Fix #76452: Crash while parsing blob data in firebird_fetch_blob

We need to prevent integer overflow when calling `erealloc()` with
`len+1`.

Fix #81122: SSRF bypass in FILTER_VALIDATE_URL

We need to ensure that the password detected by parse_url() is actually
a valid password; we can re-use is_userinfo_valid() for that.

7.3.29 is next

Fix ./makedist wrt. to GH move

We can no longer export from git.php.net, and apparently exporting from
Github is not supported. We apply a quick fix to export from the local
clone b

Fix ./makedist wrt. to GH move

We can no longer export from git.php.net, and apparently exporting from
Github is not supported. We apply a quick fix to export from the local
clone by default, still leaving an option to export from some other
repo. This is, unfortunately, a minor BC break in a security release.

Co-authored-by: Remi Collet <remi@php.net>

Closes GH-6919.

show more ...

Add missing NEWS entry for #80710

Fix #80710: imap_mail_compose() header injection

Like `mail()` and `mb_send_mail()`, `imap_mail_compose()` must prevent
header injection. For maximum backward compatibility, we still al

Fix #80710: imap_mail_compose() header injection

Like `mail()` and `mb_send_mail()`, `imap_mail_compose()` must prevent
header injection. For maximum backward compatibility, we still allow
header folding for general headers, and still accept trailing line
breaks for address lists.

show more ...

Revert "Fix #80852: Stack-overflow when json_encode()'ing SimpleXMLElement"

Sorry, this solution seems to have BC breaks, will need to look
for better one.

This reverts commit 9

Revert "Fix #80852: Stack-overflow when json_encode()'ing SimpleXMLElement"

Sorry, this solution seems to have BC breaks, will need to look
for better one.

This reverts commit 9f7e8b777cb3e8aac53e677f3152af18413ab672.

show more ...

Fix #80852: Stack-overflow when json_encode()'ing SimpleXMLElement

We ignore `XML_ENTITY_DECL` nodes when getting the hash of the
properties of a `SimpleXMLElement`.

run-tests: fixed exit code not being set on BORKED tests

When no test paths are specified this shows up when 'make test' is used on a PECL extension without specifying tests to run (or in ph

run-tests: fixed exit code not being set on BORKED tests

When no test paths are specified this shows up when 'make test' is used on a PECL extension without specifying tests to run (or in php-src too, I guess...)

Closes GH-6717.

show more ...

Fix newly introduced compiler warning

(cherry picked from commit ab8177de2c89672e63a7a1ccef4df8f7bf34fbd2)

7.3.28 is next

Revert "Updated to version 2021.1 (2021a)"

This reverts commit 491488d21707062fa8e9b9187db3585fb0d347da, since
PHP-7.3 is in security mode, and this does not look security related.

Fix bug #80672 - Null Dereference in SoapClient

Rm unneeded function

Alternative fix for bug 77423

That bug report originally was about `parse_url()` misbehaving, but the
security aspect was actually only regarding `FILTER_VALIDATE_URL`.
Since the cha

Alternative fix for bug 77423

That bug report originally was about `parse_url()` misbehaving, but the
security aspect was actually only regarding `FILTER_VALIDATE_URL`.
Since the changes to `parse_url_ex()` apparently affect userland code
which is relying on the sloppy URL parsing[1], this alternative
restores the old parsing behavior, but ensures that the userinfo is
checked for correctness for `FILTER_VALIDATE_URL`.

[1] <https://github.com/php/php-src/commit/5174de7cd33c3d4fa591c9c93859ff9989b07e8c#commitcomment-45967652>

show more ...

Updated to version 2021.1 (2021a)

[ci skip] Fix order

[ci skip] Unpdate NEWS

Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
Fix #77423: parse_url() will deliver a wrong host to user

Fix #77423: parse_url() will deliver a wrong host to user

To avoid that `parse_url()` returns an erroneous host, which would be
valid for `FILTER_VALIDATE_URL`, we make sure that only us

Fix #77423: parse_url() will deliver a wrong host to user

To avoid that `parse_url()` returns an erroneous host, which would be
valid for `FILTER_VALIDATE_URL`, we make sure that only userinfo which
is valid according to RFC 3986 is treated as such.

For consistency with the existing url parsing code, we use ctype
functions, although that is not necessarily correct.

show more ...

7.3.27 is next

Fix mysqli_expire_password test for mariadb

In MariaDB-10.4.3 EXPIRE passwords where supported for
MariaDB. This only behaves like MySQL when the system
variable disconnect_on_expire

Fix mysqli_expire_password test for mariadb

In MariaDB-10.4.3 EXPIRE passwords where supported for
MariaDB. This only behaves like MySQL when the system
variable disconnect_on_expired_passwords=1.

MariaDB if there was no password it could not be considered
expired. So the test is adjusted to use actual passwords.
(MariaDB commit a94b20a8e0d9e64eeaabdaaa7a3e03fcdb8a686e)

The error codes produced my MariaDB are different
however still conforming to the SQL specification.

Closes GH-6480.

show more ...

Fixed bug #80457

On x32 sizeof(size_t) != sizeof(zend_long), so we need to be
careful with sign extension here.

Patch by bruno dot premont at restena dot lu.

Fix test for bug62890 to not depend on system cert store

Fix mysqli_get_client_stats test

MySQL removed RENAME DATABASE in 18300001c1dbbfddf9a0adcbaeea68956102bdd0
(Sept 2007, 5.1.23). As this briefest existance is very insignificant lets remo

Fix mysqli_get_client_stats test

MySQL removed RENAME DATABASE in 18300001c1dbbfddf9a0adcbaeea68956102bdd0
(Sept 2007, 5.1.23). As this briefest existance is very insignificant lets remove it.

It also breaks when testing against MariaDB.

As the alternate path in this test covers all supported MySQL and MariaDB
versions and a signifant portion of unsupported versions lets keep it simple.

Closes GH-6459.

show more ...