Remi Collet [Fri, 14 Mar 2014 08:50:15 +0000 (09:50 +0100)]
Fixed Bug #66833 Default digest algo is still MD5
Switch to SHA1, which match internal openssl hardcoded algo.
In most case, won't even be noticed
- priority on user input (default_md)
- fallback on system config
- fallback on this default value
Recent system reject MD5 digest, noticed in bug36732.phpt failure.
While SHA1 is better than MD5, SHA256 is recommenced,
and defined as default algo in provided configuration on
recent system (Fedora 21, RHEL-7, ...). But the idea is to
keep in sync with openssl internal value for PHP internal value.
David Zülke [Thu, 13 Mar 2014 15:51:44 +0000 (16:51 +0100)]
Fix 5.5.10 NEWS
The FPM change didn't make it into 5.5.10 but will instead be in 5.5.11; http://php.net/Changelog-5.php, the release and the NEWS file in the release accurately reflect this, but the 5.5 branch NEWS doesn't (as the release was made and tagged from the last RC, which didn't contain that change yet).
Pierre Joye [Mon, 10 Mar 2014 15:30:05 +0000 (16:30 +0100)]
Merge branch 'PHP-5.5' of git.php.net:php-src into PHP-5.5
# By Anatol Belski (1) and others
# Via Anatol Belski
* 'PHP-5.5' of git.php.net:php-src:
updated libmagic.patch
Fix indentation
Do not remove *.1, it's not generated by make but configure
Pierre Joye [Mon, 10 Mar 2014 11:04:04 +0000 (12:04 +0100)]
Merge branch 'PHP-5.4' of git.php.net:php-src into PHP-5.4
# By Dmitry Panin (1) and Remi Collet (1)
# Via Nikita Popov
* 'PHP-5.4' of git.php.net:php-src:
Fix HTML entity table generation
Set default Digest Message to use SHA1 instead of MD5 in openssl tests as MD5 signature are now rejected by newer openssl Version.
Pierre Joye [Sun, 9 Mar 2014 20:11:19 +0000 (21:11 +0100)]
Merge branch 'PHP-5.5' of git.php.net:php-src into PHP-5.5
# By Remi Collet (6) and others
# Via Nikita Popov (1) and others
* 'PHP-5.5' of git.php.net:php-src:
Fixed null termination
Updated NEWS for #65545
Add fread(length) method
Fix HTML entity table generation
Fix order in NEWS
Add CVE ref (not known at release time)
Fix NEWS for 5.5.11 fix (really not in 5.5.10)
5.5.10 release date for NEWS
Set default Digest Message to use SHA1 instead of MD5 in openssl tests as MD5 signature are now rejected by newer openssl Version.
NEWS
Fixed Bug #66815 imagecrop(): insufficient fix for NULL defer CVE-2013-7327
Remi Collet [Wed, 5 Mar 2014 09:40:36 +0000 (10:40 +0100)]
Fixed Bug #66815 imagecrop(): insufficient fix for NULL defer CVE-2013-7327
This amends commit 8f4a537, which aimed to correct NULL dereference because of
missing check of gdImageCreateTrueColor() / gdImageCreate() return value. That
commit checks for negative crop rectangle width and height, but
gdImageCreate*() can also return NULL when width * height overflows. Hence
NULL deref is still possible, as gdImageSaveAlpha() and gdImagePaletteCopy()
is called before dst == NULL check.
This moves NULL check to happen right after gdImageCreate*(). It also removes
width and height check before gdImageCreate*(), as the same check is done by
image create functions (with an extra warning).
Pierre Joye [Wed, 5 Mar 2014 09:37:04 +0000 (10:37 +0100)]
Merge branch 'PHP-5.5' of git.php.net:php-src into PHP-5.5
# By Anatol Belski (38) and others
# Via Anatol Belski (23) and others
* 'PHP-5.5' of git.php.net:php-src: (325 commits)
NEWS
NEWS
Fixed Bug #66820 out-of-bounds memory access in fileinfo
Improves fix for memory leak, keep in sync with upstream.
Fixed news for #60602
Updated news for #60602
proc_open(): separate environment values that aren't strings
Fixed NEWS.
Updated news for #66535 and #66109
Updated NEWS for #66535
don't compare constants on run time
substr_compare(): Allow zero length comparison
Fixed test case title
[bug 66535] X-PHP-Originating-Script adds newline if no custom headers are given
Fixed expected output of a few cURL test cases
Allow NULL as value for CURLOPT_CUSTOMREQUEST option.
man page: long option name is --strip, not --stripped
--global have be removed in 5.2
typo spotted by Lajos Veres
update libs_version.txt
...
Pierre Joye [Wed, 5 Mar 2014 09:32:42 +0000 (10:32 +0100)]
Merge branch 'PHP-5.4' of git.php.net:php-src into PHP-5.4
# By Anatol Belski (22) and others
# Via Derick Rethans (5) and others
* 'PHP-5.4' of git.php.net:php-src: (176 commits)
NEWS
Fixed Bug #66820 out-of-bounds memory access in fileinfo
Improves fix for memory leak, keep in sync with upstream.
Updated news for #60602
proc_open(): separate environment values that aren't strings
Updated NEWS for #66535
Fixed test case title
[bug 66535] X-PHP-Originating-Script adds newline if no custom headers are given
man page: long option name is --strip, not --stripped
--global have be removed in 5.2
NEWS
test for bug #66762
Fixed Bug #66762 Segfault in mysqli_stmt::bind_result() when link closed
fix tests broken by 633f898f1520253d3530fe91fc82f68bca7c4627
add news entry
add clear_env option to FPM config
Reduce test noise on cross Oracle client <-> server version tests. This fix is already in PHP 5.6+
Reduce test noise in cross Oracle client <-> server version testing. This change is already in PHP 5.6+
fixed macro
Make sure value is initialized
...
Paul Annesley [Wed, 19 Feb 2014 19:48:40 +0000 (11:48 -0800)]
add clear_env option to FPM config
This makes it possible to leave the envoronment as is on startup and
pass all the variables to the workers.
The default value of clear_env is "yes", preserving previous behaviour.
Patch by Paul Annesley.
Paul Annesley [Wed, 19 Feb 2014 19:48:40 +0000 (11:48 -0800)]
add clear_env option to FPM config
This makes it possible to leave the envoronment as is on startup and
pass all the variables to the workers.
The default value of clear_env is "yes", preserving previous behaviour.
Patch by Paul Annesley.
projects / php / log