diff -Nru php5-5.4.15/NEWS php5-5.4.16/NEWS --- php5-5.4.15/NEWS 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/NEWS 2013-06-05 05:03:57.000000000 +0000 @@ -1,24 +1,78 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| +06 Jun 2013, PHP 5.4.16 + +- Core: + . Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode, + CVE 2013-2110). (Stas) + . Fixed bug #64853 (Use of no longer available ini directives causes crash on + TS build). (Anatol) + . Fixed bug #64729 (compilation failure on x32). (Gustavo) + . Fixed bug #64720 (SegFault on zend_deactivate). (Dmitry) + . Fixed bug #64660 (Segfault on memory exhaustion within function definition). + (Stas, reported by Juha Kylmänen) + +- Calendar: + . Fixed bug #64895 (Integer overflow in SndToJewish). (Remi) + +- Fileinfo: + . Fixed bug #64830 (mimetype detection segfaults on mp3 file). (Anatol) + +- FPM: + . Ignore QUERY_STRING when sent in SCRIPT_FILENAME. (Remi) + . Fixed some possible memory or resource leaks and possible null dereference + detected by code coverity scan. (Remi) + . Log a warning when a syscall fails. (Remi) + . Add --with-fpm-systemd option to report health to systemd, and + systemd_interval option to configure this. The service can now use + Type=notify in the systemd unit file. (Remi) + +- MySQLi + . Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB + pointer has closed). (Laruence) + +- Phar + . Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or + with non std tmp dir). (Pierre) + +- SNMP: + . Fixed bug #64765 (Some IPv6 addresses get interpreted wrong). + (Boris Lytochkin) + . Fixed bug #64159 (Truncated snmpget). (Boris Lytochkin) + +- Streams: + . Fixed bug #64770 (stream_select() fails with pipes returned by proc_open() + on Windows x64). (Anatol) + +- Zend Engine: + . Fixed bug #64821 (Custom Exceptions crash when internal properties + overridden). (Anatol) + 09 May 2013, PHP 5.4.15 - Core: - . Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap: + . Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap: segfault). (Laruence) . Fixed bug #64458 (dns_get_record result with string of length -1). (Stas) - . Fixed bug #64433 (follow_location parameter of context is ignored for most + . Fixed bug #64433 (follow_location parameter of context is ignored for most response codes). (Sergey Akbarov) . Fixed bugs #47675 and #64577 (fd leak on Solaris) - Fileinfo: . Upgraded libmagic to 5.14. (Anatol) +- MySQLi: + . Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB + pointer has closed). (Laruence) + - Zip: . Fixed bug #64342 (ZipArchive::addFile() has to check for file existence). (Anatol) - Streams: - . Fixed Windows x64 version of stream_socket_pair() and improved error handling - (Anatol Belski) + . Fixed Windows x64 version of stream_socket_pair() and improved error + handling. (Anatol Belski) + . Fixed bug #64770 (stream_select() fails with pipes returned by proc_open() + on Windows x64). (Anatol) 11 Apr 2013, PHP 5.4.14 @@ -56,7 +110,7 @@ be autoloaded fail). (Laruence) . Fixed bug #64235 (Insteadof not work for class method in 5.4.11). (Laruence) - . Fixed bug #64197 (_Offsetof() macro used but not defined on ARM/Clang). + . Fixed bug #64197 (_Offsetof() macro used but not defined on ARM/Clang). (Ard Biesheuvel) . Implemented FR #64175 (Added HTTP codes as of RFC 6585). (Jonh Wendell) . Fixed bug #64142 (dval to lval different behavior on ppc64). (Remi) @@ -75,7 +129,7 @@ - OpenSSL: . New SSL stream context option to prevent CRIME attack vector. (Daniel Lowrey, Lars) - . Fixed bug #61930 (openssl corrupts ssl key resource when using + . Fixed bug #61930 (openssl corrupts ssl key resource when using openssl_get_publickey()). (Stas) - PDO_mysql: @@ -88,7 +142,7 @@ - SOAP . Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635). (Dmitry) - . Disabled external entities loading (CVE-2013-1643, CVE-2013-1824). + . Disabled external entities loading (CVE-2013-1643, CVE-2013-1824). (Dmitry) - Phar: @@ -98,7 +152,7 @@ . Fixed bug #64264 (SPLFixedArray toArray problem). (Laruence) . Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS). (patch by kriss@krizalys.com, Laruence) - . Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended). + . Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended). (Nikita Popov) . Fixed bug #52861 (unset fails with ArrayObject and deep arrays). (Mike Willbanks) @@ -120,16 +174,16 @@ . Fixed bug #63893 (Poor efficiency of strtr() using array with keys of very different length). (Gustavo) . Fixed bug #63882 (zend_std_compare_objects crash on recursion). (Dmitry) - . Fixed bug #63462 (Magic methods called twice for unset protected + . Fixed bug #63462 (Magic methods called twice for unset protected properties). (Stas) - . Fixed bug #62524 (fopen follows redirects for non-3xx statuses). - (Wes Mason) + . Fixed bug #62524 (fopen follows redirects for non-3xx statuses). + (Wes Mason) . Support BITMAPV5HEADER in getimagesize(). (AsamK, Lars) - Date: . Fixed bug #63699 (Performance improvements for various ext/date functions). (Lars, original patch by njaguar at gmail dot com) - . Fixed bug #55397: Comparsion of incomplete DateTime causes SIGSEGV. + . Fixed bug #55397: Comparsion of incomplete DateTime causes SIGSEGV. (Derick) - FPM: @@ -253,7 +307,7 @@ (Tony, Andrew Sitnikov) . Fixed bug #63241 (PHP fails to open Windows deduplicated files). (daniel dot stelter-gliese at innogames dot de) - . Fixed bug #62444 (Handle leak in is_readable on windows). + . Fixed bug #62444 (Handle leak in is_readable on windows). (krazyest at seznam dot cz) - Curl: @@ -305,7 +359,7 @@ 18 Oct 2012, PHP 5.4.8 - CLI server: - . Implemented FR #63242 (Default error page in PHP built-in web server uses + . Implemented FR #63242 (Default error page in PHP built-in web server uses outdated html/css). (pascal.chevrel@free.fr) . Changed response to unknown HTTP method to 501 according to RFC. (Niklas Lindgren). @@ -325,7 +379,7 @@ (Laruence) . Fixed bug #62976 (Notice: could not be converted to int when comparing some builtin classes). (Laruence) - . Fixed bug #62955 (Only one directive is loaded from "Per Directory Values" + . Fixed bug #62955 (Only one directive is loaded from "Per Directory Values" Windows registry). (aserbulov at parallels dot com) . Fixed bug #62907 (Double free when use traits). (Dmitry) . Fixed bug #61767 (Shutdown functions not called in certain error @@ -359,7 +413,7 @@ . Fixed bug #60901 (Improve "tail" syntax for AIX installation) (Chris Jones) - OpenSSL: - . Implemented FR #61421 (OpenSSL signature verification missing RMD160, + . Implemented FR #61421 (OpenSSL signature verification missing RMD160, SHA224, SHA256, SHA384, SHA512). (Mark Jones) - PDO: @@ -367,7 +421,7 @@ DBQUOTEDIDENT, 1)). (Laruence) . Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec). (Martin Osvald, Remi) - + - PDO Firebird: . Fixed bug #63214 (Large PDO Firebird Queries). (james at kenjim dot com) @@ -377,7 +431,7 @@ (Dmitry) - SPL: - . Bug #62987 (Assigning to ArrayObject[null][something] overrides all + . Bug #62987 (Assigning to ArrayObject[null][something] overrides all undefined variables). (Laruence) - mbstring: @@ -397,7 +451,7 @@ - Core: . Fixed bug (segfault while build with zts and GOTO vm-kind). (Laruence) . Fixed bug #62844 (parse_url() does not recognize //). (Andrew Faulds). - . Fixed bug #62829 (stdint.h included on platform where HAVE_STDINT_H is not + . Fixed bug #62829 (stdint.h included on platform where HAVE_STDINT_H is not set). (Felipe) . Fixed bug #62763 (register_shutdown_function and extending class). (Laruence) @@ -409,9 +463,9 @@ . Fixed bug #62358 (Segfault when using traits a lot). (Laruence) . Fixed bug #62328 (implementing __toString and a cast to string fails) (Laruence) - . Fixed bug #51363 (Fatal error raised by var_export() not caught by error + . Fixed bug #51363 (Fatal error raised by var_export() not caught by error handler). (Lonny Kapelushnik) - . Fixed bug #40459 (Stat and Dir stream wrapper methods do not call + . Fixed bug #40459 (Stat and Dir stream wrapper methods do not call constructor). (Stas) - CURL: @@ -428,21 +482,21 @@ . Fixed bug #62460 (php binaries installed as binary.dSYM). (Reeze Xia) - PCRE: - . Fixed bug #55856 (preg_replace should fail on trailing garbage). + . Fixed bug #55856 (preg_replace should fail on trailing garbage). (reg dot php at alf dot nu) - PDO: . Fixed bug #62685 (Wrong return datatype in PDO::inTransaction()). (Laruence) - Reflection: - . Fixed bug #62892 (ReflectionClass::getTraitAliases crashes on importing + . Fixed bug #62892 (ReflectionClass::getTraitAliases crashes on importing trait methods as private). (Felipe) . Fixed bug #62715 (ReflectionParameter::isDefaultValueAvailable() wrong result). (Laruence) - Session: . Fixed bug (segfault due to retval is not initialized). (Laruence) - . Fixed bug (segfault due to PS(mod_user_implemented) not be reseted + . Fixed bug (segfault due to PS(mod_user_implemented) not be reseted when close handler call exit). (Laruence) - SOAP @@ -465,7 +519,7 @@ 16 Aug 2012, PHP 5.4.6 - CLI Server: - . Implemented FR #62700 (have the console output 'Listening on + . Implemented FR #62700 (have the console output 'Listening on http://localhost:8000'). (pascal.chevrel@free.fr) - Core: @@ -484,13 +538,13 @@ - DateTime: . Fixed Bug #62500 (Segfault in DateInterval class when extended). (Laruence) - + - Fileinfo: - . Fixed bug #61964 (finfo_open with directory causes invalid free). + . Fixed bug #61964 (finfo_open with directory causes invalid free). (reeze.xia@gmail.com) - Intl: - . Fixed bug #62564 (Extending MessageFormatter and adding property causes + . Fixed bug #62564 (Extending MessageFormatter and adding property causes crash). (Felipe) - MySQLnd: @@ -501,16 +555,16 @@ sapi/cli/cli.h: No such file). (Johannes) - Reflection: - . Implemented FR #61602 (Allow access to name of constant used as default + . Implemented FR #61602 (Allow access to name of constant used as default value). (reeze.xia@gmail.com) - + - SimpleXML: . Implemented FR #55218 Get namespaces from current node. (Lonny) - SPL: . Fixed bug #62616 (ArrayIterator::count() from IteratorIterator instance gives Segmentation fault). (Laruence, Gustavo) - . Fixed bug #61527 (ArrayIterator gives misleading notice on next() when + . Fixed bug #61527 (ArrayIterator gives misleading notice on next() when moved to the end). (reeze.xia@gmail.com) - Streams: @@ -524,7 +578,7 @@ 19 Jul 2012, PHP 5.4.5 - Core: - . Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed + . Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt). (Anthony Ferrara) . Fixed bug #62432 (ReflectionMethod random corrupt memory on high concurrent). (Johannes) @@ -536,11 +590,11 @@ crash during execution). (Dmitry) . Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that includes a semi-colon). (Pierrick) - . Fixed potential overflow in _php_stream_scandir (CVE-2012-2688). + . Fixed potential overflow in _php_stream_scandir (CVE-2012-2688). (Jason Powell, Stas) - EXIF: - . Fixed information leak in ext exif (discovered by Martin Noga, + . Fixed information leak in ext exif (discovered by Martin Noga, Matthew "j00ru" Jurczyk, Gynvael Coldwind) - FPM: @@ -588,9 +642,9 @@ return a value). (Johannes) - Reflection: - . Fixed bug #62384 (Attempting to invoke a Closure more than once causes + . Fixed bug #62384 (Attempting to invoke a Closure more than once causes segfault). (Felipe) - . Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory leaks + . Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory leaks with constant). (Laruence) - Sockets: @@ -603,7 +657,7 @@ (Nikita Popov) - XML Writer: - . Fixed bug #62064 (memory leak in the XML Writer module). + . Fixed bug #62064 (memory leak in the XML Writer module). (jean-pierre dot lozi at lip6 dot fr) - Zip: @@ -615,19 +669,19 @@ . Fixed bug #62146 com_dotnet cannot be built shared. (Johannes) - CLI Server: - . Implemented FR #61977 (Need CLI web-server support for files with .htm & + . Implemented FR #61977 (Need CLI web-server support for files with .htm & svg extensions). (Sixd, Laruence) . Improved performance while sending error page, this also fixed bug #61785 (Memory leak when access a non-exists file without router). (Laruence) - . Fixed bug #61546 (functions related to current script failed when chdir() + . Fixed bug #61546 (functions related to current script failed when chdir() in cli sapi). (Laruence, reeze.xia@gmail.com) - Core: . Fixed missing bound check in iptcparse(). (chris at chiappa.net) . Fixed CVE-2012-2143. (Solar Designer) . Fixed bug #62097 (fix for for bug #54547). (Gustavo) - . Fixed bug #62005 (unexpected behavior when incrementally assigning to a + . Fixed bug #62005 (unexpected behavior when incrementally assigning to a member of a null object). (Laruence) . Fixed bug #61978 (Object recursion not detected for classes that implement JsonSerializable). (Felipe) @@ -638,11 +692,11 @@ . Fixed bug #61782 (__clone/__destruct do not match other methods when checking access controls). (Stas) . Fixed bug #61764 ('I' unpacks n as signed if n > 2^31-1 on LP64). (Gustavo) - . Fixed bug #61761 ('Overriding' a private static method with a different + . Fixed bug #61761 ('Overriding' a private static method with a different signature causes crash). (Laruence) . Fixed bug #61730 (Segfault from array_walk modifying an array passed by reference). (Laruence) - . Fixed bug #61728 (PHP crash when calling ob_start in request_shutdown + . Fixed bug #61728 (PHP crash when calling ob_start in request_shutdown phase). (Laruence) . Fixed bug #61713 (Logic error in charset detection for htmlentities). (Anatoliy) @@ -660,7 +714,7 @@ (Laruence) - Fileinfo - . Fixed bug #61812 (Uninitialised value used in libmagic). + . Fixed bug #61812 (Uninitialised value used in libmagic). (Laruence, Gustavo) . Fixed bug #61566 failure caused by the posix lseek and read versions under windows in cdf_read(). (Anatoliy) @@ -668,7 +722,7 @@ directory descriptor under windows. (Anatoliy) - Intl - . Fixed bug #62082 (Memory corruption in internal function + . Fixed bug #62082 (Memory corruption in internal function get_icu_disp_value_src_php()). (Gustavo) - Libxml: @@ -690,7 +744,7 @@ maxlen set). (Reeze) - Zlib: - . Fixed bug #61820 (using ob_gzhandler will complain about headers already + . Fixed bug #61820 (using ob_gzhandler will complain about headers already sent when no compression). (Mike) . Fixed bug #61443 (can't change zlib.output_compression on the fly). (Mike) . Fixed bug #60761 (zlib.output_compression fails on refresh). (Mike) @@ -701,7 +755,7 @@ . Re-Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. (Stas) . Fix bug #61807 - Buffer Overflow in apache_request_headers. - (nyt-php at countercultured dot net). + (nyt-php at countercultured dot net). 03 May 2012, PHP 5.4.2 @@ -711,7 +765,7 @@ - CLI Server: . Fixed bug #61461 (missing checks around malloc() calls). (Ilia) - . Implemented FR #60850 (Built in web server does not set + . Implemented FR #60850 (Built in web server does not set $_SERVER['SCRIPT_FILENAME'] when using router). (Laruence) . "Connection: close" instead of "Connection: closed" (Gustavo) @@ -719,7 +773,7 @@ . Fixed crash in ZTS using same class in many threads. (Johannes) . Fixed bug #61374 (html_entity_decode tries to decode code points that don't exist in ISO-8859-1). (Gustavo) - . Fixed bug #61273 (call_user_func_array with more than 16333 arguments + . Fixed bug #61273 (call_user_func_array with more than 16333 arguments leaks / crashes). (Laruence) . Fixed bug #61225 (Incorrect lexing of 0b00*+). (Pierrick) . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) @@ -734,7 +788,7 @@ . Fixed bug #61052 (Missing error check in trait 'insteadof' clause). (Stefan) . Fixed bug #61011 (Crash when an exception is thrown by __autoload accessing a static property). (Laruence) - . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical + . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical vars). (Laruence) . Fixed bug #60978 (exit code incorrect). (Laruence) . Fixed bug #60911 (Confusing error message when extending traits). (Stefan) @@ -778,7 +832,7 @@ (Johannes) - PDO - . Fixed bug #61292 (Segfault while calling a method on an overloaded PDO + . Fixed bug #61292 (Segfault while calling a method on an overloaded PDO object). (Laruence) - PDO_mysql @@ -801,18 +855,18 @@ - Reflection: . Implemented FR #61602 (Allow access to the name of constant used as function/method parameter's default value). (reeze.xia@gmail.com) - . Fixed bug #60968 (Late static binding doesn't work with + . Fixed bug #60968 (Late static binding doesn't work with ReflectionMethod::invokeArgs()). (Laruence) - Session - . Fixed bug #60634 (Segmentation fault when trying to die() in + . Fixed bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()). (Ilia) - SOAP . Fixed bug #61423 (gzip compression fails). (Ilia) . Fixed bug #60887 (SoapClient ignores user_agent option and sends no User-Agent header). (carloschilazo at gmail dot com) - . Fixed bug #60842, #51775 (Chunked response parsing error when + . Fixed bug #60842, #51775 (Chunked response parsing error when chunksize length line is > 10 bytes). (Ilia) . Fixed bug #49853 (Soap Client stream context header option ignored). (Dmitry) @@ -841,7 +895,7 @@ . Fixed bug #61287 (A particular string fails to decompress). (Mike) . Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikita Popov) -01 Mar 2012, PHP 5.4.0 +01 Mar 2012, PHP 5.4.0 - Installation: . autoconf 2.59+ is now supported (and required) for generating the @@ -897,7 +951,7 @@ . Added class member access on instantiation (e.g. (new foo)->bar()) support. (Felipe) . which shows information of the @@ -1113,7 +1167,7 @@ - Improved intl extension: . Added Spoofchecker class, allows checking for visibly confusable characters and other security issues. (Scott) - . Added Transliterator class, allowing transliteration of strings. + . Added Transliterator class, allowing transliteration of strings. (Gustavo) . Added support for UTS #46. (Gustavo) . Fixed build on Fedora 15 / Ubuntu 11. (Hannes) @@ -1155,9 +1209,9 @@ . PDO_mysql: Removed support for linking with MySQL client libraries older than 4.1. (Johannes) . ext/mysql, mysqli and pdo_mysql now use mysqlnd by default. (Johannes) - . Fixed bug #55473 (mysql_pconnect leaks file descriptors on reconnect). + . Fixed bug #55473 (mysql_pconnect leaks file descriptors on reconnect). (Andrey, Laruence) - . Fixed bug #55653 (PS crash with libmysql when binding same variable as + . Fixed bug #55653 (PS crash with libmysql when binding same variable as param and out). (Laruence) - Improved OpenSSL extension: @@ -1276,7 +1330,7 @@ 14 Jun 2012, PHP 5.3.14 - CLI SAPI: - . Fixed bug #61546 (functions related to current script failed when chdir() + . Fixed bug #61546 (functions related to current script failed when chdir() in cli sapi). (Laruence, reeze.xia@gmail.com) - CURL: @@ -1291,7 +1345,7 @@ . Fixed missing bound check in iptcparse(). (chris at chiappa.net) . Fixed bug #62373 (serialize() generates wrong reference to the object). (Moriyoshi) - . Fixed bug #62005 (unexpected behavior when incrementally assigning to a + . Fixed bug #62005 (unexpected behavior when incrementally assigning to a member of a null object). (Laruence) . Fixed bug #61991 (long overflow in realpath_cache_get()). (Anatoliy) . Fixed bug #61764 ('I' unpacks n as signed if n > 2^31-1 on LP64). (Gustavo) @@ -1304,7 +1358,7 @@ . Changed php://fd to be available only for CLI. - Fileinfo: - . Fixed bug #61812 (Uninitialised value used in libmagic). + . Fixed bug #61812 (Uninitialised value used in libmagic). (Laruence, Gustavo) - Iconv extension: @@ -1371,7 +1425,7 @@ . Fixed bug #60227 (header() cannot detect the multi-line header with CR). (rui, Gustavo) . Fixed bug #60222 (time_nanosleep() does validate input params). (Ilia) - . Fixed bug #54374 (Insufficient validating of upload name leading to + . Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172). (Stas, lekensteyn at gmail dot com, Pierre) . Fixed bug #52719 (array_walk_recursive crashes if third param of the @@ -1401,7 +1455,7 @@ - Libxml: . Fixed bug #61617 (Libxml tests failed(ht is already destroyed)). (Laruence) - . Fixed bug #61367 (open_basedir bypass using libxml RSHUTDOWN). + . Fixed bug #61367 (open_basedir bypass using libxml RSHUTDOWN). (Tim Starling) - mysqli @@ -1413,7 +1467,7 @@ . Fixed bug #61194 (PDO should export compression flag with myslqnd). (Johannes) -- PDO_odbc +- PDO_odbc . Fixed bug #61212 (PDO ODBC Segfaults on SQL_SUCESS_WITH_INFO). (Ilia) - PDO_pgsql @@ -1440,14 +1494,14 @@ . Fixed bug #61388 (ReflectionObject:getProperties() issues invalid reads when get_properties returns a hash table with (inaccessible) dynamic numeric properties). (Gustavo) - . Fixed bug #60968 (Late static binding doesn't work with + . Fixed bug #60968 (Late static binding doesn't work with ReflectionMethod::invokeArgs()). (Laruence) - SOAP . Fixed basic HTTP authentication for WSDL sub requests. (Dmitry) . Fixed bug #60887 (SoapClient ignores user_agent option and sends no User-Agent header). (carloschilazo at gmail dot com) - . Fixed bug #60842, #51775 (Chunked response parsing error when + . Fixed bug #60842, #51775 (Chunked response parsing error when chunksize length line is > 10 bytes). (Ilia) . Fixed bug #49853 (Soap Client stream context header option ignored). (Dmitry) @@ -1498,7 +1552,7 @@ 02 Feb 2012, PHP 5.3.10 - Core: - . Fixed arbitrary remote code execution vulnerability reported by Stefan + . Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830. (Stas, Dmitry) 10 Jan 2012, PHP 5.3.9 @@ -1511,7 +1565,7 @@ GC). (Dmitry) . Fixed bug #60138 (GC crash with referenced array in RecursiveArrayIterator) (Dmitry). - . Fixed bug #60120 (proc_open's streams may hang with stdin/out/err when + . Fixed bug #60120 (proc_open's streams may hang with stdin/out/err when the data exceeds or is equal to 2048 bytes). (Pierre, Pascal Borreli) . Fixed bug #60099 (__halt_compiler() works in braced namespaces). (Felipe) . Fixed bug #60019 (Function time_nanosleep() is undefined on OS X). (Ilia) @@ -1535,7 +1589,7 @@ HTTP POST request). (Hannes) . Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to is_a and is_subclass_of). (alan_k) - . Fixed bug #52461 (Incomplete doctype and missing xmlns). + . Fixed bug #52461 (Incomplete doctype and missing xmlns). (virsacer at web dot de, Pierre) . Fixed bug #55366 (keys lost when using substr_replace an array). (Arpad) . Fixed bug #55273 (base64_decode() with strict rejects whitespace after @@ -1592,7 +1646,7 @@ . Fixed memory leak when calling the Finfo constructor twice. (Felipe) - Filter: - . Fixed Bug #55478 (FILTER_VALIDATE_EMAIL fails with internationalized + . Fixed Bug #55478 (FILTER_VALIDATE_EMAIL fails with internationalized domain name addresses containing >1 -). (Ilia) - FTP: @@ -1626,7 +1680,7 @@ . Fixed bug #55859 (mysqli->stat property access gives error). (Andrey) . Fixed bug #55582 (mysqli_num_rows() returns always 0 for unbuffered, when mysqlnd is used). (Andrey) - . Fixed bug #55703 (PHP crash when calling mysqli_fetch_fields). + . Fixed bug #55703 (PHP crash when calling mysqli_fetch_fields). (eran at zend dot com, Laruence) - mysqlnd @@ -1663,9 +1717,9 @@ - PDO MySQL driver: . Fixed bug #60155 (pdo_mysql.default_socket ignored). (Johannes) - . Fixed bug #55870 (PDO ignores all SSL parameters when used with mysql + . Fixed bug #55870 (PDO ignores all SSL parameters when used with mysql native driver). (Pierre) - . Fixed bug #54158 (MYSQLND+PDO MySQL requires #define + . Fixed bug #54158 (MYSQLND+PDO MySQL requires #define MYSQL_OPT_LOCAL_INFILE). (Andrey) - PDO OCI driver: @@ -1706,7 +1760,7 @@ . Added partial syslog support (on error_log only). FR #52052. (fat) - Postgres: - . Fixed bug #60244 (pg_fetch_* functions do not validate that row param + . Fixed bug #60244 (pg_fetch_* functions do not validate that row param is >0). (Ilia) . Added PGSQL_LIBPQ_VERSION/PGSQL_LIBPQ_VERSION_STR constants. (Yasuo) @@ -1718,7 +1772,7 @@ - SimpleXML: . Reverted the SimpleXML->query() behaviour to returning empty arrays - instead of false when no nodes are found as it was since 5.3.3 + instead of false when no nodes are found as it was since 5.3.3 (bug #48601). (chregu, rrichards) - SOAP @@ -1751,7 +1805,7 @@ - XSL: . Added xsl.security_prefs ini option to define forbidden operations within - XSLT stylesheets, default is not to enable write operations. This option + XSLT stylesheets, default is not to enable write operations. This option won't be in 5.4, since there's a new method. Fixes Bug #54446. (Chregu, Nicolas Gregoire) @@ -1779,7 +1833,7 @@ (Pierrick, Felipe) . Fixed bug #54624 (class_alias and type hint). (Felipe) . Fixed bug #54585 (track_errors causes segfault). (Dmitry) - . Fixed bug #54423 (classes from dl()'ed extensions are not destroyed). + . Fixed bug #54423 (classes from dl()'ed extensions are not destroyed). (Tony, Dmitry) . Fixed bug #54372 (Crash accessing global object itself returned from its __get() handle). (Dmitry) @@ -1792,13 +1846,13 @@ - Core . Updated crypt_blowfish to 1.2. ((CVE-2011-2483) (Solar Designer) - . Removed warning when argument of is_a() or is_subclass_of() is not + . Removed warning when argument of is_a() or is_subclass_of() is not a known class. (Stas) . Fixed crash in error_log(). (Felipe) Reported by Mateusz Kocielski. . Added PHP_MANDIR constant telling where the manpages were installed into, and an --man-dir argument to php-config. (Hannes) . Fixed a crash inside dtor for error handling. (Ilia) - . Fixed buffer overflow on overlog salt in crypt(). (Clément LECIGNE, Stas) + . Fixed buffer overflow on overlog salt in crypt(). (Clément LECIGNE, Stas) . Implemented FR #54459 (Range function accuracy). (Adam) . Fixed bug #55399 (parse_url() incorrectly treats ':' as a valid path). @@ -1807,7 +1861,7 @@ (Dmitry) . Fixed bug #55295 [NEW]: popen_ex on windows, fixed possible heap overflow (Pierre) - . Fixed bug #55258 (Windows Version Detecting Error). + . Fixed bug #55258 (Windows Version Detecting Error). ( xiaomao5 at live dot com, Pierre) . Fixed bug #55187 (readlink returns weird characters when false result). (Pierre) @@ -1851,7 +1905,7 @@ (Pierrick, Dmitry) . Fixed bug #50363 (Invalid parsing in convert.quoted-printable-decode filter). (slusarz at curecanti dot org) - . Fixed bug #48465 (sys_get_temp_dir() possibly inconsistent when using + . Fixed bug #48465 (sys_get_temp_dir() possibly inconsistent when using TMPDIR on Windows). (Pierre) - Apache2 Handler SAPI: @@ -1864,7 +1918,7 @@ - cURL extension: . Added ini option curl.cainfo (support for custom cert db). (Pierre) . Added CURLINFO_REDIRECT_URL support. (Daniel Stenberg, Pierre) - . Added support for CURLOPT_MAX_RECV_SPEED_LARGE and + . Added support for CURLOPT_MAX_RECV_SPEED_LARGE and CURLOPT_MAX_SEND_SPEED_LARGE. FR #51815. (Pierrick) - DateTime extension: @@ -1891,10 +1945,10 @@ . Added 3rd parameter to filter_var_array() and filter_input_array() functions that allows disabling addition of empty elements. (Ilia) . Fixed bug #53037 (FILTER_FLAG_EMPTY_STRING_NULL is not implemented). (Ilia) - + - Interbase extension: . Fixed bug #54269 (Short exception message buffer causes crash). (Felipe) - + - intl extension: . Implemented FR #54561 (Expose ICU version info). (David Zuelke, Ilia) . Implemented FR #54540 (Allow loading of arbitrary resource bundles when @@ -1905,7 +1959,7 @@ (kevin at kevinlocke dot name) - json extension: - . Fixed bug #54484 (Empty string in json_decode doesn't reset + . Fixed bug #54484 (Empty string in json_decode doesn't reset json_last_error()). (Ilia) - LDAP extension: @@ -1922,7 +1976,7 @@ - MCrypt extension: . Change E_ERROR to E_WARNING in mcrypt_create_iv when not enough data has been fetched (Windows). (Pierre) - . Fixed bug #55169 (mcrypt_create_iv always fails to gather sufficient random + . Fixed bug #55169 (mcrypt_create_iv always fails to gather sufficient random data on Windows). (Pierre) - mysqlnd @@ -1954,7 +2008,7 @@ - PDO extension: . Fixed bug #54929 (Parse error with single quote in sql comment). (Felipe) - . Fixed bug #52104 (bindColumn creates Warning regardless of ATTR_ERRMODE + . Fixed bug #52104 (bindColumn creates Warning regardless of ATTR_ERRMODE settings). (Ilia) - PDO DBlib driver: @@ -2077,7 +2131,7 @@ . Fixed bug #48607 (fwrite() doesn't check reply from ftp server before exiting). (Ilia) - + - Calendar extension: . Fixed bug #53574 (Integer overflow in SdnToJulian, sometimes leading to segfault). (Gustavo) @@ -2085,18 +2139,18 @@ - DOM extension: . Implemented FR #39771 (Made DOMDocument::saveHTML accept an optional DOMNode like DOMDocument::saveXML). (Gustavo) - + - DateTime extension: . Fixed a bug in DateTime->modify() where absolute date/time statements had no effect. (Derick) . Fixed bug #53729 (DatePeriod fails to initialize recurrences on 64bit big-endian systems). (Derick, rein@basefarm.no) . Fixed bug #52808 (Segfault when specifying interval as two dates). (Stas) - . Fixed bug #52738 (Can't use new properties in class extended from + . Fixed bug #52738 (Can't use new properties in class extended from DateInterval). (Stas) . Fixed bug #52290 (setDate, setISODate, setTime works wrong when DateTime created from timestamp). (Stas) - . Fixed bug #52063 (DateTime constructor's second argument doesn't have a + . Fixed bug #52063 (DateTime constructor's second argument doesn't have a null default value). (Gustavo, Stas) - Exif extension: @@ -2117,20 +2171,20 @@ (Hannes) - Gettext - . Fixed bug #53837 (_() crashes on Windows when no LANG or LANGUAGE + . Fixed bug #53837 (_() crashes on Windows when no LANG or LANGUAGE environment variable are set). (Pierre) - IMAP extension: . Implemented FR #53812 (get MIME headers of the part of the email). (Stas) . Fixed bug #53377 (imap_mime_header_decode() doesn't ignore \t during long MIME header unfolding). (Adam) - + - Intl extension: . Fixed bug #53612 (Segmentation fault when using cloned several intl objects). (Gustavo) . Fixed bug #53512 (NumberFormatter::setSymbol crash on bogus $attr values). (Felipe) - . Implemented clone functionality for number, date & message formatters. + . Implemented clone functionality for number, date & message formatters. (Stas). - JSON extension: @@ -2138,20 +2192,20 @@ decodings). (Scott) - mysqlnd - . Fixed problem with always returning 0 as num_rows for unbuffered sets. + . Fixed problem with always returning 0 as num_rows for unbuffered sets. (Andrey, Ulf) - MySQL Improved extension: - . Added 'db' and 'catalog' keys to the field fetching functions (FR #39847). + . Added 'db' and 'catalog' keys to the field fetching functions (FR #39847). (Kalle) . Fixed buggy counting of affected rows when using the text protocol. The collected statistics were wrong when multi_query was used with mysqlnd (Andrey) - . Fixed bug #53795 (Connect Error from MySqli (mysqlnd) when using SSL). + . Fixed bug #53795 (Connect Error from MySqli (mysqlnd) when using SSL). (Kalle) - . Fixed bug #53503 (mysqli::query returns false after successful LOAD DATA + . Fixed bug #53503 (mysqli::query returns false after successful LOAD DATA query). (Kalle, Andrey) - . Fixed bug #53425 (mysqli_real_connect() ignores client flags when built to + . Fixed bug #53425 (mysqli_real_connect() ignores client flags when built to call libmysql). (Kalle, tre-php-net at crushedhat dot com) - OpenSSL extension: @@ -2168,13 +2222,13 @@ - PDO MySQL driver: . Fixed bug #53551 (PDOStatement execute segfaults for pdo_mysql driver). (Johannes) - . Implemented FR #47802 (Support for setting character sets in DSN strings). + . Implemented FR #47802 (Support for setting character sets in DSN strings). (Kalle) - PDO Oracle driver: . Fixed bug #39199 (Cannot load Lob data with more than 4000 bytes on ORACLE 10). (spatar at mail dot nnov dot ru) - + - PDO PostgreSQL driver: . Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down). (gyp at balabit dot hu) @@ -2184,7 +2238,7 @@ (CVE-2011-1153) . Fixed bug #53541 (format string bug in ext/phar). (crrodriguez at opensuse dot org, Ilia) - . Fixed bug #53898 (PHAR reports invalid error message, when the directory + . Fixed bug #53898 (PHAR reports invalid error message, when the directory does not exist). (Ilia) - PHP-FPM SAPI: @@ -2215,7 +2269,7 @@ (Mateusz Kocielski, Pierre) - SPL extension: - . Fixed memory leak in DirectoryIterator::getExtension() and + . Fixed memory leak in DirectoryIterator::getExtension() and SplFileInfo::getExtension(). (Felipe) . Fixed bug #53914 (SPL assumes HAVE_GLOB is defined). (Chris Jones) . Fixed bug #53515 (property_exists incorrect on ArrayObject null and 0 @@ -2265,13 +2319,13 @@ (Hannes) . Fixed bug #53568 (swapped memset arguments in struct initialization). (crrodriguez at opensuse dot org) - . Fixed bug #53166 (Missing parameters in docs and reflection definition). + . Fixed bug #53166 (Missing parameters in docs and reflection definition). (Richard) . Fixed bug #49072 (feof never returns true for damaged file in zip). (Gustavo, Richard Quadling) 06 Jan 2011, PHP 5.3.5 -- Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott, +- Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott, Rasmus) 09 Dec 2010, PHP 5.3.4 @@ -2279,11 +2333,11 @@ - Upgraded bundled PCRE to version 8.10. (Ilia) - Security enhancements: - . Fixed crash in zip extract method (possible CWE-170). + . Fixed crash in zip extract method (possible CWE-170). (Maksymilian Arciemowicz, Pierre) . Paths with NULL in them (foo\0bar.txt) are now considered as invalid. (Rasmus) - . Fixed a possible double free in imap extension (Identified by Mateusz + . Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). (Ilia) . Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). (Maksymilian Arciemowicz) @@ -2295,23 +2349,23 @@ - General improvements: . Added stat support for zip stream. (Pierre) - . Added follow_location (enabled by default) option for the http stream + . Added follow_location (enabled by default) option for the http stream support. (Pierre) . Improved support for is_link and related functions on Windows. (Pierre) . Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al. (Gustavo) - + - Implemented feature requests: . Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime. (Kalle) - . Implemented FR #52173, added functions pcntl_get_last_error() and + . Implemented FR #52173, added functions pcntl_get_last_error() and pcntl_strerror(). (nick dot telford at gmail dot com, Arnaud) . Implemented symbolic links support for open_basedir checks. (Pierre) . Implemented FR #51804, SplFileInfo::getLinkTarget on Windows. (Pierre) . Implemented FR #50692, not uploaded files don't count towards max_file_uploads limit. As a side improvement, temporary files are not opened for empty uploads and, in debug mode, 0-length uploads. (Gustavo) - + - Improved MySQLnd: . Added new character sets to mysqlnd, which are available in MySQL 5.5 (Andrey) @@ -2323,7 +2377,7 @@ . Added '-t/--test' to php-fpm to check and validate FPM conf file. (fat) . Added statistics about listening socket queue length for FPM. (andrei dot nigmatulin at gmail dot com, fat) - + - Core: . Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE. (jorto at redhat dot com) @@ -2337,7 +2391,7 @@ . Fixed bug #53304 (quot_print_decode does not handle lower-case hex digits). (Ilia, daniel dot mueller at inexio dot net) . Fixed bug #53248 (rawurlencode RFC 3986 EBCDIC support misses tilde char). - (Justin Martin) + (Justin Martin) . Fixed bug #53226 (file_exists fails on big filenames). (Adam) . Fixed bug #53198 (changing INI setting "from" with ini_set did not have any effect). (Gustavo) @@ -2353,7 +2407,7 @@ decode " if ENT_NOQUOTES is given. (Gustavo) . Fixed bug #52931 (strripos not overloaded with function overloading enabled). (Felipe) - . Fixed bug #52772 (var_dump() doesn't check for the existence of + . Fixed bug #52772 (var_dump() doesn't check for the existence of get_class_name before calling it). (Kalle, Gustavo) . Fixed bug #52534 (var_export array with negative key). (Felipe) . Fixed bug #52327 (base64_decode() improper handling of leading padding in @@ -2368,22 +2422,22 @@ of reported malformed sequences). (CVE-2010-3870) (Gustavo) . Fixed bug #49407 (get_html_translation_table doesn't handle UTF-8). (Gustavo) - . Fixed bug #48831 (php -i has different output to php --ini). (Richard, + . Fixed bug #48831 (php -i has different output to php --ini). (Richard, Pierre) . Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4). (Felipe) - . Fixed bug #47168 (printf of floating point variable prints maximum of 40 + . Fixed bug #47168 (printf of floating point variable prints maximum of 40 decimal places). (Ilia) . Fixed bug #46587 (mt_rand() does not check that max is greater than min). (Ilia) . Fixed bug #29085 (bad default include_path on Windows). (Pierre) . Fixed bug #25927 (get_html_translation_table calls the ' ' instead of '). (Gustavo) - + - Zend engine: . Reverted fix for bug #51176 (Static calling in non-static method behaves like $this->). (Felipe) - . Changed deprecated ini options on startup from E_WARNING to E_DEPRECATED. + . Changed deprecated ini options on startup from E_WARNING to E_DEPRECATED. (Kalle) . Fixed NULL dereference in lex_scan on zend multibyte builds where the script had a flex incompatible encoding and there was no converter. (Gustavo) @@ -2403,7 +2457,7 @@ . Fixed bug #52361 (Throwing an exception in a destructor causes invalid catching). (Dmitry) . Fixed bug #51008 (Zend/tests/bug45877.phpt fails). (Dmitry) - + - Build issues: . Fixed bug #52436 (Compile error if systems do not have stdint.h) (Sriram Natarajan) @@ -2414,7 +2468,7 @@ - Calendar extension: . Fixed bug #52744 (cal_days_in_month incorrect for December 1 BCE). (gpap at internet dot gr, Adam) - + - cURL extension: . Fixed bug #52828 (curl_setopt does not accept persistent streams). (Gustavo, Ilia) @@ -2422,7 +2476,7 @@ (CURLOPT_STDERR)). (Gustavo) . Fixed bug #52202 (CURLOPT_PRIVATE gets corrupted). (Ilia) . Fixed bug #50410 (curl extension slows down PHP on Windows). (Pierre) - + - DateTime extension: . Fixed bug #53297 (gettimeofday implementation in php/win32/time.c can return 1 million microsecs). (ped at 7gods dot org) @@ -2451,7 +2505,7 @@ . Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). (Pierre) - GMP extension: - . Fixed bug #52906 (gmp_mod returns negative result when non-negative is + . Fixed bug #52906 (gmp_mod returns negative result when non-negative is expected). (Stas) . Fixed bug #52849 (GNU MP invalid version match). (Adam) @@ -2464,7 +2518,7 @@ headers). (Adam) . Fixed bug #52599 (iconv output handler outputs incorrect content type when flags are used). (Ilia) - . Fixed bug #51250 (iconv_mime_decode() does not ignore malformed Q-encoded + . Fixed bug #51250 (iconv_mime_decode() does not ignore malformed Q-encoded words). (Ilia) - Intl extension: @@ -2474,7 +2528,7 @@ (Stas) . Fixed bug #50590 (IntlDateFormatter::parse result is limited to the integer range). (Stas) - + - Mbstring extension: . Fixed bug #53273 (mb_strcut() returns garbage with the excessive length parameter). (CVE-2010-4156) (Mateusz Kocielski, Pierre, Moriyoshi) @@ -2483,16 +2537,16 @@ with the distribution) (Gustavo). . Fixed bug #52681 (mb_send_mail() appends an extra MIME-Version header). (Adam) - + - MSSQL extension: . Fixed possible crash in mssql_fetch_batch(). (Kalle) . Fixed bug #52843 (Segfault when optional parameters are not passed in to mssql_connect). (Felipe) - + - MySQL extension: - . Fixed bug #52636 (php_mysql_fetch_hash writes long value into int). + . Fixed bug #52636 (php_mysql_fetch_hash writes long value into int). (Kalle, rein at basefarm dot no) - + - MySQLi extension: . Fixed bug #52891 (Wrong data inserted with mysqli/mysqlnd when using mysqli_stmt_bind_param and value> PHP_INT_MAX). (Andrey) @@ -2509,10 +2563,10 @@ (Andrey) . Fixed bug #52221 (Misbehaviour of magic_quotes_runtime (get/set)). (Andrey) . Fixed bug #45921 (Can't initialize character set hebrew). (Andrey) - + - MySQLnd: . Fixed bug #52613 (crash in mysqlnd after hitting memory limit). (Andrey) - + - ODBC extension: - Fixed bug #52512 (Broken error handling in odbc_execute). (mkoegler at auto dot tuwien dot ac dot at) @@ -2529,11 +2583,11 @@ . Fixed bug #51610 (Using oci_connect causes PHP to take a long time to exit). Requires Oracle 11.2.0.2 client libraries (or Oracle bug fix 9891199) for this patch to have an effect. (Oracle Corp.) - + - PCNTL extension: . Fixed bug #52784 (Race condition when handling many concurrent signals). (nick dot telford at gmail dot com, Arnaud) - + - PCRE extension: . Fixed bug #52971 (PCRE-Meta-Characters not working with utf-8). (Felipe) . Fixed bug #52732 (Docs say preg_match() returns FALSE on error, but it @@ -2557,27 +2611,27 @@ - PDO: . Fixed bug #52699 (PDO bindValue writes long int 32bit enum). - (rein at basefarm dot no) + (rein at basefarm dot no) . Fixed bug #52487 (PDO::FETCH_INTO leaks memory). (Felipe) - + - PDO DBLib driver: . Fixed bug #52546 (pdo_dblib segmentation fault when iterating MONEY values). (Felipe) - + - PDO Firebird driver: . Restored firebird support (VC9 builds only). (Pierre) . Fixed bug #53335 (pdo_firebird did not implement rowCount()). (preeves at ibphoenix dot com) . Fixed bug #53323 (pdo_firebird getAttribute() crash). (preeves at ibphoenix dot com) - + - PDO MySQL driver: . Fixed bug #52745 (Binding params doesn't work when selecting a date inside a CASE-WHEN). (Andrey) - + - PostgreSQL extension: . Fixed bug #47199 (pg_delete() fails on NULL). (ewgraf at gmail dot com) - + - Reflection extension: . Fixed ReflectionProperty::isDefault() giving a wrong result for properties obtained with ReflectionClass::getProperties(). (Gustavo) @@ -2586,11 +2640,11 @@ getProperty()). (Felipe) . Fixed bug #52854 (ReflectionClass::newInstanceArgs does not work for classes without constructors). (Johannes) - + - SOAP extension: . Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy with SoapClient object). (Dmitry) - + - SPL extension: . Fixed bug #53362 (Segmentation fault when extending SplFixedArray). (Felipe) . Fixed bug #53279 (SplFileObject doesn't initialise default CSV escape @@ -2598,7 +2652,7 @@ . Fixed bug #53144 (Segfault in SplObjectStorage::removeAll()). (Felipe) . Fixed bug #53071 (SPLObjectStorage defeats gc_collect_cycles). (Gustavo) . Fixed bug #52573 (SplFileObject::fscanf Segmentation fault). (Felipe) - . Fixed bug #51763 (SplFileInfo::getType() does not work symbolic link + . Fixed bug #51763 (SplFileInfo::getType() does not work symbolic link and directory). (Pierre) . Fixed bug #50481 (Storing many SPLFixedArray in an array crashes). (Felipe) . Fixed bug #50579 (RegexIterator::REPLACE doesn't work). (Felipe) @@ -2606,7 +2660,7 @@ - SQLite3 extension: . Fixed bug #53463 (sqlite3 columnName() segfaults on bad column_number). (Felipe) - + - Streams: . Fixed forward stream seeking emulation in streams that don't support seeking in situations where the read operation gives back less data than requested @@ -2625,7 +2679,7 @@ - WDDX extension: . Fixed bug #52468 (wddx_deserialize corrupts integer field value when left empty). (Felipe) - + - Zlib extension: . Fixed bug #52926 (zlib fopen wrapper does not use context). (Gustavo) @@ -2633,11 +2687,11 @@ - Upgraded bundled sqlite to version 3.6.23.1. (Ilia) - Upgraded bundled PCRE to version 8.02. (Ilia) -- Added support for JSON_NUMERIC_CHECK option in json_encode() that converts +- Added support for JSON_NUMERIC_CHECK option in json_encode() that converts numeric strings to integers. (Ilia) - Added stream_set_read_buffer, allows to set the buffer for read operation. (Pierre) -- Added stream filter support to mcrypt extension (ported from +- Added stream filter support to mcrypt extension (ported from mcrypt_filter). (Stas) - Added full_special_chars filter to ext/filter. (Rasmus) - Added backlog socket context option for stream_socket_server(). (Mike) @@ -2646,10 +2700,10 @@ Made implicit use of NULL IV a warning. (Sara) - Added openssl_cipher_iv_length(). (Sara) - Added FastCGI Process Manager (FPM) SAPI. (Tony) -- Added recent Windows versions to php_uname and fix undefined windows +- Added recent Windows versions to php_uname and fix undefined windows version support. (Pierre) - Added Berkeley DB 5 support to the DBA extension. (Johannes, Chris Jones) -- Added support for copy to/from array/file for pdo_pgsql extension. +- Added support for copy to/from array/file for pdo_pgsql extension. (Denis Gasparin, Ilia) - Added inTransaction() method to PDO, with specialized support for Postgres. (Ilia, Denis Gasparin) @@ -2669,7 +2723,7 @@ Reported by Stefan Esser. (Andrey) - Fixed very rare memory leak in mysqlnd, when binding thousands of columns. (Andrey) -- Fixed a crash when calling an inexistent method of a class that inherits +- Fixed a crash when calling an inexistent method of a class that inherits PDOStatement if instantiated directly instead of doing by the PDO methods. (Felipe) @@ -2688,15 +2742,15 @@ (Dmitry) - Fixed a possible memory corruption in pack(). Reported by Stefan Esser. (Dmitry) -- Fixed a possible memory corruption in substr_replace(). Reported by Stefan +- Fixed a possible memory corruption in substr_replace(). Reported by Stefan Esser. (Dmitry) -- Fixed a possible memory corruption in addcslashes(). Reported by Stefan +- Fixed a possible memory corruption in addcslashes(). Reported by Stefan Esser. (Dmitry) -- Fixed a possible stack exhaustion inside fnmatch(). Reported by Stefan +- Fixed a possible stack exhaustion inside fnmatch(). Reported by Stefan Esser. (Ilia) - Fixed a possible dechunking filter buffer overflow. Reported by Stefan Esser. (Pierre) -- Fixed a possible arbitrary memory access inside sqlite extension. Reported +- Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. (Ilia) - Fixed string format validation inside phar extension. Reported by Stefan Esser. (Ilia) @@ -2719,7 +2773,7 @@ - Fixed bug #52193 (converting closure to array yields empty array). (Felipe) - Fixed bug #52183 (Reflectionfunction reports invalid number of arguments for function aliases). (Felipe) -- Fixed bug #52162 (custom request header variables with numbers are removed). +- Fixed bug #52162 (custom request header variables with numbers are removed). (Sriram Natarajan) - Fixed bug #52160 (Invalid E_STRICT redefined constructor error). (Felipe) - Fixed bug #52138 (Constants are parsed into the ini file for section names). @@ -2731,15 +2785,15 @@ - Fixed bug #52082 (character_set_client & character_set_connection reset after mysqli_change_user()). (Andrey) - Fixed bug #52043 (GD doesn't recognize latest libJPEG versions). - (php at group dot apple dot com, Pierre) + (php at group dot apple dot com, Pierre) - Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function). (Dmitry) - Fixed bug #52060 (Memory leak when passing a closure to method_exists()). (Felipe) - Fixed bug #52057 (ReflectionClass fails on Closure class). (Felipe) -- Fixed bug #52051 (handling of case sensitivity of old-style constructors +- Fixed bug #52051 (handling of case sensitivity of old-style constructors changed in 5.3+). (Felipe) -- Fixed bug #52037 (Concurrent builds fail in install-programs). (seanius at +- Fixed bug #52037 (Concurrent builds fail in install-programs). (seanius at debian dot org, Kalle) - Fixed bug #52019 (make lcov doesn't support TESTS variable anymore). (Patrick) - Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command). @@ -2747,7 +2801,7 @@ - Fixed bug #52001 (Memory allocation problems after using variable variables). (Dmitry) - Fixed bug #51991 (spl_autoload and *nix support with namespace). (Felipe) -- Fixed bug #51943 (AIX: Several files are out of ANSI spec). (Kalle, +- Fixed bug #51943 (AIX: Several files are out of ANSI spec). (Kalle, coreystup at gmail dot com) - Fixed bug #51911 (ReflectionParameter::getDefaultValue() memory leaks with constant array). (Felipe) @@ -2812,7 +2866,7 @@ - Fixed bug #51435 (Missing ifdefs / logic bug in crypt code cause compile errors). (Felipe) - Fixed bug #51424 (crypt() function hangs after 3rd call). (Pierre, Sriram) -- Fixed bug #51394 (Error line reported incorrectly if error handler throws an +- Fixed bug #51394 (Error line reported incorrectly if error handler throws an exception). (Stas) - Fixed bug #51393 (DateTime::createFromFormat() fails if format string contains timezone). (Adam) @@ -2831,15 +2885,15 @@ - Fixed bug #51242 (Empty mysql.default_port does not default to 3306 anymore, but 0). (Adam) - Fixed bug #51237 (milter SAPI crash on startup). (igmar at palsenberg dot com) -- Fixed bug #51213 (pdo_mssql is trimming value of the money column). (Ilia, +- Fixed bug #51213 (pdo_mssql is trimming value of the money column). (Ilia, alexr at oplot dot com) -- Fixed bug #51190 (ftp_put() returns false when transfer was successful). +- Fixed bug #51190 (ftp_put() returns false when transfer was successful). (Ilia) - Fixed bug #51183 (ext/date/php_date.c fails to compile with Sun Studio). (Sriram Natarajan) - Fixed bug #51176 (Static calling in non-static method behaves like $this->). (Felipe) -- Fixed bug #51171 (curl_setopt() doesn't output any errors or warnings when +- Fixed bug #51171 (curl_setopt() doesn't output any errors or warnings when an invalid option is provided). (Ilia) - Fixed bug #51128 (imagefill() doesn't work with large images). (Pierre) - Fixed bug #51096 ('last day' and 'first day' are handled incorrectly when @@ -2859,7 +2913,7 @@ if defined in WSDL). (mephius at gmail dot com) - Fixed bug #50731 (Inconsistent namespaces sent to functions registered with spl_autoload_register). (Felipe) -- Fixed bug #50563 (removing E_WARNING from parse_url). (ralph at smashlabs dot +- Fixed bug #50563 (removing E_WARNING from parse_url). (ralph at smashlabs dot com, Pierre) - Fixed bug #50578 (incorrect shebang in phar.phar). (Fedora at FamilleCollet dot com) @@ -2908,7 +2962,7 @@ (vincent at optilian dot com) - Fixed bug #43233 (sasl support for ldap on Windows). (Pierre) - Fixed bug #35673 (formatOutput does not work with saveHTML). (Rob) -- Fixed bug #33210 (getimagesize() fails to detect width/height on certain +- Fixed bug #33210 (getimagesize() fails to detect width/height on certain JPEGs). (Ilia) 04 Mar 2010, PHP 5.3.2 @@ -2931,7 +2985,7 @@ setting it to 0. (Rasmus) - Changed tidyNode class to disallow manual node creation. (Pierrick) -- Removed automatic file descriptor unlocking happening on shutdown and/or +- Removed automatic file descriptor unlocking happening on shutdown and/or stream close (on all OSes). (Tony, Ilia) - Added libpng 1.4.0 support. (Pierre) @@ -2989,7 +3043,7 @@ versions). (Derick) - Fixed bug #50907 (X-PHP-Originating-Script adding two new lines in *NIX). (Ilia) -- Fixed bug #50859 (build fails with openssl 1.0 due to md2 deprecation). +- Fixed bug #50859 (build fails with openssl 1.0 due to md2 deprecation). (Ilia, hanno at hboeck dot de) - Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long). (Ilia) @@ -3024,7 +3078,7 @@ and DomDocument). (Dmitry) - Fixed bug #50508 (compile failure: Conflicting HEADER type declarations). (Jani) -- Fixed bug #50496 (Use of is valid only in a c99 compilation +- Fixed bug #50496 (Use of is valid only in a c99 compilation environment. (Sriram) - Fixed bug #50464 (declare encoding doesn't work within an included file). (Felipe) @@ -3046,7 +3100,7 @@ (Ilia, Pierrick) - Fixed bug #50285 (xmlrpc does not preserve keys in encoded indexed arrays). (Felipe) -- Fixed bug #50282 (xmlrpc_encode_request() changes object into array in +- Fixed bug #50282 (xmlrpc_encode_request() changes object into array in calling function). (Felipe) - Fixed bug #50267 (get_browser(null) does not use HTTP_USER_AGENT). (Jani) - Fixed bug #50266 (conflicting types for llabs). (Jani) @@ -3066,7 +3120,7 @@ (tcallawa at redhat dot com) - Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia) -- Fixed bug #50196 (stream_copy_to_stream() produces warning when source is +- Fixed bug #50196 (stream_copy_to_stream() produces warning when source is not file). (Stas) - Fixed bug #50195 (pg_copy_to() fails when table name contains schema. (Ilia) - Fixed bug #50185 (ldap_get_entries() return false instead of an empty array @@ -3094,7 +3148,7 @@ - Fixed bug #49990 (SNMP3 warning message about security level printed twice). (Jani) - Fixed bug #49985 (pdo_pgsql prepare() re-use previous aborted - transaction). (ben dot pineau at gmail dot com, Ilia, Matteo) + transaction). (ben dot pineau at gmail dot com, Ilia, Matteo) - Fixed bug #49938 (Phar::isBuffering() returns inverted value). (Greg) - Fixed bug #49936 (crash with ftp stream in php_stream_context_get_option()). (Pierrick) @@ -3102,7 +3156,7 @@ - Fixed bug #49866 (Making reference on string offsets crashes PHP). (Dmitry) - Fixed bug #49855 (import_request_variables() always returns NULL). (Ilia, sjoerd at php dot net) -- Fixed bug #49851, #50451 (http wrapper breaks on 1024 char long headers). +- Fixed bug #49851, #50451 (http wrapper breaks on 1024 char long headers). (Ilia) - Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning). (Ilia, wmeler at wp-sa dot pl) @@ -3152,7 +3206,7 @@ - Upgraded bundled sqlite to version 3.6.19. (Scott) - Updated timezone database to version 2009.17 (2009q). (Derick) -- Changed ini file directives [PATH=](on Win32) and [HOST=](on all) to be case +- Changed ini file directives [PATH=](on Win32) and [HOST=](on all) to be case insensitive. (garretts) - Restored shebang line check to CGI sapi (not checked by scanner anymore). @@ -3167,7 +3221,7 @@ - Added support for ACL on Windows for thread safe SAPI (Apache2 for example) and fix its support on NTS. (Pierre) -- Improved symbolic, mounted volume and junctions support for realpath on +- Improved symbolic, mounted volume and junctions support for realpath on Windows. (Pierre) - Improved readlink on Windows, suppress \??\ and use the drive syntax only. (Pierre) @@ -3179,9 +3233,9 @@ API. (Scott) - Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre) -- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. +- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (Rasmus) -- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz +- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (Rasmus) - Fixed certificate validation inside php_openssl_apply_verification_policy (Ryan Sleevi, Ilia) @@ -3203,7 +3257,7 @@ (Maksymilian Arciemowicz, Stas) - Fixed signature generation/validation for zip archives in ext/phar. (Greg) - Fixed memory leak in stream_is_local(). (Felipe, Tony) -- Fixed BC break in mime_content_type(), removes the content encoding. (Scott) +- Fixed BC break in mime_content_type(), removes the content encoding. (Scott) - Fixed PECL bug #16842 (oci_error return false when NO_DATA_FOUND is raised). (Chris Jones) @@ -3236,7 +3290,7 @@ fclose). (Ilia) - Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters). (Ilia) -- Fixed bug #49447 (php engine need to correctly check for socket API +- Fixed bug #49447 (php engine need to correctly check for socket API return status on windows). (Sriram Natarajan) - Fixed bug #49391 (ldap.c utilizing deprecated ldap_modify_s). (Ilia) - Fixed bug #49372 (segfault in php_curl_option_curl). (Pierre) @@ -3271,7 +3325,7 @@ - Fixed bug #49074 (private class static fields can be modified by using reflection). (Jani) - Fixed bug #49072 (feof never returns true for damaged file in zip). (Pierre) -- Fixed bug #49065 ("disable_functions" php.ini option does not work on +- Fixed bug #49065 ("disable_functions" php.ini option does not work on Zend extensions). (Stas) - Fixed bug #49064 (--enable-session=shared does not work: undefined symbol: php_url_scanner_reset_vars). (Jani) @@ -3294,7 +3348,7 @@ in a chunk). (andreas dot streichardt at globalpark dot com, Ilia) - Fixed bug #49012 (phar tar signature algorithm reports as Unknown (0) in getSignature() call). (Greg) -- Fixed bug #49000 (PHP CLI in Interactive mode (php -a) crashes +- Fixed bug #49000 (PHP CLI in Interactive mode (php -a) crashes when including files from function). (Stas) - Fixed bug #48994 (zlib.output_compression does not output HTTP headers when set to a string value). (Jani) @@ -3323,10 +3377,10 @@ - Fixed bug #48783 (make install will fail saying phar file exists). (Greg) - Fixed bug #48774 (SIGSEGVs when using curl_copy_handle()). (Sriram Natarajan) -- Fixed bug #48771 (rename() between volumes fails and reports no error on +- Fixed bug #48771 (rename() between volumes fails and reports no error on Windows). (Pierre) - Fixed bug #48768 (parse_ini_*() crash with INI_SCANNER_RAW). (Jani) -- Fixed bug #48763 (ZipArchive produces corrupt archive). (dani dot church at +- Fixed bug #48763 (ZipArchive produces corrupt archive). (dani dot church at gmail dot com, Pierre) - Fixed bug #48762 (IPv6 address filter still rejects valid address). (Felipe) - Fixed bug #48757 (ReflectionFunction::invoke() parameter issues). (Kalle) @@ -3343,7 +3397,7 @@ files that have been opened with r+). (Ilia) - Fixed bug #48719 (parse_ini_*(): scanner_mode parameter is not checked for sanity). (Jani) -- Fixed bug #48718 (FILTER_VALIDATE_EMAIL does not allow numbers in domain +- Fixed bug #48718 (FILTER_VALIDATE_EMAIL does not allow numbers in domain components). (Ilia) - Fixed bug #48681 (openssl signature verification for tar archives broken). (Greg) @@ -3366,7 +3420,7 @@ - Fixed bug #48189 (ibase_execute error in return param). (Kalle) - Fixed bug #48182 (ssl handshake fails during asynchronous socket connection). (Sriram Natarajan) -- Fixed bug #48116 (Fixed build with Openssl 1.0). (Pierre, +- Fixed bug #48116 (Fixed build with Openssl 1.0). (Pierre, Al dot Smith at aeschi dot ch dot eu dot org) - Fixed bug #48057 (Only the date fields of the first row are fetched, others are empty). (info at programmiernutte dot net) @@ -3391,10 +3445,10 @@ com, Kalle) - Fixed bug #40013 (php_uname() does not return nodename on Netware (Guenter Knauf) -- Fixed bug #38091 (Mail() does not use FQDN when sending SMTP helo). +- Fixed bug #38091 (Mail() does not use FQDN when sending SMTP helo). (Kalle, Rick Yorgason) - Fixed bug #28038 (Sent incorrect RCPT TO commands to SMTP server) (Garrett) -- Fixed bug #27051 (Impersonation with FastCGI does not exec process as +- Fixed bug #27051 (Impersonation with FastCGI does not exec process as impersonated user). (Pierre) @@ -3518,17 +3572,17 @@ value. (Hannes) - Improved Windows support: - . Update all libraries to their latest stable version. (Pierre, Rob, Liz, + . Update all libraries to their latest stable version. (Pierre, Rob, Liz, Garrett). . Added Windows support for stat(), touch(), filemtime(), filesize() and related functions. (Pierre) . Re-added socket_create_pair() for Windows in sockets extension. (Kalle) - . Added inet_pton() and inet_ntop() also for Windows platforms. + . Added inet_pton() and inet_ntop() also for Windows platforms. (Kalle, Pierre) . Added mcrypt_create_iv() for Windows platforms. (Pierre) . Added ACL Cache support on Windows. (Kanwaljeet Singla, Pierre, Venkat Raman Don) - . Added constants based on Windows' GetVersionEx information. + . Added constants based on Windows' GetVersionEx information. PHP_WINDOWS_VERSION_* and PHP_WINDOWS_NT_*. (Pierre) . Added support for ACL (is_writable, is_readable, reports now correct results) on Windows. (Pierre, Venkat Raman Don, Kanwaljeet Singla) @@ -3716,7 +3770,7 @@ DateInterval on each iteration, up to an end date or limited by maximum number of occurences. -- Added compatibility mode in GD, imagerotate, image(filled)ellipse +- Added compatibility mode in GD, imagerotate, image(filled)ellipse imagefilter, imageconvolution and imagecolormatch are now always enabled. (Pierre) - Added array_replace() and array_replace_recursive() functions. (Matt) @@ -3758,12 +3812,12 @@ - Added support for CP850 encoding in mbstring extension. (Denis Giffeler, Moriyoshi) - Added stream_cast() and stream_set_options() to user-space stream wrappers, - allowing stream_select(), stream_set_blocking(), stream_set_timeout() and + allowing stream_select(), stream_set_blocking(), stream_set_timeout() and stream_set_write_buffer() to work with user-space stream wrappers. (Arnaud) - Added header_remove() function. (chsc at peytz dot dk, Arnaud) - Added stream_context_get_params() function. (Arnaud) - Added optional parameter "new" to sybase_connect(). (Timm) -- Added parse_ini_string() function. (grange at lemonde dot fr, Arnaud) +- Added parse_ini_string() function. (grange at lemonde dot fr, Arnaud) - Added str_getcsv() function. (Sara) - Added openssl_random_pseudo_bytes() function. (Scott) - Added ability to send user defined HTTP headers with SOAP request. @@ -3840,7 +3894,7 @@ prepending functions). (Scott) - Fixed bug #48215 (Calling a method with the same name as the parent class calls the constructor). (Scott) -- Fixed bug #48200 (compile failure with mbstring.c when +- Fixed bug #48200 (compile failure with mbstring.c when --enable-zend-multibyte is used). (Jani) - Fixed bug #48188 (Cannot execute a scrollable cursors twice with PDO_PGSQL). (Matteo) @@ -3972,7 +4026,7 @@ - Fixed bug #46042 (memory leaks with reflection of mb_convert_encoding()). (Ilia) - Fixed bug #46039 (ArrayObject iteration is slow). (Arnaud) -- Fixed bug #46033 (Direct instantiation of SQLite3stmt and SQLite3result cause +- Fixed bug #46033 (Direct instantiation of SQLite3stmt and SQLite3result cause a segfault.) (Scott) - Fixed bug #45991 (Ini files with the UTF-8 BOM are treated as invalid). (Scott) @@ -4048,7 +4102,7 @@ - Added support for Sun CC (FR #46595 and FR #46513). (David Soria Parra) - Changed default value of array_unique()'s optional sorting type parameter - back to SORT_STRING to fix backwards compatibility breakage introduced in + back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi) - Fixed memory corruptions while reading properties of zip files. (Ilia) @@ -4081,7 +4135,7 @@ files). (Pierre) - Fixed bug #48359 (Script hangs on snmprealwalk if OID is not increasing). (Ilia, simonov at gmail dot com) -- Fixed bug #48336 (ReflectionProperty::getDeclaringClass() does not work +- Fixed bug #48336 (ReflectionProperty::getDeclaringClass() does not work with redeclared property). (patch by Markus dot Lidel at shadowconnect dot com) - Fixed bug #48326 (constant MSG_DONTWAIT not defined). (Arnaud) @@ -4126,7 +4180,7 @@ - Fixed bug #47969 (ezmlm_hash() returns different values depend on OS). (Ilia) - Fixed bug #47946 (ImageConvolution overwrites background). (Ilia) - Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt) -- Fixed bug #47937 (system() calls sapi_flush() regardless of output +- Fixed bug #47937 (system() calls sapi_flush() regardless of output buffering). (Ilia) - Fixed bug #47903 ("@" operator does not work with string offsets). (Felipe) - Fixed bug #47893 (CLI aborts on non blocking stdout). (Arnaud) @@ -4200,7 +4254,7 @@ - Fixed bug #45092 (header HTTP context option not being used when compiled using --with-curlwrappers). (Jani) - Fixed bug #44996 (xmlrpc_decode() ignores time zone on iso8601.datetime). - (Ilia, kawai at apache dot org) + (Ilia, kawai at apache dot org) - Fixed bug #44827 (define() is missing error checks for class constants). (Ilia) - Fixed bug #44214 (Crash using preg_replace_callback() and global variables). @@ -4225,7 +4279,7 @@ - Added optional sorting type flag parameter to array_unique(). Default is SORT_REGULAR. (Andrei) -- Fixed a crash on extract in zip when files or directories entry names contain +- Fixed a crash on extract in zip when files or directories entry names contain a relative path. (Pierre) - Fixed error conditions handling in stream_filter_append(). (Arnaud) - Fixed zip filename property read. (Pierre) @@ -4327,11 +4381,11 @@ - Added logging option for error_log to send directly to SAPI. (Stas) - Added PHP_MAJOR_VERSION, PHP_MINOR_VERSION, PHP_RELEASE_VERSION, PHP_EXTRA_VERSION, PHP_VERSION_ID, PHP_ZTS and PHP_DEBUG constants. (Pierre) -- Added "PHP_INI_SCAN_DIR" environment variable which can be used to +- Added "PHP_INI_SCAN_DIR" environment variable which can be used to either disable or change the compile time ini scan directory (FR #45114). (Jani) -- Fixed missing initialization of BG(page_uid) and BG(page_gid), +- Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz. (Stas) - Fixed memory leak inside sqlite_create_aggregate(). (Felipe) - Fixed memory leak inside PDO sqlite's sqliteCreateAggregate() method. @@ -4347,7 +4401,7 @@ - Fixed a bug inside dba_replace() that could cause file truncation withinvalid keys. (Ilia) - Fixed memory leak inside readline_callback_handler_install() function.(Ilia) -- Fixed memory leak inside readline_completion_function() function. (Felipe) +- Fixed memory leak inside readline_completion_function() function. (Felipe) - Fixed stream_get_contents() when using $maxlength and socket is notclosed. indeyets [at] php [dot] net on #46049. (Arnaud) - Fixed stream_get_line() to behave as documented on non-blocking streams. @@ -4476,7 +4530,7 @@ - Fixed bug #45765 (ReflectionObject with default parameters of self::xxx cause an error). (Felipe) - Fixed bug #45751 (Using auto_prepend_file crashes (out of scope stack address - use)). (basant dot kukreja at sun dot com) + use)). (basant dot kukreja at sun dot com) - Fixed bug #45722 (mb_check_encoding() crashes). (Moriyoshi) - Fixed bug #45705 (rfc822_parse_adrlist() modifies passed address parameter). (Jani) @@ -4626,7 +4680,7 @@ 01 May 2008, PHP 5.2.6 - Fixed two possible crashes inside posix extension (Tony) -- Fixed incorrect heredoc handling when label is used within the block. +- Fixed incorrect heredoc handling when label is used within the block. (Matt) - Fixed possible stack buffer overflow in FastCGI SAPI. (Andrei Nigmatulin) - Fixed sending of uninitialized paddings which may contain some information. (Andrei Nigmatulin) diff -Nru php5-5.4.15/Zend/tests/bug64660.phpt php5-5.4.16/Zend/tests/bug64660.phpt --- php5-5.4.15/Zend/tests/bug64660.phpt 1970-01-01 00:00:00.000000000 +0000 +++ php5-5.4.16/Zend/tests/bug64660.phpt 2013-06-05 05:03:57.000000000 +0000 @@ -0,0 +1,11 @@ +--TEST-- +Bug #64660 (Segfault on memory exhaustion within function definition) +--FILE-- +trace = debug_backtrace(1); + } +} + +class Bar { + public function __destruct() { + Stat::getInstance(); + new Error(); + } + + public function test() { + new Error(); + } +} + +$foo = new Foo(); +$bar = new Bar(); +$bar->test(); +?> +--EXPECTF-- +Fatal error: Access to undeclared static property: Stat::$requests in %sbug64720.php on line 12 diff -Nru php5-5.4.15/Zend/tests/bug64821.1.phpt php5-5.4.16/Zend/tests/bug64821.1.phpt --- php5-5.4.15/Zend/tests/bug64821.1.phpt 1970-01-01 00:00:00.000000000 +0000 +++ php5-5.4.16/Zend/tests/bug64821.1.phpt 2013-06-05 05:03:57.000000000 +0000 @@ -0,0 +1,22 @@ +--TEST-- +Bug #64821 Custom Exceptions crash when internal properties overridden (variation 1) +--FILE-- +message = NULL; + $this->string = NULL; + $this->code = array(); + $this->line = "hello"; + } +} + +throw new a; + +?> +--EXPECTF-- +Fatal error: Uncaught exception 'a' in %s:0 +Stack trace: +#0 {main} + thrown in %s on line %d diff -Nru php5-5.4.15/Zend/tests/bug64821.2.phpt php5-5.4.16/Zend/tests/bug64821.2.phpt --- php5-5.4.15/Zend/tests/bug64821.2.phpt 1970-01-01 00:00:00.000000000 +0000 +++ php5-5.4.16/Zend/tests/bug64821.2.phpt 2013-06-05 05:03:57.000000000 +0000 @@ -0,0 +1,19 @@ +--TEST-- +Bug #64821 Custom Exceptions crash when internal properties overridden (variation 2) +--FILE-- +line = array(); + } +} + +throw new a; + +?> +--EXPECTF-- +Fatal error: Uncaught exception 'a' in %s:0 +Stack trace: +#0 {main} + thrown in %s on line %d diff -Nru php5-5.4.15/Zend/tests/bug64821.3.phpt php5-5.4.16/Zend/tests/bug64821.3.phpt --- php5-5.4.15/Zend/tests/bug64821.3.phpt 1970-01-01 00:00:00.000000000 +0000 +++ php5-5.4.16/Zend/tests/bug64821.3.phpt 2013-06-05 05:03:57.000000000 +0000 @@ -0,0 +1,20 @@ +--TEST-- +Bug #64821 Custom Exceptions crash when internal properties overridden (variation 3) +--FILE-- +line = array(); + $this->file = NULL; + } +} + +throw new a; + +?> +--EXPECTF-- +Fatal error: Uncaught exception 'a' in :0 +Stack trace: +#0 {main} + thrown in Unknown on line %d diff -Nru php5-5.4.15/Zend/zend_API.h php5-5.4.16/Zend/zend_API.h --- php5-5.4.15/Zend/zend_API.h 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/Zend/zend_API.h 2013-06-05 05:03:57.000000000 +0000 @@ -90,7 +90,7 @@ #define ZEND_NS_RAW_FENTRY(ns, zend_name, name, arg_info, flags) ZEND_RAW_FENTRY(ZEND_NS_NAME(ns, zend_name), name, arg_info, flags) #define ZEND_NS_RAW_NAMED_FE(ns, zend_name, name, arg_info) ZEND_NS_RAW_FENTRY(ns, #zend_name, name, arg_info, 0) -#define ZEND_NS_NAMED_FE(ns, zend_name, name, arg_info) ZEND_NS_FENTRY(ns, #zend_name, name, arg_info, 0) +#define ZEND_NS_NAMED_FE(ns, zend_name, name, arg_info) ZEND_NS_FENTRY(ns, zend_name, name, arg_info, 0) #define ZEND_NS_FE(ns, name, arg_info) ZEND_NS_FENTRY(ns, name, ZEND_FN(name), arg_info, 0) #define ZEND_NS_DEP_FE(ns, name, arg_info) ZEND_NS_FENTRY(ns, name, ZEND_FN(name), arg_info, ZEND_ACC_DEPRECATED) #define ZEND_NS_FALIAS(ns, name, alias, arg_info) ZEND_NS_FENTRY(ns, name, ZEND_FN(alias), arg_info, 0) diff -Nru php5-5.4.15/Zend/zend_alloc.c php5-5.4.16/Zend/zend_alloc.c --- php5-5.4.15/Zend/zend_alloc.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/Zend/zend_alloc.c 2013-06-05 05:03:57.000000000 +0000 @@ -672,7 +672,7 @@ #elif defined(__GNUC__) && defined(__x86_64__) unsigned long n; - __asm__("bsrq %1,%0\n\t" : "=r" (n) : "rm" (_size)); + __asm__("bsr %1,%0\n\t" : "=r" (n) : "rm" (_size)); return (unsigned int)n; #elif defined(_MSC_VER) && defined(_M_IX86) __asm { @@ -698,12 +698,12 @@ #elif defined(__GNUC__) && defined(__x86_64__) unsigned long n; - __asm__("bsfq %1,%0\n\t" : "=r" (n) : "rm" (_size)); + __asm__("bsf %1,%0\n\t" : "=r" (n) : "rm" (_size)); return (unsigned int)n; #elif defined(_MSC_VER) && defined(_M_IX86) __asm { bsf eax, _size - } + } #else static const int offset[16] = {4,0,1,0,2,0,1,0,3,0,1,0,2,0,1,0}; unsigned int n; @@ -2481,12 +2481,22 @@ size_t res = nmemb; unsigned long overflow = 0; - __asm__ ("mulq %3\n\taddq %4,%0\n\tadcq %1,%1" +#ifdef __ILP32__ /* x32 */ +# define LP_SUFF "l" +#else /* amd64 */ +# define LP_SUFF "q" +#endif + + __asm__ ("mul" LP_SUFF " %3\n\t" + "add %4,%0\n\t" + "adc %1,%1" : "=&a"(res), "=&d" (overflow) : "%0"(res), "rm"(size), "rm"(offset)); +#undef LP_SUFF + if (UNEXPECTED(overflow)) { zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); return 0; diff -Nru php5-5.4.15/Zend/zend_exceptions.c php5-5.4.16/Zend/zend_exceptions.c --- php5-5.4.15/Zend/zend_exceptions.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/Zend/zend_exceptions.c 2013-06-05 05:03:57.000000000 +0000 @@ -817,6 +817,10 @@ if (instanceof_function(ce_exception, default_exception_ce TSRMLS_CC)) { file = zend_read_property(default_exception_ce, EG(exception), "file", sizeof("file")-1, 1 TSRMLS_CC); line = zend_read_property(default_exception_ce, EG(exception), "line", sizeof("line")-1, 1 TSRMLS_CC); + + convert_to_string(file); + file = (Z_STRLEN_P(file) > 0) ? file : NULL; + line = (Z_TYPE_P(line) == IS_LONG) ? line : NULL; } else { file = NULL; line = NULL; @@ -828,7 +832,11 @@ file = zend_read_property(default_exception_ce, exception, "file", sizeof("file")-1, 1 TSRMLS_CC); line = zend_read_property(default_exception_ce, exception, "line", sizeof("line")-1, 1 TSRMLS_CC); - zend_error_va(severity, Z_STRVAL_P(file), Z_LVAL_P(line), "Uncaught %s\n thrown", Z_STRVAL_P(str)); + convert_to_string(str); + convert_to_string(file); + convert_to_long(line); + + zend_error_va(severity, (Z_STRLEN_P(file) > 0) ? Z_STRVAL_P(file) : NULL, Z_LVAL_P(line), "Uncaught %s\n thrown", Z_STRVAL_P(str)); } else { zend_error(severity, "Uncaught exception '%s'", ce_exception->name); } diff -Nru php5-5.4.15/Zend/zend_language_scanner.c php5-5.4.16/Zend/zend_language_scanner.c --- php5-5.4.15/Zend/zend_language_scanner.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/Zend/zend_language_scanner.c 2013-06-05 05:03:57.000000000 +0000 @@ -1,4 +1,4 @@ -/* Generated by re2c 0.13.5 on Wed Mar 27 23:52:29 2013 */ +/* Generated by re2c 0.13.5 on Mon May 20 00:45:38 2013 */ #line 1 "Zend/zend_language_scanner.l" /* +----------------------------------------------------------------------+ @@ -585,7 +585,7 @@ compiler_result = zendparse(TSRMLS_C); zend_do_return(&retval_znode, 0 TSRMLS_CC); CG(in_compilation) = original_in_compilation; - if (compiler_result==1) { /* parser error */ + if (compiler_result != 0) { /* parser error */ zend_bailout(); } compilation_successful=1; @@ -760,7 +760,7 @@ SCNG(script_filtered) = NULL; } - if (compiler_result==1) { + if (compiler_result != 0) { CG(active_op_array) = original_active_op_array; CG(unclean_shutdown)=1; destroy_op_array(op_array TSRMLS_CC); diff -Nru php5-5.4.15/Zend/zend_language_scanner.l php5-5.4.16/Zend/zend_language_scanner.l --- php5-5.4.15/Zend/zend_language_scanner.l 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/Zend/zend_language_scanner.l 2013-06-05 05:03:57.000000000 +0000 @@ -583,7 +583,7 @@ compiler_result = zendparse(TSRMLS_C); zend_do_return(&retval_znode, 0 TSRMLS_CC); CG(in_compilation) = original_in_compilation; - if (compiler_result==1) { /* parser error */ + if (compiler_result != 0) { /* parser error */ zend_bailout(); } compilation_successful=1; @@ -758,7 +758,7 @@ SCNG(script_filtered) = NULL; } - if (compiler_result==1) { + if (compiler_result != 0) { CG(active_op_array) = original_active_op_array; CG(unclean_shutdown)=1; destroy_op_array(op_array TSRMLS_CC); diff -Nru php5-5.4.15/Zend/zend_multiply.h php5-5.4.16/Zend/zend_multiply.h --- php5-5.4.15/Zend/zend_multiply.h 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/Zend/zend_multiply.h 2013-06-05 05:03:57.000000000 +0000 @@ -35,8 +35,8 @@ #define ZEND_SIGNED_MULTIPLY_LONG(a, b, lval, dval, usedval) do { \ long __tmpvar; \ - __asm__ ("imulq %3,%0\n" \ - "adcq $0,%1" \ + __asm__ ("imul %3,%0\n" \ + "adc $0,%1" \ : "=r"(__tmpvar),"=r"(usedval) \ : "0"(a), "r"(b), "1"(0)); \ if (usedval) (dval) = (double) (a) * (double) (b); \ diff -Nru php5-5.4.15/Zend/zend_object_handlers.c php5-5.4.16/Zend/zend_object_handlers.c --- php5-5.4.15/Zend/zend_object_handlers.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/Zend/zend_object_handlers.c 2013-06-05 05:03:57.000000000 +0000 @@ -1278,6 +1278,14 @@ } } + if (UNEXPECTED(CE_STATIC_MEMBERS(ce) == NULL) || + UNEXPECTED(CE_STATIC_MEMBERS(ce)[property_info->offset] == NULL)) { + if (!silent) { + zend_error_noreturn(E_ERROR, "Access to undeclared static property: %s::$%s", ce->name, property_name); + } + return NULL; + } + return &CE_STATIC_MEMBERS(ce)[property_info->offset]; } /* }}} */ diff -Nru php5-5.4.15/Zend/zend_opcode.c php5-5.4.16/Zend/zend_opcode.c --- php5-5.4.15/Zend/zend_opcode.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/Zend/zend_opcode.c 2013-06-05 05:03:57.000000000 +0000 @@ -162,8 +162,9 @@ for (i = 0; i < ce->default_static_members_count; i++) { if (ce->static_members_table[i]) { - zval_ptr_dtor(&ce->static_members_table[i]); + zval *p = ce->static_members_table[i]; ce->static_members_table[i] = NULL; + zval_ptr_dtor(&p); } } ce->static_members_table = NULL; diff -Nru php5-5.4.15/configure php5-5.4.16/configure --- php5-5.4.15/configure 2013-05-08 05:56:50.000000000 +0000 +++ php5-5.4.16/configure 2013-06-05 05:24:13.000000000 +0000 @@ -835,6 +835,7 @@ RE2C SHLIB_SUFFIX_NAME SHLIB_DL_SUFFIX_NAME +php_fpm_systemd php_fpm_user php_fpm_group php_fpm_sysconfdir @@ -1539,6 +1540,7 @@ --with-fpm-user=USER Set the user for php-fpm to run as. (default: nobody) --with-fpm-group=GRP Set the group for php-fpm to run as. For a system user, this should usually be set to match the fpm username (default: nobody) + --with-fpm-systemd Activate systemd integration --with-isapi=DIR Build PHP as an ISAPI module for use with Zeus --with-litespeed Build PHP as litespeed module --with-milter=DIR Build PHP as Milter application @@ -2733,7 +2735,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=4 -PHP_RELEASE_VERSION=15 +PHP_RELEASE_VERSION=16 PHP_EXTRA_VERSION="" PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION" PHP_VERSION_ID=`expr $PHP_MAJOR_VERSION \* 10000 + $PHP_MINOR_VERSION \* 100 + $PHP_RELEASE_VERSION` @@ -13769,6 +13771,274 @@ + +php_with_fpm_systemd=no + + + +# Check whether --with-fpm-systemd was given. +if test "${with_fpm_systemd+set}" = set; then + withval=$with_fpm_systemd; PHP_FPM_SYSTEMD=$withval +else + + PHP_FPM_SYSTEMD=no + + +fi + + +ext_output=$PHP_FPM_SYSTEMD + + + + + + if test "$PHP_FPM_SYSTEMD" != "no" ; then + { echo "$as_me:$LINENO: checking for sd_notify in -lsystemd-daemon" >&5 +echo $ECHO_N "checking for sd_notify in -lsystemd-daemon... $ECHO_C" >&6; } +if test "${ac_cv_lib_systemd_daemon_sd_notify+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lsystemd-daemon $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char sd_notify (); +int +main () +{ +return sd_notify (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_lib_systemd_daemon_sd_notify=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lib_systemd_daemon_sd_notify=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ echo "$as_me:$LINENO: result: $ac_cv_lib_systemd_daemon_sd_notify" >&5 +echo "${ECHO_T}$ac_cv_lib_systemd_daemon_sd_notify" >&6; } +if test $ac_cv_lib_systemd_daemon_sd_notify = yes; then + SYSTEMD_LIBS="-lsystemd-daemon" +fi + + +for ac_header in systemd/sd-daemon.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + { echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +ac_res=`eval echo '${'$as_ac_Header'}'` + { echo "$as_me:$LINENO: result: $ac_res" >&5 +echo "${ECHO_T}$ac_res" >&6; } +else + # Is the header compilable? +{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_compiler=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6; } + +# Is the header present? +{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi + +rm -f conftest.err conftest.$ac_ext +{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + + ;; +esac +{ echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +ac_res=`eval echo '${'$as_ac_Header'}'` + { echo "$as_me:$LINENO: result: $ac_res" >&5 +echo "${ECHO_T}$ac_res" >&6; } + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + HAVE_SD_DAEMON_H="yes" +else + HAVE_SD_DAEMON_H="no" +fi + +done + + if test $HAVE_SD_DAEMON_H = "no" || test -z "${SYSTEMD_LIBS}"; then + { { echo "$as_me:$LINENO: error: Your system does not support systemd." >&5 +echo "$as_me: error: Your system does not support systemd." >&2;} + { (exit 1); exit 1; }; } + else + +cat >>confdefs.h <<\_ACEOF +#define HAVE_SYSTEMD 1 +_ACEOF + + PHP_FPM_SD_FILES="fpm/fpm_systemd.c" + + + case systemd-daemon in + c|c_r|pthread*) ;; + *) + LIBS="-lsystemd-daemon $LIBS" + ;; + esac + + + php_fpm_systemd=notify + fi + else + php_fpm_systemd=simple + fi + + + PHP_VAR_SUBST="$PHP_VAR_SUBST php_fpm_systemd" + + + + +cat >>confdefs.h <<_ACEOF +#define PHP_FPM_SYSTEMD "$php_fpm_systemd" +_ACEOF + + if test -z "$PHP_FPM_USER" -o "$PHP_FPM_USER" = "yes" -o "$PHP_FPM_USER" = "no"; then php_fpm_user="nobody" else @@ -13977,7 +14247,7 @@ old_IFS=$IFS - for ac_src in $PHP_FPM_FILES $PHP_FPM_TRACE_FILES; do + for ac_src in $PHP_FPM_FILES $PHP_FPM_TRACE_FILES $PHP_FPM_SD_FILES; do IFS=. set $ac_src @@ -108278,121 +108548,6 @@ fi - { echo "$as_me:$LINENO: checking for buggy snmp_snprint_value" >&5 -echo $ECHO_N "checking for buggy snmp_snprint_value... $ECHO_C" >&6; } -if test "${ac_cv_buggy_snprint_value+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - save_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -I${SNMP_PREFIX}/include $SNMP_SHARED_LIBADD" - if test "$cross_compiling" = yes; then - - ac_cv_buggy_snprint_value=no - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#include -#include -#include - -u_char uname[] = "Linux nex1.php.net 2.6.18-194.32.1.el5 #1 SMP Wed Jan 5 17:53:09 EST 2011 i686"; - -int main(int argc, char **argv) -{ - struct variable_list vars; - char buf1[2048]; - char buf2[sizeof(buf1)]; - - memset(&(buf1[0]), 0, sizeof(buf1)); - memset(&(buf2[0]), 0, sizeof(buf2)); - memset(&vars, 0, sizeof(vars)); - vars.type = 4; - vars.val.integer = (long *)&(uname[0]); - vars.val.string = &(uname[0]); - vars.val.bitstring = &(uname[0]); - vars.val.counter64 = (struct counter64 *)&(uname[0]); - vars.val.floatVal = (float *)&(uname[0]); - vars.val_len = sizeof(uname), - vars.name_loc[0] = 1; - vars.name_loc[1] = 3; - vars.name_loc[2] = 6; - vars.name_loc[3] = 1; - vars.name_loc[4] = 2; - vars.name_loc[5] = 1; - vars.name_loc[6] = 1; - vars.name_loc[7] = 1; - vars.name = (oid *)&(vars.name_loc); - vars.name_length = 9; - - init_snmp("snmpapp"); - - netsnmp_ds_set_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT, 0); - - snprint_value(buf1, (sizeof(uname) + 32), vars.name, vars.name_length, &vars); - snprint_value(buf2, sizeof(buf2), vars.name, vars.name_length, &vars); - exit((strncmp(buf1, buf2, sizeof(buf1)) != 0)); -} - -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - - ac_cv_buggy_snprint_value=no - -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - - ac_cv_buggy_snprint_value=yes - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - - CFLAGS="$save_CFLAGS" - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_buggy_snprint_value" >&5 -echo "${ECHO_T}$ac_cv_buggy_snprint_value" >&6; } - if test "$ac_cv_buggy_snprint_value" = "yes"; then - -cat >>confdefs.h <<\_ACEOF -#define BUGGY_SNMPRINT_VALUE 1 -_ACEOF - - fi - ext_builddir=ext/snmp ext_srcdir=$abs_srcdir/ext/snmp @@ -134759,7 +134914,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext + echo '#line 137566 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -138938,7 +139093,7 @@ LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" cat > conftest.$ac_ext <&5) + (eval echo "\"configure:139254: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "configure:139103: \$? = $ac_status" >&5 + echo "configure:139258: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -139394,11 +139549,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"configure:139397: $lt_compile\"" >&5) + (eval echo "\"configure:139552: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "configure:139401: \$? = $ac_status" >&5 + echo "configure:139556: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -139498,11 +139653,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"configure:139501: $lt_compile\"" >&5) + (eval echo "\"configure:139656: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "configure:139505: \$? = $ac_status" >&5 + echo "configure:139660: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -139962,7 +140117,7 @@ # Determine the default libpath from the value encoded in an empty executable. cat > conftest.$ac_ext < conftest.$ac_ext < conftest.$ac_ext < conftest.$ac_ext < conftest.$ac_ext < conftest.$ac_ext <&5) + (eval echo "\"configure:144438: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "configure:144287: \$? = $ac_status" >&5 + echo "configure:144442: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -144384,11 +144539,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"configure:144387: $lt_compile\"" >&5) + (eval echo "\"configure:144542: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "configure:144391: \$? = $ac_status" >&5 + echo "configure:144546: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -147046,6 +147201,7 @@ RE2C!$RE2C$ac_delim SHLIB_SUFFIX_NAME!$SHLIB_SUFFIX_NAME$ac_delim SHLIB_DL_SUFFIX_NAME!$SHLIB_DL_SUFFIX_NAME$ac_delim +php_fpm_systemd!$php_fpm_systemd$ac_delim php_fpm_user!$php_fpm_user$ac_delim php_fpm_group!$php_fpm_group$ac_delim php_fpm_sysconfdir!$php_fpm_sysconfdir$ac_delim @@ -147073,7 +147229,6 @@ ODBC_INCLUDE!$ODBC_INCLUDE$ac_delim ODBC_LIBS!$ODBC_LIBS$ac_delim ODBC_LFLAGS!$ODBC_LFLAGS$ac_delim -ODBC_TYPE!$ODBC_TYPE$ac_delim _ACEOF if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then @@ -147115,6 +147270,7 @@ ac_delim='%!_!# ' for ac_last_try in false false false false false :; do cat >conf$$subs.sed <<_ACEOF +ODBC_TYPE!$ODBC_TYPE$ac_delim PDO_MYSQL_MODULE_TYPE!$PDO_MYSQL_MODULE_TYPE$ac_delim PDO_OCI_SHARED_LIBADD!$PDO_OCI_SHARED_LIBADD$ac_delim PDO_OCI_DIR!$PDO_OCI_DIR$ac_delim @@ -147165,7 +147321,7 @@ LTLIBOBJS!$LTLIBOBJS$ac_delim _ACEOF - if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 48; then + if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 49; then break elif $ac_last_try; then { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 diff -Nru php5-5.4.15/configure.in php5-5.4.16/configure.in --- php5-5.4.15/configure.in 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/configure.in 2013-06-05 05:03:57.000000000 +0000 @@ -119,7 +119,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=4 -PHP_RELEASE_VERSION=15 +PHP_RELEASE_VERSION=16 PHP_EXTRA_VERSION="" PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION" PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` diff -Nru php5-5.4.15/debian/changelog php5-5.4.16/debian/changelog --- php5-5.4.15/debian/changelog 2013-05-11 02:19:52.000000000 +0000 +++ php5-5.4.16/debian/changelog 2013-06-07 16:49:36.000000000 +0000 @@ -1,3 +1,10 @@ +php5 (5.4.16-1~ppa1~precise) precise; urgency=high + + * New upstream release + * Fixes CVE-2013-2110 + + -- Nathan Rennie-Waldock Fri, 07 Jun 2013 17:49:23 +0100 + php5 (5.4.15-1~ppa1~precise) precise; urgency=low * New upstream release diff -Nru php5-5.4.15/debian/patches/036-fd_setsize_fix.patch php5-5.4.16/debian/patches/036-fd_setsize_fix.patch --- php5-5.4.15/debian/patches/036-fd_setsize_fix.patch 2013-05-11 02:19:49.000000000 +0000 +++ php5-5.4.16/debian/patches/036-fd_setsize_fix.patch 2013-06-08 13:22:45.000000000 +0000 @@ -15,12 +15,12 @@ if (php_sock->bsd_socket > *max_fd) { --- a/ext/standard/streamsfuncs.c +++ b/ext/standard/streamsfuncs.c -@@ -621,6 +621,8 @@ +@@ -625,6 +625,8 @@ * is not displayed. * */ - if (SUCCESS == php_stream_cast(stream, PHP_STREAM_AS_FD_FOR_SELECT | PHP_STREAM_CAST_INTERNAL, (void*)&this_fd, 1) && this_fd != -1) { -+ if (this_fd > FD_SETSIZE) + if (SUCCESS == php_stream_cast(stream, PHP_STREAM_AS_FD_FOR_SELECT | PHP_STREAM_CAST_INTERNAL, (void*)&tmp_fd, 1) && tmp_fd != -1) { ++ if (tmp_fd > FD_SETSIZE) + continue; - PHP_SAFE_FD_SET(this_fd, fds); + php_socket_t this_fd = (php_socket_t)tmp_fd; diff -Nru php5-5.4.15/ext/calendar/jewish.c php5-5.4.16/ext/calendar/jewish.c --- php5-5.4.15/ext/calendar/jewish.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/calendar/jewish.c 2013-06-05 05:03:57.000000000 +0000 @@ -272,6 +272,7 @@ #define HALAKIM_PER_METONIC_CYCLE (HALAKIM_PER_LUNAR_CYCLE * (12 * 19 + 7)) #define JEWISH_SDN_OFFSET 347997 +#define JEWISH_SDN_MAX 324542846L /* 12/13/887605, greater value raises interger overflow */ #define NEW_MOON_OF_CREATION 31524 #define SUNDAY 0 @@ -519,7 +520,7 @@ int tishri1After; int yearLength; - if (sdn <= JEWISH_SDN_OFFSET) { + if (sdn <= JEWISH_SDN_OFFSET || sdn > JEWISH_SDN_MAX) { *pYear = 0; *pMonth = 0; *pDay = 0; diff -Nru php5-5.4.15/ext/calendar/tests/jdtojewish64.phpt php5-5.4.16/ext/calendar/tests/jdtojewish64.phpt --- php5-5.4.15/ext/calendar/tests/jdtojewish64.phpt 1970-01-01 00:00:00.000000000 +0000 +++ php5-5.4.16/ext/calendar/tests/jdtojewish64.phpt 2013-06-05 05:03:57.000000000 +0000 @@ -0,0 +1,19 @@ +--TEST-- +Bug #64895: Integer overflow in SndToJewish +--SKIPIF-- + +--FILE-- +nmagic, nm) != (ssize_t)nm) { + if (php_stream_write(stream, (const char *)map->nmagic, nm) != (ssize_t)nm) { file_error(ms, errno, "error writing `%s'", dbname); goto out; } @@ -2792,7 +2792,7 @@ for (i = 0; i < MAGIC_SETS; i++) { len = m * map->nmagic[i]; - if (php_stream_write(stream, map->magic[i], len) != (ssize_t)len) { + if (php_stream_write(stream, (const char *)map->magic[i], len) != (ssize_t)len) { file_error(ms, errno, "error writing `%s'", dbname); goto out; } diff -Nru php5-5.4.15/ext/fileinfo/libmagic/magic.c php5-5.4.16/ext/fileinfo/libmagic/magic.c --- php5-5.4.15/ext/fileinfo/libmagic/magic.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/fileinfo/libmagic/magic.c 2013-06-05 05:03:57.000000000 +0000 @@ -80,11 +80,12 @@ # undef S_IFIFO #endif -private void free_mlist(struct mlist *); private void close_and_restore(const struct magic_set *, const char *, int, const struct stat *); private int unreadable_info(struct magic_set *, mode_t, const char *); +#if 0 private const char* get_default_magic(void); +#endif private const char *file_or_stream(struct magic_set *, const char *, php_stream *); #ifndef STDIN_FILENO diff -Nru php5-5.4.15/ext/fileinfo/libmagic/print.c php5-5.4.16/ext/fileinfo/libmagic/print.c --- php5-5.4.15/ext/fileinfo/libmagic/print.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/fileinfo/libmagic/print.c 2013-06-05 05:03:57.000000000 +0000 @@ -33,6 +33,7 @@ #include "php.h" #include "file.h" +#include "cdf.h" #ifndef lint FILE_RCSID("@(#)$File: print.c,v 1.76 2013/02/26 18:25:00 christos Exp $") @@ -63,7 +64,7 @@ TSRMLS_FETCH(); va_start(va, f); - vasprintf(&expanded_format, f, va); + if (vasprintf(&expanded_format, f, va)); /* silence */ va_end(va); php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Warning: %s", expanded_format); diff -Nru php5-5.4.15/ext/fileinfo/libmagic/softmagic.c php5-5.4.16/ext/fileinfo/libmagic/softmagic.c --- php5-5.4.15/ext/fileinfo/libmagic/softmagic.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/fileinfo/libmagic/softmagic.c 2013-06-05 05:03:57.000000000 +0000 @@ -1699,7 +1699,7 @@ return -1; if (file_printf(ms, "%s", rbuf) == -1) return -1; - free(rbuf); + efree(rbuf); } return rv; diff -Nru php5-5.4.15/ext/fileinfo/libmagic.patch php5-5.4.16/ext/fileinfo/libmagic.patch --- php5-5.4.15/ext/fileinfo/libmagic.patch 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/fileinfo/libmagic.patch 2013-06-05 05:03:57.000000000 +0000 @@ -1,6 +1,6 @@ diff -u libmagic.orig/apprentice.c libmagic/apprentice.c --- libmagic.orig/apprentice.c 2013-03-21 18:45:14.000000000 +0100 -+++ libmagic/apprentice.c 2013-04-08 16:14:17.828357711 +0200 ++++ libmagic/apprentice.c 2013-04-27 13:53:32.175250261 +0200 @@ -29,6 +29,8 @@ * apprentice - make one pass through /etc/magic, learning its secrets. */ @@ -352,7 +352,7 @@ file_oomem(ms, slen); return -1; } -@@ -1102,14 +1121,14 @@ +@@ -1102,27 +1121,29 @@ if (me == NULL) return; for (i = 0; i < nme; i++) @@ -370,8 +370,9 @@ struct magic_entry *mentry[MAGIC_SETS] = { NULL }; uint32_t mentrycount[MAGIC_SETS] = { 0 }; uint32_t i, j; -@@ -1117,12 +1136,14 @@ - char **filearr = NULL, *mfn; + size_t files = 0, maxfiles = 0; +- char **filearr = NULL, *mfn; ++ char **filearr = NULL; struct stat st; struct magic_map *map; - DIR *dir; @@ -411,7 +412,7 @@ + int mflen; + char mfn[MAXPATHLEN]; + -+ dir = php_stream_opendir(fn, REPORT_ERRORS, NULL); ++ dir = php_stream_opendir((char *)fn, REPORT_ERRORS, NULL); if (!dir) { errs++; goto out; @@ -578,7 +579,7 @@ +#ifdef PHP_WIN32 + /* Don't bother on windows with php_stream_open_wrapper, + return to give apprentice_load() a chance. */ -+ if (php_stream_stat_path_ex(fn, 0, &st, NULL) == SUCCESS) { ++ if (php_stream_stat_path_ex((char *)fn, 0, &st, NULL) == SUCCESS) { + if (st.sb.st_mode & S_IFDIR) { + goto error; + } @@ -751,7 +752,7 @@ } - if (write(fd, map->nmagic, nm) != (ssize_t)nm) { -+ if (php_stream_write(stream, map->nmagic, nm) != (ssize_t)nm) { ++ if (php_stream_write(stream, (const char *)map->nmagic, nm) != (ssize_t)nm) { file_error(ms, errno, "error writing `%s'", dbname); goto out; } @@ -767,7 +768,7 @@ for (i = 0; i < MAGIC_SETS; i++) { len = m * map->nmagic[i]; - if (write(fd, map->magic[i], len) != (ssize_t)len) { -+ if (php_stream_write(stream, map->magic[i], len) != (ssize_t)len) { ++ if (php_stream_write(stream, (const char *)map->magic[i], len) != (ssize_t)len) { file_error(ms, errno, "error writing `%s'", dbname); goto out; } @@ -2047,7 +2048,7 @@ + diff -u libmagic.orig/magic.c libmagic/magic.c --- libmagic.orig/magic.c 2013-01-11 17:43:09.000000000 +0100 -+++ libmagic/magic.c 2013-04-08 15:42:57.328298809 +0200 ++++ libmagic/magic.c 2013-04-27 13:53:32.175250261 +0200 @@ -25,11 +25,6 @@ * SUCH DAMAGE. */ @@ -2089,7 +2090,7 @@ #if defined(HAVE_UTIMES) # include #elif defined(HAVE_UTIME) -@@ -71,18 +75,24 @@ +@@ -71,18 +75,25 @@ #endif #endif @@ -2098,14 +2099,14 @@ +# undef S_IFIFO +#endif + -+private void free_mlist(struct mlist *); private void close_and_restore(const struct magic_set *, const char *, int, const struct stat *); private int unreadable_info(struct magic_set *, mode_t, const char *); ++#if 0 private const char* get_default_magic(void); -#ifndef COMPILE_ONLY -private const char *file_or_fd(struct magic_set *, const char *, int); --#endif + #endif +private const char *file_or_stream(struct magic_set *, const char *, php_stream *); #ifndef STDIN_FILENO @@ -2117,7 +2118,7 @@ private const char * get_default_magic(void) { -@@ -90,7 +100,7 @@ +@@ -90,7 +101,7 @@ static char *default_magic; char *home, *hmagicpath; @@ -2126,7 +2127,7 @@ struct stat st; if (default_magic) { -@@ -104,17 +114,17 @@ +@@ -104,17 +115,17 @@ return MAGIC; if (stat(hmagicpath, &st) == -1) { free(hmagicpath); @@ -2153,7 +2154,7 @@ } if (asprintf(&default_magic, "%s:%s", hmagicpath, MAGIC) < 0) -@@ -128,6 +138,7 @@ +@@ -128,6 +139,7 @@ #else char *hmagicp = hmagicpath; char *tmppath = NULL; @@ -2161,7 +2162,7 @@ #define APPENDPATH() \ do { \ -@@ -172,7 +183,7 @@ +@@ -172,7 +184,7 @@ } /* Third, try to get magic file relative to dll location */ @@ -2170,7 +2171,7 @@ dllpath[MAX_PATH] = 0; /* just in case long path gets truncated and not null terminated */ if (GetModuleFileNameA(NULL, dllpath, MAX_PATH)){ PathRemoveFileSpecA(dllpath); -@@ -210,6 +221,7 @@ +@@ -210,6 +222,7 @@ return action == FILE_LOAD ? get_default_magic() : MAGIC; } @@ -2178,7 +2179,7 @@ public struct magic_set * magic_open(int flags) -@@ -250,7 +262,7 @@ +@@ -250,7 +263,7 @@ magic_load(struct magic_set *ms, const char *magicfile) { if (ms == NULL) @@ -2187,7 +2188,7 @@ return file_apprentice(ms, magicfile, FILE_LOAD); } -@@ -262,13 +274,6 @@ +@@ -262,13 +275,6 @@ return file_apprentice(ms, magicfile, FILE_COMPILE); } @@ -2201,7 +2202,7 @@ public int magic_list(struct magic_set *ms, const char *magicfile) -@@ -282,9 +287,6 @@ +@@ -282,9 +288,6 @@ close_and_restore(const struct magic_set *ms, const char *name, int fd, const struct stat *sb) { @@ -2211,7 +2212,7 @@ if ((ms->flags & MAGIC_PRESERVE_ATIME) != 0) { /* -@@ -311,7 +313,6 @@ +@@ -311,7 +314,6 @@ } } @@ -2219,7 +2220,7 @@ /* * find type of descriptor -@@ -321,7 +322,7 @@ +@@ -321,7 +323,7 @@ { if (ms == NULL) return NULL; @@ -2228,7 +2229,7 @@ } /* -@@ -332,30 +333,42 @@ +@@ -332,30 +334,42 @@ { if (ms == NULL) return NULL; @@ -2277,7 +2278,7 @@ case -1: /* error */ goto done; case 0: /* nothing found */ -@@ -365,68 +378,48 @@ +@@ -365,68 +379,48 @@ goto done; } @@ -2372,7 +2373,7 @@ return rv == 0 ? file_getbuffer(ms) : NULL; } -@@ -440,14 +433,13 @@ +@@ -440,14 +434,13 @@ return NULL; /* * The main work is done here! @@ -2410,8 +2411,8 @@ diff -u libmagic.orig/print.c libmagic/print.c --- libmagic.orig/print.c 2013-03-21 18:45:14.000000000 +0100 -+++ libmagic/print.c 2013-04-08 15:42:57.328298809 +0200 -@@ -28,6 +28,8 @@ ++++ libmagic/print.c 2013-04-27 13:53:32.175250261 +0200 +@@ -28,13 +28,17 @@ /* * print.c - debugging printout routines */ @@ -2419,8 +2420,9 @@ +#include "php.h" #include "file.h" ++#include "cdf.h" -@@ -35,6 +37,7 @@ + #ifndef lint FILE_RCSID("@(#)$File: print.c,v 1.76 2013/02/26 18:25:00 christos Exp $") #endif /* lint */ @@ -2428,7 +2430,7 @@ #include #include #include -@@ -43,188 +46,28 @@ +@@ -43,188 +47,28 @@ #endif #include @@ -2619,7 +2621,7 @@ - (void) fprintf(stderr, "Warning: "); va_start(va, f); - (void) vfprintf(stderr, f, va); -+ vasprintf(&expanded_format, f, va); ++ if (vasprintf(&expanded_format, f, va)); /* silence */ va_end(va); - (void) fputc('\n', stderr); + @@ -2629,7 +2631,7 @@ } protected const char * -@@ -235,7 +78,7 @@ +@@ -235,7 +79,7 @@ struct tm *tm; if (flags & FILE_T_WINDOWS) { @@ -2976,7 +2978,7 @@ typedef uint8_t Elf64_Char; diff -u libmagic.orig/softmagic.c libmagic/softmagic.c --- libmagic.orig/softmagic.c 2013-03-21 18:45:14.000000000 +0100 -+++ libmagic/softmagic.c 2013-04-08 15:42:57.328298809 +0200 ++++ libmagic/softmagic.c 2013-05-14 11:00:07.044745939 +0200 @@ -41,6 +41,11 @@ #include #include @@ -3121,7 +3123,7 @@ } } -@@ -1717,9 +1694,9 @@ +@@ -1717,12 +1694,12 @@ ms->o.buf = sbuf; ms->offset = soffset; if (rv == 1) { @@ -3132,7 +3134,11 @@ + return -1; if (file_printf(ms, "%s", rbuf) == -1) return -1; - free(rbuf); +- free(rbuf); ++ efree(rbuf); + } + return rv; + @@ -1837,6 +1814,42 @@ return file_strncmp(a, b, len, flags); } diff -Nru php5-5.4.15/ext/fileinfo/tests/finfo_file_002.phpt php5-5.4.16/ext/fileinfo/tests/finfo_file_002.phpt --- php5-5.4.15/ext/fileinfo/tests/finfo_file_002.phpt 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/fileinfo/tests/finfo_file_002.phpt 2013-06-05 05:03:57.000000000 +0000 @@ -18,7 +18,7 @@ var_dump($results); ?> --EXPECTF-- -array(7) { +array(8) { ["%s/resources/dir.zip"]=> string(15) "application/zip" ["%s/resources/test.awk"]=> @@ -29,6 +29,8 @@ string(9) "image/gif" ["%s/resources/test.jpg"]=> string(10) "image/jpeg" + ["%s/resources/test.mp3"]=> + string(10) "audio/mpeg" ["%s/resources/test.pdf"]=> string(15) "application/pdf" ["%s/resources/test.png"]=> Binary files /tmp/O5SJY4sGWW/php5-5.4.15/ext/fileinfo/tests/resources/test.mp3 and /tmp/_ZBrnWr_gL/php5-5.4.16/ext/fileinfo/tests/resources/test.mp3 differ diff -Nru php5-5.4.15/ext/filter/tests/bug49510.phpt php5-5.4.16/ext/filter/tests/bug49510.phpt --- php5-5.4.15/ext/filter/tests/bug49510.phpt 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/filter/tests/bug49510.phpt 2013-06-05 05:03:57.000000000 +0000 @@ -1,5 +1,7 @@ --TEST-- -#49510 boolean validation fails with FILTER_NULL_ON_FAILURE +Bug #49510 boolean validation fails with FILTER_NULL_ON_FAILURE +--SKIPIF-- + --FILE-- --FILE-- +--FILE-- +query('SELECT 1', MYSQLI_USE_RESULT); +$db->close(); +var_dump($result->fetch_object()); +?> +--EXPECTF-- +Warning: mysqli_result::fetch_object(): Error while reading a row in %sbug64726.php on line %d +bool(false) diff -Nru php5-5.4.15/ext/mysqlnd/mysqlnd_result.c php5-5.4.16/ext/mysqlnd/mysqlnd_result.c --- php5-5.4.15/ext/mysqlnd/mysqlnd_result.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/mysqlnd/mysqlnd_result.c 2013-06-05 05:03:57.000000000 +0000 @@ -1510,6 +1510,7 @@ mysqlnd_array_init(return_value, mysqlnd_num_fields(result) * 2); if (FAIL == result->m.fetch_row(result, (void *)return_value, flags, &fetched_anything TSRMLS_CC)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error while reading a row"); + zval_dtor(return_value); RETVAL_FALSE; } else if (fetched_anything == FALSE) { zval_dtor(return_value); diff -Nru php5-5.4.15/ext/phar/phar_object.c php5-5.4.16/ext/phar/phar_object.c --- php5-5.4.15/ext/phar/phar_object.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/phar/phar_object.c 2013-06-05 05:03:57.000000000 +0000 @@ -1899,6 +1899,10 @@ pass.count = 0; pass.ret = return_value; pass.fp = php_stream_fopen_tmpfile(); + if (pass.fp == NULL) { + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "phar \"%s\" unable to create temporary file", phar_obj->arc.archive->fname); + return; + } if (phar_obj->arc.archive->is_persistent && FAILURE == phar_copy_on_write(&(phar_obj->arc.archive) TSRMLS_CC)) { zval_ptr_dtor(&iteriter); @@ -1979,6 +1983,10 @@ pass.ret = return_value; pass.count = 0; pass.fp = php_stream_fopen_tmpfile(); + if (pass.fp == NULL) { + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "phar \"%s\": unable to create temporary file", phar_obj->arc.archive->fname); + return; + } if (SUCCESS == spl_iterator_apply(obj, (spl_iterator_apply_func_t) phar_build, (void *) &pass TSRMLS_CC)) { phar_obj->arc.archive->ufp = pass.fp; @@ -2311,6 +2319,10 @@ zend_get_hash_value, NULL, 0); phar->fp = php_stream_fopen_tmpfile(); + if (phar->fp == NULL) { + zend_throw_exception_ex(phar_ce_PharException, 0 TSRMLS_CC, "unable to create temporary file"); + return NULL; + } phar->fname = source->fname; phar->fname_len = source->fname_len; phar->is_temporary_alias = source->is_temporary_alias; diff -Nru php5-5.4.15/ext/phar/tar.c php5-5.4.16/ext/phar/tar.c --- php5-5.4.15/ext/phar/tar.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/phar/tar.c 2013-06-05 05:03:57.000000000 +0000 @@ -847,7 +847,10 @@ entry->is_modified = 1; entry->fp = php_stream_fopen_tmpfile(); entry->offset = entry->offset_abs = 0; - + if (entry->fp == NULL) { + spprintf(error, 0, "phar error: unable to create temporary file"); + return -1; + } if (entry->metadata_str.len != php_stream_write(entry->fp, entry->metadata_str.c, entry->metadata_str.len)) { spprintf(error, 0, "phar tar error: unable to write metadata to magic metadata file \"%s\"", entry->filename); zend_hash_del(&(entry->phar->manifest), entry->filename, entry->filename_len); @@ -949,7 +952,10 @@ entry.filename = estrndup(".phar/alias.txt", sizeof(".phar/alias.txt")-1); entry.filename_len = sizeof(".phar/alias.txt")-1; entry.fp = php_stream_fopen_tmpfile(); - + if (entry.fp == NULL) { + spprintf(error, 0, "phar error: unable to create temporary file"); + return -1; + } if (phar->alias_len != (int)php_stream_write(entry.fp, phar->alias, phar->alias_len)) { if (error) { spprintf(error, 0, "unable to set alias in tar-based phar \"%s\"", phar->fname); @@ -1014,6 +1020,10 @@ len = pos - user_stub + 18; entry.fp = php_stream_fopen_tmpfile(); + if (entry.fp == NULL) { + spprintf(error, 0, "phar error: unable to create temporary file"); + return EOF; + } entry.uncompressed_filesize = len + 5; if ((size_t)len != php_stream_write(entry.fp, user_stub, len) @@ -1038,7 +1048,10 @@ } else { /* Either this is a brand new phar (add the stub), or the default stub is required (overwrite the stub) */ entry.fp = php_stream_fopen_tmpfile(); - + if (entry.fp == NULL) { + spprintf(error, 0, "phar error: unable to create temporary file"); + return EOF; + } if (sizeof(newstub)-1 != php_stream_write(entry.fp, newstub, sizeof(newstub)-1)) { php_stream_close(entry.fp); if (error) { @@ -1087,7 +1100,6 @@ } newfile = php_stream_fopen_tmpfile(); - if (!newfile) { if (error) { spprintf(error, 0, "unable to create temporary file"); @@ -1174,7 +1186,10 @@ entry.filename = ".phar/signature.bin"; entry.filename_len = sizeof(".phar/signature.bin")-1; entry.fp = php_stream_fopen_tmpfile(); - + if (entry.fp == NULL) { + spprintf(error, 0, "phar error: unable to create temporary file"); + return EOF; + } #ifdef WORDS_BIGENDIAN # define PHAR_SET_32(var, buffer) \ *(php_uint32 *)(var) = (((((unsigned char*)&(buffer))[3]) << 24) \ diff -Nru php5-5.4.15/ext/phar/util.c php5-5.4.16/ext/phar/util.c --- php5-5.4.15/ext/phar/util.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/phar/util.c 2013-06-05 05:03:57.000000000 +0000 @@ -889,6 +889,10 @@ dest->offset = 0; dest->is_modified = 1; dest->fp = php_stream_fopen_tmpfile(); + if (dest->fp == NULL) { + spprintf(error, 0, "phar error: unable to create temporary file"); + return EOF; + } phar_seek_efp(source, 0, SEEK_SET, 0, 1 TSRMLS_CC); link = phar_get_link_source(source TSRMLS_CC); @@ -1129,6 +1133,10 @@ } fp = php_stream_fopen_tmpfile(); + if (fp == NULL) { + spprintf(error, 0, "phar error: unable to create temporary file"); + return FAILURE; + } phar_seek_efp(entry, 0, SEEK_SET, 0, 1 TSRMLS_CC); link = phar_get_link_source(entry TSRMLS_CC); diff -Nru php5-5.4.15/ext/phar/zip.c php5-5.4.16/ext/phar/zip.c --- php5-5.4.15/ext/phar/zip.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/phar/zip.c 2013-06-05 05:03:57.000000000 +0000 @@ -937,10 +937,11 @@ PHAR_SET_32(local.uncompsize, entry->uncompressed_filesize); PHAR_SET_32(central.compsize, entry->compressed_filesize); PHAR_SET_32(local.compsize, entry->compressed_filesize); - - if (-1 == php_stream_seek(p->old, entry->offset_abs, SEEK_SET)) { - spprintf(p->error, 0, "unable to seek to start of file \"%s\" while creating zip-based phar \"%s\"", entry->filename, entry->phar->fname); - return ZEND_HASH_APPLY_STOP; + if (p->old) { + if (-1 == php_stream_seek(p->old, entry->offset_abs, SEEK_SET)) { + spprintf(p->error, 0, "unable to seek to start of file \"%s\" while creating zip-based phar \"%s\"", entry->filename, entry->phar->fname); + return ZEND_HASH_APPLY_STOP; + } } } not_compressed: @@ -1095,6 +1096,10 @@ off_t tell, st; newfile = php_stream_fopen_tmpfile(); + if (newfile == NULL) { + spprintf(pass->error, 0, "phar error: unable to create temporary file for the signature file"); + return FAILURE; + } st = tell = php_stream_tell(pass->filefp); /* copy the local files, central directory, and the zip comment to generate the hash */ php_stream_seek(pass->filefp, 0, SEEK_SET); @@ -1122,6 +1127,10 @@ entry.fp = php_stream_fopen_tmpfile(); entry.fp_type = PHAR_MOD; entry.is_modified = 1; + if (entry.fp == NULL) { + spprintf(pass->error, 0, "phar error: unable to create temporary file for signature"); + return FAILURE; + } PHAR_SET_32(sigbuf, phar->sig_flags); PHAR_SET_32(sigbuf + 4, signature_length); @@ -1192,7 +1201,10 @@ /* set alias */ if (!phar->is_temporary_alias && phar->alias_len) { entry.fp = php_stream_fopen_tmpfile(); - + if (entry.fp == NULL) { + spprintf(error, 0, "phar error: unable to create temporary file"); + return EOF; + } if (phar->alias_len != (int)php_stream_write(entry.fp, phar->alias, phar->alias_len)) { if (error) { spprintf(error, 0, "unable to set alias in zip-based phar \"%s\"", phar->fname); @@ -1267,6 +1279,10 @@ len = pos - user_stub + 18; entry.fp = php_stream_fopen_tmpfile(); + if (entry.fp == NULL) { + spprintf(error, 0, "phar error: unable to create temporary file"); + return EOF; + } entry.uncompressed_filesize = len + 5; if ((size_t)len != php_stream_write(entry.fp, user_stub, len) @@ -1300,7 +1316,10 @@ } else { /* Either this is a brand new phar (add the stub), or the default stub is required (overwrite the stub) */ entry.fp = php_stream_fopen_tmpfile(); - + if (entry.fp == NULL) { + spprintf(error, 0, "phar error: unable to create temporary file"); + return EOF; + } if (sizeof(newstub)-1 != php_stream_write(entry.fp, newstub, sizeof(newstub)-1)) { php_stream_close(entry.fp); if (error) { diff -Nru php5-5.4.15/ext/snmp/config.m4 php5-5.4.16/ext/snmp/config.m4 --- php5-5.4.15/ext/snmp/config.m4 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/snmp/config.m4 2013-06-05 05:03:57.000000000 +0000 @@ -59,67 +59,6 @@ $SNMP_SHARED_LIBADD ]) - dnl Check for buggy snmp_snprint_value() (net-snmp BUGid 2027834) - AC_CACHE_CHECK([for buggy snmp_snprint_value], ac_cv_buggy_snprint_value,[ - save_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -I${SNMP_PREFIX}/include $SNMP_SHARED_LIBADD" - AC_TRY_RUN( [ -#include -#include -#include -#include -#include - -u_char uname[] = "Linux nex1.php.net 2.6.18-194.32.1.el5 #1 SMP Wed Jan 5 17:53:09 EST 2011 i686"; - -int main(int argc, char **argv) -{ - struct variable_list vars; - char buf1[2048]; - char buf2[sizeof(buf1)]; - - memset(&(buf1[0]), 0, sizeof(buf1)); - memset(&(buf2[0]), 0, sizeof(buf2)); - memset(&vars, 0, sizeof(vars)); - vars.type = 4; - vars.val.integer = (long *)&(uname[0]); - vars.val.string = &(uname[0]); - vars.val.bitstring = &(uname[0]); - vars.val.counter64 = (struct counter64 *)&(uname[0]); - vars.val.floatVal = (float *)&(uname[0]); - vars.val_len = sizeof(uname), - vars.name_loc[0] = 1; - vars.name_loc[1] = 3; - vars.name_loc[2] = 6; - vars.name_loc[3] = 1; - vars.name_loc[4] = 2; - vars.name_loc[5] = 1; - vars.name_loc[6] = 1; - vars.name_loc[7] = 1; - vars.name = (oid *)&(vars.name_loc); - vars.name_length = 9; - - init_snmp("snmpapp"); - - netsnmp_ds_set_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT, 0); - - snprint_value(buf1, (sizeof(uname) + 32), vars.name, vars.name_length, &vars); - snprint_value(buf2, sizeof(buf2), vars.name, vars.name_length, &vars); - exit((strncmp(buf1, buf2, sizeof(buf1)) != 0)); -} - ],[ - ac_cv_buggy_snprint_value=no - ],[ - ac_cv_buggy_snprint_value=yes - ],[ - ac_cv_buggy_snprint_value=no - ]) - CFLAGS="$save_CFLAGS" - ]) - if test "$ac_cv_buggy_snprint_value" = "yes"; then - AC_DEFINE(BUGGY_SNMPRINT_VALUE, 1, [ ]) - fi - PHP_NEW_EXTENSION(snmp, snmp.c, $ext_shared) PHP_SUBST(SNMP_SHARED_LIBADD) fi diff -Nru php5-5.4.15/ext/snmp/snmp.c php5-5.4.16/ext/snmp/snmp.c --- php5-5.4.15/ext/snmp/snmp.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/snmp/snmp.c 2013-06-05 05:03:57.000000000 +0000 @@ -551,35 +551,60 @@ static void php_snmp_getvalue(struct variable_list *vars, zval *snmpval TSRMLS_DC, int valueretrieval) { zval *val; -#ifdef BUGGY_SNMPRINT_VALUE - char sbuf[2048]; -#else - char sbuf[64]; -#endif + char sbuf[512]; char *buf = &(sbuf[0]); char *dbuf = (char *)NULL; int buflen = sizeof(sbuf) - 1; int val_len = vars->val_len; - if ((valueretrieval & SNMP_VALUE_PLAIN) == 0) { - val_len += 32; /* snprint_value will add type info into value, make some space for it */ + /* use emalloc() for large values, use static array otherwize */ + + /* There is no way to know the size of buffer snprint_value() needs in order to print a value there. + * So we are forced to probe it + */ + while ((valueretrieval & SNMP_VALUE_PLAIN) == 0) { + *buf = '\0'; + if (snprint_value(buf, buflen, vars->name, vars->name_length, vars) == -1) { + if (val_len > 512*1024) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "snprint_value() asks for a buffer more than 512k, Net-SNMP bug?"); + break; + } + /* buffer is not long enough to hold full output, double it */ + val_len *= 2; + } else { + break; + } + + if (buf == dbuf) { + dbuf = (char *)erealloc(dbuf, val_len + 1); + } else { + dbuf = (char *)emalloc(val_len + 1); + } + + if (!dbuf) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "emalloc() failed: %s, fallback to static buffer", strerror(errno)); + buf = &(sbuf[0]); + buflen = sizeof(sbuf) - 1; + break; + } + + buf = dbuf; + buflen = val_len; } - /* use emalloc() for large values, use static array otherwize */ - if(val_len > buflen){ + if((valueretrieval & SNMP_VALUE_PLAIN) && val_len > buflen){ if ((dbuf = (char *)emalloc(val_len + 1))) { buf = dbuf; buflen = val_len; } else { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "emalloc() failed: %s, fallback to static array", strerror(errno)); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "emalloc() failed: %s, fallback to static buffer", strerror(errno)); } } - *buf = 0; - MAKE_STD_ZVAL(val); if (valueretrieval & SNMP_VALUE_PLAIN) { + *buf = 0; switch (vars->type) { case ASN_BIT_STR: /* 0x03, asn1.h */ ZVAL_STRINGL(val, (char *)vars->val.bitstring, vars->val_len, 1); @@ -652,7 +677,7 @@ break; } } else /* use Net-SNMP value translation */ { - snprint_value(buf, buflen, vars->name, vars->name_length, vars); + /* we have desired string in buffer, just use it */ ZVAL_STRING(val, buf, 1); } @@ -1162,9 +1187,10 @@ continue; } if ((*res)->sa_family == AF_INET6) { - strcpy(session->peername, "udp6:"); + strcpy(session->peername, "udp6:["); pptr = session->peername + strlen(session->peername); inet_ntop((*res)->sa_family, &(((struct sockaddr_in6*)(*res))->sin6_addr), pptr, MAX_NAME_LEN); + strcat(pptr, "]"); } else if ((*res)->sa_family == AF_INET) { inet_ntop((*res)->sa_family, &(((struct sockaddr_in*)(*res))->sin_addr), pptr, MAX_NAME_LEN); } else { diff -Nru php5-5.4.15/ext/snmp/tests/README php5-5.4.16/ext/snmp/tests/README --- php5-5.4.15/ext/snmp/tests/README 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/snmp/tests/README 2013-06-05 05:03:57.000000000 +0000 @@ -35,6 +35,8 @@ Before launching daemon make sure that there is no file /var/net-snmp/snmpd.conf Delete it if exists. Ingoring to to so will fail SNMPv3 tests. +- Place bigtest.sh near snmpd.conf, tune path to it in snmpd.conf + - Launch snmpd (service snmpd start or /etc/init.d/snmpd start). Alternatively you can start snmpd daemon using following command line: sudo snmpd -C -c ./snmpd.conf -f -Le diff -Nru php5-5.4.15/ext/snmp/tests/bigtest.sh php5-5.4.16/ext/snmp/tests/bigtest.sh --- php5-5.4.15/ext/snmp/tests/bigtest.sh 1970-01-01 00:00:00.000000000 +0000 +++ php5-5.4.16/ext/snmp/tests/bigtest.sh 2013-06-05 05:03:57.000000000 +0000 @@ -0,0 +1,10 @@ +#!/bin/sh + +Q=""; +i=0; +while [ $i -lt 32 ]; do + Q="${Q}\3\2\4\11\22\13\14\15\16\17\20\21\22\23\24\25\26\27"; + i=$((i+1)); +done + +printf "${Q}" diff -Nru php5-5.4.15/ext/snmp/tests/bug64159.phpt php5-5.4.16/ext/snmp/tests/bug64159.phpt --- php5-5.4.15/ext/snmp/tests/bug64159.phpt 1970-01-01 00:00:00.000000000 +0000 +++ php5-5.4.16/ext/snmp/tests/bug64159.phpt 2013-06-05 05:03:57.000000000 +0000 @@ -0,0 +1,24 @@ +--TEST-- +Bug #64159: Truncated snmpget +--CREDITS-- +Boris Lytochkin +--SKIPIF-- + +--ENV-- +MIBS=noneXistent +--FILE-- + +--EXPECTF-- +MIB search path: %s +Cannot find module (noneXistent): At line %d in (%s) +bool(true) diff -Nru php5-5.4.15/ext/snmp/tests/snmp-object.phpt php5-5.4.16/ext/snmp/tests/snmp-object.phpt --- php5-5.4.15/ext/snmp/tests/snmp-object.phpt 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/snmp/tests/snmp-object.phpt 2013-06-05 05:03:57.000000000 +0000 @@ -90,12 +90,6 @@ var_dump(key($z)); array_shift($z); var_dump(key($z)); -array_shift($z); -var_dump(key($z)); -array_shift($z); -var_dump(key($z)); -array_shift($z); -var_dump(key($z)); var_dump($session->close()); echo "SNMPv3 (default security settings)\n"; @@ -211,9 +205,6 @@ string(3) "3.0" string(3) "4.0" string(3) "5.0" -string(3) "6.0" -string(3) "7.0" -string(3) "8.0" bool(true) SNMPv3 (default security settings) string(%d) "%S" diff -Nru php5-5.4.15/ext/snmp/tests/snmpd.conf php5-5.4.16/ext/snmp/tests/snmpd.conf --- php5-5.4.15/ext/snmp/tests/snmpd.conf 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/snmp/tests/snmpd.conf 2013-06-05 05:03:57.000000000 +0000 @@ -23,3 +23,5 @@ createUser noAuthUser authuser read noAuthUser noauth + +exec HexTest /bin/sh /etc/snmp/bigtest.sh diff -Nru php5-5.4.15/ext/soap/soap.c php5-5.4.16/ext/soap/soap.c --- php5-5.4.15/ext/soap/soap.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/soap/soap.c 2013-06-05 05:03:57.000000000 +0000 @@ -3909,7 +3909,7 @@ if (version == SOAP_1_1) { if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS) { - int new_len; + size_t new_len; xmlNodePtr node = xmlNewNode(NULL, BAD_CAST("faultcode")); char *str = php_escape_html_entities((unsigned char*)Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), &new_len, 0, 0, NULL TSRMLS_CC); xmlAddChild(param, node); @@ -3919,7 +3919,7 @@ xmlNodeSetContent(node, code); xmlFree(code); } else { - xmlNodeSetContentLen(node, BAD_CAST(str), new_len); + xmlNodeSetContentLen(node, BAD_CAST(str), (int)new_len); } efree(str); } @@ -3934,7 +3934,7 @@ detail_name = "detail"; } else { if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS) { - int new_len; + size_t new_len; xmlNodePtr node = xmlNewChild(param, ns, BAD_CAST("Code"), NULL); char *str = php_escape_html_entities((unsigned char*)Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), &new_len, 0, 0, NULL TSRMLS_CC); node = xmlNewChild(node, ns, BAD_CAST("Value"), NULL); @@ -3944,7 +3944,7 @@ xmlNodeSetContent(node, code); xmlFree(code); } else { - xmlNodeSetContentLen(node, BAD_CAST(str), new_len); + xmlNodeSetContentLen(node, BAD_CAST(str), (int)new_len); } efree(str); } diff -Nru php5-5.4.15/ext/sockets/sockets.c php5-5.4.16/ext/sockets/sockets.c --- php5-5.4.15/ext/sockets/sockets.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/sockets/sockets.c 2013-06-05 05:03:57.000000000 +0000 @@ -1822,8 +1822,8 @@ retval = recvfrom(php_sock->bsd_socket, recv_buf, arg3, arg4, (struct sockaddr *)&s_un, (socklen_t *)&slen); if (retval < 0) { - efree(recv_buf); PHP_SOCKET_ERROR(php_sock, "unable to recvfrom", errno); + efree(recv_buf); RETURN_FALSE; } @@ -1847,8 +1847,8 @@ retval = recvfrom(php_sock->bsd_socket, recv_buf, arg3, arg4, (struct sockaddr *)&sin, (socklen_t *)&slen); if (retval < 0) { - efree(recv_buf); PHP_SOCKET_ERROR(php_sock, "unable to recvfrom", errno); + efree(recv_buf); RETURN_FALSE; } @@ -1876,8 +1876,8 @@ retval = recvfrom(php_sock->bsd_socket, recv_buf, arg3, arg4, (struct sockaddr *)&sin6, (socklen_t *)&slen); if (retval < 0) { - efree(recv_buf); PHP_SOCKET_ERROR(php_sock, "unable to recvfrom", errno); + efree(recv_buf); RETURN_FALSE; } diff -Nru php5-5.4.15/ext/standard/quot_print.c php5-5.4.16/ext/standard/quot_print.c --- php5-5.4.15/ext/standard/quot_print.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/standard/quot_print.c 2013-06-05 05:03:57.000000000 +0000 @@ -151,7 +151,7 @@ unsigned char c, *ret, *d; char *hex = "0123456789ABCDEF"; - ret = safe_emalloc(1, 3 * length + 3 * (((3 * length)/PHP_QPRINT_MAXL) + 1), 0); + ret = safe_emalloc(3, length + (((3 * length)/(PHP_QPRINT_MAXL-9)) + 1), 1); d = ret; while (length--) { @@ -286,4 +286,4 @@ * End: * vim600: sw=4 ts=4 fdm=marker * vim<600: sw=4 ts=4 - */ \ No newline at end of file + */ diff -Nru php5-5.4.15/ext/standard/streamsfuncs.c php5-5.4.16/ext/standard/streamsfuncs.c --- php5-5.4.15/ext/standard/streamsfuncs.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/standard/streamsfuncs.c 2013-06-05 05:03:57.000000000 +0000 @@ -601,7 +601,6 @@ { zval **elem; php_stream *stream; - php_socket_t this_fd; int cnt = 0; if (Z_TYPE_P(stream_array) != IS_ARRAY) { @@ -611,6 +610,11 @@ zend_hash_get_current_data(Z_ARRVAL_P(stream_array), (void **) &elem) == SUCCESS; zend_hash_move_forward(Z_ARRVAL_P(stream_array))) { + /* Temporary int fd is needed for the STREAM data type on windows, passing this_fd directly to php_stream_cast() + would eventually bring a wrong result on x64. php_stream_cast() casts to int internally, and this will leave + the higher bits of a SOCKET variable uninitialized on systems with little endian. */ + int tmp_fd; + php_stream_from_zval_no_verify(stream, elem); if (stream == NULL) { continue; @@ -620,7 +624,9 @@ * when casting. It is only used here so that the buffered data warning * is not displayed. * */ - if (SUCCESS == php_stream_cast(stream, PHP_STREAM_AS_FD_FOR_SELECT | PHP_STREAM_CAST_INTERNAL, (void*)&this_fd, 1) && this_fd != -1) { + if (SUCCESS == php_stream_cast(stream, PHP_STREAM_AS_FD_FOR_SELECT | PHP_STREAM_CAST_INTERNAL, (void*)&tmp_fd, 1) && tmp_fd != -1) { + + php_socket_t this_fd = (php_socket_t)tmp_fd; PHP_SAFE_FD_SET(this_fd, fds); @@ -638,7 +644,6 @@ zval **elem, **dest_elem; php_stream *stream; HashTable *new_hash; - php_socket_t this_fd; int ret = 0; if (Z_TYPE_P(stream_array) != IS_ARRAY) { @@ -655,6 +660,11 @@ char *key; uint key_len; ulong num_ind; + /* Temporary int fd is needed for the STREAM data type on windows, passing this_fd directly to php_stream_cast() + would eventually bring a wrong result on x64. php_stream_cast() casts to int internally, and this will leave + the higher bits of a SOCKET variable uninitialized on systems with little endian. */ + int tmp_fd; + type = zend_hash_get_current_key_ex(Z_ARRVAL_P(stream_array), &key, &key_len, &num_ind, 0, NULL); @@ -672,7 +682,10 @@ * when casting. It is only used here so that the buffered data warning * is not displayed. */ - if (SUCCESS == php_stream_cast(stream, PHP_STREAM_AS_FD_FOR_SELECT | PHP_STREAM_CAST_INTERNAL, (void*)&this_fd, 1) && this_fd != -1) { + if (SUCCESS == php_stream_cast(stream, PHP_STREAM_AS_FD_FOR_SELECT | PHP_STREAM_CAST_INTERNAL, (void*)&tmp_fd, 1) && tmp_fd != -1) { + + php_socket_t this_fd = (php_socket_t)tmp_fd; + if (PHP_SAFE_FD_ISSET(this_fd, fds)) { if (type == HASH_KEY_IS_LONG) { zend_hash_index_update(new_hash, num_ind, (void *)elem, sizeof(zval *), (void **)&dest_elem); diff -Nru php5-5.4.15/ext/standard/tests/file/bug24482.phpt php5-5.4.16/ext/standard/tests/file/bug24482.phpt --- php5-5.4.15/ext/standard/tests/file/bug24482.phpt 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/ext/standard/tests/file/bug24482.phpt 2013-06-05 05:03:57.000000000 +0000 @@ -8,6 +8,11 @@ ?> --FILE-- array('pipe', 'r'), // stdin + 1 => array('pipe', 'w'), // stdout + 2 => array('pipe', 'w'), // strerr +); + +$other_opts = array('suppress_errors' => false, 'binary_pipes' => true); + +$cmd = (substr(PHP_OS, 0, 3) == 'WIN') ? 'dir' : 'ls'; +$p = proc_open($cmd, $descs, $pipes, '.', NULL, $other_opts); + +if (is_resource($p)) { + $data = ''; + + while (1) { + $w = $e = NULL; + $n = stream_select($pipes, $w, $e, 300); + + if ($n === false) { + echo "no streams \n"; + break; + } else if ($n === 0) { + echo "process timed out\n"; + proc_terminate($p, 9); + break; + } else if ($n > 0) { + $line = fread($pipes[1], 8192); + if (strlen($line) == 0) { + /* EOF */ + break; + } + $data .= $line; + } + } + var_dump(strlen($data)); + + $ret = proc_close($p); + var_dump($ret); +} else { + echo "no process\n"; +} +?> +==DONE== +--EXPECTF-- +int(%d) +int(0) +==DONE== diff -Nru php5-5.4.15/ext/standard/tests/strings/bug64879.phpt php5-5.4.16/ext/standard/tests/strings/bug64879.phpt --- php5-5.4.15/ext/standard/tests/strings/bug64879.phpt 1970-01-01 00:00:00.000000000 +0000 +++ php5-5.4.16/ext/standard/tests/strings/bug64879.phpt 2013-06-05 05:03:57.000000000 +0000 @@ -0,0 +1,12 @@ +--TEST-- +Bug #64879: quoted_printable_encode() wrong size calculation (CVE-2013-2110) +--FILE-- + +--EXPECTF-- +Done diff -Nru php5-5.4.15/main/main.c php5-5.4.16/main/main.c --- php5-5.4.15/main/main.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/main/main.c 2013-06-05 05:03:57.000000000 +0000 @@ -2070,6 +2070,8 @@ EG(exception_class) = NULL; PG(disable_functions) = NULL; PG(disable_classes) = NULL; + EG(exception) = NULL; + EG(objects_store).object_buckets = NULL; #if HAVE_SETLOCALE setlocale(LC_CTYPE, ""); diff -Nru php5-5.4.15/main/php_config.h.in php5-5.4.16/main/php_config.h.in --- php5-5.4.15/main/php_config.h.in 2013-05-08 05:56:51.000000000 +0000 +++ php5-5.4.16/main/php_config.h.in 2013-06-05 05:24:13.000000000 +0000 @@ -25,9 +25,6 @@ #undef BETHREADS /* */ -#undef BUGGY_SNMPRINT_VALUE - -/* */ #undef CDB_INCLUDE_FILE /* Define if system uses EBCDIC */ @@ -1807,6 +1804,12 @@ /* Define to 1 if you have the header file. */ #undef HAVE_SYSLOG_H +/* FPM use systemd integration */ +#undef HAVE_SYSTEMD + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYSTEMD_SD_DAEMON_H + /* */ #undef HAVE_SYSVMSG @@ -2156,6 +2159,9 @@ /* fpm group name */ #undef PHP_FPM_GROUP +/* fpm systemd service type */ +#undef PHP_FPM_SYSTEMD + /* fpm user name */ #undef PHP_FPM_USER diff -Nru php5-5.4.15/main/php_version.h php5-5.4.16/main/php_version.h --- php5-5.4.15/main/php_version.h 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/main/php_version.h 2013-06-05 05:03:57.000000000 +0000 @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 4 -#define PHP_RELEASE_VERSION 15 +#define PHP_RELEASE_VERSION 16 #define PHP_EXTRA_VERSION "" -#define PHP_VERSION "5.4.15" -#define PHP_VERSION_ID 50415 +#define PHP_VERSION "5.4.16" +#define PHP_VERSION_ID 50416 diff -Nru php5-5.4.15/sapi/fpm/config.m4 php5-5.4.16/sapi/fpm/config.m4 --- php5-5.4.15/sapi/fpm/config.m4 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/sapi/fpm/config.m4 2013-06-05 05:03:57.000000000 +0000 @@ -563,6 +563,26 @@ [ --with-fpm-group[=GRP] Set the group for php-fpm to run as. For a system user, this should usually be set to match the fpm username (default: nobody)], nobody, no) + PHP_ARG_WITH(fpm-systemd,, + [ --with-fpm-systemd Activate systemd integration], no, no) + + if test "$PHP_FPM_SYSTEMD" != "no" ; then + AC_CHECK_LIB(systemd-daemon, sd_notify, SYSTEMD_LIBS="-lsystemd-daemon") + AC_CHECK_HEADERS(systemd/sd-daemon.h, [HAVE_SD_DAEMON_H="yes"], [HAVE_SD_DAEMON_H="no"]) + if test $HAVE_SD_DAEMON_H = "no" || test -z "${SYSTEMD_LIBS}"; then + AC_MSG_ERROR([Your system does not support systemd.]) + else + AC_DEFINE(HAVE_SYSTEMD, 1, [FPM use systemd integration]) + PHP_FPM_SD_FILES="fpm/fpm_systemd.c" + PHP_ADD_LIBRARY(systemd-daemon) + php_fpm_systemd=notify + fi + else + php_fpm_systemd=simple + fi + PHP_SUBST_OLD(php_fpm_systemd) + AC_DEFINE_UNQUOTED(PHP_FPM_SYSTEMD, "$php_fpm_systemd", [fpm systemd service type]) + if test -z "$PHP_FPM_USER" -o "$PHP_FPM_USER" = "yes" -o "$PHP_FPM_USER" = "no"; then php_fpm_user="nobody" else @@ -635,7 +655,7 @@ fpm/events/port.c \ " - PHP_SELECT_SAPI(fpm, program, $PHP_FPM_FILES $PHP_FPM_TRACE_FILES, $PHP_FPM_CFLAGS, '$(SAPI_FPM_PATH)') + PHP_SELECT_SAPI(fpm, program, $PHP_FPM_FILES $PHP_FPM_TRACE_FILES $PHP_FPM_SD_FILES, $PHP_FPM_CFLAGS, '$(SAPI_FPM_PATH)') case $host_alias in *aix*) diff -Nru php5-5.4.15/sapi/fpm/fpm/fpm_conf.c php5-5.4.16/sapi/fpm/fpm/fpm_conf.c --- php5-5.4.15/sapi/fpm/fpm/fpm_conf.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/sapi/fpm/fpm/fpm_conf.c 2013-06-05 05:03:57.000000000 +0000 @@ -45,6 +45,10 @@ #include "fpm_log.h" #include "fpm_events.h" #include "zlog.h" +#ifdef HAVE_SYSTEMD +#include "fpm_systemd.h" +#endif + #define STR2STR(a) (a ? a : "undefined") #define BOOL2STR(a) (a ? "yes" : "no") @@ -73,6 +77,10 @@ #endif .process_max = 0, .process_priority = 64, /* 64 means unset */ +#ifdef HAVE_SYSTEMD + .systemd_watchdog = 0, + .systemd_interval = -1, /* -1 means not set */ +#endif }; static struct fpm_worker_pool_s *current_wp = NULL; static int ini_recursion = 0; @@ -100,6 +108,9 @@ { "rlimit_files", &fpm_conf_set_integer, GO(rlimit_files) }, { "rlimit_core", &fpm_conf_set_rlimit_core, GO(rlimit_core) }, { "events.mechanism", &fpm_conf_set_string, GO(events_mechanism) }, +#ifdef HAVE_SYSTEMD + { "systemd_interval", &fpm_conf_set_time, GO(systemd_interval) }, +#endif { 0, 0, 0 } }; @@ -540,12 +551,17 @@ kv->key = strdup(Z_STRVAL_P(key)); if (!kv->key) { + free(kv); return "fpm_conf_set_array: strdup(key) failed"; } if (convert_to_bool) { char *err = fpm_conf_set_boolean(value, &subconf, 0); - if (err) return err; + if (err) { + free(kv->key); + free(kv); + return err; + } kv->value = strdup(b ? "1" : "0"); } else { kv->value = strdup(Z_STRVAL_P(value)); @@ -556,6 +572,7 @@ if (!kv->value) { free(kv->key); + free(kv); return "fpm_conf_set_array: strdup(value) failed"; } @@ -578,6 +595,7 @@ wp->config = malloc(sizeof(struct fpm_worker_pool_config_s)); if (!wp->config) { + fpm_worker_pool_free(wp); return 0; } @@ -1002,7 +1020,7 @@ nb_ext = 0; /* find the number of extensions */ - while ((ext = strtok(limit_extensions, " \t"))) { + while (strtok(limit_extensions, " \t")) { limit_extensions = NULL; nb_ext++; } @@ -1024,8 +1042,8 @@ nb_ext = 0; /* parse the string and save the extension in the array */ - while ((ext = strtok(security_limit_extensions, " \t"))) { - security_limit_extensions = NULL; + while ((ext = strtok(limit_extensions, " \t"))) { + limit_extensions = NULL; wp->limit_extensions[nb_ext++] = strdup(ext); } @@ -1107,6 +1125,7 @@ if (len != write(fd, buf, len)) { zlog(ZLOG_SYSERROR, "Unable to write to the PID file."); + close(fd); return -1; } close(fd); @@ -1144,6 +1163,12 @@ fpm_global_config.error_log = strdup("log/php-fpm.log"); } +#ifdef HAVE_SYSTEMD + if (0 > fpm_systemd_conf()) { + return -1; + } +#endif + #ifdef HAVE_SYSLOG_H if (!fpm_global_config.syslog_ident) { fpm_global_config.syslog_ident = strdup("php-fpm"); @@ -1460,6 +1485,7 @@ if (ini_recursion++ > 4) { zlog(ZLOG_ERROR, "failed to include more than 5 files recusively"); + close(fd); return -1; } @@ -1531,6 +1557,9 @@ zlog(ZLOG_NOTICE, "\trlimit_files = %d", fpm_global_config.rlimit_files); zlog(ZLOG_NOTICE, "\trlimit_core = %d", fpm_global_config.rlimit_core); zlog(ZLOG_NOTICE, "\tevents.mechanism = %s", fpm_event_machanism_name()); +#ifdef HAVE_SYSTEMD + zlog(ZLOG_NOTICE, "\tsystemd_interval = %ds", fpm_global_config.systemd_interval/1000); +#endif zlog(ZLOG_NOTICE, " "); for (wp = fpm_worker_all_pools; wp; wp = wp->next) { diff -Nru php5-5.4.15/sapi/fpm/fpm/fpm_conf.h php5-5.4.16/sapi/fpm/fpm/fpm_conf.h --- php5-5.4.15/sapi/fpm/fpm/fpm_conf.h 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/sapi/fpm/fpm/fpm_conf.h 2013-06-05 05:03:57.000000000 +0000 @@ -40,6 +40,10 @@ int rlimit_files; int rlimit_core; char *events_mechanism; +#ifdef HAVE_SYSTEMD + int systemd_watchdog; + int systemd_interval; +#endif }; extern struct fpm_global_config_s fpm_global_config; diff -Nru php5-5.4.15/sapi/fpm/fpm/fpm_events.c php5-5.4.16/sapi/fpm/fpm/fpm_events.c --- php5-5.4.15/sapi/fpm/fpm/fpm_events.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/sapi/fpm/fpm/fpm_events.c 2013-06-05 05:03:57.000000000 +0000 @@ -29,6 +29,10 @@ #include "events/port.h" #include "events/kqueue.h" +#ifdef HAVE_SYSTEMD +#include "fpm_systemd.h" +#endif + #define fpm_event_set_timeout(ev, now) timeradd(&(now), &(ev)->frequency, &(ev)->timeout); static void fpm_event_cleanup(int which, void *arg); @@ -361,6 +365,10 @@ zlog(ZLOG_DEBUG, "%zu bytes have been reserved in SHM", fpm_shm_get_size_allocated()); zlog(ZLOG_NOTICE, "ready to handle connections"); + +#ifdef HAVE_SYSTEMD + fpm_systemd_heartbeat(NULL, 0, NULL); +#endif } while (1) { diff -Nru php5-5.4.15/sapi/fpm/fpm/fpm_log.c php5-5.4.16/sapi/fpm/fpm/fpm_log.c --- php5-5.4.15/sapi/fpm/fpm/fpm_log.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/sapi/fpm/fpm/fpm_log.c 2013-06-05 05:03:57.000000000 +0000 @@ -57,7 +57,9 @@ wp->log_fd = fd; } - fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); + if (0 > fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC)) { + zlog(ZLOG_WARNING, "failed to change attribute of access_log"); + } } return ret; @@ -237,7 +239,7 @@ case 'f': /* script */ if (!test) { - len2 = snprintf(b, FPM_LOG_BUFFER - len, "%s", proc.script_filename && *proc.script_filename ? proc.script_filename : "-"); + len2 = snprintf(b, FPM_LOG_BUFFER - len, "%s", *proc.script_filename ? proc.script_filename : "-"); } break; @@ -249,7 +251,7 @@ case 'm': /* method */ if (!test) { - len2 = snprintf(b, FPM_LOG_BUFFER - len, "%s", proc.request_method && *proc.request_method ? proc.request_method : "-"); + len2 = snprintf(b, FPM_LOG_BUFFER - len, "%s", *proc.request_method ? proc.request_method : "-"); } break; @@ -347,19 +349,19 @@ case 'q': /* query_string */ if (!test) { - len2 = snprintf(b, FPM_LOG_BUFFER - len, "%s", proc.query_string ? proc.query_string : ""); + len2 = snprintf(b, FPM_LOG_BUFFER - len, "%s", proc.query_string); } break; case 'Q': /* '?' */ if (!test) { - len2 = snprintf(b, FPM_LOG_BUFFER - len, "%s", proc.query_string && *proc.query_string ? "?" : ""); + len2 = snprintf(b, FPM_LOG_BUFFER - len, "%s", *proc.query_string ? "?" : ""); } break; case 'r': /* request URI */ if (!test) { - len2 = snprintf(b, FPM_LOG_BUFFER - len, "%s", proc.request_uri ? proc.request_uri : "-"); + len2 = snprintf(b, FPM_LOG_BUFFER - len, "%s", proc.request_uri); } break; @@ -397,7 +399,7 @@ case 'u': /* remote user */ if (!test) { - len2 = snprintf(b, FPM_LOG_BUFFER - len, "%s", proc.auth_user ? proc.auth_user : "-"); + len2 = snprintf(b, FPM_LOG_BUFFER - len, "%s", proc.auth_user); } break; diff -Nru php5-5.4.15/sapi/fpm/fpm/fpm_main.c php5-5.4.16/sapi/fpm/fpm/fpm_main.c --- php5-5.4.15/sapi/fpm/fpm/fpm_main.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/sapi/fpm/fpm/fpm_main.c 2013-06-05 05:03:57.000000000 +0000 @@ -1098,7 +1098,7 @@ #define APACHE_PROXY_FCGI_PREFIX "proxy:fcgi://" /* Fix proxy URLs in SCRIPT_FILENAME generated by Apache mod_proxy_fcgi: - * proxy:fcgi://localhost:9000/some-dir/info.php/test + * proxy:fcgi://localhost:9000/some-dir/info.php/test?foo=bar * should be changed to: * /some-dir/info.php/test * See: http://bugs.php.net/bug.php?id=54152 @@ -1118,6 +1118,11 @@ memmove(env_script_filename, p, strlen(p) + 1); apache_was_here = 1; } + /* ignore query string if sent by Apache (RewriteRule) */ + p = strchr(env_script_filename, '?'); + if (p) { + *p =0; + } } if (CGIG(fix_pathinfo)) { @@ -1173,119 +1178,123 @@ int len = script_path_translated_len; char *ptr; - while ((ptr = strrchr(pt, '/')) || (ptr = strrchr(pt, '\\'))) { - *ptr = 0; - if (stat(pt, &st) == 0 && S_ISREG(st.st_mode)) { - /* - * okay, we found the base script! - * work out how many chars we had to strip off; - * then we can modify PATH_INFO - * accordingly - * - * we now have the makings of - * PATH_INFO=/test - * SCRIPT_FILENAME=/docroot/info.php - * - * we now need to figure out what docroot is. - * if DOCUMENT_ROOT is set, this is easy, otherwise, - * we have to play the game of hide and seek to figure - * out what SCRIPT_NAME should be - */ - int ptlen = strlen(pt); - int slen = len - ptlen; - int pilen = env_path_info ? strlen(env_path_info) : 0; - int tflag = 0; - char *path_info; - if (apache_was_here) { - /* recall that PATH_INFO won't exist */ - path_info = script_path_translated + ptlen; - tflag = (slen != 0 && (!orig_path_info || strcmp(orig_path_info, path_info) != 0)); - } else { - path_info = env_path_info ? env_path_info + pilen - slen : NULL; - tflag = (orig_path_info != path_info); - } + if (pt) { + while ((ptr = strrchr(pt, '/')) || (ptr = strrchr(pt, '\\'))) { + *ptr = 0; + if (stat(pt, &st) == 0 && S_ISREG(st.st_mode)) { + /* + * okay, we found the base script! + * work out how many chars we had to strip off; + * then we can modify PATH_INFO + * accordingly + * + * we now have the makings of + * PATH_INFO=/test + * SCRIPT_FILENAME=/docroot/info.php + * + * we now need to figure out what docroot is. + * if DOCUMENT_ROOT is set, this is easy, otherwise, + * we have to play the game of hide and seek to figure + * out what SCRIPT_NAME should be + */ + int ptlen = strlen(pt); + int slen = len - ptlen; + int pilen = env_path_info ? strlen(env_path_info) : 0; + int tflag = 0; + char *path_info; + if (apache_was_here) { + /* recall that PATH_INFO won't exist */ + path_info = script_path_translated + ptlen; + tflag = (slen != 0 && (!orig_path_info || strcmp(orig_path_info, path_info) != 0)); + } else { + path_info = env_path_info ? env_path_info + pilen - slen : NULL; + tflag = (orig_path_info != path_info); + } - if (tflag) { - if (orig_path_info) { - char old; - - _sapi_cgibin_putenv("ORIG_PATH_INFO", orig_path_info TSRMLS_CC); - old = path_info[0]; - path_info[0] = 0; - if (!orig_script_name || - strcmp(orig_script_name, env_path_info) != 0) { - if (orig_script_name) { - _sapi_cgibin_putenv("ORIG_SCRIPT_NAME", orig_script_name TSRMLS_CC); + if (tflag) { + if (orig_path_info) { + char old; + + _sapi_cgibin_putenv("ORIG_PATH_INFO", orig_path_info TSRMLS_CC); + old = path_info[0]; + path_info[0] = 0; + if (!orig_script_name || + strcmp(orig_script_name, env_path_info) != 0) { + if (orig_script_name) { + _sapi_cgibin_putenv("ORIG_SCRIPT_NAME", orig_script_name TSRMLS_CC); + } + SG(request_info).request_uri = _sapi_cgibin_putenv("SCRIPT_NAME", env_path_info TSRMLS_CC); + } else { + SG(request_info).request_uri = orig_script_name; } - SG(request_info).request_uri = _sapi_cgibin_putenv("SCRIPT_NAME", env_path_info TSRMLS_CC); - } else { - SG(request_info).request_uri = orig_script_name; + path_info[0] = old; } - path_info[0] = old; + env_path_info = _sapi_cgibin_putenv("PATH_INFO", path_info TSRMLS_CC); } - env_path_info = _sapi_cgibin_putenv("PATH_INFO", path_info TSRMLS_CC); - } - if (!orig_script_filename || - strcmp(orig_script_filename, pt) != 0) { - if (orig_script_filename) { - _sapi_cgibin_putenv("ORIG_SCRIPT_FILENAME", orig_script_filename TSRMLS_CC); - } - script_path_translated = _sapi_cgibin_putenv("SCRIPT_FILENAME", pt TSRMLS_CC); - } - TRANSLATE_SLASHES(pt); - - /* figure out docroot - * SCRIPT_FILENAME minus SCRIPT_NAME - */ - if (env_document_root) { - int l = strlen(env_document_root); - int path_translated_len = 0; - char *path_translated = NULL; - - if (l && env_document_root[l - 1] == '/') { - --l; + if (!orig_script_filename || + strcmp(orig_script_filename, pt) != 0) { + if (orig_script_filename) { + _sapi_cgibin_putenv("ORIG_SCRIPT_FILENAME", orig_script_filename TSRMLS_CC); + } + script_path_translated = _sapi_cgibin_putenv("SCRIPT_FILENAME", pt TSRMLS_CC); } + TRANSLATE_SLASHES(pt); - /* we have docroot, so we should have: - * DOCUMENT_ROOT=/docroot - * SCRIPT_FILENAME=/docroot/info.php + /* figure out docroot + * SCRIPT_FILENAME minus SCRIPT_NAME */ + if (env_document_root) { + int l = strlen(env_document_root); + int path_translated_len = 0; + char *path_translated = NULL; - /* PATH_TRANSLATED = DOCUMENT_ROOT + PATH_INFO */ - path_translated_len = l + (env_path_info ? strlen(env_path_info) : 0); - path_translated = (char *) emalloc(path_translated_len + 1); - memcpy(path_translated, env_document_root, l); - if (env_path_info) { - memcpy(path_translated + l, env_path_info, (path_translated_len - l)); - } - path_translated[path_translated_len] = '\0'; - if (orig_path_translated) { - _sapi_cgibin_putenv("ORIG_PATH_TRANSLATED", orig_path_translated TSRMLS_CC); - } - env_path_translated = _sapi_cgibin_putenv("PATH_TRANSLATED", path_translated TSRMLS_CC); - efree(path_translated); - } else if ( env_script_name && - strstr(pt, env_script_name) - ) { - /* PATH_TRANSLATED = PATH_TRANSLATED - SCRIPT_NAME + PATH_INFO */ - int ptlen = strlen(pt) - strlen(env_script_name); - int path_translated_len = ptlen + (env_path_info ? strlen(env_path_info) : 0); - char *path_translated = NULL; - - path_translated = (char *) emalloc(path_translated_len + 1); - memcpy(path_translated, pt, ptlen); - if (env_path_info) { - memcpy(path_translated + ptlen, env_path_info, path_translated_len - ptlen); - } - path_translated[path_translated_len] = '\0'; - if (orig_path_translated) { - _sapi_cgibin_putenv("ORIG_PATH_TRANSLATED", orig_path_translated TSRMLS_CC); + if (l && env_document_root[l - 1] == '/') { + --l; + } + + /* we have docroot, so we should have: + * DOCUMENT_ROOT=/docroot + * SCRIPT_FILENAME=/docroot/info.php + */ + + /* PATH_TRANSLATED = DOCUMENT_ROOT + PATH_INFO */ + path_translated_len = l + (env_path_info ? strlen(env_path_info) : 0); + path_translated = (char *) emalloc(path_translated_len + 1); + memcpy(path_translated, env_document_root, l); + if (env_path_info) { + memcpy(path_translated + l, env_path_info, (path_translated_len - l)); + } + path_translated[path_translated_len] = '\0'; + if (orig_path_translated) { + _sapi_cgibin_putenv("ORIG_PATH_TRANSLATED", orig_path_translated TSRMLS_CC); + } + env_path_translated = _sapi_cgibin_putenv("PATH_TRANSLATED", path_translated TSRMLS_CC); + efree(path_translated); + } else if ( env_script_name && + strstr(pt, env_script_name) + ) { + /* PATH_TRANSLATED = PATH_TRANSLATED - SCRIPT_NAME + PATH_INFO */ + int ptlen = strlen(pt) - strlen(env_script_name); + int path_translated_len = ptlen + (env_path_info ? strlen(env_path_info) : 0); + char *path_translated = NULL; + + path_translated = (char *) emalloc(path_translated_len + 1); + memcpy(path_translated, pt, ptlen); + if (env_path_info) { + memcpy(path_translated + ptlen, env_path_info, path_translated_len - ptlen); + } + path_translated[path_translated_len] = '\0'; + if (orig_path_translated) { + _sapi_cgibin_putenv("ORIG_PATH_TRANSLATED", orig_path_translated TSRMLS_CC); + } + env_path_translated = _sapi_cgibin_putenv("PATH_TRANSLATED", path_translated TSRMLS_CC); + efree(path_translated); } - env_path_translated = _sapi_cgibin_putenv("PATH_TRANSLATED", path_translated TSRMLS_CC); - efree(path_translated); + break; } - break; } + } else { + ptr = NULL; } if (!ptr) { /* diff -Nru php5-5.4.15/sapi/fpm/fpm/fpm_signals.c php5-5.4.16/sapi/fpm/fpm/fpm_signals.c --- php5-5.4.15/sapi/fpm/fpm/fpm_signals.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/sapi/fpm/fpm/fpm_signals.c 2013-06-05 05:03:57.000000000 +0000 @@ -145,7 +145,9 @@ /* closing fastcgi listening socket will force fcgi_accept() exit immediately */ close(0); - socket(AF_UNIX, SOCK_STREAM, 0); + if (0 > socket(AF_UNIX, SOCK_STREAM, 0)) { + zlog(ZLOG_WARNING, "failed to create a new socket"); + } fpm_php_soft_quit(); errno = saved_errno; } diff -Nru php5-5.4.15/sapi/fpm/fpm/fpm_sockets.c php5-5.4.16/sapi/fpm/fpm/fpm_sockets.c --- php5-5.4.15/sapi/fpm/fpm/fpm_sockets.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/sapi/fpm/fpm/fpm_sockets.c 2013-06-05 05:03:57.000000000 +0000 @@ -167,7 +167,7 @@ { int flags = 1; int sock; - mode_t saved_umask; + mode_t saved_umask = 0; sock = socket(sa->sa_family, SOCK_STREAM, 0); @@ -176,11 +176,14 @@ return -1; } - setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &flags, sizeof(flags)); + if (0 > setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &flags, sizeof(flags))) { + zlog(ZLOG_WARNING, "failed to change socket attribute"); + } if (wp->listen_address_domain == FPM_AF_UNIX) { if (fpm_socket_unix_test_connect((struct sockaddr_un *)sa, socklen) == 0) { zlog(ZLOG_ERROR, "An another FPM instance seems to already listen on %s", ((struct sockaddr_un *) sa)->sun_path); + close(sock); return -1; } unlink( ((struct sockaddr_un *) sa)->sun_path); @@ -192,6 +195,7 @@ if (wp->listen_address_domain == FPM_AF_UNIX) { umask(saved_umask); } + close(sock); return -1; } @@ -203,6 +207,7 @@ if (wp->socket_uid != -1 || wp->socket_gid != -1) { if (0 > chown(path, wp->socket_uid, wp->socket_gid)) { zlog(ZLOG_SYSERROR, "failed to chown() the socket '%s'", wp->config->listen_address); + close(sock); return -1; } } @@ -210,6 +215,7 @@ if (0 > listen(sock, wp->config->listen_backlog)) { zlog(ZLOG_SYSERROR, "failed to listen to address '%s'", wp->config->listen_address); + close(sock); return -1; } diff -Nru php5-5.4.15/sapi/fpm/fpm/fpm_stdio.c php5-5.4.16/sapi/fpm/fpm/fpm_stdio.c --- php5-5.4.15/sapi/fpm/fpm/fpm_stdio.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/sapi/fpm/fpm/fpm_stdio.c 2013-06-05 05:03:57.000000000 +0000 @@ -34,6 +34,7 @@ if (0 > dup2(fd, STDIN_FILENO) || 0 > dup2(fd, STDOUT_FILENO)) { zlog(ZLOG_SYSERROR, "failed to init stdio: dup2()"); + close(fd); return -1; } close(fd); @@ -294,7 +295,9 @@ zlog_set_fd(fpm_globals.error_log_fd); } } - fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); + if (0 > fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC)) { + zlog(ZLOG_WARNING, "failed to change attribute of error_log"); + } return 0; } /* }}} */ diff -Nru php5-5.4.15/sapi/fpm/fpm/fpm_systemd.c php5-5.4.16/sapi/fpm/fpm/fpm_systemd.c --- php5-5.4.15/sapi/fpm/fpm/fpm_systemd.c 1970-01-01 00:00:00.000000000 +0000 +++ php5-5.4.16/sapi/fpm/fpm/fpm_systemd.c 2013-06-05 05:03:57.000000000 +0000 @@ -0,0 +1,113 @@ +#include "fpm_config.h" + +#include +#include + +#include "fpm.h" +#include "fpm_clock.h" +#include "fpm_worker_pool.h" +#include "fpm_scoreboard.h" +#include "zlog.h" +#include "fpm_systemd.h" + + +static void fpm_systemd() /* {{{ */ +{ + static unsigned long int last=0; + struct fpm_worker_pool_s *wp; + unsigned long int requests=0, slow_req=0; + int active=0, idle=0; + + + for (wp = fpm_worker_all_pools; wp; wp = wp->next) { + if (wp->scoreboard) { + active += wp->scoreboard->active; + idle += wp->scoreboard->idle; + requests += wp->scoreboard->requests; + slow_req += wp->scoreboard->slow_rq; + } + } + +/* + zlog(ZLOG_DEBUG, "systemd %s (Processes active:%d, idle:%d, Requests:%lu, slow:%lu, Traffic:%.3greq/sec)", + fpm_global_config.systemd_watchdog ? "watchdog" : "heartbeat", + active, idle, requests, slow_req, ((float)requests - last) * 1000.0 / fpm_global_config.systemd_interval); +*/ + + if (0 > sd_notifyf(0, "READY=1\n%s" + "STATUS=Processes active: %d, idle: %d, Requests: %lu, slow: %lu, Traffic: %.3greq/sec", + fpm_global_config.systemd_watchdog ? "WATCHDOG=1\n" : "", + active, idle, requests, slow_req, ((float)requests - last) * 1000.0 / fpm_global_config.systemd_interval)) { + zlog(ZLOG_NOTICE, "failed to notify status to systemd"); + } + + last = requests; +} +/* }}} */ + +void fpm_systemd_heartbeat(struct fpm_event_s *ev, short which, void *arg) /* {{{ */ +{ + static struct fpm_event_s heartbeat; + + if (fpm_globals.parent_pid != getpid()) { + return; /* sanity check */ + } + + if (which == FPM_EV_TIMEOUT) { + fpm_systemd(); + + return; + } + + if (0 > sd_notifyf(0, "READY=1\n" + "STATUS=Ready to handle connections\n" + "MAINPID=%lu", + (unsigned long) getpid())) { + zlog(ZLOG_WARNING, "failed to notify start to systemd"); + } else { + zlog(ZLOG_DEBUG, "have notify start to systemd"); + } + + /* first call without setting which to initialize the timer */ + if (fpm_global_config.systemd_interval > 0) { + fpm_event_set_timer(&heartbeat, FPM_EV_PERSIST, &fpm_systemd_heartbeat, NULL); + fpm_event_add(&heartbeat, fpm_global_config.systemd_interval); + zlog(ZLOG_NOTICE, "systemd monitor interval set to %dms", fpm_global_config.systemd_interval); + } else { + zlog(ZLOG_NOTICE, "systemd monitor disabled"); + } +} +/* }}} */ + +int fpm_systemd_conf() /* {{{ */ +{ + char *watchdog; + int interval = 0; + + watchdog = getenv("WATCHDOG_USEC"); + if (watchdog) { + /* usec to msec, and half the configured delay */ + interval = (int)(atol(watchdog) / 2000L); + zlog(ZLOG_DEBUG, "WATCHDOG_USEC=%s, interval=%d", watchdog, interval); + } + + if (interval > 1000) { + if (fpm_global_config.systemd_interval > 0) { + zlog(ZLOG_WARNING, "systemd_interval option ignored"); + } + zlog(ZLOG_NOTICE, "systemd watchdog configured to %.3gsec", (float)interval / 1000.0); + fpm_global_config.systemd_watchdog = 1; + fpm_global_config.systemd_interval = interval; + + } else if (fpm_global_config.systemd_interval < 0) { + /* not set => default value */ + fpm_global_config.systemd_interval = FPM_SYSTEMD_DEFAULT_HEARTBEAT; + + } else { + /* sec to msec */ + fpm_global_config.systemd_interval *= 1000; + } + return 0; +} +/* }}} */ + diff -Nru php5-5.4.15/sapi/fpm/fpm/fpm_systemd.h php5-5.4.16/sapi/fpm/fpm/fpm_systemd.h --- php5-5.4.15/sapi/fpm/fpm/fpm_systemd.h 1970-01-01 00:00:00.000000000 +0000 +++ php5-5.4.16/sapi/fpm/fpm/fpm_systemd.h 2013-06-05 05:03:57.000000000 +0000 @@ -0,0 +1,13 @@ +#ifndef FPM_SYSTEMD_H +#define FPM_SYSTEMD_H 1 + +#include "fpm_events.h" + +/* 10s (in ms) heartbeat for systemd status */ +#define FPM_SYSTEMD_DEFAULT_HEARTBEAT (10000) + +void fpm_systemd_heartbeat(struct fpm_event_s *ev, short which, void *arg); +int fpm_systemd_conf(); + +#endif + diff -Nru php5-5.4.15/sapi/fpm/fpm/fpm_worker_pool.c php5-5.4.16/sapi/fpm/fpm/fpm_worker_pool.c --- php5-5.4.15/sapi/fpm/fpm/fpm_worker_pool.c 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/sapi/fpm/fpm/fpm_worker_pool.c 2013-06-05 05:03:57.000000000 +0000 @@ -18,6 +18,21 @@ struct fpm_worker_pool_s *fpm_worker_all_pools; +void fpm_worker_pool_free(struct fpm_worker_pool_s *wp) /* {{{ */ +{ + if (wp->config) { + free(wp->config); + } + if (wp->user) { + free(wp->user); + } + if (wp->home) { + free(wp->home); + } + free(wp); +} +/* }}} */ + static void fpm_worker_pool_cleanup(int which, void *arg) /* {{{ */ { struct fpm_worker_pool_s *wp, *wp_next; @@ -29,10 +44,7 @@ if ((which & FPM_CLEANUP_CHILD) == 0 && fpm_globals.parent_pid == getpid()) { fpm_scoreboard_free(wp->scoreboard); } - free(wp->config); - free(wp->user); - free(wp->home); - free(wp); + fpm_worker_pool_free(wp); } fpm_worker_all_pools = NULL; } diff -Nru php5-5.4.15/sapi/fpm/fpm/fpm_worker_pool.h php5-5.4.16/sapi/fpm/fpm/fpm_worker_pool.h --- php5-5.4.15/sapi/fpm/fpm/fpm_worker_pool.h 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/sapi/fpm/fpm/fpm_worker_pool.h 2013-06-05 05:03:57.000000000 +0000 @@ -45,6 +45,7 @@ }; struct fpm_worker_pool_s *fpm_worker_pool_alloc(); +void fpm_worker_pool_free(struct fpm_worker_pool_s *wp); int fpm_worker_pool_init_main(); extern struct fpm_worker_pool_s *fpm_worker_all_pools; diff -Nru php5-5.4.15/sapi/fpm/php-fpm.conf.in php5-5.4.16/sapi/fpm/php-fpm.conf.in --- php5-5.4.15/sapi/fpm/php-fpm.conf.in 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/sapi/fpm/php-fpm.conf.in 2013-06-05 05:03:57.000000000 +0000 @@ -105,7 +105,15 @@ ; - /dev/poll (Solaris >= 7) ; - port (Solaris >= 10) ; Default Value: not set (auto detection) -; events.mechanism = epoll +;events.mechanism = epoll + +; When FPM is build with systemd integration, specify the interval, +; in second, between health report notification to systemd. +; Set to 0 to disable. +; Available Units: s(econds), m(inutes), h(ours) +; Default Unit: seconds +; Default value: 10 +;systemd_interval = 10 ;;;;;;;;;;;;;;;;;;;; ; Pool Definitions ; diff -Nru php5-5.4.15/sapi/fpm/php-fpm.service.in php5-5.4.16/sapi/fpm/php-fpm.service.in --- php5-5.4.15/sapi/fpm/php-fpm.service.in 2013-05-08 05:41:20.000000000 +0000 +++ php5-5.4.16/sapi/fpm/php-fpm.service.in 2013-06-05 05:03:57.000000000 +0000 @@ -3,6 +3,7 @@ After=syslog.target network.target [Service] +Type=@php_fpm_systemd@ PIDFile=@localstatedir@/run/php-fpm.pid ExecStart=@sbindir@/php-fpm --nodaemonize --fpm-config @sysconfdir@/php-fpm.conf ExecReload=/bin/kill -USR2 $MAINPID