The WDDX specification[1] requires to serialize floats with a decimal
point, but `snprintf()` is locale-dependent and may use a decimal
comma. We fix that afterwards by replacing an eventual comma with a
point.
[1] <http://xml.coverpages.org/wddx0090-dtd-19980928.txt>
* PHP-7.0:
Fixed bug #73418 Integer Overflow in "_php_imap_mail" leads to crash
Fixed bug #73418 Integer Overflow in "_php_imap_mail" leads to crash
Fix#72696: imagefilltoborder stackoverflow on truecolor images
Fix#72482: Ilegal write/read access caused by gdImageAALine overflow
Fix bug #73144 and bug #73341 - remove extra dtor
remove unreferenced var came in with merge
Fix bug #73331 - do not try to serialize/unserialize objects wddx can not handle
Fix#72696: imagefilltoborder stackoverflow on truecolor images
Fix#72482: Ilegal write/read access caused by gdImageAALine overflow
fix version
set versions
Fix bug #73144 and bug #73341 - remove extra dtor
Fix bug #73331 - do not try to serialize/unserialize objects wddx can not handle
Proper soltion would be to call serialize/unserialize and deal with the result,
but this requires more work that should be done by wddx maintainer (not me).
(cherry picked from commit 6045de69c7)
Conflicts:
ext/wddx/wddx.c
Proper soltion would be to call serialize/unserialize and deal with the result,
but this requires more work that should be done by wddx maintainer (not me).
* PHP-7.0: (22 commits)
Fix bug #72293 - Heap overflow in mysqlnd related to BIT fields
I don't think 8cceb012a7 is needed
Fix test
Add check in fgetcsv in case sizeof(unit) != sizeof(size_t)
Fix bug #73065: Out-Of-Bounds Read in php_wddx_push_element of wddx.c
Fix bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile)
Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction
Fix bug #73029 - Missing type check when unserializing SplArray
Fix bug #72860: wddx_deserialize use-after-free
Fix bug #73007: add locale length check
Fix bug #72928 - Out of bound when verify signature of zip phar in phar_parse_zipfile
sync NEWS
Revert "Merge branch 'PHP-5.6' into PHP-7.0"
Merge branch 'PHP-5.6' into PHP-7.0
Merge branch 'PHP-5.6' into PHP-7.0
Revert "Revert "Merge branch 'PHP-5.6' into PHP-7.0""
fix version
sync NEWS
Fix bug #72957
set versions
...
* PHP-5.5:
Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455: Heap Overflow due to integer overflows
Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed#72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275: don't allow smart_str to overflow int
Fix bug #72340: Double Free Courruption in wddx_deserialize
update NEWS
Fix#66387: Stack overflow with imagefilltoborder
Skip test which is 64bits only
5.5.37 now
Conflicts:
configure.in
ext/mcrypt/mcrypt.c
ext/spl/spl_directory.c
main/php_version.h
* PHP-5.5.32:
Fixed bug #71488: Stack overflow when decompressing tar archives
update NEWS
add missing headers for SIZE_MAX
backport the escapeshell* functions hardening branch
add tests
Fix bug #71459 - Integer overflow in iptcembed()
Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input
Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()
Fix bug #71335: Type Confusion in WDDX Packet Deserialization
Fix bug #71354 - remove UMR when size is 0
