forked from php/php-src
-
Notifications
You must be signed in to change notification settings - Fork 0
/
NEWS
488 lines (402 loc) · 19.2 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 2016, PHP 7.1.0beta2
- Core:
. Implemented FR #72614 (Support "nmake test" on building extensions by
phpize). (Yuji Uchiyama)
. Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX).
(Yuji Uchiyama)
- Intl:
. Fixed bug #72639 (Segfault when instantiating class that extends
IntlCalendar and adds a property). (Laruence)
- Reflection:
. Fixed bug #72661 (ReflectionType::__toString crashes with iterable).
(Laruence)
- SPL:
. Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape
character). (cmb)
- XMLRPC:
. Fixed bug #72647 (xmlrpc_encode() unexpected output after referencing
array elements). (Laruence)
- Zip:
. Fixed bug #72660 (NULL Pointer dereference in zend_virtual_cwd).
(Laruence)
21 Jul 2016, PHP 7.1.0beta1
- Core:
. Fixed bug #72629 (Caught exception assignment to variables ignores
references). (Laruence)
. Fixed bug #72594 (Calling an earlier instance of an included anonymous
class fatals). (Laruence)
. Fixed bug #72581 (previous property undefined in Exception after
deserialization). (Laruence)
. Fixed bug #72543 (Different references behavior comparing to PHP 5)
(Laruence, Dmitry, Nikita)
. Fixed bug #72347 (VERIFY_RETURN type casts visible in finally). (Dmitry)
. Fixed bug #72216 (Return by reference with finally is not memory safe).
(Dmitry)
. Fixed bug #72215 (Wrong return value if var modified in finally). (Dmitry)
. Fixed bug #71818 (Memory leak when array altered in destructor). (Dmitry)
. Fixed bug #71539 (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes)
(Dmitry, Nikita)
. Added new constant PHP_FD_SETSIZE. (cmb)
. Added optind parameter to getopt(). (as)
. Added PHP to SAPI error severity mapping for logs. (Martin Vobruba)
. Fixed bug #71911 (Unable to set --enable-debug on building extensions by
phpize on Windows). (Yuji Uchiyama)
. Fixed bug #29368 (The destructor is called when an exception is thrown from
the constructor). (Dmitry)
. Implemented RFC: RNG Fixes. (Leigh)
. Implemented email validation as per RFC 6531. (Leo Feyer, Anatol)
. Fixed bug #72513 (Stack-based buffer overflow vulnerability in
virtual_file_ex). (Stas)
. Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries
and applications). (Stas)
- bz2:
. Fixed bug #72613 (Inadequate error handling in bzread()). (Stas)
- COM:
. Fixed bug #72569 (DOTNET/COM array parameters broke in PHP7). (Anatol)
- Curl:
. Fixed bug #72541 (size_t overflow lead to heap corruption). (Stas)
- Date:
. Fixed bug #66836 (DateTime::createFromFormat 'U' with pre 1970 dates fails
parsing). (derick)
- DOM:
. Fixed bug #66502 (DOM document dangling reference). (Sean Heelan, cmb)
- Exif:
. Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
(Stas)
. Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).
(Stas)
- Filter:
. Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8
range). (bugs dot php dot net at majkl578 dot cz)
- FPM:
. Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user).
(gooh)
- GD:
. Fixed bug #72596 (imagetypes function won't advertise WEBP support). (cmb)
. Fixed bug #72604 (imagearc() ignores thickness for full arcs). (cmb)
. Fixed bug #70315 (500 Server Error but page is fully rendered). (cmb)
. Fixed bug #43828 (broken transparency of imagearc for truecolor in
blendingmode). (cmb)
. Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read
access). (Pierre)
. Fixed bug #72519 (imagegif/output out-of-bounds access). (Pierre)
. Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).
(Pierre)
. Fixed bug #72482 (Ilegal write/read access caused by gdImageAALine
overflow). (Pierre)
. Fixed bug #72494 (imagecropauto out-of-bounds access). (Pierre)
- Intl:
. Partially fixed #72506 (idn_to_ascii for UTS #46 incorrect for long domain
names). (cmb)
. Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (Stas)
- Mbstring:
. Deprecated mb_ereg_replace() eval option. (Rouven Weßling, cmb)
. Fixed bug #69151 (mb_ereg should reject ill-formed byte sequence).
(Masaki Kagaya)
- MCrypt:
. Deprecated ext/mcrypt. (Scott Arciszewski, cmb)
. Fixed bug #72551, bug #72552 (In correct casting from size_t to int lead to
heap overflow in mdecrypt_generic). (Stas)
- Opcache:
. Fixed bug #72590 (Opcache restart with kill_all_lockers does not work).
(Keyur)
- OpenSSL:
. Fixed bug #72360 (ext/openssl build failure with OpenSSL 1.1.0).
(Jakub Zelenka)
. Bumped a minimal version to 1.0.1. (Jakub Zelenka)
. Dropped support for SSL2. (Remi)
- PDO_pgsql:
. Fixed bug #70313 (PDO statement fails to throw exception). (Matteo)
. Fixed bug #72570 (Segmentation fault when binding parameters on a query
without placeholders). (Matteo)
- Pcntl
. Implemented asynchronous signal handling without TICKS. (Dmitry)
. Added pcntl_signal_get_handler() that returns the current signal handler
for a particular signal. Addresses FR #72409. (David Walker)
. Add signinfo to pcntl_signal() handler args (Bishop Bettini, David Walker)
- Reflection:
. Fixed bug #72222 (ReflectionClass::export doesn't handle array constants).
(Nikita Nefedov)
- SimpleXML:
. Fixed bug #72588 (Using global var doesn't work while accessing SimpleXML
element). (Laruence)
- Standard:
. Fixed bug #72622 (array_walk + array_replace_recursive create references
from nothing). (Laruence)
. Fixed bug #72330 (CSV fields incorrectly split if escape char followed by
UTF chars). (cmb)
- Tidy:
. Implemented support for libtidy 5.0.0 and above. (Michael Orlitzky, Anatol)
- Wddx:
. Fixed bug #72564 (boolean always deserialized as "true") (Remi)
- XMLRPC:
. Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn
simplestring.c). (Stas)
- Zip:
. Fixed bug #72520 (Stack-based buffer overflow vulnerability in
php_stream_zip_opener). (Stas)
07 Jul 2016, PHP 7.1.0alpha3
- Core:
. Implemented RFC: Iterable. (Aaron Piotrowski)
. Fixed bug #72523 (dtrace issue with reflection (failed test)). (Laruence)
. Fixed bug #72508 (strange references after recursive function call and
"switch" statement). (Laruence)
. Implemented RFC: Closure::fromCallable (Danack)
- COM:
. Fixed bug #72498 (variant_date_from_timestamp null dereference). (Anatol)
- CURL:
. Add curl_multi_errno(), curl_share_errno() and curl_share_strerror()
functions. (Pierrick)
. Add support for HTTP/2 Server Push (davey)
- Date:
. Invalid serialization data for a DateTime or DatePeriod object will now
throw an instance of Error from __wakeup() or __set_state() instead of
resulting in a fatal error. (Aaron Piotrowski)
. Timezone initialization failure from serialized data will now throw an
instance of Error from __wakeup() or __set_state() instead of resulting in
a fatal error. (Aaron Piotrowski)
. Export date_get_interface_ce() for extension use. (Jeremy Mikola)
- DBA:
. Data modification functions (e.g.: dba_insert()) now throw an instance of
Error instead of triggering a catchable fatal error if the key is does not
contain exactly two elements. (Aaron Piotrowski)
- DOM:
. Invalid schema or RelaxNG validation contexts will throw an instance of
Error instead of resulting in a fatal error. (Aaron Piotrowski)
. Attempting to register a node class that does not extend the appropriate
base class will now throw an instance of Error instead of resulting in a
fatal error. (Aaron Piotrowski)
. Attempting to read an invalid or write to a readonly property will throw
an instance of Error instead of resulting in a fatal error. (Aaron
Piotrowski)
- GD:
. Fixed bug #72404 (imagecreatefromjpeg fails on selfie). (cmb)
- IMAP:
. An email address longer than 16385 bytes will throw an instance of Error
instead of resulting in a fatal error. (Aaron Piotrowski)
- Intl:
. Failure to call the parent constructor in a class extending Collator
before invoking the parent methods will throw an instance of Error
instead of resulting in a recoverable fatal error. (Aaron Piotrowski)
. Cloning a Transliterator object may will now throw an instance of Error
instead of resulting in a fatal error if cloning the internal
transliterator fails. (Aaron Piotrowski)
- LDAP:
. Providing an unknown modification type to ldap_batch_modify() will now
throw an instance of Error instead of resulting in a fatal error.
(Aaron Piotrowski)
- Mbstring:
. mb_ereg() and mb_eregi() will now throw an instance of ParseError if an
invalid PHP expression is provided and the 'e' option is used. (Aaron
Piotrowski)
- Mcrypt:
. mcrypt_encrypt() and mcrypt_decrypt() will throw an instance of Error
instead of resulting in a fatal error if mcrypt cannot be initialized.
(Aaron Piotrowski)
- Mysqli:
. Attempting to read an invalid or write to a readonly property will throw
an instance of Error instead of resulting in a fatal error. (Aaron
Piotrowski)
- OpenSSL:
. Implemented FR #61204 (Add elliptic curve support for OpenSSL).
(Dominic Luechinger)
- PCRE:
. Fixed bug #72476 (Memleak in jit_stack). (Laruence)
. Fixed bug #72463 (mail fails with invalid argument). (Anatol)
- Readline:
. Fixed bug #72538 (readline_redisplay crashes php). (Laruence)
- Reflection:
. Failure to retrieve a reflection object or retrieve an object property
will now throw an instance of Error instead of resulting in a fatal error.
(Aaron Piotrowski)
- SQLite3:
. Fixed bug #70628 (Clearing bindings on an SQLite3 statement doesn't work).
(cmb)
- Session:
. Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow). (Laruence)
. Custom session handlers that do not return strings for session IDs will
now throw an instance of Error instead of resulting in a fatal error
when a function is called that must generate a session ID.
(Aaron Piotrowski)
. An invalid setting for session.hash_function will throw an instance of
Error instead of resulting in a fatal error when a session ID is created.
(Aaron Piotrowski)
. Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session
Deserialization). (Stas)
- SimpleXML:
. Creating an unnamed or duplicate attribute will throw an instance of Error
instead of resulting in a fatal error. (Aaron Piotrowski)
- SNMP:
. Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and
unserialize()). (Stas)
- SPL:
. Attempting to clone an SplDirectory object will throw an instance of Error
instead of resulting in a fatal error. (Aaron Piotrowski)
. Calling ArrayIterator::append() when iterating over an object will throw an
instance of Error instead of resulting in a fatal error. (Aaron Piotrowski)
. Fixed bug #55701 (GlobIterator throws LogicException). (Valentin VĂLCIU)
- Standard:
. Implemented RFC: More precise float values. (Jakub Zelenka, Yasuo)
. array_multisort now uses zend_sort instead zend_qsort. (Laruence)
. Fixed bug #72505 (readfile() mangles files larger than 2G). (Cschneid)
. assert() will throw a ParseError when evaluating a string given as the first
argument if the PHP code is invalid instead of resulting in a catchable
fatal error. (Aaron Piotrowski)
. Calling forward_static_call() outside of a class scope will now throw an
instance of Error instead of resulting in a fatal error. (Aaron Piotrowski)
- Streams:
. Fixed bug #72534 (stream_socket_get_name crashes). (Anatol)
- Tidy:
. Creating a tidyNode manually will now throw an instance of Error instead of
resulting in a fatal error. (Aaron Piotrowski)
- WDDX:
. A circular reference when serializing will now throw an instance of Error
instead of resulting in a fatal error. (Aaron Piotrowski)
- XML-RPC:
. A circular reference when serializing will now throw an instance of Error
instead of resulting in a fatal error. (Aaron Piotrowski)
- Zip:
. ZipArchive::addGlob() will throw an instance of Error instead of resulting
in a fatal error if glob support is not available. (Aaron Piotrowski)
23 Jun 2016, PHP 7.1.0alpha2
- Core:
. Implemented RFC: Replace "Missing argument" warning with "Too few
arguments" exception. (Dmitry)
. Implemented RFC: Fix inconsistent behavior of $this variable. (Dmitry)
. Fixed bug #72441 (Segmentation fault: RFC list_keys). (Laruence)
. Fixed bug #72395 (list() regression). (Laruence)
. Fixed bug #72373 (TypeError after Generator function w/declared return type
finishes). (Nikita)
. Fixed bug #69489 (tempnam() should raise notice if falling back to temp dir).
(Laruence, Anatol)
. Fixed UTF-8 and long path support on Windows. (Anatol)
- Date:
. Fixed bug #63740 (strtotime seems to use both sunday and monday as start of
week). (Derick)
- GD:
. Fixed bug #43475 (Thick styled lines have scrambled patterns). (cmb)
. Fixed bug #53640 (XBM images require width to be multiple of 8). (cmb)
. Fixed bug #64641 (imagefilledpolygon doesn't draw horizontal line). (cmb)
- JSON
. Implemented FR #46600 ("_empty_" key in objects). (Jakub Zelenka)
- Mbstring:
. Fixed bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) -
oob read access). (Laruence)
. Fixed bug #72399 (Use-After-Free in MBString (search_re)). (Laruence)
- OpenSSL:
. Implemented FR #67304 (Added AEAD support [CCM and GCM modes] to
openssl_encrypt and openssl_decrypt). (Jakub Zelenka)
. Implemented error storing to the global queue and cleaning up the OpenSSL
error queue (resolves bugs #68276 and #69882). (Jakub Zelenka)
- PCRE:
. Upgraded to PCRE 8.39. (Anatol)
- Sqlite3:
. Implemented FR #72385 (Update SQLite bundle lib(3.13.0)). (Laruence)
- Standard:
. Added is_iterable() function. (Aaron Piotrowski)
. Fixed bug #72306 (Heap overflow through proc_open and $env parameter).
(Laruence)
- Streams:
. Fixed bug #72439 (Stream socket with remote address leads to a segmentation
fault). (Laruence)
09 Jun 2016, PHP 7.1.0alpha1
- Core:
. Added nullable types. (Levi, Dmitry)
. Added DFA optimization framework based on e-SSA form. (Dmitry, Nikita)
. Added specialized opcode handlers (e.g. ZEND_ADD_LONG_NO_OVERFLOW).
(Dmitry)
. Change statement and fcall extension handlers to accept frame. (Joe)
. Implemented safe execution timeout handling, that prevents random crashes
after "Maximum execution time exceeded" error. (Dmitry)
. Fixed bug #53432 (Assignment via string index access on an empty string
converts to array). (Nikita)
. Fixed bug #62210 (Exceptions can leak temporary variables). (Dmitry, Bob)
. Fixed bug #62814 (It is possible to stiffen child class members visibility).
(Nikita)
. Fixed bug #69989 (Generators don't participate in cycle GC). (Nikita)
. Fixed bug #70228 (Memleak if return in finally block). (Dmitry)
. Fixed bug #71266 (Missing separation of properties HT in foreach etc).
(Dmitry)
. Fixed bug #71604 (Aborted Generators continue after nested finally).
(Nikita)
. Fixed bug #71572 (String offset assignment from an empty string inserts
null byte). (Francois)
. Fixed bug #71897 (ASCII 0x7F Delete control character permitted in
identifiers). (Andrea)
. Fixed bug #72188 (Nested try/finally blocks losing return value). (Dmitry)
. Fixed bug #72213 (Finally leaks on nested exceptions). (Dmitry, Nikita)
. Implemented the RFC `Support Class Constant Visibility`. (Sean DuBois,
Reeze Xia, Dmitry)
. Added void return type. (Andrea)
. Added support for negative string offsets in string offset syntax and
various string functions. (Francois)
. Added a form of the list() construct where keys can be specified. (Andrea)
. Number operators taking numeric strings now emit E_NOTICEs or E_WARNINGs
when given malformed numeric strings. (Andrea)
. (int), intval() where $base is 10 or unspecified, settype(), decbin(),
decoct(), dechex(), integer operators and other conversions now always
respect scientific notation in numeric strings. (Andrea)
. Implemented the RFC `Catching multiple exception types`. (Bronislaw Bialek,
Pierrick)
. Raise a compile-time warning on octal escape sequence overflow. (Sara)
. Added [] = as alternative construct to list() =. (Bob)
. Implemented logging to syslog with dynamic error levels. (Jani Ollikainen)
. Fixed bug #47517 (php-cgi.exe missing UAC manifest).
(maxdax15801 at users noreply github com)
- Apache2handler:
. Enable per-module logging in Apache 2.4+. (Martin Vobruba)
- CLI Server:
. Fixed bug #71276 (Built-in webserver does not send Date header).
(see at seos fr)
- FTP:
. Implemented FR #55651 (Option to ignore the returned FTP PASV address).
(abrender at elitehosts dot com)
- Intl:
. Added IntlTimeZone::getWindowsID() and
IntlTimeZone::getIDForWindowsID(). (Sara)
. Fixed bug #69374 (IntlDateFormatter formatObject returns wrong utf8 value).
(lenhatanh86 at gmail com)
. Fixed bug #69398 (IntlDateFormatter formatObject returns wrong value when
time style is NONE). (lenhatanh86 at gmail com)
- Hash:
. Added SHA3 fixed mode algorithms (224, 256, 384, and 512 bit). (Sara)
. Added SHA512/256 and SHA512/224 algorithms. (Sara)
- JSON:
. Exported JSON parser API including json_parser_method that can be used
for implementing custom logic when parsing JSON. (Jakub Zelenka)
. Escaped U+2028 and U+2029 when JSON_UNESCAPED_UNICODE is supplied as
json_encode options and added JSON_UNESCAPED_LINE_TERMINATORS to restore
the previous behaviour. (Eddie Kohler)
- PDO_Firebird:
. Fixed bug #60052 (Integer returned as a 64bit integer on X86_64). (Mariuz)
- Pgsql:
. Implemented FR #31021 (pg_last_notice() is needed to get all notice
messages). (Yasuo)
. Implemented FR #48532 (Allow pg_fetch_all() to index numerically). (Yasuo)
- Reflection:
. Fix #72209 (ReflectionProperty::getValue() doesn't fail if object doesn't match type). (Joe)
- Session:
. Improved fix for bug #68063 (Empty session IDs do still start sessions).
(Yasuo)
. Fixed bug #71038 (session_start() returns TRUE on failure).
Session save handlers must return 'string' always for successful read.
i.e. Non-existing session read must return empty string. PHP 7.0 is made
not to tolerate buggy return value. (Yasuo)
. Fixed bug #71394 (session_regenerate_id() must close opened session on
errors). (Yasuo)
- SQLite3:
. Implemented FR #71159 (Upgraded bundled SQLite lib to 3.9.2). (Laruence)
- Standard:
. Fixed bug #71100 (long2ip() doesn't accept integers in strict mode).
(Laruence)
. Implemented FR #55716 (Add an option to pass a custom stream context to
get_headers()). (Ferenc)
. Additional validation for parse_url() for login/pass components).
(Ilia) (Julien)
. Implemented FR #69359 (Provide a way to fetch the current environment
variables). (Ferenc)
. unpack() function accepts an additional optional argument $offset. (Dmitry)
. Implemented #51879 stream context socket option tcp_nodelay (Joe)
<<< NOTE: Insert NEWS from last stable release here prior to actual release! >>>