aaaef22db6
fix remaining tests for Opcache runs
...
The fail reason here is the TMP change while both top and test
run same binary with opcache enabled.
2017-01-13 17:16:15 +01:00
995ecffbb2
Fix #70417 : PharData::compress() doesn't close temp file
...
According to the comment, it has not been deemed necessary to close compressed
files. However, we don't want to keep unclosed file handles to save ressources.
So we're also closing compressed archives, if they're not aliased.
2017-01-05 14:12:31 +01:00
478f119ab9
Update copyright headers to 2017
2017-01-04 11:14:55 -06:00
7f0de1a138
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fix bug #73737 FPE when parsing a tag format
Fix bug #73773 - Seg fault when loading hostile phar
Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data()
Fix bug #73768 - Memory corruption when loading hostile phar
Fix int overflows in phar (bug #73764 )
2017-01-02 21:01:35 -08:00
e5246580a8
Fix bug #73773 - Seg fault when loading hostile phar
2016-12-31 18:47:50 -08:00
b28b8b2fee
Fix bug #73768 - Memory corruption when loading hostile phar
2016-12-30 15:57:24 -08:00
ca46d0acbc
Fix int overflows in phar (bug #73764 )
2016-12-30 15:39:48 -08:00
5004ae2b62
Silence warning from unhandled enum
...
(cherry picked from commit 57bbe2c140
2016-12-17 00:12:33 +01:00
2f9e928af8
fix leaking streams and memory mapped files
...
(cherry picked from commit f1ff23095b
2016-12-17 00:12:19 +01:00
8be94d46f8
Fix more size_t/int implicit conversions
...
Now the conversions are explicit and do checks. Not sure it's
the best way but at least we can see them now in the open.
2016-11-25 15:31:50 -08:00
bcc913fa8b
Fix int/size_t confusion in isValidPharFilename (bug #73580 )
2016-11-25 15:31:50 -08:00
07c6bdb85d
Merge branch 'PHP-7.0.11' into PHP-7.0
...
* PHP-7.0.11: (22 commits)
Fix bug #72293 - Heap overflow in mysqlnd related to BIT fields
I don't think 8cceb012a7#73065 : Out-Of-Bounds Read in php_wddx_push_element of wddx.c
Fix bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile)
Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction
Fix bug #73029 - Missing type check when unserializing SplArray
Fix bug #72860 : wddx_deserialize use-after-free
Fix bug #73007 : add locale length check
Fix bug #72928 - Out of bound when verify signature of zip phar in phar_parse_zipfile
sync NEWS
Revert "Merge branch 'PHP-5.6' into PHP-7.0"
Merge branch 'PHP-5.6' into PHP-7.0
Merge branch 'PHP-5.6' into PHP-7.0
Revert "Revert "Merge branch 'PHP-5.6' into PHP-7.0""
fix version
sync NEWS
Fix bug #72957
set versions
...
2016-09-12 21:09:30 -07:00
f5a9592ad8
Fix bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile)
2016-09-12 21:04:23 -07:00
223266e4e4
Fix bug #72928 - Out of bound when verify signature of zip phar in phar_parse_zipfile
2016-09-12 21:04:23 -07:00
c5f34c9eca
Fix bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile)
...
(cherry picked from commit 75ebf471ff46ec6e5ee279b3650c11d51ebaf9e3)
2016-09-12 17:54:32 +02:00
0bfb970f43
Fix bug #72928 - Out of bound when verify signature of zip phar in phar_parse_zipfile
...
(cherry picked from commit 19484ab77466f99c78fc0e677f7e03da0584d6a2)
2016-09-12 17:04:19 +02:00
7483acf511
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
fix double free
2016-09-03 00:05:02 +02:00
5efd2a33df
fix double free
2016-09-03 00:01:04 +02:00
1d5a4520be
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
fix test
2016-06-21 16:22:51 +02:00
e3bd360ec9
fix test
...
There is a difference between TS and NTS warning message, since
virtual_mkdir vs glibc directly is used. This has no effect for
the actual fix functionality.
2016-06-21 16:20:03 +02:00
2a65544f78
Merge branch 'PHP-5.6.23' into PHP-7.0.8
...
* PHP-5.6.23: (24 commits)
iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455 : Heap Overflow due to integer overflows
Fix bug #72434 : ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407 : NULL Pointer Dereference at _gdScaleVert
Fix bug #72402 : _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275 : don't allow smart_str to overflow int
Fix bug #72340 : Double Free Courruption in wddx_deserialize
update NEWS
Fix #66387 : Stack overflow with imagefilltoborder
Fix bug #72321 - use efree() for emalloc allocation
5.6.23RC1
Fix bug #72140 (segfault after calling ERR_free_strings())
...
Conflicts:
configure.in
ext/mbstring/php_mbregex.c
ext/mcrypt/mcrypt.c
ext/spl/spl_array.c
ext/spl/spl_directory.c
ext/standard/php_smart_str.h
ext/standard/string.c
ext/standard/url.c
ext/wddx/wddx.c
ext/zip/php_zip.c
main/php_version.h
2016-06-21 00:24:32 -07:00
d144590d38
Fix bug #72321 - use efree() for emalloc allocation
2016-06-12 21:35:13 -07:00
c7f7139985
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
fix dir separator in test
2016-03-29 14:20:30 +02:00
23d0065744
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
fix dir separator in test
2016-03-29 14:19:35 +02:00
551423c642
fix dir separator in test
2016-03-29 14:18:25 +02:00
67fbb06311
Merge branch 'PHP-5.5' into PHP-7.0.5
...
* PHP-5.5:
Fixed bug #71704 php_snmp_error() Format String Vulnerability
Fixed bug #71906 : AddressSanitizer: negative-size-param (-1) in mbfl_strcut
Fixed bug #71906 : AddressSanitizer: negative-size-param (-1) in mbfl_strcut
Fix bug #71798 - Integer Overflow in php_raw_url_encode
Fix bug #71860 : Require valid paths for phar filenames
Going for 5.5.34
Conflicts:
configure.in
ext/phar/phar_object.c
ext/phar/tests/badparameters.phpt
ext/phar/tests/create_path_error.phpt
ext/phar/tests/pharfileinfo_construct.phpt
ext/snmp/snmp.c
ext/standard/url.c
main/php_version.h
2016-03-28 23:55:05 -07:00
62da5cdf3d
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
Fixed bug #71906 : AddressSanitizer: negative-size-param (-1) in mbfl_strcut
Fix bug #71798 - Integer Overflow in php_raw_url_encode
Fix bug #71860 : Require valid paths for phar filenames
Going for 5.5.34
Conflicts:
configure.in
ext/phar/tests/create_path_error.phpt
main/php_version.h
2016-03-28 23:21:15 -07:00
72281f29dd
Fix bug #71860 : Require valid paths for phar filenames
2016-03-20 21:33:11 -07:00
1e9b175204
Fix bug #71860 : Require valid paths for phar filenames
2016-03-20 21:24:12 -07:00
a2022fd82a
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
fix directory separator
2016-03-09 14:17:30 +01:00
a1d1f54b42
fix directory separator
2016-03-09 14:16:29 +01:00
1ac152938c
Move semicolon into TSRMLS_CACHE_EXTERN/DEFINE
...
Also re bug #71575 .
2016-03-03 16:50:01 +01:00
22d8e9aced
Merge branch 'PHP-7.0.4' into PHP-7.0
...
* PHP-7.0.4: (21 commits)
update NEWS
fix test file
Fix version
update NEWS
Update NEWS
Fix bug #71610 : Type Confusion Vulnerability - SOAP / make_http_soap_request()
Fix bug #71637 : Multiple Heap Overflow due to integer overflows
extend check for add_flag
Fixed another segfault with file_cache_only now
set version
fix nmake clean in phpize mode
Fixed segfault with file_cache_only
Fixed possible crash at PCRE on MSHUTDOWN
Fixed more synchronisation issues during SHM reload
Set proper type flags (REFCOUNTED and COPYABLE) according to interned or regular string
sync with improvements in NEWS
Fixed process synchronisation problem, that may cause crashes after opcache restart
Fix bug #71498 : Out-of-Bound Read in phar_parse_zipfile()
fix ts buld
prep for 5.6.19RC1
...
Conflicts:
configure.in
main/php_version.h
2016-03-01 23:08:19 -08:00
90a0cbd594
Merge branch 'PHP-5.6.19' into PHP-7.0.4
...
* PHP-5.6.19:
fix test file
Fix version
update NEWS
Update NEWS
Fix bug #71498 : Out-of-Bound Read in phar_parse_zipfile()
fix ts buld
prep for 5.6.19RC1
5.6.20 is next
Fixed bug #71587 - Use-After-Free / Double-Free in WDDX Deserialize
Conflicts:
configure.in
ext/wddx/wddx.c
main/php_version.h
2016-03-01 23:01:48 -08:00
b3bb1aacfe
Merge branch 'PHP-5.6.19' into PHP-5.6
...
* PHP-5.6.19:
fix test file
Fix version
Update NEWS
2016-03-01 22:56:08 -08:00
6e6a556b8c
Merge branch 'PHP-5.5' into PHP-5.6.19
...
* PHP-5.5:
fix test file
Fix version
Update NEWS
2016-03-01 22:55:49 -08:00
3c8ccdd9d3
fix test file
2016-03-01 22:55:02 -08:00
ae3f132be1
Merge branch 'PHP-5.6.19' into PHP-5.6
...
* PHP-5.6.19:
update NEWS
Fix bug #71498 : Out-of-Bound Read in phar_parse_zipfile()
fix ts buld
prep for 5.6.19RC1
Fixed bug #71587 - Use-After-Free / Double-Free in WDDX Deserialize
2016-03-01 22:42:16 -08:00
91990bbde0
Merge branch 'PHP-5.5.33' into PHP-5.6.19
...
* PHP-5.5.33:
Fix bug #71498 : Out-of-Bound Read in phar_parse_zipfile()
Fixed bug #71587 - Use-After-Free / Double-Free in WDDX Deserialize
2016-03-01 22:40:00 -08:00
a6afaa9a85
Merge branch 'PHP-5.6' into PHP-7.0
...
Conflicts:
ext/phar/tar.c
2016-02-29 22:44:46 +01:00
50b4cafd28
Fixed bugs #71317 and #71504
...
If there are duplicate filenames in tar, the last one wins.
2016-02-29 22:34:35 +01:00
a6fdc5bb27
Fix bug #71498 : Out-of-Bound Read in phar_parse_zipfile()
2016-02-21 16:51:05 -08:00
b3df715f50
add test for bug #71625 , 7 variant
2016-02-18 19:40:17 +01:00
688b914217
add test for bug #71625
2016-02-18 19:38:39 +01:00
9a5797976a
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fixed bug #71625 Crash in php7.dll with bad phar filename
2016-02-18 19:33:27 +01:00
0445abd547
Fixed bug #71625 Crash in php7.dll with bad phar filename
2016-02-18 19:32:08 +01:00
9afb29aa68
Remove TSRMLS_* from code, they are not used anymore
2016-02-17 22:44:05 -08:00
c94ee2e0c8
fix dir separator in test
2016-02-15 09:00:07 +01:00
a3927fa7f5
fix dir separator in test
2016-02-15 08:58:20 +01:00
0fca0d9f42
fix tests
2016-02-01 20:23:21 -08:00
Anatol Belski