Commit Graph

115151 Commits

Author SHA1 Message Date
Derick Rethans
4ea01bdc67 Updated to version 2020.4 (2020d) 2020-10-22 10:12:26 +01:00
Derick Rethans
c7c87515f6 Empty merge 2020-10-22 10:12:25 +01:00
Derick Rethans
d4200ba6cf Updated to version 2020.4 (2020d) 2020-10-22 10:12:24 +01:00
Christoph M. Becker
4ef7be20ab Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Fix #80242: imap_mail_compose() segfaults for multipart with rfc822
2020-10-20 19:00:16 +02:00
Christoph M. Becker
315b95b065 Fix #80242: imap_mail_compose() segfaults for multipart with rfc822
libc-client expects `TYPEMESSAGE` with an explicit subtype of `RFC822`
to have a `nested.msg` (otherwise there will be a segfault during
free), but not to have any `contents.text.data` (this will leak
otherwise).

Closes GH-6345.
2020-10-20 18:58:45 +02:00
Christoph M. Becker
a54f0f7680 Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Add char* cast to avoid compiler warnings
2020-10-20 16:31:25 +02:00
Christoph M. Becker
de58fb34c9 Add char* cast to avoid compiler warnings
In libc-client 2007f `data` is declared as `unsigned char *`; there may
be variants which declare it as `void *`, but in any case picky
compilers may warn about a pointer type mismatch in the conditional
(and error with `-W-error`), so we're adding a `char *` cast for good
measure.
2020-10-20 16:29:42 +02:00
Christoph M. Becker
9cfd650697 Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Properly fix #80220
2020-10-20 13:35:06 +02:00
Christoph M. Becker
7f3bdda29b Properly fix #80220
The original fix for that bug[1] broke the formerly working composition
of message/rfc822 messages, which results in a segfault when freeing
the message body now.  While `imap_mail_compose()` does not really
support composition of meaningful message/rfc822 messages (although
libc-client appears to support that), some code may still use this to
compose partial messages, and using string manipulation to create the
final message.

The point is that libc-client expects `TYPEMESSAGE` with an explicit
subtype of `RFC822` to have a `nested.msg` (otherwise there will be a
segfault during free), but not to have any `contents.text.data` (this
will leak otherwise).

[1] <http://git.php.net/?p=php-src.git;a=commit;h=0d022ddf03c5fabaaa22e486d1e4a367ed9170a7>

Closes GH-6343.
2020-10-20 13:32:53 +02:00
twosee
d134c0ac05 Fix bug #79643: Invalid memory read when opcache.interned_strings_buffer is 0 2020-10-20 12:50:28 +02:00
Nikita Popov
1359f793ee Fix CCM tag length setting for old OpenSSL versions
While OpenSSL 1.1 allows unconditionally setting the CCM tag length
even for decryption, some older versions apparently do not. As such,
we do need to treat CCM and OCB separately after all.
2020-10-20 10:50:50 +02:00
Nikita Popov
750a74ed9c Fix bug #79983: Add support for OCB mode
OCB mode ciphers were already exposed to openssl_encrypt/decrypt,
but misbehaved, because they were not treated as AEAD ciphers.
From that perspective, OCB should be treated the same way as GCM.
In OpenSSL 1.1 the necessary controls were unified under
EVP_CTRL_AEAD_* (and OCB is only supported since OpenSSL 1.1).

Closes GH-6337.
2020-10-19 11:09:00 +02:00
Derick Rethans
a4c1a43a5b Updated to version 2020.3 (2020c) 2020-10-19 09:31:03 +01:00
Derick Rethans
d8ff075f12 Empty merge 2020-10-19 09:31:03 +01:00
Derick Rethans
7b5f232b03 Updated to version 2020.3 (2020c) 2020-10-19 09:31:02 +01:00
Christoph M. Becker
bc214c8423 Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Fix broken fix for #80239
2020-10-15 13:19:30 +02:00
Christoph M. Becker
4b9db65f68 Fix broken fix for #80239
No idea why that `git am` failed that badly.
2020-10-15 13:18:34 +02:00
Christoph M. Becker
7899ac4c14 Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Fix #80239: imap_rfc822_write_address() leaks memory
2020-10-15 12:56:02 +02:00
Christoph M. Becker
5941b30bb8 Fix #80239: imap_rfc822_write_address() leaks memory
We have to free the address when we're finished with it.
2020-10-15 12:54:53 +02:00
Nikita Popov
fb246bec14 Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Fix leak in gmp_export()
2020-10-15 10:16:56 +02:00
Nikita Popov
a29016d70d Fix leak in gmp_export() 2020-10-15 10:16:22 +02:00
Nikita Popov
6c6a58e930 Allow passing $tag for non-authenticated encryption
openssl_encrypt() currently throws a warning if the $tag out
parameter is passed for a non-authenticated cipher. This violates
the principle that a function should behave the same if a parameter
is not passed, and if the default value is passed for the parameter.

I believe this warning should simply be dropped and the $tag be
populated with null, as is already the case. Otherwise, it is not
possible to use openssl_encrypt() in generic wrapper APIs, that are
compatible with both authenticated and non-authenticated encryption.

Closes GH-6333.
2020-10-14 10:54:06 +02:00
Christoph M. Becker
d9058b61fb Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Fix #64076: imap_sort() does not return FALSE on failure
2020-10-13 19:38:31 +02:00
Christoph M. Becker
db8bf0a9e0 Fix #64076: imap_sort() does not return FALSE on failure
If unsupported `$search_criteria` are passed to `imap_sort()`, the
function returns an empty array, but there is also an error on the
libc-client error stack ("Unknown search criterion: UNSUPPORTED
(errflg=2)").  If, on the other hand, unsupported `$criteria` or
unsupported `$flags` are passed, the function returns `false`.  We
solve this inconsistency by returning `false` for unsupported
`$search_criteria` as well.

Closes GH-6332.
2020-10-13 19:37:05 +02:00
Derick Rethans
8fd8a1b128 Prepare for 7.4.13 2020-10-13 12:28:58 +01:00
Christoph M. Becker
9c7b607320 Ignore memory leaks reported for some libc-client functions
At least on Windows, some static variables are lazily initialized
during `mail_open()` and `mail_lsub()`, which are reported as memory
leaks.  We suppress these false positives.

Closes GH-6326.
2020-10-13 13:09:29 +02:00
Christoph M. Becker
8782c61f26 Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  7.3.25 is next
2020-10-13 09:53:52 +02:00
Christoph M. Becker
2d01a89ad1 7.3.25 is next 2020-10-13 09:52:46 +02:00
Christoph M. Becker
12fc8f66e7 Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Fix #80226: imap_sort() leaks sortpgm memory
2020-10-12 23:17:57 +02:00
Christoph M. Becker
8488c34fc6 Fix #80226: imap_sort() leaks sortpgm memory
We need to free what we have allocated.

Closes GH-6327.
2020-10-12 23:16:31 +02:00
Philip Hofstetter
74cf2eb83f intl: report more information about message pattern parse errors
The message patterns can be pretty complex, so reporting a generic
U_PARSE_ERROR without any additional information makes it needlessly
hard to fix erroneous patterns.

This commit makes use of the additional UParseError* parameter to
umsg_open to retrieve more details about the parse error to report that
to the user via intl_get_error_message()

Additional improve error reporting from the IntlMessage constructor.
Previously, all possible failures when calling IntlMessage::__construct()
would be masked away with a generic "Constructor failed" message.
This would include invalid patterns.

This commit makes sure that the underlying error that caused the
constructor failure is reported as part of the IntlException error
message.

Closes GH-6325.
2020-10-12 16:42:41 +02:00
Christoph M. Becker
216d6a024a Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Fix #80216: imap_mail_compose() does not validate types/encodings
2020-10-12 16:28:52 +02:00
Christoph M. Becker
73e43b6e19 Fix #80216: imap_mail_compose() does not validate types/encodings
We need to check whether the given `type`s and `encoding`s are within
bounds to avoid segfaults and out-of-bound reads.

Closes GH-6323.
2020-10-12 16:27:49 +02:00
Christoph M. Becker
4a469c7e98 Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Fix #80223: imap_mail_compose() leaks envelope on malformed bodies
2020-10-12 15:09:30 +02:00
Christoph M. Becker
c1962e900a Fix #80223: imap_mail_compose() leaks envelope on malformed bodies
We have to clean up even on failure.

Closes GH-6322.
2020-10-12 15:08:30 +02:00
Christoph M. Becker
acce991a37 Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Fix #80220: imap_mail_compose() may leak memory
2020-10-12 13:32:40 +02:00
Christoph M. Becker
0d022ddf03 Fix #80220: imap_mail_compose() may leak memory
Unless `topbod` is of `TYPEMULTIPART`, `mail_free_body()` does not free
the `nested.part`; while we could do this ourselves, instead we just
ignore additional bodies in this case, i.e. we don't attach them in the
first place.

Closes GH-6321.
2020-10-12 13:31:30 +02:00
Nikita Popov
41e4a77077 Revert "Add missing X509 purpose constants"
This reverts commit 1e53e14bc3.

This fails on Travis.
2020-10-12 12:56:07 +02:00
Vincent JARDIN
1e53e14bc3 Add missing X509 purpose constants
X509_PURPOSE_OCSP_HELPER, X509_PURPOSE_TIMESTAMP_SIGN are available
from OpenSSL for many years:

  - X509_PURPOSE_OCSP_HELPER, since 2001
  - X509_PURPOSE_TIMESTAMP_SIGN, since 2006

Also drop the ifdef check for X509_PURPOSE_ANY, as it is always
available in supported OpenSSL versions.

Closes GH-6312.
2020-10-12 11:51:08 +02:00
Nikita Popov
5a7f9afb99 Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Detect self-addition of array more accurately
  Deindirect source elements in zend_hash_merge
2020-10-12 11:24:59 +02:00
Nikita Popov
3c4dd73c02 Detect self-addition of array more accurately
While the zvals may be different, they may still point to the
same array.

Fixes oss-fuzz #26245.
2020-10-12 11:24:31 +02:00
Nikita Popov
e304468e57 Deindirect source elements in zend_hash_merge
If the RHS has INDIRECT elements, we do not those to be added to
the LHS verbatim. As we're using UPDATE_INDIRECT, we might even
create a nested INDIRECT that way.

This is a side-quest of oss-fuzz #26245.
2020-10-12 11:24:27 +02:00
Nikita Popov
9a2e5cfccb Backport schedule in yaml
I'm not sure it's needed, but let's try it: Add the scheduled
builds on PHP-7.4 and PHP-8.0 as well, rather than just master.
2020-10-12 10:05:37 +02:00
Nikita Popov
304141e8f8 Avoid non-object in FE_FREE
Even if the properties HT is empty, make sure we still leave an
object in the FE_RESET result, so our type inference results
stay correct.
2020-10-12 09:45:52 +02:00
Derick Rethans
34179ba809 Merge branch 'PHP-7.3' into PHP-7.4 2020-10-11 14:54:02 +01:00
Derick Rethans
1ed5a2a54d Fixed test for bug #48097 due to confirmed data changes in timelib 2020-10-11 14:53:52 +01:00
Christoph M. Becker
7940fb42ce Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Fix #80215: imap_mail_compose() may modify by-val parameters
2020-10-10 23:26:12 +02:00
Christoph M. Becker
62a2387a8d Fix #80215: imap_mail_compose() may modify by-val parameters
We separate the input arrays and all sub-arrays to avoid modification
of the passed parameters.

This should be rewritten to use `zend_string`s for the "master" branch.

Closes GH-6316.
2020-10-10 23:25:06 +02:00
Christoph M. Becker
b2b9e2e87e Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Fix #80213: imap_mail_compose() segfaults on certain $bodies
2020-10-10 19:18:14 +02:00
Christoph M. Becker
8bee0fbd37 Fix #80213: imap_mail_compose() segfaults on certain $bodies
We have to cater to non-associative arrays where the key may be `NULL`;
we just skip these elements.

Closes GH-6315.
2020-10-10 19:17:13 +02:00