7.3.34 might be next

[ci skip] Fix news entry for bug #79971

[ci skip] Update NEWS

Fix #79971: special character is breaking the path in xml function

The libxml based XML functions accepting a filename actually accept
URIs with possibly percent-encoded characters. Per

Fix #79971: special character is breaking the path in xml function

The libxml based XML functions accepting a filename actually accept
URIs with possibly percent-encoded characters. Percent-encoded NUL
bytes lead to truncation, like non-encoded NUL bytes would. We catch
those, and let the functions fail with a respective warning.

show more ...

Revert "Updated to version 2021.5 (2021e)"

This reverts commit a93ff1df200f12385686abf6a6ef534b1a32f523.

Updated to version 2021.5 (2021e)

[ci skip] Fix typo (Okt → Oct)

Fix bug #81026 (PHP-FPM oob R/W in root process leading to priv escalation)

The main change is to store scoreboard procs directly to the variable sized
array rather than indirectly throu

Fix bug #81026 (PHP-FPM oob R/W in root process leading to priv escalation)

The main change is to store scoreboard procs directly to the variable sized
array rather than indirectly through the pointer.

Signed-off-by: Stanislav Malyshev <stas@php.net>
(cherry picked from commit cb2021e5f69da5e2868130a05bb53db0f9f89e4b)

Closes GH-7614.

show more ...

Revert "Updated to version 2021.3 (2021c)"

This reverts commit e81554c6e6c1410cf74441a5ea0b653938d01ae4.

Updated to version 2021.3 (2021c)

7.3.32 is next

[ci skip] Add missing CVE to NEWS

[ci skip] Add missing NEWS entry

Fix persistent smart_str allocation

This would allocate a too small buffer if the first smart_str
allocation is > SMART_STR_START_LEN but <= SMART_STR_START_SIZE.

(cherry picked

Fix persistent smart_str allocation

This would allocate a too small buffer if the first smart_str
allocation is > SMART_STR_START_LEN but <= SMART_STR_START_SIZE.

(cherry picked from commit af8fccee9c5a1c7302d9bfe1c7bd431374e59415)

show more ...

Fix #81420: ZipArchive::extractTo extracts outside of destination

We need to properly detect and handle absolute paths in a portable way.

7.3.31 is next

Fix test

Update NEWS

Fix #81211: Symlinks are followed when creating PHAR archive

It is insufficient to check whether the `base` is contained in `fname`;
we also need to ensure that `fname` is properly separ

Fix #81211: Symlinks are followed when creating PHAR archive

It is insufficient to check whether the `base` is contained in `fname`;
we also need to ensure that `fname` is properly separated. And of
course, `fname` has to start with `base`.

show more ...

7.3.30 is next

[ci skip] Fix NEWS format

Update NEWS

Fix #76448: Stack buffer overflow in firebird_info_cb

We ensure not to overflow the stack allocated buffer by using `strlcat`.

Fix #76449: SIGSEGV in firebird_handle_doer

We need to verify that the `result_size` is not larger than our buffer,
and also should make sure that the `len` which is passed to
`isc_v

Fix #76449: SIGSEGV in firebird_handle_doer

We need to verify that the `result_size` is not larger than our buffer,
and also should make sure that the `len` which is passed to
`isc_vax_integer()` has a permissible value; otherwise we bail out.

show more ...

Fix #76450: SIGSEGV in firebird_stmt_execute

We need to verify that the `result_size` is not larger than our buffer,
and also should make sure that the `len` which is passed to
`isc_

Fix #76450: SIGSEGV in firebird_stmt_execute

We need to verify that the `result_size` is not larger than our buffer,
and also should make sure that the `len` which is passed to
`isc_vax_integer()` has a permissible value; otherwise we bail out.

show more ...