Remi Collet
864f5ef12f
fix release date
2019-12-18 14:16:19 +01:00
Stanislav Malyshev
9705e631a4
[ci skip] Update NEWS
2019-12-16 23:41:04 -08:00
Stanislav Malyshev
6d5cddabaf
Fix test
2019-12-16 10:03:43 -08:00
Stanislav Malyshev
c14eb8de97
Fix bug #78793
2019-12-16 01:14:58 -08:00
Stanislav Malyshev
d348cfb96f
Fixed bug #78910
2019-12-16 00:10:39 -08:00
Christoph M. Becker
eb23c60087
Fix #78878 : Buffer underflow in bc_shift_addsub
...
We must not rely on `isdigit()` to detect digits, since we only support
decimal ASCII digits in the following processing.
2019-12-16 00:05:03 -08:00
Stanislav Malyshev
b771a18133
Fix test
2019-12-16 00:03:18 -08:00
Christoph M. Becker
0e6c0654ed
Fix #78862 : link() silently truncates after a null byte on Windows
...
Since link() is supposed to accepts paths (i.e. strings without NUL
bytes), we must not accept arbitrary strings.
2019-12-16 00:03:06 -08:00
Christoph M. Becker
a5a15965da
Fix #78863 : DirectoryIterator class silently truncates after a null byte
...
Since the constructor of DirectoryIterator and friends is supposed to
accepts paths (i.e. strings without NUL bytes), we must not accept
arbitrary strings.
2019-12-16 00:02:57 -08:00
Remi Collet
d2cfb63f02
next is 7.2.27
2019-12-03 11:25:37 +01:00
Christoph M. Becker
600f1f898f
Fix #78814 : strip_tags allows / in tag name => whitelist bypass
...
When normalizing tags to check whether they are contained in the set
of allowable tags, we must not strip slashes, unless they come
immediately after the opening `<`, or immediately before the closing
`>`.
2019-12-02 11:37:25 +01:00
Christoph M. Becker
db420cb6a1
Fix #78833 : Integer overflow in pack causes out-of-bound access
...
We check for potential signed integer overflow, and bail out
gracefully, in that case.
2019-12-02 11:18:19 +01:00
George Wang
c7141412ce
Added environment LSAPI_CLEAN_SHUTDOWN to control clean shutdown. Update SAPI version to LiteSpeed v7.6 .
2019-11-21 17:57:50 -05:00
Christoph M. Becker
9b92c1d154
Fix #78849 : GD build broken with -D SIGNED_COMPARE_SLOW
...
Apparently, this has not been tested for a long time, and might be a
refactoring relict. Anyhow, we have to pass the context to
`GIFNextPixel` as well.
2019-11-21 09:59:26 +01:00
Christoph M. Becker
f6eac76b65
Update NEWS
2019-11-18 12:46:43 +01:00
Tyson Andre
a2c41c0ea6
Fix $x = (bool)$x; for undefined with opcache
...
And `$x = !$x`
Noticed while working on GH-4912
The included test would not emit undefined variable errors in php 8.0
with opcache enabled. The command used:
```
php -d zend_extension=opcache.so --no-php-ini -d error_reporting=E_ALL \
-d opcache.file_cache= -d opcache.enable_cli=1 test.php
```
2019-11-18 11:24:03 +03:00
Stanislav Malyshev
2c9926f156
Fix bug #78804 - Segmentation fault in Locale::filterMatches
2019-11-11 22:32:35 -08:00
Nikita Popov
ee243bc471
Remove outdated comments in test
2019-11-07 14:06:23 +01:00
Nikita Popov
5fa6dcd972
Fixed bug #78759
...
Handle INDIRECT values in array.
2019-11-07 11:15:29 +01:00
Sara Golemon
d317e16e89
Bump for 7.2.26-dev
2019-11-05 10:57:29 -05:00
Nikita Popov
4f984a2fdb
Fixed bug #78775
...
Clear the OpenSSL error queue before performing SSL stream operations.
As we don't control all code that could possibly be using OpenSSL,
we can't rely on the error queue being empty.
2019-11-05 12:13:46 +01:00
Christoph M. Becker
e29922f054
Fix test cases for libxml2 2.9.10
...
Since the error reporting has been slightly changed, we have to adapt
the two affected test cases.
2019-10-31 16:07:34 +01:00
Nikita Popov
5f6eaf355c
Add missing refcount increment
2019-10-30 09:22:20 +01:00
Nikita Popov
f9895b4bf5
Fixed bug #78689
2019-10-29 15:06:16 +01:00
Stanislav Malyshev
2bdb13a1f7
Merge branch 'PHP-7.1' into PHP-7.2
...
* PHP-7.1:
Fix libmagic buffer overflow issue (CVE-2019-18218)
bump version
set versions for release
2019-10-28 20:47:30 -07:00
Christoph M. Becker
89c327f884
Fix #78751 : Serialising DatePeriod converts DateTimeImmutable
...
When getting the properties of a DatePeriod instance we have to retain
the proper classes, and when restoring a DatePeriod instance we have to
cater to DateTimeImmutable instances as well.
2019-10-28 13:07:28 +01:00
Nikita Popov
16c4910876
Fix bug #78752
...
NULL out the execute_data before destroying it, otherwise GC may
trigger while the execute_data is partially destroyed, resulting
in double-frees.
The handling of call stack unfreezing is a bit awkward because it's
a ZEND_API function, so we can't change the signature.
2019-10-28 10:27:32 +01:00
Stanislav Malyshev
469820048d
Fix libmagic buffer overflow issue (CVE-2019-18218)
...
Ported from 46a8443f76
2019-10-27 16:30:38 -07:00
Nikita Popov
5249993814
Fixed bug #78747
2019-10-25 12:47:18 +02:00
Ryan Schmidt
8daf96cef3
Use ICU's CXXFLAGS when using pkg-config
...
This mirrors how ICU's CXXFLAGS are already used when using icu-config.
2019-10-23 11:17:37 +02:00
Nikita Popov
fa89c41f37
Add "-pthread" to EXTRA_LDFLAGS_PROGRAM as well
...
This is a backport of c518932c03
from the PHP 7.4 branch.
2019-10-23 11:06:51 +02:00
Joe Watkins
52f049879a
bump version
2019-10-22 18:58:39 +02:00
Joe Watkins
326cd05dae
set versions for release
2019-10-22 18:56:55 +02:00
Remi Collet
2213bd36fd
add NEWS entry
2019-10-22 09:37:35 +02:00
Stanislav Malyshev
4b5cdda0c7
Merge branch 'PHP-7.1' into PHP-7.2
...
* PHP-7.1:
Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)
bump versions after release
set versions for release
2019-10-21 13:17:09 -07:00
Fabien Villepinte
bea2ff88c9
Fix bug #78697 : inaccurate error message
2019-10-21 09:22:09 +02:00
Jakub Zelenka
ab061f95ca
Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)
2019-10-20 22:50:04 -07:00
Christoph M. Becker
45a7723267
Fix #78694 : Appending to a variant array causes segfault
...
`write_dimension` object handlers have to be able to handle `NULL`
`offset`s; for now we simply throw an exception instead of following
the `NULL` pointer.
2019-10-19 11:47:00 +02:00
m.yakunin
d2cde0bfd3
Fix #70153 \DateInterval incorrectly unserialized
...
Added a separate macro for reading 'days' property, so that bool(false)
is correctly converted to the proper internal representation.
2019-10-18 15:31:14 +02:00
Mitch Hagstrand
e2a6bf482f
Fix checksum calculation for opcache
2019-10-14 16:46:42 +02:00
Christoph M. Becker
900bdcbd03
Fix #78665 : Multicasting may leak memory
2019-10-12 14:43:43 +02:00
Nikita Popov
46561dab6a
Fix leak in phar open
2019-10-10 16:14:21 +02:00
Nikita Popov
96c84b7bc1
Fix leak on static method call on non-existent class
2019-10-10 11:40:49 +02:00
Nikita Popov
daf1fc6e31
Avoid float to int cast UB in exif
2019-10-09 17:33:29 +02:00
Erik Lundin
3164186d53
Fix #78656 : Parse errors classified as highest log-level
2019-10-09 17:27:32 +02:00
Nikita Popov
d6ca174d5b
Remove redundant components < 0 check
...
components is an unsigned number, it cannot be smaller than zero.
2019-10-09 14:57:24 +02:00
Sergei Turchanov
a8f60ac9dd
Add pcre_get_compiled_regex_cache_ex() with local_aware flag
...
A new function `pcre_get_compiled_regex_cache_ex()` is introduced,
which allows to compile regexp pattern using the "C" locale instead
of a current locale.
This will be needed to replace setlocale() usage in fileinfo,
which is not thread-safe.
2019-10-08 16:11:55 +02:00
Fabien Villepinte
46894580b0
Add missing SKIPIFs in exif tests
2019-10-08 14:11:32 +02:00
Christoph M. Becker
195c2008e8
Fix #78642 : Wrong libiconv version displayed
...
The high byte of `_libiconv_version` specifies the major version; the
low byte the minor version.
2019-10-08 12:09:11 +02:00
Remi Collet
05d6878b3b
next is 7.2.25
2019-10-08 11:36:10 +02:00