Fix #68302: impossible to compile php with zip support

We should not let configure succeed, if SIZEOF_OFF_T == 0, just to let the
compilation fail later. Instead we bail out early, givin

Fix #68302: impossible to compile php with zip support

We should not let configure succeed, if SIZEOF_OFF_T == 0, just to let the
compilation fail later. Instead we bail out early, giving a hint regarding
the potential issue, namely misconfigured libraries.

show more ...

Fixed bug #72853 (stream_set_blocking doesn't work)

Implemented PHP_STREAM_OPTION_META_DATA_API for plain_wrappers

Update NEWS

#72085: SEGV on unknown address zif_xml_parse

We better make sure that the ZVALs we're accessing as arrays are indeed
arrays.

update NEWS

Fixed bug #72787 (json_decode reads out of bounds)

Bug 70195

Many FTP-S servers now require FTP clients to re-use the SSL session
from the control connection on the data connection, to prove that the
same entity controls both connect

Bug 70195

Many FTP-S servers now require FTP clients to re-use the SSL session
from the control connection on the data connection, to prove that the
same entity controls both connections. This patch updates PHP's FTP-S
client code to allow that possibility.

show more ...

Fix #72278: getimagesize returning FALSE on valid jpg

getimagesize() is rather strict about the length of the marker payload data,
and fails if there are extraneous bytes before the next

Fix #72278: getimagesize returning FALSE on valid jpg

getimagesize() is rather strict about the length of the marker payload data,
and fails if there are extraneous bytes before the next marker. Only a very
special case reported in bug #13213 is catered to.

libjpeg is rather resilient to such corrupted JPEG files, and raises a
recoverable error in this case. Other image processors also accept such
JPEG files, so we adapt getimagesize() to skip (but warn about) such
extraneous bytes.

show more ...

Fix #72823: strtr out-of-bound access

If php_strtr_array_prepare_repls() reports pattern_len == 0, we return
early to avoid OOB accesses, and because there is nothing to replace anyway.

Fix #60665: call to empty() on NULL result using PDO::FETCH_LAZY returns false

The has_property handler only checked whether a respective column name
exists, but neither whether the colu

Fix #60665: call to empty() on NULL result using PDO::FETCH_LAZY returns false

The has_property handler only checked whether a respective column name
exists, but neither whether the column value is set, nor whether it is
empty, respectively. We fix that to match the behavior of POD:FETCH_OBJ in
particular and PHP in general.

show more ...

Check the return value of dbconvert() in mssql_guid_string(), as it may return -1 in case the conversion failed. In that case false is returned.

Also initialize buffer and buffer2 to NULL, w

Check the return value of dbconvert() in mssql_guid_string(), as it may return -1 in case the conversion failed. In that case false is returned.

Also initialize buffer and buffer2 to NULL, which should fix bug #72039 (Use of uninitialised value on mssql_guid_string).

This only applies to 5.6, as we do not have mssql in 7.0 anymore

show more ...

Fix #72764

Negotiate data channel encryption after NLST command.
This is to prevent issues with IIS and ProFTPD.

Clean up FR #72633

Fixed invalid handle error with Implicit Result Sets and bump OCI8 version.

5.6.26 will be next

update NEWS

Fix #72709: imagesetstyle() causes OOB read for empty $styles

Calling imagesetstyle() with an empty $styles array caused gdImageSetStyle()
to be called with `noOfPixels==0`, what could h

Fix #72709: imagesetstyle() causes OOB read for empty $styles

Calling imagesetstyle() with an empty $styles array caused gdImageSetStyle()
to be called with `noOfPixels==0`, what could have lead to OOB reads.
Actually, this issue will be fixed in libgd, but to avoid issues when older
libgd is in use, we simply disallow passing an empty $styles array to
imagesetstyle(), what wouldn't serve a useful purpose anyway.

show more ...

update NEWS

Revert "Fixed bug #71219"

This reverts commit 14d674442ef86ad4e862228a1ff5ecd322ae7759.

I misread the discussion on the bug -- this is not the correct
fix. However the other pro

Revert "Fixed bug #71219"

This reverts commit 14d674442ef86ad4e862228a1ff5ecd322ae7759.

I misread the discussion on the bug -- this is not the correct
fix. However the other proposed fix does not work either, so just
reverting for now.

show more ...

Fixed bug #71219

Fixed bug #72142

fixes bad address given to onig_error_code_to_str

Closes bug #72710

(cherry picked from commit 0fb7eb6723bcc6fd98053911543e801edb5ab763)

Fix #71894: AddressSanitizer: global-buffer-overflow in zif_cal_from_jd

Julian days < 347998 denote invalid Jewish calendar dates, so
cal_from_jd($jd, CAL_JEWISH) and jdmonthname($jd, CA

Fix #71894: AddressSanitizer: global-buffer-overflow in zif_cal_from_jd

Julian days < 347998 denote invalid Jewish calendar dates, so
cal_from_jd($jd, CAL_JEWISH) and jdmonthname($jd, CAL_MONTH_JEWISH) should
actually fail. For BC we don't yet let them though, but we fix the OOB read
that happens in this case, and we also adjust cal_from_jd()'s return value
to have empty strings for "abbrevdayname" and "dayname" instead of "Sun"/
"Sunday" and NULL for "dow" instead of 0, which doesn't make any sense.

show more ...

Fix #67976: cal_days_month() fails for final month of the French calendar

The French calendar ends on 0014-13-05, so trying to calculate the Julian
day of 0015-01-01 fails. We cater to t

Fix #67976: cal_days_month() fails for final month of the French calendar

The French calendar ends on 0014-13-05, so trying to calculate the Julian
day of 0015-01-01 fails. We cater to that by returning the hard-coded value.

show more ...

Bug #69975 had already been fixed as of PHP 5.6.12

Also CVE-2015-8879 had been assigned.