sync NEWSphp-7.0.0RC2

1 files changed, 82 insertions, 2 deletions

diff --git a/NEWS b/NEWS
index ec693b29af..1a1204f8a4 100644
--- a/NEWS
+++ b/NEWS
@@ -1,8 +1,88 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+03 Sep 2015, PHP 7.0.0 RC 2
+
+- Core:
+  . Fixed bug #70398 (SIGSEGV, Segmentation fault zend_ast_destroy_ex).
+    (Dmitry, Bob, Laruence)
+  . Fixed bug #70332 (Wrong behavior while returning reference on object).
+    (Laruence, Dmitry)
+  . Fixed bug #70300 (Syntactical inconsistency with new group use syntax).
+    (marcio dot web2 at gmail dot com)
+  . Fixed bug #70321 (Magic getter breaks reference to array property).
+    (Laruence)
+  . Fixed bug #70187 (Notice: unserialize(): Unexpected end of serialized data)
+    (Dmitry)
+  . Fixed bug #70145 (From field incorrectly parsed from headers). (Anatol)
+  . Fixed bug #70370 (Bundled libtool.m4 doesn't handle FreeBSD 10 when
+    building extensions). (Adam)
+  . Fixed bug causing exception traces with anon classes to be truncated. (Bob)
+  . Fixed bug #70397 (Segmentation fault when using Closure::call and yield).
+    (Bob)
+
+- Curl:
+  . Fixed bug #70330 (Segmentation Fault with multiple "curl_copy_handle").
+    (Laruence)
+
+- EXIF:
+  . Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte
+    value of 32 bytes). (Stas)
+
+- hash:
+  . Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee
+    at naver dot com)
+
+- Mysqli:
+  . Fixed bug #32490 (constructor of mysqli has wrong name). (cmb)
+
+- Pcntl:
+  . Fixed bug #70386 (Can't compile on NetBSD because of missing WCONTINUED
+    and WIFCONTINUED). (Matteo)
+
+- PCRE:
+  . Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string
+    match). (cmb)
+  . Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
+    (Anatol Belski)
+
+- PDO:
+  - Fixed bug #70389 (PDO constructor changes unrelated variables). (Laruence)
+
+- PDO_OCI:
+  . Fixed bug #70308 (PDO::ATTR_PREFETCH is ignored). (Chris Jones)
+
+- SOAP:
+  . Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
+    (Stas)
+
+- SPL:
+  . Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb)
+
+- Standard:
+  . Fixed bug #70342 (changing configuration with ignore_user_abort(true) isn't
+    working). (Laruence)
+  . Fixed bug #70295 (Segmentation fault with setrawcookie). (Bob)
+  . Fixed bug #67131 (setcookie() conditional for empty values not met). (cmb)
+  . Fixed bug #70365 (Use-after-free vulnerability in unserialize() with
+    SplObjectStorage). (taoguangchen at icloud dot com)
+  . Fixed bug #70366 (Use-after-free vulnerability in unserialize() with
+    SplDoublyLinkedList). (taoguangchen at icloud dot com)
+
+- Reflection:
+  . Fixed bug causing bogus traces for ReflectionGenerator::getTrace(). (Bob)
+
+- XSLT:
+  . Fixed bug #69782 (NULL pointer dereference). (Stas)
+
+- ZIP:
+  . Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when
+    creating directories). (neal at fb dot com)
+
 20 Aug 2015, PHP 7.0.0 RC 1
 
 - Core:
+  . Fixed bug #70299 (Memleak while assigning object offsetGet result).
+    (Laruence)
   . Fixed bug #70288 (Apache crash related to ZEND_SEND_REF). (Laruence)
   . Fixed bug #70262 (Accessing array crashes PHP 7.0beta3).
     (Laruence, Dmitry)
@@ -128,7 +208,7 @@ PHP                                                                        NEWS
 
 - Standard:
   . Fixed bug #70140 (str_ireplace/php_string_tolower - Arbitrary Code
-    Execution). (Laruence)
+    Execution). (CVE-2015-6527) (Laruence)
   . Implemented FR #70112 (Allow "dirname" to go up various times). (Remi)
   . Fixed bug #36365 (scandir duplicates file name at every 65535th file). (cmb)
 
@@ -491,7 +571,7 @@ PHP                                                                        NEWS
 - pcntl:
   . Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler
     when setting SIG_DFL). (Julien)
-  . Added wifcontinued and wcontinued. (xilon-jul)
+  . Request #68505 (Added wifcontinued and wcontinued). (xilon-jul)
   . Added rusage support to pcntl_wait() and pcntl_waitpid(). (Anton Stepanenko,
     Tony)