-
Notifications
You must be signed in to change notification settings - Fork 7.7k
/
NEWS
10848 lines (9833 loc) · 506 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
07 Jan 2016, PHP 5.6.17
- Core:
. Fixed bug #66909 (configure fails utf8_to_mutf7 test). (Michael Orlitzky)
. Fixed bug #70958 (Invalid opcode while using ::class as trait method
paramater default value). (Laruence)
. Fixed bug #70957 (self::class can not be resolved with reflection for
abstract class). (Laruence)
. Fixed bug #70944 (try{ } finally{} can create infinite chains of
exceptions). (Laruence)
. Fixed bug #61751 (SAPI build problem on AIX: Undefined symbol:
php_register_internal_extensions). (Lior Kaplan)
- FPM:
. Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (Stas)
- GD:
. Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index
Out of Bounds). (emmanuel dot law at gmail dot com).
- Mysqlnd:
. Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction).
(Laruence)
- SOAP:
. Fixed bug #70900 (SoapClient systematic out of memory error). (Dmitry)
- Standard:
. Fixed bug #70960 (ReflectionFunction for array_unique returns wrong number
of parameters). (Laruence)
- PDO_Firebird:
. Fixed bug #60052 (Integer returned as a 64bit integer on X64_86). (Mariuz)
- WDDX:
. Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization).
(taoguangchen at icloud dot com)
. Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion
Vulnerability). (taoguangchen at icloud dot com)
- XMLRPC:
. Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker()).
(Julien)
26 Nov 2015, PHP 5.6.16
- Core:
. Fixed bug #70828 (php-fpm 5.6 with opcache crashes when referencing a
non-existent constant). (Laruence)
. Fixed bug #70748 (Segfault in ini_lex () at Zend/zend_ini_scanner.l).
(Laruence)
- Mysqlnd:
. Fixed bug #68344 (MySQLi does not provide way to disable peer certificate
validation) by introducing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT
connection flag. (Andrey)
- OCI8:
. Fixed bug #68298 (OCI int overflow). (Senthil)
- PDO_DBlib:
. Fixed bug #69757 (Segmentation fault on nextRowset).
(miracle at rpz dot name)
- SOAP:
. Fixed bug #70875 (Segmentation fault if wsdl has no targetNamespace
attribute). (Matteo)
- SPL:
. Fixed bug #70852 (Segfault getting NULL offset of an ArrayObject).
(Reeze Xia)
29 Oct 2015, PHP 5.6.15
- Core:
. Fixed bug #70681 (Segfault when binding $this of internal instance method
to null). (Nikita)
. Fixed bug #70685 (Segfault for getClosure() internal method rebind with
invalid $this). (Nikita)
- Date:
. Fixed bug #70619 (DateTimeImmutable segfault). (Laruence)
- Mcrypt:
. Fixed bug #70625 (mcrypt_encrypt() won't return data when no IV was
specified under RC4). (Nikita)
- Mysqlnd:
. Fixed bug #70384 (mysqli_real_query():Unknown type 245 sent by the server).
(Andrey)
. Fixed bug #70572 segfault in mysqlnd_connect. (Andrey, Remi)
- Opcache:
. Fixed bug #70632 (Third one of segfault in gc_remove_from_buffer).
(Laruence)
. Fixed bug #70631 (Another Segfault in gc_remove_from_buffer()). (Laruence)
. Fixed bug #70601 (Segfault in gc_remove_from_buffer()). (Laruence)
. Fixed compatibility with Windows 10 (see also bug #70652). (Anatol)
01 Oct 2015, PHP 5.6.14
- Core:
. Fixed bug #70370 (Bundled libtool.m4 doesn't handle FreeBSD 10 when
building extensions). (Adam)
- CLI server:
. Fixed bug #68291 (404 on urls with '+'). (cmb)
- DOM:
. Fixed bug #70001 (Assigning to DOMNode::textContent does additional entity
encoding). (cmb)
- ldap:
. Fixed bug #70465 (Bug in ldap_search() modifies LDAP_OPT_TIMELIMIT/DEREF's values). (Tyson Andre)
. Fixed bug #69574 (ldap timeouts not enforced). (Côme Bernigaud)
- Mysqlnd:
. Fixed bug #70456 (mysqlnd doesn't activate TCP keep-alive when connecting to
a server). (Sergei Turchanov)
- OpenSSL:
. Fixed bug #55259 (openssl extension does not get the DH parameters from
DH key resource). (Jakub Zelenka)
. Fixed bug #70395 (Missing ARG_INFO for openssl_seal()). (cmb)
. Fixed bug #60632 (openssl_seal fails with AES). (Jakub Zelenka)
. Fixed bug #68312 (Lookup for openssl.cnf causes a message box). (Anatol)
- PDO:
. Fixed bug #70389 (PDO constructor changes unrelated variables). (Laruence)
- Phar:
. Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()). (Stas)
. FIxed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip
entry filename is "/"). (Stas)
- Phpdbg:
. Fix phpdbg_break_next() sometimes not breaking. (Bob)
- Standard:
. Fixed bug #67131 (setcookie() conditional for empty values not met). (cmb)
- Streams:
. Fixed bug #70361 (HTTP stream wrapper doesn't close keep-alive connections).
(Niklas Keller)
- Zip:
. Fixed bug #70322 (ZipArchive::close() doesn't indicate errors). (cmb)
03 Sep 2015, PHP 5.6.13
- Core:
. Fixed bug #69900 (Too long timeout on pipes). (Anatol)
. Fixed bug #69487 (SAPI may truncate POST data). (cmb)
. Fixed bug #70198 (Checking liveness does not work as expected).
(Shafreeck Sea, Anatol Belski)
. Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas)
. Fixed bug #70219 (Use after free vulnerability in session deserializer).
(taoguangchen at icloud dot com)
- CLI server:
. Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE).
(wusuopu, cmb)
. Fixed bug #70264 (CLI server directory traversal). (cmb)
- Date:
. Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to
be optional). (cmb)
. Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).
(cmb)
- EXIF:
. Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte
value of 32 bytes). (Stas)
- GMP:
. Fixed bug #70284 (Use after free vulnerability in unserialize() with GMP).
(stas)
- hash:
. Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee
at naver dot com)
- MCrypt:
. Fixed bug #69833 (mcrypt fd caching not working). (Anatol)
- Opcache:
. Fixed bug #70237 (Empty while and do-while segmentation fault with opcode
on CLI enabled). (Dmitry, Laruence)
- PCRE:
. Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string
match). (cmb)
. Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
(Anatol Belski)
- SOAP:
. Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
(Stas)
- SPL:
. Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via
ob_start). (hugh at allthethings dot co dot nz)
. Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb)
. Fixed bug #70365 (Use-after-free vulnerability in unserialize() with
SplObjectStorage). (taoguangchen at icloud dot com)
. Fixed bug #70366 (Use-after-free vulnerability in unserialize() with
SplDoublyLinkedList). (taoguangchen at icloud dot com)
- Standard:
. Fixed bug #70052 (getimagesize() fails for very large and very small WBMP).
(cmb)
. Fixed bug #70157 (parse_ini_string() segmentation fault with
INI_SCANNER_TYPED). (Tjerk)
- XSLT:
. Fixed bug #69782 (NULL pointer dereference). (Stas)
- ZIP:
. Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when
creating directories). (neal at fb dot com)
06 Aug 2015, PHP 5.6.12
- Core:
. Fixed bug #70012 (Exception lost with nested finally block). (Laruence)
. Fixed bug #70002 (TS issues with temporary dir handling). (Anatol)
. Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive
method calls). (Stas)
. Fixed bug #69892 (Different arrays compare indentical due to integer key
truncation). (Nikita)
. Fixed bug #70121 (unserialize() could lead to unexpected methods execution
/ NULL pointer deref). (Stas)
- CLI server:
. Fixed bug #69655 (php -S changes MKCALENDAR request method to MKCOL). (cmb)
. Fixed bug #64878 (304 responses return Content-Type header). (cmb)
- GD:
. Fixed bug #53156 (imagerectangle problem with point ordering). (cmb)
. Fixed bug #66387 (Stack overflow with imagefilltoborder). (cmb)
. Fixed bug #70102 (imagecreatefromwebm() shifts colors). (cmb)
. Fixed bug #66590 (imagewebp() doesn't pad to even length). (cmb)
. Fixed bug #66882 (imagerotate by -90 degrees truncates image by 1px). (cmb)
. Fixed bug #70064 (imagescale(..., IMG_BICUBIC) leaks memory). (cmb)
. Fixed bug #69024 (imagescale segfault with palette based image). (cmb)
. Fixed bug #53154 (Zero-height rectangle has whiskers). (cmb)
. Fixed bug #67447 (imagecrop() add a black line when cropping). (cmb)
. Fixed bug #68714 (copy 'n paste error). (cmb)
. Fixed bug #66339 (PHP segfaults in imagexbm). (cmb)
. Fixed bug #70047 (gd_info() doesn't report WebP support). (cmb)
- ODBC:
. Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined
columns). (cmb)
- OpenSSL:
. Fixed bug #69882 (OpenSSL error "key values mismatch" after
openssl_pkcs12_read with extra cert). (Tomasz Sawicki)
. Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically
secure). (Stas)
- Phar:
. Improved fix for bug #69441. (Anatol Belski)
. Fixed bug #70019 (Files extracted from archive may be placed outside of
destination directory). (Anatol Belski)
- SOAP:
. Fixed bug #70081 (SoapClient info leak / null pointer dereference via
multiple type confusions). (Stas)
- SPL:
. Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject
items). (sean.heelan)
. Fixed bug #70166 (Use After Free Vulnerability in unserialize() with
SPLArrayObject). (taoguangchen at icloud dot com)
. Fixed bug #70168 (Use After Free Vulnerability in unserialize() with
SplObjectStorage). (taoguangchen at icloud dot com)
. Fixed bug #70169 (Use After Free Vulnerability in unserialize() with
SplDoublyLinkedList). (taoguangchen at icloud dot com)
- Standard:
. Fixed bug #70096 (Repeated iptcembed() adds superfluous FF bytes). (cmb)
09 Jul 2015, PHP 5.6.11
- Core:
. Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb)
. Fixed bug #69703 (Use __builtin_clzl on PowerPC).
(dja at axtens dot net, Kalle)
. Fixed bug #69732 (can induce segmentation fault with basic php code).
(Dmitry)
. Fixed bug #69642 (Windows 10 reported as Windows 8).
(Christian Wenz, Anatol Belski)
. Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation
fault). (Christoph M. Becker)
. Fixed bug #69781 (phpinfo() reports Professional Editions of Windows
7/8/8.1/10 as "Business"). (Christian Wenz)
. Fixed bug #69740 (finally in generator (yield) swallows exception in
iteration). (Nikita)
. Fixed bug #69835 (phpinfo() does not report many Windows SKUs).
(Christian Wenz)
. Fixed bug #69892 (Different arrays compare indentical due to integer key
truncation). (Nikita)
. Fixed bug #69874 (Can't set empty additional_headers for mail()), regression
from fix to bug #68776. (Yasuo)
- GD:
. Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb)
- GMP:
. Fixed bug #69803 (gmp_random_range() modifies second parameter if GMP
number). (Nikita)
- Mysqlnd:
. Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM). (CVE-2015-3152)
(Andrey)
- PCRE:
. Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the
string). (cmb)
. Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab)
- PDO_pgsql:
. Fixed bug #69752 (PDOStatement::execute() leaks memory with DML
Statements when closeCuror() is u). (Philip Hofstetter)
. Fixed bug #69362 (PDO-pgsql fails to connect if password contains a
leading single quote). (Matteo)
. Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps).
(Matteo)
- Phar:
. Fixed bug #69958 (Segfault in Phar::convertToData on invalid file).
(CVE-2015-5589) (Stas)
. Fixed bug #69923 (Buffer overflow and stack smashing error in
phar_fix_filepath). (CVE-2015-5590) (Stas)
- SimpleXML:
. Refactored the fix for bug #66084 (simplexml_load_string() mangles empty
node name). (Christoph Michael Becker)
- SPL:
. Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error).
(Stas)
. Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian Gustavo Veiga).
. Fixed bug #69970 (Use-after-free vulnerability in
spl_recursive_it_move_forward_ex()). (Laruence)
- Sqlite3:
. Fixed bug #69972 (Use-after-free vulnerability in
sqlite3SafetyCheckSickOrOk()). (Laruence)
11 Jun 2015, PHP 5.6.10
- Core:
. Fixed bug #66048 (temp. directory is cached during multiple requests).
(Julien)
. Fixed bug #69566 (Conditional jump or move depends on uninitialised value
in extension trait). (jbboehr at gmail dot com)
. Fixed bug #69599 (Strange generator+exception+variadic crash). (Nikita)
. Fixed bug #69628 (complex GLOB_BRACE fails on Windows).
(Christoph M. Becker)
. Fixed POST data processing slowdown due to small input buffer size
on Windows. (Jorge Oliveira, Anatol)
. Fixed bug #69646 (OS command injection vulnerability in escapeshellarg).
(CVE-2015-4642) (Anatol Belski)
. Fixed bug #69719 (Incorrect handling of paths with NULs). (Stas)
- FTP
. Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in
heap overflow). (CVE-2015-4643) (Max Spelsberg)
- GD:
. Fixed bug #69479 (GD fails to build with newer libvpx). (Remi)
- Iconv:
. Fixed bug #48147 (iconv with //IGNORE cuts the string). (Stas)
- Litespeed SAPI:
. Fixed bug #68812 (Unchecked return value). (George Wang)
- Mail:
. Fixed bug #68776 (mail() does not have mail header injection prevention for
additional headers). (Yasuo)
- MCrypt:
. Added file descriptor caching to mcrypt_create_iv() (Leigh)
- Opcache
. Fixed bug #69549 (Memory leak with opcache.optimization_level=0xFFFFFFFF).
(Laruence, Dmitry)
- PCRE
. Upgraded pcrelib to 8.37. (CVE-2015-2325, CVE-2015-2326)
- Phar:
. Fixed bug #69680 (phar symlink in binary directory broken).
(Matteo Bernardini, Remi)
- Postgres:
. Fixed bug #69667 (segfault in php_pgsql_meta_data). (CVE-2015-4644) (Remi)
- Sqlite3:
. Upgrade bundled sqlite to 3.8.10.2. (CVE-2015-3414, CVE-2015-3415,
CVE-2015-3416) (Kaplan)
14 May 2015, PHP 5.6.9
- Core:
. Fixed bug #69467 (Wrong checked for the interface by using Trait).
(Laruence)
. Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)
. Fixed bug #60022 ("use statement [...] has no effect" depends on leading
backslash). (Nikita)
. Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer).
(Dmitry)
. Fixed bug #68652 (segmentation fault in destructor). (Dmitry)
. Fixed bug #69419 (Returning compatible sub generator produces a warning).
(Nikita)
. Fixed bug #69472 (php_sys_readlink ignores misc errors from
GetFinalPathNameByHandleA). (Jan Starke)
. Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability).
(CVE-2015-4024) (Stas)
. Fixed bug #69403 (str_repeat() sign mismatch based memory corruption).
(Stas)
. Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (CVE-2015-4025)
(Stas)
. Fixed bug #69522 (heap buffer overflow in unpack()). (Stas)
- FTP:
. Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap
overflow). (CVE-2015-4022) (Stas)
- ODBC:
. Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0).
(Anatol)
. Fixed bug #69474 (ODBC: Query with same field name from two tables returns
incorrect result). (Anatol)
. Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall,
Anatol Belski)
- OpenSSL:
. Fixed bug #69402 (Reading empty SSL stream hangs until timeout).
(Daniel Lowrey)
- PCNTL:
. Fixed bug #68598 (pcntl_exec() should not allow null char). (CVE-2015-4026)
(Stas)
- Phar:
. Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry
filename starts with null). (CVE-2015-4021) (Stas)
16 Apr 2015, PHP 5.6.8
- Core:
. Fixed bug #66609 (php crashes with __get() and ++ operator in some cases).
(Dmitry, Laruence)
. Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8
characters). (Tjerk)
. Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai)
. Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
configuration options). (Anatol Belski)
. Additional fix for bug #69152 (Type confusion vulnerability in
exception::getTraceAsString). (Stas)
. Fixed bug #69210 (serialize function return corrupted data when sleep has
non-string values). (Juan Basso)
. Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in
__call/... arg passing). (Nikita)
. Fixed bug #69221 (Segmentation fault when using a generator in combination
with an Iterator). (Nikita)
. Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion
vulnerability). (Stas)
. Fixed bug #69353 (Missing null byte checks for paths in various PHP
extensions). (Stas)
- Apache2handler:
. Fixed bug #69218 (potential remote code execution with apache 2.4
apache2handler). (Gerrit Venema)
- cURL:
. Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)
. Fixed bug #68739 (Missing break / control flow). (Laruence)
. Fixed bug #69316 (Use-after-free in php_curl related to
CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)
- Date:
. Fixed bug #69336 (Issues with "last day of <monthname>"). (Derick Rethans)
- Enchant:
. Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows
builds). (Anatol)
- Ereg:
. Fixed bug #68740 (NULL Pointer Dereference). (Laruence)
- Fileinfo:
. Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or
segfault). (Anatol Belski)
- Filter:
. Fixed bug #69202 (FILTER_FLAG_STRIP_BACKTICK ignored unless other
flags are used). (Jeff Welch)
. Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff
Welch)
- Mbstring:
. Fixed bug #68846 (False detection of CJK Unified Ideographs Extension E).
(Masaki Kagaya)
- OPCache:
. Fixed bug #69297 (function_exists strange behavior with OPCache on
disabled function). (Laruence)
. Fixed bug #69281 (opcache_is_script_cached no longer works). (danack)
. Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence)
- OpenSSL:
. Fixed bugs #68853, #65137 (Buffered crypto stream data breaks IO polling
in stream_select() contexts) (Chris Wright)
. Fixed bug #69197 (openssl_pkcs7_sign handles default value incorrectly)
(Daniel Lowrey)
. Fixed bug #69215 (Crypto servers should send client CA list)
(Daniel Lowrey)
. Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)
- Phar:
. Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar).
(Mike)
. Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike)
. Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike)
. Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing
".tar"). (Mike)
. Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)
. Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in
phar_set_inode). (Stas)
- Postgres:
. Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence)
- SOAP:
. Fixed bug #69152 (Type Confusion Infoleak Vulnerability in unserialize()
with SoapFault). (Dmitry)
. Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader
(bisected, regression)). (Laruence)
- SPL:
. Fixed bug #69227 (Use after free in zval_scan caused by
spl_object_storage_get_gc). (adam dot scarr at 99designs dot com)
- Sqlite3:
. Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception).
(Dan Ackroyd)
. Fixed bug #69287 (Upgrade bundled libsqlite to 3.8.8.3). (Anatol)
. Fixed bug #66550 (SQLite prepared statement use-after-free). (Sean Heelan)
19 Mar 2015, PHP 5.6.7
- Core:
. Fixed bug #69174 (leaks when unused inner class use traits precedence).
(Laruence)
. Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).
(Laruence)
. Fixed bug #69121 (Segfault in get_current_user when script owner is not
in passwd with ZTS build). (dan at syneto dot net)
. Fixed bug #65593 (Segfault when calling ob_start from output buffering
callback). (Mike)
. Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file
not validated in memory.c). (nayana at ddproperty dot com)
. Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus)
. Fixed bug #69141 (Missing arguments in reflection info for some builtin
functions). (kostyantyn dot lysyy at oracle dot com)
. Fixed bug #68976 (Use After Free Vulnerability in unserialize()).
(CVE-2015-2787) (Stas)
. Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
configuration options). (Anatol Belski)
. Fixed bug #69207 (move_uploaded_file allows nulls in path). (CVE-2015-2348)
(Stas)
- CGI:
. Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence)
- CLI:
. Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia)
- cURL:
. Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on
Win32). (Grant Pannell)
. Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported
by libcurl. (Linus Unneback)
- Ereg:
. Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (CVE-2015-2305)
(Stas)
- FPM:
. Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com)
- ODBC:
. Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol)
- Opcache:
. Fixed bug #69159 (Opcache causes problem when passing a variable variable
to a function). (Dmitry, Laruence)
. Fixed bug #69125 (Array numeric string as key). (Laruence)
. Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence)
- OpenSSL:
. Fixed bug #68912 (Segmentation fault at openssl_spki_new). (Laruence)
. Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe
socket timeouts). (Brad Broerman)
. Fixed bug #68920 (use strict peer_fingerprint input checks)
(Daniel Lowrey)
. Fixed bug #68879 (IP Address fields in subjectAltNames not used)
(Daniel Lowrey)
. Fixed bug #68265 (SAN match fails with trailing DNS dot) (Daniel Lowrey)
. Fixed bug #67403 (Add signatureType to openssl_x509_parse) (Daniel Lowrey)
. Fixed bug (#69195 Inconsistent stream crypto values across versions)
(Daniel Lowrey)
- pgsql:
. Fixed bug #68638 (pg_update() fails to store infinite values).
(william dot welter at 4linux dot com dot br, Laruence)
- Readline:
. Fixed bug #69054 (Null dereference in readline_(read|write)_history() without
parameters). (Laruence)
- SOAP:
. Fixed bug #69085 (SoapClient's __call() type confusion through
unserialize()). (CVE-2015-4147, CVE-2015-4148) (andrea dot palazzo at truel
dot it, Laruence)
- SPL:
. Fixed bug #69108 ("Segmentation fault" when (de)serializing
SplObjectStorage). (Laruence)
. Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after
calling getChildren()). (Julien)
- ZIP:
. Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap
boundary). (CVE-2015-2331) (Stas)
19 Feb 2015, PHP 5.6.6
- Core:
. Removed support for multi-line headers, as the are deprecated by RFC 7230.
(Stas)
. Fixed bug #67068 (getClosure returns somethings that's not a closure).
(Danack at basereality dot com)
. Fixed bug #68942 (Use after free vulnerability in unserialize() with
DateTimeZone). (CVE-2015-0273) (Stas)
. Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname
buffer overflow). (Stas)
. Fixed Bug #67988 (htmlspecialchars() does not respect default_charset
specified by ini_set) (Yasuo)
. Added NULL byte protection to exec, system and passthru. (Yasuo)
- Dba:
. Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)
- Enchant:
. Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()).
(CVE-2014-9705) (Antony)
- Fileinfo:
. Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)
. Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files
correctly). (Anatol)
. Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with some
gifs). (Anatol)
- FPM:
. Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)
. Fixed bug #68571 (core dump when webserver close the socket).
(redfoxli069 at gmail dot com, Laruence)
- JSON:
. Fixed bug #50224 (json_encode() does not always encode a float as a float)
by adding JSON_PRESERVE_ZERO_FRACTION. (Juan Basso)
- LIBXML:
. Fixed bug #64938 (libxml_disable_entity_loader setting is shared
between threads). (Martin Jansen)
- Mysqli:
. Fixed bug #68114 (linker error on some OS X machines with fixed
width decimal support) (Keyur Govande)
. Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient
has rounding errors) (Keyur Govande)
- Opcache:
. Fixed bug with try blocks being removed when extended_info opcode
generation is turned on. (Laruence)
- PDO_mysql:
. Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of
named pipes). (steffenb198 at aol dot com)
- Phar:
. Fixed bug #68901 (use after free). (CVE-2015-2301)
(bugreports at internot dot info)
- Pgsql:
. Fixed Bug #65199 (pg_copy_from() modifies input array variable) (Yasuo)
- Session:
. Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
. Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
. Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)
- Sqlite3:
. Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
required_num_args). (Julien)
- Standard:
. Fixed bug #65272 (flock() out parameter not set correctly in windows).
(Daniel Lowrey)
. Fixed bug #69033 (Request may get env. variables from previous requests
if PHP works as FastCGI). (Anatol)
- Streams:
. Fixed bug which caused call after final close on streams filter. (Bob)
22 Jan 2015, PHP 5.6.5
- Core:
. Upgraded crypt_blowfish to version 1.3. (Leigh)
. Fixed bug #60704 (unlink() bug with some files path).
. Fixed bug #65419 (Inside trait, self::class != __CLASS__). (Julien)
. Fixed bug #68536 (pack for 64bits integer is broken on bigendian). (Remi)
. Fixed bug #55541 (errors spawn MessageBox, which blocks test automation).
(Anatol)
. Fixed bug #68297 (Application Popup provides too few information). (Anatol)
. Fixed bug #65769 (localeconv() broken in TS builds). (Anatol)
. Fixed bug #65230 (setting locale randomly broken). (Anatol)
. Fixed bug #66764 (configure doesn't define EXPANDED_DATADIR / PHP_DATADIR
correctly). (Ferenc)
. Fixed bug #68583 (Crash in timeout thread). (Anatol)
. Fixed bug #65576 (Constructor from trait conflicts with inherited
constructor). (dunglas at gmail dot com)
. Fixed bug #68676 (Explicit Double Free). (CVE-2014-9425) (Kalle)
. Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()).
(CVE-2015-0231) (Stefan Esser)
- CGI:
. Fixed bug #68618 (out of bounds read crashes php-cgi). (CVE-2014-9427)
(Stas)
- CLI server:
. Fixed bug #68745 (Invalid HTTP requests make web server segfault). (Adam)
- cURL:
. Fixed bug #67643 (curl_multi_getcontent returns '' when
CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans)
- Date:
. Implemented FR #68268 (DatePeriod: Getter for start date, end date and
interval). (Marc Bennewitz)
- EXIF:
. Fixed bug #68799: Free called on uninitialized pointer. (CVE-2015-0232)
(Stas)
- Fileinfo:
. Fixed bug #68398 (msooxml matches too many archives). (Anatol)
. Fixed bug #68665 (invalid free in libmagic). (Joshua Rogers, Anatol Belski)
. Fixed bug #68671 (incorrect expression in libmagic).
(Joshua Rogers, Anatol Belski)
. Removed readelf.c and related code from libmagic sources
(Remi, Anatol)
. Fixed bug #68735 (fileinfo out-of-bounds memory access). (CVE-2014-9652)
(Anatol)
- FPM:
. Fixed request #68526 (Implement POSIX Access Control List for UDS). (Remi)
. Fixed bug #68751 (listen.allowed_clients is broken). (Remi)
- GD:
. Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (CVE-2014-9709)
(Jan Bee, Remi)
. Fixed request #68656 (Report gd library version). (Remi)
- mbstring:
. Fixed bug #68504 (--with-libmbfl configure option not present on Windows).
(Ashesh Vashi)
- Opcache:
. Fixed bug #68644 (strlen incorrect : mbstring + func_overload=2 +UTF-8
+ Opcache). (Laruence)
. Fixed bug #67111 (Memory leak when using "continue 2" inside two foreach
loops). (Nikita)
- OpenSSL:
. Improved handling of OPENSSL_KEYTYPE_EC keys. (Dominic Luechinger)
- pcntl:
. Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler
when setting SIG_DFL). (Julien)
- PCRE:
. Fixed bug #66679 (Alignment Bug in PCRE 8.34 upstream).
(Rainer Jung, Anatol Belski)
- pgsql:
. Fixed bug #68697 (lo_export return -1 on failure). (Ondřej Surý)
- PDO:
. Fixed bug #68371 (PDO#getAttribute() cannot be called with platform-specifi
attribute names). (Matteo)
- PDO_mysql:
. Fixed bug #68424 (Add new PDO mysql connection attr to control multi
statements option). (peter dot wolanin at acquia dot com)
- SPL:
. Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME
breaks the RecursiveIterator). (Paul Garvin)
. Fixed bug #68479 (Added escape parameter to SplFileObject::fputcsv). (Salathe)
- SQLite:
. Fixed bug #68120 (Update bundled libsqlite to 3.8.7.2). (Anatol)
- Streams:
. Fixed bug #68532 (convert.base64-encode omits padding bytes).
(blaesius at krumedia dot de)
18 Dec 2014, PHP 5.6.4
- Core:
. Fixed bug #68091 (Some Zend headers lack appropriate extern "C" blocks).
(Adam)
. Fixed bug #68104 (Segfault while pre-evaluating a disabled function).
(Laruence)
. Fixed bug #68185 ("Inconsistent insteadof definition."- incorrectly
triggered). (Julien)
. Fixed bug #68355 (Inconsistency in example php.ini comments).
(Chris McCafferty)
. Fixed bug #68370 ("unset($this)" can make the program crash). (Laruence)
. Fixed bug #68422 (Incorrect argument reflection info for array_multisort()).
(Alexander Lisachenko)
. Fixed bug #68545 (NULL pointer dereference in unserialize.c). (Anatol)
. Fixed bug #68446 (Array constant not accepted for array parameter default).
(Bob, Dmitry)
. Fixed bug #68594 (Use after free vulnerability in unserialize()).
(CVE-2014-8142) (Stefan Esser)
- Date:
. Fixed day_of_week function as it could sometimes return negative values
internally. (Derick)
- FPM:
. Fixed bug #68381 (fpm_unix_init_main ignores log_level).
(David Zuelke, Remi)
. Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all
addresses). (Remi)
. Fixed bug #68421 (access.format='%R' doesn't log ipv6 address). (Remi)
. Fixed bug #68423 (PHP-FPM will no longer load all pools). (Remi)
. Fixed bug #68428 (listen.allowed_clients is IPv4 only). (Remi)
. Fixed bug #68452 (php-fpm man page is oudated). (Remi)
. Fixed request #68458 (Change pm.start_servers default warning to
notice). (David Zuelke, Remi)
. Fixed bug #68463 (listen.allowed_clients can silently result
in no allowed access). (Remi)
. Fixed request #68391 (php-fpm conf files loading order).
(Florian Margaine, Remi)
. Fixed bug #68478 (access.log don't use prefix). (Remi)
- Mcrypt:
. Fixed possible read after end of buffer and use after free. (Dmitry)
- GMP:
. Fixed bug #68419 (build error with gmp 4.1). (Remi)
- PDO_pgsql:
. Fixed bug #67462 (PDO_PGSQL::beginTransaction() wrongly throws exception
when not in transaction) (Matteo)
. Fixed bug #68351 (PDO::PARAM_BOOL and ATTR_EMULATE_PREPARES misbehaving)
(Matteo)
- Session:
. Fixed bug #68331 (Session custom storage callable functions not being called)
(Yasuo Ohgaki)
- SOAP:
. Fixed bug #68361 (Segmentation fault on SoapClient::__getTypes).
(Laruence)
- zlib:
. Fixed bug #53829 (Compiling PHP with large file support will replace
function gzopen by gzopen64) (Sascha Kettler, Matteo)
13 Nov 2014, PHP 5.6.3
- Core:
. Implemented 64-bit format codes for pack() and unpack(). (Leigh)
. Fixed bug #51800 (proc_open on Windows hangs forever). (Anatol)
. Fixed bug #67633 (A foreach on an array returned from a function not doing
copy-on-write). (Nikita)
. Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported
as 6.2 (instead of 6.3)). (Christian Wenz)
. Fixed bug #67949 (DOMNodeList elements should be accessible through
array notation) (Florian)
. Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in
php_getopt()). (Stas)
. Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined). (Nikita)
. Fixed bug #68129 (parse_url() - incomplete support for empty usernames
and passwords) (Tjerk)
. Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in
zend_hash_copy). (Dmitry)
- CURL:
. Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and
CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl (Rasmus)
- Fileinfo:
. Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB)
. Fixed bug #68224 (buffer-overflow in libmagic/readcdf.c caught by
AddressSanitizer). (Remi)
. Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers).
(CVE-2014-3710) (Remi)
- FPM:
. Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable
when using Apache, mod_proxy-fcgi and ProxyPass). (Remi)
. Implemented FR #55508 (listen and listen.allowed_clients should take IPv6
addresses). (Robin Gloster)
- GD:
. Fixed bug #65171 (imagescale() fails without height param). (Remi)
- GMP:
. Implemented gmp_random_range() and gmp_random_bits(). (Leigh)
. Fixed bug #63595 (GMP memory management conflicts with other libraries
using GMP). (Remi)
- Mysqli:
. Fixed bug #68114 (linker error on some OS X machines with fixed width
decimal support) (Keyur Govande)
- ODBC:
. Fixed bug #68087 (ODBC not correctly reading DATE column when preceded by
a VARCHAR column) (Keyur Govande)
- OpenSSL:
. Fixed bug #68074 (Allow to use system cipher list instead of hardcoded
value). (Remi)
- PDO_pgsql:
. Fixed bug #68199 (PDO::pgsqlGetNotify doesn't support NOTIFY payloads)
(Matteo, Alain Laporte)
. Fixed bug #66584 (Segmentation fault on statement deallocation) (Matteo)
- OpenSSL:
. Revert regression introduced by fix of bug #41631
- Reflection:
. Fixed bug #68103 (Duplicate entry in Reflection for class alias). (Remi)
- SPL:
. Fixed bug #68128 (Regression in RecursiveRegexIterator) (Tjerk)
16 Oct 2014, PHP 5.6.2
- Core:
. Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)).
(CVE-2014-3669) (Stas)
- cURL:
. Fixed bug #68089 (NULL byte injection - cURL lib). (Stas)
- EXIF:
. Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
(Stas)
- XMLRPC:
. Fixed bug #68027 (Global buffer overflow in mkgmtime() function).
(CVE-2014-3668) (Stas)
02 Oct 2014, PHP 5.6.1
- Core:
. Implemented FR #38409 (parse_ini_file() looses the type of booleans). (Tjerk)
. Fixed bug #65463 (SIGSEGV during zend_shutdown()). (Keyur Govande)
. Fixed bug #66036 (Crash on SIGTERM in apache process). (Keyur Govande)
. Fixed bug #67878 (program_prefix not honoured in man pages). (Remi)
. Fixed bug #67938 (Segfault when extending interface method with variadic).
(Nikita)
. Fixed bug #67985 (Incorrect last used array index copied to new array after
unset). (Tjerk)
. Fixed bug #68088 (New Posthandler Potential Illegal efree() vulnerability).
(Mike) (CVE-2014-3622)
- DOM:
. Made DOMNode::textContent writeable. (Tjerk)
- Fileinfo:
. Fixed bug #67731 (finfo::file() returns invalid mime type
for binary files). (Anatol)