. Fixed bug #68714 (copy 'n paste error). (cmb)
. Fixed bug #66339 (PHP segfaults in imagexbm). (cmb)
. Fixed bug #70047 (gd_info() doesn't report WebP support). (cmb)
+ . Replace libvpx with libwebp for bundled libgd. (cmb, Anatol)
+ . Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb)
+ . Made fontFetch's path parser thread-safe. (Sara)
+ . Removed T1Lib support. (Kalle)
-- ODBC:
- . Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined
- columns). (CVE-2015-8879) (cmb)
+- GMP:
+ . Fixed bug #70284 (Use after free vulnerability in unserialize() with GMP).
+ (stas)
-- OpenSSL:
- . Fixed bug #69882 (OpenSSL error "key values mismatch" after
- openssl_pkcs12_read with extra cert). (Tomasz Sawicki)
- . Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically
- secure). (CVE-2015-8867) (Stas)
+- hash:
+ . Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee
+ at naver dot com)
-- Phar:
- . Improved fix for bug #69441. (Anatol Belski)
- . Fixed bug #70019 (Files extracted from archive may be placed outside of
- destination directory). (CVE-2015-6833) (Anatol Belski)
+- IMAP:
+ . Fixed bug #70158 (Building with static imap fails). (cmb)
+ . Fixed bug #69998 (curl multi leaking memory). (Pierrick)
-- SOAP:
- . Fixed bug #70081 (SoapClient info leak / null pointer dereference via
- multiple type confusions). (Stas)
+- Intl:
+ . Fixed bug #70453 (IntlChar::foldCase() incorrect arguments and missing
+ constants). (cmb)
+ . Fixed bug #70454 (IntlChar::forDigit second parameter should be optional).
+ (cmb, colinodell)
+ . Removed deprecated aliases datefmt_set_timezone_id() and
+ IntlDateFormatter::setTimeZoneID(). (Nikita)
-- SPL:
- . Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject
- items). (CVE-2015-6832) (sean.heelan)
- . Fixed bug #70166 (Use After Free Vulnerability in unserialize() with
- SPLArrayObject). (CVE-2015-6831) (taoguangchen at icloud dot com)
- . Fixed bug #70168 (Use After Free Vulnerability in unserialize() with
- SplObjectStorage). (CVE-2015-6831) (taoguangchen at icloud dot com)
- . Fixed bug #70169 (Use After Free Vulnerability in unserialize() with
- SplDoublyLinkedList). (CVE-2015-6831) (taoguangchen at icloud dot com)
+- JSON:
+ . Fixed bug #62010 (json_decode produces invalid byte-sequences).
+ (Jakub Zelenka)
+ . Fixed bug #68546 (json_decode() Fatal error: Cannot access property
+ started with '\0'). (Jakub Zelenka)
+ . Replace non-free JSON parser with a parser from Jsond extension, fixes #63520
+ (JSON extension includes a problematic license statement). (Jakub Zelenka)
+ . Fixed bug #68938 (json_decode() decodes empty string without error).
+ (jeremy at bat-country dot us)
-- Standard:
- . Fixed bug #70096 (Repeated iptcembed() adds superfluous FF bytes). (cmb)
+- LDAP:
+ . Fixed bug #47222 (Implement LDAP_OPT_DIAGNOSTIC_MESSAGE). (Andreas Heigl)
-09 Jul 2015, PHP 5.6.11
+- LiteSpeed:
+ . Updated LiteSpeed SAPI code from V5.5 to V6.6. (George Wang)
-- Core:
- . Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb)
- . Fixed bug #69703 (Use __builtin_clzl on PowerPC).
- (dja at axtens dot net, Kalle)
- . Fixed bug #69732 (can induce segmentation fault with basic php code).
- (Dmitry)
- . Fixed bug #69642 (Windows 10 reported as Windows 8).
- (Christian Wenz, Anatol Belski)
- . Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation
- fault). (Christoph M. Becker)
- . Fixed bug #69781 (phpinfo() reports Professional Editions of Windows
- 7/8/8.1/10 as "Business"). (Christian Wenz)
- . Fixed bug #69740 (finally in generator (yield) swallows exception in
- iteration). (Nikita)
- . Fixed bug #69835 (phpinfo() does not report many Windows SKUs).
- (Christian Wenz)
- . Fixed bug #69892 (Different arrays compare indentical due to integer key
- truncation). (Nikita)
- . Fixed bug #69874 (Can't set empty additional_headers for mail()), regression
- from fix to bug #68776. (Yasuo)
+- libxml:
+ . Fixed handling of big lines in error messages with libxml >= 2.9.0.
+ (Christoph M. Becker)
-- GD:
- . Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb)
+- Mcrypt:
+ . Fixed bug #70625 (mcrypt_encrypt() won't return data when no IV was
+ specified under RC4). (Nikita)
+ . Fixed bug #69833 (mcrypt fd caching not working). (Anatol)
+ . Fixed possible read after end of buffer and use after free. (Dmitry)
+ . Removed mcrypt_generic_end() alias. (Nikita)
+ . Removed mcrypt_ecb(), mcrypt_cbc(), mcrypt_cfb(), mcrypt_ofb(). (Nikita)
-- GMP:
- . Fixed bug #69803 (gmp_random_range() modifies second parameter if GMP
- number). (Nikita)
+- Mysqli:
+ . Fixed bug #32490 (constructor of mysqli has wrong name). (cmb)
- Mysqlnd:
- . Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM). (CVE-2015-3152)
- (Andrey)
-
-- PCRE:
- . Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the
- string). (cmb)
- . Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab)
-
-- PDO_pgsql:
- . Fixed bug #69752 (PDOStatement::execute() leaks memory with DML
- Statements when closeCuror() is u). (Philip Hofstetter)
- . Fixed bug #69362 (PDO-pgsql fails to connect if password contains a
- leading single quote). (Matteo)
- . Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps).
- (Matteo)
-
-- Phar:
- . Fixed bug #69958 (Segfault in Phar::convertToData on invalid file).
- (CVE-2015-5589) (Stas)
- . Fixed bug #69923 (Buffer overflow and stack smashing error in
- phar_fix_filepath). (CVE-2015-5590) (Stas)
-
-- SimpleXML:
- . Refactored the fix for bug #66084 (simplexml_load_string() mangles empty
- node name). (Christoph Michael Becker)
-
-- SPL:
- . Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error).
- (Stas)
- . Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian Gustavo Veiga).
- . Fixed bug #69970 (Use-after-free vulnerability in
- spl_recursive_it_move_forward_ex()). (Laruence)
-
-- Sqlite3:
- . Fixed bug #69972 (Use-after-free vulnerability in
- sqlite3SafetyCheckSickOrOk()). (Laruence)
-
-11 Jun 2015, PHP 5.6.10
-
-- Core:
- . Fixed bug #66048 (temp. directory is cached during multiple requests).
- (Julien)
- . Fixed bug #69566 (Conditional jump or move depends on uninitialised value
- in extension trait). (jbboehr at gmail dot com)
- . Fixed bug #69599 (Strange generator+exception+variadic crash). (Nikita)
- . Fixed bug #69628 (complex GLOB_BRACE fails on Windows).
- (Christoph M. Becker)
- . Fixed POST data processing slowdown due to small input buffer size
- on Windows. (Jorge Oliveira, Anatol)
- . Fixed bug #69646 (OS command injection vulnerability in escapeshellarg).
- (CVE-2015-4642) (Anatol Belski)
- . Fixed bug #69719 (Incorrect handling of paths with NULs). (CVE-2015-4598)
- (Stas)
-
-- FTP
- . Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in
- heap overflow). (CVE-2015-4643) (Max Spelsberg)
-
-- GD:
- . Fixed bug #69479 (GD fails to build with newer libvpx). (Remi)
-
-- Iconv:
- . Fixed bug #48147 (iconv with //IGNORE cuts the string). (Stas)
-
-- Litespeed SAPI:
- . Fixed bug #68812 (Unchecked return value). (George Wang)
-
-- Mail:
- . Fixed bug #68776 (mail() does not have mail header injection prevention for
- additional headers). (Yasuo)
-
-- MCrypt:
- . Added file descriptor caching to mcrypt_create_iv() (Leigh)
-
-- Opcache
- . Fixed bug #69549 (Memory leak with opcache.optimization_level=0xFFFFFFFF).
- (Laruence, Dmitry)
-
-- PCRE
- . Upgraded pcrelib to 8.37. (CVE-2015-2325, CVE-2015-2326)
-
-- Phar:
- . Fixed bug #69680 (phar symlink in binary directory broken).
- (Matteo Bernardini, Remi)
-
-- Postgres:
- . Fixed bug #69667 (segfault in php_pgsql_meta_data). (CVE-2015-4644) (Remi)
-
-- Sqlite3:
- . Upgrade bundled sqlite to 3.8.10.2. (CVE-2015-3414, CVE-2015-3415,
- CVE-2015-3416) (Kaplan)
-
-14 May 2015, PHP 5.6.9
-
-- Core:
- . Fixed bug #69467 (Wrong checked for the interface by using Trait).
+ . Fixed bug #70949 (SQL Result Sets With NULL Can Cause Fatal Memory Errors).
(Laruence)
- . Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)
- . Fixed bug #60022 ("use statement [...] has no effect" depends on leading
- backslash). (Nikita)
- . Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer).
- (Dmitry)
- . Fixed bug #68652 (segmentation fault in destructor). (Dmitry)
- . Fixed bug #69419 (Returning compatible sub generator produces a warning).
- (Nikita)
- . Fixed bug #69472 (php_sys_readlink ignores misc errors from
- GetFinalPathNameByHandleA). (Jan Starke)
- . Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability).
- (CVE-2015-4024) (Stas)
- . Fixed bug #69403 (str_repeat() sign mismatch based memory corruption).
- (Stas)
- . Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (CVE-2015-4025)
- (Stas)
- . Fixed bug #69522 (heap buffer overflow in unpack()). (Stas)
+ . Fixed bug #70384 (mysqli_real_query():Unknown type 245 sent by the server).
+ (Andrey)
+ . Fixed bug #70456 (mysqlnd doesn't activate TCP keep-alive when connecting to
+ a server). (Sergei Turchanov)
+ . Fixed bug #70572 segfault in mysqlnd_connect. (Andrey, Remi)
+ . Fixed Bug #69796 (mysqli_stmt::fetch doesn't assign null values to
+ bound variables). (Laruence)
-- FTP:
- . Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap
- overflow). (CVE-2015-4022) (Stas)
+- OCI8:
+ . Fixed memory leak with LOBs. (Senthil)
+ . Fixed bug #68298 (OCI int overflow) (Senthil).
+ . Corrected oci8 hash destructors to prevent segfaults, and a few other fixes.
+ (Cameron Porter)
- ODBC:
- . Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0).
+ . Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined
- columns). (cmb)
++ columns). (CVE-2015-8879) (cmb)
+
+- Opcache:
+ . Fixed bug #70656 (require() statement broken after opcache_reset() or a
+ few hours of use). (Laruence)
+ . Fixed bug #70843 (Segmentation fault on MacOSX with
+ opcache.file_cache_only=1). (Laruence)
+ . Fixed bug #70724 (Undefined Symbols from opcache.so on Mac OS X 10.10).
+ (Laruence)
+ . Fixed compatibility with Windows 10 (see also bug #70652). (Anatol)
+ . Attmpt to fix "Unable to reattach to base address" problem. (Matt Ficken)
+ . Fixed bug #70423 (Warning Internal error: wrong size calculation). (Anatol)
+ . Fixed bug #70237 (Empty while and do-while segmentation fault with opcode
+ on CLI enabled). (Dmitry, Laruence)
+ . Fixed bug #70111 (Segfault when a function uses both an explicit return
+ type and an explicit cast). (Laruence)
+ . Fixed bug #70058 (Build fails when building for i386). (Laruence)
+ . Fixed bug #70022 (Crash with opcache using opcache.file_cache_only=1).
(Anatol)
- . Fixed bug #69474 (ODBC: Query with same field name from two tables returns
- incorrect result). (Anatol)
- . Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall,
- Anatol Belski)
+ . Removed opcache.load_comments configuration directive. Now doc comments
+ loading costs nothing and always enabled. (Dmitry)
+ . Fixed bug #69838 (Wrong size calculation for function table). (Anatol)
+ . Fixed bug #69688 (segfault with eval and opcache fast shutdown).
+ (Laruence)
+ . Added experimental (disabled by default) file based opcode cache.
+ (Dmitry, Laruence, Anatol)
+ . Fixed bug with try blocks being removed when extended_info opcode
+ generation is turned on. (Laruence)
+ . Fixed bug #68644 (strlen incorrect : mbstring + func_overload=2 +UTF-8
+ + Opcache). (Laruence)
- OpenSSL:
- . Fixed bug #69402 (Reading empty SSL stream hangs until timeout).
- (Daniel Lowrey)
-
-- PCNTL:
- . Fixed bug #68598 (pcntl_exec() should not allow null char). (CVE-2015-4026)
- (Stas)
-
-- Phar:
- . Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry
- filename starts with null). (CVE-2015-4021) (Stas)
-
-16 Apr 2015, PHP 5.6.8
-
-- Core:
- . Fixed bug #66609 (php crashes with __get() and ++ operator in some cases).
- (Dmitry, Laruence)
- . Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8
- characters). (Tjerk)
- . Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai)
- . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
- configuration options). (Anatol Belski)
- . Additional fix for bug #69152 (Type confusion vulnerability in
- exception::getTraceAsString). (Stas)
- . Fixed bug #69210 (serialize function return corrupted data when sleep has
- non-string values). (Juan Basso)
- . Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in
- __call/... arg passing). (Nikita)
- . Fixed bug #69221 (Segmentation fault when using a generator in combination
- with an Iterator). (Nikita)
- . Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion
- vulnerability). (Stas)
- . Fixed bug #69353 (Missing null byte checks for paths in various PHP
- extensions). (Stas)
-
-- Apache2handler:
- . Fixed bug #69218 (potential remote code execution with apache 2.4
- apache2handler). (Gerrit Venema)
-
-- cURL:
- . Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)
- . Fixed bug #68739 (Missing break / control flow). (Laruence)
- . Fixed bug #69316 (Use-after-free in php_curl related to
- CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)
-
-- Date:
- . Fixed bug #69336 (Issues with "last day of <monthname>"). (Derick Rethans)
-
-- Enchant:
- . Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows
- builds). (Anatol)
+ . Require at least OpenSSL version 0.9.8. (Jakub Zelenka)
+ . Fixed bug #68312 (Lookup for openssl.cnf causes a message box). (Anatol)
+ . Fixed bug #55259 (openssl extension does not get the DH parameters from
+ DH key resource). (Jakub Zelenka)
+ . Fixed bug #70395 (Missing ARG_INFO for openssl_seal()). (cmb)
+ . Fixed bug #60632 (openssl_seal fails with AES). (Jakub Zelenka)
+ . Implemented FR #70438 (Add IV parameter for openssl_seal and openssl_open)
+ (Jakub Zelenka)
+ . Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically
+ secure). (CVE-2015-8867) (Stas)
+ . Fixed bug #69882 (OpenSSL error "key values mismatch" after
+ openssl_pkcs12_read with extra cert). (Tomasz Sawicki)
+ . Added "alpn_protocols" SSL context option allowing encrypted client/server
+ streams to negotiate alternative protocols using the ALPN TLS extension when
+ built against OpenSSL 1.0.2 or newer. Negotiated protocol information is
+ accessible through stream_get_meta_data() output.
+ . Removed "CN_match" and "SNI_server_name" SSL context options. Use automatic
+ detection or the "peer_name" option instead. (Nikita)
+
+- Pcntl:
+ . Fixed bug #70386 (Can't compile on NetBSD because of missing WCONTINUED
+ and WIFCONTINUED). (Matteo)
+ . Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler
+ when setting SIG_DFL). (Julien)
+ . Implemented FR #68505 (Added wifcontinued and wcontinued). (xilon-jul)
+ . Added rusage support to pcntl_wait() and pcntl_waitpid(). (Anton Stepanenko,
+ Tony)
-- Ereg:
- . Fixed bug #68740 (NULL Pointer Dereference). (Laruence)
+- PCRE:
+ . Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string
+ match). (cmb)
+ . Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
+ (Anatol Belski)
+ . Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string
+ match). (cmb)
+ . Fixed bug #53823 (preg_replace: * qualifier on unicode replace garbles the
+ string). (cmb)
+ . Fixed bug #69864 (Segfault in preg_replace_callback). (cmb, ab)
-- Fileinfo:
- . Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or
- segfault). (Anatol Belski)
+- PDO:
+ . Fixed bug #70861 (Segmentation fault in pdo_parse_params() during Drupal 8
+ test suite). (Anatol)
+ . Fixed bug #70389 (PDO constructor changes unrelated variables). (Laruence)
+ . Fixed bug #70272 (Segfault in pdo_mysql). (Laruence)
+ . Fixed bug #70221 (persistent sqlite connection + custom function
+ segfaults). (Laruence)
+ . Removed support for the /e (PREG_REPLACE_EVAL) modifier. (Nikita)
+ . Fixed bug #59450 (./configure fails with "Cannot find php_pdo_driver.h").
+ (maxime dot besson at smile dot fr)
-- Filter:
- . Fixed bug #69202 (FILTER_FLAG_STRIP_BACKTICK ignored unless other
- flags are used). (Jeff Welch)
- . Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff
- Welch)
+- PDO_DBlib:
+ . Fixed bug #69757 (Segmentation fault on nextRowset).
+ (miracle at rpz dot name)
-- Mbstring:
- . Fixed bug #68846 (False detection of CJK Unified Ideographs Extension E).
- (Masaki Kagaya)
+- PDO_mysql:
+ . Fixed bug #68424 (Add new PDO mysql connection attr to control multi
+ statements option). (peter dot wolanin at acquia dot com)
-- OPCache:
- . Fixed bug #69297 (function_exists strange behavior with OPCache on
- disabled function). (Laruence)
- . Fixed bug #69281 (opcache_is_script_cached no longer works). (danack)
- . Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence)
+- PDO_OCI:
+ . Fixed bug #70308 (PDO::ATTR_PREFETCH is ignored). (Chris Jones)
-- OpenSSL:
- . Fixed bugs #68853, #65137 (Buffered crypto stream data breaks IO polling
- in stream_select() contexts) (Chris Wright)
- . Fixed bug #69197 (openssl_pkcs7_sign handles default value incorrectly)
- (Daniel Lowrey)
- . Fixed bug #69215 (Crypto servers should send client CA list)
- (Daniel Lowrey)
- . Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)
+- PDO_pgsql:
+ . Fixed bug #69752 (PDOStatement::execute() leaks memory with DML
+ Statements when closeCuror() is u). (Philip Hofstetter)
+ . Removed PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT attribute in favor of
+ ATTR_EMULATE_PREPARES). (Nikita)
- Phar:
- . Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar).
- (Mike)
- . Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike)
- . Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike)
- . Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing
- ".tar"). (Mike)
- . Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)
- . Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in
- phar_set_inode). (Stas)
-
-- Postgres:
- . Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence)
-
-- SOAP:
- . Fixed bug #69152 (Type Confusion Infoleak Vulnerability in unserialize()
- with SoapFault). (Dmitry)
- . Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader
- (bisected, regression)). (Laruence)
-
-- SPL:
- . Fixed bug #69227 (Use after free in zval_scan caused by
- spl_object_storage_get_gc). (adam dot scarr at 99designs dot com)
-
-- Sqlite3:
- . Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception).
- (Dan Ackroyd)
- . Fixed bug #69287 (Upgrade bundled libsqlite to 3.8.8.3). (Anatol)
- . Fixed bug #66550 (SQLite prepared statement use-after-free). (Sean Heelan)
-
-19 Mar 2015, PHP 5.6.7
-
-- Core:
- . Fixed bug #69174 (leaks when unused inner class use traits precedence).
- (Laruence)
- . Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).
- (Laruence)
- . Fixed bug #69121 (Segfault in get_current_user when script owner is not
- in passwd with ZTS build). (dan at syneto dot net)
- . Fixed bug #65593 (Segfault when calling ob_start from output buffering
- callback). (Mike)
- . Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file
- not validated in memory.c). (nayana at ddproperty dot com)
- . Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus)
- . Fixed bug #69141 (Missing arguments in reflection info for some builtin
- functions). (kostyantyn dot lysyy at oracle dot com)
- . Fixed bug #68976 (Use After Free Vulnerability in unserialize()).
- (CVE-2015-2787) (Stas)
- . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
- configuration options). (Anatol Belski)
- . Fixed bug #69207 (move_uploaded_file allows nulls in path). (CVE-2015-2348)
- (Stas)
-
-- CGI:
- . Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence)
-
-- CLI:
- . Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia)
-
-- cURL:
- . Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on
- Win32). (Grant Pannell)
- . Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported
- by libcurl. (Linus Unneback)
-
-- Ereg:
- . Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (CVE-2015-2305)
- (Stas)
-
-- FPM:
- . Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com)
-
-- ODBC:
- . Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol)
-
-- Opcache:
- . Fixed bug #69159 (Opcache causes problem when passing a variable variable
- to a function). (Dmitry, Laruence)
- . Fixed bug #69125 (Array numeric string as key). (Laruence)
- . Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence)
+ . Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()). (Stas)
+ . FIxed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip
+ entry filename is "/"). (Stas)
+ . Improved fix for bug #69441. (Anatol Belski)
+ . Fixed bug #70019 (Files extracted from archive may be placed outside of
+ destination directory). (Anatol Belski)
-- OpenSSL:
- . Fixed bug #68912 (Segmentation fault at openssl_spki_new). (Laruence)
- . Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe
- socket timeouts). (Brad Broerman)
- . Fixed bug #68920 (use strict peer_fingerprint input checks)
- (Daniel Lowrey)
- . Fixed bug #68879 (IP Address fields in subjectAltNames not used)
- (Daniel Lowrey)
- . Fixed bug #68265 (SAN match fails with trailing DNS dot) (Daniel Lowrey)
- . Fixed bug #67403 (Add signatureType to openssl_x509_parse) (Daniel Lowrey)
- . Fixed bug (#69195 Inconsistent stream crypto values across versions)
- (Daniel Lowrey)
+- Phpdbg:
+ . Fixed bug #70614 (incorrect exit code in -rr mode with Exceptions). (Bob)
+ . Fixed bug #70532 (phpdbg must respect set_exception_handler). (Bob)
+ . Fixed bug #70531 (Run and quit mode (-qrr) should not fallback to
+ interactive mode). (Bob)
+ . Fixed bug #70533 (Help overview (-h) does not rpint anything under Windows).
+ (Anatol)
+ . Fixed bug #70449 (PHP won't compile on 10.4 and 10.5 because of missing
+ constants). (Bob)
+ . Fixed bug #70214 (FASYNC not defined, needs sys/file.h include). (Bob)
+ . Fixed bug #70138 (Segfault when displaying memory leaks). (Bob)
-- pgsql:
- . Fixed bug #68638 (pg_update() fails to store infinite values).
- (william dot welter at 4linux dot com dot br, Laruence)
+- Reflection:
+ . Fixed bug #70650 (Wrong docblock assignment). (Marcio)
+ . Fixed bug #70674 (ReflectionFunction::getClosure() leaks memory when used
+ for internal functions). (Dmitry, Bob)
+ . Fixed bug causing bogus traces for ReflectionGenerator::getTrace(). (Bob)
+ . Fixed inheritance chain of Reflector interface. (Tjerk)
+ . Added ReflectionGenerator class. (Bob)
+ . Added reflection support for return types and type declarations. (Sara,
+ Matteo)
-- Readline:
- . Fixed bug #69054 (Null dereference in readline_(read|write)_history() without
- parameters). (Laruence)
+- Session:
+ . Fixed bug #70876 (Segmentation fault when regenerating session id with
+ strict mode). (Laruence)
+ . Fixed bug #70529 (Session read causes "String is not zero-terminated" error).
+ (Yasuo)
+ . Fixed bug #70013 (Reference to $_SESSION is lost after a call to
+ session_regenerate_id()). (Yasuo)
+ . Fixed bug #69952 (Data integrity issues accessing superglobals by
+ reference). (Bob)
+ . Fixed bug #67694 (Regression in session_regenerate_id()). (Tjerk)
+ . Fixed bug #68941 (mod_files.sh is a bash-script). (bugzilla at ii.nl, Yasuo)
- SOAP:
- . Fixed bug #69085 (SoapClient's __call() type confusion through
- unserialize()). (CVE-2015-4147, CVE-2015-4148) (andrea dot palazzo at truel
- dot it, Laruence)
-
-- SPL:
- . Fixed bug #69108 ("Segmentation fault" when (de)serializing
- SplObjectStorage). (Laruence)
- . Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after
- calling getChildren()). (Julien)
-
-- ZIP:
- . Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap
- boundary). (CVE-2015-2331) (Stas)
-
-19 Feb 2015, PHP 5.6.6
-
-- Core:
- . Removed support for multi-line headers, as the are deprecated by RFC 7230.
+ . Fixed bug #70940 (Segfault in soap / type_to_string). (Remi)
+ . Fixed bug #70900 (SoapClient systematic out of memory error). (Dmitry)
+ . Fixed bug #70875 (Segmentation fault if wsdl has no targetNamespace
+ attribute). (Matteo)
+ . Fixed bug #70715 (Segmentation fault inside soap client). (Laruence)
+ . Fixed bug #70709 (SOAP Client generates Segfault). (Laruence)
+ . Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
(Stas)
- . Fixed bug #67068 (getClosure returns somethings that's not a closure).
- (Danack at basereality dot com)
- . Fixed bug #68942 (Use after free vulnerability in unserialize() with
- DateTimeZone). (CVE-2015-0273) (Stas)
- . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname
- buffer overflow). (Stas)
- . Fixed Bug #67988 (htmlspecialchars() does not respect default_charset
- specified by ini_set) (Yasuo)
- . Added NULL byte protection to exec, system and passthru. (Yasuo)
-
-- Dba:
- . Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)
-
-- Enchant:
- . Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()).
- (CVE-2014-9705) (Antony)
-
-- Fileinfo:
- . Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)
- . Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files
- correctly). (Anatol)
- . Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with some
- gifs). (Anatol)
-
-- FPM:
- . Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)
- . Fixed bug #68571 (core dump when webserver close the socket).
- (redfoxli069 at gmail dot com, Laruence)
-
-- JSON:
- . Fixed bug #50224 (json_encode() does not always encode a float as a float)
- by adding JSON_PRESERVE_ZERO_FRACTION. (Juan Basso)
-
-- LIBXML:
- . Fixed bug #64938 (libxml_disable_entity_loader setting is shared
- between threads). (Martin Jansen)
-
-- Mysqli:
- . Fixed bug #68114 (linker error on some OS X machines with fixed
- width decimal support) (Keyur Govande)
- . Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient
- has rounding errors) (Keyur Govande)
-
-- Opcache:
- . Fixed bug with try blocks being removed when extended_info opcode
- generation is turned on. (Laruence)
-
-- PDO_mysql:
- . Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of
- named pipes). (steffenb198 at aol dot com)
-
-- Phar:
- . Fixed bug #68901 (use after free). (CVE-2015-2301)
- (bugreports at internot dot info)
-
-- Pgsql:
- . Fixed Bug #65199 (pg_copy_from() modifies input array variable) (Yasuo)
+ . Fixed bug #70081 (SoapClient info leak / null pointer dereference via
+ multiple type confusions). (Stas)
+ . Fixed bug #70079 (Segmentation fault after more than 100 SoapClient
+ calls). (Laruence)
+ . Fixed bug #70032 (make_http_soap_request calls
+ zend_hash_get_current_key_ex(,,,NULL). (Laruence)
+ . Fixed bug #68361 (Segmentation fault on SoapClient::__getTypes). (Laruence)
-- Session:
- . Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
- . Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
- . Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)
+- SPL:
+ . Fixed bug #70959 (ArrayObject unserialize does not restore protected
+ fields). (Laruence)
+ . Fixed bug #70853 (SplFixedArray throws exception when using ref variable
+ as index). (Laruence)
+ . Fixed bug #70868 (PCRE JIT and pattern reuse segfault). (Laruence)
+ . Fixed bug #70730 (Incorrect ArrayObject serialization if unset is called
+ in serialize()). (Laruence)
+ . Fixed bug #70573 (Cloning SplPriorityQueue leads to memory leaks). (Dmitry)
+ . Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb)
+ . Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject
+ items). (sean.heelan)
+ . Fixed bug #70166 (Use After Free Vulnerability in unserialize() with
+ SPLArrayObject). (taoguangchen at icloud dot com)
+ . Fixed bug #70168 (Use After Free Vulnerability in unserialize() with
+ SplObjectStorage). (taoguangchen at icloud dot com)
+ . Fixed bug #70169 (Use After Free Vulnerability in unserialize() with
+ SplDoublyLinkedList). (taoguangchen at icloud dot com)
+ . Fixed bug #70053 (MutlitpleIterator array-keys incompatible change in
+ PHP 7). (Tjerk)
+ . Fixed bug #69970 (Use-after-free vulnerability in
+ spl_recursive_it_move_forward_ex()). (Laruence)
+ . Fixed bug #69845 (ArrayObject with ARRAY_AS_PROPS broken). (Dmitry)
+ . Changed ArrayIterator implementation using zend_hash_iterator_... API.
+ Allowed modification of iterated ArrayObject using the same behavior
+ as proposed in `Fix "foreach" behavior`. Removed "Array was modified
+ outside object and internal position is no longer valid" hack. (Dmitry)
+ . Implemented FR #67886 (SplPriorityQueue/SplHeap doesn't expose extractFlags
+ nor curruption state). (Julien)
+ . Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME
+ breaks the RecursiveIterator). (Paul Garvin)
-- Sqlite3:
- . Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
+- SQLite3:
+ . Fixed bug #70571 (Memory leak in sqlite3_do_callback). (Adam)
+ . Fixed bug #69972 (Use-after-free vulnerability in
+ sqlite3SafetyCheckSickOrOk()). (Laruence)
+ . Fixed bug #69897 (segfault when manually constructing SQLite3Result).
+ (Kalle)
+ . Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
required_num_args). (Julien)
- Standard:
projects / php / commitdiff