* PHP-7.0:
Fixed bug #73483 (Segmentation fault on pcre_replace_callback)
Fix#73219 (fix acinclude when / is present)
make it possible to show specific help pages without interactive session
Conflicts:
acinclude.m4
While it is possible to force the same behavior by setting the internal
option (?J), having a dedicated modifier appears to be useful. After all,
J is even listed on the "Pattern Modifiers" man page[1], but the description
referrs to (?J).
[1] <http://php.net/manual/en/reference.pcre.pattern.modifiers.php>
E_RECOVERABLE errors are reported as "Catchable fatal error". This is
misleading, because they actually can't be caught via try-catch statements.
Therefore we change the wording to "Recoverable fatal error" as suggested by
Nikita.
This reverts commit 2fba646837.
PCRE-8.39 throws weird valgrind backtraces on some systems, see
http://news.php.net/php.cvs/93494 . Those could be false positives
due to some changes in JIT, still i couldn't 100% ensure this.
Thus, better we continue to ship 8.38 bundled for now, and apply
patches, if needed.
It is done by implementing the custom stack usage. This makes the
JIT with mode on more compatible with the JIT mode off. Until now, the
default PCRE JIT stack was used which is 32kb big by default. There
are situations where some patterns would fail with JIT while working
correctly without JIT.
The starting size of the JIT stack is still set to 32kb, while the
max is set to the permissive 256kb (and can be increased up to 1mb).
As until now no suchlike bugs regarding JIT were reported, it is expected,
that the stack usage will stay by 32kb in most cases. Though providing
the custom stack, applications will have more room for some sporadic
stack increase, thus more compatibility.
* PHP-5.6: (21 commits)
fix unit tests
update NEWS
add NEWS for fixes
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
...
Conflicts:
ext/exif/exif.c
ext/gmp/gmp.c
ext/pcre/php_pcre.c
ext/session/session.c
ext/session/tests/session_decode_variation3.phpt
ext/soap/soap.c
ext/spl/spl_observer.c
ext/standard/var.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/xsl/xsltprocessor.c
* PHP-5.5:
update NEWS
add NEWS for fixes
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
5.4.45 next
Conflicts:
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/zip/php_zip.c
* PHP-5.4:
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
5.4.45 next
Conflicts:
configure.in
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
main/php_version.h
* PHP-5.4.45:
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Conflicts:
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
To do global matching (/g), for every empty match we have to do a second match
with PCRE_NOTEMPTY turned on. That may fail, however, when the \K escape
sequence is involved. For this purpose libpcre 8.0 introduced the
PCRE_NOTEMPTY_ATSTART flag, which we will use if available, and otherwise fall
back to the old (possibly buggy) behavior.
Squashed commit of the following:
commit d96eab8d79
Author: Francois Laupretre <francois@tekwire.net>
Date: Fri Jun 26 01:23:31 2015 +0200
Use the new 'ZSTR' macros in the rest of the code.
Does not change anything to the generated code (thanks to compat macros) but cleaner.
commit b352643910
Author: Francois Laupretre <francois@tekwire.net>
Date: Thu Jun 25 13:45:06 2015 +0200
Improve zend_string API
Add missing methods
When advancing after empty matches, php_pcre_match_impl() as well as
php_pcre_replace_impl() always have to advance to the next code point when the
u modifier is given, instead of to the next byte.
* PHP-5.4:
Update PCRE version (bug #69689)
move test
NEWS 5.4
fix new test
Fixed Bug #69667 segfault in php_pgsql_meta_data
5.4.42 next
Conflicts:
configure.in
main/php_version.h
There were two issues
- php_pcre_replace could be used directly and sbject_str could be NULL
- the Windows sendmail variant was freeing something passed from the outside
* origin/master: (102 commits)
fix dir separator in test
fix TS build
fix TS build
Better fix for bug #68446
Revert "Merge remote-tracking branch 'origin/PHP-5.6'"
Revert NEWS and set test to XFAIL
Revert "Fix bug #68446 (bug with constant defaults and type hints)"
Improved zend_hash_clean() and added new optimized zend_symtable_clean()
Use inline version of zval_ptr_dtor()
Added new optimized zend_array_destroy() function
Moved i_zval_ptr_dtor() from zend_execute.h to zend_variables.h
fix REGISTER_NS_*_CONSTANT macros
Removed useless assert. EG(uninitialized_zval) can't be refcounted.
Use specialized destructors when types of zvals are known.
move tests into proper place
Improved assignment to object property
Reuse zend_assign_to_variable() in zend_std_write_property()
cleanup comments from svn/cvs era
fix dir separator in test
fork test for windows
...
* origin/master: (398 commits)
NEWS
add test for bug #68381
Fixed bug #68381 Set FPM log level earlier during init
proper dllexport
move to size_t where zend_string is used internally
fix some datatype mismatches
return after the warning, to fix uninitialized salt usage
fix datatype mismatches
add missing type specifier
fix datatype mismatches
fix unsigned check
"extern" shouldn't be used for definitions
joined identical conditional blocks
simplify fpm tests
SEND_VAR_NO_REF optimization
Add test for bug #68442
Add various tests for FPM - covering recent bugs (68420, 68421, 68423, 68428) - for UDS - for ping and status URI - for multi pool and multi mode
Include small MIT FastCGI client library from https://github.com/adoy/PHP-FastCGI-Client
Get rid of zend_free_op structure (use zval* instead). Get rid of useless TSRMLS arguments.
Add new FPM test for IPv4/IPv6
...
Conflicts:
win32/build/config.w32
* PHP-5.6:
Initialize the offset table - PCRE may sometimes miss offsets
set default response code to 200
set default response code to 200
set default response code to 200
fix NEWS & version
NEWS
Fix bug #68283: fileinfo: out-of-bounds read in elf note headers
Fix bug #68113 (Heap corruption in exif_thumbnail())
Fix bug #68089 - do not accept options with embedded \0
Fixed bug #68044: Integer overflow in unserialize() (32-bits only)
Fix bug #68027 - fix date parsing in XMLRPC lib
Conflicts:
ext/pcre/php_pcre.c
* PHP-5.5:
Initialize the offset table - PCRE may sometimes miss offsets
set default response code to 200
set default response code to 200
fix NEWS & version
NEWS
Fix bug #68283: fileinfo: out-of-bounds read in elf note headers
Fix bug #68113 (Heap corruption in exif_thumbnail())
Fix bug #68089 - do not accept options with embedded \0
Fixed bug #68044: Integer overflow in unserialize() (32-bits only)
Fix bug #68027 - fix date parsing in XMLRPC lib
* PHP-5.4:
Initialize the offset table - PCRE may sometimes miss offsets
set default response code to 200
fix NEWS & version
NEWS
Fix bug #68283: fileinfo: out-of-bounds read in elf note headers
Fix bug #68113 (Heap corruption in exif_thumbnail())
Fix bug #68089 - do not accept options with embedded \0
Fixed bug #68044: Integer overflow in unserialize() (32-bits only)
Fix bug #68027 - fix date parsing in XMLRPC lib
Conflicts:
configure.in
ext/curl/interface.c
main/php_version.h
So we can use it there as well...
For now I've retained the zend_smart_str_public.h header, though
it would probably be better to just move that one struct into
zend_types.h.
# By Veres Lajos (2) and Lior Kaplan (1)
# Via Lior Kaplan
* 'master' of git.php.net:php-src:
Correct typo in comments: 'initialized'
typofixes
typofixes