php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-30 03:33:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
83,637 Commits 549 Branches 1,487 Tags
7f529e3dee032d5977166c3eb7b70f57edc8e562
Commit Graph

8393 Commits

Author SHA1 Message Date
Ferenc Kovacs e715dafae0 5.6.30 will be next 2016-11-24 01:54:23 +01:00
Anatol Belski 0796db97d4 update NEWS 2016-11-22 00:57:18 +01:00
Anatol Belski 1d352645fc update NEWS 2016-11-21 19:56:09 +01:00
Christoph M. Becker e44deba1e9 Fix #64526: Add missing mysqlnd.* parameters to php.ini-* 2016-11-18 14:17:19 +01:00
Julien Pauli c4f1c20d80 Updated NEWS 2016-11-17 11:37:13 +01:00
Christoph M. Becker eb570294a2 Fix #73530: Unsetting result set may reset other result set 
Calling sqlite3_reset() when a result set object is freed can cause
undesired and maybe even hard to track interference with other result
sets. Furthermore, there is no need to call sqlite3_reset(), because
that is implicitly called on SQLite3Stmt::execute(), and users are
encouraged to explicitly call either SQLite3Result::finalize() or
SQLite3Stmt::reset() anyway.
 2016-11-16 11:49:04 +01:00
Dmitry Stogov ecba563f2f Fixed bug #69090 (check cached files permissions) 2016-11-16 12:43:10 +03:00
Anatol Belski e922d89f66 add missing NEWS entry 2016-11-09 21:32:44 +01:00
Ferenc Kovacs 87673d6e99 add missing NEWS entries 2016-11-09 02:12:16 +01:00
Jakub Zelenka 493b2bff02 Fix bug #72776 (Invalid parameter in memcpy function trough openssl_pbkdf2) 2016-11-06 20:40:51 +00:00
Xinchen Hui ef75ddd4f9 Fixed bug #73402 (Opcache segfault when using class constant to call a method) 2016-10-29 23:41:51 +08:00
Ferenc Kovacs 9b3a1e00ab 5.6.29 will be next 2016-10-27 23:10:59 +02:00
Christoph M. Becker cd13d0260a Fix #72494: imagecropauto out-of-bounds access 
This issue has actually already been fixed with commit 46f2c690. We're
adding a regression test and a NEWS entry, and also port the fix in
gdImageCropThreshold() from libgd:
  * <https://github.com/libgd/libgd/commit/b347e034>
  * <https://github.com/libgd/libgd/commit/46f2c690>
 2016-10-25 14:29:48 +02:00
Dmitry Stogov 6558559bcc Fixed bug #73337 (try/catch not working with two exceptions inside a same operation) 2016-10-18 14:48:01 +03:00
Christoph M. Becker 86e603a664 Fix #73333: 2147483647 is fetched as string 
We return all integers that can be represented as such by PHP as
integers, and only those that exceed the possible range as strings.
On builds which represent integers with 64 bits, the range check is
unnecessary and might cause code checkers to complain, so we skip this
special casing via the preprocessor according to
<http://git.php.net/?p=php-src.git;a=commit;h=99d087e5>.
 2016-10-17 23:34:41 +02:00
Ferenc Kovacs f7bf9650aa add missing NEWS entries for 5.6.27 2016-10-14 08:06:14 +02:00
Christoph M. Becker cc08cbc84d Fix #73280: Stack Buffer Overflow in GD dynamicGetbuf 
We make sure to never pass a negative `rlen` as size to memcpy().

Cf. <https://github.com/libgd/libgd/commit/53110871>.
 2016-10-13 11:10:02 +02:00
Sara Golemon 43ccf23d70 Clear FG(user_stream_current_filename) when bailing out 
If a userwrapper opener E_ERRORs then FG(user_stream_current_filename)
would remain set until the next request and would not be pointing
at unallocated memory.

Catch the bailout, clear the variable, then continue bailing.

Closes https://bugs.php.net/bug.php?id=73188
 2016-10-11 21:55:01 -07:00
Anatol Belski 4165d97606 update NEWS 2016-10-10 20:55:44 +02:00
Christoph M. Becker fc989fc6e7 Fix #73279: Integer overflow in gdImageScaleBilinearPalette() 
The color components are supposed to be in range 0..255, so we must not
cast them to `signed char`, what can be the default for `char`.

Port of <https://github.com/libgd/libgd/commit/77c8d359>.
 2016-10-10 11:41:39 +02:00
Christoph M. Becker b92216b97d Fix #73272: imagescale() affects imagesetinterpolation() 
We must not permanently change the interpolation method, but rather
have to restore the old method after we're done with scaling the image.
 2016-10-09 15:10:34 +02:00
Christoph M. Becker 9acfb1a3a5 Fix #73213: Integer overflow in imageline() with antialiasing 
We port the respective fixes <https://github.com/libgd/libgd/commit/eca37d620>
and <https://github.com/libgd/libgd/commit/837b7327> to our bundled libgd.
 2016-09-30 23:38:13 +02:00
Christoph M. Becker e72165bb86 Fix #73203: passing additional_parameters causes mail to fail 
We make sure that there's no unsigned underflow, which happened for `y==0`.
 2016-09-30 11:38:09 +02:00
Ferenc Kovacs 703c247c7d 5.6.28 is next 2016-09-29 00:55:36 +02:00
Christoph M. Becker 8f5eda4bf6 Fix #73161: imagecreatefromgd2() may leak memory 2016-09-24 12:36:54 +02:00
Christoph M. Becker 709731797c Fix #73159: imagegd2(): unrecognized formats may result in corrupted files 
We must not apply the format correction twice for truecolor images.
 2016-09-24 11:28:20 +02:00
Christoph M. Becker c7936ead8f Fix #73155: imagegd2() writes wrong chunk sizes on boundaries 2016-09-24 10:33:49 +02:00
Christoph M. Becker 1da79a6c6e Fix #73157 (again): imagegd2() ignores 3rd param if 4 are given 
Obviously, there was a bad merge.
 2016-09-24 00:35:24 +02:00
Christoph M. Becker 9a2a45c1df Update NEWS 2016-09-23 16:23:58 +02:00
Christoph M. Becker 6682673070 Fix #73100: session_destroy null dereference in ps_files_path_create 2016-09-16 23:41:10 +02:00
Xinchen Hui 01c7c6b152 Updte NEWS 2016-09-16 20:55:37 +08:00
Christoph M. Becker 46df064261 Fix #73003: Integer Overflow in gdImageWebpCtx of gd_webp.c 
We add the missing integer overflow check to avoid potential buffer overflows.
 2016-09-16 11:37:18 +02:00
Ferenc Kovacs 1d7484077a update NEWS 2016-09-15 11:35:46 +02:00
Christoph M. Becker 09eb6ed35e Fix #50194: imagettftext broken on transparent background w/o alphablending 
We must not draw the background pixels of the character glyphs, what has
already been fixed in GD 2.0.26.
 2016-09-14 15:47:32 +02:00
Jakub Zelenka 05baa92727 Fix bug #73072 (Invalid path SNI_server_certs causes segfault) 2016-09-13 18:15:34 +01:00
Anatol Belski 6c9d37d059 update NEWS 2016-09-10 11:02:17 +02:00
Christoph M. Becker 23e721fc93 Fix #73054: default option ignored when object passed to int filter 
If an object that can't be converted to string is validated, we must not
bail out early, but rather check for a requested default value.
 2016-09-09 14:30:24 +02:00
Levi Morrison cb91a51b00 Partially fix bug #67167 - Wrong return value... 
...from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE

The remainer of the fix would require the filter functions to only
convert to string when it makes sense for that particular filter.

(cherry picked from commit 432dc527ad)
 2016-09-09 12:45:46 +02:00
Yasuo Ohgaki 38553e853b Fixed Bug #68015 Session does not report invalid uid for files save handler 2016-09-09 11:31:54 +09:00
Yasuo Ohgaki fb1c46f013 Update NEWS 2016-09-08 13:35:30 +09:00
Christoph M. Becker dad793630d Fix #73025: Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c 
`command_length` is retrieved via strlen() and later passed to emalloc()
and memcpy(), so the appropriate type is `size_t`.

We don't add a regression test, because that would need to allocate a string
of at least 2 GiB.
 2016-09-06 12:05:58 +02:00
Yasuo Ohgaki 3a35d43ad9 Update NEWS 2016-09-06 18:29:20 +09:00
Christoph M. Becker 8aad3131a1 Fix #70752: Depacking with wrong password leaves 0 length files 
We should not open the output stream before we have tried to open the
archive entry, as failing the latter could leave an empty file behind.
 2016-09-06 01:03:46 +02:00
Julien Pauli dd6da58fac Updated NEWS 2016-09-05 17:03:29 +02:00
Julien Pauli 1abbcc8cc5 Updated NEWS 2016-09-05 10:17:56 +02:00
Christoph M. Becker b7259b71b4 Fix #72994: mbc_to_code() out of bounds read 
We're backporting commit 999a3553 to the still supported PHP 5.6.
 2016-09-04 16:37:06 +02:00
Christoph M. Becker d582241368 Fix #67325: imagetruecolortopalette: white is duplicated in palette 
gdImageTrueColorToPalette() is sometimes wasteful by putting multiple white
color entries into the palette. This is caused by an obvious typo, where
to avoid a division by zero when `total` is zero, `count` is checked instead
of `total`.

We fix this issue to improve the quality of the color quantization.

Cf. <https://github.com/libgd/libgd/commit/24b4550f>
 2016-09-03 19:50:42 +02:00
Ferenc Kovacs fbb81dd755 5.6.27 will be next 2016-09-01 20:27:19 +02:00
Yasuo Ohgaki 747b61808b Update NEWS 2016-08-31 21:06:19 +09:00
Christoph M. Becker 2f10db36af Fix #66797: mb_substr only takes 32-bit signed integer 
`from` and `len` are `long`, but get passed to mbfl_substr() which expects
`int`s. Therefore we clamp the values to avoid the undefined conversion
behavior.
 2016-08-30 14:52:47 +02:00