* PHP-7.0.11: (22 commits)
Fix bug #72293 - Heap overflow in mysqlnd related to BIT fields
I don't think 8cceb012a7 is needed
Fix test
Add check in fgetcsv in case sizeof(unit) != sizeof(size_t)
Fix bug #73065: Out-Of-Bounds Read in php_wddx_push_element of wddx.c
Fix bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile)
Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction
Fix bug #73029 - Missing type check when unserializing SplArray
Fix bug #72860: wddx_deserialize use-after-free
Fix bug #73007: add locale length check
Fix bug #72928 - Out of bound when verify signature of zip phar in phar_parse_zipfile
sync NEWS
Revert "Merge branch 'PHP-5.6' into PHP-7.0"
Merge branch 'PHP-5.6' into PHP-7.0
Merge branch 'PHP-5.6' into PHP-7.0
Revert "Revert "Merge branch 'PHP-5.6' into PHP-7.0""
fix version
sync NEWS
Fix bug #72957
set versions
...
GlobIterator throws LogicException with message 'The parent constructor was
not called' on its first operation when the glob expression doesn't match
any file. It also throws on the first operation after the iteration
completes, when the glob expression matches some files.
# Resolved conflicts:
# ext/spl/spl_directory.c
* PHP-5.5:
Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455: Heap Overflow due to integer overflows
Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed#72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275: don't allow smart_str to overflow int
Fix bug #72340: Double Free Courruption in wddx_deserialize
update NEWS
Fix#66387: Stack overflow with imagefilltoborder
Skip test which is 64bits only
5.5.37 now
Conflicts:
configure.in
ext/mcrypt/mcrypt.c
ext/spl/spl_directory.c
main/php_version.h
Always duplicate the array before doing a sort with user-defined
comparison function, to avoid access to the intermediate
inconsistent state.
I've also dropped the "array modification" warning, as protection
against modifications is no longer relevant if we're always working
on a copy anyway.
This also required some changes to how SplArray forwards calls to
sorting functions.
a) Fix uses of zend_string in error message
b) Don't assign the overloaded object as the backing storage, that
sort of defeats the point. Instead leave the previous value.
Instead use the AOs own applyCount that just got freed up. Using the
apply count of the HashTable has various side effects, e.g. preventing
the ArrayObject from being dumped.
We still keep the same output length, for people who rely on the
return value having a specific format. The handler part will now
simply be always the same (it was the same nearly always anyway).
The motivation behind this change is to avoid breaking
spl_object_hash() and SplObjectStorage if an extension changes the
handlers table of an object. This has come up, for example, in
weakref implementations.
* 'PHP-7.0' of git.php.net:/php-src:
update NEWS
update NEWS
fix merge mistake
Added test for bug #71201
Bug #71201 round() segfault on 64-bit builds
Sort 7.0.1 extensions' entries
Added test for bug #71201
Bug #71201 round() segfault on 64-bit builds
Add CVE for #71020 (PHP 7.0.1)
Update NEWS & Fixed test
Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading)
This should never fail
Fixed bug #71202 (Autoload function registered by another not activated immediately)
Updated NEWS
Added support for HTTP 451
