PageRenderTime 73ms CodeModel.GetById 24ms RepoModel.GetById 0ms app.codeStats 2ms

/ChangeLog-5.php

https://github.com/php/web-php
PHP | 9975 lines | 9604 code | 370 blank | 1 comment | 304 complexity | 98e50c2299e0ff31da1cde14eb0432a8 MD5 | raw file

Large files files are truncated, but you can click here to view the full file

  1. <?php
  2. // $Id$
  3. $_SERVER['BASE_PAGE'] = 'ChangeLog-5.php';
  4. include_once $_SERVER['DOCUMENT_ROOT'] . '/include/prepend.inc';
  5. include_once $_SERVER['DOCUMENT_ROOT'] . '/include/changelogs.inc';
  6. site_header("PHP 5 ChangeLog", array("current" => "docs", "css" => array("changelog.css"), "layout_span" => 12));
  7. ?>
  8. <h1>PHP 5 ChangeLog</h1>
  9. <section class="version" id="5.5.17"><!-- {{{ 5.5.17 -->
  10. <h3>Version 5.5.17</h3>
  11. <?php release_date('18-Sep-2014'); ?>
  12. <ul><li>Core:
  13. <ul>
  14. <li><?php bugfix(47358); ?> (glob returns error, should be empty array()).</li>
  15. <li><?php bugfix(65463); ?> (SIGSEGV during zend_shutdown()).</li>
  16. <li><?php bugfix(66036); ?> (Crash on SIGTERM in apache process).</li>
  17. <li><?php bugfix(67878); ?> (program_prefix not honoured in man pages).</li>
  18. </ul></li>
  19. <li>COM:
  20. <ul>
  21. <li><?php bugfix(41577); ?> (DOTNET is successful once per server run).</li>
  22. </ul></li>
  23. <li>Date:
  24. <ul>
  25. <li><?php bugfix(66091); ?> (memory leaks in DateTime constructor).</li>
  26. <li><?php bugfix(66985); ?> (Some timezones are no longer valid in PHP 5.5.10).</li>
  27. <li><?php bugfix(67109); ?> (First uppercase letter breaks date string parsing).</li>
  28. </ul></li>
  29. <li>FPM:
  30. <ul>
  31. <li><?php bugfix(67606); ?> (FPM with mod_fastcgi/apache2.4 is broken).</li>
  32. </ul></li>
  33. <li>GD:
  34. <ul>
  35. <li>Made fontFetch's path parser thread-safe.</li>
  36. </ul></li>
  37. <li>MySQLi:
  38. <ul>
  39. <li><?php bugfix(67839); ?> (mysqli does not handle 4-byte floats correctly).</li>
  40. </ul></li>
  41. <li>OpenSSL:
  42. <ul>
  43. <li><?php bugfix(41631); ?> (socket timeouts not honored in blocking SSL reads).</li>
  44. <li><?php bugfix(67850); ?> (extension won't build if openssl compiled without SSLv3).</li>
  45. </ul></li>
  46. <li>SPL:
  47. <ul>
  48. <li><?php bugfix(67813); ?> (CachingIterator::__construct InvalidArgumentException
  49. wrong message).</li>
  50. </ul></li>
  51. <li>Zlib:
  52. <ul>
  53. <li><?php bugfix(67724); ?> (chained zlib filters silently fail with large amounts of
  54. data).</li>
  55. <li><?php bugfix(67865); ?> (internal corruption phar error).</li>
  56. </ul></li>
  57. </ul>
  58. <!-- }}} --></section>
  59. <section class="version" id="5.4.33"><!-- {{{ 5.4.33 -->
  60. <h3>Version 5.4.33</h3>
  61. <b>18-Sep-2014</b>
  62. <ul><li>Core:
  63. <ul>
  64. <li><?php bugfix(47358); ?> (glob returns error, should be empty array()).</li>
  65. <li><?php bugfix(65463); ?> (SIGSEGV during zend_shutdown()).</li>
  66. <li><?php bugfix(66036); ?> (Crash on SIGTERM in apache process).</li>
  67. </ul></li>
  68. <li>OpenSSL:
  69. <ul>
  70. <li><?php bugfix(41631); ?> (socket timeouts not honored in blocking SSL reads).</li>
  71. </ul></li>
  72. <li>Date:
  73. <ul>
  74. <li><?php bugfix(66091); ?> (memory leaks in DateTime constructor).</li>
  75. </ul></li>
  76. <li>FPM:
  77. <ul>
  78. <li><?php bugfix(67606); ?> (FPM with mod_fastcgi/apache2.4 is broken).</li>
  79. </ul></li>
  80. <li>GD:
  81. <ul>
  82. <li>Made fontFetch's path parser thread-safe.</li>
  83. </ul></li>
  84. <li>Wddx:
  85. <ul>
  86. <li><?php bugfix(67873); ?> (Segfaults in php_wddx_serialize_var).</li>
  87. </ul></li>
  88. <li>Zlib:
  89. <ul>
  90. <li><?php bugfix(67724); ?> (chained zlib filters silently fail with large amounts of data).</li>
  91. <li><?php bugfix(67865); ?> (internal corruption phar error).</li>
  92. </ul></li>
  93. </ul>
  94. <!-- }}} --></section>
  95. <section class="version" id="5.6.0"><!-- {{{ 5.6.0 -->
  96. <h3>Version 5.6.0</h3>
  97. <b>28-Aug-2014</b>
  98. <ul>
  99. <li>General improvements:
  100. <ul>
  101. <li>Added constant scalar expressions syntax.</li>
  102. <li>Added dedicated syntax for variadic functions.</li>
  103. <li>Added support for argument unpacking to complement the variadic syntax.</li>
  104. <li>Added an exponentiation operator (**).</li>
  105. <li>Added phpdbg SAPI.</li>
  106. <li>Added unified default encoding.</li>
  107. <li>The php://input stream is now re-usable and can be used concurrently with enable_post_data_reading=0.</li>
  108. <li>Added use function and use const..</li>
  109. <li>Added a function for timing attack safe string comparison.</li>
  110. <li>Added the __debugInfo() magic method to allow userland classes to implement the get_debug_info API previously available only to extensions.</li>
  111. <li>Added gost-crypto (CryptoPro S-box) hash algorithm.</li>
  112. <li>Stream wrappers verify peer certificates and host names by default in encrypted client streams.</li>
  113. <li>Uploads equal or greater than 2GB in size are now accepted.</li>
  114. </ul>
  115. </li>
  116. <li>Core:
  117. <ul>
  118. <li><?php bugfix(67693); ?> (incorrect push to the empty array).</li>
  119. <li>Removed inconsistency regarding behaviour of array in constants at run-time.</li>
  120. <li><?php bugfix(67497); ?> (eval with parse error causes segmentation fault in generator).</li>
  121. <li><?php bugfix(67151); ?> (strtr with empty array crashes).</li>
  122. <li><?php bugfix(67407); ?> (Windows 8.1/Server 2012 R2 reported as Windows 8/Server 2012).</li>
  123. <li><?php bugfix(66608); ?> (Incorrect behavior with nested "finally" blocks).</li>
  124. <li>Implemented FR <?php bugl(34407); ?> (ucwords and Title Case).</li>
  125. <li><?php bugfix(67091); ?> (make install fails to install libphp5.so on FreeBSD 10.0).</li>
  126. <li><?php bugfix(67368); ?> (Memory leak with immediately dereferenced array in class constant).</li>
  127. <li><?php bugfix(67468); ?> (Segfault in highlight_file()/highlight_string()).</li>
  128. <li><?php bugfix(67498); ?> (phpinfo() Type Confusion Information Leak Vulnerability).</li>
  129. <li><?php bugfix(67551); ?> (php://input temp file will be located in sys_temp_dir instead of upload_tmp_dir).</li>
  130. <li><?php bugfix(67169); ?> (array_splice all elements, then []= gives wrong index).</li>
  131. <li><?php bugfix(67198); ?> (php://input regression).</li>
  132. <li><?php bugfix(67247); ?> (spl_fixedarray_resize integer overflow).</li>
  133. <li><?php bugfix(67250); ?> (iptcparse out-of-bounds read).</li>
  134. <li><?php bugfix(67252); ?> (convert_uudecode out-of-bounds read).</li>
  135. <li><?php bugfix(67249); ?> (printf out-of-bounds read).</li>
  136. <li>Implemented FR <?php bugl(64744); ?> (Differentiate between member function call on a null and non-null, non-objects).</li>
  137. <li><?php bugfix(67436); ?> (Autoloader isn't called if two method definitions don't match).</li>
  138. <li><?php bugfix(66622); ?> (Closures do not correctly capture the late bound class (static::) in some cases).</li>
  139. <li><?php bugfix(67390); ?> (insecure temporary file use in the configure script). (CVE-2014-3981)</li>
  140. <li><?php bugfix(67392); ?> (dtrace breaks argument unpack).</li>
  141. <li><?php bugfix(67428); ?> (header('Location: foo') will override a 308-399 response code).</li>
  142. <li><?php bugfix(67433); ?> (SIGSEGV when using count() on an object implementing Countable).</li>
  143. <li><?php bugfix(67399); ?> (putenv with empty variable may lead to crash).</li>
  144. <li>Expose get_debug_info class hook as __debugInfo() magic method.</li>
  145. <li>Implemented unified default encoding (RFC: https://wiki.php.net/rfc/default_encoding).</li>
  146. <li>Added T_POW (**) operator (RFC: https://wiki.php.net/rfc/pow-operator).</li>
  147. <li>Improved IS_VAR operands fetching.</li>
  148. <li>Improved empty string handling. Now ZE uses an interned string instead of allocation new empty string each time.</li>
  149. <li>Implemented internal operator overloading (RFC: https://wiki.php.net/rfc/operator_overloading_gmp).</li>
  150. <li>Made calls from incompatible context issue an E_DEPRECATED warning instead of E_STRICT (phase 1 of RFC: https://wiki.php.net/rfc/incompat_ctx).</li>
  151. <li>Uploads equal or greater than 2GB in size are now accepted.</li>
  152. <li>Reduced POST data memory usage by 200-300%. Changed INI setting always_populate_raw_post_data to throw a deprecation warning when enabling and to accept -1 for never populating the $HTTP_RAW_POST_DATA global variable, which will be the default in future PHP versions.</li>
  153. <li>Implemented dedicated syntax for variadic functions (RFC: https://wiki.php.net/rfc/variadics).</li>
  154. <li><?php bugfix(50333); ?> Improving multi-threaded scalability by using emalloc/efree/estrdup (Anatol, Dmitry)</li>
  155. <li>Implemented constant scalar expressions (with support for constants) (RFC: https://wiki.php.net/rfc/const_scalar_exprs).</li>
  156. <li><?php bugfix(65784); ?> (Segfault with finally).</li>
  157. <li><?php bugfix(66509); ?> (copy() arginfo has changed starting from 5.4).</li>
  158. <li>Allow zero length comparison in substr_compare() (Tjerk)</li>
  159. <li><?php bugfix(60602); ?> (proc_open() changes environment array) (Tjerk)</li>
  160. <li><?php bugfix(61019); ?> (Out of memory on command stream_get_contents).</li>
  161. <li><?php bugfix(64330); ?> (stream_socket_server() creates wrong Abstract Namespace UNIX sockets).</li>
  162. <li><?php bugfix(66182); ?> (exit in stream filter produces segfault).</li>
  163. <li><?php bugfix(66736); ?> (fpassthru broken).</li>
  164. <li><?php bugfix(66822); ?> (Cannot use T_POW in const expression) (Tjerk)</li>
  165. <li><?php bugfix(67043); ?> (substr_compare broke by previous change) (Tjerk)</li>
  166. <li><?php bugfix(65701); ?> (copy() doesn't work when destination filename is created by tempnam()).</li>
  167. <li><?php bugfix(66015); ?> (Unexpected array indexing in class's static property).</li>
  168. <li>Added (constant) string/array dereferencing to static scalar expressions to complete the set; now possible thanks to <?php bugl(66015); ?> being fixed.</li>
  169. <li><?php bugfix(66568); ?> (Update reflection information for unserialize() function).</li>
  170. <li><?php bugfix(66660); ?> (Composer.phar install/update fails).</li>
  171. <li><?php bugfix(67024); ?> (getimagesize should recognize BMP files with negative height).</li>
  172. <li><?php bugfix(67064); ?> (Countable interface prevents using 2nd parameter ($mode) of count() function).</li>
  173. <li><?php bugfix(67072); ?> (Echoing unserialized "SplFileObject" crash).</li>
  174. <li><?php bugfix(67033); ?> (Remove reference to Windows 95).</li>
  175. </ul></li>
  176. <li>Apache2 Handler SAPI:
  177. <ul>
  178. <li>Fixed Apache log issue caused by APR's lack of support for %zu (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120).</li>
  179. </ul></li>
  180. <li>CLI server:
  181. <ul>
  182. <li>Added some MIME types to the CLI web server.</li>
  183. <li><?php bugfix(67079); ?> (Missing MIME types for XML/XSL files).</li>
  184. <li><?php bugfix(66830); ?> (Empty header causes PHP built-in web server to hang).</li>
  185. <li><?php bugfix(67594); ?> (Unable to access to apache_request_headers() elements).</li>
  186. <li>Implemented FR <?php bugl(67429); ?> (CLI server is missing some new HTTP response codes).</li>
  187. <li><?php bugfix(67406); ?> (built-in web-server segfaults on startup).</li>
  188. </ul></li>
  189. <li>COM:
  190. <ul>
  191. <li><?php bugfix(41577); ?> (DOTNET is successful once per server run) (Aidas Kasparas)</li>
  192. <li>Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas).</li>
  193. <li><?php bugfix(66431); ?> (Special Character via COM Interface (CP_UTF8)).</li>
  194. </ul></li>
  195. <li>Curl:
  196. <ul>
  197. <li>Implemented FR <?php bugl(65646); ?> (re-enable CURLOPT_FOLLOWLOCATION with open_basedir or safe_mode).</li>
  198. <li>Check for openssl.cafile ini directive when loading CA certs.</li>
  199. <li>Remove cURL close policy related constants as these have no effect and are no longer used in libcurl.</li>
  200. <li><?php bugfix(66109); ?> (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour) (Tjerk)</li>
  201. <li>Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive.</li>
  202. <li><?php bugfix(64247); ?> (CURLOPT_INFILE doesn't allow reset).</li>
  203. <li><?php bugfix(66562); ?> (curl_exec returns differently than curl_multi_getcontent).</li>
  204. </ul></li>
  205. <li>Date:
  206. <ul>
  207. <li><?php bugfix(66060); ?> (Heap buffer over-read in DateInterval). (CVE-2013-6712)</li>
  208. <li><?php bugfix(66091); ?> (memory leaks in DateTime constructor) (Tjerk).</li>
  209. <li><?php bugfix(67308); ?> (Serialize of DateTime truncates fractions of second).</li>
  210. <li>Fixed regression in fix for <?php bugl(67118); ?> (constructor can't be called twice).</li>
  211. <li><?php bugfix(67251); ?> (date_parse_from_format out-of-bounds read).</li>
  212. <li><?php bugfix(67253); ?> (timelib_meridian_with_check out-of-bounds read).</li>
  213. <li>Added DateTimeImmutable::createFromMutable to create a DateTimeImmutable object from an existing DateTime (mutable) object (Derick)</li>
  214. <li><?php bugfix(66721); ?> (__wakeup of DateTime segfaults when invalid object data is supplied).</li>
  215. <li><?php bugfix(67118); ?> (DateTime constructor crash with invalid data).</li>
  216. </ul></li>
  217. <li>DOM:
  218. <ul>
  219. <li><?php bugfix(67081); ?> (DOMDocumentType-&gt;internalSubset returns entire DOCTYPE tag, not only the subset).</li>
  220. </ul></li>
  221. <li>Embed:
  222. <ul>
  223. <li><?php bugfix(65715); ?> (php5embed.lib isn't provided anymore). (Anatol).</li>
  224. </ul></li>
  225. <li>Fileinfo:
  226. <ul>
  227. <li><?php bugfix(67716); ?> (Segfault in cdf.c). (CVE-2014-3587)</li>
  228. <li><?php bugfix(67705); ?> (extensive backtracking in rule regular expression). (CVE-2014-3538)</li>
  229. <li><?php bugfix(67327); ?> (fileinfo: CDF infinite loop in nelements DoS). (CVE-2014-0238)</li>
  230. <li><?php bugfix(67328); ?> (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation). (CVE-2014-0237)</li>
  231. <li><?php bugfix(67326); ?> (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)</li>
  232. <li><?php bugfix(67329); ?> (fileinfo: NULL pointer deference flaw by processing certain CDF files).</li>
  233. <li><?php bugfix(67410); ?> (fileinfo: mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478)</li>
  234. <li><?php bugfix(67411); ?> (fileinfo: cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479)</li>
  235. <li><?php bugfix(67412); ?> (fileinfo: cdf_count_chain insufficient boundary check). (CVE-2014-3480)</li>
  236. <li><?php bugfix(67413); ?> (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487)</li>
  237. <li>Upgraded to libmagic-5.17 (Anatol)</li>
  238. <li><?php bugfix(66731); ?> (file: infinite recursion). (CVE-2014-1943)</li>
  239. <li><?php bugfix(66820); ?> (out-of-bounds memory access in fileinfo). (CVE-2014-2270)</li>
  240. <li><?php bugfix(66946); ?> (fileinfo: extensive backtracking in awk rule regular expression). (CVE-2013-7345)</li>
  241. <li><?php bugfix(66987); ?> (Memory corruption in fileinfo ext / bigendian).</li>
  242. <li><?php bugfix(66907); ?> (Solaris 10 is missing strcasestr and needs substitute).</li>
  243. <li><?php bugfix(66307); ?> (Fileinfo crashes with powerpoint files).</li>
  244. </ul></li>
  245. <li>FPM:
  246. <ul>
  247. <li><?php bugfix(67606); ?> (revised fix 67541, broke mod_fastcgi BC).</li>
  248. <li><?php bugfix(67530); ?> (error_log=syslog ignored).</li>
  249. <li><?php bugfix(67635); ?> (php links to systemd libraries without using pkg-config).</li>
  250. <li><?php bugfix(67531); ?> (syslog cannot be set in pool configuration).</li>
  251. <li><?php bugfix(67541); ?> (Fix Apache 2.4.10+ SetHandler proxy:fcgi:// incompatibilities).</li>
  252. <li>Included apparmor support in fpm (RFC: https://wiki.php.net/rfc/fpm_change_hat).</li>
  253. <li>Added clear_env configuration directive to disable clearenv() call.</li>
  254. <li><?php bugfix(66482); ?> (unknown entry 'priority' in php-fpm.conf).</li>
  255. <li><?php bugfix(66908); ?> (php-fpm reload leaks epoll_create() file descriptor).</li>
  256. <li><?php bugfix(67060); ?> (sapi/fpm: possible privilege escalation due to insecure default configuration). (CVE-2014-0185)</li>
  257. </ul></li>
  258. <li>GD:
  259. <ul>
  260. <li><?php bugfix(67730); ?> (Null byte injection possible with imagexxx functions). (CVE-2014-5120)</li>
  261. <li><?php bugfix(66901); ?> (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497)</li>
  262. <li><?php bugfix(67248); ?> (imageaffinematrixget missing check of parameters).</li>
  263. <li>Fixed imagettftext to load the correct character map rather than the last one.</li>
  264. <li><?php bugfix(66356); ?> (Heap Overflow Vulnerability in imagecrop()). (CVE-2013-7226)</li>
  265. <li><?php bugfix(66815); ?> (imagecrop(): insufficient fix for NULL defer). (CVE-2013-7327)</li>
  266. <li><?php bugfix(66869); ?> (Invalid 2nd argument crashes imageaffinematrixget).</li>
  267. <li><?php bugfix(66887); ?> (imagescale - poor quality of scaled image).</li>
  268. <li><?php bugfix(66890); ?> (imagescale segfault).</li>
  269. <li><?php bugfix(66893); ?> (imagescale ignore method argument).</li>
  270. </ul></li>
  271. <li>GMP:
  272. <ul>
  273. <li><?php bugfix(66872); ?> (invalid argument crashes gmp_testbit) (Pierre)</li>
  274. <li>Fixed crashes in serialize/unserialize.</li>
  275. <li>Moved GMP to use object as the underlying structure and implemented various improvements based on this.</li>
  276. <li>Added gmp_root() and gmp_rootrem() functions for calculating nth roots.</li>
  277. </ul></li>
  278. <li>Hash:
  279. <ul>
  280. <li>Added gost-crypto (CryptoPro S-box) GOST hash algo.</li>
  281. <li><?php bugfix(66698); ?> (Missing FNV1a32 and FNV1a64 hash functions). (Michael M Slusarz).</li>
  282. <li>Implemented timing attack safe string comparison function (RFC: https://wiki.php.net/rfc/timing_attack).</li>
  283. <li>hash_pbkdf2() now works correctly if the $length argument is not specified.</li>
  284. </ul></li>
  285. <li>Intl:
  286. <ul>
  287. <li><?php bugfix(66873); ?> (A reproductible crash in UConverter when given invalid encoding) (Stas)</li>
  288. <li><?php bugfix(66921); ?> (Wrong argument type hint for function intltz_from_date_time_zone).</li>
  289. <li><?php bugfix(67052); ?> (NumberFormatter::parse() resets LC_NUMERIC setting).</li>
  290. <li><?php bugfix(67349); ?> (Locale::parseLocale Double Free).</li>
  291. <li><?php bugfix(67397); ?> (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)).</li>
  292. </ul></li>
  293. <li>JSON:
  294. <ul>
  295. <li>Fixed case part of bug <?php bugl(64874); ?> ("json_decode handles whitespace and case-sensitivity incorrectly")</li>
  296. <li><?php bugfix(65753); ?> (JsonSerializeable couldn't implement on module extension) (chobieeee@php.net)</li>
  297. <li><?php bugfix(66021); ?> (Blank line inside empty array/object when JSON_PRETTY_PRINT is set).</li>
  298. </ul></li>
  299. <li>ldap:
  300. <ul>
  301. <li>Added new function ldap_modify_batch().</li>
  302. <li>Fixed issue with null bytes in LDAP bindings.</li>
  303. </ul></li>
  304. <li>litespeed:
  305. <ul>
  306. <li><?php bugfix(63228); ?> (-Werror=format-security error in lsapi code).</li>
  307. </ul></li>
  308. <li>Mail:
  309. <ul>
  310. <li><?php bugfix(66535); ?> (Don't add newline after X-PHP-Originating-Script) (Tjerk)</li>
  311. </ul></li>
  312. <li>Mcrypt:
  313. <ul>
  314. <li>No longer allow invalid key sizes, invalid IV sizes or missing required IV in mcrypt_encrypt, mcrypt_decrypt and the deprecated mode functions.</li>
  315. <li>Use /dev/urandom as the default source for mcrypt_create_iv().</li>
  316. </ul></li>
  317. <li>Mbstring:
  318. <ul>
  319. <li>Upgraded to oniguruma 5.9.5 (Anatol)</li>
  320. <li><?php bugfix(67199); ?> (mb_regex_encoding mismatch).</li>
  321. </ul></li>
  322. <li>Milter:
  323. <ul>
  324. <li><?php bugfix(67715); ?> (php-milter does not build and crashes randomly).</li>
  325. </ul></li>
  326. <li>mysqli:
  327. <ul>
  328. <li>Added new function mysqli_get_links_stats() as well as new INI variable mysqli.rollback_on_cached_plink of type bool (Andrey)</li>
  329. <li><?php bugfix(66762); ?> (Segfault in mysqli_stmt::bind_result() when link closed) (Remi)</li>
  330. <li>Fixed building against an external libmysqlclient.</li>
  331. </ul></li>
  332. <li>mysqlnd:
  333. <ul>
  334. <li>Disabled flag for SP OUT variables for 5.5+ servers as they are not natively supported by the overlying APIs.</li>
  335. <li>Added a new fetching mode to mysqlnd.</li>
  336. <li>Added support for gb18030 from MySQL 5.7.</li>
  337. </ul></li>
  338. <li>Network:
  339. <ul>
  340. <li><?php bugfix(67717); ?> (segfault in dns_get_record). (CVE-2014-3597)</li>
  341. <li><?php bugfix(67432); ?> (Fix potential segfault in dns_get_record()). (CVE-2014-4049)</li>
  342. </ul></li>
  343. <li>OCI8:
  344. <ul>
  345. <li><?php bugfix(66875); ?> (Improve performance of multi-row OCI_RETURN_LOB queries) (Perrier, Chris Jones)</li>
  346. </ul></li>
  347. <li>ODBC:
  348. <ul>
  349. <li><?php bugfix(60616); ?> (odbc_fetch_into returns junk at end of multi-byte char fields).</li>
  350. </ul></li>
  351. <li>OpenSSL:
  352. <ul>
  353. <li>Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).</li>
  354. <li><?php bugfix(67609); ?> (TLS connections fail behind HTTP proxy).</li>
  355. <li>Fixed broken build against OpenSSL older than 0.9.8 where ECDH unavailable.</li>
  356. <li><?php bugfix(67666); ?> (Subject altNames doesn't support wildcard matching).</li>
  357. <li><?php bugfix(67224); ?> (Fall back to crypto_type from context if not specified explicitly in stream_socket_enable_crypto).</li>
  358. <li><?php bugfix(65698); ?> (certificates validity parsing does not work past 2050).</li>
  359. <li><?php bugfix(66636); ?> (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).</li>
  360. <li>Peer certificates now verified by default in client socket operations (RFC: https://wiki.php.net/rfc/tls-peer-verification).</li>
  361. <li>New openssl.cafile and openssl.capath ini directives.</li>
  362. <li>Added crypto_method option for the ssl stream context.</li>
  363. <li>Added certificate fingerprint support.</li>
  364. <li>Added explicit TLSv1.1 and TLSv1.2 stream transports.</li>
  365. <li><?php bugfix(65729); ?> (CN_match gives false positive).</li>
  366. <li>Peer name verification matches SAN DNS names for certs using the Subject Alternative Name x509 extension.</li>
  367. <li>Fixed segfault when built against OpenSSL&gt;=1.0.1 (Daniel Lowrey)</li>
  368. <li>Added SPKAC support.</li>
  369. <li>Fallback to Windows CA cert store for peer verification if no openssl.cafile ini directive or "cafile" SSL context option specified in Windows.</li>
  370. <li>The openssl.cafile and openssl.capath ini directives introduced in alpha2 now have PHP_INI_PERDIR accessibility (was PHP_INI_ALL).</li>
  371. <li>New "peer_name" SSL context option replaces "CN_match" (which still works as before but triggers E_DEPRECATED).</li>
  372. <li>Fixed segfault when accessing non-existent context for client SNI use (Daniel Lowrey)</li>
  373. <li><?php bugfix(66501); ?> (Add EC key support to php_openssl_is_private_key).</li>
  374. <li><?php bugfix(47030); ?> (add new boolean "verify_peer_name" SSL context option allowing clients to verify cert names separately from the cert itself). "verify_peer_name" is enabled by default for client streams.</li>
  375. <li><?php bugfix(65538); ?> ("cafile" SSL context option now supports stream wrappers).</li>
  376. <li>New openssl_get_cert_locations() function to aid CA file and peer verification debugging.</li>
  377. <li>Encrypted stream wrappers now disable TLS compression by default.</li>
  378. <li>New "capture_session_meta" SSL context option allows encrypted client and server streams access to negotiated protocol/cipher information.</li>
  379. <li>New "honor_cipher_order" SSL context option allows servers to prioritize cipher suites of their choosing when negotiating SSL/TLS handshakes.</li>
  380. <li>New "single_ecdh_use" and "single_dh_use" SSL context options allow for improved forward secrecy in encrypted stream servers.</li>
  381. <li>New "dh_param" SSL context option allows stream servers control over the parameters when negotiating DHE cipher suites.</li>
  382. <li>New "ecdh_curve" SSL context option allowing stream servers to specify the curve to use when negotiating ephemeral ECDHE ciphers (defaults to NIST P-256).</li>
  383. <li>New "rsa_key_size" SSL context option gives stream servers control over the key size (in bits) used for RSA key agreements.</li>
  384. <li>Crypto methods for encrypted client and server streams now use bitwise flags for fine-grained protocol support.</li>
  385. <li>Added new tlsv1.0 stream wrapper to specify TLSv1 client/server method. tls wrapper now negotiates TLSv1, TLSv1.1 or TLSv1.2.</li>
  386. <li>Encrypted client streams now enable SNI by default.</li>
  387. <li>Encrypted streams now prioritize ephemeral key agreement and high strength ciphers by default.</li>
  388. <li>New OPENSSL_DEFAULT_STREAM_CIPHERS constant exposes default cipher list.</li>
  389. <li>New STREAM_CRYPTO_METHOD_* constants for enhanced control over the crypto methods negotiated encrypted server/client sessions.</li>
  390. <li>Encrypted stream servers now automatically mitigate potential DoS vector arising from client-initiated TLS renegotiation. New "reneg_limit", "reneg_window" and "reneg_limit_callback" SSL context options for custom renegotiation limiting control.</li>
  391. <li>Fixed memory leak in windows cert verification on verify failure.</li>
  392. <li>Peer certificate capturing via SSL context options now functions even if peer verification fails.</li>
  393. <li>Encrypted TLS servers now support the server name indication TLS extension via the new "SNI_server_certs" SSL context option.</li>
  394. <li><?php bugfix(66833); ?> (Default disgest algo is still MD5, switch to SHA1).</li>
  395. <li><?php bugfix(66942); ?> (memory leak in openssl_seal()).</li>
  396. <li><?php bugfix(66952); ?> (memory leak in openssl_open()).</li>
  397. <li><?php bugfix(66840); ?> (Fix broken build when extension built separately).</li>
  398. </ul></li>
  399. <li>OPcache:
  400. <ul>
  401. <li>Added an optimization of class constants and constant calls to some internal functions (Laruence, Dmitry)</li>
  402. <li>Added an optimization pass to convert FCALL_BY_NAME into DO_FCALL.</li>
  403. <li>Added an optimization pass to merged identical constants (and related cache_slots) in op_array-&gt;literals table.</li>
  404. <li>Added script level constant replacement optimization pass.</li>
  405. <li>Added function opcache_is_script_cached().</li>
  406. <li>Added information about interned strings usage.</li>
  407. <li><?php bugfix(67215); ?> (php-cgi work with opcache, may be segmentation fault happen) (Dmitry, Laruence)</li>
  408. </ul></li>
  409. <li>PCRE:
  410. <ul>
  411. <li><?php bugfix(67238); ?> (Ungreedy and min/max quantifier bug, applied patch from the upstream).</li>
  412. <li>Upgraded to PCRE 8.34.</li>
  413. <li>Added support for (*MARK) backtracking verbs.</li>
  414. </ul></li>
  415. <li>pgsql:
  416. <ul>
  417. <li><?php bugfix(67550); ?> (Error in code "form" instead of "from", pgsql.c, line 756), which affected builds against libpq &lt; 7.3.</li>
  418. <li>pg_insert()/pg_select()/pg_update()/pg_delete() are no longer EXPERIMENTAL.</li>
  419. <li>Impremented FR <?php bugl(25854); ?> Return value for pg_insert should be resource instead of bool.</li>
  420. <li>Implemented FR <?php bugl(41146); ?> - Add "description" with exteneded flag pg_meta_data(). pg_meta_data(resource $conn, string $table [, bool extended]) It also made pg_meta_data() return "is enum" always.</li>
  421. <li>Read-only access to the socket stream underlying database connections is exposed via a new pg_socket() function to allow read/write polling when establishing asynchronous connections and executing queries in non-blocking applications.</li>
  422. <li>Asynchronous connections are now possible using the PGSQL_CONNECT_ASYNC flag in conjunction with a new pg_connect_poll() function and connection polling status constants.</li>
  423. <li>New pg_flush() and pg_consume_input() functions added to manually complete non-blocking reads/writes to underlying connection sockets.</li>
  424. <li>pg_version() returns full report which obtained by PQparameterStatus().</li>
  425. <li>Added pg_lo_truncate().</li>
  426. <li>Added 64bit large object support for PostgreSQL 9.3 and later.</li>
  427. <li><?php bugfix(67555); ?> (Cannot build against libpq 7.3).</li>
  428. </ul></li>
  429. <li>phpdbg:
  430. <ul>
  431. <li><?php bugfix(67575); ?> (Compilation fails for phpdbg when the build directory != src directory).</li>
  432. <li><?php bugfix(67499); ?> (readline feature not enabled when build with libedit).</li>
  433. <li>Fix issue krakjoe/phpdbg#94 (List behavior is inconsistent).</li>
  434. <li>Fix issue krakjoe/phpdbg#97 (The prompt should always ensure it is on a newline).</li>
  435. <li>Fix issue krakjoe/phpdbg#98 (break if does not seem to work).</li>
  436. <li>Fix issue krakjoe/phpdbg#99 (register function has the same behavior as run).</li>
  437. <li>Fix issue krakjoe/phpdbg#100 (No way to list the current stack/frames) (Help entry was missing).</li>
  438. <li>Fixed bug which caused phpdbg to fail immediately on startup in non-debug builds.</li>
  439. <li><?php bugfix(67212); ?> (phpdbg uses non-standard TIOCGWINSZ).</li>
  440. <li>Included phpdbg sapi (RFC: https://wiki.php.net/rfc/phpdbg).</li>
  441. <li>Added watchpoints (watch command).</li>
  442. <li>Renamed some commands (next =&gt; continue and how to step).</li>
  443. <li>Fixed issue #85 (https://github.com/krakjoe/phpdbg/issues/85) (Added stdin/stdout/stderr constants and their php:// wrappers).</li>
  444. </ul></li>
  445. <li>PDO:
  446. <ul>
  447. <li><?php bugfix(66604); ?> ('pdo/php_pdo_error.h' not copied to the include dir).</li>
  448. </ul></li>
  449. <li>PDO-ODBC:
  450. <ul>
  451. <li><?php bugfix(50444); ?> (PDO-ODBC changes for 64-bit).</li>
  452. </ul></li>
  453. <li>PDO_pgsql:
  454. <ul>
  455. <li><?php bugfix(42614); ?> (PDO_pgsql: add pg_get_notify support).</li>
  456. <li><?php bugfix(63657); ?> (pgsqlCopyFromFile, pgsqlCopyToArray use Postgres &lt; 7.3 syntax).</li>
  457. <li>Cleaned up code by increasing the requirements to libpq versions providing PQexecParams, PQprepare, PQescapeStringConn, PQescapeByteaConn. According to the release notes that means 8.0.8+ or 8.1.4+.</li>
  458. <li>Deprecated PDO::PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT, an undocument constant effectively equivalent to PDO::ATTR_EMULATE_PREPARES.</li>
  459. <li>Added PDO::PGSQL_ATTR_DISABLE_PREPARES constant to execute the queries without preparing them, while still passing parameters separately from the command text using PQexecParams.</li>
  460. </ul></li>
  461. <li>PDO_firebird:
  462. <ul>
  463. <li><?php bugfix(66071); ?> (memory corruption in error handling) (Popa)</li>
  464. </ul></li>
  465. <li>Phar:
  466. <ul>
  467. <li><?php bugfix(64498); ?> ($phar-&gt;buildFromDirectory can't compress file with an accent in its name).</li>
  468. <li><?php bugfix(67587); ?> (Redirection loop on nginx with FPM).</li>
  469. </ul></li>
  470. <li>readline:
  471. <ul>
  472. <li><?php bugfix(55496); ?> (Interactive mode doesn't force a newline before the prompt).</li>
  473. <li><?php bugfix(67496); ?> (Save command history when exiting interactive shell with control-c).</li>
  474. </ul></li>
  475. <li>Reflection:
  476. <ul>
  477. <li>Implemented FR <?php bugl(67713); ?> (loosen the restrictions on ReflectionClass::newInstanceWithoutConstructor()).</li>
  478. </ul></li>
  479. <li>Session:
  480. <ul>
  481. <li><?php bugfix(67694); ?> (Regression in session_regenerate_id()).</li>
  482. <li>Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).</li>
  483. <li><?php bugfix(66827); ?> (Session raises E_NOTICE when session name variable is array).</li>
  484. <li><?php bugfix(65315); ?> (session.hash_function silently fallback to default md5) (Yasuo)</li>
  485. <li>Implemented Request <?php bugl(17860); ?> (Session write short circuit).</li>
  486. <li>Implemented Request <?php bugl(20421); ?> (session_abort() and session_reset() function).</li>
  487. <li>Remove session_gc() and session_serializer_name() wich were introduced in the first 5.6.0 alpha.</li>
  488. </ul></li>
  489. <li>SimpleXML:
  490. <ul>
  491. <li><?php bugfix(66084); ?> (simplexml_load_string() mangles empty node name) (Anatol)</li>
  492. </ul></li>
  493. <li>SQLite:
  494. <ul>
  495. <li>Updated the bundled libsqlite to the version 3.8.3.1 (Anatol)</li>
  496. <li><?php bugfix(66967); ?> (Updated bundled libsqlite to 3.8.4.3).</li>
  497. </ul></li>
  498. <li>SOAP:
  499. <ul>
  500. <li>Implemented FR <?php bugl(49898); ?> (Add SoapClient::__getCookies()).</li>
  501. </ul></li>
  502. <li>SPL:
  503. <ul>
  504. <li>Revert fix for <?php bugl(67064); ?> (BC issues).</li>
  505. <li><?php bugfix(67539); ?> (ArrayIterator use-after-free due to object change during sorting). (CVE-2014-4698)</li>
  506. <li><?php bugfix(67538); ?> (SPL Iterators use-after-free). (CVE-2014-4670)</li>
  507. <li><?php bugfix(67492); ?> (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion). (CVE-2014-3515)</li>
  508. <li><?php bugfix(67359); ?> (Segfault in recursiveDirectoryIterator).</li>
  509. <li><?php bugfix(66127); ?> (Segmentation fault with ArrayObject unset).</li>
  510. <li>Fixed request <?php bugl(67453); ?> (Allow to unserialize empty data).</li>
  511. <li><?php bugfix(66834); ?> (empty() does not work on classes that extend ArrayObject) (Tjerk)</li>
  512. <li><?php bugfix(66702); ?> (RegexIterator::INVERT_MATCH does not invert).</li>
  513. </ul></li>
  514. <li>Standard:
  515. <ul>
  516. <li>Implemented FR <?php bugl(65634); ?> (HTTP wrapper is very slow with protocol_version 1.1).</li>
  517. <li>Implemented Change crypt() behavior w/o salt RFC. (Yasuo) https://wiki.php.net/rfc/crypt_function_salt</li>
  518. <li>Implemented request <?php bugl(49824); ?> (Change array_fill() to allow creating empty array).</li>
  519. </ul></li>
  520. <li>Streams:
  521. <ul>
  522. <li><?php bugfix(67430); ?> (http:// wrapper doesn't follow 308 redirects).</li>
  523. </ul></li>
  524. <li>Tokenizer:
  525. <ul>
  526. <li><?php bugfix(67395); ?> (token_name() does not return name for T_POW and T_POW_EQUAL token).</li>
  527. </ul></li>
  528. <li>XMLReader:
  529. <ul>
  530. <li><?php bugfix(55285); ?> (XMLReader::getAttribute/No/Ns methods inconsistency).</li>
  531. </ul></li>
  532. <li>XSL:
  533. <ul>
  534. <li><?php bugfix(53965); ?> (&lt;xsl:include&gt; cannot find files with relative paths when loaded with "file://").</li>
  535. </ul></li>
  536. <li>Zip:
  537. <ul>
  538. <li>update libzip to version 1.11.2. PHP don't use any ilibzip private symbol anymore.</li>
  539. <li>new method ZipArchive::setPassword($password).</li>
  540. <li>add --with-libzip option to build with system libzip.</li>
  541. <li>new methods: ZipArchive::setExternalAttributesName($name, $opsys, $attr [, $flags]) ZipArchive::setExternalAttributesIndex($idx, $opsys, $attr [, $flags]) ZipArchive::getExternalAttributesName($name, &amp;$opsys, &amp;$attr [, $flags]) ZipArchive::getExternalAttributesIndex($idx, &amp;$opsys, &amp;$attr [, $flags])</li>
  542. </ul></li>
  543. <li>Zlib:
  544. <ul>
  545. <li><?php bugfix(67865); ?> (internal corruption phar error). Mike</li>
  546. <li><?php bugfix(67724); ?> (chained zlib filters silently fail with large amounts of data).</li>
  547. </ul></li>
  548. </ul>
  549. <!-- }}} --></section>
  550. <section class="version" id="5.5.16"><!-- {{{ 5.5.16 -->
  551. <h3>Version 5.5.16</h3>
  552. <?php release_date('21-Aug-2014'); ?>
  553. <ul><li>COM:
  554. <ul>
  555. <li>Fixed missing type checks in com_event_sink.</li>
  556. </ul></li>
  557. <li>Core:
  558. <ul>
  559. <li><?php bugfix(67693); ?> (incorrect push to the empty array).</li>
  560. </ul></li>
  561. <li>Fileinfo:
  562. <ul>
  563. <li><?php bugfix(67705); ?> (extensive backtracking in rule regular expression).
  564. (CVE-2014-3538).</li>
  565. <li><?php bugfix(67716); ?> (Segfault in cdf.c). (CVE-2014-3587).</li>
  566. </ul></li>
  567. <li>FPM:
  568. <ul>
  569. <li><?php bugfix(67635); ?> (php links to systemd libraries without using pkg-config).</li>
  570. </ul></li>
  571. <li>GD:
  572. <ul>
  573. <li><?php bugfix(66901); ?> (php-gd 'c_color' NULL pointer dereference).
  574. (CVE-2014-2497).</li>
  575. <li><?php bugfix(67730); ?> (Null byte injection possible with imagexxx functions).
  576. (CVE-2014-5120).</li>
  577. </ul></li>
  578. <li>Milter:
  579. <ul>
  580. <li><?php bugfix(67715); ?> (php-milter does not build and crashes randomly).</li>
  581. </ul></li>
  582. <li>Network:
  583. <ul>
  584. <li><?php bugfix(67717); ?> (segfault in dns_get_record). (CVE-2014-3597).</li>
  585. </ul></li>
  586. <li>OpenSSL:
  587. <ul>
  588. <li>Fixed missing type checks in OpenSSL options.</li>
  589. </ul></li>
  590. <li>readline:
  591. <ul>
  592. <li><?php bugfix(55496); ?> (Interactive mode doesn't force a newline before the
  593. prompt).</li>
  594. <li><?php bugfix(67496); ?> (Save command history when exiting interactive shell
  595. with control-c).</li>
  596. </ul></li>
  597. <li>Sessions:
  598. <ul>
  599. <li>Fixed missing type checks in php_session_create_id.</li>
  600. </ul></li>
  601. <li>ODBC:
  602. <ul>
  603. <li><?php bugfix(60616); ?> (odbc_fetch_into returns junk data at end of multi-byte
  604. char fields).</li>
  605. </ul></li>
  606. </ul>
  607. <!-- }}} --></section>
  608. <section class="version" id="5.4.32"><!-- {{{ 5.4.32 -->
  609. <h3>Version 5.4.32</h3>
  610. <b>21-Aug-2014</b>
  611. <ul><li>Core:
  612. <ul>
  613. <li><?php bugfix(67717); ?> (segfault in dns_get_record) (CVE-2014-3597).</li>
  614. <li><?php bugfix(67693); ?> (incorrect push to the empty array)</li>
  615. </ul></li>
  616. <li>COM:
  617. <ul>
  618. <li>Fixed missing type checks in com_event_sink.</li>
  619. </ul></li>
  620. <li>Fileinfo:
  621. <ul>
  622. <li><?php bugfix(67705); ?> (extensive backtracking in rule regular expression) (CVE-2014-3538).</li>
  623. <li><?php bugfix(67716); ?> (Segfault in cdf.c) (CVE-2014-3587).</li>
  624. </ul></li>
  625. <li>GD:
  626. <ul>
  627. <li><?php bugfix(66901); ?> (php-gd 'c_color' NULL pointer dereference) (CVE-2014-2497).</li>
  628. <li><?php bugfix(67730); ?> (Null byte injection possible with imagexxx functions) (CVE-2014-5120).</li>
  629. </ul></li>
  630. <li>Milter:
  631. <ul>
  632. <li><?php bugfix(67715); ?> (php-milter does not build and crashes randomly).</li>
  633. </ul></li>
  634. <li>OpenSSL:
  635. <ul>
  636. <li>Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).</li>
  637. </ul></li>
  638. <li>Readline:
  639. <ul>
  640. <li><?php bugfix(55496); ?> (Interactive mode doesn't force a newline before the prompt).</li>
  641. <li><?php bugfix(67496); ?> (Save command history when exiting interactive shell with control-c).</li>
  642. </ul></li>
  643. <li>Sessions:
  644. <ul>
  645. <li>Fixed missing type checks in php_session_create_id.</li>
  646. </ul></li>
  647. <li>SPL:
  648. <ul>
  649. <li><?php bugfix(67539); ?> (ArrayIterator use-after-free due to object change during sorting) (CVE-2014-4698).</li>
  650. <li><?php bugfix(67538); ?> (SPL Iterators use-after-free) (CVE-2014-4670).</li>
  651. </ul></li>
  652. <li>ODBC:
  653. <ul>
  654. <li><?php bugfix(60616); ?> (odbc_fetch_into returns junk data at end of multi-byte char fields).</li>
  655. </ul></li>
  656. </ul>
  657. <!-- }}} --></section>
  658. <section class="version" id="5.3.29"><!-- {{{ 5.3.29 -->
  659. <h3>Version 5.3.29</h3>
  660. <?php release_date('14-Aug-2014'); ?>
  661. <ul><li>Core:
  662. <ul>
  663. <li><?php bugfix(66127); ?> (Segmentation fault with ArrayObject unset).</li>
  664. <li><?php bugfix(67247); ?> (spl_fixedarray_resize integer overflow).</li>
  665. <li><?php bugfix(67249); ?> (printf out-of-bounds read).</li>
  666. <li><?php bugfix(67250); ?> (iptcparse out-of-bounds read).</li>
  667. <li><?php bugfix(67252); ?> (convert_uudecode out-of-bounds read).</li>
  668. <li><?php bugfix(67359); ?> (Segfault in recursiveDirectoryIterator).</li>
  669. <li><?php bugfix(67390); ?> (insecure temporary file use in the configure script). (CVE-2014-3981)</li>
  670. <li><?php bugfix(67399); ?> (putenv with empty variable may lead to crash).</li>
  671. <li><?php bugfix(67492); ?> (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515).</li>
  672. <li><?php bugfix(67498); ?> (phpinfo() Type Confusion Information Leak Vulnerability).</li>
  673. </li>
  674. </ul></li>
  675. <li>COM:
  676. <ul>
  677. <li>Fixed missing type checks in com_event_sink.</li>
  678. </ul></li>
  679. <li>Date:
  680. <ul>
  681. <li><?php bugfix(66060); ?> (Heap buffer over-read in DateInterval). (CVE-2013-6712)</li>
  682. <li><?php bugfix(67251); ?> (date_parse_from_format out-of-bounds read).</li>
  683. <li><?php bugfix(67253); ?> (timelib_meridian_with_check out-of-bounds read).</li>
  684. </ul></li>
  685. <li>Exif:
  686. <ul>
  687. <li><?php bugfix(65873); ?> (Integer overflow in exif_read_data()).</li>
  688. </ul></li>
  689. <li>Fileinfo:
  690. <ul>
  691. <li><?php bugfix(66307); ?> (Fileinfo crashes with powerpoint files).</li>
  692. <li><?php bugfix(67326); ?> (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)</li>
  693. <li><?php bugfix(67327); ?> (fileinfo: CDF infinite loop in nelements DoS). (CVE-2014-0238)</li>
  694. <li><?php bugfix(67328); ?> (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation). (CVE-2014-0237)</li>
  695. <li><?php bugfix(67410); ?> (fileinfo: mconvert incorrect handling of truncated pascal string size) (CVE-2014-3478).</li>
  696. <li><?php bugfix(67411); ?> (fileinfo: cdf_check_stream_offset insufficient boundary check) (CVE-2014-3479).</li>
  697. <li><?php bugfix(67412); ?> (fileinfo: cdf_count_chain insufficient boundary check) (CVE-2014-3480).</li>
  698. <li><?php bugfix(67413); ?> (fileinfo: cdf_read_property_info insufficient boundary check) (CVE-2014-3487).</li>
  699. </ul></li>
  700. <li>Intl:
  701. <ul>
  702. <li><?php bugfix(67349); ?> (Locale::parseLocale Double Free).</li>
  703. <li><?php bugfix(67397); ?> (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)).</li>
  704. </ul></li>
  705. <li>Network:
  706. <ul>
  707. <li><?php bugfix(67432); ?> (Fix potential segfault in dns_get_record()). (CVE-2014-4049)</li>
  708. </ul></li>
  709. <li>OpenSSL:
  710. <ul>
  711. <li>Fixed missing type checks in OpenSSL options.</li>
  712. </ul></li>
  713. <li>Session:
  714. <ul>
  715. <li>Fixed missing type checks in php_session_create_id.</li>
  716. </ul></li>
  717. </ul>
  718. <!-- }}} --></section>
  719. <section class="version" id="5.5.15"><!-- {{{ 5.5.15 -->
  720. <h3>Version 5.5.15</h3>
  721. <?php release_date('24-Jul-2014'); ?>
  722. <ul><li>CLI server:
  723. <ul>
  724. <li><?php bugfix(67429); ?> (CLI server is missing some new HTTP response codes).</li>
  725. <li><?php bugfix(66830); ?> (Empty header causes PHP built-in web server to hang).</li>
  726. </ul></li>
  727. <li>Core:
  728. <ul>
  729. <li><?php bugfix(67428); ?> (header('Location: foo') will override a 308-399 response
  730. code).</li>
  731. <li><?php bugfix(67436); ?> (Autoloader isn't called if two method definitions don't
  732. match).</li>
  733. <li><?php bugfix(67091); ?> (make install fails to install libphp5.so on FreeBSD 10.0).</li>
  734. <li><?php bugfix(67497); ?> eval with parse error causes segmentation fault in
  735. generator).</li>
  736. <li><?php bugfix(67151); ?> (strtr with empty array crashes).</li>
  737. <li><?php bugfix(67407); ?> (Windows 8.1/Server 2012 R2 reported as Windows 8/Server
  738. 2012).</li>
  739. </ul></li>
  740. <li>FPM:
  741. <ul>
  742. <li><?php bugfix(67530); ?> (error_log=syslog ignored).</li>
  743. <li><?php bugfix(67531); ?> (syslog cannot be set in pool configuratio).</li>
  744. </ul></li>
  745. <li>Intl:
  746. <ul>
  747. <li><?php bugfix(66921); ?> (Wrong argument type hint for function
  748. intltz_from_date_time_zone).</li>
  749. <li><?php bugfix(67052); ?> (NumberFormatter::parse() resets LC_NUMERIC setting).</li>
  750. </ul></li>
  751. <li>OPCache:
  752. <ul>
  753. <li><?php bugfix(67215); ?> (php-cgi work with opcache, may be segmentation fault
  754. happen).</li>
  755. </ul></li>
  756. <li>pgsql:
  757. <ul>
  758. <li><?php bugfix(67550); ?> (Error in code "form" instead of "from", pgsql.c, line 756),
  759. which affected builds against libpq &lt; 7.3).</li>
  760. </ul></li>
  761. <li>Phar:
  762. <ul>
  763. <li><?php bugfix(67587); ?> (Redirection loop on nginx with FPM).</li>
  764. </ul></li>
  765. <li>SPL:
  766. <ul>
  767. <li><?php bugfix(67539); ?> (ArrayIterator use-after-free due to object change during
  768. sorting). (CVE-2014-4698)</li>
  769. <li><?php bugfix(67538); ?> (SPL Iterators use-after-free) (CVE-2014-4670).</li>
  770. </ul></li>
  771. <li>Streams:
  772. <ul>
  773. <li><?php bugfix(67430); ?> (http:// wrapper doesn't follow 308 redirects).</li>
  774. </ul></li>
  775. </ul>
  776. <!-- }}} --></section>
  777. <section class="version" id="5.4.31"><!-- {{{ 5.4.31 -->
  778. <h3>Version 5.4.31</h3>
  779. <b>24-Jul-2014</b>
  780. <ul><li>Core:
  781. <ul>
  782. <li><?php bugfix(67428); ?> (header('Location: foo') will override a 308-399 response code).</li>
  783. <li><?php bugfix(67436); ?> (Autoloader isn't called if two method definitions don't match).</li>
  784. <li><?php bugfix(67091); ?> (make install fails to install libphp5.so on FreeBSD 10.0).</li>
  785. <li><?php bugfix(67151); ?> (strtr with empty array crashes).</li>
  786. <li><?php bugfix(67407); ?> (Windows 8.1/Server 2012 R2 reported as Windows 8/Server 2012).</li>
  787. </ul></li>
  788. <li>CLI server:
  789. <ul>
  790. <li>Implemented FR <?php bugl(67429); ?> (CLI server is missing some new HTTP response codes).</li>
  791. <li><?php bugfix(66830); ?> (Empty header causes PHP built-in web server to hang).</li>
  792. </ul></li>
  793. <li>FPM:
  794. <ul>
  795. <li><?php bugfix(67530); ?> (error_log=syslog ignored).</li>
  796. <li><?php bugfix(67531); ?> (syslog cannot be set in pool configuration).</li>
  797. </ul></li>
  798. <li>Intl:
  799. <ul>
  800. <li><?php bugfix(67052); ?> (NumberFormatter::parse() resets LC_NUMERIC setting).</li>
  801. </ul></li>
  802. <li>pgsql:
  803. <ul>
  804. <li><?php bugfix(67550); ?> (Error in code "form" instead of "from", pgsql.c, line 756), which affected builds against libpq &lt; 7.3.</li>
  805. </ul></li>
  806. <li>Phar:
  807. <ul>
  808. <li><?php bugfix(67587); ?> (Redirection loop on nginx with FPM).</li>
  809. </ul></li>
  810. <li>Streams:
  811. <ul>
  812. <li><?php bugfix(67430); ?> (http:// wrapper doesn't follow 308 redirects).</li>
  813. </ul></li>
  814. </ul>
  815. <!-- }}} --></section>
  816. <section class="version" id="5.5.14"><!-- {{{ 5.5.14 -->
  817. <h3>Version 5.5.14</h3>
  818. <?php release_date('26-Jun-2014'); ?>
  819. <ul><li>CLI server:
  820. <ul>
  821. <li><?php bugfix(67406); ?> (built-in web-server segfaults on startup).</li>
  822. </ul></li>
  823. <li>Core:
  824. <ul>
  825. <li><?php bugfix(66622); ?> (Closures do not correctly capture the late bound class
  826. (static::) in some cases).</li>
  827. <li><?php bugfix(67390); ?> (insecure temporary file use in the configure script).
  828. (CVE-2014-3981).</li>
  829. <li><?php bugfix(67399); ?> (putenv with empty variable may lead to crash).</li>
  830. <li><?php bugfix(67498); ?> (phpinfo() Type Confusion Information Leak Vulnerability).</li>
  831. <li>Fixed BC break introduced by patch for bug <?php bugl(67072); ?>.</li>
  832. </ul></li>
  833. <li>Date:
  834. <ul>
  835. <li><?php bugfix(67308); ?> (Serialize of DateTime truncates fractions of second).</li>
  836. <li>Fixed regression in fix for bug #67118 (constructor can't be called twice).</li>
  837. </ul></li>
  838. <li>Fileinfo:
  839. <ul>
  840. <li><?php bugfix(67326); ?> (cdf_read_short_sector insufficient boundary check).
  841. (CVE-2014-0207)).</li>
  842. <li><?php bugfix(67410); ?> (mconvert incorrect handling of truncated pascal
  843. string size). (CVE-2014-3478).</li>
  844. <li><?php bugfix(67411); ?> (cdf_check_stream_offset insufficient boundary
  845. check). (CVE-2014-3479).</li>
  846. <li><?php bugfix(67412); ?> (cdf_count_chain insufficient boundary check).
  847. (CVE-2014-3480).</li>
  848. <li><?php bugfix(67413); ?> (cdf_read_property_info insufficient boundary
  849. check). (CVE-2014-3487).</li>
  850. </ul></li>
  851. <li>Intl:
  852. <ul>
  853. <li><?php bugfix(67349); ?> (Locale::parseLocale Double Free).</li>
  854. <li><?php bugfix(67397); ?> (Buffer overflow in locale_get_display_name and
  855. uloc_getDisplayName (libicu 4.8.1)).</li>
  856. </ul></li>
  857. <li>Network:
  858. <ul>
  859. <li><?php bugfix(67432); ?> (Fix potential segfault in dns_get_record()).
  860. (CVE-2014-4049)).</li>
  861. </ul></li>
  862. <li>OPCache:
  863. <ul>
  864. <li>Fixed issue #183 (TMP_VAR is not only used once).</li>
  865. </ul></li>
  866. <li>OpenSSL:
  867. <ul>
  868. <li><?php bugfix(65698); ?> (certificates validity parsing does not work past 2050).</li>
  869. <li><?php bugfix(66636); ?> (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).</li>
  870. </ul></li>
  871. <li>PDO-ODBC:
  872. <ul>
  873. <li><?php bugfix(50444); ?> (PDO-ODBC changes for 64-bit).</li>
  874. </ul></li>
  875. <li>SOAP:
  876. <ul>
  877. <li>Implemented FR #49898 (Add SoapClient::__getCookies()).</li>
  878. </ul></li>
  879. <li>SPL:
  880. <ul>
  881. <li><?php bugfix(66127); ?> (Segmentation fault with ArrayObject unset).</li>
  882. <li><?php bugfix(67359); ?> (Segfault in recursiveDirectoryIterator).</li>
  883. <li><?php bugfix(67360); ?> (Missing element after ArrayObject::getIterator).</li>
  884. <li><?php bugfix(67492); ?> (unserialize() SPL ArrayObject / SPLObjectStorage Type
  885. Confusion). (CVE-2014-3515).</li>
  886. </ul></li>
  887. </ul>
  888. <!-- }}} --></section>
  889. <section class="version" id="5.4.30"><!-- {{{ 5.4.30 -->
  890. <h3>Version 5.4.30</h3>
  891. <b>26-Jun-2014</b>
  892. <ul><li>Core:
  893. <ul>
  894. <li>Fixed BC break introduced by patch for bug <?php bugl(67072); ?>.</li>
  895. <li><?php bugfix(66622); ?> (Closures do not correctly capture the late bound class (static::) in some cases).</li>
  896. <li><?php bugfix(67390); ?> (insecure temporary file use in the configure script) (CVE-2014-3981).</li>
  897. <li><?php bugfix(67399); ?> (putenv with empty variable may lead to crash).</li>
  898. <li><?php bugfix(67498); ?> (phpinfo() Type Confusion Information Leak Vulnerability).</li>
  899. </ul></li>
  900. <li>CLI server:
  901. <ul>
  902. <li><?php bugfix(67406); ?> (built-in web-server segfaults on startup).</li>
  903. </ul></li>
  904. <li>Date:
  905. <ul>
  906. <li><?php bugfix(67308); ?> (Serialize of DateTime truncates fractions of second).</li>
  907. <li>Fixed regression in fix for bug <?php bugl(67118); ?> (constructor can't be called twice).</li>
  908. </ul></li>
  909. <li>Fileinfo:
  910. <ul>
  911. <li><?php bugfix(67326); ?> (fileinfo: cdf_read_short_sector insufficient boundary check) (CVE-2014-0207).</li>
  912. <li><?php bugfix(67410); ?> (fileinfo: mconvert incorrect handling of truncated pascal string size) (CVE-2014-3478).</li>
  913. <li><?php bugfix(67411); ?> (fileinfo: cdf_check_stream_offset insufficient boundary check) (CVE-2014-3479).</li>
  914. <li><?php bugfix(67412); ?> (fileinfo: cdf_count_chain insufficient boundary check) (CVE-2014-3480).</li>
  915. <li><?php bugfix(67413); ?> (fileinfo: cdf_read_property_info insufficient boundary check) (CVE-2014-3487).</li>
  916. </ul></li>
  917. <li>Intl:
  918. <ul>
  919. <li><?php bugfix(67349); ?> (Locale::parseLocale Double Free).</li>
  920. <li><?php bugfix(67397); ?> (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)).</li>
  921. </ul></li>
  922. <li>Network:
  923. <ul>
  924. <li><?php bugfix(67432); ?> (Fix potential segfault in dns_get_record()) (CVE-2014-4049).</li>
  925. </ul></li>
  926. <li>OpenSSL:
  927. <ul>
  928. <li><?php bugfix(65698); ?> (certificates validity parsing does not work past 2050).</li>
  929. <li><?php bugfix(66636); ?> (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).</li>
  930. </ul></li>
  931. <li>SOAP:
  932. <ul>
  933. <li>Implemented FR <?php bugl(49898); ?> (Add SoapClient::__getCookies()).</li>
  934. </ul></li>
  935. <li>SPL:
  936. <ul>
  937. <li><?php bugfix(66127); ?> (Segmentation fault with ArrayObject unset).</li>
  938. <li><?php bugfix(67359); ?> (Segfault in recursiveDirectoryIterator).</li>
  939. <li><?php bugfix(67360); ?> (Missing element after ArrayObject::getIterator).</li>
  940. <li><?php bugfix(67492); ?> (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515).</li>
  941. </ul></li>
  942. </ul>
  943. <!-- }}} --></section>
  944. <section class="version" id="5.5.13"><!-- {{{ 5.5.13 -->
  945. <h3>Version 5.5.13</h3>
  946. <?php release_date('29-May-2014'); ?>
  947. <ul><li>CLI server:
  948. <ul>
  949. <li><?php bugfix(67079); ?> (Missing MIME types for XML/XSL files).</li>
  950. </ul></li>
  951. <li>COM:
  952. <ul>
  953. <li><?php bugfix(66431); ?> (Special Character via COM Interface (CP_UTF8)).</li>
  954. </ul></li>
  955. <li>Core:
  956. <ul>
  957. <li><?php bugfix(65701); ?> (copy() doesn't work when destination filename is created
  958. by tempnam()).</li>
  959. <li><?php bugfix(67072); ?> (Echoing unserialized "SplFileObject" crash).</li>
  960. <li><?php bugfix(67245); ?> (usage of memcpy() with overlapping src and dst in
  961. zend_exceptions.c).</li>
  962. <li><?php bugfix(67247); ?> (spl_fixedarray_resize integer overflow).</li>
  963. <li><?php bugfix(67249); ?> (printf out-of-bounds read).</li>
  964. <li><?php bugfix(67250); ?> (iptcparse out-of-bounds read).</li>
  965. </ul></li>
  966. <li>cURL:
  967. <ul>
  968. <li><?php bugfix(64247); ?> (CURLOPT_INFILE doesn't allow reset).</li>
  969. </ul></li>
  970. <li>Date:
  971. <ul>
  972. <li><?php bugfix(67118); ?> (DateTime constructor crash with invalid data).</li>
  973. <li><?php bugfix(67251); ?> (date_parse_from_format out-of-bounds read).</li>
  974. <li><?php bugfix(67253); ?> (timelib_meridian_with_check out-of-bounds read).</li>
  975. </ul></li>
  976. <li>DOM:
  977. <ul>
  978. <li><?php bugfix(67081); ?> (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
  979. not only the subset).</li>
  980. </ul></li>
  981. <li>Fileinfo:
  982. <ul>
  983. <li><?php bugfix(66307); ?> (Fileinfo crashes with powerpoint f

Large files files are truncated, but you can click here to view the full file