#
48198e4c |
| 17-Aug-2016 |
Christoph M. Becker |
Fix #68302: impossible to compile php with zip support We should not let configure succeed, if SIZEOF_OFF_T == 0, just to let the compilation fail later. Instead we bail out early, givin
Fix #68302: impossible to compile php with zip support We should not let configure succeed, if SIZEOF_OFF_T == 0, just to let the compilation fail later. Instead we bail out early, giving a hint regarding the potential issue, namely misconfigured libraries.
show more ...
|
#
abe00908 |
| 17-Aug-2016 |
Xinchen Hui |
Fixed bug #72853 (stream_set_blocking doesn't work) Implemented PHP_STREAM_OPTION_META_DATA_API for plain_wrappers
|
#
9e00ad2b |
| 17-Aug-2016 |
Stanislav Malyshev |
Update NEWS
|
#
1bb92d52 |
| 16-Aug-2016 |
Christoph M. Becker |
#72085: SEGV on unknown address zif_xml_parse We better make sure that the ZVALs we're accessing as arrays are indeed arrays.
|
#
5c7f802e |
| 14-Aug-2016 |
Anatol Belski |
update NEWS
|
#
9f1d962e |
| 14-Aug-2016 |
Jakub Zelenka |
Fixed bug #72787 (json_decode reads out of bounds)
|
#
dfadc5a4 |
| 10-Aug-2016 |
Benedict Singer |
Bug 70195 Many FTP-S servers now require FTP clients to re-use the SSL session from the control connection on the data connection, to prove that the same entity controls both connect
Bug 70195 Many FTP-S servers now require FTP clients to re-use the SSL session from the control connection on the data connection, to prove that the same entity controls both connections. This patch updates PHP's FTP-S client code to allow that possibility.
show more ...
|
#
82df4e26 |
| 13-Aug-2016 |
Christoph M. Becker |
Fix #72278: getimagesize returning FALSE on valid jpg getimagesize() is rather strict about the length of the marker payload data, and fails if there are extraneous bytes before the next
Fix #72278: getimagesize returning FALSE on valid jpg getimagesize() is rather strict about the length of the marker payload data, and fails if there are extraneous bytes before the next marker. Only a very special case reported in bug #13213 is catered to. libjpeg is rather resilient to such corrupted JPEG files, and raises a recoverable error in this case. Other image processors also accept such JPEG files, so we adapt getimagesize() to skip (but warn about) such extraneous bytes.
show more ...
|
#
ae3b2078 |
| 13-Aug-2016 |
Christoph M. Becker |
Fix #72823: strtr out-of-bound access If php_strtr_array_prepare_repls() reports pattern_len == 0, we return early to avoid OOB accesses, and because there is nothing to replace anyway.
|
#
7938ebf6 |
| 12-Aug-2016 |
Christoph M. Becker |
Fix #60665: call to empty() on NULL result using PDO::FETCH_LAZY returns false The has_property handler only checked whether a respective column name exists, but neither whether the colu
Fix #60665: call to empty() on NULL result using PDO::FETCH_LAZY returns false The has_property handler only checked whether a respective column name exists, but neither whether the column value is set, nor whether it is empty, respectively. We fix that to match the behavior of POD:FETCH_OBJ in particular and PHP in general.
show more ...
|
#
5e2b8349 |
| 06-Aug-2016 |
Kalle Sommer Nielsen |
Check the return value of dbconvert() in mssql_guid_string(), as it may return -1 in case the conversion failed. In that case false is returned. Also initialize buffer and buffer2 to NULL, w
Check the return value of dbconvert() in mssql_guid_string(), as it may return -1 in case the conversion failed. In that case false is returned. Also initialize buffer and buffer2 to NULL, which should fix bug #72039 (Use of uninitialised value on mssql_guid_string). This only applies to 5.6, as we do not have mssql in 7.0 anymore
show more ...
|
#
65056e9d |
| 05-Aug-2016 |
Ville Hukkamaki |
Fix #72764 Negotiate data channel encryption after NLST command. This is to prevent issues with IIS and ProFTPD.
|
#
d3a8e107 |
| 04-Aug-2016 |
Matteo Beccati |
Clean up FR #72633
|
#
78488a54 |
| 04-Aug-2016 |
Christopher Jones |
Fixed invalid handle error with Implicit Result Sets and bump OCI8 version.
|
#
562c17eb |
| 03-Aug-2016 |
Ferenc Kovacs |
5.6.26 will be next
|
#
f15c1553 |
| 03-Aug-2016 |
Anatol Belski |
update NEWS
|
#
f5622f5c |
| 02-Aug-2016 |
Christoph M. Becker |
Fix #72709: imagesetstyle() causes OOB read for empty $styles Calling imagesetstyle() with an empty $styles array caused gdImageSetStyle() to be called with `noOfPixels==0`, what could h
Fix #72709: imagesetstyle() causes OOB read for empty $styles Calling imagesetstyle() with an empty $styles array caused gdImageSetStyle() to be called with `noOfPixels==0`, what could have lead to OOB reads. Actually, this issue will be fixed in libgd, but to avoid issues when older libgd is in use, we simply disallow passing an empty $styles array to imagesetstyle(), what wouldn't serve a useful purpose anyway.
show more ...
|
#
e95625f4 |
| 02-Aug-2016 |
Anatol Belski |
update NEWS
|
#
c9d3ff0c |
| 30-Jul-2016 |
Nikita Popov |
Revert "Fixed bug #71219" This reverts commit 14d674442ef86ad4e862228a1ff5ecd322ae7759. I misread the discussion on the bug -- this is not the correct fix. However the other pro
Revert "Fixed bug #71219" This reverts commit 14d674442ef86ad4e862228a1ff5ecd322ae7759. I misread the discussion on the bug -- this is not the correct fix. However the other proposed fix does not work either, so just reverting for now.
show more ...
|
#
14d67444 |
| 30-Jul-2016 |
Nikita Popov |
Fixed bug #71219
|
#
e87ac688 |
| 30-Jul-2016 |
Nikita Popov |
Fixed bug #72142
|
#
1d32b809 |
| 30-Jul-2016 |
ju1ius |
fixes bad address given to onig_error_code_to_str Closes bug #72710 (cherry picked from commit 0fb7eb6723bcc6fd98053911543e801edb5ab763)
|
#
f67ccd4a |
| 28-Jul-2016 |
Christoph M. Becker |
Fix #71894: AddressSanitizer: global-buffer-overflow in zif_cal_from_jd Julian days < 347998 denote invalid Jewish calendar dates, so cal_from_jd($jd, CAL_JEWISH) and jdmonthname($jd, CA
Fix #71894: AddressSanitizer: global-buffer-overflow in zif_cal_from_jd Julian days < 347998 denote invalid Jewish calendar dates, so cal_from_jd($jd, CAL_JEWISH) and jdmonthname($jd, CAL_MONTH_JEWISH) should actually fail. For BC we don't yet let them though, but we fix the OOB read that happens in this case, and we also adjust cal_from_jd()'s return value to have empty strings for "abbrevdayname" and "dayname" instead of "Sun"/ "Sunday" and NULL for "dow" instead of 0, which doesn't make any sense.
show more ...
|
#
7ab39e2f |
| 28-Jul-2016 |
Christoph M. Becker |
Fix #67976: cal_days_month() fails for final month of the French calendar The French calendar ends on 0014-13-05, so trying to calculate the Julian day of 0015-01-01 fails. We cater to t
Fix #67976: cal_days_month() fails for final month of the French calendar The French calendar ends on 0014-13-05, so trying to calculate the Julian day of 0015-01-01 fails. We cater to that by returning the hard-coded value.
show more ...
|
#
ced2a80e |
| 28-Jul-2016 |
Christoph M. Becker |
Bug #69975 had already been fixed as of PHP 5.6.12 Also CVE-2015-8879 had been assigned.
|