#
96dd310c |
| 03-Nov-2021 |
George Peter Banyard |
Fix Bug #81588 TokyoCabinet driver leaks memory
|
#
05b212bb |
| 02-Nov-2021 |
Derick Rethans |
Prepare for 7.4.27
|
#
f4572d9e |
| 25-Oct-2021 |
Christoph M. Becker |
[ci skip] Fix NEWS Bug #81026 has already been fixed in PHP 7.4.25 and 8.0.12.
|
#
d3d6d790 |
| 21-Oct-2021 |
Christoph M. Becker |
Fix #76167: mbstring may use pointer from some previous request We must not reuse per-request memory across multiple requests, so this check triggered during RINIT makes no sense. As ex
Fix #76167: mbstring may use pointer from some previous request We must not reuse per-request memory across multiple requests, so this check triggered during RINIT makes no sense. As explained in the bug report[1], it can be even harmful, if some request startup fails, and the pointers refer to already freed memory in the next request. [1] <https://bugs.php.net/76167> Closes GH-7604.
show more ...
|
#
6ab9b386 |
| 18-Oct-2021 |
Stanislav Malyshev |
Add FPM fix news
|
#
866adb12 |
| 15-Oct-2021 |
Christoph M. Becker |
Fix #81500: Interval serialization regression since 7.3.14 / 7.4.2 While it may not be desired, `DateInterval::$f` supports negative values, at least with regard to calculations. We sti
Fix #81500: Interval serialization regression since 7.3.14 / 7.4.2 While it may not be desired, `DateInterval::$f` supports negative values, at least with regard to calculations. We still need to guard from assigning double values which are out of range for signed 64bit integers (which would be undefined behavior). zend_dval_to_lval() does this by returning `0` instead of triggering UB. This way we can avoid setting the invalid marker, which doesn't work as expected anyway. We must not do that only for unserialization, but also when the property is set in the first place. We need to adapt some of the existing tests wrt. this behavior. In particular, we check for an arbitrary value in bug79015.phpt, to cater to differences between 32bit and 64bit architectures. Closes GH-7575.
show more ...
|
#
36576936 |
| 12-Oct-2021 |
Christoph M. Becker |
Fix #81518: Header injection via default_mimetype / default_charset We forbid setting these INI options to values containing NUL bytes, CR or LF. Closes GH-7574.
|
#
788a701e |
| 12-Oct-2021 |
Christoph M. Becker |
Fix #81424: PCRE2 10.35 JIT performance regression We backport the respective upstream fix[1] to our bundled pcre2lib plus the follow-up fix[2] for a functional regression. [1]
Fix #81424: PCRE2 10.35 JIT performance regression We backport the respective upstream fix[1] to our bundled pcre2lib plus the follow-up fix[2] for a functional regression. [1] <https://github.com/PhilipHazel/pcre2/commit/dc5f96663597572f694147aeec3525003c351123> [2] <https://github.com/PhilipHazel/pcre2/commit/e7af7efaa11f71b187b0432e9e60f18ba4d90a0c> Closes GH-7573.
show more ...
|
#
fcabe693 |
| 08-Oct-2021 |
Nikita Popov |
Fixed bug #81494 Use the proper error reporting mechanism rather than throwing a warning. This requires something of a hack because we don't have direct access to the connection obje
Fixed bug #81494 Use the proper error reporting mechanism rather than throwing a warning. This requires something of a hack because we don't have direct access to the connection object at this point.
show more ...
|
#
15197702 |
| 07-Oct-2021 |
Nikita Popov |
Fixed bug #54350 Don't allow calling fclose() on the stream while in the user filter callback. This is basically the same protection as xp_ssl streams use during callback invocations
Fixed bug #54350 Don't allow calling fclose() on the stream while in the user filter callback. This is basically the same protection as xp_ssl streams use during callback invocations. There are more issues in this general area (e.g. stack overflow on stream_filter_remove), but this addresses freeing the stream during the filter callback invocation at least.
show more ...
|
#
e5d35a32 |
| 05-Oct-2021 |
Derick Rethans |
Prepare branch for 7.4.26-dev
|
#
a19f655b |
| 05-Oct-2021 |
Christoph M. Becker |
Revert "Fix #81424: PCRE2 10.35 JIT performance regression" This reverts commit a2471383fec332ae30827c7e3f4f9451420f1f0b. Fixing the performance regression, apparently fixes a funct
Revert "Fix #81424: PCRE2 10.35 JIT performance regression" This reverts commit a2471383fec332ae30827c7e3f4f9451420f1f0b. Fixing the performance regression, apparently fixes a functional regression[1], so we revert for now. [1] <https://github.com/PhilipHazel/pcre2/issues/21> Closes GH-7556.
show more ...
|
#
e0c0de00 |
| 29-Sep-2021 |
Christoph M. Becker |
Fix #77978: Dirname ending in colon unzips to wrong dir When making the relative path, we must not stop on a `:\` sequence in the middle of the filename. This is only significant on Win
Fix #77978: Dirname ending in colon unzips to wrong dir When making the relative path, we must not stop on a `:\` sequence in the middle of the filename. This is only significant on Windows as it may indicate an absolute filename, but this is already checked at the beginning of the function. Note that the bug and this patch affects all systems. However, on Windows the file is no longer extracted at all, since Windows NTSF does not allow filenames containing colons. Closes GH-7528.
show more ...
|
#
02778cdd |
| 04-Oct-2021 |
Stanislav Malyshev |
[ci skip] Add missing NEWS
|
#
4d442714 |
| 30-Sep-2021 |
Christoph M. Becker |
Fix #81490: ZipArchive::extractTo() may leak memory We always need to free the CWD state. Closes GH-7536.
|
#
23e13e2c |
| 24-Sep-2021 |
Christoph M. Becker |
Fix #81475: stream_isatty emits warning with attached stream wrapper We must not issue warnings, if `show_err` is false. Closes GH-7513.
|
#
2d668409 |
| 21-Sep-2021 |
Christoph M. Becker |
Fix #80663: Recursive SplFixedArray::setSize() may cause double-free We address the `::setSize(0)` case by setting `array->element = NULL` and `array->size = 0` before we destroy the ele
Fix #80663: Recursive SplFixedArray::setSize() may cause double-free We address the `::setSize(0)` case by setting `array->element = NULL` and `array->size = 0` before we destroy the elements. Co-authored-by: Tyson Andre <tyson.andre@uwaterloo.ca> Closes GH-7503.
show more ...
|
#
96a5b4e4 |
| 21-Sep-2021 |
Christoph M. Becker |
[ci skip] Add missing CVE to NEWS
|
#
bb847223 |
| 21-Sep-2021 |
Christoph M. Becker |
[ci skip] Add missing NEWS entry
|
#
288c25f7 |
| 20-Sep-2021 |
Christoph M. Becker |
Fix #61700: FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing It makes no sense to compare IPv6 address ranges as strings; there are too many different representation possibilities.
Fix #61700: FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing It makes no sense to compare IPv6 address ranges as strings; there are too many different representation possibilities. Instead, we change `_php_filter_validate_ipv6()` so that it can calculate the IP address as integer array. We do not rely on `inet_pton()` which may not be available everywhere, at least IPv6 support may not, but rather parse the IP address manually. Finally, we compare the integers. Note that this patch does not fix what we consider as reserved and private, respectively, but merely tries to keep what we had so far. Co-authored-by: Nikita Popov <nikita.ppv@gmail.com> Closes GH-7476.
show more ...
|
#
49c9fbbf |
| 19-Sep-2021 |
Anatol Belski |
NEWS: Add note for bug #78987 Signed-off-by: Anatol Belski <ab@php.net>
|
#
a9661a52 |
| 15-Sep-2021 |
Aliaksandr Bystry |
Fix #70962: XML_OPTION_SKIP_WHITE strips embedded whitespace We must never strip embedded whitespace; we only need to skip values when that option is set, and make sure that we keep BC r
Fix #70962: XML_OPTION_SKIP_WHITE strips embedded whitespace We must never strip embedded whitespace; we only need to skip values when that option is set, and make sure that we keep BC regarding the different behavior for "cdata" and "complete" elements (for the former, the whole element is skipped; for the latter only the "value" key). We also fix erroneous `int` types which should actually be `size_t`. Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de> Closes GH-7493.
show more ...
|
#
0badc7de |
| 15-Sep-2021 |
Dmitry Stogov |
Fixed bug #79576 ("TYPE *" shows unhelpful message when type is not defined)
|
#
a2471383 |
| 10-Sep-2021 |
Christoph M. Becker |
Fix #81424: PCRE2 10.35 JIT performance regression We backport the respective upstream fix[1] to our bundled pcre2lib. [1] <https://github.com/PhilipHazel/pcre2/commit/dc5f966635975
Fix #81424: PCRE2 10.35 JIT performance regression We backport the respective upstream fix[1] to our bundled pcre2lib. [1] <https://github.com/PhilipHazel/pcre2/commit/dc5f96663597572f694147aeec3525003c351123> Closes GH-7484.
show more ...
|
#
424c2654 |
| 10-Sep-2021 |
Viktor |
Fix #81433: DOMElement::setIdAttribute() called twice may remove ID We must only remove the attribute id, if the user requested that. Closes GH-7482.
|