xref: /web-php/releases/NEWS_5_4_0_beta2.txt (revision dd8d8bf8) 
1PHP                                                                        NEWS
2|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
320 Oct 2011, PHP 5.4.0 beta2
4- General improvements:
5  . Improve the warning message of incompatible arguments. (Laruence)
6  . Improve ternary operator performance when returning arrays. (Arnaud, Dmitry)
7
8- Core:
9  . Fixed bug #55749 (TOCTOU issue in getenv() on Windows builds). (Pierre)
10  . Fixed bug #55707 (undefined reference to `__sync_fetch_and_add_4' on Linux
11    parisc). (Felipe)
12  . Fixed bug #55705 (Omitting a callable typehinted argument causes a segfault).
13    (Felipe, Laruence)
14  . Fixed bug #55758 (Digest Authenticate missed in 5.4) . (Laruence)
15  . Fixed bug #55622 (memory corruption in parse_ini_string). (Pierre)
16  . Fixed bug #55825 (Missing initial value of static locals in trait methods).
17    (Laruence)
18  . Fixed bug #60038 (SIGALRM cause segfault in php_error_cb). (Laruence)
19
20- Openssl
21  . Revert r313616 (When we have a blocking SSL socket, respect the timeout
22    option, scottmac), breaks ssl support as described in bugs #55283 and #55848
23
24- PDO DBlib driver:
25  . Fixed bug #60033 (Incorrectly merged PDO dblib patches break
26    uniqueidentifier column type). (warezthebeef at gmail dot com)
27
28- Sysvshm
29  . Fixed bug #55750 (memory copy issue in sysvshm extension).
30    (Ilia, jeffhuang9999 at gmail dot com)
31
32- Zlib:
33  . Fixed bug #55544 (ob_gzhandler always conflicts with
34    zlib.output_compression). (Mike)
35
36- SPL:
37  . FilesystemIterator, GlobIterator and (Recursive)DirectoryIterator now use
38    the default stream context. (Hannes)
39  . Fixed bug #55807 (Wrong value for splFileObject::SKIP_EMPTY).
40    (jgotti at modedemploi dot fr, Hannes)
41
42- CLI SAPI:
43  . Fixed bug #55726 (Changing the working directory makes router script
44    inaccessible). (Laruence)
45  . Fixed bug #55747 (request headers missed in $_SERVER). (Laruence)
46  . Fixed bug #55755 (SegFault when outputting header WWW-Authenticate). (Laruence)
47
48- Litespeed SAPI:
49  . Fixed bug #55769 (Make Fails with "Missing Separator" error). (Adam)
50
51- Fileinfo:
52  . Fixed bug #60094 (C++ comment fails in c89). (Laruence)
53
5415 Sep 2011, PHP 5.4.0 Beta1
55- General improvements:
56  . Added callable typehint. (Hannes)
57  . Implemented closure rebinding as parameter to bindTo. (Gustavo Lopes)
58  . Turn on html_errors by default again in php.ini-production like it was in
59    PHP 5.3, but only generate docref links when the docref_root INI setting is
60    not empty. (Derick)
61  . Fixed bug #55378: Binary number literal returns float number though its
62    value is small enough. (Derick)
63  . Added support for SORT_NATURAL and SORT_FLAG_CASE in array
64    sort functions (sort, rsort, ksort, krsort, asort, arsort and
65    array_multisort). FR#55158 (Arpad)
66  . Disable windows CRT warning by default, can be enabled again using the ini
67    directive windows_show_crt_warnings. (Pierre)
68  . Removed support for putenv("TZ=..") for setting the timezone. (Derick)
69  . Removed the timezone guessing algorithm in case the timezone isn't set with
70    date.timezone or date_default_timezone_set(). Instead of a guessed
71    timezone, "UTC" is now used instead. (Derick)
72
73- Improved MySQL extensions:
74  . ext/mysql, mysqli and pdo_mysql now use mysqlnd by default. (Johannes)
75
76- Improved mbstring extension:
77  . Added Shift_JIS/UTF-8 Emoji (pictograms) support. (Rui)
78  . Added JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004)
79    support. (Rui)
80  . Ill-formed UTF-8 check for security enhancements. (Rui)
81  . Added MacJapanese (Shift_JIS) and gb18030 encoding support. (Rui)
82  . Added encode/decode in hex format to mb_[en|de]code_numericentity(). (Rui)
83  . Added user JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004)
84    support. (Rui)
85  . Added the user user defined area for CP936 and CP950 (Rui).
86
87- Improved Reflection extension:
88  . Added ReflectionClass::newInstanceWithoutConstructor() to create a new
89    instance of a class without invoking its constructor. FR #55490.
90    (Sebastian)
91
92- Improved intl extension:
93  . Fixed bug #55562 (grapheme_substr() returns false on big length). (Stas)
94
95- Improved JSON extension:
96  . Added new json_encode() option JSON_UNESCAPED_UNICODE. FR #53946.
97    (Alexander, Gwynne)
98
99- Improved CLI SAPI:
100  . Added friendly log messages - FR #55109 (Arpad)
101
102- Improved readline extension:
103  . Fixed bug #54450 (Enable callback support when built against libedit).
104    (fedora at famillecollet dot com, Hannes)
105
106- Improved Session extension:
107  . Expose session status via new function, session_status (FR #52982) (Arpad)
108  . Added support for object-oriented session handlers. (Arpad)
109
110- Improved SPL extension:
111  . Immediately reject wrong usages of directories under Spl(Temp)FileObject
112    and friends. (Etienne, Pierre)
113
114- Improved XSL extension:
115  . XSL doesn't stop transformation anymore, if a PHP function can't be called
116    (Christian)
117
11804 Aug 2011, PHP 5.4.0 Alpha 3
119- Added features:
120 . Short array syntax, see UPGRADING guide for full details
121   (rsky0711 at gmail . com, sebastian.deutsch at 9elements . com, Pierre)
122 . Binary numbers format (0b001010). (Jonah dot Harris at gmail dot com)
123 . Support for Class::{expr}() syntax (Pierrick)
124
125- Removed features:
126  . Removed magic_quotes_gpc, magic_quotes_runtime and magic_quotes_sybase
127    ini options. get_magic_quotes_gpc, get_magic_quotes_runtime are kept
128    but always return false, set_magic_quotes_runtime raises an
129    E_CORE_ERROR. (Pierrick, Pierre)
130
131- Changed E_ALL to include E_STRICT. (Stas)
132
133- Improved core functions
134  . Fixed bug #55124 (recursive mkdir fails with current (dot) directory in path).
135    (Pierre)
136
137- Improved PHP-FPM SAPI:
138  . Added process.max to control the number of process FPM can fork. FR #55166.
139    (fat)
140  . Dropped restriction of not setting the same value multiple times, the last
141    one holds. (giovanni at giacobbi dot net, fat)
142
143- SPL extension:
144  . Added missing class_uses(..) as pointed out by #55266 (Stefan)
145  . Fixed bug #55287 (spl_classes() not includes CallbackFilter classes)
146    (sasezaki at gmail dot com, salathe)
147
148
14914 Jul 2011, PHP 5.4.0 Alpha 2
150- General improvements:
151  . Zend Signal Handling. (Lucas Nealan,Arnaud Le Blanc,Brian Shire, Ilia)
152
153- Improved Zend Engine
154  . Improved parse error messages. (Felipe)
155
156- Improved CLI SAPI:
157  . Added built-in web server that is intended for testing purpose.
158    (Moriyoshi)
159
160- Improved PHP-FPM SAPI:
161  . Added partial syslog support (on error_log only). FR #52052. (fat)
162  . Lowered default value for Process Manager. FR #54098. (fat)
163  . Enhance security by limiting access to user defined extensions.
164    FR #55181. (fat)
165
166- Improved core functions:
167  . Changed http_response_code() to be able to set a response code. (Kalle)
168  . Fixed crypt_blowfish handling of 8-bit characters. (Stas) (CVE-2011-2483)
169  . Fixed bug#55084 (Function registered by header_register_callback is
170    called only once per process). (Hannes)
171
172- Improved DOM extension:
173  . Added the ability to pass options to loadHTML (Chregu, fxmulder at gmail dot com)
174
175- OpenSSL extension:
176  . Use php's implementation for Windows Crypto API in
177    openssl_random_pseudo_bytes. (Pierre)
178
17920 Jun 2011, PHP 5.4.0 Alpha 1
180- autoconf 2.59+ is now supported (and required) for generating the
181  configure script with ./buildconf. Autoconf 2.60+ is desirable
182  otherwise the configure help order may be incorrect.  (Rasmus, Chris Jones)
183
184- Removed legacy features:
185  . break/continue $var syntax. (Dmitry)
186  . Safe mode and all related ini options. (Kalle)
187  . register_globals and register_long_arrays ini options. (Kalle)
188  . import_request_variables(). (Kalle)
189  . allow_call_time_pass_reference. (Pierrick)
190  . define_syslog_variables ini option and its associated function. (Kalle)
191  . highlight.bg ini option. (Kalle)
192  . Session bug compatibility mode (session.bug_compat_42 and
193    session.bug_compat_warn ini options). (Kalle)
194  . session_is_registered(), session_register() and session_unregister()
195    functions. (Kalle)
196  . y2k_compliance ini option. (Kalle)
197
198- Moved extensions to PECL: (Johannes)
199  . ext/sqlite.  (Note: the ext/sqlite3 and ext/pdo_sqlite extensions are
200    not affected)
201
202- Changed $_SERVER['REQUEST_TIME'] to include microsecond precision. (Ilia)
203- Changed default value of "default_charset" php.ini option from ISO-8859-1 to
204  UTF-8. (Rasmus)
205- Changed array_combine() to return empty array instead of FALSE when both
206  parameter arrays are empty. FR #34857. (joel.perras@gmail.com)
207- Changed third parameter of preg_match_all() to optional. FR #53238. (Adam)
208- Changed silent casting of null/''/false into an Object when adding
209  a property into a warning. (Scott)
210- <?= is now always available regardless of the short_open_tag setting (Rasmus)
211
212- General improvements:
213  . Added multibyte support by default. Previously php had to be compiled
214    with --enable-zend-multibyte. Now it can be enabled or disabled through
215    zend.multibyte directive in php.ini. (Dmitry)
216  . Removed compile time dependency from ext/mbstring (Dmitry)
217  . Added support for Traits. (Stefan)
218  . Added closure $this support back. (Stas)
219  . Added array dereferencing support. (Felipe)
220  . Added indirect method call through array. FR #47160. (Felipe)
221  . Added support for object references in recursive serialize() calls.
222    FR #36424. (Mike)
223  . Added http_response_code() function. FR #52555. (Paul Dragoonis, Kalle)
224  . Added header_register_callback() which is invoked immediately
225    prior to the sending of headers and after default headers have
226    been added. (Scott)
227  . Added DTrace support. (David Soria Parra)
228  . Improved output layer, see README.NEW-OUTPUT-API for internals. (Mike)
229  . Improved unserialize() performance.
230    (galaxy dot mipt at gmail dot com, Kalle)
231  . Improved unix build system to allow building multiple PHP binary SAPIs and
232    one SAPI module the same time. FR #53271, FR #52410. (Jani)
233  . Added optional argument to debug_backtrace() and debug_print_backtrace()
234    to limit the amount of stack frames returned. (Sebastian, Patrick)
235  . Added stream metadata API support and stream_metadata() stream class
236    handler. (Stas)
237
238- Improved Zend Engine memory usage: (Dmitry)
239  . Replaced zend_function.pass_rest_by_reference by
240    ZEND_ACC_PASS_REST_BY_REFERENCE in zend_function.fn_flags.
241  . Replaced zend_function.return_reference by ZEND_ACC_RETURN_REFERENCE
242    in zend_function.fn_flags.
243  . Removed zend_arg_info.required_num_args as it was only needed for internal
244    functions. Now the first arg_info for internal functions (which has special
245    meaning) is represented by zend_internal_function_info structure.
246  . Moved zend_op_array.size, size_var, size_literal, current_brk_cont,
247    backpatch_count into CG(context) as they are used only during compilation.
248  . Moved zend_op_array.start_op into EG(start_op) as it's used only for
249    'interactive' execution of single top-level op-array.
250  . Replaced zend_op_array.done_pass_two by ZEND_ACC_DONE_PASS_TWO in
251    zend_op_array.fn_flags.
252  . op_array.vars array is trimmed (reallocated) during pass_two.
253  . Replaced zend_class_entry.constants_updated by ZEND_ACC_CONSTANTS_UPDATED
254    in zend_class_entry.ce_flags.
255  . Reduced the size of zend_class_entry by sharing the same memory space
256    by different information for internal and user classes.
257    See zend_class_entry.info union.
258  . Reduced size of temp_variable.
259
260- Changed the structure of op_array.opcodes. The constant values are moved from
261  opcode operands into a separate literal table. (Dmitry)
262
263- Improved Zend Engine, performance tweaks and optimizations: (Dmitry)
264  . Inlined most probable code-paths for arithmetic operations directly into
265    executor.
266  . Eliminated unnecessary iterations during request startup/shutdown.
267  . Changed $GLOBALS into a JIT autoglobal, so it's initialized only if used.
268    (this may affect opcode caches!)
269  . Improved performance of @ (silence) operator.
270  . Simplified string offset reading. $str[1][0] is now a legal construct.
271  . Added caches to eliminate repeatable run-time bindings of functions,
272    classes, constants, methods and properties.
273  . Added concept of interned strings. All strings constants known at compile
274    time are allocated in a single copy and never changed.
275  . Added an optimization which saves memory and emalloc/efree calls for empty
276    HashTables. (Stas, Dmitry)
277  . ZEND_RECV now always has IS_CV as its result.
278  . ZEND_CATCH now has to be used only with constant class names.
279  . ZEND_FETCH_DIM_? may fetch array and dimension operands in different order.
280  . Simplified ZEND_FETCH_*_R operations. They can't be used with the
281    EXT_TYPE_UNUSED flag any more. This is a very rare and useless case.
282    ZEND_FREE might be required after them instead.
283  . Split ZEND_RETURN into two new instructions ZEND_RETURN and
284    ZEND_RETURN_BY_REF.
285  . Optimized access to global constants using values with pre-calculated
286    hash_values from the literals table.
287  . Optimized access to static properties using executor specialization.
288    A constant class name may be used as a direct operand of ZEND_FETCH_*
289    instruction without previous ZEND_FETCH_CLASS.
290  . zend_stack and zend_ptr_stack allocation is delayed until actual usage.
291
292- Improved CLI SAPI: (Johannes, Moriyoshi)
293  . Added command line option --rz <name> which shows information of the
294    named Zend extension. (Johannes)
295  . Interactive readline shell improvements: (Johannes)
296    . Added "cli.pager" php.ini setting to set a pager for output.
297    . Added "cli.prompt" php.ini setting to configure the shell prompt.
298    . Added shortcut #inisetting=value to change ini settings at run-time.
299    . Changed shell not to terminate on fatal errors.
300    . Interactive shell works with shared readline extension. FR #53878.
301
302- Improved FastCGI SAPI: (Dmitry)
303  . Added apache compatible functions: apache_child_terminate(),
304    getallheaders(), apache_request_headers() and apache_response_headers()
305  . Improved performance of FastCGI request parsing.
306
307- Improved core functions:
308  . number_format() no longer truncates multibyte decimal points and thousand
309    separators to the first byte. FR #53457. (Adam)
310  . Added hex2bin() function. (Scott)
311
312- Improved CURL extension:
313  . Added support for CURLOPT_MAX_RECV_SPEED_LARGE and
314    CURLOPT_MAX_SEND_SPEED_LARGE. FR #51815. (Pierrick)
315
316- Improved Date extension:
317  . Added the + modifier to parseFromFormat to allow trailing text in the
318    string to parse without throwing an error. (Stas, Derick)
319
320- Improved DBA extension:
321  . Added Tokyo Cabinet abstract DB support. (Michael Maclean)
322  . Added Berkeley DB 5 support. (Johannes, Chris Jones)
323
324- Improved filesystem functions:
325  . scandir() now accepts SCANDIR_SORT_NONE as a possible sorting_order value.
326    FR #53407. (Adam)
327
328- Improved HASH extension:
329  . Added Jenkins's one-at-a-time hash support. (Martin Jansen)
330  . Added FNV-1 hash support. (Michael Maclean)
331  . Made Adler32 algorithm faster. FR #53213. (zavasek at yandex dot ru)
332
333- Improved intl extension:
334  . Added Spoofchecker, allows checking for visibly confusable characters and
335    other security issues. (Scott)
336
337- Improved JSON extension:
338  . Added JsonSerializable interface. (Sara)
339  . Added JSON_BIGINT_AS_STRING, extended json_decode() sig with $options.
340    (Sara)
341  . Added support for JSON_NUMERIC_CHECK option in json_encode() that converts
342    numeric strings to integers. (Ilia)
343  . Added new json_encode() option JSON_PRETTY_PRINT. FR #44331. (Adam)
344  . Added new json_encode() option JSON_UNESCAPED_SLASHES. FR #49366. (Adam)
345
346- Improved LDAP extension:
347  . Added paged results support. FR #42060. (ando@OpenLDAP.org,
348    iarenuno@eteo.mondragon.edu, jeanseb@au-fil-du.net, remy.saissy@gmail.com)
349
350- Improved MySQL extensions:
351  . MySQL: Deprecated mysql_list_dbs(). FR #50667. (Andrey)
352  . mysqlnd: Added named pipes support. FR #48082. (Andrey)
353  . MySQLi: Added iterator support in MySQLi. mysqli_result implements
354    Traversable. (Andrey, Johannes)
355  . PDO_mysql: Removed support for linking with MySQL client libraries older
356    than 4.1. (Johannes)
357
358- Improved OpenSSL extension:
359  . Added AES support. FR #48632. (yonas dot y at gmail dot com, Pierre)
360  . Added a "no_ticket" SSL context option to disable the SessionTicket TLS
361    extension. FR #53447. (Adam)
362  . Added no padding option to openssl_encrypt()/openssl_decrypt(). (Scott)
363
364- Improved PDO DB-LIB: (Stanley)
365  . Added nextRowset support.
366  . Fixed bug #50755 (PDO DBLIB Fails with OOM).
367
368- Improved PostgreSQL extension:
369  . Added support for "extra" parameter for PGNotify().
370    (r dot i dot k at free dot fr, Ilia)
371
372- Improved Reflection extension: (Johannes)
373  . Added ReflectionExtension::isTemporary() and
374    ReflectionExtension::isPersistent() methods.
375  . Added ReflectionZendExtension class.
376  . Added ReflectionClass::isCloneable(). (Felipe)
377
378- Improved Session extension:
379  . Added support for storing upload progress feedback in session data. (Arnaud)
380  . Changed session.entropy_file to default to /dev/urandom or /dev/arandom if
381    either is present at compile time. (Rasmus)
382
383- Improved SPL extension:
384  . Added RegexIterator::getRegex() method. (Joshua Thijssen)
385  . Added SplObjectStorage::getHash() hook. (Etienne)
386  . Added CallbackFilterIterator and RecursiveCallbackFilterIterator. (Arnaud)
387
388- Improved XSL extension:
389  . Added XsltProcessor::setSecurityPrefs($options) and getSecurityPrefs() to
390    define forbidden operations within XSLT stylesheets, default is not to
391    enable write operations from XSLT. Bug #54446 (Chregu, Nicolas Gregoire)
392
393- Improved ZLIB extension:
394  . Re-implemented non-file related functionality. (Mike)
395
396- Improved SNMP extension (Boris Lytochkin):
397  . Added OO API. FR #53594 (php-snmp rewrite).
398  . Sanitized return values of existing functions. Now it returns FALSE on
399    failure.
400  . Allow ~infinite OIDs in GET/GETNEXT/SET queries. Autochunk them to max_oids
401    upon request.
402  . Introducing unit tests for extension with ~full coverage.
403  IPv6 support. (FR #42918)
404  . Way of representing OID value can now be changed when SNMP_VALUE_OBJECT
405    is used for value output mode. Use or'ed SNMP_VALUE_LIBRARY(default if
406    not specified) or SNMP_VALUE_PLAIN. (FR #54502)
407  . Fixed bugs
408    . #44193 (snmp v3 noAuthNoPriv doesn't work)
409    . #45893 (Snmp buffer limited to 2048 char)
410    . #46065 (snmp_set_quick_print() persists between requests)
411    . #51336 (snmprealwalk (snmp v1) does not handle end of OID tree correctly)
412    . #53862 (snmp_set_oid_output_format does not allow returning to default)
413
414## UNSORTED ##
415
416- Fixed PDO objects binary incompatibility. (Dmitry)
417- Fixed bug #52211 (iconv() returns part of string on error). (Felipe)
418- Fixed bug #55450 (Built in web server not accepting file uploads). (Laruence)
419- Fixed bug #55471 (ZTS build broken with dtrace). (Laruence)
420- Fixed bug #55463 (cli-server missing _SERVER[REMOTE_ADDR]). (Laruence)
421- Fixed bug #55473 (mysql_pconnect leaks file descriptors on reconnect). (Andrey, Laruence)
422- Fixed bug #55423 (cli-server could not output correctly in some case). (Laruence, chobieee at gmail dot com)
423- Fixed bug #55653 (PS crash with libmysql when binding same variable as param and out). (Laruence)
424
425?? ??? 2011, PHP 5.3.9
426
427- Core:
428  . Fixed Bug #55649 (Undefined function Bug()). (Laruence)
429  . Fixed bug #55576: Cannot conditionally move uploaded file without race
430    condition. (Gustavo)
431  . Fixed bug #55366: keys lost when using substr_replace an array. (Arpad)
432  . Fixed bug #55273 (base64_decode() with strict rejects whitespace after
433    pad). (Ilia)
434  . Fixed bug #55510: $_FILES 'name' missing first character after upload.
435    (Arpad)
436  . Fixed bug #55509 (segfault on x86_64 using more than 2G memory). (Laruence)
437  . Fixed bug #55504 (Content-Type header is not parsed correctly on
438    HTTP POST request). (Hannes)
439  . Fixed bug #52461 (Incomplete doctype and missing xmlns).
440    (virsacer at web dot de, Pierre)
441
442- Curl:
443  . Fixed bug #54798 (Segfault when CURLOPT_STDERR file pointer is closed
444    before calling curl_exec). (Hannes)
445  . Fixed issues were curl_copy_handle() would sometimes lose copied
446    preferences. (Hannes)
447
448- DateTime:
449  . Fixed bug #48476 (cloning extended DateTime class without calling
450    parent::__constr crashed PHP). (Hannes)
451
452- MySQL:
453  . Fixed bug #55550 (mysql.trace_mode miscounts result sets). (Johannes)
454
455- MySQLi extension:
456  . Fixed bug #55582 (mysqli_num_rows() returns always 0 for unbuffered, when
457  mysqlnd is used). (Andrey)
458
459- mysqlnd
460  . Fixed bug #55609 (mysqlnd cannot be built shared). (Johannes)
461  . Fixed bug #55067 (MySQL doesn't support compression - wrong config option).
462    (Andrey)
463
464- PDO MySQL driver:
465  . Fixed bug #54158 (MYSQLND+PDO MySQL requires #define MYSQL_OPT_LOCAL_INFILE)
466  (Andrey)
467
468- Phar:
469  . Fixed bug#52013 (Unable to decompress files in a compressed phar). (Hannes)
470  . Fixed bug#53872 (internal corruption of phar). (Hannes)
471
472- Session:
473  . Fixed bug #55267 (session_regenerate_id fails after header sent). (Hannes)
474
475- NSAPI SAPI:
476  . Don't set $_SERVER['HTTPS'] on unsecure connection (bug #55403). (Uwe
477    Schindler)
478
479- SimpleXML:
480  . Reverted the SimpleXML->query() behaviour to returning empty arrays
481    instead of false when no nodes are found as it was since 5.3.3
482    (bug #48601). (chregu, rrichards)
483
484- String:
485  . Fixed bug #55674 (fgetcsv & str_getcsv skip empty fields in some tab-separated
486    records). (Laruence)
487
48823 Aug 2011, PHP 5.3.8
489
490- Core:
491  . Fixed bug #55439 (crypt() returns only the salt for MD5). (Stas)
492
493- OpenSSL:
494  . Reverted a change in timeout handling restoring PHP 5.3.6 behavior,
495    as the new behavior caused mysqlnd SSL connections to hang (#55283).
496    (Pierre, Andrey, Johannes)
497
49818 Aug 2011, PHP 5.3.7
499- Upgraded bundled SQLite to version 3.7.7.1. (Scott)
500- Upgraded bundled PCRE to version 8.12. (Scott)
501
502- Zend Engine:
503  . Fixed bug #55156 (ReflectionClass::getDocComment() returns comment even
504    though the class has none). (Felipe)
505  . Fixed bug #55007 (compiler fail after previous fail). (Felipe)
506  . Fixed bug #54910 (Crash when calling call_user_func with unknown function
507    name). (Dmitry)
508  . Fixed bug #54804 (__halt_compiler and imported namespaces).
509    (Pierrick, Felipe)
510  . Fixed bug #54624 (class_alias and type hint). (Felipe)
511  . Fixed bug #54585 (track_errors causes segfault). (Dmitry)
512  . Fixed bug #54423 (classes from dl()'ed extensions are not destroyed).
513    (Tony, Dmitry)
514  . Fixed bug #54372 (Crash accessing global object itself returned from its
515    __get() handle). (Dmitry)
516  . Fixed bug #54367 (Use of closure causes problem in ArrayAccess). (Dmitry)
517  . Fixed bug #54358 (Closure, use and reference). (Dmitry)
518  . Fixed bug #54262 (Crash when assigning value to a dimension in a non-array).
519    (Dmitry)
520  . Fixed bug #54039 (use() of static variables in lambda functions can break
521    staticness). (Dmitry)
522
523- Core
524  . Updated crypt_blowfish to 1.2. ((CVE-2011-2483) (Solar Designer)
525  . Removed warning when argument of is_a() or is_subclass_of() is not
526    a known class. (Stas)
527  . Fixed crash in error_log(). (Felipe) Reported by Mateusz Kocielski.
528  . Added PHP_MANDIR constant telling where the manpages were installed into,
529    and an --man-dir argument to php-config. (Hannes)
530  . Fixed a crash inside dtor for error handling. (Ilia)
531  . Fixed buffer overflow on overlog salt in crypt(). (Clément LECIGNE, Stas)
532  . Implemented FR #54459 (Range function accuracy). (Adam)
533
534  . Fixed bug #55399 (parse_url() incorrectly treats ':' as a valid path).
535    (Ilia)
536  . Fixed bug #55339 (Segfault with allow_call_time_pass_reference = Off).
537    (Dmitry)
538  . Fixed bug #55295 [NEW]: popen_ex on windows, fixed possible heap overflow
539    (Pierre)
540  . Fixed bug #55258 (Windows Version Detecting Error).
541    ( xiaomao5 at live dot com, Pierre)
542  . Fixed bug #55187 (readlink returns weird characters when false result).
543   (Pierre)
544  . Fixed bug #55082 (var_export() doesn't escape properties properly).
545    (Gustavo)
546  . Fixed bug #55014 (Compile failure due to improper use of ctime_r()). (Ilia)
547  . Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload
548    filename). (Felipe) Reported by Krzysztof Kotowicz. (CVE-2011-2202)
549  . Fixed bug #54935 php_win_err can lead to crash. (Pierre)
550  . Fixed bug #54924 (assert.* is not being reset upon request shutdown). (Ilia)
551  . Fixed bug #54895 (Fix compiling with older gcc version without need for
552    membar_producer macro). (mhei at heimpold dot de)
553  . Fixed bug #54866 (incorrect accounting for realpath_cache_size).
554    (Dustin Ward)
555  . Fixed bug #54723 (getimagesize() doesn't check the full ico signature).
556    (Scott)
557  . Fixed bug #54721 (Different Hashes on Windows, BSD and Linux on wrong Salt
558    size). (Pierre, os at irj dot ru)
559  . Fixed bug #54580 (get_browser() segmentation fault when browscap ini
560    directive is set through php_admin_value). (Gustavo)
561  . Fixed bug #54332 (Crash in zend_mm_check_ptr // Heap corruption). (Dmitry)
562  . Fixed bug #54305 (Crash in gc_remove_zval_from_buffer). (Dmitry)
563  . Fixed bug #54238 (use-after-free in substr_replace()). (Stas)
564    (CVE-2011-1148)
565  . Fixed bug #54204 (Can't set a value with a PATH section in php.ini).
566    (Pierre)
567  . Fixed bug #54180 (parse_url() incorrectly parses path when ? in fragment).
568    (tomas dot brastavicius at quantum dot lt, Pierrick)
569  . Fixed bug #54137 (file_get_contents POST request sends additional line
570    break). (maurice-php at mertinkat dot net, Ilia)
571  . Fixed bug #53848 (fgetcsv() ignores spaces at beginnings of fields). (Ilia)
572  . Alternative fix for bug #52550, as applied to the round() function (signed
573    overflow), as the old fix impacted the algorithm for numbers with magnitude
574    smaller than 0. (Gustavo)
575  . Fixed bug #53727 (Inconsistent behavior of is_subclass_of with interfaces)
576    (Ralph Schindler, Dmitry)
577  . Fixed bug #52935 (call exit in user_error_handler cause stream relate
578    core). (Gustavo)
579  . Fixed bug #51997 (SEEK_CUR with 0 value, returns a warning). (Ilia)
580  . Fixed bug #50816 (Using class constants in array definition fails).
581    (Pierrick, Dmitry)
582  . Fixed bug #50363 (Invalid parsing in convert.quoted-printable-decode
583    filter). (slusarz at curecanti dot org)
584  . Fixed bug #48465 (sys_get_temp_dir() possibly inconsistent when using
585    TMPDIR on Windows). (Pierre)
586
587- Apache2 Handler SAPI:
588  . Fixed bug #54529 (SAPI crashes on apache_config.c:197).
589    (hebergement at riastudio dot fr)
590
591- CLI SAPI:
592  . Fixed bug #52496 (Zero exit code on option parsing failure). (Ilia)
593
594- cURL extension:
595  . Added ini option curl.cainfo (support for custom cert db). (Pierre)
596  . Added CURLINFO_REDIRECT_URL support. (Daniel Stenberg, Pierre)
597  . Added support for CURLOPT_MAX_RECV_SPEED_LARGE and
598    CURLOPT_MAX_SEND_SPEED_LARGE. FR #51815. (Pierrick)
599
600- DateTime extension:
601  . Fixed bug where the DateTime object got changed while using date_diff().
602    (Derick)
603  . Fixed bug #54340 (DateTime::add() method bug). (Adam)
604  . Fixed bug #54316 (DateTime::createFromFormat does not handle trailing '|'
605    correctly). (Adam)
606  . Fixed bug #54283 (new DatePeriod(NULL) causes crash). (Felipe)
607  . Fixed bug #51819 (Case discrepancy in timezone names cause Uncaught
608    exception and fatal error). (Hannes)
609
610- DBA extension:
611  . Supress warning on non-existent file open with Berkeley DB 5.2 (Chris Jones)
612  . Fixed bug #54242 (dba_insert returns true if key already exists). (Felipe)
613
614- Exif extesion:
615  . Fixed bug #54121 (error message format string typo). (Ilia)
616
617- Fileinfo extension:
618  . Fixed bug #54934 (Unresolved symbol strtoull in HP-UX 11.11). (Felipe)
619
620- Filter extension:
621  . Added 3rd parameter to filter_var_array() and filter_input_array()
622    functions that allows disabling addition of empty elements. (Ilia)
623  . Fixed bug #53037 (FILTER_FLAG_EMPTY_STRING_NULL is not implemented). (Ilia)
624
625- Interbase extension:
626  . Fixed bug #54269 (Short exception message buffer causes crash). (Felipe)
627
628- intl extension:
629  . Implemented FR #54561 (Expose ICU version info). (David Zuelke, Ilia)
630  . Implemented FR #54540 (Allow loading of arbitrary resource bundles when
631    fallback is disabled). (David Zuelke, Stas)
632
633- Imap extension:
634  . Fixed bug #55313 (Number of retries not set when params specified).
635    (kevin at kevinlocke dot name)
636
637- json extension:
638  . Fixed bug #54484 (Empty string in json_decode doesn't reset
639    json_last_error()). (Ilia)
640
641- LDAP extension:
642  . Fixed bug #53339 (Fails to build when compilng with gcc 4.5 and DSO
643    libraries). (Clint Byrum, Raphael)
644
645- libxml extension:
646  . Fixed bug #54601 (Removing the doctype node segfaults). (Hannes)
647  . Fixed bug #54440 (libxml extension ignores default context). (Gustavo)
648
649- mbstring extension:
650  . Fixed bug #54494 (mb_substr() mishandles UTF-32LE and UCS-2LE). (Gustavo)
651
652- MCrypt extension:
653  . Change E_ERROR to E_WARNING in mcrypt_create_iv when not enough data
654    has been fetched (Windows). (Pierre)
655  . Fixed bug #55169 (mcrypt_create_iv always fails to gather sufficient random
656    data on Windows). (Pierre)
657
658- mysqlnd
659  . Fixed crash when using more than 28,000 bound parameters. Workaround is to
660    set mysqlnd.net_cmd_buffer_size to at least 9000. (Andrey)
661  . Fixed bug #54674 mysqlnd valid_sjis_(head|tail) is using invalid operator
662    and range). (nihen at megabbs dot com, Andrey)
663
664- MySQLi extension:
665  . Fixed bug #55283 (SSL options set by mysqli_ssl_set ignored for MySQLi
666    persistent connections). (Andrey)
667  . Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries).
668    (Andrey)
669
670- OpenSSL extension:
671  . openssl_encrypt()/openssl_decrypt() truncated keys of variable length
672    ciphers to the OpenSSL default for the algorithm. (Scott)
673  . On blocking SSL sockets respect the timeout option where possible.
674    (Scott)
675  . Fixed bug #54992 (Stream not closed and error not returned when SSL
676    CN_match fails). (Gustavo, laird_ngrps at dodo dot com dot au)
677
678- Oracle Database extension (OCI8):
679  . Added oci_client_version() returning the runtime Oracle client library
680    version (Chris Jones)
681
682. PCRE extension:
683  . Increased the backtrack limit from 100000 to 1000000 (Rasmus)
684
685- PDO extension:
686  . Fixed bug #54929 (Parse error with single quote in sql comment). (Felipe)
687  . Fixed bug #52104 (bindColumn creates Warning regardless of ATTR_ERRMODE
688    settings). (Ilia)
689
690- PDO DBlib driver:
691  . Fixed bug #54329 (MSSql extension memory leak).
692    (dotslashpok at gmail dot com)
693  . Fixed bug #54167 (PDO_DBLIB returns null on SQLUNIQUE field).
694    (mjh at hodginsmedia dot com, Felipe)
695
696- PDO ODBC driver:
697  . Fixed data type usage in 64bit. (leocsilva at gmail dot com)
698
699- PDO MySQL driver:
700  . Fixed bug #54644 (wrong pathes in php_pdo_mysql_int.h). (Tony, Johannes)
701  . Fixed bug #53782 (foreach throws irrelevant exception). (Johannes, Andrey)
702  . Implemented FR #48587 (MySQL PDO driver doesn't support SSL connections).
703    (Rob)
704
705- PDO PostgreSQL driver:
706  . Fixed bug #54318 (Non-portable grep option used in PDO pgsql
707    configuration). (bwalton at artsci dot utoronto dot ca)
708
709- PDO Oracle driver:
710  . Fixed bug #44989 (64bit Oracle RPMs still not supported by pdo-oci).
711    (jbnance at tresgeek dot net)
712
713- Phar extension:
714  . Fixed bug #54395 (Phar::mount() crashes when calling with wrong parameters).
715    (Felipe)
716
717- PHP-FPM SAPI:
718  . Implemented FR #54499 (FPM ping and status_path should handle HEAD request). (fat)
719  . Implemented FR #54172 (Overriding the pid file location of php-fpm). (fat)
720  . Fixed missing Expires and Cache-Control headers for ping and status pages.
721    (fat)
722  . Fixed memory leak. (fat) Reported and fixed by Giovanni Giacobbi.
723  . Fixed wrong value of log_level when invoking fpm with -tt. (fat)
724  . Added xml format to the status page. (fat)
725  . Removed timestamp in logs written by children processes. (fat)
726  . Fixed exit at FPM startup on fpm_resources_prepare() errors. (fat)
727  . Added master rlimit_files and rlimit_core in the global configuration
728    settings. (fat)
729  . Removed pid in debug logs written by chrildren processes. (fat)
730  . Added custom access log (also added per request %CPU and memory
731    mesurement). (fat)
732  . Added a real scoreboard and several improvements to the status page. (fat)
733
734- Reflection extension:
735  . Fixed bug #54347 (reflection_extension does not lowercase module function
736    name). (Felipe, laruence at yahoo dot com dot cn)
737
738- SOAP extension:
739  . Fixed bug #55323 (SoapClient segmentation fault when XSD_TYPEKIND_EXTENSION
740    contains itself). (Dmitry)
741  . Fixed bug #54312 (soap_version logic bug). (tom at samplonius dot org)
742
743- Sockets extension:
744  . Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
745    Found by Mateusz Kocielski, Marek Kroemeke and Filip Palian. (Felipe)
746  . Changed socket_set_block() and socket_set_nonblock() so they emit warnings
747    on error. (Gustavo)
748  . Fixed bug #51958 (socket_accept() fails on IPv6 server sockets). (Gustavo)
749
750- SPL extension:
751  . Fixed bug #54971 (Wrong result when using iterator_to_array with use_keys
752    on true). (Pierrick)
753  . Fixed bug #54970 (SplFixedArray::setSize() isn't resizing). (Felipe)
754  . Fixed bug #54609 (Certain implementation(s) of SplFixedArray cause hard
755    crash). (Felipe)
756  . Fixed bug #54384 (Dual iterators, GlobIterator, SplFileObject and
757    SplTempFileObject crash when user-space classes don't call the paren
758    constructor). (Gustavo)
759  . Fixed bug #54292 (Wrong parameter causes crash in
760    SplFileObject::__construct()). (Felipe)
761  . Fixed bug #54291 (Crash iterating DirectoryIterator for dir name starting
762    with \0). (Gustavo)
763  . Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator).
764    (Felipe)
765
766- Streams:
767  . Fixed bug #54946 (stream_get_contents infinite loop). (Hannes)
768  . Fixed bug #54623 (Segfault when writing to a persistent socket after
769    closing a copy of the socket). (Gustavo)
770  . Fixed bug #54681 (addGlob() crashes on invalid flags). (Felipe)
771
772
77317 Mar 2011, PHP 5.3.6
774- Upgraded bundled Sqlite3 to version 3.7.4. (Ilia)
775- Upgraded bundled PCRE to version 8.11. (Ilia)
776
777- Zend Engine:
778  . Indirect reference to $this fails to resolve if direct $this is never used
779    in method. (Scott)
780  . Added options to debug backtrace functions. (Stas)
781  . Fixed bug numerous crashes due to setlocale (crash on error, pcre, mysql
782    etc.) on Windows in thread safe mode. (Pierre)
783  . Fixed Bug #53971 (isset() and empty() produce apparently spurious runtime
784    error). (Dmitry)
785  . Fixed Bug #53958 (Closures can't 'use' shared variables by value and by
786    reference). (Dmitry)
787  . Fixed Bug #53629 (memory leak inside highlight_string()). (Hannes, Ilia)
788  . Fixed Bug #51458 (Lack of error context with nested exceptions). (Stas)
789  . Fixed Bug #47143 (Throwing an exception in a destructor causes a fatal
790    error). (Stas)
791  . Fixed bug #43512 (same parameter name can be used multiple times in
792    method/function definition). (Felipe)
793
794- Core:
795  . Added ability to connect to HTTPS sites through proxy with basic
796    authentication using stream_context/http/header/Proxy-Authorization (Dmitry)
797  . Changed default value of ini directive serialize_precision from 100 to 17.
798    (Gustavo)
799  . Fixed bug #54055 (buffer overrun with high values for precision ini
800    setting). (Gustavo)
801  . Fixed bug #53959 (reflection data for fgetcsv out-of-date). (Richard)
802  . Fixed bug #53577 (Regression introduced in 5.3.4 in open_basedir with a
803    trailing forward slash). (lekensteyn at gmail dot com, Pierre)
804  . Fixed bug #53682 (Fix compile on the VAX). (Rasmus, jklos)
805  . Fixed bug #48484 (array_product() always returns 0 for an empty array).
806    (Ilia)
807  . Fixed bug #48607 (fwrite() doesn't check reply from ftp server before
808    exiting). (Ilia)
809
810
811- Calendar extension:
812  . Fixed bug #53574 (Integer overflow in SdnToJulian, sometimes leading to
813    segfault). (Gustavo)
814
815- DOM extension:
816  . Implemented FR #39771 (Made DOMDocument::saveHTML accept an optional DOMNode
817    like DOMDocument::saveXML). (Gustavo)
818
819- DateTime extension:
820  . Fixed a bug in DateTime->modify() where absolute date/time statements had
821    no effect. (Derick)
822  . Fixed bug #53729 (DatePeriod fails to initialize recurrences on 64bit
823    big-endian systems). (Derick, rein@basefarm.no)
824  . Fixed bug #52808 (Segfault when specifying interval as two dates). (Stas)
825  . Fixed bug #52738 (Can't use new properties in class extended from
826    DateInterval). (Stas)
827  . Fixed bug #52290 (setDate, setISODate, setTime works wrong when DateTime
828    created from timestamp). (Stas)
829  . Fixed bug #52063 (DateTime constructor's second argument doesn't have a
830    null default value). (Gustavo, Stas)
831
832- Exif extension:
833  . Fixed bug #54002 (crash on crafted tag, reported by Luca Carettoni).
834    (Pierre) (CVE-2011-0708)
835
836- Filter extension:
837  . Fixed bug #53924 (FILTER_VALIDATE_URL doesn't validate port number).
838    (Ilia, Gustavo)
839  . Fixed bug #53150 (FILTER_FLAG_NO_RES_RANGE is missing some IP ranges).
840    (Ilia)
841  . Fixed bug #52209 (INPUT_ENV returns NULL for set variables (CLI)). (Ilia)
842  . Fixed bug #47435 (FILTER_FLAG_NO_RES_RANGE don't work with ipv6).
843    (Ilia, valli at icsurselva dot ch)
844
845- Fileinfo extension:
846  . Fixed bug #54016 (finfo_file() Cannot determine filetype in archives).
847    (Hannes)
848
849- Gettext
850  . Fixed bug #53837 (_() crashes on Windows when no LANG or LANGUAGE
851    environment variable are set). (Pierre)
852
853- IMAP extension:
854  . Implemented FR #53812 (get MIME headers of the part of the email). (Stas)
855  . Fixed bug #53377 (imap_mime_header_decode() doesn't ignore \t during long
856    MIME header unfolding). (Adam)
857
858- Intl extension:
859  . Fixed bug #53612 (Segmentation fault when using cloned several intl
860    objects). (Gustavo)
861  . Fixed bug #53512 (NumberFormatter::setSymbol crash on bogus $attr values).
862    (Felipe)
863  . Implemented clone functionality for number, date & message formatters.
864    (Stas).
865
866- JSON extension:
867  . Fixed bug #53963 (Ensure error_code is always set during some failed
868    decodings). (Scott)
869
870- mysqlnd
871  . Fixed problem with always returning 0 as num_rows for unbuffered sets.
872    (Andrey, Ulf)
873
874- MySQL Improved extension:
875  . Added 'db' and 'catalog' keys to the field fetching functions (FR #39847).
876    (Kalle)
877  . Fixed buggy counting of affected rows when using the text protocol. The
878    collected statistics were wrong when multi_query was used with mysqlnd
879    (Andrey)
880  . Fixed bug #53795 (Connect Error from MySqli (mysqlnd) when using SSL).
881    (Kalle)
882  . Fixed bug #53503 (mysqli::query returns false after successful LOAD DATA
883    query). (Kalle, Andrey)
884  . Fixed bug #53425 (mysqli_real_connect() ignores client flags when built to
885    call libmysql). (Kalle, tre-php-net at crushedhat dot com)
886
887- OpenSSL extension:
888  . Fixed stream_socket_enable_crypto() not honoring the socket timeout in
889    server mode. (Gustavo)
890  . Fixed bug #54060 (Memory leaks when openssl_encrypt). (Pierre)
891  . Fixed bug #54061 (Memory leaks when openssl_decrypt). (Pierre)
892  . Fixed bug #53592 (stream_socket_enable_crypto() busy-waits in client mode).
893    (Gustavo)
894  . Implemented FR #53447 (Cannot disable SessionTicket extension for servers
895    that do not support it) by adding a no_ticket SSL context option. (Adam,
896    Tony)
897
898- PDO MySQL driver:
899  . Fixed bug #53551 (PDOStatement execute segfaults for pdo_mysql driver).
900    (Johannes)
901  . Implemented FR #47802 (Support for setting character sets in DSN strings).
902    (Kalle)
903
904- PDO Oracle driver:
905  . Fixed bug #39199 (Cannot load Lob data with more than 4000 bytes on
906    ORACLE 10). (spatar at mail dot nnov dot ru)
907
908- PDO PostgreSQL driver:
909  . Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down).
910    (gyp at balabit dot hu)
911
912- Phar extension:
913  . Fixed bug #54247 (format-string vulnerability on Phar). (Felipe)
914    (CVE-2011-1153)
915  . Fixed bug #53541 (format string bug in ext/phar).
916    (crrodriguez at opensuse dot org, Ilia)
917  . Fixed bug #53898 (PHAR reports invalid error message, when the directory
918    does not exist). (Ilia)
919
920- PHP-FPM SAPI:
921  . Enforce security in the fastcgi protocol parsing.
922    (ef-lists at email dotde)
923  . Fixed bug #53777 (php-fpm log format now match php_error log format). (fat)
924  . Fixed bug #53527 (php-fpm --test doesn't set a valuable return value). (fat)
925  . Fixed bug #53434 (php-fpm slowlog now also logs the original request). (fat)
926
927- Readline extension:
928  . Fixed bug #53630 (Fixed parameter handling inside readline() function).
929    (jo at feuersee dot de, Ilia)
930
931- Reflection extension:
932  . Fixed bug #53915 (ReflectionClass::getConstant(s) emits fatal error on
933    constants with self::). (Gustavo)
934
935- Shmop extension:
936  . Fixed bug #54193 (Integer overflow in shmop_read()). (Felipe)
937    Reported by Jose Carlos Norte <jose at eyeos dot org> (CVE-2011-1092)
938
939- SNMP extension:
940  . Fixed bug #51336 (snmprealwalk (snmp v1) does not handle end of OID tree
941    correctly). (Boris Lytochkin)
942
943- SOAP extension:
944  . Fixed possible crash introduced by the NULL poisoning patch.
945    (Mateusz Kocielski, Pierre)
946
947- SPL extension:
948  . Fixed memory leak in DirectoryIterator::getExtension() and
949    SplFileInfo::getExtension(). (Felipe)
950  . Fixed bug #53914 (SPL assumes HAVE_GLOB is defined). (Chris Jones)
951  . Fixed bug #53515 (property_exists incorrect on ArrayObject null and 0
952    values). (Felipe)
953  . Fixed bug #49608 (Using CachingIterator on DirectoryIterator instance
954    segfaults). (Felipe)
955
956  . Added SplFileInfo::getExtension(). FR #48767. (Peter Cowburn)
957
958- SQLite3 extension:
959  . Fixed memory leaked introduced by the NULL poisoning patch.
960    (Mateusz Kocielski, Pierre)
961  . Fixed memory leak on SQLite3Result and SQLite3Stmt when assigning to a
962    reference. (Felipe)
963  . Add SQlite3_Stmt::readonly() for checking if a statement is read only.
964    (Scott)
965  . Implemented FR #53466 (SQLite3Result::columnType() should return false after
966    all of the rows have been fetched). (Scott)
967
968- Streams:
969  . Fixed bug #54092 (Segmentation fault when using HTTP proxy with the FTP
970    wrapper). (Gustavo)
971  . Fixed bug #53913 (Streams functions assume HAVE_GLOB is defined). (Chris
972    Jones)
973  . Fixed bug #53903 (userspace stream stat callback does not separate the
974    elements of the returned array before converting them). (Gustavo)
975  . Implemented FR #26158 (open arbitrary file descriptor with fopen). (Gustavo)
976
977- Tokenizer Extension
978  . Fixed bug #54089 (token_get_all() does not stop after __halt_compiler).
979    (Ilia)
980
981- XSL extension:
982  . Fixed memory leaked introduced by the NULL poisoning patch.
983    (Mateusz Kocielski, Pierre)
984
985- Zip extension:
986  . Added the filename into the return value of stream_get_meta_data(). (Hannes)
987  . Fixed bug #53923 (Zip functions assume HAVE_GLOB is defined). (Adam)
988  . Fixed bug #53893 (Wrong return value for ZipArchive::extractTo()). (Pierre)
989  . Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive).
990    (Stas, Maksymilian Arciemowicz). (CVE-2011-0421)
991  . Fixed bug #53854 (Missing constants for compression type). (Richard, Adam)
992  . Fixed bug #53603 (ZipArchive should quiet stat errors). (brad dot froehle at
993    gmail dot com, Gustavo)
994  . Fixed bug #53579 (stream_get_contents() segfaults on ziparchive streams).
995    (Hannes)
996  . Fixed bug #53568 (swapped memset arguments in struct initialization).
997    (crrodriguez at opensuse dot org)
998  . Fixed bug #53166 (Missing parameters in docs and reflection definition).
999    (Richard)
1000  . Fixed bug #49072 (feof never returns true for damaged file in zip).
1001    (Gustavo, Richard Quadling)
1002
100306 Jan 2011, PHP 5.3.5
1004- Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott,
1005  Rasmus)
1006
100709 Dec 2010, PHP 5.3.4
1008- Upgraded bundled Sqlite3 to version 3.7.3. (Ilia)
1009- Upgraded bundled PCRE to version 8.10. (Ilia)
1010
1011- Security enhancements:
1012  . Fixed crash in zip extract method (possible CWE-170).
1013    (Maksymilian Arciemowicz, Pierre)
1014  . Paths with NULL in them (foo\0bar.txt) are now considered as invalid.
1015    (Rasmus)
1016  . Fixed a possible double free in imap extension (Identified by Mateusz
1017    Kocielski). (CVE-2010-4150). (Ilia)
1018  . Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
1019    (CVE-2010-3709). (Maksymilian Arciemowicz)
1020  . Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
1021  . Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). (Pierre)
1022  . Fixed symbolic resolution support when the target is a DFS share. (Pierre)
1023  . Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
1024    large amount of data) (CVE-2010-3710). (Adam)
1025
1026- General improvements:
1027  . Added stat support for zip stream. (Pierre)
1028  . Added follow_location (enabled by default) option for the http stream
1029    support. (Pierre)
1030  . Improved support for is_link and related functions on Windows. (Pierre)
1031  . Added a 3rd parameter to get_html_translation_table. It now takes a charset
1032    hint, like htmlentities et al. (Gustavo)
1033
1034- Implemented feature requests:
1035  . Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect
1036    zend multibyte at runtime. (Kalle)
1037  . Implemented FR #52173, added functions pcntl_get_last_error() and
1038     pcntl_strerror(). (nick dot telford at gmail dot com, Arnaud)
1039  . Implemented symbolic links support for open_basedir checks. (Pierre)
1040  . Implemented FR #51804, SplFileInfo::getLinkTarget on Windows. (Pierre)
1041  . Implemented FR #50692, not uploaded files don't count towards
1042    max_file_uploads limit. As a side improvement, temporary files are not
1043    opened for empty uploads and, in debug mode, 0-length uploads. (Gustavo)
1044
1045- Improved MySQLnd:
1046  . Added new character sets to mysqlnd, which are available in MySQL 5.5
1047    (Andrey)
1048
1049- Improved PHP-FPM SAPI:
1050  . Added '-p/--prefix' to php-fpm to use a custom prefix and run multiple
1051    instances. (fat)
1052  . Added custom process title for FPM. (fat)
1053  . Added '-t/--test' to php-fpm to check and validate FPM conf file. (fat)
1054  . Added statistics about listening socket queue length for FPM.
1055    (andrei dot nigmatulin at gmail dot com, fat)
1056
1057- Core:
1058  . Fixed extract() to do not overwrite $GLOBALS and $this when using
1059    EXTR_OVERWRITE. (jorto at redhat dot com)
1060  . Fixed bug in the Windows implementation of dns_get_record, where the two
1061    last parameters wouldn't be filled unless the type were DNS_ANY (Gustavo).
1062  . Changed the $context parameter on copy() to actually have an effect. (Kalle)
1063  . Fixed htmlentities/htmlspecialchars accepting certain ill-formed UTF-8
1064    sequences. (Gustavo)
1065  . Fixed bug #53409 (sleep() returns NULL on Windows). (Pierre)
1066  . Fixed bug #53319 (strip_tags() may strip '<br />' incorrectly). (Felipe)
1067  . Fixed bug #53304 (quot_print_decode does not handle lower-case hex digits).
1068    (Ilia, daniel dot mueller at inexio dot net)
1069  . Fixed bug #53248 (rawurlencode RFC 3986 EBCDIC support misses tilde char).
1070    (Justin Martin)
1071  . Fixed bug #53226 (file_exists fails on big filenames). (Adam)
1072  . Fixed bug #53198 (changing INI setting "from" with ini_set did not have any
1073    effect). (Gustavo)
1074  . Fixed bug #53180 (post_max_size=0 not disabling the limit when the content
1075    type is application/x-www-form-urlencoded or is not registered with PHP).
1076    (gm at tlink dot de, Gustavo)
1077  . Fixed bug #53141 (autoload misbehaves if called from closing session).
1078    (ladislav at marek dot su)
1079  . Fixed bug #53021 (In html_entity_decode, failure to convert numeric entities
1080    with ENT_NOQUOTES and ISO-8859-1). Fixed and extended the fix of
1081    ENT_NOQUOTES in html_entity_decode that had introduced the bug (rev
1082    #185591) to other encodings. Additionaly, html_entity_decode() now doesn't
1083    decode &#34; if ENT_NOQUOTES is given. (Gustavo)
1084  . Fixed bug #52931 (strripos not overloaded with function overloading
1085    enabled). (Felipe)
1086  . Fixed bug #52772 (var_dump() doesn't check for the existence of
1087    get_class_name before calling it). (Kalle, Gustavo)
1088  . Fixed bug #52534 (var_export array with negative key). (Felipe)
1089  . Fixed bug #52327 (base64_decode() improper handling of leading padding in
1090    strict mode). (Ilia)
1091  . Fixed bug #52260 (dns_get_record fails with non-existing domain on Windows).
1092    (a_jelly_doughnut at phpbb dot com, Pierre)
1093  . Fixed bug #50953 (socket will not connect to IPv4 address when the host has
1094    both IPv4 and IPv6 addresses, on Windows). (Gustavo, Pierre)
1095  . Fixed bug #50524 (proc_open on Windows does not respect cwd as it does on
1096    other platforms). (Pierre)
1097  . Fixed bug #49687 (utf8_decode vulnerabilities and deficiencies in the number
1098    of reported malformed sequences). (CVE-2010-3870) (Gustavo)
1099  . Fixed bug #49407 (get_html_translation_table doesn't handle UTF-8).
1100    (Gustavo)
1101  . Fixed bug #48831 (php -i has different output to php --ini). (Richard,
1102    Pierre)
1103  . Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4).
1104    (Felipe)
1105  . Fixed bug #47168 (printf of floating point variable prints maximum of 40
1106    decimal places). (Ilia)
1107  . Fixed bug #46587 (mt_rand() does not check that max is greater than min).
1108    (Ilia)
1109  . Fixed bug #29085 (bad default include_path on Windows). (Pierre)
1110  . Fixed bug #25927 (get_html_translation_table
1111