[BACK]Return to NEWS CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / php

Diff for /embedaddon/php/NEWS between versions 1.1.1.1 and 1.1.1.2

version 1.1.1.1, 2012/02/21 23:47:51 version 1.1.1.2, 2012/05/29 12:34:34
Line 1 Line 1
 PHP                                                                        NEWS  PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||  |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
   08 May 2012, PHP 5.4.3
   
   - CGI
     . Re-Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823.
       (Stas)
     . Fix bug #61807 - Buffer Overflow in apache_request_headers.
       (nyt-php at countercultured dot net). 
   
   03 May 2012, PHP 5.4.2
   
   - Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. (Rasmus)
   
   26 Apr 2012, PHP 5.4.1
   
   - CLI Server:
     . Fixed bug #61461 (missing checks around malloc() calls). (Ilia)
     . Implemented FR #60850 (Built in web server does not set 
       $_SERVER['SCRIPT_FILENAME'] when using router). (Laruence)
     . "Connection: close" instead of "Connection: closed" (Gustavo)
   
   - Core:
     . Fixed crash in ZTS using same class in many threads. (Johannes)
     . Fixed bug #61374 (html_entity_decode tries to decode code points that don't
       exist in ISO-8859-1). (Gustavo)
     . Fixed bug #61273 (call_user_func_array with more than 16333 arguments 
       leaks / crashes). (Laruence)
     . Fixed bug #61225 (Incorrect lexing of 0b00*+<NUM>). (Pierrick)
     . Fixed bug #61165 (Segfault - strip_tags()). (Laruence)
     . Fixed bug #61106 (Segfault when using header_register_callback). (Nikita
       Popov)
     . Fixed bug #61087 (Memory leak in parse_ini_file when specifying
       invalid scanner mode). (Nikic, Laruence)
     . Fixed bug #61072 (Memory leak when restoring an exception handler).
       (Nikic, Laruence)
     . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX).
       (Laruence)
     . Fixed bug #61052 (Missing error check in trait 'insteadof' clause). (Stefan)
     . Fixed bug #61011 (Crash when an exception is thrown by __autoload
       accessing a static property). (Laruence)
     . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical 
       vars). (Laruence)
     . Fixed bug #60978 (exit code incorrect). (Laruence)
     . Fixed bug #60911 (Confusing error message when extending traits). (Stefan)
     . Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam)
     . Fixed bug #60717 (Order of traits in use statement can cause a fatal
       error). (Stefan)
     . Fixed bug #60573 (type hinting with "self" keyword causes weird errors).
       (Laruence)
     . Fixed bug #60569 (Nullbyte truncates Exception $message). (Ilia)
     . Fixed bug #52719 (array_walk_recursive crashes if third param of the
       function is by reference). (Nikita Popov)
     . Improve performance of set_exception_handler while doing reset (Laruence)
   
   - fileinfo:
     . Fix fileinfo test problems. (Anatoliy Belsky)
   
   - FPM
     . Fixed bug #61430 (Transposed memset() params in sapi/fpm/fpm/fpm_shm.c).
       (michaelhood at gmail dot com, Ilia)
   
   - Ibase
     . Fixed bug #60947 (Segmentation fault while executing ibase_db_info).
       (Ilia)
   
   - Installation
     . Fixed bug #61172 (Add Apache 2.4 support). (Chris Jones)
   
   - Intl:
     . Fixed bug #61487 (Incorrent bounds checking in grapheme_strpos).
       (Stas)
   
   - mbstring:
     . MFH mb_ereg_replace_callback() for security enhancements. (Rui)
   
   - mysqli
     . Fixed bug #61003 (mysql_stat() require a valid connection). (Johannes).
   
   - mysqlnd
     . Fixed bug #60948 (mysqlnd FTBFS when -Wformat-security is enabled).
       (Johannes)
   
   - Readline:
     . Fixed bug #61088 (Memory leak in readline_callback_handler_install).
       (Nikic, Laruence)
   
   - Session
     . Fixed bug #60634 (Segmentation fault when trying to die() in 
       SessionHandler::write()). (Ilia)
   
   - SOAP
     . Fixed bug #61423 (gzip compression fails). (Ilia)
     . Fixed bug #60887 (SoapClient ignores user_agent option and sends no
       User-Agent header). (carloschilazo at gmail dot com)
     . Fixed bug #60842, #51775 (Chunked response parsing error when 
       chunksize length line is > 10 bytes). (Ilia)
     . Fixed bug #49853 (Soap Client stream context header option ignored).
       (Dmitry)
   
   - PDO
     . Fixed bug #61292 (Segfault while calling a method on an overloaded PDO 
       object). (Laruence)
   
   - PDO_mysql
     . Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't
       always work). (Johannes)
     . Fixed bug #61194 (PDO should export compression flag with myslqnd).
       (Johannes)
   
   - PDO_odbc
     . Fixed bug #61212 (PDO ODBC Segfaults on SQL_SUCESS_WITH_INFO). (Ilia)
   
   - Phar
     . Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL
       bytes). (Nikita Popov)
   
   - Reflection:
     . Fixed bug #60968 (Late static binding doesn't work with 
       ReflectionMethod::invokeArgs()). (Laruence)
   
   - SPL:
     . Fixed bug #61453 (SplObjectStorage does not identify objects correctly).
       (Gustavo)
     . Fixed bug #61347 (inconsistent isset behavior of Arrayobject). (Laruence)
   
   - Standard:
     . Fixed memory leak in substr_replace. (Pierrick)
     . Make max_file_uploads ini directive settable outside of php.ini (Rasmus)
     . Fixed bug #61409 (Bad formatting on phpinfo()). (Jakub Vrana)
     . Fixed bug #60222 (time_nanosleep() does validate input params). (Ilia)
     . Fixed bug #60106 (stream_socket_server silently truncates long unix socket
       paths). (Ilia)
   
   - XMLRPC:
     . Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary
       variable). (Nikita Popov)
     . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikita
       Popov)
   
   - Zlib:
     . Fixed bug #61306 (initialization of global inappropriate for ZTS). (Gustavo)
     . Fixed bug #61287 (A particular string fails to decompress). (Mike)
     . Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikita Popov)
   
   01 Mar 2012, PHP 5.4.0 
   
   - Installation:
     . autoconf 2.59+ is now supported (and required) for generating the
       configure script with ./buildconf. Autoconf 2.60+ is desirable
       otherwise the configure help order may be incorrect.  (Rasmus, Chris Jones)
   
   - Removed legacy features:
     . break/continue $var syntax. (Dmitry)
     . Safe mode and all related php.ini options. (Kalle)
     . register_globals and register_long_arrays php.ini options. (Kalle)
     . import_request_variables(). (Kalle)
     . allow_call_time_pass_reference. (Pierrick)
     . define_syslog_variables php.ini option and its associated function. (Kalle)
     . highlight.bg php.ini option. (Kalle)
     . safe_mode, safe_mode_gid, safe_mode_include_dir,
       safe_mode_exec_dir, safe_mode_allowed_env_vars and
       safe_mode_protected_env_vars php.ini options.
     . zend.ze1_compatibility_mode php.ini option.
     . Session bug compatibility mode (session.bug_compat_42 and
       session.bug_compat_warn php.ini options). (Kalle)
     . session_is_registered(), session_register() and session_unregister()
       functions. (Kalle)
     . y2k_compliance php.ini option. (Kalle)
     . magic_quotes_gpc, magic_quotes_runtime and magic_quotes_sybase
       php.ini options. get_magic_quotes_gpc, get_magic_quotes_runtime are kept
       but always return false, set_magic_quotes_runtime raises an
       E_CORE_ERROR. (Pierrick, Pierre)
     . Removed support for putenv("TZ=..") for setting the timezone. (Derick)
     . Removed the timezone guessing algorithm in case the timezone isn't set with
       date.timezone or date_default_timezone_set(). Instead of a guessed
       timezone, "UTC" is now used instead. (Derick)
   
   - Moved extensions to PECL:
     . ext/sqlite.  (Note: the ext/sqlite3 and ext/pdo_sqlite extensions are
       not affected) (Johannes)
   
   - General improvements:
     . Added short array syntax support ([1,2,3]), see UPGRADING guide for full
       details. (rsky0711 at gmail . com, sebastian.deutsch at 9elements . com,
       Pierre)
     . Added binary number format (0b001010). (Jonah dot Harris at gmail dot com)
     . Added support for Class::{expr}() syntax (Pierrick)
     . Added multibyte support by default. Previously PHP had to be compiled
       with --enable-zend-multibyte.  Now it can be enabled or disabled through
       the zend.multibyte directive in php.ini. (Dmitry)
     . Removed compile time dependency from ext/mbstring (Dmitry)
     . Added support for Traits. (Stefan, with fixes by Dmitry and Laruence)
     . Added closure $this support back. (Stas)
     . Added array dereferencing support. (Felipe)
     . Added callable typehint. (Hannes)
     . Added indirect method call through array. FR #47160. (Felipe)
     . Added DTrace support. (David Soria Parra)
     . Added class member access on instantiation (e.g. (new foo)->bar()) support.
       (Felipe)
     . <?= is now always available regardless of the short_open_tag setting. (Rasmus)
     . Implemented Zend Signal Handling (configurable option --enable-zend-signals, 
       off by default). (Lucas Nealan, Arnaud Le Blanc, Brian Shire, Ilia)
     . Improved output layer, see README.NEW-OUTPUT-API for internals. (Mike)
     . Improved UNIX build system to allow building multiple PHP binary SAPIs and
       one SAPI module the same time. FR #53271, FR #52419. (Jani)
     . Implemented closure rebinding as parameter to bindTo. (Gustavo Lopes)
     . Improved the warning message of incompatible arguments. (Laruence)
     . Improved ternary operator performance when returning arrays. (Arnaud, Dmitry)
     . Changed error handlers to only generate docref links when the docref_root 
       php.ini setting is not empty. (Derick)
     . Changed silent conversion of array to string to produce a notice. (Patrick)
     . Changed default encoding from ISO-8859-1 to UTF-8 when not specified in
       htmlspecialchars and htmlentities. (Rasmus)
     . Changed casting of null/''/false into an Object when adding a property
       from E_STRICT into a warning. (Scott)
     . Changed E_ALL to include E_STRICT. (Stas)
     . Disabled Windows CRT warning by default, can be enabled again using the
       php.ini directive windows_show_crt_warnings. (Pierre)
     . Fixed bug #55378: Binary number literal returns float number though its
       value is small enough. (Derick)
   
   - Improved Zend Engine memory usage: (Dmitry)
     . Improved parse error messages. (Felipe)
     . Replaced zend_function.pass_rest_by_reference by
       ZEND_ACC_PASS_REST_BY_REFERENCE in zend_function.fn_flags.
     . Replaced zend_function.return_reference by ZEND_ACC_RETURN_REFERENCE
       in zend_function.fn_flags.
     . Removed zend_arg_info.required_num_args as it was only needed for internal
       functions. Now the first arg_info for internal functions (which has special
       meaning) is represented by the zend_internal_function_info structure.
     . Moved zend_op_array.size, size_var, size_literal, current_brk_cont,
       backpatch_count into CG(context) as they are used only during compilation.
     . Moved zend_op_array.start_op into EG(start_op) as it's used only for
       'interactive' execution of a single top-level op-array.
     . Replaced zend_op_array.done_pass_two by ZEND_ACC_DONE_PASS_TWO in
       zend_op_array.fn_flags.
     . op_array.vars array is trimmed (reallocated) during pass_two.
     . Replaced zend_class_entry.constants_updated by ZEND_ACC_CONSTANTS_UPDATED
       in zend_class_entry.ce_flags.
     . Reduced the size of zend_class_entry by sharing the same memory space
       by different information for internal and user classes.
       See zend_class_entry.info union.
     . Reduced size of temp_variable.
   
   - Improved Zend Engine - performance tweaks and optimizations: (Dmitry)
     . Inlined most probable code-paths for arithmetic operations directly into
       executor.
     . Eliminated unnecessary iterations during request startup/shutdown.
     . Changed $GLOBALS into a JIT autoglobal, so it's initialized only if used.
       (this may affect opcode caches!)
     . Improved performance of @ (silence) operator.
     . Simplified string offset reading. Given $str="abc" then $str[1][0] is now
       a legal construct.
     . Added caches to eliminate repeatable run-time bindings of functions,
       classes, constants, methods and properties.
     . Added concept of interned strings. All strings constants known at compile
       time are allocated in a single copy and never changed.
     . ZEND_RECV now always has IS_CV as its result.
     . ZEND_CATCH now has to be used only with constant class names.
     . ZEND_FETCH_DIM_? may fetch array and dimension operands in different order.
     . Simplified ZEND_FETCH_*_R operations. They can't be used with the
       EXT_TYPE_UNUSED flag any more. This is a very rare and useless case.
       ZEND_FREE might be required after them instead.
     . Split ZEND_RETURN into two new instructions ZEND_RETURN and
       ZEND_RETURN_BY_REF.
     . Optimized access to global constants using values with pre-calculated
       hash_values from the literals table.
     . Optimized access to static properties using executor specialization.
       A constant class name may be used as a direct operand of ZEND_FETCH_*
       instruction without previous ZEND_FETCH_CLASS.
     . zend_stack and zend_ptr_stack allocation is delayed until actual usage.
   
   - Other improvements to Zend Engine:
     . Added an optimization which saves memory and emalloc/efree calls for empty
       HashTables. (Stas, Dmitry)
     . Added ability to reset user opcode handlers (Yoram).
     . Changed the structure of op_array.opcodes. The constant values are moved from
       opcode operands into a separate literal table. (Dmitry)
     . Fixed (disabled) inline-caching for ZEND_OVERLOADED_FUNCTION methods.
       (Dmitry)
   
   - Improved core functions:
     . Enforce an extended class' __construct arguments to match the
       abstract constructor in the base class.
     . Disallow reusing superglobal names as parameter names.
     . Added optional argument to debug_backtrace() and debug_print_backtrace()
       to limit the amount of stack frames returned. (Sebastian, Patrick)
     . Added hex2bin() function. (Scott)
     . number_format() no longer truncates multibyte decimal points and thousand
       separators to the first byte. FR #53457. (Adam)
     . Added support for object references in recursive serialize() calls.
       FR #36424. (Mike)
     . Added support for SORT_NATURAL and SORT_FLAG_CASE in array
       sort functions (sort, rsort, ksort, krsort, asort, arsort and
       array_multisort). FR#55158 (Arpad)
     . Added stream metadata API support and stream_metadata() stream class
       handler. (Stas)
     . User wrappers can now define a stream_truncate() method that responds
       to truncation, e.g. through ftruncate(). FR #53888. (Gustavo)
     . Improved unserialize() performance.
       (galaxy dot mipt at gmail dot com, Kalle)
     . Changed array_combine() to return empty array instead of FALSE when both
       parameter arrays are empty. FR #34857. (joel.perras@gmail.com)
     . Fixed bug #61095 (Incorect lexing of 0x00*+<NUM>). (Etienne)
     . Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with
       $double=false). (Gustavo)
     . Fixed bug #60895 (Possible invalid handler usage in windows random
       functions). (Pierre)
     . Fixed bug #60879 (unserialize() Does not invoke __wakeup() on object).
       (Pierre, Steve)
     . Fixed bug #60825 (Segfault when running symfony 2 tests).
       (Dmitry, Laruence)
     . Fixed bug #60627 (httpd.worker segfault on startup with php_value).
     . Fixed bug #60613 (Segmentation fault with $cls->{expr}() syntax). (Dmitry)
     . Fixed bug #60611 (Segmentation fault with Cls::{expr}() syntax). (Laruence)
       (Laruence)
     . Fixed bug #60558 (Invalid read and writes). (Laruence)
     . Fixed bug #60444 (Segmentation fault with include & class extending).
       (Laruence, Dmitry).
     . Fixed bug #60362 (non-existent sub-sub keys should not have values).
       (Laruence, alan_k, Stas)
     . Fixed bug #60350 (No string escape code for ESC (ascii 27), normally \e).
       (php at mickweiss dot com)
     . Fixed bug #60321 (ob_get_status(true) no longer returns an array when
       buffer is empty). (Pierrick)
     . Fixed bug #60282 (Segfault when using ob_gzhandler() with open buffers).
       (Laruence)
     . Fixed bug #60240 (invalid read/writes when unserializing specially crafted
       strings). (Mike)
     . Fixed bug #60227 (header() cannot detect the multi-line header with
        CR(0x0D)). (rui)
     . Fixed bug #60174 (Notice when array in method prototype error).
       (Laruence)
     . Fixed bug #60169 (Conjunction of ternary and list crashes PHP).
       (Laruence)
     . Fixed bug #60038 (SIGALRM cause segfault in php_error_cb). (Laruence)
       (klightspeed at netspace dot net dot au)
     . Fixed bug #55871 (Interruption in substr_replace()). (Stas)
     . Fixed bug #55801 (Behavior of unserialize has changed). (Mike)
     . Fixed bug #55758 (Digest Authenticate missed in 5.4) . (Laruence)
     . Fixed bug #55748 (multiple NULL Pointer Dereference with zend_strndup())
       (CVE-2011-4153). (Stas)
     . Fixed bug #55124 (recursive mkdir fails with current (dot) directory in path).
       (Pierre)
     . Fixed bug #55084 (Function registered by header_register_callback is
       called only once per process). (Hannes)
     . Implement FR #54514 (Get php binary path during script execution).
       (Laruence)
     . Fixed bug #52211 (iconv() returns part of string on error). (Felipe)
     . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry)
   
   - Improved generic SAPI support: 
     . Added $_SERVER['REQUEST_TIME_FLOAT'] to include microsecond precision. 
       (Patrick)
     . Added header_register_callback() which is invoked immediately
       prior to the sending of headers and after default headers have
       been added. (Scott)
     . Added http_response_code() function. FR #52555. (Paul Dragoonis, Kalle)
     . Fixed bug #55500 (Corrupted $_FILES indices lead to security concern).
       (CVE-2012-1172). (Stas)
     . Fixed bug #54374 (Insufficient validating of upload name leading to 
       corrupted $_FILES indices). (CVE-2012-1172). (Stas, lekensteyn at gmail dot com)
   
   - Improved CLI SAPI:
     . Added built-in web server that is intended for testing purpose. 
       (Moriyoshi, Laruence, and fixes by Pierre, Derick, Arpad,
       chobieee at gmail dot com)
     . Added command line option --rz <name> which shows information of the
       named Zend extension. (Johannes)
     . Interactive readline shell improvements: (Johannes)
       . Added "cli.pager" php.ini setting to set a pager for output.
       . Added "cli.prompt" php.ini setting to configure the shell prompt.
       . Added shortcut #inisetting=value to change php.ini settings at run-time.
       . Changed shell not to terminate on fatal errors.
       . Interactive shell works with shared readline extension. FR #53878.
   
   - Improved CGI/FastCGI SAPI: (Dmitry)
     . Added apache compatible functions: apache_child_terminate(),
       getallheaders(), apache_request_headers() and apache_response_headers()
     . Improved performance of FastCGI request parsing.
     . Fixed reinitialization of SAPI callbacks after php_module_startup().
       (Dmitry)
   
   - Improved PHP-FPM SAPI:
     . Removed EXPERIMENTAL flag. (fat)
     . Fixed bug #60659 (FPM does not clear auth_user on request accept).
       (bonbons at linux-vserver dot org)
   
   - Improved Litespeed SAPI:
     . Fixed bug #55769 (Make Fails with "Missing Separator" error). (Adam)
   
   - Improved Date extension:
     . Added the + modifier to parseFromFormat to allow trailing text in the
       string to parse without throwing an error. (Stas, Derick)
   
   - Improved DBA extension:
     . Added Tokyo Cabinet abstract DB support. (Michael Maclean)
     . Added Berkeley DB 5 support. (Johannes, Chris Jones)
   
   - Improved DOM extension:
     . Added the ability to pass options to loadHTML (Chregu, fxmulder at gmail dot com)
   
   - Improved filesystem functions:
     . scandir() now accepts SCANDIR_SORT_NONE as a possible sorting_order value.
       FR #53407. (Adam)
   
   - Improved HASH extension:
     . Added Jenkins's one-at-a-time hash support. (Martin Jansen)
     . Added FNV-1 hash support. (Michael Maclean)
     . Made Adler32 algorithm faster. FR #53213. (zavasek at yandex dot ru)
     . Removed Salsa10/Salsa20, which are actually stream ciphers (Mike)
     . Fixed bug #60221 (Tiger hash output byte order) (Mike)
   
   - Improved intl extension:
     . Added Spoofchecker class, allows checking for visibly confusable characters and
       other security issues. (Scott)
     . Added Transliterator class, allowing transliteration of strings. 
       (Gustavo)
     . Added support for UTS #46. (Gustavo)
     . Fixed build on Fedora 15 / Ubuntu 11. (Hannes)
     . Fixed bug #55562 (grapheme_substr() returns false on big length). (Stas)
   
   - Improved JSON extension:
     . Added new json_encode() option JSON_UNESCAPED_UNICODE. FR #53946.
       (Alexander, Gwynne)
     . Added JsonSerializable interface. (Sara)
     . Added JSON_BIGINT_AS_STRING, extended json_decode() sig with $options.
       (Sara)
     . Added support for JSON_NUMERIC_CHECK option in json_encode() that converts
       numeric strings to integers. (Ilia)
     . Added new json_encode() option JSON_UNESCAPED_SLASHES. FR #49366. (Adam)
     . Added new json_encode() option JSON_PRETTY_PRINT. FR #44331. (Adam)
   
   - Improved LDAP extension:
     . Added paged results support. FR #42060. (ando@OpenLDAP.org,
       iarenuno@eteo.mondragon.edu, jeanseb@au-fil-du.net, remy.saissy@gmail.com)
   
   - Improved mbstring extension:
     . Added Shift_JIS/UTF-8 Emoji (pictograms) support. (Rui)
     . Added JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004)
       support. (Rui)
     . Ill-formed UTF-8 check for security enhancements. (Rui)
     . Added MacJapanese (Shift_JIS) and gb18030 encoding support. (Rui)
     . Added encode/decode in hex format to mb_[en|de]code_numericentity(). (Rui)
     . Added user JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004)
       support. (Rui)
     . Added the user defined area for CP936 and CP950 (Rui).
     . Fixed bug #60306 (Characters lost while converting from cp936 to utf8).
       (Laruence)
   
   - Improved MySQL extensions:
     . MySQL: Deprecated mysql_list_dbs(). FR #50667. (Andrey)
     . mysqlnd: Added named pipes support. FR #48082. (Andrey)
     . MySQLi: Added iterator support in MySQLi. mysqli_result implements
       Traversable. (Andrey, Johannes)
     . PDO_mysql: Removed support for linking with MySQL client libraries older
       than 4.1. (Johannes)
     . ext/mysql, mysqli and pdo_mysql now use mysqlnd by default. (Johannes)
     . Fixed bug #55473 (mysql_pconnect leaks file descriptors on reconnect). 
       (Andrey, Laruence)
     . Fixed bug #55653 (PS crash with libmysql when binding same variable as 
       param and out). (Laruence)
   
   - Improved OpenSSL extension:
     . Added AES support. FR #48632. (yonas dot y at gmail dot com, Pierre)
     . Added no padding option to openssl_encrypt()/openssl_decrypt(). (Scott)
     . Use php's implementation for Windows Crypto API in
       openssl_random_pseudo_bytes. (Pierre)
     . On error in openssl_random_pseudo_bytes() made sure we set strong result
       to false. (Scott)
     . Fixed possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
       CVE-2011-3389. (Scott)
     . Fixed bug #61124 (Crash when decoding an invalid base64 encoded string).
       (me at ktamura dot com, Scott)
   
   - Improved PDO:
     . Fixed PDO objects binary incompatibility. (Dmitry)
   
   - PDO DBlib driver:
     . Added nextRowset support.
     . Fixed bug #50755 (PDO DBLIB Fails with OOM).
   
   - Improved PostgreSQL extension:
     . Added support for "extra" parameter for PGNotify().
       (r dot i dot k at free dot fr, Ilia)
   
   - Improved PCRE extension:
     . Changed third parameter of preg_match_all() to optional. FR #53238. (Adam)
   
   - Improved Readline extension:
     . Fixed bug #54450 (Enable callback support when built against libedit).
       (fedora at famillecollet dot com, Hannes)
   
   - Improved Reflection extension:
     . Added ReflectionClass::newInstanceWithoutConstructor() to create a new
       instance of a class without invoking its constructor. FR #55490.
       (Sebastian)
     . Added ReflectionExtension::isTemporary() and
       ReflectionExtension::isPersistent() methods. (Johannes)
     . Added ReflectionZendExtension class. (Johannes)
     . Added ReflectionClass::isCloneable(). (Felipe)
   
   - Improved Session extension:
     . Expose session status via new function, session_status (FR #52982) (Arpad)
     . Added support for object-oriented session handlers. (Arpad)
     . Added support for storing upload progress feedback in session data. (Arnaud)
     . Changed session.entropy_file to default to /dev/urandom or /dev/arandom if
       either is present at compile time. (Rasmus)
     . Fixed bug #60860 (session.save_handler=user without defined function core
       dumps). (Felipe)
     . Implement FR #60551 (session_set_save_handler should support a core's
       session handler interface). (Arpad)
     . Fixed bug #60640 (invalid return values). (Arpad)
   
   - Improved SNMP extension (Boris Lytochkin):
     . Added OO API. FR #53594 (php-snmp rewrite).
     . Sanitized return values of existing functions. Now it returns FALSE on
       failure.
     . Allow ~infinite OIDs in GET/GETNEXT/SET queries. Autochunk them to max_oids
       upon request.
     . Introducing unit tests for extension with ~full coverage.
     . IPv6 support. (FR #42918)
     . Way of representing OID value can now be changed when SNMP_VALUE_OBJECT
       is used for value output mode. Use or'ed SNMP_VALUE_LIBRARY(default if
       not specified) or SNMP_VALUE_PLAIN. (FR #54502)
     . Fixed bug #60749 (SNMP module should not strip non-standard SNMP port
       from hostname). (Boris Lytochkin)
     . Fixed bug #60585 (php build fails with USE flag snmp when IPv6 support
       is disabled). (Boris Lytochkin)
     . Fixed bug #53862 (snmp_set_oid_output_format does not allow returning to default)
     . Fixed bug #46065 (snmp_set_quick_print() persists between requests)
     . Fixed bug #45893 (Snmp buffer limited to 2048 char)
     . Fixed bug #44193 (snmp v3 noAuthNoPriv doesn't work)
   
   - Improved SOAP extension:
     . Added new SoapClient option "keep_alive". FR #60329. (Pierrick)
     . Fixed basic HTTP authentication for WSDL sub requests. (Dmitry)
   
   - Improved SPL extension:
     . Added RegexIterator::getRegex() method. (Joshua Thijssen)
     . Added SplObjectStorage::getHash() hook. (Etienne)
     . Added CallbackFilterIterator and RecursiveCallbackFilterIterator. (Arnaud)
     . Added missing class_uses(..) as pointed out by #55266 (Stefan)
     . Immediately reject wrong usages of directories under Spl(Temp)FileObject
       and friends. (Etienne, Pierre)
     . FilesystemIterator, GlobIterator and (Recursive)DirectoryIterator now use
       the default stream context. (Hannes)
     . Fixed bug #60201 (SplFileObject::setCsvControl does not expose third
       argument via Reflection). (Peter)
     . Fixed bug #55287 (spl_classes() not includes CallbackFilter classes)
       (sasezaki at gmail dot com, salathe)
   
   - Improved Sysvshm extension:
     . Fixed bug #55750 (memory copy issue in sysvshm extension).
       (Ilia, jeffhuang9999 at gmail dot com)
   
   - Improved Tidy extension:
     . Fixed bug #54682 (Tidy::diagnose() NULL pointer dereference).
       (Maksymilian Arciemowicz, Felipe)
   
   - Improved Tokenizer extension:
     . Fixed bug #54089 (token_get_all with regards to __halt_compiler is
       not binary safe). (Nikita Popov)
   
   - Improved XSL extension:
     . Added XsltProcessor::setSecurityPrefs($options) and getSecurityPrefs() to
       define forbidden operations within XSLT stylesheets, default is not to
       enable write operations from XSLT. Bug #54446 (Chregu, Nicolas Gregoire)
     . XSL doesn't stop transformation anymore, if a PHP function can't be called
       (Christian)
   
   - Improved ZLIB extension:
     . Re-implemented non-file related functionality. (Mike)
     . Fixed bug #55544 (ob_gzhandler always conflicts with zlib.output_compression).
       (Mike)
   
 02 Feb 2012, PHP 5.3.10  02 Feb 2012, PHP 5.3.10
   
 - Core:  - Core:
Line 10  PHP                                                    Line 585  PHP                                                   
   
 - Core:  - Core:
   . Added max_input_vars directive to prevent attacks based on hash collisions    . Added max_input_vars directive to prevent attacks based on hash collisions
    (Dmitry).    (CVE-2011-4885) (Dmitry).
   . Fixed bug #60205 (possible integer overflow in content_length). (Laruence)    . Fixed bug #60205 (possible integer overflow in content_length). (Laruence)
   . Fixed bug #60139 (Anonymous functions create cycles not detected by the    . Fixed bug #60139 (Anonymous functions create cycles not detected by the
     GC). (Dmitry)      GC). (Dmitry)
Line 89  PHP                                                    Line 664  PHP                                                   
   
 - EXIF:  - EXIF:
   . Fixed bug #60150 (Integer overflow during the parsing of invalid exif    . Fixed bug #60150 (Integer overflow during the parsing of invalid exif
    header). (Stas, flolechaud at gmail dot com)    header). (CVE-2011-4566) (Stas, flolechaud at gmail dot com)
   
 - Fileinfo:  - Fileinfo:
   . Fixed bug #60094 (C++ comment fails in c89). (Laruence)    . Fixed bug #60094 (C++ comment fails in c89). (Laruence)
Line 179  PHP                                                    Line 754  PHP                                                   
 - Phar:  - Phar:
   . Fixed bug #60261 (NULL pointer dereference in phar). (Felipe)    . Fixed bug #60261 (NULL pointer dereference in phar). (Felipe)
   . Fixed bug #60164 (Stubs of a specific length break phar_open_from_fp    . Fixed bug #60164 (Stubs of a specific length break phar_open_from_fp
       scanning for __HALT_COMPILER). (Ralph Schindler)
   . Fixed bug #53872 (internal corruption of phar). (Hannes)    . Fixed bug #53872 (internal corruption of phar). (Hannes)
   . Fixed bug #52013 (Unable to decompress files in a compressed phar). (Hannes)    . Fixed bug #52013 (Unable to decompress files in a compressed phar). (Hannes)
     scanning for __HALT_COMPILER). (Ralph Schindler)  
   
 - PHP-FPM SAPI:  - PHP-FPM SAPI:
     . Dropped restriction of not setting the same value multiple times, the last
       one holds. (giovanni at giacobbi dot net, fat)
     . Added .phar to default authorized extensions. (fat)
   . Fixed bug #60659 (FPM does not clear auth_user on request accept).    . Fixed bug #60659 (FPM does not clear auth_user on request accept).
     (bonbons at linux-vserver dot org)      (bonbons at linux-vserver dot org)
   . Fixed bug #60629 (memory corruption when web server closed the fcgi fd).    . Fixed bug #60629 (memory corruption when web server closed the fcgi fd).
     (fat)      (fat)
     . Enhance error log when the primary script can't be open. FR #60199. (fat)
   . Fixed bug #60179 (php_flag and php_value does not work properly). (fat)    . Fixed bug #60179 (php_flag and php_value does not work properly). (fat)
  . Fixed bug #55526 (Heartbeat causes a lot of unnecessary events). (fat)  . Fixed bug #55577 (status.html does not install). (fat)
   . Fixed bug #55533 (The -d parameter doesn't work). (fat)    . Fixed bug #55533 (The -d parameter doesn't work). (fat)
  . Implemented FR #52569 (Add the "ondemand" process-manager  . Fixed bug #55526 (Heartbeat causes a lot of unnecessary events). (fat)
    to allow zero children). (fat) 
   . Fixed bug #55486 (status show BIG processes number). (fat)    . Fixed bug #55486 (status show BIG processes number). (fat)
  . Fixed bug #55577 (status.html does not install). (fat)  . Enhanced security by limiting access to user defined extensions.
  . Backported from 5.4 branch (Dropped restriction of not setting the same    FR #55181. (fat)
    value multiple times, the last one holds).  . Added process.max to control the number of process FPM can fork. FR #55166.
    (giovanni at giacobbi dot net, fat)    (fat)
  . Backported FR #55166 from 5.4 branch (Added process.max to control 
    the number of process FPM can fork). (fat) 
  . Backported FR #55181 from 5.4 branch (Enhance security by limiting access 
    to user defined extensions). (fat) 
  . Backported FR #54098 from 5.4 branch (Lowered process manager 
    default value). (fat) 
  . Backported FR #52052 from 5.4 branch (Added partial syslog support). (fat) 
   . Implemented FR #54577 (Enhanced status page with full status and details    . Implemented FR #54577 (Enhanced status page with full status and details
     about each processes. Also provide a web page (status.html) for      about each processes. Also provide a web page (status.html) for
     real-time FPM status. (fat)      real-time FPM status. (fat)
  . Enhance error log when the primary script can't be open. FR #60199. (fat)  . Lowered default value for Process Manager. FR #54098. (fat)
  . Added .phar to default authorized extensions. (fat)  . Implemented FR #52569 (Add the "ondemand" process-manager
     to allow zero children). (fat)
   . Added partial syslog support (on error_log only). FR #52052. (fat)
   
 - Postgres:  - Postgres:
   . Fixed bug #60244 (pg_fetch_* functions do not validate that row param     . Fixed bug #60244 (pg_fetch_* functions do not validate that row param 
Line 751  PHP                                                    Line 1324  PHP                                                   
   
 - Tokenizer Extension  - Tokenizer Extension
   . Fixed bug #54089 (token_get_all() does not stop after __halt_compiler).    . Fixed bug #54089 (token_get_all() does not stop after __halt_compiler).
    (Ilia)    (Nikita Popov, Ilia)
   
 - XSL extension:  - XSL extension:
   . Fixed memory leaked introduced by the NULL poisoning patch.    . Fixed memory leaked introduced by the NULL poisoning patch.
Removed from v.1.1.1.1  
changed lines
  Added in v.1.1.1.2

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>