]> granicus.if.org Git - php/log
php
5 years agoFixed bug #77669
Nikita Popov [Thu, 28 Feb 2019 08:58:01 +0000 (09:58 +0100)]
Fixed bug #77669

5 years agoFix assertion in Exception::getMessage() if $message is a ref
Nikita Popov [Mon, 25 Feb 2019 12:00:16 +0000 (13:00 +0100)]
Fix assertion in Exception::getMessage() if $message is a ref

And same for other properties. Encountered in Symfony.

5 years agoFixed bug #77660 (Segmentation fault on break 2147483648)
Xinchen Hui [Mon, 25 Feb 2019 07:00:14 +0000 (15:00 +0800)]
Fixed bug #77660 (Segmentation fault on break 2147483648)

5 years agoFixed bug #77664 (Segmentation fault when using undefined constant in custom wrapper)
Xinchen Hui [Mon, 25 Feb 2019 06:40:53 +0000 (14:40 +0800)]
Fixed bug #77664 (Segmentation fault when using undefined constant in custom wrapper)

5 years agoPrint empty string in test for but 77390 just once
Jakub Zelenka [Sun, 24 Feb 2019 13:11:27 +0000 (13:11 +0000)]
Print empty string in test for but 77390 just once

5 years agoUse spaces instead of tabs in bug 77390 test
Jakub Zelenka [Sun, 24 Feb 2019 13:05:43 +0000 (13:05 +0000)]
Use spaces instead of tabs in bug 77390 test

5 years agoFix inference warning about missing key type
Nikita Popov [Fri, 22 Feb 2019 10:55:16 +0000 (11:55 +0100)]
Fix inference warning about missing key type

5 years agoFixed bug #77652
Nikita Popov [Fri, 22 Feb 2019 09:11:54 +0000 (10:11 +0100)]
Fixed bug #77652

5 years agoFix bug #77646
Frank Denis [Thu, 21 Feb 2019 15:10:27 +0000 (16:10 +0100)]
Fix bug #77646

5 years agoFixed bug #77597
Nikita Popov [Thu, 21 Feb 2019 12:42:47 +0000 (13:42 +0100)]
Fixed bug #77597

The same variable was reused in two nested loops... The test doesn't
fail on 7.2, but I'm fixing this here anyway as the code is clearly
wrong, and probably erroneous in other situations.

5 years agoOpenSSL: Improve non-blocking eof test
Abyr Valg [Sat, 9 Feb 2019 09:15:55 +0000 (12:15 +0300)]
OpenSSL: Improve non-blocking eof test

5 years agoCorrect skipif use for OCI8 password tests
Christopher Jones [Wed, 20 Feb 2019 00:10:57 +0000 (11:10 +1100)]
Correct skipif use for OCI8 password tests

5 years agobump version to 7.2.17-dev
Remi Collet [Tue, 19 Feb 2019 11:46:52 +0000 (12:46 +0100)]
bump version to 7.2.17-dev

5 years agoMake MADV_HUGEPAGE conditional on USE_ZEND_ALLOC_HUGE_PAGES
Nikita Popov [Mon, 18 Feb 2019 13:01:45 +0000 (14:01 +0100)]
Make MADV_HUGEPAGE conditional on USE_ZEND_ALLOC_HUGE_PAGES

There have been multiple reports of large slowdowns due to the
use of MADV_HUGEPAGE, so make it conditional on
USE_ZEND_ALLOC_HUGE_PAGES, just like MAP_HUGETLB already is.

5 years agoFix #77621: Already defined constants are not properly reported
Christoph M. Becker [Thu, 14 Feb 2019 23:35:21 +0000 (00:35 +0100)]
Fix #77621: Already defined constants are not properly reported

We must not check uninitialized values (i.e. `c.value`), and we have to
use proper types for printf-style formats (i.e. `char *` instead of
`zend_string *`).

5 years agoRefactor timelib.m4
Peter Kokot [Wed, 26 Sep 2018 17:29:25 +0000 (19:29 +0200)]
Refactor timelib.m4

The ext/date/lib is bundled library and also includes additional
timelib.m4 macros and checks specific for PHP.

All the checks in the timelib.m4 are already done in the PHP's
configure.ac:
- headers except for io.h and strings.h
- two functions checked strftime and gettimeofday
- if size of longint is 8
- if size of int is 4
- int32_t and uint32_t types using the PHP_CHECK_STDINT_TYPES

Macro `AC_TIMELIB_C_BIGENDIAN` defined in timelib.m4 is not used.

The two checkings for strtoll and atoll have been moved to date extension's
config0.m4 file.

Additional check for headers <io.h> and <strings.h> has been added to
config0.m4 of the date extension.

Therefore the timelib.m4 can be simplified and removed from the bundled
library to have easier maintenance in the later branches and also
upstream library.

5 years agoMerge remote-tracking branch 'origin/PHP-7.2' into PHP-7.2
Johannes Schlüter [Tue, 12 Feb 2019 13:59:27 +0000 (14:59 +0100)]
Merge remote-tracking branch 'origin/PHP-7.2' into PHP-7.2

5 years agoFixed bug #75546
DanielCiochiu [Tue, 12 Feb 2019 10:40:46 +0000 (11:40 +0100)]
Fixed bug #75546

By respecting the SILENT flag when checking the visibility of a
class constant.

5 years agoFixed bug #77608
Nikita Popov [Tue, 12 Feb 2019 09:49:20 +0000 (10:49 +0100)]
Fixed bug #77608

Remove special handling of doubles and escape them as usual instead.

5 years agoMake pid & uid available while handling realtime signals
hsldymq [Wed, 27 Jun 2018 18:25:11 +0000 (02:25 +0800)]
Make pid & uid available while handling realtime signals

5 years agoRemove "defensive copy" of DatePeriod properties
Nikita Popov [Tue, 12 Feb 2019 08:54:52 +0000 (09:54 +0100)]
Remove "defensive copy" of DatePeriod properties

get_properties() constructs these as fresh objects with no relation
to the internals, there is no need to clone them again. Additionally
the current implementation leaks memory, because the original objects
are never freed (see PR #3121).

5 years agoFixed bug #77564: Memory leak in exif_process_IFD_TAG
Ben Ramsey [Sun, 10 Feb 2019 18:25:19 +0000 (12:25 -0600)]
Fixed bug #77564: Memory leak in exif_process_IFD_TAG

The memory leak occurs when more than one UserComment tag is present in
the EXIF data. It's still considered corrupt EXIF data, but this ensures
the memory is freed before trying to set to already allocated memory.

5 years agoAvoid dependency on "struct flock" fields order.
Dmitry Stogov [Tue, 12 Feb 2019 07:15:16 +0000 (10:15 +0300)]
Avoid dependency on "struct flock" fields order.

5 years agoReplace broken binary SDK version
Anatol Belski [Tue, 12 Feb 2019 06:28:34 +0000 (22:28 -0800)]
Replace broken binary SDK version

5 years agoUpdate SDK version for AppVeyor
Anatol Belski [Tue, 12 Feb 2019 06:12:16 +0000 (22:12 -0800)]
Update SDK version for AppVeyor

5 years agoMerge branch 'PHP-7.1' into PHP-7.2
Darek Slusarczyk [Mon, 11 Feb 2019 17:08:21 +0000 (18:08 +0100)]
Merge branch 'PHP-7.1' into PHP-7.2

5 years agosecurity fix - by default 'local infile' is disabled:
Darek Slusarczyk [Mon, 11 Feb 2019 16:16:49 +0000 (17:16 +0100)]
security fix - by default 'local infile' is disabled:
- set default for mysqli.allow_local_infile=0
- explicitly disable PDO::MYSQL_ATTR_LOCAL_INFILE in case of lack of driver options
- add getAttribute support for PDO::MYSQL_ATTR_LOCAL_INFILE
- update existing tests where needed
- add new tests [checking default value and setting on] the 'local infile' in ext/mysqli and ext/pdo_mysql

5 years agoFix bug #51068 (glob:// do not support current path relative)
Ahmed Abdou [Tue, 29 Jan 2019 07:59:45 +0000 (08:59 +0100)]
Fix bug #51068 (glob:// do not support current path relative)

Fix DirectoryIterator glob://* current path relative queries

5 years agoFix #77552: Uninitialized buffer in stat functions
johnstevenson [Fri, 1 Feb 2019 19:45:20 +0000 (19:45 +0000)]
Fix #77552: Uninitialized buffer in stat functions

5 years agoFixed bug #77589 (Core dump using parse_ini_string with numeric sections)
Xinchen Hui [Mon, 11 Feb 2019 07:27:29 +0000 (15:27 +0800)]
Fixed bug #77589 (Core dump using parse_ini_string with numeric sections)

Section name should not be typed(NULL, FALSE, TRUE etc)

5 years agoPDO_OCI tracing attribute PR merge
Christopher Jones [Mon, 11 Feb 2019 05:19:13 +0000 (16:19 +1100)]
PDO_OCI tracing attribute PR merge

5 years agopdo_oci: Add client identifier and module attrs
Cameron Porter [Fri, 25 Jan 2019 17:44:10 +0000 (11:44 -0600)]
pdo_oci: Add client identifier and module attrs

Add tests for the new attributes, and check the setAttribute return
value.

5 years agopdo_oci: Register new attr constants and add tests
Cameron Porter [Thu, 24 Jan 2019 18:40:26 +0000 (12:40 -0600)]
pdo_oci: Register new attr constants and add tests

5 years agopdo_oci: Add PDO_OCI_ATTR_ACTION and CLIENT_INFO
Cameron Porter [Thu, 24 Jan 2019 02:14:00 +0000 (20:14 -0600)]
pdo_oci: Add PDO_OCI_ATTR_ACTION and CLIENT_INFO

Add the ability to set the action and client info on the database
session for PDO OCI using PDO attributes.

5 years agoFix FTPS passive mode of data channel event poll
YanTao [Fri, 8 Feb 2019 03:41:41 +0000 (11:41 +0800)]
Fix FTPS passive mode of data channel event poll

Bugfix: when using passive mode of FTPS protocol, data channel events
should be polled when creating data connection channel, instead of polling
the event of ftp's self control channel, which may cause ftp transfer
problem while using ftps and passive mode.

5 years agoSync test with changes in libcurl 7.64.0
Anatol Belski [Fri, 8 Feb 2019 06:22:38 +0000 (22:22 -0800)]
Sync test with changes in libcurl 7.64.0

5 years agoSync test for libcurl 7.64.0
Anatol Belski [Fri, 8 Feb 2019 06:21:59 +0000 (22:21 -0800)]
Sync test for libcurl 7.64.0

5 years agoUse pkg-config for ICU, as the old icu-config has been deprecated
Derick Rethans [Wed, 6 Feb 2019 10:39:55 +0000 (10:39 +0000)]
Use pkg-config for ICU, as the old icu-config has been deprecated

5 years agoUse pkg-config for ICU, as the old icu-config has been deprecated
Derick Rethans [Wed, 6 Feb 2019 10:39:55 +0000 (10:39 +0000)]
Use pkg-config for ICU, as the old icu-config has been deprecated

5 years agoProperly check for array_replace_recursive in sccp.c
Tyson Andre [Sat, 2 Feb 2019 01:54:21 +0000 (20:54 -0500)]
Properly check for array_replace_recursive in sccp.c

Due to a typo, this code used to check for array_merge_recursive
twice.

5 years agoFix bug 76596: phpdbg supports display_errors=stderr
Kevin Abel [Mon, 9 Jul 2018 02:18:20 +0000 (21:18 -0500)]
Fix bug 76596: phpdbg supports display_errors=stderr

5 years agoPrepare main branch for PHP 7.2.16
Christoph M. Becker [Wed, 30 Jan 2019 00:27:57 +0000 (01:27 +0100)]
Prepare main branch for PHP 7.2.16

5 years agoMake special assert() handling independent of compiler flags
Nikita Popov [Tue, 29 Jan 2019 08:39:12 +0000 (09:39 +0100)]
Make special assert() handling independent of compiler flags

5 years agoFixed bug #77530: PHP crashes when parsing "(2)::class"
ekinhbayar [Mon, 28 Jan 2019 06:46:29 +0000 (09:46 +0300)]
Fixed bug #77530: PHP crashes when parsing "(2)::class"

5 years agoFix bug #77390 (feof might hang on TLS streams in case of fragmented TLS records)
Jakub Zelenka [Thu, 17 Jan 2019 18:05:13 +0000 (18:05 +0000)]
Fix bug #77390 (feof might hang on TLS streams in case of fragmented TLS records)

Simplified version of the fix from Abyl Valg so credit to him.

5 years agoUpdate and integrate openssl client proxy test
Jakub Zelenka [Wed, 16 Jan 2019 18:14:30 +0000 (18:14 +0000)]
Update and integrate openssl client proxy test

5 years agoAdd a test for fragmented SSL packets
Abyr Valg [Sun, 29 Apr 2018 09:05:59 +0000 (12:05 +0300)]
Add a test for fragmented SSL packets

6 years agoMerge remote-tracking branch 'php-src/PHP-7.2' into PHP-7.2
Nikita Popov [Thu, 24 Jan 2019 12:45:27 +0000 (13:45 +0100)]
Merge remote-tracking branch 'php-src/PHP-7.2' into PHP-7.2

6 years agoRevert "Prefix error_code with underscore in FastZPP implementation"
Nikita Popov [Thu, 24 Jan 2019 12:36:47 +0000 (13:36 +0100)]
Revert "Prefix error_code with underscore in FastZPP implementation"

This reverts commit 6305119a5193d4318add01190ca4afbb49ded102.

This is a source-compatibility break for extensions that define
custom FastZPP macros, such as ext/uv:

https://github.com/bwoebi/php-uv/blob/a983eb17b69f74a45d785ddc6a7bff3d4531b88c/php_uv.c#L75

I don't think that FastZPP was intended to be used this way, but
let's revert this from release branches to avoid extension breakage.

6 years agoFixed bug #77494 (Disabling class causes segfault on member access)
Dmitry Stogov [Thu, 24 Jan 2019 10:06:36 +0000 (13:06 +0300)]
Fixed bug #77494 (Disabling class causes segfault on member access)

6 years agoAdd flag to disable jumptable optimization
Nikita Popov [Thu, 24 Jan 2019 09:56:04 +0000 (10:56 +0100)]
Add flag to disable jumptable optimization

This is useful for coverage. While it is currently safe to just
skip over the SWITCH_* opcodes, this may not be true in the future
due to opcache optimizations, so it's safer to disable emission of
SWITCH_* opcodes entirely.

6 years agoCheckin LiteSpeed SAPI 7.2.
George Wang [Sun, 20 Jan 2019 20:10:19 +0000 (15:10 -0500)]
Checkin LiteSpeed SAPI 7.2.

6 years agoUpdate NEWS [ci skip]
Anatol Belski [Sun, 20 Jan 2019 14:58:19 +0000 (15:58 +0100)]
Update NEWS [ci skip]

6 years agoFix #77479: imagewbmp() segfaults with very large images
Christoph M. Becker [Sat, 19 Jan 2019 09:03:11 +0000 (10:03 +0100)]
Fix #77479: imagewbmp() segfaults with very large images

We must not proceed working with the Wbmp structure, if it hasn't been
allocated.

6 years agoFix seeking in php://input
Lauri Kenttä [Wed, 16 Jan 2019 20:08:03 +0000 (22:08 +0200)]
Fix seeking in php://input

6 years agoFixed bug #76675
Pedro Magalhães [Wed, 16 Jan 2019 00:33:03 +0000 (00:33 +0000)]
Fixed bug #76675

Leave a reference to the resource in the php_curl.

6 years agoFix #73614: gdImageFilledArc() doesn't properly draw pies
Christoph M. Becker [Wed, 16 Jan 2019 19:10:04 +0000 (20:10 +0100)]
Fix #73614: gdImageFilledArc() doesn't properly draw pies

The fix for PHP bug 43828[1] changed the algorithm from drawing filled
pies from drawing multiple triangles to drawing a single polygon.  Due
to quirks of the filled polygon drawing algorithm, we had to filter out
extraneous vertices.  This lead, however, to a bug regarding displaced
starting and ending points near 90° and 270° degrees, which we fix by
reinserting these vertices if they had been removed.

This fix is a port of libgd/libgd@1406b1a.

[1] <https://bugs.php.net/bug.php?id=43828>

6 years agodocument open_basedir and realpath cache coupling in php.ini
wbob [Sat, 12 Jan 2019 08:49:23 +0000 (09:49 +0100)]
document open_basedir and realpath cache coupling in php.ini

[ci skip]

6 years agoFixed bug #77454
Nikita Popov [Mon, 14 Jan 2019 09:21:41 +0000 (10:21 +0100)]
Fixed bug #77454

6 years agoUpdate SDK version for AppVeyor
Anatol Belski [Sat, 12 Jan 2019 21:13:14 +0000 (22:13 +0100)]
Update SDK version for AppVeyor

6 years agoFix rl_completion_matches detection
Ondřej Surý [Mon, 17 Dec 2018 09:56:06 +0000 (09:56 +0000)]
Fix rl_completion_matches detection

Also fix a typo when checking for rl_on_new_line in readline library.

6 years agoFix bug #77361 (configure fails on 64-bit AIX when opcache enabled)
Kevin Adler [Thu, 27 Dec 2018 19:54:08 +0000 (13:54 -0600)]
Fix bug #77361 (configure fails on 64-bit AIX when opcache enabled)

In f9048300123, support for GNU Hurd was added to the opcache and
the configure check to ensure the opcache knows the flock struct
layout prior to building was changed check for two cases: BSD layout
and Linux layout. All the existing hard-coded cases in
ZendAccelerator.h follow these two cases, except for 64-bit AIX.
This means that even though building on 64-bit AIX would work,
the configure script refuses to continue.

Add a new configure check for the 64-bit AIX case and a new
compiler definition HAVE_FLOCK_AIX64. Now that all the cases are
covered, simplify the ifdef logic around these three HAVE_FLOCK_*
macros:
- The macOS and the various BSD flavors fall under HAVE_FLOCK_BSD
- Linux, HP-UX, GNU Hurd, 32-bit AIX, and SVR4 environments
  fall under HAVE_FLOCK_LINUX
- 64-bit AIX falls under HAVE_FLOCK_AIX64

The only difference between the existing HAVE_FLOCK_LINUX and
the hard-coded Linux/HP-UX/Hurd case is that the latter
initialized the 5th member to 0, but since the C standard already
says that un-initialized members will be initialized to 0,
it's effectively the same.

6 years agoFix cleaning up after openssl_pkcs7_verify_basic test
Alexander Kurilo [Thu, 6 Dec 2018 21:07:18 +0000 (00:07 +0300)]
Fix cleaning up after openssl_pkcs7_verify_basic test

6 years agoGenerate certs for openssl tests on the fly
Alexander Kurilo [Sun, 2 Dec 2018 14:08:01 +0000 (17:08 +0300)]
Generate certs for openssl tests on the fly

The idea is to create an easy way to provide a certificate that never
expires. In order to make it cross-platform, PHP is used rather than
openssl CLI app. Using openssl to generate certificates for tests that
test openssl might be not the best idea but pros seem to outweight cons
that this "recursice dependency" adds

6 years agoFix #73281: imagescale(…, IMG_BILINEAR_FIXED) can cause black border
Christoph M. Becker [Thu, 10 Jan 2019 15:11:23 +0000 (16:11 +0100)]
Fix #73281: imagescale(…, IMG_BILINEAR_FIXED) can cause black border

We port the upstream fixes for libgd/libgd#329 and libgd/libgd#224.

6 years agoFix #77272: imagescale() may return image resource on failure
Christoph M. Becker [Thu, 10 Jan 2019 13:03:07 +0000 (14:03 +0100)]
Fix #77272: imagescale() may return image resource on failure

`_gdScaleHoriz()` and `_gdScaleVert()` may fail, but don't signal
failure since they are void functions.  We change that according to
upstream libgd.

We also remove the unused `Scale()` function, which doesn't exist in
upstream libgd either, right away.

6 years agoFixed bug #77439
Nikita Popov [Thu, 10 Jan 2019 09:55:19 +0000 (10:55 +0100)]
Fixed bug #77439

6 years agoRevert visibility
Andrey Hristov [Fri, 4 Jan 2019 09:37:54 +0000 (11:37 +0200)]
Revert visibility

(cherry picked from commit 71ffae9605a0b19f4c7a76d317276c934a767a65)

6 years agoMerge branch 'PHP-7.1' into PHP-7.2
Sara Golemon [Tue, 8 Jan 2019 19:19:37 +0000 (14:19 -0500)]
Merge branch 'PHP-7.1' into PHP-7.2

* PHP-7.1:
  Bump for 7.1.27

6 years agoBump for 7.1.27
Sara Golemon [Tue, 8 Jan 2019 19:17:43 +0000 (14:17 -0500)]
Bump for 7.1.27

6 years agoDon't swap operands of ZEND_MUL
Nikita Popov [Tue, 8 Jan 2019 08:36:48 +0000 (09:36 +0100)]
Don't swap operands of ZEND_MUL

If this is used with operator overloading, then the operation does
not necessarily commute (for example, matrix multiplication).

6 years agocleanup merge
Remi Collet [Tue, 8 Jan 2019 08:33:41 +0000 (09:33 +0100)]
cleanup merge

6 years agoPrefix error_code with underscore in FastZPP implementation
twosee [Tue, 8 Jan 2019 08:24:51 +0000 (09:24 +0100)]
Prefix error_code with underscore in FastZPP implementation

To avoid conflicts with parameter names.

6 years agoUpdate tests due to data changes in tzdata 2018i
Derick Rethans [Mon, 7 Jan 2019 12:48:42 +0000 (12:48 +0000)]
Update tests due to data changes in tzdata 2018i

6 years agoUpdated to version 2018.9 (2018i)
Derick Rethans [Mon, 7 Jan 2019 11:50:14 +0000 (11:50 +0000)]
Updated to version 2018.9 (2018i)

6 years ago[ci skip] fix NEWS
Remi Collet [Mon, 7 Jan 2019 10:12:13 +0000 (11:12 +0100)]
[ci skip] fix NEWS

6 years ago[ci skip] fix NEWS
Remi Collet [Mon, 7 Jan 2019 10:02:40 +0000 (11:02 +0100)]
[ci skip] fix NEWS

6 years agoMerge branch 'PHP-7.1' into PHP-7.2
Stanislav Malyshev [Mon, 7 Jan 2019 09:03:26 +0000 (01:03 -0800)]
Merge branch 'PHP-7.1' into PHP-7.2

* PHP-7.1:
  Still leaking for some reason, XFAIL for now, I'll look into it later.

6 years agoStill leaking for some reason, XFAIL for now, I'll look into it later.
Stanislav Malyshev [Mon, 7 Jan 2019 09:03:04 +0000 (01:03 -0800)]
Still leaking for some reason, XFAIL for now, I'll look into it later.

6 years agoMerge branch 'PHP-7.1' into PHP-7.2
Stanislav Malyshev [Mon, 7 Jan 2019 07:34:02 +0000 (23:34 -0800)]
Merge branch 'PHP-7.1' into PHP-7.2

* PHP-7.1:
  Fix bug #77418 - Heap overflow in utf32be_mbc_to_code
  Add NEWS
  [ci skip] Add NEWS
  Fix more issues with encodilng length
  Fix #77270: imagecolormatch Out Of Bounds Write on Heap
  Fix bug #77380  (Global out of bounds read in xmlrpc base64 code)
  Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
  Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
  Fix #77269: Potential unsigned underflow in gdImageScale
  Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
  Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
  Regenerate certs for openssl tests

6 years agoMerge branch 'PHP-5.6' into PHP-7.1
Stanislav Malyshev [Mon, 7 Jan 2019 07:32:36 +0000 (23:32 -0800)]
Merge branch 'PHP-5.6' into PHP-7.1

* PHP-5.6:
  Fix bug #77418 - Heap overflow in utf32be_mbc_to_code
  [ci skip] Add NEWS
  Fix more issues with encodilng length
  Fix #77270: imagecolormatch Out Of Bounds Write on Heap
  Fix bug #77380  (Global out of bounds read in xmlrpc base64 code)
  Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
  Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
  Fix #77269: Potential unsigned underflow in gdImageScale
  Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
  Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
  Regenerate certs for openssl tests

6 years agoFix bug #77418 - Heap overflow in utf32be_mbc_to_code
Stanislav Malyshev [Mon, 7 Jan 2019 07:31:15 +0000 (23:31 -0800)]
Fix bug #77418 - Heap overflow in utf32be_mbc_to_code

6 years agoFix tests - newer versions check Unicode
Stanislav Malyshev [Sun, 6 Jan 2019 21:28:30 +0000 (13:28 -0800)]
Fix tests - newer versions check Unicode

6 years agoMerge branch 'PHP-7.1' into PHP-7.2
Stanislav Malyshev [Sun, 6 Jan 2019 21:05:49 +0000 (13:05 -0800)]
Merge branch 'PHP-7.1' into PHP-7.2

* PHP-7.1:
  Add NEWS

6 years agoAdd NEWS
Stanislav Malyshev [Sun, 6 Jan 2019 21:04:51 +0000 (13:04 -0800)]
Add NEWS

6 years agoAdd NEWS
Stanislav Malyshev [Sun, 6 Jan 2019 21:04:51 +0000 (13:04 -0800)]
Add NEWS

6 years ago[ci skip] Add NEWS
Stanislav Malyshev [Sun, 6 Jan 2019 21:03:38 +0000 (13:03 -0800)]
[ci skip] Add NEWS

6 years agoMerge branch 'PHP-7.1' into PHP-7.2
Stanislav Malyshev [Sun, 6 Jan 2019 20:54:09 +0000 (12:54 -0800)]
Merge branch 'PHP-7.1' into PHP-7.2

* PHP-7.1:
  Fix test

6 years agoFix test
Stanislav Malyshev [Sun, 6 Jan 2019 20:30:44 +0000 (12:30 -0800)]
Fix test

6 years agoMerge branch 'PHP-7.1' into PHP-7.2
Stanislav Malyshev [Sun, 6 Jan 2019 19:57:16 +0000 (11:57 -0800)]
Merge branch 'PHP-7.1' into PHP-7.2

* PHP-7.1:
  Fix #77369 - memcpy with negative length via crafted DNS response
  Fix more issues with encodilng length
  Fix #77270: imagecolormatch Out Of Bounds Write on Heap
  Fix bug #77380  (Global out of bounds read in xmlrpc base64 code)
  Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
  Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
  Fix #77269: Potential unsigned underflow in gdImageScale
  Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
  Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
  Regenerate certs for openssl tests

6 years agoFix #77369 - memcpy with negative length via crafted DNS response
Stanislav Malyshev [Sun, 30 Dec 2018 04:39:08 +0000 (20:39 -0800)]
Fix #77369 - memcpy with negative length via crafted DNS response

6 years agoFix more issues with encodilng length
Stanislav Malyshev [Wed, 2 Jan 2019 08:36:30 +0000 (00:36 -0800)]
Fix more issues with encodilng length

Should fix bug #77381, bug #77382, bug #77385, bug #77394.

6 years agoFix #77270: imagecolormatch Out Of Bounds Write on Heap
Christoph M. Becker [Sun, 30 Dec 2018 12:59:26 +0000 (13:59 +0100)]
Fix #77270: imagecolormatch Out Of Bounds Write on Heap

At least some of the image reading functions may return images which
use color indexes greater than or equal to im->colorsTotal.  We cater
to this by always using a buffer size which is sufficient for
`gdMaxColors` in `gdImageColorMatch()`.

6 years agoFix bug #77380 (Global out of bounds read in xmlrpc base64 code)
Stanislav Malyshev [Wed, 2 Jan 2019 01:15:20 +0000 (17:15 -0800)]
Fix bug #77380  (Global out of bounds read in xmlrpc base64 code)

6 years agoFix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
Stanislav Malyshev [Sun, 30 Dec 2018 04:06:08 +0000 (20:06 -0800)]
Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)

6 years agoFix bug #77370 - check that we do not read past buffer end when parsing multibytes
Stanislav Malyshev [Sun, 30 Dec 2018 03:51:24 +0000 (19:51 -0800)]
Fix bug #77370 - check that we do not read past buffer end when parsing multibytes

6 years agoFix #77269: Potential unsigned underflow in gdImageScale
Christoph M. Becker [Wed, 12 Dec 2018 15:00:59 +0000 (16:00 +0100)]
Fix #77269: Potential unsigned underflow in gdImageScale

Belatedly, we're porting the respective upstream patch[1].

[1] <https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35>

6 years agoFix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
Stanislav Malyshev [Sun, 30 Dec 2018 02:25:37 +0000 (18:25 -0800)]
Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)

6 years agoFix bug #77242 (heap out of bounds read in xmlrpc_decode())
Stanislav Malyshev [Sun, 30 Dec 2018 01:56:36 +0000 (17:56 -0800)]
Fix bug #77242 (heap out of bounds read in xmlrpc_decode())

6 years agoRegenerate certs for openssl tests
Alexander Kurilo [Mon, 31 Dec 2018 09:19:36 +0000 (12:19 +0300)]
Regenerate certs for openssl tests