Permalink
Browse files

Imported Upstream version 5.3.6

  • Loading branch information...
1 parent c83e61e commit 8a8ae5a0b3c0183cb8642e34448280cdb579e99e @oerdnj oerdnj committed Mar 18, 2011
Showing 1,026 changed files with 20,612 additions and 9,005 deletions.
View
275 NEWS
@@ -1,7 +1,238 @@
-PHP NEWS
+PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+17 Mar 2011, PHP 5.3.6
+- Upgraded bundled Sqlite3 to version 3.7.4. (Ilia)
+- Upgraded bundled PCRE to version 8.11. (Ilia)
+
+- Zend Engine:
+ . Indirect reference to $this fails to resolve if direct $this is never used
+ in method. (Scott)
+ . Added options to debug backtrace functions. (Stas)
+ . Fixed bug numerous crashes due to setlocale (crash on error, pcre, mysql
+ etc.) on Windows in thread safe mode. (Pierre)
+ . Fixed Bug #53971 (isset() and empty() produce apparently spurious runtime
+ error). (Dmitry)
+ . Fixed Bug #53958 (Closures can't 'use' shared variables by value and by
+ reference). (Dmitry)
+ . Fixed Bug #53629 (memory leak inside highlight_string()). (Hannes, Ilia)
+ . Fixed Bug #51458 (Lack of error context with nested exceptions). (Stas)
+ . Fixed Bug #47143 (Throwing an exception in a destructor causes a fatal
+ error). (Stas)
+ . Fixed bug #43512 (same parameter name can be used multiple times in
+ method/function definition). (Felipe)
+
+- Core:
+ . Added ability to connect to HTTPS sites through proxy with basic
+ authentication using stream_context/http/header/Proxy-Authorization (Dmitry)
+ . Changed default value of ini directive serialize_precision from 100 to 17.
+ (Gustavo)
+ . Fixed bug #54055 (buffer overrun with high values for precision ini
+ setting). (Gustavo)
+ . Fixed bug #53959 (reflection data for fgetcsv out-of-date). (Richard)
+ . Fixed bug #53577 (Regression introduced in 5.3.4 in open_basedir with a
+ trailing forward slash). (lekensteyn at gmail dot com, Pierre)
+ . Fixed bug #53682 (Fix compile on the VAX). (Rasmus, jklos)
+ . Fixed bug #48484 (array_product() always returns 0 for an empty array).
+ (Ilia)
+ . Fixed bug #48607 (fwrite() doesn't check reply from ftp server before
+ exiting). (Ilia)
+
+
+- Calendar extension:
+ . Fixed bug #53574 (Integer overflow in SdnToJulian, sometimes leading to
+ segfault). (Gustavo)
+
+- DOM extension:
+ . Implemented FR #39771 (Made DOMDocument::saveHTML accept an optional DOMNode
+ like DOMDocument::saveXML). (Gustavo)
+
+- DateTime extension:
+ . Fixed a bug in DateTime->modify() where absolute date/time statements had
+ no effect. (Derick)
+ . Fixed bug #53729 (DatePeriod fails to initialize recurrences on 64bit
+ big-endian systems). (Derick, rein@basefarm.no)
+ . Fixed bug #52808 (Segfault when specifying interval as two dates). (Stas)
+ . Fixed bug #52738 (Can't use new properties in class extended from
+ DateInterval). (Stas)
+ . Fixed bug #52290 (setDate, setISODate, setTime works wrong when DateTime
+ created from timestamp). (Stas)
+ . Fixed bug #52063 (DateTime constructor's second argument doesn't have a
+ null default value). (Gustavo, Stas)
+
+- Exif extension:
+ . Fixed bug #54002 (crash on crafted tag, reported by Luca Carettoni).
+ (Pierre) (CVE-2011-0708)
+
+- Filter extension:
+ . Fixed bug #53924 (FILTER_VALIDATE_URL doesn't validate port number).
+ (Ilia, Gustavo)
+ . Fixed bug #53150 (FILTER_FLAG_NO_RES_RANGE is missing some IP ranges).
+ (Ilia)
+ . Fixed bug #52209 (INPUT_ENV returns NULL for set variables (CLI)). (Ilia)
+ . Fixed bug #47435 (FILTER_FLAG_NO_RES_RANGE don't work with ipv6).
+ (Ilia, valli at icsurselva dot ch)
+
+- Fileinfo extension:
+ . Fixed bug #54016 (finfo_file() Cannot determine filetype in archives).
+ (Hannes)
+
+- Gettext
+ . Fixed bug #53837 (_() crashes on Windows when no LANG or LANGUAGE
+ environment variable are set). (Pierre)
+
+- IMAP extension:
+ . Implemented FR #53812 (get MIME headers of the part of the email). (Stas)
+ . Fixed bug #53377 (imap_mime_header_decode() doesn't ignore \t during long
+ MIME header unfolding). (Adam)
+
+- Intl extension:
+ . Fixed bug #53612 (Segmentation fault when using cloned several intl
+ objects). (Gustavo)
+ . Fixed bug #53512 (NumberFormatter::setSymbol crash on bogus $attr values).
+ (Felipe)
+ . Implemented clone functionality for number, date & message formatters.
+ (Stas).
+
+- JSON extension:
+ . Fixed bug #53963 (Ensure error_code is always set during some failed
+ decodings). (Scott)
+
+- mysqlnd
+ . Fixed problem with always returning 0 as num_rows for unbuffered sets.
+ (Andrey, Ulf)
+
+- MySQL Improved extension:
+ . Added 'db' and 'catalog' keys to the field fetching functions (FR #39847).
+ (Kalle)
+ . Fixed buggy counting of affected rows when using the text protocol. The
+ collected statistics were wrong when multi_query was used with mysqlnd
+ (Andrey)
+ . Fixed bug #53795 (Connect Error from MySqli (mysqlnd) when using SSL).
+ (Kalle)
+ . Fixed bug #53503 (mysqli::query returns false after successful LOAD DATA
+ query). (Kalle, Andrey)
+ . Fixed bug #53425 (mysqli_real_connect() ignores client flags when built to
+ call libmysql). (Kalle, tre-php-net at crushedhat dot com)
+
+- OpenSSL extension:
+ . Fixed stream_socket_enable_crypto() not honoring the socket timeout in
+ server mode. (Gustavo)
+ . Fixed bug #54060 (Memory leaks when openssl_encrypt). (Pierre)
+ . Fixed bug #54061 (Memory leaks when openssl_decrypt). (Pierre)
+ . Fixed bug #53592 (stream_socket_enable_crypto() busy-waits in client mode).
+ (Gustavo)
+ . Implemented FR #53447 (Cannot disable SessionTicket extension for servers
+ that do not support it) by adding a no_ticket SSL context option. (Adam,
+ Tony)
+
+- PDO MySQL driver:
+ . Fixed bug #53551 (PDOStatement execute segfaults for pdo_mysql driver).
+ (Johannes)
+ . Implemented FR #47802 (Support for setting character sets in DSN strings).
+ (Kalle)
+
+- PDO Oracle driver:
+ . Fixed bug #39199 (Cannot load Lob data with more than 4000 bytes on
+ ORACLE 10). (spatar at mail dot nnov dot ru)
+
+- PDO PostgreSQL driver:
+ . Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down).
+ (gyp at balabit dot hu)
+
+- Phar extension:
+ . Fixed bug #54247 (format-string vulnerability on Phar). (Felipe)
+ (CVE-2011-1153)
+ . Fixed bug #53541 (format string bug in ext/phar).
+ (crrodriguez at opensuse dot org, Ilia)
+ . Fixed bug #53898 (PHAR reports invalid error message, when the directory
+ does not exist). (Ilia)
+
+- PHP-FPM SAPI:
+ . Enforce security in the fastcgi protocol parsing.
+ (ef-lists at email dotde)
+ . Fixed bug #53777 (php-fpm log format now match php_error log format). (fat)
+ . Fixed bug #53527 (php-fpm --test doesn't set a valuable return value). (fat)
+ . Fixed bug #53434 (php-fpm slowlog now also logs the original request). (fat)
+
+- Readline extension:
+ . Fixed bug #53630 (Fixed parameter handling inside readline() function).
+ (jo at feuersee dot de, Ilia)
+
+- Reflection extension:
+ . Fixed bug #53915 (ReflectionClass::getConstant(s) emits fatal error on
+ constants with self::). (Gustavo)
+
+- Shmop extension:
+ . Fixed bug #54193 (Integer overflow in shmop_read()). (Felipe)
+ Reported by Jose Carlos Norte <jose at eyeos dot org> (CVE-2011-1092)
+
+- SNMP extension:
+ . Fixed bug #51336 (snmprealwalk (snmp v1) does not handle end of OID tree
+ correctly). (Boris Lytochkin)
+
+- SOAP extension:
+ . Fixed possible crash introduced by the NULL poisoning patch.
+ (Mateusz Kocielski, Pierre)
+
+- SPL extension:
+ . Fixed memory leak in DirectoryIterator::getExtension() and
+ SplFileInfo::getExtension(). (Felipe)
+ . Fixed bug #53914 (SPL assumes HAVE_GLOB is defined). (Chris Jones)
+ . Fixed bug #53515 (property_exists incorrect on ArrayObject null and 0
+ values). (Felipe)
+ . Fixed bug #49608 (Using CachingIterator on DirectoryIterator instance
+ segfaults). (Felipe)
+
+ . Added SplFileInfo::getExtension(). FR #48767. (Peter Cowburn)
+
+- SQLite3 extension:
+ . Fixed memory leaked introduced by the NULL poisoning patch.
+ (Mateusz Kocielski, Pierre)
+ . Fixed memory leak on SQLite3Result and SQLite3Stmt when assigning to a
+ reference. (Felipe)
+ . Add SQlite3_Stmt::readonly() for checking if a statement is read only.
+ (Scott)
+ . Implemented FR #53466 (SQLite3Result::columnType() should return false after
+ all of the rows have been fetched). (Scott)
+
+- Streams:
+ . Fixed bug #54092 (Segmentation fault when using HTTP proxy with the FTP
+ wrapper). (Gustavo)
+ . Fixed bug #53913 (Streams functions assume HAVE_GLOB is defined). (Chris
+ Jones)
+ . Fixed bug #53903 (userspace stream stat callback does not separate the
+ elements of the returned array before converting them). (Gustavo)
+ . Implemented FR #26158 (open arbitrary file descriptor with fopen). (Gustavo)
+
+- Tokenizer Extension
+ . Fixed bug #54089 (token_get_all() does not stop after __halt_compiler).
+ (Ilia)
+
+- XSL extension:
+ . Fixed memory leaked introduced by the NULL poisoning patch.
+ (Mateusz Kocielski, Pierre)
+
+- Zip extension:
+ . Added the filename into the return value of stream_get_meta_data(). (Hannes)
+ . Fixed bug #53923 (Zip functions assume HAVE_GLOB is defined). (Adam)
+ . Fixed bug #53893 (Wrong return value for ZipArchive::extractTo()). (Pierre)
+ . Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive).
+ (Stas, Maksymilian Arciemowicz). (CVE-2011-0421)
+ . Fixed bug #53854 (Missing constants for compression type). (Richard, Adam)
+ . Fixed bug #53603 (ZipArchive should quiet stat errors). (brad dot froehle at
+ gmail dot com, Gustavo)
+ . Fixed bug #53579 (stream_get_contents() segfaults on ziparchive streams).
+ (Hannes)
+ . Fixed bug #53568 (swapped memset arguments in struct initialization).
+ (crrodriguez at opensuse dot org)
+ . Fixed bug #53166 (Missing parameters in docs and reflection definition).
+ (Richard)
+ . Fixed bug #49072 (feof never returns true for damaged file in zip).
+ (Gustavo, Richard Quadling)
+
06 Jan 2011, PHP 5.3.5
-- Fixed Bug #53632 (infinite loop with x87 fpu). (Scott, Rasmus)
+- Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott,
+ Rasmus)
09 Dec 2010, PHP 5.3.4
- Upgraded bundled Sqlite3 to version 3.7.3. (Ilia)
@@ -10,7 +241,8 @@
- Security enhancements:
. Fixed crash in zip extract method (possible CWE-170).
(Maksymilian Arciemowicz, Pierre)
- . Paths with NULL in them (foo\0bar.txt) are now considered as invalid. (Rasmus)
+ . Paths with NULL in them (foo\0bar.txt) are now considered as invalid.
+ (Rasmus)
. Fixed a possible double free in imap extension (Identified by Mateusz
Kocielski). (CVE-2010-4150). (Ilia)
. Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
@@ -37,8 +269,8 @@
. Implemented symbolic links support for open_basedir checks. (Pierre)
. Implemented FR #51804, SplFileInfo::getLinkTarget on Windows. (Pierre)
. Implemented FR #50692, not uploaded files don't count towards
- max_file_uploads limit. As a side improvement, temporary files are not opened
- for empty uploads and, in debug mode, 0-length uploads. (Gustavo)
+ max_file_uploads limit. As a side improvement, temporary files are not
+ opened for empty uploads and, in debug mode, 0-length uploads. (Gustavo)
- Improved MySQLnd:
. Added new character sets to mysqlnd, which are available in MySQL 5.5
@@ -75,12 +307,12 @@
. Fixed bug #53141 (autoload misbehaves if called from closing session).
(ladislav at marek dot su)
. Fixed bug #53021 (In html_entity_decode, failure to convert numeric entities
- with ENT_NOQUOTES and ISO-8859-1). Fixed and extended the fix of ENT_NOQUOTES
- in html_entity_decode that had introduced the bug (rev #185591) to other
- encodings. Additionaly, html_entity_decode() now doesn't decode &#34; if
- ENT_NOQUOTES is given. (Gustavo)
- . Fixed bug #52931 (strripos not overloaded with function overloading enabled).
- (Felipe)
+ with ENT_NOQUOTES and ISO-8859-1). Fixed and extended the fix of
+ ENT_NOQUOTES in html_entity_decode that had introduced the bug (rev
+ #185591) to other encodings. Additionaly, html_entity_decode() now doesn't
+ decode &#34; if ENT_NOQUOTES is given. (Gustavo)
+ . Fixed bug #52931 (strripos not overloaded with function overloading
+ enabled). (Felipe)
. Fixed bug #52772 (var_dump() doesn't check for the existence of
get_class_name before calling it). (Kalle, Gustavo)
. Fixed bug #52534 (var_export array with negative key). (Felipe)
@@ -94,7 +326,8 @@
other platforms). (Pierre)
. Fixed bug #49687 (utf8_decode vulnerabilities and deficiencies in the number
of reported malformed sequences). (CVE-2010-3870) (Gustavo)
- . Fixed bug #49407 (get_html_translation_table doesn't handle UTF-8). (Gustavo)
+ . Fixed bug #49407 (get_html_translation_table doesn't handle UTF-8).
+ (Gustavo)
. Fixed bug #48831 (php -i has different output to php --ini). (Richard,
Pierre)
. Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4).
@@ -195,8 +428,8 @@
words). (Ilia)
- Intl extension:
- . Fixed crashes on invalid parameters in intl extension. (CVE-2010-4409). (Stas, Maksymilian
- Arciemowicz)
+ . Fixed crashes on invalid parameters in intl extension. (CVE-2010-4409).
+ (Stas, Maksymilian Arciemowicz)
. Added support for formatting the timestamp stored in a DateTime object.
(Stas)
. Fixed bug #50590 (IntlDateFormatter::parse result is limited to the integer
@@ -206,8 +439,8 @@
. Fixed bug #53273 (mb_strcut() returns garbage with the excessive length
parameter). (CVE-2010-4156) (Mateusz Kocielski, Pierre, Moriyoshi)
. Fixed bug #52981 (Unicode casing table was out-of-date. Updated with
- UnicodeData-6.0.0d7.txt and included the source of the generator program with
- the distribution) (Gustavo).
+ UnicodeData-6.0.0d7.txt and included the source of the generator program
+ with the distribution) (Gustavo).
. Fixed bug #52681 (mb_send_mail() appends an extra MIME-Version header).
(Adam)
@@ -278,8 +511,8 @@
. Fixed bug #52725 (gcc builtin atomic functions were sometimes used when they
were not available). (fat)
. Fixed bug #52693 (configuration file errors are not logged to stderr). (fat)
- . Fixed bug #52674 (FPM Status page returns inconsistent Content-Type headers).
- (fat)
+ . Fixed bug #52674 (FPM Status page returns inconsistent Content-Type
+ headers). (fat)
. Fixed bug #52498 (libevent was not only linked to php-fpm). (fat)
- PDO:
@@ -337,9 +570,9 @@
- Streams:
. Fixed forward stream seeking emulation in streams that don't support seeking
in situations where the read operation gives back less data than requested
- and when there was data in the buffer before the emulation started. Also made
- more consistent its behavior -- should return failure every time less data
- than was requested was skipped. (Gustavo)
+ and when there was data in the buffer before the emulation started. Also
+ made more consistent its behavior -- should return failure every time less
+ data than was requested was skipped. (Gustavo)
. Fixed bug #53241 (stream casting that relies on fdopen/fopencookie fails
with streams opened with, inter alia, the 'xb' mode). (Gustavo)
. Fixed bug #53006 (stream_get_contents has an unpredictable behavior when the
View
@@ -2,7 +2,7 @@
+----------------------------------------------------------------------+
| Thread Safe Resource Manager |
+----------------------------------------------------------------------+
- | Copyright (c) 1999-2010, Andi Gutmans, Sascha Schumann, Zeev Suraski |
+ | Copyright (c) 1999-2011, Andi Gutmans, Sascha Schumann, Zeev Suraski |
| This source file is subject to the TSRM license, that is bundled |
| with this package in the file LICENSE |
+----------------------------------------------------------------------+
View
@@ -2,7 +2,7 @@
+----------------------------------------------------------------------+
| Thread Safe Resource Manager |
+----------------------------------------------------------------------+
- | Copyright (c) 1999-2010, Andi Gutmans, Sascha Schumann, Zeev Suraski |
+ | Copyright (c) 1999-2011, Andi Gutmans, Sascha Schumann, Zeev Suraski |
| This source file is subject to the TSRM license, that is bundled |
| with this package in the file LICENSE |
+----------------------------------------------------------------------+
View
@@ -2,7 +2,7 @@
+----------------------------------------------------------------------+
| PHP Version 5 |
+----------------------------------------------------------------------+
- | Copyright (c) 1997-2010 The PHP Group |
+ | Copyright (c) 1997-2011 The PHP Group |
+----------------------------------------------------------------------+
| This source file is subject to version 3.01 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is |
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: tsrm_nw.c 293036 2010-01-03 09:23:27Z sebastian $ */
+/* $Id: tsrm_nw.c 306939 2011-01-01 02:19:59Z felipe $ */
#include <stdlib.h>
#include <stdio.h>
View
@@ -2,7 +2,7 @@
+----------------------------------------------------------------------+
| PHP Version 5 |
+----------------------------------------------------------------------+
- | Copyright (c) 1997-2010 The PHP Group |
+ | Copyright (c) 1997-2011 The PHP Group |
+----------------------------------------------------------------------+
| This source file is subject to version 3.01 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is |
Oops, something went wrong.

0 comments on commit 8a8ae5a

Please sign in to comment.