bump versions after release

fix paste issue

Pointer arithmetic on void pointers is illegal

We quick-fix this by casting to char*; it might be more appropriate to
use char pointers in the first place.

Fixed bug #77831 - Heap-buffer-overflow in exif_iif_add_value in EXIF

Update NEWS

Fix bug #77753 - Heap-buffer-overflow in php_ifd_get32s

Validate subject encoding in mb_split and mb_ereg_match

We were already validating the subject encoding in most functions,
but not these two.

Validate pattern against mbregex encoding

Oniguruma does not consistently perform this validation itself (at least
on older versions), so make sure we check pattern encoding validity on

Validate pattern against mbregex encoding

Oniguruma does not consistently perform this validation itself (at least
on older versions), so make sure we check pattern encoding validity on the
PHP side.

show more ...

SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws

Sync with behavior change in OpenSSL 1.1.1b

A behavior change in revealed by some openssl_decrypt() based test,
where an encrypt API is used with a decrypt context. The EVP_Cipher*
f

Sync with behavior change in OpenSSL 1.1.1b

A behavior change in revealed by some openssl_decrypt() based test,
where an encrypt API is used with a decrypt context. The EVP_Cipher*
functions will automatically choose the right operation depending on the
context passed.

(cherry picked from commit 19a44ffb7be91344550fa700830b8e62a73031ba)

show more ...

fix news

bump versions after release

Fix bug #77630 - safer rename() procedure

In order to rename safer, we do the following:
- set umask to 077 (unfortunately, not TS, so excluding ZTS)
- chown() first, to set proper g

Fix bug #77630 - safer rename() procedure

In order to rename safer, we do the following:
- set umask to 077 (unfortunately, not TS, so excluding ZTS)
- chown() first, to set proper group before allowing group access
- chmod() after, even if chown() fails

show more ...

Fix bug #77586 - phar_tar_writeheaders_int() buffer overflow

Update NEWS

Fix test error message

Fix bug #77563 - Uninitialized read in exif_process_IFD_in_MAKERNOTE

Also fix for bug #77659

Fix bug #77540 - Invalid Read on exif_process_SOFn

Fix integer overflows on 32-bits

Fix #77431 SplFileInfo::__construct() accepts NUL bytes

`SplFileInfo::__construct()` has to expect a path instead of a string,
analogous to `SplFileObject::__construct()`.

Fix bug #77396 - Null Pointer Dereference in phar_create_or_parse_filename

Use pkg-config for ICU, as the old icu-config has been deprecated

Bump for 7.1.27

Still leaking for some reason, XFAIL for now, I'll look into it later.

Merge branch 'PHP-5.6' into PHP-7.1

* PHP-5.6:
Fix bug #77418 - Heap overflow in utf32be_mbc_to_code
[ci skip] Add NEWS
Fix more issues with encodilng length
Fix #772

Merge branch 'PHP-5.6' into PHP-7.1

* PHP-5.6:
Fix bug #77418 - Heap overflow in utf32be_mbc_to_code
[ci skip] Add NEWS
Fix more issues with encodilng length
Fix #77270: imagecolormatch Out Of Bounds Write on Heap
Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)
Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
Fix #77269: Potential unsigned underflow in gdImageScale
Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
Regenerate certs for openssl tests

show more ...