Our tool wrappers don't look into response files, so common mistakes
such as forgetting to declare dependencies have been overlooked by
our buildlink framework. With the change that will no longer happen.
# New Features
- Support for DTLSv1.2.
- Continued rewrite of the record layer for the legacy stack.
- Numerous bugs and interoperability issues were fixed in the new
verifier. A few bugs and incompatibilities remain, so this release
uses the old verifier by default.
- The OpenSSL 1.1 TLSv1.3 API is not yet available.
# Portable Improvements
- Added '--enable-libtls-only' build option, which builds and
installs a statically-linked libtls, skipping libcrypto and libssl.
This is useful for systems that ship with OpenSSL but wish to also
package libtls.
- Update getentropy on Windows to use Cryptography Next Generation
(CNG). wincrypt is deprecated and no longer works with newer Windows
environments, such as in Windows Store apps.
# API and Documentation Enhancements
- Add a number of RPKI OIDs from RFC 6482, 6484, 6493, 8182, 8360,
draft-ietf-sidrops-rpki-rta, and draft-ietf-opsawg-finding-geofeeds.
- Add support for
[SSL_get_shared_ciphers(3)](https://man.openbsd.org/SSL_get_shared_ciphers.3)
with TLSv1.3.
- Add DTLSv1.2 methods.
- Implement SSL_is_dtls(3) and use it internally in place of the
SSL_IS_DTLS macro.
- Provide
[EVP_PKEY_new_CMAC_KEY(3)](https://man.openbsd.org/EVP_PKEY_new_CMAC_KEY.3).
- Add missing prototype for
[d2i_DSAPrivateKey_fp(3)](https://man.openbsd.org/d2i_DSAPrivateKey_fp.3) to x509.h.
- Add DTLSv1.2 to [openssl(1)](https://man.openbsd.org/openssl.1)
s_server and s_client protocol message logging.
- Provide
[SSL_use_certificate_chain_file(3)](https://man.openbsd.org/SSL_use_certificate_chain_file.3).
- Provide
[SSL_set_hostflags(3)](https://man.openbsd.org/SSL_set_hostflags.3)
and
[SSL_get0_peername(3)](https://man.openbsd.org/SSL_get0_peername.3).
- Provide various DTLSv1.2 specific functions and defines.
- Document meaning of '*' in the genrsa output.
- Updated documentation for
SSL_get_shared_ciphers(3)](https://man.openbsd.org/SSL_get_shared_ciphers.3).
- Add documentation for
[SSL_get_finished(3)](https://man.openbsd.org/SSL_get_finished.3).
- Document
[EVP_PKEY_new_CMAC_key(3)](https://man.openbsd.org/EVP_PKEY_new_CMAC_key.3).
- Document
[SSL_use_certificate_chain_file(3)](https://man.openbsd.org/SSL_use_certificate_chain_file.3).
- Document
[SSL_set_hostflags(3)](https://man.openbsd.org/SSL_set_hostflags.3)
and
[SSL_get0_peername(3)](https://man.openbsd.org/SSL_get0_peername.3).
- Update [SSL_get_version(3)](https://man.openbsd.org/SSL_get_version.3)
manual for DTLSv.1.2 support.
- Make supported protocols and options for DHE params more prominent in
[tls_config_set_protocols(3)](https://man.openbsd.org/tls_config_set_protocols.3).
- Various documentation improvements around TLS methods.
# Compatibility Changes
- Make [openssl(1)](https://man.openbsd.org/openssl.3) s_server ignore
-4 and -6 for compatibility with OpenSSL.
- Set SO_REUSEADDR on the server socket in the
[openssl(1)](https://man.openbsd.org/openssl.1) ocsp command.
- Send a host header with OCSP queries to make
[openssl(1)](https://man.openbsd.org/openssl.1) ocsp work with some
widely used OCSP responders.
- Add ability to [ocspcheck(8)](https://man.openbsd.org/ocspcheck.8) to
parse a port in the specified OCSP URL.
- Implement auto chain for the TLSv1.3 server since some software
relies on this.
- Implement key exporter for TLSv1.3.
- Align
[SSL_get_shared_ciphers(3)](https://man.openbsd.org/SSL_get_shared_ciphers.3)
with OpenSSL. This takes into account that it never returned server
ciphers, so now it will fail when called from the client side.
- Sync cert.pem with Mozilla NSS root CAs except "GeoTrust Global CA".
- Make
[SSL{_CTX,}_get_{min,max}_proto_version(3)](https://man.openbsd.org/SSL_CTX_get_min_proto_version.3)
return a version of zero if the minimum or maximum has been set to
zero to match OpenSSL's behavior.
- Add DTLSv1.2 support to
[openssl(1)](https://man.openbsd.org/openssl.1) s_client/s_server.
# Testing and Proactive Security
- Malformed ASN.1 in a certificate revocation list or a timestamp
response token can lead to a NULL pointer dereference.
- Pull in fix for
[EVP_CipherUpdate(3)](https://man.openbsd.org/EVP_CipherUpdate.3)
overflow from OpenSSL.
- Use EXFLAG_INVALID to handle out of memory and parse errors in
x509v3_cache_extensions().
- Refactor and clean up
[ocspcheck(8)](https://man.openbsd.org/ocspcheck.8) and add
regression tests.
# Internal Improvements
- Further cleanup of the DTLS record handling.
- Continue the replacement of the TLSv1.2 record layer by reimplementing
the read side of the TLSv1.2 record handling.
- Replace DTLSv1_enc_data() with TLSv1_1_enc_data().
- Merge d1_{clnt,srvr}.c into ssl_{clnt,srvr}.c.
- Add const to ssl_ciphers and tls1[23]_sigalgs* to push them into
.data.rel.ro and .rodata, respectively.
- Add a const qualifier to srtp_known_profiles.
- Simplify TLS method by removing the client and server specific methods
internally.
- Avoid casting away const in ssl_ctx_make_profiles().
- Avoid explicitly conditioning an assert on DTLS1_VERSION to make the
assert work for newer DTLS versions.
- Merge SSL_ENC_METHOD into SSL_METHOD_INTERNAL.
- Add a flag to mark DTLS methods as DTLS to have an easy way to
recognize DTLS methods that avoids inspecting the version number.
- Mark a few more internal static tables const.
- Switch finish{,_peer}_md_len from an int to a size_t.
- Use EVP_MD_MAX_MD_SIZE instead of 2 * EVP_MD_MAX_MD_SIZE as size for
cert_verify_md[], finish_md[] and peer_finish_md[]. The factor 2 was a
historical artefact.
- Free struct members in tls13_record_layer_free() in their natural
order for reviewability.
- Use consistent names in tls13_{client,server}_finished_{recv,send}().
- Add tls13_secret_{init,cleanup}() and use them throughout the TLSv1.3
code base.
- Move the read MAC key into the TLSv1.2 record layer.
- Make tls12_record_layer_free() NULL safe.
- Split the record protection from the TLSv1.2 record layer.
- Clean up sequence number handling in the new TLSv1.2 record layer.
- Clean up sequence number handling in DTLS.
- Clean up dtls1_reset_seq_numbers().
- Factor out code for explicit IV length, block size and MAC length from
tls12_record_layer_open_record_protected_cipher().
- Provide record layer overhead for DTLS.
- Provide functions to determine if TLSv1.2 record protection is
engaged.
- Add code to handle change of cipher state in the new TLSv1.2
record layer.
- Mop up now unused dtls1_build_sequence_numbers() function.
- Allow setting a keypair on a tls context without specifying the
private key, and fake it internally in libtls. This removes the need
for privsep engines like relayd to use bogus keys.
- Skip the private key check for fake private keys.
- Move the private key setup from tls_configure_ssl_keypair() to a
helper function with proper error checking.
- Change the internal tls_configure_ssl_keypair() function to return -1
instead of 1 on failure.
- Move sequence numbers into the new TLSv1.2 record layer.
- Move AEAD handling into the new TLSv1.2 record layer.
- Factor out legacy stack version checks.
- Correct handshake MAC/PRF for various TLSv1.2 cipher suites which were
originally added with the default handshake MAC and PRF rather than
the SHA256 handshake MAC and PRF.
- Absorb ssl3_get_algorithm2() into ssl_get_handshake_evp_md().
- Use dtls1_record_retrieve_buffered_record() to load buffered
application data.
- Enforce read ahead with DTLS.
- Remove bogus DTLS checks that disabled ECC and OCSP.
- Clean up and simplify dtls1_get_cipher().
- Group HelloVerifyRequest decoding and add missing check for
trailing data.
- Revise HelloVerifyRequest handling for DTLSv1.2.
- Handle DTLS1_2_VERSION in various places.
- Rename the "truncated" label into "decode_err" and the "f_err" label
into "fatal_err".
- Factor out and change some of the legacy client version code.
- Simplify version checks in the TLSv1.3 client. Ensure that the server
announced TLSv1.3 and nothing higher and check that the legacy_version
is set to TLSv1.2 as required by RFC 8446.
- Only use TLS versions internally rather than both TLS and DTLS
versions since the latter are the one's complement of the human
readable version numbers, which means that newer versions
decrease in value.
- Identify DTLS based on the version major value.
- Move handling of cipher/hash based cipher suites into the new
record layer.
- Add tls12_record_protection_unused() and call it from CCS functions.
- Move key/IV length checks closer to usage sites. Also add explicit
checks against
[EVP_CIPHER_{iv,key}_length()](https://man.openbsd.org/EVP_CIPHER_iv_length.3).
- Replace two handrolled tls12_record_protection_engaged().
- Improve internal version handling: add handshake fields for our
minimum version, our maximum version and the TLS version negotiated
during the handshake. Convert most of the internal code to use these
version fields.
- Guard against future internal use of
TLS1_get_{client,}_version() macros.
- Remove the internal ssl_downgrade_max_version() function which is no
longer needed.
- Add support for DTLSv1.2 version handling.
- Remove no longer needed read ahead workarounds in the s_client
and s_server.
- Split TLSv1.3 record protection from record layer.
- Move the TLSv1.3 handshake struct inside the shared handshake struct.
- Fully initialize rrec in tls12_record_layer_open_record_protected() to
avoid confusing some static analyzers.
- Use tls_set_errorx() on OCSP_basic_verify() failure since the latter
does not set errno.
- Convert openssl(1) x509 to new option handling and do the usual clean
up that goes along with it.
- Add SSL_HANDSHAKE_TLS12 for TLSv1.2 specific handshake data.
- Rename new_cipher to cipher to align naming with keyblock or other
parts of the handshake data.
- Move the TLSv1.2 record number increment into the new record layer.
- Move finished and peer finished into the handshake struct.
- Remove pointless assignment in SSL_get0_alpn_selected().
- Add some error checking to openssl(1) x509.
# Bug Fixes
- Move point-on-curve check to set_affine_coordinates to avoid verifying
ECDSA signatures with unchecked public keys.
- Fix [SSL_is_server(3)](https://man.openbsd.org/SSL_is_server.3) to
behave as documented by re-introducing the client-specific methods.
- Avoid undefined behavior due to memcpy(NULL, NULL, 0).
- Make SSL_get{,_peer}_finished() work when used with TLSv1.3.
- Correct the return value type from ERR_peek_error() to a long.
- Avoid use of uninitialized in ASN1_time_parse() which could happen on
parsing UTCTime if the caller did not initialize the passed struct tm.
- Destroy the mutex in a tls_config object on tls_config_free().
- Free alert_data and phh_data in tls13_record_layer_free(). These could
leak if [SSL_shutdown(3)](https://man.openbsd.org/SSL_shutdown.3) or
[tls_close(3)](https://man.openbsd.org/tls_close.3) were called after
closing the underlying socket().
- Gracefully handle root certificates being both trusted and untrusted.
- Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in the new verifier.
- Use the legacy verifier when building auto chains for TLS.
- Search the intermediates only after searching the root certs in the
new verifier to avoid problems with the legacy callback.
- Bail out early after finding a single chain in the new verifier, if we
have been called via the legacy verifier API.
- Set (invalid and likely incomplete) chain on the xsc on chain build
failure prior to calling the callback. This is required by various
callers, including auto chain.
- Remove direct assignment of aead_ctx to avoid a leak.
- Fail early in legacy exporter if the master secret is not available to
avoid a segfault if it is called when the handshake is not completed.
- Only print the certificate file once on verification failure.
- Fix an off-by-one in x509_verify_set_xsc_chain() to make sure that the
new validator checks for EXFLAG_CRITICAL in
x509_vfy_check_chain_extension() for all untrusted certs in the chain.
Take into account that the root is not necessarily trusted.
- Avoid passing last and depth to x509_verify_cert_error() on ENOMEM.
- Fix two bugs in the legacy verifier that resulted from refactoring
of [X509_verify_cert(3)](https://man.openbsd.org/X509_verify_cert.3)
for the new verifier: a return value was incorrectly treated as
boolean, making it insufficient to decide whether validation should
carry on or not.
- Fix checks for memory caps of constraints names. There are internal
caps on the number of name constraints and other names, that the new
name constraints code allocates per cert chain. These limits were
checked too late, making them only partially effective.
- Fix a copy-paste error - skid was confused with an akid when checking
for EXFLAG_INVALID. This broke OCSP validation with certain mirrors.
- Avoid a use-after-scope in tls13_cert_add().
- Avoid mangled output in BIO_debug_callback().
- Fix client initiated renegotiation by replacing use of
s->internal-type with s->server.
- Avoid transcript initialization when sending a TLS HelloRequest,
fixing server initiated renegotiation.
- Avoid leaking param->name in x509_verify_param_zero().
- Avoid a leak in an error path in openssl(1) x509.
- When sending an alert in TLSv1.3, only set its error code when no
other error was set previously. Certain clients rely on specific
SSL_R_ error codes to identify that they are dealing with a self
signed cert.
- When switching from the TLSv1.3 stack to the legacy stack include a
TLS record header. This is necessary if there is more than one
handshake message in the TLS plaintext record.
- Fix resource handling on error in OCSP_request_add0_id().
- Make sure there is enough room for stashing the handshake message when
switching to the legacy TLS stack.
- Fix a memory leak in the openssl(1) s_client.
- Unbreak DTLS retransmissions for flights that include a CCS.
- If x509_verify() fails, ensure that the error is set on both the
x509_verify_ctx() and its store context to make some failures visible
from SSL_get_verify_result().
- Use the X509_STORE_CTX get_issuer() callback from the new X.509
verifier to fix hashed certificate directories.
- Only check
[BIO_should_read(3)](https://man.openbsd.org/BIO_should_read.3) on
read and
[BIO_should_write(3)](https://man.openbsd.org/BIO_should_write.3) on
write. Previously,
[BIO_should_write(3)](https://man.openbsd.org/BIO_should_write.3) was
also checked after read and
[BIO_should_read(3)](https://man.openbsd.org/BIO_should_read.3) after
write which could cause stalls in software that uses the same BIO for
read and write.
- In [openssl(1)](https://man.openbsd.org/openssl.1) verify, also check
for error on the store context since the return value of
[X509_verify_cert(3)](https://man.openbsd.org/X509_verify_cert.3) is
unreliable in presence of a callback that returns 1 too often.
- Handle additional certificate error cases in the new X.509 verifier.
Keep track of the errors encountered if a verify callback tells the
verifier to continue and report them back via the error on the store
context. This mimics the behavior of the old verifier that would
persist the first error encountered while building the chain.
- Report specific failures for "self signed certificates" in a way
compatible with the old verifier since software relies on the
error code.
- Plug a large memory leak in the new verifier caused by calling
X509_policy_check(3) repeatedly.
- Avoid leaking memory in x509_verify_chain_dup().
- This is oksh-6.9, matching ksh(1) from OpenBSD 6.9 with portability
additions.
From the OpenBSD 6.9 changelog:
- Fixed ksh(1) redrawing of a multiline PS1 prompt in vi mode and added
support for ^R (redraw) in insert mode.
Upstream changes:
0.080 2021-04-16 T. R. Wyant
All uses of the postderef argument to new() now warn.
0.079 2021-03-26 T. R. Wyant
Get prerequisites up to snuff, and add xt/author/prereq.t to ensure
they stay that way.
Add rt.cpan.org back to bug reporting methods. Long live RT!
0.078 2021-01-28 T. R. Wyant
Allow CPAN to index Script_Run, Atomic_Script_Run, since they made
it into a production release.
Allow {,3} and { 0 , 3 } as quantifiers, requiring at least Perl
5.33.6. Previously these parsed as literals. This parse will be
retracted if it does not make it into 5.34.0.
0.077 2021-01-14 T. R. Wyant
Add Travis CI testing.
Use GitHub as bug tracker. R.I.P. rt.cpan.org.
0.076 2020-11-28 T. R. Wyant
Correct (I hope) detection of \K in nested assertions.
Variable-length look-behind is version 5.029009.
Look-behinds quantified longer than 255 characters are an error, and
are made into unknown tokens or structures. I ended up refactoring
the PPIx::Regexp::Token::GroupType class initialization for the
latter two changes.
0.075 2020-10-08 T. R. Wyant
Warn on first use of attribute 'postderef'.
Upstream changes:
0.109 2021-03-16 19:55:45-04:00 America/New_York
- eliminate warnings-count failure by requiring an ExtUtils::MakeMaker
from late 2013 or later; without this, very old EUMM could pass -w
to the tests, enabling more warnings than we wanted (thanks, Matthew
Horsfall and Graham Knop!)
0.108 2021-03-16 09:54:51-04:00 America/New_York
- provide diagnostics in tests when more warnings arrive than are
expected
0.107 2021-03-14 16:15:57-04:00 America/New_York
- Term::ReadKey has been dropped; caused too many problems
- minimum version is now v5.10.1, not v5.10.0
0.106 2021-03-12 21:29:54-05:00 America/New_York
- improved formatting of switches
- when available, use Term::ReadKey to get terminal width
- when an option name is defined twice, warn about it
THIS WILL BECOME FATAL IN A FUTURE VERSION
Upstream changes:
1.08 Fri Oct 09 17:45:09
- Added Data::Munge to SEE ALSO section.
- Added documentation for find_home.
- Skipping find_home test when Nigel's overly-restrictive environment detected.
This also requires gcc 4.8 at minimum, 4.9 for the full set of SIMD.
The configure script is patched to avoid the build adding -march=core-avx2,
which could conflict with user's CFLAGS.
Upstream changes:
0.12 2021-03-20 NEILB
- Fix for RT#128243, where touching a file in close succession wouldn't
register the second one for make & other purposes, on systems that
have finer granularity than seconds. Thanks to Slaven Rezic for
the suggested fix.
- Improved opening paragraphs of the DESCRIPTION, including a suggestion
to always require 0.12 or higher.
0.11_03 2021-03-18 NEILB
- Time::HiRes doesn't provide utime() on Windows, so now we try and
load Time::HiRes in a BEGIN block, and only enforce the min version
if it loaded ok.
0.11_02 2021-03-18 NEILB
- Looks like I should have specified a min version of
Time::HiRes. Was getting some fails from CPAN Testers,
about utime() not being available.
0.11_01 2021-03-17 NEILB
- Try Slaven's suggested fix for RT#128243
Upstream changes:
version 2.08 at 2021-01-11 20:08:00 +0000
-----------------------------------------
Change: 2e710bc17736e5d2c43875c2076db7c1a6e4fe47
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2021-01-11 20:08:00 +0000
This is 2.08
Change: 1eaa7976957abbc533869176a390638e93850d12
Author: Graham Knop <haarg@haarg.org>
Date : 2021-01-11 08:47:00 +0000
fix darwin DynaLoader patch for older perls
The patch that was taken from blead uses a <<$^OS-eq-darwin>>
preprocessing token, which is handled by the DynaLoader_pm.PL script.
Older versions of DynaLoader_pm.PL don't include this preprocessing,
but the patch still applies.
In our case, the preprocessing is a check for darwin. But the patch
is already only applied on darwin, so it is redundant. We can just
remove the preprocessing token, and it should work across all
versions.
Upstream changes:
Changes in Devel::NYTProf 6.08 - DATE TO COME
B<There should be no observable differences in the performance of Devel-NYTProf
from that of the previous release.> This release is maintenance-focused and
changes mainly concern improvements in test coverage, elimination of
build-time warnings and correction of small errors detected by end-users.
=head3 Substantive
Corrected 1 error in F<Makefile.PL>
(L<https://github.com/timbunce/devel-nytprof/pull/158>; thanks to Kent Fredric).
Corrected other errors in F<NYTProf.xs> and F<ppport.h> at suggestion of Reini Urban
in earlier pull request.
Two subroutines in F<Devel::NYTProf::Data> -- C<packages_at_depth_subinfo()>
and C<package_fids()> -- which were not used anywhere in the codebase or test
suite were removed and placed in F<devstuff/superseded.pm>. One function --
C<get_str_id()> defined in F<NYTProf.xs> but never used in the codebase was
similarly removed and placed in F<devstuff/superseded.xs>. Anyone who was
using these functions may file a pull request to have them restored to the
codebase.
In C<Devel::NYTProf::Data::strip_prefix_from_paths()>, a branch concerned with
the possibility that an argument was a hash was not exercised anywhere in the
codebase or the test suite and was simply commented out. Anyone who was using
this functionality may file a pull request to have it restored to the
codebase.
Eliminated all build-time warnings being generated during F<make> on testing
platforms Linux, FreeBSD, OpenBSD, Windows.
=head3 Test Suite
Improved coverage provided by test suite to each of the following files:
lib/Devel/NYTProf/Data.pm
lib/Devel/NYTProf/FileInfo.pm
lib/Devel/NYTProf/Reader.pm
lib/Devel/NYTProf/SubInfo.pm
lib/Devel/NYTProf/Util.pm
This was accomplished mainly by adding 4 new test files:
t/11-reader.t
t/12-data.t
t/13-fileinfo.t
t/14-subinfo.t
... and their corresponding data files. In addition, there were substantial
additions to F<t/30-util.t>.
Coverage was evaluated with C<trace_level> unset and C<trace_level> 5.
=head3 Housekeeping
Updated Travis and AppVeyor configuration files.
Updated F<MANIFEST> and F<MANIFEST.SKIP> so that F<make manifest> works as intended.
Moved the following 6 test files from F<t/> to F<xt/>:
t/68-hashline.t
t/71-moose.t
t/72-autodie.t
t/90-pod.t
t/91-pod_coverage.t
t/92-file_port.t
Reason: They either (a) had been previously described as insufficiently
developed and were being skipped; or (b) are of concern only to NYTProf
developers. Hence, a failure in any of them should not preclude installation
and use of Devel::NYTProf.
Added a F<make test_short> target to F<Makefile.PL> and environmental variable
C<NYTPROF_TEST_SHORT>. These will enable NYTProf developers to cut testing
time without significant loss in accuracy
(L<https://github.com/timbunce/devel-nytprof/pull/155>).
Corrected one date error in 6.07 release
(L<https://github.com/timbunce/devel-nytprof/issues/152>; thanks to @shawnlaffan).
Applied several commits either cherry-picked from, or initiated by Reini Urban
in an older pull request.
=head2 Changes in Devel::NYTProf 6.07 - 6th April 2021
Focus is to enable test suite to pass with perl-5.33.3 and higher. (Changes
in blead required changes in expectations set in test data files.)
Correction to MANIFEST
thanks to mattlaw. #142
POD improvements
thanks to tomhukins. #129
Makefile.PL modernizations
thanks to karenetheridge. #126
.gitignore corrections
thanks to jkeenan. #146
Adapt tests to work with 5.33 and higher
thanks to jkeenan. #147
v1.078 - fix backtick/grave issue
See Issue #456 for further details.
v1.077 - Upgrade 'mark' and 'mkmk' features for mark attachments
v1.075 - Add localization features, make combining marks case-sensitive
v1.074 - Fix inconsistent default line heights on macOS
v1.073 - weight-specific underlines, fixed ß
29 Apr 2021, PHP 8.0.5
- Core:
. Fixed bug #75776 (Flushing streams with compression filter is broken). (cmb)
. Fixed bug #80811 (Function exec without $output but with $restult_code
parameter crashes). (Nikita)
. Fixed bug #80814 (threaded mod_php won't load on FreeBSD: No space
available for static Thread Local Storage). (Dmitry)
. Changed PowerPC CPU registers used by Zend VM to work around GCC bug.
Old registers (r28/r29) might be clobbered by _restgpr routine used for
return from C function compiled with -Os. (Dmitry)
- Dba:
. Fixed bug #80817 (dba_popen() may cause segfault during RSHUTDOWN). (cmb)
- DOM:
. Fixed bug #66783 (UAF when appending DOMDocument to element). (cmb)
- FFI:
. Fixed bug #80847 (CData structs with fields of type struct can't be passed
as C function argument). (Nickolas Daniel da Silva, Dmitry)
- FPM:
. Fixed bug #80024 (Duplication of info about inherited socket after pool
removing). (Jakub Zelenka)
- FTP:
. Fixed bug #80880 (SSL_read on shutdown, ftp/proc_open). (cmb, Jakub
Zelenka)
- IMAP:
. Fixed bug #80800 (imap_open() fails when the flags parameter includes
CL_EXPUNGE). (girgias)
. Fixed bug #80710 (imap_mail_compose() header injection). (cmb, Stas)
- Intl:
. Fixed bug #80763 (msgfmt_format() does not accept DateTime references).
(cmb)
- LibXML:
. Fixed bug #73533 (Invalid memory access in php_libxml_xmlCheckUTF8). (cmb)
. Fixed bug #51903 (simplexml_load_file() doesn't use HTTP headers). (cmb)
- MySQLnd:
. Fixed bug #80837 (Calling stmt_store_result after fetch doesn't throw an
error). (Kamil Tekiela)
- Opcache:
. Fixed bug #80839 (PHP problem with JIT). (Dmitry)
. Fixed bug #80861 (erronous array key overflow in 2D array with JIT).
(Dmitry)
. Fixed bug #80786 (PHP crash using JIT). (Nikita)
. Fixed bug #80782 (DASM_S_RANGE_VREG on PHP_INT_MIN-1). (Dmitry)
- Pcntl:
. Fixed bug #79812 (Potential integer overflow in pcntl_exec()). (cmb)
- PCRE:
. Fixed bug #80866 (preg_split ignores limit flag when pattern with \K has
0-width fullstring match). (Kamil Tekiela)
- PDO_ODBC:
. Fixed bug #80783 (PDO ODBC truncates BLOB records at every 256th byte).
(cmb)
- PDO_pgsql:
. Fixed bug #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR).
(Matteo)
- Session:
. Fixed bug #80889 (Cannot set save handler when save_handler is invalid).
(cmb)
. Fixed bug #80774 (session_name() problem with backslash). (cmb)
- SOAP:
. Fixed bug #69668 (SOAP special XML characters in namespace URIs not
encoded). (cmb)
- Standard:
. Fixed bug #80915 (Taking a reference to $_SERVER hides its values from
phpinfo()). (Rowan Tommins)
. Fixed bug #80914 ('getdir' accidentally defined as an alias of 'dir').
(Rowan Tommins)
. Fixed bug #80771 (phpinfo(INFO_CREDITS) displays nothing in CLI). (cmb)
. Fixed bug #78719 (http wrapper silently ignores long Location headers).
(cmb)
. Fixed bug #80838 (HTTP wrapper waits for HTTP 1 response after HTTP 101).
(manuelm)
- Zip:
. Fixed bug #80825 (ZipArchive::isCompressionMethodSupported does not exist).
(cmb)
Woof! 5.0.0
-----------
- Support for the "UMAPINFO" lump has been added, compliant to Rev 1.6 of
the spec (@rfomin).
- The concept of compatibility levels has been added, currently offering
"Vanilla", "Boom" and "MBF" (default). The default compatibility level
may be changed through the menu and overridden with the -complevel
parameter, allowing for both numeric and named arguments as in PrBoom+
(@rfomin).
- The comp_3keydoor compatibility flag has been removed for better
compatibility with PrBoom+. Fixing this bug is now handled through
compatibility levels.
- Mouse button bindings for backward motion and turning right/left have
been added.
- Support for recording and playing back Vanilla demos without reduced
turning resolution has been added through the -longtics parameter
(@rfomin).
- Support for "autoload" directories has been added, both for common
("doom-all") and per IWAD files. WAD files in these directories are
loaded before those passed to the -file parameter, DEHACKED files in
these directories are processed after those passed to the -deh parameter
and before those embedded into WAD files.
- The limit for the values set by the mouse sensitivity thermometers in the
menu has been removed.
- The instruction message for multiple choice menu items has been fixed
(@rfomin).
- Some portability issues caused by different platforms using either
/ or \ as directory separators have been fixed (@rfomin).
- The order of the demo sequence has been changed to show the CREDIT
graphic screen after the first demo and the port's own credit screen
after the second.
- The widescreen offset for the color picker cursor in the menu has been
fixed (@rfomin).
- Comments and helps strings are now saved in the correct order in the
config file (@rfomin).
- Widescreen graphics for Doom 1 endings have been fixed (@rfomin).
- Boom friction is now properly saved in savegames (@rfomin).
