GD:
- PrintWindow() is available as of Windows XP, it requires linking to User32.lib, which config.w32 for ext/gd already.
CLI:
- The borrowed functions from PostgreSQL to set the titles of the console window uses SetConsoleTitle() and GetConsoleTitle(), both are available as of Windows 2000 from Kernel32.lib which we already are linking against.
Standard:
- The disk space utility functions uses GetDiskFreeSpaceExA() which is available as of Windows XP, again links to Kernel32.lib.
- The symlink() PHP function uses CreateSymbolicLinkA() which is available from Windows Vista, again from Kernel32.lib.
- php_get_windows_name() in info.c uses GetNativeSystemInfo() which is available as of Windows XP and GetProductInfo() which is available as of Windows Vista, both are again from Kernel32.lib.
Notes:
- ext/interbase & ext/pdo_firebird uses GetProcAddress(), I'm not entirely sure how to handle this one.
- ext/sqlite3, this is apart of the bundled libsqlite3, I don't really wanna play around with our bundled libs and make it a bigger issue for those who maintain and upgrade them.
- ext/readline, the call to GetProcAddress() here does not do any system calls, so it is left as is.
- win32/ioutil.c uses GetProcAddress(), but the function it attempts to load (PathCchCanonicalizeEx()) is only available from Windows 8 and greater (Pathcch.lib linkage).
- win32/time.c uses GetSystemTimePreciseAsFileTime() which is available from Windows 8 and greater to get the current system date and time which the highest possible precision and falls back to GetSystemTimeAsFileTime() (available as of Windows 2000), again Kernel32.lib, the GetSystemTimePreciseAsFileTime() is left in a GetProcAddress().
Calling imagesetstyle() with an empty $styles array caused gdImageSetStyle()
to be called with `noOfPixels==0`, what could have lead to OOB reads.
Actually, this issue will be fixed in libgd, but to avoid issues when older
libgd is in use, we simply disallow passing an empty $styles array to
imagesetstyle(), what wouldn't serve a useful purpose anyway.
We add the necessary PHP bindings for both functions which are available
as of GD_2_0_12 (released 2006-04-05). The API of imagegetclip() is modelled
according to imageftbbox().
* PHP-7.0:
#72482, Ilegal write/read access caused by gdImageAALine overflow
fix#72494, improve input color check and prevent issues when old gd are used, done before gd call
improve fix#72558, free contribRow as well
That happens because the external libgd uses other error codes than PHP
(and the bundled libgd), but the libgd error codes are simply forwarded
to php_verror(). We fix that by properly mapping libgd errors to PHP errors.
Ignoring these warnings apparently works fine (libgd does so in
gdImageCreateJpeg()), but not ignoring them may cause imagecreatefromjpeg()
to fail completely, so it seems reasonable to ignore warnings by default.
Note that this change most likely doesn't constitute a BC break; we're
simply being more resilient with regard to slightly broken JPEGs.
See also the related [bug #72404](https://bugs.php.net/bug.php?id=72404).
- load glyph with FT_LOAD_IGNORE_TRANSFORM for bbox as final bbox is rotated at once later (fixes "double-rotation" per glyph for calculating bbox)
- reload the rotated glyph for painting after that (only if angle != 0)
- rotate the original bbox at 0,0 and do not throw away xMin/yMin (drawing-rotation is also based at "origin" point - including the bearingX, see http://www.freetype.org/freetype2/docs/glyphs/glyphs-3.html#section-3) - this fixes the "left-shift"-problem also when angle = 0
- removed "xb/yb" and use "x/y" directly for offsetting brect (no need for adding "x1/y1" and substracting "yd" later)
- removed therefore unused "yd" helper var which seems tried to fix parts of the original problems
- initialize x/y with 0 instead of -1 in php_imagettftext_common() to make image*text() and image*bbox() results identical (there was a -1px shift in image*bbox() before)
- fixed gdroundupdown() for negative numbers (-256 / 64 gives -5 instead of -4 before)
- rotate kerning-delta by given angle (fixes completely wrong kerning and therefore wrong bounding box if angle != 0)
- changed 3 tests and added a new one to test for the new (better) coordinates
* PHP-5.5:
Fix bug #69646 OS command injection vulnerability in escapeshellarg
Fix#69719 - more checks for nulls in paths
fix test description
Fixed Buf #68812 Unchecked return value.
* PHP-5.6: (27 commits)
fix non-standard C
update NEWS
5.4.41 next
fix CVE num
update NEWS
Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
fix test
fix type in fix for #69085
fix memory leak & add test
Fix tests
fix CVE num
Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability)
Fix test
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
...
Conflicts:
Zend/zend_exceptions.c
ext/curl/interface.c
ext/dom/document.c
ext/fileinfo/libmagic/softmagic.c
ext/gd/gd.c
ext/hash/hash.c
ext/pgsql/pgsql.c
ext/phar/phar.c
ext/phar/phar_internal.h
ext/standard/http_fopen_wrapper.c
ext/standard/link.c
ext/standard/streamsfuncs.c
ext/xmlwriter/php_xmlwriter.c
ext/zlib/zlib.c
* PHP-5.5: (27 commits)
fix non-standard C
update NEWS
5.4.41 next
fix CVE num
update NEWS
Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
fix test
fix type in fix for #69085
fix memory leak & add test
Fix tests
fix CVE num
Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability)
Fix test
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
...
Conflicts:
ext/standard/http_fopen_wrapper.c
