NEWS 351 KB
Newer Older
1
PHP                                                                        NEWS
2
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
3 4 5 6 7 8 9 10 11 12 13 14
15 Feb 2012, PHP 5.4.0 RC 8
- Core:
  . Added ability to reset user opcode handlers (Yoram).
  . Improved max_input_vars directive to check nested variables (Dmitry).
  . Made ZEND_SIGNALS configurable via --enable-zend-signals, off by
    default (Stas).
  . Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with
    $double=false). (Gustavo)

- CGI/FastCGI SAPI
  . Fixed reinitialization of SAPI callbacks after php_module_startup().
    (Dmitry)
15 16 17

02 Feb 2012, PHP 5.4.0 RC 7
- Core:
18
  . Fixed bug #60895 (Possible invalid handler usage in windows random
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
    functions). (Pierre)
  . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry)
  . Fixed (disabled) inline-caching for ZEND_OVERLOADED_FUNCTION methods.
    (Dmitry)

- OpenSSL:
  . Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
    CVE-2011-3389. (Scott)
    
- Session:
  . Fixed bug #60860 (session.save_handler=user without defined function core
    dumps). (Felipe)

- SOAP:
  . Fixed basic HTTP authentication for WSDL sub requests. (Dmitry)
34

35 36 37 38 39
19 Jan 2012, PHP 5.4.0 RC6

- Core:
  . Restoring $_SERVER['REQUEST_TIME'] as a long and introducing
    $_SERVER['REQUEST_TIME_FLOAT'] to include microsecond precision. (Patrick)
40
  . Fixed bug #60809 (TRAITS - PHPDoc Comment Style Bug). (Dmitry)
41
  . Fixed bug #60768 (Output buffer not discarded) (Mike)
42 43
  . Fixed bug #60825 (Segfault when running symfony 2 tests).
    (Dmitry, Laruence)
44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92

- Hash
  . Fixed bug #60221 (Tiger hash output byte order) (Mike)
  . Removed Salsa10/Salsa20, which are actually stream ciphers (Mike)
    
- Pdo Firebird:
  . Fixed bug #47415 (segfaults when passing lowercased column name to 
    bindColumn). (Mariuz)
  . Fixed bug #53280 (segfaults if query column count less than param count). 
    (Mariuz)

- SNMP:
  . Fixed bug #60585 (php build fails with USE flag snmp when IPv6 support
    is disabled). (Boris Lytochkin)
  . Fixed bug #60749 (SNMP module should not strip non-standard SNMP port
    from hostname). (Boris Lytochkin)

07 Jan 2012, PHP 5.4.0 RC5
- Core:
  . Fixed bug #60613 (Segmentation fault with $cls->{expr}() syntax). (Dmitry)
  . Fixed bug #60611 (Segmentation fault with Cls::{expr}() syntax). (Laruence)
  . Fixed bug #55871 (Interruption in substr_replace()). (Stas)
  . Fixed bug #60627 (httpd.worker segfault on startup with php_value).
    (Laruence)

- SAPI:
  . Fixed bug #55500 (Corrupted $_FILES indices lead to security concern).
    (Stas)
  . Fixed bug #54374 (Insufficient validating of upload name leading to 
    corrupted $_FILES indices). (Stas, lekensteyn at gmail dot com)

- CLI SAPI:
  . Fixed bug #60591 (Memory leak when access a non-exists file). (Laruence)

- Intl:
  . Fixed build on Fedora 15 / Ubuntu 11. (Hannes)

- PHP-FPM SAPI:
  . Fixed bug #60629 (memory corruption when web server closed the fcgi fd).
    (fat)
  . Fixed bug #60659 (FPM does not clear auth_user on request accept).
    (bonbons at linux-vserver dot org)

- Improved Session extension:
  . Fixed bug #60640 (invalid return values). (Arpad)
  . Implement FR #60551 (session_set_save_handler should support a core's
    session handler interface). (Arpad)

22 Dec 2011, PHP 5.4.0 RC4
93 94 95
- Core:
  . Added max_input_vars directive to prevent attacks based on hash collisions
    (Dmitry).
96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146
  . Fixed bug #60536 (Traits Segfault). (Laruence)
  . Fixed bug #60362 (non-existent sub-sub keys should not have values).
    (Laruence, alan_k, Stas)
  . Fixed bug #60558 (Invalid read and writes). (Laruence)

- CLI SAPI:
  . Fixed bug #60477 (Segfault after two multipart/form-data POST requests,
    one 200 RQ and one 404). (Laruence)
  . Fixed bug #60523 (PHP Errors are not reported in browsers using built-in
    SAPI). (Laruence, Derick)

- OpenSSL:
  . Fix segfault with older versions of OpenSSL. (Scott)

- Pdo Firebird:
  . Fixed bug #48877 ("bindValue" and "bindParam" do not work for PDO Firebird).
    (Mariuz)

08 Dec 2011, PHP 5.4.0 RC3
- Core:
  . Fixed bug #60444 (Segmentation fault with include & class extending).
    (Laruence, Dmitry).
  . Fixed bug #60350 (No string escape code for ESC (ascii 27), normally \e).
    (php at mickweiss dot com)
  . Fixed bug #60240 (invalid read/writes when unserializing specially crafted
    strings). (Mike)
  . Implement FR #54514 (Get php binary path during script execution).
    (Laruence)

- CLI SAPI:
  . Implement FR #60390 (Missing $_SERVER['SERVER_PORT']). (Pierre)

- cURL:
  . Fixed bug #60439 (curl_copy_handle segfault when used with
    CURLOPT_PROGRESSFUNCTION). (Pierrick)

- Intl:
  . Added support for UTS #46. (Gustavo)

- OpenSSL:
  . On error in openssl_random_pseudo_bytes() make sure we set strong result
    to false. (Scott)

- Reflection:
  . Fixed bug #60367 (Reflection and Late Static Binding). (Laruence)

24 Nov 2011, PHP 5.4.0 RC2

- Core:
  . Fixed bug #60227 (header() cannot detect the multi-line header with
     CR(0x0D)). (rui)
147 148 149
  . Fixed bug #60099 (__halt_compiler() works in braced namespaces). (Felipe)
  . Fixed bug #55874 (GCC does not provide __sync_fetch_and_add on some archs).
    (klightspeed at netspace dot net dot au)
150
  . Fixed bug #52624 (tempnam() by-pass open_basedir with nonexistent
151
    directory). (Felipe)
152 153
  . Fixed bug #55748 (multiple NULL Pointer Dereference with zend_strndup())
    (CVE-2011-4153). (Stas)
154
  . Fixed invalid free in call_user_method() function. (Felipe)
155 156

- Zend Engine:
157 158 159
  . Fixed bug #43200 (Interface implementation / inheritence not possible in
    abstract classes). (Felipe)

160 161 162 163
- CLI SAPI:
  . Fixed bug #60159 (Router returns false, but POST is not passed to requested
    resource). (Laruence)
  . Fixed bug #55759 (memory leak when using built-in server). (Laruence)
164

165 166 167 168
- Improved PHP-FPM SAPI:
  . Enhance error log when the primary script can't be open. FR #60199. (fat)
  . Remove EXPERIMENTAL flag. (fat)
  . Added .phar to default authorized extensions. (fat)
169

170 171
- BCmath:
  . Fixed bug #60377 (bcscale related crashes on 64bits platforms) (shm)
172 173 174 175 176 177 178 179

- Fileinfo:
  . Fixed possible memory leak in finfo_open(). (Felipe)
  . Fixed memory leak when calling the Finfo constructor twice. (Felipe)

- Intl:
  . Fixed memory leak in several Intl locale functions. (Felipe)

180 181 182
- Mbstring
  . Fixed bug #60306 (Characters lost while converting from cp936 to utf8).
    (Laruence)
183 184 185 186 187 188 189 190 191 192 193
  . Fixed possible crash in mb_ereg_search_init() using empty pattern. (Felipe)

- MS SQL:
  . Fixed bug #60267 (Compile failure with freetds 0.91). (Felipe)

- OpenSSL:
  . Fixed bug #60279 (Fixed NULL pointer dereference in
    stream_socket_enable_crypto, case when ssl_handle of session_stream is not
    initialized.) (shm)

- Oracle Database extension (OCI8):
194
  . Fixed bug #59985 (show normal warning text for OCI_NO_DATA)
195 196
    (Chris Jones)

197 198 199 200 201
- Output:
  . Fixed bug #60321 (ob_get_status(true) no longer returns an array when
    buffer is empty). (Pierrick)
  . Fixed bug #60282 (Segfault when using ob_gzhandler() with open buffers).
    (Laruence)
202

203 204 205
- Reflection:
  . Fixed bug #60357 (__toString() method triggers E_NOTICE "Array to string
    conversion"). (Laruence)
206

207 208
- SOAP extension:
  . Added new SoapClient option "keep_alive". FR #60329. (Pierrick)
209

210 211 212
- Tidy:
  . Fixed bug #54682 (Tidy::diagnose() NULL pointer dereference).
    (Maksymilian Arciemowicz, Felipe)
213

214 215 216 217 218
11 Nov 2011, PHP 5.4.0 RC1
- General improvements:
  . Changed silent conversion of array to string to produce a notice. (Patrick)
  . Added class member access on instantiation (e.g. (new foo)->bar()) support.
    (Felipe)
219

220 221 222 223 224 225 226
- CLI SAPI:
  . Fixed bug #60112 (If URI does not contain a file, index.php is not served).
    (Laruence)
  . Fixed bug #60115 (memory definitely lost in cli server). (Laruence)
  . Fixed bug #60146 (Last 2 lines of page not being output). (Laruence)
  . Fixed bug #60180 ($_SERVER["PHP_SELF"] incorrect). (Laruence)
  . Fixed bug #60189 (php logo can not be displayed). (Laruence)
227

228 229 230 231 232 233 234 235 236
- Core:
  . Fixed bug #60120 (proc_open's streams may hang with stdin/out/err when
    the data exceeds or is equal to 2048 bytes). (Pierre, Pascal Borreli)
  . Fixed bug #60174 (Notice when array in method prototype error).
    (Laruence)
  . Fixed bug #60169 (Conjunction of ternary and list crashes PHP).
    (Laruence)
  . Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to
    is_a and is_subclass_of). (alan_k)
237

238 239 240 241
- Oracle Database extension (OCI8):
  . Increased maximum Oracle error message buffer length for new 11.2.0.3 size
    (Chris Jones)
  . Improve internal initalization failure error messages (Chris Jones)
242

243 244 245 246 247 248
- SPL extension
  . Reverted changes that required constructor overrides to invoke the parent
    constructor in several SPL classes and applied 5.3 fixes instead.
    Related bugs: #54384, #55175 and #55300.
  . Fixed bug #60201 (SplFileObject::setCsvControl does not expose third
    argument via Reflection). (Peter)
249

250 251 252 253 254 255
- Tokenizer extension
  . Fixed bug #54089 (token_get_all with regards to __halt_compiler is
    not binary safe). (Nikita Popov)

- SAPI:
  . Fixed bug #60205 (possible integer overflow in content_length). (Laruence)
256

257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285
20 Oct 2011, PHP 5.4.0 beta2
- General improvements:
  . Improve the warning message of incompatible arguments. (Laruence)
  . Improve ternary operator performance when returning arrays. (Arnaud, Dmitry)

- Core:
  . Fixed bug #55801 (Behavior of unserialize has changed). (Mike)
  . Fixed bug #55749 (TOCTOU issue in getenv() on Windows builds). (Pierre)
  . Fixed bug #55707 (undefined reference to `__sync_fetch_and_add_4' on Linux
    parisc). (Felipe)
  . Fixed bug #55705 (Omitting a callable typehinted argument causes a segfault).
    (Felipe, Laruence)
  . Fixed bug #55758 (Digest Authenticate missed in 5.4) . (Laruence)
  . Fixed bug #55622 (memory corruption in parse_ini_string). (Pierre)
  . Fixed bug #55825 (Missing initial value of static locals in trait methods).
    (Laruence)
  . Fixed bug #60038 (SIGALRM cause segfault in php_error_cb). (Laruence)

- Openssl
  . Revert r313616 (When we have a blocking SSL socket, respect the timeout
    option, scottmac), breaks ssl support as described in bugs #55283 and #55848

- PDO DBlib driver:
  . Fixed bug #60033 (Incorrectly merged PDO dblib patches break
    uniqueidentifier column type). (warezthebeef at gmail dot com)

- Sysvshm
  . Fixed bug #55750 (memory copy issue in sysvshm extension).
    (Ilia, jeffhuang9999 at gmail dot com)
286

287 288 289
- Zlib:
  . Fixed bug #55544 (ob_gzhandler always conflicts with
    zlib.output_compression). (Mike)
290 291

- SPL:
292 293
  . FilesystemIterator, GlobIterator and (Recursive)DirectoryIterator now use
    the default stream context. (Hannes)
294 295 296
  . Fixed bug #55807 (Wrong value for splFileObject::SKIP_EMPTY).
    (jgotti at modedemploi dot fr, Hannes)

297 298 299 300 301
- CLI SAPI:
  . Fixed bug #55726 (Changing the working directory makes router script
    inaccessible). (Laruence)
  . Fixed bug #55747 (request headers missed in $_SERVER). (Laruence)
  . Fixed bug #55755 (SegFault when outputting header WWW-Authenticate). (Laruence)
302

303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734
- Litespeed SAPI:
  . Fixed bug #55769 (Make Fails with "Missing Separator" error). (Adam)

- Fileinfo:
  . Fixed bug #60094 (C++ comment fails in c89). (Laruence)

15 Sep 2011, PHP 5.4.0 Beta1
- General improvements:
  . Added callable typehint. (Hannes)
  . Implemented closure rebinding as parameter to bindTo. (Gustavo Lopes)
  . Turn on html_errors by default again in php.ini-production like it was in
    PHP 5.3, but only generate docref links when the docref_root INI setting is
    not empty. (Derick)
  . Fixed bug #55378: Binary number literal returns float number though its
    value is small enough. (Derick)
  . Added support for SORT_NATURAL and SORT_FLAG_CASE in array
    sort functions (sort, rsort, ksort, krsort, asort, arsort and
    array_multisort). FR#55158 (Arpad)
  . Disable windows CRT warning by default, can be enabled again using the ini
    directive windows_show_crt_warnings. (Pierre)
  . Removed support for putenv("TZ=..") for setting the timezone. (Derick)
  . Removed the timezone guessing algorithm in case the timezone isn't set with
    date.timezone or date_default_timezone_set(). Instead of a guessed
    timezone, "UTC" is now used instead. (Derick)

- Improved MySQL extensions:
  . ext/mysql, mysqli and pdo_mysql now use mysqlnd by default. (Johannes)

- Improved mbstring extension:
  . Added Shift_JIS/UTF-8 Emoji (pictograms) support. (Rui)
  . Added JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004)
    support. (Rui)
  . Ill-formed UTF-8 check for security enhancements. (Rui)
  . Added MacJapanese (Shift_JIS) and gb18030 encoding support. (Rui)
  . Added encode/decode in hex format to mb_[en|de]code_numericentity(). (Rui)
  . Added user JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004)
    support. (Rui)
  . Added the user defined area for CP936 and CP950 (Rui).

- Improved Reflection extension:
  . Added ReflectionClass::newInstanceWithoutConstructor() to create a new
    instance of a class without invoking its constructor. FR #55490.
    (Sebastian)

- Improved intl extension:
  . Fixed bug #55562 (grapheme_substr() returns false on big length). (Stas)

- Improved JSON extension:
  . Added new json_encode() option JSON_UNESCAPED_UNICODE. FR #53946.
    (Alexander, Gwynne)

- Improved CLI SAPI:
  . Added friendly log messages - FR #55109 (Arpad)

- Improved readline extension:
  . Fixed bug #54450 (Enable callback support when built against libedit).
    (fedora at famillecollet dot com, Hannes)

- Improved Session extension:
  . Expose session status via new function, session_status (FR #52982) (Arpad)
  . Added support for object-oriented session handlers. (Arpad)

- Improved SPL extension:
  . Immediately reject wrong usages of directories under Spl(Temp)FileObject
    and friends. (Etienne, Pierre)

- Improved XSL extension:
  . XSL doesn't stop transformation anymore, if a PHP function can't be called
    (Christian)

04 Aug 2011, PHP 5.4.0 Alpha 3
- Added features:
 . Short array syntax, see UPGRADING guide for full details
   (rsky0711 at gmail . com, sebastian.deutsch at 9elements . com, Pierre)
 . Binary numbers format (0b001010). (Jonah dot Harris at gmail dot com)
 . Support for Class::{expr}() syntax (Pierrick)

- Removed features:
  . Removed magic_quotes_gpc, magic_quotes_runtime and magic_quotes_sybase
    ini options. get_magic_quotes_gpc, get_magic_quotes_runtime are kept
    but always return false, set_magic_quotes_runtime raises an
    E_CORE_ERROR. (Pierrick, Pierre)

- Changed E_ALL to include E_STRICT. (Stas)

- Improved core functions
  . Fixed bug #55124 (recursive mkdir fails with current (dot) directory in path).
    (Pierre)

- Improved PHP-FPM SAPI:
  . Added process.max to control the number of process FPM can fork. FR #55166.
    (fat)
  . Dropped restriction of not setting the same value multiple times, the last
    one holds. (giovanni at giacobbi dot net, fat)

- SPL extension:
  . Added missing class_uses(..) as pointed out by #55266 (Stefan)
  . Fixed bug #55287 (spl_classes() not includes CallbackFilter classes)
    (sasezaki at gmail dot com, salathe)


14 Jul 2011, PHP 5.4.0 Alpha 2
- General improvements:
  . Zend Signal Handling. (Lucas Nealan,Arnaud Le Blanc,Brian Shire, Ilia)

- Improved Zend Engine
  . Improved parse error messages. (Felipe)

- Improved CLI SAPI:
  . Added built-in web server that is intended for testing purpose.
    (Moriyoshi)

- Improved PHP-FPM SAPI:
  . Added partial syslog support (on error_log only). FR #52052. (fat)
  . Lowered default value for Process Manager. FR #54098. (fat)
  . Enhance security by limiting access to user defined extensions.
    FR #55181. (fat)

- Improved core functions:
  . Changed http_response_code() to be able to set a response code. (Kalle)
  . Fixed crypt_blowfish handling of 8-bit characters. (Stas) (CVE-2011-2483)
  . Fixed bug#55084 (Function registered by header_register_callback is
    called only once per process). (Hannes)

- Improved DOM extension:
  . Added the ability to pass options to loadHTML (Chregu, fxmulder at gmail dot com)

- OpenSSL extension:
  . Use php's implementation for Windows Crypto API in
    openssl_random_pseudo_bytes. (Pierre)

20 Jun 2011, PHP 5.4.0 Alpha 1
- autoconf 2.59+ is now supported (and required) for generating the
  configure script with ./buildconf. Autoconf 2.60+ is desirable
  otherwise the configure help order may be incorrect.  (Rasmus, Chris Jones)

- Removed legacy features:
  . break/continue $var syntax. (Dmitry)
  . Safe mode and all related ini options. (Kalle)
  . register_globals and register_long_arrays ini options. (Kalle)
  . import_request_variables(). (Kalle)
  . allow_call_time_pass_reference. (Pierrick)
  . define_syslog_variables ini option and its associated function. (Kalle)
  . highlight.bg ini option. (Kalle)
  . Session bug compatibility mode (session.bug_compat_42 and
    session.bug_compat_warn ini options). (Kalle)
  . session_is_registered(), session_register() and session_unregister()
    functions. (Kalle)
  . y2k_compliance ini option. (Kalle)

- Moved extensions to PECL: (Johannes)
  . ext/sqlite.  (Note: the ext/sqlite3 and ext/pdo_sqlite extensions are
    not affected)

- Changed $_SERVER['REQUEST_TIME'] to include microsecond precision. (Ilia)
- Changed default value of "default_charset" php.ini option from ISO-8859-1 to
  UTF-8. (Rasmus)
- Changed array_combine() to return empty array instead of FALSE when both
  parameter arrays are empty. FR #34857. (joel.perras@gmail.com)
- Changed third parameter of preg_match_all() to optional. FR #53238. (Adam)
- Changed silent casting of null/''/false into an Object when adding
  a property into a warning. (Scott)
- <?= is now always available regardless of the short_open_tag setting (Rasmus)

- General improvements:
  . Added multibyte support by default. Previously php had to be compiled
    with --enable-zend-multibyte. Now it can be enabled or disabled through
    zend.multibyte directive in php.ini. (Dmitry)
  . Removed compile time dependency from ext/mbstring (Dmitry)
  . Added support for Traits. (Stefan)
  . Added closure $this support back. (Stas)
  . Added array dereferencing support. (Felipe)
  . Added indirect method call through array. FR #47160. (Felipe)
  . Added support for object references in recursive serialize() calls.
    FR #36424. (Mike)
  . Added http_response_code() function. FR #52555. (Paul Dragoonis, Kalle)
  . Added header_register_callback() which is invoked immediately
    prior to the sending of headers and after default headers have
    been added. (Scott)
  . Added DTrace support. (David Soria Parra)
  . Improved output layer, see README.NEW-OUTPUT-API for internals. (Mike)
  . Improved unserialize() performance.
    (galaxy dot mipt at gmail dot com, Kalle)
  . Improved unix build system to allow building multiple PHP binary SAPIs and
    one SAPI module the same time. FR #53271, FR #52419. (Jani)
  . Added optional argument to debug_backtrace() and debug_print_backtrace()
    to limit the amount of stack frames returned. (Sebastian, Patrick)
  . Added stream metadata API support and stream_metadata() stream class
    handler. (Stas)
  . User wrappers can now define a stream_truncate() method that responds
    to truncation, e.g. through ftruncate(). FR #53888. (Gustavo)

- Improved Zend Engine memory usage: (Dmitry)
  . Replaced zend_function.pass_rest_by_reference by
    ZEND_ACC_PASS_REST_BY_REFERENCE in zend_function.fn_flags.
  . Replaced zend_function.return_reference by ZEND_ACC_RETURN_REFERENCE
    in zend_function.fn_flags.
  . Removed zend_arg_info.required_num_args as it was only needed for internal
    functions. Now the first arg_info for internal functions (which has special
    meaning) is represented by zend_internal_function_info structure.
  . Moved zend_op_array.size, size_var, size_literal, current_brk_cont,
    backpatch_count into CG(context) as they are used only during compilation.
  . Moved zend_op_array.start_op into EG(start_op) as it's used only for
    'interactive' execution of single top-level op-array.
  . Replaced zend_op_array.done_pass_two by ZEND_ACC_DONE_PASS_TWO in
    zend_op_array.fn_flags.
  . op_array.vars array is trimmed (reallocated) during pass_two.
  . Replaced zend_class_entry.constants_updated by ZEND_ACC_CONSTANTS_UPDATED
    in zend_class_entry.ce_flags.
  . Reduced the size of zend_class_entry by sharing the same memory space
    by different information for internal and user classes.
    See zend_class_entry.info union.
  . Reduced size of temp_variable.

- Changed the structure of op_array.opcodes. The constant values are moved from
  opcode operands into a separate literal table. (Dmitry)

- Improved Zend Engine, performance tweaks and optimizations: (Dmitry)
  . Inlined most probable code-paths for arithmetic operations directly into
    executor.
  . Eliminated unnecessary iterations during request startup/shutdown.
  . Changed $GLOBALS into a JIT autoglobal, so it's initialized only if used.
    (this may affect opcode caches!)
  . Improved performance of @ (silence) operator.
  . Simplified string offset reading. $str[1][0] is now a legal construct.
  . Added caches to eliminate repeatable run-time bindings of functions,
    classes, constants, methods and properties.
  . Added concept of interned strings. All strings constants known at compile
    time are allocated in a single copy and never changed.
  . Added an optimization which saves memory and emalloc/efree calls for empty
    HashTables. (Stas, Dmitry)
  . ZEND_RECV now always has IS_CV as its result.
  . ZEND_CATCH now has to be used only with constant class names.
  . ZEND_FETCH_DIM_? may fetch array and dimension operands in different order.
  . Simplified ZEND_FETCH_*_R operations. They can't be used with the
    EXT_TYPE_UNUSED flag any more. This is a very rare and useless case.
    ZEND_FREE might be required after them instead.
  . Split ZEND_RETURN into two new instructions ZEND_RETURN and
    ZEND_RETURN_BY_REF.
  . Optimized access to global constants using values with pre-calculated
    hash_values from the literals table.
  . Optimized access to static properties using executor specialization.
    A constant class name may be used as a direct operand of ZEND_FETCH_*
    instruction without previous ZEND_FETCH_CLASS.
  . zend_stack and zend_ptr_stack allocation is delayed until actual usage.

- Improved CLI SAPI: (Johannes, Moriyoshi)
  . Added command line option --rz <name> which shows information of the
    named Zend extension. (Johannes)
  . Interactive readline shell improvements: (Johannes)
    . Added "cli.pager" php.ini setting to set a pager for output.
    . Added "cli.prompt" php.ini setting to configure the shell prompt.
    . Added shortcut #inisetting=value to change ini settings at run-time.
    . Changed shell not to terminate on fatal errors.
    . Interactive shell works with shared readline extension. FR #53878.

- Improved FastCGI SAPI: (Dmitry)
  . Added apache compatible functions: apache_child_terminate(),
    getallheaders(), apache_request_headers() and apache_response_headers()
  . Improved performance of FastCGI request parsing.

- Improved core functions:
  . number_format() no longer truncates multibyte decimal points and thousand
    separators to the first byte. FR #53457. (Adam)
  . Added hex2bin() function. (Scott)

- Improved CURL extension:
  . Added support for CURLOPT_MAX_RECV_SPEED_LARGE and
    CURLOPT_MAX_SEND_SPEED_LARGE. FR #51815. (Pierrick)

- Improved Date extension:
  . Added the + modifier to parseFromFormat to allow trailing text in the
    string to parse without throwing an error. (Stas, Derick)

- Improved DBA extension:
  . Added Tokyo Cabinet abstract DB support. (Michael Maclean)
  . Added Berkeley DB 5 support. (Johannes, Chris Jones)

- Improved filesystem functions:
  . scandir() now accepts SCANDIR_SORT_NONE as a possible sorting_order value.
    FR #53407. (Adam)

- Improved HASH extension:
  . Added Jenkins's one-at-a-time hash support. (Martin Jansen)
  . Added FNV-1 hash support. (Michael Maclean)
  . Made Adler32 algorithm faster. FR #53213. (zavasek at yandex dot ru)

- Improved intl extension:
  . Added Spoofchecker, allows checking for visibly confusable characters and
    other security issues. (Scott)

- Improved JSON extension:
  . Added JsonSerializable interface. (Sara)
  . Added JSON_BIGINT_AS_STRING, extended json_decode() sig with $options.
    (Sara)
  . Added support for JSON_NUMERIC_CHECK option in json_encode() that converts
    numeric strings to integers. (Ilia)
  . Added new json_encode() option JSON_PRETTY_PRINT. FR #44331. (Adam)
  . Added new json_encode() option JSON_UNESCAPED_SLASHES. FR #49366. (Adam)

- Improved LDAP extension:
  . Added paged results support. FR #42060. (ando@OpenLDAP.org,
    iarenuno@eteo.mondragon.edu, jeanseb@au-fil-du.net, remy.saissy@gmail.com)

- Improved MySQL extensions:
  . MySQL: Deprecated mysql_list_dbs(). FR #50667. (Andrey)
  . mysqlnd: Added named pipes support. FR #48082. (Andrey)
  . MySQLi: Added iterator support in MySQLi. mysqli_result implements
    Traversable. (Andrey, Johannes)
  . PDO_mysql: Removed support for linking with MySQL client libraries older
    than 4.1. (Johannes)

- Improved OpenSSL extension:
  . Added AES support. FR #48632. (yonas dot y at gmail dot com, Pierre)
  . Added a "no_ticket" SSL context option to disable the SessionTicket TLS
    extension. FR #53447. (Adam)
  . Added no padding option to openssl_encrypt()/openssl_decrypt(). (Scott)

- Improved PDO DB-LIB: (Stanley)
  . Added nextRowset support.
  . Fixed bug #50755 (PDO DBLIB Fails with OOM).

- Improved PostgreSQL extension:
  . Added support for "extra" parameter for PGNotify().
    (r dot i dot k at free dot fr, Ilia)

- Improved Reflection extension: (Johannes)
  . Added ReflectionExtension::isTemporary() and
    ReflectionExtension::isPersistent() methods.
  . Added ReflectionZendExtension class.
  . Added ReflectionClass::isCloneable(). (Felipe)

- Improved Session extension:
  . Added support for storing upload progress feedback in session data. (Arnaud)
  . Changed session.entropy_file to default to /dev/urandom or /dev/arandom if
    either is present at compile time. (Rasmus)

- Improved SPL extension:
  . Added RegexIterator::getRegex() method. (Joshua Thijssen)
  . Added SplObjectStorage::getHash() hook. (Etienne)
  . Added CallbackFilterIterator and RecursiveCallbackFilterIterator. (Arnaud)

- Improved XSL extension:
  . Added XsltProcessor::setSecurityPrefs($options) and getSecurityPrefs() to
    define forbidden operations within XSLT stylesheets, default is not to
    enable write operations from XSLT. Bug #54446 (Chregu, Nicolas Gregoire)

- Improved ZLIB extension:
  . Re-implemented non-file related functionality. (Mike)

- Improved SNMP extension (Boris Lytochkin):
  . Added OO API. FR #53594 (php-snmp rewrite).
  . Sanitized return values of existing functions. Now it returns FALSE on
    failure.
  . Allow ~infinite OIDs in GET/GETNEXT/SET queries. Autochunk them to max_oids
    upon request.
  . Introducing unit tests for extension with ~full coverage.
  IPv6 support. (FR #42918)
  . Way of representing OID value can now be changed when SNMP_VALUE_OBJECT
    is used for value output mode. Use or'ed SNMP_VALUE_LIBRARY(default if
    not specified) or SNMP_VALUE_PLAIN. (FR #54502)
  . Fixed bugs
    . #44193 (snmp v3 noAuthNoPriv doesn't work)
    . #45893 (Snmp buffer limited to 2048 char)
    . #46065 (snmp_set_quick_print() persists between requests)
    . #51336 (snmprealwalk (snmp v1) does not handle end of OID tree correctly)
    . #53862 (snmp_set_oid_output_format does not allow returning to default)

## UNSORTED ##

- Fixed PDO objects binary incompatibility. (Dmitry)
- Fixed bug #52211 (iconv() returns part of string on error). (Felipe)
- Fixed bug #55450 (Built in web server not accepting file uploads). (Laruence)
- Fixed bug #55471 (ZTS build broken with dtrace). (Laruence)
- Fixed bug #55463 (cli-server missing _SERVER[REMOTE_ADDR]). (Laruence)
- Fixed bug #55473 (mysql_pconnect leaks file descriptors on reconnect). (Andrey, Laruence)
- Fixed bug #55423 (cli-server could not output correctly in some case). (Laruence, chobieee at gmail dot com)
- Fixed bug #55653 (PS crash with libmysql when binding same variable as param and out). (Laruence)

?? ??? 2011, PHP 5.3.9

- Core:
  . Fixed Bug #55649 (Undefined function Bug()). (Laruence)
  . Fixed bug #55576: Cannot conditionally move uploaded file without race
    condition. (Gustavo)
  . Fixed bug #55366: keys lost when using substr_replace an array. (Arpad)
  . Fixed bug #55273 (base64_decode() with strict rejects whitespace after
    pad). (Ilia)
  . Fixed bug #55510: $_FILES 'name' missing first character after upload.
    (Arpad)
  . Fixed bug #55509 (segfault on x86_64 using more than 2G memory). (Laruence)
  . Fixed bug #55504 (Content-Type header is not parsed correctly on
    HTTP POST request). (Hannes)
  . Fixed bug #52461 (Incomplete doctype and missing xmlns).
    (virsacer at web dot de, Pierre)

- Curl:
  . Fixed bug #54798 (Segfault when CURLOPT_STDERR file pointer is closed
    before calling curl_exec). (Hannes)
  . Fixed issues were curl_copy_handle() would sometimes lose copied
    preferences. (Hannes)

- DateTime:
  . Fixed bug #48476 (cloning extended DateTime class without calling
    parent::__constr crashed PHP). (Hannes)

- MySQL:
  . Fixed bug #55550 (mysql.trace_mode miscounts result sets). (Johannes)

- MySQLi extension:
  . Fixed bug #55582 (mysqli_num_rows() returns always 0 for unbuffered, when
  mysqlnd is used). (Andrey)

- mysqlnd
  . Fixed bug #55609 (mysqlnd cannot be built shared). (Johannes)
  . Fixed bug #55067 (MySQL doesn't support compression - wrong config option).
    (Andrey)

- PDO MySQL driver:
  . Fixed bug #54158 (MYSQLND+PDO MySQL requires #define MYSQL_OPT_LOCAL_INFILE)
  (Andrey)

- Phar:
  . Fixed bug#52013 (Unable to decompress files in a compressed phar). (Hannes)
  . Fixed bug#53872 (internal corruption of phar). (Hannes)

- Session:
  . Fixed bug #55267 (session_regenerate_id fails after header sent). (Hannes)

- NSAPI SAPI:
  . Don't set $_SERVER['HTTPS'] on unsecure connection (bug #55403). (Uwe
    Schindler)
735

736 737 738 739 740 741 742 743
- SimpleXML:
  . Reverted the SimpleXML->query() behaviour to returning empty arrays
    instead of false when no nodes are found as it was since 5.3.3
    (bug #48601). (chregu, rrichards)

- String:
  . Fixed bug #55674 (fgetcsv & str_getcsv skip empty fields in some tab-separated
    records). (Laruence)
744

745 746 747 748 749 750 751 752 753 754
23 Aug 2011, PHP 5.3.8

- Core:
  . Fixed bug #55439 (crypt() returns only the salt for MD5). (Stas)

- OpenSSL:
  . Reverted a change in timeout handling restoring PHP 5.3.6 behavior,
    as the new behavior caused mysqlnd SSL connections to hang (#55283).
    (Pierre, Andrey, Johannes)

755 756 757 758 759 760 761 762 763 764 765 766 767 768
18 Aug 2011, PHP 5.3.7
- Upgraded bundled SQLite to version 3.7.7.1. (Scott)
- Upgraded bundled PCRE to version 8.12. (Scott)

- Zend Engine:
  . Fixed bug #55156 (ReflectionClass::getDocComment() returns comment even
    though the class has none). (Felipe)
  . Fixed bug #55007 (compiler fail after previous fail). (Felipe)
  . Fixed bug #54910 (Crash when calling call_user_func with unknown function
    name). (Dmitry)
  . Fixed bug #54804 (__halt_compiler and imported namespaces).
    (Pierrick, Felipe)
  . Fixed bug #54624 (class_alias and type hint). (Felipe)
  . Fixed bug #54585 (track_errors causes segfault). (Dmitry)
769
  . Fixed bug #54423 (classes from dl()'ed extensions are not destroyed).
770 771 772 773 774 775 776 777 778 779 780 781
    (Tony, Dmitry)
  . Fixed bug #54372 (Crash accessing global object itself returned from its
    __get() handle). (Dmitry)
  . Fixed bug #54367 (Use of closure causes problem in ArrayAccess). (Dmitry)
  . Fixed bug #54358 (Closure, use and reference). (Dmitry)
  . Fixed bug #54262 (Crash when assigning value to a dimension in a non-array).
    (Dmitry)
  . Fixed bug #54039 (use() of static variables in lambda functions can break
    staticness). (Dmitry)

- Core
  . Updated crypt_blowfish to 1.2. ((CVE-2011-2483) (Solar Designer)
782
  . Removed warning when argument of is_a() or is_subclass_of() is not
783 784 785 786 787
    a known class. (Stas)
  . Fixed crash in error_log(). (Felipe) Reported by Mateusz Kocielski.
  . Added PHP_MANDIR constant telling where the manpages were installed into,
    and an --man-dir argument to php-config. (Hannes)
  . Fixed a crash inside dtor for error handling. (Ilia)
788
  . Fixed buffer overflow on overlog salt in crypt(). (Clément LECIGNE, Stas)
789 790 791 792 793 794 795 796
  . Implemented FR #54459 (Range function accuracy). (Adam)

  . Fixed bug #55399 (parse_url() incorrectly treats ':' as a valid path).
    (Ilia)
  . Fixed bug #55339 (Segfault with allow_call_time_pass_reference = Off).
    (Dmitry)
  . Fixed bug #55295 [NEW]: popen_ex on windows, fixed possible heap overflow
    (Pierre)
797
  . Fixed bug #55258 (Windows Version Detecting Error).
798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840
    ( xiaomao5 at live dot com, Pierre)
  . Fixed bug #55187 (readlink returns weird characters when false result).
   (Pierre)
  . Fixed bug #55082 (var_export() doesn't escape properties properly).
    (Gustavo)
  . Fixed bug #55014 (Compile failure due to improper use of ctime_r()). (Ilia)
  . Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload
    filename). (Felipe) Reported by Krzysztof Kotowicz. (CVE-2011-2202)
  . Fixed bug #54935 php_win_err can lead to crash. (Pierre)
  . Fixed bug #54924 (assert.* is not being reset upon request shutdown). (Ilia)
  . Fixed bug #54895 (Fix compiling with older gcc version without need for
    membar_producer macro). (mhei at heimpold dot de)
  . Fixed bug #54866 (incorrect accounting for realpath_cache_size).
    (Dustin Ward)
  . Fixed bug #54723 (getimagesize() doesn't check the full ico signature).
    (Scott)
  . Fixed bug #54721 (Different Hashes on Windows, BSD and Linux on wrong Salt
    size). (Pierre, os at irj dot ru)
  . Fixed bug #54580 (get_browser() segmentation fault when browscap ini
    directive is set through php_admin_value). (Gustavo)
  . Fixed bug #54332 (Crash in zend_mm_check_ptr // Heap corruption). (Dmitry)
  . Fixed bug #54305 (Crash in gc_remove_zval_from_buffer). (Dmitry)
  . Fixed bug #54238 (use-after-free in substr_replace()). (Stas)
    (CVE-2011-1148)
  . Fixed bug #54204 (Can't set a value with a PATH section in php.ini).
    (Pierre)
  . Fixed bug #54180 (parse_url() incorrectly parses path when ? in fragment).
    (tomas dot brastavicius at quantum dot lt, Pierrick)
  . Fixed bug #54137 (file_get_contents POST request sends additional line
    break). (maurice-php at mertinkat dot net, Ilia)
  . Fixed bug #53848 (fgetcsv() ignores spaces at beginnings of fields). (Ilia)
  . Alternative fix for bug #52550, as applied to the round() function (signed
    overflow), as the old fix impacted the algorithm for numbers with magnitude
    smaller than 0. (Gustavo)
  . Fixed bug #53727 (Inconsistent behavior of is_subclass_of with interfaces)
    (Ralph Schindler, Dmitry)
  . Fixed bug #52935 (call exit in user_error_handler cause stream relate
    core). (Gustavo)
  . Fixed bug #51997 (SEEK_CUR with 0 value, returns a warning). (Ilia)
  . Fixed bug #50816 (Using class constants in array definition fails).
    (Pierrick, Dmitry)
  . Fixed bug #50363 (Invalid parsing in convert.quoted-printable-decode
    filter). (slusarz at curecanti dot org)
841
  . Fixed bug #48465 (sys_get_temp_dir() possibly inconsistent when using
842 843 844 845 846 847 848 849 850 851 852 853
    TMPDIR on Windows). (Pierre)

- Apache2 Handler SAPI:
  . Fixed bug #54529 (SAPI crashes on apache_config.c:197).
    (hebergement at riastudio dot fr)

- CLI SAPI:
  . Fixed bug #52496 (Zero exit code on option parsing failure). (Ilia)

- cURL extension:
  . Added ini option curl.cainfo (support for custom cert db). (Pierre)
  . Added CURLINFO_REDIRECT_URL support. (Daniel Stenberg, Pierre)
854
  . Added support for CURLOPT_MAX_RECV_SPEED_LARGE and
855 856 857 858 859 860 861 862 863 864 865 866 867
    CURLOPT_MAX_SEND_SPEED_LARGE. FR #51815. (Pierrick)

- DateTime extension:
  . Fixed bug where the DateTime object got changed while using date_diff().
    (Derick)
  . Fixed bug #54340 (DateTime::add() method bug). (Adam)
  . Fixed bug #54316 (DateTime::createFromFormat does not handle trailing '|'
    correctly). (Adam)
  . Fixed bug #54283 (new DatePeriod(NULL) causes crash). (Felipe)
  . Fixed bug #51819 (Case discrepancy in timezone names cause Uncaught
    exception and fatal error). (Hannes)

- DBA extension:
868
  . Supress warning on non-existent file open with Berkeley DB 5.2 (Chris Jones)
869 870 871 872 873 874 875 876 877 878 879 880
  . Fixed bug #54242 (dba_insert returns true if key already exists). (Felipe)

- Exif extesion:
  . Fixed bug #54121 (error message format string typo). (Ilia)

- Fileinfo extension:
  . Fixed bug #54934 (Unresolved symbol strtoull in HP-UX 11.11). (Felipe)

- Filter extension:
  . Added 3rd parameter to filter_var_array() and filter_input_array()
    functions that allows disabling addition of empty elements. (Ilia)
  . Fixed bug #53037 (FILTER_FLAG_EMPTY_STRING_NULL is not implemented). (Ilia)
881

882 883
- Interbase extension:
  . Fixed bug #54269 (Short exception message buffer causes crash). (Felipe)
884

885 886 887 888 889 890 891 892 893 894
- intl extension:
  . Implemented FR #54561 (Expose ICU version info). (David Zuelke, Ilia)
  . Implemented FR #54540 (Allow loading of arbitrary resource bundles when
    fallback is disabled). (David Zuelke, Stas)

- Imap extension:
  . Fixed bug #55313 (Number of retries not set when params specified).
    (kevin at kevinlocke dot name)

- json extension:
895
  . Fixed bug #54484 (Empty string in json_decode doesn't reset
896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911
    json_last_error()). (Ilia)

- LDAP extension:
  . Fixed bug #53339 (Fails to build when compilng with gcc 4.5 and DSO
    libraries). (Clint Byrum, Raphael)

- libxml extension:
  . Fixed bug #54601 (Removing the doctype node segfaults). (Hannes)
  . Fixed bug #54440 (libxml extension ignores default context). (Gustavo)

- mbstring extension:
  . Fixed bug #54494 (mb_substr() mishandles UTF-32LE and UCS-2LE). (Gustavo)

- MCrypt extension:
  . Change E_ERROR to E_WARNING in mcrypt_create_iv when not enough data
    has been fetched (Windows). (Pierre)
912
  . Fixed bug #55169 (mcrypt_create_iv always fails to gather sufficient random
913 914 915 916 917 918 919 920 921 922 923
    data on Windows). (Pierre)

- mysqlnd
  . Fixed crash when using more than 28,000 bound parameters. Workaround is to
    set mysqlnd.net_cmd_buffer_size to at least 9000. (Andrey)
  . Fixed bug #54674 mysqlnd valid_sjis_(head|tail) is using invalid operator
    and range). (nihen at megabbs dot com, Andrey)

- MySQLi extension:
  . Fixed bug #55283 (SSL options set by mysqli_ssl_set ignored for MySQLi
    persistent connections). (Andrey)
924 925
  . Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries).
    (Andrey)
926 927 928 929 930 931 932 933 934 935 936

- OpenSSL extension:
  . openssl_encrypt()/openssl_decrypt() truncated keys of variable length
    ciphers to the OpenSSL default for the algorithm. (Scott)
  . On blocking SSL sockets respect the timeout option where possible.
    (Scott)
  . Fixed bug #54992 (Stream not closed and error not returned when SSL
    CN_match fails). (Gustavo, laird_ngrps at dodo dot com dot au)

- Oracle Database extension (OCI8):
  . Added oci_client_version() returning the runtime Oracle client library
937
    version (Chris Jones)
938 939 940 941 942 943

. PCRE extension:
  . Increased the backtrack limit from 100000 to 1000000 (Rasmus)

- PDO extension:
  . Fixed bug #54929 (Parse error with single quote in sql comment). (Felipe)
944
  . Fixed bug #52104 (bindColumn creates Warning regardless of ATTR_ERRMODE
945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029
    settings). (Ilia)

- PDO DBlib driver:
  . Fixed bug #54329 (MSSql extension memory leak).
    (dotslashpok at gmail dot com)
  . Fixed bug #54167 (PDO_DBLIB returns null on SQLUNIQUE field).
    (mjh at hodginsmedia dot com, Felipe)

- PDO ODBC driver:
  . Fixed data type usage in 64bit. (leocsilva at gmail dot com)

- PDO MySQL driver:
  . Fixed bug #54644 (wrong pathes in php_pdo_mysql_int.h). (Tony, Johannes)
  . Fixed bug #53782 (foreach throws irrelevant exception). (Johannes, Andrey)
  . Implemented FR #48587 (MySQL PDO driver doesn't support SSL connections).
    (Rob)

- PDO PostgreSQL driver:
  . Fixed bug #54318 (Non-portable grep option used in PDO pgsql
    configuration). (bwalton at artsci dot utoronto dot ca)

- PDO Oracle driver:
  . Fixed bug #44989 (64bit Oracle RPMs still not supported by pdo-oci).
    (jbnance at tresgeek dot net)

- Phar extension:
  . Fixed bug #54395 (Phar::mount() crashes when calling with wrong parameters).
    (Felipe)

- PHP-FPM SAPI:
  . Implemented FR #54499 (FPM ping and status_path should handle HEAD request). (fat)
  . Implemented FR #54172 (Overriding the pid file location of php-fpm). (fat)
  . Fixed missing Expires and Cache-Control headers for ping and status pages.
    (fat)
  . Fixed memory leak. (fat) Reported and fixed by Giovanni Giacobbi.
  . Fixed wrong value of log_level when invoking fpm with -tt. (fat)
  . Added xml format to the status page. (fat)
  . Removed timestamp in logs written by children processes. (fat)
  . Fixed exit at FPM startup on fpm_resources_prepare() errors. (fat)
  . Added master rlimit_files and rlimit_core in the global configuration
    settings. (fat)
  . Removed pid in debug logs written by chrildren processes. (fat)
  . Added custom access log (also added per request %CPU and memory
    mesurement). (fat)
  . Added a real scoreboard and several improvements to the status page. (fat)

- Reflection extension:
  . Fixed bug #54347 (reflection_extension does not lowercase module function
    name). (Felipe, laruence at yahoo dot com dot cn)

- SOAP extension:
  . Fixed bug #55323 (SoapClient segmentation fault when XSD_TYPEKIND_EXTENSION
    contains itself). (Dmitry)
  . Fixed bug #54312 (soap_version logic bug). (tom at samplonius dot org)

- Sockets extension:
  . Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
    Found by Mateusz Kocielski, Marek Kroemeke and Filip Palian. (Felipe)
  . Changed socket_set_block() and socket_set_nonblock() so they emit warnings
    on error. (Gustavo)
  . Fixed bug #51958 (socket_accept() fails on IPv6 server sockets). (Gustavo)

- SPL extension:
  . Fixed bug #54971 (Wrong result when using iterator_to_array with use_keys
    on true). (Pierrick)
  . Fixed bug #54970 (SplFixedArray::setSize() isn't resizing). (Felipe)
  . Fixed bug #54609 (Certain implementation(s) of SplFixedArray cause hard
    crash). (Felipe)
  . Fixed bug #54384 (Dual iterators, GlobIterator, SplFileObject and
    SplTempFileObject crash when user-space classes don't call the paren
    constructor). (Gustavo)
  . Fixed bug #54292 (Wrong parameter causes crash in
    SplFileObject::__construct()). (Felipe)
  . Fixed bug #54291 (Crash iterating DirectoryIterator for dir name starting
    with \0). (Gustavo)
  . Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator).
    (Felipe)

- Streams:
  . Fixed bug #54946 (stream_get_contents infinite loop). (Hannes)
  . Fixed bug #54623 (Segfault when writing to a persistent socket after
    closing a copy of the socket). (Gustavo)
  . Fixed bug #54681 (addGlob() crashes on invalid flags). (Felipe)


1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066
17 Mar 2011, PHP 5.3.6
- Upgraded bundled Sqlite3 to version 3.7.4. (Ilia)
- Upgraded bundled PCRE to version 8.11. (Ilia)

- Zend Engine:
  . Indirect reference to $this fails to resolve if direct $this is never used
    in method. (Scott)
  . Added options to debug backtrace functions. (Stas)
  . Fixed bug numerous crashes due to setlocale (crash on error, pcre, mysql
    etc.) on Windows in thread safe mode. (Pierre)
  . Fixed Bug #53971 (isset() and empty() produce apparently spurious runtime
    error). (Dmitry)
  . Fixed Bug #53958 (Closures can't 'use' shared variables by value and by
    reference). (Dmitry)
  . Fixed Bug #53629 (memory leak inside highlight_string()). (Hannes, Ilia)
  . Fixed Bug #51458 (Lack of error context with nested exceptions). (Stas)
  . Fixed Bug #47143 (Throwing an exception in a destructor causes a fatal
    error). (Stas)
  . Fixed bug #43512 (same parameter name can be used multiple times in
    method/function definition). (Felipe)

- Core:
  . Added ability to connect to HTTPS sites through proxy with basic
    authentication using stream_context/http/header/Proxy-Authorization (Dmitry)
  . Changed default value of ini directive serialize_precision from 100 to 17.
    (Gustavo)
  . Fixed bug #54055 (buffer overrun with high values for precision ini
    setting). (Gustavo)
  . Fixed bug #53959 (reflection data for fgetcsv out-of-date). (Richard)
  . Fixed bug #53577 (Regression introduced in 5.3.4 in open_basedir with a
    trailing forward slash). (lekensteyn at gmail dot com, Pierre)
  . Fixed bug #53682 (Fix compile on the VAX). (Rasmus, jklos)
  . Fixed bug #48484 (array_product() always returns 0 for an empty array).
    (Ilia)
  . Fixed bug #48607 (fwrite() doesn't check reply from ftp server before
    exiting). (Ilia)

1067

1068 1069 1070 1071 1072 1073 1074
- Calendar extension:
  . Fixed bug #53574 (Integer overflow in SdnToJulian, sometimes leading to
    segfault). (Gustavo)

- DOM extension:
  . Implemented FR #39771 (Made DOMDocument::saveHTML accept an optional DOMNode
    like DOMDocument::saveXML). (Gustavo)
1075

1076 1077 1078 1079 1080 1081
- DateTime extension:
  . Fixed a bug in DateTime->modify() where absolute date/time statements had
    no effect. (Derick)
  . Fixed bug #53729 (DatePeriod fails to initialize recurrences on 64bit
    big-endian systems). (Derick, rein@basefarm.no)
  . Fixed bug #52808 (Segfault when specifying interval as two dates). (Stas)
1082
  . Fixed bug #52738 (Can't use new properties in class extended from
1083 1084 1085
    DateInterval). (Stas)
  . Fixed bug #52290 (setDate, setISODate, setTime works wrong when DateTime
    created from timestamp). (Stas)
1086
  . Fixed bug #52063 (DateTime constructor's second argument doesn't have a
1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106
    null default value). (Gustavo, Stas)

- Exif extension:
  . Fixed bug #54002 (crash on crafted tag, reported by Luca Carettoni).
    (Pierre) (CVE-2011-0708)

- Filter extension:
  . Fixed bug #53924 (FILTER_VALIDATE_URL doesn't validate port number).
    (Ilia, Gustavo)
  . Fixed bug #53150 (FILTER_FLAG_NO_RES_RANGE is missing some IP ranges).
    (Ilia)
  . Fixed bug #52209 (INPUT_ENV returns NULL for set variables (CLI)). (Ilia)
  . Fixed bug #47435 (FILTER_FLAG_NO_RES_RANGE don't work with ipv6).
    (Ilia, valli at icsurselva dot ch)

- Fileinfo extension:
  . Fixed bug #54016 (finfo_file() Cannot determine filetype in archives).
    (Hannes)

- Gettext
1107
  . Fixed bug #53837 (_() crashes on Windows when no LANG or LANGUAGE
1108 1109 1110 1111 1112 1113
    environment variable are set). (Pierre)

- IMAP extension:
  . Implemented FR #53812 (get MIME headers of the part of the email). (Stas)
  . Fixed bug #53377 (imap_mime_header_decode() doesn't ignore \t during long
    MIME header unfolding). (Adam)
1114

1115 1116 1117 1118 1119
- Intl extension:
  . Fixed bug #53612 (Segmentation fault when using cloned several intl
    objects). (Gustavo)
  . Fixed bug #53512 (NumberFormatter::setSymbol crash on bogus $attr values).
    (Felipe)
1120
  . Implemented clone functionality for number, date & message formatters.
1121 1122 1123 1124 1125 1126 1127
    (Stas).

- JSON extension:
  . Fixed bug #53963 (Ensure error_code is always set during some failed
    decodings). (Scott)

- mysqlnd
1128
  . Fixed problem with always returning 0 as num_rows for unbuffered sets.
1129 1130 1131
    (Andrey, Ulf)

- MySQL Improved extension:
1132
  . Added 'db' and 'catalog' keys to the field fetching functions (FR #39847).
1133 1134 1135 1136
    (Kalle)
  . Fixed buggy counting of affected rows when using the text protocol. The
    collected statistics were wrong when multi_query was used with mysqlnd
    (Andrey)
1137
  . Fixed bug #53795 (Connect Error from MySqli (mysqlnd) when using SSL).
1138
    (Kalle)
1139
  . Fixed bug #53503 (mysqli::query returns false after successful LOAD DATA
1140
    query). (Kalle, Andrey)
1141
  . Fixed bug #53425 (mysqli_real_connect() ignores client flags when built to
1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157
    call libmysql). (Kalle, tre-php-net at crushedhat dot com)

- OpenSSL extension:
  . Fixed stream_socket_enable_crypto() not honoring the socket timeout in
    server mode. (Gustavo)
  . Fixed bug #54060 (Memory leaks when openssl_encrypt). (Pierre)
  . Fixed bug #54061 (Memory leaks when openssl_decrypt). (Pierre)
  . Fixed bug #53592 (stream_socket_enable_crypto() busy-waits in client mode).
    (Gustavo)
  . Implemented FR #53447 (Cannot disable SessionTicket extension for servers
    that do not support it) by adding a no_ticket SSL context option. (Adam,
    Tony)

- PDO MySQL driver:
  . Fixed bug #53551 (PDOStatement execute segfaults for pdo_mysql driver).
    (Johannes)
1158
  . Implemented FR #47802 (Support for setting character sets in DSN strings).
1159 1160 1161 1162 1163
    (Kalle)

- PDO Oracle driver:
  . Fixed bug #39199 (Cannot load Lob data with more than 4000 bytes on
    ORACLE 10). (spatar at mail dot nnov dot ru)
1164

1165 1166 1167 1168 1169 1170 1171 1172 1173
- PDO PostgreSQL driver:
  . Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down).
    (gyp at balabit dot hu)

- Phar extension:
  . Fixed bug #54247 (format-string vulnerability on Phar). (Felipe)
    (CVE-2011-1153)
  . Fixed bug #53541 (format string bug in ext/phar).
    (crrodriguez at opensuse dot org, Ilia)
1174
  . Fixed bug #53898 (PHAR reports invalid error message, when the directory
1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204
    does not exist). (Ilia)

- PHP-FPM SAPI:
  . Enforce security in the fastcgi protocol parsing.
    (ef-lists at email dotde)
  . Fixed bug #53777 (php-fpm log format now match php_error log format). (fat)
  . Fixed bug #53527 (php-fpm --test doesn't set a valuable return value). (fat)
  . Fixed bug #53434 (php-fpm slowlog now also logs the original request). (fat)

- Readline extension:
  . Fixed bug #53630 (Fixed parameter handling inside readline() function).
    (jo at feuersee dot de, Ilia)

- Reflection extension:
  . Fixed bug #53915 (ReflectionClass::getConstant(s) emits fatal error on
    constants with self::). (Gustavo)

- Shmop extension:
  . Fixed bug #54193 (Integer overflow in shmop_read()). (Felipe)
    Reported by Jose Carlos Norte <jose at eyeos dot org> (CVE-2011-1092)

- SNMP extension:
  . Fixed bug #51336 (snmprealwalk (snmp v1) does not handle end of OID tree
    correctly). (Boris Lytochkin)

- SOAP extension:
  . Fixed possible crash introduced by the NULL poisoning patch.
    (Mateusz Kocielski, Pierre)

- SPL extension:
1205
  . Fixed memory leak in DirectoryIterator::getExtension() and
1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254
    SplFileInfo::getExtension(). (Felipe)
  . Fixed bug #53914 (SPL assumes HAVE_GLOB is defined). (Chris Jones)
  . Fixed bug #53515 (property_exists incorrect on ArrayObject null and 0
    values). (Felipe)
  . Fixed bug #49608 (Using CachingIterator on DirectoryIterator instance
    segfaults). (Felipe)

  . Added SplFileInfo::getExtension(). FR #48767. (Peter Cowburn)

- SQLite3 extension:
  . Fixed memory leaked introduced by the NULL poisoning patch.
    (Mateusz Kocielski, Pierre)
  . Fixed memory leak on SQLite3Result and SQLite3Stmt when assigning to a
    reference. (Felipe)
  . Add SQlite3_Stmt::readonly() for checking if a statement is read only.
    (Scott)
  . Implemented FR #53466 (SQLite3Result::columnType() should return false after
    all of the rows have been fetched). (Scott)

- Streams:
  . Fixed bug #54092 (Segmentation fault when using HTTP proxy with the FTP
    wrapper). (Gustavo)
  . Fixed bug #53913 (Streams functions assume HAVE_GLOB is defined). (Chris
    Jones)
  . Fixed bug #53903 (userspace stream stat callback does not separate the
    elements of the returned array before converting them). (Gustavo)
  . Implemented FR #26158 (open arbitrary file descriptor with fopen). (Gustavo)

- Tokenizer Extension
  . Fixed bug #54089 (token_get_all() does not stop after __halt_compiler).
    (Ilia)

- XSL extension:
  . Fixed memory leaked introduced by the NULL poisoning patch.
    (Mateusz Kocielski, Pierre)

- Zip extension:
  . Added the filename into the return value of stream_get_meta_data(). (Hannes)
  . Fixed bug #53923 (Zip functions assume HAVE_GLOB is defined). (Adam)
  . Fixed bug #53893 (Wrong return value for ZipArchive::extractTo()). (Pierre)
  . Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive).
    (Stas, Maksymilian Arciemowicz). (CVE-2011-0421)
  . Fixed bug #53854 (Missing constants for compression type). (Richard, Adam)
  . Fixed bug #53603 (ZipArchive should quiet stat errors). (brad dot froehle at
    gmail dot com, Gustavo)
  . Fixed bug #53579 (stream_get_contents() segfaults on ziparchive streams).
    (Hannes)
  . Fixed bug #53568 (swapped memset arguments in struct initialization).
    (crrodriguez at opensuse dot org)
1255
  . Fixed bug #53166 (Missing parameters in docs and reflection definition).
1256 1257 1258 1259
    (Richard)
  . Fixed bug #49072 (feof never returns true for damaged file in zip).
    (Gustavo, Richard Quadling)

1260
06 Jan 2011, PHP 5.3.5
1261
- Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott,
1262
  Rasmus)
1263 1264 1265 1266 1267 1268

09 Dec 2010, PHP 5.3.4
- Upgraded bundled Sqlite3 to version 3.7.3. (Ilia)
- Upgraded bundled PCRE to version 8.10. (Ilia)

- Security enhancements:
1269
  . Fixed crash in zip extract method (possible CWE-170).
1270
    (Maksymilian Arciemowicz, Pierre)
1271 1272
  . Paths with NULL in them (foo\0bar.txt) are now considered as invalid.
    (Rasmus)
1273
  . Fixed a possible double free in imap extension (Identified by Mateusz
1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284
    Kocielski). (CVE-2010-4150). (Ilia)
  . Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
    (CVE-2010-3709). (Maksymilian Arciemowicz)
  . Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
  . Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). (Pierre)
  . Fixed symbolic resolution support when the target is a DFS share. (Pierre)
  . Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
    large amount of data) (CVE-2010-3710). (Adam)

- General improvements:
  . Added stat support for zip stream. (Pierre)
1285
  . Added follow_location (enabled by default) option for the http stream
1286 1287 1288 1289
    support. (Pierre)
  . Improved support for is_link and related functions on Windows. (Pierre)
  . Added a 3rd parameter to get_html_translation_table. It now takes a charset
    hint, like htmlentities et al. (Gustavo)
1290

1291 1292 1293
- Implemented feature requests:
  . Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect
    zend multibyte at runtime. (Kalle)
1294
  . Implemented FR #52173, added functions pcntl_get_last_error() and
1295 1296 1297 1298
     pcntl_strerror(). (nick dot telford at gmail dot com, Arnaud)
  . Implemented symbolic links support for open_basedir checks. (Pierre)
  . Implemented FR #51804, SplFileInfo::getLinkTarget on Windows. (Pierre)
  . Implemented FR #50692, not uploaded files don't count towards
1299 1300
    max_file_uploads limit. As a side improvement, temporary files are not
    opened for empty uploads and, in debug mode, 0-length uploads. (Gustavo)
1301

1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312
- Improved MySQLnd:
  . Added new character sets to mysqlnd, which are available in MySQL 5.5
    (Andrey)

- Improved PHP-FPM SAPI:
  . Added '-p/--prefix' to php-fpm to use a custom prefix and run multiple
    instances. (fat)
  . Added custom process title for FPM. (fat)
  . Added '-t/--test' to php-fpm to check and validate FPM conf file. (fat)
  . Added statistics about listening socket queue length for FPM.
    (andrei dot nigmatulin at gmail dot com, fat)
1313

1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326
- Core:
  . Fixed extract() to do not overwrite $GLOBALS and $this when using
    EXTR_OVERWRITE. (jorto at redhat dot com)
  . Fixed bug in the Windows implementation of dns_get_record, where the two
    last parameters wouldn't be filled unless the type were DNS_ANY (Gustavo).
  . Changed the $context parameter on copy() to actually have an effect. (Kalle)
  . Fixed htmlentities/htmlspecialchars accepting certain ill-formed UTF-8
    sequences. (Gustavo)
  . Fixed bug #53409 (sleep() returns NULL on Windows). (Pierre)
  . Fixed bug #53319 (strip_tags() may strip '<br />' incorrectly). (Felipe)
  . Fixed bug #53304 (quot_print_decode does not handle lower-case hex digits).
    (Ilia, daniel dot mueller at inexio dot net)
  . Fixed bug #53248 (rawurlencode RFC 3986 EBCDIC support misses tilde char).
1327
    (Justin Martin)
1328 1329 1330 1331 1332 1333 1334 1335 1336
  . Fixed bug #53226 (file_exists fails on big filenames). (Adam)
  . Fixed bug #53198 (changing INI setting "from" with ini_set did not have any
    effect). (Gustavo)
  . Fixed bug #53180 (post_max_size=0 not disabling the limit when the content
    type is application/x-www-form-urlencoded or is not registered with PHP).
    (gm at tlink dot de, Gustavo)
  . Fixed bug #53141 (autoload misbehaves if called from closing session).
    (ladislav at marek dot su)
  . Fixed bug #53021 (In html_entity_decode, failure to convert numeric entities
1337 1338 1339 1340 1341 1342
    with ENT_NOQUOTES and ISO-8859-1). Fixed and extended the fix of
    ENT_NOQUOTES in html_entity_decode that had introduced the bug (rev
    #185591) to other encodings. Additionaly, html_entity_decode() now doesn't
    decode &#34; if ENT_NOQUOTES is given. (Gustavo)
  . Fixed bug #52931 (strripos not overloaded with function overloading
    enabled). (Felipe)
1343
  . Fixed bug #52772 (var_dump() doesn't check for the existence of
1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355
    get_class_name before calling it). (Kalle, Gustavo)
  . Fixed bug #52534 (var_export array with negative key). (Felipe)
  . Fixed bug #52327 (base64_decode() improper handling of leading padding in
    strict mode). (Ilia)
  . Fixed bug #52260 (dns_get_record fails with non-existing domain on Windows).
    (a_jelly_doughnut at phpbb dot com, Pierre)
  . Fixed bug #50953 (socket will not connect to IPv4 address when the host has
    both IPv4 and IPv6 addresses, on Windows). (Gustavo, Pierre)
  . Fixed bug #50524 (proc_open on Windows does not respect cwd as it does on
    other platforms). (Pierre)
  . Fixed bug #49687 (utf8_decode vulnerabilities and deficiencies in the number
    of reported malformed sequences). (CVE-2010-3870) (Gustavo)
1356 1357
  . Fixed bug #49407 (get_html_translation_table doesn't handle UTF-8).
    (Gustavo)
1358
  . Fixed bug #48831 (php -i has different output to php --ini). (Richard,
1359 1360 1361
    Pierre)
  . Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4).
    (Felipe)
1362
  . Fixed bug #47168 (printf of floating point variable prints maximum of 40
1363 1364 1365 1366 1367 1368
    decimal places). (Ilia)
  . Fixed bug #46587 (mt_rand() does not check that max is greater than min).
    (Ilia)
  . Fixed bug #29085 (bad default include_path on Windows). (Pierre)
  . Fixed bug #25927 (get_html_translation_table calls the ' &#39; instead of
    &#039;). (Gustavo)
1369

1370 1371 1372
- Zend engine:
  . Reverted fix for bug #51176 (Static calling in non-static method behaves
    like $this->). (Felipe)
1373
  . Changed deprecated ini options on startup from E_WARNING to E_DEPRECATED.
1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392
    (Kalle)
  . Fixed NULL dereference in lex_scan on zend multibyte builds where the script
    had a flex incompatible encoding and there was no converter. (Gustavo)
  . Fixed covariance of return-by-ref constraints. (Etienne)
  . Fixed bug #53305 (E_NOTICE when defining a constant starts with
    __COMPILER_HALT_OFFSET__). (Felipe)
  . Fixed bug #52939 (zend_call_function does not respect ZEND_SEND_PREFER_REF).
    (Dmitry)
  . Fixed bug #52879 (Objects unreferenced in __get, __set, __isset or __unset
    can be freed too early). (mail_ben_schmidt at yahoo dot com dot au, Dmitry)
  . Fixed bug #52786 (PHP should reset section to [PHP] after ini sections).
    (Fedora at famillecollet dot com)
  . Fixed bug #52508 (newline problem with parse_ini_file+INI_SCANNER_RAW).
    (Felipe)
  . Fixed bug #52484 (__set() ignores setting properties with empty names).
    (Felipe)
  . Fixed bug #52361 (Throwing an exception in a destructor causes invalid
    catching). (Dmitry)
  . Fixed bug #51008 (Zend/tests/bug45877.phpt fails). (Dmitry)
1393

1394 1395 1396 1397 1398 1399 1400 1401 1402 1403
- Build issues:
  . Fixed bug #52436 (Compile error if systems do not have stdint.h)
    (Sriram Natarajan)
  . Fixed bug #50345 (nanosleep not detected properly on some solaris versions).
    (Ulf, Tony)
  . Fixed bug #49215 (make fails on glob_wrapper). (Felipe)

- Calendar extension:
  . Fixed bug #52744 (cal_days_in_month incorrect for December 1 BCE).
   (gpap at internet dot gr, Adam)
1404

1405 1406 1407 1408 1409 1410 1411
- cURL extension:
  . Fixed bug #52828 (curl_setopt does not accept persistent streams).
    (Gustavo, Ilia)
  . Fixed bug #52827 (cURL leaks handle and causes assertion error
    (CURLOPT_STDERR)). (Gustavo)
  . Fixed bug #52202 (CURLOPT_PRIVATE gets corrupted). (Ilia)
  . Fixed bug #50410 (curl extension slows down PHP on Windows). (Pierre)
1412

1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440
- DateTime extension:
  . Fixed bug #53297 (gettimeofday implementation in php/win32/time.c can return
    1 million microsecs). (ped at 7gods dot org)
  . Fixed bug #52668 (Iterating over a dateperiod twice is broken). (Derick)
  . Fixed bug #52454 (Relative dates and getTimestamp increments by one day).
    (Derick)
  . Fixed bug #52430 (date_parse parse 24:xx:xx as valid time). (Derick)
  . Added support for the ( and ) delimiters/separators to
    DateTime::createFromFormat(). (Derick)

- DBA extension:
  . Added Berkeley DB 5.1 support to the DBA extension. (Oracle Corp.)

- DOM extension:
  . Fixed bug #52656 (DOMCdataSection does not work with splitText). (Ilia)

- Filter extension:
  . Fixed the filter extension accepting IPv4 octets with a leading 0 as that
    belongs to the unsupported "dotted octal" representation. (Gustavo)
  . Fixed bug #53236 (problems in the validation of IPv6 addresses with leading
    and trailing :: in the filter extension). (Gustavo)
  . Fixed bug #50117 (problems in the validation of IPv6 addresses with IPv4
    addresses and ::). (Gustavo)

- GD extension:
  . Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). (Pierre)

- GMP extension:
1441
  . Fixed bug #52906 (gmp_mod returns negative result when non-negative is
1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453
    expected). (Stas)
  . Fixed bug #52849 (GNU MP invalid version match). (Adam)

- Hash extension:
  . Fixed bug #51003 (unaligned memory access in ext/hash/hash_tiger.c).
    (Mike, Ilia)

- Iconv extension:
  . Fixed bug #52941 (The 'iconv_mime_decode_headers' function is skipping
    headers). (Adam)
  . Fixed bug #52599 (iconv output handler outputs incorrect content type
    when flags are used). (Ilia)
1454
  . Fixed bug #51250 (iconv_mime_decode() does not ignore malformed Q-encoded
1455 1456 1457
    words). (Ilia)

- Intl extension:
1458 1459
  . Fixed crashes on invalid parameters in intl extension. (CVE-2010-4409).
    (Stas, Maksymilian Arciemowicz)
1460 1461 1462 1463
  . Added support for formatting the timestamp stored in a DateTime object.
    (Stas)
  . Fixed bug #50590 (IntlDateFormatter::parse result is limited to the integer
    range). (Stas)
1464

1465 1466 1467 1468
- Mbstring extension:
  . Fixed bug #53273 (mb_strcut() returns garbage with the excessive length
    parameter). (CVE-2010-4156) (Mateusz Kocielski, Pierre, Moriyoshi)
  . Fixed bug #52981 (Unicode casing table was out-of-date. Updated with
1469 1470
    UnicodeData-6.0.0d7.txt and included the source of the generator program
    with the distribution) (Gustavo).
1471 1472
  . Fixed bug #52681 (mb_send_mail() appends an extra MIME-Version header).
    (Adam)
1473

1474 1475 1476 1477
- MSSQL extension:
  . Fixed possible crash in mssql_fetch_batch(). (Kalle)
  . Fixed bug #52843 (Segfault when optional parameters are not passed in to
    mssql_connect). (Felipe)
1478

1479
- MySQL extension:
1480
  . Fixed bug #52636 (php_mysql_fetch_hash writes long value into int).
1481
    (Kalle, rein at basefarm dot no)
1482

1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498
- MySQLi extension:
  . Fixed bug #52891 (Wrong data inserted with mysqli/mysqlnd when using
    mysqli_stmt_bind_param and value> PHP_INT_MAX). (Andrey)
  . Fixed bug #52686 (mysql_stmt_attr_[gs]et argument points to incorrect type).
    (rein at basefarm dot no)
  . Fixed bug #52654 (mysqli doesn't install headers with structures it uses).
    (Andrey)
  . Fixed bug #52433 (Call to undefined method mysqli::poll() - must be static).
    (Andrey)
  . Fixed bug #52417 (MySQLi build failure with mysqlnd on MacOS X). (Andrey)
  . Fixed bug #52413 (MySQLi/libmysql build failure on OS X, FreeBSD). (Andrey)
  . Fixed bug #52390 (mysqli_report() should be per-request setting). (Kalle)
  . Fixed bug #52302 (mysqli_fetch_all does not work with MYSQLI_USE_RESULT).
    (Andrey)
  . Fixed bug #52221 (Misbehaviour of magic_quotes_runtime (get/set)). (Andrey)
  . Fixed bug #45921 (Can't initialize character set hebrew). (Andrey)
1499

1500 1501
- MySQLnd:
  . Fixed bug #52613 (crash in mysqlnd after hitting memory limit). (Andrey)
1502

1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518
- ODBC extension:
  - Fixed bug #52512 (Broken error handling in odbc_execute).
    (mkoegler at auto dot tuwien dot ac dot at)

- Openssl extension:
  . Fixed possible blocking behavior in openssl_random_pseudo_bytes on Windows.
    (Pierre)
  . Fixed bug #53136 (Invalid read on openssl_csr_new()). (Felipe)
  . Fixed bug #52947 (segfault when ssl stream option capture_peer_cert_chain
    used). (Felipe)

- Oracle Database extension (OCI8):
  . Fixed bug #53284 (Valgrind warnings in oci_set_* functions) (Oracle Corp.)
  . Fixed bug #51610 (Using oci_connect causes PHP to take a long time to
    exit).  Requires Oracle 11.2.0.2 client libraries (or Oracle bug fix
    9891199) for this patch to have an effect. (Oracle Corp.)
1519

1520 1521 1522
- PCNTL extension:
  . Fixed bug #52784 (Race condition when handling many concurrent signals).
    (nick dot telford at gmail dot com, Arnaud)
1523

1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540
- PCRE extension:
  . Fixed bug #52971 (PCRE-Meta-Characters not working with utf-8). (Felipe)
  . Fixed bug #52732 (Docs say preg_match() returns FALSE on error, but it
    returns int(0)). (slugonamission at gmail dot com)

- PHAR extension:
  . Fixed bug #50987 (unaligned memory access in phar.c).
    (geissert at debian dot org, Ilia)

- PHP-FPM SAPI:
  . Fixed bug #53412 (segfault when using -y). (fat)
  . Fixed inconsistent backlog default value (-1) in FPM on many systems. (fat)
  . Fixed bug #52501 (libevent made FPM crashed when forking -- libevent has
    been removed). (fat)
  . Fixed bug #52725 (gcc builtin atomic functions were sometimes used when they
    were not available). (fat)
  . Fixed bug #52693 (configuration file errors are not logged to stderr). (fat)
1541 1542
  . Fixed bug #52674 (FPM Status page returns inconsistent Content-Type
    headers). (fat)
1543 1544 1545 1546
  . Fixed bug #52498 (libevent was not only linked to php-fpm). (fat)

- PDO:
  . Fixed bug #52699 (PDO bindValue writes long int 32bit enum).
1547
    (rein at basefarm dot no)
1548
  . Fixed bug #52487 (PDO::FETCH_INTO leaks memory). (Felipe)
1549

1550 1551 1552
- PDO DBLib driver:
  . Fixed bug #52546 (pdo_dblib segmentation fault when iterating MONEY values).
    (Felipe)
1553

1554 1555 1556 1557 1558 1559
- PDO Firebird driver:
  . Restored firebird support (VC9 builds only). (Pierre)
  . Fixed bug #53335 (pdo_firebird did not implement rowCount()).
    (preeves at ibphoenix dot com)
  . Fixed bug #53323 (pdo_firebird getAttribute() crash).
    (preeves at ibphoenix dot com)
1560

1561 1562 1563
- PDO MySQL driver:
  . Fixed bug #52745 (Binding params doesn't work when selecting a date inside a
    CASE-WHEN). (Andrey)
1564

1565 1566
- PostgreSQL extension:
  . Fixed bug #47199 (pg_delete() fails on NULL). (ewgraf at gmail dot com)
1567

1568 1569 1570 1571 1572 1573 1574 1575
- Reflection extension:
  . Fixed ReflectionProperty::isDefault() giving a wrong result for properties
    obtained with ReflectionClass::getProperties(). (Gustavo)
- Reflection extension:
  . Fixed bug #53366 (Reflection doesnt get dynamic property value from
    getProperty()). (Felipe)
  . Fixed bug #52854 (ReflectionClass::newInstanceArgs does not work for classes
    without constructors). (Johannes)
1576

1577 1578 1579
- SOAP extension:
  . Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy
    with SoapClient object). (Dmitry)
1580

1581 1582 1583 1584 1585 1586 1587
- SPL extension:
  . Fixed bug #53362 (Segmentation fault when extending SplFixedArray). (Felipe)
  . Fixed bug #53279 (SplFileObject doesn't initialise default CSV escape
    character). (Adam)
  . Fixed bug #53144 (Segfault in SplObjectStorage::removeAll()). (Felipe)
  . Fixed bug #53071 (SPLObjectStorage defeats gc_collect_cycles). (Gustavo)
  . Fixed bug #52573 (SplFileObject::fscanf Segmentation fault). (Felipe)
1588
  . Fixed bug #51763 (SplFileInfo::getType() does not work symbolic link
1589 1590 1591 1592 1593 1594 1595
    and directory). (Pierre)
  . Fixed bug #50481 (Storing many SPLFixedArray in an array crashes). (Felipe)
  . Fixed bug #50579 (RegexIterator::REPLACE doesn't work). (Felipe)

- SQLite3 extension:
  . Fixed bug #53463 (sqlite3 columnName() segfaults on bad column_number).
    (Felipe)
1596

1597 1598 1599
- Streams:
  . Fixed forward stream seeking emulation in streams that don't support seeking
    in situations where the read operation gives back less data than requested
1600 1601 1602
    and when there was data in the buffer before the emulation started. Also
    made more consistent its behavior -- should return failure every time less
    data than was requested was skipped. (Gustavo)
1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614
  . Fixed bug #53241 (stream casting that relies on fdopen/fopencookie fails
    with streams opened with, inter alia, the 'xb' mode). (Gustavo)
  . Fixed bug #53006 (stream_get_contents has an unpredictable behavior when the
    underlying stream does not support seeking). (Gustavo)
  . Fixed bug #52944 (Invalid write on second and subsequent reads with an
    inflate filter fed invalid data). (Gustavo)
  . Fixed bug #52820 (writes to fopencookie FILE* not commited when seeking the
    stream). (Gustavo)

- WDDX extension:
  . Fixed bug #52468 (wddx_deserialize corrupts integer field value when left
    empty). (Felipe)
1615

1616 1617 1618
- Zlib extension:
  . Fixed bug #52926 (zlib fopen wrapper does not use context). (Gustavo)

1619 1620 1621 1622
22 Jul 2010, PHP 5.3.3
- Upgraded bundled sqlite to version 3.6.23.1. (Ilia)
- Upgraded bundled PCRE to version 8.02. (Ilia)

1623
- Added support for JSON_NUMERIC_CHECK option in json_encode() that converts
1624 1625 1626
  numeric strings to integers. (Ilia)
- Added stream_set_read_buffer, allows to set the buffer for read operation.
  (Pierre)
1627
- Added stream filter support to mcrypt extension (ported from
1628 1629 1630 1631 1632 1633 1634 1635
  mcrypt_filter). (Stas)
- Added full_special_chars filter to ext/filter. (Rasmus)
- Added backlog socket context option for stream_socket_server(). (Mike)
- Added fifth parameter to openssl_encrypt()/openssl_decrypt()
  (string $iv) to use non-NULL IV.
  Made implicit use of NULL IV a warning. (Sara)
- Added openssl_cipher_iv_length(). (Sara)
- Added FastCGI Process Manager (FPM) SAPI. (Tony)
1636
- Added recent Windows versions to php_uname and fix undefined windows
1637 1638
  version support. (Pierre)
- Added Berkeley DB 5 support to the DBA extension. (Johannes, Chris Jones)
1639
- Added support for copy to/from array/file for pdo_pgsql extension.
1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658
  (Denis Gasparin, Ilia)
- Added inTransaction() method to PDO, with specialized support for Postgres.
  (Ilia, Denis Gasparin)

- Changed namespaced classes so that the ctor can only be named
  __construct now. (Stas)
- Reset error state in PDO::beginTransaction() reset error state. (Ilia)

- Implemented FR#51295 (SQLite3::busyTimeout not existing). (Mark)
- Implemented FR#35638 (Adding udate to imap_fetch_overview results).
  (Charles_Duffy at dell dot com )
- Rewrote var_export() to use smart_str rather than output buffering, prevents
  data disclosure if a fatal error occurs (CVE-2010-2531). (Scott)
- Fixed possible buffer overflows in mysqlnd_list_fields,  mysqlnd_change_user.
  (Andrey)
- Fixed possible buffer overflows when handling error packets in mysqlnd.
  Reported by Stefan Esser. (Andrey)
- Fixed very rare memory leak in mysqlnd, when binding thousands of columns.
  (Andrey)
1659
- Fixed a crash when calling an inexistent method of a class that inherits
1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677
  PDOStatement if instantiated directly instead of doing by the PDO methods.
  (Felipe)

- Fixed memory leak on error in mcrypt_create_iv on Windows. (Pierre)
- Fixed a possible crash because of recursive GC invocation. (Dmitry)
- Fixed a possible resource destruction issues in shm_put_var().
  Reported by Stefan Esser. (Dmitry)
- Fixed a possible information leak because of interruption of XOR operator.
  Reported by Stefan Esser. (Dmitry)
- Fixed a possible memory corruption because of unexpected call-time pass by
  refernce and following memory clobbering through callbacks.
  Reported by Stefan Esser. (Dmitry)
- Fixed a possible memory corruption in ArrayObject::uasort(). Reported by
  Stefan Esser. (Dmitry)
- Fixed a possible memory corruption in parse_str(). Reported by Stefan Esser.
  (Dmitry)
- Fixed a possible memory corruption in pack(). Reported by Stefan Esser.
  (Dmitry)
1678
- Fixed a possible memory corruption in substr_replace(). Reported by Stefan
1679
  Esser. (Dmitry)
1680
- Fixed a possible memory corruption in addcslashes(). Reported by Stefan
1681
  Esser. (Dmitry)
1682
- Fixed a possible stack exhaustion inside fnmatch(). Reported by Stefan
1683 1684 1685
  Esser. (Ilia)
- Fixed a possible dechunking filter buffer overflow. Reported by Stefan Esser.
  (Pierre)
1686
- Fixed a possible arbitrary memory access inside sqlite extension. Reported
1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708
  by Mateusz Kocielski. (Ilia)
- Fixed string format validation inside phar extension. Reported by Stefan
  Esser. (Ilia)
- Fixed handling of session variable serialization on certain prefix
  characters. Reported by Stefan Esser. (Ilia)
- Fixed a NULL pointer dereference when processing invalid XML-RPC
  requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
- Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas)
- Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas)
- Fixed the mail.log ini setting when no filename was given. (Johannes)

- Fixed bug #52317 (Segmentation fault when using mail() on a rhel 4.x (only 64
  bit)). (Adam)
- Fixed bug #52262 (json_decode() shows no errors on invalid UTF-8).
  (Scott)
- Fixed bug #52240 (hash_copy() does not copy the HMAC key, causes wrong
  results and PHP crashes). (Felipe)
- Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
  (Johannes)
- Fixed bug #52193 (converting closure to array yields empty array). (Felipe)
- Fixed bug #52183 (Reflectionfunction reports invalid number of arguments for
  function aliases). (Felipe)
1709
- Fixed bug #52162 (custom request header variables with numbers are removed).
1710 1711 1712 1713 1714 1715 1716 1717 1718 1719 1720
  (Sriram Natarajan)
- Fixed bug #52160 (Invalid E_STRICT redefined constructor error). (Felipe)
- Fixed bug #52138 (Constants are parsed into the ini file for section names).
  (Felipe)
- Fixed bug #52115 (mysqli_result::fetch_all returns null, not an empty array).
  (Andrey)
- Fixed bug #52101 (dns_get_record() garbage in 'ipv6' field on Windows).
  (Pierre)
- Fixed bug #52082 (character_set_client & character_set_connection reset after
  mysqli_change_user()). (Andrey)
- Fixed bug #52043 (GD doesn't recognize latest libJPEG versions).
1721
  (php at group dot apple dot com, Pierre)
1722 1723 1724 1725 1726
- Fixed bug #52041 (Memory leak when writing on uninitialized variable returned
  from function). (Dmitry)
- Fixed bug #52060 (Memory leak when passing a closure to method_exists()).
  (Felipe)
- Fixed bug #52057 (ReflectionClass fails on Closure class). (Felipe)
1727
- Fixed bug #52051 (handling of case sensitivity of old-style constructors
1728
  changed in 5.3+). (Felipe)
1729
- Fixed bug #52037 (Concurrent builds fail in install-programs). (seanius at
1730 1731 1732 1733 1734 1735 1736
  debian dot org, Kalle)
- Fixed bug #52019 (make lcov doesn't support TESTS variable anymore). (Patrick)
- Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command).
  (Ilia)
- Fixed bug #52001 (Memory allocation problems after using variable variables).
  (Dmitry)
- Fixed bug #51991 (spl_autoload and *nix support with namespace). (Felipe)
1737
- Fixed bug #51943 (AIX: Several files are out of ANSI spec). (Kalle,
1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801
  coreystup at gmail dot com)
- Fixed bug #51911 (ReflectionParameter::getDefaultValue() memory leaks with
  constant array). (Felipe)
- Fixed bug #51905 (ReflectionParameter fails if default value is an array
  with an access to self::). (Felipe)
- Fixed bug #51899 (Parse error in parse_ini_file() function when empy value
  followed by no newline). (Felipe)
- Fixed bug #51844 (checkdnsrr does not support types other than MX). (Pierre)
- Fixed bug #51827 (Bad warning when register_shutdown_function called with
  wrong num of parameters). (Felipe)
- Fixed bug #51822 (Segfault with strange __destruct() for static class
  variables). (Dmitry)
- Fixed bug #51791 (constant() aborts execution when fail to check undefined
  constant). (Felipe)
- Fixed bug #51732 (Fileinfo __construct or open does not work with NULL).
  (Pierre)
- Fixed bug #51725 (xmlrpc_get_type() returns true on invalid dates). (Mike)
- Fixed bug #51723 (Content-length header is limited to 32bit integer with
  Apache2 on Windows). (Pierre)
- Fixed bug #51721 (mark DOMNodeList and DOMNamedNodeMap as Traversable).
  (David Zuelke)
- Fixed bug #51712 (Test mysql_mysqlnd_read_timeout_long must fail on MySQL4).
  (Andrey)
- Fixed bug #51697 (Unsafe operations in free_storage of SPL iterators,
  causes crash during shutdown). (Etienne)
- Fixed bug #51690 (Phar::setStub looks for case-sensitive
  __HALT_COMPILER()). (Ilia)
- Fixed bug #51688 (ini per dir crashes when invalid document root  are given).
  (Pierre)
- Fixed bug #51671 (imagefill does not work correctly for small images).
  (Pierre)
- Fixed bug #51670 (getColumnMeta causes segfault when re-executing query
  after calling nextRowset). (Pierrick)
- Fixed bug #51647 Certificate file without private key (pk in another file)
  doesn't work. (Andrey)
- Fixed bug #51629 (CURLOPT_FOLLOWLOCATION error message is misleading).
  (Pierre)
- Fixed bug #51627 (script path not correctly evaluated).
  (russell dot tempero at rightnow dot com)
- Fixed bug #51624 (Crash when calling mysqli_options()). (Felipe)
- Fixed bug #51615 (PHP crash with wrong HTML in SimpleXML). (Felipe)
- Fixed bug #51609 (pg_copy_to: Invalid results when using fourth parameter).
  (Felipe)
- Fixed bug #51608 (pg_copy_to: WARNING: nonstandard use of \\ in a string
  literal). (cbandy at jbandy dot com)
- Fixed bug #51607 (pg_copy_from does not allow schema in the tablename
  argument). (cbandy at jbandy dot com)
- Fixed bug #51605 (Mysqli - zombie links). (Andrey)
- Fixed bug #51604 (newline in end of header is shown in start of message).
  (Daniel Egeberg)
- Fixed bug #51590 (JSON_ERROR_UTF8 is undefined). (Felipe)
- Fixed bug #51583 (Bus error due to wrong alignment in mysqlnd). (Rainer Jung)
- Fixed bug #51582 (Don't assume UINT64_C it's ever available).
  (reidrac at usebox dot net, Pierre)
- Fixed bug #51577 (Uninitialized memory reference with oci_bind_array_by_name)
  (Oracle Corp.)
- Fixed bug #51562 (query timeout in mssql can not be changed per query).
  (ejsmont dot artur at gmail dot com)
- Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory
  issues). (Dmitry)
- Fixed bug #51445 (var_dump() invalid/slow *RECURSION* detection). (Felipe)
- Fixed bug #51435 (Missing ifdefs / logic bug in crypt code cause compile
  errors). (Felipe)
- Fixed bug #51424 (crypt() function hangs after 3rd call). (Pierre, Sriram)
1802
- Fixed bug #51394 (Error line reported incorrectly if error handler throws an
1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820
  exception). (Stas)
- Fixed bug #51393 (DateTime::createFromFormat() fails if format string contains
  timezone). (Adam)
- Fixed bug #51347 (mysqli_close / connection memory leak). (Andrey, Johannes)
- Fixed bug #51338 (URL-Rewriter is still enabled if use_only_cookies is
  on). (Ilia, j dot jeising at gmail dot com)
- Fixed bug #51291 (oci_error doesn't report last error when called two times)
  (Oracle Corp.)
- Fixed bug #51276 (php_load_extension() is missing when HAVE_LIBDL is
  undefined). (Tony)
- Fixed bug #51273 (Faultstring property does not exist when the faultstring is
  empty) (Ilia, dennis at transip dot nl)
- Fixed bug #51269 (zlib.output_compression Overwrites Vary Header). (Adam)
- Fixed bug #51257 (CURL_VERSION_LARGEFILE incorrectly used after libcurl
  version 7.10.1). (aron dot ujvari at microsec dot hu)
- Fixed bug #51242 (Empty mysql.default_port does not default to 3306 anymore,
  but 0). (Adam)
- Fixed bug #51237 (milter SAPI crash on startup). (igmar at palsenberg dot com)
1821
- Fixed bug #51213 (pdo_mssql is trimming value of the money column). (Ilia,
1822
  alexr at oplot dot com)
1823
- Fixed bug #51190 (ftp_put() returns false when transfer was successful).
1824 1825 1826 1827 1828
  (Ilia)
- Fixed bug #51183 (ext/date/php_date.c fails to compile with Sun Studio).
  (Sriram Natarajan)
- Fixed bug #51176 (Static calling in non-static method behaves like $this->).
  (Felipe)
1829
- Fixed bug #51171 (curl_setopt() doesn't output any errors or warnings when
1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848
  an invalid option is provided). (Ilia)
- Fixed bug #51128 (imagefill() doesn't work with large images). (Pierre)
- Fixed bug #51096 ('last day' and 'first day' are handled incorrectly when
  parsing date strings). (Derick)
- Fixed bug #51086 (DBA DB4 doesn't work with Berkeley DB 4.8). (Chris Jones)
- Fixed bug #51062 (DBA DB4 uses mismatched headers and libraries). (Chris
  Jones)
- Fixed bug #51026 (mysqli_ssl_set not working). (Andrey)
- Fixed bug #51023 (filter doesn't detect int overflows with GCC 4.4).
  (Raphael Geissert)
- Fixed bug #50999 (unaligned memory access in dba_fetch()). (Felipe)
- Fixed bug #50976 (Soap headers Authorization not allowed).
  (Brain France, Dmitry)
- Fixed bug #50828 (DOMNotation is not subclass of DOMNode). (Rob)
- Fixed bug #50810 (property_exists does not work for private). (Felipe)
- Fixed bug #50762 (in WSDL mode Soap Header handler function only being called
  if defined in WSDL). (mephius at gmail dot com)
- Fixed bug #50731 (Inconsistent namespaces sent to functions registered with
  spl_autoload_register). (Felipe)
1849
- Fixed bug #50563 (removing E_WARNING from parse_url). (ralph at smashlabs dot
1850 1851 1852 1853 1854 1855 1856 1857 1858 1859
  com, Pierre)
- Fixed bug #50578 (incorrect shebang in phar.phar). (Fedora at FamilleCollet
  dot com)
- Fixed bug #50392 (date_create_from_format enforces 6 digits for 'u' format
  character). (Derick)
- Fixed bug #50383 (Exceptions thrown in __call / __callStatic do not include
  file and line in trace). (Felipe)
- Fixed bug #50358 (Compile failure compiling ext/phar/util.lo). (Felipe)
- Fixed bug #50101 (name clash between global and local variable).
  (patch by yoarvi at gmail dot com)
1860 1861
- Fixed bug #50055 (DateTime::sub() allows 'relative' time modifications).
  (Derick)
1862 1863 1864 1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897
- Fixed bug #51002 (fix possible memory corruption with very long names).
  (Pierre)
- Fixed bug #49893 (Crash while creating an instance of Zend_Mail_Storage_Pop3).
  (Dmitry)
- Fixed bug #49819 (STDOUT losing data with posix_isatty()). (Mike)
- Fixed bug #49778 (DateInterval::format("%a") is always zero when an interval
  is created from an ISO string). (Derick)
- Fixed bug #49700 (memory leaks in php_date.c if garbage collector is
  enabled). (Dmitry)
- Fixed bug #49576 (FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus)
- Fixed bug #49490 (XPath namespace prefix conflict). (Rob)
- Fixed bug #49429 (odbc_autocommit doesn't work). (Felipe)
- Fixed bug #49320 (PDO returns null when SQLite connection fails). (Felipe)
- Fixed bug #49234 (mysqli_ssl_set not found). (Andrey)
- Fixed bug #49216 (Reflection doesn't seem to work properly on MySqli).
  (Andrey)
- Fixed bug #49192 (PHP crashes when GC invoked on COM object). (Stas)
- Fixed bug #49081 (DateTime::diff() mistake if start in January and interval >
  28 days). (Derick)
- Fixed bug #49059 (DateTime::diff() repeats previous sub() operation).
  (yoarvi@gmail.com, Derick)
- Fixed bug #48983 (DomDocument : saveHTMLFile wrong charset). (Rob)
- Fixed bug #48930 (__COMPILER_HALT_OFFSET__ incorrect in PHP >= 5.3). (Felipe)
- Fixed bug #48902 (Timezone database fallback map is outdated). (Derick)
- Fixed bug #48781 (Cyclical garbage collector memory leak). (Dmitry)
- Fixed bug #48601 (xpath() returns FALSE for legitimate query). (Rob)
- Fixed bug #48361 (SplFileInfo::getPathInfo should return the
  parent dir). (Etienne)
- Fixed bug #48289 (iconv_mime_encode() quoted-printable scheme is broken).
  (Adam, patch from hiroaki dot kawai at gmail dot com).
- Fixed bug #47842 (sscanf() does not support 64-bit values). (Mike)
- Fixed bug #46111 (Some timezone identifiers can not be parsed). (Derick)
- Fixed bug #45808 (stream_socket_enable_crypto() blocks and eats CPU).
  (vincent at optilian dot com)
- Fixed bug #43233 (sasl support for ldap on Windows). (Pierre)
- Fixed bug #35673 (formatOutput does not work with saveHTML). (Rob)
1898
- Fixed bug #33210 (getimagesize() fails to detect width/height on certain
1899 1900
  JPEGs). (Ilia)

1901 1902 1903 1904 1905 1906 1907 1908 1909 1910 1911 1912 1913 1914 1915 1916 1917 1918 1919 1920
04 Mar 2010, PHP 5.3.2

- Upgraded bundled sqlite to version 3.6.22. (Ilia)
- Upgraded bundled libmagic to version 5.03. (Mikko)
- Upgraded bundled PCRE to version 8.00. (Scott)
- Updated timezone database to version 2010.3. (Derick)

- Improved LCG entropy. (Rasmus, Samy Kamkar)
- Improved crypt support for edge cases (UFC compatibility). (Solar Designer,
  Joey, Pierre)

- Reverted fix for bug #49521 (PDO fetchObject sets values before calling
  constructor). (Pierrick, Johannes)

- Changed gmp_strval() to use full range from 2 to 62, and -2 to -36. FR #50283
  (David Soria Parra)
- Changed "post_max_size" php.ini directive to allow unlimited post size by
  setting it to 0. (Rasmus)
- Changed tidyNode class to disallow manual node creation. (Pierrick)

1921
- Removed automatic file descriptor unlocking happening on shutdown and/or
1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977 1978
  stream close (on all OSes). (Tony, Ilia)

- Added libpng 1.4.0 support. (Pierre)
- Added support for DISABLE_AUTHENTICATOR for imap_open. (Pierre)
- Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL.
  (Ilia)
- Added stream_resolve_include_path(). (Mikko)
- Added INTERNALDATE support to imap_append. (nick at mailtrust dot com)
- Added support for SHA-256 and SHA-512 to php's crypt. (Pierre)
- Added realpath_cache_size() and realpath_cache_get() functions. (Stas)
- Added FILTER_FLAG_STRIP_BACKTICK option to the filter extension. (Ilia)
- Added protection for $_SESSION from interrupt corruption and improved
  "session.save_path" check. (Stas)
- Added LIBXML_PARSEHUGE constant to override the maximum text size of a
  single text node when using libxml2.7.3+. (Kalle)
- Added ReflectionMethod::setAccessible() for invoking non-public methods
  through the Reflection API. (Sebastian)
- Added Collator::getSortKey for intl extension. (Stas)
- Added support for CURLOPT_POSTREDIR. FR #49571. (Sriram Natarajan)
- Added support for CURLOPT_CERTINFO. FR #49253.
  (Linus Nielsen Feltzing <linus@haxx.se>)
- Added client-side server name indication support in openssl. (Arnaud)

- Improved fix for bug #50006 (Segfault caused by uksort()). (Stas)

- Fixed mysqlnd hang when queries exactly 16777214 bytes long are sent. (Andrey)
- Fixed incorrect decoding of 5-byte BIT sequences in mysqlnd. (Andrey)
- Fixed error_log() to be binary safe when using message_type 3. (Jani)
- Fixed unnecessary invocation of setitimer when timeouts have been disabled.
  (Arvind Srinivasan)
- Fixed memory leak in extension loading when an error occurs on Windows.
  (Pierre)
- Fixed safe_mode validation inside tempnam() when the directory path does
  not end with a /). (Martin Jansen)
- Fixed a possible open_basedir/safe_mode bypass in session extension
  identified by Grzegorz Stachowiak. (Ilia)
- Fixed possible crash when a error/warning is raised during php startup.
  (Pierre)
- Fixed possible bad behavior of rename on windows when used with symbolic
  links or invalid paths. (Pierre)
- Fixed error output to stderr on Windows. (Pierre)
- Fixed memory leaks in is_writable/readable/etc on Windows. (Pierre)
- Fixed memory leaks in the ACL function on Windows. (Pierre)
- Fixed memory leak in the realpath cache on Windows. (Pierre)
- Fixed memory leak in zip_close. (Pierre)
- Fixed crypt's blowfish sanity check of the "setting" string, to reject
  iteration counts encoded as 36 through 39. (Solar Designer, Joey, Pierre)

- Fixed bug #51059 (crypt crashes when invalid salt are given). (Pierre)
- Fixed bug #50952 (allow underscore _ in constants parsed in php.ini files).
  (Jani)
- Fixed bug #50940 (Custom content-length set incorrectly in Apache SAPIs).
  (Brian France, Rasmus)
- Fixed bug #50930 (Wrong date by php_date.c patch with ancient gcc/glibc
  versions). (Derick)
- Fixed bug #50907 (X-PHP-Originating-Script adding two new lines in *NIX).
  (Ilia)
1979
- Fixed bug #50859 (build fails with openssl 1.0 due to md2 deprecation).
1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013
  (Ilia, hanno at hboeck dot de)
- Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes
  long). (Ilia)
- Fixed bug #50829 (php.ini directive pdo_mysql.default_socket is ignored).
  (Ilia)
- Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP
  authentication). (Jani)
- Fixed bug #50787 (stream_set_write_buffer() has no effect on socket streams).
  (vnegrier at optilian dot com, Ilia)
- Fixed bug #50761 (system.multiCall crashes in xmlrpc extension).
  (hiroaki dot kawai at gmail dot com, Ilia)
- Fixed bug #50756 (CURLOPT_FTP_SKIP_PASV_IP does not exist). (Sriram)
- Fixed bug #50732 (exec() adds single byte twice to $output array). (Ilia)
- Fixed bug #50728 (All PDOExceptions hardcode 'code' property to 0).
  (Joey, Ilia)
- Fixed bug #50723 (Bug in garbage collector causes crash). (Dmitry)
- Fixed bug #50690 (putenv does not set ENV when the value is only one char).
  (Pierre)
- Fixed bug #50680 (strtotime() does not support eighth ordinal number). (Ilia)
- Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16). (Rob)
- Fixed bug #50657 (copy() with an empty (zero-byte) HTTP source succeeds but
  returns false). (Ilia)
- Fixed bug #50636 (MySQLi_Result sets values before calling constructor).
  (Pierrick)
- Fixed bug #50632 (filter_input() does not return default value if the
  variable does not exist). (Ilia)
- Fixed bug #50576 (XML_OPTION_SKIP_TAGSTART option has no effect). (Pierrick)
- Fixed bug #50558 (Broken object model when extending tidy). (Pierrick)
- Fixed bug #50540 (Crash while running ldap_next_reference test cases).
  (Sriram)
- Fixed bug #50519 (segfault in garbage collection when using set_error_handler
  and DomDocument). (Dmitry)
- Fixed bug #50508 (compile failure: Conflicting HEADER type declarations).
  (Jani)
2014
- Fixed bug #50496 (Use of <stdbool.h> is valid only in a c99 compilation
2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035
  environment. (Sriram)
- Fixed bug #50464 (declare encoding doesn't work within an included file).
  (Felipe)
- Fixed bug #50458 (PDO::FETCH_FUNC fails with Closures). (Felipe, Pierrick)
- Fixed bug #50445 (PDO-ODBC stored procedure call from Solaris 64-bit causes
  seg fault). (davbrown4 at yahoo dot com, Felipe)
- Fixed bug #50416 (PROCEDURE db.myproc can't return a result set in the given
  context). (Andrey)
- Fixed bug #50394 (Reference argument converted to value in __call). (Stas)
- Fixed bug #50351 (performance regression handling objects, ten times slower
  in 5.3 than in 5.2). (Dmitry)
- Fixed bug #50392 (date_create_from_format() enforces 6 digits for 'u'
  format character). (Ilia)
- Fixed bug #50345 (nanosleep not detected properly on some solaris versions).
  (Jani)
- Fixed bug #50340 (php.ini parser does not allow spaces in ini keys). (Jani)
- Fixed bug #50334 (crypt ignores sha512 prefix). (Pierre)
- Fixed bug #50323 (Allow use of ; in values via ;; in PDO DSN).
  (Ilia, Pierrick)
- Fixed bug #50285 (xmlrpc does not preserve keys in encoded indexed arrays).
  (Felipe)
2036
- Fixed bug #50282 (xmlrpc_encode_request() changes object into array in
2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055
  calling function). (Felipe)
- Fixed bug #50267 (get_browser(null) does not use HTTP_USER_AGENT). (Jani)
- Fixed bug #50266 (conflicting types for llabs). (Jani)
- Fixed bug #50261 (Crash When Calling Parent Constructor with
  call_user_func()). (Dmitry)
- Fixed bug #50255 (isset() and empty() silently casts array to object).
  (Felipe)
- Fixed bug #50240 (pdo_mysql.default_socket in php.ini shouldn't used
  if it is empty). (foutrelis at gmail dot com, Ilia)
- Fixed bug #50231 (Socket path passed using --with-mysql-sock is ignored when
  mysqlnd is enabled). (Jani)
- Fixed bug #50219 (soap call Segmentation fault on a redirected url).
  (Pierrick)
- Fixed bug #50212 (crash by ldap_get_option() with LDAP_OPT_NETWORK_TIMEOUT).
  (Ilia, shigeru_kitazaki at cybozu dot co dot jp)
- Fixed bug #50209 (Compiling with libedit cannot find readline.h).
  (tcallawa at redhat dot com)
- Fixed bug #50207 (segmentation fault when concatenating very large strings on
  64bit linux). (Ilia)
2056
- Fixed bug #50196 (stream_copy_to_stream() produces warning when source is
2057 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083
  not file). (Stas)
- Fixed bug #50195 (pg_copy_to() fails when table name contains schema. (Ilia)
- Fixed bug #50185 (ldap_get_entries() return false instead of an empty array
  when there is no error). (Jani)
- Fixed bug #50174 (Incorrectly matched docComment). (Felipe)
- Fixed bug #50168 (FastCGI fails with wrong error on HEAD request to
  non-existant file). (Dmitry)
- Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle
  database). (Felipe)
- Fixed bug #50159 (wrong working directory in symlinked files). (Dmitry)
- Fixed bug #50158 (FILTER_VALIDATE_EMAIL fails with valid addresses
  containing = or ?). (Pierrick)
- Fixed bug #50152 (ReflectionClass::hasProperty behaves like isset() not
  property_exists). (Felipe)
- Fixed bug #50146 (property_exists: Closure object cannot have properties).
  (Felipe)
- Fixed bug #50145 (crash while running bug35634.phpt). (Felipe)
- Fixed bug #50140 (With default compilation option, php symbols are unresolved
  for nsapi). (Uwe Schindler)
- Fixed bug #50087 (NSAPI performance improvements). (Uwe Schindler)
- Fixed bug #50073 (parse_url() incorrect when ? in fragment). (Ilia)
- Fixed bug #50023 (pdo_mysql doesn't use PHP_MYSQL_UNIX_SOCK_ADDR). (Ilia)
- Fixed bug #50005 (Throwing through Reflection modified Exception object
  makes segmentation fault). (Felipe)
- Fixed bug #49990 (SNMP3 warning message about security level printed twice).
  (Jani)
- Fixed bug #49985 (pdo_pgsql prepare() re-use previous aborted
2084
  transaction). (ben dot pineau at gmail dot com, Ilia, Matteo)
2085 2086 2087 2088 2089 2090 2091
- Fixed bug #49938 (Phar::isBuffering() returns inverted value). (Greg)
- Fixed bug #49936 (crash with ftp stream in php_stream_context_get_option()).
  (Pierrick)
- Fixed bug #49921 (Curl post upload functions changed). (Ilia)
- Fixed bug #49866 (Making reference on string offsets crashes PHP). (Dmitry)
- Fixed bug #49855 (import_request_variables() always returns NULL). (Ilia,
  sjoerd at php dot net)
2092
- Fixed bug #49851, #50451 (http wrapper breaks on 1024 char long headers).
2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137
  (Ilia)
- Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning).
  (Ilia, wmeler at wp-sa dot pl)
- Fixed bug #49719 (ReflectionClass::hasProperty returns true for a private
  property in base class). (Felipe)
- Fixed bug #49677 (ini parser crashes with apache2 and using ${something}
  ini variables). (Jani)
- Fixed bug #49660 (libxml 2.7.3+ limits text nodes to 10MB). (Felipe)
- Fixed bug #49647 (DOMUserData does not exist). (Rob)
- Fixed bug #49600 (imageTTFText text shifted right). (Takeshi Abe)
- Fixed bug #49585 (date_format buffer not long enough for >4 digit years).
  (Derick, Adam)
- Fixed bug #49560 (oci8: using LOBs causes slow PHP shutdown). (Oracle Corp.)
- Fixed bug #49521 (PDO fetchObject sets values before calling constructor).
  (Pierrick)
- Fixed bug #49472 (Constants defined in Interfaces can be overridden).
  (Felipe)
- Fixed bug #49463 (setAttributeNS fails setting default namespace). (Rob)
- Fixed bug #49244 (Floating point NaN cause garbage characters). (Sjoerd)
- Fixed bug #49224 (Compile error due to old DNS functions on AIX systems).
  (Scott)
- Fixed bug #49174 (crash when extending PDOStatement and trying to set
  queryString property). (Felipe)
- Fixed bug #48811 (Directives in PATH section do not get applied to
  subdirectories). (Patch by: ct at swin dot edu dot au)
- Fixed bug #48590 (SoapClient does not honor max_redirects). (Sriram)
- Fixed bug #48190 (Content-type parameter "boundary" is not case-insensitive
  in HTTP uploads). (Ilia)
- Fixed bug #47848 (importNode doesn't preserve attribute namespaces). (Rob)
- Fixed bug #47409 (extract() problem with array containing word "this").
  (Ilia, chrisstocktonaz at gmail dot com)
- Fixed bug #47281 ($php_errormsg is limited in size of characters)
  (Oracle Corp.)
- Fixed bug #46478 (htmlentities() uses obsolete mapping table for character
  entity references). (Moriyoshi)
- Fixed bug #45599 (strip_tags() truncates rest of string with invalid
  attribute). (Ilia, hradtke)
- Fixed bug #45120 (PDOStatement->execute() returns true then false for same
  statement). (Pierrick)
- Fixed bug #44827 (define() allows :: in constant names). (Ilia)
- Fixed bug #44098 (imap_utf8() returns only capital letters).
  (steffen at dislabs dot de, Pierre)
- Fixed bug #34852 (Failure in odbc_exec() using oracle-supplied odbc
  driver). (tim dot tassonis at trivadis dot com)

2138
19 Nov 2009, PHP 5.3.1
2139 2140 2141
- Upgraded bundled sqlite to version 3.6.19. (Scott)
- Updated timezone database to version 2009.17 (2009q). (Derick)

2142
- Changed ini file directives [PATH=](on Win32) and [HOST=](on all) to be case
2143 2144 2145 2146
  insensitive. (garretts)

- Restored shebang line check to CGI sapi (not checked by scanner anymore).
  (Jani)
2147 2148 2149 2150 2151 2152 2153 2154 2155 2156

- Added "max_file_uploads" INI directive, which can be set to limit the
  number of file uploads per-request to 20 by default, to prevent possible
  DOS via temporary file exhaustion. (Ilia)
- Added missing sanity checks around exif processing. (Ilia)
- Added error constant when json_encode() detects an invalid UTF-8 sequence.
  (Scott)
- Added support for ACL on Windows for thread safe SAPI (Apache2 for example)
  and fix its support on NTS. (Pierre)

2157
- Improved symbolic, mounted volume and junctions support for realpath on
2158 2159 2160 2161 2162 2163 2164 2165 2166
  Windows. (Pierre)
- Improved readlink on Windows, suppress \??\ and use the drive syntax only.
  (Pierre)
- Improved dns_get_record() AAAA support on windows. Always available when
  IPv6 is support is installed, format is now the same than on unix. (Pierre)
- Improved the DNS functions on OSX to use newer APIs, also use Bind 9 API
  where available on other platforms. (Scott)
- Improved shared extension loading on OSX to use the standard Unix dlopen()
  API. (Scott)
2167 2168

- Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
2169
- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak.
2170
  (Rasmus)
2171
- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192
  Stachowiak.  (Rasmus)
- Fixed certificate validation inside php_openssl_apply_verification_policy
  (Ryan Sleevi, Ilia)
- Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery()
  when calling using Reflection. (Felipe)
- Fixed crash when instantiating PDORow and PDOStatement through Reflection.
  (Felipe)
- Fixed sanity check for the color index in imagecolortransparent. (Pierre)
- Fixed scandir/readdir when used mounted points on Windows. (Pierre)
- Fixed zlib.deflate compress filter to actually accept level parameter. (Jani)
- Fixed leak on error in popen/exec (and related functions) on Windows.
  (Pierre)
- Fixed possible bad caching of symlinked directories in the realpath cache
  on Windows. (Pierre)
- Fixed atime and mtime in stat related functions on Windows. (Pierre)
- Fixed spl_autoload_unregister/spl_autoload_functions wrt. Closures and
  Functors. (Christian Seiler)
- Fixed open_basedir circumvention for "mail.log" ini directive.
  (Maksymilian Arciemowicz, Stas)
- Fixed signature generation/validation for zip archives in ext/phar. (Greg)
- Fixed memory leak in stream_is_local(). (Felipe, Tony)
2193
- Fixed BC break in mime_content_type(), removes the content encoding. (Scott)
2194

2195 2196
- Fixed PECL bug #16842 (oci_error return false when NO_DATA_FOUND is raised).
  (Chris Jones)
2197 2198 2199 2200 2201

- Fixed bug #50063 (safe_mode_include_dir fails). (Johannes, christian at
  elmerot dot se)
- Fixed bug #50052 (Different Hashes on Windows and Linux on wrong Salt size).
  (Pierre)
2202
- Fixed bug #49986 (Missing ICU DLLs on windows package). (Pierre)
2203 2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218 2219 2220 2221 2222 2223 2224 2225
- Fixed bug #49910 (no support for ././@LongLink for long filenames in phar
  tar support). (Greg)
- Fixed bug #49908 (throwing exception in __autoload crashes when interface
  is not defined). (Felipe)
- Fixed bug #49847 (exec() fails to return data inside 2nd parameter, given
  output lines >4095 bytes). (Ilia)
- Fixed bug #49809 (time_sleep_until() is not available on OpenSolaris). (Jani)
- Fixed bug #49757 (long2ip() can return wrong value in a multi-threaded
  applications). (Ilia, Florian Anderiasch)
- Fixed bug #49738 (calling mcrypt after mcrypt_generic_deinit crashes).
  (Sriram Natarajan)
- Fixed bug #49732 (crashes when using fileinfo when timestamp conversion
  fails). (Pierre)
- Fixed bug #49698 (Unexpected change in strnatcasecmp()). (Rasmus)
- Fixed bug #49630 (imap_listscan function missing). (Felipe)
- Fixed bug #49572 (use of C++ style comments causes build failure).
  (Sriram Natarajan)
- Fixed bug #49531 (CURLOPT_INFILESIZE sometimes causes warning "CURLPROTO_FILE
  cannot be set"). (Felipe)
- Fixed bug #49517 (cURL's CURLOPT_FILE prevents file from being deleted after
  fclose). (Ilia)
- Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters).
  (Ilia)
2226
- Fixed bug #49447 (php engine need to correctly check for socket API
2227 2228
  return status on windows). (Sriram Natarajan)
- Fixed bug #49391 (ldap.c utilizing deprecated ldap_modify_s). (Ilia)
2229
- Fixed bug #49372 (segfault in php_curl_option_curl). (Pierre)
2230 2231 2232 2233 2234 2235 2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248 2249 2250 2251 2252 2253 2254 2255 2256 2257 2258 2259 2260
- Fixed bug #49361 (wordwrap() wraps incorrectly on end of line boundaries).
  (Ilia, code-it at mail dot ru)
- Fixed bug #49306 (inside pdo_mysql default socket settings are ignored).
  (Ilia)
- Fixed bug #49289 (bcmath module doesn't compile with phpize configure).
  (Jani)
- Fixed bug #49286 (php://input (php_stream_input_read) is broken). (Jani)
- Fixed bug #49269 (Ternary operator fails on Iterator object when used inside
  foreach declaration). (Etienne, Dmitry)
- Fixed bug #49236 (Missing PHP_SUBST(PDO_MYSQL_SHARED_LIBADD)). (Jani)
- Fixed bug #49223 (Inconsistency using get_defined_constants). (Garrett)
- Fixed bug #49193 (gdJpegGetVersionString() inside gd_compact identifies
  wrong type in declaration). (Ilia)
- Fixed bug #49183 (dns_get_record does not return NAPTR records). (Pierre)
- Fixed bug #49144 (Import of schema from different host transmits original
  authentication details). (Dmitry)
- Fixed bug #49142 (crash when exception thrown from __tostring()).
  (David Soria Parra)
- Fixed bug #49132 (posix_times returns false without error).
  (phpbugs at gunnu dot us)
- Fixed bug #49125 (Error in dba_exists C code). (jdornan at stanford dot edu)
- Fixed bug #49122 (undefined reference to mysqlnd_stmt_next_result on compile
  with --with-mysqli and MySQL 6.0). (Jani)
- Fixed bug #49108 (2nd scan_dir produces segfault). (Felipe)
- Fixed bug #49098 (mysqli segfault on error). (Rasmus)
- Fixed bug #49095 (proc_get_status['exitcode'] fails on win32). (Felipe)
- Fixed bug #49092 (ReflectionFunction fails to work with functions in fully
  qualified namespaces). (Kalle, Jani)
- Fixed bug #49074 (private class static fields can be modified by using
  reflection). (Jani)
- Fixed bug #49072 (feof never returns true for damaged file in zip). (Pierre)
2261
- Fixed bug #49065 ("disable_functions" php.ini option does not work on
2262 2263 2264 2265 2266 2267 2268 2269 2270 2271 2272 2273 2274 2275 2276 2277 2278 2279 2280 2281
  Zend extensions). (Stas)
- Fixed bug #49064 (--enable-session=shared does not work: undefined symbol:
  php_url_scanner_reset_vars). (Jani)
- Fixed bug #49056 (parse_ini_file() regression in 5.3.0 when using non-ASCII
  strings as option keys). (Jani)
- Fixed bug #49052 (context option headers freed too early when using
  --with-curlwrappers). (Jani)
- Fixed bug #49047 (The function touch() fails on directories on Windows).
  (Pierre)
- Fixed bug #49032 (SplFileObject::fscanf() variables passed by reference).
  (Jani)
- Fixed bug #49027 (mysqli_options() doesn't work when using mysqlnd). (Andrey)
- Fixed bug #49026 (proc_open() can bypass safe_mode_protected_env_vars
  restrictions). (Ilia)
- Fixed bug #49020 (phar misinterprets ustar long filename standard).
  (Greg)
- Fixed bug #49018 (phar tar stores long filenames wit prefix/name reversed).
  (Greg)
- Fixed bug #49014 (dechunked filter broken when serving more than 8192 bytes
  in a chunk). (andreas dot streichardt at globalpark dot com, Ilia)
2282 2283
- Fixed bug #49012 (phar tar signature algorithm reports as Unknown (0) in
  getSignature() call). (Greg)
2284
- Fixed bug #49000 (PHP CLI in Interactive mode (php -a) crashes
2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298 2299 2300
  when including files from function). (Stas)
- Fixed bug #48994 (zlib.output_compression does not output HTTP headers when
  set to a string value). (Jani)
- Fixed bug #48980 (Crash when compiling with pdo_firebird). (Felipe)
- Fixed bug #48962 (cURL does not upload files with specified filename).
  (Ilia)
- Fixed bug #48929 (Double \r\n after HTTP headers when "header" context
  option is an array). (David Zülke)
- Fixed bug #48913 (Too long error code strings in pdo_odbc driver).
  (naf at altlinux dot ru, Felipe)
- Fixed bug #48912 (Namespace causes unexpected strict behaviour with
  extract()). (Dmitry)
- Fixed bug #48909 (Segmentation fault in mysqli_stmt_execute()). (Andrey)
- Fixed bug #48899 (is_callable returns true even if method does not exist in
  parent class). (Felipe)
- Fixed bug #48893 (Problems compiling with Curl). (Felipe)
2301
- Fixed bug #48880 (Random Appearing open_basedir problem). (Rasmus, Gwynne)
2302 2303 2304 2305 2306 2307 2308 2309 2310 2311 2312
- Fixed bug #48872 (string.c: errors: duplicate case values). (Kalle)
- Fixed bug #48854 (array_merge_recursive modifies arrays after first one).
  (Felipe)
- Fixed bug #48805 (IPv6 socket transport is not working). (Ilia)
- Fixed bug #48802 (printf() returns incorrect outputted length). (Jani)
- Fixed bug #48791 (open office files always reported as corrupted). (Greg)
- Fixed bug #48788 (RecursiveDirectoryIterator doesn't descend into symlinked
  directories). (Ilia)
- Fixed bug #48783 (make install will fail saying phar file exists). (Greg)
- Fixed bug #48774 (SIGSEGVs when using curl_copy_handle()).
  (Sriram Natarajan)
2313
- Fixed bug #48771 (rename() between volumes fails and reports no error on
2314 2315
  Windows). (Pierre)
- Fixed bug #48768 (parse_ini_*() crash with INI_SCANNER_RAW). (Jani)
2316
- Fixed bug #48763 (ZipArchive produces corrupt archive). (dani dot church at
2317 2318 2319 2320 2321 2322 2323 2324 2325 2326 2327 2328 2329 2330 2331 2332
  gmail dot com, Pierre)
- Fixed bug #48762 (IPv6 address filter still rejects valid address). (Felipe)
- Fixed bug #48757 (ReflectionFunction::invoke() parameter issues). (Kalle)
- Fixed bug #48754 (mysql_close() crash php when no handle specified).
  (Johannes, Andrey)
- Fixed bug #48752 (Crash during date parsing with invalid date). (Pierre)
- Fixed bug #48746 (Unable to browse directories within Junction Points).
  (Pierre, Kanwaljeet Singla)
- Fixed bug #48745 (mysqlnd: mysql_num_fields returns wrong column count for
  mysql_list_fields). (Andrey)
- Fixed bug #48740 (PHAR install fails when INSTALL_ROOT is not the final
  install location). (james dot cohen at digitalwindow dot com, Greg)
- Fixed bug #48733 (CURLOPT_WRITEHEADER|CURLOPT_FILE|CURLOPT_STDERR warns on
  files that have been opened with r+). (Ilia)
- Fixed bug #48719 (parse_ini_*(): scanner_mode parameter is not checked for
  sanity). (Jani)
2333
- Fixed bug #48718 (FILTER_VALIDATE_EMAIL does not allow numbers in domain
2334 2335 2336 2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 2349 2350 2351 2352 2353 2354 2355
  components). (Ilia)
- Fixed bug #48681 (openssl signature verification for tar archives broken).
  (Greg)
- Fixed bug #48660 (parse_ini_*(): dollar sign as last character of value
  fails). (Jani)
- Fixed bug #48645 (mb_convert_encoding() doesn't understand hexadecimal
  html-entities). (Moriyoshi)
- Fixed bug #48637 ("file" fopen wrapper is overwritten when using
  --with-curlwrappers). (Jani)
- Fixed bug #48608 (Invalid libreadline version not detected during configure).
  (Jani)
- Fixed bug #48400 (imap crashes when closing stream opened with
  OP_PROTOTYPE flag). (Jani)
- Fixed bug #48377 (error message unclear on converting phar with existing
  file). (Greg)
- Fixed bug #48247 (Infinite loop and possible crash during startup with
  errors when errors are logged). (Jani)
- Fixed bug #48198 error: 'MYSQLND_LLU_SPEC' undeclared. Cause for #48780 and
  #46952 - both fixed too. (Andrey)
- Fixed bug #48189 (ibase_execute error in return param). (Kalle)
- Fixed bug #48182 (ssl handshake fails during asynchronous socket connection).
  (Sriram Natarajan)
2356
- Fixed bug #48116 (Fixed build with Openssl 1.0). (Pierre,
2357 2358 2359 2360 2361 2362 2363 2364 2365 2366 2367 2368 2369 2370 2371 2372 2373 2374 2375 2376 2377 2378 2379 2380
  Al dot Smith at aeschi dot ch dot eu dot org)
- Fixed bug #48057 (Only the date fields of the first row are fetched, others
  are empty). (info at programmiernutte dot net)
- Fixed bug #47481 (natcasesort() does not sort extended ASCII characters
  correctly). (Herman Radtke)
- Fixed bug #47351 (Memory leak in DateTime). (Derick, Tobias John)
- Fixed bug #47273 (Encoding bug in SoapServer->fault). (Dmitry)
- Fixed bug #46682 (touch() afield returns different values on windows).
  (Pierre)
- Fixed bug #46614 (Extended MySQLi class gives incorrect empty() result).
  (Andrey)
- Fixed bug #46020 (with Sun Java System Web Server 7.0 on HPUX, #define HPUX).
  (Uwe Schindler)
- Fixed bug #45905 (imagefilledrectangle() clipping error).
  (markril at hotmail dot com, Pierre)
- Fixed bug #45554 (Inconsistent behavior of the u format char). (Derick)
- Fixed bug #45141 (setcookie will output expires years of >4 digits). (Ilia)
- Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)
- Fixed bug #43510 (stream_get_meta_data() does not return same mode as used
  in fopen). (Jani)
- Fixed bug #42434 (ImageLine w/ antialias = 1px shorter). (wojjie at gmail dot
  com, Kalle)
- Fixed bug #40013 (php_uname() does not return nodename on Netware (Guenter
  Knauf)
2381
- Fixed bug #38091 (Mail() does not use FQDN when sending SMTP helo).
2382 2383
  (Kalle, Rick Yorgason)
- Fixed bug #28038 (Sent incorrect RCPT TO commands to SMTP server) (Garrett)
2384
- Fixed bug #27051 (Impersonation with FastCGI does not exec process as
2385
  impersonated user). (Pierre)
2386

2387

2388 2389
30 Jun 2009, PHP 5.3.0
- Upgraded bundled PCRE to version 7.9. (Nuno)
2390 2391
- Upgraded bundled sqlite to version 3.6.15. (Scott)

2392 2393 2394 2395 2396 2397 2398 2399 2400
- Moved extensions to PECL (Derick, Lukas, Pierre, Scott):
  . ext/dbase
  . ext/fbsql
  . ext/fdf
  . ext/ncurses
  . ext/mhash (BC layer is now entirely within ext/hash)
  . ext/ming
  . ext/msql
  . ext/sybase (not maintained anymore, sybase_ct has to be used instead)
2401

2402 2403
- Removed the experimental RPL (master/slave) functions from mysqli. (Andrey)
- Removed zend.ze1_compatibility_mode. (Dmitry)
2404 2405
- Removed all zend_extension_* php.ini directives. Zend extensions are now
  always loaded using zend_extension directive. (Derick)
2406 2407 2408
- Removed special treatment of "/tmp" in sessions for open_basedir.
  Note: This undocumented behaviour was introduced in 5.2.2. (Alexey)
- Removed shebang line check from CGI sapi (checked by scanner). (Dmitry)
2409

2410 2411 2412 2413
- Changed PCRE, Reflection and SPL extensions to be always enabled. (Marcus)
- Changed md5() to use improved implementation. (Solar Designer, Dmitry)
- Changed HTTP stream wrapper to accept any code between and including
  200 to 399 as successful. (Mike, Noah Fontes)
2414 2415
- Changed __call() to be invoked on private/protected method access, similar to
  properties and __get(). (Andrei)
2416 2417
- Changed dl() to be disabled by default. Enabled only when explicitly
  registered by the SAPI. Currently enabled with cli, cgi and embed SAPIs.
2418
  (Dmitry)
2419 2420 2421 2422 2423 2424 2425 2426 2427 2428 2429
- Changed opendir(), dir() and scandir() to use default context when no context
  argument is passed. (Sara)
- Changed open_basedir to allow tightening in runtime contexts. (Sara)
- Changed PHP/Zend extensions to use flexible build IDs. (Stas)
- Changed error level E_ERROR into E_WARNING in Soap extension methods
  parameter validation. (Felipe)
- Changed openssl info to show the shared library version number. (Scott)
- Changed floating point behaviour to consistently use double precision on all
  platforms and with all compilers. (Christian Seiler)
- Changed round() to act more intuitively when rounding to a certain precision
  and round very large and very small exponents correctly. (Christian Seiler)
2430 2431 2432 2433
- Changed session_start() to return false when session startup fails. (Jani)
- Changed property_exists() to check the existence of a property independent of
  accessibility (like method_exists()). (Felipe)
- Changed array_reduce() to allow mixed $initial (Christian Seiler)
2434

2435 2436 2437 2438 2439 2440 2441 2442 2443 2444 2445 2446 2447 2448 2449 2450 2451 2452 2453 2454 2455 2456 2457 2458 2459
- Improved PHP syntax and semantics:
  . Added lambda functions and closures. (Christian Seiler, Dmitry)
  . Added "jump label" operator (limited "goto"). (Dmitry, Sara)
  . Added NOWDOC syntax. (Gwynne Raskind, Stas, Dmitry)
  . Added HEREDOC syntax with double quotes. (Lars Strojny, Felipe)
  . Added support for using static HEREDOCs to initialize static variables and
    class members or constants. (Matt)
  . Improved syntax highlighting and consistency for variables in double-quoted
    strings and literal text in HEREDOCs and backticks. (Matt)
  . Added "?:" operator. (Marcus)
  . Added support for namespaces. (Dmitry, Stas, Gregory, Marcus)
  . Added support for Late Static Binding. (Dmitry, Etienne Kneuss)
  . Added support for __callStatic() magic method. (Sara)
  . Added forward_static_call(_array) to complete LSB. (Mike Lively)
  . Added support for dynamic access of static members using $foo::myFunc().
    (Etienne Kneuss)
  . Improved checks for callbacks. (Marcus)
  . Added __DIR__ constant. (Lars Strojny)
  . Added new error modes E_USER_DEPRECATED and E_DEPRECATED.
    E_DEPRECATED is used to inform about stuff being scheduled for removal
    in future PHP versions. (Lars Strojny, Felipe, Marcus)
  . Added "request_order" INI variable to control specifically $_REQUEST
    behavior. (Stas)
  . Added support for exception linking. (Marcus)
  . Added ability to handle exceptions in destructors. (Marcus)
2460 2461 2462 2463 2464 2465 2466 2467 2468 2469 2470 2471 2472 2473 2474 2475 2476 2477 2478 2479 2480 2481 2482 2483 2484 2485 2486 2487 2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506

- Improved PHP runtime speed and memory usage:
  . Substitute global-scope, persistent constants with their values at compile
    time. (Matt)
  . Optimized ZEND_SIGNED_MULTIPLY_LONG(). (Matt)
  . Removed direct executor recursion. (Dmitry)
  . Use fastcall calling convention in executor on x86. (Dmitry)
  . Use IS_CV for direct access to $this variable. (Dmitry)
  . Use ZEND_FREE() opcode instead of ZEND_SWITCH_FREE(IS_TMP_VAR). (Dmitry)
  . Lazy EG(active_symbol_table) initialization. (Dmitry)
  . Optimized ZEND_RETURN opcode to not allocate and copy return value if it is
    not used. (Dmitry)
  . Replaced all flex based scanners with re2c based scanners.
    (Marcus, Nuno, Scott)
  . Added garbage collector. (David Wang, Dmitry).
  . Improved PHP binary size and startup speed with GCC4 visibility control.
    (Nuno)
  . Improved engine stack implementation for better performance and stability.
    (Dmitry)
  . Improved memory usage by moving constants to read only memory.
    (Dmitry, Pierre)
  . Changed exception handling. Now each op_array doesn't contain
    ZEND_HANDLE_EXCEPTION opcode in the end. (Dmitry)
  . Optimized require_once() and include_once() by eliminating fopen(3) on
    second usage. (Dmitry)
  . Optimized ZEND_FETCH_CLASS + ZEND_ADD_INTERFACE into single
    ZEND_ADD_INTERFACE opcode. (Dmitry)
  . Optimized string searching for a single character.
    (Michal Dziemianko, Scott)
  . Optimized interpolated strings to use one less opcode. (Matt)

- Improved php.ini handling: (Jani)
  . Added ".htaccess" style user-defined php.ini files support for CGI/FastCGI.
  . Added support for special [PATH=/opt/httpd/www.example.com/] and
    [HOST=www.example.com] sections. Directives set in these sections can
    not be overridden by user-defined ini-files or during runtime.
  . Added better error reporting for php.ini syntax errors.
  . Allowed using full path to load modules using "extension" directive.
  . Allowed "ini-variables" to be used almost everywhere ini php.ini files.
  . Allowed using alphanumeric/variable indexes in "array" ini options.
  . Added 3rd optional parameter to parse_ini_file() to specify the scanning
    mode of INI_SCANNER_NORMAL or INI_SCANNER_RAW. In raw mode option values
    and section values are treated as-is.
  . Fixed get_cfg_var() to be able to return "array" ini options.
  . Added optional parameter to ini_get_all() to only retrieve the current
    value. (Hannes)

2507
- Improved Windows support:
2508
  . Update all libraries to their latest stable version. (Pierre, Rob, Liz,
2509 2510 2511 2512
    Garrett).
  . Added Windows support for stat(), touch(), filemtime(), filesize() and
    related functions. (Pierre)
  . Re-added socket_create_pair() for Windows in sockets extension. (Kalle)
2513
  . Added inet_pton() and inet_ntop() also for Windows platforms.
2514 2515 2516 2517
    (Kalle, Pierre)
  . Added mcrypt_create_iv() for Windows platforms. (Pierre)
  . Added ACL Cache support on Windows.
    (Kanwaljeet Singla, Pierre, Venkat Raman Don)
2518
  . Added constants based on Windows' GetVersionEx information.
2519 2520 2521 2522 2523 2524 2525 2526 2527 2528 2529 2530 2531 2532 2533 2534 2535
    PHP_WINDOWS_VERSION_* and PHP_WINDOWS_NT_*. (Pierre)
  . Added support for ACL (is_writable, is_readable, reports now correct
    results) on Windows. (Pierre, Venkat Raman Don, Kanwaljeet Singla)
  . Added support for fnmatch() on Windows. (Pierre)
  . Added support for time_nanosleep() and time_sleep_until() on Windows.
    (Pierre)
  . Added support for symlink(), readlink(), linkinfo() and link() on Windows.
    They are available only when the running platform supports them. (Pierre)
  . the GMP extension now relies on MPIR instead of the GMP library. (Pierre)
  . Added Windows support for stream_socket_pair(). (Kalle)
  . Drop all external dependencies for the core features. (Pierre)
  . Drastically improve the build procedure (Pierre, Kalle, Rob):
    . VC9 (Visual C++ 2008) or later support
    . Initial experimental x64 support
  . MSI installer now supports all recent Windows versions, including
    Windows 7. (John, Kanwaljeet Singla)

2536
- Improved and cleaned CGI code:
2537
  . FastCGI is now always enabled and cannot be disabled.
Mark A. Hershberger's avatar