Anatol Belski
7d4c5a0dc9
Revert "fix tests"
...
This reverts commit a47df5be19
.
Looks like some environment issue, as some system throws the notice,
some don't. Revert for now.
2016-08-17 12:04:03 +02:00
Anatol Belski
60f1ec1c32
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
fix leak
2016-08-17 11:53:00 +02:00
Anatol Belski
a5d00fc908
fix leak
2016-08-17 11:51:56 +02:00
Xinchen Hui
30e751fe5b
Update NEWs
2016-08-17 17:14:53 +08:00
Xinchen Hui
ce6ad9bdd9
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0: (48 commits)
Update NEWs
Unused label
Fixed bug #72853 (stream_set_blocking doesn't work)
fix test
Bug #72663 - part 3
Bug #72663 - part 2
Bug #72663 - part 1
Update NEWS
BLock test with memory leak
fix tests
Fix TSRM build
Fix bug #72850 - integer overflow in uuencode
Fixed bug #72849 - integer overflow in urlencode
Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase
Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
Fix bug #72836 - integer overflow in base64_decode caused heap corruption
Fix for bug #72807 - do not produce strings with negative length
Fix for bug #72790 and bug #72799
Fix bug #72730 - imagegammacorrect allows arbitrary write access
...
Conflicts:
ext/standard/var_unserializer.c
2016-08-17 17:14:30 +08:00
Xinchen Hui
1dab8e07f2
Update NEWs
2016-08-17 16:56:58 +08:00
Xinchen Hui
b172f43caa
Unused label
2016-08-17 16:56:20 +08:00
Xinchen Hui
3956deb1b2
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fixed bug #72853 (stream_set_blocking doesn't work)
Conflicts:
main/streams/plain_wrapper.c
2016-08-17 16:56:02 +08:00
Xinchen Hui
abe00908af
Fixed bug #72853 (stream_set_blocking doesn't work)
...
Implemented PHP_STREAM_OPTION_META_DATA_API for plain_wrappers
2016-08-17 16:54:21 +08:00
Stanislav Malyshev
ed9d916c28
fix test
2016-08-17 01:12:33 -07:00
Nikita Popov
e0f9fbdfa6
Bug #72663 - part 3
...
When using the php_serialize session serialization handler, do
not use the result of the unserialization if it failed.
2016-08-17 01:01:03 -07:00
Nikita Popov
61f2f5a0f7
Bug #72663 - part 2
...
If a (nested) unserialize() call fails, we remove all the values
that were inserted into var_hash during that call. This prevents
their use in other unserializations in the same context.
2016-08-17 00:47:02 -07:00
Nikita Popov
2135fdef9b
Bug #72663 - part 1
...
Don't call __destruct() on an unserialized object that has a
__wakeup() method if either
a) unserialization of its properties fails or
b) the __wakeup() call fails (e.g. by throwing).
This basically treats __wakeup() as a form of constructor and
aligns us with the usual behavior that if the constructor call
fails the destructor should not be called.
The security aspect here is that people use __wakeup() to prevent
unserialization of objects with dangerous __destruct() methods,
but this is ineffective if __destruct() can still be called while
__wakeup() was skipped.
2016-08-17 00:45:57 -07:00
Stanislav Malyshev
0d13325b66
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6: (24 commits)
Update NEWS
BLock test with memory leak
fix tests
Fix TSRM build
Fix bug #72850 - integer overflow in uuencode
Fixed bug #72849 - integer overflow in urlencode
Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase
Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
Fix bug #72836 - integer overflow in base64_decode caused heap corruption
Fix for bug #72807 - do not produce strings with negative length
Fix for bug #72790 and bug #72799
Fix bug #72730 - imagegammacorrect allows arbitrary write access
Fix bug#72697 - select_colors write out-of-bounds
Fixed bug #72627 : Memory Leakage In exif_process_IFD_in_TIFF
Fix bug #72750 : wddx_deserialize null dereference
Fix bug #72771 : ftps:// opendir wrapper is vulnerable to protocol downgrade attack
Improve fix for #72663
Fix bug #70436 : Use After Free Vulnerability in unserialize()
Fix bug #72749 : wddx_deserialize allows illegal memory access
...
Conflicts:
Zend/zend_API.h
ext/bz2/bz2.c
ext/curl/interface.c
ext/ereg/ereg.c
ext/exif/exif.c
ext/gd/gd.c
ext/gd/tests/imagetruecolortopalette_error3.phpt
ext/gd/tests/imagetruecolortopalette_error4.phpt
ext/session/session.c
ext/snmp/snmp.c
ext/standard/base64.c
ext/standard/ftp_fopen_wrapper.c
ext/standard/quot_print.c
ext/standard/url.c
ext/standard/uuencode.c
ext/standard/var.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/wddx/tests/bug72790.phpt
ext/wddx/tests/bug72799.phpt
ext/wddx/wddx.c
sapi/cli/generate_mime_type_map.php
2016-08-17 00:43:33 -07:00
Stanislav Malyshev
75d7666968
Merge branch 'PHP-7.0.10' into PHP-7.0
...
* PHP-7.0.10:
Fix bug #72749 : wddx_deserialize allows illegal memory access
Fixed bug #72627 : Memory Leakage In exif_process_IFD_in_TIFF
fix tests
Fix bug#72697 - select_colors write out-of-bounds
Fix bug #72708 - php_snmp_parse_oid integer overflow in memory allocation
Fix bug #72730 - imagegammacorrect allows arbitrary write access
Fix bug #72750 : wddx_deserialize null dereference
Fix bug #72771 : ftps:// opendir wrapper is vulnerable to protocol downgrade attack
fix tests
add missing skipif section
Fix for bug #72790 and bug #72799
Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
Fix bug #72742 - memory allocator fails to realloc small block to large one
Use size_t for path length
Check for string overflow
Fix for bug #72782 : mcrypt accepts only ints, so don't pass anything else
Fix bug #72674 - check both curl_escape and curl_unescape
2016-08-16 23:52:22 -07:00
Stanislav Malyshev
f8a75d4eee
Merge branch 'PHP-7.0' into PHP-7.0.10
...
* PHP-7.0: (34 commits)
Fix URL rewriter partially
Support "git worktree"
Add NEWS
Fix ASSERT logic
Bugfix 72791: fix memory leak in PDO persistent connections
Don't copy mime types in CLI server
Remove obsolete Id tags
Bump version in OCI8 test
Fixed bug #72788 (Invalid memory access when using persistent PDO connection)
Remove typo'd commit
Fix bug 72788: Invalid memory access when database_object_handle is undefined. Also fix memory leak in dbh_free when using persistent PDO connections.
Replace dead branch with ZEND_ASSERT()
Add test for bug #69107 : finfo no longer detects PHP files
Fix bug #55451
Fix stream_socket_enable_crypto() test
Remove old $Id$ tags
Sync with 7.1 branch changes from Nikita & Dimitri to keep OCI8 code identical
Fix bug #72524 (Binding null values triggers ORA-24816 error)
Fix the fix (Nikita), thanks!
Check the return value of dbconvert() in mssql_guid_string(), as it may return -1 in case the conversion failed. In that case false is returned.
...
Conflicts:
ext/standard/ftp_fopen_wrapper.c
2016-08-16 23:50:42 -07:00
Stanislav Malyshev
9e00ad2b09
Update NEWS
2016-08-16 23:44:59 -07:00
Stanislav Malyshev
4bf5c3187f
BLock test with memory leak
2016-08-16 22:55:44 -07:00
Stanislav Malyshev
d8b2de164e
fix tests
2016-08-16 22:55:43 -07:00
Stanislav Malyshev
40bd921cea
Fix TSRM build
2016-08-16 22:55:43 -07:00
Stanislav Malyshev
35a8ed2f62
Fix bug #72850 - integer overflow in uuencode
2016-08-16 22:55:43 -07:00
Stanislav Malyshev
b9e81e5844
Fixed bug #72849 - integer overflow in urlencode
2016-08-16 22:55:42 -07:00
Stanislav Malyshev
24d741d376
Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
2016-08-16 22:55:42 -07:00
Stanislav Malyshev
5f91f692c3
Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase
2016-08-16 22:55:42 -07:00
Stanislav Malyshev
cfdeedd985
Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
2016-08-16 22:55:41 -07:00
Stanislav Malyshev
d6a43a8562
Fix bug #72836 - integer overflow in base64_decode caused heap corruption
2016-08-16 22:55:41 -07:00
Stanislav Malyshev
1cd6bc6463
Fix for bug #72807 - do not produce strings with negative length
2016-08-16 22:55:41 -07:00
Stanislav Malyshev
5a34bd6d1e
Fix for bug #72790 and bug #72799
2016-08-16 22:55:41 -07:00
Stanislav Malyshev
1bd103df00
Fix bug #72730 - imagegammacorrect allows arbitrary write access
2016-08-16 22:55:40 -07:00
Stanislav Malyshev
a3598dd7c9
Fix bug#72697 - select_colors write out-of-bounds
2016-08-16 22:55:40 -07:00
Stanislav Malyshev
6dbb1ee46b
Fixed bug #72627 : Memory Leakage In exif_process_IFD_in_TIFF
2016-08-16 22:55:40 -07:00
Stanislav Malyshev
698a691724
Fix bug #72750 : wddx_deserialize null dereference
2016-08-16 22:55:39 -07:00
Stanislav Malyshev
e018ff094f
Fix bug #72771 : ftps:// opendir wrapper is vulnerable to protocol downgrade attack
2016-08-16 22:55:39 -07:00
Stanislav Malyshev
639f7fde6a
Improve fix for #72663
2016-08-16 22:55:20 -07:00
Stanislav Malyshev
95d09e4b5e
Fix bug #70436 : Use After Free Vulnerability in unserialize()
2016-08-16 22:55:20 -07:00
Stanislav Malyshev
426aeb2808
Fix bug #72749 : wddx_deserialize allows illegal memory access
2016-08-16 22:55:19 -07:00
Stanislav Malyshev
f1a0b7d690
Update comment
2016-08-16 22:55:19 -07:00
Stanislav Malyshev
da316b50bd
Fix bug #72708 - php_snmp_parse_oid integer overflow in memory allocation
2016-08-16 22:55:19 -07:00
Stanislav Malyshev
8763c6090d
Fix bug #72681 - consume data even if we're not storing them
2016-08-16 22:54:42 -07:00
Stanislav Malyshev
448c9be157
Fix bug #72663 - destroy broken object when unserializing
2016-08-16 22:54:42 -07:00
Xinchen Hui
e47773b626
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
Unused var
2016-08-17 11:18:48 +08:00
Xinchen Hui
f3231a7c76
Unused var
2016-08-17 11:16:48 +08:00
Anatol Belski
5a4eab965a
update NEWS
2016-08-17 01:44:29 +02:00
Anatol Belski
0077287688
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
update NEWS
2016-08-17 01:44:04 +02:00
Anatol Belski
0f337e11bc
update NEWS
2016-08-17 01:37:40 +02:00
Christoph M. Becker
1d24ac46ab
Merge branch 'PHP-7.0' into PHP-7.1
2016-08-17 01:23:22 +02:00
Christoph M. Becker
6202b47e63
Merge branch 'PHP-5.6' into PHP-7.0
2016-08-17 01:22:11 +02:00
Anatol Belski
abc7d1f140
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
fix test
fix blocking pipe stream option value
2016-08-17 00:58:54 +02:00
Anatol Belski
20f76efb78
fix test
2016-08-17 00:56:19 +02:00
Anatol Belski
6de67244d4
fix blocking pipe stream option value
...
As revealed by #72857 , this value conflicts with the xport option.
Wrong code can otherwise cause streams misbehave, fe if local and
network streams APIs are mixed.
2016-08-17 00:53:15 +02:00