8bf4eb461a
Merge branch 'PHP-7.1'
...
* PHP-7.1:
Add skipifs to some mb path tests
fix leak
fix mem leak
2016-09-02 19:47:08 +02:00
596f488e06
Add skipifs to some mb path tests
...
These were invented primarily to test the multibyte path handling
patch on Windows. How it turns out by PR #2105 , some test issues
on some filesystems are possible. Particularly HFS is configurable
to use different ways to save filenames, see
https://developer.apple.com/library/mac/qa/qa1173/_index.html
This makes it impossible to test the filenames byte wise, while
the results are still correct. There are still several other tests
using UTF-8 file names spread over other extensions. So far no
false positives are to see, they don't need to be touched.
2016-09-02 19:46:32 +02:00
72ac143f9f
Merge branch 'PHP-7.1'
...
* PHP-7.1:
Revert 39587c48178b7f594a2b24fdffdacb
2016-09-01 15:23:35 +02:00
5a9691bf08
Revert
...
39587c48178b7f594a2b24fdffdacb
2016-09-01 15:21:45 +02:00
b25d6b3c8a
Merge branch 'PHP-7.1'
2016-09-01 13:01:58 +02:00
cba560e67f
add extra test to protected behavior of compact and array string key order
2016-09-01 13:01:42 +02:00
00c2c3a476
fix unintentional bc break with compact('this') behavior
2016-09-01 13:01:38 +02:00
b51dca5eb4
Merge branch 'PHP-7.1'
2016-08-31 16:52:37 +02:00
9cc11dbded
Merge branch 'PHP-7.0' into PHP-7.1
2016-08-31 16:45:15 +02:00
f93fd8ce32
Merge branch 'PHP-5.6' into PHP-7.0
2016-08-31 16:38:38 +02:00
b2d267d9ee
Fix #71882 amendment 2: Negative ftruncate() on php://memory exhausts memory
2016-08-31 16:33:14 +02:00
b0eeb33f73
Merge branch 'PHP-7.1'
2016-08-31 14:33:43 +02:00
56ed966bc6
Merge branch 'PHP-7.0' into PHP-7.1
2016-08-31 14:32:24 +02:00
c563db6b44
Merge branch 'PHP-7.1'
...
* PHP-7.1:
Update NEWS
Implement \ArgumentCountError exception
2016-08-31 12:07:38 +02:00
12ee17d5e0
Implement \ArgumentCountError exception
2016-08-30 19:35:56 -07:00
10ca6884da
Merge branch 'PHP-7.1'
2016-08-30 13:45:58 +02:00
c361020f04
Merge branch 'PHP-7.0' into PHP-7.1
2016-08-30 13:45:49 +02:00
2c12a5f0a8
Merge branch 'PHP-5.6' into PHP-7.0
2016-08-30 13:44:59 +02:00
af7828a20f
Test case for bug #72771
2016-08-30 13:44:34 +02:00
2d72fcc5cd
Merge branch 'PHP-7.1'
2016-08-30 02:28:37 +02:00
38a7c0e0f7
Merge branch 'PHP-7.0' into PHP-7.1
2016-08-30 02:24:43 +02:00
65f0c163f9
Merge branch 'PHP-5.6' into PHP-7.0
2016-08-30 02:13:48 +02:00
207dab585a
Fix #71882 : Negative ftruncate() on php://memory exhausts memory
...
We must not pass negative sizes to a size_t parameter.
2016-08-30 02:05:45 +02:00
dc8be198cf
Merge branch 'PHP-7.1'
...
* PHP-7.1:
Fixed bug #72703 Out of bounds global memory read in BF_crypt triggered by password_verify
2016-08-29 20:35:16 +02:00
22a825db85
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
Fixed bug #72703 Out of bounds global memory read in BF_crypt triggered by password_verify
2016-08-29 20:34:44 +02:00
946335ba70
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fixed bug #72703 Out of bounds global memory read in BF_crypt triggered by password_verify
2016-08-29 20:32:55 +02:00
295303b590
Fixed bug #72703 Out of bounds global memory read in BF_crypt triggered by password_verify
2016-08-29 20:25:34 +02:00
534598894c
Merge branch 'PHP-7.1'
2016-08-27 01:32:23 +02:00
3a78530b8a
Merge branch 'PHP-7.0' into PHP-7.1
2016-08-27 01:23:36 +02:00
8fcfacf746
Merge branch 'PHP-5.6' into PHP-7.0
2016-08-27 01:18:10 +02:00
2139918ea6
Fix #65550 : get_browser() incorrectly parsers entries with "+" sign
...
+ signs in the browscap patterns are meant to be literal characters, so we
have to escape them for the regex matching.
2016-08-27 01:12:01 +02:00
93b8592092
Merge branch 'PHP-7.1'
...
* PHP-7.1:
call_user_func(_array): Don't abort on reference warning
2016-08-23 10:56:55 +03:00
906456c410
call_user_func(_array): Don't abort on reference warning
...
Change zend_call_function() to not abort the call if a non-reference
is passed to a reference argument. The usual warning will still be
thrown, but the call will proceed as usual.
2016-08-23 10:29:15 +03:00
6790932eaa
Merge branch 'PHP-7.1'
...
* PHP-7.1:
Fixed bug #72920 (Accessing a private constant using constant() creates an exception AND warning)
2016-08-22 23:44:50 +08:00
434ae90e85
Fixed bug #72920 (Accessing a private constant using constant() creates an exception AND warning)
2016-08-22 23:44:38 +08:00
e8ae2ba122
Merge branch 'PHP-7.1'
...
* PHP-7.1:
extend readdir utf-8 name test
2016-08-21 18:22:49 +02:00
096b0a556c
extend readdir utf-8 name test
2016-08-21 18:21:49 +02:00
f89dd84f12
Merge branch 'PHP-7.1'
...
* PHP-7.1:
fix tests
2016-08-17 12:41:54 +02:00
526e6bf818
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
fix tests
2016-08-17 12:41:38 +02:00
05c8a0771d
fix tests
...
The 70436 test is just a bonus for the hardening in 72633.
2016-08-17 12:39:35 +02:00
660d8f1622
Merge branch 'PHP-7.1'
...
* PHP-7.1: (49 commits)
Update NEWs
Update NEWs
Unused label
Fixed bug #72853 (stream_set_blocking doesn't work)
fix test
Bug #72663 - part 3
Bug #72663 - part 2
Bug #72663 - part 1
Update NEWS
BLock test with memory leak
fix tests
Fix TSRM build
Fix bug #72850 - integer overflow in uuencode
Fixed bug #72849 - integer overflow in urlencode
Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase
Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
Fix bug #72836 - integer overflow in base64_decode caused heap corruption
Fix for bug #72807 - do not produce strings with negative length
Fix for bug #72790 and bug #72799
...
2016-08-17 17:15:11 +08:00
ce6ad9bdd9
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0: (48 commits)
Update NEWs
Unused label
Fixed bug #72853 (stream_set_blocking doesn't work)
fix test
Bug #72663 - part 3
Bug #72663 - part 2
Bug #72663 - part 1
Update NEWS
BLock test with memory leak
fix tests
Fix TSRM build
Fix bug #72850 - integer overflow in uuencode
Fixed bug #72849 - integer overflow in urlencode
Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase
Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
Fix bug #72836 - integer overflow in base64_decode caused heap corruption
Fix for bug #72807 - do not produce strings with negative length
Fix for bug #72790 and bug #72799
Fix bug #72730 - imagegammacorrect allows arbitrary write access
...
Conflicts:
ext/standard/var_unserializer.c
2016-08-17 17:14:30 +08:00
3956deb1b2
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fixed bug #72853 (stream_set_blocking doesn't work)
Conflicts:
main/streams/plain_wrapper.c
2016-08-17 16:56:02 +08:00
abe00908af
Fixed bug #72853 (stream_set_blocking doesn't work)
...
Implemented PHP_STREAM_OPTION_META_DATA_API for plain_wrappers
2016-08-17 16:54:21 +08:00
e0f9fbdfa6
Bug #72663 - part 3
...
When using the php_serialize session serialization handler, do
not use the result of the unserialization if it failed.
2016-08-17 01:01:03 -07:00
61f2f5a0f7
Bug #72663 - part 2
...
If a (nested) unserialize() call fails, we remove all the values
that were inserted into var_hash during that call. This prevents
their use in other unserializations in the same context.
2016-08-17 00:47:02 -07:00
2135fdef9b
Bug #72663 - part 1
...
Don't call __destruct() on an unserialized object that has a
__wakeup() method if either
a) unserialization of its properties fails or
b) the __wakeup() call fails (e.g. by throwing).
This basically treats __wakeup() as a form of constructor and
aligns us with the usual behavior that if the constructor call
fails the destructor should not be called.
The security aspect here is that people use __wakeup() to prevent
unserialization of objects with dangerous __destruct() methods,
but this is ineffective if __destruct() can still be called while
__wakeup() was skipped.
2016-08-17 00:45:57 -07:00
0d13325b66
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6: (24 commits)
Update NEWS
BLock test with memory leak
fix tests
Fix TSRM build
Fix bug #72850 - integer overflow in uuencode
Fixed bug #72849 - integer overflow in urlencode
Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase
Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
Fix bug #72836 - integer overflow in base64_decode caused heap corruption
Fix for bug #72807 - do not produce strings with negative length
Fix for bug #72790 and bug #72799
Fix bug #72730 - imagegammacorrect allows arbitrary write access
Fix bug#72697 - select_colors write out-of-bounds
Fixed bug #72627 : Memory Leakage In exif_process_IFD_in_TIFF
Fix bug #72750 : wddx_deserialize null dereference
Fix bug #72771 : ftps:// opendir wrapper is vulnerable to protocol downgrade attack
Improve fix for #72663
Fix bug #70436 : Use After Free Vulnerability in unserialize()
Fix bug #72749 : wddx_deserialize allows illegal memory access
...
Conflicts:
Zend/zend_API.h
ext/bz2/bz2.c
ext/curl/interface.c
ext/ereg/ereg.c
ext/exif/exif.c
ext/gd/gd.c
ext/gd/tests/imagetruecolortopalette_error3.phpt
ext/gd/tests/imagetruecolortopalette_error4.phpt
ext/session/session.c
ext/snmp/snmp.c
ext/standard/base64.c
ext/standard/ftp_fopen_wrapper.c
ext/standard/quot_print.c
ext/standard/url.c
ext/standard/uuencode.c
ext/standard/var.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/wddx/tests/bug72790.phpt
ext/wddx/tests/bug72799.phpt
ext/wddx/wddx.c
sapi/cli/generate_mime_type_map.php
2016-08-17 00:43:33 -07:00
4bf5c3187f
BLock test with memory leak
2016-08-16 22:55:44 -07:00
639f7fde6a
Improve fix for #72663
2016-08-16 22:55:20 -07:00
Anatol Belski