]>
granicus.if.org Git - php/log
Nikita Popov [Wed, 18 Dec 2019 09:10:30 +0000 (10:10 +0100)]
Fix freeing of dynamic call name
We need to free op2 if the call construction fails.
Also remove a redundant check for !call.
Christoph M. Becker [Tue, 17 Dec 2019 08:51:30 +0000 (09:51 +0100)]
Update/fix NEWS [ci skip]
Christoph M. Becker [Tue, 17 Dec 2019 09:01:50 +0000 (10:01 +0100)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
[ci skip] Update NEWS
Stanislav Malyshev [Tue, 17 Dec 2019 07:45:11 +0000 (23:45 -0800)]
[ci skip] Update NEWS
Stanislav Malyshev [Tue, 17 Dec 2019 07:41:04 +0000 (23:41 -0800)]
[ci skip] Update NEWS
Stanislav Malyshev [Mon, 16 Dec 2019 18:32:49 +0000 (10:32 -0800)]
Fix test
Stanislav Malyshev [Mon, 16 Dec 2019 18:04:03 +0000 (10:04 -0800)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix test
Fix bug #78793
Stanislav Malyshev [Mon, 16 Dec 2019 18:03:43 +0000 (10:03 -0800)]
Fix test
Stanislav Malyshev [Mon, 16 Dec 2019 09:14:38 +0000 (01:14 -0800)]
Fix bug #78793
Stanislav Malyshev [Mon, 16 Dec 2019 09:10:42 +0000 (01:10 -0800)]
Fix build - no model field anymore
Stanislav Malyshev [Mon, 16 Dec 2019 08:38:54 +0000 (00:38 -0800)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fixed bug #78910
Fix #78878: Buffer underflow in bc_shift_addsub
Fix test
Fix #78862: link() silently truncates after a null byte on Windows
Fix #78863: DirectoryIterator class silently truncates after a null byte
Stanislav Malyshev [Mon, 16 Dec 2019 08:10:39 +0000 (00:10 -0800)]
Fixed bug #78910
Christoph M. Becker [Sat, 30 Nov 2019 11:26:37 +0000 (12:26 +0100)]
Fix #78878: Buffer underflow in bc_shift_addsub
We must not rely on `isdigit()` to detect digits, since we only support
decimal ASCII digits in the following processing.
Stanislav Malyshev [Sat, 30 Nov 2019 23:37:28 +0000 (15:37 -0800)]
Fix test
Christoph M. Becker [Sat, 23 Nov 2019 12:01:33 +0000 (13:01 +0100)]
Fix #78862: link() silently truncates after a null byte on Windows
Since link() is supposed to accepts paths (i.e. strings without NUL
bytes), we must not accept arbitrary strings.
Christoph M. Becker [Mon, 25 Nov 2019 15:56:34 +0000 (16:56 +0100)]
Fix #78863: DirectoryIterator class silently truncates after a null byte
Since the constructor of DirectoryIterator and friends is supposed to
accepts paths (i.e. strings without NUL bytes), we must not accept
arbitrary strings.
Christoph M. Becker [Tue, 10 Dec 2019 17:43:01 +0000 (18:43 +0100)]
Fix #78943: mail() may release string with refcount==1 twice
Since we need `headers_lc` as well as `headers_trim` in the following,
we do not release the former even if they are the same string, to avoid
complicating the release logic even more.
A new test case is not necessary, since we already have
mail_basic_alt2-win32.phpt and others.
Nikita Popov [Fri, 13 Dec 2019 15:37:20 +0000 (16:37 +0100)]
Fixed bug #78921
By resetting fake_scope during autoloading. We already do the same
when executing destructors.
Nikita Popov [Tue, 10 Dec 2019 08:00:09 +0000 (09:00 +0100)]
Fix DCE with FE_FETCH
For now, don't treat FE_FETCH op2 as no-val use. See GH-4982.
Christoph M. Becker [Mon, 29 Apr 2019 08:21:07 +0000 (10:21 +0200)]
Extend CURLFile to support streams
Due to former restrictions of the libcurl API, curl multipart/formdata
file uploads supported only proper files. However, as of curl 7.56.0
the new `curl_mime_*()` API is available (and already supported by
PHP[1]), which allows us to support arbitrary *seekable* streams, which
is generally desirable, and particularly resolves issues with the
transparent Unicode and long part support on Windows (see bug #77711).
Note that older curl versions are still supported, but CURLFile is
still restricted to proper files in this case.
[1] <http://git.php.net/?p=php-src.git;a=commit;h=
a83b68ba56714bfa06737a61af795460caa4a105 >
(cherry picked from commit
c68dc6b5e37e74d89e0a387079139c054c8faa81 )
Christoph M. Becker [Mon, 15 Apr 2019 16:24:59 +0000 (18:24 +0200)]
Use curl_mime_*() functions if available
As of curl 7.56.0, `curl_formadd()` is deprecated in favor of
`curl_mime_*()`, so we use the latter if available.
(cherry picked from commit
a83b68ba56714bfa06737a61af795460caa4a105 )
willson-chen [Sat, 7 Dec 2019 02:56:37 +0000 (10:56 +0800)]
Fix #78923: Artifacts when convoluting image with transparency
We have to properly initialize `pxl` before using it.
Fix ported from <https://github.com/libgd/libgd/pull/559>.
Nikita Popov [Fri, 6 Dec 2019 10:07:57 +0000 (11:07 +0100)]
Fix constant evaluation of && and ||
The "return" in the for loop should have been a break on the switch,
otherwise the result is just ignored... but because it prevents
evaluation of the other operand, it also violates the invariant that
everything has been constant evaluated, resulting in an assertion
failure.
The for loop isn't correct in any case though, because it's not legal
to determine the result based on just the second operand, as the
first one may have a side-effect that cannot be optimized away.
Nikita Popov [Wed, 4 Dec 2019 10:20:52 +0000 (11:20 +0100)]
Fix AST printing of nullable builtin types
Fixes oss-fuzz #19109.
Tyson Andre [Sat, 30 Nov 2019 19:14:06 +0000 (14:14 -0500)]
Fix print_r return types in opcache
https://www.php.net/print_r
> When the return parameter is TRUE, this function will return a string.
> Otherwise, the return value is TRUE.
Christoph M. Becker [Tue, 3 Dec 2019 11:04:17 +0000 (12:04 +0100)]
Next is 7.3.14
Remi Collet [Tue, 3 Dec 2019 10:26:05 +0000 (11:26 +0100)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
next is 7.2.27
Remi Collet [Tue, 3 Dec 2019 10:25:37 +0000 (11:25 +0100)]
next is 7.2.27
Christoph M. Becker [Mon, 2 Dec 2019 10:38:11 +0000 (11:38 +0100)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix #78814: strip_tags allows / in tag name => whitelist bypass
Christoph M. Becker [Sun, 17 Nov 2019 13:14:59 +0000 (14:14 +0100)]
Fix #78814: strip_tags allows / in tag name => whitelist bypass
When normalizing tags to check whether they are contained in the set
of allowable tags, we must not strip slashes, unless they come
immediately after the opening `<`, or immediately before the closing
`>`.
Christoph M. Becker [Mon, 25 Nov 2019 11:16:54 +0000 (12:16 +0100)]
Fix #78296: is_file fails to detect file
If we're constructing extended-length paths (i.e. paths prefixed with
`\\?\`), we have to replace all forward slashes with backward slashes,
because the former are not supported by Windows for extended-length
paths.
The more efficient and likely cleaner alternative solution would be to
cater to this in `php_win32_ioutil_normalize_path_w()` by always
replacing forward slashes, but that might break existing code. It
might be sensible to change that for `master`, though.
Christoph M. Becker [Mon, 2 Dec 2019 10:18:58 +0000 (11:18 +0100)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix #78833: Integer overflow in pack causes out-of-bound access
Christoph M. Becker [Tue, 19 Nov 2019 13:22:26 +0000 (14:22 +0100)]
Fix #78833: Integer overflow in pack causes out-of-bound access
We check for potential signed integer overflow, and bail out
gracefully, in that case.
Christoph M. Becker [Sat, 30 Nov 2019 08:38:46 +0000 (09:38 +0100)]
Upgrade to Oniguruma 6.9.4
Oniguruma 6.9.4 fixes several CVEs.
Christoph M. Becker [Fri, 29 Nov 2019 22:50:05 +0000 (23:50 +0100)]
Add missing skip checks
Christoph M. Becker [Fri, 29 Nov 2019 22:28:28 +0000 (23:28 +0100)]
Partially revert "Adapt test cases for Oniguruma 6.9.4"
This partially reverts commit
c55d09c2f547634b577aa5aeaa1438d772bc29d1 ,
because `MB_ONIGURUMA_VERSION` is only available as of PHP 7.4.0, so
that change made no sense for PHP-7.3; we keep it for PHP-7.4, though.
We also stick with the modification to bug78633.phpt.
Christoph M. Becker [Fri, 29 Nov 2019 15:47:10 +0000 (16:47 +0100)]
Adapt test cases for Oniguruma 6.9.4
Apparently, bug 78633 has now really been fixed; the former fix only
catered to the buffer overflow, but yielded a wrong result. Also,
the order of the named captures has been fixed.
Christoph M. Becker [Tue, 26 Nov 2019 09:19:27 +0000 (10:19 +0100)]
Fix #78840: imploding $GLOBALS crashes
We add support for IS_INDIRECT zvals to implode().
Christoph M. Becker [Mon, 25 Nov 2019 14:44:15 +0000 (15:44 +0100)]
Fix #77638: var_export'ing certain class instances segfaults
If objects return immutable property hash tables (typically,
`zend_empty_array`), we must not try to apply recursion protection on
those.
Dmitry Stogov [Mon, 25 Nov 2019 11:05:43 +0000 (14:05 +0300)]
Fixed bug #78868 (Calling __autoload() with incorrect EG(fake_scope) value)
Christoph M. Becker [Fri, 22 Nov 2019 18:21:43 +0000 (19:21 +0100)]
Fix #78853: preg_match() may return integer > 1
Commit
54ebebd [1] optimized the match loop, but for this case it has
been overlooked, that we must only loop if we're doing global matching.
[1] <http://git.php.net/?p=php-src.git;a=commit;h=
54ebebd686255c5f124af718c966edb392782d4a >
George Wang [Thu, 21 Nov 2019 22:58:16 +0000 (17:58 -0500)]
Merge branch 'PHP-7.2' into PHP-7.3
George Wang [Thu, 21 Nov 2019 22:57:50 +0000 (17:57 -0500)]
Added environment LSAPI_CLEAN_SHUTDOWN to control clean shutdown. Update SAPI version to LiteSpeed v7.6 .
Christoph M. Becker [Thu, 21 Nov 2019 09:00:31 +0000 (10:00 +0100)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix #78849: GD build broken with -D SIGNED_COMPARE_SLOW
Christoph M. Becker [Thu, 21 Nov 2019 08:49:29 +0000 (09:49 +0100)]
Fix #78849: GD build broken with -D SIGNED_COMPARE_SLOW
Apparently, this has not been tested for a long time, and might be a
refactoring relict. Anyhow, we have to pass the context to
`GIFNextPixel` as well.
Christoph M. Becker [Mon, 18 Nov 2019 11:47:29 +0000 (12:47 +0100)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Update NEWS
Christoph M. Becker [Mon, 18 Nov 2019 11:36:01 +0000 (12:36 +0100)]
Update NEWS
Dmitry Stogov [Mon, 18 Nov 2019 08:26:30 +0000 (11:26 +0300)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix $x = (bool)$x; for undefined with opcache
Tyson Andre [Fri, 15 Nov 2019 17:47:32 +0000 (12:47 -0500)]
Fix $x = (bool)$x; for undefined with opcache
And `$x = !$x`
Noticed while working on GH-4912
The included test would not emit undefined variable errors in php 8.0
with opcache enabled. The command used:
```
php -d zend_extension=opcache.so --no-php-ini -d error_reporting=E_ALL \
-d opcache.file_cache= -d opcache.enable_cli=1 test.php
```
Christoph M. Becker [Tue, 12 Nov 2019 15:12:59 +0000 (16:12 +0100)]
Fix ASLR related invalid opline handler issues
Opcache stores `opline->handler`s in shared memory. These pointers are
invalid, if the main PHP DLL is loaded at another base address due to
ASLR. We therefore store the address of `execute_ex` in the mmap base
file, and check on startup whether it matches its current address. If
not, we fall back on the file cache if enabled, and bail out otherwise.
This still does not address cases where the opline handler is located
inside of another DLL (e.g. for some profilers, debuggers), but there
seems to be no general solution for now.
(cherry picked from commit
8ba10b8fbc020dc225d3b19d8f088f1351a3e304 )
Dmitry Stogov [Tue, 12 Nov 2019 09:59:50 +0000 (12:59 +0300)]
Fixed wrong constant usage
Stanislav Malyshev [Tue, 12 Nov 2019 07:08:38 +0000 (23:08 -0800)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix bug #78804 - Segmentation fault in Locale::filterMatches
Stanislav Malyshev [Tue, 12 Nov 2019 06:30:08 +0000 (22:30 -0800)]
Fix bug #78804 - Segmentation fault in Locale::filterMatches
Levi Morrison [Thu, 7 Nov 2019 21:51:21 +0000 (14:51 -0700)]
Wrap php_random.h in C++ portability macros
Also remove portability headers. This goes against the existing
conventions of these files.
Levi Morrison [Wed, 6 Nov 2019 17:30:09 +0000 (10:30 -0700)]
Wrap hrtime in `extern "c" {}`
This allows it to be used by C++ extensions without them having to do their own forward declares.
Closes GH-4890.
Nikita Popov [Thu, 7 Nov 2019 13:29:51 +0000 (14:29 +0100)]
Fix php_pcre_mutex_free()
We should only set the mutex to NULL if we actually freed it.
Due to missing braces non-main threads may currently set it to
NULL first.
Nikita Popov [Thu, 7 Nov 2019 13:06:33 +0000 (14:06 +0100)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Remove outdated comments in test
Nikita Popov [Thu, 7 Nov 2019 13:06:23 +0000 (14:06 +0100)]
Remove outdated comments in test
Nikita Popov [Thu, 7 Nov 2019 10:16:03 +0000 (11:16 +0100)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fixed bug #78759
Nikita Popov [Thu, 7 Nov 2019 10:15:29 +0000 (11:15 +0100)]
Fixed bug #78759
Handle INDIRECT values in array.
Nikita Popov [Wed, 6 Nov 2019 11:51:25 +0000 (12:51 +0100)]
Fixed bug #78787
Not the first time inheritance of shadow properties causes an issue,
thankfully this whole concept is gone in PHP 7.4.
Christoph M. Becker [Tue, 5 Nov 2019 17:17:04 +0000 (18:17 +0100)]
7.3.13 is next
Sara Golemon [Tue, 5 Nov 2019 15:58:35 +0000 (10:58 -0500)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Bump for 7.2.26-dev
Sara Golemon [Tue, 5 Nov 2019 15:56:19 +0000 (10:56 -0500)]
Bump for 7.2.26-dev
Nikita Popov [Tue, 5 Nov 2019 11:14:53 +0000 (12:14 +0100)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fixed bug #78775
Nikita Popov [Tue, 5 Nov 2019 11:13:46 +0000 (12:13 +0100)]
Fixed bug #78775
Clear the OpenSSL error queue before performing SSL stream operations.
As we don't control all code that could possibly be using OpenSSL,
we can't rely on the error queue being empty.
Christoph M. Becker [Tue, 5 Nov 2019 09:16:22 +0000 (10:16 +0100)]
Remove obsolete oniguruma.patch
The proper `SIZEOF_SIZE_T` definitions are available as of Oniguruma
6.9.1; no more need to patch.
Christoph M. Becker [Thu, 31 Oct 2019 15:08:38 +0000 (16:08 +0100)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix test cases for libxml2 2.9.10
Christoph M. Becker [Thu, 31 Oct 2019 15:02:05 +0000 (16:02 +0100)]
Fix test cases for libxml2 2.9.10
Since the error reporting has been slightly changed, we have to adapt
the two affected test cases.
Nikita Popov [Wed, 30 Oct 2019 08:22:37 +0000 (09:22 +0100)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Add missing refcount increment
Nikita Popov [Wed, 30 Oct 2019 08:22:20 +0000 (09:22 +0100)]
Add missing refcount increment
Nikita Popov [Tue, 29 Oct 2019 14:06:28 +0000 (15:06 +0100)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fixed bug #78689
Nikita Popov [Tue, 29 Oct 2019 14:05:59 +0000 (15:05 +0100)]
Fixed bug #78689
Stanislav Malyshev [Tue, 29 Oct 2019 03:47:44 +0000 (20:47 -0700)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix libmagic buffer overflow issue (CVE-2019-18218)
bump version
set versions for release
Stanislav Malyshev [Tue, 29 Oct 2019 03:47:30 +0000 (20:47 -0700)]
Merge branch 'PHP-7.1' into PHP-7.2
* PHP-7.1:
Fix libmagic buffer overflow issue (CVE-2019-18218)
bump version
set versions for release
Christoph M. Becker [Mon, 28 Oct 2019 12:08:06 +0000 (13:08 +0100)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix #78751: Serialising DatePeriod converts DateTimeImmutable
Christoph M. Becker [Fri, 25 Oct 2019 13:43:38 +0000 (15:43 +0200)]
Fix #78751: Serialising DatePeriod converts DateTimeImmutable
When getting the properties of a DatePeriod instance we have to retain
the proper classes, and when restoring a DatePeriod instance we have to
cater to DateTimeImmutable instances as well.
Nikita Popov [Mon, 28 Oct 2019 09:27:46 +0000 (10:27 +0100)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix bug #78752
Nikita Popov [Mon, 28 Oct 2019 09:23:20 +0000 (10:23 +0100)]
Fix bug #78752
NULL out the execute_data before destroying it, otherwise GC may
trigger while the execute_data is partially destroyed, resulting
in double-frees.
The handling of call stack unfreezing is a bit awkward because it's
a ZEND_API function, so we can't change the signature.
Stanislav Malyshev [Sun, 27 Oct 2019 23:30:38 +0000 (16:30 -0700)]
Fix libmagic buffer overflow issue (CVE-2019-18218)
Ported from https://github.com/file/file/commit/
46a8443f76cec4b41ec736eca396984c74664f84
Nikita Popov [Fri, 25 Oct 2019 10:50:12 +0000 (12:50 +0200)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fixed bug #78747
Nikita Popov [Fri, 25 Oct 2019 10:47:18 +0000 (12:47 +0200)]
Fixed bug #78747
Nikita Popov [Wed, 23 Oct 2019 09:17:46 +0000 (11:17 +0200)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Use ICU's CXXFLAGS when using pkg-config
Ryan Schmidt [Tue, 22 Oct 2019 21:19:35 +0000 (16:19 -0500)]
Use ICU's CXXFLAGS when using pkg-config
This mirrors how ICU's CXXFLAGS are already used when using icu-config.
Nikita Popov [Wed, 23 Oct 2019 09:07:16 +0000 (11:07 +0200)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Add "-pthread" to EXTRA_LDFLAGS_PROGRAM as well
Nikita Popov [Wed, 23 Oct 2019 09:06:51 +0000 (11:06 +0200)]
Add "-pthread" to EXTRA_LDFLAGS_PROGRAM as well
This is a backport of
c518932c0326a938f0fd0254f2adb03b1cddfbca
from the PHP 7.4 branch.
Joe Watkins [Tue, 22 Oct 2019 16:58:39 +0000 (18:58 +0200)]
bump version
Joe Watkins [Tue, 22 Oct 2019 16:56:55 +0000 (18:56 +0200)]
set versions for release
Christoph M. Becker [Tue, 22 Oct 2019 07:50:11 +0000 (09:50 +0200)]
Update NEWS
Remi Collet [Tue, 22 Oct 2019 07:37:51 +0000 (09:37 +0200)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
add NEWS entry
Remi Collet [Tue, 22 Oct 2019 07:37:35 +0000 (09:37 +0200)]
add NEWS entry
Stanislav Malyshev [Mon, 21 Oct 2019 20:17:19 +0000 (13:17 -0700)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)
bump versions after release
set versions for release
Stanislav Malyshev [Mon, 21 Oct 2019 20:17:09 +0000 (13:17 -0700)]
Merge branch 'PHP-7.1' into PHP-7.2
* PHP-7.1:
Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)
bump versions after release
set versions for release
Joe Watkins [Mon, 21 Oct 2019 07:22:32 +0000 (09:22 +0200)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix bug #78697: inaccurate error message
Fabien Villepinte [Sat, 19 Oct 2019 19:27:37 +0000 (21:27 +0200)]
Fix bug #78697: inaccurate error message
Jakub Zelenka [Sat, 12 Oct 2019 14:56:16 +0000 (15:56 +0100)]
Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)
Christoph M. Becker [Fri, 4 Oct 2019 17:02:37 +0000 (19:02 +0200)]
Fix #78633: Heap buffer overflow (read) in mb_eregi
We backport kkos/oniguruma@
15c4228aa2ffa02140a99912dd3177df0b1841c6 .
Christoph M. Becker [Sat, 19 Oct 2019 09:48:40 +0000 (11:48 +0200)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix #78694: Appending to a variant array causes segfault
Christoph M. Becker [Sat, 19 Oct 2019 09:41:28 +0000 (11:41 +0200)]
Fix #78694: Appending to a variant array causes segfault
`write_dimension` object handlers have to be able to handle `NULL`
`offset`s; for now we simply throw an exception instead of following
the `NULL` pointer.
Christoph M. Becker [Fri, 18 Oct 2019 13:31:48 +0000 (15:31 +0200)]
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix #70153 \DateInterval incorrectly unserialized