Commit Graph

13404 Commits

Author SHA1 Message Date
Arnaud Le Blanc
20473374fa [ci skip] NEWS 2022-07-15 13:14:17 +02:00
guoyiyuan
789a37f144 Prevent potential buffer overflow for large value of php_cli_server_workers_max
Fixes #8989.
Closes #9000.
2022-07-14 12:12:25 +01:00
Christoph M. Becker
77e954afaa
Fix GH-8923: error_log on Windows can hold the file write lock
On Windows, closing a file which is locked may not immediately remove
the lock.  The `LockFileEx()` documentation states:

| Therefore, it is recommended that your process explicitly unlock all
| files it has locked when it terminates.

We comply, and also use the macro `LOCK_EX` instead of the magic number
`2`.

Closes GH-8925.
2022-07-12 13:36:20 +02:00
David Carlier
7c3dfbb845 intl extension, build fix for icu >= 69.x release. ubrk/ucnv_safeClone had been deprecated in favor of ubrk/ucnv_clone which does not use user provided stacks but remain thread safe. 2022-07-08 17:38:31 +01:00
Heiko Weber
bd6793372b FPM: Fix possible double free on configuration load failure.
Closes #8948.
2022-07-08 13:11:37 +01:00
Remi Collet
2e58e9e60f
[ci skip] drop NEWS entry for reverted fix 2022-07-07 14:06:32 +02:00
George Peter Banyard
8fce70ae7b
Abort LMDB transaction whe trying to delete non-existing key 2022-07-01 17:26:27 +01:00
David Carlier
b3569865b3 Fix the crypt sha apis build (with recent clang versions).
Removing the said subtraction by casting instead.
While at it fixing werror level on phpdbg too.

Closes #8897.
2022-07-01 05:33:12 +01:00
Dmitry Stogov
7cf6f17383 Fixed bug GH-8847 (PHP hanging infinitly at 100% cpu when check php syntaxe of a valid file) 2022-06-29 12:10:46 +03:00
Heiko Weber
325ca31dcf FPM: zlog, fix free on wrong address for message prepend. 2022-06-27 23:34:58 +01:00
Derick Rethans
973c3f6e24 Fixed #80047: DatePeriod doesn't warn with custom DateTimeImmutable 2022-06-25 17:52:14 +01:00
Christoph M. Becker
9405f43ba9
Fix GH-8848: imagecopyresized() error refers to the wrong argument
Closes GH-8849.
2022-06-23 15:20:49 +02:00
Gabriel Caruso
fcd69a4e2b
Prepare for 8.0.22 2022-06-21 11:33:20 +02:00
Christoph M. Becker
a8437d08a8
Fix GH-8827: Intentionally closing std handles no longer possible
We revert the commits which caused this regression from the PHP-8.0 and
PHP-8.1 branches for now.  We keep it in "master" because of PR #8833
which may offer a proper fix without BC break.
2022-06-20 18:01:02 +02:00
George Peter Banyard
6f87a5c633
Fix GH-8563 Different results for seek() on SplFileObject and SplTempFileObject
With memory streams if we get a NULL buffer we must not instantiate an empty line
2022-06-20 12:47:37 +01:00
Heiko Weber
93a44f8c50
Fix potential use after free in php_binary_init()
Closes GH-8791.
2022-06-20 12:00:50 +02:00
Jakub Zelenka
e330f443c9
Fix bug #67764: fpm: syslog.ident does not work 2022-06-19 20:05:49 +01:00
Christoph M. Becker
651e0cc187
Fix GH-8778: Integer arithmethic with large number variants fails
When casting a `variant` to `int`, we need to heed the proper `zval`
type, which is an signed 64bit integer on x64, while `VT_INT` is only
a signed 32bit integer.

Closes GH-8779.
2022-06-18 11:48:49 +02:00
Pierrick Charron
d84b972658
Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option. 2022-06-17 19:51:58 -04:00
Derick Rethans
fe97a5ae19 Merge remote-tracking branch 'derickr/bug77342' into PHP-8.0 2022-06-17 09:36:10 +01:00
Heiko Weber
a83363e361 FPM: Fix use after free in fpm_evaluate_full_path
Closes #8796.
2022-06-16 12:18:01 +01:00
Remi Collet
26feb2e6f2
NEWS 2022-06-15 15:38:37 +02:00
Calvin Buckley
445d9502bf
Fix handling of single-key connection strings
A connection string may contain just a single key, but
PHP used ";" as the heuristic to detect if a string was a connection
string versus plain DSN. However, a single-key connection string
would get treated like a DSN name, i.e. "DSN=*LOCAL". This makes it
so that "=" is used, as a connection string must contain a key.

Closes GH-8748.
2022-06-13 14:41:50 +02:00
Remi Collet
62f64141ef
[ci skip] missing CVE 2022-06-10 14:31:48 +02:00
Jakub Zelenka
b765d4cd41 Fix bug #50293 and #81713: file path checking in OpenSSL functions
It introduces a single function to check file paths passed to OpenSSL
functions. It expands the path, check null bytes and finally does
an open basedir check.
2022-06-09 19:49:59 +01:00
Remi Collet
ae8c2bc1ce
NEWS for GH-8685 2022-06-03 07:54:36 +02:00
Yurun
df52903ee0 Closes GH-8626: Fix PDOStatement->execute() failed.
Then execute successfully, errorInfo() information is incorrect
2022-06-02 17:32:43 +01:00
Derick Rethans
d5e57268a9 Fixed bug #78139 (timezone_open accepts invalid timezone string argument). 2022-05-27 14:43:04 +01:00
Derick Rethans
d8590b1aff Merge remote-tracking branch 'derickr/bug74671-dst-c-format' into PHP-8.0 2022-05-27 14:23:38 +01:00
Derick Rethans
172b7345b1 Update NEWS 2022-05-26 15:18:33 +01:00
Sara Golemon
e05897fe5e
Bump for 8.0.21 2022-05-24 18:51:01 +00:00
David Carlier
e33de9dda8
Fix pcntl Haiku build
guarding SIGIO constant.

Closes GH-8612.
2022-05-24 14:59:50 +02:00
Christoph M. Becker
2a13304b2e
Fix GH-8538: SoapClient may strip parts of nmtokens
When stripping the namespace prefix, we can assume that this does not
contain any colons, while the rest of the name may contain colons.
Hence we must not use `strrchr()` but rather `strchr()` instead.

Closes GH-8543.
2022-05-23 16:49:12 +02:00
Ilija Tovilo
f0480eb4de
Fix undefined behavior in php_set_inet6_addr
Postfix `++` on `NULL` is undefined behavior

Closes GH-8607
2022-05-22 23:23:47 +02:00
Levi Morrison
fa78e17724 Stop closing stderr and stdout streams (#8569)
Extensions may (and do) write to stderr in mshutdown and similar. In
the best case, with the stderr stream closed, it's just swallowed.

However, some libraries will do things like try to detect color, and
these will outright fail and cause an error path to be taken.
2022-05-20 13:27:23 +02:00
robertnisipeanu
8735ae9d13
Fix GH-8578: Error on wrong parameter on SoapHeader constructor
Closes GH-8579.
2022-05-19 11:03:49 +02:00
Arnaud Le Blanc
5a39f4c7cc [ci skip] NEWS 2022-05-13 12:41:42 +02:00
Jakub Zelenka
23a2030438 Fix bug #72185: php-fpm writes empty fcgi record causing nginx 502
This issue might happen if there is change of the fcgi stream when
the buffer is full. Then the empty record is created which signals
end of stream which is incorrect.

The actual fix without a test was contributed by GitHub user @loveharmful
in GH-3198.
2022-05-10 21:36:55 +01:00
Derick Rethans
95f5f9d21d Adding missing NEWS entry 2022-05-05 15:25:35 +01:00
Christoph M. Becker
ad7b9f4e50
Fix GH-8235: iterator_count() may run indefinitely
We need to prevent integer overflow to eventually stop the iteration.

A test case doesn't appear sensible for this, because even on 32bit
architectures a respective test easily runs for a few minutes.

Closes GH-8447.
2022-05-03 12:57:58 +02:00
Remi Collet
2d4cc0eb83
[ci skip] NEWS 2022-05-02 14:50:16 +02:00
Jakub Zelenka
82dae61c04
Move FPM ACS fix NEWS entry to 8.0.20 2022-04-29 20:46:38 +01:00
David CARLIER
ef06f0f50b
Fix FPM ACL build check on MacOS
MacOS has got ACL support but without user/group support.
2022-04-29 20:39:22 +01:00
David Carlier
4bb0dd49d8
Haiku fix ZTS build disabling tsrm_ls_cache usage. 2022-04-26 14:16:38 +02:00
Gabriel Caruso
52a18a6620
Prepare for PHP 8.0.20 2022-04-26 10:17:50 +02:00
Christoph M. Becker
30f4c725cb
Fix GH-8218: ob_end_clean does not reset Content-Encoding header
The fix for GH-7953 introduced a regression by being to deliberate
adding the respective headers.  These must only be added, if the
handler starts, but is not finalizing.

Closes GH-8353.
2022-04-25 14:26:56 +02:00
Bob Weinand
2397e7685e Fix GH-8433: Assigning function pointers to structs in FFI leaks memory 2022-04-24 14:53:18 +02:00
Christoph M. Becker
f5d9e7c031
Fix GH-8364: msgfmt_format $values may not support references
We need to deref any references passed in the `$values` array.  While
we could handle this in the type switch, doing it right away in the
foreach loop makes that more explicit, and also circumvents the missing
range checks for integers which are not passed as int or double.

Closes GH-8407.
2022-04-24 12:43:08 +02:00
David Carlier
ff90d42b8b
Fix FPM kqueue handler fix remove callback typo
It avoids confusion on failed event.
2022-04-23 15:11:53 +01:00
George Peter Banyard
6186ecd436
Fix GH-8273: SplFileObject: key() returns wrong value 2022-04-23 13:56:38 +01:00