embedaddon/php/NEWS - diff

Return to NEWS CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / php

Diff for /embedaddon/php/NEWS between versions 1.1.1.3 and 1.1.1.5

-version 1.1.1.3, 2013/07/22 01:31:37
+version 1.1.1.5, 2014/06/15 20:03:41
  Line 1
  PHP                                                                        NEWS
  |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+May 2014, PHP 5.4.29
+ - COM:
+   . Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)
+ - Core:
+   . Fixed bug #65701 (copy() doesn't work when destination filename is created
+     by tempnam()). (Boro Sitnikovski)
+   . Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
+   . Fixed bug #67245 (usage of memcpy() with overlapping src and dst in
+     zend_exceptions.c). (Bob)
+   . Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
+   . Fixed bug #67249 (printf out-of-bounds read). (Stas)
+   . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
+   . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
+ - Date:
+   . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
+   . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
+   . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
+ - DOM:
+   . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
+     not only the subset). (Anatol)
+  - Fileinfo:
+    . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
+    . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS).
+      (CVE-2014-0238)
+    . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
+      performance degradation). (CVE-2014-0237)
+ - FPM:
+   . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
+     (Julio Pintos)
+ - Phar:
+   . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
+     in its name). (PR #588)
+May 2014, PHP 5.4.28
+ - Core:
+   . Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
+   . Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace
+     UNIX sockets). (Mike)
+   . Fixed bug #66171 (Symlinks and session handler allow open_basedir bypass).
+     (Jann Horn, Stas)
+   . Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
+   . Fixed bug #66736 (fpassthru broken). (Mike)
+   . Fixed bug #67024 (getimagesize should recognize BMP files with negative
+     height). (Gabor Buella)
+   . Fixed bug #67033 (Remove reference to Windows 95). (Anatol)
+ - cURL:
+   . Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
+     (Freek Lijten)
+ - Date:
+   . Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is
+     supplied). (Boro Sitnikovski)
+ - Embed:
+   . Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol)
+ - Fileinfo:
+   . Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
+     (Remi)
+ - FPM:
+   . Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
+   . Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure
+     default configuration) (CVE-2014-0185). (Stas)
+ - JSON:
+   . Fixed bug #66021 (Blank line inside empty array/object when
+     JSON_PRETTY_PRINT is set). (Kevin Israel)
+ - LDAP:
+   . Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
+ - OpenSSL:
+   . Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
+   . Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)
+ - SimpleXML:
+   . Fixed bug #66084 (simplexml_load_string() mangles empty node name)
+     (Anatol)
+ - XSL:
+   . Fixed bug #53965 (<xsl:include> cannot find files with relative paths
+     when loaded with "file://"). (Anatol)
+ - Apache2 Handler SAPI:
+   . Fixed Apache log issue caused by APR's lack of support for %zu
+     (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120).
+     (Jeff Trawick)
+Apr 2014, PHP 5.4.27
+ - Core:
+   . Fixed bug #60602 (proc_open() changes environment array) (Tjerk)
+ - Fileinfo:
+   . Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular
+     expression). (CVE-2013-7345) (Remi)
+ - FPM:
+   . Added clear_env configuration directive to disable clearenv() call.
+     (Github PR# 598, Paul Annesley)
+ - GMP
+   . Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre)
+ - Mail:
+   . Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)
+ - MySQLi:
+   . Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)
+     (Remi)
+ - Openssl:
+   . Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)
+Mar 2014, PHP 5.4.26
+ - JSON:
+   . Fixed bug #65753 (JsonSerializeable couldn't implement on module extension)
+   (chobieeee@php.net)
+ - Fileinfo:
+   . Fixed bug #66731 (file: infinite recursion). (CVE-2014-1943) (Remi)
+   . Fixed bug #66820 (out-of-bounds memory access in fileinfo). (Remi)
+ - LDAP:
+   . Implemented ldap_modify_batch (https://wiki.php.net/rfc/ldap_modify_batch).
+   (Ondřej Hošek)
+ - Openssl:
+   . Fixed bug #66501 (Add EC key support to php_openssl_is_private_key).
+   (Mark Zedwood)
+ - Pgsql:
+   . Added warning for dangerous client encoding and remove possible injections
+     for pg_insert()/pg_update()/pg_delete()/pg_select(). (Yasuo)
+Feb 2014, PHP 5.4.25
+ - Core:
+   . Fixed bug #66286 (Incorrect object comparison with inheritance). (Nikita)
+   . Fixed bug #66509 (copy() arginfo has changed starting from 5.4).
+     (Will Fitch)
+ - mysqlnd:
+   . Fixed bug #66283 (Segmentation fault after memory_limit). (Johannes)
+ - PDO_pgsql:
+   . Fixed bug #62479 (PDO-psql cannot connect if password contains spaces).
+     (Will Fitch, Ilia)
+ - Session:
+   . Fixed bug #66481 (Calls to session_name() segfault when session.name is
+     null). (Laruence)
+Jan 2014, PHP 5.4.24
+ - Core:
+   . Added validation of class names in the autoload process. (Dmitry)
+   . Fixed invalid C code in zend_strtod.c. (Lior Kaplan)
+   . Fixed bug #61645 (fopen and O_NONBLOCK). (Mike)
+ - Date:
+   . Fixed bug #66060 (Heap buffer over-read in DateInterval). (CVE-2013-6712)
+     (Remi)
+   . Fixed bug #63391 (Incorrect/inconsistent day of week prior to the year
+). (Derick, T. Carter)
+   . Fixed bug #61599 (Wrong Day of Week). (Derick, T. Carter)
+ - DOM:
+   . Fixed bug #65196 (Passing DOMDocumentFragment to DOMDocument::saveHTML()
+     Produces invalid Markup). (Mike)
+ - Exif:
+   . Fixed bug #65873 (Integer overflow in exif_read_data()). (Stas)
+ - Filter:
+   . Fixed bug #66229 (128.0.0.0/16 isn't reserved any longer). (Adam)
+ - GD:
+   . Fixed bug #64405 (Use freetype-config for determining freetype2 dir(s)).
+     (Adam)
+ - PDO_odbc:
+   . Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries).
+     (michael at orlitzky dot com)
+ - SNMP:
+   . Fixed SNMP_ERR_TOOBIG handling for bulk walk operations. (Boris Lytochkin)
+ - XSL
+   . Fixed bug #49634 (Segfault throwing an exception in a XSL registered
+     function). (Mike)
+ - ZIP:
+   . Fixed Bug #66321 (ZipArchive::open() ze_obj->filename_len not real). (Remi)
+Dec 2013, PHP 5.4.23
+ - Core:
+   . Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a
+     string). (Laruence)
+   . Fixed bug #65969 (Chain assignment with T_LIST failure). (Dmitry)
+   . Fixed bug #65947 (basename is no more working after fgetcsv in certain
+     situation). (Laruence)
+ - JSON
+   . Fixed whitespace part of bug #64874 ("json_decode handles whitespace and
+     case-sensitivity incorrectly"). (Andrea Faulds)
+ - MySQLi:
+   . Fixed bug #66043 (Segfault calling bind_param() on mysqli). (Laruence)
+ - mysqlnd:
+   . Fixed bug #66124 (mysqli under mysqlnd loses precision when bind_param
+     with 'i'). (Andrey)
+   . Fixed bug #66141 (mysqlnd quote function is wrong with NO_BACKSLASH_ESCAPES
+     after failed query). (Andrey)
+ - Openssl:
+   . Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420).
+     (Stefan Esser).
+ - PDO
+   . Fixed bug 65946 (sql_parser permanently converts values bound to strings)
+Nov 2013, PHP 5.4.22
+ - Core:
+   . Fixed bug #65911 (scope resolution operator - strange behavior with $this).
+     (Bob Weinand)
+ - CLI server:
+   . Fixed bug #65818 (Segfault with built-in webserver and chunked transfer
+     encoding). (Felipe)
+ - Exif:
+   . Fixed crash on unknown encoding. (Draal)
+ - FTP:
+   . Fixed bug #65667 (ftp_nb_continue produces segfault). (Philip Hofstetter)
+ - ODBC:
+   . Fixed bug #65950 (Field name truncation if the field name is bigger than
+characters). (patch submitted by: michael dot y at zend dot com, Yasuo)
+ - PDO:
+   . Fixed bug #66033 (Segmentation Fault when constructor of PDO statement
+     throws an exception). (Laruence)
+ - Sockets:
+   . Fixed bug #65808 (the socket_connect() won't work with IPv6 address).
+     (Mike)
+ - Standard:
+   . Fixed bug #64760 (var_export() does not use full precision for floating-point
+     numbers) (Yasuo)
+   . Fixed bug #66395 (basename function doesn't remove drive letter). (Anatol)
+ - XMLReader:
+   . Fixed bug #51936 (Crash with clone XMLReader). (Mike)
+   . Fixed bug #64230 (XMLReader does not suppress errors). (Mike)
+Oct 2013, PHP 5.4.21
+ - Core:
+   . Fixed bug #65322 (compile time errors won't trigger auto loading). (Nikita)
+ - CLI server:
+   . Fixed bug #65633 (built-in server treat some http headers as
+     case-sensitive). (Adam)
+ - Datetime:
+   . Fixed bug #64157 (DateTime::createFromFormat() reports confusing error
+     message). (Boro Sitnikovski)
+ - DBA extension:
+   . Fixed bug #65708 (dba functions cast $key param to string in-place,
+     bypassing copy on write). (Adam)
+ - Filter:
+   . Add RFC 6598 IPs to reserved addresses. (Sebastian Nohn)
+   . Fixed bug #64441 (FILTER_VALIDATE_URL rejects fully qualified domain names).
+     (Syra)
+ - IMAP:
+   . Fixed bug #65721 (configure script broken in 5.5.4 and 5.4.20 when enabling
+     imap). (ryotakatsuki at gmail dot com)
+ - Standard:
+   . Fixed bug #61548 (content-type must appear at the end of headers for 201
+     Location to work in http). (Mike)
+ - Build system:
+   . Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing
+     gzencode())). (Mike)
+Sep 2013, PHP 5.4.20
+ - Core:
+   . Fixed bug #60598 (cli/apache sapi segfault on objects manipulation).
+     (Laruence)
+   . Fixed bug #65579 (Using traits with get_class_methods causes segfault).
+     (Adam)
+   . Fixed bug #65490 (Duplicate calls to get lineno & filename for
+     DTRACE_FUNCTION_*). (Chris Jones)
+   . Fixed bug #65483 (quoted-printable encode stream filter incorrectly encoding
+     spaces). (Michael M Slusarz)
+   . Fixed bug #65481 (shutdown segfault due to serialize) (Mike)
+   . Fixed bug #65470 (Segmentation fault in zend_error() with
+     --enable-dtrace). (Chris Jones, Kris Van Hees)
+   . Fixed bug #65372 (Segfault in gc_zval_possible_root when return reference
+     fails). (Laruence)
+   . Fixed bug #65304 (Use of max int in array_sum). (Laruence)
+   . Fixed bug #65291 (get_defined_constants() causes PHP to crash in a very
+     limited case). (Arpad)
+   . Fixed bug #65225 (PHP_BINARY incorrectly set). (Patrick Allaert)
+   . Improved fix for bug #63186 (compile failure on netbsd). (Matteo)
+   . Fixed bug #62692 (PHP fails to build with DTrace). (Chris Jones, Kris Van Hees)
+   . Fixed bug #61759 (class_alias() should accept classes with leading
+     backslashes). (Julien)
+   . Fixed bug #61345 (CGI mode - make install don't work). (Michael Heimpold)
+   . Cherry-picked some DTrace build commits (allowing builds on Linux,
+     bug #62691, and bug #63706) from PHP 5.5 branch
+   . Fixed bug #61268 (--enable-dtrace leads make to clobber
+     Zend/zend_dtrace.d) (Chris Jones)
+ - cURL:
+   . Fixed bug #65458 (curl memory leak). (Adam)
+ - Datetime:
+   . Fixed bug #65554 (createFromFormat broken when weekday name is followed
+     by some delimiters). (Valentin Logvinskiy, Stas).
+   . Fixed bug #65564 (stack-buffer-overflow in DateTimeZone stuff caught
+     by AddressSanitizer). (Remi).
+ - Openssl:
+   . Fixed bug #64802 (openssl_x509_parse fails to parse subject properly in
+     some cases). (Mark Jones)
+ - Session:
+   . Fixed bug #62129 (rfc1867 crashes php even though turned off). (gxd305 at
+     gmail dot com)
+   . Fixed bug #50308 (session id not appended properly for empty anchor tags).
+     (Arpad)
+   . Fixed possible buffer overflow under Windows. Note: Not a security fix.
+     (Yasuo)
+   . Changed session.auto_start to PHP_INI_PERDIR. (Yasuo)
+ - SOAP:
+   . Fixed bug #65018 (SoapHeader problems with SoapServer). (Dmitry)
+ - SPL:
+   . Fixed bug #65328 (Segfault when getting SplStack object Value). (Laruence)
+ - PDO:
+   . Fixed bug #64953 (Postgres prepared statement positional parameter
+     casting). (Mike)
+ - Phar:
+   . Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for
+     some specific contents). (Stas)
+ - Pgsql:
+   . Fixed bug #65336 (pg_escape_literal/identifier() silently returns false).
+     (Yasuo)
+   . Fixed bug #62978 (Disallow possible SQL injections with pg_select()/pg_update()
+     /pg_delete()/pg_insert()). (Yasuo)
+ - Zlib:
+   . Fixed bug #65391 (Unable to send vary header user-agent when
+     ob_start('ob_gzhandler') is called) (Mike)
+Aug 2013, PHP 5.4.19
+ - Core:
+   . Fixed bug #64503 (Compilation fails with error: conflicting types for
+     'zendparse'). (Laruence)
+ - Openssl:
+   . Fixed UMR in fix for CVE-2013-4248.
+Aug 2013, PHP 5.4.18
+ - Core:
+   . Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS constant (previously was
+     erroneously set to FILTER_SANITIZE_SPECIAL_CHARS value). (Andrey
+     avp200681 gmail com).
+   . Fixed bug #65254 (Exception not catchable when exception thrown in autoload
+     with a namespace). (Laruence)
+   . Fixed bug #65108 (is_callable() triggers Fatal Error).
+     (David Soria Parra, Laruence)
+   . Fixed bug #65088 (Generated configure script is malformed on OpenBSD).
+     (Adam)
+   . Fixed bug #62964 (Possible XSS on "Registered stream filters" info).
+     (david at nnucomputerwhiz dot com)
+   . Fixed bug #62672 (Error on serialize of ArrayObject). (Lior Kaplan)
+   . Fixed bug #62475 (variant_* functions causes crash when null given as an
+     argument). (Felipe)
+   . Fixed bug #60732 (php_error_docref links to invalid pages). (Jakub Vrana)
+   . Fixed bug #65226 (chroot() does not get enabled). (Anatol)
+ - CGI:
+   . Fixed Bug #65143 (Missing php-cgi man page). (Remi)
+ - CLI server:
+   . Fixed bug #65066 (Cli server not responsive when responding with 422 http
+     status code). (Adam)
+ - CURL:
+   . Fixed bug #62665 (curl.cainfo doesn't appear in php.ini). (Lior Kaplan)
+ - FPM:
+   . Fixed bug #63983 (enabling FPM borks compile on FreeBSD).
+     (chibisuke at web dot de, Felipe)
+ - FTP:
+   . Fixed bug #65228 (FTPs memory leak with SSL).
+     (marco dot beierer at mbsecurity dot ch)
+ - GMP:
+   . Fixed bug #65227 (Memory leak in gmp_cmp second parameter). (Felipe)
+ - Imap:
+   . Fixed bug #64467 (Segmentation fault after imap_reopen failure).
+     (askalski at gmail dot com)
+ - Intl:
+   . Fixed bug #62759 (Buggy grapheme_substr() on edge case). (Stas)
+   . Fixed bug #61860 (Offsets may be wrong for grapheme_stri* functions).
+     (Stas)
+ - mysqlnd:
+   . Fixed segfault in mysqlnd when doing long prepare. (Andrey)
+ - ODBC:
+   . Fixed bug #61387 (NULL valued anonymous column causes segfault in
+     odbc_fetch_array). (Brandon Kirsch)
+ - Openssl:
+   . Fixed handling null bytes in subjectAltName (CVE-2013-4248).
+     (Christian Heimes)
+ - PDO:
+   . Allowed PDO_OCI to compile with Oracle Database 12c client libraries.
+     (Chris Jones)
+ - PDO_dblib:
+   . Fixed bug #65219 (PDO/dblib not working anymore ("use dbName" not sent)).
+     (Stanley Sufficool)
+ - PDO_pgsql:
+   . Fixed meta data retrieve when OID is larger than 2^31. (Yasuo)
+ - Phar:
+   . Fixed Bug #65142 (Missing phar man page). (Remi)
+ - Session
+   . Fixed bug #62535 ($_SESSION[$key]["cancel_upload"] doesn't work as
+     documented). (Arpad)
+   . Fixed bug #35703 (when session_name("123") consist only digits,
+     should warning). (Yasuo)
+   . Fixed bug #49175 (mod_files.sh does not support hash bits). Patch by
+     oorza2k5 at gmail dot com (Yasuo)
+ - Sockets:
+   . Implemented FR #63472 (Setting SO_BINDTODEVICE with socket_set_option).
+     (Damjan Cvetko)
+ - SPL:
+   . Fixed bug #65136 (RecursiveDirectoryIterator segfault). (Laruence)
+   . Fixed bug #61828 (Memleak when calling Directory(Recursive)Iterator
+     /Spl(Temp)FileObject ctor twice). (Laruence)
+   . Fixed bug #60560 (SplFixedArray un-/serialize, getSize(), count() return 0,
+     keys are strings). (Adam)
+ - XML:
+   . Fixed bug #65236 (heap corruption in xml parser, CVE-2013-4113). (Rob)
 Jul 2013, PHP 5.4.17
  - Core:
- Line 47  PHP
+ Line 537  PHP
  - pgsql:
    . Fixed bug #64609 (pg_convert enum type support). (Matteo)
+   . Fixed bug #65015 (pg_send_query does not flush send buffer)
+        patch submitted by: adam at vektah dot net (Yasuo)
  - Readline:
    . Implement FR #55694 (Expose additional readline variable to prevent
- Line 243  PHP
+ Line 735  PHP
    . Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam)
  - Litespeed:
-  . Fixed bug #63228 (-Werror=format-security error in lsapi code). (George)
+  . Fixed bug #63228 (-Werror=format-security error in lsapi code).
+    (Elan Ruusamäe, George)
  - ext/sqlite3:
    . Fixed bug #63921 (sqlite3::bindvalue and relative PHP functions aren't

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.1.1.3
changed lines
	Added in v.1.1.1.5