1PHP NEWS 2||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| 306 Dec 2018 PHP 7.0.33 4 5- Core: 6 . Fixed bug #77231 (Segfault when using convert.quoted-printable-encode 7 filter). (Stas) 8 9- IMAP: 10 . Fixed bug #77020 (null pointer dereference in imap_mail). (cmb) 11 . Fixed bug #77153 (imap_open allows to run arbitrary shell commands via 12 mailbox parameter). (Stas) 13 14- Phar: 15 . Fixed bug #77022 (PharData always creates new files with mode 0666). (Stas) 16 . Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). 17 (Stas) 18 1913 Sep 2018 PHP 7.0.32 20 21- Apache2 22 . Fixed bug #76582 (XSS due to the header Transfer-Encoding: chunked). (Stas) 23 2419 Jul 2018 PHP 7.0.31 25 26- Exif: 27 . Fixed bug #76423 (Int Overflow lead to Heap OverFlow in 28 exif_thumbnail_extract of exif.c). (Stas) 29 . Fixed bug #76557 (heap-buffer-overflow (READ of size 48) while reading exif 30 data). (Stas) 31 32- Win32: 33 . Fixed bug #76459 (windows linkinfo lacks openbasedir check). (Anatol) 34 3526 Apr 2018 PHP 7.0.30 36 37- Exif: 38 . Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). 39 (Stas) 40 41- iconv: 42 . Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on 43 invalid sequence). (Stas) 44 45- LDAP: 46 . Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (Stas) 47 48- Phar: 49 . Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (Stas) 50 5129 Mar 2018 PHP 7.0.29 52 53- FPM: 54 . Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache 55 access controls). (Jakub Zelenka) 56 5701 Mar 2018 PHP 7.0.28 58 59- Standard: 60 . Fixed bug #75981 (stack-buffer-overflow while parsing HTTP response). (Stas) 61 6204 Jan 2018 PHP 7.0.27 63 64- CLI Server: 65 . Fixed bug #60471 (Random "Invalid request (unexpected EOF)" using a router 66 script). (SammyK) 67 68- Core: 69 . Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand). 70 (Anatol) 71 . Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26). (Laruence) 72 73- FPM: 74 . Fixed bug #64938 (libxml_disable_entity_loader setting is shared between 75 requests). (Remi) 76 77- GD: 78 . Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx). (cmb) 79 80- Opcache: 81 . Fixed bug #75579 (Interned strings buffer overflow may cause crash). 82 (Dmitry) 83 84- PCRE: 85 . Fixed bug #74183 (preg_last_error not returning error code after error). 86 (Andrew Nester) 87 88- Phar: 89 . Fixed bug #74782 (Reflected XSS in .phar 404 page). (Stas) 90 91- Standard: 92 . Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP 93 segment fault). (Nikita) 94 . Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator 95 that getrandom() is missing). (sarciszewski) 96 97- Zip: 98 . Fixed bug #75540 (Segfault with libzip 1.3.1). (Remi) 99 10023 Nov 2017 PHP 7.0.26 101 102- Core: 103 . Fixed bug #75420 (Crash when modifing property name in __isset for 104 BP_VAR_IS). (Laruence) 105 . Fixed bug #75368 (mmap/munmap trashing on unlucky allocations). (Nikita, 106 Dmitry) 107 108- CLI: 109 . Fixed bug #75287 (Builtin webserver crash after chdir in a shutdown 110 function). (Laruence) 111 112- Enchant: 113 . Fixed bug #53070 (enchant_broker_get_path crashes if no path is set). (jelle 114 van der Waa, cmb) 115 . Fixed bug #75365 (Enchant still reports version 1.1.0). (cmb) 116 117- Exif: 118 . Fixed bug #75301 (Exif extension has built in revision version). (Peter 119 Kokot) 120 121- GD: 122 . Fixed bug #65148 (imagerotate may alter image dimensions). (cmb) 123 . Fixed bug #75437 (Wrong reflection on imagewebp). (Fabien Villepinte) 124 125- intl: 126 . Fixed bug #75317 (UConverter::setDestinationEncoding changes source instead 127 of destination). (andrewnester) 128 129- interbase: 130 . Fixed bug #75453 (Incorrect reflection for ibase_[p]connect). (villfa) 131 132- Mysqli: 133 . Fixed bug #75434 (Wrong reflection for mysqli_fetch_all function). (Fabien 134 Villepinte) 135 136- OCI8: 137 . Fixed valgrind issue. (Tianfang Yang) 138 139- Opcache: 140 . Fixed bug #75373 (Warning Internal error: wrong size calculation). (Laruence, Dmitry) 141 142- OpenSSL: 143 . Fixed bug #75363 (openssl_x509_parse leaks memory). (Bob, Jakub Zelenka) 144 . Fixed bug #75307 (Wrong reflection for openssl_open function). (villfa) 145 146- PGSQL: 147 . Fixed bug #75419 (Default link incorrectly cleared/linked by pg_close()). (Sara) 148 149- SOAP: 150 . Fixed bug #75464 (Wrong reflection on SoapClient::__setSoapHeaders). (villfa) 151 152- Zlib: 153 . Fixed bug #75299 (Wrong reflection on inflate_init and inflate_add). (Fabien 154 Villepinte) 155 15626 Oct 2017 PHP 7.0.25 157 158- Core: 159 . Fixed bug #75241 (Null pointer dereference in zend_mm_alloc_small()). 160 (Laruence) 161 . Fixed bug #75236 (infinite loop when printing an error-message). (Andrea) 162 . Fixed bug #75252 (Incorrect token formatting on two parse errors in one 163 request). (Nikita) 164 . Fixed bug #75220 (Segfault when calling is_callable on parent). 165 (andrewnester) 166 . Fixed bug #75290 (debug info of Closures of internal functions contain 167 garbage argument names). (Andrea) 168 169- Apache2Handler: 170 . Fixed bug #75311 (error: 'zend_hash_key' has no member named 'arKey' in 171 apache2handler). (mcarbonneaux) 172 173- Date: 174 . Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (Derick) 175 176- Intl: 177 . Fixed bug #75318 (The parameter of UConverter::getAliases() is not 178 optional). (cmb) 179 180- mcrypt: 181 . Fixed bug #72535 (arcfour encryption stream filter crashes php). (Leigh) 182 183- OCI8: 184 . Fixed incorrect reference counting. (Dmitry, Tianfang Yang) 185 186- PCRE: 187 . Fixed bug #75207 (applied upstream patch for CVE-2016-1283). (Anatol) 188 189- litespeed: 190 . Fixed bug #75248 (Binary directory doesn't get created when building 191 only litespeed SAPI). (petk) 192 . Fixed bug #75251 (Missing program prefix and suffix). (petk) 193 194- SPL: 195 . Fixed bug #73629 (SplDoublyLinkedList::setIteratorMode masks intern flags). 196 (J. Jeising, cmb) 197 19828 Sep 2017 PHP 7.0.24 199 200- Core: 201 . Fixed bug #75042 (run-tests.php issues with EXTENSION block). (John Boehr) 202 203- BCMath: 204 . Fixed bug #44995 (bcpowmod() fails if scale != 0). (cmb) 205 . Fixed bug #46781 (BC math handles minus zero incorrectly). (cmb) 206 . Fixed bug #54598 (bcpowmod() may return 1 if modulus is 1). (okano1220, cmb) 207 . Fixed bug #75178 (bcpowmod() misbehaves for non-integer base or modulus). (cmb) 208 209- CLI server: 210 . Fixed bug #70470 (Built-in server truncates headers spanning over TCP 211 packets). (bouk) 212 213- CURL: 214 . Fixed bug #75093 (OpenSSL support not detected). (Remi) 215 216- GD: 217 . Fixed bug #75124 (gdImageGrayScale() may produce colors). (cmb) 218 . Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?). (cmb) 219 220- Gettext: 221 . Fixed bug #73730 (textdomain(null) throws in strict mode). (cmb) 222 223- Intl: 224 . Fixed bug #75090 (IntlGregorianCalendar doesn't have constants from parent 225 class). (tpunt) 226 . Fixed bug #75193 (segfault in collator_convert_object_to_string). (Remi) 227 228- PDO_OCI: 229 . Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized 230 before PHP-FPM sets it up). (Ingmar Runge) 231 232- SPL: 233 . Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop). 234 (jhdxr) 235 236- Standard: 237 . Fixed bug #75097 (gethostname fails if your host name is 64 chars long). (Andrea) 238 23931 Aug 2017 PHP 7.0.23 240 241- Core: 242 . Fixed bug #74947 (Segfault in scanner on INF number). (Laruence) 243 . Fixed bug #74954 (null deref and segfault in zend_generator_resume()). (Bob) 244 . Fixed bug #74725 (html_errors=1 breaks unhandled exceptions). (Andrea) 245 . Fixed bug #75349 (NAN comparison). (Sara) 246 247- cURL: 248 . Fixed bug #74125 (Fixed finding CURL on systems with multiarch support). 249 (cebe) 250 251- Date: 252 . Fixed bug #75002 (Null Pointer Dereference in timelib_time_clone). (Derick) 253 254- Intl: 255 . Fixed bug #74993 (Wrong reflection on some locale_* functions). (Sara) 256 257- Mbstring: 258 . Fixed bug #71606 (Segmentation fault mb_strcut with HTML-ENTITIES encoding). 259 (cmb) 260 . Fixed bug #62934 (mb_convert_kana() does not convert iteration marks). 261 (Nikita) 262 . Fixed bug #75001 (Wrong reflection on mb_eregi_replace). (Fabien 263 Villepinte) 264 265- MySQLi: 266 . Fixed bug #74968 (PHP crashes when calling mysqli_result::fetch_object with 267 an abstract class). (Anatol) 268 269- OCI8: 270 . Expose oci_unregister_taf_callback() (Tianfang Yang) 271 272- phar: 273 . Fixed bug #74991 (include_path has a 4096 char limit in some cases). 274 (bwbroersma) 275 276- Reflection: 277 . Fixed bug #74949 (null pointer dereference in _function_string). (Laruence) 278 279- Session: 280 . Fixed bug #74833 (SID constant created with wrong module number). (Anatol) 281 282- SimpleXML: 283 . Fixed bug #74950 (nullpointer deref in simplexml_element_getDocNamespaces). 284 (Laruence) 285 286- SPL: 287 . Fixed bug #75049 (spl_autoload_unregister can't handle 288 spl_autoload_functions results). (Laruence) 289 . Fixed bug #74669 (Unserialize ArrayIterator broken). (Andrew Nester) 290 . Fixed bug #75015 (Crash in recursive iterator destructors). (Julien) 291 292- Standard: 293 . Fixed bug #75075 (unpack with X* causes infinity loop). (Laruence) 294 . Fixed bug #74103 (heap-use-after-free when unserializing invalid array 295 size). (Nikita) 296 . Fixed bug #75054 (A Denial of Service Vulnerability was found when 297 performing deserialization). (Nikita) 298 299- WDDX: 300 . Fixed bug #73793 (WDDX uses wrong decimal seperator). (cmb) 301 302- XMLRPC: 303 . Fixed bug #74975 (Incorrect xmlrpc serialization for classes with declared 304 properties). (blar) 305 30603 Aug 2017 PHP 7.0.22 307 308- Core: 309 . Fixed bug #74832 (Loading PHP extension with already registered function 310 name leads to a crash). (jpauli) 311 . Fixed bug #74780 (parse_url() borken when query string contains colon). 312 (jhdxr) 313 . Fixed bug #74761 (Unary operator expected error on some systems). (petk) 314 . Fixed bug #73900 (Use After Free in unserialize() SplFixedArray). (nikic) 315 . Fixed bug #74913 (fixed incorrect poll.h include). (petk) 316 . Fixed bug #74906 (fixed incorrect errno.h include). (petk) 317 318- Date: 319 . Fixed bug #74852 (property_exists returns true on unknown DateInterval 320 property). (jhdxr) 321 322- OCI8: 323 . Fixed bug #74625 (Integer overflow in oci_bind_array_by_name). (Ingmar Runge) 324 325- Opcache: 326 . Fixed bug #74840 (Opcache overwrites argument of GENERATOR_RETURN within 327 finally). (Bob) 328 329- PDO: 330 . Fixed bug #69356 (PDOStatement::debugDumpParams() truncates query). (Adam 331 Baratz) 332 333- SPL: 334 . Fixed bug #73471 (PHP freezes with AppendIterator). (jhdxr) 335 336- SQLite3: 337 . Fixed bug #74883 (SQLite3::__construct() produces "out of memory" exception 338 with invalid flags). (Anatol) 339 340- Wddx: 341 . Fixed bug #73173 (huge memleak when wddx_unserialize). 342 (tloi at fortinet dot com) 343 344- zlib: 345 . Fixed bug #73944 (dictionary option of inflate_init() does not work). 346 (wapmorgan) 347 34806 Jul 2017 PHP 7.0.21 349 350- Core: 351 . Fixed bug #74738 (Multiple [PATH=] and [HOST=] sections not properly 352 parsed). (Manuel Mausz) 353 . Fixed bug #74658 (Undefined constants in array properties result in broken 354 properties). (Laruence) 355 . Fixed misparsing of abstract unix domain socket names. (Sara) 356 . Fixed bug #74101, bug #74614 (Unserialize Heap Use-After-Free (READ: 1) in 357 zval_get_type). (Nikita) 358 . Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from 359 unserialize). (Nikita) 360 . Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability). 361 (Stas) 362 . Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via 363 php_parse_date()). (Derick) 364 365- DOM: 366 . Fixed bug #69373 (References to deleted XPath query results). (ttoohey) 367 368- GD: 369 . Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb) 370 371- Intl: 372 . Fixed bug #73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex) 373 . Fixed bug #74705 (Wrong reflection on Collator::getSortKey and 374 collator_get_sort_key). (Tyson Andre, Remi) 375 . Fixed bug #73634 (grapheme_strpos illegal memory access). (Stas) 376 377- Mbstring: 378 . Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, 379 CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA) 380 381- OCI8: 382 . Add TAF callback (PR #2459). (KoenigsKind) 383 384- Opcache: 385 . Fixed bug #74663 (Segfault with opcache.memory_protect and 386 validate_timestamp). (Laruence) 387 388- OpenSSL: 389 . Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). 390 (Stas) 391 392- PCRE: 393 . Fixed bug #74087 (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)). 394 (Stas) 395 396- PDO_OCI: 397 . Support Instant Client 12.2 in --with-pdo-oci configure option. 398 (Tianfang Yang) 399 400- Reflection: 401 . Fixed bug #74673 (Segfault when cast Reflection object to string with 402 undefined constant). (Laruence) 403 404- SPL: 405 . Fixed bug #74478 (null coalescing operator failing with SplFixedArray). 406 (jhdxr) 407 408- Standard: 409 . Fixed bug #74708 (Invalid Reflection signatures for random_bytes and 410 random_int). (Tyson Andre, Remi) 411 . Fixed bug #73648 (Heap buffer overflow in substr). (Stas) 412 413- FTP: 414 . Fixed bug #74598 (ftp:// wrapper ignores context arg). (Sara) 415 416- PHAR: 417 . Fixed bug #74386 (Phar::__construct reflection incorrect). (villfa) 418 419- SOAP 420 . Fixed bug #74679 (Incorrect conversion array with WSDL_CACHE_MEMORY). 421 (Dmitry) 422 423- Streams: 424 . Fixed bug #74556 (stream_socket_get_name() returns '\0'). (Sara) 425 4268 Jun 2017 PHP 7.0.20 427 428- Core: 429 . Fixed bug #74600 (crash (SIGSEGV) in _zend_hash_add_or_update_i). 430 (Laruence) 431 . Fixed bug #74546 (SIGILL in ZEND_FETCH_CLASS_CONSTANT_SPEC_CONST_CONST). 432 (Laruence) 433 434- intl: 435 . Fixed bug #74468 (wrong reflection on Collator::sortWithSortKeys). (villfa) 436 437- MySQLi: 438 . Fixed bug #74547 (mysqli::change_user() doesn't accept null as $database 439 argument w/strict_types). (Anatol) 440 441- Opcache: 442 . Fixed bug #74596 (SIGSEGV with opcache.revalidate_path enabled). (Laruence) 443 444- phar: 445 . Fixed bug #51918 (Phar::webPhar() does not handle requests sent through PUT 446 and DELETE method). (Christian Weiske) 447 448- Standard: 449 . Fixed bug #74510 (win32/sendmail.c anchors CC header but not BCC). 450 (Damian Wadley, Anatol) 451 452- xmlreader: 453 . Fixed bug #74457 (Wrong reflection on XMLReader::expand). (villfa) 454 45511 May 2017 PHP 7.0.19 456 457- Core: 458 . Fixed bug #74188 (Null coalescing operator fails for undeclared static 459 class properties). (tpunt) 460 . Fixed bug #74408 (Endless loop bypassing execution time limit). (Laruence) 461 . Fixed bug #74410 (stream_select() is broken on Windows Nanoserver). 462 (Matt Ficken) 463 . Fixed bug #74337 (php-cgi.exe crash on facebook callback). 464 (Anton Serbulov) 465 . Patch for bug #74216 was reverted. (Anatol) 466 467- Date: 468 . Fixed bug #74404 (Wrong reflection on DateTimeZone::getTransitions). 469 (krakjoe) 470 . Fixed bug #74080 (add constant for RFC7231 format datetime). (duncan3dc) 471 472- DOM: 473 . Fixed bug #74416 (Wrong reflection on DOMNode::cloneNode). 474 (Remi, Fabien Villepinte) 475 476- Fileinfo: 477 . Fixed bug #74379 (syntax error compile error in libmagic/apprentice.c). 478 (Laruence) 479 480- GD: 481 . Fixed bug #74343 (compile fails on solaris 11 with system gd2 library). 482 (krakjoe) 483 484- intl: 485 . Fixed bug #74433 (wrong reflection for Normalizer methods). (villfa) 486 . Fixed bug #74439 (wrong reflection for Locale methods). (villfa) 487 488- MySQLi: 489 . Fixed bug #74432 (mysqli_connect adding ":3306" to $host if $port parameter 490 not given). (Anatol) 491 492- MySQLnd: 493 . Added support for MySQL 8.0 types. (Johannes) 494 . Fixed bug #74376 (Invalid free of persistent results on error/connection 495 loss). (Yussuf Khalil) 496 497- OpenSSL: 498 . Fixed bug #73833 (null character not allowed in openssl_pkey_get_private). 499 (Jakub Zelenka) 500 . Fixed bug #73711 (Segfault in openssl_pkey_new when generating DSA or DH 501 key). (Jakub Zelenka) 502 . Fixed bug #74341 (openssl_x509_parse fails to parse ASN.1 UTCTime without 503 seconds). (Moritz Fain) 504 . Added OpenSSL 1.1.0 support. (Jakub Zelenka) 505 506- phar: 507 . Fixed bug #74383 (phar method parameters reflection correction). 508 (mhagstrand) 509 510- Standard: 511 . Fixed bug #74409 (Reflection information for ini_get_all() is incomplete). 512 (Sebastian Bergmann) 513 . Fixed bug #72071 (setcookie allows max-age to be negative). (Craig Duncan) 514 515- Streams: 516 . Fixed bug #74429 (Remote socket URI with unique persistence identifier 517 broken). (Sara) 518 519- SQLite3: 520 . Fixed bug #74413 (incorrect reflection for SQLite3::enableExceptions). 521 (krakjoe) 522 52313 Apr 2017 PHP 7.0.18 524 525- Core: 526 . Fixed bug #73370 (falsely exits with "Out of Memory" when using 527 USE_ZEND_ALLOC=0). (Nikita) 528 . Fixed bug #73960 (Leak with instance method calling static method with 529 referenced return). (Nikita) 530 . Fixed bug #74265 (Build problems after 7.0.17 release: undefined reference 531 to `isfinite'). (Nikita) 532 . Fixed bug #74302 (yield fromLABEL is over-greedy). (Sara) 533 534- Apache: 535 . Reverted patch for bug #61471, fixes bug #74318. (Anatol) 536 537- Date: 538 . Fixed bug #72096 (Swatch time value incorrect for dates before 1970). (mcq8) 539 540- DOM: 541 . Fixed bug #74004 (LIBXML_NOWARNING flag ingnored on loadHTML*). 542 (somedaysummer) 543 544- iconv: 545 . Fixed bug #74230 (iconv fails to fail on surrogates). (Anatol) 546 547- OCI8: 548 . Fixed uninitialized data causing random crash. (Dmitry) 549 550- OpenSSL: 551 . Fixed bug #72333 (fwrite() on non-blocking SSL sockets doesn't work). 552 (Jakub Zelenka) 553 554- PDO MySQL: 555 . Fixed bug #71003 (Expose MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT to PDO 556 interface). (Thomas Orozco) 557 558- Streams: 559 . Fixed bug #74216 (Correctly fail on invalid IP address ports). (Sara) 560 561- Zlib: 562 . Fixed bug #74240 (deflate_add can allocate too much memory). (Matt Bonneau) 563 56416 Mar 2017 PHP 7.0.17 565 566- Core: 567 . Fixed bug #73989 (PHP 7.1 Segfaults within Symfony test suite). 568 (Dmitry, Laruence) 569 . Fixed bug #74084 (Out of bound read - zend_mm_alloc_small). (Laruence) 570 . Fixed bug #73807 (Performance problem with processing large post request). 571 (Nikita) 572 . Fixed bug #73998 (array_key_exists fails on arrays created by 573 get_object_vars). (mhagstrand) 574 . Fixed bug #73954 (NAN check fails on Alpine Linux with musl). (Andrea) 575 . Fixed bug #74039 (is_infinite(-INF) returns false). (Christian Schmidt) 576 . Fixed bug #73677 (Generating phar.phar core dump with gcc ASAN enabled 577 build). (ondrej) 578 579- Apache: 580 . Fixed bug #61471 (Incomplete POST does not timeout but is passed to PHP). 581 (Zheng Shao) 582 583- Date: 584 . Fixed bug #72719 (Relative datetime format ignores weekday on sundays 585 only). (Derick) 586 . Fixed bug #73294 (DateTime wrong when date string is negative). (Derick) 587 . Fixed bug #73489 (wrong timestamp when call setTimeZone multi times with 588 UTC offset). (xiami, Derick) 589 . Fixed bug #73858 (first/last day of' flag is not being reset). (Derick) 590 . Fixed bug #73942 ($date->modify('Friday this week') doesn't return a Friday 591 if $date is a Sunday). (Derick) 592 . Fixed bug #74057 (wrong day when using "this week" in strtotime). (Derick) 593 594- FPM: 595 . Fixed bug #69860 (php-fpm process accounting is broken with keepalive). 596 (Denis Yeldandi) 597 598- Hash: 599 . Fixed bug #73127 (gost-crypto hash incorrect if input data contains long 600 0xFF sequence). (Grundik) 601 602- GD: 603 . Fixed bug #74031 (ReflectionFunction for imagepng is missing last two 604 parameters). (finwe) 605 606- Mysqlnd: 607 . Fixed bug #74021 (fetch_array broken data. Data more then MEDIUMBLOB). 608 (Andrew Nester, Nikita) 609 610- Opcache: 611 . Fixed bug #74152 (if statement says true to a null variable). (Laruence) 612 . Fixed bug #74019 (Segfault with list). (Laruence) 613 614- OpenSSL: 615 . Fixed bug #74022 (PHP Fast CGI crashes when reading from a pfx file). 616 (Anatol) 617 618- PDO_OCI: 619 . Fixed bug #54379 (PDO_OCI: UTF-8 output gets truncated). (gureedo / Oracle) 620 621- Standard: 622 . Fixed bug #74148 (ReflectionFunction incorrectly reports the number of 623 arguments). (Laruence) 624 . Fixed bug #74005 (mail.add_x_header causes RFC-breaking lone line feed). 625 (Anatol) 626 . Fixed bug #73118 (is_callable callable name reports misleading value for 627 anonymous classes). (Adam Saponara) 628 . Fixed bug #74105 (PHP on Linux should use /dev/urandom when getrandom is 629 not available). (Benjamin Robin) 630 631- Streams: 632 . Fixed bug #73496 (Invalid memory access in zend_inline_hash_func). 633 (Laruence) 634 . Fixed bug #74090 (stream_get_contents maxlength>-1 returns empty string). 635 (Anatol) 636 637 63816 Feb 2017 PHP 7.0.16 639 640- Core: 641 . Fixed bug #73916 (zend_print_flat_zval_r doesn't consider reference). 642 (Laruence) 643 . Fixed bug #73876 (Crash when exporting **= in expansion of assign op). 644 (Sara) 645 . Fixed bug #73969 (segfault in debug_print_backtrace). (andrewnester) 646 . Fixed bug #73973 (assertion error in debug_zval_dump). (andrewnester) 647 648- DOM: 649 . Fixed bug #54382 (getAttributeNodeNS doesn't get xmlns* attributes). 650 (aboks) 651 652- DTrace: 653 . Fixed bug #73965 (DTrace reported as enabled when disabled). (Remi) 654 655- FPM: 656 . Fixed bug #67583 (double fastcgi_end_request on max_children limit). 657 (Dmitry Saprykin) 658 . Fixed bug #69865 (php-fpm does not close stderr when using syslog). 659 (m6w6) 660 661- GD: 662 . Fixed bug #73968 (Premature failing of XBM reading). (cmb) 663 664- GMP: 665 . Fixed bug #69993 (test for gmp.h needs to test machine includes). 666 (Jordan Gigov) 667 668- Intl: 669 . Fix bug #73956 (Link use CC instead of CXX). (Remi) 670 671- LDAP: 672 . Fixed bug #73933 (error/segfault with ldap_mod_replace and opcache). 673 (Laruence) 674 675- MySQLi: 676 . Fixed bug #73949 (leak in mysqli_fetch_object). (krakjoe) 677 678- Mysqlnd: 679 . Fixed bug #69899 (segfault on close() after free_result() with mysqlnd). 680 (Richard Fussenegger) 681 682- Opcache: 683 . Fixed bug #73983 (crash on finish work with phar in cli + opcache). 684 (Anatol) 685 686- OpenSSL: 687 . Fixed bug #71519 (add serial hex to return value array). (xrobau) 688 689- PDO_Firebird: 690 . Implemented FR #72583 (All data are fetched as strings). (Dorin Marcoci) 691 692- PDO_PgSQL: 693 . Fixed bug #73959 (lastInsertId fails to throw an exception for wrong 694 sequence name). (andrewnester) 695 696- Phar: 697 . Fixed bug #70417 (PharData::compress() doesn't close temp file). (cmb) 698 699- posix: 700 . Fixed bug #71219 (configure script incorrectly checks for ttyname_r). (atoth) 701 702- Session: 703 . Fixed bug #69582 (session not readable by root in CLI). (EvgeniySpinov) 704 705- SPL: 706 . Fixed bug #73896 (spl_autoload() crashes when calls magic _call()). (Dmitry) 707 708- Standard: 709 . Fixed bug #69442 (closing of fd incorrect when PTS enabled). (jaytaph) 710 . Fixed bug #47021 (SoapClient stumbles over WSDL delivered with 711 "Transfer-Encoding: chunked"). (Rowan Collins) 712 . Fixed bug #72974 (imap is undefined service on AIX). (matthieu.sarter) 713 . Fixed bug #72979 (money_format stores wrong length AIX). (matthieu.sarter) 714 715- ZIP: 716 . Fixed bug #70103 (ZipArchive::addGlob ignores remove_all_path option). (cmb, 717 Mitch Hagstrand) 718 71919 Jan 2017 PHP 7.0.15 720 721- Core: 722 . Fixed bug #73792 (invalid foreach loop hangs script). (Dmitry) 723 . Fixed bug #73663 ("Invalid opcode 65/16/8" occurs with a variable created 724 with list()). (Laruence) 725 . Fixed bug #73585 (Logging of "Internal Zend error - Missing class 726 information" missing class name). (Laruence) 727 . Fixed bug #73753 (unserialized array pointer not advancing). (David Walker) 728 . Fixed bug #73825 (Heap out of bounds read on unserialize in 729 finish_nested_data()). (Stas) 730 . Fixed bug #73831 (NULL Pointer Dereference while unserialize php object). 731 (Stas) 732 . Fixed bug #73832 (Use of uninitialized memory in unserialize()). (Stas) 733 . Fixed bug #73092 (Unserialize use-after-free when resizing object's 734 properties hash table). (Nikita) 735 . Fixed bug #69425 (Use After Free in unserialize()). (Nikita) 736 . Fixed bug #72731 (Type Confusion in Object Deserialization). (Nikita) 737 738- COM: 739 . Fixed bug #73679 (DOTNET read access violation using invalid codepage). 740 (Anatol) 741 742- DOM: 743 . Fixed bug #67474 (getElementsByTagNameNS filter on default ns). (aboks) 744 745- EXIF: 746 . Bug bug #73737 (FPE when parsing a tag format). (Stas) 747 748- GD: 749 . Fixed bug #73869 (Signed Integer Overflow gd_io.c). (cmb) 750 . Fixed bug #73868 (DOS vulnerability in gdImageCreateFromGd2Ctx()). (cmb) 751 752- GMP: 753 . Fixed bug #70513 (GMP Deserialization Type Confusion Vulnerability). 754 (Nikita) 755 756- Mysqli: 757 . Fixed bug #73462 (Persistent connections don't set $connect_errno). 758 (darkain) 759 760- Mysqlnd: 761 . Fixed issue with decoding BIT columns when having more than one rows in the 762 result set. 7.0+ problem. (Andrey) 763 . Fixed bug #73800 (sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE). 764 (vanviegen) 765 766- PCRE: 767 . Fixed bug #73612 (preg_*() may leak memory). (cmb) 768 769- PDO_Firebird: 770 . Fixed bug #72931 (PDO_FIREBIRD with Firebird 3.0 not work on returning 771 statement). (Dorin Marcoci) 772 773- Phar: 774 . Fixed bug #73773 (Seg fault when loading hostile phar). (Stas) 775 . Fixed bug #73768 (Memory corruption when loading hostile phar). (Stas) 776 . Fixed bug #73764 (Crash while loading hostile phar archive). (Stas) 777 778- Phpdbg: 779 . Fixed bug #73615 (phpdbg without option never load .phpdbginit at startup). 780 (Bob) 781 . Fixed issue getting executable lines from custom wrappers. (Bob) 782 . Fixed bug #73704 (phpdbg shows the wrong line in files with shebang). (Bob) 783 784- Reflection: 785 . Fixed bug #46103 (ReflectionObject memory leak). (Nikita) 786 787- Streams: 788 . Fixed bug #73586 (php_user_filter::$stream is not set to the stream the 789 filter is working on). (Dmitry) 790 791- SQLite3: 792 . Reverted fix for bug #73530 (Unsetting result set may reset other result 793 set). (cmb) 794 795- Standard: 796 . Fixed bug #73594 (dns_get_record does not populate $additional out 797 parameter). (Bruce Weirdan) 798 . Fixed bug #70213 (Unserialize context shared on double class lookup). 799 (Taoguang Chen) 800 . Fixed bug #73154 (serialize object with __sleep function crash). (Nikita) 801 . Fixed bug #70490 (get_browser function is very slow). (Nikita) 802 . Fixed bug #73265 (Loading browscap.ini at startup causes high memory usage). 803 (Nikita) 804 . Fixed bug #31875 (get_defined_functions additional param to exclude 805 disabled functions). (willianveiga) 806 807- Zlib: 808 . Fixed bug #73373 (deflate_add does not verify that output was not truncated). 809 (Matt Bonneau) 810 81108 Dec 2016 PHP 7.0.14 812 813- Core: 814 . Fixed memory leak(null coalescing operator with Spl hash). (Tyson Andre) 815 . Fixded bug #72736 (Slow performance when fetching large dataset with mysqli 816 / PDO). (Dmitry) 817 818- Calendar: 819 . Fix integer overflows (Joshua Rogers) 820 821- Date: 822 . Fixed bug #69587 (DateInterval properties and isset). (jhdxr) 823 824- DTrace: 825 . Disabled PHP call tracing by default (it makes significant overhead). 826 This may be enabled again using envirionment variable USE_ZEND_DTRACE=1. 827 (Dmitry) 828 829- JSON: 830 . Fixed bug #73526 (php_json_encode depth issue). (Jakub Zelenka) 831 . Install headers on windows. (Darek Slusarczyk) 832 833- Mysqlnd: 834 . Fixed bug #64526 (Add missing mysqlnd.* parameters to php.ini-*). (cmb) 835 836- ODBC: 837 . Fixed bug #73448 (odbc_errormsg returns trash, always 513 bytes). 838 (Anatol) 839 840- Opcache: 841 . Fixed bug #69090 (check cached files permissions). (dmitry) 842 . Fixed bug #73546 (Logging for opcache has an empty file name). (mhagstrand) 843 844- PCRE: 845 . Fixed bug #73483 (Segmentation fault on pcre_replace_callback). (Laruence) 846 . Fixed bug #73392 (A use-after-free in zend allocator management). 847 (Laruence) 848 849- PDO_Firebird: 850 . Fixed bug #73087, #61183, #71494 (Memory corruption in bindParam). 851 (Dorin Marcoci) 852 853- Postgres: 854 . Fixed bug #73498 (Incorrect SQL generated for pg_copy_to()). (Craig Duncan) 855 856- Phar: 857 . Fixed bug #73580 (Phar::isValidPharFilename illegal memory access). (Stas) 858 859- Soap: 860 . Fixed bug #73538 (SoapClient::__setSoapHeaders doesn't overwrite SOAP 861 headers). (duncan3dc) 862 . Fixed bug #73452 (Segfault (Regression for #69152)). (Dmitry) 863 864- SPL: 865 . Fixed bug #73423 (Reproducible crash with GDB backtrace). (Laruence) 866 867- SQLite3: 868 . Fixed bug #73530 (Unsetting result set may reset other result set). (cmb) 869 870- Standard: 871 . Fixed bug #73297 (HTTP stream wrapper should ignore HTTP 100 Continue). 872 (rowan dot collins at gmail dot com) 873 . Fixed bug #73645 (version_compare illegal write access). (Stas) 874 875- Wddx: 876 . Fixed bug #73631 (Invalid read when wddx decodes empty boolean element). 877 (Stas) 878 879- XML: 880 . Fixed bug #72135 (malformed XML causes fault) (edgarsandi) 881 88210 Nov 2016 PHP 7.0.13 883 884- Core: 885 . Fixed bug #73350 (Exception::__toString() cause circular references). 886 (Laruence) 887 . Fixed bug #73181 (parse_str() without a second argument leads to crash). 888 (Nikita) 889 . Fixed bug #66773 (Autoload with Opcache allows importing conflicting class 890 name to namespace). (Nikita) 891 . Fixed bug #66862 ((Sub-)Namespaces unexpected behaviour). (Nikita) 892 . Fix pthreads detection when cross-compiling (ffontaine) 893 . Fixed bug #73337 (try/catch not working with two exceptions inside a same 894 operation). (Dmitry) 895 . Fixed bug #73338 (Exception thrown from error handler causes valgrind 896 warnings (and crashes)). (Bob, Dmitry) 897 . Fixed bug #73329 ((Float)"Nano" == NAN). (Anatol) 898 899- GD: 900 . Fixed bug #73213 (Integer overflow in imageline() with antialiasing). (cmb) 901 . Fixed bug #73272 (imagescale() is not affected by, but affects 902 imagesetinterpolation()). (cmb) 903 . Fixed bug #73279 (Integer overflow in gdImageScaleBilinearPalette()). (cmb) 904 . Fixed bug #73280 (Stack Buffer Overflow in GD dynamicGetbuf). (cmb) 905 . Fixed bug #72482 (Ilegal write/read access caused by gdImageAALine 906 overflow). (cmb) 907 . Fixed bug #72696 (imagefilltoborder stackoverflow on truecolor images). 908 (cmb) 909 910- IMAP: 911 . Fixed bug #73418 (Integer Overflow in "_php_imap_mail" leads to crash). 912 (Anatol) 913 914- OCI8 915 . Fixed bug #71148 (Bind reference overwritten on PHP 7). (Oracle Corp.) 916 917- phpdbg: 918 . Properly allow for stdin input from a file. (Bob) 919 . Add -s command line option / stdin command for reading script from stdin. 920 (Bob) 921 . Ignore non-executable opcodes in line mode of phpdbg_end_oplog(). (Bob) 922 . Fixed bug #70776 (Simple SIGINT does not have any effect with -rr). (Bob) 923 . Fixed bug #71234 (INI files are loaded even invoked as -n --version). (Bob) 924 925- Session: 926 . Fixed bug #73273 (session_unset() empties values from all variables in which 927 is $_session stored). (Nikita) 928 929- SOAP: 930 . Fixed bug #73037 (SoapServer reports Bad Request when gzipped). (Anatol) 931 . Fixed bug #73237 (Nested object in "any" element overwrites other fields). 932 (Keith Smiley) 933 . Fixed bug #69137 (Peer verification fails when using a proxy with SoapClient) 934 (Keith Smiley) 935 936- SQLite3: 937 . Fixed bug #73333 (2147483647 is fetched as string). (cmb) 938 939- Standard: 940 . Fixed bug #73203 (passing additional_parameters causes mail to fail). (cmb) 941 . Fixed bug #71241 (array_replace_recursive sometimes mutates its parameters). 942 (adsr) 943 . Fixed bug #73192 (parse_url return wrong hostname). (Nikita) 944 945- Wddx: 946 . Fixed bug #73331 (NULL Pointer Dereference in WDDX Packet Deserialization 947 with PDORow). (Stas) 948 94913 Oct 2016 PHP 7.0.12 950 951- Core: 952 . Fixed bug #73025 (Heap Buffer Overflow in virtual_popen of 953 zend_virtual_cwd.c). (cmb) 954 . Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by 955 password_verify). (Anatol) 956 . Fixed bug #73058 (crypt broken when salt is 'too' long). (Anatol) 957 . Fixed bug #69579 (Invalid free in extension trait). (John Boehr) 958 . Fixed bug #73156 (segfault on undefined function). (Dmitry) 959 . Fixed bug #73163 (PHP hangs if error handler throws while accessing undef 960 const in default value). (Nikita) 961 . Fixed bug #73172 (parse error: Invalid numeric literal). (Nikita, Anatol) 962 . Fixed for #73240 (Write out of bounds at number_format). (Stas) 963 . Fixed bug #73147 (Use After Free in PHP7 unserialize()). (Stas) 964 . Fixed bug #73189 (Memcpy negative size parameter php_resolve_path). (Stas) 965 966- BCmath: 967 . Fix bug #73190 (memcpy negative parameter _bc_new_num_ex). (Stas) 968 969- COM: 970 . Fixed bug #73126 (Cannot pass parameter 1 by reference). (Anatol) 971 972- Date: 973 . Fixed bug #73091 (Unserializing DateInterval object may lead to __toString 974 invocation). (Stas) 975 976- DOM: 977 . Fixed bug #73150 (missing NULL check in dom_document_save_html). (Stas) 978 979- Filter: 980 . Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and 981 FILTER_FLAG_NO_PRIV_RANGE). (julien) 982 . Fixed bug #73054 (default option ignored when object passed to int filter). 983 (cmb) 984 985- GD: 986 . Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette). 987 (cmb) 988 . Fixed bug #50194 (imagettftext broken on transparent background w/o 989 alphablending). (cmb) 990 . Fixed bug #73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c). (trylab, 991 cmb) 992 . Fixed bug #53504 (imagettfbbox gives incorrect values for bounding box). 993 (Mark Plomer, cmb) 994 . Fixed bug #73157 (imagegd2() ignores 3rd param if 4 are given). (cmb) 995 . Fixed bug #73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb) 996 . Fixed bug #73159 (imagegd2(): unrecognized formats may result in corrupted 997 files). (cmb) 998 . Fixed bug #73161 (imagecreatefromgd2() may leak memory). (cmb) 999 1000- Intl: 1001 . Fixed bug #73218 (add mitigation for ICU int overflow). (Stas) 1002 1003- Mbstring: 1004 . Fixed bug #66797 (mb_substr only takes 32-bit signed integer). (cmb) 1005 . Fixed bug #66964 (mb_convert_variables() cannot detect recursion) (Yasuo) 1006 . Fixed bug #72992 (mbstring.internal_encoding doesn't inherit default_charset). 1007 (Yasuo) 1008 1009- Mysqlnd: 1010 . Fixed bug #72489 (PHP Crashes When Modifying Array Containing MySQLi Result 1011 Data). (Nikita) 1012 1013- Opcache: 1014 . Fixed bug #72982 (Memory leak in zend_accel_blacklist_update_regexp() 1015 function). (Laruence) 1016 1017- OpenSSL: 1018 . Fixed bug #73072 (Invalid path SNI_server_certs causes segfault). 1019 (Jakub Zelenka) 1020 . Fixed bug #73276 (crash in openssl_random_pseudo_bytes function). (Stas) 1021 . Fixed bug #73275 (crash in openssl_encrypt function). (Stas) 1022 1023- PCRE: 1024 . Fixed bug #73121 (Bundled PCRE doesn't compile because JIT isn't supported 1025 on s390). (Anatol) 1026 . Fixed bug #73174 (heap overflow in php_pcre_replace_impl). (Stas) 1027 1028- PDO_DBlib: 1029 . Fixed bug #72414 (Never quote values as raw binary data). (Adam Baratz) 1030 . Allow \PDO::setAttribute() to set query timeouts. (Adam Baratz) 1031 . Handle SQLDECIMAL/SQLNUMERIC types, which are used by later TDS versions. 1032 (Adam Baratz) 1033 . Add common PDO test suite. (Adam Baratz) 1034 . Free error and message strings when cleaning up PDO instances. 1035 (Adam Baratz) 1036 . Fixed bug #67130 (\PDOStatement::nextRowset() should succeed when all rows 1037 in current rowset haven't been fetched). (Peter LeBrun) 1038 . Ignore potentially misleading dberr values. (Chris Kings-Lynne) 1039 1040- phpdbg: 1041 . Fixed bug #72996 (phpdbg_prompt.c undefined reference to DL_LOAD). (Nikita) 1042 . Fixed next command not stopping when leaving function. (Bob) 1043 1044- Session: 1045 . Fixed bug #68015 (Session does not report invalid uid for files save handler). 1046 (Yasuo) 1047 . Fixed bug #73100 (session_destroy null dereference in ps_files_path_create). 1048 (cmb) 1049 1050- SimpleXML: 1051 . Fixed bug #73293 (NULL pointer dereference in SimpleXMLElement::asXML()). 1052 (Stas) 1053 1054- SOAP: 1055 . Fixed bug #71711 (Soap Server Member variables reference bug). (Nikita) 1056 . Fixed bug #71996 (Using references in arrays doesn't work like expected). 1057 (Nikita) 1058 1059- SPL: 1060 . Fixed bug #73257, #73258 (SplObjectStorage unserialize allows use of 1061 non-object as key). (Stas) 1062 1063- SQLite3: 1064 . Updated bundled SQLite3 to 3.14.2. (cmb) 1065 1066- Zip: 1067 . Fixed bug #70752 (Depacking with wrong password leaves 0 length files). 1068 (cmb) 1069 107015 Sep 2016 PHP 7.0.11 1071 1072- Core: 1073 . Fixed bug #72944 (Null pointer deref in zval_delref_p). (Dmitry) 1074 . Fixed bug #72943 (assign_dim on string doesn't reset hval). (Laruence) 1075 . Fixed bug #72911 (Memleak in zend_binary_assign_op_obj_helper). (Laruence) 1076 . Fixed bug #72813 (Segfault with __get returned by ref). (Laruence) 1077 . Fixed bug #72767 (PHP Segfaults when trying to expand an infinite operator). 1078 (Nikita) 1079 . Fixed bug #72854 (PHP Crashes on duplicate destructor call). (Nikita) 1080 . Fixed bug #72857 (stream_socket_recvfrom read access violation). (Anatol) 1081 1082- COM: 1083 . Fixed bug #72922 (COM called from PHP does not return out parameters). 1084 (Anatol) 1085 1086- Dba: 1087 . Fixed bug #70825 (Cannot fetch multiple values with group in ini file). 1088 (cmb) 1089 1090- FTP: 1091 . Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with 1092 require_ssl_reuse). (Benedict Singer) 1093 1094- GD: 1095 . Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles). (cmb) 1096 . Fixed bug #66005 (imagecopy does not support 1bit transparency on truecolor 1097 images). (cmb) 1098 . Fixed bug #72913 (imagecopy() loses single-color transparency on palette 1099 images). (cmb) 1100 . Fixed bug #68716 (possible resource leaks in _php_image_convert()). (cmb) 1101 1102- iconv: 1103 . Fixed bug #72320 (iconv_substr returns false for empty strings). (cmb) 1104 1105- IMAP: 1106 . Fixed bug #72852 (imap_mail null dereference). (Anatol) 1107 1108- Intl: 1109 . Fixed bug #65732 (grapheme_*() is not Unicode compliant on CR LF 1110 sequence). (cmb) 1111 . Fixed bug #73007 (add locale length check). (Stas) 1112 1113- Mysqlnd: 1114 . Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields). (Stas) 1115 1116- OCI8 1117 . Fixed invalid handle error with Implicit Result Sets. (Chris Jones) 1118 . Fixed bug #72524 (Binding null values triggers ORA-24816 error). (Chris Jones) 1119 1120- Opcache: 1121 . Fixed bug #72949 (Typo in opcache error message). (cmb) 1122 1123- PDO: 1124 . Fixed bug #72788 (Invalid memory access when using persistent PDO 1125 connection). (Keyur) 1126 . Fixed bug #72791 (Memory leak in PDO persistent connection handling). (Keyur) 1127 . Fixed bug #60665 (call to empty() on NULL result using PDO::FETCH_LAZY 1128 returns false). (cmb) 1129 1130- PDO_DBlib: 1131 . Implemented stringify 'uniqueidentifier' fields. 1132 (Alexander Zhuravlev, Adam Baratz) 1133 1134- PDO_pgsql: 1135 . Implemented FR #72633 (Postgres PDO lastInsertId() should work without 1136 specifying a sequence). (Pablo Santiago Sánchez, Matteo) 1137 . Fixed bug #72759 (Regression in pgo_pgsql). (Anatol) 1138 1139- Phar: 1140 . Fixed bug #72928 (Out of bound when verify signature of zip phar in 1141 phar_parse_zipfile). (Stas) 1142 . Fixed bug #73035 (Out of bound when verify signature of tar phar in 1143 phar_parse_tarfile). (Stas) 1144 1145- Reflection: 1146 . Fixed bug #72846 (getConstant for a array constant with constant values 1147 returns NULL/NFC/UKNOWN). (Laruence) 1148 1149- Session: 1150 . Fixed bug #72724 (PHP7: session-uploadprogress kills httpd). (Nikita) 1151 . Fixed bug #72940 (SID always return "name=ID", even if session 1152 cookie exist). (Yasuo) 1153 1154- SimpleXML: 1155 . Fixed bug #72971 (SimpleXML isset/unset do not respect namespace). (Nikita) 1156 . Fixed bug #72957 (Null coalescing operator doesn't behave as expected with 1157 SimpleXMLElement). (Nikita) 1158 1159- SPL: 1160 . Fixed bug #73029 (Missing type check when unserializing SplArray). (Stas) 1161 1162- Standard: 1163 . Fixed bug #55451 (substr_compare NULL length interpreted as 0). (Lauri 1164 Kenttä) 1165 . Fixed bug #72278 (getimagesize returning FALSE on valid jpg). (cmb) 1166 . Fixed bug #65550 (get_browser() incorrectly parses entries with "+" sign). 1167 (cmb) 1168 1169- Streams: 1170 . Fixed bug #72853 (stream_set_blocking doesn't work). (Laruence) 1171 . Fixed bug #72764 (ftps:// opendir wrapper data channel encryption fails 1172 with IIS FTP 7.5, 8.5). (vhuk) 1173 . Fixed bug #71882 (Negative ftruncate() on php://memory exhausts memory). 1174 (cmb) 1175 1176- SQLite3: 1177 . Downgraded bundled SQLite to 3.8.10.2. (Anatol); 1178 1179- Sysvshm: 1180 . Fixed bug #72858 (shm_attach null dereference). (Anatol) 1181 1182- XML: 1183 . Fixed bug #72085 (SEGV on unknown address zif_xml_parse). (cmb) 1184 . Fixed bug #72714 (_xml_startElementHandler() segmentation fault). (cmb) 1185 1186- Wddx: 1187 . Fixed bug #72860 (wddx_deserialize use-after-free). (Stas) 1188 . Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element). (Stas) 1189 1190- ZIP: 1191 . Fixed bug #68302 (impossible to compile php with zip support). (cmb) 1192 119318 Aug 2016 PHP 7.0.10 1194 1195- Core: 1196 . Fixed bug #72629 (Caught exception assignment to variables ignores 1197 references). (Laruence) 1198 . Fixed bug #72594 (Calling an earlier instance of an included anonymous 1199 class fatals). (Laruence) 1200 . Fixed bug #72581 (previous property undefined in Exception after 1201 deserialization). (Laruence) 1202 . Fixed bug #72496 (Cannot declare public method with signature incompatible 1203 with parent private method). (Pedro Magalhães) 1204 . Fixed bug #72024 (microtime() leaks memory). (maroszek at gmx dot net) 1205 . Fixed bug #71911 (Unable to set --enable-debug on building extensions by 1206 phpize on Windows). (Yuji Uchiyama) 1207 . Fixed bug causing ClosedGeneratorException being thrown into the calling 1208 code instead of the Generator yielding from. (Bob) 1209 . Implemented FR #72614 (Support "nmake test" on building extensions by 1210 phpize). (Yuji Uchiyama) 1211 . Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX). 1212 (Yuji Uchiyama) 1213 . Fixed potential segfault in object storage freeing in shutdown sequence. 1214 (Bob) 1215 . Fixed bug #72663 (Create an Unexpected Object and Don't Invoke 1216 __wakeup() in Deserialization). (Stas) 1217 . Fixed bug #72681 (PHP Session Data Injection Vulnerability). (Stas) 1218 . Fixed bug #72683 (getmxrr broken). (Anatol) 1219 . Fixed bug #72742 (memory allocator fails to realloc small block to large 1220 one). (Stas) 1221 . Fixed URL rewriter partially. It would not rewrite '//example.com/' URL 1222 unconditionally. Only requested host(HTTP_HOST) is rewritten. (Yasuo) 1223 1224- Bz2: 1225 . Fixed bug #72837 (integer overflow in bzdecompress caused heap 1226 corruption). (Stas) 1227 1228- Calendar: 1229 . Fixed bug #67976 (cal_days_month() fails for final month of the French 1230 calendar). (cmb) 1231 . Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in 1232 zif_cal_from_jd). (cmb) 1233 1234- COM: 1235 . Fixed bug #72569 (DOTNET/COM array parameters broke in PHP7). (Anatol) 1236 1237- CURL: 1238 . Fixed bug #71709 (curl_setopt segfault with empty CURLOPT_HTTPHEADER). 1239 (Pierrick) 1240 . Fixed bug #71929 (CURLINFO_CERTINFO data parsing error). (Pierrick) 1241 . Fixed bug #72674 (Heap overflow in curl_escape). (Stas) 1242 1243- DOM: 1244 . Fixed bug #66502 (DOM document dangling reference). (Sean Heelan, cmb) 1245 1246- EXIF: 1247 . Fixed bug #72735 (Samsung picture thumb not read (zero size)). (Kalle, Remi) 1248 . Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF). (Stas) 1249 1250- Filter: 1251 . Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8 1252 range). (bugs dot php dot net at majkl578 dot cz) 1253 1254- FPM: 1255 . Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user). 1256 (gooh) 1257 1258- GD: 1259 . Fixed bug #72596 (imagetypes function won't advertise WEBP support). (cmb) 1260 . Fixed bug #72604 (imagearc() ignores thickness for full arcs). (cmb) 1261 . Fixed bug #70315 (500 Server Error but page is fully rendered). (cmb) 1262 . Fixed bug #43828 (broken transparency of imagearc for truecolor in 1263 blendingmode). (cmb) 1264 . Fixed bug #66555 (Always false condition in ext/gd/libgd/gdkanji.c). (cmb) 1265 . Fixed bug #68712 (suspicious if-else statements). (cmb) 1266 . Fixed bug #72697 (select_colors write out-of-bounds). (Stas) 1267 . Fixed bug #72730 (imagegammacorrect allows arbitrary write access). (Stas) 1268 . Fixed bug #72494 (imagecropauto out-of-bounds access). (Fernando, Pierre, 1269 cmb) 1270 1271- Intl: 1272 . Fixed bug #72639 (Segfault when instantiating class that extends 1273 IntlCalendar and adds a property). (Laruence) 1274 . Partially fixed #72506 (idn_to_ascii for UTS #46 incorrect for long domain 1275 names). (cmb) 1276 1277- mbstring: 1278 . Fixed bug #72691 (mb_ereg_search raises a warning if a match zero-width). 1279 (cmb) 1280 . Fixed bug #72693 (mb_ereg_search increments search position when a match 1281 zero-width). (cmb) 1282 . Fixed bug #72694 (mb_ereg_search_setpos does not accept a string's last 1283 position). (cmb) 1284 . Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error). 1285 (ju1ius) 1286 1287- Mcrypt: 1288 . Fixed bug #72782 (Heap Overflow due to integer overflows). (Stas) 1289 1290- Opcache: 1291 . Fixed bug #72590 (Opcache restart with kill_all_lockers does not work). 1292 (Keyur) 1293 1294- PCRE: 1295 . Fixed bug #72688 (preg_match missing group names in matches). (cmb) 1296 1297- PDO_pgsql: 1298 . Fixed bug #70313 (PDO statement fails to throw exception). (Matteo) 1299 1300- Reflection: 1301 . Fixed bug #72222 (ReflectionClass::export doesn't handle array constants). 1302 (Nikita Nefedov) 1303 1304- SimpleXML: 1305 . Fixed bug #72588 (Using global var doesn't work while accessing SimpleXML 1306 element). (Laruence) 1307 1308- SNMP: 1309 . Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory 1310 allocation). (djodjo at gmail dot com) 1311 1312- SPL: 1313 . Fixed bug #55701 (GlobIterator throws LogicException). (Valentin VĂLCIU) 1314 . Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape 1315 character). (cmb) 1316 . Fixed bug #72684 (AppendIterator segfault with closed generator). (Pierrick) 1317 1318- SQLite3: 1319 . Fixed bug #72668 (Spurious warning when exception is thrown in user defined 1320 function). (Laruence) 1321 . Fixed bug #72571 (SQLite3::bindValue, SQLite3::bindParam crash). (Laruence) 1322 . Implemented FR #72653 (SQLite should allow opening with empty filename). 1323 (cmb) 1324 . Updated to SQLite3 3.13.0. (cmb) 1325 1326- Standard: 1327 . Fixed bug #72622 (array_walk + array_replace_recursive create references 1328 from nothing). (Laruence) 1329 . Fixed bug #72152 (base64_decode $strict fails to detect null byte). 1330 (Lauri Kenttä) 1331 . Fixed bug #72263 (base64_decode skips a character after padding in strict 1332 mode). (Lauri Kenttä) 1333 . Fixed bug #72264 (base64_decode $strict fails with whitespace between 1334 padding). (Lauri Kenttä) 1335 . Fixed bug #72330 (CSV fields incorrectly split if escape char followed by 1336 UTF chars). (cmb) 1337 1338- Streams: 1339 . Fixed bug #41021 (Problems with the ftps wrapper). (vhuk) 1340 . Fixed bug #54431 (opendir() does not work with ftps:// wrapper). (vhuk) 1341 . Fixed bug #72667 (opendir() with ftp:// attempts to open data stream for 1342 non-existent directories). (vhuk) 1343 . Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol downgrade 1344 attack). (Stas) 1345 1346- XMLRPC: 1347 . Fixed bug #72647 (xmlrpc_encode() unexpected output after referencing 1348 array elements). (Laruence) 1349 1350- Wddx: 1351 . Fixed bug #72564 (boolean always deserialized as "true") (Remi) 1352 . Fixed bug #72142 (WDDX Packet Injection Vulnerability in 1353 wddx_serialize_value()). (Taoguang Chen) 1354 . Fixed bug #72749 (wddx_deserialize allows illegal memory access) (Stas) 1355 . Fixed bug #72750 (wddx_deserialize null dereference). (Stas) 1356 . Fixed bug #72790 (wddx_deserialize null dereference with invalid xml). 1357 (Stas) 1358 . Fixed bug #72799 (wddx_deserialize null dereference in 1359 php_wddx_pop_element). (Stas) 1360 1361- Zip: 1362 . Fixed bug #72660 (NULL Pointer dereference in zend_virtual_cwd). 1363 (Laruence) 1364 136521 Jul 2016 PHP 7.0.9 1366 1367- Core: 1368 . Fixed bug #72508 (strange references after recursive function call and 1369 "switch" statement). (Laruence) 1370 . Fixed bug #72513 (Stack-based buffer overflow vulnerability in 1371 virtual_file_ex). (Stas) 1372 . Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries 1373 and applications). (Stas) 1374 1375- bz2: 1376 . Fixed bug #72613 (Inadequate error handling in bzread()). (Stas) 1377 1378- CLI: 1379 . Fixed bug #72484 (SCRIPT_FILENAME shows wrong path if the user specify 1380 router.php). (Laruence) 1381 1382- COM: 1383 . Fixed bug #72498 (variant_date_from_timestamp null dereference). (Anatol) 1384 1385- Curl: 1386 . Fixed bug #72541 (size_t overflow lead to heap corruption). (Stas) 1387 1388- Date: 1389 . Fixed bug #66836 (DateTime::createFromFormat 'U' with pre 1970 dates fails 1390 parsing). (derick) 1391 1392- Exif: 1393 . Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE). 1394 (Stas) 1395 . Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment). 1396 (Stas) 1397 1398- GD: 1399 . Fixed bug #43475 (Thick styled lines have scrambled patterns). (cmb) 1400 . Fixed bug #53640 (XBM images require width to be multiple of 8). (cmb) 1401 . Fixed bug #64641 (imagefilledpolygon doesn't draw horizontal line). (cmb) 1402 . Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read 1403 access). (Pierre) 1404 . Fixed bug #72519 (imagegif/output out-of-bounds access). (Pierre) 1405 . Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()). 1406 (Pierre) 1407 . Fixed bug #72482 (Ilegal write/read access caused by gdImageAALine 1408 overflow). (Pierre) 1409 . Fixed bug #72494 (imagecropauto out-of-bounds access). (Pierre) 1410 1411- Intl: 1412 . Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (Stas) 1413 1414- Mbstring: 1415 . Fixed bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - 1416 oob read access). (Laruence) 1417 . Fixed bug #72399 (Use-After-Free in MBString (search_re)). (Laruence) 1418 1419- mcrypt: 1420 . Fixed bug #72551, bug #72552 (In correct casting from size_t to int lead to 1421 heap overflow in mdecrypt_generic). (Stas) 1422 1423- PDO_pgsql: 1424 . Fixed bug #72570 (Segmentation fault when binding parameters on a query 1425 without placeholders). (Matteo) 1426 1427- PCRE: 1428 . Fixed bug #72476 (Memleak in jit_stack). (Laruence) 1429 . Fixed bug #72463 (mail fails with invalid argument). (Anatol) 1430 1431- Readline: 1432 . Fixed bug #72538 (readline_redisplay crashes php). (Laruence) 1433 1434- Standard: 1435 . Fixed bug #72505 (readfile() mangles files larger than 2G). (Cschneid) 1436 . Fixed bug #72306 (Heap overflow through proc_open and $env parameter). 1437 (Laruence) 1438 1439- Session: 1440 . Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow). (Laruence) 1441 . Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session 1442 Deserialization). (Stas) 1443 1444- SNMP: 1445 . Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and 1446 unserialize()). (Stas) 1447 1448- Streams: 1449 . Fixed bug #72439 (Stream socket with remote address leads to a segmentation 1450 fault). (Laruence) 1451 1452- XMLRPC: 1453 . Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn 1454 simplestring.c). (Stas) 1455 1456- Zip: 1457 . Fixed bug #72520 (Stack-based buffer overflow vulnerability in 1458 php_stream_zip_opener). (Stas) 1459 146023 Jun 2016 PHP 7.0.8 1461 1462- Core: 1463 . Fixed bug #72218 (If host name cannot be resolved then PHP 7 crashes). 1464 (Esminis at esminis dot lt) 1465 . Fixed bug #72221 (segfault, past-the-end access). (Lauri Kenttä) 1466 . Fixed bug #72268 (Integer Overflow in nl2br()). (Stas) 1467 . Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/ 1468 json_utf8_to_utf16()). (Stas) 1469 . Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Stas) 1470 . Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL). (Stas) 1471 1472- Date: 1473 . Fixed bug #63740 (strtotime seems to use both sunday and monday as start of 1474 week). (Derick) 1475 1476- FPM: 1477 . Fixed bug #72308 (fastcgi_finish_request and logging environment 1478 variables). (Laruence) 1479 1480- GD: 1481 . Fixed bug #66387 (Stack overflow with imagefilltoborder). (CVE-2015-8874) 1482 (cmb) 1483 . Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas) 1484 . Fixed bug #72337 (invalid dimensions can lead to crash). (Pierre) 1485 . Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in heap 1486 overflow). (CVE-2016-5766) (Pierre) 1487 . Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas) 1488 . Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting 1489 in heap overflow). (CVE-2016-5767) (Pierre) 1490 1491- Intl: 1492 . Fixed bug #70484 (selectordinal doesn't work with named parameters). 1493 (Anatol) 1494 1495- mbstring: 1496 . Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). 1497 (CVE-2016-5768) (Stas) 1498 1499- mcrypt: 1500 . Fixed bug #72455 (Heap Overflow due to integer overflows). (CVE-2016-5769) 1501 (Stas) 1502 1503- OpenSSL: 1504 . Fixed bug #72140 (segfault after calling ERR_free_strings()). 1505 (Jakub Zelenka) 1506 1507- PCRE: 1508 . Fixed bug #72143 (preg_replace uses int instead of size_t). (Joe) 1509 1510- PDO_pgsql: 1511 . Fixed bug #71573 (Segfault (core dumped) if paramno beyond bound). 1512 (Laruence) 1513 . Fixed bug #72294 (Segmentation fault/invalid pointer in connection 1514 with pgsql_stmt_dtor). (Anatol) 1515 1516- Phar: 1517 . Fixed bug #72321 (invalid free in phar_extract_file()). 1518 (hji at dyntopia dot com) 1519 1520- Phpdbg: 1521 . Fixed bug #72284 (phpdbg fatal errors with coverage). (Bob) 1522 1523- Postgres: 1524 . Fixed bug #72195 (pg_pconnect/pg_connect cause use-after-free). (Laruence) 1525 . Fixed bug #72197 (pg_lo_create arbitrary read). (Anatol) 1526 1527- Standard: 1528 . Fixed bug #72369 (array_merge() produces references in PHP7). (Dmitry) 1529 . Fixed bug #72300 (ignore_user_abort(false) has no effect). (Laruence) 1530 . Fixed bug #72229 (Wrong reference when serialize/unserialize an object). 1531 (Laruence) 1532 . Fixed bug #72193 (dns_get_record returns array containing elements of 1533 type 'unknown'). (Laruence) 1534 . Fixed bug #72017 (range() with float step produces unexpected result). 1535 (Thomas Punt) 1536 1537- WDDX: 1538 . Fixed bug #72340 (Double Free Courruption in wddx_deserialize). 1539 (CVE-2016-5772) (Stas) 1540 1541- XML: 1542 . Fixed bug #72206 (xml_parser_create/xml_parser_free leaks mem). (Joe) 1543 1544- XMLRPC: 1545 . Fixed bug #72155 (use-after-free caused by get_zval_xmlrpc_type). 1546 (Joe, Laruence) 1547 1548- Zip: 1549 . Fixed ug #72258 (ZipArchive converts filenames to unrecoverable form). 1550 (Anatol) 1551 . Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC 1552 algorithm and unserialize). (CVE-2016-5773) (Dmitry) 1553 155426 May 2016 PHP 7.0.7 1555 1556- Core: 1557 . Fixed bug #72162 (use-after-free - error_reporting). (Laruence) 1558 . Add compiler option to disable special case function calls. (Joe) 1559 . Fixed bug #72101 (crash on complex code). (Dmitry) 1560 . Fixed bug #72100 (implode() inserts garbage into resulting string when 1561 joins very big integer). (Mikhail Galanin) 1562 . Fixed bug #72057 (PHP Hangs when using custom error handler and typehint). 1563 (Nikita Nefedov) 1564 . Fixed bug #72038 (Function calls with values to a by-ref parameter don't 1565 always throw a notice). (Bob) 1566 . Fixed bug #71737 (Memory leak in closure with parameter named $this). 1567 (Nikita) 1568 . Fixed bug #72059 (?? is not allowed on constant expressions). (Bob, Marcio) 1569 . Fixed bug #72159 (Imported Class Overrides Local Class Name). (Nikita) 1570 1571- Curl: 1572 . Fixed bug #68658 (Define CURLE_SSL_CACERT_BADFILE). (Pierrick) 1573 1574- DBA: 1575 . Fixed bug #72157 (use-after-free caused by dba_open). (Shm, Laruence) 1576 1577- GD: 1578 . Fixed bug #72227 (imagescale out-of-bounds read). (Stas) 1579 1580- Intl: 1581 . Fixed bug #64524 (Add intl.use_exceptions to php.ini-*). (Anatol) 1582 . Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (Stas) 1583 1584- JSON: 1585 . Fixed bug #72069 (Behavior \JsonSerializable different from json_encode). 1586 (Laruence) 1587 1588- Mbstring: 1589 . Fixed bug #72164 (Null Pointer Dereference - mb_ereg_replace). (Laruence) 1590 1591- OCI8: 1592 . Fixed bug #71600 (oci_fetch_all segfaults when selecting more than eight 1593 columns). (Tian Yang) 1594 1595- Opcache: 1596 . Fixed bug #72014 (Including a file with anonymous classes multiple times 1597 leads to fatal error). (Laruence) 1598 1599- OpenSSL: 1600 . Fixed bug #72165 (Null pointer dereference - openssl_csr_new). (Anatol) 1601 1602- PCNTL: 1603 . Fixed bug #72154 (pcntl_wait/pcntl_waitpid array internal structure 1604 overwrite). (Laruence) 1605 1606- POSIX: 1607 . Fixed bug #72133 (php_posix_group_to_array crashes if gr_passwd is NULL). 1608 (esminis at esminis dot lt) 1609 1610- Postgres: 1611 . Fixed bug #72028 (pg_query_params(): NULL converts to empty string). 1612 (Laruence) 1613 . Fixed bug #71062 (pg_convert() doesn't accept ISO 8601 for datatype 1614 timestamp). (denver at timothy dot io) 1615 . Fixed bug #72151 (mysqli_fetch_object changed behaviour). (Anatol) 1616 1617- Reflection: 1618 . Fixed bug #72174 (ReflectionProperty#getValue() causes __isset call). 1619 (Nikita) 1620 1621- Session: 1622 . Fixed bug #71972 (Cyclic references causing session_start(): Failed to 1623 decode session object). (Laruence) 1624 1625- Sockets: 1626 . Added socket_export_stream() function for getting a stream compatible 1627 resource from a socket resource. (Chris Wright, Bob) 1628 1629- SPL: 1630 . Fixed bug #72051 (The reference in CallbackFilterIterator doesn't work as 1631 expected). (Laruence) 1632 1633- SQLite3: 1634 . Fixed bug #68849 (bindValue is not using the right data type). (Anatol) 1635 1636- Standard: 1637 . Fixed bug #72075 (Referencing socket resources breaks stream_select). 1638 (Laruence) 1639 . Fixed bug #72031 (array_column() against an array of objects discards all 1640 values matching null). (Nikita) 1641 164228 Apr 2016 PHP 7.0.6 1643 1644- Core: 1645 . Fixed bug #71930 (_zval_dtor_func: Assertion `(arr)->gc.refcount <= 1' 1646 failed). (Laruence) 1647 . Fixed bug #71922 (Crash on assert(new class{})). (Nikita) 1648 . Fixed bug #71914 (Reference is lost in "switch"). (Laruence) 1649 . Fixed bug #71871 (Interfaces allow final and abstract functions). (Nikita) 1650 . Fixed Bug #71859 (zend_objects_store_call_destructors operates on realloced 1651 memory, crashing). (Laruence) 1652 . Fixed bug #71841 (EG(error_zval) is not handled well). (Laruence) 1653 . Fixed bug #71750 (Multiple Heap Overflows in php_raw_url_encode/ 1654 php_url_encode). (Stas) 1655 . Fixed bug #71731 (Null coalescing operator and ArrayAccess). (Nikita) 1656 . Fixed bug #71609 (Segmentation fault on ZTS with gethostbyname). (krakjoe) 1657 . Fixed bug #71414 (Inheritance, traits and interfaces). (krakjoe) 1658 . Fixed bug #71359 (Null coalescing operator and magic). (krakjoe) 1659 . Fixed bug #71334 (Cannot access array keys while uksort()). (Nikita) 1660 . Fixed bug #69659 (ArrayAccess, isset() and the offsetExists method). 1661 (Nikita) 1662 . Fixed bug #69537 (__debugInfo with empty string for key gives error). 1663 (krakjoe) 1664 . Fixed bug #62059 (ArrayObject and isset are not friends). (Nikita) 1665 . Fixed bug #71980 (Decorated/Nested Generator is Uncloseable in Finally). 1666 (Nikita) 1667 1668- BCmath: 1669 . Fixed bug #72093 (bcpowmod accepts negative scale and corrupts 1670 _one_ definition). (Stas) 1671 1672- Curl: 1673 . Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string). 1674 (Michael Sierks) 1675 1676- Date: 1677 . Fixed bug #71889 (DateInterval::format Segmentation fault). (Thomas Punt) 1678 1679- EXIF: 1680 . Fixed bug #72094 (Out of bounds heap read access in exif header processing). (Stas) 1681 1682- GD: 1683 . Fixed bug #71912 (libgd: signedness vulnerability). (CVE-2016-3074) (Stas) 1684 1685- Intl: 1686 . Fixed bug #71516 (IntlDateFormatter looses locale if pattern is set via 1687 constructor). (Anatol) 1688 . Fixed bug #70455 (Missing constant: IntlChar::NO_NUMERIC_VALUE). (Anatol) 1689 . Fixed bug #70451, #70452 (Inconsistencies in return values of IntlChar 1690 methods). (Daniel Persson) 1691 . Fixed bug #68893 (Stackoverflow in datefmt_create). (Anatol) 1692 . Fixed bug #66289 (Locale::lookup incorrectly returns en or en_US if locale 1693 is empty). (Anatol) 1694 . Fixed bug #70484 (selectordinal doesn't work with named parameters). 1695 (Anatol) 1696 . Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative 1697 offset). (Stas) 1698 1699- ODBC: 1700 . Fixed bug #63171 (Script hangs after max_execution_time). (Remi) 1701 1702- Opcache: 1703 . Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER). 1704 (Laruence) 1705 1706- PDO: 1707 . Fixed bug #52098 (Own PDOStatement implementation ignore __call()). 1708 (Daniel kalaspuffar, Julien) 1709 . Fixed bug #71447 (Quotes inside comments not properly handled). (Matteo) 1710 1711- PDO_DBlib: 1712 . Fixed bug #71943 (dblib_handle_quoter needs to allocate an extra byte). 1713 (Adam Baratz) 1714 . Add DBLIB-specific attributes for controlling timeouts. (Adam Baratz) 1715 1716- PDO_pgsql: 1717 . Fixed bug #62498 (pdo_pgsql inefficient when getColumnMeta() is used). 1718 (Joseph Bylund) 1719 1720- Postgres: 1721 . Fixed bug #71820 (pg_fetch_object binds parameters before call 1722 constructor). (Anatol) 1723 . Fixed bug #71998 (Function pg_insert does not insert when column 1724 type = inet). (Anatol) 1725 1726- SOAP: 1727 . Fixed bug #71986 (Nested foreach assign-by-reference creates broken 1728 variables). (Laruence) 1729 1730- SPL: 1731 . Fixed bug #71838 (Deserializing serialized SPLObjectStorage-Object can't 1732 access properties in PHP). (Nikita) 1733 . Fixed bug #71735 (Double-free in SplDoublyLinkedList::offsetSet). (Stas) 1734 . Fixed bug #67582 (Cloned SplObjectStorage with overwritten getHash fails 1735 offsetExists()). (Nikita) 1736 . Fixed bug #52339 (SPL autoloader breaks class_exists()). (Nikita) 1737 1738- Standard: 1739 . Fixed bug #71995 (Returning the same var twice from __sleep() produces 1740 broken serialized data). (Laruence) 1741 . Fixed bug #71940 (Unserialize crushes on restore object reference). 1742 (Laruence) 1743 . Fixed bug #71969 (str_replace returns an incorrect resulting array after 1744 a foreach by reference). (Laruence) 1745 . Fixed bug #71891 (header_register_callback() and 1746 register_shutdown_function()). (Laruence) 1747 . Fixed bug #71884 (Null pointer deref (segfault) in 1748 stream_context_get_default). (Laruence) 1749 . Fixed bug #71840 (Unserialize accepts wrongly data). (Ryat, Laruence) 1750 . Fixed bug #71837 (Wrong arrays behaviour). (Laruence) 1751 . Fixed bug #71827 (substr_replace bug, string length). (krakjoe) 1752 . Fixed bug #67512 (php_crypt() crashes if crypt_r() does not exist or 1753 _REENTRANT is not defined). (Nikita) 1754 . Fixed bug #72116 (array_fill optimization breaks implementation). (Bob) 1755 1756- XML: 1757 . Fixed bug #72099 (xml_parse_into_struct segmentation fault). (Stas) 1758 1759- Zip: 1760 . Fixed bug #71923 (integer overflow in ZipArchive::getFrom*). 1761 (CVE-2016-3078) (Stas) 1762 176331 Mar 2016 PHP 7.0.5 1764 1765- Core: 1766 . Huge pages disabled by default. (Rasmus) 1767 . Added ability to enable huge pages in Zend Memory Manager through 1768 the environment variable USE_ZEND_ALLOC_HUGE_PAGES=1. (Dmitry) 1769 . Fixed bug #71756 (Call-by-reference widens scope to uninvolved functions 1770 when used in switch). (Laruence) 1771 . Fixed bug #71729 (Possible crash in zend_bin_strtod, zend_oct_strtod, 1772 zend_hex_strtod). (Laruence) 1773 . Fixed bug #71695 (Global variables are reserved before execution). 1774 (Laruence) 1775 . Fixed bug #71629 (Out-of-bounds access in php_url_decode in context 1776 php_stream_url_wrap_rfc2397). (mt at debian dot org) 1777 . Fixed bug #71622 (Strings used in pass-as-reference cannot be used to 1778 invoke C::$callable()). (Bob) 1779 . Fixed bug #71596 (Segmentation fault on ZTS with date function 1780 (setlocale)). (Anatol) 1781 . Fixed bug #71535 (Integer overflow in zend_mm_alloc_heap()). (Dmitry) 1782 . Fixed bug #71470 (Leaked 1 hashtable iterators). (Nikita) 1783 . Fixed bug #71575 (ISO C does not allow extra ‘;’ outside of a function). 1784 (asgrim) 1785 . Fixed bug #71724 (yield from does not count EOLs). (Nikita) 1786 . Fixed bug #71767 (ReflectionMethod::getDocComment returns the wrong 1787 comment). (Grigorii Sokolik) 1788 . Fixed bug #71806 (php_strip_whitespace() fails on some numerical values). 1789 (Nikita) 1790 . Fixed bug #71624 (`php -R` (PHP_MODE_PROCESS_STDIN) is broken). 1791 (Sean DuBois) 1792 1793- CLI Server: 1794 . Fixed bug #69953 (Support MKCALENDAR request method). (Christoph) 1795 1796- Curl: 1797 . Fixed bug #71694 (Support constant CURLM_ADDED_ALREADY). (mpyw) 1798 1799- Date: 1800 . Fixed bug #71635 (DatePeriod::getEndDate segfault). (Thomas Punt) 1801 1802- Fileinfo: 1803 . Fixed bug #71527 (Buffer over-write in finfo_open with malformed magic 1804 file). (CVE-2015-8865) (Anatol) 1805 1806- libxml: 1807 . Fixed bug #71536 (Access Violation crashes php-cgi.exe). (Anatol) 1808 1809- mbstring: 1810 . Fixed bug #71906 (AddressSanitizer: negative-size-param (-1) in 1811 mbfl_strcut). (CVE-2016-4073) (Stas) 1812 1813- ODBC: 1814 . Fixed bug #47803, #69526 (Executing prepared statements is succesfull only 1815 for the first two statements). (einavitamar at gmail dot com, Anatol) 1816 1817- PCRE: 1818 . Fixed bug #71659 (segmentation fault in pcre running twig tests). 1819 (nish dot aravamudan at canonical dot com) 1820 1821- PDO_DBlib: 1822 . Fixed bug #54648 (PDO::MSSQL forces format of datetime fields). 1823 (steven dot lambeth at gmx dot de, Anatol) 1824 1825- Phar: 1826 . Fixed bug #71625 (Crash in php7.dll with bad phar filename). (Anatol) 1827 . Fixed bug #71317 (PharData fails to open specific file). (Jos Elstgeest) 1828 . Fixed bug #71860 (Invalid memory write in phar on filename with \0 in 1829 name). (CVE-2016-4072) (Stas) 1830 1831- phpdbg: 1832 . Fixed crash when advancing (except step) inside an internal function. (Bob) 1833 1834- Session: 1835 . Fixed bug #71683 (Null pointer dereference in zend_hash_str_find_bucket). 1836 (Yasuo) 1837 1838- SNMP: 1839 . Fixed bug #71704 (php_snmp_error() Format String Vulnerability). 1840 (CVE-2016-4071) (andrew at jmpesp dot org) 1841 1842- SPL: 1843 . Fixed bug #71617 (private properties lost when unserializing ArrayObject). 1844 (Nikita) 1845 1846- Standard: 1847 . Fixed bug #71660 (array_column behaves incorrectly after foreach by 1848 reference). (Laruence) 1849 . Fixed bug #71798 (Integer Overflow in php_raw_url_encode). (CVE-2016-4070) 1850 (taoguangchen at icloud dot com, Stas) 1851 1852- Zip: 1853 . Update bundled libzip to 1.1.2. (Remi, Anatol) 1854 185503 Mar 2016 PHP 7.0.4 1856 1857- Core: 1858 . Fixed bug (Low probability segfault in zend_arena). (Laruence) 1859 . Fixed bug #71441 (Typehinted Generator with return in try/finally crashes). 1860 (Bob) 1861 . Fixed bug #71442 (forward_static_call crash). (Laruence) 1862 . Fixed bug #71443 (Segfault using built-in webserver with intl using 1863 symfony). (Laruence) 1864 . Fixed bug #71449 (An integer overflow bug in php_implode()). (Stas) 1865 . Fixed bug #71450 (An integer overflow bug in php_str_to_str_ex()). (Stas) 1866 . Fixed bug #71474 (Crash because of VM stack corruption on Magento2). 1867 (Dmitry) 1868 . Fixed bug #71485 (Return typehint on internal func causes Fatal error 1869 when it throws exception). (Laruence) 1870 . Fixed bug #71529 (Variable references on array elements don't work when 1871 using count). (Nikita) 1872 . Fixed bug #71601 (finally block not executed after yield from). (Bob) 1873 . Fixed bug #71637 (Multiple Heap Overflow due to integer overflows in 1874 xml/filter_url/addcslashes). (CVE-2016-4344, CVE-2016-4345, CVE-2016-4346) 1875 (Stas) 1876 1877- CLI server: 1878 . Fixed bug #71559 (Built-in HTTP server, we can download file in web by bug). 1879 (Johannes, Anatol) 1880 1881- CURL: 1882 . Fixed bug #71523 (Copied handle with new option CURLOPT_HTTPHEADER crashes 1883 while curl_multi_exec). (Laruence) 1884 . Fixed memory leak in curl_getinfo(). (Leigh) 1885 1886- Date: 1887 . Fixed bug #71525 (Calls to date_modify will mutate timelib_rel_time, 1888 causing date_date_set issues). (Sean DuBois) 1889 1890- Fileinfo: 1891 . Fixed bug #71434 (finfo throws notice for specific python file). (Laruence) 1892 1893- FPM: 1894 . Fixed bug #62172 (FPM not working with Apache httpd 2.4 balancer/fcgi 1895 setup). (Matt Haught, Remi) 1896 . Fixed bug #71269 (php-fpm dumped core). (Mickaël) 1897 1898- Opcache: 1899 . Fixed bug #71584 (Possible use-after-free of ZCG(cwd) in Zend Opcache). 1900 (Yussuf Khalil) 1901 1902- PCRE: 1903 . Fixed bug #71537 (PCRE segfault from Opcache). (Laruence) 1904 1905- phpdbg: 1906 . Fixed inherited functions from unspecified files being included in 1907 phpdbg_get_executable(). (Bob) 1908 1909- SOAP: 1910 . Fixed bug #71610 (Type Confusion Vulnerability - SOAP / 1911 make_http_soap_request()). (CVE-2016-3185) (Stas) 1912 1913- Standard: 1914 . Fixed bug #71603 (compact() maintains references in php7). (Laruence) 1915 . Fixed bug #70720 (strip_tags improper php code parsing). (Julien) 1916 1917- XMLRPC: 1918 . Fixed bug #71501 (xmlrpc_encode_request ignores encoding option). (Hieu Le) 1919 1920- Zip: 1921 . Fixed bug #71561 (NULL pointer dereference in Zip::ExtractTo). (Laruence) 1922 192304 Feb 2016 PHP 7.0.3 1924 1925- Core: 1926 . Added support for new HTTP 451 code. (Julien) 1927 . Fixed bug #71039 (exec functions ignore length but look for NULL 1928 termination). (Anatol) 1929 . Fixed bug #71089 (No check to duplicate zend_extension). (Remi) 1930 . Fixed bug #71201 (round() segfault on 64-bit builds). (Anatol) 1931 . Fixed bug #71221 (Null pointer deref (segfault) in get_defined_vars via 1932 ob_start). (hugh at allthethings dot co dot nz) 1933 . Fixed bug #71248 (Wrong interface is enforced). (Dmitry) 1934 . Fixed bug #71273 (A wrong ext directory setup in php.ini leads to crash). 1935 (Anatol) 1936 . Fixed Bug #71275 (Bad method called on cloning an object having a trait). 1937 (Bob) 1938 . Fixed bug #71297 (Memory leak with consecutive yield from). (Bob) 1939 . Fixed bug #71300 (Segfault in zend_fetch_string_offset). (Laruence) 1940 . Fixed bug #71314 (var_export(INF) prints INF.0). (Andrea) 1941 . Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its 1942 input). (Leo Gaspard) 1943 . Fixed bug #71336 (Wrong is_ref on properties as exposed via 1944 get_object_vars()). (Laruence) 1945 . Fixed bug #71459 (Integer overflow in iptcembed()). (Stas) 1946 1947- Apache2handler: 1948 . Fix >2G Content-Length headers in apache2handler. (Adam Harvey) 1949 1950- CURL: 1951 . Fixed bug #71227 (Can't compile php_curl statically). (Anatol) 1952 . Fixed bug #71225 (curl_setopt() fails to set CURLOPT_POSTFIELDS with 1953 reference to CURLFile). (Laruence) 1954 1955- GD: 1956 . Improved fix for bug #70976. (Remi) 1957 1958- Interbase: 1959 . Fixed Bug #71305 (Crash when optional resource is omitted). 1960 (Laruence, Anatol) 1961 1962- LDAP: 1963 . Fixed bug #71249 (ldap_mod_replace/ldap_mod_add store value as string 1964 "Array"). (Laruence) 1965 1966- mbstring: 1967 . Fixed bug #71397 (mb_send_mail segmentation fault). (Andrea, Yasuo) 1968 1969- OpenSSL: 1970 . Fixed bug #71475 (openssl_seal() uninitialized memory usage). (Stas) 1971 1972- PCRE: 1973 . Upgraded pcrelib to 8.38. (CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, 1974 CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394) 1975 1976- Phar: 1977 . Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (CVE-2016-4342) 1978 (Stas) 1979 . Fixed bug #71331 (Uninitialized pointer in phar_make_dirstream()). 1980 (CVE-2016-4343) (Stas) 1981 . Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()). 1982 (Stas) 1983 . Fixed bug #71488 (Stack overflow when decompressing tar archives). 1984 (CVE-2016-2554) (Stas) 1985 1986- SOAP: 1987 . Fixed bug #70979 (crash with bad soap request). (Anatol) 1988 1989- SPL: 1990 . Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading). 1991 (Laruence) 1992 . Fixed bug #71202 (Autoload function registered by another not activated 1993 immediately). (Laruence) 1994 . Fixed bug #71311 (Use-after-free vulnerability in SPL(ArrayObject, 1995 unserialize)). (Sean Heelan) 1996 . Fixed bug #71313 (Use-after-free vulnerability in SPL(SplObjectStorage, 1997 unserialize)). (Sean Heelan) 1998 1999- Standard: 2000 . Fixed bug #71287 (Error message contains hexadecimal instead of decimal 2001 number). (Laruence) 2002 . Fixed bug #71264 (file_put_contents() returns unexpected value when 2003 filesystem runs full). (Laruence) 2004 . Fixed bug #71245 (file_get_contents() ignores "header" context option if 2005 it's a reference). (Laruence) 2006 . Fixed bug #71220 (Null pointer deref (segfault) in compact via ob_start). 2007 (hugh at allthethings dot co dot nz) 2008 . Fixed bug #71190 (substr_replace converts integers in original $search 2009 array to strings). (Laruence) 2010 . Fixed bug #71188 (str_replace converts integers in original $search array 2011 to strings). (Laruence) 2012 . Fixed bug #71132, #71197 (range() segfaults). (Thomas Punt) 2013 2014- WDDX: 2015 . Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization). (Stas) 2016 201707 Jan 2016 PHP 7.0.2 2018 2019- Core: 2020 . Fixed bug #71165 (-DGC_BENCH=1 doesn't work on PHP7). 2021 (y dot uchiyama dot 1015 at gmail dot com) 2022 . Fixed bug #71163 (Segmentation Fault: cleanup_unfinished_calls). (Laruence) 2023 . Fixed bug #71109 (ZEND_MOD_CONFLICTS("xdebug") doesn't work). (Laruence) 2024 . Fixed bug #71092 (Segmentation fault with return type hinting). (Laruence) 2025 . Fixed bug memleak in header_register_callback. (Laruence) 2026 . Fixed bug #71067 (Local object in class method stays in memory for each 2027 call). (Laruence) 2028 . Fixed bug #66909 (configure fails utf8_to_mutf7 test). (Michael Orlitzky) 2029 . Fixed bug #70781 (Extension tests fail on dynamic ext dependency). 2030 (Francois Laupretre) 2031 . Fixed bug #71089 (No check to duplicate zend_extension). (Remi) 2032 . Fixed bug #71086 (Invalid numeric literal parse error within 2033 highlight_string() function). (Nikita) 2034 . Fixed bug #71154 (Incorrect HT iterator invalidation causes iterator reuse). 2035 (Nikita) 2036 . Fixed bug #52355 (Negating zero does not produce negative zero). (Andrea) 2037 . Fixed bug #66179 (var_export() exports float as integer). (Andrea) 2038 . Fixed bug #70804 (Unary add on negative zero produces positive zero). 2039 (Andrea) 2040 2041- CURL: 2042 . Fixed bug #71144 (Sementation fault when using cURL with ZTS). 2043 (Michael Maroszek, Laruence) 2044 2045- DBA: 2046 . Fixed key leak with invalid resource. (Laruence) 2047 2048- Filter: 2049 . Fixed bug #71063 (filter_input(INPUT_ENV, ..) does not work). (Reeze Xia) 2050 2051- FPM: 2052 . Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (Stas) 2053 2054- FTP: 2055 . Implemented FR #55651 (Option to ignore the returned FTP PASV address). 2056 (abrender at elitehosts dot com) 2057 2058- GD: 2059 . Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index 2060 Out of Bounds). (CVE-2016-1903) (emmanuel dot law at gmail dot com) 2061 2062- Mbstring: 2063 . Fixed bug #71066 (mb_send_mail: Program terminated with signal SIGSEGV, 2064 Segmentation fault). (Laruence) 2065 2066- Opcache: 2067 . Fixed bug #71127 (Define in auto_prepend_file is overwrite). (Laruence) 2068 2069- PCRE: 2070 . Fixed bug #71178 (preg_replace with arrays creates [0] in replace array 2071 if not already set). (Laruence) 2072 2073- Readline: 2074 . Fixed bug #71094 (readline_completion_function corrupts static array on 2075 second TAB). (Nikita) 2076 2077- Session: 2078 . Fixed bug #71122 (Session GC may not remove obsolete session data). (Yasuo) 2079 2080- SPL: 2081 . Fixed bug #71077 (ReflectionMethod for ArrayObject constructor returns 2082 wrong number of parameters). (Laruence) 2083 . Fixed bug #71153 (Performance Degradation in ArrayIterator with large 2084 arrays). (Nikita) 2085 2086- Standard: 2087 . Fixed bug #71270 (Heap BufferOver Flow in escapeshell functions). 2088 (CVE-2016-1904) (emmanuel dot law at gmail dot com) 2089 2090- WDDX: 2091 . Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet 2092 Deserialization). (taoguangchen at icloud dot com) 2093 . Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion 2094 Vulnerability). (taoguangchen at icloud dot com) 2095 2096- XMLRPC: 2097 . Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker). 2098 (Julien) 2099 210017 Dec 2015, PHP 7.0.1 2101 2102- Core: 2103 . Fixed bug #71105 (Format String Vulnerability in Class Name Error Message). 2104 (CVE-2015-8617) (andrew at jmpesp dot org) 2105 . Fixed bug #70831 (Compile fails on system with 160 CPUs). (Daniel Axtens) 2106 . Fixed bug #71006 (symbol referencing errors on Sparc/Solaris). (Dmitry) 2107 . Fixed bug #70997 (When using parentClass:: instead of parent::, static 2108 context changed). (Dmitry) 2109 . Fixed bug #70970 (Segfault when combining error handler with output 2110 buffering). (Laruence) 2111 . Fixed bug #70967 (Weird error handling for __toString when Error is 2112 thrown). (Laruence) 2113 . Fixed bug #70958 (Invalid opcode while using ::class as trait method 2114 paramater default value). (Laruence) 2115 . Fixed bug #70944 (try{ } finally{} can create infinite chains of 2116 exceptions). (Laruence) 2117 . Fixed bug #70931 (Two errors messages are in conflict). (dams, Laruence) 2118 . Fixed bug #70904 (yield from incorrectly marks valid generator as 2119 finished). (Bob) 2120 . Fixed bug #70899 (buildconf failure in extensions). (Bob, Reeze) 2121 . Fixed bug #61751 (SAPI build problem on AIX: Undefined symbol: 2122 php_register_internal_extensions). (Lior Kaplan) 2123 . Fixed \int (or generally every scalar type name with leading backslash) 2124 to not be accepted as type name. (Bob) 2125 . Fixed exception not being thrown immediately into a generator yielding 2126 from an array. (Bob) 2127 . Fixed bug #70987 (static::class within Closure::call() causes segfault). 2128 (Andrea) 2129 . Fixed bug #71013 (Incorrect exception handler with yield from). (Bob) 2130 . Fixed double free in error condition of format printer. (Bob) 2131 2132- CLI server: 2133 . Fixed bug #71005 (Segfault in php_cli_server_dispatch_router()). (Adam) 2134 2135- Intl: 2136 . Fixed bug #71020 (Use after free in Collator::sortWithSortKeys). 2137 (CVE-2015-8616) (emmanuel dot law at gmail dot com, Laruence) 2138 2139- Mysqlnd: 2140 . Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction). 2141 (Laruence) 2142 . Fixed bug #68344 (MySQLi does not provide way to disable peer certificate 2143 validation) by introducing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT 2144 connection flag. (Andrey) 2145 2146- OCI8: 2147 . Fixed LOB implementation size_t/zend_long mismatch reported by gcov. 2148 (Senthil) 2149 2150- Opcache: 2151 . Fixed bug #71024 (Unable to use PHP 7.0 x64 side-by-side with PHP 5.6 x32 2152 on the same server). (Anatol) 2153 . Fixed bug #70991 (zend_file_cache.c:710: error: array type has incomplete 2154 element type). (Laruence) 2155 . Fixed bug #70977 (Segmentation fault with opcache.huge_code_pages=1). 2156 (Laruence) 2157 2158- PDO_Firebird: 2159 . Fixed bug #60052 (Integer returned as a 64bit integer on X64_86). (Mariuz) 2160 2161- Phpdbg: 2162 . Fixed stderr being written to stdout. (Bob) 2163 2164- Reflection: 2165 . Fixed bug #71018 (ReflectionProperty::setValue() behavior changed). 2166 (Laruence) 2167 . Fixed bug #70982 (setStaticPropertyValue behaviors inconsistently with 2168 5.6). (Laruence) 2169 2170- Soap: 2171 . Fixed bug #70993 (Array key references break argument processing). 2172 (Laruence) 2173 2174- SPL: 2175 . Fixed bug #71028 (Undefined index with ArrayIterator). (Laruence) 2176 2177- SQLite3: 2178 . Fixed bug #71049 (SQLite3Stmt::execute() releases bound parameter instead 2179 of internal buffer). (Laruence) 2180 2181- Standard: 2182 . Fixed bug #70999 (php_random_bytes: called object is not a function). 2183 (Scott) 2184 . Fixed bug #70960 (ReflectionFunction for array_unique returns wrong number 2185 of parameters). (Laruence) 2186 2187- Streams/Socket: 2188 . Add IPV6_V6ONLY constant / make it usable in stream contexts. (Bob) 2189 219003 Dec 2015, PHP 7.0.0 2191 2192- Core: 2193 . Fixed bug #70947 (INI parser segfault with INI_SCANNER_TYPED). (Laruence) 2194 . Fixed bug #70914 (zend_throw_or_error() format string vulnerability). 2195 (Taoguang Chen) 2196 . Fixed bug #70912 (Null ptr dereference instantiating class with invalid 2197 array property). (Laruence) 2198 . Fixed bug #70895, #70898 (null ptr deref and segfault with crafted calable). 2199 (Anatol, Laruence) 2200 . Fixed bug #70249 (Segmentation fault while running PHPUnit tests on 2201 phpBB 3.2-dev). (Laruence) 2202 . Fixed bug #70805 (Segmentation faults whilst running Drupal 8 test suite). 2203 (Dmitry, Laruence) 2204 . Fixed bug #70842 (Persistent Stream Segmentation Fault). (Caleb Champlin) 2205 . Fixed bug #70862 (Several functions do not check return code of 2206 php_stream_copy_to_mem()). (Anatol) 2207 . Fixed bug #70863 (Incorect logic to increment_function for proxy objects). 2208 (Anatol) 2209 . Fixed bug #70323 (Regression in zend_fetch_debug_backtrace() can cause 2210 segfaults). (Aharvey, Laruence) 2211 . Fixed bug #70873 (Regression on private static properties access). 2212 (Laruence) 2213 . Fixed bug #70748 (Segfault in ini_lex () at Zend/zend_ini_scanner.l). 2214 (Laruence) 2215 . Fixed bug #70689 (Exception handler does not work as expected). (Laruence) 2216 . Fixed bug #70430 (Stack buffer overflow in zend_language_parser()). (Nikita) 2217 . Fixed bug #70782 (null ptr deref and segfault (zend_get_class_fetch_type)). 2218 (Nikita) 2219 . Fixed bug #70785 (Infinite loop due to exception during identical 2220 comparison). (Laruence) 2221 . Fixed bug #70630 (Closure::call/bind() crash with ReflectionFunction-> 2222 getClosure()). (Dmitry, Bob) 2223 . Fixed bug #70662 (Duplicate array key via undefined index error handler). 2224 (Nikita) 2225 . Fixed bug #70681 (Segfault when binding $this of internal instance method 2226 to null). (Nikita) 2227 . Fixed bug #70685 (Segfault for getClosure() internal method rebind with 2228 invalid $this). (Nikita) 2229 . Added zend_internal_function.reserved[] fields. (Dmitry) 2230 . Fixed bug #70557 (Memleak on return type verifying failed). (Laruence) 2231 . Fixed bug #70555 (fun_get_arg() on unsetted vars return UNKNOW). (Laruence) 2232 . Fixed bug #70548 (Redundant information printed in case of uncaught engine 2233 exception). (Laruence) 2234 . Fixed bug #70547 (unsetting function variables corrupts backtrace). 2235 (Laruence) 2236 . Fixed bug #70528 (assert() with instanceof adds apostrophes around class 2237 name). (Laruence) 2238 . Fixed bug #70481 (Memory leak in auto_global_copy_ctor() in ZTS build). 2239 (Laruence) 2240 . Fixed bug #70431 (Memory leak in php_ini.c). (Senthil, Laruence) 2241 . Fixed bug #70478 (**= does no longer work). (Bob) 2242 . Fixed bug #70398 (SIGSEGV, Segmentation fault zend_ast_destroy_ex). 2243 (Dmitry, Bob, Laruence) 2244 . Fixed bug #70332 (Wrong behavior while returning reference on object). 2245 (Laruence, Dmitry) 2246 . Fixed bug #70300 (Syntactical inconsistency with new group use syntax). 2247 (marcio dot web2 at gmail dot com) 2248 . Fixed bug #70321 (Magic getter breaks reference to array property). 2249 (Laruence) 2250 . Fixed bug #70187 (Notice: unserialize(): Unexpected end of serialized 2251 data). (Dmitry) 2252 . Fixed bug #70145 (From field incorrectly parsed from headers). (Anatol) 2253 . Fixed bug #70370 (Bundled libtool.m4 doesn't handle FreeBSD 10 when 2254 building extensions). (Adam) 2255 . Fixed bug causing exception traces with anon classes to be truncated. (Bob) 2256 . Fixed bug #70397 (Segmentation fault when using Closure::call and yield). 2257 (Bob) 2258 . Fixed bug #70299 (Memleak while assigning object offsetGet result). 2259 (Laruence) 2260 . Fixed bug #70288 (Apache crash related to ZEND_SEND_REF). (Laruence) 2261 . Fixed bug #70262 (Accessing array crashes PHP 7.0beta3). 2262 (Laruence, Dmitry) 2263 . Fixed bug #70258 (Segfault if do_resize fails to allocated memory). 2264 (Laruence) 2265 . Fixed bug #70253 (segfault at _efree () in zend_alloc.c:1389). (Laruence) 2266 . Fixed bug #70240 (Segfault when doing unset($var());). (Laruence) 2267 . Fixed bug #70223 (Incrementing value returned by magic getter). (Laruence) 2268 . Fixed bug #70215 (Segfault when __invoke is static). (Bob) 2269 . Fixed bug #70207 (Finally is broken with opcache). (Laruence, Dmitry) 2270 . Fixed bug #70173 (ZVAL_COPY_VALUE_EX broken for 32bit Solaris Sparc). 2271 (Laruence, cmb) 2272 . Fixed bug #69487 (SAPI may truncate POST data). (cmb) 2273 . Fixed bug #70198 (Checking liveness does not work as expected). 2274 (Shafreeck Sea, Anatol Belski) 2275 . Fixed bug #70241,#70293 (Skipped assertions affect Generator returns). (Bob) 2276 . Fixed bug #70239 (Creating a huge array doesn't result in exhausted, 2277 but segfault). (Laruence, Anatol) 2278 . Fixed "finally" issues. (Nikita, Dmitry) 2279 . Fixed bug #70098 (Real memory usage doesn't decrease). (Dmitry) 2280 . Fixed bug #70159 (__CLASS__ is lost in closures). (Julien) 2281 . Fixed bug #70156 (Segfault in zend_find_alias_name). (Laruence) 2282 . Fixed bug #70124 (null ptr deref / seg fault in ZEND_HANDLE_EXCEPTION). 2283 (Laruence) 2284 . Fixed bug #70117 (Unexpected return type error). (Laruence) 2285 . Fixed bug #70106 (Inheritance by anonymous class). (Bob) 2286 . Fixed bug #69674 (SIGSEGV array.c:953). (cmb) 2287 . Fixed bug #70164 (__COMPILER_HALT_OFFSET__ under namespace is not defined). 2288 (Bob) 2289 . Fixed bug #70108 (sometimes empty $_SERVER['QUERY_STRING']). (Anatol) 2290 . Fixed bug #70179 ($this refcount issue). (Bob) 2291 . Fixed bug #69896 ('asm' operand has impossible constraints). (Anatol) 2292 . Fixed bug #70183 (null pointer deref (segfault) in zend_eval_const_expr). 2293 (Hugh Davenport) 2294 . Fixed bug #70182 (Segfault in ZEND_ASSIGN_DIV_SPEC_CV_UNUSED_HANDLER). 2295 (Hugh Davenport) 2296 . Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive 2297 method calls). (Stas) 2298 . Fixed bug #69892 (Different arrays compare indentical due to integer key 2299 truncation). (Nikita) 2300 . Fixed bug #70121 (unserialize() could lead to unexpected methods execution 2301 / NULL pointer deref). (Stas) 2302 . Fixed bug #70089 (segfault at ZEND_FETCH_DIM_W_SPEC_VAR_CONST_HANDLER ()). 2303 (Laruence) 2304 . Fixed bug #70057 (Build failure on 32-bit Mac OS X 10.6.8: recursive 2305 inlining). (Laruence) 2306 . Fixed bug #70012 (Exception lost with nested finally block). (Laruence) 2307 . Fixed bug #69996 (Changing the property of a cloned object affects the 2308 original). (Dmitry, Laruence) 2309 . Fixed bug #70083 (Use after free with assign by ref to overloaded objects). 2310 (Bob) 2311 . Fixed bug #70006 (cli - function with default arg = STDOUT crash output). 2312 (Laruence) 2313 . Fixed bug #69521 (Segfault in gc_collect_cycles()). 2314 (arjen at react dot com, Laruence) 2315 . Improved zend_string API. (Francois Laupretre) 2316 . Fixed bug #69955 (Segfault when trying to combine [] and assign-op on 2317 ArrayAccess object). (Laruence) 2318 . Fixed bug #69957 (Different ways of handling div/mod/intdiv). (Bob) 2319 . Fixed bug #69900 (Too long timeout on pipes). (Anatol) 2320 . Fixed bug #69872 (uninitialised value in strtr with array). (Laruence) 2321 . Fixed bug #69868 (Invalid read of size 1 in zend_compile_short_circuiting). 2322 (Laruence) 2323 . Fixed bug #69849 (Broken output of apache_request_headers). (Kalle) 2324 . Fixed bug #69840 (iconv_substr() doesn't work with UTF-16BE). (Kalle) 2325 . Fixed bug #69823 (PHP 7.0.0alpha1 segmentation fault when exactly 33 2326 extensions are loaded). (Laruence) 2327 . Fixed bug #69805 (null ptr deref and seg fault in zend_resolve_class_name). 2328 (Laruence) 2329 . Fixed bug #69802 (Reflection on Closure::__invoke borks type hint class 2330 name). (Dmitry) 2331 . Fixed bug #69761 (Serialization of anonymous classes should be prevented). 2332 (Laruence) 2333 . Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation 2334 fault). (Christoph M. Becker) 2335 . Fixed bug #69781 (phpinfo() reports Professional Editions of Windows 2336 7/8/8.1/10 as "Business"). (Christian Wenz) 2337 . Fixed bug #69835 (phpinfo() does not report many Windows SKUs). 2338 (Christian Wenz) 2339 . Fixed bug #69889 (Null coalesce operator doesn't work for string offsets). 2340 (Nikita) 2341 . Fixed bug #69891 (Unexpected array comparison result). (Nikita) 2342 . Fixed bug #69892 (Different arrays compare indentical due to integer key 2343 truncation). (Nikita) 2344 . Fixed bug #69893 (Strict comparison between integer and empty string keys 2345 crashes). (Nikita) 2346 . Fixed bug #69767 (Default parameter value with wrong type segfaults). 2347 (cmb, Laruence) 2348 . Fixed bug #69756 (Fatal error: Nesting level too deep - recursive dependency 2349 ? with ===). (Dmitry, Laruence) 2350 . Fixed bug #69758 (Item added to array not being removed by array_pop/shift 2351 ). (Laruence) 2352 . Fixed bug #68475 (Add support for $callable() sytnax with 'Class::method'). 2353 (Julien, Aaron Piotrowski) 2354 . Fixed bug #69485 (Double free on zend_list_dtor). (Laruence) 2355 . Fixed bug #69427 (Segfault on magic method __call of private method in 2356 superclass). (Laruence) 2357 . Improved __call() and __callStatic() magic method handling. Now they are 2358 called in a stackless way using ZEND_CALL_TRAMPOLINE opcode, without 2359 additional stack frame. (Laruence, Dmitry) 2360 . Optimized strings concatenation. (Dmitry, Laruence) 2361 . Fixed weird operators behavior. Division by zero now emits warning and 2362 returns +/-INF, modulo by zero and intdid() throws an exception, shifts 2363 by negative offset throw exceptions. Compile-time evaluation of division 2364 by zero is disabled. (Dmitry, Andrea, Nikita) 2365 . Fixed bug #69371 (Hash table collision leads to inaccessible array keys). 2366 (Laruence) 2367 . Fixed bug #68933 (Invalid read of size 8 in zend_std_read_property). 2368 (Laruence, arjen at react dot com) 2369 . Fixed bug #68252 (segfault in Zend/zend_hash.c in function 2370 _zend_hash_del_el). (Laruence) 2371 . Fixed bug #65598 (Closure executed via static autoload incorrectly marked as 2372 static). (Nikita) 2373 . Fixed bug #66811 (Cannot access static::class in lambda, writen outside of a 2374 class). (Nikita) 2375 . Fixed bug #69568 (call a private function in closure failed). (Nikita) 2376 . Added PHP_INT_MIN constant. (Andrea) 2377 . Added Closure::call() method. (Andrea) 2378 . Fixed bug #67959 (Segfault when calling phpversion('spl')). (Florian) 2379 . Implemented the RFC `Catchable "Call to a member function bar() on a 2380 non-object"`. (Timm) 2381 . Added options parameter for unserialize allowing to specify acceptable 2382 classes (https://wiki.php.net/rfc/secure_unserialize). (Stas) 2383 . Fixed bug #63734 (Garbage collector can free zvals that are still 2384 referenced). (Dmitry) 2385 . Removed ZEND_ACC_FINAL_CLASS, promoting ZEND_ACC_FINAL as final class 2386 modifier. (Guilherme Blanco) 2387 . is_long() & is_integer() is now an alias of is_int(). (Kalle) 2388 . Implemented FR #55467 (phpinfo: PHP Variables with $ and single quotes). (Kalle) 2389 . Added ?? operator. (Andrea) 2390 . Added <=> operator. (Andrea) 2391 . Added \u{xxxxx} Unicode Codepoint Escape Syntax. (Andrea) 2392 . Fixed oversight where define() did not support arrays yet const syntax did. 2393 (Andrea, Dmitry) 2394 . Use "integer" and "float" instead of "long" and "double" in ZPP, type hint 2395 and conversion error messages. (Andrea) 2396 . Implemented FR #55428 (E_RECOVERABLE_ERROR when output buffering in output 2397 buffering handler). (Kalle) 2398 . Removed scoped calls of non-static methods from an incompatible $this 2399 context. (Nikita) 2400 . Removed support for #-style comments in ini files. (Nikita) 2401 . Removed support for assigning the result of new by reference. (Nikita) 2402 . Invalid octal literals in source code now produce compile errors, fixes 2403 PHPSadness #31. (Andrea) 2404 . Removed dl() function on fpm-fcgi. (Nikita) 2405 . Removed support for hexadecimal numeric strings. (Nikita) 2406 . Removed obsolete extensions and SAPIs. See the full list in UPGRADING. (Anatol) 2407 . Added NULL byte protection to exec, system and passthru. (Yasuo) 2408 . Added error_clear_last() function. (Reeze Xia) 2409 . Fixed bug #68797 (Number 2.2250738585072012e-308 converted incorrectly). 2410 (Anatol) 2411 . Improved zend_qsort(using hybrid sorting algo) for better performance, 2412 and also renamed zend_qsort to zend_sort. (Laruence) 2413 . Added stable sorting algo zend_insert_sort. (Laruence) 2414 . Improved zend_memnchr(using sunday algo) for better performance. (Laruence) 2415 . Implemented the RFC `Scalar Type Decalarations v0.5`. (Anthony) 2416 . Implemented the RFC `Group Use Declarations`. (Marcio) 2417 . Implemented the RFC `Continue Output Buffering`. (Mike) 2418 . Implemented the RFC `Constructor behaviour of internal classes`. (Dan, Dmitry) 2419 . Implemented the RFC `Fix "foreach" behavior`. (Dmitry) 2420 . Implemented the RFC `Generator Delegation`. (Bob) 2421 . Implemented the RFC `Anonymous Class Support`. (Joe, Nikita, Dmitry) 2422 . Implemented the RFC `Context Sensitive Lexer`. (Marcio Almada) 2423 . Fixed bug #69511 (Off-by-one buffer overflow in php_sys_readlink). 2424 (Jan Starke, Anatol) 2425 2426- CLI server: 2427 . Fixed bug #68291 (404 on urls with '+'). (cmb) 2428 . Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). 2429 (wusuopu, cmb) 2430 . Fixed bug #70264 (CLI server directory traversal). (cmb) 2431 . Fixed bug #69655 (php -S changes MKCALENDAR request method to MKCOL). (cmb) 2432 . Fixed bug #64878 (304 responses return Content-Type header). (cmb) 2433 . Refactor MIME type handling to use a hash table instead of linear search. 2434 (Adam) 2435 . Update the MIME type list from the one shipped by Apache HTTPD. (Adam) 2436 . Added support for SEARCH WebDav method. (Mats Lindh) 2437 2438- COM: 2439 . Fixed bug #69939 (Casting object to bool returns false). (Kalle) 2440 2441- Curl: 2442 . Fixed bug #70330 (Segmentation Fault with multiple "curl_copy_handle"). 2443 (Laruence) 2444 . Fixed bug #70163 (curl_setopt_array() type confusion). (Laruence) 2445 . Fixed bug #70065 (curl_getinfo() returns corrupted values). (Anatol) 2446 . Fixed bug #69831 (Segmentation fault in curl_getinfo). (im dot denisenko at 2447 yahoo dot com) 2448 . Fixed bug #68937 (Segfault in curl_multi_exec). (Laruence) 2449 . Removed support for unsafe file uploads. (Nikita) 2450 2451- Date: 2452 . Fixed bug #70245 (strtotime does not emit warning when 2nd parameter is 2453 object or string). (cmb) 2454 . Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to 2455 be optional). (cmb) 2456 . Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte). 2457 (cmb) 2458 . Fixed day_of_week function as it could sometimes return negative values 2459 internally. (Derick) 2460 . Removed $is_dst parameter from mktime() and gmmktime(). (Nikita) 2461 . Removed date.timezone warning 2462 (https://wiki.php.net/rfc/date.timezone_warning_removal). (Bob) 2463 . Added "v" DateTime format modifier to get the 3-digit version of fraction 2464 of seconds. (Mariano Iglesias) 2465 . Implemented FR #69089 (Added DateTime::RFC3339_EXTENDED to output in 2466 RFC3339 Extended format which includes fraction of seconds). (Mariano 2467 Iglesias) 2468 2469- DBA: 2470 . Fixed bug #62490 (dba_delete returns true on missing item (inifile)). (Mike) 2471 . Fixed bug #68711 (useless comparisons). (bugreports at internot dot info) 2472 2473- DOM: 2474 . Fixed bug #70558 ("Couldn't fetch" error in 2475 DOMDocument::registerNodeClass()). (Laruence) 2476 . Fixed bug #70001 (Assigning to DOMNode::textContent does additional entity 2477 encoding). (cmb) 2478 . Fixed bug #69846 (Segmenation fault (access violation) when iterating over 2479 DOMNodeList). (Anatol Belski) 2480 . Made DOMNode::textContent writeable. (Tjerk) 2481 2482- EXIF: 2483 . Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte 2484 value of 32 bytes). (Stas) 2485 2486- Fileinfo: 2487 . Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB) 2488 2489- Filter: 2490 . New FILTER_VALIDATE_DOMAIN and better RFC conformance for FILTER_VALIDATE_URL. (Kevin Dunglas) 2491 . Fixed bug #67167 (Wrong return value from FILTER_VALIDATE_BOOLEAN, 2492 FILTER_NULL_ON_FAILURE). (levim) 2493 2494- FPM: 2495 . Fixed bug #70538 ("php-fpm -i" crashes). (rainer dot jung at 2496 kippdata dot de) 2497 . Fixed bug #70279 (HTTP Authorization Header is sometimes passed to newer 2498 reqeusts). (Laruence) 2499 . Fixed bug #68945 (Unknown admin values segfault pools). (Laruence) 2500 . Fixed bug #65933 (Cannot specify config lines longer than 1024 bytes). (Chris Wright) 2501 . Implemented FR #67106 (Split main fpm config). (Elan Ruusamäe, Remi) 2502 2503- FTP: 2504 . Fixed bug #69082 (FTPS support on Windows). (Anatol) 2505 2506- GD: 2507 . Fixed bug #53156 (imagerectangle problem with point ordering). (cmb) 2508 . Fixed bug #66387 (Stack overflow with imagefilltoborder). (CVE-2015-8874) 2509 (cmb) 2510 . Fixed bug #70102 (imagecreatefromwebm() shifts colors). (cmb) 2511 . Fixed bug #66590 (imagewebp() doesn't pad to even length). (cmb) 2512 . Fixed bug #66882 (imagerotate by -90 degrees truncates image by 1px). (cmb) 2513 . Fixed bug #70064 (imagescale(..., IMG_BICUBIC) leaks memory). (cmb) 2514 . Fixed bug #69024 (imagescale segfault with palette based image). (cmb) 2515 . Fixed bug #53154 (Zero-height rectangle has whiskers). (cmb) 2516 . Fixed bug #67447 (imagecrop() add a black line when cropping). (cmb) 2517 . Fixed bug #68714 (copy 'n paste error). (cmb) 2518 . Fixed bug #66339 (PHP segfaults in imagexbm). (cmb) 2519 . Fixed bug #70047 (gd_info() doesn't report WebP support). (cmb) 2520 . Replace libvpx with libwebp for bundled libgd. (cmb, Anatol) 2521 . Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb) 2522 . Made fontFetch's path parser thread-safe. (Sara) 2523 . Removed T1Lib support. (Kalle) 2524 2525- GMP: 2526 . Fixed bug #70284 (Use after free vulnerability in unserialize() with GMP). 2527 (stas) 2528 2529- hash: 2530 . Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee 2531 at naver dot com) 2532 2533- IMAP: 2534 . Fixed bug #70158 (Building with static imap fails). (cmb) 2535 . Fixed bug #69998 (curl multi leaking memory). (Pierrick) 2536 2537- Intl: 2538 . Fixed bug #70453 (IntlChar::foldCase() incorrect arguments and missing 2539 constants). (cmb) 2540 . Fixed bug #70454 (IntlChar::forDigit second parameter should be optional). 2541 (cmb, colinodell) 2542 . Removed deprecated aliases datefmt_set_timezone_id() and 2543 IntlDateFormatter::setTimeZoneID(). (Nikita) 2544 2545- JSON: 2546 . Fixed bug #62010 (json_decode produces invalid byte-sequences). 2547 (Jakub Zelenka) 2548 . Fixed bug #68546 (json_decode() Fatal error: Cannot access property 2549 started with '\0'). (Jakub Zelenka) 2550 . Replace non-free JSON parser with a parser from Jsond extension, fixes #63520 2551 (JSON extension includes a problematic license statement). (Jakub Zelenka) 2552 . Fixed bug #68938 (json_decode() decodes empty string without error). 2553 (jeremy at bat-country dot us) 2554 2555- LDAP: 2556 . Fixed bug #47222 (Implement LDAP_OPT_DIAGNOSTIC_MESSAGE). (Andreas Heigl) 2557 2558- LiteSpeed: 2559 . Updated LiteSpeed SAPI code from V5.5 to V6.6. (George Wang) 2560 2561- libxml: 2562 . Fixed handling of big lines in error messages with libxml >= 2.9.0. 2563 (Christoph M. Becker) 2564 2565- Mcrypt: 2566 . Fixed bug #70625 (mcrypt_encrypt() won't return data when no IV was 2567 specified under RC4). (Nikita) 2568 . Fixed bug #69833 (mcrypt fd caching not working). (Anatol) 2569 . Fixed possible read after end of buffer and use after free. (Dmitry) 2570 . Removed mcrypt_generic_end() alias. (Nikita) 2571 . Removed mcrypt_ecb(), mcrypt_cbc(), mcrypt_cfb(), mcrypt_ofb(). (Nikita) 2572 2573- Mysqli: 2574 . Fixed bug #32490 (constructor of mysqli has wrong name). (cmb) 2575 2576- Mysqlnd: 2577 . Fixed bug #70949 (SQL Result Sets With NULL Can Cause Fatal Memory Errors). 2578 (Laruence) 2579 . Fixed bug #70384 (mysqli_real_query():Unknown type 245 sent by the server). 2580 (Andrey) 2581 . Fixed bug #70456 (mysqlnd doesn't activate TCP keep-alive when connecting to 2582 a server). (Sergei Turchanov) 2583 . Fixed bug #70572 segfault in mysqlnd_connect. (Andrey, Remi) 2584 . Fixed Bug #69796 (mysqli_stmt::fetch doesn't assign null values to 2585 bound variables). (Laruence) 2586 2587- OCI8: 2588 . Fixed memory leak with LOBs. (Senthil) 2589 . Fixed bug #68298 (OCI int overflow) (Senthil). 2590 . Corrected oci8 hash destructors to prevent segfaults, and a few other fixes. 2591 (Cameron Porter) 2592 2593- ODBC: 2594 . Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined 2595 columns). (CVE-2015-8879) (cmb) 2596 2597- Opcache: 2598 . Fixed bug #70656 (require() statement broken after opcache_reset() or a 2599 few hours of use). (Laruence) 2600 . Fixed bug #70843 (Segmentation fault on MacOSX with 2601 opcache.file_cache_only=1). (Laruence) 2602 . Fixed bug #70724 (Undefined Symbols from opcache.so on Mac OS X 10.10). 2603 (Laruence) 2604 . Fixed compatibility with Windows 10 (see also bug #70652). (Anatol) 2605 . Attmpt to fix "Unable to reattach to base address" problem. (Matt Ficken) 2606 . Fixed bug #70423 (Warning Internal error: wrong size calculation). (Anatol) 2607 . Fixed bug #70237 (Empty while and do-while segmentation fault with opcode 2608 on CLI enabled). (Dmitry, Laruence) 2609 . Fixed bug #70111 (Segfault when a function uses both an explicit return 2610 type and an explicit cast). (Laruence) 2611 . Fixed bug #70058 (Build fails when building for i386). (Laruence) 2612 . Fixed bug #70022 (Crash with opcache using opcache.file_cache_only=1). 2613 (Anatol) 2614 . Removed opcache.load_comments configuration directive. Now doc comments 2615 loading costs nothing and always enabled. (Dmitry) 2616 . Fixed bug #69838 (Wrong size calculation for function table). (Anatol) 2617 . Fixed bug #69688 (segfault with eval and opcache fast shutdown). 2618 (Laruence) 2619 . Added experimental (disabled by default) file based opcode cache. 2620 (Dmitry, Laruence, Anatol) 2621 . Fixed bug with try blocks being removed when extended_info opcode 2622 generation is turned on. (Laruence) 2623 . Fixed bug #68644 (strlen incorrect : mbstring + func_overload=2 +UTF-8 2624 + Opcache). (Laruence) 2625 2626- OpenSSL: 2627 . Require at least OpenSSL version 0.9.8. (Jakub Zelenka) 2628 . Fixed bug #68312 (Lookup for openssl.cnf causes a message box). (Anatol) 2629 . Fixed bug #55259 (openssl extension does not get the DH parameters from 2630 DH key resource). (Jakub Zelenka) 2631 . Fixed bug #70395 (Missing ARG_INFO for openssl_seal()). (cmb) 2632 . Fixed bug #60632 (openssl_seal fails with AES). (Jakub Zelenka) 2633 . Implemented FR #70438 (Add IV parameter for openssl_seal and openssl_open) 2634 (Jakub Zelenka) 2635 . Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically 2636 secure). (CVE-2015-8867) (Stas) 2637 . Fixed bug #69882 (OpenSSL error "key values mismatch" after 2638 openssl_pkcs12_read with extra cert). (Tomasz Sawicki) 2639 . Added "alpn_protocols" SSL context option allowing encrypted client/server 2640 streams to negotiate alternative protocols using the ALPN TLS extension when 2641 built against OpenSSL 1.0.2 or newer. Negotiated protocol information is 2642 accessible through stream_get_meta_data() output. 2643 . Removed "CN_match" and "SNI_server_name" SSL context options. Use automatic 2644 detection or the "peer_name" option instead. (Nikita) 2645 2646- Pcntl: 2647 . Fixed bug #70386 (Can't compile on NetBSD because of missing WCONTINUED 2648 and WIFCONTINUED). (Matteo) 2649 . Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler 2650 when setting SIG_DFL). (Julien) 2651 . Implemented FR #68505 (Added wifcontinued and wcontinued). (xilon-jul) 2652 . Added rusage support to pcntl_wait() and pcntl_waitpid(). (Anton Stepanenko, 2653 Tony) 2654 2655- PCRE: 2656 . Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string 2657 match). (cmb) 2658 . Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). 2659 (Anatol Belski) 2660 . Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string 2661 match). (cmb) 2662 . Fixed bug #53823 (preg_replace: * qualifier on unicode replace garbles the 2663 string). (cmb) 2664 . Fixed bug #69864 (Segfault in preg_replace_callback). (cmb, ab) 2665 2666- PDO: 2667 . Fixed bug #70861 (Segmentation fault in pdo_parse_params() during Drupal 8 2668 test suite). (Anatol) 2669 . Fixed bug #70389 (PDO constructor changes unrelated variables). (Laruence) 2670 . Fixed bug #70272 (Segfault in pdo_mysql). (Laruence) 2671 . Fixed bug #70221 (persistent sqlite connection + custom function 2672 segfaults). (Laruence) 2673 . Removed support for the /e (PREG_REPLACE_EVAL) modifier. (Nikita) 2674 . Fixed bug #59450 (./configure fails with "Cannot find php_pdo_driver.h"). 2675 (maxime dot besson at smile dot fr) 2676 2677- PDO_DBlib: 2678 . Fixed bug #69757 (Segmentation fault on nextRowset). 2679 (miracle at rpz dot name) 2680 2681- PDO_mysql: 2682 . Fixed bug #68424 (Add new PDO mysql connection attr to control multi 2683 statements option). (peter dot wolanin at acquia dot com) 2684 2685- PDO_OCI: 2686 . Fixed bug #70308 (PDO::ATTR_PREFETCH is ignored). (Chris Jones) 2687 2688- PDO_pgsql: 2689 . Fixed bug #69752 (PDOStatement::execute() leaks memory with DML 2690 Statements when closeCuror() is u). (Philip Hofstetter) 2691 . Removed PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT attribute in favor of 2692 ATTR_EMULATE_PREPARES). (Nikita) 2693 2694- Phar: 2695 . Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()). (Stas) 2696 . FIxed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip 2697 entry filename is "/"). (Stas) 2698 . Improved fix for bug #69441. (Anatol Belski) 2699 . Fixed bug #70019 (Files extracted from archive may be placed outside of 2700 destination directory). (Anatol Belski) 2701 2702- Phpdbg: 2703 . Fixed bug #70614 (incorrect exit code in -rr mode with Exceptions). (Bob) 2704 . Fixed bug #70532 (phpdbg must respect set_exception_handler). (Bob) 2705 . Fixed bug #70531 (Run and quit mode (-qrr) should not fallback to 2706 interactive mode). (Bob) 2707 . Fixed bug #70533 (Help overview (-h) does not rpint anything under Windows). 2708 (Anatol) 2709 . Fixed bug #70449 (PHP won't compile on 10.4 and 10.5 because of missing 2710 constants). (Bob) 2711 . Fixed bug #70214 (FASYNC not defined, needs sys/file.h include). (Bob) 2712 . Fixed bug #70138 (Segfault when displaying memory leaks). (Bob) 2713 2714- Reflection: 2715 . Fixed bug #70650 (Wrong docblock assignment). (Marcio) 2716 . Fixed bug #70674 (ReflectionFunction::getClosure() leaks memory when used 2717 for internal functions). (Dmitry, Bob) 2718 . Fixed bug causing bogus traces for ReflectionGenerator::getTrace(). (Bob) 2719 . Fixed inheritance chain of Reflector interface. (Tjerk) 2720 . Added ReflectionGenerator class. (Bob) 2721 . Added reflection support for return types and type declarations. (Sara, 2722 Matteo) 2723 2724- Session: 2725 . Fixed bug #70876 (Segmentation fault when regenerating session id with 2726 strict mode). (Laruence) 2727 . Fixed bug #70529 (Session read causes "String is not zero-terminated" error). 2728 (Yasuo) 2729 . Fixed bug #70013 (Reference to $_SESSION is lost after a call to 2730 session_regenerate_id()). (Yasuo) 2731 . Fixed bug #69952 (Data integrity issues accessing superglobals by 2732 reference). (Bob) 2733 . Fixed bug #67694 (Regression in session_regenerate_id()). (Tjerk) 2734 . Fixed bug #68941 (mod_files.sh is a bash-script). (bugzilla at ii.nl, Yasuo) 2735 2736- SOAP: 2737 . Fixed bug #70940 (Segfault in soap / type_to_string). (Remi) 2738 . Fixed bug #70900 (SoapClient systematic out of memory error). (Dmitry) 2739 . Fixed bug #70875 (Segmentation fault if wsdl has no targetNamespace 2740 attribute). (Matteo) 2741 . Fixed bug #70715 (Segmentation fault inside soap client). (Laruence) 2742 . Fixed bug #70709 (SOAP Client generates Segfault). (Laruence) 2743 . Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). 2744 (Stas) 2745 . Fixed bug #70081 (SoapClient info leak / null pointer dereference via 2746 multiple type confusions). (Stas) 2747 . Fixed bug #70079 (Segmentation fault after more than 100 SoapClient 2748 calls). (Laruence) 2749 . Fixed bug #70032 (make_http_soap_request calls 2750 zend_hash_get_current_key_ex(,,,NULL). (Laruence) 2751 . Fixed bug #68361 (Segmentation fault on SoapClient::__getTypes). (Laruence) 2752 2753- SPL: 2754 . Fixed bug #70959 (ArrayObject unserialize does not restore protected 2755 fields). (Laruence) 2756 . Fixed bug #70853 (SplFixedArray throws exception when using ref variable 2757 as index). (Laruence) 2758 . Fixed bug #70868 (PCRE JIT and pattern reuse segfault). (Laruence) 2759 . Fixed bug #70730 (Incorrect ArrayObject serialization if unset is called 2760 in serialize()). (Laruence) 2761 . Fixed bug #70573 (Cloning SplPriorityQueue leads to memory leaks). (Dmitry) 2762 . Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb) 2763 . Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject 2764 items). (sean.heelan) 2765 . Fixed bug #70166 (Use After Free Vulnerability in unserialize() with 2766 SPLArrayObject). (taoguangchen at icloud dot com) 2767 . Fixed bug #70168 (Use After Free Vulnerability in unserialize() with 2768 SplObjectStorage). (taoguangchen at icloud dot com) 2769 . Fixed bug #70169 (Use After Free Vulnerability in unserialize() with 2770 SplDoublyLinkedList). (taoguangchen at icloud dot com) 2771 . Fixed bug #70053 (MutlitpleIterator array-keys incompatible change in 2772 PHP 7). (Tjerk) 2773 . Fixed bug #69970 (Use-after-free vulnerability in 2774 spl_recursive_it_move_forward_ex()). (Laruence) 2775 . Fixed bug #69845 (ArrayObject with ARRAY_AS_PROPS broken). (Dmitry) 2776 . Changed ArrayIterator implementation using zend_hash_iterator_... API. 2777 Allowed modification of iterated ArrayObject using the same behavior 2778 as proposed in `Fix "foreach" behavior`. Removed "Array was modified 2779 outside object and internal position is no longer valid" hack. (Dmitry) 2780 . Implemented FR #67886 (SplPriorityQueue/SplHeap doesn't expose extractFlags 2781 nor curruption state). (Julien) 2782 . Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME 2783 breaks the RecursiveIterator). (Paul Garvin) 2784 2785- SQLite3: 2786 . Fixed bug #70571 (Memory leak in sqlite3_do_callback). (Adam) 2787 . Fixed bug #69972 (Use-after-free vulnerability in 2788 sqlite3SafetyCheckSickOrOk()). (Laruence) 2789 . Fixed bug #69897 (segfault when manually constructing SQLite3Result). 2790 (Kalle) 2791 . Fixed bug #68260 (SQLite3Result::fetchArray declares wrong 2792 required_num_args). (Julien) 2793 2794- Standard: 2795 . Fixed count on symbol tables. (Laruence) 2796 . Fixed bug #70963 (Unserialize shows UNKNOWN in result). (Laruence) 2797 . Fixed bug #70910 (extract() breaks variable references). (Laruence) 2798 . Fixed bug #70808 (array_merge_recursive corrupts memory of unset items). 2799 (Laruence) 2800 . Fixed bug #70667 (strtr() causes invalid writes and a crashes). (Dmitry) 2801 . Fixed bug #70668 (array_keys() doesn't respect references when $strict is 2802 true). (Bob, Dmitry) 2803 . Implemented the RFC `Random Functions Throwing Exceptions in PHP 7`. 2804 (Sammy Kaye Powers, Anthony) 2805 . Fixed bug #70487 (pack('x') produces an error). (Nikita) 2806 . Fixed bug #70342 (changing configuration with ignore_user_abort(true) isn't 2807 working). (Laruence) 2808 . Fixed bug #70295 (Segmentation fault with setrawcookie). (Bob) 2809 . Fixed bug #67131 (setcookie() conditional for empty values not met). (cmb) 2810 . Fixed bug #70365 (Use-after-free vulnerability in unserialize() with 2811 SplObjectStorage). (taoguangchen at icloud dot com) 2812 . Fixed bug #70366 (Use-after-free vulnerability in unserialize() with 2813 SplDoublyLinkedList). (taoguangchen at icloud dot com) 2814 . Fixed bug #70250 (extract() turns array elements to references). 2815 (Laruence) 2816 . Fixed bug #70211 (php 7 ZEND_HASH_IF_FULL_DO_RESIZE use after free). 2817 (Laruence) 2818 . Fixed bug #70208 (Assert breaking access on objects). (Bob) 2819 . Fixed bug #70140 (str_ireplace/php_string_tolower - Arbitrary Code 2820 Execution). (CVE-2015-6527) (Laruence) 2821 . Implemented FR #70112 (Allow "dirname" to go up various times). (Remi) 2822 . Fixed bug #36365 (scandir duplicates file name at every 65535th file). (cmb) 2823 . Fixed bug #70096 (Repeated iptcembed() adds superfluous FF bytes). (cmb) 2824 . Fixed bug #70018 (exec does not strip all whitespace). (Laruence) 2825 . Fixed bug #69983 (get_browser fails with user agent of null). 2826 (Kalle, cmb, Laruence) 2827 . Fixed bug #69976 (Unable to parse "all" urls with colon char). (cmb) 2828 . Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb) 2829 . Fixed bug #62922 (Truncating entire string should result in string). 2830 (Nikita) 2831 . Fixed bug #69723 (Passing parameters by reference and array_column). 2832 (Laruence) 2833 . Fixed bug #69523 (Cookie name cannot be empty). (Christoph M. Becker) 2834 . Fixed bug #69325 (php_copy_file_ex does not pass the argument). 2835 (imbolk at gmail dot com) 2836 . Fixed bug #69299 (Regression in array_filter's $flag argument in PHP 7). 2837 (Laruence) 2838 . Removed call_user_method() and call_user_method_array() functions. (Kalle) 2839 . Fixed user session handlers (See rfc:session.user.return-value). (Sara) 2840 . Added intdiv() function. (Andrea) 2841 . Improved precision of log() function for base 2 and 10. (Marc Bennewitz) 2842 . Remove string category support in setlocale(). (Nikita) 2843 . Remove set_magic_quotes_runtime() and its alias magic_quotes_runtime(). 2844 (Nikita) 2845 . Fixed bug #65272 (flock() out parameter not set correctly in windows). 2846 (Daniel Lowrey) 2847 . Added preg_replace_callback_array function. (Wei Dai) 2848 . Deprecated salt option to password_hash. (Anthony) 2849 . Fixed bug #69686 (password_verify reports back error on PHP7 will null 2850 string). (Anthony) 2851 . Added Windows support for getrusage(). (Kalle) 2852 . Removed hardcoded limit on number of pipes in proc_open(). (Tony) 2853 2854- Streams: 2855 . Fixed bug #70361 (HTTP stream wrapper doesn't close keep-alive connections). 2856 (Niklas Keller) 2857 . Fixed bug #68532 (convert.base64-encode omits padding bytes). 2858 (blaesius at krumedia dot de) 2859 . Removed set_socket_blocking() in favor of its alias stream_set_blocking(). 2860 (Nikita) 2861 2862- Tokenizer: 2863 . Fixed bug #69430 (token_get_all has new irrecoverable errors). (Nikita) 2864 2865- XMLReader: 2866 . Fixed bug #70309 (XmlReader read generates extra output). (Anatol) 2867 2868- XMLRPC 2869 . Fixed bug #70526 (xmlrpc_set_type returns false on success). (Laruence) 2870 2871- XSL: 2872 . Fixed bug #70678 (PHP7 returns true when false is expected). (Felipe) 2873 . Fixed bug #70535 (XSLT: free(): invalid pointer). (Laruence) 2874 . Fixed bug #69782 (NULL pointer dereference). (Stas) 2875 . Fixed bug #64776 (The XSLT extension is not thread safe). (Mike) 2876 . Removed xsl.security_prefs ini option. (Nikita) 2877 2878- Zlib: 2879 . Added deflate_init(), deflate_add(), inflate_init(), inflate_add() 2880 functions allowing incremental/streaming compression/decompression. 2881 (Daniel Lowrey & Bob Weinand) 2882 2883- Zip: 2884 . Fixed bug #70322 (ZipArchive::close() doesn't indicate errors). 2885 (CVE-2014-9767) (cmb) 2886 . Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when 2887 creating directories). (neal at fb dot com) 2888 . Added ZipArchive::setCompressionName and ZipArchive::setCompressionIndex 2889 methods. (Remi, Cedric Delmas) 2890 . Update bundled libzip to 1.0.1. (Remi, Anatol) 2891 . Fixed bug #67161 (ZipArchive::getStream() returns NULL for certain file). 2892 (Christoph M. Becker) 2893