]> granicus.if.org Git - php/log
php
4 years agoFix typos in php.ini files
Benjamin Morel [Fri, 20 Nov 2020 13:45:35 +0000 (14:45 +0100)]
Fix typos in php.ini files

Closes GH-6441.

[ci skip]

4 years agoFix #72964: White space not unfolded for CC/Bcc headers
Christoph M. Becker [Tue, 10 Nov 2020 15:13:54 +0000 (16:13 +0100)]
Fix #72964: White space not unfolded for CC/Bcc headers

`\r\n` does only terminate a header, if not followed by `\t` or ` `.
We have to cater to that when determining the end position of the
respective headers.

Closes GH-6420.

4 years agoFix #80345: PHPIZE configuration has outdated PHP_RELEASE_VERSION
Christoph M. Becker [Tue, 10 Nov 2020 12:51:40 +0000 (13:51 +0100)]
Fix #80345: PHPIZE configuration has outdated PHP_RELEASE_VERSION

We must not redefine the version "constants" for phpize builds, because
these have already generated in phpize.js, from where we pass these
variables forward to configure.js.

We also add `PHP_EXTRA_VERSION` and `PHP_VERSION_STRING` to the files
for completeness.

Closes GH-6419.

4 years agoShort-circuit get_gc for currently running generator
Nikita Popov [Wed, 18 Nov 2020 11:44:31 +0000 (12:44 +0100)]
Short-circuit get_gc for currently running generator

4 years agoFix #80312: change default engine from MyISAM to InnoDB in tests
Darek Slusarczyk [Fri, 6 Nov 2020 14:41:15 +0000 (15:41 +0100)]
Fix #80312: change default engine from MyISAM to InnoDB in tests

Change mysqli and pdo_mysql tests configuration to use by default
InnoDB instead of MyISAM.

Closes GH-6405.

4 years agoFix incorrectly optimized out live range
Nikita Popov [Tue, 17 Nov 2020 09:18:37 +0000 (10:18 +0100)]
Fix incorrectly optimized out live range

For x ? y : z style structures, the live range starts at z, but
may also hold the value of y. Make sure that the refcounting check
takes this into account, by checking the type of a potential phi
user.

4 years agoFix #74558: Can't rebind closure returned by Closure::fromCallable()
Christoph M. Becker [Thu, 12 Nov 2020 14:37:51 +0000 (15:37 +0100)]
Fix #74558: Can't rebind closure returned by Closure::fromCallable()

Failure to rebind such closures is not necessarily related to them
being created by `ReflectionFunctionAbstract::getClosure()`, so we fix
the error message.

Closes GH-6424.

4 years agoHandle errors during next_result()
Nikita Popov [Wed, 11 Nov 2020 14:56:05 +0000 (15:56 +0100)]
Handle errors during next_result()

4 years agoPHP-7.4 is now for 7.4.14
Derick Rethans [Tue, 10 Nov 2020 17:58:21 +0000 (17:58 +0000)]
PHP-7.4 is now for 7.4.14

4 years agoAdd integration test for symfony preloading
Nikita Popov [Mon, 9 Nov 2020 14:13:33 +0000 (15:13 +0100)]
Add integration test for symfony preloading

To help catch regressions like the one that occurred in PHP 7.4.12.

Closes GH-6414.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Tue, 10 Nov 2020 10:09:40 +0000 (11:09 +0100)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  7.3.26 is next

4 years ago7.3.26 is next
Christoph M. Becker [Tue, 10 Nov 2020 10:08:16 +0000 (11:08 +0100)]
7.3.26 is next

4 years agoFix phi use chain management when renaming variable
Nikita Popov [Mon, 9 Nov 2020 16:06:41 +0000 (17:06 +0100)]
Fix phi use chain management when renaming variable

If there is a previous use of the new variable in the phi, we need
to NULL out the use chain of the new source we're adding.

Test case is reduced from an assertion failure in the Symfony Demo.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Nikita Popov [Mon, 9 Nov 2020 13:34:24 +0000 (14:34 +0100)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Fixed bug #80310: Support for icu4c 68.1.

4 years agoFixed bug #80310: Support for icu4c 68.1.
Alexander M. Turek [Tue, 3 Nov 2020 18:14:41 +0000 (19:14 +0100)]
Fixed bug #80310: Support for icu4c 68.1.

On stable versions, bring back the TRUE/FALSE defines by defining
_U_DEFINE_TRUE_AND_FALSE.

Closes GH-6397.

4 years agoUpdate version in 7.4 branch
Derick Rethans [Sat, 7 Nov 2020 18:48:13 +0000 (18:48 +0000)]
Update version in 7.4 branch

4 years agoSplit tests for compatibility with ICU 68.1
Christoph M. Becker [Fri, 6 Nov 2020 16:11:26 +0000 (17:11 +0100)]
Split tests for compatibility with ICU 68.1

4 years agoBackport preloading trait fixup fixes
Nikita Popov [Thu, 5 Nov 2020 10:58:31 +0000 (11:58 +0100)]
Backport preloading trait fixup fixes

This cherry-picks 33969c2252b2c33a72c9039072af8862fd347a5f and
2effbfd8713936742ef46e6e85ce193b320ac005 from PHP-8.0.

The issues these commits fix could also manifest in PHP 7.4, and
a commenter on bug #80307 reports this this might indeed be
happening.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Wed, 4 Nov 2020 13:54:14 +0000 (14:54 +0100)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Fix #80266: parse_url silently drops port number 0

4 years agoFix #80266: parse_url silently drops port number 0
Christoph M. Becker [Wed, 4 Nov 2020 10:34:10 +0000 (11:34 +0100)]
Fix #80266: parse_url silently drops port number 0

As of commit 81b2f3e[1], `parse_url()` accepts URLs with a zero port,
but does not report that port, what is wrong in hindsight.

Since the port number is stored as `unsigned short` there is no way to
distinguish between port zero and no port.  For BC reasons, we thus
introduce `parse_url_ex2()` which accepts an output parameter that
allows that distinction, and use the new function to fix the behavior.

The introduction of `parse_url_ex2()` has been suggested by Nikita.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=81b2f3e5d9fcdffd87a4fcd12bd8c708a97091e1>

Closes GH-6399.

4 years agoFix dynamic function definition in preload script
Nikita Popov [Wed, 4 Nov 2020 09:54:08 +0000 (10:54 +0100)]
Fix dynamic function definition in preload script

We should use normal function renaming if the function is declared
during preloading itself, rather than afterwards.

This fixes a regression introduced by
68f80be9d1380de731930187250a7ed6b55ae196.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Nikita Popov [Tue, 3 Nov 2020 09:39:13 +0000 (10:39 +0100)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Fix another implicit function declaration in configure

4 years agoFix another implicit function declaration in configure
Nikita Popov [Tue, 3 Nov 2020 09:38:16 +0000 (10:38 +0100)]
Fix another implicit function declaration in configure

As mentioned on bug #80171. This one is in libtool.m4, might get
lost on libtool updates.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Mon, 2 Nov 2020 10:39:16 +0000 (11:39 +0100)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Fix #70461: disable md5 code when it is not supported in net-snmp

4 years agoFix #70461: disable md5 code when it is not supported in net-snmp
Christoph M. Becker [Wed, 28 Oct 2020 14:30:49 +0000 (15:30 +0100)]
Fix #70461: disable md5 code when it is not supported in net-snmp

Patch contributed by Alexander Bergmann.

Closes GH-6389.

4 years agoFix SSA integrity violation for type inference in dead code
Nikita Popov [Fri, 30 Oct 2020 14:48:03 +0000 (15:48 +0100)]
Fix SSA integrity violation for type inference in dead code

The foreach body can never be executed and thus may contain empty
types. We should still uphold our SSA integrity invariants in that
case.

4 years agoFix bug79177.phpt wrt. JIT
Christoph M. Becker [Fri, 30 Oct 2020 11:44:37 +0000 (12:44 +0100)]
Fix bug79177.phpt wrt. JIT

JIT ignores that the `zend_write` callback is overwritten, so we define
our own callback and caller.

We also fix the "inconsistent DLL binding" warnings on Windows, by
introducing `PHP_ZEND_TEST_API`.

Closes GH-6391.

4 years agoFix bug #72413: Segfault with get_result and PS cursors
Dharman [Thu, 17 Sep 2020 11:35:26 +0000 (12:35 +0100)]
Fix bug #72413: Segfault with get_result and PS cursors

We cannot simply switch to use_result here, because the fetch_row
methods in get_result mode and in use_result/store_result mode
are different: In one case it accepts a statement, in the other
a return value zval. Thus, doing a switch to use_result results
in a segfault when trying to fetch a row.

Actually supporting get_result with cursors would require adding
cursor support in mysqlnd_result, not just mysqlnd_ps. That would
be a significant amount of effort and, given the age of the issue,
does not appear to be particularly likely to happen soon.

As such, we simply generate an error when using get_result()
with cursors, which is much better than causing a segfault.
Instead, parameter binding needs to be used.

4 years agoHandle errors during PDO row fetch
Nikita Popov [Thu, 29 Oct 2020 13:07:08 +0000 (14:07 +0100)]
Handle errors during PDO row fetch

The EOF flag also gets set on error, so we always end up ignoring
errors here.

However, we should only check errors for unbuffered results. For
buffered results, this function is guaranteed not to error, and
querying the errno may return an unrelated error.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Thu, 29 Oct 2020 12:09:19 +0000 (13:09 +0100)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Fix format specifier

4 years agoFix format specifier
Christoph M. Becker [Thu, 29 Oct 2020 11:58:45 +0000 (12:58 +0100)]
Fix format specifier

In this function, `i` is of type `size_t`.

4 years agoReport gone away error in one more place
Nikita Popov [Thu, 29 Oct 2020 10:43:17 +0000 (11:43 +0100)]
Report gone away error in one more place

4 years ago[ci skip] Fix NEWS order
Christoph M. Becker [Thu, 29 Oct 2020 11:15:31 +0000 (12:15 +0100)]
[ci skip] Fix NEWS order

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Thu, 29 Oct 2020 11:00:07 +0000 (12:00 +0100)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Fix #44618: Fetching may rely on uninitialized data

4 years agoFix #44618: Fetching may rely on uninitialized data
Christoph M. Becker [Thu, 29 Oct 2020 10:52:10 +0000 (11:52 +0100)]
Fix #44618: Fetching may rely on uninitialized data

Unless `SQLGetData()` returns `SQL_SUCCESS` or `SQL_SUCCESS_WITH_INFO`,
the `StrLen_or_IndPtr` output argument is not guaranteed to be properly
set.  Thus we handle retrieval failure other than `SQL_ERROR` by
yielding `false` for those column values and raising a warning.

Closes GH-6281.

4 years agoRetain QUIT_SEND connection state
Nikita Popov [Thu, 29 Oct 2020 09:17:35 +0000 (10:17 +0100)]
Retain QUIT_SEND connection state

If the server goes away while reading a packet, don't go back into
the READY state. This will just cause broken pipe errors down the
line.

4 years agoFixed bug #65825
Nikita Popov [Wed, 28 Oct 2020 16:12:35 +0000 (17:12 +0100)]
Fixed bug #65825

Set error_info when we fail to read a packet, instead of throwing
a warning. Additionally we also need to populate the right
error_info in rowp_read -- we'll later take the error from the
packet, not the connection.

No test case, as this is hard to reliably test. I'm using the
test case from:
https://github.com/php/php-src/pull/2131#issuecomment-538374838

4 years agoFix #79177: FFI doesn't handle well PHP exceptions within callback
Christoph M. Becker [Wed, 28 Oct 2020 11:01:28 +0000 (12:01 +0100)]
Fix #79177: FFI doesn't handle well PHP exceptions within callback

We have to error on unhandled exceptions in FFI callbacks, to avoid
passing back undefined values.

This has been discussed and agreed upon in a previous PR[1].

[1] <https://github.com/php/php-src/pull/5120>

Closes GH-6366.

4 years agoFixed bug #66528
Nikita Popov [Wed, 28 Oct 2020 10:58:07 +0000 (11:58 +0100)]
Fixed bug #66528

Report errors in commit, rollback and autocommit handlers.

4 years agoFixed run-time binding of preloaded dynamically declared function
Dmitry Stogov [Wed, 28 Oct 2020 10:50:14 +0000 (13:50 +0300)]
Fixed run-time binding of preloaded dynamically declared function

4 years agoHandle mysqli errors in more cases
Dharman [Thu, 17 Sep 2020 22:45:17 +0000 (23:45 +0100)]
Handle mysqli errors in more cases

Report errors autocommit, commit, rollback and mysqli_stmt_attr_set.

Additionally, copy the error from conn to stmt when preparing fails,
so these errors are also handled by mysqli_stmt_prepare.

Closes GH-6157.

4 years agoSync test with master
Nikita Popov [Wed, 28 Oct 2020 10:30:22 +0000 (11:30 +0100)]
Sync test with master

Sync ext/mysqli/tests/mysqli_report.phpt with PHP-8.0/master, as
the current difference in indentation makes it hard to merge.

4 years agoFix bug #79375
Dharman [Sun, 20 Sep 2020 15:32:47 +0000 (16:32 +0100)]
Fix bug #79375

Make sure deadlock errors are properly propagated and reports in
a number of places in mysqli and PDO MySQL.

This also fixes a memory and a segfault that can occur under these
conditions.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Nikita Popov [Mon, 26 Oct 2020 15:50:48 +0000 (16:50 +0100)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Deny cloning of fileinfo objects

4 years agoDeny cloning of fileinfo objects
Nikita Popov [Mon, 26 Oct 2020 15:50:20 +0000 (16:50 +0100)]
Deny cloning of fileinfo objects

Using a cloned finfo object will crash.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Mon, 26 Oct 2020 14:40:55 +0000 (15:40 +0100)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Revert "Fix out-of-bounds write"

4 years agoRevert "Fix out-of-bounds write"
Christoph M. Becker [Tue, 20 Oct 2020 15:09:20 +0000 (17:09 +0200)]
Revert "Fix out-of-bounds write"

This reverts commit bf6873a18e3b6b00f82a645c0893a281ae8eadb8.

CVE-2020-26159 is bogus; the "bug" was apparently a false positive
reported by Coverity, and the "fix" apparently wrong, see
<https://github.com/kkos/oniguruma/issues/221>.

Closes GH-6357.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Mon, 26 Oct 2020 12:08:47 +0000 (13:08 +0100)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Fix #80268: loadHTML() truncates at NUL bytes

4 years agoFix #80268: loadHTML() truncates at NUL bytes
Christoph M. Becker [Fri, 23 Oct 2020 09:06:30 +0000 (11:06 +0200)]
Fix #80268: loadHTML() truncates at NUL bytes

libxml2 has no particular issues parsing HTML strings with NUL bytes;
these just cause truncation of the current text content, but parsing
continues generally.  Since `::loadHTMLFile()` already supports NUL
bytes, `::loadHTML()` should as well.

Note that this is different from XML, which does not allow any NUL
bytes.

Closes GH-6368.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Nikita Popov [Mon, 26 Oct 2020 11:40:56 +0000 (12:40 +0100)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Declare may_retry_reparse_point on windows only

4 years agoDeclare may_retry_reparse_point on windows only
Nikita Popov [Mon, 26 Oct 2020 11:40:27 +0000 (12:40 +0100)]
Declare may_retry_reparse_point on windows only

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Mon, 26 Oct 2020 10:54:33 +0000 (11:54 +0100)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Fix #62474: com_event_sink crashes on certain arguments

4 years agoFix #62474: com_event_sink crashes on certain arguments
Christoph M. Becker [Thu, 22 Oct 2020 15:50:22 +0000 (17:50 +0200)]
Fix #62474: com_event_sink crashes on certain arguments

We have to make sure that the variant is of type `VT_DISPATCH` before
we access it as such.

Closes GH-6372.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Mon, 26 Oct 2020 10:21:35 +0000 (11:21 +0100)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Fix #80258: Windows Deduplication Enabled, randon permission errors

4 years agoFix #80258: Windows Deduplication Enabled, randon permission errors
Christoph M. Becker [Mon, 19 Oct 2020 15:41:58 +0000 (17:41 +0200)]
Fix #80258: Windows Deduplication Enabled, randon permission errors

A recent bug fix regarding symlinks claimed:

> After resolving reparse points, the path still may be a reparse
> point; in that case we have to resolve that reparse point as well.

While that is basically correct, some reparse points may point to
inaccessible system folders (e.g. `IO_REPARSE_TAG_DEDUP` points to
"\System Volume Information").  Since we don't know details about
arbitrary reparse points, and are mainly interested in nested symlinks,
we take a step back, and only resolve `IO_REPARSE_TAG_SYMLINK` for now.

Close GH-6354.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Mon, 26 Oct 2020 10:04:57 +0000 (11:04 +0100)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Fix #80280: ADD_EXTENSION_DEP() fails for ext/standard and ext/date

4 years agoFix #80280: ADD_EXTENSION_DEP() fails for ext/standard and ext/date
Christoph M. Becker [Sat, 24 Oct 2020 14:08:02 +0000 (16:08 +0200)]
Fix #80280: ADD_EXTENSION_DEP() fails for ext/standard and ext/date

`ADD_EXTENSION_DEP()` relies on the `PHP_<extname>` config variables to
be set to `"yes"`, and since the standard and date extension are always
enabled, we define the respective variables uncoditionally.

Closes GH-6383.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Mon, 26 Oct 2020 09:58:26 +0000 (10:58 +0100)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Fix bug 76618

4 years agoFix bug 76618
George Peter Banyard [Thu, 22 Oct 2020 16:01:48 +0000 (17:01 +0100)]
Fix bug 76618

Apply patch which was attached to the bug in July 2018

4 years agoFix bug 76618
George Peter Banyard [Thu, 22 Oct 2020 16:01:48 +0000 (17:01 +0100)]
Fix bug 76618

Apply patch which was attached to the bug in July 2018

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Nikita Popov [Thu, 22 Oct 2020 14:05:34 +0000 (16:05 +0200)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Don't crash on uninitialized tidy object

4 years agoDon't crash on uninitialized tidy object
Nikita Popov [Thu, 22 Oct 2020 14:04:22 +0000 (16:04 +0200)]
Don't crash on uninitialized tidy object

"Uninitialized" here means that the object was created ordinarily
-- no constructor skipping involved. Most tidy methods seem to
handle this fine, but these three need to be guarded.

4 years agoUpdated to version 2020.4 (2020d)
Derick Rethans [Thu, 22 Oct 2020 09:12:26 +0000 (10:12 +0100)]
Updated to version 2020.4 (2020d)

4 years agoEmpty merge
Derick Rethans [Thu, 22 Oct 2020 09:12:25 +0000 (10:12 +0100)]
Empty merge

4 years agoUpdated to version 2020.4 (2020d)
Derick Rethans [Thu, 22 Oct 2020 09:12:24 +0000 (10:12 +0100)]
Updated to version 2020.4 (2020d)

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Tue, 20 Oct 2020 17:00:04 +0000 (19:00 +0200)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Fix #80242: imap_mail_compose() segfaults for multipart with rfc822

4 years agoFix #80242: imap_mail_compose() segfaults for multipart with rfc822
Christoph M. Becker [Tue, 20 Oct 2020 14:38:16 +0000 (16:38 +0200)]
Fix #80242: imap_mail_compose() segfaults for multipart with rfc822

libc-client expects `TYPEMESSAGE` with an explicit subtype of `RFC822`
to have a `nested.msg` (otherwise there will be a segfault during
free), but not to have any `contents.text.data` (this will leak
otherwise).

Closes GH-6345.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Tue, 20 Oct 2020 14:31:25 +0000 (16:31 +0200)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Add char* cast to avoid compiler warnings

4 years agoAdd char* cast to avoid compiler warnings
Christoph M. Becker [Tue, 20 Oct 2020 14:25:00 +0000 (16:25 +0200)]
Add char* cast to avoid compiler warnings

In libc-client 2007f `data` is declared as `unsigned char *`; there may
be variants which declare it as `void *`, but in any case picky
compilers may warn about a pointer type mismatch in the conditional
(and error with `-W-error`), so we're adding a `char *` cast for good
measure.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Tue, 20 Oct 2020 11:34:27 +0000 (13:34 +0200)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Properly fix #80220

4 years agoProperly fix #80220
Christoph M. Becker [Fri, 16 Oct 2020 09:58:50 +0000 (11:58 +0200)]
Properly fix #80220

The original fix for that bug[1] broke the formerly working composition
of message/rfc822 messages, which results in a segfault when freeing
the message body now.  While `imap_mail_compose()` does not really
support composition of meaningful message/rfc822 messages (although
libc-client appears to support that), some code may still use this to
compose partial messages, and using string manipulation to create the
final message.

The point is that libc-client expects `TYPEMESSAGE` with an explicit
subtype of `RFC822` to have a `nested.msg` (otherwise there will be a
segfault during free), but not to have any `contents.text.data` (this
will leak otherwise).

[1] <http://git.php.net/?p=php-src.git;a=commit;h=0d022ddf03c5fabaaa22e486d1e4a367ed9170a7>

Closes GH-6343.

4 years agoFix bug #79643: Invalid memory read when opcache.interned_strings_buffer is 0
twosee [Tue, 9 Jun 2020 06:55:36 +0000 (14:55 +0800)]
Fix bug #79643: Invalid memory read when opcache.interned_strings_buffer is 0

4 years agoFix CCM tag length setting for old OpenSSL versions
Nikita Popov [Tue, 20 Oct 2020 08:50:50 +0000 (10:50 +0200)]
Fix CCM tag length setting for old OpenSSL versions

While OpenSSL 1.1 allows unconditionally setting the CCM tag length
even for decryption, some older versions apparently do not. As such,
we do need to treat CCM and OCB separately after all.

4 years agoFix bug #79983: Add support for OCB mode
Nikita Popov [Wed, 14 Oct 2020 11:03:03 +0000 (13:03 +0200)]
Fix bug #79983: Add support for OCB mode

OCB mode ciphers were already exposed to openssl_encrypt/decrypt,
but misbehaved, because they were not treated as AEAD ciphers.
From that perspective, OCB should be treated the same way as GCM.
In OpenSSL 1.1 the necessary controls were unified under
EVP_CTRL_AEAD_* (and OCB is only supported since OpenSSL 1.1).

Closes GH-6337.

4 years agoUpdated to version 2020.3 (2020c)
Derick Rethans [Mon, 19 Oct 2020 08:31:03 +0000 (09:31 +0100)]
Updated to version 2020.3 (2020c)

4 years agoEmpty merge
Derick Rethans [Mon, 19 Oct 2020 08:31:03 +0000 (09:31 +0100)]
Empty merge

4 years agoUpdated to version 2020.3 (2020c)
Derick Rethans [Mon, 19 Oct 2020 08:31:02 +0000 (09:31 +0100)]
Updated to version 2020.3 (2020c)

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Thu, 15 Oct 2020 11:19:30 +0000 (13:19 +0200)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Fix broken fix for #80239

4 years agoFix broken fix for #80239
Christoph M. Becker [Thu, 15 Oct 2020 11:18:34 +0000 (13:18 +0200)]
Fix broken fix for #80239

No idea why that `git am` failed that badly.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Thu, 15 Oct 2020 10:55:44 +0000 (12:55 +0200)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Fix #80239: imap_rfc822_write_address() leaks memory

4 years agoFix #80239: imap_rfc822_write_address() leaks memory
Christoph M. Becker [Thu, 15 Oct 2020 10:51:10 +0000 (12:51 +0200)]
Fix #80239: imap_rfc822_write_address() leaks memory

We have to free the address when we're finished with it.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Nikita Popov [Thu, 15 Oct 2020 08:16:56 +0000 (10:16 +0200)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Fix leak in gmp_export()

4 years agoFix leak in gmp_export()
Nikita Popov [Thu, 15 Oct 2020 08:16:22 +0000 (10:16 +0200)]
Fix leak in gmp_export()

4 years agoAllow passing $tag for non-authenticated encryption
Nikita Popov [Tue, 13 Oct 2020 14:46:32 +0000 (16:46 +0200)]
Allow passing $tag for non-authenticated encryption

openssl_encrypt() currently throws a warning if the $tag out
parameter is passed for a non-authenticated cipher. This violates
the principle that a function should behave the same if a parameter
is not passed, and if the default value is passed for the parameter.

I believe this warning should simply be dropped and the $tag be
populated with null, as is already the case. Otherwise, it is not
possible to use openssl_encrypt() in generic wrapper APIs, that are
compatible with both authenticated and non-authenticated encryption.

Closes GH-6333.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Tue, 13 Oct 2020 17:38:10 +0000 (19:38 +0200)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Fix #64076: imap_sort() does not return FALSE on failure

4 years agoFix #64076: imap_sort() does not return FALSE on failure
Christoph M. Becker [Tue, 13 Oct 2020 14:20:55 +0000 (16:20 +0200)]
Fix #64076: imap_sort() does not return FALSE on failure

If unsupported `$search_criteria` are passed to `imap_sort()`, the
function returns an empty array, but there is also an error on the
libc-client error stack ("Unknown search criterion: UNSUPPORTED
(errflg=2)").  If, on the other hand, unsupported `$criteria` or
unsupported `$flags` are passed, the function returns `false`.  We
solve this inconsistency by returning `false` for unsupported
`$search_criteria` as well.

Closes GH-6332.

4 years agoPrepare for 7.4.13
Derick Rethans [Tue, 13 Oct 2020 11:28:58 +0000 (12:28 +0100)]
Prepare for 7.4.13

4 years agoIgnore memory leaks reported for some libc-client functions
Christoph M. Becker [Mon, 12 Oct 2020 15:28:24 +0000 (17:28 +0200)]
Ignore memory leaks reported for some libc-client functions

At least on Windows, some static variables are lazily initialized
during `mail_open()` and `mail_lsub()`, which are reported as memory
leaks.  We suppress these false positives.

Closes GH-6326.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Tue, 13 Oct 2020 07:53:52 +0000 (09:53 +0200)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  7.3.25 is next

4 years ago7.3.25 is next
Christoph M. Becker [Tue, 13 Oct 2020 07:52:46 +0000 (09:52 +0200)]
7.3.25 is next

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Mon, 12 Oct 2020 21:17:42 +0000 (23:17 +0200)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Fix #80226: imap_sort() leaks sortpgm memory

4 years agoFix #80226: imap_sort() leaks sortpgm memory
Christoph M. Becker [Mon, 12 Oct 2020 16:06:53 +0000 (18:06 +0200)]
Fix #80226: imap_sort() leaks sortpgm memory

We need to free what we have allocated.

Closes GH-6327.

4 years agointl: report more information about message pattern parse errors
Philip Hofstetter [Fri, 9 Oct 2020 09:55:33 +0000 (11:55 +0200)]
intl: report more information about message pattern parse errors

The message patterns can be pretty complex, so reporting a generic
U_PARSE_ERROR without any additional information makes it needlessly
hard to fix erroneous patterns.

This commit makes use of the additional UParseError* parameter to
umsg_open to retrieve more details about the parse error to report that
to the user via intl_get_error_message()

Additional improve error reporting from the IntlMessage constructor.
Previously, all possible failures when calling IntlMessage::__construct()
would be masked away with a generic "Constructor failed" message.
This would include invalid patterns.

This commit makes sure that the underlying error that caused the
constructor failure is reported as part of the IntlException error
message.

Closes GH-6325.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Mon, 12 Oct 2020 14:28:36 +0000 (16:28 +0200)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Fix #80216: imap_mail_compose() does not validate types/encodings

4 years agoFix #80216: imap_mail_compose() does not validate types/encodings
Christoph M. Becker [Mon, 12 Oct 2020 12:04:18 +0000 (14:04 +0200)]
Fix #80216: imap_mail_compose() does not validate types/encodings

We need to check whether the given `type`s and `encoding`s are within
bounds to avoid segfaults and out-of-bound reads.

Closes GH-6323.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Mon, 12 Oct 2020 13:09:15 +0000 (15:09 +0200)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Fix #80223: imap_mail_compose() leaks envelope on malformed bodies

4 years agoFix #80223: imap_mail_compose() leaks envelope on malformed bodies
Christoph M. Becker [Mon, 12 Oct 2020 11:26:38 +0000 (13:26 +0200)]
Fix #80223: imap_mail_compose() leaks envelope on malformed bodies

We have to clean up even on failure.

Closes GH-6322.

4 years agoMerge branch 'PHP-7.3' into PHP-7.4
Christoph M. Becker [Mon, 12 Oct 2020 11:32:28 +0000 (13:32 +0200)]
Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Fix #80220: imap_mail_compose() may leak memory

4 years agoFix #80220: imap_mail_compose() may leak memory
Christoph M. Becker [Mon, 12 Oct 2020 08:36:18 +0000 (10:36 +0200)]
Fix #80220: imap_mail_compose() may leak memory

Unless `topbod` is of `TYPEMULTIPART`, `mail_free_body()` does not free
the `nested.part`; while we could do this ourselves, instead we just
ignore additional bodies in this case, i.e. we don't attach them in the
first place.

Closes GH-6321.

4 years agoRevert "Add missing X509 purpose constants"
Nikita Popov [Mon, 12 Oct 2020 10:56:07 +0000 (12:56 +0200)]
Revert "Add missing X509 purpose constants"

This reverts commit 1e53e14bc31aec98a408e517c7c8493ef4bf80cd.

This fails on Travis.