2ba3b27594
Revert "Fix #73530 : Unsetting result set may reset other result set"
...
This reverts commit eb570294a2
2016-12-29 12:59:04 +01:00
60da307c61
update NEWS
2016-12-08 07:05:32 +01:00
266ecb6d0a
Fix bug #73631 - Invalid read when wddx decodes empty boolean element
2016-12-05 21:40:55 -08:00
36d02a36ae
add NEWS
2016-11-27 15:38:09 -08:00
5049ef2f1c
Fix #73549 : Use after free when stream is passed to imagepng
...
If a stream is passed to imagepng() or other image output functions,
opposed to a filename, we must not close this stream.
2016-11-27 14:51:02 -08:00
bc85678df3
Add more mbfl string size checks (bug #73505 )
2016-11-26 14:49:48 -08:00
e715dafae0
5.6.30 will be next
2016-11-24 01:54:23 +01:00
0796db97d4
update NEWS
2016-11-22 00:57:18 +01:00
1d352645fc
update NEWS
2016-11-21 19:56:09 +01:00
e44deba1e9
Fix #64526 : Add missing mysqlnd.* parameters to php.ini-*
2016-11-18 14:17:19 +01:00
c4f1c20d80
Updated NEWS
2016-11-17 11:37:13 +01:00
eb570294a2
Fix #73530 : Unsetting result set may reset other result set
...
Calling sqlite3_reset() when a result set object is freed can cause
undesired and maybe even hard to track interference with other result
sets. Furthermore, there is no need to call sqlite3_reset(), because
that is implicitly called on SQLite3Stmt::execute(), and users are
encouraged to explicitly call either SQLite3Result::finalize() or
SQLite3Stmt::reset() anyway.
2016-11-16 11:49:04 +01:00
ecba563f2f
Fixed bug #69090 (check cached files permissions)
2016-11-16 12:43:10 +03:00
e922d89f66
add missing NEWS entry
2016-11-09 21:32:44 +01:00
87673d6e99
add missing NEWS entries
2016-11-09 02:12:16 +01:00
493b2bff02
Fix bug #72776 (Invalid parameter in memcpy function trough openssl_pbkdf2)
2016-11-06 20:40:51 +00:00
ef75ddd4f9
Fixed bug #73402 (Opcache segfault when using class constant to call a method)
2016-10-29 23:41:51 +08:00
9b3a1e00ab
5.6.29 will be next
2016-10-27 23:10:59 +02:00
cd13d0260a
Fix #72494 : imagecropauto out-of-bounds access
...
This issue has actually already been fixed with commit 46f2c690. We're
adding a regression test and a NEWS entry, and also port the fix in
gdImageCropThreshold() from libgd:
* <https://github.com/libgd/libgd/commit/b347e034 >
* <https://github.com/libgd/libgd/commit/46f2c690 >
2016-10-25 14:29:48 +02:00
6558559bcc
Fixed bug #73337 (try/catch not working with two exceptions inside a same operation)
2016-10-18 14:48:01 +03:00
86e603a664
Fix #73333 : 2147483647 is fetched as string
...
We return all integers that can be represented as such by PHP as
integers, and only those that exceed the possible range as strings.
On builds which represent integers with 64 bits, the range check is
unnecessary and might cause code checkers to complain, so we skip this
special casing via the preprocessor according to
<http://git.php.net/?p=php-src.git;a=commit;h=99d087e5 >.
2016-10-17 23:34:41 +02:00
f7bf9650aa
add missing NEWS entries for 5.6.27
2016-10-14 08:06:14 +02:00
cc08cbc84d
Fix #73280 : Stack Buffer Overflow in GD dynamicGetbuf
...
We make sure to never pass a negative `rlen` as size to memcpy().
Cf. <https://github.com/libgd/libgd/commit/53110871 >.
2016-10-13 11:10:02 +02:00
43ccf23d70
Clear FG(user_stream_current_filename) when bailing out
...
If a userwrapper opener E_ERRORs then FG(user_stream_current_filename)
would remain set until the next request and would not be pointing
at unallocated memory.
Catch the bailout, clear the variable, then continue bailing.
Closes https://bugs.php.net/bug.php?id=73188
2016-10-11 21:55:01 -07:00
4165d97606
update NEWS
2016-10-10 20:55:44 +02:00
fc989fc6e7
Fix #73279 : Integer overflow in gdImageScaleBilinearPalette()
...
The color components are supposed to be in range 0..255, so we must not
cast them to `signed char`, what can be the default for `char`.
Port of <https://github.com/libgd/libgd/commit/77c8d359 >.
2016-10-10 11:41:39 +02:00
b92216b97d
Fix #73272 : imagescale() affects imagesetinterpolation()
...
We must not permanently change the interpolation method, but rather
have to restore the old method after we're done with scaling the image.
2016-10-09 15:10:34 +02:00
9acfb1a3a5
Fix #73213 : Integer overflow in imageline() with antialiasing
...
We port the respective fixes <https://github.com/libgd/libgd/commit/eca37d620 >
and <https://github.com/libgd/libgd/commit/837b7327 > to our bundled libgd.
2016-09-30 23:38:13 +02:00
e72165bb86
Fix #73203 : passing additional_parameters causes mail to fail
...
We make sure that there's no unsigned underflow, which happened for `y==0`.
2016-09-30 11:38:09 +02:00
703c247c7d
5.6.28 is next
2016-09-29 00:55:36 +02:00
8f5eda4bf6
Fix #73161 : imagecreatefromgd2() may leak memory
2016-09-24 12:36:54 +02:00
709731797c
Fix #73159 : imagegd2(): unrecognized formats may result in corrupted files
...
We must not apply the format correction twice for truecolor images.
2016-09-24 11:28:20 +02:00
c7936ead8f
Fix #73155 : imagegd2() writes wrong chunk sizes on boundaries
2016-09-24 10:33:49 +02:00
1da79a6c6e
Fix #73157 (again): imagegd2() ignores 3rd param if 4 are given
...
Obviously, there was a bad merge.
2016-09-24 00:35:24 +02:00
9a2a45c1df
Update NEWS
2016-09-23 16:23:58 +02:00
6682673070
Fix #73100 : session_destroy null dereference in ps_files_path_create
2016-09-16 23:41:10 +02:00
01c7c6b152
Updte NEWS
2016-09-16 20:55:37 +08:00
46df064261
Fix #73003 : Integer Overflow in gdImageWebpCtx of gd_webp.c
...
We add the missing integer overflow check to avoid potential buffer overflows.
2016-09-16 11:37:18 +02:00
1d7484077a
update NEWS
2016-09-15 11:35:46 +02:00
09eb6ed35e
Fix #50194 : imagettftext broken on transparent background w/o alphablending
...
We must not draw the background pixels of the character glyphs, what has
already been fixed in GD 2.0.26.
2016-09-14 15:47:32 +02:00
05baa92727
Fix bug #73072 (Invalid path SNI_server_certs causes segfault)
2016-09-13 18:15:34 +01:00
6c9d37d059
update NEWS
2016-09-10 11:02:17 +02:00
23e721fc93
Fix #73054 : default option ignored when object passed to int filter
...
If an object that can't be converted to string is validated, we must not
bail out early, but rather check for a requested default value.
2016-09-09 14:30:24 +02:00
cb91a51b00
Partially fix bug #67167 - Wrong return value...
...
...from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE
The remainer of the fix would require the filter functions to only
convert to string when it makes sense for that particular filter.
(cherry picked from commit 432dc527ad
2016-09-09 12:45:46 +02:00
38553e853b
Fixed Bug #68015 Session does not report invalid uid for files save handler
2016-09-09 11:31:54 +09:00
fb1c46f013
Update NEWS
2016-09-08 13:35:30 +09:00
dad793630d
Fix #73025 : Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c
...
`command_length` is retrieved via strlen() and later passed to emalloc()
and memcpy(), so the appropriate type is `size_t`.
We don't add a regression test, because that would need to allocate a string
of at least 2 GiB.
2016-09-06 12:05:58 +02:00
3a35d43ad9
Update NEWS
2016-09-06 18:29:20 +09:00
8aad3131a1
Fix #70752 : Depacking with wrong password leaves 0 length files
...
We should not open the output stream before we have tried to open the
archive entry, as failing the latter could leave an empty file behind.
2016-09-06 01:03:46 +02:00
dd6da58fac
Updated NEWS
2016-09-05 17:03:29 +02:00
Christoph M. Becker