From: Dmitry Stogov Date: Tue, 3 Mar 2015 07:56:11 +0000 (+0300) Subject: Merge branch 'PHP-5.6' X-Git-Tag: PRE_PHP7_EREG_MYSQL_REMOVALS~33 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=143cc672827cd37d5bfa8e8626e9e0393e5dc061;p=php Merge branch 'PHP-5.6' * PHP-5.6: Added type checks Update NEWS Conflicts: NEWS ext/soap/php_encoding.c ext/soap/soap.c --- 143cc672827cd37d5bfa8e8626e9e0393e5dc061 diff --cc NEWS index 3938c6b12f,8c9cf74b12..4f0518f303 --- a/NEWS +++ b/NEWS @@@ -1,105 -1,215 +1,247 @@@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -?? Feb 2015, PHP 5.6.7 +?? ??? 20??, PHP 7.0.0 ++<<<<<<< HEAD +- CLI server: + . Refactor MIME type handling to use a hash table instead of linear search. + (Adam) + . Update the MIME type list from the one shipped by Apache HTTPD. (Adam) ++======= + - Core: + . Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize). + (Laruence) + . Fixed bug #69121 (Segfault in get_current_user when script owner is not + in passwd with ZTS build). (dan at syneto dot net) + . Fixed bug #65593 (Segfault when calling ob_start from output buffering + callback). (Mike) + . Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file + not validated in memory.c). (nayana at ddproperty dot com) + . Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus) + . Fixed bug #69141 (Missing arguments in reflection info for some builtin + functions). (kostyantyn dot lysyy at oracle dot com) + + - cURL: + . Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on + Win32). (Grant Pannell) + . Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported + by libcurl. (Linus Unneback) + + - ODBC: + . Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol) + + - Opcache: + . Fixed bug #69125 (Array numeric string as key). (Laruence) + . Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence) + + - OpenSSL: + . Fixed bug #68912 (Segmentation fault at openssl_spki_new). (Laruence) + . Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe + socket timeouts). (Brad Broerman) + + - pgsql: + . Fixed bug #68638 (pg_update() fails to store infinite values). + (william dot welter at 4linux dot com dot br, Laruence) + + - Readline: + . Fixed bug #69054 (Null dereference in readline_(read|write)_history() without + parameters). (Laruence) + + - SOAP: + . Fixed bug #69085 (SoapClient's __call() type confusion through + unserialize()). (andrea dot palazzo at truel dot it, Laruence) + + - SPL: + . Fixed bug #69108 ("Segmentation fault" when (de)serializing + SplObjectStorage). (Laruence) + . Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after + calling getChildren()). (Julien) + + - CGI: + . Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence) + + - CLI: + . Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia) + + - FPM: + . Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com) + + 19 Feb 2015, PHP 5.6.6 + + - Core: + . Removed support for multi-line headers, as the are deprecated by RFC 7230. + (Stas) + . Fixed bug #67068 (getClosure returns somethings that's not a closure). + (Danack at basereality dot com) + . Fixed bug #68942 (Use after free vulnerability in unserialize() with + DateTimeZone). (CVE-2015-0273) (Stas) + . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname + buffer overflow). (Stas) + . Fixed Bug #67988 (htmlspecialchars() does not respect default_charset + specified by ini_set) (Yasuo) + . Added NULL byte protection to exec, system and passthru. (Yasuo) + + - Dba: + . Fixed bug #68711 (useless comparisons). (bugreports at internot dot info) + + - Enchant: + . Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()). + (Antony) + + - Fileinfo: + . Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers) + . Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files + correctly). (Anatol) + . Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with some + gifs). (Anatol) + + - FPM: + . Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle) + . Fixed bug #68571 (core dump when webserver close the socket). + (redfoxli069 at gmail dot com, Laruence) + + - JSON: + . Fixed bug #50224 (json_encode() does not always encode a float as a float) + by adding JSON_PRESERVE_ZERO_FRACTION. (Juan Basso) + + - LIBXML: + . Fixed bug #64938 (libxml_disable_entity_loader setting is shared + between threads). (Martin Jansen) + + - Mysqli: + . Fixed bug #68114 (linker error on some OS X machines with fixed + width decimal support) (Keyur Govande) + . Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient + has rounding errors) (Keyur Govande) + + - Opcache: + . Fixed bug with try blocks being removed when extended_info opcode + generation is turned on. (Laruence) + + - PDO_mysql: + . Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of + named pipes). (steffenb198 at aol dot com) + + - Phar: + . Fixed bug #68901 (use after free). (bugreports at internot dot info) + + - Pgsql: + . Fixed Bug #65199 (pg_copy_from() modifies input array variable) (Yasuo) + + - Session: + . Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo) + . Fixed Bug #66623 (no EINTR check on flock) (Yasuo) + . Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo) + + - Sqlite3: + . Fixed bug #68260 (SQLite3Result::fetchArray declares wrong + required_num_args). (Julien) + + - Standard: + . Fixed bug #65272 (flock() out parameter not set correctly in windows). + (Daniel Lowrey) + . Fixed bug #69033 (Request may get env. variables from previous requests + if PHP works as FastCGI). (Anatol) + + - Streams: + . Fixed bug which caused call after final close on streams filter. (Bob) + + 22 Jan 2015, PHP 5.6.5 ++>>>>>>> PHP-5.6 - Core: - . Upgraded crypt_blowfish to version 1.3. (Leigh) - . Fixed bug #60704 (unlink() bug with some files path). + . Fixed bug #68933 (Invalid read of size 8 in zend_std_read_property). + (Laruence, arjen at react dot com) + . Fixed bug #68868 (Segfault in clean_non_persistent_constants() in SugarCRM + 6.5.20). (Laruence) + . Fixed bug #68104 (Segfault while pre-evaluating a disabled function). + (Laruence) + . Fixed bug #68252 (segfault in Zend/zend_hash.c in function + _zend_hash_del_el). (Laruence) + . Added PHP_INT_MIN constant. (Andrea) + . Added Closure::call() method. (Andrea) + . Implemented FR #38409 (parse_ini_file() looses the type of booleans). (Tjerk) + . Fixed bug #67959 (Segfault when calling phpversion('spl')). (Florian) + . Implemented the RFC `Catchable "Call to a member function bar() on a + non-object"`. (Timm) + . Added options parameter for unserialize allowing to specify acceptable + classes (https://wiki.php.net/rfc/secure_unserialize). (Stas) + . Fixed bug #68185 ("Inconsistent insteadof definition."- incorrectly triggered). (Julien) . Fixed bug #65419 (Inside trait, self::class != __CLASS__). (Julien) - . Fixed bug #68536 (pack for 64bits integer is broken on bigendian). (Remi) - . Fixed bug #55541 (errors spawn MessageBox, which blocks test automation). - (Anatol) - . Fixed bug #68297 (Application Popup provides too few information). (Anatol) - . Fixed bug #65769 (localeconv() broken in TS builds). (Anatol) - . Fixed bug #65230 (setting locale randomly broken). (Anatol) - . Fixed bug #66764 (configure doesn't define EXPANDED_DATADIR / PHP_DATADIR - correctly). (Ferenc) - . Fixed bug #68583 (Crash in timeout thread). (Anatol) . Fixed bug #65576 (Constructor from trait conflicts with inherited constructor). (dunglas at gmail dot com) - . Fixed bug #68676 (Explicit Double Free). (CVE-2014-9425) (Kalle) - . Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()). - (CVE-2015-0231) (Stefan Esser) + . Removed ZEND_ACC_FINAL_CLASS, promoting ZEND_ACC_FINAL as final class + modifier. (Guilherme Blanco) + . is_long() & is_integer() is now an alias of is_int(). (Kalle) + . Implemented FR #55467 (phpinfo: PHP Variables with $ and single quotes). (Kalle) + . Fixed bug #55415 (php_info produces invalid anchor names). (Kalle, Johannes) + . Added ?? operator. (Andrea) + . Added <=> operator. (Andrea) + . Added \u{xxxxx} Unicode Codepoint Escape Syntax. (Andrea) + . Fixed oversight where define() did not support arrays yet const syntax did. (Andrea, Dmitry) + . Use "integer" and "float" instead of "long" and "double" in ZPP, type hint and conversion error messages. (Andrea) + . Implemented FR #55428 (E_RECOVERABLE_ERROR when output buffering in output buffering handler). (Kalle) + . Removed scoped calls of non-static methods from an incompatible $this + context. (Nikita) + . Removed support for #-style comments in ini files. (Nikita) + . Removed support for assigning the result of new by reference. (Nikita) + . Invalid octal literals in source code now produce compile errors, fixes PHPSadness #31. (Andrea) + . Removed dl() function on fpm-fcgi. (Nikita) + . Removed support for hexadecimal numeric strings. (Nikita) + . Removed obsolete extensions and SAPIs. See the full list in UPGRADING. (Anatol) + . Added NULL byte protection to exec, system and passthru. (Yasuo) -- CGI: - . Fixed bug #68618 (out of bounds read crashes php-cgi). (CVE-2014-9427) - (Stas) +- Curl: + . Fixed bug #68937 (Segfault in curl_multi_exec). (Laruence) -- CLI server: - . Fixed bug #68745 (Invalid HTTP requests make web server segfault). (Adam) +- Date: + . Fixed day_of_week function as it could sometimes return negative values + internally. (Derick) + . Removed $is_dst parameter from mktime() and gmmktime(). (Nikita) + . Removed date.timezone warning (https://wiki.php.net/rfc/date.timezone_warning_removal). (Bob) -- cURL: - . Fixed bug #67643 (curl_multi_getcontent returns '' when - CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans) +- DBA: + . Fixed bug #62490 (dba_delete returns true on missing item (inifile)). (Mike) + . Fixed bug #68711 (useless comparisons). (bugreports at internot dot info) -- Date: - . Implemented FR #68268 (DatePeriod: Getter for start date, end date and - interval). (Marc Bennewitz) +- DOM: + . Made DOMNode::textContent writeable. (Tjerk) -- EXIF: - . Fixed bug #68799: Free called on unitialized pointer. (CVE-2015-0232) - (Stas) +- GD: + . Made fontFetch's path parser thread-safe. (Sara) - Fileinfo: - . Fixed bug #68398 (msooxml matches too many archives). (Anatol) - . Fixed bug #68665 (invalid free in libmagic). (Joshua Rogers, Anatol Belski) - . Fixed bug #68671 (incorrect expression in libmagic). - (Joshua Rogers, Anatol Belski) - . Removed readelf.c and related code from libmagic sources - (Remi, Anatol) - . Fixed bug #68735 (fileinfo out-of-bounds memory access). - (Anatol) + . Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB) + +- Filter: + . New FILTER_VALIDATE_DOMAIN and better RFC conformance for FILTER_VALIDATE_URL. (Kevin Dunglas) - FPM: - . Fixed request #68526 (Implement POSIX Access Control List for UDS). (Remi) - . Fixed bug #68751 (listen.allowed_clients is broken). (Remi) + . Fixed bug #68945 (Unknown admin values segfault pools). (Laruence) + . Fixed bug #65933 (Cannot specify config lines longer than 1024 bytes). (Chris Wright) + . Implement request #67106 (Split main fpm config). (Elan Ruusamäe, Remi) -- GD: - . Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Jan Bee, Remi) - . Fixed request #68656 (Report gd library version). (Remi) +- JSON + . Replace non-free JSON parser with a parser from Jsond extension, fixes #63520 + (JSON extension includes a problematic license statement). (Jakub Zelenka) + . Fixed bug #68938 (json_decode() decodes empty string without error). + (jeremy at bat-country dot us) -- mbstring: - . Fixed bug #68504 (--with-libmbfl configure option not present on Windows). - (Ashesh Vashi) +- LiteSpeed: + . Updated LiteSpeed SAPI code from V5.5 to V6.6. (George Wang) + +- Mcrypt: + . Fixed possible read after end of buffer and use after free. (Dmitry) - Opcache: + . Fixed bug with try blocks being removed when extended_info opcode + generation is turned on. (Laruence) . Fixed bug #68644 (strlen incorrect : mbstring + func_overload=2 +UTF-8 + Opcache). (Laruence) - . Fixed bug #67111 (Memory leak when using "continue 2" inside two foreach - loops). (Nikita) - OpenSSL: - . Improved handling of OPENSSL_KEYTYPE_EC keys. (Dominic Luechinger) + . Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe + socket timeouts). (Brad Broerman) - pcntl: . Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler diff --cc ext/soap/php_encoding.c index 9866d94c3f,dd557a7950..966d6d04ca --- a/ext/soap/php_encoding.c +++ b/ext/soap/php_encoding.c @@@ -388,18 -402,22 +388,21 @@@ static xmlNodePtr master_to_xml_int(enc encodePtr enc = NULL; HashTable *ht = Z_OBJPROP_P(data); - if ((ztype = zend_hash_str_find(ht, "enc_type", sizeof("enc_type")-1)) == NULL) { - if (zend_hash_find(ht, "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE || - Z_TYPE_PP(ztype) != IS_LONG) { ++ if ((ztype = zend_hash_str_find(ht, "enc_type", sizeof("enc_type")-1)) == NULL || ++ Z_TYPE_P(ztype) != IS_LONG) { soap_error0(E_ERROR, "Encoding: SoapVar has no 'enc_type' property"); } - if ((zstype = zend_hash_str_find(ht, "enc_stype", sizeof("enc_stype")-1)) != NULL) { - if ((zns = zend_hash_str_find(ht, "enc_ns", sizeof("enc_ns")-1)) != NULL) { - if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS && - Z_TYPE_PP(zstype) == IS_STRING) { - if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS && - Z_TYPE_PP(zns) == IS_STRING) { - enc = get_encoder(SOAP_GLOBAL(sdl), Z_STRVAL_PP(zns), Z_STRVAL_PP(zstype)); ++ if ((zstype = zend_hash_str_find(ht, "enc_stype", sizeof("enc_stype")-1)) != NULL && ++ Z_TYPE_P(zstype) == IS_STRING) { ++ if ((zns = zend_hash_str_find(ht, "enc_ns", sizeof("enc_ns")-1)) != NULL && ++ Z_TYPE_P(zns) == IS_STRING) { + enc = get_encoder(SOAP_GLOBAL(sdl), Z_STRVAL_P(zns), Z_STRVAL_P(zstype)); } else { zns = NULL; - enc = get_encoder_ex(SOAP_GLOBAL(sdl), Z_STRVAL_PP(zstype), Z_STRLEN_PP(zstype)); + enc = get_encoder_ex(SOAP_GLOBAL(sdl), Z_STRVAL_P(zstype), Z_STRLEN_P(zstype)); } if (enc == NULL && SOAP_GLOBAL(typemap)) { - encodePtr *new_enc; smart_str nscat = {0}; if (zns != NULL) { @@@ -419,24 -439,31 +422,28 @@@ enc = encode; } - if (zend_hash_find(ht, "enc_value", sizeof("enc_value"), (void **)&zdata) == FAILURE) { - node = master_to_xml(enc, NULL, style, parent TSRMLS_CC); - } else { - node = master_to_xml(enc, *zdata, style, parent TSRMLS_CC); - } + zdata = zend_hash_str_find(ht, "enc_value", sizeof("enc_value")-1); + node = master_to_xml(enc, zdata, style, parent); if (style == SOAP_ENCODED || (SOAP_GLOBAL(sdl) && encode != enc)) { - if ((ztype = zend_hash_str_find(ht, "enc_stype", sizeof("enc_stype")-1)) != NULL) { - if ((zns = zend_hash_str_find(ht, "enc_ns", sizeof("enc_ns")-1)) != NULL) { - if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS && - Z_TYPE_PP(zstype) == IS_STRING) { - if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS && - Z_TYPE_PP(zns) == IS_STRING) { - set_ns_and_type_ex(node, Z_STRVAL_PP(zns), Z_STRVAL_PP(zstype)); ++ if ((zstype = zend_hash_str_find(ht, "enc_stype", sizeof("enc_stype")-1)) != NULL && ++ Z_TYPE_P(zstype) == IS_STRING) { ++ if ((zns = zend_hash_str_find(ht, "enc_ns", sizeof("enc_ns")-1)) != NULL && ++ Z_TYPE_P(zns) == IS_STRING) { + set_ns_and_type_ex(node, Z_STRVAL_P(zns), Z_STRVAL_P(zstype)); } else { - set_ns_and_type_ex(node, NULL, Z_STRVAL_PP(zstype)); + set_ns_and_type_ex(node, NULL, Z_STRVAL_P(zstype)); } } } - if ((zname = zend_hash_str_find(ht, "enc_name", sizeof("enc_name")-1)) != NULL) { - if (zend_hash_find(ht, "enc_name", sizeof("enc_name"), (void **)&zname) == SUCCESS && - Z_TYPE_PP(zname) == IS_STRING) { - xmlNodeSetName(node, BAD_CAST(Z_STRVAL_PP(zname))); ++ if ((zname = zend_hash_str_find(ht, "enc_name", sizeof("enc_name")-1)) != NULL && ++ Z_TYPE_P(zname) == IS_STRING) { + xmlNodeSetName(node, BAD_CAST(Z_STRVAL_P(zname))); } - if ((znamens = zend_hash_str_find(ht, "enc_namens", sizeof("enc_namens")-1)) != NULL) { - if (zend_hash_find(ht, "enc_namens", sizeof("enc_namens"), (void **)&znamens) == SUCCESS && - Z_TYPE_PP(zname) == IS_STRING) { - xmlNsPtr nsp = encode_add_ns(node, Z_STRVAL_PP(znamens)); ++ if ((znamens = zend_hash_str_find(ht, "enc_namens", sizeof("enc_namens")-1)) != NULL && ++ Z_TYPE_P(znamens) == IS_STRING) { + xmlNsPtr nsp = encode_add_ns(node, Z_STRVAL_P(znamens)); xmlSetNs(node, nsp); } } else { diff --cc ext/soap/soap.c index a4f4ab5e6d,697dc9c21c..400f89700d --- a/ext/soap/soap.c +++ b/ext/soap/soap.c @@@ -3985,9 -3997,11 +3985,10 @@@ static xmlDocPtr serialize_response_cal } if (version == SOAP_1_1) { - if ((tmp = zend_hash_str_find(prop, "faultcode", sizeof("faultcode")-1)) != NULL) { - if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS && - Z_TYPE_PP(tmp) == IS_STRING) { - size_t new_len; ++ if ((tmp = zend_hash_str_find(prop, "faultcode", sizeof("faultcode")-1)) != NULL && ++ Z_TYPE_P(tmp) == IS_STRING) { xmlNodePtr node = xmlNewNode(NULL, BAD_CAST("faultcode")); - char *str = php_escape_html_entities((unsigned char*)Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), &new_len, 0, 0, NULL TSRMLS_CC); + zend_string *str = php_escape_html_entities((unsigned char*)Z_STRVAL_P(tmp), Z_STRLEN_P(tmp), 0, 0, NULL); xmlAddChild(param, node); if (fault_ns) { xmlNsPtr nsptr = encode_add_ns(node, fault_ns); @@@ -4009,9 -4023,11 +4010,10 @@@ } detail_name = "detail"; } else { - if ((tmp = zend_hash_str_find(prop, "faultcode", sizeof("faultcode")-1)) != NULL) { - if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS && - Z_TYPE_PP(tmp) == IS_STRING) { - size_t new_len; ++ if ((tmp = zend_hash_str_find(prop, "faultcode", sizeof("faultcode")-1)) != NULL && ++ Z_TYPE_P(tmp) == IS_STRING) { xmlNodePtr node = xmlNewChild(param, ns, BAD_CAST("Code"), NULL); - char *str = php_escape_html_entities((unsigned char*)Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), &new_len, 0, 0, NULL TSRMLS_CC); + zend_string *str = php_escape_html_entities((unsigned char*)Z_STRVAL_P(tmp), Z_STRLEN_P(tmp), 0, 0, NULL); node = xmlNewChild(node, ns, BAD_CAST("Value"), NULL); if (fault_ns) { xmlNsPtr nsptr = encode_add_ns(node, fault_ns);