php_check_open_basedir() expects a local filesystem path,
but we're handing it a `glob://...` URI instead.
Move the check to after the path trim so that we're checking
a meaningful pathspec.
The stream handler assumed all HTTP headers contained exactly one space,
but the standard says there may be zero or more. Should fix Bug #47021,
and any other edge cases caused by a web server sending unusual spacing,
e.g. the MIME type discovered from Content-Type: can no longer contain
leading whitespace.
We strip trailing whitespace from the headers added into
$http_response_header as well.
* PHP-5.6:
Fix bug #73737 FPE when parsing a tag format
Fix bug #73773 - Seg fault when loading hostile phar
Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data()
Fix bug #73768 - Memory corruption when loading hostile phar
Fix int overflows in phar (bug #73764)
* PHP-5.6.30:
Fix bug #73737 FPE when parsing a tag format
Fix bug #73773 - Seg fault when loading hostile phar
Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data()
Fix bug #73768 - Memory corruption when loading hostile phar
Fix int overflows in phar (bug #73764)
Testing corpus provided by Anatol against current browscap.ini lite.
About 30% of all agents are not recognized by this browscap.ini,
but this should give us decent coverage.
Particularly on slower VMs, the sporadic fails can still happen.
The timing is kept in an uncritical range, but allows the tests
pass there. Mayby, it'd make sense to introduce a new group for
this kind of tests, so tests requiring exact time measurement
can be avoided on unsuitable environments.
The E_WARNING message from the PHP function lchown is passed
from the system function lchown. The error message returned
from lchown can be filesystem dependent.
* phpsec/PHP-7.0.13:
Fixed bug #73418 Integer Overflow in "_php_imap_mail" leads to crash
Fix#72696: imagefilltoborder stackoverflow on truecolor images
Fix#72482: Ilegal write/read access caused by gdImageAALine overflow
Fix bug #73144 and bug #73341 - remove extra dtor
remove unreferenced var came in with merge
Fix bug #73331 - do not try to serialize/unserialize objects wddx can not handle
fix version
set versions
Anatol Belski