Setting up an empty default handler is not only useless, but actually
harmful, since internal entity-references are not resolved anymore.
From the libexpat docs[1]:
| Setting the handler with this call has the side effect of
| turning off expansion of references to internally defined general
| entities. Instead these references are passed to the default
| handler.
[1] <https://www.xml.com/pub/1999/09/expat/reference.html#setdefhandler>
The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
user who changed it.
In Git this functionality is different and can be done with Git attribute
ident. These need to be defined manually for each file in the
.gitattributes file and are afterwards replaced with 40-character
hexadecimal blob object name which is based only on the particular file
contents.
This patch simplifies handling of $Id$ keywords by removing them since
they are not used anymore.
The issue is caused by an integer overflow when the `long` passed as
XML_OPTION_SKIP_TAGSTART is assigned to `xml_parser::toffset` which is
declared as `int`. We can simply work around this issue, by clipping
resulting negative values to 0 (and raising a notice in this case), because
the reasonable range for this value is certainly catered to by positive
`int`s.
However, there still remains the issue that `xml_parser::toffset` is later
added to `char *`s, which can cause OOB reads, so we make sure that the
upper bound never exceeds the strlen(). We eschew optimizing `SKIP_TAGSTART`
wrt. to the potentially duplicate strlen() call, because that code path is
unexpected anyway.
* PHP-7.0: (25 commits)
Update NEWS
update NEWS
fix test file
Fix version
update NEWS
Update NEWS
Fix bug #71610: Type Confusion Vulnerability - SOAP / make_http_soap_request()
Fix bug #71637: Multiple Heap Overflow due to integer overflows
extend check for add_flag
Fixed another segfault with file_cache_only now
set version
fix nmake clean in phpize mode
Fixed segfault with file_cache_only
Fixed possible crash at PCRE on MSHUTDOWN
Fixed more synchronisation issues during SHM reload
Set proper type flags (REFCOUNTED and COPYABLE) according to interned or regular string
sync with improvements in NEWS
Fixed process synchronisation problem, that may cause crashes after opcache restart
Fix bug #71610: Type Confusion Vulnerability - SOAP / make_http_soap_request()
Fix bug #71637: Multiple Heap Overflow due to integer overflows
...
PHP_VERSION_ID
PHP_API_VERSION
ZEND_MODULE_API_NO
PHP_MAJOR_VERSION, PHP_MINOR_VERSION
ZEND_ENGINE_2
I've left litespeed alone, as it seems to genuinely maintain support
for many PHP versions.
