Merge branch 'master' into sccp

* master: Added missed dump of "main" script code replace the stack var by a macro [ci skip] sync NEWS minor fix for web announce add missing NEWS entry for #74087 and also fix the formatting move NEWS entry to the correct place, also bump the version
2025-08-15 13:38:49 +02:00 · 2017-07-06 23:07:04 +03:00 · 2017-07-06 23:07:04 +03:00 · d90805a40b
commit d90805a40b
parent 2e5e03b673 fc336c78e7
7 changed files with 26 additions and 14 deletions
--- a/14
+++ b/14
@ -2,6 +2,20 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? ????, PHP 7.2.0beta1

+- Core:
+  . Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability).
+    (Stas)
+  . Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from
+    unserialize). (Nikita)
+  . Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via
+    php_parse_date()). (Derick)
+
+- GD:
+  . Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb)
+
+- OpenSSL:
+  . Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()).
+    (Stas)

 06 Jul 2017, PHP 7.2.0alpha3

--- a/README.RELEASE_PROCESS
+++ b/README.RELEASE_PROCESS
@ -130,8 +130,8 @@ highlight the major important things (security fixes) and when it is important
 to upgrade.

 a. Call php bin/createNewsEntry in your local phpweb checkout
-    Use category "releases" for all non-stable releases.
-    Use category "frontpage" for X.Y.0 non-stable releases only.
+    Use category "releases" for all stable releases.
+    Use category "frontpage" for X.Y.0 non-stable releases only (news only).

 b. Add the content for the news entry. Be sure to include the text:
    "THIS IS A DEVELOPMENT PREVIEW - DO NOT USE IT IN PRODUCTION!"
--- a/ext/opcache/Optimizer/zend_optimizer.c
+++ b/ext/opcache/Optimizer/zend_optimizer.c
@ -1260,6 +1260,8 @@ int zend_optimize_script(zend_script *script, zend_long optimization_level, zend
 	}

 	if (debug_level & ZEND_DUMP_AFTER_OPTIMIZER) {
+		zend_dump_op_array(&script->main_op_array, ZEND_DUMP_RT_CONSTANTS, "after optimizer", NULL);
+
 		ZEND_HASH_FOREACH_PTR(&script->function_table, op_array) {
 			zend_dump_op_array(op_array, ZEND_DUMP_RT_CONSTANTS, "after optimizer", NULL);
 		} ZEND_HASH_FOREACH_END();
--- a/ext/standard/dl.c
+++ b/ext/standard/dl.c
@ -116,17 +116,15 @@ PHPAPI int php_load_extension(char *filename, int type, int start_now)
 		} else {
 			spprintf(&libpath, 0, "%s%c%s", extension_dir, DEFAULT_SLASH, filename); /* SAFE */
 		}
+
 		if (VCWD_ACCESS(libpath, F_OK)) {
 			/* If file does not exist, consider as extension name and build file name */
-			const char *libpath_prefix = "";
 			char *orig_libpath = libpath;
-#if PHP_WIN32
-			libpath_prefix = "php_";
-#endif
+
 			if (slash_suffix) {
-				spprintf(&libpath, 0, "%s%s%s." PHP_SHLIB_SUFFIX, extension_dir, libpath_prefix, filename); /* SAFE */
+				spprintf(&libpath, 0, "%s" PHP_SHLIB_EXT_PREFIX "%s." PHP_SHLIB_SUFFIX, extension_dir, filename); /* SAFE */
 			} else {
-				spprintf(&libpath, 0, "%s%c%s%s." PHP_SHLIB_SUFFIX, extension_dir, DEFAULT_SLASH, libpath_prefix, filename); /* SAFE */
+				spprintf(&libpath, 0, "%s%c" PHP_SHLIB_EXT_PREFIX "%s." PHP_SHLIB_SUFFIX, extension_dir, DEFAULT_SLASH, filename); /* SAFE */
 			}

 			if (VCWD_ACCESS(libpath, F_OK)) {
--- a/main/build-defs.h.in
+++ b/main/build-defs.h.in
@ -89,3 +89,4 @@
 #define PHP_CONFIG_FILE_PATH    "@EXPANDED_PHP_CONFIG_FILE_PATH@"
 #define PHP_CONFIG_FILE_SCAN_DIR    "@EXPANDED_PHP_CONFIG_FILE_SCAN_DIR@"
 #define PHP_SHLIB_SUFFIX        "@SHLIB_DL_SUFFIX_NAME@"
+#define PHP_SHLIB_EXT_PREFIX    ""
--- a/main/php_ini.c
+++ b/main/php_ini.c
@ -375,16 +375,12 @@ static void php_load_zend_extension_cb(void *arg)

 		if (VCWD_ACCESS(libpath, F_OK)) {
 			/* If file does not exist, consider as extension name and build file name */
-			const char *libpath_prefix = "";
 			char *orig_libpath = libpath;
-#if PHP_WIN32
-			libpath_prefix = "php_";
-#endif

 			if (slash_suffix) {
-				spprintf(&libpath, 0, "%s%s%s." PHP_SHLIB_SUFFIX, extension_dir, libpath_prefix, filename); /* SAFE */
+				spprintf(&libpath, 0, "%s" PHP_SHLIB_EXT_PREFIX "%s." PHP_SHLIB_SUFFIX, extension_dir, filename); /* SAFE */
 			} else {
-				spprintf(&libpath, 0, "%s%c%s%s." PHP_SHLIB_SUFFIX, extension_dir, DEFAULT_SLASH, libpath_prefix, filename); /* SAFE */
+				spprintf(&libpath, 0, "%s%c" PHP_SHLIB_EXT_PREFIX "%s." PHP_SHLIB_SUFFIX, extension_dir, DEFAULT_SLASH, filename); /* SAFE */
 			}

 			if (VCWD_ACCESS(libpath, F_OK)) {
--- a/win32/build/config.w32.h.in
+++ b/win32/build/config.w32.h.in
@ -136,6 +136,7 @@
 #define HAVE_FNMATCH
 #define HAVE_GLOB
 #define PHP_SHLIB_SUFFIX "dll"
+#define PHP_SHLIB_EXT_PREFIX "php_"
 #define HAVE_SQLDATASOURCES

 /* Win32 supports strcoll */