]>
granicus.if.org Git - php/log
Anatol Belski [Sun, 23 Aug 2015 11:06:00 +0000 (13:06 +0200)]
fix test
backport from master
Anatol Belski [Sun, 23 Aug 2015 11:04:36 +0000 (13:04 +0200)]
fix test
Anatol Belski [Sun, 23 Aug 2015 11:03:26 +0000 (13:03 +0200)]
fix test
backported from master
Bob Weinand [Sun, 23 Aug 2015 11:07:14 +0000 (12:07 +0100)]
Fix phpdbg_break_next()
Anatol Belski [Fri, 21 Aug 2015 13:13:39 +0000 (15:13 +0200)]
fix tests
Anatol Belski [Fri, 21 Aug 2015 12:08:33 +0000 (14:08 +0200)]
fix dir separator
Anatol Belski [Fri, 21 Aug 2015 12:05:58 +0000 (14:05 +0200)]
fix dir separator in test
Anatol Belski [Fri, 21 Aug 2015 12:04:08 +0000 (14:04 +0200)]
fix dir separator in test
Ferenc Kovacs [Thu, 20 Aug 2015 07:56:47 +0000 (09:56 +0200)]
5.6.14 next
Christoph M. Becker [Wed, 19 Aug 2015 14:25:59 +0000 (16:25 +0200)]
updated NEWS
Christoph M. Becker [Wed, 19 Aug 2015 14:22:04 +0000 (16:22 +0200)]
Fix #70303: Incorrect constructor reflection for ArrayObject
The first parameter of ArrayObject::__construct() is optional. Reflection
should reflect this.
Xinchen Hui [Wed, 19 Aug 2015 10:41:28 +0000 (18:41 +0800)]
Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start)
Christoph M. Becker [Tue, 18 Aug 2015 19:21:28 +0000 (21:21 +0200)]
Fix #67604: The built windows documention refers to nonexistent dll
Since quite a while the Windows builds ship with php5apache2_4.dll, but not
with other server modules. We fix some out-dated info in install.txt.
Côme Bernigaud [Tue, 18 Aug 2015 15:17:28 +0000 (17:17 +0200)]
Merge branch 'pull-request/1477' into PHP-5.6
* pull-request/1477:
Patch from Rainer Jung to provide Solaris LDAP support
Côme Bernigaud [Tue, 18 Aug 2015 14:52:44 +0000 (16:52 +0200)]
Patch from Rainer Jung to provide Solaris LDAP support
Christoph M. Becker [Mon, 17 Aug 2015 15:27:13 +0000 (17:27 +0200)]
updated NEWS
Christoph M. Becker [Mon, 17 Aug 2015 13:58:37 +0000 (15:58 +0200)]
Fix #70277: new DateTimeZone($foo) is ignoring text after null byte
The DateTimeZone constructors are not binary safe. They're parsing the timezone
as string, but discard the length when calling timezone_initialize(). This
patch adds a tz_len parameter and a respective check to timezone_initialize().
Derick Rethans [Sun, 16 Aug 2015 20:26:11 +0000 (21:26 +0100)]
Fixed sorting order
It needs to match the strcasecmp in parse_tz.c.
Tjerk Meesters [Sat, 15 Aug 2015 07:13:01 +0000 (15:13 +0800)]
Updated NEWS for #70157
Tjerk Meesters [Sat, 15 Aug 2015 07:11:31 +0000 (15:11 +0800)]
Merge branch 'bug70157' into PHP-5.6
* bug70157:
Fixed #70157 parse_ini_string() segmentation fault with INI_SCANNER_TYPED
Tjerk Meesters [Sat, 15 Aug 2015 06:44:07 +0000 (14:44 +0800)]
Fixed #70157 parse_ini_string() segmentation fault with INI_SCANNER_TYPED
Christoph M. Becker [Sat, 15 Aug 2015 00:23:56 +0000 (02:23 +0200)]
fixed wrong params in proto
Christoph M. Becker [Fri, 14 Aug 2015 15:11:33 +0000 (17:11 +0200)]
updated NEWS
Christoph M. Becker [Fri, 14 Aug 2015 14:56:40 +0000 (16:56 +0200)]
Fix #70264: CLI server directory traversal
On Windows the built-in webserver doesn't prevent directory traversal when
backslashes are used as path component separators. Even though that is not a
security issue (the CLI webserver is meant for testing only), we fix that by
replacing backslashes in the path with slashes on Windows, because backslashes
may be valid characters for file names on other systems, but not on Windows.
Christoph M. Becker [Fri, 14 Aug 2015 12:20:37 +0000 (14:20 +0200)]
updated NEWS
Christoph M. Becker [Fri, 14 Aug 2015 12:19:12 +0000 (14:19 +0200)]
Fix #70266 (DateInterval::__construct.interval_spec is not supposed to be optional)
The required_num_args argument of ZEND_BEGIN_ARG_INFO_EX() has to be 1.
Christoph M. Becker [Thu, 13 Aug 2015 12:21:17 +0000 (14:21 +0200)]
updated NEWS
Christoph M. Becker [Thu, 13 Aug 2015 12:20:04 +0000 (14:20 +0200)]
Fix #70232: Incorrect bump-along behavior with \K and empty string match
To do global matching (/g), for every empty match we have to do a second match
with PCRE_NOTEMPTY turned on. That may fail, however, when the \K escape
sequence is involved. For this purpose libpcre 8.0 introduced the
PCRE_NOTEMPTY_ATSTART flag, which we will use if available, and otherwise fall
back to the old (possibly buggy) behavior.
Derick Rethans [Thu, 13 Aug 2015 10:07:16 +0000 (11:07 +0100)]
Of course, we support v2 in PHP 5.6 as well.
Derick Rethans [Thu, 13 Aug 2015 09:54:03 +0000 (10:54 +0100)]
Updated to version 2015.6 (2015f)
Derick Rethans [Wed, 12 Aug 2015 21:00:13 +0000 (22:00 +0100)]
Updated to version 2015.6 (2015f)
Anatol Belski [Tue, 11 Aug 2015 15:37:36 +0000 (17:37 +0200)]
update NEWS
Anatol Belski [Tue, 11 Aug 2015 15:36:10 +0000 (17:36 +0200)]
Fixed bug #70198 Checking liveness does not work as expected
Anatol Belski [Tue, 11 Aug 2015 14:52:13 +0000 (16:52 +0200)]
fix news entry
Anatol Belski [Tue, 11 Aug 2015 14:50:53 +0000 (16:50 +0200)]
updated NEWS
Anatol Belski [Tue, 11 Aug 2015 14:49:28 +0000 (16:49 +0200)]
fix bug #69833 mcrypt fd caching not working
Xinchen Hui [Tue, 11 Aug 2015 13:01:56 +0000 (21:01 +0800)]
Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on CLI enabled).
Christoph M. Becker [Mon, 10 Aug 2015 23:36:39 +0000 (01:36 +0200)]
updated NEWS wrt. bug #69487
Christoph M. Becker [Sun, 9 Aug 2015 23:33:20 +0000 (01:33 +0200)]
Fix #69487: SAPI may truncate POST data
If SG(request_info).request_body can't be completely written (e.g. due to a
full drive), only parts of the POST data will be available. This patch changes
this, so that SG(request_info).request_body will be reset in this case, and a
warning will be thrown.
Lior Kaplan [Mon, 10 Aug 2015 08:54:39 +0000 (11:54 +0300)]
Add CVE IDs asigned to #69085 (PHP 5.6.7)
Lior Kaplan [Mon, 10 Aug 2015 08:52:23 +0000 (11:52 +0300)]
Align NEWS with 5.6.12
Lior Kaplan [Mon, 10 Aug 2015 08:49:18 +0000 (11:49 +0300)]
Add entries for phar bug fixes in 5.6.11 (also have CVE assigned)
Christoph M. Becker [Sun, 9 Aug 2015 00:43:41 +0000 (02:43 +0200)]
updated NEWS
wusuopu [Mon, 3 Nov 2014 06:52:16 +0000 (14:52 +0800)]
Fix #66606: Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE
The patch will store Content-Type header value in both HTTP_CONTENT_TYPE field and CONTENT_TYPE field.
Christoph M. Becker [Sun, 9 Aug 2015 00:36:58 +0000 (02:36 +0200)]
added tests for bug #66606
Ferenc Kovacs [Fri, 7 Aug 2015 06:46:10 +0000 (08:46 +0200)]
fix NEWS
Stanislav Malyshev [Wed, 5 Aug 2015 07:00:54 +0000 (00:00 -0700)]
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
5.5.29 next
Conflicts:
configure.in
main/php_version.h
Stanislav Malyshev [Wed, 5 Aug 2015 06:59:55 +0000 (23:59 -0700)]
5.5.29 next
Stanislav Malyshev [Tue, 4 Aug 2015 23:45:55 +0000 (16:45 -0700)]
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
fix test
Stanislav Malyshev [Tue, 4 Aug 2015 23:45:32 +0000 (16:45 -0700)]
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
fix test
Stanislav Malyshev [Tue, 4 Aug 2015 23:45:20 +0000 (16:45 -0700)]
fix test
Stanislav Malyshev [Tue, 4 Aug 2015 23:31:57 +0000 (16:31 -0700)]
virtual_file_ex uses emalloc in 5.6+
Stanislav Malyshev [Tue, 4 Aug 2015 23:13:53 +0000 (16:13 -0700)]
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
__wakeup doesn't have to be final
Stanislav Malyshev [Tue, 4 Aug 2015 23:13:43 +0000 (16:13 -0700)]
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
__wakeup doesn't have to be final
Stanislav Malyshev [Tue, 4 Aug 2015 23:13:26 +0000 (16:13 -0700)]
__wakeup doesn't have to be final
Stanislav Malyshev [Tue, 4 Aug 2015 22:29:13 +0000 (15:29 -0700)]
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
update NEWS
fix test
update NEWS
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix #69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081: check types for SOAP variables
Conflicts:
ext/soap/php_http.c
ext/spl/spl_observer.c
Stanislav Malyshev [Tue, 4 Aug 2015 22:22:59 +0000 (15:22 -0700)]
update NEWS
Stanislav Malyshev [Tue, 4 Aug 2015 21:46:30 +0000 (14:46 -0700)]
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
fix test
update NEWS
Stanislav Malyshev [Tue, 4 Aug 2015 21:46:19 +0000 (14:46 -0700)]
fix test
Stanislav Malyshev [Tue, 4 Aug 2015 21:37:28 +0000 (14:37 -0700)]
update NEWS
Stanislav Malyshev [Tue, 4 Aug 2015 21:10:57 +0000 (14:10 -0700)]
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix #69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081: check types for SOAP variables
Conflicts:
.gitignore
ext/date/php_date.c
ext/spl/spl_array.c
ext/spl/spl_observer.c
Stanislav Malyshev [Tue, 4 Aug 2015 21:04:24 +0000 (14:04 -0700)]
Merge branch 'PHP-5.4' into PHP-5.4.44
* PHP-5.4:
Fixed bug #69892
Adjust Git-Rules
Stanislav Malyshev [Tue, 4 Aug 2015 21:00:29 +0000 (14:00 -0700)]
Fix bug #70019 - limit extracted files to given directory
Stanislav Malyshev [Sun, 2 Aug 2015 07:34:09 +0000 (00:34 -0700)]
Do not do convert_to_* on unserialize, it messes up references
Stanislav Malyshev [Mon, 27 Jul 2015 08:38:27 +0000 (01:38 -0700)]
Fix #69793 - limit what we accept when unserializing exception
Stanislav Malyshev [Sun, 2 Aug 2015 04:51:08 +0000 (21:51 -0700)]
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Stanislav Malyshev [Sun, 2 Aug 2015 04:45:19 +0000 (21:45 -0700)]
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
Stanislav Malyshev [Sun, 2 Aug 2015 04:15:37 +0000 (21:15 -0700)]
ignore signatures for packages too
Stanislav Malyshev [Sun, 2 Aug 2015 04:12:38 +0000 (21:12 -0700)]
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Nikita Popov [Sat, 20 Jun 2015 14:39:23 +0000 (16:39 +0200)]
Fixed bug #69892
Christoph M. Becker [Sat, 1 Aug 2015 21:52:35 +0000 (23:52 +0200)]
fixed test
Christoph M. Becker [Sat, 1 Aug 2015 12:15:44 +0000 (14:15 +0200)]
mentioned cURL file uploads in the "backward incompatible changes" section
Christoph M. Becker [Fri, 31 Jul 2015 17:52:42 +0000 (19:52 +0200)]
test fails with old libxml2; skip in this case
Christoph M. Becker [Fri, 31 Jul 2015 11:51:49 +0000 (13:51 +0200)]
test requires imagejpeg(); skip otherwise
Julien Pauli [Wed, 29 Jul 2015 08:04:33 +0000 (10:04 +0200)]
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
Adjust Git-Rules
5.4.44 next
Julien Pauli [Wed, 29 Jul 2015 08:04:08 +0000 (10:04 +0200)]
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
Adjust Git-Rules
5.4.44 next
Conflicts:
configure.in
main/php_version.h
Julien Pauli [Wed, 29 Jul 2015 08:02:39 +0000 (10:02 +0200)]
Adjust Git-Rules
Anatol Belski [Tue, 28 Jul 2015 15:42:37 +0000 (17:42 +0200)]
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
Fixed bug #70002 TS issues with temporary dir handling
Anatol Belski [Tue, 28 Jul 2015 15:42:25 +0000 (17:42 +0200)]
updated NEWS
Anatol Belski [Tue, 28 Jul 2015 15:41:38 +0000 (17:41 +0200)]
Fixed bug #70002 TS issues with temporary dir handling
Anatol Belski [Tue, 28 Jul 2015 08:29:24 +0000 (10:29 +0200)]
update NEWS
Anatol Belski [Tue, 28 Jul 2015 08:28:45 +0000 (10:28 +0200)]
Fixed bug #69900 Too long timeout on pipes
Stanislav Malyshev [Mon, 27 Jul 2015 00:43:16 +0000 (17:43 -0700)]
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Stanislav Malyshev [Mon, 27 Jul 2015 00:31:12 +0000 (17:31 -0700)]
Improved fix for Bug #69441
Stanislav Malyshev [Mon, 27 Jul 2015 00:25:25 +0000 (17:25 -0700)]
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Stanislav Malyshev [Mon, 27 Jul 2015 00:09:34 +0000 (17:09 -0700)]
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Stanislav Malyshev [Sun, 26 Jul 2015 23:44:18 +0000 (16:44 -0700)]
Fix bug #70081: check types for SOAP variables
Ferenc Kovacs [Sun, 26 Jul 2015 20:06:51 +0000 (22:06 +0200)]
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
make the travis irc notification a oneliner
Ferenc Kovacs [Sun, 26 Jul 2015 20:06:26 +0000 (22:06 +0200)]
make the travis irc notification a oneliner
Christoph M. Becker [Sun, 26 Jul 2015 15:33:09 +0000 (17:33 +0200)]
allow to skip slow tests
Anatol Belski [Fri, 24 Jul 2015 18:23:07 +0000 (20:23 +0200)]
updated libs_versions.txt
Christoph M. Becker [Thu, 23 Jul 2015 23:23:33 +0000 (01:23 +0200)]
added regression test for bug #55472, which has already been fixed as of PHP
5.5.0
Christoph M. Becker [Thu, 23 Jul 2015 19:31:58 +0000 (21:31 +0200)]
Fix #53854: Missing constants for compression type
The constants have already been added long ago. This patch just adds a PHPT
which checks the recognition of the respective compression methods.
Unfortunately, I've not been able to assemble a zip with all compression
methods.
Christoph M. Becker [Thu, 23 Jul 2015 16:37:07 +0000 (18:37 +0200)]
updated NEWS
Christoph M. Becker [Thu, 23 Jul 2015 16:13:47 +0000 (18:13 +0200)]
Fix #70052: getimagesize() fails for very large and very small WBMP
Very large WBMP (width or height greater than 2**31-1) cause an overflow and
circumvent the size limitation of 2048x2048 px. Very small WBMP (less than 12
bytes) cause a read error and are not recognized. This patch fixes both bugs.
Anatol Belski [Thu, 23 Jul 2015 05:34:31 +0000 (07:34 +0200)]
fix config.w32
Anatol Belski [Thu, 23 Jul 2015 05:31:54 +0000 (07:31 +0200)]
fix C99 compat
Lior Kaplan [Wed, 22 Jul 2015 17:35:31 +0000 (20:35 +0300)]
Align CVE format for #69669
Lior Kaplan [Wed, 22 Jul 2015 17:34:31 +0000 (20:34 +0300)]
Fix 69882 entry
Julien Pauli [Wed, 22 Jul 2015 07:27:49 +0000 (09:27 +0200)]
5.6.13 now