This patch adds missing newlines, trims multiple redundant final
newlines into a single one, and trims redundant leading newlines in all
*.phpt sections.
According to POSIX, a line is a sequence of zero or more non-' <newline>'
characters plus a terminating '<newline>' character. [1] Files should
normally have at least one final newline character.
C89 [2] and later standards [3] mention a final newline:
"A source file that is not empty shall end in a new-line character,
which shall not be immediately preceded by a backslash character."
Although it is not mandatory for all files to have a final newline
fixed, a more consistent and homogeneous approach brings less of commit
differences issues and a better development experience in certain text
editors and IDEs.
[1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_206
[2] https://port70.net/~nsz/c/c89/c89-draft.html#2.1.1.2
[3] https://port70.net/~nsz/c/c99/n1256.html#5.1.1.2
Validate that "C" serialization payload is followed by "}" prior to
calling the unserialize() handler. This mitigates issues caused by
unserialize() not correctly handling strings that are not NUL
terminated. Making sure that there is a "}" at the end avoids the
problem.
PHP requires integer typehints to be written "int" and does not
allow "integer" as an alias. This changes type error messages to
match the actual type name and avoids confusing messages like
"must be of the type integer, integer given".
The current doc states max ram for a test VM would be 7.5G, the
currently used container image has even less. This skip should be
revisited, as the available memory amount shifts. The way of checking
/proc/meminfo doesn't work reliably on containers at least, thus
skipping explicitly on Travis-CI makes sense.
However, don't require internal functions returning by reference to return a reference.
Mark unserialize() as returning by reference and remove unwrap_reference hack, to allow proper returning of self referenced arrays using a reference.
Currently unserialize() is the only internal function that may return a reference.
E_RECOVERABLE errors are reported as "Catchable fatal error". This is
misleading, because they actually can't be caught via try-catch statements.
Therefore we change the wording to "Recoverable fatal error" as suggested by
Nikita.
Factorials only make sense for integer inputs.
To do something factorial-like, the Gamma Function
should be used instead.
However, at this point it's no longer a factorial.
For PHP/GMP, we'll raise a warning on trying to use
a non-integer input, but carry on returning the truncated
value as we used to (avoiding BC breakage).
* PHP-5.6: (21 commits)
fix unit tests
update NEWS
add NEWS for fixes
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
...
Conflicts:
ext/exif/exif.c
ext/gmp/gmp.c
ext/pcre/php_pcre.c
ext/session/session.c
ext/session/tests/session_decode_variation3.phpt
ext/soap/soap.c
ext/spl/spl_observer.c
ext/standard/var.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/xsl/xsltprocessor.c
Diophantine solution here since it can vary based
on the libgmp version we are linking against and
in general there are almost always multiple valid
solutions
Diophantine solution here since it can vary based
on the libgmp version we are linking against and
in general there are almost always multiple valid
solutions
* PHP-5.6:
update NEWS and UPGRADING
Upated NEWS
Address issues raised by @nikic
Make sure min < max
Mersenne Twister was added in GMP 4.2
Add test files
Add gmp_random_bits(bits) and gmp_random_range(min, max)
Change GMPs default PRNG to Mersenne Twister
Conflicts:
ext/gmp/gmp.c
