-
Notifications
You must be signed in to change notification settings - Fork 7.7k
/
NEWS
3024 lines (2475 loc) · 113 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
24 Oct 2019, PHP 7.2.24
- Core:
. Fixed bug #78535 (auto_detect_line_endings value not parsed as bool).
(bugreportuser)
. Fixed bug #78620 (Out of memory error). (cmb, Nikita)
- Exif:
. Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7)
(Kalle)
- FPM:
. Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE).
(CVE-2019-11043) (Jakub Zelenka)
- MBString:
. Fixed bug #78579 (mb_decode_numericentity: args number inconsistency).
(cmb)
. Fixed bug #78609 (mb_check_encoding() no longer supports stringable
objects). (cmb)
- MySQLi:
. Fixed bug #76809 (SSL settings aren't respected when persistent connections
are used). (fabiomsouto)
- PDO_MySQL:
. Fixed bug #78623 (Regression caused by "SP call yields additional empty
result set"). (cmb)
- Session:
. Fixed bug #78624 (session_gc return value for user defined session
handlers). (bshaffer)
- Standard:
. Fixed bug #76342 (file_get_contents waits twice specified timeout).
(Thomas Calvet)
. Fixed bug #78612 (strtr leaks memory when integer keys are used and the
subject string shorter). (Nikita)
. Fixed bug #76859 (stream_get_line skips data if used with data-generating
filter). (kkopachev)
- Zip:
. Fixed bug #78641 (addGlob can modify given remove_path value). (cmb)
26 Sep 2019, PHP 7.2.23
- Core:
. Fixed bug #78220 (Can't access OneDrive folder). (cmb, ab)
. Fixed bug #78412 (Generator incorrectly reports non-releasable $this as GC
child). (Nikita)
- FastCGI:
. Fixed bug #78469 (FastCGI on_accept hook is not called when using named
pipes on Windows). (Sergei Turchanov)
- MySQLnd:
. Fixed connect_attr issues and added the _server_host connection attribute.
(Qianqian Bu)
- ODBC:
. Fixed bug #78473 (odbc_close() closes arbitrary resources). (cmb)
- PDO_MySQL:
. Fixed bug #41997 (SP call yields additional empty result set). (cmb)
- sodium:
. Fixed bug #78510 (Partially uninitialized buffer returned by
sodium_crypto_generichash_init()). (Frank Denis, cmb)
- SPL:
. Fixed bug #72884 (SplObject isCloneable() returns true but errs on clone).
(Chu Zhaowei)
29 Aug 2019, PHP 7.2.22
- Core:
. Fixed bug #78363 (Buffer overflow in zendparse). (Nikita)
. Fixed bug #78379 (Cast to object confuses GC, causes crash). (Dmitry)
- Curl:
. Fixed bug #77946 (Bad cURL resources returned by curl_multi_info_read()).
(Abyr Valg)
- Exif:
. Fixed bug #78333 (Exif crash (bus error) due to wrong alignment and
invalid cast). (Nikita)
- Iconv:
. Fixed bug #78342 (Bus error in configure test for iconv //IGNORE). (Rainer
Jung)
- LiteSpeed:
. Updated to LiteSpeed SAPI V7.5 (Fixed clean shutdown). (George Wang)
- MySQLnd:
. Fixed bug #78179 (MariaDB server version incorrectly detected). (cmb)
- Opcache:
. Fixed bug #77191 (Assertion failure in dce_live_ranges() when silencing is
used). (Nikita)
- Standard:
. Fixed bug #69100 (Bus error from stream_copy_to_stream (file -> SSL stream)
with invalid length). (Nikita)
. Fixed bug #78282 (atime and mtime mismatch). (cmb)
. Fixed bug #78326 (improper memory deallocation on stream_get_contents()
with fixed length buffer). (Albert Casademont)
01 Aug 2019, PHP 7.2.21
- Date:
. Fixed bug #69044 (discrepency between time and microtime). (krakjoe)
- EXIF:
. Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment).
(CVE-2019-11042) (Stas)
. Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail).
(CVE-2019-11041) (Stas)
- Fileinfo:
. Fixed bug #78183 (finfo_file shows wrong mime-type for .tga file).
(Joshua Westerheide)
- FTP:
. Fixed bug #77124 (FTP with SSL memory leak). (Nikita)
- Libxml:
. Fixed bug #78279 (libxml_disable_entity_loader settings is shared between
requests (cgi-fcgi)). (Nikita)
- LiteSpeed:
. Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from
100 to 1000, added crash handler to cleanly shutdown PHP request, added
CloudLinux mod_lsapi mode). (George Wang)
. Fixed bug #76058 (After "POST data can't be buffered", using php://input
makes huge tmp files). (George Wang)
- Openssl:
. Fixed bug #78231 (Segmentation fault upon stream_socket_accept of exported
socket-to-stream). (Nikita)
- OPcache:
. Fixed bug #78189 (file cache strips last character of uname hash). (cmb)
. Fixed bug #78202 (Opcache stats for cache hits are capped at 32bit NUM).
(cmb)
. Fixed bug #78291 (opcache_get_configuration doesn't list all directives).
(Andrew Collington)
- Phar:
. Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN). (cmb)
- Phpdbg:
. Fixed bug #78297 (Include unexistent file memory leak). (Nikita)
- PDO_Sqlite:
. Fixed bug #78192 (SegFault when reuse statement after schema has changed).
(Vincent Quatrevieux)
- SQLite:
. Upgraded to SQLite 3.28.0. (cmb)
- Standard:
. Fixed bug #78241 (touch() does not handle dates after 2038 in PHP 64-bit).
(cmb)
. Fixed bug #78269 (password_hash uses weak options for argon2). (Remi)
- XMLRPC:
. Fixed bug #78173 (XML-RPC mutates immutable objects during encoding).
(Asher Baker)
04 Jul 2019, PHP 7.2.20
- Core:
. Fixed bug #76980 (Interface gets skipped if autoloader throws an exception).
(Nikita)
- DOM:
. Fixed bug #78025 (segfault when accessing properties of DOMDocumentType).
(cmb)
- MySQLi:
. Fixed bug #77956 (When mysqli.allow_local_infile = Off, use a meaningful
error message). (Sjon Hortensius)
. Fixed bug #38546 (bindParam incorrect processing of bool types).
(camporter)
- Opcache:
. Fixed bug #78106 (Path resolution fails if opcache disabled during request).
(Nikita)
. Fixed bug #78185 (File cache no longer works). (Dmitry)
- OpenSSL:
. Fixed bug #78079 (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c).
(Jakub Zelenka)
- Sockets:
. Fixed bug #78038 (Socket_select fails when resource array contains
references). (Nikita)
- Standard:
. Fixed bug #77135 (Extract with EXTR_SKIP should skip $this).
(Craig Duncan, Dmitry)
. Fixed bug ##77937 (preg_match failed). (cmb, Anatol)
- Zip:
. Fixed bug #76345 (zip.h not found). (Michael Maroszek)
30 May 2019, PHP 7.2.19
- Date:
. Fixed bug #77909 (DatePeriod::__construct() with invalid recurrence count
value). (Ignace Nyamagana Butera)
- EXIF:
. Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16).
(CVE-2019-11040) (Stas)
- FPM:
. Fixed bug #77934 (php-fpm kill -USR2 not working). (Jakub Zelenka)
. Fixed bug #77921 (static.php.net doesn't work anymore). (Peter Kokot)
- GD:
. Fixed bug #77943 (imageantialias($image, false); does not work). (cmb)
. Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm).
(CVE-2019-11038) (cmb)
- Iconv:
. Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode()
due to integer overflow). (CVE-2019-11039). (maris dot adam)
- JSON:
. Fixed bug #77843 (Use after free with json serializer). (Nikita)
- Opcache:
. Fixed possible crashes, because of inconsistent PCRE cache and opcache
SHM reset. (Alexey Kalinin, Dmitry)
- PDO_MySQL:
. Fixed bug #77944 (Wrong meta pdo_type for bigint on LLP64). (cmb)
- Reflection:
. Fixed bug #75186 (Inconsistent reflection of Closure:::__invoke()). (Nikita)
- Session:
. Fixed bug #77911 (Wrong warning for session.sid_bits_per_character). (cmb)
- SPL:
. Fixed bug #77024 (SplFileObject::__toString() may return array). (Craig
Duncan)
- SQLite:
. Fixed bug #77967 (Bypassing open_basedir restrictions via file uris). (Stas)
02 May 2019, PHP 7.2.18
- CLI:
. Fixed bug #77794 (Incorrect Date header format in built-in server).
(kelunik)
- EXIF
. Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG).
(CVE-2019-11036) (Stas)
- Interbase:
. Fixed bug #72175 (Impossibility of creating multiple connections to
Interbase with php 7.x). (Nikita)
- Intl:
. Fixed bug #77895 (IntlDateFormatter::create fails in strict mode if $locale
= null). (Nikita)
- litespeed:
. LiteSpeed SAPI 7.3.1, better process management, new API function
litespeed_finish_request(). (George Wang)
- Mail
. Fixed bug #77821 (Potential heap corruption in TSendMail()). (cmb)
- PCRE:
. Fixed bug #77827 (preg_match does not ignore \r in regex flags). (requinix,
cmb)
- PDO:
. Fixed bug #77849 (Disable cloning of PDO handle/connection objects).
(camporter)
- phpdbg:
. Fixed bug #76801 (too many open files). (alekitto)
. Fixed bug #77800 (phpdbg segfaults on listing some conditional breakpoints).
(krakjoe)
. Fixed bug #77805 (phpdbg build fails when readline is shared). (krakjoe)
- Reflection:
. Fixed bug #77772 (ReflectionClass::getMethods(null) doesn't work). (Nikita)
. Fixed bug #77882 (Different behavior: always calls destructor). (Nikita)
- SOAP:
. Fixed bug #77945 (Segmentation fault when constructing SoapClient with
WSDL_CACHE_BOTH). (Nikita)
- Standard:
. Fixed bug #77680 (recursive mkdir on ftp stream wrapper is incorrect).
(Vlad Temian)
. Fixed bug #77844 (Crash due to null pointer in parse_ini_string with
INI_SCANNER_TYPED). (Nikita)
. Fixed bug #77853 (Inconsistent substr_compare behaviour with empty
haystack). (Nikita)
04 Apr 2019, PHP 7.2.17
- Core:
. Fixed bug #77738 (Nullptr deref in zend_compile_expr). (Laruence)
. Fixed bug #77660 (Segmentation fault on break 2147483648). (Laruence)
. Fixed bug #77652 (Anonymous classes can lose their interface information).
(Nikita)
. Fixed bug #77676 (Unable to run tests when building shared extension on
AIX). (Kevin Adler)
- Bcmath:
. Fixed bug #77742 (bcpow() implementation related to gcc compiler
optimization). (Nikita)
- COM:
. Fixed bug #77578 (Crash when php unload). (cmb)
- Date:
. Fixed bug #50020 (DateInterval:createDateFromString() silently fails).
(Derick)
. Fixed bug #75113 (Added DatePeriod::getRecurrences() method). (Ignace
Nyamagana Butera)
- EXIF:
. Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)
(Stas)
. Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).
(CVE-2019-11035) (Stas)
- FPM:
. Fixed bug #77677 (FPM fails to build on AIX due to missing WCOREDUMP).
(Kevin Adler)
- GD:
. Fixed bug #77700 (Writing truecolor images as GIF ignores interlace flag).
(cmb)
- MySQLi:
. Fixed bug #77597 (mysqli_fetch_field hangs scripts). (Nikita)
- Opcache:
. Fixed bug #77691 (Opcache passes wrong value for inline array push
assignments). (Nikita)
. Fixed bug #77743 (Incorrect pi node insertion for jmpznz with identical
successors). (Nikita)
- phpdbg:
. Fixed bug #77767 (phpdbg break cmd aliases listed in help do not match
actual aliases). (Miriam Lauter)
- sodium:
. Fixed bug #77646 (sign_detached() strings not terminated). (Frank)
- SQLite3:
. Added sqlite3.defensive INI directive. (BohwaZ)
- Standard:
. Fixed bug #77664 (Segmentation fault when using undefined constant in
custom wrapper). (Laruence)
. Fixed bug #77669 (Crash in extract() when overwriting extracted array).
(Nikita)
. Fixed bug #76717 (var_export() does not create a parsable value for
PHP_INT_MIN). (Nikita)
. Fixed bug #77765 (FTP stream wrapper should set the directory as
executable). (Vlad Temian)
07 Mar 2019, PHP 7.2.16
- Core:
. Fixed bug #77589 (Core dump using parse_ini_string with numeric sections).
(Laruence)
. Fixed bug #77630 (rename() across the device may allow unwanted access
during processing). (Stas)
- COM:
. Fixed bug #77621 (Already defined constants are not properly reported).
(cmb)
- EXIF:
. Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF). (Stas)
. Fixed bug #77540 (Invalid Read on exif_process_SOFn). (Stas)
. Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (Stas)
. Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (Stas)
- PDO_OCI:
. Support Oracle Database tracing attributes ACTION, MODULE,
CLIENT_INFO, and CLIENT_IDENTIFIER. (Cameron Porter)
- PHAR:
. Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename).
(bishop)
- SPL:
. Fixed bug #51068 (DirectoryIterator glob:// don't support current path
relative queries). (Ahmed Abdou)
. Fixed bug #77431 (openFile() silently truncates after a null byte). (cmb)
- Standard:
. Fixed bug #77552 (Unintialized php_stream_statbuf in stat functions).
(John Stevenson)
- MySQL
. Disabled LOCAL INFILE by default, can be enabled using php.ini directive
mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE
attribute for pdo_mysql. (Darek Slusarczyk)
07 Feb 2019, PHP 7.2.15
- Core:
. Fixed bug #77339 (__callStatic may get incorrect arguments). (Dmitry)
. Fixed bug #77494 (Disabling class causes segfault on member access).
(Dmitry)
. Fixed bug #77530 (PHP crashes when parsing `(2)::class`). (Ekin)
- Curl:
. Fixed bug #76675 (Segfault with H2 server push). (Pedro Magalhães)
- GD:
. Fixed bug #73281 (imagescale(…, IMG_BILINEAR_FIXED) can cause black border).
(cmb)
. Fixed bug #73614 (gdImageFilledArc() doesn't properly draw pies). (cmb)
. Fixed bug #77272 (imagescale() may return image resource on failure). (cmb)
. Fixed bug #77391 (1bpp BMPs may fail to be loaded). (Romain Déoux, cmb)
. Fixed bug #77479 (imagewbmp() segfaults with very large images). (cmb)
- ldap:
. Fixed bug #77440 (ldap_bind using ldaps or ldap_start_tls()=exception in
libcrypto-1_1-x64.dll). (Anatol)
- Mbstring:
. Fixed bug #77454 (mb_scrub() silently truncates after a null byte).
(64796c6e69 at gmail dot com)
- MySQLnd:
. Fixed bug #75684 (In mysqlnd_ext_plugin.h the plugin methods family has
no external visibility). (Anatol)
- Opcache:
. Fixed bug #77361 (configure fails on 64-bit AIX when opcache enabled).
(Kevin Adler)
- OpenSSL:
. Fixed bug #77390 (feof might hang on TLS streams in case of fragmented TLS
records). (Abyl Valg, Jakub Zelenka)
- PDO:
. Fixed bug #77273 (array_walk_recursive corrupts value types leading to PDO
failure). (Nikita)
- phpdbg:
. Fixed bug #76596 (phpdbg support for display_errors=stderr). (kabel)
- Sockets:
. Fixed bug #76839 (socket_recvfrom may return an invalid 'from' address
on MacOS). (Michael Meyer)
- Standard:
. Fixed bug #77395 (segfault about array_multisort). (Laruence)
. Fixed bug #77439 (parse_str segfaults when inserting item into existing
array). (Nikita)
10 Jan 2019, PHP 7.2.14
- Core:
. Fixed bug #77369 (memcpy with negative length via crafted DNS response). (Stas)
. Fixed bug #71041 (zend_signal_startup() needs ZEND_API).
(Valentin V. Bartenev)
. Fixed bug #76046 (PHP generates "FE_FREE" opcode on the wrong line).
(Nikita)
- COM:
. Fixed bug #77177 (Serializing or unserializing COM objects crashes). (cmb)
- Date:
. Fixed bug #77097 (DateTime::diff gives wrong diff when the actual diff is
less than 1 second). (Derick)
- Exif:
. Fixed bug #77184 (Unsigned rational numbers are written out as signed
rationals). (Colin Basnett)
- GD:
. Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to
use-after-free). (cmb)
. Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap). (cmb)
. Fixed bug #77195 (Incorrect error handling of imagecreatefromjpeg()). (cmb)
. Fixed bug #77198 (auto cropping has insufficient precision). (cmb)
. Fixed bug #77200 (imagecropauto(…, GD_CROP_SIDES) crops left but not right).
(cmb)
- IMAP:
. Fixed bug #77020 (null pointer dereference in imap_mail). (cmb)
- Mbstring:
. Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token). (Stas)
. Fixed bug #77371 (heap buffer overflow in mb regex functions
- compile_string_node). (Stas)
. Fixed bug #77381 (heap buffer overflow in multibyte match_at). (Stas)
. Fixed bug #77382 (heap buffer overflow due to incorrect length in
expand_case_fold_string). (Stas)
. Fixed bug #77385 (buffer overflow in fetch_token). (Stas)
. Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode). (Stas)
. Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code). (Stas)
- OCI8:
. Fixed bug #76804 (oci_pconnect with OCI_CRED_EXT not working). (KoenigsKind)
. Added oci_set_call_timeout() for call timeouts.
. Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute.
- Opcache:
. Fixed bug #77215 (CFG assertion failure on multiple finalizing switch
frees in one block). (Nikita)
- PDO:
. Handle invalid index passed to PDOStatement::fetchColumn() as error. (Sergei
Morozov)
- Phar:
. Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext). (Stas)
- Sockets:
. Fixed bug #77136 (Unsupported IPV6_RECVPKTINFO constants on macOS).
(Mizunashi Mana)
- SQLite3:
. Fixed bug #77051 (Issue with re-binding on SQLite3). (BohwaZ)
- Xmlrpc:
. Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()). (cmb)
. Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code). (Stas)
06 Dec 2018, PHP 7.2.13
- ftp:
. Fixed bug #77151 (ftp_close(): SSL_read on shutdown). (Remi)
- CLI:
. Fixed bug #77111 (php-win.exe corrupts unicode symbols from cli
parameters). (Anatol)
- Fileinfo:
. Fixed bug #77095 (slowness regression in 7.2/7.3 (compared to 7.1)).
(Anatol)
- iconv:
. Fixed bug #77147 (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR).
(cmb)
- IMAP:
. Fixed bug #77153 (imap_open allows to run arbitrary shell commands via
mailbox parameter). (Stas)
- ODBC:
. Fixed bug #77079 (odbc_fetch_object has incorrect type signature).
(Jon Allen)
- Opcache:
. Fixed bug #77058 (Type inference in opcache causes side effects). (Nikita)
. Fixed bug #77092 (array_diff_key() - segmentation fault). (Nikita)
- PGSQL:
. Fixed bug #77047 (pg_convert has a broken regex for the 'TIME WITHOUT
TIMEZONE' data type). (Andy Gajetzki)
- SOAP:
. Fixed bug #50675 (SoapClient can't handle object references correctly).
(Cameron Porter)
. Fixed bug #76348 (WSDL_CACHE_MEMORY causes Segmentation fault). (cmb)
. Fixed bug #77141 (Signedness issue in SOAP when precision=-1). (cmb)
- Sockets:
. Fixed bug #67619 (Validate length on socket_write). (thiagooak)
08 Nov 2018, PHP 7.2.12
- Core:
. Fixed bug #76846 (Segfault in shutdown function after memory limit error).
(Nikita)
. Fixed bug #76946 (Cyclic reference in generator not detected). (Nikita)
. Fixed bug #77035 (The phpize and ./configure create redundant .deps file).
(Peter Kokot)
. Fixed bug #77041 (buildconf should output error messages to stderr)
(Mizunashi Mana)
- Date:
. Upgraded timelib to 2017.08. (Derick)
. Fixed bug #75851 (Year component overflow with date formats "c", "o", "r"
and "y"). (Adam Saponara)
. Fixed bug #77007 (fractions in `diff()` are not correctly normalized).
(Derick)
- FCGI:
. Fixed #76948 (Failed shutdown/reboot or end session in Windows). (Anatol)
. Fixed bug #76954 (apache_response_headers removes last character from header
name). (stodorovic)
- FTP:
. Fixed bug #76972 (Data truncation due to forceful ssl socket shutdown).
(Manuel Mausz)
- intl:
. Fixed bug #76942 (U_ARGUMENT_TYPE_MISMATCH). (anthrax at unixuser dot org)
- Reflection:
. Fixed bug #76936 (Objects cannot access their private attributes while
handling reflection errors). (Nikita)
. Fixed bug #66430 (ReflectionFunction::invoke does not invoke closure with
object scope). (Nikita)
- Sodium:
. Some base64 outputs were truncated; this is not the case any more.
(jedisct1)
. block sizes >= 256 bytes are now supposed by sodium_pad() even
when an old version of libsodium has been installed. (jedisct1)
. Fixed bug #77008 (sodium_pad() could read (but not return nor write)
uninitialized memory when trying to pad an empty input). (jedisct1)
- Standard:
. Fixed bug #76965 (INI_SCANNER_RAW doesn't strip trailing whitespace).
(Pierrick)
- Tidy:
. Fixed bug #77027 (tidy::getOptDoc() not available on Windows). (cmb)
- XML:
. Fixed bug #30875 (xml_parse_into_struct() does not resolve entities). (cmb)
. Add support for getting SKIP_TAGSTART and SKIP_WHITE options. (cmb)
- XMLRPC:
. Fixed bug #75282 (xmlrpc_encode_request() crashes). (cmb)
11 Oct 2018, PHP 7.2.11
- Core:
. Fixed bug #76800 (foreach inconsistent if array modified during loop).
(Dmitry)
. Fixed bug #76901 (method_exists on SPL iterator passthrough method corrupts
memory). (Nikita)
- CURL:
. Fixed bug #76480 (Use curl_multi_wait() so that timeouts are respected).
(Pierrick)
- iconv:
. Fixed bug #66828 (iconv_mime_encode Q-encoding longer than it should be).
(cmb)
- Opcache:
. Fixed bug #76832 (ZendOPcache.MemoryBase periodically deleted by the OS).
(Anatol)
. Fixed bug #76796 (Compile-time evaluation of disabled function in opcache
causes segfault). (Nikita)
- POSIX:
. Fixed bug #75696 (posix_getgrnam fails to print details of group). (cmb)
- Reflection:
. Fixed bug #74454 (Wrong exception being thrown when using ReflectionMethod).
(cmb)
- Standard:
. Fixed bug #73457 (Wrong error message when fopen FTP wrapped fails to open
data connection). (Ville Hukkamäki)
. Fixed bug #74764 (Bindto IPv6 works with file_get_contents but fails with
stream_socket_client). (Ville Hukkamäki)
. Fixed bug #75533 (array_reduce is slow when $carry is large array).
(Manabu Matsui)
- XMLRPC:
. Fixed bug #76886 (Can't build xmlrpc with expat). (Thomas Petazzoni, cmb)
- Zlib:
. Fixed bug #75273 (php_zlib_inflate_filter() may not update bytes_consumed).
(Martin Burke, cmb)
13 Sep 2018, PHP 7.2.10
- Core:
. Fixed bug #76754 (parent private constant in extends class memory leak).
(Laruence)
. Fixed bug #72443 (Generate enabled extension). (petk)
. Fixed bug #75797 (Memory leak when using class_alias() in non-debug mode).
(Massimiliano Braglia)
- Apache2:
. Fixed bug #76582 (Apache bucket brigade sometimes becomes invalid). (stas)
- Bz2:
. Fixed arginfo for bzcompress. (Tyson Andre)
- gettext:
. Fixed bug #76517 (incorrect restoring of LDFLAGS). (sji)
- iconv:
. Fixed bug #68180 (iconv_mime_decode can return extra characters in a
header). (cmb)
. Fixed bug #63839 (iconv_mime_decode_headers function is skipping headers).
(cmb)
. Fixed bug #60494 (iconv_mime_decode does ignore special characters). (cmb)
. Fixed bug #55146 (iconv_mime_decode_headers() skips some headers). (cmb)
- intl:
. Fixed bug #74484 (MessageFormatter::formatMessage memory corruption with
11+ named placeholders). (Anatol)
- libxml:
. Fixed bug #76777 ("public id" parameter of libxml_set_external_entity_loader
callback undefined). (Ville Hukkamäki)
- mbstring:
. Fixed bug #76704 (mb_detect_order return value varies based on argument
type). (cmb)
- Opcache:
. Fixed bug #76747 (Opcache treats path containing "test.pharma.tld" as a phar
file). (Laruence)
- OpenSSL:
. Fixed bug #76705 (unusable ssl => peer_fingerprint in
stream_context_create()). (Jakub Zelenka)
- phpdbg:
. Fixed bug #76595 (phpdbg man page contains outdated information).
(Kevin Abel)
- SPL:
. Fixed bug #68825 (Exception in DirectoryIterator::getLinkTarget()). (cmb)
. Fixed bug #68175 (RegexIterator pregFlags are NULL instead of 0). (Tim
Siebels)
- Standard:
. Fixed bug #76778 (array_reduce leaks memory if callback throws exception).
(cmb)
- zlib:
. Fixed bug #65988 (Zlib version check fails when an include/zlib/ style dir
is passed to the --with-zlib configure option). (Jay Bonci)
. Fixed bug #76709 (Minimal required zlib library is 1.2.0.4). (petk)
16 Aug 2018, PHP 7.2.9
- Calendar:
. Fixed bug #52974 (jewish.c: compile error under Windows with GBK charset).
(cmb)
- Filter:
. Fixed bug #76366 (References in sub-array for filtering breaks the filter).
(ZiHang Gao)
- PDO_Firebird:
. Fixed bug #76488 (Memory leak when fetching a BLOB field). (Simonov Denis)
- PDO_PgSQL:
. Fixed bug #75402 (Possible Memory Leak using PDO::CURSOR_SCROLL option).
(Anatol)
- SQLite3:
. Fixed #76665 (SQLite3Stmt::bindValue() with SQLITE3_FLOAT doesn't juggle).
(cmb)
- Standard:
. Fixed bug #73817 (Incorrect entries in get_html_translation_table). (cmb)
. Fixed bug #68553 (array_column: null values in $index_key become incrementing
keys in result). (Laruence)
. Fixed bug #76643 (Segmentation fault when using `output_add_rewrite_var`).
(cmb)
- Zip:
. Fixed bug #76524 (ZipArchive memory leak (OVERWRITE flag and empty archive)).
(Timur Ibragimov)
19 Jul 2018, PHP 7.2.8
- Core:
. Fixed bug #76534 (PHP hangs on 'illegal string offset on string references
with an error handler). (Laruence)
. Fixed bug #76520 (Object creation leaks memory when executed over HTTP).
(Nikita)
. Fixed bug #76502 (Chain of mixed exceptions and errors does not serialize
properly). (Nikita)
- Date:
. Fixed bug #76462 (Undefined property: DateInterval::$f). (Anatol)
- EXIF:
. Fixed bug #76409 (heap use after free in _php_stream_free). (cmb)
. Fixed bug #76423 (Int Overflow lead to Heap OverFlow in
exif_thumbnail_extract of exif.c). (Stas)
. Fixed bug #76557 (heap-buffer-overflow (READ of size 48) while reading exif
data). (Stas)
- FPM:
. Fixed bug #73342 (Vulnerability in php-fpm by changing stdin to
non-blocking). (Nikita)
- GMP:
. Fixed bug #74670 (Integer Underflow when unserializing GMP and possible
other classes). (Nikita)
- intl:
. Fixed bug #76556 (get_debug_info handler for BreakIterator shows wrong
type). (cmb)
- mbstring:
. Fixed bug #76532 (Integer overflow and excessive memory usage
in mb_strimwidth). (MarcusSchwarz)
- Opcache:
. Fixed bug #76477 (Opcache causes empty return value).
(Nikita, Laruence)
- PGSQL:
. Fixed bug #76548 (pg_fetch_result did not fetch the next row). (Anatol)
- phpdbg:
. Fix arginfo wrt. optional/required parameters. (cmb)
- Reflection:
. Fixed bug #76536 (PHP crashes with core dump when throwing exception in
error handler). (Laruence)
. Fixed bug #75231 (ReflectionProperty#getValue() incorrectly works with
inherited classes). (Nikita)
- Standard:
. Fixed bug #76505 (array_merge_recursive() is duplicating sub-array keys).
(Laruence)
. Fixed bug #71848 (getimagesize with $imageinfo returns false). (cmb)
- Win32:
. Fixed bug #76459 (windows linkinfo lacks openbasedir check). (Anatol)
- ZIP:
. Fixed bug #76461 (OPSYS_Z_CPM defined instead of OPSYS_CPM).
(Dennis Birkholz, Remi)
07 Jun 2018, PHP 7.2.7
- Core:
. Fixed bug #76337 (segfault when opcache enabled + extension use
zend_register_class_alias). (xKhorasan)
- CLI Server:
. Fixed bug #76333 (PHP built-in server does not find files if root path
contains special characters). (Anatol)
- OpenSSL:
. Fixed bug #76296 (openssl_pkey_get_public does not respect open_basedir).
(Erik Lax, Jakub Zelenka)
. Fixed bug #76174 (openssl extension fails to build with LibreSSL 2.7).
(Jakub Zelenka)
- SPL:
. Fixed bug #76367 (NoRewindIterator segfault 11). (Laruence)
- Standard:
. Fixed bug #76410 (SIGV in zend_mm_alloc_small). (Laruence)
. Fixed bug #76335 ("link(): Bad file descriptor" with non-ASCII path).
(Anatol)
24 May 2018, PHP 7.2.6
- EXIF:
. Fixed bug #76164 (exif_read_data zend_mm_heap corrupted). (cmb)
- FPM:
. Fixed bug #76075 --with-fpm-acl wrongly tries to find libacl on FreeBSD.
(mgorny)
- intl:
. Fixed bug #74385 (Locale::parseLocale() broken with some arguments).
(Anatol)
- Opcache:
. Fixed bug #76205 (PHP-FPM sporadic crash when running Infinitewp). (Dmitry)
. Fixed bug #76275 (Assertion failure in file cache when unserializing empty
try_catch_array). (Nikita)
. Fixed bug #76281 (Opcache causes incorrect "undefined variable" errors).
(Nikita)
- Reflection:
. Fixed arginfo of array_replace(_recursive) and array_merge(_recursive).
(carusogabriel)
- Session:
. Fixed bug #74892 (Url Rewriting (trans_sid) not working on urls that start
with "#"). (Andrew Nester)
26 Apr 2018, PHP 7.2.5
- Core:
. Fixed bug #75722 (Convert valgrind detection to configure option).
(Michael Heimpold)
- Date:
. Fixed bug #76131 (mismatch arginfo for date_create). (carusogabriel)
- Exif:
. Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value).
(Stas)
- FPM:
. Fixed bug #68440 (ERROR: failed to reload: execvp() failed: Argument list
too long). (Jacob Hipps)
. Fixed incorrect write to getenv result in FPM reload. (Jakub Zelenka)
- GD:
. Fixed bug #52070 (imagedashedline() - dashed line sometimes is not visible).
(cmb)
- iconv:
. Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on
invalid sequence). (Stas)
- intl:
. Fixed bug #76153 (Intl compilation fails with icu4c 61.1). (Anatol)
- ldap:
. Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (Stas)
- mbstring:
. Fixed bug #75944 (Wrong cp1251 detection). (dmk001)
. Fixed bug #76113 (mbstring does not build with Oniguruma 6.8.1).
(chrullrich, cmb)
- ODBC:
. Fixed bug #76088 (ODBC functions are not available by default on Windows).
(cmb)
- Opcache:
. Fixed bug #76094 (Access violation when using opcache). (Laruence)
- Phar:
. Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (Stas)
- phpdbg:
. Fixed bug #76143 (Memory corruption: arbitrary NUL overwrite). (Laruence)
- SPL:
. Fixed bug #76131 (mismatch arginfo for splarray constructor).
(carusogabriel)
- standard:
. Fixed bug #74139 (mail.add_x_header default inconsistent with docs). (cmb)
. Fixed bug #75996 (incorrect url in header for mt_rand). (tatarbj)
29 Mar 2018, PHP 7.2.4
- Core:
. Fixed bug #76025 (Segfault while throwing exception in error_handler).
(Dmitry, Laruence)
. Fixed bug #76044 ('date: illegal option -- -' in ./configure on FreeBSD).
(Anatol)
- FPM:
. Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache
access controls). (Jakub Zelenka)
- FTP:
. Fixed ftp_pasv arginfo. (carusogabriel)
-GD:
. Fixed bug #73957 (signed integer conversion in imagescale()). (cmb)
. Fixed bug #76041 (null pointer access crashed php). (cmb)
. Fixed imagesetinterpolation arginfo. (Gabriel Caruso)
- iconv:
. Fixed bug #75867 (Freeing uninitialized pointer). (Philip Prindeville)
- Mbstring:
. Fixed bug #62545 (wrong unicode mapping in some charsets). (cmb)
- Opcache:
. Fixed bug #75969 (Assertion failure in live range DCE due to block pass
misoptimization). (Nikita)
- OpenSSL:
. Fixed openssl_* arginfos. (carusogabriel)
- PCNTL:
. Fixed bug #75873 (pcntl_wexitstatus returns incorrect on Big_Endian platform
(s390x)). (Sam Ding)
- Phar:
. Fixed bug #76085 (Segmentation fault in buildFromIterator when directory
name contains a \n). (Laruence)
- Standard:
. Fixed bug #75961 (Strange references behavior). (Laruence)
. Fixed some arginfos. (carusogabriel)