php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
135,551 Commits 545 Branches 1,479 Tags
bd7d3c38ad2e7f67e24014fc5651471ce29487a7
Commit Graph

135551 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jakub Zelenka
bd7d3c38ad Get rid of atime change testing in bug72666_variation3.phpt 2025-03-17 14:49:22 +01:00
Katherine456719
38e553e418 Fix GH-18082: Memory leaks in fuzzer SAPI error paths 
Closes GH-18081.
 2025-03-16 16:37:59 +01:00
David Carlier
005c7b5797 ext/intl: Fix Uconverter::transcode with substitutes as references. 
close GH-18059
 2025-03-15 11:37:08 +00:00
David Carlier
f34859cb90 ext/intl: Fix dateformat_format when the time is an array of references. 2025-03-15 11:33:17 +00:00
Arnaud Le Blanc
1c182674b0 Destroy temporary module classes in reverse order 
We destroy classes of dl()'ed modules in clean_module_classes(), during
shutdown. Child classes of a module use structures of the parent class (such as
inherited properties), which are destroyed earlier, so we have a use-after-free
when destroying a child class.

Here I destroy classes in reverse order, as it is done in zend_shutdown() for
persistent classes.

Fixes GH-17961
Fixes GH-15367
 2025-03-14 10:45:17 +01:00
Niels Dossche
a7d2703246 Correct check for maximum string length in JIT helpers 
This is a bit of a theoretical issue, but the maximum string length is
actually ZSTR_MAX_LEN instead of SIZE_MAX. The resulting check is a bit
slower but should still be relatively cheap.

Closes GH-18049.
 2025-03-13 23:47:45 +01:00
Jakub Zelenka
1158a1ef3b Merge branch 'PHP-8.2' into PHP-8.3 2025-03-13 22:28:53 +01:00
Jakub Zelenka
e144c58fb2 Merge branch 'PHP-8.1' into PHP-8.2 2025-03-13 22:25:53 +01:00
Jakub Zelenka
70c2ebb698 Fix typo in GHSA-hgf5-96fm-v528 NEWS entry 2025-03-13 22:24:49 +01:00
Niels Dossche
27affd8da1 Fix GH-18018: RC1 data returned from offsetGet causes UAF in ArrayObject 
We should first check truthiness and only after that destroy the value.

Closes GH-18034.
 2025-03-13 19:10:34 +01:00
Pierrick Charron
945f5b83f4 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  [skip ci] Fix invalid release date of 8.1.1
 2025-03-13 13:48:48 -04:00
Pierrick Charron
2003421454 [skip ci] Fix release dates on NEWS 2025-03-13 13:48:38 -04:00
Pierrick Charron
d9c0a49cba [skip ci] Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  [skip ci] Fix invalid release date of 8.1.1
 2025-03-13 13:47:22 -04:00
Pierrick Charron
c62523666c [skip ci] Fix invalid release date of 8.1.1 2025-03-13 13:45:08 -04:00
Pierrick Charron
54f93f127e [skip ci] Fix release date of 8.3.19 2025-03-13 13:14:37 -04:00
Ilija Tovilo
276c2a67ef Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix flaky connection count in mysqli test
 2025-03-13 16:47:20 +01:00
Ilija Tovilo
f390425db3 Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Fix flaky connection count in mysqli test
 2025-03-13 16:46:03 +01:00
Ilija Tovilo
00ebd2d7f2 Fix flaky connection count in mysqli test 
Use connection ID instead of count to check whether we're using a
persistent connection. This allows the test to be run in parallel with
the other tests, but also protects against the possibility that some
other service connects to the mysql server.

Closes GH-18040
 2025-03-13 16:40:33 +01:00
Remi Collet
69480be12a Relax test expectation for pcre2lib 10.45 Using e92848789a 
Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
 2025-03-13 07:46:18 +01:00
David Carlier
c3fc94c4b8 ext/intl: fix locale_compose/locale_lookup to be able to deal with references. 
close GH-18035
 2025-03-12 22:18:34 +00:00
Eric Mann
517d7d909d PHP-8.3 is now for PHP-8.3.20-dev 2025-03-12 06:34:55 -07:00
Kévin Dunglas
009b5e2bfd fix GH-8533: dynamic libphp linking on Mac 
Pass the -dynamiclib flag to libtool to build
a valid Mac dylib.

Closes GH-8533.
 2025-03-12 07:40:02 +01:00
Pierrick Charron
25887b350d Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  PHP-8.2 is now for PHP 8.2.29-dev
 2025-03-11 18:32:58 -04:00
Pierrick Charron
b617b0832c PHP-8.2 is now for PHP 8.2.29-dev 2025-03-11 18:31:23 -04:00
Ben Ramsey
4d4205675a Merge branch 'PHP-8.2' into PHP-8.3 2025-03-11 16:43:07 -05:00
Ben Ramsey
b6d61f5ec0 Merge branch 'PHP-8.1' into PHP-8.2 2025-03-11 16:42:29 -05:00
Ben Ramsey
858c378930 PHP-8.1 is now for PHP 8.1.33-dev 2025-03-11 16:34:23 -05:00
Ilija Tovilo
ef2c459941 Use-after-free for ??= due to incorrect live-range calculation 
Fixes GHSA-rwp7-7vc6-8477
 2025-03-11 22:10:21 +01:00
Jakub Zelenka
acf2f4988a Merge branch 'PHP-8.2' into PHP-8.3 2025-03-11 22:09:00 +01:00
Jakub Zelenka
4af1830356 Merge branch 'PHP-8.1' into PHP-8.2 2025-03-11 21:57:33 +01:00
Jakub Zelenka
74d548bf58 Update NEWS with entries for security fixes 2025-03-11 21:50:17 +01:00
Niels Dossche
0e715e71d9 Fix GHSA-wg4p-4hqh-c3g9 2025-03-11 21:50:17 +01:00
Tim Düsterhus
b6004a043c Fix GHSA-p3x9-6h7p-cgfc: libxml streams wrong content-type on redirect 
libxml streams use wrong content-type header when requesting a
redirected resource.
 2025-03-11 21:50:17 +01:00
Jakub Zelenka
41d49abbd9 Fix GHSA-hgf5-96fm-v528: http user header check of crlf 2025-03-11 21:50:16 +01:00
Jakub Zelenka
ac1a054bb3 Fix GHSA-52jp-hrpf-2jff: http redirect location truncation 
It converts the allocation of location to be on heap instead of stack
and errors if the location length is greater than 8086 bytes.
 2025-03-11 21:50:16 +01:00
Jakub Zelenka
0548c4c175 Fix GHSA-pcmh-g36c-qc44: http headers without colon 
The header line must contain colon otherwise it is invalid and it needs
to fail.

Reviewed-by: Tim Düsterhus <tim@tideways-gmbh.com>
 2025-03-11 21:50:16 +01:00
Jakub Zelenka
d20b4c97a9 Fix GHSA-ghsa-v8xr-gpvj-cx9g: http header folding 
This adds HTTP header folding support for HTTP wrapper response
headers.

Reviewed-by: Tim Düsterhus <tim@tideways-gmbh.com>
 2025-03-11 21:50:16 +01:00
Eric Mann
175b962f55 Fix NEWS versions for posterity 2025-03-11 12:06:18 -07:00
Niels Dossche
1befdce0e6 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix test GH-16535 for libxml2 2.14
  Fix tests for libxml2 2.14
 2025-03-10 20:23:36 +01:00
Niels Dossche
b5471300d2 Fix test GH-16535 for libxml2 2.14 2025-03-10 20:23:23 +01:00
Niels Dossche
239b01db7c Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Fix tests for libxml2 2.14
 2025-03-10 20:22:27 +01:00
Niels Dossche
f209eb448e Fix tests for libxml2 2.14 
See GH-18009.
 2025-03-10 20:22:11 +01:00
Ilija Tovilo
cfc7652a28 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Increase CircleCI no_output_timeout
 2025-03-10 13:38:01 +01:00
Ilija Tovilo
9842508580 Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Increase CircleCI no_output_timeout
 2025-03-10 13:37:46 +01:00
Ilija Tovilo
ee7fcf2a07 Increase CircleCI no_output_timeout 
Closes GH-18002
 2025-03-10 13:37:24 +01:00
Ilija Tovilo
33c75d98c9 Merge branch 'PHP-8.2' into PHP-8.3 2025-03-10 11:28:29 +01:00
Ilija Tovilo
d6172ce37a [skip ci] Ignore snmp test on asan that frequently times out 
Not sure why this happens only on master.

Cherry-picked from becf207d0c
No longer happens just on master. ;)
 2025-03-10 11:24:27 +01:00
Niels Dossche
9be9f70caa Fix weird unpack behaviour in DOM 
Engine pitfall: the iter index is only updated by foreach opcodes, so
the existing code that used it as an index for the nodes w.r.t. the
start did not work properly. Fix it by using our own counter.

Closes GH-18004.
 2025-03-09 11:17:03 +01:00
Niels Dossche
c7d3dc6fab Fix GH-17989: mb_output_handler crash with unset http_output_conv_mimetypes 
The INI option can be NULL or invalid, resulting in a NULL global.
So we have to add a NULL check.

Closes GH-17996.
 2025-03-09 11:16:33 +01:00
Ilija Tovilo
d6ee360f7b Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Suppress snmp lib memory leak, skip ASAN tests
 2025-03-08 16:12:17 +01:00