PHP NEWS

|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

30 May 2015, PHP 5.6.9RC1

- Core:

. Fixed bug #69467 (Wrong checked for the interface by using Trait).

(Laruence)

. Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)

. Fixed bug #60022 ("use statement [...] has no effect" depends on leading

backslash). (Nikita)

. Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer).

(Dmitry)

. Fixed bug #68652 (segmentation fault in destructor). (Dmitry)

. Fixed bug #69419 (Returning compatible sub generator produces a warning).

(Nikita)

. Fixed bug #69472 (php_sys_readlink ignores misc errors from

GetFinalPathNameByHandleA). (Jan Starke)

- ODBC:

. Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0).

(Anatol)

. Fixed bug #69474 (ODBC: Query with same field name from two tables returns

incorrect result). (Anatol)

. Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall,

Anatol Belski)

- OpenSSL:

. Fixed bug #69402 (Reading empty SSL stream hangs until timeout).

(Daniel Lowrey)

16 Apr 2015, PHP 5.6.8

- Core:

. Fixed bug #66609 (php crashes with __get() and ++ operator in some cases).

(Dmitry, Laruence)

. Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8

characters). (Tjerk)

. Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai)

. Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM

configuration options). (Anatol Belski)

. Additional fix for bug #69152 (Type confusion vulnerability in

exception::getTraceAsString). (Stas)

. Fixed bug #69210 (serialize function return corrupted data when sleep has

non-string values). (Juan Basso)

. Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in

__call/... arg passing). (Nikita)

. Fixed bug #69221 (Segmentation fault when using a generator in combination

with an Iterator). (Nikita)

. Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion

vulnerability). (Stas)

. Fixed bug #69353 (Missing null byte checks for paths in various PHP

extensions). (Stas)

- Apache2handler:

. Fixed bug #69218 (potential remote code execution with apache 2.4

apache2handler). (Gerrit Venema)

- cURL:

. Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)

. Fixed bug #68739 (Missing break / control flow). (Laruence)

. Fixed bug #69316 (Use-after-free in php_curl related to

CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)

- Date:

. Fixed bug #69336 (Issues with "last day of <monthname>"). (Derick Rethans)

- Enchant:

. Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows

builds). (Anatol)

- Ereg:

. Fixed bug #68740 (NULL Pointer Dereference). (Laruence)

- Fileinfo:

. Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or

segfault). (Anatol Belski)

- Filter:

. Fixed bug #69202 (FILTER_FLAG_STRIP_BACKTICK ignored unless other

flags are used). (Jeff Welch)

. Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff

Welch)

- Mbstring:

. Fixed bug #68846 (False detection of CJK Unified Ideographs Extension E).

(Masaki Kagaya)

- OPCache:

. Fixed bug #69297 (function_exists strange behavior with OPCache on

disabled function). (Laruence)

. Fixed bug #69281 (opcache_is_script_cached no longer works). (danack)

. Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence)

- OpenSSL:

. Fixed bugs #68853, #65137 (Buffered crypto stream data breaks IO polling

in stream_select() contexts) (Chris Wright)

. Fixed bug #69197 (openssl_pkcs7_sign handles default value incorrectly)

(Daniel Lowrey)

. Fixed bug #69215 (Crypto servers should send client CA list)

(Daniel Lowrey)

. Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)

- Phar:

. Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar).

(Mike)

. Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike)

. Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike)

. Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing

".tar"). (Mike)

. Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)

. Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in

phar_set_inode). (Stas)

- Postgres:

. Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence)

- SOAP:

. Fixed bug #69152 (Type Confusion Infoleak Vulnerability in unserialize()

with SoapFault). (Dmitry)

. Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader

(bisected, regression)). (Laruence)

- SPL:

. Fixed bug #69227 (Use after free in zval_scan caused by

spl_object_storage_get_gc). (adam dot scarr at 99designs dot com)

- Sqlite3:

. Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception).

(Dan Ackroyd)

. Fixed bug #69287 (Upgrade bundled libsqlite to 3.8.8.3). (Anatol)

. Fixed bug #66550 (SQLite prepared statement use-after-free). (Sean Heelan)

19 Mar 2015, PHP 5.6.7

- Core:

. Fixed bug #69174 (leaks when unused inner class use traits precedence).

(Laruence)

. Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).

(Laruence)

. Fixed bug #69121 (Segfault in get_current_user when script owner is not

in passwd with ZTS build). (dan at syneto dot net)

. Fixed bug #65593 (Segfault when calling ob_start from output buffering

callback). (Mike)

. Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file

not validated in memory.c). (nayana at ddproperty dot com)

. Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus)

. Fixed bug #69141 (Missing arguments in reflection info for some builtin

functions). (kostyantyn dot lysyy at oracle dot com)

. Fixed bug #68976 (Use After Free Vulnerability in unserialize()).

(CVE-2015-2787) (Stas)

. Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM

configuration options). (Anatol Belski)

. Fixed bug #69207 (move_uploaded_file allows nulls in path). (CVE-2015-2348)

(Stas)

- CGI:

. Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence)

- CLI:

. Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia)

- cURL:

. Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on

Win32). (Grant Pannell)

. Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported

by libcurl. (Linus Unneback)

- Ereg:

. Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (CVE-2015-2305)

(Stas)

- FPM:

. Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com)

- ODBC:

. Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol)

- Opcache:

. Fixed bug #69159 (Opcache causes problem when passing a variable variable

to a function). (Dmitry, Laruence)

. Fixed bug #69125 (Array numeric string as key). (Laruence)

. Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence)

- OpenSSL:

. Fixed bug #68912 (Segmentation fault at openssl_spki_new). (Laruence)

. Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe

socket timeouts). (Brad Broerman)

. Fixed bug #68920 (use strict peer_fingerprint input checks)

(Daniel Lowrey)

. Fixed bug #68879 (IP Address fields in subjectAltNames not used)

(Daniel Lowrey)

. Fixed bug #68265 (SAN match fails with trailing DNS dot) (Daniel Lowrey)

. Fixed bug #67403 (Add signatureType to openssl_x509_parse) (Daniel Lowrey)

. Fixed bug (#69195 Inconsistent stream crypto values across versions)

(Daniel Lowrey)

- pgsql:

. Fixed bug #68638 (pg_update() fails to store infinite values).

(william dot welter at 4linux dot com dot br, Laruence)

- Readline:

. Fixed bug #69054 (Null dereference in readline_(read|write)_history() without

parameters). (Laruence)

- SOAP:

. Fixed bug #69085 (SoapClient's __call() type confusion through

unserialize()). (andrea dot palazzo at truel dot it, Laruence)

- SPL:

. Fixed bug #69108 ("Segmentation fault" when (de)serializing

SplObjectStorage). (Laruence)

. Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after

calling getChildren()). (Julien)

- ZIP:

. Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap

boundary). (CVE-2015-2331) (Stas)

19 Feb 2015, PHP 5.6.6

- Core:

. Removed support for multi-line headers, as the are deprecated by RFC 7230.

(Stas)

. Fixed bug #67068 (getClosure returns somethings that's not a closure).

(Danack at basereality dot com)

. Fixed bug #68942 (Use after free vulnerability in unserialize() with

DateTimeZone). (CVE-2015-0273) (Stas)

. Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname

buffer overflow). (Stas)

. Fixed Bug #67988 (htmlspecialchars() does not respect default_charset

specified by ini_set) (Yasuo)

. Added NULL byte protection to exec, system and passthru. (Yasuo)

- Dba:

. Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)

- Enchant:

. Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()).

(CVE-2014-9705) (Antony)

- Fileinfo:

. Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)

. Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files

correctly). (Anatol)

. Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with some

gifs). (Anatol)

- FPM:

. Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)

. Fixed bug #68571 (core dump when webserver close the socket).

(redfoxli069 at gmail dot com, Laruence)

- JSON:

. Fixed bug #50224 (json_encode() does not always encode a float as a float)

by adding JSON_PRESERVE_ZERO_FRACTION. (Juan Basso)

- LIBXML:

. Fixed bug #64938 (libxml_disable_entity_loader setting is shared

between threads). (Martin Jansen)

- Mysqli:

. Fixed bug #68114 (linker error on some OS X machines with fixed

width decimal support) (Keyur Govande)

. Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient

has rounding errors) (Keyur Govande)

- Opcache:

. Fixed bug with try blocks being removed when extended_info opcode

generation is turned on. (Laruence)

- PDO_mysql:

. Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of

named pipes). (steffenb198 at aol dot com)

- Phar:

. Fixed bug #68901 (use after free). (CVE-2015-2301)

(bugreports at internot dot info)

- Pgsql:

. Fixed Bug #65199 (pg_copy_from() modifies input array variable) (Yasuo)

- Session:

. Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)

. Fixed Bug #66623 (no EINTR check on flock) (Yasuo)

. Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)

- Sqlite3:

. Fixed bug #68260 (SQLite3Result::fetchArray declares wrong

required_num_args). (Julien)

- Standard:

. Fixed bug #65272 (flock() out parameter not set correctly in windows).

(Daniel Lowrey)

. Fixed bug #69033 (Request may get env. variables from previous requests

if PHP works as FastCGI). (Anatol)

- Streams:

. Fixed bug which caused call after final close on streams filter. (Bob)

22 Jan 2015, PHP 5.6.5

- Core:

. Upgraded crypt_blowfish to version 1.3. (Leigh)

. Fixed bug #60704 (unlink() bug with some files path).

. Fixed bug #65419 (Inside trait, self::class != __CLASS__). (Julien)

. Fixed bug #68536 (pack for 64bits integer is broken on bigendian). (Remi)

. Fixed bug #55541 (errors spawn MessageBox, which blocks test automation).

(Anatol)

. Fixed bug #68297 (Application Popup provides too few information). (Anatol)

. Fixed bug #65769 (localeconv() broken in TS builds). (Anatol)

. Fixed bug #65230 (setting locale randomly broken). (Anatol)

. Fixed bug #66764 (configure doesn't define EXPANDED_DATADIR / PHP_DATADIR

correctly). (Ferenc)

. Fixed bug #68583 (Crash in timeout thread). (Anatol)

. Fixed bug #65576 (Constructor from trait conflicts with inherited

constructor). (dunglas at gmail dot com)

. Fixed bug #68676 (Explicit Double Free). (CVE-2014-9425) (Kalle)

. Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()).

(CVE-2015-0231) (Stefan Esser)

- CGI:

. Fixed bug #68618 (out of bounds read crashes php-cgi). (CVE-2014-9427)

(Stas)

- CLI server:

. Fixed bug #68745 (Invalid HTTP requests make web server segfault). (Adam)

- cURL:

. Fixed bug #67643 (curl_multi_getcontent returns '' when

CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans)

- Date:

. Implemented FR #68268 (DatePeriod: Getter for start date, end date and

interval). (Marc Bennewitz)

- EXIF:

. Fixed bug #68799: Free called on uninitialized pointer. (CVE-2015-0232)

(Stas)

- Fileinfo:

. Fixed bug #68398 (msooxml matches too many archives). (Anatol)

. Fixed bug #68665 (invalid free in libmagic). (Joshua Rogers, Anatol Belski)

. Fixed bug #68671 (incorrect expression in libmagic).

(Joshua Rogers, Anatol Belski)

. Removed readelf.c and related code from libmagic sources

(Remi, Anatol)

. Fixed bug #68735 (fileinfo out-of-bounds memory access). (CVE-2014-9652)

(Anatol)

- FPM:

. Fixed request #68526 (Implement POSIX Access Control List for UDS). (Remi)

. Fixed bug #68751 (listen.allowed_clients is broken). (Remi)

- GD:

. Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (CVE-2014-9709)

(Jan Bee, Remi)

. Fixed request #68656 (Report gd library version). (Remi)

- mbstring:

. Fixed bug #68504 (--with-libmbfl configure option not present on Windows).

(Ashesh Vashi)

- Opcache:

. Fixed bug #68644 (strlen incorrect : mbstring + func_overload=2 +UTF-8

+ Opcache). (Laruence)

. Fixed bug #67111 (Memory leak when using "continue 2" inside two foreach

loops). (Nikita)

- OpenSSL:

. Improved handling of OPENSSL_KEYTYPE_EC keys. (Dominic Luechinger)

- pcntl:

. Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler

when setting SIG_DFL). (Julien)

- PCRE:

. Fixed bug #66679 (Alignment Bug in PCRE 8.34 upstream).

(Rainer Jung, Anatol Belski)

- pgsql:

. Fixed bug #68697 (lo_export return -1 on failure). (Ondřej Surý)

- PDO:

. Fixed bug #68371 (PDO#getAttribute() cannot be called with platform-specifi

attribute names). (Matteo)

- PDO_mysql:

. Fixed bug #68424 (Add new PDO mysql connection attr to control multi

statements option). (peter dot wolanin at acquia dot com)

- SPL:

. Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME

breaks the RecursiveIterator). (Paul Garvin)

. Fixed bug #68479 (Added escape parameter to SplFileObject::fputcsv). (Salathe)

- SQLite:

. Fixed bug #68120 (Update bundled libsqlite to 3.8.7.2). (Anatol)

- Streams:

. Fixed bug #68532 (convert.base64-encode omits padding bytes).

(blaesius at krumedia dot de)

18 Dec 2014, PHP 5.6.4

- Core:

. Fixed bug #68091 (Some Zend headers lack appropriate extern "C" blocks).

(Adam)

. Fixed bug #68104 (Segfault while pre-evaluating a disabled function).

(Laruence)

. Fixed bug #68185 ("Inconsistent insteadof definition."- incorrectly

triggered). (Julien)

. Fixed bug #68355 (Inconsistency in example php.ini comments).

(Chris McCafferty)

. Fixed bug #68370 ("unset($this)" can make the program crash). (Laruence)

. Fixed bug #68422 (Incorrect argument reflection info for array_multisort()).

(Alexander Lisachenko)

. Fixed bug #68545 (NULL pointer dereference in unserialize.c). (Anatol)

. Fixed bug #68446 (Array constant not accepted for array parameter default).

(Bob, Dmitry)

. Fixed bug #68594 (Use after free vulnerability in unserialize()).

(CVE-2014-8142) (Stefan Esser)

- Date:

. Fixed day_of_week function as it could sometimes return negative values

internally. (Derick)

- FPM:

. Fixed bug #68381 (fpm_unix_init_main ignores log_level).

(David Zuelke, Remi)

. Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all

addresses). (Remi)

. Fixed bug #68421 (access.format='%R' doesn't log ipv6 address). (Remi)

. Fixed bug #68423 (PHP-FPM will no longer load all pools). (Remi)

. Fixed bug #68428 (listen.allowed_clients is IPv4 only). (Remi)

. Fixed bug #68452 (php-fpm man page is oudated). (Remi)

. Fixed request #68458 (Change pm.start_servers default warning to

notice). (David Zuelke, Remi)

. Fixed bug #68463 (listen.allowed_clients can silently result

in no allowed access). (Remi)

. Fixed request #68391 (php-fpm conf files loading order).

(Florian Margaine, Remi)

. Fixed bug #68478 (access.log don't use prefix). (Remi)

- Mcrypt:

. Fixed possible read after end of buffer and use after free. (Dmitry)

- GMP:

. Fixed bug #68419 (build error with gmp 4.1). (Remi)

- PDO_pgsql:

. Fixed bug #67462 (PDO_PGSQL::beginTransaction() wrongly throws exception

when not in transaction) (Matteo)

. Fixed bug #68351 (PDO::PARAM_BOOL and ATTR_EMULATE_PREPARES misbehaving)

(Matteo)

- Session:

. Fixed bug #68331 (Session custom storage callable functions not being called)

(Yasuo Ohgaki)

- SOAP:

. Fixed bug #68361 (Segmentation fault on SoapClient::__getTypes).

(Laruence)

- zlib:

. Fixed bug #53829 (Compiling PHP with large file support will replace

function gzopen by gzopen64) (Sascha Kettler, Matteo)

13 Nov 2014, PHP 5.6.3

- Core:

. Implemented 64-bit format codes for pack() and unpack(). (Leigh)

. Fixed bug #51800 (proc_open on Windows hangs forever). (Anatol)

. Fixed bug #67633 (A foreach on an array returned from a function not doing

copy-on-write). (Nikita)

. Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported

as 6.2 (instead of 6.3)). (Christian Wenz)

. Fixed bug #67949 (DOMNodeList elements should be accessible through

array notation) (Florian)

. Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in

php_getopt()). (Stas)

. Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined). (Nikita)

. Fixed bug #68129 (parse_url() - incomplete support for empty usernames

and passwords) (Tjerk)

. Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in

zend_hash_copy). (Dmitry)

- CURL:

. Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and

CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl (Rasmus)

- Fileinfo:

. Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB)

. Fixed bug #68224 (buffer-overflow in libmagic/readcdf.c caught by

AddressSanitizer). (Remi)

. Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers).

(CVE-2014-3710) (Remi)

- FPM:

. Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable

when using Apache, mod_proxy-fcgi and ProxyPass). (Remi)

. Implemented FR #55508 (listen and listen.allowed_clients should take IPv6

addresses). (Robin Gloster)

- GD:

. Fixed bug #65171 (imagescale() fails without height param). (Remi)

- GMP:

. Implemented gmp_random_range() and gmp_random_bits(). (Leigh)

. Fixed bug #63595 (GMP memory management conflicts with other libraries

using GMP). (Remi)

- Mysqli:

. Fixed bug #68114 (linker error on some OS X machines with fixed width

decimal support) (Keyur Govande)

- ODBC:

. Fixed bug #68087 (ODBC not correctly reading DATE column when preceded by

a VARCHAR column) (Keyur Govande)

- OpenSSL:

. Fixed bug #68074 (Allow to use system cipher list instead of hardcoded

value). (Remi)

- PDO_pgsql:

. Fixed bug #68199 (PDO::pgsqlGetNotify doesn't support NOTIFY payloads)

(Matteo, Alain Laporte)

. Fixed bug #66584 (Segmentation fault on statement deallocation) (Matteo)

- OpenSSL:

. Revert regression introduced by fix of bug #41631

- Reflection:

. Fixed bug #68103 (Duplicate entry in Reflection for class alias). (Remi)

- SPL:

. Fixed bug #68128 (Regression in RecursiveRegexIterator) (Tjerk)

16 Oct 2014, PHP 5.6.2

- Core:

. Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)).

(CVE-2014-3669) (Stas)

- cURL:

. Fixed bug #68089 (NULL byte injection - cURL lib). (Stas)

- EXIF:

. Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)

(Stas)

- XMLRPC:

. Fixed bug #68027 (Global buffer overflow in mkgmtime() function).

(CVE-2014-3668) (Stas)

02 Oct 2014, PHP 5.6.1

- Core:

. Implemented FR #38409 (parse_ini_file() looses the type of booleans). (Tjerk)

. Fixed bug #65463 (SIGSEGV during zend_shutdown()). (Keyur Govande)

. Fixed bug #66036 (Crash on SIGTERM in apache process). (Keyur Govande)

. Fixed bug #67878 (program_prefix not honoured in man pages). (Remi)

. Fixed bug #67938 (Segfault when extending interface method with variadic).

(Nikita)

. Fixed bug #67985 (Incorrect last used array index copied to new array after

unset). (Tjerk)

. Fixed bug #68088 (New Posthandler Potential Illegal efree() vulnerability).

(Mike) (CVE-2014-3622)

- DOM:

. Made DOMNode::textContent writeable. (Tjerk)

- Fileinfo:

. Fixed bug #67731 (finfo::file() returns invalid mime type

for binary files). (Anatol)

- GD:

. Made fontFetch's path parser thread-safe. (Sara)

- GMP:

. Fixed bug #67917 (Using GMP objects with overloaded operators can cause

memory exhaustion). (Nikita)

. Fixed bug #50175 (gmp_init() results 0 on given base and number starting

with 0x or 0b). (Nikita)

. Implemented gmp_import() and gmp_export(). (Leigh, Nikita)

- MySQLi:

. Fixed bug #67839 (mysqli does not handle 4-byte floats correctly). (Keyur)

- OpenSSL:

. Fixed bug #67850 (extension won't build if openssl compiled without SSLv3).

(Daniel Lowrey)

- phpdbg:

. Fixed issue krakjoe/phpdbg#111 (compile error without ZEND_SIGNALS). (Bob)

- SOAP:

. Fixed bug #67955 (SoapClient prepends 0-byte to cookie names). (Philip Hofstetter)

- Session:

. Fixed bug #67972 (SessionHandler Invalid memory read create_sid()). (Adam)

- Sysvsem:

. Implemented FR #67990 (Add optional nowait argument to sem_acquire).

(Matteo)

28 Aug 2014, PHP 5.6.0

- Apache2 Handler SAPI:

. Fixed Apache log issue caused by APR's lack of support for %zu

(APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120).

(Jeff Trawick)

- CLI server:

. Added some MIME types to the CLI web server. (Chris Jones)

. Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol)

. Fixed bug #66830 (Empty header causes PHP built-in web server to hang).

(Adam)

. Fixed bug #67594 (Unable to access to apache_request_headers() elements).

(Tjerk)

. Implemented FR #67429 (CLI server is missing some new HTTP response codes).

(Adam)

. Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi)

- COM:

. Fixed bug #41577 (DOTNET is successful once per server run)

(Aidas Kasparas)

. Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas).

. Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)

- Core:

. Improved phpinfo() stylesheets. (Colin Viebrock)

. Fixed bug #67693 (incorrect push to the empty array). (Tjerk)

. Removed inconsistency regarding behaviour of array in constants at

run-time. (Bob)

. Fixed bug #67497 (eval with parse error causes segmentation fault in

generator). (Nikita)

. Fixed bug #67151 (strtr with empty array crashes). (Nikita)

. Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server

2012). (Christian Wenz)

. Fixed bug #66608 (Incorrect behavior with nested "finally" blocks).

(Laruence, Dmitry)

. Implemented FR #34407 (ucwords and Title Case). (Tjerk)

. Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0).

(Ferenc)

. Fixed bug #67368 (Memory leak with immediately dereferenced array in class

constant). (Laruence)

. Fixed bug #67468 (Segfault in highlight_file()/highlight_string()).

(Andreas Ferber)

. Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability).

(Stefan Esser)

. Fixed bug #67551 (php://input temp file will be located in sys_temp_dir

instead of upload_tmp_dir). (Mike)

. Fixed bug #67169 (array_splice all elements, then []= gives wrong index).

(Nikita)

. Fixed bug #67198 (php://input regression). (Mike)

. Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)

. Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)

. Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)

. Fixed bug #67249 (printf out-of-bounds read). (Stas)

. Implemented FR #64744 (Differentiate between member function call on a null

and non-null, non-objects). (Boro Sitnikovski)

. Fixed bug #67436 (Autoloader isn't called if two method definitions don't

match). (Bob)

. Fixed bug #66622 (Closures do not correctly capture the late bound class

(static::) in some cases). (Levi Morrison)

. Fixed bug #67390 (insecure temporary file use in the configure script).

(Remi) (CVE-2014-3981)

. Fixed bug #67392 (dtrace breaks argument unpack). (Nikita)

. Fixed bug #67428 (header('Location: foo') will override a 308-399 response

code). (Adam)

. Fixed bug #67433 (SIGSEGV when using count() on an object implementing

Countable). (Matteo)

. Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas)

. Expose get_debug_info class hook as __debugInfo() magic method. (Sara)

. Implemented unified default encoding

(RFC: https://wiki.php.net/rfc/default_encoding). (Yasuo Ohgaki)

. Added T_POW (**) operator

(RFC: https://wiki.php.net/rfc/pow-operator). (Tjerk Meesters)

. Improved IS_VAR operands fetching. (Laruence, Dmitry)

. Improved empty string handling. Now ZE uses an interned string instead of

allocation new empty string each time. (Laruence, Dmitry)

. Implemented internal operator overloading

(RFC: https://wiki.php.net/rfc/operator_overloading_gmp). (Nikita)

. Made calls from incompatible context issue an E_DEPRECATED warning instead

of E_STRICT (phase 1 of RFC: https://wiki.php.net/rfc/incompat_ctx).

(Gustavo)

. Uploads equal or greater than 2GB in size are now accepted.

(Ralf Lang, Mike)

. Reduced POST data memory usage by 200-300%. Changed INI setting

always_populate_raw_post_data to throw a deprecation warning when enabling

and to accept -1 for never populating the $HTTP_RAW_POST_DATA global

variable, which will be the default in future PHP versions. (Mike)

. Implemented dedicated syntax for variadic functions

(RFC: https://wiki.php.net/rfc/variadics). (Nikita)

. Fixed bug #50333 Improving multi-threaded scalability by using

emalloc/efree/estrdup (Anatol, Dmitry)

. Implemented constant scalar expressions (with support for constants)

(RFC: https://wiki.php.net/rfc/const_scalar_exprs). (Bob)

. Fixed bug #65784 (Segfault with finally). (Laruence, Dmitry)

. Fixed bug #66509 (copy() arginfo has changed starting from 5.4). (willfitch)

. Allow zero length comparison in substr_compare() (Tjerk)

. Fixed bug #60602 (proc_open() changes environment array) (Tjerk)

. Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)

. Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace

UNIX sockets). (Mike)

. Fixed bug #66182 (exit in stream filter produces segfault). (Mike)

. Fixed bug #66736 (fpassthru broken). (Mike)

. Fixed bug #66822 (Cannot use T_POW in const expression) (Tjerk)

. Fixed bug #67043 (substr_compare broke by previous change) (Tjerk)

. Fixed bug #65701 (copy() doesn't work when destination filename is created

by tempnam()). (Boro Sitnikovski)

. Fixed bug #66015 (Unexpected array indexing in class's static property). (Bob)

. Added (constant) string/array dereferencing to static scalar expressions

to complete the set; now possible thanks to bug #66015 being fixed. (Bob)

. Fixed bug #66568 (Update reflection information for unserialize() function).

(Ferenc)

. Fixed bug #66660 (Composer.phar install/update fails). (Ferenc)

. Fixed bug #67024 (getimagesize should recognize BMP files with negative

height). (Gabor Buella)

. Fixed bug #67064 (Countable interface prevents using 2nd parameter

($mode) of count() function). (Bob)

. Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)

. Fixed bug #67033 (Remove reference to Windows 95). (Anatol)

- Curl:

. Implemented FR #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir

or safe_mode). (Adam)

. Check for openssl.cafile ini directive when loading CA certs. (Daniel Lowrey)

. Remove cURL close policy related constants as these have no effect and are

no longer used in libcurl. (Chris Wright)

. Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour)

(Tjerk)

. Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive.

(Adam)

. Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike)

. Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).

(Freek Lijten)

- Date:

. Fixed bug #66060 (Heap buffer over-read in DateInterval). (CVE-2013-6712)

(Remi)

. Fixed bug #66091 (memory leaks in DateTime constructor) (Tjerk).

. Fixed bug #67308 (Serialize of DateTime truncates fractions of second).

(Adam)

. Fixed regression in fix for bug #67118 (constructor can't be called twice).

(Remi)

. Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)

. Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)

. Added DateTimeImmutable::createFromMutable to create a DateTimeImmutable

object from an existing DateTime (mutable) object (Derick)

. Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is

supplied). (Boro Sitnikovski)

. Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)

- DOM:

. Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,

not only the subset). (Anatol)

- Embed:

. Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol).

- Fileinfo:

. Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi)

. Fixed bug #67705 (extensive backtracking in rule regular expression).

(CVE-2014-3538) (Remi)

. Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS).

(CVE-2014-0238)

. Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in

performance degradation). (CVE-2014-0237)

. Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check).

(CVE-2014-0207)

. Fixed bug #67329 (fileinfo: NULL pointer deference flaw by processing certain

CDF files). (CVE-2014-0236)

. Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal

string size). (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi)

. Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary

check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi)

. Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check).

(CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi)

. Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary

check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi)

. Upgraded to libmagic-5.17 (Anatol)

. Fixed bug #66731 (file: infinite recursion). (CVE-2014-1943) (Remi)

. Fixed bug #66820 (out-of-bounds memory access in fileinfo).

(CVE-2014-2270). (Remi)

. Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular

expression). (CVE-2013-7345) (Remi)

. Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).

(Remi)

. Fixed bug #66907 (Solaris 10 is missing strcasestr and needs substitute).

(Anatol)

. Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)

- FPM:

. Fixed bug #67606 (revised fix 67541, broke mod_fastcgi BC). (David Zuelke)

. Fixed bug #67530 (error_log=syslog ignored). (Remi)

. Fixed bug #67635 (php links to systemd libraries without using pkg-config).

(pacho at gentoo dot org, Remi)

. Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi)

. Fixed bug #67541 (Fix Apache 2.4.10+ SetHandler proxy:fcgi://

incompatibilities). (David Zuelke)

. Included apparmor support in fpm

(RFC: https://wiki.php.net/rfc/fpm_change_hat). (Gernot Vormayr)

. Added clear_env configuration directive to disable clearenv() call.

(Github PR# 598, Paul Annesley)

. Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).

. Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).

(Julio Pintos)

. Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure

default configuration) (CVE-2014-0185). (Stas)

- GD

. Fixed bug #67730 (Null byte injection possible with imagexxx functions).

(CVE-2014-5120) (Ryan Mauger)

. Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference).

(CVE-2014-2497) (Remi)

. Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)

. Fixed imagettftext to load the correct character map rather than the last one.

(Scott)

. Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop()).

(CVE-2013-7226)

. Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer).

(CVE-2013-7327). (Tomas Hoger, Remi).

. Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget) (Pierre)

. Fixed bug #66887 (imagescale - poor quality of scaled image). (Remi)

. Fixed bug #66890 (imagescale segfault). (Remi)

. Fixed bug #66893 (imagescale ignore method argument). (Remi)

- GMP:

. Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre)

. Fixed crashes in serialize/unserialize. (Stas)

. Moved GMP to use object as the underlying structure and implemented various

improvements based on this.

(RFC: https://wiki.php.net/rfc/operator_overloading_gmp). (Nikita)

. Added gmp_root() and gmp_rootrem() functions for calculating nth roots.

(Nikita)

- Hash:

. Added gost-crypto (CryptoPro S-box) GOST hash algo. (Manuel Mausz)

. Fixed bug #66698 (Missing FNV1a32 and FNV1a64 hash functions).

(Michael M Slusarz).

. Implemented timing attack safe string comparison function

(RFC: https://wiki.php.net/rfc/timing_attack). (Rouven Weßling)

. hash_pbkdf2() now works correctly if the $length argument is not specified.

(Nikita)

- Intl:

. Fixed bug #66873 (A reproductible crash in UConverter when given invalid

encoding) (Stas)

. Fixed bug #66921 (Wrong argument type hint for function

intltz_from_date_time_zone). (Stas)

. Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting).

(Stas)

. Fixed bug #67349 (Locale::parseLocale Double Free). (Stas)

. Fixed bug #67397 (Buffer overflow in locale_get_display_name and

uloc_getDisplayName (libicu 4.8.1)). (Stas)

- JSON:

. Fixed case part of bug #64874 ("json_decode handles whitespace and

case-sensitivity incorrectly")

. Fixed bug #65753 (JsonSerializeable couldn't implement on module extension)

(chobieeee@php.net)

. Fixed bug #66021 (Blank line inside empty array/object when

JSON_PRETTY_PRINT is set). (Kevin Israel)

- ldap

. Added new function ldap_modify_batch(). (Ondrej Hosek)

. Fixed issue with null bytes in LDAP bindings. (Matthew Daley)

- litespeed

. Updated LiteSpeed SAPI code to V6.6 (George Wang)

. Fixed bug #63228 (-Werror=format-security error in lsapi code).

(Elan Ruusamäe, George)

- Mail:

. Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)

- Mcrypt:

. No longer allow invalid key sizes, invalid IV sizes or missing required IV

in mcrypt_encrypt, mcrypt_decrypt and the deprecated mode functions.

(Nikita)

. Use /dev/urandom as the default source for mcrypt_create_iv(). (Nikita)

- Mbstring:

. Upgraded to oniguruma 5.9.5 (Anatol)

. Fixed bug #67199 (mb_regex_encoding mismatch). (Yasuo)

- Milter:

. Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike)

- mysqli

. Added new function mysqli_get_links_stats() as well as new INI variable

mysqli.rollback_on_cached_plink of type bool (Andrey)

. Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)

(Remi)

. Fixed building against an external libmysqlclient. (Adam)

- mysqlnd:

. Disabled flag for SP OUT variables for 5.5+ servers as they are not natively

supported by the overlying APIs. (Andrey)

. Added a new fetching mode to mysqlnd. (Andrey)

. Added support for gb18030 from MySQL 5.7. (Andrey)

- Network:

. Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi)

. Fixed bug #67432 (Fix potential segfault in dns_get_record()).

(CVE-2014-4049). (Sara)

- OCI8

. Fixed Bug #66875 (Improve performance of multi-row OCI_RETURN_LOB queries)

(Perrier, Chris Jones)

- ODBC:

. Fixed bug #60616 (odbc_fetch_into returns junk at end of multi-byte char

fields). (Keyur Govande)

- OpenSSL:

. Fixed bug #41631 (socket timeouts not honored in blocking SSL reads)

(Daniel Lowrey).

. Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).

. Fixed bug #67609 (TLS connections fail behind HTTP proxy). (Daniel Lowrey)

. Fixed broken build against OpenSSL older than 0.9.8 where ECDH unavailable.

(Lior Kaplan)

. Fixed bug #67666 (Subject altNames doesn't support wildcard matching). (Tjerk)

. Fixed bug #67224 (Fall back to crypto_type from context if not specified

explicitly in stream_socket_enable_crypto). (Chris Wright)

. Fixed bug #65698 (certificates validity parsing does not work past 2050).

(Paul Oehler)

. Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).

(Paul Oehler)

. Peer certificates now verified by default in client socket operations

(RFC: https://wiki.php.net/rfc/tls-peer-verification). (Daniel Lowrey)

. New openssl.cafile and openssl.capath ini directives. (Daniel Lowrey)

. Added crypto_method option for the ssl stream context. (Martin Jansen)

. Added certificate fingerprint support. (Tjerk Meesters)

. Added explicit TLSv1.1 and TLSv1.2 stream transports. (Daniel Lowrey)

. Fixed bug #65729 (CN_match gives false positive). (Tjerk Meesters)

. Peer name verification matches SAN DNS names for certs using

the Subject Alternative Name x509 extension. (Daniel Lowrey)

. Fixed segfault when built against OpenSSL>=1.0.1 (Daniel Lowrey)

. Added SPKAC support. (Jason Gerfen)

. Fallback to Windows CA cert store for peer verification if no openssl.cafile

ini directive or "cafile" SSL context option specified in Windows.

(Chris Wright)

. The openssl.cafile and openssl.capath ini directives introduced in alpha2

now have PHP_INI_PERDIR accessibility (was PHP_INI_ALL). (Daniel Lowrey)

. New "peer_name" SSL context option replaces "CN_match" (which still works

as before but triggers E_DEPRECATED). (Daniel Lowrey)

. Fixed segfault when accessing non-existent context for client SNI use

(Daniel Lowrey)

. Fixed bug #66501 (Add EC key support to php_openssl_is_private_key).

(Mark Zedwood)

. Fixed Bug #47030 (add new boolean "verify_peer_name" SSL context option

allowing clients to verify cert names separately from the cert itself).

"verify_peer_name" is enabled by default for client streams.

(Daniel Lowrey)

. Fixed Bug #65538 ("cafile" SSL context option now supports stream

wrappers). (Daniel Lowrey)

. New openssl_get_cert_locations() function to aid CA file and peer

verification debugging. (Daniel Lowrey)

. Encrypted stream wrappers now disable TLS compression by default.

(Daniel Lowrey)

. New "capture_session_meta" SSL context option allows encrypted client and

server streams access to negotiated protocol/cipher information.

(Daniel Lowrey)

. New "honor_cipher_order" SSL context option allows servers to prioritize

cipher suites of their choosing when negotiating SSL/TLS handshakes.

(Daniel Lowrey)

. New "single_ecdh_use" and "single_dh_use" SSL context options allow for

improved forward secrecy in encrypted stream servers. (Daniel Lowrey)

. New "dh_param" SSL context option allows stream servers control over

the parameters when negotiating DHE cipher suites. (Daniel Lowrey)

. New "ecdh_curve" SSL context option allowing stream servers to specify

the curve to use when negotiating ephemeral ECDHE ciphers (defaults to

NIST P-256). (Daniel Lowrey)

. New "rsa_key_size" SSL context option gives stream servers control

over the key size (in bits) used for RSA key agreements. (Daniel Lowrey)

. Crypto methods for encrypted client and server streams now use

bitwise flags for fine-grained protocol support. (Daniel Lowrey)

. Added new tlsv1.0 stream wrapper to specify TLSv1 client/server method.

tls wrapper now negotiates TLSv1, TLSv1.1 or TLSv1.2. (Daniel Lowrey)

. Encrypted client streams now enable SNI by default. (Daniel Lowrey)

. Encrypted streams now prioritize ephemeral key agreement and high strength

ciphers by default. (Daniel Lowrey)

. New OPENSSL_DEFAULT_STREAM_CIPHERS constant exposes default cipher

list. (Daniel Lowrey)

. New STREAM_CRYPTO_METHOD_* constants for enhanced control over the crypto

methods negotiated encrypted server/client sessions. (Daniel Lowrey)

. Encrypted stream servers now automatically mitigate potential DoS vector

arising from client-initiated TLS renegotiation. New "reneg_limit",

"reneg_window" and "reneg_limit_callback" SSL context options for custom

renegotiation limiting control. (Daniel Lowrey)

. Fixed memory leak in windows cert verification on verify failure.

(Chris Wright)

. Peer certificate capturing via SSL context options now functions even if

peer verification fails. (Daniel Lowrey)

. Encrypted TLS servers now support the server name indication TLS extension

via the new "SNI_server_certs" SSL context option. (Daniel Lowrey)

. Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)

. Fixed bug #66942 (memory leak in openssl_seal()). (Chuan Ma)