clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-23 10:57:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
97,826 Commits 491 Branches 1,363 Tags 844 MiB
b415290c92
Commit Graph

97826 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anatol Belski
7d4c5a0dc9 Revert "fix tests" 
This reverts commit a47df5be19.

Looks like some environment issue, as some system throws the notice,
some don't. Revert for now.
 2016-08-17 12:04:03 +02:00
Anatol Belski
60f1ec1c32 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  fix leak
 2016-08-17 11:53:00 +02:00
Anatol Belski
a5d00fc908 fix leak 2016-08-17 11:51:56 +02:00
Xinchen Hui
30e751fe5b Update NEWs 2016-08-17 17:14:53 +08:00
Xinchen Hui
ce6ad9bdd9 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0: (48 commits)
  Update NEWs
  Unused label
  Fixed bug #72853 (stream_set_blocking doesn't work)
  fix test
  Bug #72663 - part 3
  Bug #72663 - part 2
  Bug #72663 - part 1
  Update NEWS
  BLock test with memory leak
  fix tests
  Fix TSRM build
  Fix bug #72850 - integer overflow in uuencode
  Fixed bug #72849 - integer overflow in urlencode
  Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
  Fix bug #72838 - 	Integer overflow lead to heap corruption in sql_regcase
  Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
  Fix bug #72836 - integer overflow in base64_decode caused heap corruption
  Fix for bug #72807 - do not produce strings with negative length
  Fix for bug #72790 and bug #72799
  Fix bug #72730 - imagegammacorrect allows arbitrary write access
  ...

Conflicts:
	ext/standard/var_unserializer.c
 2016-08-17 17:14:30 +08:00
Xinchen Hui
1dab8e07f2 Update NEWs 2016-08-17 16:56:58 +08:00
Xinchen Hui
b172f43caa Unused label 2016-08-17 16:56:20 +08:00
Xinchen Hui
3956deb1b2 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fixed bug #72853 (stream_set_blocking doesn't work)

Conflicts:
	main/streams/plain_wrapper.c
 2016-08-17 16:56:02 +08:00
Xinchen Hui
abe00908af Fixed bug #72853 (stream_set_blocking doesn't work) 
Implemented  PHP_STREAM_OPTION_META_DATA_API for plain_wrappers
 2016-08-17 16:54:21 +08:00
Stanislav Malyshev
ed9d916c28 fix test 2016-08-17 01:12:33 -07:00
Nikita Popov
e0f9fbdfa6 Bug #72663 - part 3 
When using the php_serialize session serialization handler, do
not use the result of the unserialization if it failed.
 2016-08-17 01:01:03 -07:00
Nikita Popov
61f2f5a0f7 Bug #72663 - part 2 
If a (nested) unserialize() call fails, we remove all the values
that were inserted into var_hash during that call. This prevents
their use in other unserializations in the same context.
 2016-08-17 00:47:02 -07:00
Nikita Popov
2135fdef9b Bug #72663 - part 1 
Don't call __destruct() on an unserialized object that has a
__wakeup() method if either
a) unserialization of its properties fails or
b) the __wakeup() call fails (e.g. by throwing).

This basically treats __wakeup() as a form of constructor and
aligns us with the usual behavior that if the constructor call
fails the destructor should not be called.

The security aspect here is that people use __wakeup() to prevent
unserialization of objects with dangerous __destruct() methods,
but this is ineffective if __destruct() can still be called while
__wakeup() was skipped.
 2016-08-17 00:45:57 -07:00
Stanislav Malyshev
0d13325b66 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6: (24 commits)
  Update NEWS
  BLock test with memory leak
  fix tests
  Fix TSRM build
  Fix bug #72850 - integer overflow in uuencode
  Fixed bug #72849 - integer overflow in urlencode
  Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
  Fix bug #72838 - 	Integer overflow lead to heap corruption in sql_regcase
  Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
  Fix bug #72836 - integer overflow in base64_decode caused heap corruption
  Fix for bug #72807 - do not produce strings with negative length
  Fix for bug #72790 and bug #72799
  Fix bug #72730 - imagegammacorrect allows arbitrary write access
  Fix bug#72697 - select_colors write out-of-bounds
  Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF
  Fix bug #72750: wddx_deserialize null dereference
  Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack
  Improve fix for #72663
  Fix bug #70436: Use After Free Vulnerability in unserialize()
  Fix bug #72749: wddx_deserialize allows illegal memory access
  ...

Conflicts:
	Zend/zend_API.h
	ext/bz2/bz2.c
	ext/curl/interface.c
	ext/ereg/ereg.c
	ext/exif/exif.c
	ext/gd/gd.c
	ext/gd/tests/imagetruecolortopalette_error3.phpt
	ext/gd/tests/imagetruecolortopalette_error4.phpt
	ext/session/session.c
	ext/snmp/snmp.c
	ext/standard/base64.c
	ext/standard/ftp_fopen_wrapper.c
	ext/standard/quot_print.c
	ext/standard/url.c
	ext/standard/uuencode.c
	ext/standard/var.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/wddx/tests/bug72790.phpt
	ext/wddx/tests/bug72799.phpt
	ext/wddx/wddx.c
	sapi/cli/generate_mime_type_map.php
 2016-08-17 00:43:33 -07:00
Stanislav Malyshev
75d7666968 Merge branch 'PHP-7.0.10' into PHP-7.0 
* PHP-7.0.10:
  Fix bug #72749: wddx_deserialize allows illegal memory access
  Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF
  fix tests
  Fix bug#72697 - select_colors write out-of-bounds
  Fix bug #72708 - php_snmp_parse_oid integer overflow in memory allocation
  Fix bug #72730 - imagegammacorrect allows arbitrary write access
  Fix bug #72750: wddx_deserialize null dereference
  Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack
  fix tests
  add missing skipif section
  Fix for bug #72790 and bug #72799
  Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
  Fix bug #72742 - memory allocator fails to realloc small block to large one
  Use size_t for path length
  Check for string overflow
  Fix for bug #72782: mcrypt accepts only ints, so don't pass anything else
  Fix bug #72674 - check both curl_escape and curl_unescape
 2016-08-16 23:52:22 -07:00
Stanislav Malyshev
f8a75d4eee Merge branch 'PHP-7.0' into PHP-7.0.10 
* PHP-7.0: (34 commits)
  Fix URL rewriter partially
  Support "git worktree"
  Add NEWS
  Fix ASSERT logic
  Bugfix 72791: fix memory leak in PDO persistent connections
  Don't copy mime types in CLI server
  Remove obsolete Id tags
  Bump version in OCI8 test
  Fixed bug #72788 (Invalid memory access when using persistent PDO connection)
  Remove typo'd commit
  Fix bug 72788: Invalid memory access when database_object_handle is undefined. Also fix memory leak in dbh_free when using persistent PDO connections.
  Replace dead branch with ZEND_ASSERT()
  Add test for bug #69107: finfo no longer detects PHP files
  Fix bug #55451
  Fix stream_socket_enable_crypto() test
  Remove old $Id$ tags
  Sync with 7.1 branch changes from Nikita & Dimitri to keep OCI8 code identical
  Fix bug #72524 (Binding null values triggers ORA-24816 error)
  Fix the fix (Nikita), thanks!
  Check the return value of dbconvert() in mssql_guid_string(), as it may return -1 in case the conversion failed. In that case false is returned.
  ...

Conflicts:
	ext/standard/ftp_fopen_wrapper.c
 2016-08-16 23:50:42 -07:00
Stanislav Malyshev
9e00ad2b09 Update NEWS 2016-08-16 23:44:59 -07:00
Stanislav Malyshev
4bf5c3187f BLock test with memory leak 2016-08-16 22:55:44 -07:00
Stanislav Malyshev
d8b2de164e fix tests 2016-08-16 22:55:43 -07:00
Stanislav Malyshev
40bd921cea Fix TSRM build 2016-08-16 22:55:43 -07:00
Stanislav Malyshev
35a8ed2f62 Fix bug #72850 - integer overflow in uuencode 2016-08-16 22:55:43 -07:00
Stanislav Malyshev
b9e81e5844 Fixed bug #72849 - integer overflow in urlencode 2016-08-16 22:55:42 -07:00
Stanislav Malyshev
24d741d376 Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption 2016-08-16 22:55:42 -07:00
Stanislav Malyshev
5f91f692c3 Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase 2016-08-16 22:55:42 -07:00
Stanislav Malyshev
cfdeedd985 Fix bug #72837 - integer overflow in bzdecompress caused heap corruption 2016-08-16 22:55:41 -07:00
Stanislav Malyshev
d6a43a8562 Fix bug #72836 - integer overflow in base64_decode caused heap corruption 2016-08-16 22:55:41 -07:00
Stanislav Malyshev
1cd6bc6463 Fix for bug #72807 - do not produce strings with negative length 2016-08-16 22:55:41 -07:00
Stanislav Malyshev
5a34bd6d1e Fix for bug #72790 and bug #72799 2016-08-16 22:55:41 -07:00
Stanislav Malyshev
1bd103df00 Fix bug #72730 - imagegammacorrect allows arbitrary write access 2016-08-16 22:55:40 -07:00
Stanislav Malyshev
a3598dd7c9 Fix bug#72697 - select_colors write out-of-bounds 2016-08-16 22:55:40 -07:00
Stanislav Malyshev
6dbb1ee46b Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF 2016-08-16 22:55:40 -07:00
Stanislav Malyshev
698a691724 Fix bug #72750: wddx_deserialize null dereference 2016-08-16 22:55:39 -07:00
Stanislav Malyshev
e018ff094f Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack 2016-08-16 22:55:39 -07:00
Stanislav Malyshev
639f7fde6a Improve fix for #72663 2016-08-16 22:55:20 -07:00
Stanislav Malyshev
95d09e4b5e Fix bug #70436: Use After Free Vulnerability in unserialize() 2016-08-16 22:55:20 -07:00
Stanislav Malyshev
426aeb2808 Fix bug #72749: wddx_deserialize allows illegal memory access 2016-08-16 22:55:19 -07:00
Stanislav Malyshev
f1a0b7d690 Update comment 2016-08-16 22:55:19 -07:00
Stanislav Malyshev
da316b50bd Fix bug #72708 - php_snmp_parse_oid integer overflow in memory allocation 2016-08-16 22:55:19 -07:00
Stanislav Malyshev
8763c6090d Fix bug #72681 - consume data even if we're not storing them 2016-08-16 22:54:42 -07:00
Stanislav Malyshev
448c9be157 Fix bug #72663 - destroy broken object when unserializing 2016-08-16 22:54:42 -07:00
Xinchen Hui
e47773b626 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Unused var
 2016-08-17 11:18:48 +08:00
Xinchen Hui
f3231a7c76 Unused var 2016-08-17 11:16:48 +08:00
Anatol Belski
5a4eab965a update NEWS 2016-08-17 01:44:29 +02:00
Anatol Belski
0077287688 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  update NEWS
 2016-08-17 01:44:04 +02:00
Anatol Belski
0f337e11bc update NEWS 2016-08-17 01:37:40 +02:00
Christoph M. Becker
1d24ac46ab Merge branch 'PHP-7.0' into PHP-7.1 2016-08-17 01:23:22 +02:00
Christoph M. Becker
6202b47e63 Merge branch 'PHP-5.6' into PHP-7.0 2016-08-17 01:22:11 +02:00
Anatol Belski
abc7d1f140 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  fix test
  fix blocking pipe stream option value
 2016-08-17 00:58:54 +02:00
Anatol Belski
20f76efb78 fix test 2016-08-17 00:56:19 +02:00
Anatol Belski
6de67244d4 fix blocking pipe stream option value 
As revealed by #72857, this value conflicts with the xport option.
Wrong code can otherwise cause streams misbehave, fe if local and
network streams APIs are mixed.
 2016-08-17 00:53:15 +02:00