* PHP-5.5:
updated NEWS
fixed bug, where a linebreak immediately after an opening quote of a value caused a segfault
made failing test more meaningful
added failing test
* PHP-5.5:
fix format
update NEWS
Add test for bug #69522
Update tests
Fix bug #69522 - do not allow int overflow
Forgot test file
Fix bug #69403 and other int overflows
Fixed bug #69418 - more s->p fixes for filenames
Fixed bug #69364 - use smart_str to assemble strings
Fix bug #69453 - don't try to cut empty string
Fix bug #69545 - avoid overflow when reading list
Conflicts:
ext/standard/pack.c
* PHP-5.4:
fix format
update NEWS
Add test for bug #69522
Update tests
Fix bug #69522 - do not allow int overflow
Forgot test file
Fix bug #69403 and other int overflows
Fixed bug #69418 - more s->p fixes for filenames
Fixed bug #69364 - use smart_str to assemble strings
Fix bug #69453 - don't try to cut empty string
Fix bug #69545 - avoid overflow when reading list
Conflicts:
ext/pcntl/pcntl.c
ext/standard/basic_functions.c
ext/standard/pack.c
ext/standard/tests/dir/opendir_variation1-win32.phpt
* PHP-5.5: (27 commits)
fix non-standard C
update NEWS
5.4.41 next
fix CVE num
update NEWS
Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
fix test
fix type in fix for #69085
fix memory leak & add test
Fix tests
fix CVE num
Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability)
Fix test
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
...
Conflicts:
ext/standard/http_fopen_wrapper.c
* PHP-5.5.24:
fix test
fix memory leak & add test
Fix tests
Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability)
Fix test
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
Fixed bug #68901 (use after free)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
Updated NEWS
Fixed bug #69336 (Issues with "last day of <monthname>").
5.5.24RC1
* PHP-5.5-security: (22 commits)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
updated NEWS
added test for bug #69354
revert skipif, this should run everywhere
further ODBC 3.0 compliance
more compliance with the ODBC 3.0
test fixes
Prevent GC from changing zval or object 'color' before they are actually inserted into possible roots buffer.
sigh, can't even copypaste without screwing up
oop, put both the error number and message for both db object to the error message
test fixes
Fixed bug #69281 (opcache_is_script_cached no longer works)
Fix typo: unitialized -> uninitialized
Fix typo: unitialized -> uninitialized
Fixed bug #68739 (Missing break / control flow). Fixed bug #68740 (NULL Pointer Dereference). Fixed bug #68677 (Use After Free).
Fixed bug #68739 (Missing break / control flow in curl)
Fixed bug #68740 (NULL Pointer Dereference)
Fixed bug #68677 (Use After Free in OPcache)
...
Conflicts:
configure.in
ext/curl/tests/bug69316.phpt
main/php_version.h
* PHP-5.4.40:
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
Fixed bug #68901 (use after free)
Fixed bug #68740 (NULL Pointer Dereference)
Fix bug #66550 (SQLite prepared statement use-after-free)
Better fix for #68601 for perf 81e9a993f2
Fix bug #68601 buffer read overflow in gd_gif_in.c
Revert "Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4"
Fixed bug #69293
Add ZEND_ARG_CALLABLE_INFO to allow internal function to type hint against callable.
Loop variables need to be freed for both "break" and "continue".
I'm adding the test to Zend/ because it's good to have a test for
this even without opcache.
This replaces the GUI element used for execution timeout handling
on Windows. Instead a timer queue technique is used, which is indeed
a thread pool. A timer queue timer is a lightweight object handled
but that thread pool and the timer thread spends most of the time
sleeping and waiting for an alert.
Please note also that this introduces neither binary nor source
breach. The custom timeout thread functions are deleted, however
they was not exported throug DLL, so couldn't be used by any
external code. As well they couldn't be used anywhere in the core
except in executor api, because those custom timeout thread
functions they used to operate on static variables which would
be overwritten (and that would blow).
So instead a relatively modern technique is used for the timeout
handling. It's still not perfect because the executor still has to
check EX(timed_out). This can be a topic for an improvement in
master. But brobably can be tricky as currently it seems to be not
possible to signal an individual thread. Also note another issue
that static variables aren't thread safe, but the current timer
implementation is.