This will cause an error in the case where invalid salts are provided for other algorithms. Currently, these invalid salts will silently fall back to STD_DES which is extremely weak. By detecting invalid DES salts, we can alert the user that there is a bug in their code.
The error is currently E_DEPRECATED as this has potential to break currently working (yet insecure) code. In the future it should be changed to an E_WARNING and return *0
zval_add_ref should be used as a copy ctor, after the value was
already copied.
In particular when used with hash insertions, it should be applied
to the return value of the insert function.
* origin/master:
fix unserializer patch
move this entry to the correct version
add missing NEWS entry
add missing NEWS entry
Updated or skipped certain 32-bit tests
add NEWS entry for #68594
5.4.37
add more BC breaks
update news
add CVE
add missing test file
Fix bug #68594 - Use after free vulnerability in unserialize()
Fix typo
Hash value must not zero?
That's the same as in the previous commit. In the TS mode the tsrm
cache pointer might be unavailable or point to a wrong thread, so
the exact globals passed should be freed.
* origin/master:
Revert "Removed useless local variable"
Fix the fix for bug #55415
add BC breaks from PHPNG RFC
add include for definition of php_url_encode
* origin/master:
made the apache ini holders to be zend_bool
Removed useless local variable
Use simpler functions
Fixed test
small fixes to UPGRADING
Reorder to save alignment size (of course, only for common used structs)
* origin/master:
Revert HTTP status codes merger
fixed tests, bugs in status codes merger
Fixed bug #55415 (php_info produces invalid anchor names)
NEWS
Implement feature request #55467 (phpinfo: PHP Variables with $ and single quotes)
NEWS
Change back to use is_int() as function instead of is_integer(), as per Jan Tvrdík's request @github
NEWS
Change is_long() to be an alias of is_integer()
Fix indentation
Share HTTP status codes map
@@ See internals: news.php.net/php.internals/79639
@@ Manual will be updated so that is_int() will be an alias of is_integer()
@@ I picked integer over int for consitentcy as we do not use str instead of string either
* origin/master:
Fix bug #67106 split main fpm config
split fpm config to two parts. PR#903
fix typo
Fix undefined behaviour in strnatcmp
Fix undefined behaviour in strnatcmp
Fixed memory leak introduced by 73458e8f
update NEWS
move the test to the right place
Fixed bug #68545 NULL pointer dereference in unserialize.c
* PHP-5.5:
Fix undefined behaviour in strnatcmp
update NEWS
move the test to the right place
Fixed bug #68545 NULL pointer dereference in unserialize.c
* PHP-5.4:
Fix undefined behaviour in strnatcmp
update NEWS
move the test to the right place
Fixed bug #68545 NULL pointer dereference in unserialize.c
Conflicts:
NEWS
* origin/master: (37 commits)
NEWS
NEWS
Fix bug #68601 buffer read overflow in gd_gif_in.c
Fixed compilation warnings
Removed unnecessary checks
pcntl_signal_dispatch: Speed up by preventing system calls when unnecessary
Merged PR #911.
Removed ZEND_ACC_FINAL_CLASS which is unnecessary. This also fixed some currently defined classes as final which were just not being considered as such before.
Updated NEWS
Updated NEWS
Updated NEWS
Fix bug #68532: convert.base64-encode omits padding bytes
Updated NEWS
Updated NEWS
Updated NEWS
Fixed Bug #65576 (Constructor from trait conflicts with inherited constructor)
Updated NEWS
Updated NEWS
Fix MySQLi tests
Fixed gd test
...
* zppFailOnOverflow:
Fix MySQLi tests
Fixed gd test
Refactor ZEND_LONG_MAX/MIN checks into ZEND_DOUBLE_FITS_LONG()
Fixed copy-and-paste error
Fix more 32-bit tests
Skip buncha tests on 32-bit
skip simplexml
skip posix 32-bit
skip tests on 32-bit
Fixes simplexml test
Fixes posix tests
Fixes iconv tests
Marked tests as 32-bit
Fixed more 32-bit tests
Fixed some 32-bit tests
Mark said ext/date tests as 32-bit only
Fixed ext/date tests broken by zpp error on overflow
Fixed broken tests
Make zpp fail if NaN passed for int, or out-of-range float for non-capping int
Conflicts:
ext/date/tests/getdate_variation7.phpt
ext/date/tests/localtime_variation3.phpt
* origin/master:
updated NEWS
PowerPC64 support for add and sub with overflow check
PowerPC64 support for operators with overflow check
Fixed bug #68583 Crash in timeout thread
Reduced size of zend_op on 64-bit systems.
Make ZEND_INIT_FCALL keep predcalculted size of necessary stack space in opline->op1.num to avoid its recalculation on each execution.
Removed unused variables
Improved array_merge() and array_replace() (1-st array may be added using simple procedure).
Replaced zendi_convert_to_long() with _zval_get_long_func()
Moved zend_is_true() from zend_execute.h/zend_execute_API.c into zend_operators.h/zend_operators.c. Splited the most expensive part of inline i_zend_is_true() into a separate zend_object_is_true(). Replaced zendi_convert_to_long() with cals to zend_is_true().
Revert "Save one xor instr"
Save one xor instr
Conflicts:
Zend/zend_execute_API.c
* master: (23 commits)
move the test to the right place
fix TS build and C89 compat
updated NEWS
Fixed bug #68545 NULL pointer dereference in unserialize.c
Updated NEWS
Updated NEWS
Updated NEWS
NEWS
Fix bug #68526 Implement POSIX Access Control List for UDS
Improved basic zval copying primitives: ZVAL_COPY_VALUE(), ZVAL_COPY(), ZVAL_DUP()
Wrap RETURN_VALUE_USED() with EXPECTED() or UNEXPECTED() macros according to more frequent usage patterns.
Improved ASSIGN_<OP>, ASSIGN_DIM and UNSET_DIM
drop dead/unused code
simplified code
Move ZVAL_DEREF() and make_real_object() into slow paths.
Pass znode_op structure by value (it fits into one word) instead of pointer to structure.
Move checks for references into slow paths.
Improved ASSIGN_DIM and ASSIGN_OBJ
Fixed typo
Move checks for references into slow paths of handlers or helpers. Remove duplicate opcode handlers.
...
* origin/master: (111 commits)
Fix zend_fcall_info_arg*() to use ZVAL_COPY
Fixed#65213 - cannot cast SplFileInfo to boolean
add initial install
switch to C travis project instead of PHP
use the generic TRAVIS environment var to check for travis (see http://docs.travis-ci.com/user/ci-environment/)
fix TS build
add config option to target codegen architectures
updated NEWS
updated NEWS
Fixed bug #55541 errors spawn MessageBox, which blocks test automation
Get rid of duplicate handlers (ZEND_ADD_SPEC_TMP_TMP and ZEND_ADD_SPEC_VAR_VAR are absolutely the same).
Use zend_string* for op_array->arg_info[]->name and op_array->arg_info[]->class_name. For internal functions we still use char*.
Fixed __debugInfo() support
Update UPGRADING for the new variadic functions, and re-sort.
Improved POST INC/DEC
make sure that we don't truncate the stack trace and cause false test failures when the test is executed in a directory with long path
Missed closed folder mark
Revert "Unecessary assignment"
Fixed improper memory release
Unecessary assignment
...
* PHP-5.6:
update news
update news
update NEWS
Apply error-code-salt fix to Windows too
Bug fixes in light of failing bcrypt tests
Add tests from 1.3. Add missing tests.
Upgrade crypt_blowfish to version 1.3
Apply error-code-salt fix to Windows too
Bug fixes in light of failing bcrypt tests
Add tests from 1.3. Add missing tests.
Upgrade crypt_blowfish to version 1.3
Conflicts:
ext/standard/crypt.c
* PHP-5.5:
update news
update news
update NEWS
Apply error-code-salt fix to Windows too
Bug fixes in light of failing bcrypt tests
Add tests from 1.3. Add missing tests.
Upgrade crypt_blowfish to version 1.3
Apply error-code-salt fix to Windows too
Bug fixes in light of failing bcrypt tests
Add tests from 1.3. Add missing tests.
Upgrade crypt_blowfish to version 1.3
* pull-request/868:
Apply error-code-salt fix to Windows too
Bug fixes in light of failing bcrypt tests
Add tests from 1.3. Add missing tests.
Upgrade crypt_blowfish to version 1.3
This is done by reverting some parts to the state of pre 7, whereby
that means all the size_t potential isn't exhausted. This might be
a subject of the subsequent fix, the functionality can be ensured
with the supplied test.
* origin/master: (102 commits)
fix dir separator in test
fix TS build
fix TS build
Better fix for bug #68446
Revert "Merge remote-tracking branch 'origin/PHP-5.6'"
Revert NEWS and set test to XFAIL
Revert "Fix bug #68446 (bug with constant defaults and type hints)"
Improved zend_hash_clean() and added new optimized zend_symtable_clean()
Use inline version of zval_ptr_dtor()
Added new optimized zend_array_destroy() function
Moved i_zval_ptr_dtor() from zend_execute.h to zend_variables.h
fix REGISTER_NS_*_CONSTANT macros
Removed useless assert. EG(uninitialized_zval) can't be refcounted.
Use specialized destructors when types of zvals are known.
move tests into proper place
Improved assignment to object property
Reuse zend_assign_to_variable() in zend_std_write_property()
cleanup comments from svn/cvs era
fix dir separator in test
fork test for windows
...
* PHP-5.6:
test to function addcslashes
test
Test PHP Init Fail Without Params
Add my information to this test
Add a test for the exception cases of readline_read_history
added some tests to datetime and dateinterval functions
added various tests for XSLTProcessor and one test for iconv extension
teste basico da funcao timezone_version_get
NTS mode should additionally use _putenv to satisfy libs like gettext
relying on _getenv. As _putenv isn't thread safe, it wouldn't bring
much for the TS mode as it would change locale across all the threads
and require locking to avoid random fails with concurrent _getenv
calls.
* origin/master: (36 commits)
NEWS
adapt test for error message introduce in fix for #68463
Fix bug #68463 listen.allowed_clients can silently result in no allowed access
run a few request in this test
fix test
fix test
added info about some other macro changes
added note about toolset and phpize
added note about the response files
split msgfmt_format_intlcalendar_variant*.phpt for ICU 54.1
split formatter_format*.phpt for ICP 54.1
split dateformat_timezone_arg_variations*.phpt for ICU 54.1
split dateformat_get_set_timezone_variant*.phpt for ICU 54.1
fix icu version to test
split ext/intl/tests/dateformat_get_set_calendar_variant*.phpt for 54.1
split dateformat_formatObject_datetime_variant*.phpt for ICU 54.1
split dateformat_formatObject_calendar_variant*.phpt for ICU 54.1
split dateformat_create_cal_arg_variant2.phpt for ICU 53.1 and 54.1
clone dateformat_calendars_variant3.phpt for ICU 54.1
split collator_get_sort_key_variant3.phpt for icu 54.1
...
* origin/master: (398 commits)
NEWS
add test for bug #68381
Fixed bug #68381 Set FPM log level earlier during init
proper dllexport
move to size_t where zend_string is used internally
fix some datatype mismatches
return after the warning, to fix uninitialized salt usage
fix datatype mismatches
add missing type specifier
fix datatype mismatches
fix unsigned check
"extern" shouldn't be used for definitions
joined identical conditional blocks
simplify fpm tests
SEND_VAR_NO_REF optimization
Add test for bug #68442
Add various tests for FPM - covering recent bugs (68420, 68421, 68423, 68428) - for UDS - for ping and status URI - for multi pool and multi mode
Include small MIT FastCGI client library from https://github.com/adoy/PHP-FastCGI-Client
Get rid of zend_free_op structure (use zval* instead). Get rid of useless TSRMLS arguments.
Add new FPM test for IPv4/IPv6
...
Conflicts:
win32/build/config.w32
* PHP-5.6:
fix output globals importing
export output globals
use portable strndup implementation
unix sockets aren't available on windows
dll export APIs needed by phpdbg
fix sapi/phpdbg/config.w32
Don't treat warnings as failures in the junit output
* origin/master: (214 commits)
fix datatype mismatch warnings
fix datatype mismatches
fix datatype mismatches
fix datatype mismatches
fix datatype mismatch warnings
fix datatype mismatch warnings
fix datatype mismatch warnings
fix datatype mismatch warning
fix datatype mismatches
fix datatype mismatch warnings
Re-add phpdbg to travis
Added some NEWS
Make xml valid (missing space between attrs)
Fix info classes file name in xml
Add note about <eval> tag for errors in xml.md
Name the tag <eval> if the error id during ev cmd
Do not print out xml as PHP print...
Fix output to wrong function
Fixed parameter order on %.*s
Too much copypaste...
...
* origin/master:
Don't make difference between undefined and unaccessible properies when call __get() and family
Don't make useless CSE
array_pop/array_shift optimization
* origin/master:
check for zlib headers as well as lib for mysqlnd
a realpath cache key can be int or float, catching this
TLS 1.0, 1.1 and 1.2 Curl constants - bug #68247
Micro optimizations for isset/empty
Micro optimization for zend_hash_next_index_insert_new()
Fix array_keys() on $GLOBALS
Fix procedural finfo calls in methods
Conflicts:
ext/mysqlnd/config.w32
* origin/master: (25 commits)
Fix return code (merges are hard :( )
fix bad merge
Fix bug #68113 (Heap corruption in exif_thumbnail())
Fix bug #68089 - do not accept options with embedded \0
Fixed bug #68044: Integer overflow in unserialize() (32-bits only)
Fix bug #68027 - fix date parsing in XMLRPC lib
Fix bug #68113 (Heap corruption in exif_thumbnail())
Fix bug #68089 - do not accept options with embedded \0
Fixed bug #68044: Integer overflow in unserialize() (32-bits only)
Fix bug #68027 - fix date parsing in XMLRPC lib
Fix bug #68113 (Heap corruption in exif_thumbnail())
Fix bug #68089 - do not accept options with embedded \0
Fixed bug #68044: Integer overflow in unserialize() (32-bits only)
Fix bug #68027 - fix date parsing in XMLRPC lib
Fixed bug #68128
Added API function to retrive current custom heap handlers
update NEWS and UPGRADING
Allow to substitute storage layer in memory manager.
Upated NEWS
Address issues raised by @nikic
...
* origin/master: (40 commits)
int to size_t where the underlaying API supports it
use php_socket_t instead of int
fix signed/unsigned mismatch warning
fix compilation warning
Improved specialisation $this variable accessed through IS_UNUSED operand must be IS_OBJECT, so we don't have to check for its type or perform dereference.
Add notes about get_class_entry/get_class_name to UPGRADING
Fix casts in GD
Drop redundant casting code from ext/filter
update NEWS
update NEWS
update NEWS
update NEWS
Added note to UPGRADING regarding 64-bit support in pack()/unpack()
pack(): Use SIZEOF_ZEND_LONG instead of SIZEOF_LONG
Add 64 bit formats to pack() and unpack()
Help to CPU branch predictor
Removed unused EG(orig_error_reporting)
Update get_class_name semantics
Remove Z_OBJ_CLASS_NAME_P
Improved VM stack primitives for fast paths. Slow paths are not inlined anymore.
...
* get_class_name is now only used for displaying the class name
in debugging functions like var_dump, print_r, etc. It is no
longer used in get_class() etc.
* As it is no longer used in get_parent_class() the parent
argument is now gone. This also fixes incorrect parent classes
being reported in COM.
* get_class_name is now always required (previously some places
made it optional and some required it) and is also required
to return a non-NULL value.
* Remove zend_get_object_classname. This also fixes a number of
potential leaks due to incorrect usage of this function.
Empty usernames and passwords are now treated differently from no username or password
For example, empty password:
ftp://user:@example.org
Empty username:
ftp://:password@example.org
Empty username and empty password
ftp://:@example.org
* origin/master:
Fix test gc_029_zts.phpt
Fixed a bug that causes crash when environment variable is access while parsing php.ini
fix asinh delivering -0 when the arg is 0
Mark test for full GC root buffer as XFAIL
Fix two date tests
Mark three foreach tests as XFAIL
reveal some newer libcurl features in MINFO
Fix bug number
Fix bug #68188
Fix bug #68133 and bug #68135
* origin/master:
remove the remains of dsp files handling
fix EX usage
remove misprint parentheses
remove misprint parentheses
Replaced EG(This) and EX(object) with EX(This). Internal functions now recieves zend_execute_data as the first argument.
And this one...
It should be in extern c
Remove useless condition
NEWS entry for previous commit
NEWS entry for previous commit
add IPv6 support to php-fpm
Micro optimization for the most frequency case
Add hash to EXTENSIONS file
Remove extensions which are long gone
we also have xz release tarballs since 5.5
Fix ZTS build
improved file size computation in stat()
Fixed incorrect compilation
5.5.19 now
* origin/master:
Expose zend_throw_exception_internal()
Use inline finction for OBJ_RELEASE() macro
update NEWS about the release date of 5.6.1
only no_NO.ISO-8859-1 have to be ignored
remove bogus locale use from test
use $PHP_LIBDIR instread of "lib" in skel example
Removed zend_execute_data->prev_nested_call. Reuse prev_execute_data instead.
* origin/master: (26 commits)
Micro optimization
Drop unused INIT_STRING opcode
Drop unused RAISE_ABSTRACT_ERROR opcode
CT substitute unqualified true/false/null in namespaces
Fix a couple compile warnings
fix test filename
one more test to illustrate transfer of an arbitrary data amount throug pipes
fix tests on linux
better test cleanup
Use more readable inline functions
increase the polling period to not to break existing behaviours
updated NEWS
Fixed bug #51800 proc_open on Windows hangs forever
Fixed segfault
Set an LDAP error code when failing ldap_bind due to null bytes
Fix segmentation fault in debug_backtrace()
Drop support for GMP 4.1
Make gmp_setbit and gmp_clrbit return values consistent
removed *.dsw and *.dsp files
Opcache compatibility for coalesce operator
...