Bumb versions

Update NEWS

Fix bug #81738 (buffer overflow in hash_update() on long parameter)

Prepare for next release

Prepare for 7.4.32

Add CVEs

Fix #81726: phar wrapper: DOS when using quine gzip file

The phar wrapper needs to uncompress the file; the uncompressed file
might be compressed, so the wrapper implementation loops. Th

Fix #81726: phar wrapper: DOS when using quine gzip file

The phar wrapper needs to uncompress the file; the uncompressed file
might be compressed, so the wrapper implementation loops. This raises
potential DOS issues regarding too deep or even infinite recursion (the
latter are called compressed file quines[1]). We avoid that by
introducing a recursion limit; we choose the somewhat arbitrary limit
`3`.

This issue has been reported by real_as3617 and gPayl0ad.

[1] <https://honno.dev/gzip-quine/>

show more ...

Fix #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning.

[ci skip] missing CVE

Update NEWS

Prepare for 7.4.30

Add tz update into NEWS

Prep NEWS for 7.4.29 release

Prepare for 7.4.29

Add fix to NEWS

Prepare for 7.4.28

Fix #74604: Out of bounds in php_pcre_replace_impl

Trying to allocate a `zend_string` with a length only slighty smaller
than `SIZE_MAX` causes an integer overflow; we make sure that thi

Fix #74604: Out of bounds in php_pcre_replace_impl

Trying to allocate a `zend_string` with a length only slighty smaller
than `SIZE_MAX` causes an integer overflow; we make sure that this
doesn't happen by catering to the maximal overhead of a `zend_string`.

Closes GH-7597.

show more ...

Fix #81659: stream_get_contents() may unnecessarily overallocate

Since we're going to read from the current stream position anyway, the
`max_len` should be the size of the file minus the

Fix #81659: stream_get_contents() may unnecessarily overallocate

Since we're going to read from the current stream position anyway, the
`max_len` should be the size of the file minus the current position
(still catering to potentially filtered streams). We must, however,
make sure to cater to the file position being beyond the actual file
size.

While we're at, we also fix the step size in the comment, which is 8K.

A further optimization could be done for unfiltered streams, thus
saving that step size, but 8K might not be worth it.

Closes GH-7693.

show more ...

Fix #75725: ./configure: detecting RAND_egd

Closes GH-7668.

[ci skip] Fix news entry for bug #79971

[ci skip] Update NEWS

Fixed bug #81626

Backport of a8926474cb2c68cde2a7c0d19bcd95cdbda55ad2 to 7.4.

Fix bug #81618: Correct dns_get_record on FreeBSD

Modify dns_get_record to test for records result based on dns_errno to
accommodate modern FreeBSD, for which res_nsearch() does not upda

Fix bug #81618: Correct dns_get_record on FreeBSD

Modify dns_get_record to test for records result based on dns_errno to
accommodate modern FreeBSD, for which res_nsearch() does not update
h_errno directly. Add new php_dns_errno macro, and have it consult
statp->res_h_errno when OS has res_nsearch().

Closes GH-7655.

show more ...

Fix bug #81513 (Future possibility for heap overflow in FPM zlog)

This fixes currently unused code path in zlog that could lead to
the heap overflow in the future.

Fix #71316: libpng warning from imagecreatefromstring

We backport the respective upstream fix[1] to our bundled libgd.

[1] <https://github.com/libgd/libgd/commit/636100b9280a86e70d8

Fix #71316: libpng warning from imagecreatefromstring

We backport the respective upstream fix[1] to our bundled libgd.

[1] <https://github.com/libgd/libgd/commit/636100b9280a86e70d852d89251fc5492fce33f4>

Closes GH-7615.

show more ...