[PHP-CVS] com php-src: add CVE: NEWS
Commit:460f932ea9b98482c2ce90ca36f377a1ea58241e Author:Stanislav Malyshev s...@php.net Mon, 28 May 2012 18:59:31 -0700 Parents: 523bf03cd8e66fd345cddd56df73c31af7bf9186 Branches: PHP-5.4.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=460f932ea9b98482c2ce90ca36f377a1ea58241e Log: add CVE Changed paths: M NEWS Diff: diff --git a/NEWS b/NEWS index 2d5b82c..0f2d7f9 100644 --- a/NEWS +++ b/NEWS @@ -54,7 +54,7 @@ PHP NEWS . Changed php://fd to be available only for CLI. - Phar: - . Fix bug #61065 (Secunia SA44335). (Rasmus) + . Fix bug #61065 (Secunia SA44335, CVE-2012-2386). (Rasmus) - Pgsql: . Added pg_escape_identifier/pg_escape_literal. (Yasuo Ohgaki) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: fix unchecked emalloc: ext/phar/tar.c
Commit:523bf03cd8e66fd345cddd56df73c31af7bf9186 Author:Stanislav Malyshev s...@php.net Mon, 28 May 2012 18:54:15 -0700 Parents: 9b3358599f587f529d584d2388fe3ef42742c768 Branches: PHP-5.4.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=523bf03cd8e66fd345cddd56df73c31af7bf9186 Log: fix unchecked emalloc Changed paths: M ext/phar/tar.c Diff: diff --git a/ext/phar/tar.c b/ext/phar/tar.c index b914db1..917734c 100644 --- a/ext/phar/tar.c +++ b/ext/phar/tar.c @@ -38,7 +38,7 @@ static php_uint32 phar_tar_number(char *buf, int len) /* {{{ */ /* }}} */ /* adapted from format_octal() in libarchive - * + * * Copyright (c) 2003-2009 Tim Kientzle * All rights reserved. * @@ -161,7 +161,7 @@ static int phar_tar_process_metadata(phar_entry_info *entry, php_stream *fp TSRM size_t save = php_stream_tell(fp), read; phar_entry_info *mentry; - metadata = (char *) emalloc(entry-uncompressed_filesize + 1); + metadata = (char *) safe_emalloc(1, entry-uncompressed_filesize, 1); read = php_stream_read(fp, metadata, entry-uncompressed_filesize); if (read != entry-uncompressed_filesize) { @@ -377,7 +377,7 @@ bail: } read = php_stream_read(fp, buf, sizeof(buf)); - + if (read != sizeof(buf)) { efree(entry.filename); if (error) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: update NEWS: NEWS
Commit:9b3358599f587f529d584d2388fe3ef42742c768 Author:Stanislav Malyshev s...@php.net Mon, 28 May 2012 18:17:21 -0700 Parents: bb963a5f501c7b12cdeaf9f92122aaa0e1209adc Branches: PHP-5.4.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=9b3358599f587f529d584d2388fe3ef42742c768 Log: update NEWS Changed paths: M NEWS Diff: diff --git a/NEWS b/NEWS index 34afd5c..2d5b82c 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,17 @@ PHPNEWS ||| 30 May 2012, PHP 5.4.4 RC2 +- COM: + . Fixed bug #62146 com_dotnet cannot be built shared. (Johannes) + +- Core: + . Fixed bug #62097 (fix for for bug #54547). (Gustavo) + +- Intl: + . Fixed bug #62082 (Memory corruption in internal function +get_icu_disp_value_src_php()). (Gustavo) + +17 May 2012, PHP 5.4.4 RC1 - CLI Server: . Implemented FR #61977 (Need CLI web-server support for files with .htm -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fix bug #62146 com_dotnet cannot be built shared, tested by Anatoliy: ext/com_dotnet/com_misc.c ext/com_dotnet/com_olechar.c ext/com_dotnet/com_persist.c ext/com_dotnet/com_typ
Commit:bb963a5f501c7b12cdeaf9f92122aaa0e1209adc Author:Johannes Schlüter johan...@php.net Fri, 25 May 2012 00:22:25 +0200 Committer: Stanislav Malyshev s...@php.net Mon, 28 May 2012 17:39:39 -0700 Parents: 78ff9ebb6bb501dff995727512c38fdeff50021b Branches: PHP-5.4.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=bb963a5f501c7b12cdeaf9f92122aaa0e1209adc Log: Fix bug #62146 com_dotnet cannot be built shared, tested by Anatoliy Bugs: https://bugs.php.net/62146 Changed paths: M ext/com_dotnet/com_misc.c M ext/com_dotnet/com_olechar.c M ext/com_dotnet/com_persist.c M ext/com_dotnet/com_typeinfo.c M ext/com_dotnet/com_variant.c M ext/com_dotnet/com_wrapper.c M ext/com_dotnet/php_com_dotnet.h M ext/com_dotnet/php_com_dotnet_internal.h diff --git a/ext/com_dotnet/com_misc.c b/ext/com_dotnet/com_misc.c index 1158354..33bd638 100644 --- a/ext/com_dotnet/com_misc.c +++ b/ext/com_dotnet/com_misc.c @@ -42,7 +42,7 @@ void php_com_throw_exception(HRESULT code, char *message TSRMLS_DC) } } -PHPAPI void php_com_wrap_dispatch(zval *z, IDispatch *disp, +PHP_COM_DOTNET_API void php_com_wrap_dispatch(zval *z, IDispatch *disp, int codepage TSRMLS_DC) { php_com_dotnet_object *obj; @@ -65,7 +65,7 @@ PHPAPI void php_com_wrap_dispatch(zval *z, IDispatch *disp, z-value.obj.handlers = php_com_object_handlers; } -PHPAPI void php_com_wrap_variant(zval *z, VARIANT *v, +PHP_COM_DOTNET_API void php_com_wrap_variant(zval *z, VARIANT *v, int codepage TSRMLS_DC) { php_com_dotnet_object *obj; @@ -92,7 +92,7 @@ PHPAPI void php_com_wrap_variant(zval *z, VARIANT *v, /* this is a convenience function for fetching a particular * element from a (possibly multi-dimensional) safe array */ -PHPAPI int php_com_safearray_get_elem(VARIANT *array, VARIANT *dest, LONG dim1 TSRMLS_DC) +PHP_COM_DOTNET_API int php_com_safearray_get_elem(VARIANT *array, VARIANT *dest, LONG dim1 TSRMLS_DC) { UINT dims; LONG lbound, ubound; diff --git a/ext/com_dotnet/com_olechar.c b/ext/com_dotnet/com_olechar.c index 903cd9d..e57c734 100644 --- a/ext/com_dotnet/com_olechar.c +++ b/ext/com_dotnet/com_olechar.c @@ -30,7 +30,7 @@ #include php_com_dotnet_internal.h -PHPAPI OLECHAR *php_com_string_to_olestring(char *string, uint string_len, int codepage TSRMLS_DC) +PHP_COM_DOTNET_API OLECHAR *php_com_string_to_olestring(char *string, uint string_len, int codepage TSRMLS_DC) { OLECHAR *olestring = NULL; DWORD flags = codepage == CP_UTF8 ? 0 : MB_PRECOMPOSED | MB_ERR_INVALID_CHARS; @@ -65,7 +65,7 @@ PHPAPI OLECHAR *php_com_string_to_olestring(char *string, uint string_len, int c return olestring; } -PHPAPI char *php_com_olestring_to_string(OLECHAR *olestring, uint *string_len, int codepage TSRMLS_DC) +PHP_COM_DOTNET_API char *php_com_olestring_to_string(OLECHAR *olestring, uint *string_len, int codepage TSRMLS_DC) { char *string; uint length = 0; diff --git a/ext/com_dotnet/com_persist.c b/ext/com_dotnet/com_persist.c index 233d4a1..7c035f6 100755 --- a/ext/com_dotnet/com_persist.c +++ b/ext/com_dotnet/com_persist.c @@ -268,7 +268,7 @@ static void istream_destructor(php_istream *stm TSRMLS_DC) } /* }}} */ -PHPAPI IStream *php_com_wrapper_export_stream(php_stream *stream TSRMLS_DC) +PHP_COM_DOTNET_API IStream *php_com_wrapper_export_stream(php_stream *stream TSRMLS_DC) { php_istream *stm = (php_istream*)CoTaskMemAlloc(sizeof(*stm)); diff --git a/ext/com_dotnet/com_typeinfo.c b/ext/com_dotnet/com_typeinfo.c index f0a8450..f57b97f 100644 --- a/ext/com_dotnet/com_typeinfo.c +++ b/ext/com_dotnet/com_typeinfo.c @@ -35,7 +35,7 @@ * b) a CLSID, major, minor e.g. {0200--0010-8000-00AA006D2EA4},2,0 * c) a Type Library name e.g. Microsoft OLE DB ActiveX Data Objects 1.0 Library */ -PHPAPI ITypeLib *php_com_load_typelib(char *search_string, int codepage TSRMLS_DC) +PHP_COM_DOTNET_API ITypeLib *php_com_load_typelib(char *search_string, int codepage TSRMLS_DC) { ITypeLib *TL = NULL; char *strtok_buf, *major, *minor; @@ -153,7 +153,7 @@ PHPAPI ITypeLib *php_com_load_typelib(char *search_string, int codepage TSRMLS_D } /* Given a type-library, merge it into the current engine state */ -PHPAPI int php_com_import_typelib(ITypeLib *TL, int mode, int codepage TSRMLS_DC) +PHP_COM_DOTNET_API int php_com_import_typelib(ITypeLib *TL, int mode, int codepage TSRMLS_DC) { int i, j, interfaces; TYPEKIND pTKind; @@ -228,7 +228,7 @@ void php_com_typelibrary_dtor(void *pDest) ITypeLib_Release(*Lib); } -PHPAPI ITypeLib *php_com_load_typelib_via_cache(char *search_string, +PHP_COM_DOTNET_API ITypeLib *php_com_load_typelib_via_cache(char *search_string, int codepage, int *cached TSRMLS_DC) { ITypeLib **TLp; diff --git a/ext/com_dotnet/com_variant.c b/ext/com_dotnet/com_variant.c index
[PHP-CVS] com php-src: Fixed bug #62097: Zend/tests/bug62097.phpt Zend/zend_operators.c
Commit:78ff9ebb6bb501dff995727512c38fdeff50021b Author:Gustavo André dos Santos Lopes cataphr...@php.net Tue, 22 May 2012 12:36:28 +0200 Committer: Stanislav Malyshev s...@php.net Wed, 23 May 2012 19:00:27 -0500 Parents: 9ab21b15af2992ce4530623dcbe971e6f1ed3a95 Branches: PHP-5.4.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=78ff9ebb6bb501dff995727512c38fdeff50021b Log: Fixed bug #62097 This fixes the fix for bug #54547 in 32-bit machines by accepting float comparisons in 32-bit machines as long as the integer is not larger than the mantissa. Bugs: https://bugs.php.net/62097 https://bugs.php.net/54547 Changed paths: A Zend/tests/bug62097.phpt M Zend/zend_operators.c Diff: diff --git a/Zend/tests/bug62097.phpt b/Zend/tests/bug62097.phpt new file mode 100644 index 000..bee72e7 --- /dev/null +++ b/Zend/tests/bug62097.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #62097: fix for bug #54547 is wrong for 32-bit machines +--SKIPIF-- +php +if (PHP_INT_MAX !== 2147483647) + die('skip for system with 32-bit wide longs only'); +--FILE-- +?php +var_dump(02147483647 == 2147483647, +02147483648 == 2147483648, +09007199254740991 == 9007199254740991, +09007199254740992 == 9007199254740992); +--EXPECT-- +bool(true) +bool(true) +bool(true) +bool(false) diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c index 8d4baa6..dd3ee2d 100644 --- a/Zend/zend_operators.c +++ b/Zend/zend_operators.c @@ -2041,7 +2041,13 @@ ZEND_API void zendi_smart_strcmp(zval *result, zval *s1, zval *s2) /* {{{ */ if ((ret1=is_numeric_string_ex(Z_STRVAL_P(s1), Z_STRLEN_P(s1), lval1, dval1, 0, oflow1)) (ret2=is_numeric_string_ex(Z_STRVAL_P(s2), Z_STRLEN_P(s2), lval2, dval2, 0, oflow2))) { +#if ULONG_MAX == 0x + if (oflow1 != 0 oflow1 == oflow2 dval1 - dval2 == 0. + ((oflow1 == 1 dval1 9007199254740991. /*0x1F*/) + || (oflow1 == -1 dval1 -9007199254740991.))) { +#else if (oflow1 != 0 oflow1 == oflow2 dval1 - dval2 == 0.) { +#endif /* both values are integers overflown to the same side, and the * double comparison may have resulted in crucial accuracy lost */ goto string_cmp; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: update NEWS: NEWS
Commit:9ab21b15af2992ce4530623dcbe971e6f1ed3a95 Author:Stanislav Malyshev s...@php.net Wed, 23 May 2012 18:50:06 -0500 Parents: 1a90173f27fa758218d41956108a58e06f6ebaf1 Branches: PHP-5.4.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=9ab21b15af2992ce4530623dcbe971e6f1ed3a95 Log: update NEWS Changed paths: M NEWS Diff: diff --git a/NEWS b/NEWS index a472227..34afd5c 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,6 @@ PHPNEWS ||| -17 May 2012, PHP 5.4.4 RC1 +30 May 2012, PHP 5.4.4 RC2 - CLI Server: . Implemented FR #61977 (Need CLI web-server support for files with .htm @@ -48,10 +48,6 @@ PHP NEWS - Pgsql: . Added pg_escape_identifier/pg_escape_literal. (Yasuo Ohgaki) -- Reflection: - . Implemented FR #61602 (Allow access to the name of constant -used as function/method parameter's default value). (reeze@gmail.com) - - FPM . Fixed bug #61812 (Uninitialised value used in libmagic). (Laruence, Gustavo) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fix typo while resolving conflicts: ext/reflection/php_reflection.c
Commit:b233c195792ce3af40166bb927471fa130a94627 Author:Xinchen Hui larue...@php.net Wed, 23 May 2012 13:43:49 +0800 Committer: Stanislav Malyshev s...@php.net Wed, 23 May 2012 18:45:21 -0500 Parents: 0eb02b874de8c97b6ee4c4226a95971e1d4d27ff Branches: PHP-5.4.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=b233c195792ce3af40166bb927471fa130a94627 Log: Fix typo while resolving conflicts Changed paths: M ext/reflection/php_reflection.c Diff: diff --git a/ext/reflection/php_reflection.c b/ext/reflection/php_reflection.c index fe50289..ccd587d 100644 --- a/ext/reflection/php_reflection.c +++ b/ext/reflection/php_reflection.c @@ -2593,7 +2593,7 @@ ZEND_METHOD(reflection_parameter, getDefaultValue) return; } precv = _get_recv_op((zend_op_array*)param-fptr, param-offset); - if (!precv || precv-opcode != ZEND_RECV_INIT || precv-op2_type == IS_UNUSED) { + if (!precv || precv-opcode != ZEND_RECV_INIT || precv-op2.op_type == IS_UNUSED) { zend_throw_exception_ex(reflection_exception_ptr, 0 TSRMLS_CC, Internal error); return; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Revert Implemented FR #61602 Allow access to name of constant used as default value: ext/reflection/php_reflection.c ext/reflection/tests/ReflectionParameter_DefaultValueConst
Commit:1a90173f27fa758218d41956108a58e06f6ebaf1 Author:Xinchen Hui larue...@php.net Wed, 23 May 2012 13:50:12 +0800 Committer: Stanislav Malyshev s...@php.net Wed, 23 May 2012 18:48:49 -0500 Parents: b233c195792ce3af40166bb927471fa130a94627 Branches: PHP-5.4.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=1a90173f27fa758218d41956108a58e06f6ebaf1 Log: Revert Implemented FR #61602 Allow access to name of constant used as default value This reverts commit 054f3e3ce5af13c2c3a6ccd54f7dc3e2f6cd4f74. See: http://news.php.net/php.cvs/69137 and the author confirmed. Will commit later after the author fixed this then make a new PR. Conflicts: ext/reflection/php_reflection.c Bugs: https://bugs.php.net/61602 Changed paths: M ext/reflection/php_reflection.c D ext/reflection/tests/ReflectionParameter_DefaultValueConstant_basic1.phpt D ext/reflection/tests/ReflectionParameter_DefaultValueConstant_basic2.phpt D ext/reflection/tests/ReflectionParameter_DefaultValueConstant_error.phpt diff --git a/ext/reflection/php_reflection.c b/ext/reflection/php_reflection.c index ccd587d..1cf65ce 100644 --- a/ext/reflection/php_reflection.c +++ b/ext/reflection/php_reflection.c @@ -1457,49 +1457,6 @@ static void _reflection_export(INTERNAL_FUNCTION_PARAMETERS, zend_class_entry *c } /* }}} */ -/* {{{ _reflection_param_get_default_param */ -static parameter_reference *_reflection_param_get_default_param(INTERNAL_FUNCTION_PARAMETERS) -{ - reflection_object *intern; - parameter_reference *param; - - GET_REFLECTION_OBJECT_PTR(param); - - if (param-fptr-type != ZEND_USER_FUNCTION) - { - zend_throw_exception_ex(reflection_exception_ptr, 0 TSRMLS_CC, Cannot determine default value for internal functions); - return NULL; - } - - if (param-offset param-required) { - zend_throw_exception_ex(reflection_exception_ptr, 0 TSRMLS_CC, Parameter is not optional); - return NULL; - } - - return param; -} -/* }}} */ - -/* {{{ _reflection_param_get_default_precv */ -static zend_op *_reflection_param_get_default_precv(INTERNAL_FUNCTION_PARAMETERS, parameter_reference *param) -{ - zend_op *precv; - - param = param ? param : _reflection_param_get_default_param(INTERNAL_FUNCTION_PARAM_PASSTHRU); - if (!param) { - return NULL; - } - - precv = _get_recv_op((zend_op_array*)param-fptr, param-offset); - if (!precv || precv-opcode != ZEND_RECV_INIT || precv-op2_type == IS_UNUSED) { - zend_throw_exception_ex(reflection_exception_ptr, 0 TSRMLS_CC, Internal error); - return NULL; - } - - return precv; -} -/* }}} */ - /* {{{ Preventing __clone from being called */ ZEND_METHOD(reflection, __clone) { @@ -2578,14 +2535,18 @@ ZEND_METHOD(reflection_parameter, isDefaultValueAvailable) Returns the default value of this parameter or throws an exception */ ZEND_METHOD(reflection_parameter, getDefaultValue) { - parameter_reference *param = _reflection_param_get_default_param(INTERNAL_FUNCTION_PARAM_PASSTHRU); - zend_op *precv = _reflection_param_get_default_precv(INTERNAL_FUNCTION_PARAM_PASSTHRU, param); + reflection_object *intern; + parameter_reference *param; + zend_op *precv; if (zend_parse_parameters_none() == FAILURE) { return; } + GET_REFLECTION_OBJECT_PTR(param); - if (!(param precv)) { + if (param-fptr-type != ZEND_USER_FUNCTION) + { + zend_throw_exception_ex(reflection_exception_ptr, 0 TSRMLS_CC, Cannot determine default value for internal functions); return; } if (param-offset param-required) { @@ -2593,7 +2554,7 @@ ZEND_METHOD(reflection_parameter, getDefaultValue) return; } precv = _get_recv_op((zend_op_array*)param-fptr, param-offset); - if (!precv || precv-opcode != ZEND_RECV_INIT || precv-op2.op_type == IS_UNUSED) { + if (!precv || precv-opcode != ZEND_RECV_INIT || precv-op2_type == IS_UNUSED) { zend_throw_exception_ex(reflection_exception_ptr, 0 TSRMLS_CC, Internal error); return; } @@ -2607,42 +2568,6 @@ ZEND_METHOD(reflection_parameter, getDefaultValue) } /* }}} */ -/* {{{ proto public bool ReflectionParameter::isDefaultValueConstant() - Returns whether the default value of this parameter is constant */ -ZEND_METHOD(reflection_parameter, isDefaultValueConstant) -{ - zend_op *precv = _reflection_param_get_default_precv(INTERNAL_FUNCTION_PARAM_PASSTHRU, NULL); - - if (zend_parse_parameters_none() == FAILURE) { - return; - } - - if (precv (Z_TYPE_P(precv-op2.zv) IS_CONSTANT_TYPE_MASK) == IS_CONSTANT) { - RETURN_TRUE; - } - - RETURN_FALSE; -} -/* }}} */ - -/* {{{ proto public
[PHP-CVS] com php-src: Revert Implemented FR #61602 Allow access to name of constant used as default value: ext/reflection/php_reflection.c
Commit:0eb02b874de8c97b6ee4c4226a95971e1d4d27ff Author:Xinchen Hui larue...@php.net Wed, 23 May 2012 13:39:00 +0800 Committer: Stanislav Malyshev s...@php.net Wed, 23 May 2012 18:45:03 -0500 Parents: b595b775f771543a7d3d675e16179a5e13aff468 Branches: PHP-5.4.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=0eb02b874de8c97b6ee4c4226a95971e1d4d27ff Log: Revert Implemented FR #61602 Allow access to name of constant used as default value This reverts commit 054f3e3ce5af13c2c3a6ccd54f7dc3e2f6cd4f74. See: http://news.php.net/php.cvs/69137 and the author confirmed. Will commit later after the author fixed this then make a new PR. Conflicts: ext/reflection/php_reflection.c Bugs: https://bugs.php.net/61602 Changed paths: M ext/reflection/php_reflection.c Diff: diff --git a/ext/reflection/php_reflection.c b/ext/reflection/php_reflection.c index 406da93..fe50289 100644 --- a/ext/reflection/php_reflection.c +++ b/ext/reflection/php_reflection.c @@ -2588,6 +2588,15 @@ ZEND_METHOD(reflection_parameter, getDefaultValue) if (!(param precv)) { return; } + if (param-offset param-required) { + zend_throw_exception_ex(reflection_exception_ptr, 0 TSRMLS_CC, Parameter is not optional); + return; + } + precv = _get_recv_op((zend_op_array*)param-fptr, param-offset); + if (!precv || precv-opcode != ZEND_RECV_INIT || precv-op2_type == IS_UNUSED) { + zend_throw_exception_ex(reflection_exception_ptr, 0 TSRMLS_CC, Internal error); + return; + } *return_value = *precv-op2.zv; INIT_PZVAL(return_value); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fixed bug #62082: ext/intl/locale/locale_methods.c ext/intl/tests/bug62082.phpt
Commit:b595b775f771543a7d3d675e16179a5e13aff468 Author:Gustavo André dos Santos Lopes cataphr...@php.net Wed, 23 May 2012 12:44:44 +0200 Committer: Stanislav Malyshev s...@php.net Wed, 23 May 2012 18:25:27 -0500 Parents: 169c9ac0c59c4863131b66045cfa121db7ad66cd Branches: PHP-5.4.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=b595b775f771543a7d3d675e16179a5e13aff468 Log: Fixed bug #62082 This was a buffer overflow in internal function get_icu_disp_value_src_php(). Bugs: https://bugs.php.net/62082 Changed paths: M ext/intl/locale/locale_methods.c A ext/intl/tests/bug62082.phpt Diff: diff --git a/ext/intl/locale/locale_methods.c b/ext/intl/locale/locale_methods.c index 39d162a..1707c69 100755 --- a/ext/intl/locale/locale_methods.c +++ b/ext/intl/locale/locale_methods.c @@ -527,7 +527,7 @@ static void get_icu_disp_value_src_php( char* tag_name, INTERNAL_FUNCTION_PARAME /* Get the disp_value for the given locale */ do{ -disp_name = erealloc( disp_name , buflen ); +disp_name = erealloc( disp_name , buflen * sizeof(UChar) ); disp_name_len = buflen; if( strcmp(tag_name , LOC_LANG_TAG)==0 ){ @@ -542,6 +542,7 @@ static void get_icu_disp_value_src_php( char* tag_name, INTERNAL_FUNCTION_PARAME buflen = uloc_getDisplayName ( mod_loc_name , disp_loc_name , disp_name , disp_name_len , status); } + /* U_STRING_NOT_TERMINATED_WARNING is admissible here; don't look for it */ if( U_FAILURE( status ) ) { if( status == U_BUFFER_OVERFLOW_ERROR ) @@ -1562,11 +1563,11 @@ PHP_FUNCTION(locale_lookup) /* }}} */ /* {{{ proto string Locale::acceptFromHttp(string $http_accept) -* Tries to find out best available locale based on HTTP �Accept-Language� header +* Tries to find out best available locale based on HTTP �Accept-Language� header */ /* }}} */ /* {{{ proto string locale_accept_from_http(string $http_accept) -* Tries to find out best available locale based on HTTP �Accept-Language� header +* Tries to find out best available locale based on HTTP �Accept-Language� header */ PHP_FUNCTION(locale_accept_from_http) { diff --git a/ext/intl/tests/bug62082.phpt b/ext/intl/tests/bug62082.phpt new file mode 100644 index 000..e6ca73e --- /dev/null +++ b/ext/intl/tests/bug62082.phpt @@ -0,0 +1,15 @@ +--TEST-- +Bug #62082: Memory corruption in internal get_icu_disp_value_src_php() +--SKIPIF-- +?php +if (!extension_loaded('intl')) + die('skip intl extension not enabled'); +--FILE-- +?php +var_dump(locale_get_display_name(str_repeat(a, 300), null)); +var_dump(locale_get_display_name(str_repeat(a, 512), null)); +var_dump(locale_get_display_name(str_repeat(a, 600), null)); +--EXPECT-- +string(300) +string(512) +string(600) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Merge branch 'PHP-5.3' into PHP-5.4: NEWS
Commit:692b3bcd88ece3eefbc5131ecdf971ff18f191cf Author:Stanislav Malyshev s...@php.net Tue, 29 May 2012 23:07:27 -0700 Parents: 6074da9809dec8018e6affe6faf1a77f524bff97 aab49e934de1fff046e659cbec46e3d053b41c34 Branches: PHP-5.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=692b3bcd88ece3eefbc5131ecdf971ff18f191cf Log: Merge branch 'PHP-5.3' into PHP-5.4 * PHP-5.3: fix CVE-2012-2143 Changed paths: MM NEWS Diff: diff --cc NEWS index 4a7cbd4,0297393..898325a --- a/NEWS +++ b/NEWS @@@ -5,59 -4,13 +5,60 @@@ PH - COM: . Fixed bug #62146 com_dotnet cannot be built shared. (Johannes) +- CLI Server: + . Implemented FR #61977 (Need CLI web-server support for files with .htm +svg extensions). (Sixd, Laruence) + . Improved performance while sending error page, this also fixed +bug #61785 (Memory leak when access a non-exists file without router). +(Laruence) + . Fixed bug #61546 (functions related to current script failed when chdir() +in cli sapi). (Laruence, reeze@gmail.com) + +- CURL: + . Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction). +(Laruence) + - Core: + . Fixed missing bound check in iptcparse(). (chris at chiappa.net) + . Fixed CVE-2012-2143. (Solar Designer) + . Fixed bug #62005 (unexpected behavior when incrementally assigning to a +member of a null object). (Laruence) + . Fixed bug #61998 (Using traits with method aliases appears to result in +crash during execution). (Dmitry) + . Fixed bug #61978 (Object recursion not detected for classes that implement +JsonSerializable). (Felipe) + . Fixed bug #61991 (long overflow in realpath_cache_get()). (Anatoliy) + . Fixed bug #61922 (ZTS build doesn't accept zend.script_encoding config). +(Laruence) + . Fixed bug #61827 (incorrect \e processing on Windows) (Anatoliy) + . Fixed bug #61782 (__clone/__destruct do not match other methods when checking +access controls). (Stas) + . Fixed bug #61761 ('Overriding' a private static method with a different +signature causes crash). (Laruence) + . Fixed bug #61730 (Segfault from array_walk modifying an array passed by +reference). (Laruence) + . Fixed bug #61728 (PHP crash when calling ob_start in request_shutdown +phase). (Laruence) + . Fixed bug #61660 (bin2hex(hex2bin($data)) != $data). (Nikita Popov) + . Fixed bug #61650 (ini parser crashes when using ${} ini variables +(without apache2)). (Laruence) + . Fixed bug #61605 (header_remove() does not remove all headers). (Laruence) + . Fixed bug #54547 (wrong equality of string numbers). (Gustavo) + . Fixed bug #54197 ([PATH=] sections incompatibility with user_ini.filename +set to null). (Anatoliy) + . Changed php://fd to be available only for CLI. -- Fileinfo: - . Fixed magic file regex support. (Felipe) +- Phar: + . Fix bug #61065 (Secunia SA44335, CVE-2012-2386). (Rasmus) + +- Pgsql: + . Added pg_escape_identifier/pg_escape_literal. (Yasuo Ohgaki) -- FPM: +- Fileinfo + . Fixed bug #61812 (Uninitialised value used in libmagic). +(Laruence, Gustavo) + +- FPM . Fixed bug #61045 (fpm don't send error log to fastcgi clients). (fat) . Fixed bug #61835 (php-fpm is not allowed to run as root). (fat) . Fixed bug #61295 (php-fpm should not fail with commented 'user' -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: 5.4.4 rc2: configure.in main/php_version.h
Commit:85585b2ebb1d6212c6c5baf9728269ea4dfe72c6 Author:Stanislav Malyshev s...@php.net Tue, 29 May 2012 23:18:57 -0700 Parents: bc1c1beea5b4cd1bec72d347bfd21e865258933a Branches: PHP-5.4.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=85585b2ebb1d6212c6c5baf9728269ea4dfe72c6 Log: 5.4.4 rc2 Changed paths: M configure.in M main/php_version.h Diff: diff --git a/configure.in b/configure.in index 053a56f..1642737 100644 --- a/configure.in +++ b/configure.in @@ -120,7 +120,7 @@ int zend_sprintf(char *buffer, const char *format, ...); PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=4 PHP_RELEASE_VERSION=4 -PHP_EXTRA_VERSION=-RC1 +PHP_EXTRA_VERSION=-RC2 PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` diff --git a/main/php_version.h b/main/php_version.h index 668b843..7127f60 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 4 #define PHP_RELEASE_VERSION 4 -#define PHP_EXTRA_VERSION -RC1 -#define PHP_VERSION 5.4.4-RC1 +#define PHP_EXTRA_VERSION -RC2 +#define PHP_VERSION 5.4.4-RC2 #define PHP_VERSION_ID 50404 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: fix test: Zend/tests/bug62097.phpt
Commit:e6bdd5bad4b12dfe3da7a9a9cc5473123daf119c Author:Stanislav Malyshev s...@php.net Tue, 29 May 2012 23:42:37 -0700 Parents: 85585b2ebb1d6212c6c5baf9728269ea4dfe72c6 Branches: PHP-5.4.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=e6bdd5bad4b12dfe3da7a9a9cc5473123daf119c Log: fix test Changed paths: M Zend/tests/bug62097.phpt Diff: diff --git a/Zend/tests/bug62097.phpt b/Zend/tests/bug62097.phpt index bee72e7..07e93bf 100644 --- a/Zend/tests/bug62097.phpt +++ b/Zend/tests/bug62097.phpt @@ -1,7 +1,7 @@ --TEST-- Bug #62097: fix for bug #54547 is wrong for 32-bit machines --SKIPIF-- -php +?php if (PHP_INT_MAX !== 2147483647) die('skip for system with 32-bit wide longs only'); --FILE-- -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Typofix in comment in proc_open.c: ext/standard/proc_open.c
Commit:a331f43f8cc8f2b9c23ddee95632b765e2e440e5 Author:Jille Timmermans ji...@quis.cx Tue, 29 May 2012 15:44:04 +0200 Committer: Xinchen Hui larue...@php.net Wed, 30 May 2012 14:42:39 +0800 Parents: aab49e934de1fff046e659cbec46e3d053b41c34 Branches: PHP-5.3 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=a331f43f8cc8f2b9c23ddee95632b765e2e440e5 Log: Typofix in comment in proc_open.c Changed paths: M ext/standard/proc_open.c Diff: diff --git a/ext/standard/proc_open.c b/ext/standard/proc_open.c index 98288e4..db63a67 100644 --- a/ext/standard/proc_open.c +++ b/ext/standard/proc_open.c @@ -57,7 +57,7 @@ /* This symbol is defined in ext/standard/config.m4. * Essentially, it is set if you HAVE_FORK || PHP_WIN32 - * Otherplatforms may modify that configure check and add suitable #ifdefs + * Other platforms may modify that configure check and add suitable #ifdefs * around the alternate code. * */ #ifdef PHP_CAN_SUPPORT_PROC_OPEN -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Merge branch 'PHP-5.3' into PHP-5.4: ext/standard/proc_open.c
Commit:7511f972fdc395c4770896576bb8752370e46c21 Author:Xinchen Hui larue...@php.net Wed, 30 May 2012 14:43:55 +0800 Parents: 692b3bcd88ece3eefbc5131ecdf971ff18f191cf a331f43f8cc8f2b9c23ddee95632b765e2e440e5 Branches: PHP-5.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=7511f972fdc395c4770896576bb8752370e46c21 Log: Merge branch 'PHP-5.3' into PHP-5.4 * PHP-5.3: Typofix in comment in proc_open.c Changed paths: MM ext/standard/proc_open.c Diff: -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: fix test: ext/intl/tests/bug59597_64.phpt
Commit:10d2b26a765943a5fee5e679bcea893e6c826401 Author:Stanislav Malyshev s...@php.net Tue, 29 May 2012 23:52:07 -0700 Parents: e6bdd5bad4b12dfe3da7a9a9cc5473123daf119c Branches: PHP-5.4.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=10d2b26a765943a5fee5e679bcea893e6c826401 Log: fix test Changed paths: M ext/intl/tests/bug59597_64.phpt Diff: diff --git a/ext/intl/tests/bug59597_64.phpt b/ext/intl/tests/bug59597_64.phpt index 4b96bf7..f96c72d 100644 --- a/ext/intl/tests/bug59597_64.phpt +++ b/ext/intl/tests/bug59597_64.phpt @@ -15,7 +15,7 @@ $value = $formatter-parse('2147483650', \NumberFormatter::TYPE_INT64); var_dump($value); ? ---EXPECTREGEX-- +--EXPECT-- int(2147483647) int(2147483650) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: fix test: Zend/tests/bug62097.phpt
Commit:abe6362716ba1835250e24bff5927b19b9481315 Author:Stanislav Malyshev s...@php.net Tue, 29 May 2012 23:42:37 -0700 Parents: 7511f972fdc395c4770896576bb8752370e46c21 Branches: PHP-5.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=abe6362716ba1835250e24bff5927b19b9481315 Log: fix test Changed paths: M Zend/tests/bug62097.phpt Diff: diff --git a/Zend/tests/bug62097.phpt b/Zend/tests/bug62097.phpt index bee72e7..07e93bf 100644 --- a/Zend/tests/bug62097.phpt +++ b/Zend/tests/bug62097.phpt @@ -1,7 +1,7 @@ --TEST-- Bug #62097: fix for bug #54547 is wrong for 32-bit machines --SKIPIF-- -php +?php if (PHP_INT_MAX !== 2147483647) die('skip for system with 32-bit wide longs only'); --FILE-- -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: fix test: ext/intl/tests/bug59597_64.phpt
Commit:9b98cf78651af55b85b094f30037b7a55cb7735e Author:Stanislav Malyshev s...@php.net Tue, 29 May 2012 23:52:07 -0700 Parents: abe6362716ba1835250e24bff5927b19b9481315 Branches: PHP-5.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=9b98cf78651af55b85b094f30037b7a55cb7735e Log: fix test Changed paths: M ext/intl/tests/bug59597_64.phpt Diff: diff --git a/ext/intl/tests/bug59597_64.phpt b/ext/intl/tests/bug59597_64.phpt index 4b96bf7..f96c72d 100644 --- a/ext/intl/tests/bug59597_64.phpt +++ b/ext/intl/tests/bug59597_64.phpt @@ -15,7 +15,7 @@ $value = $formatter-parse('2147483650', \NumberFormatter::TYPE_INT64); var_dump($value); ? ---EXPECTREGEX-- +--EXPECT-- int(2147483647) int(2147483650) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] tag php-src: create tag php-5.4.4RC2
Tag php-5.4.4RC2 in php-src.git was created Tag: 8b882643a9b60f6bcdda147f83f5f6f38ee30e56 Tagger: Stanislav Malyshevs...@php.net Tue May 29 23:54:19 2012 -0700 Log: 5.4.4 rc2 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (Darwin) iF4EABEIAAYFAk/FxCEACgkQL3lWvF2gS10hvgD+IVkI7/fLWOK7V0NqbQL7nj0q 46/cgT8BCIgevqTv/6QBAIdjhYORTghW4luPaTrfo3hsD0DtdOYxAYY3XRY4I7m5 =E5W3 -END PGP SIGNATURE- Link: http://git.php.net/?p=php-src.git;a=tag;h=8b882643a9b60f6bcdda147f83f5f6f38ee30e56 Target: 9b98cf78651af55b85b094f30037b7a55cb7735e Author: Stanislav Malyshev s...@php.net Tue, 29 May 2012 23:52:07 -0700 Parents: abe6362716ba1835250e24bff5927b19b9481315 Target link: http://git.php.net/?p=php-src.git;a=commitdiff;h=9b98cf78651af55b85b094f30037b7a55cb7735e Target log: fix test Changed paths: M ext/intl/tests/bug59597_64.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: small refactoring - factour out code from connection establishment. Add a define for the default authentication protocol - get away from the hardcoded magic value: ext/mysqlnd/m
Commit:5a2578a333aaa5f72216f28510705ae0676e9266 Author:andrey and...@php.net Wed, 30 May 2012 15:24:17 +0300 Parents: fde8762e9034f006826bec12bc6c0aac6b450055 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=5a2578a333aaa5f72216f28510705ae0676e9266 Log: small refactoring - factour out code from connection establishment. Add a define for the default authentication protocol - get away from the hardcoded magic value Changed paths: M ext/mysqlnd/mysqlnd.c M ext/mysqlnd/mysqlnd_debug.h M ext/mysqlnd/mysqlnd_enum_n_def.h M ext/mysqlnd/mysqlnd_structs.h diff --git a/ext/mysqlnd/mysqlnd.c b/ext/mysqlnd/mysqlnd.c index 300a7ee..fc0e46a 100644 --- a/ext/mysqlnd/mysqlnd.c +++ b/ext/mysqlnd/mysqlnd.c @@ -605,6 +605,148 @@ end: /* }}} */ +/* {{{ mysqlnd_conn_data::execute_init_commands */ +static enum_func_status +MYSQLND_METHOD(mysqlnd_conn_data, execute_init_commands)(MYSQLND_CONN_DATA * conn TSRMLS_DC) +{ + enum_func_status ret = PASS; + + DBG_ENTER(mysqlnd_conn_data::execute_init_commands); + if (conn-options-init_commands) { + unsigned int current_command = 0; + for (; current_command conn-options-num_commands; ++current_command) { + const char * const command = conn-options-init_commands[current_command]; + if (command) { + MYSQLND_INC_CONN_STATISTIC(conn-stats, STAT_INIT_COMMAND_EXECUTED_COUNT); + if (PASS != conn-m-query(conn, command, strlen(command) TSRMLS_CC)) { + MYSQLND_INC_CONN_STATISTIC(conn-stats, STAT_INIT_COMMAND_FAILED_COUNT); + ret = FAIL; + break; + } + if (conn-last_query_type == QUERY_SELECT) { + MYSQLND_RES * result = conn-m-use_result(conn TSRMLS_CC); + if (result) { + result-m.free_result(result, TRUE TSRMLS_CC); + } + } + } + } + } + DBG_RETURN(ret); +} +/* }}} */ + + +/* {{{ mysqlnd_conn_data::get_updated_connect_flags */ +static unsigned int +MYSQLND_METHOD(mysqlnd_conn_data, get_updated_connect_flags)(MYSQLND_CONN_DATA * conn, unsigned int mysql_flags TSRMLS_DC) +{ + MYSQLND_NET * net = conn-net; + + DBG_ENTER(mysqlnd_conn_data::get_updated_connect_flags); + /* we allow load data local infile by default */ + mysql_flags |= MYSQLND_CAPABILITIES; + + if (PG(open_basedir) strlen(PG(open_basedir))) { + mysql_flags ^= CLIENT_LOCAL_FILES; + } + +#ifndef MYSQLND_COMPRESSION_ENABLED + if (mysql_flags CLIENT_COMPRESS) { + mysql_flags = ~CLIENT_COMPRESS; + } +#else + if (net net-data-options.flags MYSQLND_NET_FLAG_USE_COMPRESSION) { + mysql_flags |= CLIENT_COMPRESS; + } +#endif +#ifndef MYSQLND_SSL_SUPPORTED + if (mysql_flags CLIENT_SSL) { + mysql_flags = ~CLIENT_SSL; + } +#else + if (net (net-data-options.ssl_key || net-data-options.ssl_cert || + net-data-options.ssl_ca || net-data-options.ssl_capath || net-data-options.ssl_cipher)) + { + mysql_flags |= CLIENT_SSL; + } +#endif + + DBG_RETURN(mysql_flags); +} +/* }}} */ + + +/* {{{ mysqlnd_conn_data::connect_handshake */ +static enum_func_status +MYSQLND_METHOD(mysqlnd_conn_data, connect_handshake)(MYSQLND_CONN_DATA * conn, + const char * const host, const char * const user, + const char * const passwd, const unsigned int passwd_len, + const char * const db, const unsigned int db_len, + const unsigned int mysql_flags TSRMLS_DC) +{ + MYSQLND_PACKET_GREET * greet_packet; + MYSQLND_NET * net = conn-net; + + DBG_ENTER(mysqlnd_conn_data::connect_handshake); + + greet_packet = conn-protocol-m.get_greet_packet(conn-protocol, FALSE TSRMLS_CC); + if (!greet_packet) { + SET_OOM_ERROR(*conn-error_info); + DBG_RETURN(FAIL); /* OOM */ + } + + if (FAIL == net-data-m.connect_ex(conn-net, conn-scheme, conn-scheme_len, conn-persistent, + conn-stats, conn-error_info TSRMLS_CC)) + { + goto err; + } + + DBG_INF_FMT(stream=%p, net-data-m.get_stream(net TSRMLS_CC)); + + if (FAIL == PACKET_READ(greet_packet, conn)) { + DBG_ERR(Error while reading greeting packet); +
[PHP-CVS] com php-src: fix unchecked emalloc (cherry picked from commit 158d8a6b088662ce9d31e0c777c6ebe90efdc854): ext/phar/tar.c
Commit:fa05f038cb2cd9e9fa17efd2286c42dcb3e9aa05 Author:Stanislav Malyshev s...@php.net Mon, 28 May 2012 18:54:15 -0700 Committer: Johannes Schlüter johan...@php.net Wed, 30 May 2012 21:37:28 +0200 Parents: a331f43f8cc8f2b9c23ddee95632b765e2e440e5 Branches: PHP-5.3 PHP-5.4 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=fa05f038cb2cd9e9fa17efd2286c42dcb3e9aa05 Log: fix unchecked emalloc (cherry picked from commit 158d8a6b088662ce9d31e0c777c6ebe90efdc854) Changed paths: M ext/phar/tar.c Diff: diff --git a/ext/phar/tar.c b/ext/phar/tar.c index b914db1..917734c 100644 --- a/ext/phar/tar.c +++ b/ext/phar/tar.c @@ -38,7 +38,7 @@ static php_uint32 phar_tar_number(char *buf, int len) /* {{{ */ /* }}} */ /* adapted from format_octal() in libarchive - * + * * Copyright (c) 2003-2009 Tim Kientzle * All rights reserved. * @@ -161,7 +161,7 @@ static int phar_tar_process_metadata(phar_entry_info *entry, php_stream *fp TSRM size_t save = php_stream_tell(fp), read; phar_entry_info *mentry; - metadata = (char *) emalloc(entry-uncompressed_filesize + 1); + metadata = (char *) safe_emalloc(1, entry-uncompressed_filesize, 1); read = php_stream_read(fp, metadata, entry-uncompressed_filesize); if (read != entry-uncompressed_filesize) { @@ -377,7 +377,7 @@ bail: } read = php_stream_read(fp, buf, sizeof(buf)); - + if (read != sizeof(buf)) { efree(entry.filename); if (error) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] tag php-src: create tag php-5.3.14RC2
Tag php-5.3.14RC2 in php-src.git was created Tag: 61db83e9086d3f593918311822d3b010871061a4 Tagger: Johannes Schlüterjohan...@php.net Wed May 30 21:46:57 2012 +0200 Log: PHP 5.3.14RC2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (SunOS) iQEcBAABAgAGBQJPxnlAAAoJEH3sTmn8nIPXSJ4IAMg9sQWsW8Nhoxnt6hQsqc44 ZER3rsAVprqdEqvaWFUNhVmn8Q3RqM4CjO0HvIeHnF3Ix2fp17L8twcIFL8m/pqj 4uTQnKwvJa5X6/Efp6ImfQmoc1VE75oMKetz/OQJ7a6H3TwWkpaaxP5h0f0aPL5q XPl/Dd8fkrMcCyKWWbiDDXbG/3eSEtYDkMU0Zls/qBEs3IF0oGICJB/q4WC3c64R d2m/65z2Wwb1h6LWgClfTlUnVBH8JqTzRRXpnzcCkBBE7Lfwr/eYHb2bCyyveXYI MTYdm8GbGeWkr+PJzvhIyp9pvxzT6HGDRVQJRSOfAg+2YAmcGzM762q7v3uVWLI= =4A+N -END PGP SIGNATURE- Link: http://git.php.net/?p=php-src.git;a=tag;h=61db83e9086d3f593918311822d3b010871061a4 Target: dd3fa4f89669702b7d9dbeccf2baa6b4c4be0e94 Author: Johannes Schlüter johan...@php.net Wed, 30 May 2012 21:46:28 +0200 Parents: c208ad9ddbf712e20a8ce0c0930eb1684e06609a Target link: http://git.php.net/?p=php-src.git;a=commitdiff;h=dd3fa4f89669702b7d9dbeccf2baa6b4c4be0e94 Target log: PHP 5.3.14RC2 Changed paths: M NEWS M configure.in M main/php_version.h -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fix bug #62186 readline fails to compile: NEWS ext/readline/readline.c
Commit:4283e8dc8abaf99e22cf6ecf2cff00378fe5 Author:Johannes Schlüter johan...@php.net Thu, 31 May 2012 01:15:22 +0200 Parents: 9b98cf78651af55b85b094f30037b7a55cb7735e Branches: PHP-5.4 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=4283e8dc8abaf99e22cf6ecf2cff00378fe5 Log: Fix bug #62186 readline fails to compile Bugs: https://bugs.php.net/62186 Changed paths: M NEWS M ext/readline/readline.c Diff: diff --git a/NEWS b/NEWS index 898325a..d738ebe 100644 --- a/NEWS +++ b/NEWS @@ -82,7 +82,11 @@ PHP NEWS - Libxml: . Fixed bug #61617 (Libxml tests failed(ht is already destroyed)). (Laruence) - + +- Readline: + . Fixed bug #62186 (readline fails to compile - void function should not +return a value). (Johannes) + - Sockets: . Fixed bug #62025 (__ss_family was changed on AIX 5.3). (Felipe) diff --git a/ext/readline/readline.c b/ext/readline/readline.c index 1054b0e..92236a5 100644 --- a/ext/readline/readline.c +++ b/ext/readline/readline.c @@ -198,7 +198,7 @@ PHP_RSHUTDOWN_FUNCTION(readline) PHP_MINFO_FUNCTION(readline) { - return PHP_MINFO(cli_readline)(ZEND_MODULE_INFO_FUNC_ARGS_PASSTHRU); + PHP_MINFO(cli_readline)(ZEND_MODULE_INFO_FUNC_ARGS_PASSTHRU); } /* }}} */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: PHP 5.3.14RC2: NEWS configure.in main/php_version.h
Commit:dd3fa4f89669702b7d9dbeccf2baa6b4c4be0e94 Author:Johannes Schlüter johan...@php.net Wed, 30 May 2012 21:46:28 +0200 Parents: c208ad9ddbf712e20a8ce0c0930eb1684e06609a Branches: PHP-5.3.14 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=dd3fa4f89669702b7d9dbeccf2baa6b4c4be0e94 Log: PHP 5.3.14RC2 Changed paths: M NEWS M configure.in M main/php_version.h Diff: diff --git a/NEWS b/NEWS index 0501fd4..8b14b93 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,16 @@ PHPNEWS ||| +31 May 2012, PHP 5.3.14 RC2 +- COM: + . Fixed bug #62146 com_dotnet cannot be built shared. (Johannes) + +- Core: + . Fixed CVE-2012-2143. (Solar Designer) + +- Intl: + . Fixed bug #62082 (Memory corruption in internal function +get_icu_disp_value_src_php()). (Gustavo) + 17 May 2012, PHP 5.3.14RC1 - CLI SAPI: diff --git a/configure.in b/configure.in index 61564e9..4fc677e 100644 --- a/configure.in +++ b/configure.in @@ -42,7 +42,7 @@ AC_CONFIG_HEADER(main/php_config.h) PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=3 PHP_RELEASE_VERSION=14 -PHP_EXTRA_VERSION=RC1 +PHP_EXTRA_VERSION=RC2 PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` diff --git a/main/php_version.h b/main/php_version.h index 400de17..a7cafd7 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 3 #define PHP_RELEASE_VERSION 14 -#define PHP_EXTRA_VERSION RC1 -#define PHP_VERSION 5.3.14RC1 +#define PHP_EXTRA_VERSION RC2 +#define PHP_VERSION 5.3.14RC2 #define PHP_VERSION_ID 50314 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: fix unchecked emalloc (cherry picked from commit 158d8a6b088662ce9d31e0c777c6ebe90efdc854) (cherry picked from commit fa05f038cb2cd9e9fa17efd2286c42dcb3e9aa05): ext/phar/tar.c
Commit:e9e4819c1b7396c4ee1120685aadae84396ac820 Author:Stanislav Malyshev s...@php.net Mon, 28 May 2012 18:54:15 -0700 Committer: Johannes Schlüter johan...@php.net Wed, 30 May 2012 21:39:01 +0200 Parents: 438e03a354996506833287e56443ca4fe5c38726 Branches: PHP-5.3.14 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=e9e4819c1b7396c4ee1120685aadae84396ac820 Log: fix unchecked emalloc (cherry picked from commit 158d8a6b088662ce9d31e0c777c6ebe90efdc854) (cherry picked from commit fa05f038cb2cd9e9fa17efd2286c42dcb3e9aa05) Changed paths: M ext/phar/tar.c Diff: diff --git a/ext/phar/tar.c b/ext/phar/tar.c index b914db1..917734c 100644 --- a/ext/phar/tar.c +++ b/ext/phar/tar.c @@ -38,7 +38,7 @@ static php_uint32 phar_tar_number(char *buf, int len) /* {{{ */ /* }}} */ /* adapted from format_octal() in libarchive - * + * * Copyright (c) 2003-2009 Tim Kientzle * All rights reserved. * @@ -161,7 +161,7 @@ static int phar_tar_process_metadata(phar_entry_info *entry, php_stream *fp TSRM size_t save = php_stream_tell(fp), read; phar_entry_info *mentry; - metadata = (char *) emalloc(entry-uncompressed_filesize + 1); + metadata = (char *) safe_emalloc(1, entry-uncompressed_filesize, 1); read = php_stream_read(fp, metadata, entry-uncompressed_filesize); if (read != entry-uncompressed_filesize) { @@ -377,7 +377,7 @@ bail: } read = php_stream_read(fp, buf, sizeof(buf)); - + if (read != sizeof(buf)) { efree(entry.filename); if (error) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fixed bug #62082: ext/intl/locale/locale_methods.c ext/intl/tests/bug62082.phpt
Commit:095f7fc965d6eaec6915b0af5b29accfab1703b3 Author:Gustavo André dos Santos Lopes cataphr...@php.net Wed, 23 May 2012 12:44:44 +0200 Committer: Johannes Schlüter johan...@php.net Wed, 30 May 2012 21:27:44 +0200 Parents: 5ecabb302d39c71b20c81ced350a9d88153e700f Branches: PHP-5.3.14 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=095f7fc965d6eaec6915b0af5b29accfab1703b3 Log: Fixed bug #62082 This was a buffer overflow in internal function get_icu_disp_value_src_php(). (cherry picked from commit 86ea921291cd637fd0a7ffb0183625a5ac60e1ee) Bugs: https://bugs.php.net/62082 Changed paths: M ext/intl/locale/locale_methods.c A ext/intl/tests/bug62082.phpt Diff: diff --git a/ext/intl/locale/locale_methods.c b/ext/intl/locale/locale_methods.c index 39d162a..1707c69 100755 --- a/ext/intl/locale/locale_methods.c +++ b/ext/intl/locale/locale_methods.c @@ -527,7 +527,7 @@ static void get_icu_disp_value_src_php( char* tag_name, INTERNAL_FUNCTION_PARAME /* Get the disp_value for the given locale */ do{ -disp_name = erealloc( disp_name , buflen ); +disp_name = erealloc( disp_name , buflen * sizeof(UChar) ); disp_name_len = buflen; if( strcmp(tag_name , LOC_LANG_TAG)==0 ){ @@ -542,6 +542,7 @@ static void get_icu_disp_value_src_php( char* tag_name, INTERNAL_FUNCTION_PARAME buflen = uloc_getDisplayName ( mod_loc_name , disp_loc_name , disp_name , disp_name_len , status); } + /* U_STRING_NOT_TERMINATED_WARNING is admissible here; don't look for it */ if( U_FAILURE( status ) ) { if( status == U_BUFFER_OVERFLOW_ERROR ) @@ -1562,11 +1563,11 @@ PHP_FUNCTION(locale_lookup) /* }}} */ /* {{{ proto string Locale::acceptFromHttp(string $http_accept) -* Tries to find out best available locale based on HTTP �Accept-Language� header +* Tries to find out best available locale based on HTTP �Accept-Language� header */ /* }}} */ /* {{{ proto string locale_accept_from_http(string $http_accept) -* Tries to find out best available locale based on HTTP �Accept-Language� header +* Tries to find out best available locale based on HTTP �Accept-Language� header */ PHP_FUNCTION(locale_accept_from_http) { diff --git a/ext/intl/tests/bug62082.phpt b/ext/intl/tests/bug62082.phpt new file mode 100644 index 000..e6ca73e --- /dev/null +++ b/ext/intl/tests/bug62082.phpt @@ -0,0 +1,15 @@ +--TEST-- +Bug #62082: Memory corruption in internal get_icu_disp_value_src_php() +--SKIPIF-- +?php +if (!extension_loaded('intl')) + die('skip intl extension not enabled'); +--FILE-- +?php +var_dump(locale_get_display_name(str_repeat(a, 300), null)); +var_dump(locale_get_display_name(str_repeat(a, 512), null)); +var_dump(locale_get_display_name(str_repeat(a, 600), null)); +--EXPECT-- +string(300) +string(512) +string(600) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: PHP 5.3.14RC1: NEWS configure.in main/php_version.h
Commit:5ecabb302d39c71b20c81ced350a9d88153e700f Author:Johannes Schlüter johan...@php.net Wed, 16 May 2012 16:44:30 +0200 Parents: 6e519895011ea3ef43ce62c1050e72337af94b79 Branches: PHP-5.3.14 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=5ecabb302d39c71b20c81ced350a9d88153e700f Log: PHP 5.3.14RC1 Changed paths: M NEWS M configure.in M main/php_version.h Diff: diff --git a/NEWS b/NEWS index 990cc65..0501fd4 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,6 @@ PHPNEWS ||| -?? ??? 2012, PHP 5.3.12 +17 May 2012, PHP 5.3.14RC1 - CLI SAPI: . Fixed bug #61546 (functions related to current script failed when chdir() diff --git a/configure.in b/configure.in index 35356d0..61564e9 100644 --- a/configure.in +++ b/configure.in @@ -42,7 +42,7 @@ AC_CONFIG_HEADER(main/php_config.h) PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=3 PHP_RELEASE_VERSION=14 -PHP_EXTRA_VERSION=-dev +PHP_EXTRA_VERSION=RC1 PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` diff --git a/main/php_version.h b/main/php_version.h index 0b523d7..400de17 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 3 #define PHP_RELEASE_VERSION 14 -#define PHP_EXTRA_VERSION -dev -#define PHP_VERSION 5.3.14-dev +#define PHP_EXTRA_VERSION RC1 +#define PHP_VERSION 5.3.14RC1 #define PHP_VERSION_ID 50314 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: fix bug #55042 - erealloc without updating pointer: ext/iconv/iconv.c
Commit:ed6ce831013d8c6f6f585e814ee9b542da283749 Author:Stanislav Malyshev s...@php.net Wed, 30 May 2012 22:26:26 -0700 Parents: 303dd7f3469106f8cd91a8648de1c4fed51374b3 Branches: PHP-5.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=ed6ce831013d8c6f6f585e814ee9b542da283749 Log: fix bug #55042 - erealloc without updating pointer Bugs: https://bugs.php.net/55042 Changed paths: M ext/iconv/iconv.c diff --git a/ext/iconv/iconv.c b/ext/iconv/iconv.c index 92675eb..9cae535 100644 --- a/ext/iconv/iconv.c +++ b/ext/iconv/iconv.c @@ -190,7 +190,7 @@ typedef enum _php_iconv_enc_scheme_t { #define PHP_ICONV_MIME_DECODE_STRICT(10) #define PHP_ICONV_MIME_DECODE_CONTINUE_ON_ERROR (11) -/* {{{ prototypes */ +/* {{{ prototypes */ static php_iconv_err_t _php_iconv_appendl(smart_str *d, const char *s, size_t l, iconv_t cd); static php_iconv_err_t _php_iconv_appendc(smart_str *d, const char c, iconv_t cd); @@ -249,7 +249,7 @@ PHP_MINIT_FUNCTION(miconv) { static char buf[16]; snprintf(buf, sizeof(buf), %d.%d, - ((_libiconv_version 8) 0x0f), (_libiconv_version 0x0f)); + ((_libiconv_version 8) 0x0f), (_libiconv_version 0x0f)); version = buf; } #elif HAVE_GLIBC_ICONV @@ -354,7 +354,7 @@ static int php_iconv_output_handler(void **nothing, php_output_context *output_c if (mimetype != NULL !(output_context-op PHP_OUTPUT_HANDLER_CLEAN)) { int len; - char *p = strstr(ICONVG(output_encoding), //); + char *p = strstr(ICONVG(output_encoding), //); if (p) { len = spprintf(content_type, 0, Content-Type:%.*s; charset=%.*s, mimetype_len ? mimetype_len : (int) strlen(mimetype), mimetype, (int)(p - ICONVG(output_encoding)), ICONVG(output_encoding)); @@ -375,7 +375,7 @@ static int php_iconv_output_handler(void **nothing, php_output_context *output_c return SUCCESS; } - + /* {{{ _php_iconv_appendl() */ static php_iconv_err_t _php_iconv_appendl(smart_str *d, const char *s, size_t l, iconv_t cd) { @@ -400,7 +400,7 @@ static php_iconv_err_t _php_iconv_appendl(smart_str *d, const char *s, size_t l, if (iconv(cd, (char **)in_p, in_left, (char **) out_p, out_left) == (size_t)-1) { #if ICONV_SUPPORTS_ERRNO - switch (errno) { + switch (errno) { case EINVAL: return PHP_ICONV_ERR_ILLEGAL_CHAR; @@ -415,7 +415,7 @@ static php_iconv_err_t _php_iconv_appendl(smart_str *d, const char *s, size_t l, } #else if (prev_in_left == in_left) { - return PHP_ICONV_ERR_UNKNOWN; + return PHP_ICONV_ERR_UNKNOWN; } #endif } @@ -446,7 +446,7 @@ static php_iconv_err_t _php_iconv_appendl(smart_str *d, const char *s, size_t l, #else if (out_left != 0) { return PHP_ICONV_ERR_UNKNOWN; - } + } #endif } (d)-len += (buf_growth - out_left); @@ -492,31 +492,35 @@ PHP_ICONV_API php_iconv_err_t php_iconv_string(const char *in_p, size_t in_len, in_size = in_len; cd = iconv_open(out_charset, in_charset); - + if (cd == (iconv_t)(-1)) { return PHP_ICONV_ERR_UNKNOWN; } out_buffer = (char *) emalloc(out_size + 1); out_p = out_buffer; - + #ifdef NETWARE result = iconv(cd, (char **) in_p, in_size, (char **) #else result = iconv(cd, (const char **) in_p, in_size, (char **) #endif out_p, out_left); - + if (result == (size_t)(-1)) { efree(out_buffer); return PHP_ICONV_ERR_UNKNOWN; } if (out_left 8) { - out_buffer = (char *) erealloc(out_buffer, out_size + 8); + size_t pos = out_p - out_buffer; + out_buffer = (char *) safe_erealloc(out_buffer, out_size, 1, 8); + out_p = out_buffer+pos; + out_size += 7; + out_left += 7; } - /* flush the shift-out sequences */ + /* flush the shift-out sequences */ result = iconv(cd, NULL, NULL, out_p, out_left); if (result == (size_t)(-1)) { @@ -555,10 +559,10 @@ PHP_ICONV_API php_iconv_err_t php_iconv_string(const char *in_p, size_t in_len, } } in_left= in_len; - out_left = in_len + 32; /*
[PHP-CVS] com php-src: sort NEWS: NEWS
Commit:5ebb0e520f4c31d09d9e5acd323162eca3fee0e3 Author:Stanislav Malyshev s...@php.net Wed, 30 May 2012 22:34:29 -0700 Parents: ed6ce831013d8c6f6f585e814ee9b542da283749 Branches: PHP-5.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=5ebb0e520f4c31d09d9e5acd323162eca3fee0e3 Log: sort NEWS Changed paths: M NEWS Diff: diff --git a/NEWS b/NEWS index d738ebe..4af38a3 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,44 @@ PHPNEWS ||| +?? ??? 2012, PHP 5.4.5 + +- Core: + . Fixed bug #61998 (Using traits with method aliases appears to result in +crash during execution). (Dmitry) + +- FPM + . Fixed bug #61045 (fpm don't send error log to fastcgi clients). (fat) + . Fixed bug #61835 (php-fpm is not allowed to run as root). (fat) + . Fixed bug #61295 (php-fpm should not fail with commented 'user' +for non-root start). (fat) + . Fixed bug #61839 (Unable to cross-compile PHP with --enable-fpm). (fat) + . Fixed bug #61026 (FPM pools can listen on the same address). (fat) + . Fixed bug #62033 (php-fpm exits with status 0 on some failures to start). +(fat) + . Fixed bug #62153 (when using unix sockets, multiples FPM instances +can be launched without errors). (fat) + . Fixed bug #62160 (Add process.priority to set nice(2) priorities). (fat) + . Fixed bug #61218 (FPM drops connection while receiving some binary values +in FastCGI requests). (fat) + +- Iconv: + . Fix bug #55042 (Erealloc in iconv.c unsafe). (Stas) + +- Intl + . ResourceBundle constructor now accepts NULL for the first two arguments. +(Gustavo) + +- Readline: + . Fixed bug #62186 (readline fails to compile - void function should not +return a value). (Johannes) + +- Sockets: + . Fixed bug #62025 (__ss_family was changed on AIX 5.3). (Felipe) + +- XML Writer: + . Fixed bug #62064 (memory leak in the XML Writer module). +(jean-pierre dot lozi at lip6 dot fr) + ?? ??? 2012, PHP 5.4.4 - COM: @@ -21,10 +60,9 @@ PHP NEWS - Core: . Fixed missing bound check in iptcparse(). (chris at chiappa.net) . Fixed CVE-2012-2143. (Solar Designer) + . Fixed bug #62097 (fix for for bug #54547). (Gustavo) . Fixed bug #62005 (unexpected behavior when incrementally assigning to a member of a null object). (Laruence) - . Fixed bug #61998 (Using traits with method aliases appears to result in -crash during execution). (Dmitry) . Fixed bug #61978 (Object recursion not detected for classes that implement JsonSerializable). (Felipe) . Fixed bug #61991 (long overflow in realpath_cache_get()). (Anatoliy) @@ -58,24 +96,7 @@ PHP NEWS . Fixed bug #61812 (Uninitialised value used in libmagic). (Laruence, Gustavo) -- FPM - . Fixed bug #61045 (fpm don't send error log to fastcgi clients). (fat) - . Fixed bug #61835 (php-fpm is not allowed to run as root). (fat) - . Fixed bug #61295 (php-fpm should not fail with commented 'user' -for non-root start). (fat) - . Fixed bug #61839 (Unable to cross-compile PHP with --enable-fpm). (fat) - . Fixed bug #61026 (FPM pools can listen on the same address). (fat) - . Fixed bug #62033 (php-fpm exits with status 0 on some failures to start). -(fat) - . Fixed bug #62153 (when using unix sockets, multiples FPM instances -can be launched without errors). (fat) - . Fixed bug #62160 (Add process.priority to set nice(2) priorities). (fat) - . Fixed bug #61218 (FPM drops connection while receiving some binary values -in FastCGI requests). (fat) - - Intl - . ResourceBundle constructor now accepts NULL for the first two arguments. -(Gustavo) . Fixed bug #62082 (Memory corruption in internal function get_icu_disp_value_src_php()). (Gustavo) @@ -83,17 +104,6 @@ PHP NEWS . Fixed bug #61617 (Libxml tests failed(ht is already destroyed)). (Laruence) -- Readline: - . Fixed bug #62186 (readline fails to compile - void function should not -return a value). (Johannes) - -- Sockets: - . Fixed bug #62025 (__ss_family was changed on AIX 5.3). (Felipe) - -- XML Writer: - . Fixed bug #62064 (memory leak in the XML Writer module). -(jean-pierre dot lozi at lip6 dot fr) - - Zlib: . Fixed bug #61820 (using ob_gzhandler will complain about headers already sent when no compression). (Mike) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php