]>
granicus.if.org Git - php/log
Stanislav Malyshev [Tue, 2 Jan 2018 04:28:01 +0000 (20:28 -0800)]
Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
Update NEWS
Fixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtx
Fix bug #74782: remove file name from output to avoid XSS
Stanislav Malyshev [Tue, 2 Jan 2018 03:53:00 +0000 (19:53 -0800)]
Update NEWS
Christoph M. Becker [Wed, 29 Nov 2017 17:52:33 +0000 (18:52 +0100)]
Fixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtx
Due to a signedness confusion in `GetCode_` a corrupt GIF file can
trigger an infinite loop. Furthermore we make sure that a GIF without
any palette entries is treated as invalid *after* open palette entries
have been removed.
Stanislav Malyshev [Sun, 2 Jul 2017 20:29:37 +0000 (13:29 -0700)]
Fix bug #74782: remove file name from output to avoid XSS
Anatol Belski [Fri, 22 Dec 2017 17:22:33 +0000 (18:22 +0100)]
[ci skip] update NEWS
Dmitry Stogov [Thu, 21 Dec 2017 20:34:21 +0000 (23:34 +0300)]
Fixed bug #75579 (Interned strings buffer overflow may cause crash)
(cherry picked from commit
37bf8bdc1494abb2ce5cac40e0be80e23682f851 )
Anatol Belski [Tue, 5 Dec 2017 07:51:30 +0000 (08:51 +0100)]
7.0.28 is next
Anatol Belski [Tue, 5 Dec 2017 07:41:24 +0000 (08:41 +0100)]
[ci skip] update NEWS
Anatol Belski [Mon, 4 Dec 2017 13:11:40 +0000 (14:11 +0100)]
Use dtor unconditionally in error case
Xinchen Hui [Wed, 29 Nov 2017 06:46:21 +0000 (14:46 +0800)]
Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26)
(cherry picked from commit
3b9ba7b6bd9e24bdbeca8e8e3f24cee2fccc51d8 )
Andy Postnikov [Sat, 10 Dec 2016 20:51:17 +0000 (23:51 +0300)]
Fix ZEND_SIGNED_MULTIPLY_LONG for AArch64
Register operands are required in this context.
This is a backport of
8c8679207ae5ada8751288e75b78c928a4d34d1d
to PHP 7.0+. The current code caused incorrect behavior on AArch64
when compiling with clang.
Anatol Belski [Fri, 1 Dec 2017 15:01:34 +0000 (16:01 +0100)]
Consider Xdebug for tmi ini generation, too
Dmitry Stogov [Fri, 1 Dec 2017 14:00:11 +0000 (17:00 +0300)]
Set trailing zero
Lior Kaplan [Wed, 29 Nov 2017 11:45:21 +0000 (13:45 +0200)]
Define floorf if system doesn't have it (follow up for
22c48761 )
floorf is checked in config.m4
Remi Collet [Tue, 28 Nov 2017 16:59:16 +0000 (17:59 +0100)]
NEWS
Remi Collet [Mon, 27 Nov 2017 16:06:57 +0000 (17:06 +0100)]
Fixed bug #64938 libxml_disable_entity_loader setting is shared between requests (FPM)
Sebastian Ramadan [Wed, 15 Nov 2017 02:24:28 +0000 (13:24 +1100)]
Check for binary_location allocation failure
Scott [Wed, 22 Nov 2017 03:02:07 +0000 (22:02 -0500)]
Fix bug #75409
Anatol Belski [Tue, 21 Nov 2017 21:22:21 +0000 (22:22 +0100)]
[ci skip] update NEWS
Nester [Tue, 21 Nov 2017 11:42:22 +0000 (11:42 +0000)]
Fixed #75539 and #74183 - preg_last_error not returning error code after error
Remi Collet [Mon, 20 Nov 2017 08:42:20 +0000 (09:42 +0100)]
Better fix bug #75540 Segfault with libzip 1.3.1
- only 1.3.1 is affected
- fix use after free
Remi Collet [Mon, 20 Nov 2017 07:50:33 +0000 (08:50 +0100)]
NEWS
Remi Collet [Mon, 20 Nov 2017 07:49:46 +0000 (08:49 +0100)]
fix bug #75540 Segfault with libzip 1.3.1
Nikita Popov [Fri, 17 Nov 2017 22:11:15 +0000 (23:11 +0100)]
Fixed bug #75535
The sizeof()s for Content-Length and Transfer-Encoding were missing
the trailing ":". Apart from being generally wrong, this no longer
verified that the header actually contains a colon, leading to the
null http_header_value being used.
Additionally, in the interest of being defensive, also make sure
that http_header_value is non-null by setting it to the end of
the header line (effectively an empty string) if there is no colon.
If the following conditions are correct, this value is not going
to be used though.
Anatol Belski [Fri, 17 Nov 2017 15:37:00 +0000 (16:37 +0100)]
Update SDK version for AppVeyor
Sammy Kaye Powers [Fri, 1 Sep 2017 14:36:04 +0000 (09:36 -0500)]
Update NEWS
Sammy Kaye Powers [Wed, 29 Mar 2017 14:27:18 +0000 (09:27 -0500)]
Fix bug 60471 by correctly identifying unused speculative preconnections
* Correctly identify unused speculative preconnections from browsers
like Chrome and Firefox
* Add a new message to the debug level that is emitted when a TCP
connection is closed without sending any request (a preconnection)
* Fix an issue where the existing debug messages were not being
displayed even when debug mode was enabled
Anatol Belski [Fri, 10 Nov 2017 10:40:16 +0000 (11:40 +0100)]
[ci skip] update NEWS
Anatol Belski [Wed, 8 Nov 2017 10:52:42 +0000 (11:52 +0100)]
Fixed #75384 PHP seems incompatible with OneDrive files on demand
Derick Rethans [Tue, 7 Nov 2017 11:25:28 +0000 (11:25 +0000)]
Fixed ext/date tests due to changes in Olson database
Anatol Belski [Tue, 7 Nov 2017 09:07:52 +0000 (10:07 +0100)]
7.0.27 next
Anatol Belski [Thu, 2 Nov 2017 21:41:12 +0000 (22:41 +0100)]
Update libs_version.txt
Nikita Popov [Thu, 2 Nov 2017 19:55:10 +0000 (20:55 +0100)]
Fix ext/soap/tests/bug69137.phpt
Switch to example.org. Also mark it as an online test.
Anatol Belski [Thu, 2 Nov 2017 11:37:04 +0000 (12:37 +0100)]
Sync and fix tests for ICU 60.1 compat
Anatol Belski [Thu, 2 Nov 2017 08:21:22 +0000 (09:21 +0100)]
Yet one /nologo
Anatol Belski [Tue, 31 Oct 2017 09:25:15 +0000 (10:25 +0100)]
Fix year
Anatol Belski [Tue, 31 Oct 2017 09:24:34 +0000 (10:24 +0100)]
Add /nologo
Anatol Belski [Mon, 30 Oct 2017 17:15:26 +0000 (18:15 +0100)]
Add missing ICU version check
Jakub Zelenka [Mon, 30 Oct 2017 16:36:38 +0000 (16:36 +0000)]
Prevent leaking x509 and csr resources if it is not requested
All functions using php_openssl_x509_from_zval or php_openssl_csr_from_zval
with makeresource equal to 0 do not deref the resource which means there
is a leak till the end of the request. This can cause issues for long
running apps. It is a generic solution for bug #75363 which also covers
other functions.
Jakub Zelenka [Mon, 30 Oct 2017 16:05:00 +0000 (16:05 +0000)]
Extend and speed up pkey export tests
Jakub Zelenka [Mon, 30 Oct 2017 14:29:05 +0000 (14:29 +0000)]
Rewrite openssl_csr_get_subject test to improve coverage
Jakub Zelenka [Mon, 30 Oct 2017 14:28:18 +0000 (14:28 +0000)]
Add openssl_csr_get_public_key test
Jakub Zelenka [Mon, 30 Oct 2017 14:16:03 +0000 (14:16 +0000)]
Extend openssl_pkcs7_* tests to cover resource cert
Jakub Zelenka [Mon, 30 Oct 2017 14:15:23 +0000 (14:15 +0000)]
Fix cleaning tmp output file in openssl_csr_export_to_file test
Jelle van der Waa [Fri, 11 Aug 2017 22:58:59 +0000 (00:58 +0200)]
openssl: add basic openssl_csr_export_to_file tests
Add a basic test for openssl_csr_export_to_file.
Jakub Zelenka [Mon, 30 Oct 2017 13:57:51 +0000 (13:57 +0000)]
Extend openssl_csr_sign test to cover cert resource
Jakub Zelenka [Mon, 30 Oct 2017 13:40:06 +0000 (13:40 +0000)]
Set different invalid path in openssl_pkcs12_export so it is more unlikely to exist
Jakub Zelenka [Mon, 30 Oct 2017 13:36:32 +0000 (13:36 +0000)]
Extend openssl_x509_parse to cover cert resource
Jakub Zelenka [Mon, 30 Oct 2017 13:17:32 +0000 (13:17 +0000)]
Rename and test resource cert in openssl_x509_checkpurpose test
Jakub Zelenka [Mon, 30 Oct 2017 13:01:27 +0000 (13:01 +0000)]
Extend openssl_x509_check_private_key to test resource cert
Jakub Zelenka [Mon, 30 Oct 2017 12:55:29 +0000 (12:55 +0000)]
Extend openssl_x509_fingerprint test to cover resource cert with sha1
Joe Watkins [Mon, 30 Oct 2017 14:16:16 +0000 (14:16 +0000)]
Merge branch 'PHP-7.0' of git.php.net:/php-src into PHP-7.0
* 'PHP-7.0' of git.php.net:/php-src:
Yet one attempt to mitigate the unzip error on AppVeyor
Ensure SDK is checked out before asking for version
Fix fetching the SDK version
Fix SDK version comparison and add more verbosity
Don't use the cache dependency, SDK version is handled in script
Remove status check on the SDK repo and add version check
Catch with the latest AppVeyor unzip errors
Fabien Villepinte [Mon, 30 Oct 2017 12:25:40 +0000 (13:25 +0100)]
Fix bug #75464 Wrong reflection on SoapClient::__setSoapHeaders
Anatol Belski [Mon, 30 Oct 2017 11:16:53 +0000 (12:16 +0100)]
Yet one attempt to mitigate the unzip error on AppVeyor
Anatol Belski [Mon, 30 Oct 2017 11:07:27 +0000 (12:07 +0100)]
Ensure SDK is checked out before asking for version
Anatol Belski [Mon, 30 Oct 2017 10:28:32 +0000 (11:28 +0100)]
Fix fetching the SDK version
Anatol Belski [Mon, 30 Oct 2017 09:53:12 +0000 (10:53 +0100)]
Fix SDK version comparison and add more verbosity
Anatol Belski [Mon, 30 Oct 2017 09:34:11 +0000 (10:34 +0100)]
Don't use the cache dependency, SDK version is handled in script
Anatol Belski [Mon, 30 Oct 2017 09:14:05 +0000 (10:14 +0100)]
Remove status check on the SDK repo and add version check
If Appveyor fails to unzip, .git would be in an arbitrary state anyway.
Thus this check doesn't help. For the version check - rely on the branch
naming scheme in the SDK.
Anatol Belski [Mon, 30 Oct 2017 07:42:59 +0000 (08:42 +0100)]
Catch with the latest AppVeyor unzip errors
Fabien Villepinte [Sun, 29 Oct 2017 08:14:56 +0000 (09:14 +0100)]
Fix bug #75453 Incorrect reflection on ibase_connect and ibase_pconnect
Anatol Belski [Sun, 29 Oct 2017 09:08:31 +0000 (10:08 +0100)]
Re-enable AppVeyor cache
Joe Watkins [Sun, 29 Oct 2017 04:37:21 +0000 (04:37 +0000)]
make sure run-tests reports exit status upon prerequisite error
Fabien Villepinte [Sat, 28 Oct 2017 08:40:00 +0000 (10:40 +0200)]
Fix bug #75434 Wrong reflection for mysqli_fetch_all function
Fabien Villepinte [Fri, 27 Oct 2017 12:14:04 +0000 (14:14 +0200)]
Fix bug #75307 Wrong reflection for openssl_open function
Anatol Belski [Fri, 27 Oct 2017 14:19:42 +0000 (16:19 +0200)]
Skip test on PostgreSQL 10
The 42P18 error is not produced by the server anymore.
Anatol Belski [Fri, 27 Oct 2017 12:58:43 +0000 (14:58 +0200)]
Fix test compat for PostgreSQL 10
Anatol Belski [Fri, 27 Oct 2017 11:20:15 +0000 (13:20 +0200)]
Apply upstream patch for CVE-2017-14107
Anatol Belski [Fri, 27 Oct 2017 11:18:41 +0000 (13:18 +0200)]
Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
Backport and apply upstream patch for CVE-2017-14107
Anatol Belski [Fri, 27 Oct 2017 11:16:56 +0000 (13:16 +0200)]
Backport and apply upstream patch for CVE-2017-14107
Anatol Belski [Thu, 26 Oct 2017 19:25:08 +0000 (21:25 +0200)]
Binary SDK 2.0.12 stable
Dmitry Stogov [Thu, 26 Oct 2017 13:03:42 +0000 (16:03 +0300)]
Fixed indirect modification of magic ArrayAccess method arguments
Dmitry Stogov [Thu, 26 Oct 2017 11:12:08 +0000 (14:12 +0300)]
Backport tests
Dmitry Stogov [Thu, 26 Oct 2017 10:05:23 +0000 (13:05 +0300)]
Fixed indirect modification of magic method arguments.
Xinchen Hui [Thu, 26 Oct 2017 02:23:43 +0000 (10:23 +0800)]
Fixed test
Xinchen Hui [Thu, 26 Oct 2017 02:07:08 +0000 (10:07 +0800)]
Fixed bug #75420 (Crash when modifing property name in __isset for BP_VAR_IS)
Fabien Villepinte [Wed, 25 Oct 2017 08:42:13 +0000 (10:42 +0200)]
Fix typo in comments
Fabien Villepinte [Wed, 25 Oct 2017 11:53:52 +0000 (13:53 +0200)]
Fix the SKIPIF part in /ext/gd/tests/bug75437.phpt
Fabien Villepinte [Wed, 25 Oct 2017 10:06:54 +0000 (12:06 +0200)]
Fix bug #75437 Wrong reflection on imagewebp
Ferenc Kovacs [Wed, 25 Oct 2017 01:39:34 +0000 (03:39 +0200)]
Merge branch 'PHP-5.6' into PHP-7.0
Ferenc Kovacs [Wed, 25 Oct 2017 01:36:30 +0000 (03:36 +0200)]
5.6.33 is next
Ferenc Kovacs [Wed, 25 Oct 2017 01:14:51 +0000 (03:14 +0200)]
use trusty explicitly
Ferenc Kovacs [Wed, 25 Oct 2017 01:13:40 +0000 (03:13 +0200)]
Merge branch 'PHP-5.6' into PHP-7.0
Rasmus Lerdorf [Sat, 10 Jan 2015 01:24:48 +0000 (17:24 -0800)]
These tests all assume that IPV6 is available.
Ferenc Kovacs [Tue, 24 Oct 2017 23:51:48 +0000 (01:51 +0200)]
fix the travis build for PHP-5.6 using precise instead of trusty
Ferenc Kovacs [Tue, 24 Oct 2017 23:47:21 +0000 (01:47 +0200)]
fix the travis build for PHP-5.6 using precise instead of trusty
Anatol Belski [Tue, 24 Oct 2017 16:36:56 +0000 (18:36 +0200)]
Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
Parametrize the expected value to avoid platform false positives
Anatol Belski [Tue, 24 Oct 2017 16:33:21 +0000 (18:33 +0200)]
Parametrize the expected value to avoid platform false positives
Sara Golemon [Tue, 24 Oct 2017 15:37:24 +0000 (11:37 -0400)]
Decref default_link when clearing
Christoph M. Becker [Tue, 24 Oct 2017 12:42:03 +0000 (14:42 +0200)]
Fixed bug #65148 (imagerotate may alter image dimensions)
We apply the respective patches from external libgd, work around the
still missing `gdImageClone()`, and fix the special cased rotation
routines according to Pierre's patch
(https://gist.github.com/pierrejoye/
59d72385ed1888cf8894a7ed437235ae ).
We also cater to bug73272.phpt whose result obviously changes a bit.
Derick Rethans [Tue, 24 Oct 2017 13:55:13 +0000 (14:55 +0100)]
Update timezonemap.h, which needs to match the bundled TZ db
Anatol Belski [Tue, 24 Oct 2017 12:18:59 +0000 (14:18 +0200)]
[ci skip] update NEWS
Anatol Belski [Tue, 24 Oct 2017 12:17:21 +0000 (14:17 +0200)]
Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
[ci skip] update NEWS
Anatol Belski [Tue, 24 Oct 2017 12:16:54 +0000 (14:16 +0200)]
[ci skip] update NEWS
Anatol Belski [Tue, 24 Oct 2017 12:04:08 +0000 (14:04 +0200)]
Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
Fixed bug #72535 arcfour encryption stream filter crashes php
Anatol Belski [Tue, 24 Oct 2017 11:59:18 +0000 (13:59 +0200)]
Fixed bug #72535 arcfour encryption stream filter crashes php
Anatol Belski [Tue, 24 Oct 2017 11:38:48 +0000 (13:38 +0200)]
Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
Fixed bug #75055 Out-Of-Bounds Read in timelib_meridian()
Apply upstream patch for CVE-2016-1283
Anatol Belski [Tue, 24 Oct 2017 09:28:17 +0000 (11:28 +0200)]
Fixed bug #75055 Out-Of-Bounds Read in timelib_meridian()
Anatol Belski [Thu, 28 Sep 2017 13:40:49 +0000 (15:40 +0200)]
Apply upstream patch for CVE-2016-1283
Fix bug #75207, see also
https://bugzilla.redhat.com/show_bug.cgi?id=
1295385
https://vcs.pcre.org/pcre?view=revision&revision=1636
(cherry picked from commit
d11fceab151cd0410645f81eb7444af4388470c3 )
Sara Golemon [Mon, 23 Oct 2017 18:55:32 +0000 (14:55 -0400)]
NEWS entry for pg_close() fix