* PHP-5.5.32:
Fixed bug #71488: Stack overflow when decompressing tar archives
update NEWS
add missing headers for SIZE_MAX
backport the escapeshell* functions hardening branch
add tests
Fix bug #71459 - Integer overflow in iptcembed()
Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input
Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()
Fix bug #71335: Type Confusion in WDDX Packet Deserialization
Fix bug #71354 - remove UMR when size is 0
* PHP-5.5: (27 commits)
fix non-standard C
update NEWS
5.4.41 next
fix CVE num
update NEWS
Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
fix test
fix type in fix for #69085
fix memory leak & add test
Fix tests
fix CVE num
Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability)
Fix test
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
...
Conflicts:
ext/standard/http_fopen_wrapper.c
* PHP-5.4.40:
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
Fixed bug #68901 (use after free)
Fixed bug #68740 (NULL Pointer Dereference)
Fix bug #66550 (SQLite prepared statement use-after-free)
Better fix for #68601 for perf 81e9a993f2
Fix bug #68601 buffer read overflow in gd_gif_in.c
Revert "Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4"
Fixed bug #69293
Add ZEND_ARG_CALLABLE_INFO to allow internal function to type hint against callable.
- Allow crypto_method context value in stream_socket_enable_crypto()
- As of 5.6.x stream crypto type may be specified in the SSL context,
making the $crypto_type parameter to stream_socket_enable_crypto()
optional. This commit checks for a crypto type in the context prior
to erroring out.
- Update NEWS/UPGRADING
This fixes further issues on win64 with casts from the streams.
Sockets/descriptors handling was unitized. This has an impact only on
win64, php_socket_t otherwise can be feed back to int datatype.
already fixed in trunk/5.3 and now merged onto 5.4 and a leak introduced in
fixing bug #61115. This better fix for #61115 fixes the leak (the inhibition
for deleting the context was too broad) and so prevents segfaults in new
circumstances (where the inhibition was not broad enough).
stream when 0 is given as the value.
- PHP_STREAM_OPTION_WRITE_BUFFER no longer changes the chunk size in socket
streams.
- Added stream_set_chunk_size() function.
- Some signedness fixes.
- Test for commit r308474, now that it's possible to actually test it.
fix the erratic behavior without breaking backwards compatibility. Namely,
$offset retains SEEK_SET behavior but actually SEEK_CUR is passed to
_php_stream_seek, if possible, by moving the offset stream->position bytes.
- Addresses bug #53006.
fix the erratic behavior without breaking backwards compatibility. Namely,
$offset retains SEEK_SET behavior but actually SEEK_CUR is passed to
_php_stream_seek, if possible, by moving the offset stream->position bytes.
- Addresses bug #53006.
current position (seek with SEEK_CUR, not SEEK_SET). Only positive values are
allowed. This breaking change is necessary to fix the erratic behavior in
streams without a seek handlder. Addresses bug #53006.
#Note that the example on the doc page for stream_get_contents() may fail
#without this change.
#This change is also in the spirit of stream_get_contents(), whose description
#is "Reads all remaining bytes (or up to maxlen bytes) from a stream...".
#Previous behavior allowed setting the file pointer to positions before the
#current one, so they wouldn't be "remaining bytes". The previous behavior was
#also inconsistent in that it allowed an moving to offset 1, 2, ..., but not 0.
* Removed ini options, safe_mode*
* Removed --enable-safe-mode --with-exec-dir configure options on Unix
* Updated extensions, SAPI's and core
* php_get_current_user() is now declared in main.c, thrus no need to include safe_mode.h anymore
