The PHP development team would like to announce the immediate availability of PHP 5.3.1. This release focuses on improving the stability of the PHP 5.3.x branch with over 100 bug fixes, some of which are security related. All users of PHP are encouraged to upgrade to this release.
Security Enhancements and Fixes in PHP 5.3.1:
* Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.
* Added missing sanity checks around exif processing.
* Fixed a safe_mode bypass in tempnam().
* Fixed a open_basedir bypass in posix_mkfifo().
* Fixed failing safe_mode_include_dir.
Further details about the PHP 5.3.1 release can be found in the release announcement (http://www.php.net/releases/5_3_1.php), and the full list of changes are available in the ChangeLog (http://www.php.net/ChangeLog-5.php#5.3.1).
Security Enhancements and Fixes in PHP 5.3.2:
* Improved LCG entropy. (Rasmus, Samy Kamkar)
* Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
* Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)
Key Bug Fixes in PHP 5.3.2 include:
* Added support for SHA-256 and SHA-512 to php's crypt.
* Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check.
* Fixed bug #51059 (crypt crashes when invalid salt are given).
* Fixed bug #50940 Custom content-length set incorrectly in Apache sapis.
* Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long).
* Fixed bug #50723 (Bug in garbage collector causes crash).
* Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16).
* Fixed bug #50632 (filter_input() does not return default value if the variable does not exist).
* Fixed bug #50540 (Crash while running ldap_next_reference test cases).
* Fixed bug #49851 (http wrapper breaks on 1024 char long headers).
* Over 60 other bug fixes.
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
22 Jul 2010, PHP 5.3.3
- Upgraded bundled sqlite to version 3.6.23.1. (Ilia)
- Upgraded bundled PCRE to version 8.02. (Ilia)
- Added support for JSON_NUMERIC_CHECK option in json_encode() that converts
numeric strings to integers. (Ilia)
- Added stream_set_read_buffer, allows to set the buffer for read operation.
(Pierre)
- Added stream filter support to mcrypt extension (ported from
mcrypt_filter). (Stas)
- Added full_special_chars filter to ext/filter. (Rasmus)
- Added backlog socket context option for stream_socket_server(). (Mike)
- Added fifth parameter to openssl_encrypt()/openssl_decrypt()
(string $iv) to use non-NULL IV.
Made implicit use of NULL IV a warning. (Sara)
- Added openssl_cipher_iv_length(). (Sara)
- Added FastCGI Process Manager (FPM) SAPI. (Tony)
- Added recent Windows versions to php_uname and fix undefined windows
version support. (Pierre)
- Added Berkeley DB 5 support to the DBA extension. (Johannes, Chris Jones)
- Added support for copy to/from array/file for pdo_pgsql extension.
(Denis Gasparin, Ilia)
- Added inTransaction() method to PDO, with specialized support for Postgres.
(Ilia, Denis Gasparin)
- Changed namespaced classes so that the ctor can only be named
__construct now. (Stas)
- Reset error state in PDO::beginTransaction() reset error state. (Ilia)
- Implemented FR#51295 (SQLite3::busyTimeout not existing). (Mark)
- Implemented FR#35638 (Adding udate to imap_fetch_overview results).
(Charles_Duffy at dell dot com )
- Rewrote var_export() to use smart_str rather than output buffering, prevents
data disclosure if a fatal error occurs (CVE-2010-2531). (Scott)
- Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user.
(Andrey)
- Fixed possible buffer overflows when handling error packets in mysqlnd.
Reported by Stefan Esser. (Andrey)
- Fixed very rare memory leak in mysqlnd, when binding thousands of columns.
(Andrey)
- Fixed a crash when calling an inexistent method of a class that inherits
PDOStatement if instantiated directly instead of doing by the PDO methods.
(Felipe)
- Fixed memory leak on error in mcrypt_create_iv on Windows. (Pierre)
- Fixed a possible crash because of recursive GC invocation. (Dmitry)
- Fixed a possible resource destruction issues in shm_put_var().
Reported by Stefan Esser. (Dmitry)
- Fixed a possible information leak because of interruption of XOR operator.
Reported by Stefan Esser. (Dmitry)
- Fixed a possible memory corruption because of unexpected call-time pass by
refernce and following memory clobbering through callbacks.
Reported by Stefan Esser. (Dmitry)
- Fixed a possible memory corruption in ArrayObject::uasort(). Reported by
Stefan Esser. (Dmitry)
- Fixed a possible memory corruption in parse_str(). Reported by Stefan Esser.
(Dmitry)
- Fixed a possible memory corruption in pack(). Reported by Stefan Esser.
(Dmitry)
- Fixed a possible memory corruption in substr_replace(). Reported by Stefan
Esser. (Dmitry)
- Fixed a possible memory corruption in addcslashes(). Reported by Stefan
Esser. (Dmitry)
- Fixed a possible stack exhaustion inside fnmatch(). Reported by Stefan
Esser. (Ilia)
- Fixed a possible dechunking filter buffer overflow. Reported by Stefan Esser.
(Pierre)
- Fixed a possible arbitrary memory access inside sqlite extension. Reported
by Mateusz Kocielski. (Ilia)
- Fixed string format validation inside phar extension. Reported by Stefan
Esser. (Ilia)
- Fixed handling of session variable serialization on certain prefix
characters. Reported by Stefan Esser. (Ilia)
- Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
- Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas)
- Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas)
- Fixed the mail.log ini setting when no filename was given. (Johannes)
- Fixed bug #52317 (Segmentation fault when using mail() on a rhel 4.x (only 64
bit)). (Adam)
- Fixed bug #52262 (json_decode() shows no errors on invalid UTF-8).
(Scott)
- Fixed bug #52240 (hash_copy() does not copy the HMAC key, causes wrong
results and PHP crashes). (Felipe)
- Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
(Johannes)
- Fixed bug #52193 (converting closure to array yields empty array). (Felipe)
- Fixed bug #52183 (Reflectionfunction reports invalid number of arguments for
function aliases). (Felipe)
- Fixed bug #52162 (custom request header variables with numbers are removed).
(Sriram Natarajan)
- Fixed bug #52160 (Invalid E_STRICT redefined constructor error). (Felipe)
- Fixed bug #52138 (Constants are parsed into the ini file for section names).
(Felipe)
- Fixed bug #52115 (mysqli_result::fetch_all returns null, not an empty array).
(Andrey)
- Fixed bug #52101 (dns_get_record() garbage in 'ipv6' field on Windows).
(Pierre)
- Fixed bug #52082 (character_set_client & character_set_connection reset after
mysqli_change_user()). (Andrey)
- Fixed bug #52043 (GD doesn't recognize latest libJPEG versions).
(php at group dot apple dot com, Pierre)
- Fixed bug #52041 (Memory leak when writing on uninitialized variable returned
from function). (Dmitry)
- Fixed bug #52060 (Memory leak when passing a closure to method_exists()).
(Felipe)
- Fixed bug #52057 (ReflectionClass fails on Closure class). (Felipe)
- Fixed bug #52051 (handling of case sensitivity of old-style constructors
changed in 5.3+). (Felipe)
- Fixed bug #52037 (Concurrent builds fail in install-programs). (seanius at
debian dot org, Kalle)
- Fixed bug #52019 (make lcov doesn't support TESTS variable anymore). (Patrick)
- Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command).
(Ilia)
- Fixed bug #52001 (Memory allocation problems after using variable variables).
(Dmitry)
- Fixed bug #51991 (spl_autoload and *nix support with namespace). (Felipe)
- Fixed bug #51943 (AIX: Several files are out of ANSI spec). (Kalle,
coreystup at gmail dot com)
- Fixed bug #51911 (ReflectionParameter::getDefaultValue() memory leaks with
constant array). (Felipe)
- Fixed bug #51905 (ReflectionParameter fails if default value is an array
with an access to self::). (Felipe)
- Fixed bug #51899 (Parse error in parse_ini_file() function when empy value
followed by no newline). (Felipe)
- Fixed bug #51844 (checkdnsrr does not support types other than MX). (Pierre)
- Fixed bug #51827 (Bad warning when register_shutdown_function called with
wrong num of parameters). (Felipe)
- Fixed bug #51822 (Segfault with strange __destruct() for static class
variables). (Dmitry)
- Fixed bug #51791 (constant() aborts execution when fail to check undefined
constant). (Felipe)
- Fixed bug #51732 (Fileinfo __construct or open does not work with NULL).
(Pierre)
- Fixed bug #51725 (xmlrpc_get_type() returns true on invalid dates). (Mike)
- Fixed bug #51723 (Content-length header is limited to 32bit integer with
Apache2 on Windows). (Pierre)
- Fixed bug #51721 (mark DOMNodeList and DOMNamedNodeMap as Traversable).
(David Zuelke)
- Fixed bug #51712 (Test mysql_mysqlnd_read_timeout_long must fail on MySQL4).
(Andrey)
- Fixed bug #51697 (Unsafe operations in free_storage of SPL iterators,
causes crash during shutdown). (Etienne)
- Fixed bug #51690 (Phar::setStub looks for case-sensitive
__HALT_COMPILER()). (Ilia)
- Fixed bug #51688 (ini per dir crashes when invalid document root are given).
(Pierre)
- Fixed bug #51671 (imagefill does not work correctly for small images).
(Pierre)
- Fixed bug #51670 (getColumnMeta causes segfault when re-executing query
after calling nextRowset). (Pierrick)
- Fixed bug #51647 Certificate file without private key (pk in another file)
doesn't work. (Andrey)
- Fixed bug #51629 (CURLOPT_FOLLOWLOCATION error message is misleading).
(Pierre)
- Fixed bug #51627 (script path not correctly evaluated).
(russell dot tempero at rightnow dot com)
- Fixed bug #51624 (Crash when calling mysqli_options()). (Felipe)
- Fixed bug #51615 (PHP crash with wrong HTML in SimpleXML). (Felipe)
- Fixed bug #51609 (pg_copy_to: Invalid results when using fourth parameter).
(Felipe)
- Fixed bug #51608 (pg_copy_to: WARNING: nonstandard use of \\ in a string
literal). (cbandy at jbandy dot com)
- Fixed bug #51607 (pg_copy_from does not allow schema in the tablename
argument). (cbandy at jbandy dot com)
- Fixed bug #51605 (Mysqli - zombie links). (Andrey)
- Fixed bug #51604 (newline in end of header is shown in start of message).
(Daniel Egeberg)
- Fixed bug #51590 (JSON_ERROR_UTF8 is undefined). (Felipe)
- Fixed bug #51583 (Bus error due to wrong alignment in mysqlnd). (Rainer Jung)
- Fixed bug #51582 (Don't assume UINT64_C it's ever available).
(reidrac at usebox dot net, Pierre)
- Fixed bug #51577 (Uninitialized memory reference with oci_bind_array_by_name)
(Oracle Corp.)
- Fixed bug #51562 (query timeout in mssql can not be changed per query).
(ejsmont dot artur at gmail dot com)
- Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory
issues). (Dmitry)
- Fixed bug #51445 (var_dump() invalid/slow *RECURSION* detection). (Felipe)
- Fixed bug #51435 (Missing ifdefs / logic bug in crypt code cause compile
errors). (Felipe)
- Fixed bug #51424 (crypt() function hangs after 3rd call). (Pierre, Sriram)
- Fixed bug #51394 (Error line reported incorrectly if error handler throws an
exception). (Stas)
- Fixed bug #51393 (DateTime::createFromFormat() fails if format string contains
timezone). (Adam)
- Fixed bug #51347 (mysqli_close / connection memory leak). (Andrey, Johannes)
- Fixed bug #51338 (URL-Rewriter is still enabled if use_only_cookies is
on). (Ilia, j dot jeising at gmail dot com)
- Fixed bug #51291 (oci_error doesn't report last error when called two times)
(Oracle Corp.)
- Fixed bug #51276 (php_load_extension() is missing when HAVE_LIBDL is
undefined). (Tony)
- Fixed bug #51273 (Faultstring property does not exist when the faultstring is
empty) (Ilia, dennis at transip dot nl)
- Fixed bug #51269 (zlib.output_compression Overwrites Vary Header). (Adam)
- Fixed bug #51257 (CURL_VERSION_LARGEFILE incorrectly used after libcurl
version 7.10.1). (aron dot ujvari at microsec dot hu)
- Fixed bug #51242 (Empty mysql.default_port does not default to 3306 anymore,
but 0). (Adam)
- Fixed bug #51237 (milter SAPI crash on startup). (igmar at palsenberg dot com)
- Fixed bug #51213 (pdo_mssql is trimming value of the money column). (Ilia,
alexr at oplot dot com)
- Fixed bug #51190 (ftp_put() returns false when transfer was successful).
(Ilia)
- Fixed bug #51183 (ext/date/php_date.c fails to compile with Sun Studio).
(Sriram Natarajan)
- Fixed bug #51176 (Static calling in non-static method behaves like $this->).
(Felipe)
- Fixed bug #51171 (curl_setopt() doesn't output any errors or warnings when
an invalid option is provided). (Ilia)
- Fixed bug #51128 (imagefill() doesn't work with large images). (Pierre)
- Fixed bug #51096 ('last day' and 'first day' are handled incorrectly when
parsing date strings). (Derick)
- Fixed bug #51086 (DBA DB4 doesn't work with Berkeley DB 4.8). (Chris Jones)
- Fixed bug #51062 (DBA DB4 uses mismatched headers and libraries). (Chris
Jones)
- Fixed bug #51026 (mysqli_ssl_set not working). (Andrey)
- Fixed bug #51023 (filter doesn't detect int overflows with GCC 4.4).
(Raphael Geissert)
- Fixed bug #50999 (unaligned memory access in dba_fetch()). (Felipe)
- Fixed bug #50976 (Soap headers Authorization not allowed).
(Brain France, Dmitry)
- Fixed bug #50828 (DOMNotation is not subclass of DOMNode). (Rob)
- Fixed bug #50810 (property_exists does not work for private). (Felipe)
- Fixed bug #50762 (in WSDL mode Soap Header handler function only being called
if defined in WSDL). (mephius at gmail dot com)
- Fixed bug #50731 (Inconsistent namespaces sent to functions registered with
spl_autoload_register). (Felipe)
- Fixed bug #50563 (removing E_WARNING from parse_url). (ralph at smashlabs dot
com, Pierre)
- Fixed bug #50578 (incorrect shebang in phar.phar). (Fedora at FamilleCollet
dot com)
- Fixed bug #50555 (DateTime::sub() allows 'relative' time modifications).
(Derick)
- Fixed bug #50392 (date_create_from_format enforces 6 digits for 'u' format
character). (Derick)
- Fixed bug #50383 (Exceptions thrown in __call / __callStatic do not include
file and line in trace). (Felipe)
- Fixed bug #50358 (Compile failure compiling ext/phar/util.lo). (Felipe)
- Fixed bug #50101 (name clash between global and local variable).
(patch by yoarvi at gmail dot com)
- Fixed bug #51002 (fix possible memory corruption with very long names).
(Pierre)
- Fixed bug #49893 (Crash while creating an instance of Zend_Mail_Storage_Pop3).
(Dmitry)
- Fixed bug #49819 (STDOUT losing data with posix_isatty()). (Mike)
- Fixed bug #49778 (DateInterval::format("%a") is always zero when an interval
is created from an ISO string). (Derick)
- Fixed bug #49700 (memory leaks in php_date.c if garbage collector is
enabled). (Dmitry)
- Fixed bug #49576 (FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus)
- Fixed bug #49490 (XPath namespace prefix conflict). (Rob)
- Fixed bug #49429 (odbc_autocommit doesn't work). (Felipe)
- Fixed bug #49320 (PDO returns null when SQLite connection fails). (Felipe)
- Fixed bug #49234 (mysqli_ssl_set not found). (Andrey)
- Fixed bug #49216 (Reflection doesn't seem to work properly on MySqli).
(Andrey)
- Fixed bug #49192 (PHP crashes when GC invoked on COM object). (Stas)
- Fixed bug #49081 (DateTime::diff() mistake if start in January and interval >
28 days). (Derick)
- Fixed bug #49059 (DateTime::diff() repeats previous sub() operation).
(yoarvi@gmail.com, Derick)
- Fixed bug #48983 (DomDocument : saveHTMLFile wrong charset). (Rob)
- Fixed bug #48930 (__COMPILER_HALT_OFFSET__ incorrect in PHP >= 5.3). (Felipe)
- Fixed bug #48902 (Timezone database fallback map is outdated). (Derick)
- Fixed bug #48781 (Cyclical garbage collector memory leak). (Dmitry)
- Fixed bug #48601 (xpath() returns FALSE for legitimate query). (Rob)
- Fixed bug #48361 (SplFileInfo::getPathInfo should return the
parent dir). (Etienne)
- Fixed bug #48289 (iconv_mime_encode() quoted-printable scheme is broken).
(Adam, patch from hiroaki dot kawai at gmail dot com).
- Fixed bug #47842 (sscanf() does not support 64-bit values). (Mike)
- Fixed bug #46111 (Some timezone identifiers can not be parsed). (Derick)
- Fixed bug #45808 (stream_socket_enable_crypto() blocks and eats CPU).
(vincent at optilian dot com)
- Fixed bug #43233 (sasl support for ldap on Windows). (Pierre)
- Fixed bug #35673 (formatOutput does not work with saveHTML). (Rob)
- Fixed bug #33210 (getimagesize() fails to detect width/height on certain Security Enhancements and Fixes in PHP 5.3.6:
* Enforce security in the fastcgi protocol parsing with fpm SAPI.
* Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153)
* Fixed bug #54193 (Integer overflow in shmop_read()). (CVE-2011-1092)
* Fixed bug #54055 (buffer overrun with high values for precision ini setting).
* Fixed bug #54002 (crash on crafted tag in exif). (CVE-2011-0708)
* Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (CVE-2011-0421)
Key enhancements in PHP 5.3.6 include:
* Upgraded bundled Sqlite3 to version 3.7.4.
* Upgraded bundled PCRE to version 8.11.
* Added ability to connect to HTTPS sites through proxy with basic authentication using stream_context/http/header/Proxy-Authorization.
* Added options to debug backtrace functions.
* Changed default value of ini directive serialize_precision from 100 to 17.
* Fixed Bug #53971 (isset() and empty() produce apparently spurious runtime error).
* Fixed Bug #53958 (Closures can't 'use' shared variables by value and by reference).
* Fixed bug #53577 (Regression introduced in 5.3.4 in open_basedir with a trailing forward slash).
* Over 60 other bug fixes.
Security Enhancements and Fixes in PHP 5.3.7:
Updated crypt_blowfish to 1.2. (CVE-2011-2483)
Fixed crash in error_log(). Reported by Mateusz Kocielski
Fixed buffer overflow on overlog salt in crypt().
Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)
Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)
Key enhancements in PHP 5.3.7 include:
Upgraded bundled Sqlite3 to version 3.7.7.1
Upgraded bundled PCRE to version 8.12
Fixed bug #54910 (Crash when calling call_user_func with unknown function name)
Fixed bug #54585 (track_errors causes segfault)
Fixed bug #54262 (Crash when assigning value to a dimension in a non-array)
Fixed a crash inside dtor for error handling
Fixed bug #55339 (Segfault with allow_call_time_pass_reference = Off)
Fixed bug #54935 php_win_err can lead to crash
Fixed bug #54332 (Crash in zend_mm_check_ptr // Heap corruption)
Fixed bug #54305 (Crash in gc_remove_zval_from_buffer)
Fixed bug #54580 (get_browser() segmentation fault when browscap ini directive is set through php_admin_value)
Fixed bug #54529 (SAPI crashes on apache_config.c:197)
Fixed bug #54283 (new DatePeriod(NULL) causes crash).
Fixed bug #54269 (Short exception message buffer causes crash)
Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries)
Fixed bug #54395 (Phar::mount() crashes when calling with wrong parameters)
Fixed bug #54384 (Dual iterators, GlobIterator, SplFileObject and SplTempFileObject crash when user-space classes don't call the parent constructor)
Fixed bug #54292 (Wrong parameter causes crash in SplFileObject::__construct())
Fixed bug #54291 (Crash iterating DirectoryIterator for dir name starting with \0)
Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator)
Fixed bug #54623 (Segfault when writing to a persistent socket after closing a copy of the socket)
Fixed bug #54681 (addGlob() crashes on invalid flags)
Over 80 other bug fixes.
Windows users: please mind that we do no longer provide builds created with Visual Studio C++ 6. It is impossible to maintain a high quality and safe build of PHP for Windows using this unmaintained compiler.Version 5.4.1
26-Apr-2012
CLI Server
Fixed bug #61461 (missing checks around malloc() calls).
Implemented #60850 (Built in web server does not set $_SERVER['SCRIPT_FILENAME'] when using router).
Core
Fixed crash in ZTS using same class in many threads.
Fixed bug #61374 (html_entity_decode tries to decode code points that don't exist in ISO-8859-1).
Fixed bug #61225 (Incorrect lexing of 0b00*+<NUM>).
Fixed bug #61106 (Segfault when using header_register_callback).
Fixed bug #61052 (Missing error check in trait 'insteadof' clause).
Fixed bug #61011 (Crash when an exception is thrown by __autoload accessing a static property).
Fixed bug #60978 (exit code incorrect).
Fixed bug #60911 (Confusing error message when extending traits).
Fixed bug #60717 (Order of traits in use statement can cause a fatal error).
Fixed bug #60573 (type hinting with "self" keyword causes weird errors).
Fileinfo
Fix fileinfo test problems.
Intl
Fixed bug #61487 (Incorrent bounds checking in grapheme_strpos).
mbstring
MFH mb_ereg_replace_callback() for security enhancements.
mysqlnd
Fixed bug #60948 (mysqlnd FTBFS when -Wformat-security is enabled).
Standard
Fixed memory leak in substr_replace.
Make max_file_uploads ini directive settable outside of php.
Fixed bug #61409 (Bad formatting on phpinfo()).
Fixed bug #60222 (time_nanosleep() does validate input params).
Fixed bug #60106 (stream_socket_server silently truncates long unix socket paths).Version 5.4.4
CLI SAPI
Implemented FR #61977 (Need CLI web-server support for files with .htm & svg extensions)
Improved performance while sending error page, this also fixed bug Fixed bug #61785 (Memory leak when access a non-exists file without router)
Fixed bug #61546 (functions related to current script failed when chdir() in cli sapi)
Core
Fixed missing bound check in iptcparse()
Fixed CVE-2012-2143
Fixed bug #62097 (fix for for bug #54547)
Fixed bug #62005 (unexpected behavior when incrementally assigning to a member of a null object)
Fixed bug #61978 (Object recursion not detected for classes that implement JsonSerializable)
Fixed bug #61991 (long overflow in realpath_cache_get())
Fixed bug #61922 (ZTS build doesn't accept zend.script_encoding config)
Fixed bug #61827 (incorrect \e processing on Windows)
Fixed bug #61782 (__clone/__destruct do not match other methods when checking access controls)
Fixed bug #61761 ('Overriding' a private static method with a different signature causes crash)
Fixed bug #61730 (Segfault from array_walk modifying an array passed by reference)
Fixed bug #61728 (PHP crash when calling ob_start in request_shutdown phase)
Fixed bug #61660 (bin2hex(hex2bin($data)) != $data)
Fixed bug #61650 (ini parser crashes when using ${xxxx} ini variables (without apache2))
Fixed bug #61605 (header_remove() does not remove all headers)
Fixed bug #54547 (wrong equality of string numbers)
Fixed bug #54197 ([PATH=] sections incompatibility with user_ini.filename set to null)
Changed php://fd to be available only for CLI
CURL
Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
COM
Fixed bug #62146 com_dotnet cannot be built shared
Fileinfo
Fixed bug #61812 (Uninitialised value used in libmagic)
FPM
Fixed bug #61812 (Uninitialised value used in libmagic)
Fixed bug #61565 where php_stream_open_wrapper_ex tries to open a directory descriptor under windows
Fixed bug #61566 failure caused by the posix lseek and read versions under windows in cdf_read()
Iconv
Fixed a bug that iconv extension fails to link to the correct library when another extension makes use of a library that links to the iconv library. See https://bugs.gentoo.org/show_bug.cgi?id=364139 for detail
Intl
Fixed bug #62082 (Memory corruption in internal function get_icu_disp_value_src_php()
JSON
Fixed bug #61537 (json_encode() incorrectly truncates/discards information)
LibXML
Fixed bug #61617 (Libxml tests failed(ht is already destroyed))
PDO
Fixed bug #61755 (A parsing bug in the prepared statements can lead to access violations)
Phar
Fixed bug #61065 (Secunia SA44335)
Streams
Fixed bug #61961 (file_get_contents leaks when access empty file with maxlen set)
zlib
Fixed bug #61820 (using ob_gzhandler will complain about headers already sent when no compression)
Fixed bug #61443 (can't change zlib.output_compression on the fly)
Fixed bug #60761 (zlib.output_compression fails on refresh)
Version 5.4.5
19-July-2012
Core
Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
Fixed bug #62432 (ReflectionMethod random corrupt memory on high concurrent)
Fixed bug #62373 (serialize() generates wrong reference to the object).
Fixed bug #62357 (compile failure: (S) Arguments missing for built-in function __memcmp)
Fixed bug #61998 (Using traits with method aliases appears to result in crash during execution)
Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that includes a semi-colon)
Fixed potential overflow in _php_stream_scandir (CVE-2012-2688)
EXIF
Fixed information leak in ext exi
FPM
Fixed bug #62205 (php-fpm segfaults (null passed to strstr)
Fixed bug #62160 (Add process.priority to set nice(2) priorities)
Fixed bug #62153 (when using unix sockets, multiples FPM instances)
Fixed bug #62033 (php-fpm exits with status 0 on some failures to start)
Fixed bug #61839 (Unable to cross-compile PHP with --enable-fpm)
Fixed bug #61835 (php-fpm is not allowed to run as root)
Fixed bug #61295 (php-fpm should not fail with commented 'user'
Fixed bug #61218 (FPM drops connection while receiving some binary values in FastCGI requests)
Fixed bug #61045 (fpm don't send error log to fastcgi clients). (fat) for non-root start)
Fixed bug #61026 (FPM pools can listen on the same address). (fat) can be launched without errors)
Iconv
Fixed bug #55042 (Erealloc in iconv.c unsafe)
Intl
Fixed bug #62083 (grapheme_extract() memory leaks)
Fixed bug #62081 (IntlDateFormatter constructor leaks memory when called twice)
Fixed bug #62070 (Collator::getSortKey() returns garbage)
Fixed bug #62017 (datefmt_create with incorrectly encoded timezone leaks pattern)
Fixed bug #60785 (memory leak in IntlDateFormatter constructor)
ResourceBundle constructor now accepts NULL for the first two arguments
JSON
Fixed bug #61359 (json_encode() calls too many reallocs)
libxml
Fixed bug #62266 (Custom extension segfaults during xmlParseFile with FPM SAPI)
Phar
Fixed bug #62227 (Invalid phar stream path causes crash)
Readline
Fixed bug #62186 (readline fails to compile - void function should not return a value)
Reflection
Fixed bug #62384 (Attempting to invoke a Closure more than once causes segfault)
Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory leaks with constant)
Sockets
Fixed bug #62025 (__ss_family was changed on AIX 5.3)
SPL
Fixed bug #62433 (Inconsistent behavior of RecursiveDirectoryIterator to dot files)
Fixed bug #62262 (RecursiveArrayIterator does not implement Countable)
XML Writer
Fixed bug #62064 (memory leak in the XML Writer module)
Zip
Upgraded libzip to 0.10.
Version 5.4.6
16-August-2012
CLI Server
Implemented FR #62700 (have the console output 'Listening on http://localhost:8000').
Core
Fixed bug #62661 (Interactive php-cli crashes if include() is used in auto_prepend_file).
Fixed bug #62653: (unset($array[$float]) causes a crash).
Fixed bug #62565 (Crashes due non-initialized internal properties_table).
Fixed bug #60194 (--with-zend-multibyte and --enable-debug reports LEAK with run-test.php).
CURL
Fixed bug #62499 (curl_setopt($ch, CURLOPT_COOKIEFILE, "") returns false). (r.hampartsumyan@gmail.
DateTime
Fixed bug #62500 (Segfault in DateInterval class when extended).
Fileinfo
Fixed bug #61964 (finfo_open with directory causes invalid free). (reeze.xia@gmail.
Intl
Fixed bug #62564 (Extending MessageFormatter and adding property causes crash).
MySQLnd
Fixed bug #62594 (segfault in mysqlnd_res_meta::set_mode).
readline
Fixed bug #62612 (readline extension compilation fails with sapi/cli/cli.h: No such file).
Reflection
Implemented FR #61602 (Allow access to name of constant used as default value)
(reeze.xia@gmail.
SimpleXML
Implemented FR #55218 Get namespaces from current node.
SPL
Fixed bug #62616 (ArrayIterator::count() from IteratorIterator instance gives Segmentation fault).
Fixed bug #61527 (ArrayIterator gives misleading notice on next() when moved to the end). (reeze.xia@gmail.
Streams
Fixed bug #62597 (segfault in php_stream_wrapper_log_error with ZTS build).
Zlib
Fixed bug #55544 (ob_gzhandler always conflicts with zlib.output_compression).
PHP 5.4.7
- Core:
. Fixed bug (segfault while build with zts and GOTO vm-kind). (Laruence)
. Fixed bug #62955 (Only one directive is loaded from "Per Directory Values"
Windows registry). (Felipe)
. Fixed bug #62844 (parse_url() does not recognize //). (Andrew Faulds).
. Fixed bug #62829 (stdint.h included on platform where HAVE_STDINT_H is not
set). (Felipe)
. Fixed bug #62763 (register_shutdown_function and extending class).
(Laruence)
. Fixed bug #62725 (Calling exit() in a shutdown function does not return
the exit value). (Laruence)
. Fixed bug #62744 (dangling pointers made by zend_disable_class). (Laruence)
. Fixed bug #62716 (munmap() is called with the incorrect length).
(slangley@google.com)
. Fixed bug #62358 (Segfault when using traits a lot). (Laruence)
. Fixed bug #62328 (implementing __toString and a cast to string fails)
(Laruence)
. Fixed bug #51363 (Fatal error raised by var_export() not caught by error
handler). (Lonny Kapelushnik)
. Fixed bug #40459 (Stat and Dir stream wrapper methods do not call
constructor). (Stas)
- CURL:
. Fixed bug #62912 (CURLINFO_PRIMARY_* AND CURLINFO_LOCAL_* not exposed).
(Pierrick)
. Fixed bug #62839 (curl_copy_handle segfault with CURLOPT_FILE). (Pierrick)
- DateTime:
. Fixed bug #62852 (Unserialize invalid DateTime causes crash).
(reeze.xia@gmail.com)
- Intl:
. Fixed Spoofchecker not being registered on ICU 49.1. (Gustavo)
. Fix bug #62933 (ext/intl compilation error on icu 3.4.1). (Gustavo)
. Fix bug #62915 (defective cloning in several intl classes). (Gustavo)
- Installation:
. Fixed bug #62460 (php binaries installed as binary.dSYM). (Reeze Xia)
- PCRE:
. Fixed bug #55856 (preg_replace should fail on trailing garbage).
(reg dot php at alf dot nu)
- PDO:
. Fixed bug #62685 (Wrong return datatype in PDO::inTransaction()). (Laruence)
- Reflection:
. Fixed bug #62892 (ReflectionClass::getTraitAliases crashes on importing
trait methods as private). (Felipe)
. Fixed bug #62715 (ReflectionParameter::isDefaultValueAvailable() wrong
result). (Laruence)
- Session:
. Fixed bug (segfault due to retval is not initialized). (Laruence)
. Fixed bug (segfault due to PS(mod_user_implemented) not be reseted
when close handler call exit). (Laruence)
- SPL:
. Fixed bug #62904 (Crash when cloning an object which inherits SplFixedArray)
(Laruence)
. Implemented FR #62840 (Add sort flag to ArrayObject::ksort). (Laruence)
- Standard:
. Fixed bug #62836 (Seg fault or broken object references on unserialize()).
(Laruence)
- FPM:
. Merged PR 121 by minitux to add support for slow request counting on PHP
FPM status page. (Lars)22-November-2012
Core:
Fixed bug #63305 (zend_mm_heap corrupted with traits).
Fixed bug #63369 ((un)serialize() leaves dangling pointers, causes crashes).
Fixed bug #63241 (PHP fails to open Windows deduplicated files).
Fixed bug #62444 (Handle leak in is_readable on windows).
Curl:
Fixed bug #63363 (Curl silently accepts boolean true for SSL_VERIFYHOST).
Fileinfo:
Fixed bug #63248 (Load multiple magic files from a directory under Windows).
Libxml
Fixed bug #63389 (Missing context check on libxml_set_streams_context() causes memleak).
Mbstring:
Fixed bug #63447 (max_input_vars doesn't filter variables when mbstring.encoding_translation = On).
OCI8:
Fixed bug #63265 (Add ORA-00028 to the PHP_OCI_HANDLE_ERROR macro)
PCRE:
Fixed bug #63180 (Corruption of hash tables).
Fixed bug #63055 (Segfault in zend_gc with SF2 testsuite).
Fixed bug #63284 (Upgrade PCRE to 8.31).
PDO:
Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec).
PDO_pgsql:
Fixed bug #62593 (Emulate prepares behave strangely with PARAM_BOOL).
Phar:
Fixed bug #63297 (Phar fails to write an openssl based signature).
Streams:
Fixed bug #63240 (stream_get_line() return contains delimiter string).
Reflection:
Fixed bug #63399 (ReflectionClass::getTraitAliases() incorrectly resolves traitnames).
Version 5.3.19
22-November-2012
Core:
Fixed bug #63241 (PHP fails to open Windows deduplicated files).
Fixed bug #62444 (Handle leak in is_readable on windows).
Libxml:
Fixed bug #63389 (Missing context check on libxml_set_streams_context() causes memleak).
Mbstring:
Fixed bug #63447 (max_input_vars doesn't filter variables when mbstring.encoding_translation = On).
MySQL:
Fixed compilation failure on mixed 32/64 bit systems.
OCI8:
Fixed bug #63265 (Add ORA-00028 to the PHP_OCI_HANDLE_ERROR macro)
PCRE:
Fixed bug #63055 (Segfault in zend_gc with SF2 testsuite).
Fixed bug #63284 (Upgrade PCRE to 8.31).
PDO:
Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec).
PDO_pgsql:
Fixed bug #62593 (Emulate prepares behave strangely with PARAM_BOOL).
Phar:
Fixed bug #63297 (Phar fails to write an openssl based signature).
Streams:
Fixed bug #63240 (stream_get_line() return contains delimiter string).Version 5.4.10
20-December-2012
Core:
Fixed bug #63635 (Segfault in gc_collect_cycles).
Fixed bug #63512 (parse_ini_file() with INI_SCANNER_RAW removes quotes from value).
Fixed bug #63468 (wrong called method as callback with inheritance).
Fixed bug #63451 (config.guess file does not have AIX 7 defined, shared objects are not created).
Fixed bug #61557 (Crasher in tt-rss backend.php).
Fixed bug #61272 (ob_start callback gets passed empty string).
Date:
Fixed bug #63666 (Poor date() performance).
Fixed bug #63435 (Datetime::format('u') sometimes wrong by 1 microsecond).
Imap:
Fixed bug #63126 (DISABLE_AUTHENTICATOR ignores array).
Json:
Fixed bug #63588 (use php_next_utf8_char and remove duplicate implementation).
MySQLi:
Fixed bug #63361 (missing header).
MySQLnd:
Fixed bug #63398 (Segfault when polling closed link).
Fileinfo:
Fixed bug #63590 (Different results in TS and NTS under Windows).
FPM:
Fixed bug #63581 Possible null dereference and buffer overflow.
Pdo_sqlite:
Fixed bug #63149 getColumnMeta should return the table name when system SQLite used.
Apache2 Handler SAPI:
Enabled Apache 2.4 configure option for Windows.
Reflection:
Fixed bug #63614 (Fatal error on Reflection).
SOAP:
Fixed bug #63271 (SOAP wsdl cache is not enabled after initial requests).
Sockets:
Fixed bug #49341 (Add SO_REUSEPORT support for socket_set_option()).
Version 5.3.20
20-December-2012
Zend Engine:
Fixed bug #63635 (Segfault in gc_collect_cycles).
Fixed bug #63512 (parse_ini_file() with INI_SCANNER_RAW removes quotes from value).
Fixed bug #63468 (wrong called method as callback with inheritance).
Core:
Fixed bug #63451 (config.guess file does not have AIX 7 defined, shared objects are not created).
Fixed bug #63377 (Segfault on output buffer).
Apache2 Handler SAPI:
Enabled Apache 2.4 configure option for Windows.
Date:
Fixed bug #63435 (Datetime::format('u') sometimes wrong by 1 microsecond).
Fileinfo:
Fixed bug #63248 (Load multiple magic files from a directory under Windows).
Fixed bug #63590 (Different results in TS and NTS under Windows).
FPM:
Fixed bug #63581 (Possible null dereference and buffer overflow).
Imap:
Fixed bug #63126 (DISABLE_AUTHENTICATOR ignores array).
MySQLnd:
Fixed bug #63398 (Segfault when polling closed link).
Reflection:
Fixed bug #63614 (Fatal error on Reflection).
SOAP
Fixed bug #63271 (SOAP wsdl cache is not enabled after initial requests).Version 5.4.14
11-April-2013
Core:
Fixed bug #64529 (Ran out of opcode space).
Fixed bug #64515 (Memoryleak when using the same variablename two times in function declaration).
Fixed bug #64432 (more empty delimiter warning in strX methods).
Fixed bug #64417 (ArrayAccess::&offsetGet() in a trait causes fatal error).
Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']).
Fixed bug #64239 (Debug backtrace changed behavior since 5.4.10 or 5.4.11).
Fixed bug #63976 (Parent class incorrectly using child constant in class property).
Fixed bug #63914 (zend_do_fcall_common_helper_SPEC does not handle exceptions properly).
Fixed bug #62343 (Show class_alias In get_declared_classes()).
PCRE:
Merged PCRE 8.32.
SNMP:
Fixed bug #61981 (OO API, walk: $suffix_as_key is not working correctly).
Zip:
Fixed bug #64452 (Zip crash intermittently). (Anatol)
Version 5.3.24
11-April-2013
Core:
Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']).
Fixed bug #63914 (zend_do_fcall_common_helper_SPEC does not handle exceptions properly).
Fixed bug #62343 (Show class_alias In get_declared_classes()).
PCRE:
Merged PCRE 8.32.
mysqlnd:
Fixed bug #63530 (mysqlnd_stmt::bind_one_parameter crashes, uses wrong alloc for stmt->param_bind).
DateTime:
Fixed bug #62852 (Unserialize Invalid Date causes crash).
Zip:
Fixed bug #64452 (Zip crash intermittently).Version 5.4.15
09-May-2013
Core:
Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap: segfault).
Fixed bug #64458 (dns_get_record result with string of length -1).
Fixed bug #64433 (follow_location parameter of context is ignored for most response codes).
Fixed bug #47675 (fd leak on Solaris).
Fixed bug #64577 (fd leak on Solaris).
Fileinfo:
Upgraded libmagic to 5.14.
Streams:
Fixed Windows x64 version of stream_socket_pair() and improved error handling.
Zip:
Fixed bug #64342 (ZipArchive::addFile() has to check for file existence).
Version 5.3.25
09-May-2013
Core:
Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap: segfault).
Fixed bug #64458 (dns_get_record result with string of length -1).
Fixed bug #47675 (fd leak on Solaris).
Fixed bug #64577 (fd leak on Solaris).
Streams:
Fixed Windows x64 version of stream_socket_pair() and improved error handling.
Zip:
Fixed bug #64342 (ZipArchive::addFile() has to check for file existence).The PHP development team is proud to announce the immediate availability of PHP 5.5.0. This release includes a large number of new features and bug fixes.
The key features of PHP 5.5.0 include:
Added generators and coroutines.
Added the finally keyword.
Added a simplified password hashing API.
Added support for constant array/string dereferencing.
Added scalar class name resolution via ::class.
Added support for using empty() on the result of function calls and other expressions.
Added support for non-scalar Iterator keys in foreach.
Added support for list() constructs in foreach statements.
Added the Zend OPcache extension for opcode caching.
The GD library has been upgraded to version 2.1 adding new functions and improving existing functionality.
A lot more improvements and fixes.
Changes that affect compatibility:
PHP logo GUIDs have been removed.
Windows XP and 2003 support dropped.
Case insensitivity is no longer locale specific. All case insensitive matching for function, class and constant names is now performed in a locale independent manner according to ASCII rules.
Core:
Improved performance of array_merge() and func_get_args() by eliminating useless copying.
Fixed bug #65947 (basename is no more working after fgetcsv in certain situation).
Fixed bug #65939 (Space before ";" breaks php.ini parsing).
Fixed bug #65911 (scope resolution operator - strange behavior with $this).
Fixed bug #65936 (dangling context pointer causes crash).
FPM:
Changed default listen() backlog to 65535.
MySQLi:
Fixed bug #66043 (Segfault calling bind_param() on mysqli).
OPCache:
Increased limit for opcache.max_accelerated_files to 1,000,000.
Fixed issue #115 (path issue when using phar).
Fixed issue #149 (Phar mount points not working with OPcache enabled).
ODBC:
Fixed bug #65950 (Field name truncation if the field name is bigger than 32 characters).
PDO:
Fixed bug #66033 (Segmentation Fault when constructor of PDO statement throws an exception).
Fixed bug #65946 (sql_parser permanently converts values bound to strings).
Standard:
Fixed bug #64760 (var_export() does not use full precision for floating-point numbers).Version 5.5.8
9-Jan-2014
Core:
Disallowed JMP into a finally block.
Added validation of class names in the autoload process.
Fixed invalid C code in zend_strtod.c.
Fixed bug #66041 (list() fails to unpack yielded ArrayAccess object).
Fixed bug #65764 (generators/throw_rethrow FAIL with ZEND_COMPILE_EXTENDED_INFO).
Fixed bug #61645 (fopen and O_NONBLOCK).
Fixed bug #66218 (zend_register_functions breaks reflection).
Date:
Fixed bug #66060 (Heap buffer over-read in DateInterval).
Fixed bug #65768 (DateTimeImmutable::diff does not work).
DOM:
Fixed bug #65196 (Passing DOMDocumentFragment to DOMDocument::saveHTML() Produces invalid Markup).
Exif:
Fixed bug #65873 (Integer overflow in exif_read_data()).
Filter:
Fixed bug #66229 (128.0.0.0/16 isn't reserved any longer).
GD:
Fixed bug #64405 (Use freetype-config for determining freetype2 dir(s)).
PDO_odbc:
Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries).
MySQLi:
Fixed bug #65486 (mysqli_poll() is broken on win x64).
OPCache:
Fixed revalidate_path=1 behavior to avoid caching of symlinks values.
Fixed Issue #140: "opcache.enable_file_override" doesn't respect "opcache.revalidate_freq".
SNMP:
Fixed SNMP_ERR_TOOBIG handling for bulk walk operations.
SOAP:
Fixed bug #66112 (Use after free condition in SOAP extension).
Sockets:
Fixed bug #65923 (ext/socket assumes AI_V4MAPPED is defined).
XSL:
Fixed bug #49634 (Segfault throwing an exception in a XSL registered function).
ZIP:
Fixed bug #66321 (ZipArchive::open() ze_obj->filename_len not real).Version 5.5.9
6-Feb-2014
Core:
Fixed bug #66509 (copy() arginfo has changed starting from 5.4).
GD:
Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop()).
OPCache:
Fixed bug #66474 (Optimizer bug in constant string to boolean conversion).
Fixed bug #66461 (PHP crashes if opcache.interned_strings_buffer=0).
Fixed bug #66298 (ext/opcache/Optimizer/zend_optimizer.c has dos-style ^M as lineend).
PDO_pgsql:
Fixed bug #62479 (PDO-pgsql cannot connect if password contains spaces).
Readline:
Fixed bug #66412 (readline_clear_history() with libedit causes segfault after #65714).
Session:
Fixed bug #66469 (Session module is sending multiple set-cookie headers when session.use_strict_mode=1).
Fixed bug #66481 (Segfaults on session_name()).
Standard:
Fixed bug #66395 (basename function doesn't remove drive letter).
Sockets:
Fixed bug #66381 (__ss_family was changed on AIX 5.3).
Zend Engine:
Fixed bug #66009 (Failed compilation of PHP extension with C++ std library using VS 2012).