e8dff92e88
Revert fix for GH-14930: truncating readdir output
2024-08-21 23:19:24 +01:00
9f570163b3
Merge branch 'PHP-8.2' into PHP-8.3
...
* PHP-8.2:
Fix CI failure on macOS after Curl update
2024-07-28 14:34:35 +02:00
fdae7c23f0
Fix CI failure on macOS after Curl update
2024-07-28 14:34:26 +02:00
014e515ccc
Merge branch 'PHP-8.2' into PHP-8.3
...
* PHP-8.2:
Fix CI failure after Curl update (#15124 )
2024-07-27 16:11:26 +02:00
404bd30810
Fix CI failure after Curl update ( #15124 )
2024-07-27 16:09:50 +02:00
5bac3c27c9
Merge branch 'PHP-8.2' into PHP-8.3
2024-07-22 22:58:18 +01:00
ba909d7c43
Fix GH-14780: p(f)sockopen overflow on timeout argument.
...
close GH-14785
2024-07-22 22:57:59 +01:00
a0e1e085d8
Merge branch 'PHP-8.2' into PHP-8.3
...
* PHP-8.2:
Fix passing non-finite timeout values in stream functions
2024-07-22 17:52:53 +02:00
fdcfd62b9b
Fix passing non-finite timeout values in stream functions
...
Closes GH-15061.
2024-07-22 17:52:21 +02:00
c26d1a36e2
Merge branch 'PHP-8.2' into PHP-8.3
...
* PHP-8.2:
Fix GH-15034: Integer overflow on stream_notification_callback byte_max parameter with files bigger than 2GB
2024-07-21 22:02:47 +02:00
cfcc2a3fda
Fix GH-15034: Integer overflow on stream_notification_callback byte_max parameter with files bigger than 2GB
...
We were using atoi, which is only for integers. When the size does not
fit in an integer this breaks. Use ZEND_STRTOUL instead. Also make sure
invalid data isn't accidentally parsed into a file size.
Closes GH-15035.
2024-07-21 22:02:11 +02:00
38501ed48a
Fix GH-14930: Custom stream wrapper dir_readdir output truncated to 255 characters in PHP 8.3
...
Revert "Reserve less file space if possible in a directory entry"
This reverts commit 00c1e7bf0f
2024-07-12 19:26:42 +02:00
0b28914a26
Merge branch 'PHP-8.2' into PHP-8.3
2024-07-06 20:44:20 +01:00
237518763f
Fix GH-14774 time_sleep_until overflow.
2024-07-06 20:43:59 +01:00
7ee7492f30
Merge branch 'PHP-8.2' into PHP-8.3
...
* PHP-8.2:
NEWS for GH-14814
ext/standard/tests: strings/wordwrap_memory_limit_32bit.phpt has two outputs
ext/standard/tests: 32bit wordwrap tests aren't just for Windows
2024-07-04 15:56:43 +02:00
27dd393be9
ext/standard/tests: strings/wordwrap_memory_limit_32bit.phpt has two outputs
...
It turns out that on a 32-bit system, this test can produce either the
"usual" expected output from the 64-bit test, OR the 32-bit-only
integer overflow message. We copy the dual expected outputs from
chunk_split_variation1_32bit.phpt to handle both cases.
This fixes an earlier commit that split the two tests based only on
the size of an int (32-bit versus 64-bit). The CI reveals that, at
least on a debug/zts build, the "64-bit" memory limit error (and not
the integer overflow error) is still produced.
2024-07-04 15:55:05 +02:00
68a0efedeb
ext/standard/tests: 32bit wordwrap tests aren't just for Windows
...
The test in strings/wordwrap_memory_limit.phpt has a counterpart in
strings/wordwrap_memory_limit_win32.phpt. The two are conditional on
both the OS name and the size of an int (32- versus 64-bits).
A Gentoo Linux user has however reported that the 64-bit test fails on
a 32-bit system, with precisely the error message that the "win32"
test is expecting. I don't have any 32-bit hardware to test myself,
but I think it's reasonable to conclude that the OS name is not an
essential part of the test: it's simply 32- versus 64-bit.
This commit drops the conditionals for the OS name. Now one test will
be run on 32-bit systems, and the other on 64-bit systems, regardless
of the OS name.
Bug: https://bugs.gentoo.org/935382
2024-07-04 15:55:04 +02:00
9c460bc65f
Merge branch 'PHP-8.2' into PHP-8.3
...
* PHP-8.2:
ext/standard/tests: use %d instead of bytes in an overflow message
2024-07-04 00:48:35 +02:00
a8d1955348
ext/standard/tests: use %d instead of bytes in an overflow message
...
In strings/chunk_split_variation1_32bit.phpt, we have a test that is
expected to fail on x32 with a possible integer overflow error. The
message reports the exact number of bytes -- a number big enough to
overflow an int on x32 -- stemming from a memory allocation in
chunk_split().
This number appears unpredictable, and is not the point of the test.
We replace it with %d to make the test independent of the allocation
details.
2024-07-04 00:48:01 +02:00
15bea9ed74
Fix GH-14775: range overflow on negative step.
...
overflow occurs since we only deal with positive steps.
close GH-14778
2024-07-03 18:57:25 +01:00
31798e4b6d
Merge branch 'PHP-8.2' into PHP-8.3
2024-06-13 14:04:13 +01:00
e0e9eb4053
Merge branch 'fix-anonymous-socket-at-length-boundary' into PHP-8.2
2024-06-13 14:03:46 +01:00
22ac07a886
Merge branch 'PHP-8.2' into PHP-8.3
...
* PHP-8.2:
Fix windows rename test directories clashing
2024-06-13 14:03:26 +02:00
8d9f9755e8
Fix windows rename test directories clashing
...
Closes GH-14554
2024-06-13 14:02:57 +02:00
ad56ec7bbf
Fixed off-by-one error in checking length of abtract namespace Unix sockets
2024-06-13 12:46:22 +01:00
e4453dcbd2
Merge branch 'PHP-8.2' into PHP-8.3
2024-06-05 01:11:30 -05:00
8aff5b49c3
Merge branch 'PHP-8.1' into PHP-8.2
2024-06-05 01:10:47 -05:00
4b15f5d4ec
Fix GHSA-9fcc-425m-g385: bypass CVE-2024-1874
...
The old code checked for suffixes but didn't take into account trailing
whitespace. Furthermore, there is peculiar behaviour with trailing dots
too. This all happens because of the special path-handling code inside
CreateProcessW.
By studying Wine's code, we can see that CreateProcessInternalW calls
get_file_name [1] in our case because we haven't provided an application
name. That code gets the first whitespace-delimited string into app_name
excluding the quotes. It's then passed to create_process_params [2]
where there is the path handling code that transforms the command line
argument to an image path [3]. Inside Wine, the extension check if
performed after these transformations [4]. By doing the same thing in
PHP we match the behaviour and can properly match the extension even in
the given edge cases.
[1] https://github.com/wine-mirror/wine/blob/166895ae3ad3890ad946a309d0fd85e89ea3630e/dlls/kernelbase/process.c#L542-L543
[2] https://github.com/wine-mirror/wine/blob/166895ae3ad3890ad946a309d0fd85e89ea3630e/dlls/kernelbase/process.c#L565
[3] https://github.com/wine-mirror/wine/blob/166895ae3ad3890ad946a309d0fd85e89ea3630e/dlls/kernelbase/process.c#L150-L151
[4] https://github.com/wine-mirror/wine/blob/166895ae3ad3890ad946a309d0fd85e89ea3630e/dlls/kernelbase/process.c#L647-L654
2024-06-05 00:26:14 -05:00
e206b68403
Merge branch 'PHP-8.2' into PHP-8.3
...
* PHP-8.2:
ext/standard: Fix test conflict with I/O tests
2024-06-02 17:03:44 +01:00
75f6132818
ext/standard: Fix test conflict with I/O tests
...
Closes GH-14428
2024-06-02 17:03:19 +01:00
72e5ea0f49
Merge branch 'PHP-8.2' into PHP-8.3
2024-05-24 23:35:11 +01:00
19cb9c7b4a
Fix GH-12104 attempt
...
using stream_select to gives the chance to process the data.
close GH-14311
2024-05-24 23:34:46 +01:00
9c9f49a1f4
Merge branch 'PHP-8.2' into PHP-8.3
2024-05-20 15:49:46 +01:00
0a8fbef996
Added test
2024-05-20 15:13:53 +01:00
cce922e49b
Merge branch 'PHP-8.2' into PHP-8.3
...
* PHP-8.2:
Fix nightly test failure (#14251 )
2024-05-16 20:01:38 +02:00
02b7d70fa9
Fix nightly test failure ( #14251 )
...
The created files have the same filename, creating conflicts. Fix this
by adding a unique suffix.
2024-05-16 20:00:46 +02:00
49b5ab2057
Merge branch 'PHP-8.2' into PHP-8.3
...
* PHP-8.2:
Fix tests for glibc 2.39 (#14097 )
2024-05-01 20:43:42 +02:00
b6b9eab68e
Fix tests for glibc 2.39 ( #14097 )
...
2.39 has fixed inconsistent (mon_)grouping formats in localedata:
* https://sourceware.org/git/?p=glibc.git;a=blob;f=NEWS;hb=refs/tags/glibc-2.39#l237
* https://sourceware.org/git/?p=glibc.git;a=blob;f=localedata/locales/en_AU;hb=refs/tags/glibc-2.39#l65
For en_AU locale now it returns array of 1 item instead of 2 for
grouping and mon_grouping.
Since this is upstream change depending on the system, this only syncs
tests for such case.
2024-05-01 20:43:00 +02:00
f06a755848
Merge branch 'PHP-8.2' into PHP-8.3
...
* PHP-8.2:
Fix clean section in test
2024-04-15 14:15:09 +02:00
a7a7e6d57c
Fix clean section in test
2024-04-15 14:14:47 +02:00
df4d59e43d
Merge branch 'PHP-8.2' into PHP-8.3
...
* PHP-8.2:
Fix rename test file name collision
2024-04-15 13:43:06 +02:00
f2cd0d5752
Fix rename test file name collision
2024-04-15 13:42:40 +02:00
4dad74f250
Merge branch 'PHP-8.2' into PHP-8.3
2024-04-14 14:27:05 +01:00
8421cfda61
Fix file_get_contents() on Windows fails with "errno=22 Invalid argument"
...
Closes GH-13948
2024-04-14 14:26:10 +01:00
3d9941fd1e
Merge branch 'PHP-8.2' into PHP-8.3
2024-04-09 23:49:53 -05:00
a9ffc447a4
Merge branch 'PHP-8.1' into PHP-8.2
2024-04-09 23:49:31 -05:00
0ba5229a3f
Fix bug GHSA-q6x7-frmf-grcw: password_verify can erroneously return true
...
Disallow null character in bcrypt password
2024-04-09 23:38:32 -05:00
093c08af25
Fix GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
...
The check happened too early as later code paths may perform more
mangling rules. Move the check downwards right before adding the actual
variable.
2024-04-09 23:37:06 -05:00
e3c784f2bf
Add proc_open escaping for cmd file execution
2024-04-09 23:29:28 -05:00
caec2b6186
Merge branch 'PHP-8.2' into PHP-8.3
2024-03-29 16:09:09 +00:00
Jakub Zelenka