day of Week). (Derick, T. Carter) |
| |
|
| |
- DOM: |
| |
. Fixed bug #65196 (Passing DOMDocumentFragment to DOMDocument::saveHTML() |
| |
Produces invalid Markup). (Mike) |
| |
|
| |
- Exif: |
| |
. Fixed bug #65873 (Integer overflow in exif_read_data()). (Stas) |
| |
|
| |
- Filter: |
| |
. Fixed bug #66229 (128.0.0.0/16 isn't reserved any longer). (Adam) |
| |
|
| |
- GD: |
| |
. Fixed bug #64405 (Use freetype-config for determining freetype2 dir(s)). |
| |
(Adam) |
| |
|
| |
- PDO_odbc: |
| |
. Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries). |
| |
(michael at orlitzky dot com) |
| |
|
| |
- SNMP: |
| |
. Fixed SNMP_ERR_TOOBIG handling for bulk walk operations. (Boris Lytochkin) |
| |
|
| |
- XSL |
| |
. Fixed bug #49634 (Segfault throwing an exception in a XSL registered |
| |
function). (Mike) |
| |
|
| |
- ZIP: |
| |
. Fixed Bug #66321 (ZipArchive::open() ze_obj->filename_len not real). (Remi) |
| |
|
| |
12 Dec 2013, PHP 5.4.23 |
| |
|
| |
- Core: |
| |
. Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a |
| |
string). (Laruence) |
| |
. Fixed bug #65969 (Chain assignment with T_LIST failure). (Dmitry) |
| |
. Fixed bug #65947 (basename is no more working after fgetcsv in certain |
| |
situation). (Laruence) |
| |
|
| |
- JSON |
| |
. Fixed whitespace part of bug #64874 ("json_decode handles whitespace and |
| |
case-sensitivity incorrectly"). (Andrea Faulds) |
| |
|
| |
- MySQLi: |
| |
. Fixed bug #66043 (Segfault calling bind_param() on mysqli). (Laruence) |
| |
|
| |
- mysqlnd: |
| |
. Fixed bug #66124 (mysqli under mysqlnd loses precision when bind_param |
| |
with 'i'). (Andrey) |
| |
. Fixed bug #66141 (mysqlnd quote function is wrong with NO_BACKSLASH_ESCAPES |
| |
after failed query). (Andrey) |
| |
|
| |
- Openssl: |
| |
. Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). |
| |
(Stefan Esser). |
| |
|
| |
- PDO |
| |
. Fixed bug 65946 (sql_parser permanently converts values bound to strings) |
| |
|
| |
14 Nov 2013, PHP 5.4.22 |
| |
|
| |
- Core: |
| |
. Fixed bug #65911 (scope resolution operator - strange behavior with $this). |
| |
(Bob Weinand) |
| |
|
| |
- CLI server: |
| |
. Fixed bug #65818 (Segfault with built-in webserver and chunked transfer |
| |
encoding). (Felipe) |
| |
|
| |
- Exif: |
| |
. Fixed crash on unknown encoding. (Draal) |
| |
|
| |
- FTP: |
| |
. Fixed bug #65667 (ftp_nb_continue produces segfault). (Philip Hofstetter) |
| |
|
| |
- ODBC: |
| |
. Fixed bug #65950 (Field name truncation if the field name is bigger than |
| |
32 characters). (patch submitted by: michael dot y at zend dot com, Yasuo) |
| |
|
| |
- PDO: |
| |
. Fixed bug #66033 (Segmentation Fault when constructor of PDO statement |
| |
throws an exception). (Laruence) |
| |
|
| |
- Sockets: |
| |
. Fixed bug #65808 (the socket_connect() won't work with IPv6 address). |
| |
(Mike) |
| |
|
| |
- Standard: |
| |
. Fixed bug #64760 (var_export() does not use full precision for floating-point |
| |
numbers) (Yasuo) |
| |
. Fixed bug #66395 (basename function doesn't remove drive letter). (Anatol) |
| |
|
| |
- XMLReader: |
| |
. Fixed bug #51936 (Crash with clone XMLReader). (Mike) |
| |
. Fixed bug #64230 (XMLReader does not suppress errors). (Mike) |
| |
|
| |
|
| |
17 Oct 2013, PHP 5.4.21 |
| |
|
| |
- Core: |
| |
. Fixed bug #65322 (compile time errors won't trigger auto loading). (Nikita) |
| |
|
| |
- CLI server: |
| |
. Fixed bug #65633 (built-in server treat some http headers as |
| |
case-sensitive). (Adam) |
| |
|
| |
- Datetime: |
| |
. Fixed bug #64157 (DateTime::createFromFormat() reports confusing error |
| |
message). (Boro Sitnikovski) |
| |
|
| |
- DBA extension: |
| |
. Fixed bug #65708 (dba functions cast $key param to string in-place, |
| |
bypassing copy on write). (Adam) |
| |
|
| |
- Filter: |
| |
. Add RFC 6598 IPs to reserved addresses. (Sebastian Nohn) |
| |
. Fixed bug #64441 (FILTER_VALIDATE_URL rejects fully qualified domain names). |
| |
(Syra) |
| |
|
| |
- IMAP: |
| |
. Fixed bug #65721 (configure script broken in 5.5.4 and 5.4.20 when enabling |
| |
imap). (ryotakatsuki at gmail dot com) |
| |
|
| |
- Standard: |
| |
. Fixed bug #61548 (content-type must appear at the end of headers for 201 |
| |
Location to work in http). (Mike) |
| |
|
| |
- Build system: |
| |
. Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing |
| |
gzencode())). (Mike) |
| |
|
| |
|
| 19 Sep 2013, PHP 5.4.20 |
19 Sep 2013, PHP 5.4.20 |
| |
|
| - Core: |
- Core: |
|
Line 427 PHP
|
Line 735 PHP
|
| . Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam) |
. Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam) |
| |
|
| - Litespeed: |
- Litespeed: |
| . Fixed bug #63228 (-Werror=format-security error in lsapi code). (George) | . Fixed bug #63228 (-Werror=format-security error in lsapi code). |
| | (Elan Ruusamäe, George) |
| |
|
| - ext/sqlite3: |
- ext/sqlite3: |
| . Fixed bug #63921 (sqlite3::bindvalue and relative PHP functions aren't |
. Fixed bug #63921 (sqlite3::bindvalue and relative PHP functions aren't |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to NEWS CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / php