Remi Collet [Sat, 28 Dec 2013 13:22:13 +0000 (14:22 +0100)]
Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop())
Initial fix was PHP stuff
This one is libgd fix.
- filter invalid crop size
- dont try to copy on invalid position
- fix crop size when out of src image
- fix possible NULL deref
- fix possible integer overfloow
Anatol Belski [Mon, 23 Dec 2013 10:53:47 +0000 (11:53 +0100)]
removed outdated IsDebuggerPresent declaration
This piece of code seems to retain compatibility with some windows
versions before 2000. Today it's not relevant anymore and only
produces a warning C4273 because of the conflicting prototype. In
VC9 the declaration is present in winbase.h:4142, but available
is it already in winxp. Here's the doc link
http://msdn.microsoft.com/en-us/library/windows/desktop/ms680345(v=vs.85).aspx
Bob Weinand [Sat, 21 Dec 2013 18:22:47 +0000 (19:22 +0100)]
Added an opcode to opcode name map
That way extensions etc. don't have to maintain their own lists anymore.
Also as phpdbg is included and needs such a map, it'd be counterproductive to need to change two things on every new opcode.
Dmitry Stogov [Mon, 16 Dec 2013 09:13:29 +0000 (13:13 +0400)]
Merge branch 'PHP-5.5' of git.php.net:php-src into PHP-5.5
* 'PHP-5.5' of git.php.net:php-src:
Fix tests expecting specific resource IDs
fixed parameter order for zend_throw_exception_ex call
Fix doc (svn -> git)
Updated release process
Eric Stenson [Fri, 13 Dec 2013 18:42:32 +0000 (10:42 -0800)]
Fix tests expecting specific resource IDs
When Wincache or APC are installed, the resource IDs are not the same.
This is because Wincache takes a few resource objects for itself. As a
result, these tests become false positives.
On Windows boxes, the microtime precision is not granular enough
to reliably register a difference if two calls to uniqid() are made
concurrently. This is a fix to the uniqid() test to avoid the false
positive when run on Windows machines. Also, added a test to exercise
the 'more_entropy' variant of uniqid().
Dmitry Stogov [Fri, 13 Dec 2013 07:16:17 +0000 (11:16 +0400)]
Merge branch 'PHP-5.5' of git.php.net:php-src into PHP-5.5
* 'PHP-5.5' of git.php.net:php-src:
Use zend_error_noreturn here
Add Tests for #65784 in 5.5
Disallowed JMP into a finally block.
Update NEWS for 5.5.7 release
Anatol Belski [Thu, 12 Dec 2013 09:17:01 +0000 (10:17 +0100)]
Fixed bug #65486 mysqli_poll() is broken on Win x64
While this issue is visible in mysqli_poll() functions, the cause
lays deeper in the stream to socket casting API. On Win x64 the
SOCKET datatype is a 64 or 32 bit unsigned, while on Linux/Unix-like
it's 32 bit signed integer. The game of casting 32 bit var to/from
64 bit pointer back and forth is the best way to break it.
Further more, while socket and file descriptors are always integers
on Linux, those are different things using different APIs on Windows.
Even though using integer instead of SOCKET might work on Windows, this
issue might need to be revamped more carefully later. By this time
this patch is tested well with phpt and apps and shows no regressions,
neither in mysqli_poll() nor in any other parts.
Ard Biesheuvel [Tue, 10 Dec 2013 11:07:46 +0000 (12:07 +0100)]
Zend: fix overflow handling bug in non-x86 fast_add_function()
The 'result' argument of fast_add_function() may alias with either
of its operands (or both). Take care not to write to 'result' before
reading op1 and op2.
Functions registered using zend_register_functions instead of zend_module_entry.functions are not seen on reflection.
Ex: additional_functions from api_module_entry.
Ex: in CLI, dl, cli_set_process_title and cli_get_process_title
Note:
- also affects functions overrided in extension
(should be be reported in extension, where overrided, not in original extension)
- also allow extension to call zend_register_functions for various list
(instead of having a single bug list)
Dmitry Stogov [Tue, 10 Dec 2013 12:02:59 +0000 (16:02 +0400)]
Revered func_get_args() changes, because they were not completly transparent and broke some tricky PHP code that worked because of luck before php-5.5.6 (see Bug #66107). The changes are going to be kept in PHP-5.6.
Adam Harvey [Sun, 8 Dec 2013 03:39:40 +0000 (19:39 -0800)]
Switch to using freetype-config for freetype detection.
This fixes GD compilation against libfreetype 2.5.1 and later after they made
the rather interesting decision to change their include directory layout in a
point release.
The original suggestion in the bug was to use pkg-config, but my inclination is
to use freetype-config instead: we should be able to get the same configuration
information without actually needing pkg-config installed, since pkg-config is
by no means guaranteed to exist on many Unices and distros, whereas
freetype-config should always be present if a libfreetype build environment is
installed. Let's try it out and see what happens.
Fixes bug #64405 (Use freetype-config for determining freetype2 dir(s)).
Michael Wallner [Fri, 6 Dec 2013 09:29:24 +0000 (10:29 +0100)]
Fixed bug #61645 (fopen and O_NONBLOCK)
if a mode like "rn" was passed to fopen(), then
php_stream_parse_fopen_modes() would assign O_WRONLY to
flags, because O_NONBLOCK tainted flags for the r/w/+ check
Adam Harvey [Tue, 3 Dec 2013 22:46:15 +0000 (14:46 -0800)]
Remove 128.0.0.0/16 and 191.255.0.0/16 from the reserved list.
These were returned to the general allocation pool by RFC 3330, and hence
shouldn't cause an IP address validation failure due to being reserved. At
least 128.0.0.0/16 is in use on the public Internet today.
Fixes bug #66229 (128.0.0.0/16 isn't reserved any longer).
projects / php / log