#
509906b2 |
| 12-Jun-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-11438: mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters https://dev.mysql.com/doc/dev/mysql-server/latest/page_caching_sha2_authen
Fix GH-11438: mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters https://dev.mysql.com/doc/dev/mysql-server/latest/page_caching_sha2_authentication_exchanges.html tells us that the nonce used in this authentication method is 20 bytes long. However, we might receive additional scramble data in php_mysqlnd_greet_read not used in this method. On my test setup, I received 21 bytes (20 bytes + '\0'). This resulted in the xor computation to incorrectly include the NUL byte. Every password of at least 20 characters therefore failed to authenticate using this method. Looking at mysql-server source code also seems to reveal that it always uses a fixed number of scramble bytes [1]. [1] https://github.com/mysql/mysql-server/blob/ea7087d885006918ad54458e7aad215b1650312c/sql/auth/sha2_password.cc#L1078-L1079 Closes GH-11445. Co-authored-by: Kamil Tekiela <tekiela246@gmail.com>
show more ...
|
#
94127c53 |
| 12-Jun-2023 |
nielsdos <7771979+nielsdos@users.noreply.github.com> |
Fix GH-11440: authentication to a sha256_password account fails over SSL This is similar to bug #78680, but that bug wasn't really fixed in all places. This is the only remaining place.
Fix GH-11440: authentication to a sha256_password account fails over SSL This is similar to bug #78680, but that bug wasn't really fixed in all places. This is the only remaining place. Closes GH-11444.
show more ...
|
Revision tags: php-8.2.0RC1, php-8.1.10, php-8.0.23, php-8.0.23RC1, php-8.1.10RC1, php-8.2.0beta3, php-8.2.0beta2, php-8.1.9, php-8.0.22, php-8.1.9RC1, php-8.2.0beta1, php-8.0.22RC1, php-8.0.21, php-8.1.8, php-8.2.0alpha3, php-8.1.8RC1, php-8.2.0alpha2, php-8.0.21RC1, php-8.0.20, php-8.1.7, php-8.2.0alpha1, php-7.4.30, php-8.1.7RC1, php-8.0.20RC1, php-8.1.6, php-8.0.19, php-8.1.6RC1, php-8.0.19RC1, php-8.0.18, php-8.1.5, php-7.4.29, php-8.1.5RC1, php-8.0.18RC1, php-8.1.4, php-8.0.17, php-8.1.4RC1, php-8.0.17RC1, php-8.1.3, php-8.0.16, php-7.4.28, php-8.1.3RC1, php-8.0.16RC1, php-8.1.2, php-8.0.15, php-8.1.2RC1, php-8.0.15RC1, php-8.0.14, php-8.1.1, php-7.4.27, php-8.1.1RC1, php-8.0.14RC1, php-7.4.27RC1, php-8.1.0, php-8.0.13, php-7.4.26, php-7.3.33, php-8.1.0RC6, php-7.4.26RC1, php-8.0.13RC1, php-8.1.0RC5, php-7.3.32, php-7.4.25, php-8.0.12, php-8.1.0RC4, php-8.0.12RC1, php-7.4.25RC1, php-8.1.0RC3, php-8.0.11, php-7.4.24, php-7.3.31, php-8.1.0RC2, php-7.4.24RC1, php-8.0.11RC1, php-8.1.0RC1, php-7.4.23, php-8.0.10, php-7.3.30 |
|
#
a893a490 |
| 20-Aug-2021 |
Kamil Tekiela |
Implement mysqlnd_set_persistent_string (#7371) |
Revision tags: php-8.1.0beta3 |
|
#
d902b3a8 |
| 13-Aug-2021 |
Kamil Tekiela |
Replace macro with inline function (#7365) |
#
1c675b9d |
| 10-Aug-2021 |
Nikita Popov |
Switch mysqlnd auth to EVP_PKEY API |
Revision tags: php-8.0.10RC1, php-7.4.23RC1, php-8.1.0beta2, php-8.0.9, php-7.4.22, php-8.1.0beta1, php-7.4.22RC1, php-8.0.9RC1, php-8.1.0alpha3, php-7.4.21, php-7.3.29 |
|
#
aff36587 |
| 29-Jun-2021 |
Patrick Allaert |
Fixed some spaces used instead of tabs |
Revision tags: php-8.0.8, php-8.1.0alpha2 |
|
#
3acdab86 |
| 16-Jun-2021 |
Nikita Popov |
Fix printf formats in mysql debug logging Enable printf format verification and fix the reported errors. |
Revision tags: php-7.4.21RC1, php-8.0.8RC1, php-8.1.0alpha1, php-8.0.7, php-7.4.20, php-8.0.7RC1, php-7.4.20RC1 |
|
#
01b3fc03 |
| 06-May-2021 |
KsaR |
Update http->https in license (#6945) 1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https. 2. Update few license 3.0 to 3.01 as
Update http->https in license (#6945) 1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https. 2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier". 3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted. 4. fixed indentation in some files before |
show more ...
|
Revision tags: php-8.0.6, php-7.4.19, php-7.4.18, php-7.3.28, php-8.0.5, php-8.0.5RC1, php-7.4.18RC1, php-8.0.4RC1, php-7.4.17RC1, php-8.0.3, php-7.4.16, php-8.0.3RC1, php-7.4.16RC1 |
|
#
f01ad22b |
| 15-Feb-2021 |
Nikita Popov |
Merge branch 'PHP-8.0' * PHP-8.0: Fix #78680: mysqlnd pam plugin missing terminating null
|
#
8b9dd0a3 |
| 15-Feb-2021 |
Nikita Popov |
Merge branch 'PHP-7.4' into PHP-8.0 * PHP-7.4: Fix #78680: mysqlnd pam plugin missing terminating null
|
#
36466042 |
| 05-Feb-2021 |
Daniel Black |
Fix #78680: mysqlnd pam plugin missing terminating null The PAM service requires the terminating null to be part of the communication. Tested with MariaDB-10.4(pam) and Percona
Fix #78680: mysqlnd pam plugin missing terminating null The PAM service requires the terminating null to be part of the communication. Tested with MariaDB-10.4(pam) and Percona Server 5.7.32(auth_pam_compat). Also changed MySQL Enterprise test to the server side plugin, authentication_pam as opposed to the client plugin mysql_clear_password. Add additional check for pamtest user and pam service file as all are required for the test. More importantly, test result should actually succeed. Thanks Geoff Montee for bug report. Closes GH-78680.
show more ...
|
Revision tags: php-8.0.2, php-7.4.15, php-7.3.27, php-8.0.2RC1, php-7.4.15RC2, php-7.4.15RC1 |
|
#
3e01f5af |
| 15-Jan-2021 |
Nikita Popov |
Replace zend_bool uses with bool We're starting to see a mix between uses of zend_bool and bool. Replace all usages with the standard bool type everywhere. Of course, zend_bool
Replace zend_bool uses with bool We're starting to see a mix between uses of zend_bool and bool. Replace all usages with the standard bool type everywhere. Of course, zend_bool is retained as an alias.
show more ...
|
Revision tags: php-8.0.1, php-7.4.14, php-7.3.26 |
|
#
2f1d32d2 |
| 21-Dec-2020 |
Dharman |
Avoid throwing warnings in mysqlnd Instead report them as proper client errors. Closes GH-6530. |
Revision tags: php-7.4.14RC1, php-8.0.1RC1, php-7.3.26RC1 |
|
#
5d9bd14c |
| 14-Dec-2020 |
Nikita Popov |
MySQLnd: Remove some unnecessary allocator failure checks emalloc/pemalloc are infallible. |
Revision tags: php-8.0.0, php-7.3.25, php-7.4.13, php-8.0.0RC5, php-7.4.13RC1, php-8.0.0RC4, php-7.3.25RC1, php-7.4.12, php-8.0.0RC3, php-7.3.24, php-8.0.0RC2, php-7.4.12RC1, php-7.3.24RC1, php-7.2.34, php-8.0.0rc1, php-7.4.11, php-7.3.23, php-8.0.0beta4, php-7.4.11RC1, php-7.3.23RC1, php-8.0.0beta3, php-7.4.10, php-7.3.22, php-8.0.0beta2, php-7.3.22RC1, php-7.4.10RC1, php-8.0.0beta1, php-7.4.9, php-7.2.33, php-7.3.21, php-8.0.0alpha3, php-7.4.9RC1, php-7.3.21RC1, php-7.4.8, php-7.2.32, php-8.0.0alpha2, php-7.3.20, php-8.0.0alpha1, php-7.4.8RC1, php-7.3.20RC1, php-7.4.7, php-7.3.19 |
|
#
5a04796f |
| 27-May-2020 |
Christoph M. Becker |
Fix MSVC level 1 (severe) warnings We fix (hopefully) all instances of: * <https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-1-c4005>
Fix MSVC level 1 (severe) warnings We fix (hopefully) all instances of: * <https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-1-c4005> * <https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-1-c4024> * <https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-1-c4028> * <https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-1-c4047> * <https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-1-c4087> * <https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-1-c4090> * <https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-1-c4273> * <https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-1-c4312> `zend_llist_add_element()` and `zend_llist_prepend_element()` now explicitly expect a *const* pointer. We use the macro `ZEND_VOIDP()` instead of a `(void*)` cast to suppress C4090; this should prevent accidential removal of the cast by clarifying the intention, and makes it easier to remove the casts if the issue[1] will be resolved sometime. [1] <https://developercommunity.visualstudio.com/content/problem/390711/c-compiler-incorrect-propagation-of-const-qualifie.html>
show more ...
|
Revision tags: php-7.4.7RC1, php-7.3.19RC1, php-7.4.6, php-7.2.31, php-7.4.6RC1, php-7.3.18RC1, php-7.2.30, php-7.4.5, php-7.3.17 |
|
#
6e1ff5f9 |
| 03-Apr-2020 |
Nikita Popov |
Merge branch 'PHP-7.4' * PHP-7.4: Fix incorrect free for last_message
|
#
37a179bd |
| 03-Apr-2020 |
Nikita Popov |
Merge branch 'PHP-7.3' into PHP-7.4 * PHP-7.3: Fix incorrect free for last_message
|
#
ee21657a |
| 03-Apr-2020 |
Qianqian Bu |
Fix incorrect free for last_message In commit a7305eb539596e175bd6c3ae9a20953358c5d677 the last_message field of the connection object was changed to be always non-persistent. But th
Fix incorrect free for last_message In commit a7305eb539596e175bd6c3ae9a20953358c5d677 the last_message field of the connection object was changed to be always non-persistent. But there is a place on change_user path that still treats it depending on conn->persistent flag. This will cause PHP crash after com_change_user success when there is last_message set
show more ...
|
Revision tags: php-7.4.5RC1, php-7.3.17RC1 |
|
#
3b26a386 |
| 23-Mar-2020 |
Christoph M. Becker |
Merge branch 'PHP-7.4' * PHP-7.4: Fix leak on Windows as well
|
#
0afdf194 |
| 23-Mar-2020 |
Christoph M. Becker |
Fix leak on Windows as well Cf. <http://git.php.net/?p=php-src.git;a=commit;h=db08ef0d3274b239a6b9e68d71d02bb6acb71d82> |
#
e9c2dec7 |
| 23-Mar-2020 |
Nikita Popov |
Merge branch 'PHP-7.4' * PHP-7.4: Fix RSA memory leak in mysqlnd auth
|
#
db08ef0d |
| 23-Mar-2020 |
Nikita Popov |
Fix RSA memory leak in mysqlnd auth |
Revision tags: php-7.3.18, php-7.4.4, php-7.2.29, php-7.3.16, php-7.4.4RC1, php-7.3.16RC1 |
|
#
3abe64f1 |
| 02-Mar-2020 |
Christoph M. Becker |
Merge branch 'PHP-7.4' * PHP-7.4: Native Windows support for mysqlnd sha256 authentification Abstract over crypto operations
|
#
a0377021 |
| 26-Feb-2020 |
Christoph M. Becker |
Native Windows support for mysqlnd sha256 authentification We implement that on top of Cryptography API: Next Generation (CNG). |
#
a7400d5f |
| 26-Feb-2020 |
Christoph M. Becker |
Abstract over crypto operations |