Yasuo Ohgaki
abf9e2ea09
Fixed Bug #68941 mod_files.sh is a bash-script
2015-01-29 09:25:28 +09:00
Xinchen Hui
b2cf3f064b
Fixed bug #68901 (use after free)
2015-01-29 00:00:09 +08:00
Xinchen Hui
8c2d91761a
Also Fixed #68571 in CGI SAPI, and some cleanup
2015-01-27 22:11:23 +08:00
Bob Weinand
3f57663b57
Add NEWS entry
2015-01-26 22:50:16 +01:00
Keyur Govande
d065a2fc1b
Add NEWS
2015-01-26 21:29:57 +00:00
Remi Collet
2955993947
move CVE to the right version
2015-01-22 13:06:15 +01:00
Joshua Rogers
91aa340180
Fixed bug #68827 Double free with disabled ZMM
2015-01-22 09:59:13 +01:00
Julien Pauli
88f2321a25
Updated NEWS
2015-01-21 11:10:20 +01:00
Derick Rethans
8e19705a93
Fixed bug #55407 (Impossible to prototype DateTime::createFromFormat)
2015-01-20 21:44:19 +00:00
Stanislav Malyshev
cca3c8a985
fix year
2015-01-20 13:27:38 -08:00
Stanislav Malyshev
04dcc705de
update NEWS
2015-01-20 11:57:39 -08:00
Stanislav Malyshev
b3b155ffe2
format
2015-01-20 11:57:17 -08:00
Stanislav Malyshev
547f62ed2a
add CVE
2015-01-20 11:54:45 -08:00
Stanislav Malyshev
8825311ce1
5.4.38 next
2015-01-20 10:38:33 -08:00
Julien Pauli
a40e004553
Updated NEWS
2015-01-20 15:09:13 +01:00
Stanislav Malyshev
e63f7b47e1
Merge branch 'bug68710' into PHP-5.4
...
* bug68710:
Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize())
2015-01-20 01:02:26 -08:00
Stanislav Malyshev
fc6aa939f5
Merge branch 'bug68799' into PHP-5.4
...
* bug68799:
Fix bug #68799 : Free called on unitialized pointer
2015-01-20 01:00:11 -08:00
Derick Rethans
b0159431e3
Fixed bug #45081 (strtotime incorrectly interprets SGT time zone).
2015-01-19 22:59:24 +00:00
Anatol Belski
0cef7d168d
updated NEWS
2015-01-15 16:42:52 +01:00
Daniel Lowrey
0a76610459
Update NEWS
2015-01-14 18:03:27 +01:00
Julien Pauli
dc810543cf
Fix bug #68260
2015-01-09 16:24:14 +01:00
Julien Pauli
3f1d1892c9
5.5.22 now
2015-01-07 10:42:53 +01:00
Adam Harvey
448ef30f75
Handle NULL strings in sapi_cli_server_register_variable().
...
Fixes bug #68745 (Invalid HTTP requests make web server segfault).
2015-01-06 01:23:27 +00:00
Remi Collet
4bb580adb1
NEWS
2015-01-05 17:34:45 +01:00
Matteo Beccati
4a9ad2faff
Updated NEWS for #68371
2015-01-05 11:01:54 +01:00
Stanislav Malyshev
eeae4651f7
Merge branch 'pull-request/975' into PHP-5.5
...
* pull-request/975:
Fixes #66764 - configure doesn't define EXPANDED_DATADIR / PHP_DATADIR correctly
2015-01-04 20:54:29 -08:00
Anatol Belski
d3f171117c
updated NEWS
2015-01-04 14:23:33 +01:00
Anatol Belski
ede59c8feb
Fixed bug #68735 fileinfo out-of-bounds memory access
2015-01-04 14:20:21 +01:00
Stanislav Malyshev
b585a3aed7
Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize())
2015-01-01 16:19:05 -08:00
Anatol Belski
d92a87d7cb
Fixed bug #68671 incorrect expression in libmagic
2014-12-30 19:37:27 +01:00
Adam Harvey
211f4ceeae
Check the return value of lo_export.
...
Patch by Ondřej Surý. Fixes bug #68697 (lo_export return -1 on failure).
2014-12-30 17:47:19 +00:00
Anatol Belski
d5123415f6
Fixed bug #66679 Alignment Bug in PCRE 8.34 upstream
2014-12-30 16:50:22 +01:00
Anatol Belski
6e36ded569
remove BOM from NEWS
2014-12-30 16:47:10 +01:00
Stanislav Malyshev
71c970077d
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
FIx bug #68618 (out of bounds read crashes php-cgi)
2014-12-30 01:26:00 -08:00
Stanislav Malyshev
f9ad308669
FIx bug #68618 (out of bounds read crashes php-cgi)
2014-12-30 01:23:05 -08:00
Kalle Sommer Nielsen
fbf3a6bc1a
Fixed bug #68676 (Explicit Double Free)
2014-12-29 11:04:23 +01:00
Nikita Popov
aa394e70ff
Fix bug #67111
...
Loop variables need to be freed for both "break" and "continue".
I'm adding the test to Zend/ because it's good to have a test for
this even without opcache.
2014-12-19 21:42:42 +01:00
Ferenc Kovacs
5a67d9a229
add missing NEWS entry
2014-12-17 02:13:59 +01:00
Ferenc Kovacs
cd387b4575
add missing NEWS entry
2014-12-17 02:10:36 +01:00
Stanislav Malyshev
8fe4cc6d28
5.4.37
2014-12-16 11:44:41 -08:00
Stanislav Malyshev
8efd73c4d2
update news
2014-12-16 10:18:07 -08:00
Stanislav Malyshev
53f129a44d
add CVE
2014-12-16 10:16:31 -08:00
Stanislav Malyshev
630f9c33c2
Fix bug #68594 - Use after free vulnerability in unserialize()
2014-12-16 10:15:17 -08:00
Remi Collet
ba62b9bbf8
NEWS
2014-12-13 09:04:57 +01:00
Julien Pauli
d43d0663af
Updated NEWS
2014-12-12 16:50:32 +01:00
Julien Pauli
d6eb3b49c8
Updated NEWS
2014-12-12 15:06:04 +01:00
Julien Pauli
fbe9b2c088
Updated NEWS
2014-12-12 14:18:27 +01:00
Anatol Belski
3affc0e8a2
Fixed bug #68583 Crash in timeout thread
...
This replaces the GUI element used for execution timeout handling
on Windows. Instead a timer queue technique is used, which is indeed
a thread pool. A timer queue timer is a lightweight object handled
but that thread pool and the timer thread spends most of the time
sleeping and waiting for an alert.
Please note also that this introduces neither binary nor source
breach. The custom timeout thread functions are deleted, however
they was not exported throug DLL, so couldn't be used by any
external code. As well they couldn't be used anywhere in the core
except in executor api, because those custom timeout thread
functions they used to operate on static variables which would
be overwritten (and that would blow).
So instead a relatively modern technique is used for the timeout
handling. It's still not perfect because the executor still has to
check EX(timed_out). This can be a topic for an improvement in
master. But brobably can be tricky as currently it seems to be not
possible to signal an individual thread. Also note another issue
that static variables aren't thread safe, but the current timer
implementation is.
2014-12-12 10:43:31 +01:00
Stanislav Malyshev
97df260b27
update NEWS
2014-12-11 10:41:17 -08:00
Anatol Belski
20d93534d5
Fixed bug #68545 NULL pointer dereference in unserialize.c
2014-12-10 11:43:33 +01:00
Julien Pauli
a67a5dc0ad
Updated NEWS
2014-12-10 11:22:28 +01:00
Anatol Belski
1b4d5ad46a
Fixed bug #65230 setting locale randomly broken
2014-12-06 11:59:43 +01:00
Julien Pauli
3add3491b3
Updated NEWS
2014-12-05 17:05:21 +01:00
Anatol Belski
fccd1eda5f
. Fixed bug #68120 Update bundled libsqlite
2014-12-05 15:43:53 +01:00
Anatol Belski
7943f944c2
Fixed bug #65769 localeconv() broken in TS builds
2014-12-05 11:06:06 +01:00
Julien Pauli
1e40b0aff6
Updated NEWS
2014-12-05 10:11:49 +01:00
Tjerk Meesters
2bcf8a6cd9
Fixed #65213 - cannot cast SplFileInfo to boolean
2014-12-04 07:17:33 +08:00
Anatol Belski
13aaba40cd
updated NEWS
2014-12-03 16:47:38 +01:00
Stanislav Malyshev
f75da60b18
update NEWS
2014-11-30 22:19:24 -08:00
Stanislav Malyshev
84be568366
update news
2014-11-30 21:37:39 -08:00
Stanislav Malyshev
4d162a2d9b
update NEWS
2014-11-30 21:11:20 -08:00
Stanislav Malyshev
ffb62112f8
Update NEWS
2014-11-30 17:34:07 -08:00
Julien Pauli
40e518b4c3
Updated NEWS
2014-11-29 14:40:47 +01:00
Julien Pauli
59bd4117ac
Updated NEWS
2014-11-29 12:10:54 +01:00
Julien Pauli
619adc9795
updated NEWS
2014-11-28 13:26:20 +01:00
Anatol Belski
3ec8730e89
Fixed bug #68504 --with-libmbfl configure option not present on Windows
2014-11-27 09:14:47 +01:00
Julien Pauli
3656349990
5.5.21 now
2014-11-26 11:31:58 +01:00
Stanislav Malyshev
7dbc5e5c69
update for LiteSpeed
2014-11-23 18:05:26 -08:00
Stanislav Malyshev
4469049b7b
update for LiteSpeed
2014-11-23 18:03:07 -08:00
Stanislav Malyshev
03dcf66f9a
fix NEWS order
2014-11-23 16:21:53 -08:00
Stanislav Malyshev
05394d6056
update NEWS
2014-11-23 16:18:04 -08:00
Remi Collet
9664312e30
NEWS
2014-11-22 10:36:45 +01:00
Julien Pauli
99fa36cc58
Updated NEWS
2014-11-21 16:16:54 +01:00
Remi Collet
8be510ae63
NEWS
2014-11-21 07:56:39 +01:00
Remi Collet
1f4972e348
NEWS
2014-11-21 07:49:53 +01:00
Remi Collet
cf3a902286
NEWS
2014-11-21 07:34:40 +01:00
Remi Collet
d438bcf226
NEWS
2014-11-19 16:47:52 +01:00
Remi Collet
5674827ead
NEWS
2014-11-18 17:43:28 +01:00
Remi Collet
6d9b4ca5fc
NEWS
2014-11-17 09:23:16 +01:00
Remi Collet
69b9381901
NEWS
2014-11-15 08:13:56 +01:00
Remi Collet
e4974f6cc6
NEWS
2014-11-14 19:13:53 +01:00
Matteo Beccati
faaea4f304
Fixed NEWS
...
Some entries had been mistakenly removed in ad468d20b1
2014-11-12 16:51:26 +01:00
Matteo Beccati
65fee90462
Fixed bug #53829 Compiling PHP with large file support will replace function gzopen by gzopen64
2014-11-12 11:21:11 +01:00
Julien Pauli
14d3e173aa
Fixed wrong NEWS
2014-11-12 10:59:54 +01:00
Stanislav Malyshev
98b22864ff
5.4.36-dev
2014-11-11 16:31:38 -08:00
Matteo Beccati
2323e95df9
Fixed bug #66584 Segmentation fault on statement deallocation
2014-11-11 16:25:31 -08:00
Ferenc Kovacs
791fc70025
update NEWS
2014-11-12 00:19:51 +01:00
Ferenc Kovacs
db5ad4c51f
update NEWS
2014-11-12 00:18:13 +01:00
Xinchen Hui
327d4f9afb
Fixed bug #68361 (Segmentation fault on SoapClient::__getTypes)
2014-11-11 16:22:49 +08:00
Xinchen Hui
ab84939254
Fixed bug #68370 ("unset($this)" can make the program crash)
2014-11-10 13:46:47 +08:00
Stanislav Malyshev
0ddcf2a919
update NEWS
2014-11-03 11:43:15 -08:00
Julien Pauli
71e200b338
PHP 5.5.20 now
2014-10-28 15:01:53 +01:00
Stanislav Malyshev
deadeeae1d
Fix bug #68095 - invalid read in php_getopt()
...
It's a hacky solution and incomplete, but I don't see other way
without refactoring the whole getopt protocol.
2014-10-27 19:06:44 -07:00
Remi Collet
88527e4569
NEWS
2014-10-27 07:47:18 +01:00
Remi Collet
ec3d25fcbd
NEWS
2014-10-25 11:29:53 +02:00
Stanislav Malyshev
4d54c4bdf0
fix NEWS & version
2014-10-22 13:16:29 -07:00
Remi Collet
de4fff0fb3
NEWS
2014-10-22 15:39:49 +02:00
Rasmus Lerdorf
8c9e254319
News entry for new curl constants
2014-10-16 21:36:53 -07:00
Remi Collet
a1abdba1eb
cleanup NEWS
2014-10-15 19:47:55 +02:00
Remi Collet
503f8193e8
NEWS
2014-10-15 19:16:45 +02:00
Tjerk Meesters
71ba533640
Fixed bug #68128
...
Three issues are addressed:
- RecursiveRegexIterator::accept() should accept non-empty arrays without
applying any regular expression and RegexIterator::accept() should not accept
an array.
- RegexIterator::accept() should not accept an atom that fails to match
anything, even when PREG_PATTERN_ORDER is used (which would return an array
of empty arrays).
- RecursiveRegexIterator::getChildren() should pass all constructor arguments
to its child iterator instead of just the regular expression.
2014-10-14 22:49:01 +08:00
Stanislav Malyshev
287c91c1f0
Fix bug #68113 (Heap corruption in exif_thumbnail())
2014-10-13 23:17:45 -07:00
Stanislav Malyshev
ab0939e5e5
Fix bug #68089 - do not accept options with embedded \0
...
Conflicts:
ext/curl/interface.c
2014-10-13 23:16:06 -07:00
Stanislav Malyshev
56754a7f9e
Fixed bug #68044 : Integer overflow in unserialize() (32-bits only)
2014-10-13 23:14:25 -07:00
Stanislav Malyshev
88412772d2
Fix bug #68027 - fix date parsing in XMLRPC lib
2014-10-13 23:12:11 -07:00
Ard Biesheuvel
b73ef0ee4a
update NEWS
...
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2014-10-10 11:44:39 +02:00
Ard Biesheuvel
82b07b62c0
update NEWS
...
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2014-10-10 11:40:07 +02:00
Tjerk Meesters
061cb9b807
Updated NEWS for #68129
2014-10-09 08:23:42 +08:00
Keyur Govande
d319a0c1d8
Add to NEWS
2014-10-07 21:21:23 +00:00
Keyur Govande
d21602c072
Add to NEWS
2014-10-07 21:07:19 +00:00
Nikita Popov
d67c05bb89
Fix bug number
2014-10-03 21:41:58 +02:00
Nikita Popov
93288d0095
Fix bug #68188
2014-10-03 21:26:39 +02:00
Ferenc Kovacs
25e65a7599
NEWS entry for previous commit
2014-10-03 11:38:32 +02:00
Julien Pauli
cfe8a8b968
5.5.19 now
2014-10-01 16:16:05 +02:00
Anatol Belski
0c982798e0
Fixed bug #51800 proc_open on Windows hangs forever
...
This loop can block for some minutes, theoretically. Practially
however, this is a 99% non issue for a normal use case. This is
required because read() is synchronous. The PHP streams API wants
to fill its internal buffers, therefore it might try to read some
more data than user has demanded. Also, for a case where we want
to read X bytes, but neither enough data nor EOF arrives, read()
will block until it could fill the buffer. If a counterpart station
runs slowly or delivers not all the data at once, read() would
still be waiting. If we quit too early, we possibly could loose
some data from the pipe. Thus it has to emulate the read()
behaviour, but obviously not completely, just to some grade.
Reading big data amount is for sure an issue on any platforms, it
depends on the pipe buffer size, which is controlled by the system.
On Windows, the buffer size seems to be way too small, which causes
buffer congestion and a dead lock. It is essential to read the pipe
descriptors simultaneously and possibly in the same order as the
opposite writes them.
Thus, this will work with smaller buffer data sizes passed through
pipes. As MSDN states, anonymous pipes don't support asynchronous
operations. Neither anonymous pipes do support select() as they are
not SOCKETs but file descriptors. Consequently - bigger data sizes
will need a better solution based on threads. However it is much
more expencive. Maybe a better solution could be exporting a part
of the internal doing as a userspace function which could perform
some kind of lookahead operation on the pipe descriptor.
This is just the first stone, depending on the user feedback we
might go for further improvements in this area.
2014-09-29 16:24:34 +02:00
Stanislav Malyshev
2bfe92c90f
fix date
2014-09-26 00:56:39 -07:00
Stanislav Malyshev
28ed0119ac
update NEWS
2014-09-26 00:55:49 -07:00
Remi Collet
bf046d6d66
NEWS
2014-09-26 09:06:12 +02:00
Nikita Popov
5e977e69e1
Fixed bug #67633
2014-09-20 21:46:25 +02:00
Remi Collet
ad0b63cad4
NEWS
2014-09-15 13:31:17 +02:00
Anatol Belski
24b41a23b3
updated NEWS
2014-09-15 10:27:52 +02:00
Remi Collet
6dc6daf7e3
Fix NEWS
...
- #65641 mod_proxy-fcgi is not fixed (still open)
- #67606 mod_fastcgi is fixed in ee275e34c8
2014-09-15 08:24:10 +02:00
Remi Collet
2775dc2b44
Fix NEWS
...
- #65641 mod_proxy-fcgi is not fixed (still open)
- #67606 mod_fastcgi is fixed in ee275e34c8
2014-09-15 08:23:25 +02:00
Tjerk Meesters
b9ac5e23fb
Updated NEWS for #67985
2014-09-09 18:02:45 +08:00
Tjerk Meesters
99f0760bfb
Fixed #67985 - Incorrect last used array index copied to new array after unset
...
In master zend_array_dup() is used to do this properly; this is a workaround.
2014-09-09 17:58:45 +08:00
Adam Harvey
bc44eb6172
Fix bug #67972 (SessionHandler Invalid memory read create_sid()).
...
SessionHandler::create_sid() didn't check if PS(default_mod) was initialised
before attempting to call its create_sid() handler.
2014-09-08 19:25:14 +00:00
Julien Pauli
9266227402
5.5.18 now
2014-09-03 10:18:51 +02:00
Stanislav Malyshev
5e95b61639
5.4.34 is next
2014-09-02 15:03:04 -07:00
Stanislav Malyshev
70f92aa97e
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Revert "Fix bug #67644 - Memory corruption & crash during ob_start function callback"
2014-09-02 14:18:05 -07:00
Stanislav Malyshev
fe551c089a
Revert "Fix bug #67644 - Memory corruption & crash during ob_start function callback"
...
This reverts commit 53fa6c5b6b
.
The change breaks tests, so not putting it into 5.4.
2014-09-02 14:15:39 -07:00
Stanislav Malyshev
af85eff5b6
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Fix bug #67644 - Memory corruption & crash during ob_start function callback
2014-09-02 12:32:03 -07:00
Stanislav Malyshev
53fa6c5b6b
Fix bug #67644 - Memory corruption & crash during ob_start function callback
2014-09-02 12:31:03 -07:00
Stanislav Malyshev
4b9fcc01d4
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
update NEWS
Only destruct if EG(active) in zend_shutdown(). (bug #65463 , #66036 )
Fix typo from commit 32314f6b6
Fix destruction order in zend_shutdown (bug #65463 , #66036 )
2014-09-01 12:15:54 -07:00
Stanislav Malyshev
30aceaf1a7
update NEWS
2014-09-01 12:13:43 -07:00
Stanislav Malyshev
e55c641792
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
fix NEWS for fcgi fix merge
restore FPM compatibility with mod_fastcgi broken since #694 / 67541, fixes bug 67606
2014-08-28 23:11:55 -07:00
Stanislav Malyshev
b206b0e29d
fix NEWS for fcgi fix merge
2014-08-28 23:10:32 -07:00
Daniel Lowrey
f463523cda
Update NEWS
2014-08-25 19:47:35 +02:00
Michael Wallner
c4fb183b9f
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
fix bug #67865
2014-08-21 22:43:25 +02:00
Michael Wallner
54fbbded37
fix bug #67865
2014-08-21 22:41:36 +02:00
Julien Pauli
dbbf1c2a3c
updated NEWS to fit last release
2014-08-21 11:34:38 +02:00
Remi Collet
43ed561222
NEWS
2014-08-21 09:14:16 +02:00
Remi Collet
9185cfd539
NEWS
2014-08-20 15:16:53 +02:00
Lior Kaplan
d382d6f3dc
Add NEWS entry for bug #67492
...
Included in 5.5.14 with commit d9c5a1d
2014-08-20 01:10:38 +03:00
Lior Kaplan
9360b6eeee
Add NEWS entry for bug #67730
2014-08-20 01:05:22 +03:00
Lior Kaplan
276bead9c4
Add NEWS entry for bug #67730
...
Included in 5.4.32 with commit 706aefb
2014-08-20 00:54:19 +03:00
Lior Kaplan
359bc0ee2f
Add CVE ID for bug #67539
2014-08-20 00:51:37 +03:00
Sara Golemon
ac4569621d
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Switch use of strtok() to gd_strtok_r()
Conflicts:
NEWS
2014-08-19 13:17:56 -07:00
Sara Golemon
cbe1597b74
Switch use of strtok() to gd_strtok_r()
...
strtok() is not thread safe, so this will potentially break in
very bad ways if used in ZTS mode.
I'm not sure why gd_strtok_r() exists since it seems to do the
same thing as strtok_r(), but I'll assume it's a portability
decision and do as the Romans do.
2014-08-19 13:16:44 -07:00
Remi Collet
335d89ec4d
NEWS
2014-08-19 08:40:58 +02:00
Remi Collet
88c48a4b95
NEWS
2014-08-19 08:40:18 +02:00