PHP 5.3.12 - Changelog

What's new in PHP 5.2.14:

July 23rd, 2010

Security Enhancements and Fixes in PHP 5.2.14:

· Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs.
· Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)
· Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().
· Fixed a possible memory corruption in substr_replace().
· Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
· Fixed a possible stack exaustion inside fnmatch().
· Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
· Fixed handling of session variable serialization on certain prefix characters.
· Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.

Key enhancements in PHP 5.2.14 include:

· Upgraded bundled PCRE to version 8.02.
· Updated timezone database to version 2010.5.
· Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
· Fixed bug #52237 (Crash when passing the reference of the property of a non-object).
· Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
· Fixed bug #51822 (Segfault with strange __destruct() for static class variables).
· Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues).
· Fixed bug #49267 (Linking fails for iconv on MacOS: "Undefined symbols: _libiconv").

What's new in PHP 5.2.13:

March 4th, 2010

· Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
· Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak. (Ilia)
· Improved LCG entropy. (Rasmus, Samy Kamkar)

What's new in PHP 5.2.10:

July 7th, 2009

Security Fixes:

· Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre)

· Updated timezone database to version 2009.9 (2009i) (Derick)
· Added "ignore_errors" option to http fopen wrapper. (David Zulke, Sara)
· Added new CURL options CURLOPT_REDIR_PROTOCOLS, CURLOPT_PROTOCOLS, and CURLPROTO_* for redirect fixes in CURL 7.19.4. (Yoram Bar Haim, Stas)
· Added support for Sun CC (FR #46595 and FR #46513). (David Soria Parra)
· Changed default value of array_unique()'s optional sorting type parameter back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi)
· Fixed memory corruptions while reading properties of zip files. (Ilia)
· Fixed memory leak in ob_get_clean/ob_get_flush. (Christian)
· Fixed segfault on invalid session.save_path. (Hannes)
· Fixed leaks in imap when a mail_criteria is used. (Pierre)
· Fixed missing erealloc() in fix for bug #40091 in spl_autoload_register. (Greg)
· Fixed bug #48562 (Reference recursion causes segfault when used in wddx_serialize_vars()). (Felipe)
· Fixed bug #48557 (Numeric string keys in Apache Hashmaps are not cast to integers). (David Zuelke)
· Fixed bug #48518 (curl crashes when writing into invalid file handle). (Tony)
· Fixed bug #48514 (cURL extension uses same resource name for simple and multi APIs). (Felipe)
· Fixed bug #48469 (ldap_get_entries() leaks memory on empty search results). (Patrick)
· Fixed bug #48456 (CPPFLAGS not restored properly in phpize.m4). (Jani, spisek at kerio dot com)
· Fixed bug #48448 (Compile failure under IRIX 6.5.30 building cast.c). (Kalle)
· Fixed bug #48441 (ldap_search() sizelimit, timelimit and deref options persist). (Patrick)
· Fixed bug #48434 (Improve memory_get_usage() accuracy). (Arnaud)
· Fixed bug #48416 (Force a cache limit in ereg() to stop excessive memory usage). (Scott)
· Fixed bug #48409 (Crash when exception is thrown while passing function arguments). (Arnaud)
· Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre)
· Fixed bug #48359 (Script hangs on snmprealwalk if OID is not increasing). (Ilia, simonov at gmail dot com)
· Fixed bug #48336 (ReflectionProperty::getDeclaringClass() does not work with redeclared property). (patch by Markus dot Lidel at shadowconnect dot com)
· Fixed bug #48326 (constant MSG_DONTWAIT not defined). (Arnaud)
· Fixed bug #48313 (fgetcsv() does not return null for empty rows). (Ilia)
· Fixed bug #48309 (stream_copy_to_stream() and fpasstru() do not update stream position of plain files). (Arnaud)
· Fixed bug #48307 (stream_copy_to_stream() copies 0 bytes when $source is a socket). (Arnaud)
· Fixed bug #48273 (snmp*_real_walk() returns SNMP errors as values). (Ilia, lytboris at gmail dot com)
· Fixed bug #48256 (Crash due to double-linking of history.o). (tstarling at wikimedia dot org)
· Fixed bug #48248 (SIGSEGV when access to private property via &__get). (Felipe)
· Fixed bug #48247 (Crash on errors during startup). (Stas)
· Fixed bug #48240 (DBA Segmentation fault dba_nextkey). (Felipe)
· Fixed bug #48224 (Incorrect shuffle in array_rand). (Etienne)
· Fixed bug #48221 (memory leak when passing invalid xslt parameter). (Felipe)
· Fixed bug #48207 (CURLOPT_(FILE|WRITEHEADER options do not error out when working with a non-writable stream). (Ilia)
· Fixed bug #48206 (Iterating over an invalid data structure with RecursiveIteratorIterator leads to a segfault). (Scott)
· Fixed bug #48204 (xmlwriter_open_uri() does not emit warnings on invalid paths). (Ilia)
· Fixed bug #48203 (Crash when CURLOPT_STDERR is set to regular file). (Jani)
· Fixed bug #48202 (Out of Memory error message when passing invalid file path) (Pierre)
· Fixed bug #48156 (Added support for lcov v1.7). (Ilia)
· Fixed bug #48132 (configure check for curl ssl support fails with --disable-rpath). (Jani)
· Fixed bug #48131 (Don't try to bind ipv4 addresses to ipv6 ips via bindto). (Ilia)
· Fixed bug #48070 (PDO_OCI: Segfault when using persistent connection). (Pierre, Matteo, jarismar dot php at gmail dot com)
· Fixed bug #48058 (Year formatter goes wrong with out-of-int range). (Derick)
· Fixed bug #48038 (odbc_execute changes variables used to form params array). (Felipe)
· Fixed bug #47997 (stream_copy_to_stream returns 1 on empty streams). (Arnaud)
· Fixed bug #47991 (SSL streams fail if error stack contains items). (Mikko)
· Fixed bug #47981 (error handler not called regardless). (Hannes)
· Fixed bug #47969 (ezmlm_hash() returns different values depend on OS). (Ilia)
· Fixed bug #47946 (ImageConvolution overwrites background). (Ilia)
· Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt)
· Fixed bug #47937 (system() calls sapi_flush() regardless of output buffering). (Ilia)
· Fixed bug #47903 ("@" operator does not work with string offsets). (Felipe)
· Fixed bug #47893 (CLI aborts on non blocking stdout). (Arnaud)
· Fixed bug #47849 (Non-deep import loses the namespace). (Rob)
· Fixed bug #47845 (PDO_Firebird omits first row from query). (Lars W)
· Fixed bug #47836 (array operator [] inconsistency when the array has PHP_INT_MAX index value). (Matt)
· Fixed bug #47831 (Compile warning for strnlen() in main/spprintf.c). (Ilia, rainer dot jung at kippdata dot de)
· Fixed bug #47828 (openssl_x509_parse() segfaults when a UTF-8 conversion fails). (Scott, Kees Cook, Pierre)
· Fixed bug #47818 (Segfault due to bound callback param). (Felipe)
· Fixed bug #47801 (__call() accessed via parent:: operator is provided incorrect method name). (Felipe)
· Fixed bug #47769 (Strange extends PDO). (Felipe)
· Fixed bug #47745 (FILTER_VALIDATE_INT doesn't allow minimum integer). (Dmitry)
· Fixed bug #47721 (Alignment issues in mbstring and sysvshm extension) (crrodriguez at opensuse dot org, Ilia)
· Fixed bug #47704 (PHP crashes on some "bad" operations with string offsets). (Dmitry)
· Fixed bug #47695 (build error when xmlrpc and iconv are compiled against different iconv versions). (Scott)
· Fixed bug #47667 (ZipArchive::OVERWRITE seems to have no effect). (Mikko, Pierre)
· Fixed bug #47644 (Valid integers are truncated with json_decode()). (Scott)
· Fixed bug #47639 (pg_copy_from() WARNING: nonstandard use of \ in a string literal). (Ilia)
· Fixed bug #47616 (curl keeps crashing). (Felipe)
· Fixed bug #47598 (FILTER_VALIDATE_EMAIL is locale aware). (Ilia)
· Fixed bug #47566 (pcntl_wexitstatus() returns signed status). (patch by james at jamesreno dot com)
· Fixed bug #47564 (unpacking unsigned long 32bit bit endian returns wrong result). (Ilia)
· Fixed bug #47487 (performance degraded when reading large chunks after fix of bug #44607). (Arnaud)
· Fixed bug #47468 (enable cli|cgi-only extensions for embed sapi). (Jani)
· Fixed bug #47435 (FILTER_FLAG_NO_PRIV_RANGE does not work with ipv6 addresses in the filter extension). (Ilia)
· Fixed bug #47430 (Errors after writing to nodeValue parameter of an absent previousSibling). (Rob)
· Fixed bug #47365 (ip2long() may allow some invalid values on certain 64bit systems). (Ilia)
· Fixed bug #47254 (Wrong Reflection for extends class). (Felipe)
· Fixed bug #47042 (cgi sapi is incorrectly removing SCRIPT_FILENAME). (Sriram Natarajan, David Soria Parra)
· Fixed bug #46882 (Serialize / Unserialize misbehaviour under OS with different bit numbers). (Matt)
· Fixed bug #46812 (get_class_vars() does not include visible private variable looking at subclass). (Arnaud)
· Fixed bug #46386 (Digest authentication with SOAP module fails against MSSQL SOAP services). (Ilia, lordelph at gmail dot com)
· Fixed bug #46109 (Memory leak when mysqli::init() is called multiple times). (Andrey)
· Fixed bug #45997 (safe_mode bypass with exec/system/passthru (windows only)). (Pierre)
· Fixed bug #45877 (Array key '2147483647' left as string). (Matt)
· Fixed bug #45822 (Near infinite-loops while parsing huge relative offsets). (Derick, Mike Sullivan)
· Fixed bug #45799 (imagepng() crashes on empty image). (Martin McNickle, Takeshi Abe)
· Fixed bug #45622 (isset($arrayObject->p) misbehaves with ArrayObject:: ARRAY_AS_PROPS set). (robin_fernandes at uk dot ibm dot com, Arnaud)
· Fixed bug #45614 (ArrayIterator::current(), ::key() can show 1st private prop of wrapped object). (robin_fernandes at uk dot ibm dot com, Arnaud)
· Fixed bug #45540 (stream_context_create creates bad http request). (Arnaud)
· Fixed bug #45202 (zlib.output_compression can not be set with ini_set()). (Jani)
· Fixed bug #45191 (error_log ignores date.timezone php.ini val when setting logging timestamps). (Derick)
· Fixed bug #45092 (header HTTP context option not being used when compiled using --with-curlwrappers). (Jani)
· Fixed bug #44996 (xmlrpc_decode() ignores time zone on iso8601.datetime). (Ilia, kawai at apache dot org)
· Fixed bug #44827 (define() is missing error checks for class constants). (Ilia)
· Fixed bug #44214 (Crash using preg_replace_callback() and global variables). (Nuno, Scott)
· Fixed bug #43073 (TrueType bounding box is wrong for angle0). (Martin McNickle)
· Fixed bug #42663 (gzinflate() try to allocate all memory with truncated data). (Arnaud)
· Fixed bug #42414 (some odbc_*() functions incompatible with Oracle ODBC driver). (jhml at gmx dot net)
· Fixed bug #42362 (HTTP status codes 204 and 304 should not be gzipped). (Scott, Edward Z. Yang)
· Fixed bug #42143 (The constant NAN is reported as 0 on Windows) (Kanwaljeet Singla, Venkat Raman Don)
· Fixed bug #38805 (PDO truncates text from SQL Server text data type field). (Steph)