* PHP-7.0:
followup with #73276 merge
fix test
Fix bug #73276 - crash in openssl_random_pseudo_bytes function
Fix bug #73293 - NULL pointer dereference in SimpleXMLElement::asXML()
Fix for #73240 - Write out of bounds at number_format
avoid strlen
Bug #73218: add mitigation for ICU int overflow
Add more locale length checks, due to ICU bugs.
Fix bug #73150: missing NULL check in dom_document_save_html
Clear FG(user_stream_current_filename) when bailing out
set versions and release date
sync NEWS
Revert "Fixed bug #73067 (__debugInfo crashes when throwing an exception)"
Fix for #73240 - Write out of bounds at number_format
Fix bug #73257 and bug #73258 - SplObjectStorage unserialize allows use of non-object as key
set versions
Fix bug #73091 - Unserializing DateInterval object may lead to __toString invocation
It fixes several bugs:
- Fixed bug #45554 (Inconsistent behavior of the u format char).
- Fixed bug #48225 (DateTime parser doesn't set microseconds for "now").
- Fixed bug #52514 (microseconds are missing in DateTime class).
- Fixed bug #52519 (microseconds in DateInterval are missing).
- Fixed bug #68506 (General DateTime improvments needed for microseconds to become useful).
- Fixed bug #73109 (timelib_meridian doesn't parse dots correctly).
- Fixed bug #73247 (DateTime constructor does not initialise microseconds property).
It also updates timelib to 2016.04, and updates a data mapping file, which
causes changes to the volatile abbreviations tests.
timelib_time->timelib_rel_time is mutated by date_modify, and because it is never zero'ed out
it latters causes other date operations to fail (like date_date_set)
THis is bc break, which will break $date1->diff($date2 , 1), which is
common used
please do not do bc break without a asking
This reverts commit 943b23dcf6.
The DateTimeZone constructors are not binary safe. They're parsing the timezone
as string, but discard the length when calling timezone_initialize(). This
patch adds a tz_len parameter and a respective check to timezone_initialize().
* PHP-5.5:
update NEWS
fix test
update NEWS
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix#69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081: check types for SOAP variables
Conflicts:
ext/soap/php_http.c
ext/spl/spl_observer.c
* PHP-5.4:
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix#69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081: check types for SOAP variables
Conflicts:
.gitignore
ext/date/php_date.c
ext/spl/spl_array.c
ext/spl/spl_observer.c
Squashed commit of the following:
commit d96eab8d79
Author: Francois Laupretre <francois@tekwire.net>
Date: Fri Jun 26 01:23:31 2015 +0200
Use the new 'ZSTR' macros in the rest of the code.
Does not change anything to the generated code (thanks to compat macros) but cleaner.
commit b352643910
Author: Francois Laupretre <francois@tekwire.net>
Date: Thu Jun 25 13:45:06 2015 +0200
Improve zend_string API
Add missing methods
