Commit Graph

212 Commits

Author SHA1 Message Date
Nikita Popov
2eb4728611 Remove HAVE_SPL checks
SPL is always built.

Also clean up spl_ce_RuntimeException handling in PDO.
2016-01-30 14:53:00 +01:00
Lior Kaplan
ed35de784f Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
  Happy new year (Update copyright to 2016)
2016-01-01 19:48:25 +02:00
Lior Kaplan
49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Stanislav Malyshev
ed709d5aa0 Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	ext/soap/php_http.c
	ext/spl/spl_observer.c
2015-08-04 15:29:13 -07:00
Stanislav Malyshev
69ed3969dd Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	.gitignore
	ext/date/php_date.c
	ext/spl/spl_array.c
	ext/spl/spl_observer.c
2015-08-04 14:10:57 -07:00
Stanislav Malyshev
7a4584d3f6 Improved fix for Bug #69441 2015-07-26 17:31:12 -07:00
Stanislav Malyshev
97047e7665 Merge branch 'PHP-5.6'
* PHP-5.6:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	Zend/zend_exceptions.c
	ext/date/php_date.c
	ext/openssl/openssl.c
	ext/phar/phar_internal.h
	ext/soap/php_http.c
	ext/spl/spl_array.c
	ext/spl/spl_dllist.c
	ext/spl/spl_observer.c
	ext/standard/tests/serialize/bug69152.phpt
	sapi/cli/tests/005.phpt
2015-08-04 16:14:24 -07:00
Anatol Belski
4e66cce87c switch to the unified globals accessor where appropriate 2015-07-29 13:26:35 +02:00
Dmitry Stogov
b874f1a73d Cleanup (avoid reallocation) 2015-07-02 20:29:06 +03:00
Stanislav Malyshev
b3709bfc52 Merge branch 'PHP-5.6'
* PHP-5.6: (27 commits)
  fix non-standard C
  update NEWS
  5.4.41 next
  fix CVE num
  update NEWS
  Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
  fix test
  fix type in fix for #69085
  fix memory leak & add test
  Fix tests
  fix CVE num
  Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability)
  Fix test
  Additional fix for bug #69324
  More fixes for bug #69152
  Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
  Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
  Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
  Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
  Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
  ...

Conflicts:
	Zend/zend_exceptions.c
	ext/curl/interface.c
	ext/dom/document.c
	ext/fileinfo/libmagic/softmagic.c
	ext/gd/gd.c
	ext/hash/hash.c
	ext/pgsql/pgsql.c
	ext/phar/phar.c
	ext/phar/phar_internal.h
	ext/standard/http_fopen_wrapper.c
	ext/standard/link.c
	ext/standard/streamsfuncs.c
	ext/xmlwriter/php_xmlwriter.c
	ext/zlib/zlib.c
2015-04-14 01:28:06 -07:00
Stanislav Malyshev
5776fceb16 Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5: (27 commits)
  fix non-standard C
  update NEWS
  5.4.41 next
  fix CVE num
  update NEWS
  Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
  fix test
  fix type in fix for #69085
  fix memory leak & add test
  Fix tests
  fix CVE num
  Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability)
  Fix test
  Additional fix for bug #69324
  More fixes for bug #69152
  Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
  Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
  Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
  Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
  Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
  ...

Conflicts:
	ext/standard/http_fopen_wrapper.c
2015-04-14 01:05:01 -07:00
Stanislav Malyshev
e21f87e957 Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
  5.4.41 next
  fix CVE num
  update NEWS
  Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
  fix type in fix for #69085
  fix CVE num

Conflicts:
	configure.in
	main/php_version.h
2015-04-14 00:34:02 -07:00
Stanislav Malyshev
f59b67ae50 Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode) 2015-04-14 00:03:50 -07:00
Stanislav Malyshev
0cb9d75cb6 Merge branch 'PHP-5.4.40' into PHP-5.5.24
* PHP-5.4.40:
  Additional fix for bug #69324
  More fixes for bug #69152
  Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
  Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
  Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
  Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
  Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
  Fixed bug #68901 (use after free)
  Fixed bug #68740 (NULL Pointer Dereference)
  Fix bug #66550 (SQLite prepared statement use-after-free)
  Better fix for #68601 for perf 81e9a993f2
  Fix bug #68601 buffer read overflow in gd_gif_in.c
  Revert "Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4"
  Fixed bug #69293
  Add ZEND_ARG_CALLABLE_INFO to allow internal function to type hint against callable.
2015-04-11 16:56:12 -07:00
Stanislav Malyshev
9faaee66fa Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar) 2015-04-11 16:53:21 -07:00
Xinchen Hui
ab4f120c6a Merge branch 'PHP-5.6'
Conflicts:
	NEWS
	ext/opcache/Optimizer/pass1_5.c
2015-03-30 20:20:55 +08:00
Michael Wallner
ef52e44053 Fixed bug 64343
PharData::extractTo fails for tarball created by BSD tar

Phar did not know about PAX style global/file headers.
Skip them, to be able to read the contents of those archives.
2015-03-30 13:20:09 +02:00
Michael Wallner
f4264ebc64 Fixed bug 64343
PharData::extractTo fails for tarball created by BSD tar

Phar did not know about PAX style global/file headers.
Skip them, to be able to read the contents of those archives.
2015-03-30 13:11:06 +02:00
Xinchen Hui
47f2e42fc9 Remove PHAR_GLOBALS (make it respect ZEND_ENABLE_STATIC_TSRMLS_CACHE) 2015-03-09 23:00:56 +08:00
Dmitry Stogov
2fa8d67a5c Use zend_string* instead of char* for opened_patch handling. Avoid reallocations and improve string reuse. 2015-03-04 02:05:28 +03:00
Anatol Belski
af3ca74501 made ZEND_TSRMLS_CACHE_* macros look like function calls
which also comply with the current semantics for such macros
2015-02-16 17:19:32 +01:00
Xinchen Hui
fc33f52d8c bump year 2015-01-15 23:27:30 +08:00
Xinchen Hui
0579e8278d bump year 2015-01-15 23:26:37 +08:00
Xinchen Hui
73c1be2653 Bump year 2015-01-15 23:26:03 +08:00
Xinchen Hui
2193de0d18 Faster sorting algo 2015-01-14 18:02:41 +08:00
Anatol Belski
bdeb220f48 first shot remove TSRMLS_* things 2014-12-13 23:06:14 +01:00
Anatol Belski
7f1107de91 converted ext/ereg, ext/phar and ext/pgsql for static tsrmls usage 2014-10-16 13:47:43 +02:00
Anatol Belski
31cc63b1a4 fix some extension builds 2014-09-25 20:02:48 +02:00
Nikita Popov
e33f3d3b7c Move smart_str implementation into Zend/
So we can use it there as well...

For now I've retained the zend_smart_str_public.h header, though
it would probably be better to just move that one struct into
zend_types.h.
2014-09-21 20:49:39 +02:00
Anatol Belski
4d997f63d9 master renames phase 3 2014-08-25 20:22:49 +02:00
Anatol Belski
c3e3c98ec6 master renames phase 1 2014-08-25 19:24:55 +02:00
Anatol Belski
8704e392a1 ported ext/phar 2014-08-19 15:12:13 +02:00
Dmitry Stogov
2a31934a1a Support for ext/phar (incomplete) 2014-05-08 21:18:59 +04:00
Dmitry Stogov
df5ad846c6 Support for ext/phar (incomplete) 2014-05-08 18:30:07 +04:00
Xinchen Hui
c081ce628f Bump year 2014-01-03 11:08:10 +08:00
Xinchen Hui
47c9027772 Bump year 2014-01-03 11:06:16 +08:00
Xinchen Hui
c0d060f5c0 Bump year 2014-01-03 11:04:26 +08:00
Xinchen Hui
63dba7ec9d Remove outdate codes, make it clearer, although just a bit.. 2013-11-05 18:47:12 +08:00
Anatol Belski
ecd03baf61 fixed virtual cwd header in phar 2013-10-18 10:02:19 -07:00
Nikita Popov
db6d93feca Remove some more unnecessary macros from phar 2013-09-13 21:49:09 +02:00
Nikita Popov
e6b228332f Remove PHAR_(Z)STR* usages 2013-09-13 21:49:09 +02:00
Nikita Popov
39bd738fbf Remove version checks in phar
No need to keep around compatability code for PHP 5.0 and PHP 6.
2013-09-13 21:47:59 +02:00
Michael Wallner
14caf174ff unify stdint type usage
if you need C99 stdint types, just include "php_stdint.h"
2013-08-06 22:49:56 +02:00
Andrey Hristov
92d27ccb05 Constify streams API and a few other calls down the rabbit hole.
(`char *` to `const char *` for parameters and few return values)
In a few places int len moved to size_t len.
2013-07-30 12:49:36 +02:00
Xinchen Hui
c2f8e90504 Merge branch 'PHP-5.3' into PHP-5.4 2013-01-06 10:20:00 +08:00
Xinchen Hui
bc11e6fdbb bump year 2013-01-06 10:19:09 +08:00
Felipe Pena
e4ca0ed09f - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
4e19825281 - Year++ 2012-01-01 13:15:04 +00:00
Rasmus Lerdorf
d4a716b19d Fix more signed 1-bit bitfield, and let's use strlcpy/strlcat instead for these
static string copies
2011-08-07 16:10:34 +00:00
Nuno Lopes
8d2d7255ec MFB: fix lcov build (r308657) 2011-02-25 09:37:33 +00:00