add missing NEWS entries for 5.6.27

Fix #73280: Stack Buffer Overflow in GD dynamicGetbuf

We make sure to never pass a negative `rlen` as size to memcpy().

Cf. <https://github.com/libgd/libgd/commit/53110871>.

Clear FG(user_stream_current_filename) when bailing out

If a userwrapper opener E_ERRORs then FG(user_stream_current_filename)
would remain set until the next request and would not be po

Clear FG(user_stream_current_filename) when bailing out

If a userwrapper opener E_ERRORs then FG(user_stream_current_filename)
would remain set until the next request and would not be pointing
at unallocated memory.

Catch the bailout, clear the variable, then continue bailing.

Closes https://bugs.php.net/bug.php?id=73188

show more ...

Merge branch 'PHP-5.6.27' into PHP-5.6

* PHP-5.6.27:
Fix tests
fix tsrm
Fix bug #73284 - heap overflow in php_ereg_replace function
Fix bug #73276 - crash in openssl_

Merge branch 'PHP-5.6.27' into PHP-5.6

* PHP-5.6.27:
Fix tests
fix tsrm
Fix bug #73284 - heap overflow in php_ereg_replace function
Fix bug #73276 - crash in openssl_random_pseudo_bytes function
Fix bug #73293 - NULL pointer dereference in SimpleXMLElement::asXML()
fix bug #73275 - crash in openssl_encrypt function
Fix for #73240 - Write out of bounds at number_format
Bug #73218: add mitigation for ICU int overflow
Add more locale length checks, due to ICU bugs.
Fix bug #73208 - another missing length check
Fix bug #73190: memcpy negative parameter _bc_new_num_ex
Fix bug #73189 - Memcpy negative size parameter php_resolve_path
Fixed bug #73174 - heap overflow in php_pcre_replace_impl
Fix bug #73150: missing NULL check in dom_document_save_html
Fix bug #73147: Use After Free in PHP7 unserialize()
Fix bug #73082
Fix bug #73073 - CachingIterator null dereference when convert to string

show more ...

Fix tests

fix tsrm

Fix bug #73284 - heap overflow in php_ereg_replace function

Fix bug #73276 - crash in openssl_random_pseudo_bytes function

Fix bug #73293 - NULL pointer dereference in SimpleXMLElement::asXML()

fix bug #73275 - crash in openssl_encrypt function

Fix for #73240 - Write out of bounds at number_format

update NEWS

add test for bug #73037

Fix #73279: Integer overflow in gdImageScaleBilinearPalette()

The color components are supposed to be in range 0..255, so we must not
cast them to `signed char`, what can be the default

Fix #73279: Integer overflow in gdImageScaleBilinearPalette()

The color components are supposed to be in range 0..255, so we must not
cast them to `signed char`, what can be the default for `char`.

Port of <https://github.com/libgd/libgd/commit/77c8d359>.

show more ...

Fix #73272: imagescale() affects imagesetinterpolation()

We must not permanently change the interpolation method, but rather
have to restore the old method after we're done with scaling

Fix #73272: imagescale() affects imagesetinterpolation()

We must not permanently change the interpolation method, but rather
have to restore the old method after we're done with scaling the image.

show more ...

fix leak

Fix bug #73192

Revert "Fixed test"

This reverts commit a10d03ac166daba646b6023e0f12e9ee8040c909.

Revert "Added validation to parse_url() to prohibit restricted characters inside login/pass components based on RFC3986"

This reverts commit 085dfca02b64588317a233eb191d07a75511fff2.

Fix bug #73037, second round

Bug #73218: add mitigation for ICU int overflow

Add more locale length checks, due to ICU bugs.

Fixed test

Added validation to parse_url() to prohibit restricted characters inside login/pass components based on RFC3986

Apparently negative wordwrap is a thing and should work as length = 0.

I'll leave it as is for now.