. Refactor MIME type handling to use a hash table instead of linear search.
(Adam)
. Update the MIME type list from the one shipped by Apache HTTPD. (Adam)
+=======
+- Core:
+ . Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).
+ (Laruence)
+ . Fixed bug #69121 (Segfault in get_current_user when script owner is not
+ in passwd with ZTS build). (dan at syneto dot net)
+ . Fixed bug #65593 (Segfault when calling ob_start from output buffering
+ callback). (Mike)
+ . Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file
+ not validated in memory.c). (nayana at ddproperty dot com)
+ . Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus)
+ . Fixed bug #69141 (Missing arguments in reflection info for some builtin
+ functions). (kostyantyn dot lysyy at oracle dot com)
+
+- cURL:
+ . Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on
+ Win32). (Grant Pannell)
+ . Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported
+ by libcurl. (Linus Unneback)
+
+- ODBC:
+ . Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol)
+
+- Opcache:
+ . Fixed bug #69125 (Array numeric string as key). (Laruence)
+ . Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence)
+
+- OpenSSL:
+ . Fixed bug #68912 (Segmentation fault at openssl_spki_new). (Laruence)
+ . Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe
+ socket timeouts). (Brad Broerman)
+ . Fixed bug #68920 (use strict peer_fingerprint input checks)
+ (Daniel Lowrey)
++ . Added "alpn_protocols" SSL context option allowing encrypted client/server
++ streams to negotiate alternative protocols using the ALPN TLS extension when
++ built against OpenSSL 1.0.2 or newer. Negotiated protocol information is
++ accessible by passing streams to the new stream_socket_crypto_info().
++ (Daniel Lowrey)
+
+- pgsql:
+ . Fixed bug #68638 (pg_update() fails to store infinite values).
+ (william dot welter at 4linux dot com dot br, Laruence)
+
+- Readline:
+ . Fixed bug #69054 (Null dereference in readline_(read|write)_history() without
+ parameters). (Laruence)
+
+- SOAP:
+ . Fixed bug #69085 (SoapClient's __call() type confusion through
+ unserialize()). (andrea dot palazzo at truel dot it, Laruence)
+
+- SPL:
+ . Fixed bug #69108 ("Segmentation fault" when (de)serializing
+ SplObjectStorage). (Laruence)
+ . Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after
+ calling getChildren()). (Julien)
+
++- Stream:
++ . Added stream_socket_crypto_info() allowing inspection of negotiated TLS values
++
+- CGI:
+ . Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence)
+
+- CLI:
+ . Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia)
+
+- FPM:
+ . Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com)
+
+19 Feb 2015, PHP 5.6.6
+
+- Core:
+ . Removed support for multi-line headers, as the are deprecated by RFC 7230.
+ (Stas)
+ . Fixed bug #67068 (getClosure returns somethings that's not a closure).
+ (Danack at basereality dot com)
+ . Fixed bug #68942 (Use after free vulnerability in unserialize() with
+ DateTimeZone). (CVE-2015-0273) (Stas)
+ . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname
+ buffer overflow). (Stas)
+ . Fixed Bug #67988 (htmlspecialchars() does not respect default_charset
+ specified by ini_set) (Yasuo)
+ . Added NULL byte protection to exec, system and passthru. (Yasuo)
+
+- Dba:
+ . Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)
+
+- Enchant:
+ . Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()).
+ (Antony)
+
+- Fileinfo:
+ . Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)
+ . Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files
+ correctly). (Anatol)
+ . Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with some
+ gifs). (Anatol)
+
+- FPM:
+ . Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)
+ . Fixed bug #68571 (core dump when webserver close the socket).
+ (redfoxli069 at gmail dot com, Laruence)
+
+- JSON:
+ . Fixed bug #50224 (json_encode() does not always encode a float as a float)
+ by adding JSON_PRESERVE_ZERO_FRACTION. (Juan Basso)
+
+- LIBXML:
+ . Fixed bug #64938 (libxml_disable_entity_loader setting is shared
+ between threads). (Martin Jansen)
+
+- Mysqli:
+ . Fixed bug #68114 (linker error on some OS X machines with fixed
+ width decimal support) (Keyur Govande)
+ . Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient
+ has rounding errors) (Keyur Govande)
+
+- Opcache:
+ . Fixed bug with try blocks being removed when extended_info opcode
+ generation is turned on. (Laruence)
+
+- PDO_mysql:
+ . Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of
+ named pipes). (steffenb198 at aol dot com)
+
+- Phar:
+ . Fixed bug #68901 (use after free). (bugreports at internot dot info)
+
+- Pgsql:
+ . Fixed Bug #65199 (pg_copy_from() modifies input array variable) (Yasuo)
+
+- Session:
+ . Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
+ . Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
+ . Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)
+
+- Sqlite3:
+ . Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
+ required_num_args). (Julien)
+
+- Standard:
+ . Fixed bug #65272 (flock() out parameter not set correctly in windows).
+ (Daniel Lowrey)
+ . Fixed bug #69033 (Request may get env. variables from previous requests
+ if PHP works as FastCGI). (Anatol)
+
+- Streams:
+ . Fixed bug which caused call after final close on streams filter. (Bob)
+
+22 Jan 2015, PHP 5.6.5
+>>>>>>> PHP-5.6
- Core:
. Fixed bug #68933 (Invalid read of size 8 in zend_std_read_property).
. session.lazy_write(default=On) INI setting enables only write session data when
session data is updated.
++- OpenSSL:
++ . Removed the "rsa_key_size" SSL context option in favor of automatically
++ setting the appropriate size given the negotiated crypto algorithm.
++
- PCRE:
. Removed support for /e (PREG_REPLACE_EVAL) modifier. Use
preg_reaplace_callback() instead.
. Added the comparison operator (<=>), aka the spaceship operator.
(RFC: https://wiki.php.net/rfc/combined-comparison-operator)
++- OpenSSL
++ . Added "alpn_protocols" SSL context option allowing encrypted client/server
++ streams to negotiate alternative protocols using the ALPN TLS extension when
++ built against OpenSSL 1.0.2 or newer. Negotiated protocol information is
++ accessible by passing streams to the new stream_socket_crypto_info().
++
========================================
3. Changes in SAPI modules
========================================
- Standard
. Added intdiv() function for integer division.
++- Stream:
++ . Added stream_socket_crypto_info() allowing inspection of negotiated TLS
++ connection properties
++
========================================
7. New Classes and Interfaces
========================================
projects / php / commitdiff