From: Christoph M. Becker Date: Tue, 5 Jul 2016 14:51:25 +0000 (+0200) Subject: Merge branch 'PHP-7.0' X-Git-Tag: php-7.1.0alpha3~2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=411c809787ddf36dde2516acb4b07ce045714cd7;p=php Merge branch 'PHP-7.0' --- 411c809787ddf36dde2516acb4b07ce045714cd7 diff --cc NEWS index dcb405547c,10ff146921..1807437088 --- a/NEWS +++ b/NEWS @@@ -12,238 -22,628 +12,239 @@@ PH - COM: . Fixed bug #72498 (variant_date_from_timestamp null dereference). (Anatol) -- GD: - . Fixed bug #43475 (Thick styled lines have scrambled patterns). (cmb) - . Fixed bug #53640 (XBM images require width to be multiple of 8). (cmb) - . Fixed bug #64641 (imagefilledpolygon doesn't draw horizontal line). (cmb) - -- Mbstring: - . Fixed bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - - oob read access). (Laruence) - . Fixed bug #72399 (Use-After-Free in MBString (search_re)). (Laruence) - -- PCRE: - . Fixed bug #72476 (Memleak in jit_stack). (Laruence) - . Fixed bug #72463 (mail fails with invalid argument). (Anatol) - -- Readline: - . Fixed bug #72538 (readline_redisplay crashes php). (Laruence) - -- Standard: - . Fixed bug #72505 (readfile() mangles files larger than 2G). (Cschneid) - . Fixed bug #72306 (Heap overflow through proc_open and $env parameter). - (Laruence) - -- Session: - . Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow). (Laruence) - -- Streams: - . Fixed bug #72439 (Stream socket with remote address leads to a segmentation - fault). (Laruence) - -23 Jun 2016 PHP 7.0.8 - -- Core: - . Fixed bug #72218 (If host name cannot be resolved then PHP 7 crashes). - (Esminis at esminis dot lt) - . Fixed bug #72221 (segfault, past-the-end access). (Lauri Kenttä) - . Fixed bug #72268 (Integer Overflow in nl2br()). (Stas) - . Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/ - json_utf8_to_utf16()). (Stas) - . Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Stas) - . Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL). (Stas) +- CURL: + . Add curl_multi_errno(), curl_share_errno() and curl_share_strerror() + functions. (Pierrick) + . Add support for HTTP/2 Server Push (davey) - Date: - . Fixed bug #63740 (strtotime seems to use both sunday and monday as start of - week). (Derick) - -- FPM: - . Fixed bug #72308 (fastcgi_finish_request and logging environment - variables). (Laruence) + . Invalid serialization data for a DateTime or DatePeriod object will now + throw an instance of Error from __wakeup() or __set_state() instead of + resulting in a fatal error. (Aaron Piotrowski) + . Timezone initialization failure from serialized data will now throw an + instance of Error from __wakeup() or __set_state() instead of resulting in + a fatal error. (Aaron Piotrowski) + . Export date_get_interface_ce() for extension use. (Jeremy Mikola) -- GD: - . Fixed bug #66387 (Stack overflow with imagefilltoborder). (CVE-2015-8874) - (cmb) - . Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas) - . Fixed bug #72337 (invalid dimensions can lead to crash). (Pierre) - . Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in heap - overflow). (CVE-2016-5766) (Pierre) - . Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas) - . Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting - in heap overflow). (CVE-2016-5767) (Pierre) - -- Intl: - . Fixed bug #70484 (selectordinal doesn't work with named parameters). - (Anatol) - -- mbstring: - . Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). - (CVE-2016-5768) (Stas) - -- mcrypt: - . Fixed bug #72455 (Heap Overflow due to integer overflows). (CVE-2016-5769) - (Stas) - -- OpenSSL: - . Fixed bug #72140 (segfault after calling ERR_free_strings()). - (Jakub Zelenka) - -- PCRE: - . Fixed bug #72143 (preg_replace uses int instead of size_t). (Joe) - -- PDO_pgsql: - . Fixed bug #71573 (Segfault (core dumped) if paramno beyond bound). - (Laruence) - . Fixed bug #72294 (Segmentation fault/invalid pointer in connection - with pgsql_stmt_dtor). (Anatol) - -- Phar: - . Fixed bug #72321 (invalid free in phar_extract_file()). - (hji at dyntopia dot com) - -- Phpdbg: - . Fixed bug #72284 (phpdbg fatal errors with coverage). (Bob) - -- Postgres: - . Fixed bug #72195 (pg_pconnect/pg_connect cause use-after-free). (Laruence) - . Fixed bug #72197 (pg_lo_create arbitrary read). (Anatol) - -- Standard: - . Fixed bug #72369 (array_merge() produces references in PHP7). (Dmitry) - . Fixed bug #72300 (ignore_user_abort(false) has no effect). (Laruence) - . Fixed bug #72229 (Wrong reference when serialize/unserialize an object). - (Laruence) - . Fixed bug #72193 (dns_get_record returns array containing elements of - type 'unknown'). (Laruence) - . Fixed bug #72017 (range() with float step produces unexpected result). - (Thomas Punt) - -- WDDX: - . Fixed bug #72340 (Double Free Courruption in wddx_deserialize). - (CVE-2016-5772) (Stas) - -- XML: - . Fixed bug #72206 (xml_parser_create/xml_parser_free leaks mem). (Joe) - -- XMLRPC: - . Fixed bug #72155 (use-after-free caused by get_zval_xmlrpc_type). - (Joe, Laruence) - -- Zip: - . Fixed ug #72258 (ZipArchive converts filenames to unrecoverable form). - (Anatol) - . Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC - algorithm and unserialize). (CVE-2016-5773) (Dmitry) - -26 May 2016 PHP 7.0.7 - -- Core: - . Fixed bug #72162 (use-after-free - error_reporting). (Laruence) - . Add compiler option to disable special case function calls. (Joe) - . Fixed bug #72101 (crash on complex code). (Dmitry) - . Fixed bug #72100 (implode() inserts garbage into resulting string when - joins very big integer). (Mikhail Galanin) - . Fixed bug #72057 (PHP Hangs when using custom error handler and typehint). - (Nikita Nefedov) - . Fixed bug #72038 (Function calls with values to a by-ref parameter don't - always throw a notice). (Bob) - . Fixed bug #71737 (Memory leak in closure with parameter named $this). - (Nikita) - . Fixed bug #72059 (?? is not allowed on constant expressions). (Bob, Marcio) - . Fixed bug #72159 (Imported Class Overrides Local Class Name). (Nikita) - -- Curl: - . Fixed bug #68658 (Define CURLE_SSL_CACERT_BADFILE). (Pierrick) - -- DBA: - . Fixed bug #72157 (use-after-free caused by dba_open). (Shm, Laruence) +- DOM: + . Invalid schema or RelaxNG validation contexts will throw an instance of + Error instead of resulting in a fatal error. (Aaron Piotrowski) + . Attempting to register a node class that does not extend the appropriate + base class will now throw an instance of Error instead of resulting in a + fatal error. (Aaron Piotrowski) + . Attempting to read an invalid or write to a readonly property will throw + an instance of Error instead of resulting in a fatal error. (Aaron + Piotrowski) - GD: - . Fixed bug #72227 (imagescale out-of-bounds read). (Stas) + . Fixed bug #72404 (imagecreatefromjpeg fails on selfie). (cmb) +- IMAP: + . An email address longer than 16385 bytes will throw an instance of Error + instead of resulting in a fatal error. (Aaron Piotrowski) + - Intl: - . Fixed bug #64524 (Add intl.use_exceptions to php.ini-*). (Anatol) - . Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (Stas) + . Failure to call the parent constructor in a class extending Collator + before invoking the parent methods will throw an instance of Error + instead of resulting in a recoverable fatal error. (Aaron Piotrowski) + . Cloning a Transliterator object may will now throw an instance of Error + instead of resulting in a fatal error if cloning the internal + transliterator fails. (Aaron Piotrowski) -- JSON: - . Fixed bug #72069 (Behavior \JsonSerializable different from json_encode). - (Laruence) +- LDAP: + . Providing an unknown modification type to ldap_batch_modify() will now + throw an instance of Error instead of resulting in a fatal error. + (Aaron Piotrowski) - Mbstring: - . Fixed bug #72164 (Null Pointer Dereference - mb_ereg_replace). (Laruence) + . mb_ereg() and mb_eregi() will now throw an instance of ParseError if an + invalid PHP expression is provided and the 'e' option is used. (Aaron + Piotrowski) -- OCI8: - . Fixed bug #71600 (oci_fetch_all segfaults when selecting more than eight - columns). (Tian Yang) +- Mcrypt: + . mcrypt_encrypt() and mcrypt_decrypt() will throw an instance of Error + instead of resulting in a fatal error if mcrypt cannot be initialized. + (Aaron Piotrowski) -- Opcache: - . Fixed bug #72014 (Including a file with anonymous classes multiple times - leads to fatal error). (Laruence) +- Mysqli: + . Attempting to read an invalid or write to a readonly property will throw + an instance of Error instead of resulting in a fatal error. (Aaron + Piotrowski) - OpenSSL: - . Fixed bug #72165 (Null pointer dereference - openssl_csr_new). (Anatol) + . Implemented FR #61204 (Add elliptic curve support for OpenSSL). + (Dominic Luechinger) -- PCNTL: - . Fixed bug #72154 (pcntl_wait/pcntl_waitpid array internal structure - overwrite). (Laruence) - -- POSIX: - . Fixed bug #72133 (php_posix_group_to_array crashes if gr_passwd is NULL). - (esminis at esminis dot lt) +- PCRE: + . Fixed bug #72476 (Memleak in jit_stack). (Laruence) + . Fixed bug #72463 (mail fails with invalid argument). (Anatol) -- Postgres: - . Fixed bug #72028 (pg_query_params(): NULL converts to empty string). - (Laruence) - . Fixed bug #71062 (pg_convert() doesn't accept ISO 8601 for datatype - timestamp). (denver at timothy dot io) - . Fixed bug #72151 (mysqli_fetch_object changed behaviour). (Anatol) +- Readline: + . Fixed bug #72538 (readline_redisplay crashes php). (Laruence) - Reflection: - . Fixed bug #72174 (ReflectionProperty#getValue() causes __isset call). - (Nikita) - -- Session: - . Fixed bug #71972 (Cyclic references causing session_start(): Failed to - decode session object). (Laruence) - -- Sockets: - . Added socket_export_stream() function for getting a stream compatible - resource from a socket resource. (Chris Wright, Bob) - -- SPL: - . Fixed bug #72051 (The reference in CallbackFilterIterator doesn't work as - expected). (Laruence) + . Failure to retrieve a reflection object or retrieve an object property + will now throw an instance of Error instead of resulting in a fatal error. + (Aaron Piotrowski) - SQLite3: - . Fixed bug #68849 (bindValue is not using the right data type). (Anatol) - -- Standard: - . Fixed bug #72075 (Referencing socket resources breaks stream_select). - (Laruence) - . Fixed bug #72031 (array_column() against an array of objects discards all - values matching null). (Nikita) - -28 Apr 2016 PHP 7.0.6 - -- Core: - . Fixed bug #71930 (_zval_dtor_func: Assertion `(arr)->gc.refcount <= 1' - failed). (Laruence) - . Fixed bug #71922 (Crash on assert(new class{})). (Nikita) - . Fixed bug #71914 (Reference is lost in "switch"). (Laruence) - . Fixed bug #71871 (Interfaces allow final and abstract functions). (Nikita) - . Fixed Bug #71859 (zend_objects_store_call_destructors operates on realloced - memory, crashing). (Laruence) - . Fixed bug #71841 (EG(error_zval) is not handled well). (Laruence) - . Fixed bug #71750 (Multiple Heap Overflows in php_raw_url_encode/ - php_url_encode). (Stas) - . Fixed bug #71731 (Null coalescing operator and ArrayAccess). (Nikita) - . Fixed bug #71609 (Segmentation fault on ZTS with gethostbyname). (krakjoe) - . Fixed bug #71414 (Inheritance, traits and interfaces). (krakjoe) - . Fixed bug #71359 (Null coalescing operator and magic). (krakjoe) - . Fixed bug #71334 (Cannot access array keys while uksort()). (Nikita) - . Fixed bug #69659 (ArrayAccess, isset() and the offsetExists method). - (Nikita) - . Fixed bug #69537 (__debugInfo with empty string for key gives error). - (krakjoe) - . Fixed bug #62059 (ArrayObject and isset are not friends). (Nikita) - . Fixed bug #71980 (Decorated/Nested Generator is Uncloseable in Finally). - (Nikita) - -- BCmath: - . Fixed bug #72093 (bcpowmod accepts negative scale and corrupts - _one_ definition). (Stas) - -- Curl: - . Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string). - (Michael Sierks) - -- Date: - . Fixed bug #71889 (DateInterval::format Segmentation fault). (Thomas Punt) - -- EXIF: - . Fixed bug #72094 (Out of bounds heap read access in exif header processing). (Stas) - -- GD: - . Fixed bug #71912 (libgd: signedness vulnerability). (CVE-2016-3074) (Stas) - -- Intl: - . Fixed bug #71516 (IntlDateFormatter looses locale if pattern is set via - constructor). (Anatol) - . Fixed bug #70455 (Missing constant: IntlChar::NO_NUMERIC_VALUE). (Anatol) - . Fixed bug #70451, #70452 (Inconsistencies in return values of IntlChar - methods). (Daniel Persson) - . Fixed bug #68893 (Stackoverflow in datefmt_create). (Anatol) - . Fixed bug #66289 (Locale::lookup incorrectly returns en or en_US if locale - is empty). (Anatol) - . Fixed bug #70484 (selectordinal doesn't work with named parameters). - (Anatol) - . Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative - offset). (Stas) - -- ODBC: - . Fixed bug #63171 (Script hangs after max_execution_time). (Remi) - -- Opcache: - . Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER). - (Laruence) - -- PDO: - . Fixed bug #52098 (Own PDOStatement implementation ignore __call()). - (Daniel kalaspuffar, Julien) - . Fixed bug #71447 (Quotes inside comments not properly handled). (Matteo) - -- PDO_DBlib: - . Fixed bug #71943 (dblib_handle_quoter needs to allocate an extra byte). - (Adam Baratz) - . Add DBLIB-specific attributes for controlling timeouts. (Adam Baratz) - -- PDO_pgsql: - . Fixed bug #62498 (pdo_pgsql inefficient when getColumnMeta() is used). - (Joseph Bylund) - -- Postgres: - . Fixed bug #71820 (pg_fetch_object binds parameters before call - constructor). (Anatol) - . Fixed bug #71998 (Function pg_insert does not insert when column - type = inet). (Anatol) - -- SOAP: - . Fixed bug #71986 (Nested foreach assign-by-reference creates broken - variables). (Laruence) - -- SPL: - . Fixed bug #71838 (Deserializing serialized SPLObjectStorage-Object can't - access properties in PHP). (Nikita) - . Fixed bug #71735 (Double-free in SplDoublyLinkedList::offsetSet). (Stas) - . Fixed bug #67582 (Cloned SplObjectStorage with overwritten getHash fails - offsetExists()). (Nikita) - . Fixed bug #52339 (SPL autoloader breaks class_exists()). (Nikita) - -- Standard: - . Fixed bug #71995 (Returning the same var twice from __sleep() produces - broken serialized data). (Laruence) - . Fixed bug #71940 (Unserialize crushes on restore object reference). - (Laruence) - . Fixed bug #71969 (str_replace returns an incorrect resulting array after - a foreach by reference). (Laruence) - . Fixed bug #71891 (header_register_callback() and - register_shutdown_function()). (Laruence) - . Fixed bug #71884 (Null pointer deref (segfault) in - stream_context_get_default). (Laruence) - . Fixed bug #71840 (Unserialize accepts wrongly data). (Ryat, Laruence) - . Fixed bug #71837 (Wrong arrays behaviour). (Laruence) - . Fixed bug #71827 (substr_replace bug, string length). (krakjoe) - . Fixed bug #67512 (php_crypt() crashes if crypt_r() does not exist or - _REENTRANT is not defined). (Nikita) - . Fixed bug #72116 (array_fill optimization breaks implementation). (Bob) - -- XML: - . Fixed bug #72099 (xml_parse_into_struct segmentation fault). (Stas) - -- Zip: - . Fixed bug #71923 (integer overflow in ZipArchive::getFrom*). - (CVE-2016-3078) (Stas) - -31 Mar 2016 PHP 7.0.5 - -- Core: - . Huge pages disabled by default. (Rasmus) - . Added ability to enable huge pages in Zend Memory Manager through - the environment variable USE_ZEND_ALLOC_HUGE_PAGES=1. (Dmitry) - . Fixed bug #71756 (Call-by-reference widens scope to uninvolved functions - when used in switch). (Laruence) - . Fixed bug #71729 (Possible crash in zend_bin_strtod, zend_oct_strtod, - zend_hex_strtod). (Laruence) - . Fixed bug #71695 (Global variables are reserved before execution). - (Laruence) - . Fixed bug #71629 (Out-of-bounds access in php_url_decode in context - php_stream_url_wrap_rfc2397). (mt at debian dot org) - . Fixed bug #71622 (Strings used in pass-as-reference cannot be used to - invoke C::$callable()). (Bob) - . Fixed bug #71596 (Segmentation fault on ZTS with date function - (setlocale)). (Anatol) - . Fixed bug #71535 (Integer overflow in zend_mm_alloc_heap()). (Dmitry) - . Fixed bug #71470 (Leaked 1 hashtable iterators). (Nikita) - . Fixed bug #71575 (ISO C does not allow extra ‘;’ outside of a function). - (asgrim) - . Fixed bug #71724 (yield from does not count EOLs). (Nikita) - . Fixed bug #71767 (ReflectionMethod::getDocComment returns the wrong - comment). (Grigorii Sokolik) - . Fixed bug #71806 (php_strip_whitespace() fails on some numerical values). - (Nikita) - . Fixed bug #71624 (`php -R` (PHP_MODE_PROCESS_STDIN) is broken). - (Sean DuBois) - -- CLI Server: - . Fixed bug #69953 (Support MKCALENDAR request method). (Christoph) - -- Curl: - . Fixed bug #71694 (Support constant CURLM_ADDED_ALREADY). (mpyw) - -- Date: - . Fixed bug #71635 (DatePeriod::getEndDate segfault). (Thomas Punt) - -- Fileinfo: - . Fixed bug #71527 (Buffer over-write in finfo_open with malformed magic - file). (CVE-2015-8865) (Anatol) - -- libxml: - . Fixed bug #71536 (Access Violation crashes php-cgi.exe). (Anatol) - -- mbstring: - . Fixed bug #71906 (AddressSanitizer: negative-size-param (-1) in - mbfl_strcut). (CVE-2016-4073) (Stas) - -- ODBC: - . Fixed bug #47803, #69526 (Executing prepared statements is succesfull only - for the first two statements). (einavitamar at gmail dot com, Anatol) - -- PCRE: - . Fixed bug #71659 (segmentation fault in pcre running twig tests). - (nish dot aravamudan at canonical dot com) - -- PDO_DBlib: - . Fixed bug #54648 (PDO::MSSQL forces format of datetime fields). - (steven dot lambeth at gmx dot de, Anatol) - -- Phar: - . Fixed bug #71625 (Crash in php7.dll with bad phar filename). (Anatol) - . Fixed bug #71317 (PharData fails to open specific file). (Jos Elstgeest) - . Fixed bug #71860 (Invalid memory write in phar on filename with \0 in - name). (CVE-2016-4072) (Stas) - -- phpdbg: - . Fixed crash when advancing (except step) inside an internal function. (Bob) + . Fixed bug #70628 (Clearing bindings on an SQLite3 statement doesn't work). + (cmb) - Session: - . Fixed bug #71683 (Null pointer dereference in zend_hash_str_find_bucket). - (Yasuo) - -- SNMP: - . Fixed bug #71704 (php_snmp_error() Format String Vulnerability). - (CVE-2016-4071) (andrew at jmpesp dot org) + . Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow). (Laruence) + . Custom session handlers that do not return strings for session IDs will + now throw an instance of Error instead of resulting in a fatal error + when a function is called that must generate a session ID. + (Aaron Piotrowski) + . An invalid setting for session.hash_function will throw an instance of + Error instead of resulting in a fatal error when a session ID is created. + (Aaron Piotrowski) + +- SimpleXML: + . Creating an unnamed or duplicate attribute will throw an instance of Error + instead of resulting in a fatal error. (Aaron Piotrowski) - SPL: - . Fixed bug #71617 (private properties lost when unserializing ArrayObject). - (Nikita) + . Attempting to clone an SplDirectory object will throw an instance of Error + instead of resulting in a fatal error. (Aaron Piotrowski) + . Calling ArrayIterator::append() when iterating over an object will throw an + instance of Error instead of resulting in a fatal error. (Aaron Piotrowski) ++ . Fixed bug #55701 (GlobIterator throws LogicException). (Valentin VĂLCIU) - Standard: - . Fixed bug #71660 (array_column behaves incorrectly after foreach by - reference). (Laruence) - . Fixed bug #71798 (Integer Overflow in php_raw_url_encode). (CVE-2016-4070) - (taoguangchen at icloud dot com, Stas) - -- Zip: - . Update bundled libzip to 1.1.2. (Remi, Anatol) - -03 Mar 2016 PHP 7.0.4 - -- Core: - . Fixed bug (Low probability segfault in zend_arena). (Laruence) - . Fixed bug #71441 (Typehinted Generator with return in try/finally crashes). - (Bob) - . Fixed bug #71442 (forward_static_call crash). (Laruence) - . Fixed bug #71443 (Segfault using built-in webserver with intl using - symfony). (Laruence) - . Fixed bug #71449 (An integer overflow bug in php_implode()). (Stas) - . Fixed bug #71450 (An integer overflow bug in php_str_to_str_ex()). (Stas) - . Fixed bug #71474 (Crash because of VM stack corruption on Magento2). - (Dmitry) - . Fixed bug #71485 (Return typehint on internal func causes Fatal error - when it throws exception). (Laruence) - . Fixed bug #71529 (Variable references on array elements don't work when - using count). (Nikita) - . Fixed bug #71601 (finally block not executed after yield from). (Bob) - . Fixed bug #71637 (Multiple Heap Overflow due to integer overflows in - xml/filter_url/addcslashes). (CVE-2016-4344, CVE-2016-4345, CVE-2016-4346) - (Stas) - -- CLI server: - . Fixed bug #71559 (Built-in HTTP server, we can download file in web by bug). - (Johannes, Anatol) - -- CURL: - . Fixed bug #71523 (Copied handle with new option CURLOPT_HTTPHEADER crashes - while curl_multi_exec). (Laruence) - . Fixed memory leak in curl_getinfo(). (Leigh) - -- Date: - . Fixed bug #71525 (Calls to date_modify will mutate timelib_rel_time, - causing date_date_set issues). (Sean DuBois) - -- Fileinfo: - . Fixed bug #71434 (finfo throws notice for specific python file). (Laruence) - -- FPM: - . Fixed bug #62172 (FPM not working with Apache httpd 2.4 balancer/fcgi - setup). (Matt Haught, Remi) - . Fixed bug #71269 (php-fpm dumped core). (Mickaël) - -- Opcache: - . Fixed bug #71584 (Possible use-after-free of ZCG(cwd) in Zend Opcache). - (Yussuf Khalil) - -- PCRE: - . Fixed bug #71537 (PCRE segfault from Opcache). (Laruence) - -- phpdbg: - . Fixed inherited functions from unspecified files being included in - phpdbg_get_executable(). (Bob) + . Implemented RFC: More precise float values. (Jakub Zelenka, Yasuo) + . array_multisort now uses zend_sort instead zend_qsort. (Laruence) + . Fixed bug #72505 (readfile() mangles files larger than 2G). (Cschneid) + . assert() will throw a ParseError when evaluating a string given as the first + argument if the PHP code is invalid instead of resulting in a catchable + fatal error. (Aaron Piotrowski) + . Calling forward_static_call() outside of a class scope will now throw an + instance of Error instead of resulting in a fatal error. (Aaron Piotrowski) -- SOAP: - . Fixed bug #71610 (Type Confusion Vulnerability - SOAP / - make_http_soap_request()). (CVE-2016-3185) (Stas) +- Streams: + . Fixed bug #72534 (stream_socket_get_name crashes). (Anatol) + +- Tidy: + . Creating a tidyNode manually will now throw an instance of Error instead of + resulting in a fatal error. (Aaron Piotrowski) -- Standard: - . Fixed bug #71603 (compact() maintains references in php7). (Laruence) - . Fixed bug #70720 (strip_tags improper php code parsing). (Julien) +- WDDX: + . A circular reference when serializing will now throw an instance of Error + instead of resulting in a fatal error. (Aaron Piotrowski) -- XMLRPC: - . Fixed bug #71501 (xmlrpc_encode_request ignores encoding option). (Hieu Le) +- XML-RPC: + . A circular reference when serializing will now throw an instance of Error + instead of resulting in a fatal error. (Aaron Piotrowski) - Zip: - . Fixed bug #71561 (NULL pointer dereference in Zip::ExtractTo). (Laruence) + . ZipArchive::addGlob() will throw an instance of Error instead of resulting + in a fatal error if glob support is not available. (Aaron Piotrowski) -04 Feb 2016 PHP 7.0.3 +23 Jun 2016, PHP 7.1.0alpha2 - Core: - . Added support for new HTTP 451 code. (Julien) - . Fixed bug #71039 (exec functions ignore length but look for NULL - termination). (Anatol) - . Fixed bug #71089 (No check to duplicate zend_extension). (Remi) - . Fixed bug #71201 (round() segfault on 64-bit builds). (Anatol) - . Fixed bug #71221 (Null pointer deref (segfault) in get_defined_vars via - ob_start). (hugh at allthethings dot co dot nz) - . Fixed bug #71248 (Wrong interface is enforced). (Dmitry) - . Fixed bug #71273 (A wrong ext directory setup in php.ini leads to crash). - (Anatol) - . Fixed Bug #71275 (Bad method called on cloning an object having a trait). - (Bob) - . Fixed bug #71297 (Memory leak with consecutive yield from). (Bob) - . Fixed bug #71300 (Segfault in zend_fetch_string_offset). (Laruence) - . Fixed bug #71314 (var_export(INF) prints INF.0). (Andrea) - . Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its - input). (Leo Gaspard) - . Fixed bug #71336 (Wrong is_ref on properties as exposed via - get_object_vars()). (Laruence) - . Fixed bug #71459 (Integer overflow in iptcembed()). (Stas) + . Implemented RFC: Replace "Missing argument" warning with "Too few + arguments" exception. (Dmitry) + . Implemented RFC: Fix inconsistent behavior of $this variable. (Dmitry) + . Fixed bug #72441 (Segmentation fault: RFC list_keys). (Laruence) + . Fixed bug #72395 (list() regression). (Laruence) + . Fixed bug #72373 (TypeError after Generator function w/declared return type + finishes). (Nikita) + . Fixed bug #69489 (tempnam() should raise notice if falling back to temp dir). + (Laruence, Anatol) + . Fixed UTF-8 and long path support on Windows. (Anatol) -- Apache2handler: - . Fix >2G Content-Length headers in apache2handler. (Adam Harvey) - -- CURL: - . Fixed bug #71227 (Can't compile php_curl statically). (Anatol) - . Fixed bug #71225 (curl_setopt() fails to set CURLOPT_POSTFIELDS with - reference to CURLFile). (Laruence) +- Date: + . Fixed bug #63740 (strtotime seems to use both sunday and monday as start of + week). (Derick) - GD: - . Improved fix for bug #70976. (Remi) - -- Interbase: - . Fixed Bug #71305 (Crash when optional resource is omitted). - (Laruence, Anatol) + . Fixed bug #43475 (Thick styled lines have scrambled patterns). (cmb) + . Fixed bug #53640 (XBM images require width to be multiple of 8). (cmb) + . Fixed bug #64641 (imagefilledpolygon doesn't draw horizontal line). (cmb) -- LDAP: - . Fixed bug #71249 (ldap_mod_replace/ldap_mod_add store value as string - "Array"). (Laruence) +- JSON + . Implemented FR #46600 ("_empty_" key in objects). (Jakub Zelenka) -- mbstring: - . Fixed bug #71397 (mb_send_mail segmentation fault). (Andrea, Yasuo) +- Mbstring: + . Fixed bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - + oob read access). (Laruence) + . Fixed bug #72399 (Use-After-Free in MBString (search_re)). (Laruence) - OpenSSL: - . Fixed bug #71475 (openssl_seal() uninitialized memory usage). (Stas) + . Implemented FR #67304 (Added AEAD support [CCM and GCM modes] to + openssl_encrypt and openssl_decrypt). (Jakub Zelenka) + . Implemented error storing to the global queue and cleaning up the OpenSSL + error queue (resolves bugs #68276 and #69882). (Jakub Zelenka) - PCRE: - . Upgraded pcrelib to 8.38. (CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, - CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394) - -- Phar: - . Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (CVE-2016-4342) - (Stas) - . Fixed bug #71331 (Uninitialized pointer in phar_make_dirstream()). - (CVE-2016-4343) (Stas) - . Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()). - (Stas) - . Fixed bug #71488 (Stack overflow when decompressing tar archives). - (CVE-2016-2554) (Stas) + . Upgraded to PCRE 8.39. (Anatol) -- SOAP: - . Fixed bug #70979 (crash with bad soap request). (Anatol) - -- SPL: - . Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading). - (Laruence) - . Fixed bug #71202 (Autoload function registered by another not activated - immediately). (Laruence) - . Fixed bug #71311 (Use-after-free vulnerability in SPL(ArrayObject, - unserialize)). (Sean Heelan) - . Fixed bug #71313 (Use-after-free vulnerability in SPL(SplObjectStorage, - unserialize)). (Sean Heelan) +- Sqlite3: + . Implemented FR #72385 (Update SQLite bundle lib(3.13.0)). (Laruence) - Standard: - . Fixed bug #71287 (Error message contains hexadecimal instead of decimal - number). (Laruence) - . Fixed bug #71264 (file_put_contents() returns unexpected value when - filesystem runs full). (Laruence) - . Fixed bug #71245 (file_get_contents() ignores "header" context option if - it's a reference). (Laruence) - . Fixed bug #71220 (Null pointer deref (segfault) in compact via ob_start). - (hugh at allthethings dot co dot nz) - . Fixed bug #71190 (substr_replace converts integers in original $search - array to strings). (Laruence) - . Fixed bug #71188 (str_replace converts integers in original $search array - to strings). (Laruence) - . Fixed bug #71132, #71197 (range() segfaults). (Thomas Punt) + . Added is_iterable() function. (Aaron Piotrowski) + . Fixed bug #72306 (Heap overflow through proc_open and $env parameter). + (Laruence) -- WDDX: - . Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization). (Stas) +- Streams: + . Fixed bug #72439 (Stream socket with remote address leads to a segmentation + fault). (Laruence) -07 Jan 2016 PHP 7.0.2 +09 Jun 2016, PHP 7.1.0alpha1 - Core: - . Fixed bug #71165 (-DGC_BENCH=1 doesn't work on PHP7). - (y dot uchiyama dot 1015 at gmail dot com) - . Fixed bug #71163 (Segmentation Fault: cleanup_unfinished_calls). (Laruence) - . Fixed bug #71109 (ZEND_MOD_CONFLICTS("xdebug") doesn't work). (Laruence) - . Fixed bug #71092 (Segmentation fault with return type hinting). (Laruence) - . Fixed bug memleak in header_register_callback. (Laruence) - . Fixed bug #71067 (Local object in class method stays in memory for each - call). (Laruence) - . Fixed bug #66909 (configure fails utf8_to_mutf7 test). (Michael Orlitzky) - . Fixed bug #70781 (Extension tests fail on dynamic ext dependency). - (Francois Laupretre) - . Fixed bug #71089 (No check to duplicate zend_extension). (Remi) - . Fixed bug #71086 (Invalid numeric literal parse error within - highlight_string() function). (Nikita) - . Fixed bug #71154 (Incorrect HT iterator invalidation causes iterator reuse). + . Added nullable types. (Levi, Dmitry) + . Added DFA optimization framework based on e-SSA form. (Dmitry, Nikita) + . Added specialized opcode handlers (e.g. ZEND_ADD_LONG_NO_OVERFLOW). + (Dmitry) + . Change statement and fcall extension handlers to accept frame. (Joe) + . Implemented safe execution timeout handling, that prevents random crashes + after "Maximum execution time exceeded" error. (Dmitry) + . Fixed bug #53432 (Assignment via string index access on an empty string + converts to array). (Nikita) + . Fixed bug #62210 (Exceptions can leak temporary variables). (Dmitry, Bob) + . Fixed bug #62814 (It is possible to stiffen child class members visibility). (Nikita) - . Fixed bug #52355 (Negating zero does not produce negative zero). (Andrea) - . Fixed bug #66179 (var_export() exports float as integer). (Andrea) - . Fixed bug #70804 (Unary add on negative zero produces positive zero). - (Andrea) - -- CURL: - . Fixed bug #71144 (Sementation fault when using cURL with ZTS). - (Michael Maroszek, Laruence) - -- DBA: - . Fixed key leak with invalid resource. (Laruence) + . Fixed bug #69989 (Generators don't participate in cycle GC). (Nikita) + . Fixed bug #70228 (Memleak if return in finally block). (Dmitry) + . Fixed bug #71266 (Missing separation of properties HT in foreach etc). + (Dmitry) + . Fixed bug #71604 (Aborted Generators continue after nested finally). + (Nikita) + . Fixed bug #71572 (String offset assignment from an empty string inserts + null byte). (Francois) + . Fixed bug #71897 (ASCII 0x7F Delete control character permitted in + identifiers). (Andrea) + . Fixed bug #72188 (Nested try/finally blocks losing return value). (Dmitry) + . Fixed bug #72213 (Finally leaks on nested exceptions). (Dmitry, Nikita) + . Implemented the RFC `Support Class Constant Visibility`. (Sean DuBois, + Reeze Xia, Dmitry) + . Added void return type. (Andrea) + . Added support for negative string offsets in string offset syntax and + various string functions. (Francois) + . Added a form of the list() construct where keys can be specified. (Andrea) + . Number operators taking numeric strings now emit E_NOTICEs or E_WARNINGs + when given malformed numeric strings. (Andrea) + . (int), intval() where $base is 10 or unspecified, settype(), decbin(), + decoct(), dechex(), integer operators and other conversions now always + respect scientific notation in numeric strings. (Andrea) + . Implemented the RFC `Catching multiple exception types`. (Bronislaw Bialek, + Pierrick) + . Raise a compile-time warning on octal escape sequence overflow. (Sara) + . Added [] = as alternative construct to list() =. (Bob) + . Implemented logging to syslog with dynamic error levels. (Jani Ollikainen) + . Fixed bug #47517 (php-cgi.exe missing UAC manifest). + (maxdax15801 at users noreply github com) -- Filter: - . Fixed bug #71063 (filter_input(INPUT_ENV, ..) does not work). (Reeze Xia) +- Apache2handler: + . Enable per-module logging in Apache 2.4+. (Martin Vobruba) -- FPM: - . Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (Stas) +- CLI Server: + . Fixed bug #71276 (Built-in webserver does not send Date header). + (see at seos fr) - FTP: . Implemented FR #55651 (Option to ignore the returned FTP PASV address).