10 Jan 2019

• GD:
  • Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to use-after-free). (CVE-2016-10166)
  • Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap). (CVE-2019-6977)
• Mbstring:
  • Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token). (CVE-2019-9023)
  • Fixed bug #77371 (heap buffer overflow in mb regex functions - compile_string_node). (CVE-2019-9023)
  • Fixed bug #77381 (heap buffer overflow in multibyte match_at). (CVE-2019-9023)
  • Fixed bug #77382 (heap buffer overflow due to incorrect length in expand_case_fold_string). (CVE-2019-9023)
  • Fixed bug #77385 (buffer overflow in fetch_token). (CVE-2019-9023)
  • Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode). (CVE-2019-9023)
  • Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code). (CVE-2019-9023)
• Phar:
  • Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext). (CVE-2019-9021)
• Xmlrpc:
  • Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()). (CVE-2019-9020)
  • Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code). (CVE-2019-9024)

06 Dec 2018

• Core:
  • Fixed bug #77231 (Segfault when using convert.quoted-printable-encode filter).
• IMAP:
  • Fixed bug #77020 (null pointer dereference in imap_mail).
  • Fixed bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter). (CVE-2018-19518)
• Phar:
  • Fixed bug #77022 (PharData always creates new files with mode 0666).
  • Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (CVE-2018-20783)

13 Sep 2018

• Apache2:
  • Fixed bug #76582 (XSS due to the header Transfer-Encoding: chunked). (CVE-2018-17082)

19 Jul 2018

• Exif:
  • Fixed bug #76423 (Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c). (CVE-2018-14883)
  • Fixed bug #76557 (heap-buffer-overflow (READ of size 48) while reading exif data). (CVE-2018-14851)
• Win32:
  • Fixed bug #76459 (windows linkinfo lacks openbasedir check). (CVE-2018-15132)

26 Apr 2018

• Exif:
  • Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549)
• iconv:
  • Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546)
• LDAP:
  • Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548)
• Phar:
  • Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)

29 Mar 2018

• FPM:
  • Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache access controls). (CVE-2018-10545)

01 Mar 2018

• Standard:
  • Fixed bug #75981 (stack-buffer-overflow while parsing HTTP response). (CVE-2018-7584)

04 Jan 2018

• GD:
  • Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)
• Phar:
  • Fixed bug #74782 (Reflected XSS in .phar 404 page). (CVE-2018-5712)

26 Oct 2017

• Date:
  • Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (CVE-2017-16642)
• mcrypt:
  • Fixed bug #72535 (arcfour encryption stream filter crashes php).
• PCRE:
  • Fixed bug #75207 (applied upstream patch for CVE-2016-1283).

06 Jul 2017

• Core:
  • Fixed bug #73807 (Performance problem with processing large post request). (CVE-2017-11142)
  • Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from unserialize). (CVE-2017-12933)
  • Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability). (CVE-2017-11628)
  • Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via php_parse_date()). (CVE-2017-11145)
• GD:
  • Fixed bug #74435 (Buffer over-read into uninitialized memory). (CVE-2017-7890)
• mbstring:
  • Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)
• OpenSSL:
  • Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (CVE-2017-11144)
• PCRE:
  • Fixed bug #74087 (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).
• WDDX:
  • Fixed bug #74145 (wddx parsing empty boolean tag leads to SIGSEGV). (CVE-2017-11143)

19 Jan 2017

• EXIF:
  • Fixed bug #73737 (FPE when parsing a tag format). (CVE-2016-10158)
• GD:
  • Fixed bug #73549 (Use after free when stream is passed to imagepng).
  • Fixed bug #73868 (DOS vulnerability in gdImageCreateFromGd2Ctx()). (CVE-2016-10167)
  • Fixed bug #73869 (Signed Integer Overflow gd_io.c). (CVE-2016-10168)
• Intl:
  • Fixed bug #68447 (grapheme_extract take an extra trailing character).
• Phar:
  • Fixed bug #73764 (Crash while loading hostile phar archive). (CVE-2016-10159)
  • Fixed bug #73768 (Memory corruption when loading hostile phar). (CVE-2016-10160)
  • Fixed bug #73773 (Seg fault when loading hostile phar). (CVE-2017-11147)
• SQLite3:
  • Reverted fix for bug #73530 (Unsetting result set may reset other result set).
• Standard:
  • Fixed bug #70213 (Unserialize context shared on double class lookup).
  • Fixed bug #73825 (Heap out of bounds read on unserialize in finish_nested_data()). (CVE-2016-10161)

08 Dec 2016

• Mysqlnd:
  • Fixed bug #64526 (Add missing mysqlnd.* parameters to php.ini-*).
• Opcache:
  • Fixed bug #73402 (Opcache segfault when using class constant to call a method).
  • Fixed bug #69090 (check cached files permissions)
• OpenSSL:
  • Fixed bug #72776 (Invalid parameter in memcpy function trough openssl_pbkdf2).
• Postgres:
  • Fixed bug #73498 (Incorrect SQL generated for pg_copy_to()).
• SOAP:
  • Fixed bug #73452 (Segfault (Regression for #69152)).
• SQLite3:
  • Fixed bug #73530 (Unsetting result set may reset other result set).
• Standard:
  • Fixed bug #73297 (HTTP stream wrapper should ignore HTTP 100 Continue).
• WDDX:
  • Fixed bug #73631 (Invalid read when wddx decodes empty boolean element). (CVE-2016-9935)

10 Nov 2016

• Core:
  • Fixed bug #73337 (try/catch not working with two exceptions inside a same operation).
• Bz2:
  • Fixed bug #73356 (crash in bzcompress function).
• GD:
  • Fixed bug #73213 (Integer overflow in imageline() with antialiasing).
  • Fixed bug #73272 (imagescale() is not affected by, but affects imagesetinterpolation()).
  • Fixed bug #73279 (Integer overflow in gdImageScaleBilinearPalette()).
  • Fixed bug #73280 (Stack Buffer Overflow in GD dynamicGetbuf).
  • Fixed bug #72482 (Illegal write/read access caused by gdImageAALine overflow).
  • Fixed bug #72696 (imagefilltoborder stackoverflow on truecolor images). (CVE-2016-9933)
• Imap:
  • Fixed bug #73418 (Integer Overflow in '_php_imap_mail' leads Heap Overflow).
• SPL:
  • Fixed bug #73144 (Use-after-free in ArrayObject Deserialization).
• SOAP:
  • Fixed bug #73037 (SoapServer reports Bad Request when gzipped).
• SQLite3:
  • Fixed bug #73333 (2147483647 is fetched as string).
• Standard:
  • Fixed bug #73203 (passing additional_parameters causes mail to fail).
  • Fixed bug #73188 (use after free in userspace streams).
  • Fixed bug #73192 (parse_url return wrong hostname).
• Wddx:
  • Fixed bug #73331 (NULL Pointer Dereference in WDDX Packet Deserialization with PDORow). (CVE-2016-9934)

13 Oct 2016

• Core:
  • Fixed bug #73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c).
  • Fixed bug #73058 (crypt broken when salt is 'too' long).
  • Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by password_verify).
  • Fixed bug #73189 (Memcpy negative size parameter php_resolve_path).
  • Fixed bug #73147 (Use After Free in unserialize()).
• BCmath:
  • Fixed bug #73190 (memcpy negative parameter _bc_new_num_ex).
• DOM:
  • Fixed bug #73150 (missing NULL check in dom_document_save_html).
• Ereg:
  • Fixed bug #73284 (heap overflow in php_ereg_replace function).
• Filter:
  • Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE).
  • Fixed bug #67167 (Wrong return value from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE).
  • Fixed bug #73054 (default option ignored when object passed to int filter).
• GD:
  • Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette).
  • Fixed bug #50194 (imagettftext broken on transparent background w/o alphablending).
  • Fixed bug #73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c).
  • Fixed bug #53504 (imagettfbbox gives incorrect values for bounding box).
  • Fixed bug #73157 (imagegd2() ignores 3rd param if 4 are given).
  • Fixed bug #73155 (imagegd2() writes wrong chunk sizes on boundaries).
  • Fixed bug #73159 (imagegd2(): unrecognized formats may result in corrupted files).
  • Fixed bug #73161 (imagecreatefromgd2() may leak memory).
• Intl:
  • Fixed bug #73218 (add mitigation for ICU int overflow).
• Imap:
  • Fixed bug #73208 (integer overflow in imap_8bit caused heap corruption).
• Mbstring:
  • Fixed bug #72994 (mbc_to_code() out of bounds read).
  • Fixed bug #66964 (mb_convert_variables() cannot detect recursion).
  • Fixed bug #72992 (mbstring.internal_encoding doesn't inherit default_charset).
  • Fixed bug #73082 (string length overflow in mb_encode_* function).
• PCRE:
  • Fixed bug #73174 (heap overflow in php_pcre_replace_impl).
• Opcache:
  • Fixed bug #72590 (Opcache restart with kill_all_lockers does not work).
• OpenSSL:
  • Fixed bug #73072 (Invalid path SNI_server_certs causes segfault).
  • Fixed bug #73275 (crash in openssl_encrypt function).
  • Fixed bug #73276 (crash in openssl_random_pseudo_bytes function).
• Session:
  • Fixed bug #68015 (Session does not report invalid uid for files save handler).
  • Fixed bug #73100 (session_destroy null dereference in ps_files_path_create).
• SimpleXML:
  • Fixed bug #73293 (NULL pointer dereference in SimpleXMLElement::asXML()).
• SPL:
  • Fixed bug #73073 (CachingIterator null dereference when convert to string).
• Standard:
  • Fixed bug #73240 (Write out of bounds at number_format).
  • Fixed bug #73017 (memory corruption in wordwrap function).
• Stream:
  • Fixed bug #73069 (readfile() mangles files larger than 2G).
• Zip:
  • Fixed bug #70752 (Depacking with wrong password leaves 0 length files).

15 Sep 2016

• Core:
  • Fixed bug #72907 (null pointer deref, segfault in gc_remove_zval_from_buffer (zend_gc.c:260)).
• Dba:
  • Fixed bug #71514 (Bad dba_replace condition because of wrong API usage).
  • Fixed bug #70825 (Cannot fetch multiple values with group in ini file).
• EXIF:
  • Fixed bug #72926 (Uninitialized Thumbail Data Leads To Memory Leakage in exif_process_IFD_in_TIFF).
• FTP:
  • Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with require_ssl_reuse).
• GD:
  • Fixed bug #66005 (imagecopy does not support 1bit transparency on truecolor images).
  • Fixed bug #72913 (imagecopy() loses single-color transparency on palette images).
  • Fixed bug #68716 (possible resource leaks in _php_image_convert()).
• Intl:
  • Fixed bug #73007 (add locale length check). (CVE-2016-7416)
• JSON:
  • Fixed bug #72787 (json_decode reads out of bounds).
• mbstring:
  • Fixed bug #66797 (mb_substr only takes 32-bit signed integer).
  • Fixed bug #72910 (Out of bounds heap read in mbc_to_code() / triggered by mb_ereg_match()).
• MSSQL:
  • Fixed bug #72039 (Use of uninitialised value on mssql_guid_string).
• Mysqlnd:
  • Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields). (CVE-2016-7412)
• PDO:
  • Fixed bug #60665 (call to empty() on NULL result using PDO::FETCH_LAZY returns false).
• PDO_pgsql:
  • Implemented FR #72633 (Postgres PDO lastInsertId() should work without specifying a sequence).
  • Fixed bug #72759 (Regression in pgo_pgsql).
• Phar:
  • Fixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile). (CVE-2016-7414)
  • Fixed bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile).
• SPL:
  • Fixed bug #73029 (Missing type check when unserializing SplArray). (CVE-2016-7417)
• Standard:
  • Fixed bug #72823 (strtr out-of-bound access).
  • Fixed bug #72278 (getimagesize returning FALSE on valid jpg).
  • Fixed bug #65550 (get_browser() incorrectly parses entries with '+' sign).
  • Fixed bug #71882 (Negative ftruncate() on php://memory exhausts memory).
  • Fixed bug #73011 (integer overflow in fgets cause heap corruption).
  • Fixed bug #73017 (memory corruption in wordwrap function).
  • Fixed bug #73045 (integer overflow in fgetcsv caused heap corruption).
  • Fixed bug #73052 (Memory Corruption in During Deserialized-object Destruction). (CVE-2016-7411)
• Streams:
  • Fixed bug #72853 (stream_set_blocking doesn't work).
• Wddx:
  • Fixed bug #72860 (wddx_deserialize use-after-free). (CVE-2016-7413)
  • Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element). (CVE-2016-7418)
• XML:
  • Fixed bug #72085 (SEGV on unknown address zif_xml_parse).
  • Fixed bug #72927 (integer overflow in xml_utf8_encode).
• ZIP:
  • Fixed bug #68302 (impossible to compile php with zip support).

18 Aug 2016

• Core:
  • Fixed bug #70436 (Use After Free Vulnerability in unserialize()).
  • Fixed bug #72024 (microtime() leaks memory).
  • Fixed bug #72581 (previous property undefined in Exception after deserialization).
  • Implemented FR #72614 (Support 'nmake test' on building extensions by phpize).
  • Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX).
  • Fixed bug #72663 (Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization). (CVE-2016-7124)
  • Fixed bug #72681 (PHP Session Data Injection Vulnerability). (CVE-2016-7125)
• Bz2:
  • Fixed bug #72837 (integer overflow in bzdecompress caused heap corruption).
• Calendar:
  • Fixed bug #67976 (cal_days_month() fails for final month of the French calendar).
  • Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in zif_cal_from_jd).
• Curl:
  • Fixed bug #71144 (Segmentation fault when using cURL with ZTS).
  • Fixed bug #71929 (Certification information (CERTINFO) data parsing error).
  • Fixed bug #72807 (integer overflow in curl_escape caused heap corruption).
• DOM:
  • Fixed bug #66502 (DOM document dangling reference).
• Ereg:
  • Fixed bug #72838 (Integer overflow lead to heap corruption in sql_regcase).
• EXIF:
  • Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF). (CVE-2016-7128)
  • Fixed bug #72735 (Samsung picture thumb not read (zero size)).
• Filter:
  • Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8 range).
• FPM:
  • Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user).
• GD:
  • Fixed bug #43828 (broken transparency of imagearc for truecolor in blendingmode).
  • Fixed bug #66555 (Always false condition in ext/gd/libgd/gdkanji.c).
  • Fixed bug #68712 (suspicious if-else statements).
  • Fixed bug #70315 (500 Server Error but page is fully rendered).
  • Fixed bug #72596 (imagetypes function won't advertise WEBP support).
  • Fixed bug #72604 (imagearc() ignores thickness for full arcs).
  • Fixed bug #72697 (select_colors write out-of-bounds). (CVE-2016-7126)
  • Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles).
  • Fixed bug #72730 (imagegammacorrect allows arbitrary write access). (CVE-2016-7127)
  • Fixed bug #72494 (imagecropauto out-of-bounds access)
• Intl:
  • Partially fixed #72506 (idn_to_ascii for UTS #46 incorrect for long domain names).
• mbstring:
  • Fixed bug #72691 (mb_ereg_search raises a warning if a match zero-width).
  • Fixed bug #72693 (mb_ereg_search increments search position when a match zero-width).
  • Fixed bug #72694 (mb_ereg_search_setpos does not accept a string's last position).
  • Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error).
• PCRE:
  • Fixed bug #72688 (preg_match missing group names in matches).
• PDO_pgsql:
  • Fixed bug #70313 (PDO statement fails to throw exception).
• Reflection:
  • Fixed bug #72222 (ReflectionClass::export doesn't handle array constants).
• SNMP:
  • Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory allocation).
• Standard:
  • Fixed bug #72330 (CSV fields incorrectly split if escape char followed by UTF chars).
  • Fixed bug #72836 (integer overflow in base64_decode).
  • Fixed bug #72848 (integer overflow in quoted_printable_encode).
  • Fixed bug #72849 (integer overflow in urlencode).
  • Fixed bug #72850 (integer overflow in php_uuencode).
  • Fixed bug #72716 (initialize buffer before read).
• Streams:
  • Fixed bug #41021 (Problems with the ftps wrapper).
  • Fixed bug #54431 (opendir() does not work with ftps:// wrapper).
  • Fixed bug #72667 (opendir() with ftp:// attempts to open data stream for non-existent directories).
  • Fixed bug #72764 (ftps:// opendir wrapper data channel encryption fails with IIS FTP 7.5, 8.5).
  • Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol downgrade attack).
• SPL:
  • Fixed bug #72122 (IteratorIterator breaks '@' error suppression).
  • Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape character).
  • Fixed bug #72684 (AppendIterator segfault with closed generator).
• SQLite3:
  • Implemented FR #72653 (SQLite should allow opening with empty filename).
• Wddx:
  • Fixed bug #72142 (WDDX Packet Injection Vulnerability in wddx_serialize_value()).
  • Fixed bug #72749 (wddx_deserialize allows illegal memory access). (CVE-2016-7129)
  • Fixed bug #72750 (wddx_deserialize null dereference). (CVE-2016-7130)
  • Fixed bug #72790 (wddx_deserialize null dereference with invalid xml). (CVE-2016-7131)
  • Fixed bug #72799 (wddx_deserialize null dereference in php_wddx_pop_element). (CVE-2016-7132)

21 Jul 2016

• Core:
  • Fixed bug #70480 (php_url_parse_ex() buffer overflow read). (CVE-2016-6288)
  • Fixed bug #72513 (Stack-based buffer overflow vulnerability in virtual_file_ex). (CVE-2016-6289)
  • Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session Deserialization). (CVE-2016-6290)
  • Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and applications). (CVE-2016-5385)
• BZip2:
  • Fixed bug #72613 (Inadequate error handling in bzread()). (CVE-2016-5399)
• EXIF:
  • Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE). (CVE-2016-6291)
  • Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment). (CVE-2016-6292)
• GD:
  • Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read access).
  • Fixed bug #72519 (imagegif/output out-of-bounds access).
  • Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()). (CVE-2016-6207)
• Intl:
  • Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (CVE-2016-6294)
• ODBC:
  • Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns). (CVE-2015-8879)
• SNMP:
  • Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()). (CVE-2016-6295)
• Xmlrpc:
  • Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c). (CVE-2016-6296)
• Zip:
  • Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener). (CVE-2016-6297)

21 Jul 2016

• Core:
  • Fixed bug #71936 (Segmentation fault destroying HTTP_RAW_POST_DATA).
  • Fixed bug #72496 (Cannot declare public method with signature incompatible with parent private method).
  • Fixed bug #72138 (Integer Overflow in Length of String-typed ZVAL).
  • Fixed bug #72513 (Stack-based buffer overflow vulnerability in virtual_file_ex). (CVE-2016-6289)
  • Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session Deserialization). (CVE-2016-6290)
  • Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and applications). (CVE-2016-5385)
• bz2:
  • Fixed bug #72447 (Type Confusion in php_bz2_filter_create()).
  • Fixed bug #72613 (Inadequate error handling in bzread()). (CVE-2016-5399)
• Date:
  • Fixed bug #66836 (DateTime::createFromFormat 'U' with pre 1970 dates fails parsing).
• EXIF:
  • Fixed bug #50845 (exif_read_data() returns corrupted exif headers).
  • Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE). (CVE-2016-6291)
  • Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment). (CVE-2016-6292)
• GD:
  • Fixed bug #43475 (Thick styled lines have scrambled patterns).
  • Fixed bug #53640 (XBM images require width to be multiple of 8).
  • Fixed bug #64641 (imagefilledpolygon doesn't draw horizontal line).
  • Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read access).
  • Fixed bug #72519 (imagegif/output out-of-bounds access).
  • Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()). (CVE-2016-6207)
• Intl:
  • Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (CVE-2016-6294)
• OpenSSL:
  • Fixed bug #71915 (openssl_random_pseudo_bytes is not fork-safe).
  • Fixed bug #72336 (openssl_pkey_new does not fail for invalid DSA params).
• SNMP:
  • Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()). (CVE-2016-6295)
• SPL:
  • Fixed bug #55701 (GlobIterator throws LogicException).
• SQLite3:
  • Fixed bug #70628 (Clearing bindings on an SQLite3 statement doesn't work).
• Streams:
  • Fixed bug #72439 (Stream socket with remote address leads to a segmentation fault).
• Xmlrpc:
  • Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c). (CVE-2016-6296)
• Zip:
  • Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener). (CVE-2016-6297)

23 Jun 2016

• Core:
  • Fixed bug #72268 (Integer Overflow in nl2br()).
  • Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/ json_utf8_to_utf16()).
  • Fixed bug #72400 (Integer Overflow in addcslashes/addslashes).
  • Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL).
• Date:
  • Fixed bug #63740 (strtotime seems to use both sunday and monday as start of week).
• GD:
  • Fixed bug #72298 (pass2_no_dither out-of-bounds access).
  • Fixed bug #72337 (invalid dimensions can lead to crash).
  • Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (CVE-2016-5766)
  • Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert).
  • Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow). (CVE-2016-5767)
• Intl:
  • Fixed bug #70484 (selectordinal doesn't work with named parameters).
• mbstring:
  • Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (CVE-2016-5768)
• mcrypt:
  • Fixed bug #72455 (Heap Overflow due to integer overflows). (CVE-2016-5769)
• OpenSSL:
  • Fixed bug #72140 (segfault after calling ERR_free_strings()).
• Phar:
  • Fixed bug #72321 (invalid free in phar_extract_file()). (CVE-2016-4473)
• SPL:
  • Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (CVE-2016-5770)
  • Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and unserialize). (CVE-2016-5771)
• WDDX:
  • Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (CVE-2016-5772)
• zip:
  • Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize). (CVE-2016-5773)

23 Jun 2016

• Core:
  • Fixed bug #72268 (Integer Overflow in nl2br()).
  • Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/ json_utf8_to_utf16()).
  • Fixed bug #72400 (Integer Overflow in addcslashes/addslashes).
  • Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL).
• GD:
  • Fixed bug #66387 (Stack overflow with imagefilltoborder). (CVE-2015-8874)
  • Fixed bug #72298 (pass2_no_dither out-of-bounds access).
  • Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (CVE-2016-5766)
  • Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert).
  • Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow). (CVE-2016-5767)
• mbstring:
  • Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (CVE-2016-5768)
• mcrypt:
  • Fixed bug #72455 (Heap Overflow due to integer overflows). (CVE-2016-5769)
• SPL:
  • Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (CVE-2016-5770)
  • Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and unserialize). (CVE-2016-5771)
• WDDX:
  • Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (CVE-2016-5772)
• zip:
  • Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize). (CVE-2016-5773)

26 May 2016

• Core:
  • Fixed bug #72114 (Integer underflow / arbitrary null write in fread/gzread). (CVE-2016-5096)
  • Fixed bug #72135 (Integer Overflow in php_html_entities). (CVE-2016-5094)
• GD:
  • Fixed bug #72227 (imagescale out-of-bounds read). (CVE-2013-7456)
• Intl:
  • Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (CVE-2016-5093)
• Phar:
  • Fixed bug #71331 (Uninitialized pointer in phar_make_dirstream()). (CVE-2016-4343)

26 May 2016

• Core:
  • Fixed bug #72172 (zend_hex_strtod should not use strlen).
  • Fixed bug #72114 (Integer underflow / arbitrary null write in fread/gzread). (CVE-2016-5096)
  • Fixed bug #72135 (Integer Overflow in php_html_entities). (CVE-2016-5094)
• GD:
  • Fixed bug #72227 (imagescale out-of-bounds read). (CVE-2013-7456)
• Intl:
  • Fixed bug #64524 (Add intl.use_exceptions to php.ini-*).
  • Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (CVE-2016-5093)
• Postgres:
  • Fixed bug #72151 (mysqli_fetch_object changed behaviour). Patch to #71820 is reverted.

28 Apr 2016

• Core:
  • Fixed bug #69537 (__debugInfo with empty string for key gives error).
  • Fixed bug #71841 (EG(error_zval) is not handled well).
• BCmath:
  • Fixed bug #72093 (bcpowmod accepts negative scale and corrupts _one_ definition). (CVE-2016-4537, CVE-2016-4538)
• Curl:
  • Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string).
• Date:
  • Fixed bug #71889 (DateInterval::format Segmentation fault).
• EXIF:
  • Fixed bug #72094 (Out of bounds heap read access in exif header processing). (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544)
• GD:
  • Fixed bug #71952 (Corruption inside imageaffinematrixget).
  • Fixed bug #71912 (libgd: signedness vulnerability). (CVE-2016-3074)
• Intl:
  • Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative offset). (CVE-2016-4540, CVE-2016-4541)
• OCI8:
  • Fixed bug #71422 (Fix ORA-01438: value larger than specified precision allowed for this column).
• ODBC:
  • Fixed bug #63171 (Script hangs after max_execution_time).
• Opcache:
  • Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER).
• PDO:
  • Fixed bug #52098 (Own PDOStatement implementation ignore __call()).
  • Fixed bug #71447 (Quotes inside comments not properly handled).
• Postgres:
  • Fixed bug #71820 (pg_fetch_object binds parameters before call constructor).
• SPL:
  • Fixed bug #67582 (Cloned SplObjectStorage with overwritten getHash fails offsetExists()).
• Standard:
  • Fixed bug #71840 (Unserialize accepts wrongly data).
  • Fixed bug #67512 (php_crypt() crashes if crypt_r() does not exist or _REENTRANT is not defined).
• XML:
  • Fixed bug #72099 (xml_parse_into_struct segmentation fault). (CVE-2016-4539)

28 Apr 2016

• BCMath:
  • Fixed bug #72093 (bcpowmod accepts negative scale and corrupts _one_ definition). (CVE-2016-4537, CVE-2016-4538)
• Exif:
  • Fixed bug #72094 (Out of bounds heap read access in exif header processing). (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544)
• GD:
  • Fixed bug #71912 (libgd: signedness vulnerability). (CVE-2016-3074)
• Intl:
  • Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative offset). (CVE-2016-4540, CVE-2016-4541)
• XML:
  • Fixed bug #72099 (xml_parse_into_struct segmentation fault). (CVE-2016-4539)

31 Mar 2016

• CLI Server:
  • Fixed bug #69953 (Support MKCALENDAR request method).
• Core:
  • Fixed bug #71596 (Segmentation fault on ZTS with date function (setlocale)).
• Curl:
  • Fixed bug #71694 (Support constant CURLM_ADDED_ALREADY).
• Date:
  • Fixed bug #71635 (DatePeriod::getEndDate segfault).
• Fileinfo:
  • Fixed bug #71527 (Buffer over-write in finfo_open with malformed magic file). (CVE-2015-8865)
• Mbstring:
  • Fixed bug #71906 (AddressSanitizer: negative-size-param (-1) in mbfl_strcut). (CVE-2016-4073)
• ODBC:
  • Fixed bug #47803, #69526 (Executing prepared statements is succesfull only for the first two statements).
  • Fixed bug #71860 (Invalid memory write in phar on filename with in name). (CVE-2016-4072)
• PDO_DBlib:
  • Fixed bug #54648 (PDO::MSSQL forces format of datetime fields).
• Phar:
  • Fixed bug #71625 (Crash in php7.dll with bad phar filename).
  • Fixed bug #71504 (Parsing of tar file with duplicate filenames causes memory leak).
• SNMP:
  • Fixed bug #71704 (php_snmp_error() Format String Vulnerability). (CVE-2016-4071)
• Standard:
  • Fixed bug #71798 (Integer Overflow in php_raw_url_encode). (CVE-2016-4070)

31 Mar 2016

• Fileinfo:
  • Fixed bug #71527 (Buffer over-write in finfo_open with malformed magic file). (CVE-2015-8865)
• Mbstring:
  • Fixed bug #71906 (AddressSanitizer: negative-size-param (-1) in mbfl_strcut). (CVE-2016-4073)
• ODBC:
  • Fixed bug #71860 (Invalid memory write in phar on filename with in name). (CVE-2016-4072)
• SNMP:
  • Fixed bug #71704 (php_snmp_error() Format String Vulnerability). (CVE-2016-4071)
• Standard:
  • Fixed bug #71798 (Integer Overflow in php_raw_url_encode). (CVE-2016-4070)

03 Mar 2016

• CLI server:
  • Fixed bug #71559 (Built-in HTTP server, we can download file in web by bug).
• CURL:
  • Fixed bug #71523 (Copied handle with new option CURLOPT_HTTPHEADER crashes while curl_multi_exec).
• Date:
  • Fixed bug #68078 (Datetime comparisons ignore microseconds).
  • Fixed bug #71525 (Calls to date_modify will mutate timelib_rel_time, causing date_date_set issues).
• Fileinfo:
  • Fixed bug #71434 (finfo throws notice for specific python file).
• FPM:
  • Fixed bug #62172 (FPM not working with Apache httpd 2.4 balancer/fcgi setup).
• Opcache:
  • Fixed bug #71584 (Possible use-after-free of ZCG(cwd) in Zend Opcache).
• PDO MySQL:
  • Fixed bug #71569 (#70389 fix causes segmentation fault).
• Phar:
  • Fixed bug #71498 (Out-of-Bound Read in phar_parse_zipfile()).
• Standard:
  • Fixed bug #70720 (strip_tags improper php code parsing).
• WDDX:
  • Fixed bug #71587 (Use-After-Free / Double-Free in WDDX Deserialize).
• XSL:
  • Fixed bug #71540 (NULL pointer dereference in xsl_ext_function_php()).
• Zip:
  • Fixed bug #71561 (NULL pointer dereference in Zip::ExtractTo).

03 Mar 2016

• Phar:
  • Fixed bug #71498 (Out-of-Bound Read in phar_parse_zipfile()).
• WDDX:
  • Fixed bug #71587 (Use-After-Free / Double-Free in WDDX Deserialize).

04 Feb 2016

• Core:
  • Added support for new HTTP 451 code.
  • Fixed bug #71039 (exec functions ignore length but look for NULL termination).
  • Fixed bug #71089 (No check to duplicate zend_extension).
  • Fixed bug #71201 (round() segfault on 64-bit builds).
  • Fixed bug #71273 (A wrong ext directory setup in php.ini leads to crash).
  • Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its input).
  • Fixed bug #71459 (Integer overflow in iptcembed()).
• Apache2handler:
  • Fix >2G Content-Length headers in apache2handler.
• FTP:
  • Implemented FR #55651 (Option to ignore the returned FTP PASV address).
• GD:
  • Improved fix for bug #70976.
• Opcache:
  • Fixed bug #71127 (Define in auto_prepend_file is overwrite).
  • Fixed bug #71024 (Unable to use PHP 7.0 x64 side-by-side with PHP 5.6 x32 on the same server).
• PCRE:
  • Upgraded bundled PCRE library to 8.38. (CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)
• Phar:
  • Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (CVE-2016-4342)
  • Fixed bug #71331 (Uninitialized pointer in phar_make_dirstream()). (CVE-2016-4343)
  • Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()).
  • Fixed bug #71488 (Stack overflow when decompressing tar archives). (CVE-2016-2554)
• Session:
  • Fixed bug #69111 (Crash in SessionHandler::read()).
• SOAP:
  • Fixed bug #70979 (crash with bad soap request).
• SPL:
  • Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading).
• WDDX:
  • Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization).

04 Feb 2016

• Core:
  • Fixed bug #71039 (exec functions ignore length but look for NULL termination).
  • Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its input).
  • Fixed bug #71459 (Integer overflow in iptcembed()).
• GD:
  • Improved fix for bug #70976.
• PCRE:
  • Upgraded bundled PCRE library to 8.38. (CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)
• Phar:
  • Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (CVE-2016-4342)
  • Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()).
  • Fixed bug #71488 (Stack overflow when decompressing tar archives). (CVE-2016-2554)
• WDDX:
  • Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization).

07 Jan 2016

• Core:
  • Fixed bug #66909 (configure fails utf8_to_mutf7 test).
  • Fixed bug #70958 (Invalid opcode while using ::class as trait method paramater default value).
  • Fixed bug #70957 (self::class can not be resolved with reflection for abstract class).
  • Fixed bug #70944 (try{ } finally{} can create infinite chains of exceptions).
  • Fixed bug #61751 (SAPI build problem on AIX: Undefined symbol: php_register_internal_extensions).
• FPM:
  • Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (CVE-2016-5114)
• GD:
  • Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index Out of Bounds). (CVE-2016-1903)
• Mysqlnd:
  • Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction).
• SOAP:
  • Fixed bug #70900 (SoapClient systematic out of memory error).
• Standard:
  • Fixed bug #70960 (ReflectionFunction for array_unique returns wrong number of parameters).
• PDO_Firebird:
  • Fixed bug #60052 (Integer returned as a 64bit integer on X64_86).
• WDDX:
  • Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization).
  • Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion Vulnerability).
• XMLRPC:
  • Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker()).

07 Jan 2016

• FPM:
  • Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (CVE-2016-5114)
• GD:
  • Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index Out of Bounds). (CVE-2016-1903)
• WDDX:
  • Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization).
  • Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion Vulnerability).
• XMLRPC:
  • Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker()).

26 Nov 2015

• Core:
  • Fixed bug #70828 (php-fpm 5.6 with opcache crashes when referencing a non-existent constant).
  • Fixed bug #70748 (Segfault in ini_lex () at Zend/zend_ini_scanner.l).
• Mysqlnd:
  • Fixed bug #68344 (MySQLi does not provide way to disable peer certificate validation) by introducing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT connection flag.
• OCI8:
  • Fixed bug #68298 (OCI int overflow).
• PDO_DBlib:
  • Fixed bug #69757 (Segmentation fault on nextRowset).
• SOAP:
  • Fixed bug #70875 (Segmentation fault if wsdl has no targetNamespace attribute).
• SPL:
  • Fixed bug #70852 (Segfault getting NULL offset of an ArrayObject).

29 Oct 2015

• Core:
  • Fixed bug #70681 (Segfault when binding $this of internal instance method to null).
  • Fixed bug #70685 (Segfault for getClosure() internal method rebind with invalid $this).
• Date:
  • Fixed bug #70619 (DateTimeImmutable segfault).
• Mcrypt:
  • Fixed bug #70625 (mcrypt_encrypt() won't return data when no IV was specified under RC4).
• Mysqlnd:
  • Fixed bug #70384 (mysqli_real_query():Unknown type 245 sent by the server).
  • Fixed bug #70572 segfault in mysqlnd_connect.
• Opcache:
  • Fixed bug #70632 (Third one of segfault in gc_remove_from_buffer).
  • Fixed bug #70631 (Another Segfault in gc_remove_from_buffer()).
  • Fixed bug #70601 (Segfault in gc_remove_from_buffer()).
  • Fixed compatibility with Windows 10 (see also #70652).

01 Oct 2015

• Phar:
  • Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()). (CVE-2015-7803)
  • Fixed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip entry filename is '/'). (CVE-2015-7804)

01 Oct 2015

• Core:
  • Fixed bug #70370 (Bundled libtool.m4 doesn't handle FreeBSD 10 when building extensions).
• CLI server:
  • Fixed bug #68291 (404 on urls with '+').
• DOM:
  • Fixed bug #70001 (Assigning to DOMNode::textContent does additional entity encoding).
• ldap:
  • Fixed bug #70465 (Bug in ldap_search() modifies LDAP_OPT_TIMELIMIT/DEREF's values). (Tyson Andre).
  • Fixed bug #69574 (ldap timeouts not enforced). (Côme Bernigaud).
• Mysqlnd:
  • Fixed bug #70456 (mysqlnd doesn't activate TCP keep-alive when connecting to a server).
• OpenSSL:
  • Fixed bug #55259 (openssl extension does not get the DH parameters from DH key resource).
  • Fixed bug #70395 (Missing ARG_INFO for openssl_seal()).
  • Fixed bug #60632 (openssl_seal fails with AES).
  • Fixed bug #68312 (Lookup for openssl.cnf causes a message box).
• PDO:
  • Fixed bug #70389 (PDO constructor changes unrelated variables).
• Phar:
  • Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()). (CVE-2015-7803)
  • Fixed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip entry filename is '/'). (CVE-2015-7804)
• Phpdbg:
  • Fix phpdbg_break_next() sometimes not breaking.
• Standard:
  • Fixed bug #67131 (setcookie() conditional for empty values not met).
• Streams:
  • Fixed bug #70361 (HTTP stream wrapper doesn't close keep-alive connections).
• Zip:
  • Fixed bug #70322 (ZipArchive::close() doesn't indicate errors).

03 Sep 2015

• Core:
  • Fixed bug #69900 (Too long timeout on pipes).
  • Fixed bug #69487 (SAPI may truncate POST data).
  • Fixed bug #70198 (Checking liveness does not work as expected).
  • Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (CVE-2015-6834)
  • Fixed bug #70219 (Use after free vulnerability in session deserializer). (CVE-2015-6835)
• CLI server:
  • Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE).
  • Fixed bug #70264 (CLI server directory traversal).
• Date:
  • Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to be optional).
  • Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).
• EXIF:
  • Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
• GMP:
  • Fixed bug #70284 (Use after free vulnerability in unserialize() with GMP).
• hash:
  • Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).
• MCrypt:
  • Fixed bug #69833 (mcrypt fd caching not working).
• Opcache:
  • Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on CLI enabled).
• PCRE:
  • Fixed bug #70232 (Incorrect bump-along behavior with K and empty string match).
  • Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
• SOAP:
  • Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). (CVE-2015-6836)
• SPL:
  • Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start).
  • Fixed bug #70303 (Incorrect constructor reflection for ArrayObject).
  • Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). (CVE-2015-6834)
  • Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (CVE-2015-6834)
• Standard:
  • Fixed bug #70052 (getimagesize() fails for very large and very small WBMP).
  • Fixed bug #70157 (parse_ini_string() segmentation fault with INI_SCANNER_TYPED).
• XSLT:
  • Fixed bug #69782 (NULL pointer dereference). (CVE-2015-6837, CVE-2015-6838)
• ZIP:
  • Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories). (CVE-2014-9767)

03 Sep 2015

• Core:
  • Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (CVE-2015-6834)
  • Fixed bug #70219 (Use after free vulnerability in session deserializer). (CVE-2015-6835)
• EXIF:
  • Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
• hash:
  • Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).
• PCRE:
  • Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
• SOAP:
  • Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). (CVE-2015-6836)
• SPL:
  • Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). (CVE-2015-6834)
  • Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (CVE-2015-6834)
• XSLT:
  • Fixed bug #69782 (NULL pointer dereference). (CVE-2015-6837, CVE-2015-6838)
• ZIP:
  • Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories). (CVE-2014-9767)

06 Aug 2015

• Core:
  • Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls).
  • Fixed bug #69892 (Different arrays compare indentical due to integer key truncation).
  • Fixed bug #70002 (TS issues with temporary dir handling).
  • Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref).
• OpenSSL:
  • Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure). (CVE-2015-8867)
• Phar:
  • Improved fix for bug #69441.
  • Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory). (CVE-2015-6833)
• SOAP:
  • Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions).
• SPL:
  • Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items). (CVE-2015-6832)
  • Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject). (CVE-2015-6831)
  • Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage). (CVE-2015-6831)
  • Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList). (CVE-2015-6831)

06 Aug 2015

• Core:
  • Fixed bug #70012 (Exception lost with nested finally block).
  • Fixed bug #70002 (TS issues with temporary dir handling).
  • Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls).
  • Fixed bug #69892 (Different arrays compare indentical due to integer key truncation).
  • Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref).
• CLI server:
  • Fixed bug #69655 (php -S changes MKCALENDAR request method to MKCOL).
  • Fixed bug #64878 (304 responses return Content-Type header).
• GD:
  • Fixed bug #53156 (imagerectangle problem with point ordering).
  • Fixed bug #66387 (Stack overflow with imagefilltoborder). (CVE-2015-8874)
  • Fixed bug #70102 (imagecreatefromwebm() shifts colors).
  • Fixed bug #66590 (imagewebp() doesn't pad to even length).
  • Fixed bug #66882 (imagerotate by -90 degrees truncates image by 1px).
  • Fixed bug #70064 (imagescale(..., IMG_BICUBIC) leaks memory).
  • Fixed bug #69024 (imagescale segfault with palette based image).
  • Fixed bug #53154 (Zero-height rectangle has whiskers).
  • Fixed bug #67447 (imagecrop() add a black line when cropping).
  • Fixed bug #68714 (copy 'n paste error).
  • Fixed bug #66339 (PHP segfaults in imagexbm).
  • Fixed bug #70047 (gd_info() doesn't report WebP support).
• ODBC:
  • Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns). (CVE-2015-8879)
• OpenSSL:
  • Fixed bug #69882 (OpenSSL error 'key values mismatch' after openssl_pkcs12_read with extra cert).
  • Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure). (CVE-2015-8867)
• Phar:
  • Improved fix for bug #69441.
  • Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory). (CVE-2015-6833)
• SOAP:
  • Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions).
• SPL:
  • Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items). (CVE-2015-6832)
  • Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject). (CVE-2015-6831)
  • Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage). (CVE-2015-6831)
  • Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList). (CVE-2015-6831)
• Standard:
  • Fixed bug #70096 (Repeated iptcembed() adds superfluous FF bytes).

10 Jul 2015

• Core:
  • Fixed bug #69768 (escapeshell*() doesn't cater to !).
  • Fixed bug #69703 (Use __builtin_clzl on PowerPC).
  • Fixed bug #69732 (can induce segmentation fault with basic php code).
  • Fixed bug #69642 (Windows 10 reported as Windows 8).
  • Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation fault).
  • Fixed bug #69781 (phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as 'Business').
  • Fixed bug #69740 (finally in generator (yield) swallows exception in iteration).
  • Fixed bug #69835 (phpinfo() does not report many Windows SKUs).
  • Fixed bug #69892 (Different arrays compare indentical due to integer key truncation).
  • Fixed bug #69874 (Can't set empty additional_headers for mail()), regression from fix to bug #68776.
• GD:
  • Fixed bug #61221 (imagegammacorrect function loses alpha channel).
• GMP:
  • Fixed bug #69803 (gmp_random_range() modifies second parameter if GMP number).
• Mysqlnd:
  • Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM). (CVE-2015-3152)
• PCRE:
  • Fixed bug #53823 (preg_replace: * qualifier on unicode replace garbles the string).
  • Fixed bug #69864 (Segfault in preg_replace_callback).
• PDO_pgsql:
  • Fixed bug #69752 (PDOStatement::execute() leaks memory with DML Statements when closeCuror() is u).
  • Fixed bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote).
  • Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps).
• Phar:
  • Fixed bug #69958 (Segfault in Phar::convertToData on invalid file). (CVE-2015-5589)
  • Fixed bug #69923 (Buffer overflow and stack smashing error in phar_fix_filepath). (CVE-2015-5590)
• SimpleXML:
  • Refactored the fix for bug #66084 (simplexml_load_string() mangles empty node name).
• SPL:
  • Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error).
  • Fixed bug #67805 (SplFileObject setMaxLineLength).
  • Fixed bug #69970 (Use-after-free vulnerability in spl_recursive_it_move_forward_ex()).
• Sqlite3:
  • Fixed bug #69972 (Use-after-free vulnerability in sqlite3SafetyCheckSickOrOk()).

09 Jul 2015

• Core:
  • Fixed bug #69768 (escapeshell*() doesn't cater to !).
  • Fixed bug #69703 (Use __builtin_clzl on PowerPC).
  • Fixed bug #69732 (can induce segmentation fault with basic php code).
  • Fixed bug #69642 (Windows 10 reported as Windows 8).
  • Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation fault).
  • Fixed bug #69781 (phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as 'Business').
  • Fixed bug #69835 (phpinfo() does not report many Windows SKUs).
  • Fixed bug #69892 (Different arrays compare indentical due to integer key truncation).
  • Fixed bug #69874 (Can't set empty additional_headers for mail()), regression from fix to bug #68776.
• GD:
  • Fixed bug #61221 (imagegammacorrect function loses alpha channel).
• Mysqlnd:
  • Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM). (CVE-2015-3152)
• PCRE:
  • Fixed bug #53823 (preg_replace: * qualifier on unicode replace garbles the string).
  • Fixed bug #69864 (Segfault in preg_replace_callback).
• PDO_pgsql:
  • Fixed bug #69752 (PDOStatement::execute() leaks memory with DML Statements when closeCuror() is u).
  • Fixed bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote).
  • Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps).
• Phar:
  • Fixed bug #69958 (Segfault in Phar::convertToData on invalid file). (CVE-2015-5589)
  • Fixed bug #69923 (Buffer overflow and stack smashing error in phar_fix_filepath). (CVE-2015-5590)
• SimpleXML:
  • Refactored the fix for bug #66084 (simplexml_load_string() mangles empty node name).
• SPL:
  • Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error).
  • Fixed bug #67805 (SplFileObject setMaxLineLength).

11 Jun 2015

• Core:
  • Fixed bug #66048 (temp. directory is cached during multiple requests).
  • Fixed bug #69566 (Conditional jump or move depends on uninitialised value in extension trait).
  • Fixed bug #69599 (Strange generator+exception+variadic crash).
  • Fixed bug #69628 (complex GLOB_BRACE fails on Windows).
  • Fixed POST data processing slowdown due to small input buffer size on Windows.
  • Fixed bug #69646 (OS command injection vulnerability in escapeshellarg). (CVE-2015-4642)
  • Fixed bug #69719 (Incorrect handling of paths with NULs). (CVE-2015-4598)
• FTP:
  • Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4643)
• GD:
  • Fixed bug #69479 (GD fails to build with newer libvpx).
• Iconv:
  • Fixed bug #48147 (iconv with //IGNORE cuts the string).
• Litespeed SAPI:
  • Fixed bug #68812 (Unchecked return value).
• Mail:
  • Fixed bug #68776 (mail() does not have mail header injection prevention for additional headers).
• MCrypt:
  • Added file descriptor caching to mcrypt_create_iv().
• Opcache:
  • Fixed bug #69549 (Memory leak with opcache.optimization_level=0xFFFFFFFF).
• Phar:
  • Fixed bug #69680 (phar symlink in binary directory broken).
• Postgres:
  • Fixed bug #69667 (segfault in php_pgsql_meta_data). (CVE-2015-4644)
• Sqlite3:
  • Upgrade bundled sqlite to 3.8.10.2. (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416)

11 Jun 2015

• Core:
  • Fixed bug #69566 (Conditional jump or move depends on uninitialised value in extension trait).
  • Fixed bug #66048 (temp. directory is cached during multiple requests).
  • Fixed bug #69628 (complex GLOB_BRACE fails on Windows).
  • Fixed bug #69646 (OS command injection vulnerability in escapeshellarg). (CVE-2015-4642)
  • Fixed bug #69719 (Incorrect handling of paths with NULs). (CVE-2015-4598)
• FTP:
  • Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4643)
• GD:
  • Fixed bug #69479 (GD fails to build with newer libvpx).
• Iconv:
  • Fixed bug #48147 (iconv with //IGNORE cuts the string).
• Litespeed SAPI:
  • Fixed bug #68812 (Unchecked return value).
• Mail:
  • Fixed bug #68776 (mail() does not have mail header injection prevention for additional headers).
• MCrypt:
  • Added file descriptor caching to mcrypt_create_iv().
• Opcache:
  • Fixed bug #69549 (Memory leak with opcache.optimization_level=0xFFFFFFFF).
• PCRE:
  • Upgraded pcrelib to 8.37. (CVE-2015-2325, CVE-2015-2326)
• Phar:
  • Fixed bug #69680 (phar symlink in binary directory broken).
• Postgres:
  • Fixed bug #69667 (segfault in php_pgsql_meta_data). (CVE-2015-4644)
• Sqlite3:
  • Upgrade bundled sqlite to 3.8.10.2. (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416)

14 May 2015

• Core:
  • Fixed bug #69467 (Wrong checked for the interface by using Trait).
  • Fixed bug #69420 (Invalid read in zend_std_get_method).
  • Fixed bug #60022 ('use statement [...] has no effect' depends on leading backslash).
  • Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer).
  • Fixed bug #68652 (segmentation fault in destructor).
  • Fixed bug #69419 (Returning compatible sub generator produces a warning).
  • Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA).
  • Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (CVE-2015-4024)
  • Fixed bug #69403 (str_repeat() sign mismatch based memory corruption).
  • Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (CVE-2015-4025)
  • Fixed bug #69522 (heap buffer overflow in unpack()).
• FTP:
  • Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4022)
• ODBC:
  • Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0).
  • Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result).
  • Fixed bug #69381 (out of memory with sage odbc driver).
• OpenSSL:
  • Fixed bug #69402 (Reading empty SSL stream hangs until timeout).
• PCNTL:
  • Fixed bug #68598 (pcntl_exec() should not allow null char). (CVE-2015-4026)
• PCRE:
  • Upgraded pcrelib to 8.37. (CVE-2015-2325, CVE-2015-2326)
• Phar:
  • Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (CVE-2015-4021)

14 May 2015

• Core:
  • Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (CVE-2015-4024)
  • Fixed bug #69403 (str_repeat() sign mismatch based memory corruption).
  • Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (CVE-2015-4025)
  • Fixed bug #69522 (heap buffer overflow in unpack()).
  • Fixed bug #69467 (Wrong checked for the interface by using Trait).
  • Fixed bug #69420 (Invalid read in zend_std_get_method).
  • Fixed bug #60022 ('use statement [...] has no effect' depends on leading backslash).
  • Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer).
  • Fixed bug #68652 (segmentation fault in destructor).
  • Fixed bug #69419 (Returning compatible sub generator produces a warning).
  • Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA).
• FTP:
  • Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4022)
• ODBC:
  • Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0).
  • Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result).
  • Fixed bug #69381 (out of memory with sage odbc driver).
• OpenSSL:
  • Fixed bug #69402 (Reading empty SSL stream hangs until timeout).
• PCNTL:
  • Fixed bug #68598 (pcntl_exec() should not allow null char). (CVE-2015-4026)
• Phar:
  • Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (CVE-2015-4021)

16 Apr 2015

• Core:
  • Fixed bug #66609 (php crashes with __get() and ++ operator in some cases).
  • Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8 characters).
  • Fixed bug #68917 (parse_url fails on some partial urls).
  • Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options).
  • Additional fix for bug #69152 (Type confusion vulnerability in exception::getTraceAsString).
  • Fixed bug #69210 (serialize function return corrupted data when sleep has non-string values).
  • Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in __call/... arg passing).
  • Fixed bug #69221 (Segmentation fault when using a generator in combination with an Iterator).
  • Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability).
  • Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions). (CVE-2015-3411, CVE-2015-3412)
• Apache2handler:
  • Fixed bug #69218 (potential remote code execution with apache 2.4 apache2handler). (CVE-2015-3330)
• cURL:
  • Implemented FR #69278 (HTTP2 support).
  • Fixed bug #68739 (Missing break / control flow).
  • Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER).
• Date:
  • Fixed bug #69336 (Issues with 'last day of <monthname>').
• Enchant:
  • Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows builds).
• Ereg:
  • Fixed bug #68740 (NULL Pointer Dereference).
• Fileinfo:
  • Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault). (CVE-2015-4604, CVE-2015-4605)
• Filter:
  • Fixed bug #69202 (FILTER_FLAG_STRIP_BACKTICK ignored unless other flags are used).
  • Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127).
• Mbstring:
  • Fixed bug #68846 (False detection of CJK Unified Ideographs Extension E).
• OPCache:
  • Fixed bug #69297 (function_exists strange behavior with OPCache on disabled function).
  • Fixed bug #69281 (opcache_is_script_cached no longer works).
  • Fixed bug #68677 (Use After Free). (CVE-2015-1351)
• OpenSSL:
  • Fixed bug #68853, #65137 (Buffered crypto stream data breaks IO polling in stream_select() contexts).
  • Fixed bug #69197 (openssl_pkcs7_sign handles default value incorrectly).
  • Fixed bug #69215 (Crypto servers should send client CA list).
  • Add a check for RAND_egd to allow compiling against LibreSSL.
• Phar:
  • Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar).
  • Fixed bug #64931 (phar_add_file is too restrictive on filename).
  • Fixed bug #65467 (Call to undefined method cli_arg_typ_string).
  • Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing '.tar').
  • Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (CVE-2015-2783, CVE-2015-3307)
  • Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode). (CVE-2015-3329)
• Postgres:
  • Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352)
• SOAP:
  • Fixed bug #69152 (Type Confusion Infoleak Vulnerability in unserialize() with SoapFault). (CVE-2015-4599)
  • Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)).
• SPL:
  • Fixed bug #69227 (Use after free in zval_scan caused by spl_object_storage_get_gc).
• Sqlite3:
  • Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception).
  • Fixed bug #69287 (Upgrade bundled libsqlite to 3.8.8.3).
  • Fixed bug #66550 (SQLite prepared statement use-after-free).

16 Apr 2015

• Apache2handler:
  • Fixed bug #69218 (potential remote code execution with apache 2.4 apache2handler). (CVE-2015-3330)
• Core:
  • Fixed bug #66609 (php crashes with __get() and ++ operator in some cases).
  • Fixed bug #67626 (User exceptions not properly handled in streams).
  • Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8 characters).
  • Fixed bug #68917 (parse_url fails on some partial urls).
  • Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options).
  • Additional fix for bug #69152 (Type confusion vulnerability in exception::getTraceAsString).
  • Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in __call/... arg passing).
  • Fixed bug #69221 (Segmentation fault when using a generator in combination with an Iterator).
  • Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability).
  • Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions). (CVE-2015-3411, CVE-2015-3412)
• cURL:
  • Implemented FR #69278 (HTTP2 support).
  • Fixed bug #68739 (Missing break / control flow).
  • Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER).
• Date:
  • Export date_get_immutable_ce so that it can be used by extensions.
  • Fixed bug #69336 (Issues with 'last day of <monthname>').
• Enchant:
  • Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows builds).
• Ereg:
  • Fixed bug #68740 (NULL Pointer Dereference).
• Fileinfo:
  • Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault). (CVE-2015-4604, CVE-2015-4605)
• Filter:
  • Fixed bug #69202 (FILTER_FLAG_STRIP_BACKTICK ignored unless other flags are used).
  • Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127).
• Mbstring:
  • Fixed bug #68846 (False detection of CJK Unified Ideographs Extension E).
• ODBC:
  • Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0).
• OPCache:
  • Fixed bug #69281 (opcache_is_script_cached no longer works).
  • Fixed bug #68677 (Use After Free). (CVE-2015-1351)
• OpenSSL:
  • Fixed bug #67403 (Add signatureType to openssl_x509_parse).
  • Add a check for RAND_egd to allow compiling against LibreSSL.
• Phar:
  • Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar).
  • Fixed bug #64931 (phar_add_file is too restrictive on filename).
  • Fixed bug #65467 (Call to undefined method cli_arg_typ_string).
  • Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing '.tar').
  • Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (CVE-2015-2783, CVE-2015-3307)
  • Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode). (CVE-2015-3329)
• Postgres:
  • Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352)
• SOAP:
  • Fixed bug #69152 (Type Confusion Infoleak Vulnerability in unserialize() with SoapFault). (CVE-2015-4599)
  • Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)).
• SPL:
  • Fixed bug #69227 (Use after free in zval_scan caused by spl_object_storage_get_gc).
• SQLITE:
  • Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception).
  • Fixed bug #69287 (Upgrade bundled sqlite to 3.8.8.3).
  • Fixed bug #66550 (SQLite prepared statement use-after-free).

19 Mar 2015

• Core:
  • Fixed bug #69174 (leaks when unused inner class use traits precedence).
  • Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).
  • Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build).
  • Fixed bug #65593 (Segfault when calling ob_start from output buffering callback).
  • Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c).
  • Fixed bug #68166 (Exception with invalid character causes segv).
  • Fixed bug #69141 (Missing arguments in reflection info for some builtin functions).
  • Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (CVE-2015-2787)
  • Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options).
  • Fixed bug #69207 (move_uploaded_file allows nulls in path). (CVE-2015-2348)
• CGI:
  • Fixed bug #69015 (php-cgi's getopt does not see $argv).
• CLI:
  • Fixed bug #67741 (auto_prepend_file messes up __LINE__).
• cURL:
  • Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32).
  • Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl.
• Ereg:
  • Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (CVE-2015-2305)
• FPM:
  • Fixed bug #68822 (request time is reset too early).
• ODBC:
  • Fixed bug #68964 (Allowed memory size exhausted with odbc_exec).
• Opcache:
  • Fixed bug #69159 (Opcache causes problem when passing a variable variable to a function).
  • Fixed bug #69125 (Array numeric string as key).
  • Fixed bug #69038 (switch(SOMECONSTANT) misbehaves).
• OpenSSL:
  • Fixed bug #68912 (Segmentation fault at openssl_spki_new).
  • Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe socket timeouts).
  • Fixed bug #68920 (use strict peer_fingerprint input checks) (Daniel Lowrey)
  • Fixed bug #68879 (IP Address fields in subjectAltNames not used) (Daniel Lowrey)
  • Fixed bug #68265 (SAN match fails with trailing DNS dot) (Daniel Lowrey)
  • Fixed bug #67403 (Add signatureType to openssl_x509_parse) (Daniel Lowrey)
  • Fixed bug #69195 (Inconsistent stream crypto values across versions) (Daniel Lowrey)
• pgsql:
  • Fixed bug #68638 (pg_update() fails to store infinite values).
• Readline:
  • Fixed bug #69054 (Null dereference in readline_(read|write)_history() without parameters).
• SOAP:
  • Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()). (CVE-2015-4147, CVE-2015-4148)
• SPL:
  • Fixed bug #69108 ('Segmentation fault' when (de)serializing SplObjectStorage).
  • Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()).
• ZIP:
  • Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary). (CVE-2015-2331)

19 Mar 2015

• Core:
  • Fixed bug #69174 (leaks when unused inner class use traits precedence).
  • Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).
  • Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build).
  • Fixed bug #65593 (Segfault when calling ob_start from output buffering callback).
  • Fixed bug #69017 (Fail to push to the empty array with the constant value defined in class scope).
  • Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c).
  • Fixed bug #68166 (Exception with invalid character causes segv).
  • Fixed bug #69141 (Missing arguments in reflection info for some builtin functions).
  • Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (CVE-2015-2787)
  • Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options).
  • Fixed bug #69207 (move_uploaded_file allows nulls in path). (CVE-2015-2348)
• CGI:
  • Fixed bug #69015 (php-cgi's getopt does not see $argv).
• CLI:
  • Fixed bug #67741 (auto_prepend_file messes up __LINE__).
• cURL:
  • Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32).
  • Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl.
• Ereg:
  • Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (CVE-2015-2305)
• FPM:
  • Fixed bug #68822 (request time is reset too early).
• JSON :
  • Fixed bug #64695 (JSON_NUMERIC_CHECK has issues with strings that are numbers plus the letter e).
• ODBC:
  • Fixed bug #68964 (Allowed memory size exhausted with odbc_exec).
• Opcache:
  • Fixed bug #69125 (Array numeric string as key).
  • Fixed bug #69038 (switch(SOMECONSTANT) misbehaves).
• OpenSSL:
  • Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe socket timeouts).
• pgsql:
  • Fixed bug #68638 (pg_update() fails to store infinite values).
• Readline:
  • Fixed bug #69054 (Null dereference in readline_(read|write)_history() without parameters).
• SOAP:
  • Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()). (CVE-2015-4147, CVE-2015-4148)
• SPL:
  • Fixed bug #69108 ('Segmentation fault' when (de)serializing SplObjectStorage).
  • Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()).
• ZIP:
  • Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary). (CVE-2015-2331)

19 Feb 2015

• Core:
  • Fixed bug #67068 (getClosure returns somethings that's not a closure).
  • Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow).
  • Fixed bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). (CVE-2015-0273)
  • Added NULL byte protection to exec, system and passthru.
  • Removed support for multi-line headers, as they are deprecated by RFC 7230.
• Date:
  • Fixed bug #45081 (strtotime incorrectly interprets SGT time zone).
• Dba:
  • Fixed bug #68711 (useless comparisons).
• Enchant:
  • Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()). (CVE-2014-9705)
• Fileinfo:
  • Fixed bug #68827 (Double free with disabled ZMM).
• FPM:
  • Fixed bug #66479 (Wrong response to FCGI_GET_VALUES).
  • Fixed bug #68571 (core dump when webserver close the socket).
• Libxml:
  • Fixed bug #64938 (libxml_disable_entity_loader setting is shared between threads). (CVE-2015-8866)
• PDO_mysql:
  • Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of named pipes).
• Phar:
  • Fixed bug #68901 (use after free). (CVE-2015-2301)
• Pgsql:
  • Fixed bug #65199 (pg_copy_from() modifies input array variable).
• Sqlite3:
  • Fixed bug #68260 (SQLite3Result::fetchArray declares wrong required_num_args).
• Mysqli:
  • Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support).
  • Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient has rounding errors).
• Session:
  • Fixed bug #68941 (mod_files.sh is a bash-script).
  • Fixed bug #66623 (no EINTR check on flock).
  • Fixed bug #68063 (Empty session IDs do still start sessions).
• Standard:
  • Fixed bug #65272 (flock() out parameter not set correctly in windows).
  • Fixed bug #69033 (Request may get env. variables from previous requests if PHP works as FastCGI).
• Streams:
  • Fixed bug which caused call after final close on streams filter.

19 Feb 2015

• Core:
  • Removed support for multi-line headers, as they are deprecated by RFC 7230.
  • Fixed bug #67068 (getClosure returns somethings that's not a closure).
  • Fixed bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). (CVE-2015-0273)
  • Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow).
  • Fixed bug #67988 (htmlspecialchars() does not respect default_charset specified by ini_set).
  • Added NULL byte protection to exec, system and passthru.
• Dba:
  • Fixed bug #68711 (useless comparisons).
• Enchant:
  • Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()). (CVE-2014-9705)
• Fileinfo:
  • Fixed bug #68827 (Double free with disabled ZMM).
  • Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files correctly).
  • Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with some gifs).
• FPM:
  • Fixed bug #66479 (Wrong response to FCGI_GET_VALUES).
  • Fixed bug #68571 (core dump when webserver close the socket).
• JSON:
  • Fixed bug #50224 (json_encode() does not always encode a float as a float) by adding JSON_PRESERVE_ZERO_FRACTION.
• LIBXML:
  • Fixed bug #64938 (libxml_disable_entity_loader setting is shared between threads). (CVE-2015-8866)
• Mysqli:
  • Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support).
  • Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient has rounding errors).
• Opcache:
  • Fixed bug with try blocks being removed when extended_info opcode generation is turned on.
• PDO_mysql:
  • Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of named pipes).
• Phar:
  • Fixed bug #68901 (use after free). (CVE-2015-2301)
• Pgsql:
  • Fixed bug #65199 (pg_copy_from() modifies input array variable).
• Session:
  • Fixed bug #68941 (mod_files.sh is a bash-script).
  • Fixed bug #66623 (no EINTR check on flock).
  • Fixed bug #68063 (Empty session IDs do still start sessions).
• Sqlite3:
  • Fixed bug #68260 (SQLite3Result::fetchArray declares wrong required_num_args).
• Standard:
  • Fixed bug #65272 (flock() out parameter not set correctly in windows).
  • Fixed bug #69033 (Request may get env. variables from previous requests if PHP works as FastCGI).
• Streams:
  • Fixed bug which caused call after final close on streams filter.

22 Jan 2015

• Core:
  • Upgraded crypt_blowfish to version 1.3.
  • Fixed bug #60704 (unlink() bug with some files path).
  • Fixed bug #65419 (Inside trait, self::class != __CLASS__).
  • Fixed bug #68536 (pack for 64bits integer is broken on bigendian).
  • Fixed bug #55541 (errors spawn MessageBox, which blocks test automation).
  • Fixed bug #68297 (Application Popup provides too few information).
  • Fixed bug #65769 (localeconv() broken in TS builds).
  • Fixed bug #65230 (setting locale randomly broken).
  • Fixed bug #66764 (configure doesn't define EXPANDED_DATADIR / PHP_DATADIR correctly).
  • Fixed bug #68583 (Crash in timeout thread).
  • Fixed bug #65576 (Constructor from trait conflicts with inherited constructor).
  • Fixed bug #68676 (Explicit Double Free). (CVE-2014-9425)
  • Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()). (CVE-2015-0231)
• CGI:
  • Fixed bug #68618 (out of bounds read crashes php-cgi). (CVE-2014-9427)
• CLI server:
  • Fixed bug #68745 (Invalid HTTP requests make web server segfault).
• cURL:
  • Fixed bug #67643 (curl_multi_getcontent returns '' when CURLOPT_RETURNTRANSFER isn't set).
• Date:
  • Implemented FR #68268 (DatePeriod: Getter for start date, end date and interval).
• EXIF:
  • Fixed bug #68799 (Free called on uninitialized pointer). (CVE-2015-0232)
• Fileinfo:
  • Fixed bug #68398 (msooxml matches too many archives).
  • Fixed bug #68665 (invalid free in libmagic).
  • Fixed bug #68671 (incorrect expression in libmagic).
  • Removed readelf.c and related code from libmagic sources.
  • Fixed bug #68735 (fileinfo out-of-bounds memory access). (CVE-2014-9652)
• FPM:
  • Implemented FR #68526 (Implement POSIX Access Control List for UDS).
  • Fixed bug #68751 (listen.allowed_clients is broken).
• GD:
  • Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (CVE-2014-9709)
  • Implemented FR #68656 (Report gd library version).
• mbstring:
  • Fixed bug #68504 (--with-libmbfl configure option not present on Windows).
• Opcache:
  • Fixed bug #68644 (strlen incorrect : mbstring + func_overload=2 +UTF-8 + Opcache).
  • Fixed bug #67111 (Memory leak when using 'continue 2' inside two foreach loops).
• OpenSSL:
  • Improved handling of OPENSSL_KEYTYPE_EC keys.
• pcntl:
  • Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler when setting SIG_DFL).
• PCRE:
  • Fixed bug #66679 (Alignment Bug in PCRE 8.34 upstream).
• pgsql:
  • Fixed bug #68697 (lo_export return -1 on failure).
• PDO:
  • Fixed bug #68371 (PDO#getAttribute() cannot be called with platform-specifi attribute names).
• PDO_mysql:
  • Fixed bug #68424 (Add new PDO mysql connection attr to control multi statements option).
• SPL:
  • Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME breaks the RecursiveIterator).
  • Fixed bug #68479 (Added escape parameter to SplFileObject::fputcsv).
• SQLite:
  • Fixed bug #68120 (Update bundled libsqlite to 3.8.7.2).
• Streams:
  • Fixed bug #68532 (convert.base64-encode omits padding bytes).

22 Jan 2015

• Core:
  • Upgraded crypt_blowfish to version 1.3.
  • Fixed bug #60704 (unlink() bug with some files path).
  • Fixed bug #65419 (Inside trait, self::class != __CLASS__).
  • Fixed bug #65576 (Constructor from trait conflicts with inherited constructor).
  • Fixed bug #55541 (errors spawn MessageBox, which blocks test automation).
  • Fixed bug #68297 (Application Popup provides too few information).
  • Fixed bug #65769 (localeconv() broken in TS builds).
  • Fixed bug #65230 (setting locale randomly broken).
  • Fixed bug #66764 (configure doesn't define EXPANDED_DATADIR / PHP_DATADIR correctly).
  • Fixed bug #68583 (Crash in timeout thread).
  • Fixed bug #68676 (Explicit Double Free). (CVE-2014-9425)
  • Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()). (CVE-2015-0231)
• CGI:
  • Fixed bug #68618 (out of bounds read crashes php-cgi). (CVE-2014-9427)
• CLI server:
  • Fixed bug #68745 (Invalid HTTP requests make web server segfault).
• cURL:
  • Fixed bug #67643 (curl_multi_getcontent returns '' when CURLOPT_RETURNTRANSFER isn't set).
• EXIF:
  • Fixed bug #68799 (Free called on uninitialized pointer). (CVE-2015-0232)
• Fileinfo:
  • Fixed bug #68671 (incorrect expression in libmagic).
  • Fixed bug #68735 (fileinfo out-of-bounds memory access). (CVE-2014-9652)
  • Removed readelf.c and related code from libmagic sources.
• FPM:
  • Fixed bug #68751 (listen.allowed_clients is broken).
• GD:
  • Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (CVE-2014-9709)
• Mbstring:
  • Fixed bug #68504 (--with-libmbfl configure option not present on Windows).
• Mcrypt:
  • Fixed possible read after end of buffer and use after free.
• Opcache:
  • Fixed bug #67111 (Memory leak when using 'continue 2' inside two foreach loops).
• OpenSSL:
  • Fixed bug #55618 (use case-insensitive cert name matching).
• Pcntl:
  • Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler when setting SIG_DFL).
• PCRE:
  • Fixed bug #66679 (Alignment Bug in PCRE 8.34 upstream).
• pgsql:
  • Fixed bug #68697 (lo_export return -1 on failure).
• PDO:
  • Fixed bug #68371 (PDO#getAttribute() cannot be called with platform-specific attribute names).
• PDO_mysql:
  • Fixed bug #68424 (Add new PDO mysql connection attr to control multi statements option).
• SPL:
  • Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME breaks the RecursiveIterator).
  • Fixed bug #65213 (cannot cast SplFileInfo to boolean).
  • Fixed bug #68479 (Added escape parameter to SplFileObject::fputcsv).
• SQLite:
  • Fixed bug #68120 (Update bundled libsqlite to 3.8.7.2).
• Streams:
  • Fixed bug #68532 (convert.base64-encode omits padding bytes).

18 Dec 2014

• Core:
  • Fixed bug #68091 (Some Zend headers lack appropriate extern 'C' blocks).
  • Fixed bug #68104 (Segfault while pre-evaluating a disabled function).
  • Fixed bug #68185 ('Inconsistent insteadof definition.'- incorrectly triggered).
  • Fixed bug #68355 (Inconsistency in example php.ini comments).
  • Fixed bug #68370 ('unset($this)' can make the program crash).
  • Fixed bug #68422 (Incorrect argument reflection info for array_multisort()).
  • Fixed bug #68545 (NULL pointer dereference in unserialize.c).
  • Fixed bug #68446 (Array constant not accepted for array parameter default).
  • Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142)
• Date:
  • Fixed day_of_week function as it could sometimes return negative values internally.
• FPM:
  • Fixed bug #68381 (fpm_unix_init_main ignores log_level).
  • Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all addresses).
  • Fixed bug #68421 (access.format='%R' doesn't log ipv6 address).
  • Fixed bug #68423 (PHP-FPM will no longer load all pools).
  • Fixed bug #68428 (listen.allowed_clients is IPv4 only).
  • Fixed bug #68452 (php-fpm man page is oudated).
  • Implemented FR #68458 (Change pm.start_servers default warning to notice).
  • Fixed bug #68463 (listen.allowed_clients can silently result in no allowed access).
  • Implemented FR #68391 (php-fpm conf files loading order).
  • Fixed bug #68478 (access.log don't use prefix).
• Mcrypt:
  • Fixed possible read after end of buffer and use after free.
• GMP:
  • Fixed bug #68419 (build error with gmp 4.1).
• PDO_pgsql:
  • Fixed bug #67462 (PDO_PGSQL::beginTransaction() wrongly throws exception when not in transaction).
  • Fixed bug #68351 (PDO::PARAM_BOOL and ATTR_EMULATE_PREPARES misbehaving).
• Session:
  • Fixed bug #68331 (Session custom storage callable functions not being called).
• SOAP:
  • Fixed bug #68361 (Segmentation fault on SoapClient::__getTypes).
• zlib:
  • Fixed bug #53829 (Compiling PHP with large file support will replace function gzopen by gzopen64).

18 Dec 2014

• Core:
  • Fixed bug #68091 (Some Zend headers lack appropriate extern 'C' blocks).
  • Fixed bug #68185 ('Inconsistent insteadof definition.'- incorrectly triggered).
  • Fixed bug #68370 ('unset($this)' can make the program crash).
  • Fixed bug #68545 (NULL pointer dereference in unserialize.c).
  • Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142)
• Date:
  • Fixed day_of_week function as it could sometimes return negative values internally.
• FPM:
  • Fixed bug #68381 (fpm_unix_init_main ignores log_level).
  • Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all addresses).
  • Fixed bug #68421 (access.format='%R' doesn't log ipv6 address).
  • Fixed bug #68423 (PHP-FPM will no longer load all pools).
  • Fixed bug #68428 (listen.allowed_clients is IPv4 only).
  • Fixed bug #68452 (php-fpm man page is oudated).
  • Fixed bug #68458 (Change pm.start_servers default warning to notice).
  • Fixed bug #68463 (listen.allowed_clients can silently result in no allowed access).
  • Fixed bug #68391 (php-fpm conf files loading order).
  • Fixed bug #68478 (access.log don't use prefix).
• Mcrypt:
  • Fixed possible read after end of buffer and use after free.
• PDO_pgsql:
  • Fixed bug #66584 (Segmentation fault on statement deallocation).
  • Fixed bug #67462 (PDO_PGSQL::beginTransaction() wrongly throws exception when not in transaction).
  • Fixed bug #68351 (PDO::PARAM_BOOL and ATTR_EMULATE_PREPARES misbehaving).
• SOAP:
  • Fixed bug #68361 (Segmentation fault on SoapClient::__getTypes).
• zlib:
  • Fixed bug #53829 (Compiling PHP with large file support will replace function gzopen by gzopen64).

13 Nov 2014

• Core:
  • Implemented 64-bit format codes for pack() and unpack().
  • Fixed bug #51800 (proc_open on Windows hangs forever).
  • Fixed bug #67633 (A foreach on an array returned from a function not doing copy-on-write).
  • Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported as 6.2 (instead of 6.3)).
  • Fixed bug #67949 (DOMNodeList elements should be accessible through array notation).
  • Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in php_getopt()).
  • Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined).
  • Fixed bug #68129 (parse_url() - incomplete support for empty usernames and passwords).
  • Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy).
• CURL:
  • Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl.
• Fileinfo:
  • Fixed bug #66242 (libmagic: don't assume char is signed).
  • Fixed bug #68224 (buffer-overflow in libmagic/readcdf.c caught by AddressSanitizer).
  • Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
• FPM:
  • Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache, mod_proxy-fcgi and ProxyPass).
  • Implemented FR #55508 (listen and listen.allowed_clients should take IPv6 addresses).
• GD:
  • Fixed bug #65171 (imagescale() fails without height param).
• GMP:
  • Implemented gmp_random_range() and gmp_random_bits().
  • Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP).
• Mysqli:
  • Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support).
• ODBC:
  • Fixed bug #68087 (ODBC not correctly reading DATE column when preceded by a VARCHAR column).
• OpenSSL:
  • Fixed bug #68074 (Allow to use system cipher list instead of hardcoded value).
• PDO_pgsql:
  • Fixed bug #68199 (PDO::pgsqlGetNotify doesn't support NOTIFY payloads).
  • Fixed bug #66584 (Segmentation fault on statement deallocation).
• Reflection:
  • Fixed bug #68103 (Duplicate entry in Reflection for class alias).
• SPL:
  • Fixed bug #68128 (Regression in RecursiveRegexIterator).

13 Nov 2014

• Core:
  • Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in php_getopt()).
  • Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined).
  • Fixed bug #68129 (parse_url() - incomplete support for empty usernames and passwords).
  • Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy).
• cURL:
  • Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl.
• Fileinfo:
  • Fixed bug #66242 (libmagic: don't assume char is signed).
  • Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
• FPM:
  • Implemented FR #55508 (listen and listen.allowed_clients should take IPv6 addresses.
• GD:
  • Fixed bug #65171imagescale() fails without height param
• GMP:
  • Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP).
• Mysqli:
  • Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support).
• ODBC:
  • Fixed bug #68087 (ODBC not correctly reading DATE column when preceded by a VARCHAR column)
• SPL:
  • Fixed bug #68128 (Regression in RecursiveRegexIterator)

16 Oct 2014

• Core:
  • Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669)
• cURL:
  • Fixed bug #68089 (NULL byte injection - cURL lib).
• EXIF:
  • Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
• XMLRPC:
  • Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668)

16 Oct 2014

• Core:
  • Fixed bug #67985 (Incorrect last used array index copied to new array after unset).
  • Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported as 6.2 (instead of 6.3)).
  • Fixed bug #67633 (A foreach on an array returned from a function not doing copy-on-write).
  • Fixed bug #51800 (proc_open on Windows hangs forever).
  • Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669)
• cURL:
  • Fixed bug #68089 (NULL byte injection - cURL lib).
• Exif:
  • Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
• FPM:
  • Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache, mod_proxy-fcgi and ProxyPass).
• OpenSSL:
  • Revert regression introduced by fix of bug #41631.
• Reflection:
  • Fixed bug #68103 (Duplicate entry in Reflection for class alias).
• Session:
  • Fixed bug #67972 (SessionHandler Invalid memory read create_sid()).
• XMLRPC:
  • Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668)

02 Oct 2014

• Core:
  • Implemented FR #38409 (parse_ini_file() loses the type of booleans).
  • Fixed bug #65463 (SIGSEGV during zend_shutdown()).
  • Fixed bug #66036 (Crash on SIGTERM in apache process).
  • Fixed bug #67878 (program_prefix not honoured in man pages).
  • Fixed bug #67938 (Segfault when extending interface method with variadic).
  • Fixed bug #67985 (Incorrect last used array index copied to new array after unset).
  • Fixed bug #68088 (New Posthandler Potential Illegal efree() vulnerability). (CVE-2014-3622)
• DOM:
  • Made DOMNode::textContent writeable.
• Fileinfo:
  • Fixed bug #67731 (finfo::file() returns invalid mime type for binary files).
• GD:
  • Made fontFetch's path parser thread-safe.
• GMP:
  • Fixed bug #67917 (Using GMP objects with overloaded operators can cause memory exhaustion).
  • Fixed bug #50175 (gmp_init() results 0 on given base and number starting with 0x or 0b).
  • Implemented gmp_import() and gmp_export().
• MySQLi:
  • Fixed bug #67839 (mysqli does not handle 4-byte floats correctly).
• OpenSSL:
  • Fixed bug #67850 (extension won't build if openssl compiled without SSLv3).
• phpdbg:
  • Fixed issue GH-111 (compile error without ZEND_SIGNALS).
• SOAP:
  • Fixed bug #67955 (SoapClient prepends 0-byte to cookie names).
• Session:
  • Fixed bug #67972 (SessionHandler Invalid memory read create_sid()).
• Sysvsem:
  • Implemented FR #67990 (Add optional nowait argument to sem_acquire).

18 Sep 2014

• Core:
  • Fixed bug #47358 (glob returns error, should be empty array()).
  • Fixed bug #65463 (SIGSEGV during zend_shutdown()).
  • Fixed bug #66036 (Crash on SIGTERM in apache process).
  • Fixed bug #67878 (program_prefix not honoured in man pages).
• COM:
  • Fixed bug #41577 (DOTNET is successful once per server run).
• Date:
  • Fixed bug #66091 (memory leaks in DateTime constructor).
  • Fixed bug #66985 (Some timezones are no longer valid in PHP 5.5.10).
  • Fixed bug #67109 (First uppercase letter breaks date string parsing).
• FPM:
  • Fixed bug #67606 (FPM with mod_fastcgi/apache2.4 is broken).
• GD:
  • Made fontFetch's path parser thread-safe.
• MySQLi:
  • Fixed bug #67839 (mysqli does not handle 4-byte floats correctly).
• OpenSSL:
  • Fixed bug #41631 (socket timeouts not honored in blocking SSL reads).
  • Fixed bug #67850 (extension won't build if openssl compiled without SSLv3).
• SPL:
  • Fixed bug #67813 (CachingIterator::__construct InvalidArgumentException wrong message).
• Zlib:
  • Fixed bug #67724 (chained zlib filters silently fail with large amounts of data).
  • Fixed bug #67865 (internal corruption phar error).

28 Aug 2014

• General improvements:
  • Added constant scalar expressions syntax.
  • Added dedicated syntax for variadic functions.
  • Added support for argument unpacking to complement the variadic syntax.
  • Added an exponentiation operator (**).
  • Added phpdbg SAPI.
  • Added unified default encoding.
  • The php://input stream is now re-usable and can be used concurrently with enable_post_data_reading=0.
  • Added use function and use const..
  • Added a function for timing attack safe string comparison.
  • Added the __debugInfo() magic method to allow userland classes to implement the get_debug_info API previously available only to extensions.
  • Added gost-crypto (CryptoPro S-box) hash algorithm.
  • Stream wrappers verify peer certificates and host names by default in encrypted client streams.
  • Uploads equal or greater than 2GB in size are now accepted.
• Core:
  • Fixed bug #67693 (incorrect push to the empty array).
  • Removed inconsistency regarding behaviour of array in constants at run-time.
  • Fixed bug #67497 (eval with parse error causes segmentation fault in generator).
  • Fixed bug #67151 (strtr with empty array crashes).
  • Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server 2012).
  • Fixed bug #66608 (Incorrect behavior with nested 'finally' blocks).
  • Implemented FR #34407 (ucwords and Title Case).
  • Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0).
  • Fixed bug #67368 (Memory leak with immediately dereferenced array in class constant).
  • Fixed bug #67468 (Segfault in highlight_file()/highlight_string()).
  • Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability). (CVE-2014-4721)
  • Fixed bug #67551 (php://input temp file will be located in sys_temp_dir instead of upload_tmp_dir).
  • Fixed bug #67169 (array_splice all elements, then []= gives wrong index).
  • Fixed bug #67198 (php://input regression).
  • Fixed bug #67247 (spl_fixedarray_resize integer overflow).
  • Fixed bug #67250 (iptcparse out-of-bounds read).
  • Fixed bug #67252 (convert_uudecode out-of-bounds read).
  • Fixed bug #67249 (printf out-of-bounds read).
  • Implemented FR #64744 (Differentiate between member function call on a null and non-null, non-objects).
  • Fixed bug #67436 (Autoloader isn't called if two method definitions don't match).
  • Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases).
  • Fixed bug #67390 (insecure temporary file use in the configure script). (CVE-2014-3981)
  • Fixed bug #67392 (dtrace breaks argument unpack).
  • Fixed bug #67428 (header('Location: foo') will override a 308-399 response code).
  • Fixed bug #67433 (SIGSEGV when using count() on an object implementing Countable).
  • Fixed bug #67399 (putenv with empty variable may lead to crash).
  • Expose get_debug_info class hook as __debugInfo() magic method.
  • Implemented unified default encoding (RFC: https://wiki.php.net/rfc/default_encoding).
  • Added T_POW (**) operator (RFC: https://wiki.php.net/rfc/pow-operator).
  • Improved IS_VAR operands fetching.
  • Improved empty string handling. Now ZE uses an interned string instead of allocation new empty string each time.
  • Implemented internal operator overloading (RFC: https://wiki.php.net/rfc/operator_overloading_gmp).
  • Made calls from incompatible context issue an E_DEPRECATED warning instead of E_STRICT (phase 1 of RFC: https://wiki.php.net/rfc/incompat_ctx).
  • Uploads equal or greater than 2GB in size are now accepted.
  • Reduced POST data memory usage by 200-300%. Changed INI setting always_populate_raw_post_data to throw a deprecation warning when enabling and to accept -1 for never populating the $HTTP_RAW_POST_DATA global variable, which will be the default in future PHP versions.
  • Implemented dedicated syntax for variadic functions (RFC: https://wiki.php.net/rfc/variadics).
  • Fixed bug #50333 Improving multi-threaded scalability by using emalloc/efree/estrdup (Anatol, Dmitry)
  • Implemented constant scalar expressions (with support for constants) (RFC: https://wiki.php.net/rfc/const_scalar_exprs).
  • Fixed bug #65784 (Segfault with finally).
  • Fixed bug #66509 (copy() arginfo has changed starting from 5.4).
  • Allow zero length comparison in substr_compare() (Tjerk)
  • Fixed bug #60602 (proc_open() changes environment array) (Tjerk)
  • Fixed bug #61019 (Out of memory on command stream_get_contents).
  • Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace UNIX sockets).
  • Fixed bug #66182 (exit in stream filter produces segfault).
  • Fixed bug #66736 (fpassthru broken).
  • Fixed bug #66822 (Cannot use T_POW in const expression) (Tjerk)
  • Fixed bug #67043 (substr_compare broke by previous change) (Tjerk)
  • Fixed bug #65701 (copy() doesn't work when destination filename is created by tempnam()).
  • Fixed bug #66015 (Unexpected array indexing in class's static property).
  • Added (constant) string/array dereferencing to static scalar expressions to complete the set; now possible thanks to #66015 being fixed.
  • Fixed bug #66568 (Update reflection information for unserialize() function).
  • Fixed bug #66660 (Composer.phar install/update fails).
  • Fixed bug #67024 (getimagesize should recognize BMP files with negative height).
  • Fixed bug #67064 (Countable interface prevents using 2nd parameter ($mode) of count() function).
  • Fixed bug #67072 (Echoing unserialized 'SplFileObject' crash).
  • Fixed bug #67033 (Remove reference to Windows 95).
• Apache2 Handler SAPI:
  • Fixed Apache log issue caused by APR's lack of support for %zu (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120).
• CLI server:
  • Added some MIME types to the CLI web server.
  • Fixed bug #67079 (Missing MIME types for XML/XSL files).
  • Fixed bug #66830 (Empty header causes PHP built-in web server to hang).
  • Fixed bug #67594 (Unable to access to apache_request_headers() elements).
  • Implemented FR #67429 (CLI server is missing some new HTTP response codes).
  • Fixed bug #67406 (built-in web-server segfaults on startup).
• COM:
  • Fixed bug #41577 (DOTNET is successful once per server run) (Aidas Kasparas)
  • Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas).
  • Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)).
• Curl:
  • Implemented FR #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir or safe_mode).
  • Check for openssl.cafile ini directive when loading CA certs.
  • Remove cURL close policy related constants as these have no effect and are no longer used in libcurl.
  • Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour) (Tjerk)
  • Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive.
  • Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset).
  • Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
• Date:
  • Fixed bug #66060 (Heap buffer over-read in DateInterval). (CVE-2013-6712)
  • Fixed bug #66091 (memory leaks in DateTime constructor) (Tjerk).
  • Fixed bug #67308 (Serialize of DateTime truncates fractions of second).
  • Fixed regression in fix for #67118 (constructor can't be called twice).
  • Fixed bug #67251 (date_parse_from_format out-of-bounds read).
  • Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read).
  • Added DateTimeImmutable::createFromMutable to create a DateTimeImmutable object from an existing DateTime (mutable) object (Derick)
  • Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is supplied).
  • Fixed bug #67118 (DateTime constructor crash with invalid data).
• DOM:
  • Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset).
• Embed:
  • Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol).
• Fileinfo:
  • Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587)
  • Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538)
  • Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS). (CVE-2014-0238)
  • Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation). (CVE-2014-0237)
  • Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)
  • Fixed bug #67329 (fileinfo: NULL pointer deference flaw by processing certain CDF files). (CVE-2014-0236)
  • Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478)
  • Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479)
  • Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (CVE-2014-3480)
  • Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487)
  • Upgraded to libmagic-5.17 (Anatol)
  • Fixed bug #66731 (file: infinite recursion). (CVE-2014-1943)
  • Fixed bug #66820 (out-of-bounds memory access in fileinfo). (CVE-2014-2270)
  • Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular expression). (CVE-2013-7345)
  • Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
  • Fixed bug #66907 (Solaris 10 is missing strcasestr and needs substitute).
  • Fixed bug #66307 (Fileinfo crashes with powerpoint files).
• FPM:
  • Fixed bug #67606 (revised fix 67541, broke mod_fastcgi BC).
  • Fixed bug #67530 (error_log=syslog ignored).
  • Fixed bug #67635 (php links to systemd libraries without using pkg-config).
  • Fixed bug #67531 (syslog cannot be set in pool configuration).
  • Fixed bug #67541 (Fix Apache 2.4.10+ SetHandler proxy:fcgi:// incompatibilities).
  • Included apparmor support in fpm (RFC: https://wiki.php.net/rfc/fpm_change_hat).
  • Added clear_env configuration directive to disable clearenv() call.
  • Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
  • Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
  • Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure default configuration). (CVE-2014-0185)
• GD:
  • Fixed bug #67730 (Null byte injection possible with imagexxx functions). (CVE-2014-5120)
  • Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497)
  • Fixed bug #67248 (imageaffinematrixget missing check of parameters).
  • Fixed imagettftext to load the correct character map rather than the last one.
  • Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop()). (CVE-2013-7226)
  • Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer). (CVE-2013-7327)
  • Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget).
  • Fixed bug #66887 (imagescale - poor quality of scaled image).
  • Fixed bug #66890 (imagescale segfault).
  • Fixed bug #66893 (imagescale ignore method argument).
• GMP:
  • Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre)
  • Fixed crashes in serialize/unserialize.
  • Moved GMP to use object as the underlying structure and implemented various improvements based on this.
  • Added gmp_root() and gmp_rootrem() functions for calculating nth roots.
• Hash:
  • Added gost-crypto (CryptoPro S-box) GOST hash algo.
  • Fixed bug #66698 (Missing FNV1a32 and FNV1a64 hash functions). (Michael M Slusarz).
  • Implemented timing attack safe string comparison function (RFC: https://wiki.php.net/rfc/timing_attack).
  • hash_pbkdf2() now works correctly if the $length argument is not specified.
• Intl:
  • Fixed bug #66873 (A reproductible crash in UConverter when given invalid encoding) (Stas)
  • Fixed bug #66921 (Wrong argument type hint for function intltz_from_date_time_zone).
  • Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting).
  • Fixed bug #67349 (Locale::parseLocale Double Free).
  • Fixed bug #67397 (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)).
• JSON:
  • Fixed case part of bug #64874 ('json_decode handles whitespace and case-sensitivity incorrectly')
  • Fixed bug #65753 (JsonSerializeable couldn't implement on module extension) (chobieeee@php.net)
  • Fixed bug #66021 (Blank line inside empty array/object when JSON_PRETTY_PRINT is set).
• ldap:
  • Added new function ldap_modify_batch().
  • Fixed issue with null bytes in LDAP bindings.
• litespeed:
  • Fixed bug #63228 (-Werror=format-security error in lsapi code).
• Mail:
  • Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)
• Mcrypt:
  • No longer allow invalid key sizes, invalid IV sizes or missing required IV in mcrypt_encrypt, mcrypt_decrypt and the deprecated mode functions.
  • Use /dev/urandom as the default source for mcrypt_create_iv().
• Mbstring:
  • Upgraded to oniguruma 5.9.5 (Anatol)
  • Fixed bug #67199 (mb_regex_encoding mismatch).
• Milter:
  • Fixed bug #67715 (php-milter does not build and crashes randomly).
• mysqli:
  • Added new function mysqli_get_links_stats() as well as new INI variable mysqli.rollback_on_cached_plink of type bool (Andrey)
  • Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed) (Remi)
  • Fixed building against an external libmysqlclient.
• mysqlnd:
  • Disabled flag for SP OUT variables for 5.5+ servers as they are not natively supported by the overlying APIs.
  • Added a new fetching mode to mysqlnd.
  • Added support for gb18030 from MySQL 5.7.
• Network:
  • Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597)
  • Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049)
• OCI8:
  • Fixed bug #66875 (Improve performance of multi-row OCI_RETURN_LOB queries) (Perrier, Chris Jones)
• ODBC:
  • Fixed bug #60616 (odbc_fetch_into returns junk at end of multi-byte char fields).
• OpenSSL:
  • Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).
  • Fixed bug #67609 (TLS connections fail behind HTTP proxy).
  • Fixed broken build against OpenSSL older than 0.9.8 where ECDH unavailable.
  • Fixed bug #67666 (Subject altNames doesn't support wildcard matching).
  • Fixed bug #67224 (Fall back to crypto_type from context if not specified explicitly in stream_socket_enable_crypto).
  • Fixed bug #65698 (certificates validity parsing does not work past 2050).
  • Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).
  • Peer certificates now verified by default in client socket operations (RFC: https://wiki.php.net/rfc/tls-peer-verification).
  • New openssl.cafile and openssl.capath ini directives.
  • Added crypto_method option for the ssl stream context.
  • Added certificate fingerprint support.
  • Added explicit TLSv1.1 and TLSv1.2 stream transports.
  • Fixed bug #65729 (CN_match gives false positive).
  • Peer name verification matches SAN DNS names for certs using the Subject Alternative Name x509 extension.
  • Fixed segfault when built against OpenSSL>=1.0.1 (Daniel Lowrey)
  • Added SPKAC support.
  • Fallback to Windows CA cert store for peer verification if no openssl.cafile ini directive or 'cafile' SSL context option specified in Windows.
  • The openssl.cafile and openssl.capath ini directives introduced in alpha2 now have PHP_INI_PERDIR accessibility (was PHP_INI_ALL).
  • New 'peer_name' SSL context option replaces 'CN_match' (which still works as before but triggers E_DEPRECATED).
  • Fixed segfault when accessing non-existent context for client SNI use (Daniel Lowrey)
  • Fixed bug #66501 (Add EC key support to php_openssl_is_private_key).
  • Fixed bug #47030 (add new boolean 'verify_peer_name' SSL context option allowing clients to verify cert names separately from the cert itself). 'verify_peer_name' is enabled by default for client streams.
  • Fixed bug #65538 ('cafile' SSL context option now supports stream wrappers).
  • New openssl_get_cert_locations() function to aid CA file and peer verification debugging.
  • Encrypted stream wrappers now disable TLS compression by default.
  • New 'capture_session_meta' SSL context option allows encrypted client and server streams access to negotiated protocol/cipher information.
  • New 'honor_cipher_order' SSL context option allows servers to prioritize cipher suites of their choosing when negotiating SSL/TLS handshakes.
  • New 'single_ecdh_use' and 'single_dh_use' SSL context options allow for improved forward secrecy in encrypted stream servers.
  • New 'dh_param' SSL context option allows stream servers control over the parameters when negotiating DHE cipher suites.
  • New 'ecdh_curve' SSL context option allowing stream servers to specify the curve to use when negotiating ephemeral ECDHE ciphers (defaults to NIST P-256).
  • New 'rsa_key_size' SSL context option gives stream servers control over the key size (in bits) used for RSA key agreements.
  • Crypto methods for encrypted client and server streams now use bitwise flags for fine-grained protocol support.
  • Added new tlsv1.0 stream wrapper to specify TLSv1 client/server method. tls wrapper now negotiates TLSv1, TLSv1.1 or TLSv1.2.
  • Encrypted client streams now enable SNI by default.
  • Encrypted streams now prioritize ephemeral key agreement and high strength ciphers by default.
  • New OPENSSL_DEFAULT_STREAM_CIPHERS constant exposes default cipher list.
  • New STREAM_CRYPTO_METHOD_* constants for enhanced control over the crypto methods negotiated encrypted server/client sessions.
  • Encrypted stream servers now automatically mitigate potential DoS vector arising from client-initiated TLS renegotiation. New 'reneg_limit', 'reneg_window' and 'reneg_limit_callback' SSL context options for custom renegotiation limiting control.
  • Fixed memory leak in windows cert verification on verify failure.
  • Peer certificate capturing via SSL context options now functions even if peer verification fails.
  • Encrypted TLS servers now support the server name indication TLS extension via the new 'SNI_server_certs' SSL context option.
  • Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1).
  • Fixed bug #66942 (memory leak in openssl_seal()).
  • Fixed bug #66952 (memory leak in openssl_open()).
  • Fixed bug #66840 (Fix broken build when extension built separately).
• OPcache:
  • Added an optimization of class constants and constant calls to some internal functions (Laruence, Dmitry)
  • Added an optimization pass to convert FCALL_BY_NAME into DO_FCALL.
  • Added an optimization pass to merged identical constants (and related cache_slots) in op_array->literals table.
  • Added script level constant replacement optimization pass.
  • Added function opcache_is_script_cached().
  • Added information about interned strings usage.
  • Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault happen) (Dmitry, Laruence)
• PCRE:
  • Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch from the upstream).
  • Upgraded to PCRE 8.34.
  • Added support for (*MARK) backtracking verbs.
• pgsql:
  • Fixed bug #67550 (Error in code 'form' instead of 'from', pgsql.c, line 756), which affected builds against libpq < 7.3.
  • pg_insert()/pg_select()/pg_update()/pg_delete() are no longer EXPERIMENTAL.
  • Implemented FR #25854 (Return value for pg_insert should be resource instead of bool).
  • Implemented FR #41146 (Add 'description' with exteneded flag pg_meta_data(). pg_meta_data(resource $conn, string $table [, bool extended]) It also made pg_meta_data() return 'is enum' always).
  • Read-only access to the socket stream underlying database connections is exposed via a new pg_socket() function to allow read/write polling when establishing asynchronous connections and executing queries in non-blocking applications.
  • Asynchronous connections are now possible using the PGSQL_CONNECT_ASYNC flag in conjunction with a new pg_connect_poll() function and connection polling status constants.
  • New pg_flush() and pg_consume_input() functions added to manually complete non-blocking reads/writes to underlying connection sockets.
  • pg_version() returns full report which obtained by PQparameterStatus().
  • Added pg_lo_truncate().
  • Added 64bit large object support for PostgreSQL 9.3 and later.
  • Fixed bug #67555 (Cannot build against libpq 7.3).
• phpdbg:
  • Fixed bug #67575 (Compilation fails for phpdbg when the build directory != src directory).
  • Fixed bug #67499 (readline feature not enabled when build with libedit).
  • Fixed issue GH-94 (List behavior is inconsistent).
  • Fixed issue GH-97 (The prompt should always ensure it is on a newline).
  • Fixed issue GH-98 (break if does not seem to work).
  • Fixed issue GH-99 (register function has the same behavior as run).
  • Fixed issue GH-100 (No way to list the current stack/frames) (Help entry was missing).
  • Fixed bug which caused phpdbg to fail immediately on startup in non-debug builds.
  • Fixed bug #67212 (phpdbg uses non-standard TIOCGWINSZ).
  • Included phpdbg sapi (RFC: https://wiki.php.net/rfc/phpdbg).
  • Added watchpoints (watch command).
  • Renamed some commands (next => continue and how to step).
  • Fixed issue GH-85 (Added stdin/stdout/stderr constants and their php:// wrappers).
• PDO:
  • Fixed bug #66604 ('pdo/php_pdo_error.h' not copied to the include dir).
• PDO-ODBC:
  • Fixed bug #50444 (PDO-ODBC changes for 64-bit).
• PDO_pgsql:
  • Fixed bug #42614 (PDO_pgsql: add pg_get_notify support).
  • Fixed bug #63657 (pgsqlCopyFromFile, pgsqlCopyToArray use Postgres < 7.3 syntax).
  • Cleaned up code by increasing the requirements to libpq versions providing PQexecParams, PQprepare, PQescapeStringConn, PQescapeByteaConn. According to the release notes that means 8.0.8+ or 8.1.4+.
  • Deprecated PDO::PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT, an undocument constant effectively equivalent to PDO::ATTR_EMULATE_PREPARES.
  • Added PDO::PGSQL_ATTR_DISABLE_PREPARES constant to execute the queries without preparing them, while still passing parameters separately from the command text using PQexecParams.
• PDO_firebird:
  • Fixed bug #66071 (memory corruption in error handling) (Popa)
• Phar:
  • Fixed bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name).
  • Fixed bug #67587 (Redirection loop on nginx with FPM).
• readline:
  • Fixed bug #55496 (Interactive mode doesn't force a newline before the prompt).
  • Fixed bug #67496 (Save command history when exiting interactive shell with control-c).
• Reflection:
  • Implemented FR #67713 (loosen the restrictions on ReflectionClass::newInstanceWithoutConstructor()).
• Session:
  • Fixed bug #67694 (Regression in session_regenerate_id()).
  • Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).
  • Fixed bug #66827 (Session raises E_NOTICE when session name variable is array).
  • Fixed bug #65315 (session.hash_function silently fallback to default md5) (Yasuo)
  • Implemented FR #17860 (Session write short circuit).
  • Implemented FR #20421 (session_abort() and session_reset() function).
  • Remove session_gc() and session_serializer_name() wich were introduced in the first 5.6.0 alpha.
• SimpleXML:
  • Fixed bug #66084 (simplexml_load_string() mangles empty node name) (Anatol)
• SQLite:
  • Updated the bundled libsqlite to the version 3.8.3.1 (Anatol)
  • Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3).
• SOAP:
  • Implemented FR #49898 (Add SoapClient::__getCookies()).
• SPL:
  • Revert fix for #67064 (BC issues).
  • Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting). (CVE-2014-4698)
  • Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670)
  • Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion). (CVE-2014-3515)
  • Fixed bug #67359 (Segfault in recursiveDirectoryIterator).
  • Fixed bug #66127 (Segmentation fault with ArrayObject unset).
  • Implemented FR #67453 (Allow to unserialize empty data).
  • Fixed bug #66834 (empty() does not work on classes that extend ArrayObject) (Tjerk)
  • Fixed bug #66702 (RegexIterator::INVERT_MATCH does not invert).
• Standard:
  • Implemented FR #65634 (HTTP wrapper is very slow with protocol_version 1.1).
  • Implemented Change crypt() behavior w/o salt RFC. (Yasuo) https://wiki.php.net/rfc/crypt_function_salt
  • Implemented FR #49824 (Change array_fill() to allow creating empty array).
• Streams:
  • Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects).
• Tokenizer:
  • Fixed bug #67395 (token_name() does not return name for T_POW and T_POW_EQUAL token).
• XMLReader:
  • Fixed bug #55285 (XMLReader::getAttribute/No/Ns methods inconsistency).
• XSL:
  • Fixed bug #53965 (<xsl:include> cannot find files with relative paths when loaded with 'file://').
• Zip:
  • update libzip to version 0.11.2. PHP doesn't use any ilibzip private symbol anymore.
  • new method ZipArchive::setPassword($password).
  • add --with-libzip option to build with system libzip.
  • new methods: ZipArchive::setExternalAttributesName($name, $opsys, $attr [, $flags]) ZipArchive::setExternalAttributesIndex($idx, $opsys, $attr [, $flags]) ZipArchive::getExternalAttributesName($name, &$opsys, &$attr [, $flags]) ZipArchive::getExternalAttributesIndex($idx, &$opsys, &$attr [, $flags])
• Zlib:
  • Fixed bug #67865 (internal corruption phar error). Mike
  • Fixed bug #67724 (chained zlib filters silently fail with large amounts of data).

21 Aug 2014

• COM:
  • Fixed missing type checks in com_event_sink.
• Core:
  • Fixed bug #67693 (incorrect push to the empty array).
• Fileinfo:
  • Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538)
  • Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587).
• FPM:
  • Fixed bug #67635 (php links to systemd libraries without using pkg-config).
• GD:
  • Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497)
  • Fixed bug #67730 (Null byte injection possible with imagexxx functions). (CVE-2014-5120).
• Milter:
  • Fixed bug #67715 (php-milter does not build and crashes randomly).
• Network:
  • Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597).
• OpenSSL:
  • Fixed missing type checks in OpenSSL options.
• readline:
  • Fixed bug #55496 (Interactive mode doesn't force a newline before the prompt).
  • Fixed bug #67496 (Save command history when exiting interactive shell with control-c).
• Sessions:
  • Fixed missing type checks in php_session_create_id.
• ODBC:
  • Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte char fields).

14 Aug 2014

• Core:
  • Fixed bug #66127 (Segmentation fault with ArrayObject unset).
  • Fixed bug #67247 (spl_fixedarray_resize integer overflow).
  • Fixed bug #67249 (printf out-of-bounds read).
  • Fixed bug #67250 (iptcparse out-of-bounds read).
  • Fixed bug #67252 (convert_uudecode out-of-bounds read).
  • Fixed bug #67359 (Segfault in recursiveDirectoryIterator).
  • Fixed bug #67390 (insecure temporary file use in the configure script). (CVE-2014-3981)
  • Fixed bug #67399 (putenv with empty variable may lead to crash).
  • Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515).
  • Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability). (CVE-2014-4721)
• COM:
  • Fixed missing type checks in com_event_sink.
• Date:
  • Fixed bug #66060 (Heap buffer over-read in DateInterval). (CVE-2013-6712)
  • Fixed bug #67251 (date_parse_from_format out-of-bounds read).
  • Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read).
• Exif:
  • Fixed bug #65873 (Integer overflow in exif_read_data()).
• Fileinfo:
  • Fixed bug #66307 (Fileinfo crashes with powerpoint files).
  • Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)
  • Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS). (CVE-2014-0238)
  • Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation). (CVE-2014-0237)
  • Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size) (CVE-2014-3478).
  • Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check) (CVE-2014-3479).
  • Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check) (CVE-2014-3480).
  • Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check) (CVE-2014-3487).
• Intl:
  • Fixed bug #67349 (Locale::parseLocale Double Free).
  • Fixed bug #67397 (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)).
• Network:
  • Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049)
• OpenSSL:
  • Fixed missing type checks in OpenSSL options.
• Session:
  • Fixed missing type checks in php_session_create_id.

24 Jul 2014

• CLI server:
  • Fixed bug #67429 (CLI server is missing some new HTTP response codes).
  • Fixed bug #66830 (Empty header causes PHP built-in web server to hang).
• Core:
  • Fixed bug #67428 (header('Location: foo') will override a 308-399 response code).
  • Fixed bug #67436 (Autoloader isn't called if two method definitions don't match).
  • Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0).
  • Fixed bug #67497 eval with parse error causes segmentation fault in generator).
  • Fixed bug #67151 (strtr with empty array crashes).
  • Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server 2012).
• FPM:
  • Fixed bug #67530 (error_log=syslog ignored).
  • Fixed bug #67531 (syslog cannot be set in pool configuratio).
• Intl:
  • Fixed bug #66921 (Wrong argument type hint for function intltz_from_date_time_zone).
  • Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting).
• OPCache:
  • Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault happen).
• pgsql:
  • Fixed bug #67550 (Error in code 'form' instead of 'from', pgsql.c, line 756), which affected builds against libpq < 7.3).
• Phar:
  • Fixed bug #67587 (Redirection loop on nginx with FPM).
• SPL:
  • Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting). (CVE-2014-4698)
  • Fixed bug #67538 (SPL Iterators use-after-free) (CVE-2014-4670).
• Streams:
  • Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects).

26 Jun 2014

• CLI server:
  • Fixed bug #67406 (built-in web-server segfaults on startup).
• Core:
  • Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases).
  • Fixed bug #67390 (insecure temporary file use in the configure script). (CVE-2014-3981).
  • Fixed bug #67399 (putenv with empty variable may lead to crash).
  • Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability). (CVE-2014-4721)
  • Fixed BC break introduced by patch for bug #67072.
• Date:
  • Fixed bug #67308 (Serialize of DateTime truncates fractions of second).
  • Fixed regression in fix for bug #67118 (constructor can't be called twice).
• Fileinfo:
  • Fixed bug #67326 (cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)).
  • Fixed bug #67410 (mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478).
  • Fixed bug #67411 (cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479).
  • Fixed bug #67412 (cdf_count_chain insufficient boundary check). (CVE-2014-3480).
  • Fixed bug #67413 (cdf_read_property_info insufficient boundary check). (CVE-2014-3487).
• Intl:
  • Fixed bug #67349 (Locale::parseLocale Double Free).
  • Fixed bug #67397 (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)).
• Network:
  • Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049)).
• OPCache:
  • Fixed issue GH-183 (TMP_VAR is not only used once).
• OpenSSL:
  • Fixed bug #65698 (certificates validity parsing does not work past 2050).
  • Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).
• PDO-ODBC:
  • Fixed bug #50444 (PDO-ODBC changes for 64-bit).
• SOAP:
  • Implemented FR #49898 (Add SoapClient::__getCookies()).
• SPL:
  • Fixed bug #66127 (Segmentation fault with ArrayObject unset).
  • Fixed bug #67359 (Segfault in recursiveDirectoryIterator).
  • Fixed bug #67360 (Missing element after ArrayObject::getIterator).
  • Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion). (CVE-2014-3515).

29 May 2014

• CLI server:
  • Fixed bug #67079 (Missing MIME types for XML/XSL files).
• COM:
  • Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)).
• Core:
  • Fixed bug #65701 (copy() doesn't work when destination filename is created by tempnam()).
  • Fixed bug #67072 (Echoing unserialized 'SplFileObject' crash).
  • Fixed bug #67245 (usage of memcpy() with overlapping src and dst in zend_exceptions.c).
  • Fixed bug #67247 (spl_fixedarray_resize integer overflow).
  • Fixed bug #67249 (printf out-of-bounds read).
  • Fixed bug #67250 (iptcparse out-of-bounds read).
• cURL:
  • Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset).
• Date:
  • Fixed bug #67118 (DateTime constructor crash with invalid data).
  • Fixed bug #67251 (date_parse_from_format out-of-bounds read).
  • Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read).
• DOM:
  • Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset).
• Fileinfo:
  • Fixed bug #66307 (Fileinfo crashes with powerpoint files).
  • Fixed bug #67327 (CDF infinite loop in nelements DoS) (CVE-2014-0238).
  • Fixed bug #67328 (numerous file_printf calls resulting in performance degradation) (CVE-2014-0237).
• FPM:
  • Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
• GD:
  • Fixed bug #67248 (imageaffinematrixget missing check of parameters).
• PCRE:
  • Fixed bug #67248 Ungreedy and min/max quantifier bug, applied patch from the upstream.
• Phar:
  • Fixed bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name).

01 May 2014

• Core:
  • Fixed bug #61019 (Out of memory on command stream_get_contents).
  • Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace UNIX sockets).
  • Fixed bug #66182 (exit in stream filter produces segfault).
  • Fixed bug #66736 (fpassthru broken).
  • Fixed bug #67024 (getimagesize should recognize BMP files with negative heighty).
  • Fixed bug #67043 (substr_compare broke by previous change).
• cURL:
  • Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
• Date:
  • Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is supplied).
• Embed:
  • Fixed bug #65715 (php5embed.lib isn't provided anymore).
• Fileinfo:
  • Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
• FPM:
  • Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
  • Fixed bug #67060 (possible privilege escalation due to insecure default configuration). (CVE-2014-0185)).
• Json:
  • Fixed bug #66021 (Blank line inside empty array/object when JSON_PRETTY_PRINT is set).
• LDAP:
  • Fixed issue with null bytes in LDAP bindings.
• mysqli:
  • Fixed problem in mysqli_commit()/mysqli_rollback() with second parameter (extra comma) and third parameters (lack of escaping).
• Openssl:
  • Fixed bug #66942 (memory leak in openssl_seal()).
  • Fixed bug #66952 (memory leak in openssl_open()).
• SimpleXML:
  • Fixed bug #66084 (simplexml_load_string() mangles empty node name).
• SQLite:
  • Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3)
• XSL:
  • Fixed bug #53965 (<xsl:include> cannot find files with relative paths when loaded with 'file://')
• Apache2 Handler SAPI:
  • Fixed Apache log issue caused by APR's lack of support for %zu (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120)

03 Apr 2014

• Core:
  • Fixed bug #60602 (proc_open() changes environment array).
  • Allow zero length comparison in substr_compare().
• cURL:
  • Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour).
  • Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive.
• Fileinfo:
  • Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular expression). (CVE-2013-7345)
• FPM:
  • Added clear_env configuration directive to disable clearenv() call.
• GD:
  • Fixed bug #66714 (imageconvolution breakage).
  • Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget).
  • Fixed bug #66887 (imagescale - poor quality of scaled image).
  • Fixed bug #66890 (imagescale segfault).
  • Fixed bug #66893 (imagescale ignore method argument).
• GMP:
  • Fixed bug #66872 (invalid argument crashes gmp_testbit).
• Hash:
  • hash_pbkdf2() now works correctly if the $length argument is not specified.
• Intl:
  • Fixed bug #66873 A reproductible crash in UConverter when given invalid encoding.
• Mail:
  • Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script).
• MySQLi:
  • Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed).
• OPCache:
  • Added function opcache_is_script_cached().
  • Added information about interned strings usage.
• Openssl:
  • Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1).
• SQLite:
  • Updated bundled libsqlite to 3.8.3.1.
• SPL:
  • Added feature #65545 (SplFileObject::fread()).

06 Mar 2014

• Core:
  • Fixed bug #66574 (Allow multiple paths in php_ini_scanned_path).
• Date:
  • Fixed bug #45528 (Allow the DateTimeZone constructor to accept timezones per offset too).
  • Fixed bug #44780 (some time zone offsets not recognized by timezone_name_from_abbr)
  • Fixed bug #45543 (DateTime::setTimezone can not set timezones without ID)
• Fileinfo:
  • Fixed bug #66731 (file: infinite recursion (CVE-2014-1943)).
  • Fixed bug #66820 (out-of-bounds memory access in fileinfo (CVE-2014-2270)).
• GD:
  • Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer (CVE-2013-7327)).
• JSON:
  • Fixed bug #65753 (JsonSerializeable couldn't implement on module extension).
• LDAP:
  • Implemented ldap_modify_batch (https://wiki.php.net/rfc/ldap_modify_batch).
• Openssl:
  • Fixed bug #66501 (Add EC key support to php_openssl_is_private_key).
• PCRE:
  • Upgraded to PCRE 8.34.
• Pgsql:
  • Added warning for dangerous client encoding and remove possible injections for pg_insert()/pg_update()/pg_delete()/pg_select().

06 Feb 2014

• Core:
  • Fixed bug #66509 (copy() arginfo has changed starting from 5.4).
• GD:
  • Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop(), CVE-2013-7226).
• OPCache:
  • Fixed bug #66474 (Optimizer bug in constant string to boolean conversion).
  • Fixed bug #66461 (PHP crashes if opcache.interned_strings_buffer=0).
  • Fixed bug #66298 (ext/opcache/Optimizer/zend_optimizer.c has dos-style ^M as lineend).
• PDO_pgsql:
  • Fixed bug #62479 (PDO-pgsql cannot connect if password contains spaces).
• Readline:
  • Fixed bug #66412 (readline_clear_history() with libedit causes segfault after #65714).
• Session:
  • Fixed bug #66469 (Session module is sending multiple set-cookie headers when session.use_strict_mode=1).
  • Fixed bug #66481 (Segfaults on session_name()).
• Standard:
  • Fixed bug #66395 (basename function doesn't remove drive letter).
• Sockets:
  • Fixed bug #66381 (__ss_family was changed on AIX 5.3).
• Zend Engine:
  • Fixed bug #66009 (Failed compilation of PHP extension with C++ std library using VS 2012).

09 Jan 2014

• Core:
  • Disallowed JMP into a finally block.
  • Added validation of class names in the autoload process.
  • Fixed invalid C code in zend_strtod.c.
  • Fixed bug #66041 (list() fails to unpack yielded ArrayAccess object).
  • Fixed bug #65764 (generators/throw_rethrow FAIL with ZEND_COMPILE_EXTENDED_INFO).
  • Fixed bug #61645 (fopen and O_NONBLOCK).
  • Fixed bug #66218 (zend_register_functions breaks reflection).
• Date:
  • Fixed bug #66060 (Heap buffer over-read in DateInterval, CVE-2013-6712).
  • Fixed bug #65768 (DateTimeImmutable::diff does not work).
• DOM:
  • Fixed bug #65196 (Passing DOMDocumentFragment to DOMDocument::saveHTML() Produces invalid Markup).
• Exif:
  • Fixed bug #65873 (Integer overflow in exif_read_data()).
• Filter:
  • Fixed bug #66229 (128.0.0.0/16 isn't reserved any longer).
• GD:
  • Fixed bug #64405 (Use freetype-config for determining freetype2 dir(s)).
• PDO_odbc:
  • Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries).
• MySQLi:
  • Fixed bug #65486 (mysqli_poll() is broken on win x64).
• OPCache:
  • Fixed revalidate_path=1 behavior to avoid caching of symlinks values.
  • Fixed issue GH-140 ('opcache.enable_file_override' doesn't respect 'opcache.revalidate_freq'.)
• SNMP:
  • Fixed SNMP_ERR_TOOBIG handling for bulk walk operations.
• SOAP:
  • Fixed bug #66112 (Use after free condition in SOAP extension).
• Sockets:
  • Fixed bug #65923 (ext/socket assumes AI_V4MAPPED is defined).
• XSL:
  • Fixed bug #49634 (Segfault throwing an exception in a XSL registered function).
• ZIP:
  • Fixed bug #66321 (ZipArchive::open() ze_obj->filename_len not real).

12 Dec 2013

• Core:
  • Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string).
  • Fixed bug #65969 (Chain assignment with T_LIST failure).
• CLI server:
  • Added some MIME types to the CLI web server.
  • Implemented FR #65917 (getallheaders() is not supported by the built-in web server) - also implements apache_response_headers()
• OPCache:
  • Fixed bug #66176 (Invalid constant substitution).
  • Fixed bug #65915 (Inconsistent results with require return value).
  • Fixed bug #65559 (Opcache: cache not cleared if changes occur while running).
• readline:
  • Fixed bug #65714 (PHP cli forces the tty to cooked mode).
• Openssl:
  • Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420).

14 Nov 2013

• Core:
  • Improved performance of array_merge() and func_get_args() by eliminating useless copying.
  • Fixed bug #65947 (basename is no more working after fgetcsv in certain situation).
  • Fixed bug #65939 (Space before ';' breaks php.ini parsing).
  • Fixed bug #65911 (scope resolution operator - strange behavior with $this).
  • Fixed bug #65936 (dangling context pointer causes crash).
• FPM:
  • Changed default listen() backlog to 65535.
• JSON:
  • Fixed bug #64874 (json_decode handles whitespace incorrectly).
• MySQLi:
  • Fixed bug #66043 (Segfault calling bind_param() on mysqli).
• OPCache:
  • Increased limit for opcache.max_accelerated_files to 1,000,000.
  • Fixed issue GH-115 (path issue when using phar).
  • Fixed issue GH-149 (Phar mount points not working with OPcache enabled).
• ODBC:
  • Fixed bug #65950 (Field name truncation if the field name is bigger than 32 characters).
• PDO:
  • Fixed bug #66033 (Segmentation Fault when constructor of PDO statement throws an exception).
  • Fixed bug #65946 (sql_parser permanently converts values bound to strings).
• Standard:
  • Fixed bug #64760 (var_export() does not use full precision for floating-point numbers).

17 Oct 2013

• Core:
  • Fixed bug #64979 (Wrong behavior of static variables in closure generators).
  • Fixed bug #65322 (compile time errors won't trigger auto loading).
  • Fixed bug #65821 (By-ref foreach on property access of string offset segfaults).
• CLI Server:
  • Fixed bug #65633 (built-in server treat some http headers as case-sensitive).
  • Fixed bug #65818 (Segfault with built-in webserver and chunked transfer encoding).
  • Added application/pdf to PHP CLI Web Server mime types
• Datetime:
  • Fixed bug #64157 (DateTime::createFromFormat() reports confusing error message).
  • Fixed bug #65502 (DateTimeImmutable::createFromFormat returns DateTime).
  • Fixed bug #65548 (Comparison for DateTimeImmutable doesn't work).
• DBA:
  • Fixed bug #65708 (dba functions cast $key param to string in-place, bypassing copy on write).
• Filter:
  • Add RFC 6598 IPs to reserved addresses.
  • Fixed bug #64441 (FILTER_VALIDATE_URL rejects fully qualified domain names).
• FTP:
  • Fixed bug #65667 (ftp_nb_continue produces segfault).
• GD:
  • Ensure that the defined interpolation method is used with the generic scaling methods.
• IMAP:
  • Fixed bug #65721 (configure script broken in 5.5.4 and 5.4.20 when enabling imap).
• OPCache:
  • Fixed bug #65845 (Error when Zend Opcache Optimizer is fully enabled).
  • Fixed bug #65665 (Exception not properly caught when opcache enabled).
  • Fixed bug #65510 (5.5.2 crashes in _get_zval_ptr_ptr_var).
  • Fixed issue GH-135 (segfault in interned strings if initial memory is too low).
  • Added function opcache_compile_file() to load PHP scripts into cache without execution.
  • Added support for GNU Hurd.
• Sockets:
  • Fixed bug #65808 (the socket_connect() won't work with IPv6 address).
• SPL:
  • Fixed bug #64782 (SplFileObject constructor make $context optional / give it a default value).
• Standard:
  • Fixed bug #61548 content-type must appear at the end of headers for 201 Location to work in http.
• XMLReader:
  • Fixed bug #51936 Crash with clone XMLReader.
  • Fixed bug #64230 XMLReader does not suppress errors.
• Build system:
  • Fixed bug #51076 Race condition in shtool's mkdir -p implementation.
  • Fixed bug #62396 'make test' crashes starting with 5.3.14 (missing gzencode()).

17 Oct 2013

• Core:
  • Fixed bug #65322 (compile time errors won't trigger auto loading).
• CLI server:
  • Fixed bug #65633 (built-in server treat some http headers as case-sensitive).
• Datetime:
  • Fixed bug #64157 (DateTime::createFromFormat() reports confusing error message).
• DBA extension:
  • Fixed bug #65708 (dba functions cast $key param to string in-place, bypassing copy on write).
• Filter:
  • Add RFC 6598 IPs to reserved addresses.
  • Fixed bug #64441 (FILTER_VALIDATE_URL rejects fully qualified domain names).
• IMAP:
  • Fixed bug #65721 (configure script broken in 5.5.4 and 5.4.20 when enabling imap).
• Standard:
  • Fixed bug #61548 (content-type must appear at the end of headers for 201 Location to work in http).
• Build system:
  • Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing gzencode())).

19 Sep 2013

• Core:
  • Fixed bug #60598 (cli/apache sapi segfault on objects manipulation).
  • Improved fputcsv() to allow specifying escape character.
  • Fixed bug #65483 (quoted-printable encode stream filter incorrectly encoding spaces).
  • Fixed bug #65470 (Segmentation fault in zend_error() with --enable-dtrace).
  • Fixed bug #65490 (Duplicate calls to get lineno & filename for DTRACE_FUNCTION_*).
  • Fixed bug #65225 (PHP_BINARY incorrectly set).
  • Fixed bug #62692 (PHP fails to build with DTrace).
  • Fixed bug #61759 (class_alias() should accept classes with leading backslashes).
  • Fixed bug #46311 (Pointer aliasing issue results in miscompile on gcc4.4).
• cURL:
  • Fixed bug #65458 (curl memory leak).
• Datetime:
  • Fixed bug #65554 (createFromFormat broken when weekday name is followed by some delimiters).
  • Fixed bug #65564 (stack-buffer-overflow in DateTimeZone stuff caught by AddressSanitizer).
• OPCache:
  • Fixed bug #65561 (Zend Opcache on Solaris 11 x86 needs ZEND_MM_ALIGNMENT=4).
• Openssl:
  • Fixed bug #64802 (openssl_x509_parse fails to parse subject properly in some cases).
• Session:
  • Fixed bug #65475 (Session ID is not initialized properly when strict session is enabled).
  • Fixed bug #51127 and #65359, FR #25630/#43980/#54383 (Added php_serialize session serialize handler that uses plain serialize())
• Standard:
  • Fix issue with return types of password API helper functions. Found via static analysis by cjones.

19 Sep 2013

• Core:
  • Fixed bug #60598 (cli/apache sapi segfault on objects manipulation).
  • Fixed bug #65579 (Using traits with get_class_methods causes segfault).
  • Fixed bug #65490 (Duplicate calls to get lineno & filename for DTRACE_FUNCTION_*).
  • Fixed bug #65483 (quoted-printable encode stream filter incorrectly encoding spaces).
  • Fixed bug #65481 (shutdown segfault due to serialize).
  • Fixed bug #65470 (Segmentation fault in zend_error() with --enable-dtrace).
  • Fixed bug #65372 (Segfault in gc_zval_possible_root when return reference fails).
  • Fixed bug #65304 (Use of max int in array_sum).
  • Fixed bug #65291 (get_defined_constants() causes PHP to crash in a very limited case).
  • Fixed bug #65225 (PHP_BINARY incorrectly set).
  • Improved fix for bug #63186 (compile failure on netbsd).
  • Fixed bug #62692 (PHP fails to build with DTrace).
  • Fixed bug #61759 (class_alias() should accept classes with leading backslashes).
  • Fixed bug #61345 (CGI mode - make install don't work).
  • Cherry-picked some DTrace build commits (allowing builds on Linux, bug #62691 and bug #63706) from PHP 5.5 branch.
  • Fixed bug #61268 (--enable-dtrace leads make to clobber Zend/zend_dtrace.d)
• cURL:
  • Fixed bug #65458 (curl memory leak).
• Datetime:
  • Fixed bug #65554 (createFromFormat broken when weekday name is followed by some delimiters)
  • Fixed bug #65564 (stack-buffer-overflow in DateTimeZone stuff caught by AddressSanitizer)
• Openssl:
  • Fixed bug #64802 (openssl_x509_parse fails to parse subject properly in some cases).
• Session:
  • Fixed bug #62129 (rfc1867 crashes php even though turned off).
  • Fixed bug #50308 (session id not appended properly for empty anchor tags).
  • Fixed possible buffer overflow under Windows. Note: Not a security fix.
  • Changed session.auto_start to PHP_INI_PERDIR.
• SOAP:
  • Fixed bug #65018 (SoapHeader problems with SoapServer).
• SPL:
  • Fixed bug #65328 (Segfault when getting SplStack object Value).
• PDO:
  • Fixed bug #64953 (Postgres prepared statement positional parameter casting).
• Phar:
  • Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for some specific contents).
• Pgsql:
  • Fixed bug #65336 (pg_escape_literal/identifier() silently returns false).
  • Fixed bug #62978 (Disallow possible SQL injections with pg_select()/pg_update() /pg_delete()/pg_insert()).
• Zlib:
  • Fixed bug #65391 (Unable to send vary header user-agent when ob_start('ob_gzhandler') is called).

22 Aug 2013

• Openssl:
  • Fixed UMR in fix for CVE-2013-4248.

22 Aug 2013

• Core:
  • Fixed bug #64503 (Compilation fails with error: conflicting types for 'zendparse').
• Openssl:
  • Fixed UMR in fix for CVE-2013-4248.

15 Aug 2013

• Core:
  • Fixed bug #65372 (Segfault in gc_zval_possible_root when return reference fails).
  • Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS constant (previously was erroneously set to FILTER_SANITIZE_SPECIAL_CHARS value).
  • Fixed bug #65304 (Use of max int in array_sum).
  • Fixed bug #65291 (get_defined_constants() causes PHP to crash in a very limited case).
  • Fixed bug #62691 (solaris sed has no -i switch).
  • Fixed bug #61345 (CGI mode - make install don't work).
  • Fixed bug #61268 (--enable-dtrace leads make to clobber Zend/zend_dtrace.d).
• DOM:
  • Added flags option to DOMDocument::schemaValidate() and DOMDocument::schemaValidateSource(). Added LIBXML_SCHEMA_CREATE flag.
• OPcache:
  • Added opcache.restrict_api configuration directive that may limit usage of OPcahce API functions only to patricular script(s).
  • Added support for glob symbols in blacklist entries (?, *, **).
  • Fixed bug #65338 (Enabling both php_opcache and php_wincache AVs on shutdown).
• Openssl:
  • Fixed handling null bytes in subjectAltName (CVE-2013-4248).
• PDO_mysql:
  • Fixed bug #65299 (pdo mysql parsing errors).
• Phar:
  • Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for some specific contents).
• Pgsql:
  • Fixed bug #62978 (Disallow possible SQL injections with pg_select()/pg_update() /pg_delete()/pg_insert()).
  • Fixed bug #65336 (pg_escape_literal/identifier() silently returns false).
• Sessions:
  • Implemented strict sessions RFC (https://wiki.php.net/rfc/strict_sessions) which protects against session fixation attacks and session collisions (CVE-2011-4718).
  • Fixed possible buffer overflow under Windows. Note: Not a security fix.
  • Changed session.auto_start to PHP_INI_PERDIR.
• SOAP:
  • Fixed bug #65018 (SoapHeader problems with SoapServer).
• SPL:
  • Fixed bug #65328 (Segfault when getting SplStack object Value).
  • Added RecursiveTreeIterator setPostfix and getPostifx methods.
  • Fixed bug #61697 (spl_autoload_functions returns lambda functions incorrectly).
• Streams:
  • Fixed bug #65268 (select() implementation uses outdated tick API).

18 Jul 2013

• Core:
  • Fixed bug #65254 (Exception not catchable when exception thrown in autoload with a namespace).
  • Fixed bug #65088 (Generated configure script is malformed on OpenBSD).
  • Fixed bug #65108 (is_callable() triggers Fatal Error).
  • Fixed bug #65035 (yield / exit segfault).
  • Fixed bug #65161 (Generator + autoload + syntax error = segfault).
  • Fixed bug #65226 (chroot() does not get enabled).
  • hex2bin() raises E_WARNING for invalid hex string.
• OPcache:
  • Fixed bug #64827 (Segfault in zval_mark_grey (zend_gc.c)).
  • OPcache is now compatible with LiteSpeed SAPI.
• CGI:
  • Fixed bug #65143 (Missing php-cgi man page).
• CLI server:
  • Fixed bug #65066 (Cli server not responsive when responding with 422 http status code).
• DateTime:
  • Fixed bug #65184 (strftime() returns insufficient-length string under multibyte locales).
• GD:
  • Fixed bug #65070 (bgcolor does not use the same format as the input image with imagerotate).
  • Fixed bug #65060 (imagecreatefrom... crashes with user streams).
  • Fixed bug #65084 (imagecreatefromjpeg fails with URL).
  • Fix gdImageCreateFromWebpCtx and use same logic to load WebP image that other formats.
• Intl:
  • Add IntlCalendar::setMinimalDaysInFirstWeek()/intlcal_set_minimal_days_in_first_week().
  • Fixed trailing space in name of constant IntlCalendar::FIELD_FIELD_COUNT.
  • Fixed bug #62759 (Buggy grapheme_substr() on edge case).
  • Fixed bug #61860 (Offsets may be wrong for grapheme_stri* functions).
• OCI8:
  • Bump PECL package info version check to allow PECL installs with PHP 5.5+.
• PDO:
  • Allowed PDO_OCI to compile with Oracle Database 12c client libraries.
• Pgsql:
  • pg_unescape_bytea() raises E_WARNING for invalid inputs.
• Phar:
  • Fixed bug #65142 (Missing phar man page).
• Session:
  • Added optional create_sid() argument to session_set_save_handler(), SessionHandler and new SessionIdInterface.
• Sockets:
  • #63472Setting SO_BINDTODEVICE with socket_set_option.
  • Allowed specifying paths in the abstract namespace for the functions socket_bind(), socket_connect() and socket_sendmsg().
  • Fixed bug #65260sendmsg() ancillary data construction for SCM_RIGHTS is faulty.
• SPL:
  • Fixed bug #65136RecursiveDirectoryIterator segfault.
  • Fixed bug #61828Memleak when calling Directory(Recursive)Iterator/Spl(Temp)FileObject ctor twice.
• CGI/FastCGI SAPI:
  • Added PHP_FCGI_BACKLOG, overrides the default listen backlog.

11 Jul 2013

• Core:
  • Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC).
  • Fixed bug #64960 (Segfault in gc_zval_possible_root).
  • Fixed bug #64934 (Apache2 TS crash with get_browser()).
  • Fixed bug #63186 (compile failure on netbsd).
• DateTime:
  • Fixed bug #53437 (Crash when using unserialized DatePeriod instance).
• PDO_firebird:
  • Fixed bug #64037 (Firebird return wrong value for numeric field).
  • Fixed bug #62024 (Cannot insert second row with null using parametrized query).
• PDO_pgsql:
  • Fixed bug #64949 (Buffer overflow in _pdo_pgsql_error).
• pgsql:
  • Fixed bug #64609 (pg_convert enum type support).
• SPL:
  • Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits systems).
• XML:
  • Fixed bug #65236 (heap corruption in xml parser). (CVE-2013-4113)

12 Dec 2013

• Openssl:
  • Fixed handling null bytes in subjectAltName (CVE-2013-4248).
  • Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser).

15 Aug 2013

• Core:
  • Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS constant (previously was erroneously set to FILTER_SANITIZE_SPECIAL_CHARS value).
  • Fixed bug #65254 (Exception not catchable when exception thrown in autoload with a namespace).
  • Fixed bug #65108 (is_callable() triggers Fatal Error).
  • Fixed bug #65088 (Generated configure script is malformed on OpenBSD).
  • Fixed bug #62964 (Possible XSS on 'Registered stream filters' info).
  • Fixed bug #62672 (Error on serialize of ArrayObject).
  • Fixed bug #62475 (variant_* functions causes crash when null given as an argument).
  • Fixed bug #60732 (php_error_docref links to invalid pages).
  • Fixed bug #65226 (chroot() does not get enabled).
• CGI:
  • Fixed bug #65143 (Missing php-cgi man page).
• CLI server:
  • Fixed bug #65066 (Cli server not responsive when responding with 422 http status code).
• CURL:
  • Fixed bug #62665 (curl.cainfo doesn't appear in php.ini).
• FPM:
  • Fixed bug #63983 (enabling FPM borks compile on FreeBSD).
• FTP:
  • Fixed bug #65228 (FTPs memory leak with SSL).
• GMP:
  • Fixed bug #65227 (Memory leak in gmp_cmp second parameter).
• Imap:
  • Fixed bug #64467 (Segmentation fault after imap_reopen failure).
• Intl:
  • Fixed bug #62759 (Buggy grapheme_substr() on edge case).
  • Fixed bug #61860 (Offsets may be wrong for grapheme_stri* functions).
• mysqlnd:
  • Fixed segfault in mysqlnd when doing long prepare.
• ODBC:
  • Fixed bug #61387 (NULL valued anonymous column causes segfault in odbc_fetch_array).
• Openssl:
  • Fixed handling null bytes in subjectAltName (CVE-2013-4248).
• PDO:
  • Allowed PDO_OCI to compile with Oracle Database 12c client libraries.
• PDO_dblib:
  • Fixed bug #65219 (PDO/dblib not working anymore ('use dbName' not sent)).
• PDO_pgsql:
  • Fixed meta data retrieve when OID is larger than 2^31.
• Phar:
  • Fixed bug #65142 (Missing phar man page).
• Session:
  • Fixed bug #62535 ($_SESSION[$key]['cancel_upload'] doesn't work as documented).
  • Fixed bug #35703 (when session_name('123') consist only digits, should warning).
  • Fixed bug #49175 (mod_files.sh does not support hash bits).
• Sockets:
  • Implemented FR #63472 (Setting SO_BINDTODEVICE with socket_set_option).
• SPL:
  • Fixed bug #65136 (RecursiveDirectoryIterator segfault).
  • Fixed bug #61828 (Memleak when calling Directory(Recursive)Iterator /Spl(Temp)FileObject ctor twice).
  • Fixed bug #60560 (SplFixedArray un-/serialize, getSize(), count() return 0, keys are strings).
• XML:
  • Fixed bug #65236 (heap corruption in xml parser). (CVE-2013-4113)

04 Jul 2013

• Core:
  • Fixed bug #64988 (Class loading order affects E_STRICT warning).
  • Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC).
  • Fixed bug #64960 (Segfault in gc_zval_possible_root).
  • Fixed bug #64936 (doc comments picked up from previous scanner run).
  • Fixed bug #64934 (Apache2 TS crash with get_browser()).
  • Fixed bug #64166 (quoted-printable-encode stream filter incorrectly discarding whitespace).
• DateTime:
  • Fixed bug #53437 (Crash when using unserialized DatePeriod instance).
• FPM:
  • Fixed bug #64915 (error_log ignored when daemonize=0).
  • Implemented FR #64764 (add support for FPM init.d script).
• PDO:
  • Fixed bug #63176 (Segmentation fault when instantiate 2 persistent PDO to the same db server).
• PDO_DBlib:
  • Fixed bug #63638 (Cannot connect to SQL Server 2008 with PDO dblib).
  • Fixed bug #64338 (pdo_dblib can't connect to Azure SQL).
  • Fixed bug #64808 (FreeTDS PDO getColumnMeta on a prepared but not executed statement crashes).
• PDO_firebird:
  • Fixed bug #64037 (Firebird return wrong value for numeric field).
  • Fixed bug #62024 (Cannot insert second row with null using parametrized query).
• PDO_mysql:
  • Fixed bug #48724 (getColumnMeta() doesn't return native_type for BIT, TINYINT and YEAR).
• PDO_pgsql:
  • Fixed bug #64949 (Buffer overflow in _pdo_pgsql_error).
• pgsql:
  • Fixed bug #64609 (pg_convert enum type support).
• Readline:
  • Implement FR #55694 (Expose additional readline variable to prevent default filename completion).
• SPL:
  • Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits systems).

20 Jun 2013

• Drop support for bison < 2.4 when building PHP from GIT source

• Improved Zend Engine:
  • Added ARMv7/v8 versions of various Zend arithmetic functions that are implemented using inline assembler
  • Added systemtap support by enabling systemtap compatible dtrace probes on linux
  • Optimized access to temporary and compiled VM variables. 8% less memory reads
  • The VM stacks for passing function arguments and syntaticaly nested calls were merged into a single stack. The stack size needed for op_array execution is calculated at compile time and preallocated at once. As result all the stack push operations don't require checks for stack overflow any more

• General improvements:
  • Added generators and coroutines.
  • Added 'finally' keyword.
  • Added simplified password hashing API.
  • Added support for constant array/string dereferencing.
  • Added Class Name Resolution As Scalar Via 'class' Keyword
  • Added support for using empty() on the result of function calls and other expressions
  • Added support for non-scalar Iterator keys in foreach
  • Added support for list in foreach

• Core:
  • Added Zend Opcache extension and enable building it by default.
  • Added array_column function which returns a column in a multidimensional array
  • Added boolval()
  • Added 'Z' option to pack/unpack
  • Added optional second argument for assert() to specify custom message
  • Added support for changing the process's title in CLI/CLI-Server SAPIs. The implementation is more robust that the proctitle PECL module
  • Improve set_exception_handler while doing reset
  • Return previous handler when passing NULL to set_error_handler and set_exception_handler
  • Implemented FR #64175 (Added HTTP codes as of RFC 6585)
  • Implemented FR #60738 (Allow 'set_error_handler' to handle NULL)
  • Implemented FR #60524 (specify temp dir by php.ini)
  • Implemented FR #46487 (Dereferencing process-handles no longer waits on those processes)
  • Fixed bug #65051 (count() off by one inside unset())
  • Fixed bug #64988 (Class loading order affects E_STRICT warning)
  • Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC)
  • Fixed bug #64960 (Segfault in gc_zval_possible_root)
  • Fixed bug #64936 (doc comments picked up from previous scanner run)
  • Fixed bug #64934 (Apache2 TS crash with get_browser())
  • Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode, CVE 2013-2110)
  • Fixed bug #64853 (Use of no longer available ini directives causes crash on TS build)
  • Fixed bug #64821 (Custom Exceptions crash when internal properties overridden)
  • Fixed bug #64720 (SegFault on zend_deactivate).
  • Fixed bug #64677 (execution operator `` stealing surrounding arguments)
  • Fixed bug #64660 (Segfault on memory exhaustion within function definition)
  • Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap: segfault)
  • Fixed bug #64565 (copy doesn't report failure on partial copy)
  • Fixed bug #64555 (foreach no longer copies keys if they are interned)
  • Fixed bug #47675 and Fixed bug #64577 (fd leak on Solaris)
  • Fixed bug #64544 (Valgrind warnings after using putenv)
  • Fixed bug #64515 (Memoryleak when using the same variablename 2times in function declaration)
  • Fixed bug #64503 (Compilation fails with error: conflicting types for 'zendparse')
  • Fixed bug #64239 (Debug backtrace changed behavior since 5.4.10 or 5.4.11)
  • Fixed bug #64523 allow XOR in php.ini
  • Fixed bug #64354 (Unserialize array of objects whose class can't be autoloaded fail)
  • Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT'])
  • Fixed bug #64166 (quoted-printable-encode stream filter incorrectly discarding whitespace)
  • Fixed bug #64142 (dval to lval different behavior on ppc64)
  • Fixed bug #64135 (Exceptions from set_error_handler are not always propagated)
  • Fixed bug #63980 (object members get trimmed by zero bytes)
  • Fixed bug #63874 (Segfault if php_strip_whitespace has heredoc)
  • Fixed bug #63830 (Segfault on undefined function call in nested generator)
  • Fixed bug #63822 (Crash when using closures with ArrayAccess)
  • Fixed bug #61681 (Malformed grammar)
  • Fixed bug #61038 (unpack('a5', 'str') does not work as expected)
  • Fixed bug #61025 (__invoke() visibility not honored)
  • Fixed bug #60833 (self, parent, static behave inconsistently case-sensitive)
  • Fixed bug #52126 timestamp for mail.log
  • Fixed bug #49348 (Uninitialized ++$foo->bar; does not cause a notice)
  • Fixed bug #23955 allow specifying Max-Age attribute in setcookie()
  • Fixed bug #18556 (Engine uses locale rules to handle class names)
  • Fix undefined behavior when converting double variables to integers. The double is now always rounded towards zero, the remainder of its division by 2^32 or 2^64 (depending on sizeof(long)) is calculated and it's made signed assuming a two's complement representation

• Removed legacy features:
  • Remove php_logo_guid(), php_egg_logo_guid(), php_real_logo_guid(), zend_logo_guid()
  • Drop Windows XP and 2003 support

• Apache2 Handler SAPI:
  • Enabled Apache 2.4 configure option for Windows.

• Calendar:
  • Fixed bug #64895 (Integer overflow in SndToJewish).
  • Fixed bug #54254 (cal_from_jd returns month = 6 when there is only one Adar).

• CLI server:
  • Fixed bug #64128 (buit-in web server is broken on ppc64).

• CURL:
  • Remove curl stream wrappers.
  • Implemented FR #46439 (added CURLFile for safer file uploads).
  • Added support for CURLOPT_FTP_RESPONSE_TIMEOUT, CURLOPT_APPEND, CURLOPT_DIRLISTONLY, CURLOPT_NEW_DIRECTORY_PERMS, CURLOPT_NEW_FILE_PERMS, CURLOPT_NETRC_FILE, CURLOPT_PREQUOTE, CURLOPT_KRBLEVEL, CURLOPT_MAXFILESIZE, CURLOPT_FTP_ACCOUNT, CURLOPT_COOKIELIST, CURLOPT_IGNORE_CONTENT_LENGTH, CURLOPT_CONNECT_ONLY, CURLOPT_LOCALPORT, CURLOPT_LOCALPORTRANGE, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_SSL_SESSIONID_CACHE, CURLOPT_FTP_SSL_CCC, CURLOPT_HTTP_CONTENT_DECODING, CURLOPT_HTTP_TRANSFER_DECODING, CURLOPT_PROXY_TRANSFER_MODE, CURLOPT_ADDRESS_SCOPE, CURLOPT_CRLFILE, CURLOPT_ISSUERCERT, CURLOPT_USERNAME, CURLOPT_PASSWORD, CURLOPT_PROXYUSERNAME, CURLOPT_PROXYPASSWORD, CURLOPT_NOPROXY, CURLOPT_SOCKS5_GSSAPI_NEC, CURLOPT_SOCKS5_GSSAPI_SERVICE, CURLOPT_TFTP_BLKSIZE, CURLOPT_SSH_KNOWNHOSTS, CURLOPT_FTP_USE_PRET, CURLOPT_MAIL_FROM, CURLOPT_MAIL_RCPT, CURLOPT_RTSP_CLIENT_CSEQ, CURLOPT_RTSP_SERVER_CSEQ, CURLOPT_RTSP_SESSION_ID, CURLOPT_RTSP_STREAM_URI, CURLOPT_RTSP_TRANSPORT, CURLOPT_RTSP_REQUEST, CURLOPT_RESOLVE, CURLOPT_ACCEPT_ENCODING, CURLOPT_TRANSFER_ENCODING, CURLOPT_DNS_SERVERS and CURLOPT_USE_SSL
  • Fixed bug #55635 (CURLOPT_BINARYTRANSFER no longer used. The constant still exists for backward compatibility but is doing nothing)
  • Fixed bug #54995 (Missing CURLINFO_RESPONSE_CODE support)
  • Added new functions curl_escape, curl_multi_setopt, curl_multi_strerror curl_pause, curl_reset, curl_share_close, curl_share_init, curl_share_setopt curl_strerror and curl_unescape
  • Addes new curl options CURLOPT_TELNETOPTIONS, CURLOPT_GSSAPI_DELEGATION, CURLOPT_ACCEPTTIMEOUT_MS, CURLOPT_SSL_OPTIONS, CURLOPT_TCP_KEEPALIVE, CURLOPT_TCP_KEEPIDLE and CURLOPT_TCP_KEEPINTVL

• DateTime:
  • Added DateTimeImmutable - a variant of DateTime that only returns the modified state instead of changing itself.
  • Fixed bug #64825 (Invalid free when unserializing DateTimeZone).
  • Fixed bug #64359 (strftime crash with VS2012)
  • Fixed bug #62852 (Unserialize Invalid Date causes crash)
  • Fixed bug #61642 (modify('+5 weekdays') returns Sunday)
  • Fixed bug #60774 (DateInterval::format('%a') is always zero when an interval is created using the createFromDateString method)
  • Fixed bug #54567 (DateTimeZone serialize/unserialize)
  • Fixed bug #53437 (Crash when using unserialized DatePeriod instance)

• dba:
  • Fixed bug #62489 (dba_insert not working as expected)

• Filter:
  • Implemented FR #49180 (added MAC address validation)

• Fileinfo:
  • Upgraded libmagic to 5.14.
  • Fixed bug #64830 (mimetype detection segfaults on mp3 file)
  • Fixed bug #63590 (Different results in TS and NTS under Windows)
  • Fixed bug #63248 (Load multiple magic files from a directory under Windows)

• FPM:
  • Add --with-fpm-systemd option to report health to systemd, and systemd_interval option to configure this. The service can now use Type=notify in the systemd unit file.
  • Ignore QUERY_STRING when sent in SCRIPT_FILENAME
  • Log a warning when a syscall fails
  • Implemented FR #64764 (add support for FPM init.d script)
  • Fixed bug #64915 (error_log ignored when daemonize=0)
  • Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11)
  • Fixed some possible memory or resource leaks and possible null dereference detected by code coverity scan

• GD:
  • Fixed bug #64962 (imagerotate produces corrupted image).
  • Fixed bug #64961 (segfault in imagesetinterpolation)
  • Fix build with system libgd >= 2.1 which is now the minimal version required (as build with previous version is broken). No change when bundled libgd is used
  • Upgraded libgd to 2.1

• hash:
  • Added support for PBKDF2 via hash_pbkdf2().
  • Fixed bug #64745 (hash_pbkdf2() truncates data when using default length and hex output)

• intl:
  • Added UConverter wrapper.
  • The intl extension now requires ICU 4.0+
  • Added intl.use_exceptions INI directive, which controls what happens when global errors are set together with intl.error_level
  • MessageFormatter::format() and related functions now accepted named arguments and mixed numeric/named arguments in ICU 4.8+
  • MessageFormatter::format() and related functions now don't error out when an insufficient argument count is provided. Instead, the placeholders will remain unsubstituted
  • MessageFormatter::parse() and MessageFormat::format() (and their static equivalents) don't throw away better than second precision in the arguments
  • IntlDateFormatter::__construct and datefmt_create() now accept for the $timezone argument time zone identifiers, IntlTimeZone objects, DateTimeZone objects and NULL
  • IntlDateFormatter::__construct and datefmt_create() no longer accept invalid timezone identifiers or empty strings
  • The default time zone used in IntlDateFormatter::__construct and datefmt_create() (when the corresponding argument is not passed or NULL is passed) is now the one given by date_default_timezone_get(), not the default ICU time zone
  • The time zone passed to the IntlDateFormatter is ignored if it is NULL and if the calendar passed is an IntlCalendar object -- in this case, the IntlCalendar's time zone will be used instead. Otherwise, the time zone specified in the $timezone argument is used instead. This does not affect old code, as IntlCalendar was introduced in this version
  • IntlDateFormatter::__construct and datefmt_create() now accept for the $calendar argument also IntlCalendar objects
  • IntlDateFormatter::getCalendar() and datefmt_get_calendar() return false if the IntlDateFormatter was set up with an IntlCalendar instead of the constants IntlDateFormatter::GREGORIAN/TRADITIONAL. IntlCalendar did not exist before this version
  • IntlDateFormatter::setCalendar() and datefmt_set_calendar() now also accept an IntlCalendar object, in which case its time zone is taken. Passing a constant is still allowed, and still keeps the time zone
  • IntlDateFormatter::setTimeZoneID() and datefmt_set_timezone_id() are deprecated. Use IntlDateFormatter::setTimeZone() or datefmt_set_timezone() instead
  • IntlDateFormatter::format() and datefmt_format() now also accept an IntlCalendar object for formatting
  • Added the classes: IntlCalendar, IntlGregorianCalendar, IntlTimeZone, IntlBreakIterator, IntlRuleBasedBreakIterator and IntlCodePointBreakIterator
  • Added the functions: intlcal_get_keyword_values_for_locale(), intlcal_get_now(), intlcal_get_available_locales(), intlcal_get(), intlcal_get_time(), intlcal_set_time(), intlcal_add(), intlcal_set_time_zone(), intlcal_after(), intlcal_before(), intlcal_set(), intlcal_roll(), intlcal_clear(), intlcal_field_difference(), intlcal_get_actual_maximum(), intlcal_get_actual_minimum(), intlcal_get_day_of_week_type(), intlcal_get_first_day_of_week(), intlcal_get_greatest_minimum(), intlcal_get_least_maximum(), intlcal_get_locale(), intlcal_get_maximum(), intlcal_get_minimal_days_in_first_week(), intlcal_get_minimum(), intlcal_get_time_zone(), intlcal_get_type(), intlcal_get_weekend_transition(), intlcal_in_daylight_time(), intlcal_is_equivalent_to(), intlcal_is_lenient(), intlcal_is_set(), intlcal_is_weekend(), intlcal_set_first_day_of_week(), intlcal_set_lenient(), intlcal_equals(), intlcal_get_repeated_wall_time_option(), intlcal_get_skipped_wall_time_option(), intlcal_set_repeated_wall_time_option(), intlcal_set_skipped_wall_time_option(), intlcal_from_date_time(), intlcal_to_date_time(), intlcal_get_error_code(), intlcal_get_error_message(), intlgregcal_create_instance(), intlgregcal_set_gregorian_change(), intlgregcal_get_gregorian_change() and intlgregcal_is_leap_year()
  • Added the functions: intltz_create_time_zone(), intltz_create_default(), intltz_get_id(), intltz_get_gmt(), intltz_get_unknown(), intltz_create_enumeration(), intltz_count_equivalent_ids(), intltz_create_time_zone_id_enumeration(), intltz_get_canonical_id(), intltz_get_region(), intltz_get_tz_data_version(), intltz_get_equivalent_id(), intltz_use_daylight_time(), intltz_get_offset(), intltz_get_raw_offset(), intltz_has_same_rules(), intltz_get_display_name(), intltz_get_dst_savings(), intltz_from_date_time_zone(), intltz_to_date_time_zone(), intltz_get_error_code(), intltz_get_error_message()
  • Added the methods: IntlDateFormatter::formatObject(), IntlDateFormatter::getCalendarObject(), IntlDateFormatter::getTimeZone(), IntlDateFormatter::setTimeZone()
  • Added the functions: datefmt_format_object(), datefmt_get_calendar_object(), datefmt_get_timezone(), datefmt_set_timezone(), datefmt_get_calendar_object(), intlcal_create_instance()

• mbstring:
  • Fixed bug #64769 (mbstring PHPTs crash on Windows x64).

• MCrypt:
  • mcrypt_ecb(), mcrypt_cbc(), mcrypt_cfb() and mcrypt_ofb() now throw E_DEPRECATED.

• mysql:
  • This extension is now deprecated, and deprecation warnings will be generated when connections are established to databases via mysql_connect(), mysql_pconnect(), or through implicit connection: use MySQLi or PDO_MySQL instead
  • Dropped support for LOAD DATA LOCAL INFILE handlers when using libmysql. Known for stability problems
  • Added support for SHA256 authentication available with MySQL 5.6.6+

• mysqli:
  • Added mysqli_begin_transaction()/mysqli::begin_transaction(). Implemented all options, per MySQL 5.6, which can be used with START TRANSACTION, COMMIT and ROLLBACK through options to mysqli_commit()/mysqli_rollback() and their respective OO counterparts. They work in libmysql and mysqlnd mode
  • Added mysqli_savepoint(), mysqli_release_savepoint()
  • Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB pointer has closed)
  • Fixed bug #64394 (MYSQL_OPT_CAN_HANDLE_EXPIRED_PASSWORDS undeclared when using Connector/C)

• mysqlnd:
  • Add new begin_transaction() call to the connection object. Implemented all options, per MySQL 5.6, which can be used with START TRANSACTION, COMMIT and ROLLBACK
  • Added mysqlnd_savepoint(), mysqlnd_release_savepoint()
  • Fixed bug #63530 (mysqlnd_stmt::bind_one_parameter crashes, uses wrong alloc for stmt->param_bind)
  • Fixed return value of mysqli_stmt_affected_rows() in the time after prepare() and before execute()

• PCRE:
  • Merged PCRE 8.32
  • Deprecated the /e modifier
  • Fixed bug #63284 (Upgrade PCRE to 8.31)

• PDO:
  • Fixed bug #63176 (Segmentation fault when instantiate 2 persistent PDO to the same db server)

• PDO_DBlib:
  • Fixed bug #63638 (Cannot connect to SQL Server 2008 with PDO dblib)
  • Fixed bug #64338 (pdo_dblib can't connect to Azure SQL)
  • Fixed bug #64808 (FreeTDS PDO getColumnMeta on a prepared but not executed statement crashes)

• PDO_pgsql:
  • Fixed bug #64949 (Buffer overflow in _pdo_pgsql_error)

• PDO_mysql:
  • Fixed bug #48724 (getColumnMeta() doesn't return native_type for BIT, TINYINT and YEAR)

• pgsql:
  • Added pg_escape_literal() and pg_escape_identifier()
  • Fixed bug #46408 Locale number format settings can cause pg_query_params to break with numerics

• Phar:
  • Fixed timestamp update on Phar contents modification

• readline:
  • Fixed bug #55694 (Expose additional readline variable to prevent default filename completion)

• Reflection:
  • Fixed bug #64007 (There is an ability to create instance of Generator by hand)

• Sockets:
  • Added socket_cmsg_space(), socket_sendmsg(), and socket_recvmsg() functions
  • Fixed bug #64508 (Fails to build with --disable-ipv6)
  • Fixed bug #64287 (sendmsg/recvmsg shutdown handler causes segfault)

• SPL:
  • Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits systems)
  • Fixed bug #64264 (SPLFixedArray toArray problem)
  • Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS)
  • Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended)
  • Fixed bug #60560 (SplFixedArray un-/serialize, getSize(), count() return 0, keys are strings)
  • Fixed bug #52861 (unset fails with ArrayObject and deep arrays)
  • Implement #48358 (Add SplDoublyLinkedList::add() to insert an element at a given offset)

• SNMP:
  • Fixed bug #64765 (Some IPv6 addresses get interpreted wrong)
  • Fixed bug #64159 (Truncated snmpget)
  • Fixed bug #64124 (IPv6 malformed)
  • Fixed bug #61981 (OO API, walk: $suffix_as_key is not working correctly)

• SOAP:
  • Added SoapClient constructor option 'ssl_method' to specify ssl method

• Streams:
  • Fixed bug #64770 (stream_select() fails with pipes returned by proc_open() on Windows x64)
  • Fixed Windows x64 version of stream_socket_pair() and improved error handling

• Tokenizer:
  • Fixed bug #60097 (token_get_all fails to lex nested heredoc)

• Zip:
  • Upgraded libzip to 0.10.1
  • Fixed bug #64452 (Zip crash intermittently)
  • Fixed bug #64342 (ZipArchive::addFile() has to check for file existence)

06 Jun 2013

• Core:
  • Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode, CVE-2013-2110).
• Calendar:
  • Fixed bug #64895 (Integer overflow in SndToJewish).
• FPM:
  • Fixed some possible memory or resource leaks and possible null dereference detected by code coverity scan.
  • Log a warning when a syscall fails.
• MySQLi:
  • Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB pointer has closed).
• Phar:
  • Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or with non std tmp dir).
• Streams:
  • Fixed bug #64770 (stream_select() fails with pipes returned by proc_open() on Windows x64).
• Zend Engine:
  • Fixed bug #64821 (Custom Exception crash when internal properties overridden).

06 Jun 2013

• Core:
  • Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode, CVE-2013-2110).
  • Fixed bug #64853 (Use of no longer available ini directives causes crash on TS build).
  • Fixed bug #64729 (compilation failure on x32).
  • Fixed bug #64720 (SegFault on zend_deactivate).
  • Fixed bug #64660 (Segfault on memory exhaustion within function definition).
• Calendar:
  • Fixed bug #64895 (Integer overflow in SndToJewish).
• Fileinfo:
  • Fixed bug #64830 (mimetype detection segfaults on mp3 file).
• FPM:
  • Ignore QUERY_STRING when sent in SCRIPT_FILENAME.
  • Fixed some possible memory or resource leaks and possible null dereference detected by code coverity scan.
  • Log a warning when a syscall fails.
  • Add --with-fpm-systemd option to report health to systemd, and systemd_interval option to configure this. The service can now use Type=notify in the systemd unit file.
• MySQLi
  • Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB pointer has closed).
• Phar:
  • Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or with non std tmp dir).
• SNMP:
  • Fixed bug #64765 (Some IPv6 addresses get interpreted wrong).
  • Fixed bug #64159 (Truncated snmpget).
• Streams:
  • Fixed bug #64770 (stream_select() fails with pipes returned by proc_open() on Windows x64).
• Zend Engine:
  • Fixed bug #64821 (Custom Exceptions crash when internal properties overridden).

09 May 2013

• Core:
  • Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap: segfault).
  • Fixed bug #64458 (dns_get_record result with string of length -1).
  • Fixed bug #64433 (follow_location parameter of context is ignored for most response codes).
  • Fixed bug #47675 (fd leak on Solaris).
  • Fixed bug #64577 (fd leak on Solaris).
• Fileinfo:
  • Upgraded libmagic to 5.14.
• Streams:
  • Fixed Windows x64 version of stream_socket_pair() and improved error handling.
• Zip:
  • Fixed bug #64342 (ZipArchive::addFile() has to check for file existence).

09 May 2013

• Core:
  • Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap: segfault).
  • Fixed bug #64458 (dns_get_record result with string of length -1).
  • Fixed bug #47675 (fd leak on Solaris).
  • Fixed bug #64577 (fd leak on Solaris).
• Streams:
  • Fixed Windows x64 version of stream_socket_pair() and improved error handling.
• Zip:
  • Fixed bug #64342 (ZipArchive::addFile() has to check for file existence).

11 Apr 2013

• Core:
  • Fixed bug #64529 (Ran out of opcode space).
  • Fixed bug #64515 (Memoryleak when using the same variablename two times in function declaration).
  • Fixed bug #64432 (more empty delimiter warning in strX methods).
  • Fixed bug #64417 (ArrayAccess::&offsetGet() in a trait causes fatal error).
  • Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']).
  • Fixed bug #64239 (Debug backtrace changed behavior since 5.4.10 or 5.4.11).
  • Fixed bug #63976 (Parent class incorrectly using child constant in class property).
  • Fixed bug #63914 (zend_do_fcall_common_helper_SPEC does not handle exceptions properly).
  • Fixed bug #62343 (Show class_alias In get_declared_classes()).
• PCRE:
  • Merged PCRE 8.32.
• SNMP:
  • Fixed bug #61981 (OO API, walk: $suffix_as_key is not working correctly).
• Zip:
  • Fixed bug #64452 (Zip crash intermittently). (Anatol)

11 Apr 2013

• Core:
  • Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']).
  • Fixed bug #63914 (zend_do_fcall_common_helper_SPEC does not handle exceptions properly).
  • Fixed bug #62343 (Show class_alias In get_declared_classes()).
• PCRE:
  • Merged PCRE 8.32.
• mysqlnd:
  • Fixed bug #63530 (mysqlnd_stmt::bind_one_parameter crashes, uses wrong alloc for stmt->param_bind).
• DateTime:
  • Fixed bug #62852 (Unserialize Invalid Date causes crash).
• Zip:
  • Fixed bug #64452 (Zip crash intermittently).

14 Mar 2013

• Core:
  • Fixed bug #64235 (Insteadof not work for class method in 5.4.11).
  • Implemented FR #64175 (Added HTTP codes as of RFC 6585).
  • Fixed bug #64142 (dval to lval different behavior on ppc64).
  • Fixed bug #64070 (Inheritance with Traits failed with error).
• CLI server:
  • Fixed bug #64128 (buit-in web server is broken on ppc64).
• Mbstring:
  • mb_split() can now handle empty matches like preg_split() does.
• OpenSSL:
  • Fixed bug #61930 (openssl corrupts ssl key resource when using openssl_get_publickey()).
• PDO_mysql:
  • Fixed bug #60840 (undefined symbol: mysqlnd_debug_std_no_trace_funcs).
• Phar:
  • Fixed timestamp update on Phar contents modification.
• SOAP:
  • Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635).
  • Disabled external entities loading (CVE-2013-1643, CVE-2013-1824).
• SPL:
  • Fixed bug #64264 (SPLFixedArray toArray problem).
  • Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS).
  • Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended).
  • Fixed bug #52861 (unset fails with ArrayObject and deep arrays).
• SNMP:
  • Fixed bug #64124 (IPv6 malformed).

14 Mar 2013

• Phar:
  • Fixed timestamp update on Phar contents modification.
• SOAP
  • Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635).
  • Disabled external entities loading (CVE-2013-1643, CVE-2013-1824).
• SPL:
  • Fixed bug #64264 (SPLFixedArray toArray problem).
  • Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS).
  • Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended).
  • Fixed bug #52861 (unset fails with ArrayObject and deep arrays).

21 Feb 2013

• Core:
  • Fixed bug #64099 (Wrong TSRM usage in zend_register_class alias).
  • Fixed bug #64011 (get_html_translation_table() output incomplete with HTML_ENTITIES and ISO-8859-1).
  • Fixed bug #63982 (isset() inconsistently produces a fatal error on protected property).
  • Fixed bug #63943 (Bad warning text from strpos() on empty needle).
  • Fixed bug #63899 (Use after scope error in zend_compile).
  • Fixed bug #63893 (Poor efficiency of strtr() using array with keys of very different length).
  • Fixed bug #63882 (zend_std_compare_objects crash on recursion).
  • Fixed bug #63462 (Magic methods called twice for unset protected properties).
  • Fixed bug #62524 (fopen follows redirects for non-3xx statuses).
  • Support BITMAPV5HEADER in getimagesize().

• Date:
  • Fixed bug #63699 (Performance improvements for various ext/date functions).
  • Fixed bug #55397 Comparsion of incomplete DateTime causes SIGSEGV.

• FPM:
  • Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11).

• Litespeed:
  • Fixed bug #63228 (-Werror=format-security error in lsapi code).

• sqlite3:
  • Fixed bug #63921 (sqlite3::bindvalue and relative PHP functions aren't using sqlite3_*_int64 API).

• PDO_OCI:
  • Fixed bug #57702 (Multi-row BLOB fetches).
  • Fixed bug #52958 (Segfault in PDO_OCI on cleanup after running a long testsuite).

• PDO_sqlite:
  • Fixed bug #63916 (PDO::PARAM_INT casts to 32bit int internally even on 64bit builds in pdo_sqlite).

21 Feb 2013

• Zend Engine:
  • Fixed bug #64099 (Wrong TSRM usage in zend_Register_class alias).
  • Fixed bug #63899 (Use after scope error in zend_compile).

• Core:
  • Fixed bug #63943 (Bad warning text from strpos() on empty needle).

• Date:
  • Fixed bug #55397 (comparsion of incomplete DateTime causes SIGSEGV).

• FPM:
  • Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11).

• SPL:
  • Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended).

17 Jan 2013

• Core:
  • Fixed bug #63762 (Sigsegv when Exception::$trace is changed by user).
  • Fixed bug #43177 (Errors in eval()'ed code produce status code 500).

• Filter:
  • Fixed bug #63757 (getenv() produces memory leak with CGI SAPI).
  • Fixed bug #54096 (FILTER_VALIDATE_INT does not accept +0 and -0).

• JSON:
  • Fixed bug #63737 (json_decode does not properly decode with options parameter).

• CLI server:
  • Update list of common mime types. Added webm, ogv, ogg.

• cURL extension:
  • Fixed bug (segfault due to libcurl connection caching).
  • Fixed bug #63859 (Memory leak when reusing curl-handle).
  • Fixed bug #63795 (CURL >= 7.28.0 no longer support value 1 for CURLOPT_SSL_VERIFYHOST).
  • Fixed bug #63352 (Can't enable hostname validation when using curl stream wrappers).
  • Fixed bug #55438 (Curlwapper is not sending http header randomly).

17 Jan 2013

• Zend Engine:
  • Fixed bug #63762 (Sigsegv when Exception::$trace is changed by user).

• cURL extension:
  • Fixed bug (segfault due to libcurl connection caching).
  • Fixed bug #63795 (CURL >= 7.28.0 no longer support value 1 for CURLOPT_SSL_VERIFYHOST).
  • Fixed bug #63352 (Can't enable hostname validation when using curl stream wrappers).
  • Fixed bug #55438 (Curlwapper is not sending http header randomly).

20 Dec 2012

• Core:
  • Fixed bug #63635 (Segfault in gc_collect_cycles).
  • Fixed bug #63512 (parse_ini_file() with INI_SCANNER_RAW removes quotes from value).
  • Fixed bug #63468 (wrong called method as callback with inheritance).
  • Fixed bug #63451 (config.guess file does not have AIX 7 defined, shared objects are not created).
  • Fixed bug #61557 (Crasher in tt-rss backend.php).
  • Fixed bug #61272 (ob_start callback gets passed empty string).

• Date:
  • Fixed bug #63666 (Poor date() performance).
  • Fixed bug #63435 (Datetime::format('u') sometimes wrong by 1 microsecond).

• Imap:
  • Fixed bug #63126 (DISABLE_AUTHENTICATOR ignores array).

• Json:
  • Fixed bug #63588 (use php_next_utf8_char and remove duplicate implementation).

• MySQLi:
  • Fixed bug #63361 (missing header).

• MySQLnd:
  • Fixed bug #63398 (Segfault when polling closed link).

• Fileinfo:
  • Fixed bug #63590 (Different results in TS and NTS under Windows).

• FPM:
  • Fixed bug #63581 Possible null dereference and buffer overflow.

• Pdo_sqlite:
  • Fixed bug #63149 getColumnMeta should return the table name when system SQLite used.

• Apache2 Handler SAPI:
  • Enabled Apache 2.4 configure option for Windows.

• Reflection:
  • Fixed bug #63614 (Fatal error on Reflection).

• SOAP:
  • Fixed bug #63271 (SOAP wsdl cache is not enabled after initial requests).

• Sockets:
  • Fixed bug #49341 (Add SO_REUSEPORT support for socket_set_option()).

20 Dec 2012

• Zend Engine:
  • Fixed bug #63635 (Segfault in gc_collect_cycles).
  • Fixed bug #63512 (parse_ini_file() with INI_SCANNER_RAW removes quotes from value).
  • Fixed bug #63468 (wrong called method as callback with inheritance).

• Core:
  • Fixed bug #63451 (config.guess file does not have AIX 7 defined, shared objects are not created).
  • Fixed bug #63377 (Segfault on output buffer).

• Apache2 Handler SAPI:
  • Enabled Apache 2.4 configure option for Windows.

• Date:
  • Fixed bug #63435 (Datetime::format('u') sometimes wrong by 1 microsecond).

• Fileinfo:
  • Fixed bug #63248 (Load multiple magic files from a directory under Windows).
  • Fixed bug #63590 (Different results in TS and NTS under Windows).

• FPM:
  • Fixed bug #63581 (Possible null dereference and buffer overflow).

• Imap:
  • Fixed bug #63126 (DISABLE_AUTHENTICATOR ignores array).

• MySQLnd:
  • Fixed bug #63398 (Segfault when polling closed link).

• Reflection:
  • Fixed bug #63614 (Fatal error on Reflection).

• SOAP:
  • Fixed bug #63271 (SOAP wsdl cache is not enabled after initial requests).

22 Nov 2012

• Core:
  • Fixed bug #63305 (zend_mm_heap corrupted with traits).
  • Fixed bug #63369 ((un)serialize() leaves dangling pointers, causes crashes).
  • Fixed bug #63241 (PHP fails to open Windows deduplicated files).
  • Fixed bug #62444 (Handle leak in is_readable on windows).

• Curl:
  • Fixed bug #63363 (Curl silently accepts boolean true for SSL_VERIFYHOST).

• Fileinfo:
  • Fixed bug #63248 (Load multiple magic files from a directory under Windows).

• Libxml
  • Fixed bug #63389 (Missing context check on libxml_set_streams_context() causes memleak).

• Mbstring:
  • Fixed bug #63447 (max_input_vars doesn't filter variables when mbstring.encoding_translation = On).

• OCI8:
  • Fixed bug #63265 (Add ORA-00028 to the PHP_OCI_HANDLE_ERROR macro)

• PCRE:
  • Fixed bug #63180 (Corruption of hash tables).
  • Fixed bug #63055 (Segfault in zend_gc with SF2 testsuite).
  • Fixed bug #63284 (Upgrade PCRE to 8.31).

• PDO:
  • Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec).

• PDO_pgsql:
  • Fixed bug #62593 (Emulate prepares behave strangely with PARAM_BOOL).

• Phar:
  • Fixed bug #63297 (Phar fails to write an openssl based signature).

• Streams:
  • Fixed bug #63240 (stream_get_line() return contains delimiter string).

• Reflection:
  • Fixed bug #63399 (ReflectionClass::getTraitAliases() incorrectly resolves traitnames).

22 Nov 2012

• Core:
  • Fixed bug #63241 (PHP fails to open Windows deduplicated files).
  • Fixed bug #62444 (Handle leak in is_readable on windows).

• Libxml:
  • Fixed bug #63389 (Missing context check on libxml_set_streams_context() causes memleak).

• Mbstring:
  • Fixed bug #63447 (max_input_vars doesn't filter variables when mbstring.encoding_translation = On).

• MySQL:
  • Fixed compilation failure on mixed 32/64 bit systems.

• OCI8:
  • Fixed bug #63265 (Add ORA-00028 to the PHP_OCI_HANDLE_ERROR macro)

• PCRE:
  • Fixed bug #63055 (Segfault in zend_gc with SF2 testsuite).
  • Fixed bug #63284 (Upgrade PCRE to 8.31).

• PDO:
  • Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec).

• PDO_pgsql:
  • Fixed bug #62593 (Emulate prepares behave strangely with PARAM_BOOL).

• Phar:
  • Fixed bug #63297 (Phar fails to write an openssl based signature).

• Streams:
  • Fixed bug #63240 (stream_get_line() return contains delimiter string).

18 Oct 2012

• CLI server
  • Changed response to unknown HTTP method to 501 according to RFC.
  • Support HTTP PATCH method.

• Core
  • Added optional second argument for assert() to specify custom message.
  • Support building PHP with the native client toolchain.
  • Added --offline option for tests.
  • Fixed bug #63162 (parse_url does not match password component).
  • Fixed bug #63111 (is_callable() lies for abstract static method).
  • Fixed bug #63093 (Segfault while load extension failed in zts-build).
  • Fixed bug #62976 (Notice: could not be converted to int when comparing some builtin classes).
  • Fixed bug #62955 (Only one directive is loaded from 'Per Directory Values' Windows registry).
  • Fixed bug #62907 (Double free when use traits).
  • Fixed bug #61767 (Shutdown functions not called in certain error situation).
  • Fixed bug #60909 (custom error handler throwing Exception + fatal error = no shutdown function).
  • Fixed bug #60723 (error_log error time has changed to UTC ignoring default timezone).

• cURL
  • Fixed bug #62085 (file_get_contents a remote file by Curl wrapper will cause cpu Soaring).

• Date
  • Fixed bug #62896 ('DateTime->modify('+0 days')' modifies DateTime object)
  • Fixed bug #62561 (DateTime add 'P1D' adds 25 hours).

• DOM
  • Fixed bug #63015 (Incorrect arginfo for DOMErrorHandler).

• FPM
  • Fixed bug #62954 (startup problems fpm / php-fpm).
  • Fixed bug #62886 (PHP-FPM may segfault/hang on startup).
  • Fixed bug #63085 (Systemd integration and daemonize).
  • Fixed bug #62947 (Unneccesary warnings on FPM).
  • Fixed bug #62887 (Only /status?plain&full gives 'last request cpu').
  • Fixed bug #62216 (Add PID to php-fpm init.d script).

• OpenSSL
  • Implemented FR #61421 (OpenSSL signature verification missing RMD160, SHA224, SHA256, SHA384, SHA512).

• SOA
  • Fixed bug #50997 (SOAP Error when trying to submit 2nd Element of a choice).

• SPL
  • Fixed bug #62987 (Assigning to ArrayObject[null][something] overrides all undefined variables).

• mbstring
  • Allow passing null as a default value to mb_substr() and mb_strcut(). Patch by Alexander Moskaliov via GitHub PR GH-133.

• Filter extension
  • Fixed bug #49510 (Boolean validation fails with FILTER_NULL_ON_FAILURE with empty string or false.)

• Socket
  • Fixed bug #63000 (MCAST_JOIN_GROUP on OSX is broken, merge of PR 185 by Igor Wiedler).

18 Oct 2012

• Core
  • Fixed bug #63111 (is_callable() lies for abstract static method).
  • Fixed bug #63093 (Segfault while load extension failed in zts-build).
  • Fixed bug #62976 (Notice: could not be converted to int when comparing some builtin classes).
  • Fixed bug #61767 (Shutdown functions not called in certain error situation).
  • Fixed bug #61442 (exception threw in __autoload can not be catched).
  • Fixed bug #60909 (custom error handler throwing Exception + fatal error = no shutdown function).

• cURL
  • Fixed bug #62085 (file_get_contents a remote file by Curl wrapper will cause cpu Soaring).

• FPM
  • Fixed bug #62954 (startup problems fpm / php-fpm).
  • Fixed bug #62886 (PHP-FPM may segfault/hang on startup).
  • Fixed bug #63085 (Systemd integration and daemonize).
  • Fixed bug #62947 (Unneccesary warnings on FPM).
  • Fixed bug #62887 (Only /status?plain&full gives 'last request cpu').
  • Fixed bug #62216 (Add PID to php-fpm init.d script).

• Intl
  • Fixed bug #62915 (defective cloning in several intl classes).

• SOAP
  • Fixed bug #50997 (SOAP Error when trying to submit 2nd Element of a choice).

• SPL
  • Fixed bug #62987 (Assigning to ArrayObject[null][something] overrides all undefined variables).

13 Sep 2012

• Core
  • Fixed bug (segfault while build with zts and GOTO vm-kind)
  • Fixed bug #62955 (Only one directive is loaded from 'Per Directory Values' Windows registry)
  • Fixed bug #62844 (parse_url() does not recognize //)
  • Fixed bug #62829 (stdint.h included on platform where HAVE_STDINT_H is not set)
  • Fixed bug #62763 (register_shutdown_function and extending class)
  • Fixed bug #62725 (Calling exit() in a shutdown function does not return the exit value)
  • Fixed bug #62744 (dangling pointers made by zend_disable_class)
  • Fixed bug #62716 (munmap() is called with the incorrect length)
  • Fixed bug #62358 (Segfault when using traits a lot)
  • Fixed bug #62328 (implementing __toString and a cast to string fails)
  • Fixed bug #51363 (Fatal error raised by var_export() not caught by error handler)
  • Fixed bug #40459 (Stat and Dir stream wrapper methods do not call constructor)

• CURL
  • Fixed bug #62912 (CURLINFO_PRIMARY_* AND CURLINFO_LOCAL_* not exposed)
  • Fixed bug #62839 (curl_copy_handle segfault with CURLOPT_FILE)

• DateTime
  • Fixed bug #62852 (Unserialize invalid DateTime causes crash)

• Intl
  • Fixed Spoofchecker not being registered on ICU 49.1
  • Fixed bug #62933 (ext/intl compilation error on icu 3.4.1)
  • Fixed bug #62915 (defective cloning in several intl classes)

• Installation
  • Fixed bug #62460 (php binaries installed as binary.dSYM)

• PCRE
  • Fixed bug #55856 (preg_replace should fail on trailing garbage)

• PDO
  • Fixed bug #62685 (Wrong return datatype in PDO::inTransaction())

• Reflection
  • Fixed bug #62892 (ReflectionClass::getTraitAliases crashes on importing trait methods as private)
  • Fixed bug #62715 (ReflectionParameter::isDefaultValueAvailable() wrong result)

• Session
  • Fixed bug (segfault due to retval is not initialized)
  • Fixed bug (segfault due to PS(mod_user_implemented) not be reseted when close handler call exit)

• SPL
  • Fixed bug #62904 (Crash when cloning an object which inherits SplFixedArray)
  • Implemented FR #62840 (Add sort flag to ArrayObject::ksort)

• Standard
  • Fixed bug #62836 (Seg fault or broken object references on unserialize())

• FPM
  • Merged PR 121 by minitux to add support for slow request counting on PHP FPM status page

13 Sep 2012

• Core
  • Fixed bug (segfault while build with zts and GOTO vm-kind)
  • Fixed bug #62955 (Only one directive is loaded from 'Per Directory Values' Windows registry)
  • Fixed bug #62763 (register_shutdown_function and extending class)
  • Fixed bug #62744 (dangling pointers made by zend_disable_class)
  • Fixed bug #62716 (munmap() is called with the incorrect length)
  • Fixed bug #62460 (php binaries installed as binary.dSYM)

• CURL
  • Fixed bug #62839 (curl_copy_handle segfault with CURLOPT_FILE)

• DateTime
  • Fixed bug #62852 (Unserialize invalid DateTime causes crash)

• Intl
  • Fix null pointer dereferences in some classes of ext/intl

• MySQLnd
  • Fixed bug #62885 (mysqli_poll - Segmentation fault)

• PDO
  • Fixed bug #62685 (Wrong return datatype in PDO::inTransaction())

• Session
  • Fixed bug (segfault due to retval is not initialized)

• SPL
  • Fixed bug #62904 (Crash when cloning an object which inherits SplFixedArray)

• Enchant
  • Fixed bug #62838 (enchant_dict_quick_check() destroys zval, but fails to initialize it)

16 Aug 2012

• CLI Server
  • Implemented FR #62700 (have the console output 'Listening on http://localhost:8000').

• Core
  • Fixed bug #62661 (Interactive php-cli crashes if include() is used in auto_prepend_file).
  • Fixed bug #62653: (unset($array[$float]) causes a crash).
  • Fixed bug #62565 (Crashes due non-initialized internal properties_table).
  • Fixed bug #60194 (--with-zend-multibyte and --enable-debug reports LEAK with run-test.php).

• CURL
  • Fixed bug #62499 (curl_setopt($ch, CURLOPT_COOKIEFILE, '') returns false).

• DateTime
  • Fixed bug #62500 (Segfault in DateInterval class when extended).

• Fileinfo
  • Fixed bug #61964 (finfo_open with directory causes invalid free).

• Intl
  • Fixed bug #62564 (Extending MessageFormatter and adding property causes crash).

• MySQLnd
  • Fixed bug #62594 (segfault in mysqlnd_res_meta::set_mode).

• readline
  • Fixed bug #62612 (readline extension compilation fails with sapi/cli/cli.h: No such file).

• Reflection
  • Implemented FR #61602 (Allow access to name of constant used as default value).

• SimpleXML
  • Implemented FR #55218 (Get namespaces from current node).

• SPL
  • Fixed bug #62616 (ArrayIterator::count() from IteratorIterator instance gives Segmentation fault).
  • Fixed bug #61527 (ArrayIterator gives misleading notice on next() when moved to the end).

• Streams
  • Fixed bug #62597 (segfault in php_stream_wrapper_log_error with ZTS build).

• Zlib
  • Fixed bug #55544 (ob_gzhandler always conflicts with zlib.output_compression).

16 Aug 2012

• Core
  • Fixed bug #62763 (register_shutdown_function and extending class).
  • Fixed bug #62744 (dangling pointers made by zend_disable_class).
  • Fixed bug #62716 (munmap() is called with the incorrect length).
  • Fixed bug #62460 (php binaries installed as binary.dSYM).
  • Fixed bug #60194 (--with-zend-multibyte and --enable-debug reports LEAK with run-test.php).

• CURL
  • Fixed bug #62839 (curl_copy_handle segfault with CURLOPT_FILE).
  • Fixed bug #62499 (curl_setopt($ch, CURLOPT_COOKIEFILE, '') returns false).

• DateTime
  • Fixed bug #62500 (Segfault in DateInterval class when extended).

• Enchant
  • Fixed bug #62838 (enchant_dict_quick_check() destroys zval, but fails to initialize it).

• PDO
  • Fixed bug #62685 (Wrong return datatype in PDO::inTransaction()).

• Reflection
  • Fixed bug #62715 (ReflectionParameter::isDefaultValueAvailable() wrong result).

• Session
  • Fixed bug (segfault due to retval is not initialized).

• SPL
  • Fixed bug #62616 (ArrayIterator::count() from IteratorIterator instance gives Segmentation fault).

19 Jul 2012

• Core
  • Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
  • Fixed bug #62432 (ReflectionMethod random corrupt memory on high concurrent)
  • Fixed bug #62373 (serialize() generates wrong reference to the object).
  • Fixed bug #62357 (compile failure: (S) Arguments missing for built-in function __memcmp)
  • Fixed bug #61998 (Using traits with method aliases appears to result in crash during execution)
  • Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that includes a semi-colon)
  • Fixed potential overflow in _php_stream_scandir (CVE-2012-2688)

• EXIF
  • Fixed information leak in ext exif

• FPM
  • Fixed bug #62205 (php-fpm segfaults (null passed to strstr)
  • Fixed bug #62160 (Add process.priority to set nice(2) priorities)
  • Fixed bug #62153 (when using unix sockets, multiples FPM instances)
  • Fixed bug #62033 (php-fpm exits with status 0 on some failures to start)
  • Fixed bug #61839 (Unable to cross-compile PHP with --enable-fpm)
  • Fixed bug #61835 (php-fpm is not allowed to run as root)
  • Fixed bug #61295 (php-fpm should not fail with commented 'user'
  • Fixed bug #61218 (FPM drops connection while receiving some binary values in FastCGI requests)
  • Fixed bug #61045 (fpm don't send error log to fastcgi clients). (fat) for non-root start)
  • Fixed bug #61026 (FPM pools can listen on the same address). (fat) can be launched without errors)

• Iconv
  • Fixed bug #55042 (Erealloc in iconv.c unsafe)

• Intl
  • Fixed bug #62083 (grapheme_extract() memory leaks)
  • Fixed bug #62081 (IntlDateFormatter constructor leaks memory when called twice)
  • Fixed bug #62070 (Collator::getSortKey() returns garbage)
  • Fixed bug #62017 (datefmt_create with incorrectly encoded timezone leaks pattern)
  • Fixed bug #60785 (memory leak in IntlDateFormatter constructor)
  • ResourceBundle constructor now accepts NULL for the first two arguments

• JSON
  • Fixed bug #61359 (json_encode() calls too many reallocs)

• libxml
  • Fixed bug #62266 (Custom extension segfaults during xmlParseFile with FPM SAPI)

• Phar
  • Fixed bug #62227 (Invalid phar stream path causes crash)

• Readline
  • Fixed bug #62186 (readline fails to compile - void function should not return a value)

• Reflection
  • Fixed bug #62384 (Attempting to invoke a Closure more than once causes segfault)
  • Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory leaks with constant)

• Sockets
  • Fixed bug #62025 (__ss_family was changed on AIX 5.3)

• SPL
  • Fixed bug #62433 (Inconsistent behavior of RecursiveDirectoryIterator to dot files)
  • Fixed bug #62262 (RecursiveArrayIterator does not implement Countable)

• XML Writer
  • Fixed bug #62064 (memory leak in the XML Writer module)

• Zip
  • Upgraded libzip to 0.10.

19 Jul 2012

• Zend Engine
  • Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that includes a semi-colon)

• COM
  • Fixed bug #62146 com_dotnet cannot be built shared

• Core
  • Fixed potential overflow in _php_stream_scandir, CVE-2012-2688
  • Fixed bug #62432 (ReflectionMethod random corrupt memory on high concurrent)
  • Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)

• Fileinfo
  • Fixed magic file regex support

• FPM
  • Fixed bug #61045 (fpm don't send error log to fastcgi clients)
  • Fixed bug #61835 (php-fpm is not allowed to run as root)
  • Fixed bug #61295 (php-fpm should not fail with commented 'user' for non-root start)
  • Fixed bug #61026 (FPM pools can listen on the same address)
  • Fixed bug #62033 (php-fpm exits with status 0 on some failures to start)
  • Fixed bug #62153 (when using unix sockets, multiples FPM instances can be launched without errors)
  • Fixed bug #62160 (Add process.priority to set nice(2) priorities)
  • Fixed bug #61218 (FPM drops connection while receiving some binary values in FastCGI requests)
  • Fixed bug #62205 (php-fpm segfaults (null passed to strstr))

• Intl
  • Fixed bug #62083 (grapheme_extract() memory leaks)
  • Fixed bug #62081 (IntlDateFormatter constructor leaks memory when called twice)
  • Fixed bug #62070 (Collator::getSortKey() returns garbage)
  • Fixed bug #62017 (datefmt_create with incorrectly encoded timezone leaks pattern)
  • Fixed bug #60785 (memory leak in IntlDateFormatter constructor)

• JSON
  • Reverted fix for bug #61537

• Phar
  • Fixed bug #62227 (Invalid phar stream path causes crash)

• Reflection
  • Fixed bug #62384 (Attempting to invoke a Closure more than once causes segfault)
  • Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory leaks with constant)

• SPL
  • Fixed bug #62262 (RecursiveArrayIterator does not implement Countable)

• SQLite
  • Fixed open_basedir bypass, CVE-2012-3365

• XML Write
  • Fixed bug #62064 (memory leak in the XML Writer module)

• Zip
  • Upgraded libzip to 0.10

06 Jun 2012

• CLI SAPI
  • Implemented FR #61977 (Need CLI web-server support for files with .htm & svg extensions)
  • Improved performance while sending error page, this also fixed bug Fixed bug #61785 (Memory leak when access a non-exists file without router)
  • Fixed bug #61546 (functions related to current script failed when chdir() in cli sapi)

• Core
  • Fixed missing bound check in iptcparse()
  • Fixed CVE-2012-2143
  • Fixed bug #62097 (fix for bug #54547)
  • Fixed bug #62005 (unexpected behavior when incrementally assigning to a member of a null object)
  • Fixed bug #61978 (Object recursion not detected for classes that implement JsonSerializable)
  • Fixed bug #61991 (long overflow in realpath_cache_get())
  • Fixed bug #61922 (ZTS build doesn't accept zend.script_encoding config)
  • Fixed bug #61827 (incorrect e processing on Windows)
  • Fixed bug #61782 (__clone/__destruct do not match other methods when checking access controls)
  • Fixed bug #61761 ('Overriding' a private static method with a different signature causes crash)
  • Fixed bug #61730 (Segfault from array_walk modifying an array passed by reference)
  • Fixed bug #61728 (PHP crash when calling ob_start in request_shutdown phase)
  • Fixed bug #61660 (bin2hex(hex2bin($data)) != $data)
  • Fixed bug #61650 (ini parser crashes when using ${xxxx} ini variables (without apache2))
  • Fixed bug #61605 (header_remove() does not remove all headers)
  • Fixed bug #54547 (wrong equality of string numbers)
  • Fixed bug #54197 ([PATH=] sections incompatibility with user_ini.filename set to null)
  • Changed php://fd to be available only for CLI

• CURL
  • Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)

• COM
  • Fixed bug #62146 com_dotnet cannot be built shared

• Fileinfo
  • Fixed bug #61812 (Uninitialised value used in libmagic)

• FPM
  • Fixed bug #61812 (Uninitialised value used in libmagic)
  • Fixed bug #61565 where php_stream_open_wrapper_ex tries to open a directory descriptor under windows
  • Fixed bug #61566 failure caused by the posix lseek and read versions under windows in cdf_read()

• Iconv
  • Fixed a bug that iconv extension fails to link to the correct library when another extension makes use of a library that links to the iconv library. See https://bugs.gentoo.org/show_bug.cgi?id=364139 for detail

• Intl
  • Fixed bug #62082 (Memory corruption in internal function get_icu_disp_value_src_php()

• JSON
  • Fixed bug #61537 (json_encode() incorrectly truncates/discards information)

• LibXML
  • Fixed bug #61617 (Libxml tests failed(ht is already destroyed))

• PDO
  • Fixed bug #61755 (A parsing bug in the prepared statements can lead to access violations). (CVE-2012-3450)

• Phar
  • Fixed bug #61065 (Secunia SA44335) (CVE-2012-2386)

• Streams
  • Fixed bug #61961 (file_get_contents leaks when access empty file with maxlen set)

• zlib
  • Fixed bug #61820 (using ob_gzhandler will complain about headers already sent when no compression)
  • Fixed bug #61443 (can't change zlib.output_compression on the fly)
  • Fixed bug #60761 (zlib.output_compression fails on refresh)

06 Jun 2012

• CLI SAPI
  • Fixed bug #61546 (functions related to current script failed when chdir() in cli sapi)

• Core
  • Fixed CVE-2012-2143
  • Fixed bug #62005 (unexpected behavior when incrementally assigning to a member of a null object)
  • Fixed bug #61730 (Segfault from array_walk modifying an array passed by reference)
  • Fixed missing bound check in iptcparse()
  • Fixed bug #61764 ('I' unpacks n as signed if n > 2^31-1 on LP64)
  • Fixed bug #54197 ([PATH=] sections incompatibility with user_ini.filename set to null)
  • Fixed bug #61713 (Logic error in charset detection for htmlentities)
  • Fixed bug #61991 (long overflow in realpath_cache_get())
  • Changed php://fd to be available only for CLI.

• CURL
  • Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)

• COM
  • Fixed bug #62146 com_dotnet cannot be built shared

• Fileinfo
  • Fixed bug #61812 (Uninitialised value used in libmagic)

• Iconv
  • Fixed a bug that iconv extension fails to link to the correct library when another extension makes use of a library that links to the iconv library. See https://bugs.gentoo.org/show_bug.cgi?id=364139 for detail

• Intl
  • Fixed bug #62082 (Memory corruption in internal function get_icu_disp_value_src_php()

• JSON
  • Fixed bug #61537 (json_encode() incorrectly truncates/discards information)

• PDO
  • Fixed bug #61755 (A parsing bug in the prepared statements can lead to access violations). (CVE-2012-3450)

• Phar
  • Fixed bug #61065 (Secunia SA44335) (CVE-2012-2386)

• Streams
  • Fixed bug #61961 (file_get_contents leaks when access empty file with maxlen set)

08 May 2012

• Fixed bug #61807 Buffer Overflow in apache_request_headers, CVE-2012-2329.
• Fixed bug #61910 Improve fix for PHP-CGI query string parameter vulnerability, CVE-2012-2311.

08 May 2012

• Fixed bug #61910 Improve fix for PHP-CGI query string parameter vulnerability, CVE-2012-2311.

03 May 2012

• Fixed bug #61910 Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823.

03 May 2012

• Fixed bug #61910 Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823.

26 Apr 2012

• CLI Server
  • Fixed bug #61461 (missing checks around malloc() calls).
  • Implemented FR #60850 (Built in web server does not set $_SERVER['SCRIPT_FILENAME'] when using router).

• Core
  • Fixed crash in ZTS using same class in many threads.
  • Fixed bug #61374 (html_entity_decode tries to decode code points that don't exist in ISO-8859-1).
  • Fixed bug #61225 (Incorrect lexing of 0b00*+<NUM>).
  • Fixed bug #61106 (Segfault when using header_register_callback).
  • Fixed bug #61052 (Missing error check in trait 'insteadof' clause).
  • Fixed bug #61011 (Crash when an exception is thrown by __autoload accessing a static property).
  • Fixed bug #60978 (exit code incorrect).
  • Fixed bug #60911 (Confusing error message when extending traits).
  • Fixed bug #60717 (Order of traits in use statement can cause a fatal error).
  • Fixed bug #60573 (type hinting with 'self' keyword causes weird errors).

• Fileinfo
  • Fix fileinfo test problems.

• Intl
  • Fixed bug #61487 (Incorrent bounds checking in grapheme_strpos).

• mbstring
  • MFH mb_ereg_replace_callback() for security enhancements.

• mysqlnd
  • Fixed bug #60948 (mysqlnd FTBFS when -Wformat-security is enabled).

• Standard
  • Fixed memory leak in substr_replace.
  • Make max_file_uploads ini directive settable outside of php.
  • Fixed bug #61409 (Bad formatting on phpinfo()).
  • Fixed bug #60222 (time_nanosleep() does validate input params).
  • Fixed bug #60106 (stream_socket_server silently truncates long unix socket paths).

26 Apr 2012

• Core
  • Fixed bug #61650 (ini parser crashes when using ${xxxx} ini variables (without apache2)).
  • Fixed bug #61273 (call_user_func_array with more than 16333 arguments leaks / crashes).
  • Fixed bug #61165 (Segfault - strip_tags()).
  • Fixed bug #61095 (Incorect lexing of 0x00*+<NUM>).
  • Fixed bug #61087 (Memory leak in parse_ini_file when specifying invalid scanner mode).
  • Fixed bug #61072 (Memory leak when restoring an exception handler).
  • Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX).
  • Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical vars).
  • Fixed bug #60895 (Possible invalid handler usage in windows random functions).
  • Fixed bug #60825 (Segfault when running symfony 2 tests).
  • Fixed bug #60801 (strpbrk() mishandles NUL byte).
  • Fixed bug #60569 (Nullbyte truncates Exception $message).
  • Fixed bug #60227 (header() cannot detect the multi-line header with CR).
  • Fixed bug #60222 (time_nanosleep() does validate input params).
  • Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
  • Fixed bug #52719 (array_walk_recursive crashes if third param of the function is by reference).
  • Improve performance of set_exception_handler while doing reset.
  • Fixed bug #51860 (Include fails with toplevel symlink to /).

• DOM
  • Added debug info handler to DOM objects.

• FPM
  • Fixed bug #61430 (Transposed memset() params in sapi/fpm/fpm/fpm_shm.)
  • Fixed bug #60811 (php-fpm compilation problem).

• Fileinfo
  • Upgraded libmagic to 5.
  • Fixed bug #61565 where php_stream_open_wrapper_ex tries to open a directory descriptor under windows.
  • Fixed bug #61566 failure caused by the posix lseek and read versions under windows in cdf_read().
  • Fixed bug #61173 (Unable to detect error from finfo constructor).

• Firebird Database extension (ibase)
  • Fixed bug #60802 (ibase_trans() gives segfault when passing params).

• Ibase
  • Fixed bug #60947 (Segmentation fault while executing ibase_db_info).

• Installation
  • Fixed bug #61172 (Add Apache 2.4 support).

• mysqli
  • Fixed bug #61003 (mysql_stat() require a valid connection).

• PDO_mysql
  • Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't always work).
  • Fixed bug #61194 (PDO should export compression flag with myslqnd).

• PDO_odbc
  • Fixed bug #61212 (PDO ODBC Segfaults on SQL_SUCESS_WITH_INFO).

• PDO_pgsql
  • Fixed bug #61267 (pdo_pgsql's PDO::exec() returns the number of SELECTed rows on postgresql >= 9).

• PDO_Sqlite extension
  • Add createCollation support.

• pgsql
  • Fixed bug #60718 (Compile problem with libpq (PostgreSQL 7.3 or less).

• Phar
  • Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL bytes).

• Readline
  • Fixed bug #61088 (Memory leak in readline_callback_handler_install).
  • Add open_basedir checks to readline_write_history and readline_read_history.

• Reflection
  • Fixed bug #61388 (ReflectionObject:getProperties() issues invalid reads when get_properties returns a hash table with (inaccessible) dynamic numeric properties).
  • Fixed bug #60968 (Late static binding doesn't work with ReflectionMethod::invokeArgs()).

• Session
  • Fixed bug #60860 (session.save_handler=user without defined function core dumps).
  • Fixed bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()).

• SOAP
  • Fixed bug #61423 (gzip compression fails).
  • Fixed bug #60887 (SoapClient ignores user_agent option and sends no User-Agent header).
  • Fixed bug #60842, Fixed bug #51775 (Chunked response parsing error when chunksize length line is > 10 bytes).
  • Fixed bug #49853 (Soap Client stream context header option ignored).

• SPL
  • Fixed memory leak when calling SplFileInfo's constructor twice.
  • Fixed bug #61418 (Segmentation fault when DirectoryIterator's or FilesystemIterator's iterators are requested more than once without having had its dtor callback called in between).
  • Fixed bug #61347 (inconsistent isset behavior of Arrayobject).
  • Fixed bug #61326 (ArrayObject comparison).

• SQLite3 extension
  • Add createCollation() method.

• Streams
  • Fixed bug #61371 (stream_context_create() causes memory leaks on use streams_socket_create).
  • Fixed bug #61253 (Wrappers opened with errors concurrency problem on ZTS).
  • Fixed bug #61115 (stream related segfault on fatal error in php_stream_context_link).
  • Fixed bug #60817 (stream_get_line() reads from stream even when there is already sufficient data buffered). stream_get_line() now behaves more like fgets(), as is documented.
  • Further fix for bug Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected together with the last read).
  • Fixed bug #60106 (stream_socket_server silently truncates long unix socket paths).

• Tidy
  • Fixed bug #54682 (tidy null pointer dereference).

• XMLRPC
  • Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary variable).
  • Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals).

• Zlib
  • Fixed bug #61306 (initialization of global inappropriate for ZTS).
  • Fixed bug #61287 (A particular string fails to decompress).
  • Fixed bug #61139 (gzopen leaks when specifying invalid mode).

01 Mar 2012

• autoconf 2.59+ is now supported (and required) for generating the configure script with ./buildconf. Autoconf 2.60+ is desirable otherwise the configure help order may be incorrect.

• Removed legacy features
  • break/continue $var syntax.
  • Safe mode and all related ini options.
  • register_globals and register_long_arrays ini options.
  • import_request_variables().
  • allow_call_time_pass_reference.
  • define_syslog_variables ini option and its associated function.
  • highlight.bg ini option.
  • Session bug compatibility mode (session.bug_compat_42 and session.bug_compat_warn ini options).
  • session_is_registered(), session_register() and session_unregister() functions.
  • y2k_compliance ini option.
  • magic_quotes_gpc, magic_quotes_runtime and magic_quotes_sybase ini options. get_magic_quotes_gpc, get_magic_quotes_runtime are kept but always return false, set_magic_quotes_runtime raises an E_CORE_ERROR.
  • Removed support for putenv('TZ=..') for setting the timezone.
  • Removed the timezone guessing algorithm in case the timezone isn't set with date.timezone or date_default_timezone_set(). Instead of a guessed timezone, 'UTC' is now used instead.

• Moved extensions to PECL
  • ext/sqlite. (Note: the ext/sqlite3 and ext/pdo_sqlite extensions are not affected)

• General improvements
  • Added short array syntax support ([1,2,3]), see UPGRADING guide for full details.
  • Added binary numbers format (0b001010).
  • Added support for Class::{expr}() syntax.
  • Added multibyte support by default. Previously php had to be compiled with --enable-zend-multibyte. Now it can be enabled or disabled through zend.multibyte directive in php.ini.
  • Removed compile time dependency from ext/mbstring.
  • Added support for Traits.
  • Added closure $this support back.
  • Added array dereferencing support.
  • Added callable typehint.
  • Added indirect method call through array. #47160.
  • Added DTrace support.
  • Added class member access on instantiation (e.g. (new foo)->bar()) support.
  • <?= is now always available regardless of the short_open_tag setting.
  • Implemented Zend Signal Handling (configurable option --enable-zend-signals, off by default).
  • Improved output layer, see README.NEW-OUTPUT-API for internals.
  • Improved unix build system to allow building multiple PHP binary SAPIs and one SAPI module the same time. #53271, #52419.
  • Implemented closure rebinding as parameter to bindTo.
  • Improved the warning message of incompatible arguments.
  • Improved ternary operator performance when returning arrays.
  • Changed error handlers to only generate docref links when the docref_root INI setting is not empty.
  • Changed silent conversion of array to string to produce a notice.
  • Changed default value of 'default_charset' php.ini option from ISO-8859-1 to UTF-8.
  • Changed silent casting of null/''/false into an Object when adding a property into a warning.
  • Changed E_ALL to include E_STRICT.
  • Disabled windows CRT warning by default, can be enabled again using the ini directive windows_show_crt_warnings.
  • Fixed bug #55378: Binary number literal returns float number though its value is small enough.

• Improved Zend Engine memory usage
  • Improved parse error messages.
  • Replaced zend_function.pass_rest_by_reference by ZEND_ACC_PASS_REST_BY_REFERENCE in zend_function.fn_flags.
  • Replaced zend_function.return_reference by ZEND_ACC_RETURN_REFERENCE in zend_function.fn_flags.
  • Removed zend_arg_info.required_num_args as it was only needed for internal functions. Now the first arg_info for internal functions (which has special meaning) is represented by zend_internal_function_info structure.
  • Moved zend_op_array.size, size_var, size_literal, current_brk_cont, backpatch_count into CG(context) as they are used only during compilation.
  • Moved zend_op_array.start_op into EG(start_op) as it's used only for 'interactive' execution of single top-level op-array.
  • Replaced zend_op_array.done_pass_two by ZEND_ACC_DONE_PASS_TWO in zend_op_array.fn_flags.
  • op_array.vars array is trimmed (reallocated) during pass_two.
  • Replaced zend_class_entry.constants_updated by ZEND_ACC_CONSTANTS_UPDATED in zend_class_entry.ce_flags.
  • Reduced the size of zend_class_entry by sharing the same memory space by different information for internal and user classes. See zend_class_entry.info union.
  • Reduced size of temp_variable.

• Improved Zend Engine, performance tweaks and optimizations
  • Inlined most probable code-paths for arithmetic operations directly into executor.
  • Eliminated unnecessary iterations during request startup/shutdown.
  • Changed $GLOBALS into a JIT autoglobal, so it's initialized only if used. (this may affect opcode caches!)
  • Improved performance of @ (silence) operator.
  • Simplified string offset reading. $str[1][0] is now a legal construct.
  • Added caches to eliminate repeatable run-time bindings of functions, classes, constants, methods and properties.
  • Added concept of interned strings. All strings constants known at compile time are allocated in a single copy and never changed.
  • ZEND_RECV now always has IS_CV as its result.
  • ZEND_CATCH now has to be used only with constant class names.
  • ZEND_FETCH_DIM_? may fetch array and dimension operands in different order.
  • Simplified ZEND_FETCH_*_R operations. They can't be used with the EXT_TYPE_UNUSED flag any more. This is a very rare and useless case. ZEND_FREE might be required after them instead.
  • Split ZEND_RETURN into two new instructions ZEND_RETURN and ZEND_RETURN_BY_REF.
  • Optimized access to global constants using values with pre-calculated hash_values from the literals table.
  • Optimized access to static properties using executor specialization. A constant class name may be used as a direct operand of ZEND_FETCH_* instruction without previous ZEND_FETCH_CLASS.
  • zend_stack and zend_ptr_stack allocation is delayed until actual usage.

• Other improvements to Zend Engine
  • Added an optimization which saves memory and emalloc/efree calls for empty HashTables.
  • Added ability to reset user opcode handlers.
  • Changed the structure of op_array.opcodes. The constant values are moved from opcode operands into a separate literal table.
  • Fixed (disabled) inline-caching for ZEND_OVERLOADED_FUNCTION methods.
  • Fixed bug #43200 (Interface implementation / inheritence not possible in abstract classes).

• Improved core functions
  • Added optional argument to debug_backtrace() and debug_print_backtrace() to limit the amount of stack frames returned.
  • Added hex2bin() function.
  • number_format() no longer truncates multibyte decimal points and thousand separators to the first byte. #53457.
  • Added support for object references in recursive serialize() calls. #36424.
  • Added support for SORT_NATURAL and SORT_FLAG_CASE in array sort functions (sort, rsort, ksort, krsort, asort, arsort and array_multisort). #55158.
  • Added stream metadata API support and stream_metadata() stream class handler.
  • User wrappers can now define a stream_truncate() method that responds to truncation, e.g. through ftruncate(). #53888.
  • Improved unserialize() performance.
  • Changed array_combine() to return empty array instead of FALSE when both parameter arrays are empty. #34857.
  • Fixed invalid free in call_user_method() function.
  • Fixed crypt_blowfish handling of 8-bit characters. (CVE-2011-2483).
  • Fixed bug #61095 (Incorect lexing of 0x00*+<NUM>).
  • Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with $double=false).
  • Fixed bug #60895 (Possible invalid handler usage in windows random functions).
  • Fixed bug #60879 (unserialize() Does not invoke __wakeup() on object).
  • Fixed bug #60825 (Segfault when running symfony 2 tests).
  • Fixed bug #60809 (TRAITS - PHPDoc Comment Style Bug).
  • Fixed bug #60627 (httpd.worker segfault on startup with php_value).
  • Fixed bug #60613 (Segmentation fault with $cls->{expr}() syntax).
  • Fixed bug #60611 (Segmentation fault with Cls::{expr}() syntax).
  • Fixed bug #60558 (Invalid read and writes).
  • Fixed bug #60536 (Traits Segfault).
  • Fixed bug #60444 (Segmentation fault with include & class extending).
  • Fixed bug #60362 (non-existent sub-sub keys should not have values).
  • Fixed bug #60350 (No string escape code for ESC (ascii 27), normally e).
  • Fixed bug #60321 (ob_get_status(true) no longer returns an array when buffer is empty).
  • Fixed bug #60282 (Segfault when using ob_gzhandler() with open buffers).
  • Fixed bug #60240 (invalid read/writes when unserializing specially crafted strings).
  • Fixed bug #60227 (header() cannot detect the multi-line header with CR(0x0D)).
  • Fixed bug #60174 (Notice when array in method prototype error).
  • Fixed bug #60169 (Conjunction of ternary and list crashes PHP).
  • Fixed bug #60120 (proc_open's streams may hang with stdin/out/err when the data exceeds or is equal to 2048 bytes).
  • Fixed bug #60099 (__halt_compiler() works in braced namespaces).
  • Fixed bug #60038 (SIGALRM cause segfault in php_error_cb).
  • Fixed bug #55874 (GCC does not provide __sync_fetch_and_add on some archs).
  • Fixed bug #55871 (Interruption in substr_replace()).
  • Fixed bug #55825 (Missing initial value of static locals in trait methods).
  • Fixed bug #55801 (Behavior of unserialize has changed).
  • Fixed bug #55622 (memory corruption in parse_ini_string).
  • Fixed bug #55758 (Digest Authenticate missed in 5.4) .
  • Fixed bug #55748 (multiple NULL Pointer Dereference with zend_strndup()) (CVE-2011-4153).
  • Fixed bug #55749 (TOCTOU issue in getenv() on Windows builds).
  • Fixed bug #55707 (undefined reference to `__sync_fetch_and_add_4' on Linux parisc).
  • Fixed bug #55705 (Omitting a callable typehinted argument causes a segfault).
  • Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to is_a and is_subclass_of).
  • Fixed bug #55471 (ZTS build broken with dtrace).
  • Fixed bug #55124 (recursive mkdir fails with current (dot) directory in path).
  • Fixed bug #55084 (Function registered by header_register_callback is called only once per process).
  • Implement #54514 (Get php binary path during script execution).
  • Fixed bug #52624 (tempnam() by-pass open_basedir with nonexistent directory).
  • Fixed bug #52211 (iconv() returns part of string on error).
  • Fixed bug #51860 (Include fails with toplevel symlink to /).

• Improved generic SAPI support
  • Added $_SERVER['REQUEST_TIME_FLOAT'] to include microsecond precision.
  • Added max_input_vars directive to prevent attacks based on hash collisions.
  • Added header_register_callback() which is invoked immediately prior to the sending of headers and after default headers have been added.
  • Added http_response_code() function. #52555.
  • Fixed bug #55500 (Corrupted $_FILES indices lead to security concern).
  • Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices).

• Improved Apache SAPI
  • Fixed bug #60205 (possible integer overflow in content_length).

• Improved CLI SAPI
  • Added friendly log messages. #55109.
  • Added built-in web server that is intended for testing purpose.
  • Added command line option --rz <name> which shows information of the named Zend extension.
  • Interactive readline shell improvements
    • Added 'cli.pager' php.ini setting to set a pager for output.
    • Added 'cli.prompt' php.ini setting to configure the shell prompt.
    • Added shortcut #inisetting=value to change ini settings at run-time.
    • Changed shell not to terminate on fatal errors.
    • Interactive shell works with shared readline extension. #53878.
  • Fixed bug #60591 (Memory leak when access a non-exists file).
  • Fixed bug #60523 (PHP Errors are not reported in browsers using built-in SAPI).
  • Fixed bug #60477 (Segfault after two multipart/form-data POST requests, one 200 RQ and one 404).
  • Implement #60390 (Missing $_SERVER['SERVER_PORT']).
  • Fixed bug #60180 ($_SERVER['PHP_SELF'] incorrect).
  • Fixed bug #60159 (Router returns false, but POST is not passed to requested resource).
  • Fixed bug #60146 (Last 2 lines of page not being output).
  • Fixed bug #60115 (memory definitely lost in cli server).
  • Fixed bug #60112 (If URI does not contain a file, index.php is not served).
  • Fixed bug #55759 (memory leak when using built-in server).
  • Fixed bug #55755 (SegFault when outputting header WWW-Authenticate).
  • Fixed bug #55747 (request headers missed in $_SERVER).
  • Fixed bug #55726 (Changing the working directory makes router script inaccessible).
  • Fixed bug #55463 (cli-server missing _SERVER[REMOTE_ADDR]).
  • Fixed bug #55450 (Built in web server not accepting file uploads).
  • Fixed bug #55423 (cli-server could not output correctly in some case).

• Improved CGI/FastCGI SAPI
  • Added apache compatible functions: apache_child_terminate(), getallheaders(), apache_request_headers() and apache_response_headers().
  • Improved performance of FastCGI request parsing.
  • Fixed reinitialization of SAPI callbacks after php_module_startup().

• Improved PHP-FPM SAPI
  • Added partial syslog support (on error_log only). #52052.
  • Added .phar to default authorized extensions.
  • Added process.max to control the number of process FPM can fork. #55166.
  • Dropped restriction of not setting the same value multiple times, the last one holds.
  • Lowered default value for Process Manager. #54098.
  • Enhanced security by limiting access to user defined extensions. #55181.
  • Enhanced error log when the primary script can't be open. #60199.
  • Removed EXPERIMENTAL flag.
  • Fixed bug #60659 (FPM does not clear auth_user on request accept).
  • Fixed bug #60629 (memory corruption when web server closed the fcgi fd).

• Improved Litespeed SAPI
  • Fixed bug #55769 (Make Fails with 'Missing Separator' error).

• Improved BCmath extension
  • Fixed bug #60377 (bcscale related crashes on 64bits platforms).

• Improved CURL extension
  • Added support for CURLOPT_MAX_RECV_SPEED_LARGE and CURLOPT_MAX_SEND_SPEED_LARGE. #51815.
  • Fixed bug #60439 (curl_copy_handle segfault when used with CURLOPT_PROGRESSFUNCTION).

• Improved Date extension
  • Added the + modifier to parseFromFormat to allow trailing text in the string to parse without throwing an error.

• Improved DBA extension
  • Added Tokyo Cabinet abstract DB support.
  • Added Berkeley DB 5 support.

• Improved DOM extension
  • Added the ability to pass options to loadHTML.

• Improved filesystem functions
  • scandir() now accepts SCANDIR_SORT_NONE as a possible sorting_order value. #53407.

• Improved fileinfo extension
  • Fixed possible memory leak in finfo_open().
  • Fixed memory leak when calling the Finfo constructor twice.
  • Fixed bug #60094 (C++ comment fails in c89).

• Improved HASH extension
  • Added Jenkins's one-at-a-time hash support.
  • Added FNV-1 hash support.
  • Made Adler32 algorithm faster. #53213.
  • Removed Salsa10/Salsa20, which are actually stream ciphers.
  • Fixed bug #60221 (Tiger hash output byte order).

• Improved intl extension
  • Added Spoofchecker class, allows checking for visibly confusable characters and other security issues.
  • Added Transliterator class, allowing transliteration of strings.
  • Added support for UTS #46.
  • Fixed memory leak in several Intl locale functions.
  • Fixed build on Fedora 15 / Ubuntu 11.
  • Fixed bug #55562 (grapheme_substr() returns false on big length).

• Improved JSON extension
  • Added new json_encode() option JSON_UNESCAPED_UNICODE. #53946.
  • Added JsonSerializable interface.
  • Added JSON_BIGINT_AS_STRING, extended json_decode() sig with $options.
  • Added support for JSON_NUMERIC_CHECK option in json_encode() that converts numeric strings to integers.
  • Added new json_encode() option JSON_UNESCAPED_SLASHES. #49366.
  • Added new json_encode() option JSON_PRETTY_PRINT. #44331.

• Improved LDAP extension
  • Added paged results support. #42060.

• Improved mbstring extension
  • Added Shift_JIS/UTF-8 Emoji (pictograms) support.
  • Added JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004) support.
  • Ill-formed UTF-8 check for security enhancements.
  • Added MacJapanese (Shift_JIS) and gb18030 encoding support.
  • Added encode/decode in hex format to mb_[en|de]code_numericentity().
  • Added user JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004) support.
  • Added the user defined area for CP936 and CP950.
  • Fixed possible crash in mb_ereg_search_init() using empty pattern.
  • Fixed bug #60306 (Characters lost while converting from cp936 to utf8).

• Improved MS SQL extension
  • Fixed bug #60267 (Compile failure with freetds 0.91).

• Improved MySQL extensions
  • MySQL: Deprecated mysql_list_dbs(). #50667.
  • mysqlnd: Added named pipes support. #48082.
  • MySQLi: Added iterator support in MySQLi. mysqli_result implements Traversable.
  • PDO_mysql: Removed support for linking with MySQL client libraries older than 4.1.
  • ext/mysql, mysqli and pdo_mysql now use mysqlnd by default.
  • Fixed bug #55473 (mysql_pconnect leaks file descriptors on reconnect).
  • Fixed bug #55653 (PS crash with libmysql when binding same variable as param and out).

• Improved OpenSSL extension
  • Added AES support. #48632.
  • Added a 'no_ticket' SSL context option to disable the SessionTicket TLS extension. #53447.
  • Added no padding option to openssl_encrypt()/openssl_decrypt().
  • Use php's implementation for Windows Crypto API in openssl_random_pseudo_bytes.
  • On error in openssl_random_pseudo_bytes() made sure we set strong result to false.
  • Fixed segfault with older versions of OpenSSL.
  • Fixed possible attack in SSL sockets with SSL 3.0 / TLS 1.0. CVE-2011-3389.
  • Fixed bug #61124 (Crash when decoding an invalid base64 encoded string).
  • Fixed bug #60279 (Fixed NULL pointer dereference in stream_socket_enable_crypto, case when ssl_handle of session_stream is not initialized.

• Improved Oracle Database extension (OCI8)
  • Increased maximum Oracle error message buffer length for new 11.2.0.3 size.
  • Improved internal initalization failure error messages.
  • Fixed bug #59985 (show normal warning text for OCI_NO_DATA).

• Improved PDO
  • Fixed PDO objects binary incompatibility.

• PDO DBlib driver
  • Added nextRowset support.
  • Fixed bug #60033 (Incorrectly merged PDO dblib patches break uniqueidentifier column type).
  • Fixed bug #50755 (PDO DBLIB Fails with OOM).

• Improved Pdo Firebird driver
  • Fixed bug #53280 (segfaults if query column count less than param count).
  • Fixed bug #48877 ('bindValue' and 'bindParam' do not work for PDO Firebird).
  • Fixed bug #47415 (segfaults when passing lowercased column name to bindColumn).

• Improved PostgreSQL extension
  • Added support for 'extra' parameter for PGNotify().

• Improved preg extension
  • Changed third parameter of preg_match_all() to optional. #53238.

• Improved readline extension
  • Fixed bug #54450 (Enable callback support when built against libedit).

• Improved Reflection extension
  • Added ReflectionClass::newInstanceWithoutConstructor() to create a new instance of a class without invoking its constructor. #55490.
  • Added ReflectionExtension::isTemporary() and ReflectionExtension::isPersistent() methods.
  • Added ReflectionZendExtension class.
  • Added ReflectionClass::isCloneable().
  • Fixed bug #60367 (Reflection and Late Static Binding).
  • Fixed bug #60357 (__toString() method triggers E_NOTICE 'Array to string conversion').

• Improved Session extension
  • Expose session status via new function, session_status. #52982.
  • Added support for object-oriented session handlers.
  • Added support for storing upload progress feedback in session data.
  • Changed session.entropy_file to default to /dev/urandom or /dev/arandom if either is present at compile time.
  • Fixed bug #60860 (session.save_handler=user without defined function core dumps).
  • Implement #60551 (session_set_save_handler should support a core's session handler interface).
  • Fixed bug #60640 (invalid return values).

• Improved SNMP extension
  • Added OO API. #53594 (php-snmp rewrite).
  • Sanitized return values of existing functions. Now it returns FALSE on failure.
  • Allow ~infinite OIDs in GET/GETNEXT/SET queries. Autochunk them to max_oids upon request.
  • Introducing unit tests for extension with ~full coverage. IPv6 support. (#42918)
  • Way of representing OID value can now be changed when SNMP_VALUE_OBJECT is used for value output mode. Use or'ed SNMP_VALUE_LIBRARY(default if not specified) or SNMP_VALUE_PLAIN. (#54502)
  • Fixed bug #60749 (SNMP module should not strip non-standard SNMP port from hostname).
  • Fixed bug #60585 (php build fails with USE flag snmp when IPv6 support is disabled).
  • Fixed bug #53862 (snmp_set_oid_output_format does not allow returning to default).
  • Fixed bug #51336 (snmprealwalk (snmp v1) does not handle end of OID tree correctly).
  • Fixed bug #46065 (snmp_set_quick_print() persists between requests).
  • Fixed bug #45893 (Snmp buffer limited to 2048 char).
  • Fixed bug #44193 (snmp v3 noAuthNoPriv doesn't work).

• Improved SOAP extension
  • Added new SoapClient option 'keep_alive'. #60329.
  • Fixed basic HTTP authentication for WSDL sub requests.

• Improved SPL extension
  • Added RegexIterator::getRegex() method.
  • Added SplObjectStorage::getHash() hook.
  • Added CallbackFilterIterator and RecursiveCallbackFilterIterator.
  • Added missing class_uses(..) as pointed out by #55266.
  • Immediately reject wrong usages of directories under Spl(Temp)FileObject and friends.
  • FilesystemIterator, GlobIterator and (Recursive)DirectoryIterator now use the default stream context.
  • Fixed bug #60201 (SplFileObject::setCsvControl does not expose third argument via Reflection).
  • Fixed bug #55807 (Wrong value for splFileObject::SKIP_EMPTY).
  • Fixed bug #55287 (spl_classes() not includes CallbackFilter classes)

• Improved Sysvshm extension
  • Fixed bug #55750 (memory copy issue in sysvshm extension).

• Improved Tidy extension
  • Fixed bug #54682 (Tidy::diagnose() NULL pointer dereference).

• Improved Tokenizer extension
  • Fixed bug #54089 (token_get_all with regards to __halt_compiler is not binary safe).

• Improved XSL extension
  • Added XsltProcessor::setSecurityPrefs($options) and getSecurityPrefs() to define forbidden operations within XSLT stylesheets, default is not to enable write operations from XSLT. Fixed bug #54446.
  • XSL doesn't stop transformation anymore, if a PHP function can't be called

• Improved ZLIB extension
  • Re-implemented non-file related functionality.
  • Fixed bug #55544 (ob_gzhandler always conflicts with zlib.output_compression).

02 Feb 2012

• Core:
  • Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830.

10 Jan 2012

• Core:
  • Added max_input_vars directive to prevent attacks based on hash collisions (Dmitry).
  • Fixed bug #60205 (possible integer overflow in content_length). (Laruence)
  • Fixed bug #60139 (Anonymous functions create cycles not detected by the GC). (Dmitry)
  • Fixed bug #60138 (GC crash with referenced array in RecursiveArrayIterator) (Dmitry).
  • Fixed bug #60120 (proc_open's streams may hang with stdin/out/err when the data exceeds or is equal to 2048 bytes). (Pierre, Pascal Borreli)
  • Fixed bug #60099 (__halt_compiler() works in braced namespaces). (Felipe)
  • Fixed bug #60019 (Function time_nanosleep() is undefined on OS X). (Ilia)
  • Fixed bug #55874 (GCC does not provide __sync_fetch_and_add on some archs). (klightspeed at netspace dot net dot au)
  • Fixed bug #55798 (serialize followed by unserialize with numeric object prop. gives integer prop). (Gustavo)
  • Fixed bug #55749 (TOCTOU issue in getenv() on Windows builds). (Pierre)
  • Fixed bug #55707 (undefined reference to `__sync_fetch_and_add_4' on Linux parisc). (Felipe)
  • Fixed bug #55674 (fgetcsv & str_getcsv skip empty fields in some tab-separated records). (Laruence)
  • Fixed bug #55649 (Undefined function Bug()). (Laruence)
  • Fixed bug #55622 (memory corruption in parse_ini_string). (Pierre)
  • Fixed bug #55576 (Cannot conditionally move uploaded file without race condition). (Gustavo)
  • Fixed bug #55510: $_FILES 'name' missing first character after upload. (Arpad)
  • Fixed bug #55509 (segfault on x86_64 using more than 2G memory). (Laruence)
  • Fixed bug #55504 (Content-Type header is not parsed correctly on HTTP POST request). (Hannes)
  • Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to is_a and is_subclass_of). (alan_k)
  • Fixed bug #52461 (Incomplete doctype and missing xmlns). (virsacer at web dot de, Pierre)
  • Fixed bug #55366 (keys lost when using substr_replace an array). (Arpad)
  • Fixed bug #55273 (base64_decode() with strict rejects whitespace after pad). (Ilia)
  • Fixed bug #52624 (tempnam() by-pass open_basedir with nonnexistent directory). (Felipe)
  • Fixed bug #50982 (incorrect assumption of PAGE_SIZE size). (Dmitry)
  • Fixed invalid free in call_user_method() function. (Felipe)
  • Fixed bug #43200 (Interface implementation / inheritence not possible in abstract classes). (Felipe)
• BCmath:
  • Fixed bug #60377 (bcscale related crashes on 64bits platforms). (shm)
• Calendar:
  • Fixed bug #55797 (Integer overflow in SdnToGregorian leads to segfault (in optimized builds). (Gustavo)
• cURL:
  • Fixed bug #60439 (curl_copy_handle segfault when used with CURLOPT_PROGRESSFUNCTION). (Pierrick)
  • Fixed bug #54798 (Segfault when CURLOPT_STDERR file pointer is closed before calling curl_exec). (Hannes)
  • Fixed issues were curl_copy_handle() would sometimes lose copied preferences. (Hannes)
• DateTime:
  • Fixed bug #60373 (Startup errors with log_errors on cause segfault). (Derick)
  • Fixed bug #60236 (TLA timezone dates are not converted properly from timestamp). (Derick)
  • Fixed bug #55253 (DateTime::add() and sub() result -1 hour on objects with time zone type 2). (Derick)
  • Fixed bug #54851 (DateTime::createFromFormat() doesn't interpret 'D'). (Derick)
  • Fixed bug #53502 (strtotime with timezone memory leak). (Derick)
  • Fixed bug #52062 (large timestamps with DateTime::getTimestamp and DateTime::setTimestamp). (Derick)
  • Fixed bug #51994 (date_parse_from_format is parsing invalid date using 'yz' format). (Derick)
  • Fixed bug #52113 (Seg fault while creating (by unserialization) DatePeriod). (Derick)
  • Fixed bug #48476 (cloning extended DateTime class without calling parent::__constr crashed PHP). (Hannes)
• EXIF:
  • Fixed bug #60150 (Integer overflow during the parsing of invalid exif header). (Stas, flolechaud at gmail dot com)
• Fileinfo:
  • Fixed bug #60094 (C++ comment fails in c89). (Laruence)
  • Fixed possible memory leak in finfo_open(). (Felipe)
  • Fixed memory leak when calling the Finfo constructor twice. (Felipe)
• Filter:
  • Fixed bug #55478 (FILTER_VALIDATE_EMAIL fails with internationalized domain name addresses containing >1 -). (Ilia)
• FTP:
  • Fixed bug #60183 (out of sync ftp responses). (bram at ebskamp dot me, rasmus)
• Gd:
  • Fixed bug #60160 (imagefill() doesn't work correctly for small images). (Florian)
• Intl:
  • Fixed bug #60192 (SegFault when Collator not constructed properly). (Florian)
  • Fixed memory leak in several Intl locale functions. (Felipe)
• JSON:
  • Fixed bug #55543 (json_encode() with JSON_NUMERIC_CHECK fails on objects with numeric string properties). (Ilia, dchurch at sciencelogic dot com)
• mbstring:
  • Fixed possible crash in mb_ereg_search_init() using empty pattern. (Felipe)
• MS SQL:
  • Fixed bug #60267 (Compile failure with freetds 0.91). (Felipe)
• MySQL:
  • Fixed bug #55550 (mysql.trace_mode miscounts result sets). (Johannes)
• MySQLi extension:
  • Fixed bug #55859 (mysqli->stat property access gives error). (Andrey)
  • Fixed bug #55582 (mysqli_num_rows() returns always 0 for unbuffered, when mysqlnd is used). (Andrey)
  • Fixed bug #55703 (PHP crash when calling mysqli_fetch_fields). (eran at zend dot com, Laruence)
• mysqlnd:
  • Fixed bug #55609 (mysqlnd cannot be built shared). (Johannes)
  • Fixed bug #55067 (MySQL doesn't support compression - wrong config option). (Andrey)
• NSAPI SAPI:
  • Don't set $_SERVER['HTTPS'] on unsecure connection (bug #55403). (Uwe Schindler)
• OpenSSL:
  • Fixed bug #60279 (Fixed NULL pointer dereference in stream_socket_enable_crypto, case when ssl_handle of session_stream is not initialized.) (shm)
  • Fix segfault with older versions of OpenSSL. (Scott)
• Oracle Database extension (OCI8):
  • Fixed bug #59985 (show normal warning text for OCI_NO_DATA). (Chris Jones)
  • Increased maximum Oracle error message buffer length for new 11.2.0.3 size. (Chris Jones)
  • Improve internal initalization failure error messages. (Chris Jones)
• PDO
  • Fixed bug #55776 (PDORow to session bug). (Johannes)
• PDO Firebird:
  • Fixed bug #48877 ('bindValue' and 'bindParam' do not work for PDO Firebird). (Mariuz)
  • Fixed bug #47415 (PDO_Firebird segfaults when passing lowercased column name to bindColumn).
  • Fixed bug #53280 (PDO_Firebird segfaults if query column count less than param count). (Mariuz)
• PDO MySQL driver:
  • Fixed bug #60155 (pdo_mysql.default_socket ignored). (Johannes)
  • Fixed bug #55870 (PDO ignores all SSL parameters when used with mysql native driver). (Pierre)
  • Fixed bug #54158 (MYSQLND+PDO MySQL requires #define MYSQL_OPT_LOCAL_INFILE). (Andrey)
• PDO OCI driver:
  • Fixed bug #55768 (PDO_OCI can't resume Oracle session after it's been killed). (mikhail dot v dot gavrilov at gmail dot com, Chris Jones, Tony)
• Phar:
  • Fixed bug #60261 (NULL pointer dereference in phar). (Felipe)
  • Fixed bug #60164 (Stubs of a specific length break phar_open_from_fp scanning for __HALT_COMPILER). (Ralph Schindler)
  • Fixed bug #53872 (internal corruption of phar). (Hannes)
  • Fixed bug #52013 (Unable to decompress files in a compressed phar). (Hannes)
• PHP-FPM SAPI:
  • Fixed bug #60659 (FPM does not clear auth_user on request accept). (bonbons at linux-vserver dot org)
  • Fixed bug #60629 (memory corruption when web server closed the fcgi fd). (fat)
  • Fixed bug #60179 (php_flag and php_value does not work properly). (fat)
  • Fixed bug #55526 (Heartbeat causes a lot of unnecessary events). (fat)
  • Fixed bug #55533 (The -d parameter doesn't work). (fat)
  • Implemented FR #52569 (Add the 'ondemand' process-manager to allow zero children). (fat)
  • Fixed bug #55486 (status show BIG processes number). (fat)
  • Fixed bug #55577 (status.html does not install). (fat)
  • Backported from 5.4 branch (Dropped restriction of not setting the same value multiple times, the last one holds). (giovanni at giacobbi dot net, fat)
  • Backported FR #55166 from 5.4 branch (Added process.max to control the number of process FPM can fork). (fat)
  • Backported FR #55181 from 5.4 branch (Enhance security by limiting access to user defined extensions). (fat)
  • Backported FR #54098 from 5.4 branch (Lowered process manager default value). (fat)
  • Backported FR #52052 from 5.4 branch (Added partial syslog support). (fat)
  • Implemented FR #54577 (Enhanced status page with full status and details about each processes. Also provide a web page (status.html) for real-time FPM status. (fat)
  • Enhance error log when the primary script can't be open. FR #60199. (fat)
  • Added .phar to default authorized extensions. (fat)
• Postgres:
  • Fixed bug #60244 (pg_fetch_* functions do not validate that row param is >0). (Ilia)
• Reflection:
  • Fixed bug #60367 (Reflection and Late Static Binding). (Laruence)
• Session:
  • Fixed bug #55267 (session_regenerate_id fails after header sent). (Hannes)
• SimpleXML:
  • Reverted the SimpleXML->query() behaviour to returning empty arrays instead of false when no nodes are found as it was since 5.3.3 (bug #48601). (chregu, rrichards)
• SOAP
  • Fixed bug #54911 (Access to a undefined member in inherit SoapClient may cause Segmentation Fault). (Dmitry)
  • Fixed bug #48216 (PHP Fatal error: SOAP-ERROR: Parsing WSDL: Extra content at the end of the doc, when server uses chunked transfer encoding with spaces after chunk size). (Dmitry)
  • Fixed bug #44686 (SOAP-ERROR: Parsing WSDL with references). (Dmitry)
• Sockets:
  • Fixed bug #60048 (sa_len a #define on IRIX). (china at thewrittenword dot com)
• SPL:
  • Fixed bug #60082 (Crash in ArrayObject() when using recursive references). (Tony)
  • Fixed bug #55807 (Wrong value for splFileObject::SKIP_EMPTY). (jgotti at modedemploi dot fr, Hannes)
  • Fixed bug #54304 (RegexIterator::accept() doesn't work with scalar values). (Hannes)
• Streams:
  • Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected together with the last read). (Gustavo)
• Tidy:
  • Fixed bug #54682 (Tidy::diagnose() NULL pointer dereference). (Maksymilian Arciemowicz, Felipe)
• XSL:
  • Added xsl.security_prefs ini option to define forbidden operations within XSLT stylesheets, default is not to enable write operations. This option won't be in 5.4, since there's a new method. Fixes Bug #54446. (Chregu, Nicolas Gregoire)

23 Aug 2011

• Core:
  • Fixed bug #55439 (crypt() returns only the salt for MD5). (Stas)
• OpenSSL:
  • Reverted a change in timeout handling restoring PHP 5.3.6 behavior, as the new behavior caused mysqlnd SSL connections to hang ( bug #55283). (Pierre, Andrey, Johannes)

18 Aug 2011

• Upgraded bundled SQLite to version 3.7.7.1. (Scott)
• Upgraded bundled PCRE to version 8.12. (Scott)
• Zend Engine:
  • Fixed bug #55156 (ReflectionClass::getDocComment() returns comment even though the class has none). (Felipe)
  • Fixed bug #55007 (compiler fail after previous fail). (Felipe)
  • Fixed bug #54910 (Crash when calling call_user_func with unknown function name). (Dmitry)
  • Fixed bug #54804 (__halt_compiler and imported namespaces). (Pierrick, Felipe)
  • Fixed bug #54624 (class_alias and type hint). (Felipe)
  • Fixed bug #54585 (track_errors causes segfault). (Dmitry)
  • Fixed bug #54423 (classes from dl()'ed extensions are not destroyed). (Tony, Dmitry)
  • Fixed bug #54372 (Crash accessing global object itself returned from its __get() handle). (Dmitry)
  • Fixed bug #54367 (Use of closure causes problem in ArrayAccess). (Dmitry)
  • Fixed bug #54358 (Closure, use and reference). (Dmitry)
  • Fixed bug #54262 (Crash when assigning value to a dimension in a non-array). (Dmitry)
  • Fixed bug #54039 (use() of static variables in lambda functions can break staticness). (Dmitry)
• Core:
  • Updated crypt_blowfish to 1.2. (CVE-2011-2483) (Solar Designer) (more info)
  • Removed warning when argument of is_a() or is_subclass_of() is not a known class. (Stas)
  • Fixed crash in error_log(). (Felipe) Reported by Mateusz Kocielski.
  • Added PHP_MANDIR constant telling where the manpages were installed into, and an --man-dir argument to php-config. (Hannes)
  • Fixed a crash inside dtor for error handling. (Ilia)
  • Fixed buffer overflow on overlog salt in crypt(). (Clément LECIGNE, Stas
  • Implemented FR #54459 (Range function accuracy). (Adam)
  • Fixed bug #55399 (parse_url() incorrectly treats ':' as a valid path). (Ilia)
  • Fixed bug #55339 (Segfault with allow_call_time_pass_reference = Off). (Dmitry)
  • Fixed bug #55295 [NEW]: popen_ex on windows, fixed possible heap overflow (Pierre)
  • Fixed bug #55258 (Windows Version Detecting Error). ( xiaomao5 at live dot com, Pierre)
  • Fixed bug #55187 (readlink returns weird characters when false result). (Pierre)
  • Fixed bug #55082 (var_export() doesn't escape properties properly). (Gustavo)
  • Fixed bug #55014 (Compile failure due to improper use of ctime_r()). (Ilia)
  • Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). (Felipe) Reported by Krzysztof Kotowicz. (CVE-2011-2202)
  • Fixed bug #54935 php_win_err can lead to crash. (Pierre)
  • Fixed bug #54924 (assert.* is not being reset upon request shutdown). (Ilia)
  • Fixed bug #54895 (Fix compiling with older gcc version without need for membar_producer macro). (mhei at heimpold dot de)
  • Fixed bug #54866 (incorrect accounting for realpath_cache_size). (Dustin Ward)
  • Fixed bug #54723 (getimagesize() doesn't check the full ico signature). (Scott)
  • Fixed bug #54721 (Different Hashes on Windows, BSD and Linux on wrong Salt size). (Pierre, os at irj dot ru)
  • Fixed bug #54580 (get_browser() segmentation fault when browscap ini directive is set through php_admin_value). (Gustavo)
  • Fixed bug #54332 (Crash in zend_mm_check_ptr // Heap corruption). (Dmitry)
  • Fixed bug #54305 (Crash in gc_remove_zval_from_buffer). (Dmitry)
  • Fixed bug #54238 (use-after-free in substr_replace()). (Stas) (CVE-2011-1148)
  • Fixed bug #54204 (Can't set a value with a PATH section in php.ini). (Pierre)
  • Fixed bug #54180 (parse_url() incorrectly parses path when ? in fragment). (tomas dot brastavicius at quantum dot lt, Pierrick)
  • Fixed bug #54137 (file_get_contents POST request sends additional line break). (maurice-php at mertinkat dot net, Ilia)
  • Fixed bug #53848 (fgetcsv() ignores spaces at beginnings of fields). (Ilia)
  • Alternative fix for bug Fixed bug #52550, as applied to the round() function (signed overflow), as the old fix impacted the algorithm for numbers with magnitude smaller than 0. (Gustavo)
  • Fixed bug #53727 (Inconsistent behavior of is_subclass_of with interfaces) (Ralph Schindler, Dmitry)
  • Fixed bug #52935 (call exit in user_error_handler cause stream relate core). (Gustavo)
  • Fixed bug #51997 (SEEK_CUR with 0 value, returns a warning). (Ilia)
  • Fixed bug #50816 (Using class constants in array definition fails). (Pierrick, Dmitry)
  • Fixed bug #50363 (Invalid parsing in convert.quoted-printable-decode filter). (slusarz at curecanti dot org)
  • Fixed bug #48465 (sys_get_temp_dir() possibly inconsistent when using TMPDIR on Windows). (Pierre)
• Apache2 Handler SAPI:
  • Fixed bug #54529 (SAPI crashes on apache_config.c:197). (hebergement at riastudio dot fr)
• CLI SAPI:
  • Fixed bug #52496 (Zero exit code on option parsing failure). (Ilia)
• cURL extension:
  • Added ini option curl.cainfo (support for custom cert db). (Pierre)
  • Added CURLINFO_REDIRECT_URL support. (Daniel Stenberg, Pierre)
  • Added support for CURLOPT_MAX_RECV_SPEED_LARGE and CURLOPT_MAX_SEND_SPEED_LARGE. FR Fixed bug #51815. (Pierrick)
• DateTime extension:
  • Fixed bug where the DateTime object got changed while using date_diff(). (Derick)
  • Fixed bug #54340 (DateTime::add() method bug). (Adam)
  • Fixed bug #54316 (DateTime::createFromFormat does not handle trailing '|' correctly). (Adam)
  • Fixed bug #54283 (new DatePeriod(NULL) causes crash). (Felipe)
  • Fixed bug #51819 (Case discrepancy in timezone names cause Uncaught exception and fatal error). (Hannes)
• DBA extension:
  • Supress warning on non-existent file open with Berkeley DB 5.2 (Chris Jones)
  • Fixed bug #54242 (dba_insert returns true if key already exists). (Felipe)
• Exif extesion:
  • Fixed bug #54121 (error message format string typo). (Ilia)
• Fileinfo extension:
  • Fixed bug #54934 (Unresolved symbol strtoull in HP-UX 11.11). (Felipe)
• Filter extension:
  • Added 3rd parameter to filter_var_array() and filter_input_array() functions that allows disabling addition of empty elements. (Ilia)
  • Fixed bug #53037 (FILTER_FLAG_EMPTY_STRING_NULL is not implemented). (Ilia)
• Interbase extension:
  • Fixed bug #54269 (Short exception message buffer causes crash). (Felipe)
• intl extension:
  • Implemented FR #54561 (Expose ICU version info). (David Zuelke, Ilia)
  • Implemented FR #54540 (Allow loading of arbitrary resource bundles when fallback is disabled). (David Zuelke, Stas)
• Imap extension:
  • Fixed bug #55313 (Number of retries not set when params specified). (kevin at kevinlocke dot name)
• json extension:
  • Fixed bug #54484 (Empty string in json_decode doesn't reset json_last_error()). (Ilia)
• LDAP extension:
  • Fixed bug #53339 (Fails to build when compilng with gcc 4.5 and DSO libraries). (Clint Byrum, Raphael)
• libxml extension:
  • Fixed bug #54601 (Removing the doctype node segfaults). (Hannes)
  • Fixed bug #54440 (libxml extension ignores default context). (Gustavo)
• mbstring extension:
  • Fixed bug #54494 (mb_substr() mishandles UTF-32LE and UCS-2LE). (Gustavo)
• MCrypt extension:
  • Change E_ERROR to E_WARNING in mcrypt_create_iv when not enough data has been fetched (Windows). (Pierre)
  • Fixed bug #55169 (mcrypt_create_iv always fails to gather sufficient random data on Windows). (Pierre)
• MySQL Improved extension:
  • Fixed Bug Fixed bug #54221 (mysqli::get_warnings segfault when used in multi queries). (Andrey)
• mysqlnd
  • Fixed crash when using more than 28,000 bound parameters. Workaround is to set mysqlnd.net_cmd_buffer_size to at least 9000. (Andrey)
  • Fixed bug #54674 mysqlnd valid_sjis_(head|tail) is using invalid operator and range). (nihen at megabbs dot com, Andrey)
• MySQLi extension:
  • Fixed bug #55283 (SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections). (Andrey)
• OpenSSL extension:
  • openssl_encrypt()/openssl_decrypt() truncated keys of variable length ciphers to the OpenSSL default for the algorithm. (Scott)
  • On blocking SSL sockets respect the timeout option where possible. (Scott)
  • Fixed bug #54992 (Stream not closed and error not returned when SSL CN_match fails). (Gustavo, laird_ngrps at dodo dot com dot au)
• Oracle Database extension (OCI8):
  • Added oci_client_version() returning the runtime Oracle client library version (Chris Jones)
• PCRE extension:
  • Increased the backtrack limit from 100000 to 1000000 (Rasmus)
• PDO extension:
  • Fixed bug #54929 (Parse error with single quote in sql comment). (Felipe)
  • Fixed bug #52104 (bindColumn creates Warning regardless of ATTR_ERRMODE settings). (Ilia)
• PDO DBlib driver:
  • Fixed bug #54329 (MSSql extension memory leak). (dotslashpok at gmail dot com)
  • Fixed bug #54167 (PDO_DBLIB returns null on SQLUNIQUE field). (mjh at hodginsmedia dot com, Felipe)
• PDO ODBC driver:
  • Fixed data type usage in 64bit. (leocsilva at gmail dot com)
• PDO MySQL driver:
  • Fixed bug #54644 (wrong pathes in php_pdo_mysql_int.h). (Tony, Johannes)
  • Fixed bug #53782 (foreach throws irrelevant exception). (Johannes, Andrey)
  • Implemented FR #48587 (MySQL PDO driver doesn't support SSL connections). (Rob)
• PDO PostgreSQL driver:
  • Fixed bug #54318 (Non-portable grep option used in PDO pgsql configuration). (bwalton at artsci dot utoronto dot ca)
• PDO Oracle driver:
  • Fixed bug #44989 (64bit Oracle RPMs still not supported by pdo-oci). (jbnance at tresgeek dot net)
• Phar extension:
  • Fixed bug #54395 (Phar::mount() crashes when calling with wrong parameters). (Felipe)
• PHP-FPM SAPI:
  • Implemented FR #54499 (FPM ping and status_path should handle HEAD request). (fat)
  • Implemented FR #54172 (Overriding the pid file location of php-fpm). (fat)
  • Fixed missing Expires and Cache-Control headers for ping and status pages. (fat)
  • Fixed memory leak. (fat) Reported and fixed by Giovanni Giacobbi.
  • Fixed wrong value of log_level when invoking fpm with -tt. (fat)
  • Added xml format to the status page. (fat)
  • Removed timestamp in logs written by children processes. (fat)
  • Fixed exit at FPM startup on fpm_resources_prepare() errors. (fat)
  • Added master rlimit_files and rlimit_core in the global configuration settings. (fat)
  • Removed pid in debug logs written by chrildren processes. (fat)
  • Added custom access log (also added per request %CPU and memory mesurement). (fat)
  • Added a real scoreboard and several improvements to the status page. (fat)
• Reflection extension:
  • Fixed bug #54347 (reflection_extension does not lowercase module function name). (Felipe, laruence at yahoo dot com dot cn)
• SOAP extension:
  • Fixed bug #55323 (SoapClient segmentation fault when XSD_TYPEKIND_EXTENSION contains itself). (Dmitry)
  • Fixed bug #54312 (soap_version logic bug). (tom at samplonius dot org)
• Sockets extension:
  • Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938) Found by Mateusz Kocielski, Marek Kroemeke and Filip Palian. (Felipe)
  • Changed socket_set_block() and socket_set_nonblock() so they emit warnings on error. (Gustavo)
  • Fixed bug #51958 (socket_accept() fails on IPv6 server sockets). (Gustavo)
• SPL extension:
  • Fixed bug #54971 (Wrong result when using iterator_to_array with use_keys on true). (Pierrick)
  • Fixed bug #54970 (SplFixedArray::setSize() isn't resizing). (Felipe)
  • Fixed bug #54609 (Certain implementation(s) of SplFixedArray cause hard crash). (Felipe)
  • Fixed bug #54384 (Dual iterators, GlobIterator, SplFileObject and SplTempFileObject crash when user-space classes don't call the paren constructor). (Gustavo)
  • Fixed bug #54292 (Wrong parameter causes crash in SplFileObject::__construct()). (Felipe)
  • Fixed bug #54291 (Crash iterating DirectoryIterator for dir name starting with ). (Gustavo)
  • Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator). (Felipe)
• Streams:
  • Fixed bug #54946 (stream_get_contents infinite loop). (Hannes)
  • Fixed bug #54623 (Segfault when writing to a persistent socket after closing a copy of the socket). (Gustavo)
  • Fixed bug #54681 (addGlob() crashes on invalid flags). (Felipe)