version 1.1.1.4, 2013/10/14 08:02:08
|
version 1.1.1.5, 2014/06/15 20:03:41
|
Line 1
|
Line 1
|
PHP NEWS |
PHP NEWS |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| |
|
29 May 2014, PHP 5.4.29 |
|
|
|
- COM: |
|
. Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol) |
|
|
|
- Core: |
|
. Fixed bug #65701 (copy() doesn't work when destination filename is created |
|
by tempnam()). (Boro Sitnikovski) |
|
. Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol) |
|
. Fixed bug #67245 (usage of memcpy() with overlapping src and dst in |
|
zend_exceptions.c). (Bob) |
|
. Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas) |
|
. Fixed bug #67249 (printf out-of-bounds read). (Stas) |
|
. Fixed bug #67250 (iptcparse out-of-bounds read). (Stas) |
|
. Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas) |
|
|
|
- Date: |
|
. Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol) |
|
. Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas) |
|
. Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas) |
|
|
|
- DOM: |
|
. Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, |
|
not only the subset). (Anatol) |
|
|
|
- Fileinfo: |
|
. Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol) |
|
. Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS). |
|
(CVE-2014-0238) |
|
. Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in |
|
performance degradation). (CVE-2014-0237) |
|
|
|
- FPM: |
|
. Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor). |
|
(Julio Pintos) |
|
|
|
- Phar: |
|
. Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent |
|
in its name). (PR #588) |
|
|
|
01 May 2014, PHP 5.4.28 |
|
|
|
- Core: |
|
. Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike) |
|
. Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace |
|
UNIX sockets). (Mike) |
|
. Fixed bug #66171 (Symlinks and session handler allow open_basedir bypass). |
|
(Jann Horn, Stas) |
|
. Fixed bug #66182 (exit in stream filter produces segfault). (Mike) |
|
. Fixed bug #66736 (fpassthru broken). (Mike) |
|
. Fixed bug #67024 (getimagesize should recognize BMP files with negative |
|
height). (Gabor Buella) |
|
. Fixed bug #67033 (Remove reference to Windows 95). (Anatol) |
|
|
|
- cURL: |
|
. Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent). |
|
(Freek Lijten) |
|
|
|
- Date: |
|
. Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is |
|
supplied). (Boro Sitnikovski) |
|
|
|
- Embed: |
|
. Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol) |
|
|
|
- Fileinfo: |
|
. Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian). |
|
(Remi) |
|
|
|
- FPM: |
|
. Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf). |
|
. Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure |
|
default configuration) (CVE-2014-0185). (Stas) |
|
|
|
- JSON: |
|
. Fixed bug #66021 (Blank line inside empty array/object when |
|
JSON_PRETTY_PRINT is set). (Kevin Israel) |
|
|
|
- LDAP: |
|
. Fixed issue with null bytes in LDAP bindings. (Matthew Daley) |
|
|
|
- OpenSSL: |
|
. Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma) |
|
. Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma) |
|
|
|
- SimpleXML: |
|
. Fixed bug #66084 (simplexml_load_string() mangles empty node name) |
|
(Anatol) |
|
|
|
- XSL: |
|
. Fixed bug #53965 (<xsl:include> cannot find files with relative paths |
|
when loaded with "file://"). (Anatol) |
|
|
|
- Apache2 Handler SAPI: |
|
. Fixed Apache log issue caused by APR's lack of support for %zu |
|
(APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120). |
|
(Jeff Trawick) |
|
|
|
03 Apr 2014, PHP 5.4.27 |
|
|
|
- Core: |
|
. Fixed bug #60602 (proc_open() changes environment array) (Tjerk) |
|
|
|
- Fileinfo: |
|
. Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular |
|
expression). (CVE-2013-7345) (Remi) |
|
|
|
- FPM: |
|
. Added clear_env configuration directive to disable clearenv() call. |
|
(Github PR# 598, Paul Annesley) |
|
|
|
- GMP |
|
. Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre) |
|
|
|
- Mail: |
|
. Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk) |
|
|
|
- MySQLi: |
|
. Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed) |
|
(Remi) |
|
|
|
- Openssl: |
|
. Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi) |
|
|
|
06 Mar 2014, PHP 5.4.26 |
|
|
|
- JSON: |
|
. Fixed bug #65753 (JsonSerializeable couldn't implement on module extension) |
|
(chobieeee@php.net) |
|
|
|
- Fileinfo: |
|
. Fixed bug #66731 (file: infinite recursion). (CVE-2014-1943) (Remi) |
|
. Fixed bug #66820 (out-of-bounds memory access in fileinfo). (Remi) |
|
|
|
- LDAP: |
|
. Implemented ldap_modify_batch (https://wiki.php.net/rfc/ldap_modify_batch). |
|
(Ondřej Hošek) |
|
|
|
- Openssl: |
|
. Fixed bug #66501 (Add EC key support to php_openssl_is_private_key). |
|
(Mark Zedwood) |
|
|
|
- Pgsql: |
|
. Added warning for dangerous client encoding and remove possible injections |
|
for pg_insert()/pg_update()/pg_delete()/pg_select(). (Yasuo) |
|
|
|
06 Feb 2014, PHP 5.4.25 |
|
|
|
- Core: |
|
. Fixed bug #66286 (Incorrect object comparison with inheritance). (Nikita) |
|
. Fixed bug #66509 (copy() arginfo has changed starting from 5.4). |
|
(Will Fitch) |
|
|
|
- mysqlnd: |
|
. Fixed bug #66283 (Segmentation fault after memory_limit). (Johannes) |
|
|
|
- PDO_pgsql: |
|
. Fixed bug #62479 (PDO-psql cannot connect if password contains spaces). |
|
(Will Fitch, Ilia) |
|
|
|
- Session: |
|
. Fixed bug #66481 (Calls to session_name() segfault when session.name is |
|
null). (Laruence) |
|
|
|
10 Jan 2014, PHP 5.4.24 |
|
|
|
- Core: |
|
. Added validation of class names in the autoload process. (Dmitry) |
|
. Fixed invalid C code in zend_strtod.c. (Lior Kaplan) |
|
. Fixed bug #61645 (fopen and O_NONBLOCK). (Mike) |
|
|
|
- Date: |
|
. Fixed bug #66060 (Heap buffer over-read in DateInterval). (CVE-2013-6712) |
|
(Remi) |
|
. Fixed bug #63391 (Incorrect/inconsistent day of week prior to the year |
|
1600). (Derick, T. Carter) |
|
. Fixed bug #61599 (Wrong Day of Week). (Derick, T. Carter) |
|
|
|
- DOM: |
|
. Fixed bug #65196 (Passing DOMDocumentFragment to DOMDocument::saveHTML() |
|
Produces invalid Markup). (Mike) |
|
|
|
- Exif: |
|
. Fixed bug #65873 (Integer overflow in exif_read_data()). (Stas) |
|
|
|
- Filter: |
|
. Fixed bug #66229 (128.0.0.0/16 isn't reserved any longer). (Adam) |
|
|
|
- GD: |
|
. Fixed bug #64405 (Use freetype-config for determining freetype2 dir(s)). |
|
(Adam) |
|
|
|
- PDO_odbc: |
|
. Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries). |
|
(michael at orlitzky dot com) |
|
|
|
- SNMP: |
|
. Fixed SNMP_ERR_TOOBIG handling for bulk walk operations. (Boris Lytochkin) |
|
|
|
- XSL |
|
. Fixed bug #49634 (Segfault throwing an exception in a XSL registered |
|
function). (Mike) |
|
|
|
- ZIP: |
|
. Fixed Bug #66321 (ZipArchive::open() ze_obj->filename_len not real). (Remi) |
|
|
|
12 Dec 2013, PHP 5.4.23 |
|
|
|
- Core: |
|
. Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a |
|
string). (Laruence) |
|
. Fixed bug #65969 (Chain assignment with T_LIST failure). (Dmitry) |
|
. Fixed bug #65947 (basename is no more working after fgetcsv in certain |
|
situation). (Laruence) |
|
|
|
- JSON |
|
. Fixed whitespace part of bug #64874 ("json_decode handles whitespace and |
|
case-sensitivity incorrectly"). (Andrea Faulds) |
|
|
|
- MySQLi: |
|
. Fixed bug #66043 (Segfault calling bind_param() on mysqli). (Laruence) |
|
|
|
- mysqlnd: |
|
. Fixed bug #66124 (mysqli under mysqlnd loses precision when bind_param |
|
with 'i'). (Andrey) |
|
. Fixed bug #66141 (mysqlnd quote function is wrong with NO_BACKSLASH_ESCAPES |
|
after failed query). (Andrey) |
|
|
|
- Openssl: |
|
. Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). |
|
(Stefan Esser). |
|
|
|
- PDO |
|
. Fixed bug 65946 (sql_parser permanently converts values bound to strings) |
|
|
|
14 Nov 2013, PHP 5.4.22 |
|
|
|
- Core: |
|
. Fixed bug #65911 (scope resolution operator - strange behavior with $this). |
|
(Bob Weinand) |
|
|
|
- CLI server: |
|
. Fixed bug #65818 (Segfault with built-in webserver and chunked transfer |
|
encoding). (Felipe) |
|
|
|
- Exif: |
|
. Fixed crash on unknown encoding. (Draal) |
|
|
|
- FTP: |
|
. Fixed bug #65667 (ftp_nb_continue produces segfault). (Philip Hofstetter) |
|
|
|
- ODBC: |
|
. Fixed bug #65950 (Field name truncation if the field name is bigger than |
|
32 characters). (patch submitted by: michael dot y at zend dot com, Yasuo) |
|
|
|
- PDO: |
|
. Fixed bug #66033 (Segmentation Fault when constructor of PDO statement |
|
throws an exception). (Laruence) |
|
|
|
- Sockets: |
|
. Fixed bug #65808 (the socket_connect() won't work with IPv6 address). |
|
(Mike) |
|
|
|
- Standard: |
|
. Fixed bug #64760 (var_export() does not use full precision for floating-point |
|
numbers) (Yasuo) |
|
. Fixed bug #66395 (basename function doesn't remove drive letter). (Anatol) |
|
|
|
- XMLReader: |
|
. Fixed bug #51936 (Crash with clone XMLReader). (Mike) |
|
. Fixed bug #64230 (XMLReader does not suppress errors). (Mike) |
|
|
|
|
|
17 Oct 2013, PHP 5.4.21 |
|
|
|
- Core: |
|
. Fixed bug #65322 (compile time errors won't trigger auto loading). (Nikita) |
|
|
|
- CLI server: |
|
. Fixed bug #65633 (built-in server treat some http headers as |
|
case-sensitive). (Adam) |
|
|
|
- Datetime: |
|
. Fixed bug #64157 (DateTime::createFromFormat() reports confusing error |
|
message). (Boro Sitnikovski) |
|
|
|
- DBA extension: |
|
. Fixed bug #65708 (dba functions cast $key param to string in-place, |
|
bypassing copy on write). (Adam) |
|
|
|
- Filter: |
|
. Add RFC 6598 IPs to reserved addresses. (Sebastian Nohn) |
|
. Fixed bug #64441 (FILTER_VALIDATE_URL rejects fully qualified domain names). |
|
(Syra) |
|
|
|
- IMAP: |
|
. Fixed bug #65721 (configure script broken in 5.5.4 and 5.4.20 when enabling |
|
imap). (ryotakatsuki at gmail dot com) |
|
|
|
- Standard: |
|
. Fixed bug #61548 (content-type must appear at the end of headers for 201 |
|
Location to work in http). (Mike) |
|
|
|
- Build system: |
|
. Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing |
|
gzencode())). (Mike) |
|
|
|
|
19 Sep 2013, PHP 5.4.20 |
19 Sep 2013, PHP 5.4.20 |
|
|
- Core: |
- Core: |
Line 427 PHP
|
Line 735 PHP
|
. Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam) |
. Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam) |
|
|
- Litespeed: |
- Litespeed: |
. Fixed bug #63228 (-Werror=format-security error in lsapi code). (George) | . Fixed bug #63228 (-Werror=format-security error in lsapi code). |
| (Elan Ruusamäe, George) |
|
|
- ext/sqlite3: |
- ext/sqlite3: |
. Fixed bug #63921 (sqlite3::bindvalue and relative PHP functions aren't |
. Fixed bug #63921 (sqlite3::bindvalue and relative PHP functions aren't |