diff options
author | Eugene Lamskoy | 2021-12-16 18:16:03 +0200 |
---|---|---|
committer | Eugene Lamskoy | 2021-12-16 18:16:03 +0200 |
commit | 1c636aec0734d5e349a1a78dede03b1897bd85e5 (patch) | |
tree | 9ccd99c9b91a35afb81c2de9fd8b711beca0dc50 /debian-php-7.2.34.patch | |
parent | 82e9513a3e5770bc8ceef73f91c6d57148e75949 (diff) | |
download | aur-1c636aec0734d5e349a1a78dede03b1897bd85e5.tar.gz |
Revert "Upgraded pkgbuild"
This reverts commit 82e9513a3e5770bc8ceef73f91c6d57148e75949.
Diffstat (limited to 'debian-php-7.2.34.patch')
-rw-r--r-- | debian-php-7.2.34.patch | 2039 |
1 files changed, 0 insertions, 2039 deletions
diff --git a/debian-php-7.2.34.patch b/debian-php-7.2.34.patch deleted file mode 100644 index 6f6a8e208fa9..000000000000 --- a/debian-php-7.2.34.patch +++ /dev/null @@ -1,2039 +0,0 @@ - -diff --git a/ext/standard/proc_open.c b/ext/standard/proc_open.c -index 9aa5f74..81368fd 100644 ---- a/ext/standard/proc_open.c -+++ b/ext/standard/proc_open.c -@@ -57,7 +57,7 @@ - * */ - #ifdef PHP_CAN_SUPPORT_PROC_OPEN - --#if 0 && HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT && HAVE_SYS_IOCTL_H && HAVE_TERMIOS_H -+#if HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT && HAVE_SYS_IOCTL_H && HAVE_TERMIOS_H - # include <sys/ioctl.h> - # include <termios.h> - # define PHP_CAN_DO_PTS 1 -diff --git a/php.ini-development b/php.ini-development -index 2cb93e1..c2b4771 100644 ---- a/php.ini-development -+++ b/php.ini-development -@@ -302,6 +302,12 @@ - ; or per-virtualhost web server configuration file. - ; Note: disables the realpath cache - ; http://php.net/open-basedir -+ -+; NOTE: this is considered a "broken" security measure. -+; Applications relying on this feature will not receive full -+; support by the security team. For more information please -+; see /usr/share/doc/php-common/README.Debian.security -+; - ;open_basedir = - - ; This directive allows you to disable certain functions for security reasons. -diff --git a/ext/dba/config.m4 b/ext/dba/config.m4 -index bc0fd55..0f270a8 100644 ---- a/ext/dba/config.m4 -+++ b/ext/dba/config.m4 -@@ -346,61 +346,13 @@ - dbdp4="/usr/local/BerkeleyDB.4." - dbdp5="/usr/local/BerkeleyDB.5." - for i in $PHP_DB4 ${dbdp5}1 ${dbdp5}0 ${dbdp4}8 ${dbdp4}7 ${dbdp4}6 ${dbdp4}5 ${dbdp4}4 ${dbdp4}3 ${dbdp4}2 ${dbdp4}1 ${dbdp}0 /usr/local /usr; do -- if test -f "$i/db5/db.h"; then -- THIS_PREFIX=$i -- THIS_INCLUDE=$i/db5/db.h -- break -- elif test -f "$i/db4/db.h"; then -- THIS_PREFIX=$i -- THIS_INCLUDE=$i/db4/db.h -- break -- elif test -f "$i/include/db5.3/db.h"; then -- THIS_PREFIX=$i -- THIS_INCLUDE=$i/include/db5.3/db.h -- break -- elif test -f "$i/include/db5.1/db.h"; then -- THIS_PREFIX=$i -- THIS_INCLUDE=$i/include/db5.1/db.h -- break -- elif test -f "$i/include/db5.0/db.h"; then -- THIS_PREFIX=$i -- THIS_INCLUDE=$i/include/db5.0/db.h -- break -- elif test -f "$i/include/db4.8/db.h"; then -- THIS_PREFIX=$i -- THIS_INCLUDE=$i/include/db4.8/db.h -- break -- elif test -f "$i/include/db4.7/db.h"; then -- THIS_PREFIX=$i -- THIS_INCLUDE=$i/include/db4.7/db.h -- break -- elif test -f "$i/include/db4.6/db.h"; then -- THIS_PREFIX=$i -- THIS_INCLUDE=$i/include/db4.6/db.h -- break -- elif test -f "$i/include/db4.5/db.h"; then -- THIS_PREFIX=$i -- THIS_INCLUDE=$i/include/db4.5/db.h -- break -- elif test -f "$i/include/db4/db.h"; then -- THIS_PREFIX=$i -- THIS_INCLUDE=$i/include/db4/db.h -- break -- elif test -f "$i/include/db/db4.h"; then -- THIS_PREFIX=$i -- THIS_INCLUDE=$i/include/db/db4.h -- break -- elif test -f "$i/include/db4.h"; then -- THIS_PREFIX=$i -- THIS_INCLUDE=$i/include/db4.h -- break -- elif test -f "$i/include/db.h"; then -+ if test -f "$i/include/db.h"; then - THIS_PREFIX=$i - THIS_INCLUDE=$i/include/db.h - break - fi - done -- PHP_DBA_DB_CHECK(4, db-5.3 db-5.1 db-5.0 db-4.8 db-4.7 db-4.6 db-4.5 db-4.4 db-4.3 db-4.2 db-4.1 db-4.0 db-4 db4 db, [(void)db_create((DB**)0, (DB_ENV*)0, 0)]) -+ PHP_DBA_DB_CHECK(4, db, [(void)db_create((DB**)0, (DB_ENV*)0, 0)]) - fi - PHP_DBA_STD_RESULT(db4,Berkeley DB4) - -diff --git a/ext/dba/dba.c b/ext/dba/dba.c -index a003416..6cd3b4d 100644 ---- a/ext/dba/dba.c -+++ b/ext/dba/dba.c -@@ -53,6 +53,10 @@ - #include "php_tcadb.h" - #include "php_lmdb.h" - -+#ifdef DB4_INCLUDE_FILE -+#include DB4_INCLUDE_FILE -+#endif -+ - /* {{{ arginfo */ - ZEND_BEGIN_ARG_INFO_EX(arginfo_dba_popen, 0, 0, 2) - ZEND_ARG_INFO(0, path) -@@ -558,6 +562,10 @@ - - php_info_print_table_start(); - php_info_print_table_row(2, "DBA support", "enabled"); -+#ifdef DB_VERSION_STRING -+ php_info_print_table_row(2, "libdb header version", DB_VERSION_STRING); -+ php_info_print_table_row(2, "libdb library version", db_version(NULL, NULL, NULL)); -+#endif - if (handlers.s) { - smart_str_0(&handlers); - php_info_print_table_row(2, "Supported handlers", ZSTR_VAL(handlers.s)); -diff --git a/ext/mysqli/config.m4 b/ext/mysqli/config.m4 -index c5dfe5d..87dd43e 100644 ---- a/ext/mysqli/config.m4 -+++ b/ext/mysqli/config.m4 -@@ -59,7 +59,7 @@ - MYSQL_LIB_CFG='--libmysqld-libs' - dnl mysqlnd doesn't support embedded, so we have to add some extra stuff - mysqli_extra_sources="mysqli_embedded.c" -- elif test "$enable_maintainer_zts" = "yes"; then -+ elif true || test "$enable_maintainer_zts" = "yes"; then - MYSQL_LIB_CFG='--libs_r' - MYSQL_LIB_NAME='mysqlclient_r' - else -diff --git a/ext/pdo_mysql/config.m4 b/ext/pdo_mysql/config.m4 -index 4991df0..7227b3a 100755 ---- a/ext/pdo_mysql/config.m4 -+++ b/ext/pdo_mysql/config.m4 -@@ -67,7 +67,7 @@ - if test "x$SED" = "x"; then - AC_PATH_PROG(SED, sed) - fi -- if test "$enable_maintainer_zts" = "yes"; then -+ if true || test "$enable_maintainer_zts" = "yes"; then - PDO_MYSQL_LIBNAME=mysqlclient_r - PDO_MYSQL_LIBS=`$PDO_MYSQL_CONFIG --libs_r | $SED -e "s/'//g"` - else ---- /dev/null -+++ b/tests/func/null-new_val.phpt -@@ -0,0 +1,10 @@ -+--TEST-- -+ini_restore strcmp NULL new_val -+--FILE-- -+<?php -+ -+ini_set('error_log','ini_set_works'); -+ini_restore('error_log'); -+ -+?> -+--EXPECT-- -diff --git a/build/build.mk b/build/build.mk -index 1ce958f..b8c7492 100644 ---- a/build/build.mk -+++ b/build/build.mk -@@ -63,6 +63,5 @@ - @if (test ! -f '.git/info/exclude' || grep -s "git-ls-files" .git/info/exclude); then \ - (echo "Rebuild .git/info/exclude" && echo '*.o' > .git/info/exclude && git svn propget svn:ignore | grep -v config.nice >> .git/info/exclude); \ - fi; \ -- git clean -X -f -d; - - .PHONY: $(ALWAYS) snapshot -diff --git a/ext/dba/config.m4 b/ext/dba/config.m4 -index 0f270a8..7d074f7 100644 ---- a/ext/dba/config.m4 -+++ b/ext/dba/config.m4 -@@ -116,6 +116,10 @@ - THIS_PREFIX=$i - THIS_INCLUDE=$i/include/depot.h - break -+ elif test -f "$i/include/qdbm/depot.h"; then -+ THIS_PREFIX=$i -+ THIS_INCLUDE=$i/include/qdbm/depot.h -+ break - fi - done - -diff --git a/sapi/fpm/php-fpm.8.in b/sapi/fpm/php-fpm.8.in -index 86edaa8..19e66a0 100644 ---- a/sapi/fpm/php-fpm.8.in -+++ b/sapi/fpm/php-fpm.8.in -@@ -139,22 +139,8 @@ - .TP - .B php.ini - The standard php configuration file. --.SH EXAMPLES --For any unix systems which use init.d for their main process manager, you should use the init script provided to start and stop the php-fpm daemon. --.P --.PD 1 --.RS --sudo /etc/init.d/php-fpm start --.RE --.TP --For any unix systems which use systemd for their main process manager, you should use the unit file provided to start and stop the php-fpm daemon. --.P --.PD 1 --.RS --sudo systemctl start php-fpm.service --.RE --.TP --If your installation has no appropriate init script, launch php-fpm with no arguments. It will launch as a daemon (background process) by default. The file @php_fpm_localstatedir@/run/php-fpm.pid determines whether php-fpm is already up and running. Once started, php-fpm then responds to several POSIX signals: -+.SH SIGNAL -+Once started, php-fpm then responds to several POSIX signals: - .P - .PD 0 - .RS -@@ -168,10 +154,6 @@ - .RE - .PD 1 - .P --.SH TIPS --The PHP-FPM CGI daemon will work well with most popular webservers, including Apache2, lighttpd and nginx. --.PD 1 --.P - .SH SEE ALSO - The PHP-FPM website: - .PD 0 -diff --git a/main/streams/plain_wrapper.c b/main/streams/plain_wrapper.c -index 8374857..6c27345 100644 ---- a/main/streams/plain_wrapper.c -+++ b/main/streams/plain_wrapper.c -@@ -693,7 +693,13 @@ - - switch (value) { - case PHP_STREAM_MMAP_SUPPORTED: -- return fd == -1 ? PHP_STREAM_OPTION_RETURN_ERR : PHP_STREAM_OPTION_RETURN_OK; -+ if (fd == -1) -+ return PHP_STREAM_OPTION_RETURN_ERR; -+ /* Don't mmap large files */ -+ do_fstat(data, 1); -+ if (data->sb.st_size > 4 * 1024 * 1024) -+ return PHP_STREAM_OPTION_RETURN_ERR; -+ return PHP_STREAM_OPTION_RETURN_OK; - - case PHP_STREAM_MMAP_MAP_RANGE: - if (do_fstat(data, 1) != 0) { -diff --git a/ext/dba/dba.c b/ext/dba/dba.c -index 6cd3b4d..370ac08 100644 ---- a/ext/dba/dba.c -+++ b/ext/dba/dba.c -@@ -993,7 +993,7 @@ - } - } - -- if (error || hptr->open(info, &error) != SUCCESS) { -+ if (error || (hptr->open)(info, &error) != SUCCESS) { - dba_close(info); - php_error_docref2(NULL, Z_STRVAL(args[0]), Z_STRVAL(args[1]), E_WARNING, "Driver initialization failed for handler: %s%s%s", hptr->name, error?": ":"", error?error:""); - FREENOW; -diff --git a/ext/dba/dba_db3.c b/ext/dba/dba_db3.c -index dd1bcb8..aca3c93 100644 ---- a/ext/dba/dba_db3.c -+++ b/ext/dba/dba_db3.c -@@ -96,9 +96,9 @@ - dbp->set_errcall(dbp, php_dba_db3_errcall_fcn); - if( - #if (DB_VERSION_MAJOR > 4 || (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1)) -- (err=dbp->open(dbp, 0, info->path, NULL, type, gmode, filemode)) == 0) { -+ (err=(dbp->open)(dbp, 0, info->path, NULL, type, gmode, filemode)) == 0) { - #else -- (err=dbp->open(dbp, info->path, NULL, type, gmode, filemode)) == 0) { -+ (err=(dbp->open)(dbp, info->path, NULL, type, gmode, filemode)) == 0) { - #endif - dba_db3_data *data; - -diff --git a/ext/dba/dba_db4.c b/ext/dba/dba_db4.c -index 63a69bd..a77cc22 100644 ---- a/ext/dba/dba_db4.c -+++ b/ext/dba/dba_db4.c -@@ -125,9 +125,9 @@ - dbp->set_errcall(dbp, php_dba_db4_errcall_fcn); - if ( - #if (DB_VERSION_MAJOR > 4 || (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1)) -- (err=dbp->open(dbp, 0, info->path, NULL, type, gmode, filemode)) == 0) { -+ (err=(dbp->open)(dbp, 0, info->path, NULL, type, gmode, filemode)) == 0) { - #else -- (err=dbp->open(dbp, info->path, NULL, type, gmode, filemode)) == 0) { -+ (err=(dbp->open)(dbp, info->path, NULL, type, gmode, filemode)) == 0) { - #endif - dba_db4_data *data; - -diff --git a/ext/zlib/zlib.c b/ext/zlib/zlib.c -index fde9f02..592793c 100644 ---- a/ext/zlib/zlib.c -+++ b/ext/zlib/zlib.c -@@ -49,6 +49,18 @@ - int le_deflate; - int le_inflate; - -+/* -+ * zlib include files can define the following preprocessor defines which rename -+ * the corresponding PHP functions to gzopen64, gzseek64 and gztell64 and thereby -+ * breaking some software, most notably PEAR's Archive_Tar, which halts execution -+ * without error message on gzip compressed archivesa. -+ * -+ * This only seems to happen on 32bit systems with large file support. -+ */ -+#undef gzopen -+#undef gzseek -+#undef gztell -+ - ZEND_DECLARE_MODULE_GLOBALS(zlib); - - /* {{{ Memory management wrappers */ -diff --git a/ext/standard/tests/strings/setlocale_variation2.phpt b/ext/standard/tests/strings/setlocale_variation2.phpt -index fad3298..346c987 100644 ---- a/ext/standard/tests/strings/setlocale_variation2.phpt -+++ b/ext/standard/tests/strings/setlocale_variation2.phpt -@@ -55,6 +55,7 @@ - //try different locale names - $failure_locale = array(); - $success_count = 0; -+$expected = 0; - - echo "-- Test setlocale() with all available locale in the system --\n"; - // gather all locales installed in the system(stored $all_system_locales), -@@ -64,6 +65,10 @@ - if(setlocale(LC_ALL,$value )){ - $success_count++; - } -+ else if ($value == 'no_NO.ISO-8859-1') { -+ // ignore this one, see rhbz #971416 -+ $expected++; -+ } - else{ - //failure values are put in to an array $failure_locale - $failure_locale[] = $value; -@@ -72,11 +77,11 @@ - - echo "No of locales found on the machine = ".count($all_system_locales)."\n"; - echo "No of setlocale() success = ".$success_count."\n"; --echo "Expected no of failures = 0\n"; -+echo "Expected no of failures = $expected\n"; - echo "Test "; - // check if there were any failure of setlocale() function earlier, if any - // failure then dump the list of failing locales --if($success_count != count($all_system_locales)){ -+if($success_count + $expected != count($all_system_locales)){ - echo "FAILED\n"; - echo "Names of locale() for which setlocale() failed ...\n"; - var_dump($failure_locale); -@@ -92,6 +97,6 @@ - -- Test setlocale() with all available locale in the system -- - No of locales found on the machine = %d - No of setlocale() success = %d --Expected no of failures = 0 -+Expected no of failures = %d - Test PASSED - Done -diff --git a/ext/pcre/tests/bug37911.phpt b/ext/pcre/tests/bug37911.phpt -index 2b7481a..0d2859d 100644 ---- a/ext/pcre/tests/bug37911.phpt -+++ b/ext/pcre/tests/bug37911.phpt -@@ -37,5 +37,5 @@ - string(4) "blub" - } - --Warning: preg_replace_callback(): Compilation failed: group name must start with a non-digit at offset %d in %sbug37911.php on line %d -+Warning: preg_replace_callback(): Numeric named subpatterns are not allowed in %sbug37911.php on line %d - NULL -diff --git a/ext/pcre/tests/grep2.phpt b/ext/pcre/tests/grep2.phpt -index 1a8476c..0cf8d4a 100644 ---- a/ext/pcre/tests/grep2.phpt -+++ b/ext/pcre/tests/grep2.phpt -@@ -40,12 +40,6 @@ - string(1) "1" - } - bool(true) --array(3) { -- [5]=> -- string(1) "a" -- ["xyz"]=> -- string(2) "q6" -- [6]=> -- string(3) "h20" -+array(0) { - } --bool(false) -+bool(true) -diff --git a/ext/pcre/tests/match_flags3.phpt b/ext/pcre/tests/match_flags3.phpt -index 695f0c1..05c62a0 100644 ---- a/ext/pcre/tests/match_flags3.phpt -+++ b/ext/pcre/tests/match_flags3.phpt -@@ -41,5 +41,5 @@ - } - } - --Warning: preg_match(): Compilation failed: group name must start with a non-digit at offset %d in %smatch_flags3.php on line %d -+Warning: preg_match(): Numeric named subpatterns are not allowed in %smatch_flags3.php on line %d - bool(false) -diff --git a/main/SAPI.c b/main/SAPI.c -index 6216fd8..0138335 100644 ---- a/main/SAPI.c -+++ b/main/SAPI.c -@@ -1104,6 +1104,56 @@ - } - } - -+SAPI_API void sapi_add_request_header(char *var, unsigned int var_len, char *val, unsigned int val_len, void *arg) /* {{{ */ -+{ -+ zval *return_value = (zval*)arg; -+ char *str = NULL; -+ -+ ALLOCA_FLAG(use_heap) -+ -+ if (var_len > 5 && -+ var[0] == 'H' && -+ var[1] == 'T' && -+ var[2] == 'T' && -+ var[3] == 'P' && -+ var[4] == '_') { -+ -+ char *p; -+ -+ var_len -= 5; -+ p = var + 5; -+ var = str = do_alloca(var_len + 1, use_heap); -+ *str++ = *p++; -+ while (*p) { -+ if (*p == '_') { -+ *str++ = '-'; -+ p++; -+ if (*p) { -+ *str++ = *p++; -+ } -+ } else if (*p >= 'A' && *p <= 'Z') { -+ *str++ = (*p++ - 'A' + 'a'); -+ } else { -+ *str++ = *p++; -+ } -+ } -+ *str = 0; -+ } else if (var_len == sizeof("CONTENT_TYPE")-1 && -+ memcmp(var, "CONTENT_TYPE", sizeof("CONTENT_TYPE")-1) == 0) { -+ var = "Content-Type"; -+ } else if (var_len == sizeof("CONTENT_LENGTH")-1 && -+ memcmp(var, "CONTENT_LENGTH", sizeof("CONTENT_LENGTH")-1) == 0) { -+ var = "Content-Length"; -+ } else { -+ return; -+ } -+ add_assoc_stringl_ex(return_value, var, var_len, val, val_len); -+ if (str) { -+ free_alloca(var, use_heap); -+ } -+} -+/* }}} */ -+ - /* - * Local variables: - * tab-width: 4 -diff --git a/main/SAPI.h b/main/SAPI.h -index 5a5620b..d452240 100644 ---- a/main/SAPI.h -+++ b/main/SAPI.h -@@ -151,6 +151,7 @@ - SAPI_API void sapi_activate(void); - SAPI_API void sapi_deactivate(void); - SAPI_API void sapi_initialize_empty_request(void); -+SAPI_API void sapi_add_request_header(char *var, unsigned int var_len, char *val, unsigned int val_len, void *arg); - END_EXTERN_C() - - /* -diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c -index 16bb212..2eed928 100644 ---- a/sapi/cgi/cgi_main.c -+++ b/sapi/cgi/cgi_main.c -@@ -1596,54 +1596,6 @@ - } - /* }}} */ - --static void add_request_header(char *var, unsigned int var_len, char *val, unsigned int val_len, void *arg) /* {{{ */ --{ -- zval *return_value = (zval*)arg; -- char *str = NULL; -- char *p; -- ALLOCA_FLAG(use_heap) -- -- if (var_len > 5 && -- var[0] == 'H' && -- var[1] == 'T' && -- var[2] == 'T' && -- var[3] == 'P' && -- var[4] == '_') { -- -- var_len -= 5; -- p = var + 5; -- var = str = do_alloca(var_len + 1, use_heap); -- *str++ = *p++; -- while (*p) { -- if (*p == '_') { -- *str++ = '-'; -- p++; -- if (*p) { -- *str++ = *p++; -- } -- } else if (*p >= 'A' && *p <= 'Z') { -- *str++ = (*p++ - 'A' + 'a'); -- } else { -- *str++ = *p++; -- } -- } -- *str = 0; -- } else if (var_len == sizeof("CONTENT_TYPE")-1 && -- memcmp(var, "CONTENT_TYPE", sizeof("CONTENT_TYPE")-1) == 0) { -- var = "Content-Type"; -- } else if (var_len == sizeof("CONTENT_LENGTH")-1 && -- memcmp(var, "CONTENT_LENGTH", sizeof("CONTENT_LENGTH")-1) == 0) { -- var = "Content-Length"; -- } else { -- return; -- } -- add_assoc_stringl_ex(return_value, var, var_len, val, val_len); -- if (str) { -- free_alloca(var, use_heap); -- } --} --/* }}} */ -- - PHP_FUNCTION(apache_request_headers) /* {{{ */ - { - if (zend_parse_parameters_none()) { -@@ -1653,7 +1605,7 @@ - if (fcgi_is_fastcgi()) { - fcgi_request *request = (fcgi_request*) SG(server_context); - -- fcgi_loadenv(request, add_request_header, return_value); -+ fcgi_loadenv(request, sapi_add_request_header, return_value); - } else { - char buf[128]; - char **env, *p, *q, *var, *val, *t = buf; -diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c -index b0e6226..702946a 100644 ---- a/sapi/fpm/fpm/fpm_main.c -+++ b/sapi/fpm/fpm/fpm_main.c -@@ -1533,6 +1533,10 @@ - { - fcgi_request *request = (fcgi_request*) SG(server_context); - -+ if (zend_parse_parameters_none() == FAILURE) { -+ return; -+ } -+ - if (!fcgi_is_closed(request)) { - php_output_end_all(); - php_header(); -@@ -1547,8 +1551,27 @@ - } - /* }}} */ - -+ZEND_BEGIN_ARG_INFO(cgi_fcgi_sapi_no_arginfo, 0) -+ZEND_END_ARG_INFO() -+ -+PHP_FUNCTION(apache_request_headers) /* {{{ */ -+{ -+ fcgi_request *request; -+ -+ if (zend_parse_parameters_none() == FAILURE) { -+ return; -+ } -+ -+ array_init(return_value); -+ if ((request = (fcgi_request*) SG(server_context))) { -+ fcgi_loadenv(request, sapi_add_request_header, return_value); -+ } -+} /* }}} */ -+ - static const zend_function_entry cgi_fcgi_sapi_functions[] = { -- PHP_FE(fastcgi_finish_request, NULL) -+ PHP_FE(fastcgi_finish_request, cgi_fcgi_sapi_no_arginfo) -+ PHP_FE(apache_request_headers, cgi_fcgi_sapi_no_arginfo) -+ PHP_FALIAS(getallheaders, apache_request_headers, cgi_fcgi_sapi_no_arginfo) - PHP_FE_END - }; - ---- /dev/null -+++ b/sapi/fpm/tests/getallheaders.phpt -@@ -0,0 +1,67 @@ -+--TEST-- -+FPM: Function getallheaders basic test -+--SKIPIF-- -+<?php include "skipif.inc"; ?> -+--FILE-- -+<?php -+ -+require_once "tester.inc"; -+ -+$cfg = <<<EOT -+[global] -+error_log = {{FILE:LOG}} -+[unconfined] -+listen = {{ADDR}} -+pm = dynamic -+pm.max_children = 5 -+pm.start_servers = 1 -+pm.min_spare_servers = 1 -+pm.max_spare_servers = 3 -+EOT; -+ -+$code = <<<EOT -+<?php -+echo "Test Start\n"; -+var_dump(getallheaders()); -+echo "Test End\n"; -+EOT; -+ -+$headers = []; -+$tester = new FPM\Tester($cfg, $code); -+$tester->start(); -+$tester->expectLogStartNotices(); -+$tester->request( -+ '', -+ [ -+ 'HTTP_X_FOO' => 'BAR', -+ 'HTTP_FOO' => 'foo' -+ ] -+ )->expectBody( -+ [ -+ 'Test Start', -+ 'array(4) {', -+ ' ["Foo"]=>', -+ ' string(3) "foo"', -+ ' ["X-Foo"]=>', -+ ' string(3) "BAR"', -+ ' ["Content-Length"]=>', -+ ' string(1) "0"', -+ ' ["Content-Type"]=>', -+ ' string(0) ""', -+ '}', -+ 'Test End', -+ ] -+ ); -+$tester->terminate(); -+$tester->expectLogTerminatingNotices(); -+$tester->close(); -+ -+?> -+Done -+--EXPECT-- -+Done -+--CLEAN-- -+<?php -+require_once "tester.inc"; -+FPM\Tester::clean(); -+?> -diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c -index 6b29266..af1d8db 100644 ---- a/ext/zip/php_zip.c -+++ b/ext/zip/php_zip.c -@@ -1477,6 +1477,21 @@ - ze_obj->filename = NULL; - } - -+#if LIBZIP_VERSION_MAJOR > 1 || LIBZIP_VERSION_MAJOR == 1 && LIBZIP_VERSION_MINOR >= 6 -+ /* reduce BC break introduce in libzip 1.6.0 -+ "Do not accept empty files as valid zip archives any longer" */ -+ -+ /* open for write without option to empty the archive */ -+ if ((flags & (ZIP_TRUNCATE | ZIP_RDONLY)) == 0) { -+ zend_stat_t st; -+ -+ /* exists and is empty */ -+ if (VCWD_STAT(resolved_path, &st) == 0 && st.st_size == 0) { -+ flags |= ZIP_TRUNCATE; -+ } -+ } -+#endif -+ - intern = zip_open(resolved_path, flags, &err); - if (!intern || err) { - efree(resolved_path); -diff --git a/sapi/fpm/tests/tester.inc b/sapi/fpm/tests/tester.inc -index 89bbb90..5335d76 100644 ---- a/sapi/fpm/tests/tester.inc -+++ b/sapi/fpm/tests/tester.inc -@@ -860,7 +860,17 @@ - { - $port = $this->getPort($type, $pool, true); - if ($type === 'uds') { -- return $this->getFile($port . '.sock'); -+ $address = $this->getFile($port . '.sock'); -+ -+ // Socket max path length is 108 on Linux and 104 on BSD, -+ // so we use the latter -+ if (strlen($address) <= 104) { -+ return $address; -+ } -+ -+ return sys_get_temp_dir().'/'. -+ hash('crc32', dirname($address)).'-'. -+ basename($address); - } - - return $this->getHost($type) . ':' . $port; -diff --git a/ext/standard/tests/strings/url_t.phpt b/ext/standard/tests/strings/url_t.phpt -index 79ff3bc..f564f59 100644 ---- a/ext/standard/tests/strings/url_t.phpt -+++ b/ext/standard/tests/strings/url_t.phpt -@@ -575,15 +575,13 @@ - string(16) "some_page_ref123" - } - ----> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123: array(7) { -+--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123: array(6) { - ["scheme"]=> - string(4) "http" - ["host"]=> -- string(11) "www.php.net" -+ string(26) "secret@hideout@www.php.net" - ["port"]=> - int(80) -- ["user"]=> -- string(14) "secret@hideout" - ["path"]=> - string(10) "/index.php" - ["query"]=> ---- /dev/null -+++ b/ext/standard/tests/url/bug77423.phpt -@@ -0,0 +1,30 @@ -+--TEST-- -+Bug #77423 (parse_url() will deliver a wrong host to user) -+--FILE-- -+<?php -+$urls = array( -+ "http://php.net\@aliyun.com/aaa.do", -+ "https://example.com\uFF03@bing.com", -+); -+foreach ($urls as $url) { -+ var_dump(filter_var($url, FILTER_VALIDATE_URL)); -+ var_dump(parse_url($url)); -+} -+?> -+--EXPECT-- -+bool(false) -+array(3) { -+ ["scheme"]=> -+ string(4) "http" -+ ["host"]=> -+ string(19) "php.net\@aliyun.com" -+ ["path"]=> -+ string(7) "/aaa.do" -+} -+bool(false) -+array(2) { -+ ["scheme"]=> -+ string(5) "https" -+ ["host"]=> -+ string(26) "example.com\uFF03@bing.com" -+} -diff --git a/ext/standard/tests/url/parse_url_basic_001.phpt b/ext/standard/tests/url/parse_url_basic_001.phpt -index 4606849..5101099 100644 ---- a/ext/standard/tests/url/parse_url_basic_001.phpt -+++ b/ext/standard/tests/url/parse_url_basic_001.phpt -@@ -506,15 +506,13 @@ - string(16) "some_page_ref123" - } - ----> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123: array(7) { -+--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123: array(6) { - ["scheme"]=> - string(4) "http" - ["host"]=> -- string(11) "www.php.net" -+ string(26) "secret@hideout@www.php.net" - ["port"]=> - int(80) -- ["user"]=> -- string(14) "secret@hideout" - ["path"]=> - string(10) "/index.php" - ["query"]=> -diff --git a/ext/standard/tests/url/parse_url_basic_003.phpt b/ext/standard/tests/url/parse_url_basic_003.phpt -index 3d5a4a3..7968fd3 100644 ---- a/ext/standard/tests/url/parse_url_basic_003.phpt -+++ b/ext/standard/tests/url/parse_url_basic_003.phpt -@@ -68,7 +68,7 @@ - --> http://secret:@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net" - --> http://:hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net" - --> http://secret:hideout@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net" ----> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net" -+--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(26) "secret@hideout@www.php.net" - --> http://secret:hid:out@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net" - --> nntp://news.php.net : string(12) "news.php.net" - --> ftp://ftp.gnu.org/gnu/glic/glibc.tar.gz : string(11) "ftp.gnu.org" -diff --git a/ext/standard/tests/url/parse_url_basic_005.phpt b/ext/standard/tests/url/parse_url_basic_005.phpt -index aefb339..ba778bf 100644 ---- a/ext/standard/tests/url/parse_url_basic_005.phpt -+++ b/ext/standard/tests/url/parse_url_basic_005.phpt -@@ -68,7 +68,7 @@ - --> http://secret:@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(6) "secret" - --> http://:hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(0) "" - --> http://secret:hideout@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(6) "secret" ----> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(14) "secret@hideout" -+--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : NULL - --> http://secret:hid:out@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(6) "secret" - --> nntp://news.php.net : NULL - --> ftp://ftp.gnu.org/gnu/glic/glibc.tar.gz : NULL -diff --git a/ext/standard/tests/url/parse_url_unterminated.phpt b/ext/standard/tests/url/parse_url_unterminated.phpt -index 912b6a5..875d93a 100644 ---- a/ext/standard/tests/url/parse_url_unterminated.phpt -+++ b/ext/standard/tests/url/parse_url_unterminated.phpt -@@ -508,15 +508,13 @@ - string(16) "some_page_ref123" - } - ----> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123: array(7) { -+--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123: array(6) { - ["scheme"]=> - string(4) "http" - ["host"]=> -- string(11) "www.php.net" -+ string(26) "secret@hideout@www.php.net" - ["port"]=> - int(80) -- ["user"]=> -- string(14) "secret@hideout" - ["path"]=> - string(10) "/index.php" - ["query"]=> -diff --git a/ext/standard/url.c b/ext/standard/url.c -index 1dd073e..8d155bb 100644 ---- a/ext/standard/url.c -+++ b/ext/standard/url.c -@@ -92,6 +92,22 @@ - return php_url_parse_ex(str, strlen(str)); - } - -+static int is_userinfo_valid(const char *str, size_t len) -+{ -+ char *valid = "-._~!$&'()*+,;=:"; -+ char *p = str; -+ while (p - str < len) { -+ if (isalpha(*p) || isdigit(*p) || strchr(valid, *p)) { -+ p++; -+ } else if (*p == '%' && p - str <= len - 3 && isdigit(*(p+1)) && isxdigit(*(p+2))) { -+ p += 3; -+ } else { -+ return 0; -+ } -+ } -+ return 1; -+} -+ - /* {{{ php_url_parse - */ - PHPAPI php_url *php_url_parse_ex(char const *str, size_t length) -@@ -235,13 +251,18 @@ - ret->pass = estrndup(pp, (p-pp)); - php_replace_controlchars_ex(ret->pass, (p-pp)); - } else { -+ if (!is_userinfo_valid(s, p-s)) { -+ goto check_port; -+ } - ret->user = estrndup(s, (p-s)); - php_replace_controlchars_ex(ret->user, (p-s)); -+ - } - - s = p + 1; - } - -+check_port: - /* check for port */ - if (s < ue && *s == '[' && *(e-1) == ']') { - /* Short circuit portscan, -diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c -index 37eb5e1..9cac226 100644 ---- a/ext/imap/php_imap.c -+++ b/ext/imap/php_imap.c -@@ -3528,6 +3528,23 @@ - } - /* }}} */ - -+static zend_bool header_injection(zend_string *str, zend_bool adrlist) -+{ -+ char *p = ZSTR_VAL(str); -+ -+ while ((p = strpbrk(p, "\r\n")) != NULL) { -+ if (!(p[0] == '\r' && p[1] == '\n') -+ /* adrlists do not support folding, but swallow trailing line breaks */ -+ && !((adrlist && p[1] == '\0') -+ /* other headers support folding */ -+ || !adrlist && (p[1] == ' ' || p[1] == '\t'))) { -+ return 1; -+ } -+ p++; -+ } -+ return 0; -+} -+ - /* {{{ proto string imap_mail_compose(array envelope, array body) - Create a MIME message based on given envelope and body sections */ - PHP_FUNCTION(imap_mail_compose) -@@ -3548,6 +3565,13 @@ - return; - } - -+#define CHECK_HEADER_INJECTION(zstr, adrlist, header) \ -+ if (header_injection(zstr, adrlist)) { \ -+ php_error_docref(NULL, E_WARNING, "header injection attempt in " header); \ -+ RETVAL_FALSE; \ -+ goto done; \ -+ } -+ - #define PHP_RFC822_PARSE_ADRLIST(target, value) \ - str_copy = estrndup(Z_STRVAL_P(value), Z_STRLEN_P(value)); \ - rfc822_parse_adrlist(target, str_copy, "NO HOST"); \ -@@ -3556,46 +3580,57 @@ - env = mail_newenvelope(); - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(envelope), "remail", sizeof("remail") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 0, "remail"); - env->remail = cpystr(Z_STRVAL_P(pvalue)); - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(envelope), "return_path", sizeof("return_path") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 1, "return_path"); - PHP_RFC822_PARSE_ADRLIST(&env->return_path, pvalue); - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(envelope), "date", sizeof("date") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 0, "date"); - env->date = (unsigned char*)cpystr(Z_STRVAL_P(pvalue)); - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(envelope), "from", sizeof("from") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 1, "from"); - PHP_RFC822_PARSE_ADRLIST(&env->from, pvalue); - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(envelope), "reply_to", sizeof("reply_to") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 1, "reply_to"); - PHP_RFC822_PARSE_ADRLIST(&env->reply_to, pvalue); - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(envelope), "in_reply_to", sizeof("in_reply_to") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 0, "in_reply_to"); - env->in_reply_to = cpystr(Z_STRVAL_P(pvalue)); - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(envelope), "subject", sizeof("subject") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 0, "subject"); - env->subject = cpystr(Z_STRVAL_P(pvalue)); - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(envelope), "to", sizeof("to") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 1, "to"); - PHP_RFC822_PARSE_ADRLIST(&env->to, pvalue); - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(envelope), "cc", sizeof("cc") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 1, "cc"); - PHP_RFC822_PARSE_ADRLIST(&env->cc, pvalue); - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(envelope), "bcc", sizeof("bcc") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 1, "bcc"); - PHP_RFC822_PARSE_ADRLIST(&env->bcc, pvalue); - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(envelope), "message_id", sizeof("message_id") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 0, "message_id"); - env->message_id=cpystr(Z_STRVAL_P(pvalue)); - } - -@@ -3605,6 +3640,7 @@ - ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(pvalue), env_data) { - custom_headers_param = mail_newbody_parameter(); - convert_to_string_ex(env_data); -+ CHECK_HEADER_INJECTION(Z_STR_P(env_data), 0, "custom_headers"); - custom_headers_param->value = (char *) fs_get(Z_STRLEN_P(env_data) + 1); - custom_headers_param->attribute = NULL; - memcpy(custom_headers_param->value, Z_STRVAL_P(env_data), Z_STRLEN_P(env_data) + 1); -@@ -3637,6 +3673,7 @@ - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(data), "charset", sizeof("charset") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 0, "body charset"); - tmp_param = mail_newbody_parameter(); - tmp_param->value = cpystr(Z_STRVAL_P(pvalue)); - tmp_param->attribute = cpystr("CHARSET"); -@@ -3647,9 +3684,11 @@ - if(Z_TYPE_P(pvalue) == IS_ARRAY) { - disp_param = tmp_param = NULL; - ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(pvalue), key, disp_data) { -+ CHECK_HEADER_INJECTION(key, 0, "body disposition key"); - disp_param = mail_newbody_parameter(); - disp_param->attribute = cpystr(ZSTR_VAL(key)); - convert_to_string_ex(disp_data); -+ CHECK_HEADER_INJECTION(Z_STR_P(disp_data), 0, "body disposition value"); - disp_param->value = (char *) fs_get(Z_STRLEN_P(disp_data) + 1); - memcpy(disp_param->value, Z_STRVAL_P(disp_data), Z_STRLEN_P(disp_data) + 1); - disp_param->next = tmp_param; -@@ -3660,18 +3699,22 @@ - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(data), "subtype", sizeof("subtype") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 0, "body subtype"); - bod->subtype = cpystr(Z_STRVAL_P(pvalue)); - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(data), "id", sizeof("id") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 0, "body id"); - bod->id = cpystr(Z_STRVAL_P(pvalue)); - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(data), "description", sizeof("description") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 0, "body description"); - bod->description = cpystr(Z_STRVAL_P(pvalue)); - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(data), "disposition.type", sizeof("disposition.type") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 0, "body disposition.type"); - bod->disposition.type = (char *) fs_get(Z_STRLEN_P(pvalue) + 1); - memcpy(bod->disposition.type, Z_STRVAL_P(pvalue), Z_STRLEN_P(pvalue)+1); - } -@@ -3679,9 +3722,11 @@ - if (Z_TYPE_P(pvalue) == IS_ARRAY) { - disp_param = tmp_param = NULL; - ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(pvalue), key, disp_data) { -+ CHECK_HEADER_INJECTION(key, 0, "body type.parameters key"); - disp_param = mail_newbody_parameter(); - disp_param->attribute = cpystr(ZSTR_VAL(key)); - convert_to_string_ex(disp_data); -+ CHECK_HEADER_INJECTION(Z_STR_P(disp_data), 0, "body type.parameters value"); - disp_param->value = (char *) fs_get(Z_STRLEN_P(disp_data) + 1); - memcpy(disp_param->value, Z_STRVAL_P(disp_data), Z_STRLEN_P(disp_data) + 1); - disp_param->next = tmp_param; -@@ -3710,6 +3755,7 @@ - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(data), "md5", sizeof("md5") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 0, "body md5"); - bod->md5 = cpystr(Z_STRVAL_P(pvalue)); - } - } else if (Z_TYPE_P(data) == IS_ARRAY) { -@@ -3740,6 +3786,7 @@ - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(data), "charset", sizeof("charset") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 0, "body charset"); - tmp_param = mail_newbody_parameter(); - tmp_param->value = (char *) fs_get(Z_STRLEN_P(pvalue) + 1); - memcpy(tmp_param->value, Z_STRVAL_P(pvalue), Z_STRLEN_P(pvalue) + 1); -@@ -3751,9 +3798,11 @@ - if (Z_TYPE_P(pvalue) == IS_ARRAY) { - disp_param = tmp_param = NULL; - ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(pvalue), key, disp_data) { -+ CHECK_HEADER_INJECTION(key, 0, "body type.parameters key"); - disp_param = mail_newbody_parameter(); - disp_param->attribute = cpystr(ZSTR_VAL(key)); - convert_to_string_ex(disp_data); -+ CHECK_HEADER_INJECTION(Z_STR_P(disp_data), 0, "body type.parameters value"); - disp_param->value = (char *)fs_get(Z_STRLEN_P(disp_data) + 1); - memcpy(disp_param->value, Z_STRVAL_P(disp_data), Z_STRLEN_P(disp_data) + 1); - disp_param->next = tmp_param; -@@ -3764,18 +3813,22 @@ - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(data), "subtype", sizeof("subtype") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 0, "body subtype"); - bod->subtype = cpystr(Z_STRVAL_P(pvalue)); - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(data), "id", sizeof("id") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 0, "body id"); - bod->id = cpystr(Z_STRVAL_P(pvalue)); - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(data), "description", sizeof("description") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 0, "body description"); - bod->description = cpystr(Z_STRVAL_P(pvalue)); - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(data), "disposition.type", sizeof("disposition.type") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 0, "body disposition.type"); - bod->disposition.type = (char *) fs_get(Z_STRLEN_P(pvalue) + 1); - memcpy(bod->disposition.type, Z_STRVAL_P(pvalue), Z_STRLEN_P(pvalue)+1); - } -@@ -3783,9 +3836,11 @@ - if (Z_TYPE_P(pvalue) == IS_ARRAY) { - disp_param = tmp_param = NULL; - ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(pvalue), key, disp_data) { -+ CHECK_HEADER_INJECTION(key, 0, "body disposition key"); - disp_param = mail_newbody_parameter(); - disp_param->attribute = cpystr(ZSTR_VAL(key)); - convert_to_string_ex(disp_data); -+ CHECK_HEADER_INJECTION(Z_STR_P(disp_data), 0, "body disposition value"); - disp_param->value = (char *) fs_get(Z_STRLEN_P(disp_data) + 1); - memcpy(disp_param->value, Z_STRVAL_P(disp_data), Z_STRLEN_P(disp_data) + 1); - disp_param->next = tmp_param; -@@ -3814,6 +3869,7 @@ - } - if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(data), "md5", sizeof("md5") - 1)) != NULL) { - convert_to_string_ex(pvalue); -+ CHECK_HEADER_INJECTION(Z_STR_P(pvalue), 0, "body md5"); - bod->md5 = cpystr(Z_STRVAL_P(pvalue)); - } - } ---- /dev/null -+++ b/ext/imap/tests/bug80710_1.phpt -@@ -0,0 +1,37 @@ -+--TEST-- -+Bug #80710 (imap_mail_compose() header injection) - MIME Splitting Attack -+--SKIPIF-- -+<?php -+if (!extension_loaded("imap")) die("skip imap extension not available"); -+?> -+--FILE-- -+<?php -+$envelope["from"]= "joe@example.com\n From : X-INJECTED"; -+$envelope["to"] = "foo@example.com\nFrom: X-INJECTED"; -+$envelope["cc"] = "bar@example.com\nFrom: X-INJECTED"; -+$envelope["subject"] = "bar@example.com\n\n From : X-INJECTED"; -+$envelope["x-remail"] = "bar@example.com\nFrom: X-INJECTED"; -+$envelope["something"] = "bar@example.com\nFrom: X-INJECTED"; -+ -+$part1["type"] = TYPEMULTIPART; -+$part1["subtype"] = "mixed"; -+ -+$part2["type"] = TYPEAPPLICATION; -+$part2["encoding"] = ENCBINARY; -+$part2["subtype"] = "octet-stream\nContent-Type: X-INJECTED"; -+$part2["description"] = "some file\nContent-Type: X-INJECTED"; -+$part2["contents.data"] = "ABC\nContent-Type: X-INJECTED"; -+ -+$part3["type"] = TYPETEXT; -+$part3["subtype"] = "plain"; -+$part3["description"] = "description3"; -+$part3["contents.data"] = "contents.data3\n\n\n\t"; -+ -+$body[1] = $part1; -+$body[2] = $part2; -+$body[3] = $part3; -+ -+echo imap_mail_compose($envelope, $body); -+?> -+--EXPECTF-- -+Warning: imap_mail_compose(): header injection attempt in from in %s on line %d ---- /dev/null -+++ b/ext/imap/tests/bug80710_2.phpt -@@ -0,0 +1,37 @@ -+--TEST-- -+Bug #80710 (imap_mail_compose() header injection) - Remail -+--SKIPIF-- -+<?php -+if (!extension_loaded("imap")) die("skip imap extension not available"); -+?> -+--FILE-- -+<?php -+$envelope["from"]= "joe@example.com\n From : X-INJECTED"; -+$envelope["to"] = "foo@example.com\nFrom: X-INJECTED"; -+$envelope["cc"] = "bar@example.com\nFrom: X-INJECTED"; -+$envelope["subject"] = "bar@example.com\n\n From : X-INJECTED"; -+$envelope["remail"] = "X-INJECTED-REMAIL: X-INJECTED\nFrom: X-INJECTED-REMAIL-FROM"; //<--- Injected as first hdr -+$envelope["something"] = "bar@example.com\nFrom: X-INJECTED"; -+ -+$part1["type"] = TYPEMULTIPART; -+$part1["subtype"] = "mixed"; -+ -+$part2["type"] = TYPEAPPLICATION; -+$part2["encoding"] = ENCBINARY; -+$part2["subtype"] = "octet-stream\nContent-Type: X-INJECTED"; -+$part2["description"] = "some file\nContent-Type: X-INJECTED"; -+$part2["contents.data"] = "ABC\nContent-Type: X-INJECTED"; -+ -+$part3["type"] = TYPETEXT; -+$part3["subtype"] = "plain"; -+$part3["description"] = "description3"; -+$part3["contents.data"] = "contents.data3\n\n\n\t"; -+ -+$body[1] = $part1; -+$body[2] = $part2; -+$body[3] = $part3; -+ -+echo imap_mail_compose($envelope, $body); -+?> -+--EXPECTF-- -+Warning: imap_mail_compose(): header injection attempt in remail in %s on line %d -diff --git a/ext/pdo_firebird/firebird_statement.c b/ext/pdo_firebird/firebird_statement.c -index 1c0f5b6..c5e6b68 100644 ---- a/ext/pdo_firebird/firebird_statement.c -+++ b/ext/pdo_firebird/firebird_statement.c -@@ -294,6 +294,11 @@ - unsigned short seg_len; - ISC_STATUS stat; - -+ /* prevent overflow */ -+ if (*len == ZEND_ULONG_MAX) { -+ result = 0; -+ goto fetch_blob_end; -+ } - *ptr = S->fetch_buf[colno] = erealloc(S->fetch_buf[colno], *len+1); - - for (cur_len = stat = 0; (!stat || stat == isc_segment) && cur_len < *len; cur_len += seg_len) { ---- /dev/null -+++ b/ext/pdo_firebird/tests/bug_76452.data -@@ -0,0 +1 @@ -+ -\ No newline at end of file ---- /dev/null -+++ b/ext/pdo_firebird/tests/bug_76452.phpt -@@ -0,0 +1,31 @@ -+--TEST-- -+Bug ##76452 (Crash while parsing blob data in firebird_fetch_blob) -+--SKIPIF-- -+<?php require('skipif.inc'); ?> -+--FILE-- -+<?php -+require_once "payload_server.inc"; -+ -+$address = run_server(__DIR__ . "/bug_76452.data"); -+ -+// no need to change the credentials; we're running against a falke server -+$dsn = "firebird:dbname=inet://$address/test"; -+$username = 'SYSDBA'; -+$password = 'masterkey'; -+ -+$dbh = new PDO($dsn, $username, $password, [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]); -+$query = $dbh->prepare("select * from test"); -+$query->execute(); -+var_dump($query->fetch()); -+?> -+--EXPECT-- -+array(4) { -+ ["AAA"]=> -+ string(4) "hihi" -+ [0]=> -+ string(4) "hihi" -+ ["BBBB"]=> -+ NULL -+ [1]=> -+ NULL -+} -diff --git a/ext/pdo_firebird/firebird_statement.c b/ext/pdo_firebird/firebird_statement.c -index c5e6b68..bdde6c7 100644 ---- a/ext/pdo_firebird/firebird_statement.c -+++ b/ext/pdo_firebird/firebird_statement.c -@@ -133,8 +133,14 @@ - } - if (result[0] == isc_info_sql_records) { - unsigned i = 3, result_size = isc_vax_integer(&result[1], 2); -+ if (result_size > sizeof(result)) { -+ goto error; -+ } - while (result[i] != isc_info_end && i < result_size) { - short len = (short) isc_vax_integer(&result[i + 1], 2); -+ if (len != 1 && len != 2 && len != 4) { -+ goto error; -+ } - if (result[i] != isc_info_req_select_count) { - affected_rows += isc_vax_integer(&result[i + 3], len); - } -@@ -158,6 +164,7 @@ - return 1; - } while (0); - -+error: - RECORD_ERROR(stmt); - - return 0; ---- /dev/null -+++ b/ext/pdo_firebird/tests/bug_76450.data -@@ -0,0 +1 @@ -+ -\ No newline at end of file ---- /dev/null -+++ b/ext/pdo_firebird/tests/bug_76450.phpt -@@ -0,0 +1,29 @@ -+--TEST-- -+Bug #76450 (SIGSEGV in firebird_stmt_execute) -+--SKIPIF-- -+<?php -+if (!extension_loaded('pdo_firebird')) die("skip pdo_firebird extension not available"); -+if (!extension_loaded('sockets')) die("skip sockets extension not available"); -+?> -+--FILE-- -+<?php -+require_once "payload_server.inc"; -+ -+$address = run_server(__DIR__ . "/bug_76450.data"); -+ -+// no need to change the credentials; we're running against a fake server -+$dsn = "firebird:dbname=inet://$address/test"; -+$username = 'SYSDBA'; -+$password = 'masterkey'; -+ -+$dbh = new PDO($dsn, $username, $password, [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]); -+$sql = "EXECUTE PROCEDURE test_proc 123"; -+$query = $dbh->prepare($sql); -+try { -+ $query->execute(); -+} catch (Exception $ex) { -+ echo "{$ex->getMessage()}\n"; -+} -+?> -+--EXPECT-- -+SQLSTATE[HY000]: General error -diff --git a/ext/pdo_firebird/firebird_driver.c b/ext/pdo_firebird/firebird_driver.c -index 34e234a..fb9dbaa 100644 ---- a/ext/pdo_firebird/firebird_driver.c -+++ b/ext/pdo_firebird/firebird_driver.c -@@ -205,8 +205,17 @@ - if (result[0] == isc_info_sql_records) { - unsigned i = 3, result_size = isc_vax_integer(&result[1],2); - -+ if (result_size > sizeof(result)) { -+ ret = -1; -+ goto free_statement; -+ } - while (result[i] != isc_info_end && i < result_size) { - short len = (short)isc_vax_integer(&result[i+1],2); -+ /* bail out on bad len */ -+ if (len != 1 && len != 2 && len != 4) { -+ ret = -1; -+ goto free_statement; -+ } - if (result[i] != isc_info_req_select_count) { - ret += isc_vax_integer(&result[i+3],len); - } ---- /dev/null -+++ b/ext/pdo_firebird/tests/bug_76449.data -@@ -0,0 +1 @@ -+ -\ No newline at end of file ---- /dev/null -+++ b/ext/pdo_firebird/tests/bug_76449.phpt -@@ -0,0 +1,23 @@ -+--TEST-- -+Bug #76449 (SIGSEGV in firebird_handle_doer) -+--SKIPIF-- -+<?php -+if (!extension_loaded('pdo_firebird')) die("skip pdo_firebird extension not available"); -+if (!extension_loaded('sockets')) die("skip sockets extension not available"); -+?> -+--FILE-- -+<?php -+require_once "payload_server.inc"; -+ -+$address = run_server(__DIR__ . "/bug_76449.data"); -+ -+// no need to change the credentials; we're running against a fake server -+$dsn = "firebird:dbname=inet://$address/test"; -+$username = 'SYSDBA'; -+$password = 'masterkey'; -+ -+$dbh = new PDO($dsn, $username, $password, [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]); -+var_dump($dbh->exec("INSERT INTO test VALUES ('hihi2', 'xxxxx')")); -+?> -+--EXPECT-- -+bool(false) -diff --git a/ext/pdo_firebird/firebird_driver.c b/ext/pdo_firebird/firebird_driver.c -index fb9dbaa..48e8ec6 100644 ---- a/ext/pdo_firebird/firebird_driver.c -+++ b/ext/pdo_firebird/firebird_driver.c -@@ -508,14 +508,16 @@ - } - /* }}} */ - -+#define INFO_BUF_LEN 512 -+ - /* callback to used to report database server info */ - static void firebird_info_cb(void *arg, char const *s) /* {{{ */ - { - if (arg) { - if (*(char*)arg) { /* second call */ -- strcat(arg, " "); -+ strlcat(arg, " ", INFO_BUF_LEN); - } -- strcat(arg, s); -+ strlcat(arg, s, INFO_BUF_LEN); - } - } - /* }}} */ -@@ -526,7 +528,7 @@ - pdo_firebird_db_handle *H = (pdo_firebird_db_handle *)dbh->driver_data; - - switch (attr) { -- char tmp[512]; -+ char tmp[INFO_BUF_LEN]; - - case PDO_ATTR_AUTOCOMMIT: - ZVAL_LONG(val,dbh->auto_commit); ---- /dev/null -+++ b/ext/pdo_firebird/tests/bug_76448.data -@@ -0,0 +1 @@ -+ -\ No newline at end of file ---- /dev/null -+++ b/ext/pdo_firebird/tests/bug_76448.phpt -@@ -0,0 +1,23 @@ -+--TEST-- -+Bug #76448 (Stack buffer overflow in firebird_info_cb) -+--SKIPIF-- -+<?php -+if (!extension_loaded('pdo_firebird')) die("skip podo_firebird extension not available"); -+if (!extension_loaded('sockets')) die("skip sockets extension not available"); -+?> -+--FILE-- -+<?php -+require_once "payload_server.inc"; -+ -+$address = run_server(__DIR__ . "/bug_76448.data"); -+ -+// no need to change the credentials; we're running against a falke server -+$dsn = "firebird:dbname=inet://$address/test"; -+$username = 'SYSDBA'; -+$password = 'masterkey'; -+ -+$dbh = new PDO($dsn, $username, $password, [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]); -+var_dump($dbh->getAttribute(PDO::ATTR_SERVER_INFO)); -+?> -+--EXPECT-- -+bool(false) -diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c -index 2987b64..01bdc05 100644 ---- a/ext/phar/phar_object.c -+++ b/ext/phar/phar_object.c -@@ -1440,6 +1440,7 @@ - zend_class_entry *ce = p_obj->c; - phar_archive_object *phar_obj = p_obj->p; - php_stream_statbuf ssb; -+ char ch; - - value = iter->funcs->get_current_data(iter); - -@@ -1569,7 +1570,7 @@ - base = temp; - base_len = (int)strlen(base); - -- if (strstr(fname, base)) { -+ if (fname_len >= base_len && strncmp(fname, base, base_len) == 0 && ((ch = fname[base_len - IS_SLASH(base[base_len - 1])]) == '\0' || IS_SLASH(ch))) { - str_key_len = fname_len - base_len; - - if (str_key_len <= 0) { ---- /dev/null -+++ b/ext/phar/tests/bug81211.phpt -@@ -0,0 +1,45 @@ -+--TEST-- -+Bug #81211 (Symlinks are followed when creating PHAR archive) -+--SKIPIF-- -+<?php -+if (!extension_loaded('phar')) die('skip phar extension is not available'); -+if (PHP_OS_FAMILY === 'Windows') { -+ if (false === include __DIR__ . '/../../standard/tests/file/windows_links/common.inc') { -+ die('skip windows_links/common.inc is not available'); -+ } -+ skipIfSeCreateSymbolicLinkPrivilegeIsDisabled(__FILE__); -+} -+?> -+--FILE-- -+<?php -+mkdir(__DIR__ . '/bug81211'); -+mkdir(__DIR__ . '/bug81211/foobar'); -+mkdir(__DIR__ . '/bug81211/foo'); -+ -+file_put_contents(__DIR__ . '/bug81211/foobar/file', 'this file should NOT be included in the archive!'); -+symlink(__DIR__ . '/bug81211/foobar/file', __DIR__ . '/bug81211/foo/symlink'); -+ -+$archive = new PharData(__DIR__ . '/bug81211/archive.tar'); -+try { -+ $archive->buildFromDirectory(__DIR__ . '/bug81211/foo'); -+} catch (UnexpectedValueException $ex) { -+ echo $ex->getMessage(), PHP_EOL; -+} -+try { -+ $archive->buildFromIterator(new RecursiveDirectoryIterator(__DIR__ . '/bug81211/foo', FilesystemIterator::SKIP_DOTS), __DIR__ . '/bug81211/foo'); -+} catch (UnexpectedValueException $ex) { -+ echo $ex->getMessage(), PHP_EOL; -+} -+?> -+--CLEAN-- -+<?php -+@unlink(__DIR__ . '/bug81211/archive.tar'); -+@unlink(__DIR__ . '/bug81211/foo/symlink'); -+@unlink(__DIR__ . '/bug81211/foobar/file'); -+@rmdir(__DIR__ . '/bug81211/foo'); -+@rmdir(__DIR__ . '/bug81211/foobar'); -+@rmdir(__DIR__ . '/bug81211'); -+?> -+--EXPECTF-- -+Iterator RecursiveIteratorIterator returned a path "%s%ebug81211\foobar\file" that is not in the base directory "%s%ebug81211\foo" -+Iterator RecursiveDirectoryIterator returned a path "%s%ebug81211\foobar\file" that is not in the base directory "%s%ebug81211\foo" -diff --git a/ext/standard/tests/file/windows_links/common.inc b/ext/standard/tests/file/windows_links/common.inc -index 505368b..caa3758 100644 ---- a/ext/standard/tests/file/windows_links/common.inc -+++ b/ext/standard/tests/file/windows_links/common.inc -@@ -20,4 +20,11 @@ - return "$sysroot\\System32\\mountvol.exe"; - } - --?> -+function skipIfSeCreateSymbolicLinkPrivilegeIsDisabled(string $filename) { -+ $ln = "$filename.lnk"; -+ $ret = exec("mklink $ln " . __FILE__ .' 2>&1', $out); -+ @unlink($ln); -+ if (strpos($ret, 'privilege') !== false) { -+ die('skip SeCreateSymbolicLinkPrivilege not enabled'); -+ } -+} -diff --git a/sapi/fpm/fpm/fpm_children.c b/sapi/fpm/fpm/fpm_children.c -index eed0c67..05513f0 100644 ---- a/sapi/fpm/fpm/fpm_children.c -+++ b/sapi/fpm/fpm/fpm_children.c -@@ -243,7 +243,7 @@ - - fpm_child_unlink(child); - -- fpm_scoreboard_proc_free(wp->scoreboard, child->scoreboard_i); -+ fpm_scoreboard_proc_free(child); - - fpm_clock_get(&tv1); - -@@ -253,9 +253,9 @@ - if (!fpm_pctl_can_spawn_children()) { - severity = ZLOG_DEBUG; - } -- zlog(severity, "[pool %s] child %d exited %s after %ld.%06d seconds from start", child->wp->config->name, (int) pid, buf, tv2.tv_sec, (int) tv2.tv_usec); -+ zlog(severity, "[pool %s] child %d exited %s after %ld.%06d seconds from start", wp->config->name, (int) pid, buf, tv2.tv_sec, (int) tv2.tv_usec); - } else { -- zlog(ZLOG_DEBUG, "[pool %s] child %d has been killed by the process management after %ld.%06d seconds from start", child->wp->config->name, (int) pid, tv2.tv_sec, (int) tv2.tv_usec); -+ zlog(ZLOG_DEBUG, "[pool %s] child %d has been killed by the process management after %ld.%06d seconds from start", wp->config->name, (int) pid, tv2.tv_sec, (int) tv2.tv_usec); - } - - fpm_child_close(child, 1 /* in event_loop */); -@@ -321,7 +321,7 @@ - return 0; - } - -- if (0 > fpm_scoreboard_proc_alloc(wp->scoreboard, &c->scoreboard_i)) { -+ if (0 > fpm_scoreboard_proc_alloc(c)) { - fpm_stdio_discard_pipes(c); - fpm_child_free(c); - return 0; -@@ -333,7 +333,7 @@ - - static void fpm_resources_discard(struct fpm_child_s *child) /* {{{ */ - { -- fpm_scoreboard_proc_free(child->wp->scoreboard, child->scoreboard_i); -+ fpm_scoreboard_proc_free(child); - fpm_stdio_discard_pipes(child); - fpm_child_free(child); - } -@@ -346,10 +346,10 @@ - if (wp == child->wp) { - continue; - } -- fpm_scoreboard_free(wp->scoreboard); -+ fpm_scoreboard_free(wp); - } - -- fpm_scoreboard_child_use(child->wp->scoreboard, child->scoreboard_i, getpid()); -+ fpm_scoreboard_child_use(child, getpid()); - fpm_stdio_child_use_pipes(child); - fpm_child_free(child); - } -diff --git a/sapi/fpm/fpm/fpm_request.c b/sapi/fpm/fpm/fpm_request.c -index a4ace85..deaccf4 100644 ---- a/sapi/fpm/fpm/fpm_request.c -+++ b/sapi/fpm/fpm/fpm_request.c -@@ -286,7 +286,7 @@ - struct fpm_scoreboard_proc_s *proc; - - /* no need in atomicity here */ -- proc = fpm_scoreboard_proc_get(child->wp->scoreboard, child->scoreboard_i); -+ proc = fpm_scoreboard_proc_get_from_child(child); - if (!proc) { - return 0; - } -@@ -301,7 +301,7 @@ - - if (!tv) return -1; - -- proc = fpm_scoreboard_proc_get(child->wp->scoreboard, child->scoreboard_i); -+ proc = fpm_scoreboard_proc_get_from_child(child); - if (!proc) { - return -1; - } -diff --git a/sapi/fpm/fpm/fpm_scoreboard.c b/sapi/fpm/fpm/fpm_scoreboard.c -index 7a65fcb..091efdc 100644 ---- a/sapi/fpm/fpm/fpm_scoreboard.c -+++ b/sapi/fpm/fpm/fpm_scoreboard.c -@@ -7,6 +7,7 @@ - #include <time.h> - - #include "fpm_config.h" -+#include "fpm_children.h" - #include "fpm_scoreboard.h" - #include "fpm_shm.h" - #include "fpm_sockets.h" -@@ -24,7 +25,6 @@ - int fpm_scoreboard_init_main() /* {{{ */ - { - struct fpm_worker_pool_s *wp; -- unsigned int i; - - #ifdef HAVE_TIMES - #if (defined(HAVE_SYSCONF) && defined(_SC_CLK_TCK)) -@@ -41,7 +41,7 @@ - - - for (wp = fpm_worker_all_pools; wp; wp = wp->next) { -- size_t scoreboard_size, scoreboard_nprocs_size; -+ size_t scoreboard_procs_size; - void *shm_mem; - - if (wp->config->pm_max_children < 1) { -@@ -54,22 +54,15 @@ - return -1; - } - -- scoreboard_size = sizeof(struct fpm_scoreboard_s) + (wp->config->pm_max_children) * sizeof(struct fpm_scoreboard_proc_s *); -- scoreboard_nprocs_size = sizeof(struct fpm_scoreboard_proc_s) * wp->config->pm_max_children; -- shm_mem = fpm_shm_alloc(scoreboard_size + scoreboard_nprocs_size); -+ scoreboard_procs_size = sizeof(struct fpm_scoreboard_proc_s) * wp->config->pm_max_children; -+ shm_mem = fpm_shm_alloc(sizeof(struct fpm_scoreboard_s) + scoreboard_procs_size); - - if (!shm_mem) { - return -1; - } -- wp->scoreboard = shm_mem; -+ wp->scoreboard = shm_mem; -+ wp->scoreboard->pm = wp->config->pm; - wp->scoreboard->nprocs = wp->config->pm_max_children; -- shm_mem += scoreboard_size; -- -- for (i = 0; i < wp->scoreboard->nprocs; i++, shm_mem += sizeof(struct fpm_scoreboard_proc_s)) { -- wp->scoreboard->procs[i] = shm_mem; -- } -- -- wp->scoreboard->pm = wp->config->pm; - wp->scoreboard->start_epoch = time(NULL); - strlcpy(wp->scoreboard->pool, wp->config->name, sizeof(wp->scoreboard->pool)); - } -@@ -163,28 +156,48 @@ - } - /* }}} */ - --struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get(struct fpm_scoreboard_s *scoreboard, int child_index) /* {{{*/ -+static inline struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get_ex( -+ struct fpm_scoreboard_s *scoreboard, int child_index, unsigned int nprocs) /* {{{*/ - { - if (!scoreboard) { -- scoreboard = fpm_scoreboard; -+ return NULL; - } - -- if (!scoreboard) { -+ if (child_index < 0 || (unsigned int)child_index >= nprocs) { - return NULL; - } - -+ return &scoreboard->procs[child_index]; -+} -+/* }}} */ -+ -+struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get( -+ struct fpm_scoreboard_s *scoreboard, int child_index) /* {{{*/ -+{ -+ if (!scoreboard) { -+ scoreboard = fpm_scoreboard; -+ } -+ - if (child_index < 0) { - child_index = fpm_scoreboard_i; - } - -- if (child_index < 0 || (unsigned int)child_index >= scoreboard->nprocs) { -- return NULL; -- } -+ return fpm_scoreboard_proc_get_ex(scoreboard, child_index, scoreboard->nprocs); -+} -+/* }}} */ - -- return scoreboard->procs[child_index]; -+struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get_from_child(struct fpm_child_s *child) /* {{{*/ -+{ -+ struct fpm_worker_pool_s *wp = child->wp; -+ unsigned int nprocs = wp->config->pm_max_children; -+ struct fpm_scoreboard_s *scoreboard = wp->scoreboard; -+ int child_index = child->scoreboard_i; -+ -+ return fpm_scoreboard_proc_get_ex(scoreboard, child_index, nprocs); - } - /* }}} */ - -+ - struct fpm_scoreboard_s *fpm_scoreboard_acquire(struct fpm_scoreboard_s *scoreboard, int nohang) /* {{{ */ - { - struct fpm_scoreboard_s *s; -@@ -235,28 +248,28 @@ - proc->lock = 0; - } - --void fpm_scoreboard_free(struct fpm_scoreboard_s *scoreboard) /* {{{ */ -+void fpm_scoreboard_free(struct fpm_worker_pool_s *wp) /* {{{ */ - { -- size_t scoreboard_size, scoreboard_nprocs_size; -+ size_t scoreboard_procs_size; -+ struct fpm_scoreboard_s *scoreboard = wp->scoreboard; - - if (!scoreboard) { - zlog(ZLOG_ERROR, "**scoreboard is NULL"); - return; - } - -- scoreboard_size = sizeof(struct fpm_scoreboard_s) + (scoreboard->nprocs) * sizeof(struct fpm_scoreboard_proc_s *); -- scoreboard_nprocs_size = sizeof(struct fpm_scoreboard_proc_s) * scoreboard->nprocs; -+ scoreboard_procs_size = sizeof(struct fpm_scoreboard_proc_s) * wp->config->pm_max_children; - -- fpm_shm_free(scoreboard, scoreboard_size + scoreboard_nprocs_size); -+ fpm_shm_free(scoreboard, sizeof(struct fpm_scoreboard_s) + scoreboard_procs_size); - } - /* }}} */ - --void fpm_scoreboard_child_use(struct fpm_scoreboard_s *scoreboard, int child_index, pid_t pid) /* {{{ */ -+void fpm_scoreboard_child_use(struct fpm_child_s *child, pid_t pid) /* {{{ */ - { - struct fpm_scoreboard_proc_s *proc; -- fpm_scoreboard = scoreboard; -- fpm_scoreboard_i = child_index; -- proc = fpm_scoreboard_proc_get(scoreboard, child_index); -+ fpm_scoreboard = child->wp->scoreboard; -+ fpm_scoreboard_i = child->scoreboard_i; -+ proc = fpm_scoreboard_proc_get_from_child(child); - if (!proc) { - return; - } -@@ -265,18 +278,22 @@ - } - /* }}} */ - --void fpm_scoreboard_proc_free(struct fpm_scoreboard_s *scoreboard, int child_index) /* {{{ */ -+void fpm_scoreboard_proc_free(struct fpm_child_s *child) /* {{{ */ - { -+ struct fpm_worker_pool_s *wp = child->wp; -+ struct fpm_scoreboard_s *scoreboard = wp->scoreboard; -+ int child_index = child->scoreboard_i; -+ - if (!scoreboard) { - return; - } - -- if (child_index < 0 || (unsigned int)child_index >= scoreboard->nprocs) { -+ if (child_index < 0 || child_index >= wp->config->pm_max_children) { - return; - } - -- if (scoreboard->procs[child_index] && scoreboard->procs[child_index]->used > 0) { -- memset(scoreboard->procs[child_index], 0, sizeof(struct fpm_scoreboard_proc_s)); -+ if (scoreboard->procs[child_index].used > 0) { -+ memset(&scoreboard->procs[child_index], 0, sizeof(struct fpm_scoreboard_proc_s)); - } - - /* set this slot as free to avoid search on next alloc */ -@@ -284,41 +301,44 @@ - } - /* }}} */ - --int fpm_scoreboard_proc_alloc(struct fpm_scoreboard_s *scoreboard, int *child_index) /* {{{ */ -+int fpm_scoreboard_proc_alloc(struct fpm_child_s *child) /* {{{ */ - { - int i = -1; -+ struct fpm_worker_pool_s *wp = child->wp; -+ struct fpm_scoreboard_s *scoreboard = wp->scoreboard; -+ int nprocs = wp->config->pm_max_children; - -- if (!scoreboard || !child_index) { -+ if (!scoreboard) { - return -1; - } - - /* first try the slot which is supposed to be free */ -- if (scoreboard->free_proc >= 0 && (unsigned int)scoreboard->free_proc < scoreboard->nprocs) { -- if (scoreboard->procs[scoreboard->free_proc] && !scoreboard->procs[scoreboard->free_proc]->used) { -+ if (scoreboard->free_proc >= 0 && scoreboard->free_proc < nprocs) { -+ if (!scoreboard->procs[scoreboard->free_proc].used) { - i = scoreboard->free_proc; - } - } - - if (i < 0) { /* the supposed free slot is not, let's search for a free slot */ - zlog(ZLOG_DEBUG, "[pool %s] the proc->free_slot was not free. Let's search", scoreboard->pool); -- for (i = 0; i < (int)scoreboard->nprocs; i++) { -- if (scoreboard->procs[i] && !scoreboard->procs[i]->used) { /* found */ -+ for (i = 0; i < nprocs; i++) { -+ if (!scoreboard->procs[i].used) { /* found */ - break; - } - } - } - - /* no free slot */ -- if (i < 0 || i >= (int)scoreboard->nprocs) { -+ if (i < 0 || i >= nprocs) { - zlog(ZLOG_ERROR, "[pool %s] no free scoreboard slot", scoreboard->pool); - return -1; - } - -- scoreboard->procs[i]->used = 1; -- *child_index = i; -+ scoreboard->procs[i].used = 1; -+ child->scoreboard_i = i; - - /* supposed next slot is free */ -- if (i + 1 >= (int)scoreboard->nprocs) { -+ if (i + 1 >= nprocs) { - scoreboard->free_proc = 0; - } else { - scoreboard->free_proc = i + 1; -diff --git a/sapi/fpm/fpm/fpm_scoreboard.h b/sapi/fpm/fpm/fpm_scoreboard.h -index abce616..6405abb 100644 ---- a/sapi/fpm/fpm/fpm_scoreboard.h -+++ b/sapi/fpm/fpm/fpm_scoreboard.h -@@ -64,7 +64,7 @@ - unsigned int nprocs; - int free_proc; - unsigned long int slow_rq; -- struct fpm_scoreboard_proc_s *procs[]; -+ struct fpm_scoreboard_proc_s procs[]; - }; - - int fpm_scoreboard_init_main(); -@@ -73,18 +73,19 @@ - void fpm_scoreboard_update(int idle, int active, int lq, int lq_len, int requests, int max_children_reached, int slow_rq, int action, struct fpm_scoreboard_s *scoreboard); - struct fpm_scoreboard_s *fpm_scoreboard_get(); - struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get(struct fpm_scoreboard_s *scoreboard, int child_index); -+struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get_from_child(struct fpm_child_s *child); - - struct fpm_scoreboard_s *fpm_scoreboard_acquire(struct fpm_scoreboard_s *scoreboard, int nohang); - void fpm_scoreboard_release(struct fpm_scoreboard_s *scoreboard); - struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_acquire(struct fpm_scoreboard_s *scoreboard, int child_index, int nohang); - void fpm_scoreboard_proc_release(struct fpm_scoreboard_proc_s *proc); - --void fpm_scoreboard_free(struct fpm_scoreboard_s *scoreboard); -+void fpm_scoreboard_free(struct fpm_worker_pool_s *wp); - --void fpm_scoreboard_child_use(struct fpm_scoreboard_s *scoreboard, int child_index, pid_t pid); -+void fpm_scoreboard_child_use(struct fpm_child_s *child, pid_t pid); - --void fpm_scoreboard_proc_free(struct fpm_scoreboard_s *scoreboard, int child_index); --int fpm_scoreboard_proc_alloc(struct fpm_scoreboard_s *scoreboard, int *child_index); -+void fpm_scoreboard_proc_free(struct fpm_child_s *child); -+int fpm_scoreboard_proc_alloc(struct fpm_child_s *child); - - #ifdef HAVE_TIMES - float fpm_scoreboard_get_tick(); -diff --git a/sapi/fpm/fpm/fpm_status.c b/sapi/fpm/fpm/fpm_status.c -index 1d78ebf..45852a5 100644 ---- a/sapi/fpm/fpm/fpm_status.c -+++ b/sapi/fpm/fpm/fpm_status.c -@@ -402,10 +402,10 @@ - - first = 1; - for (i=0; i<scoreboard_p->nprocs; i++) { -- if (!scoreboard_p->procs[i] || !scoreboard_p->procs[i]->used) { -+ if (!scoreboard_p->procs[i].used) { - continue; - } -- proc = *scoreboard_p->procs[i]; -+ proc = scoreboard_p->procs[i]; - - if (first) { - first = 0; -diff --git a/sapi/fpm/fpm/fpm_worker_pool.c b/sapi/fpm/fpm/fpm_worker_pool.c -index 90e1559..96b7ca5 100644 ---- a/sapi/fpm/fpm/fpm_worker_pool.c -+++ b/sapi/fpm/fpm/fpm_worker_pool.c -@@ -43,7 +43,7 @@ - fpm_worker_pool_config_free(wp->config); - fpm_children_free(wp->children); - if ((which & FPM_CLEANUP_CHILD) == 0 && fpm_globals.parent_pid == getpid()) { -- fpm_scoreboard_free(wp->scoreboard); -+ fpm_scoreboard_free(wp); - } - fpm_worker_pool_free(wp); - } -diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c -index af1d8db..c467a81 100644 ---- a/ext/zip/php_zip.c -+++ b/ext/zip/php_zip.c -@@ -106,8 +106,8 @@ - return NULL; - } - -- if (IS_SLASH(path[0])) { -- return path + 1; -+ if (IS_ABSOLUTE_PATH(path, path_len)) { -+ return path + COPY_WHEN_ABSOLUTE(path) + 1; - } - - i = path_len; ---- /dev/null -+++ b/ext/zip/tests/bug81420.phpt -@@ -0,0 +1,24 @@ -+--TEST-- -+Bug #81420 (ZipArchive::extractTo extracts outside of destination) -+--SKIPIF-- -+<?php -+if (!extension_loaded("zip")) die("skip zip extension not available"); -+?> -+--FILE-- -+<?php -+$zip = new ZipArchive(); -+$zip->open(__DIR__ . "/bug81420.zip"); -+$destination = __DIR__ . "/bug81420"; -+mkdir($destination); -+$zip->extractTo($destination); -+var_dump(file_exists("$destination/nt1/zzr_noharm.php")); -+?> -+--CLEAN-- -+<?php -+$destination = __DIR__ . "/bug81420"; -+@unlink("$destination/nt1/zzr_noharm.php"); -+@rmdir("$destination/nt1"); -+@rmdir($destination); -+?> -+--EXPECT-- -+bool(true) ---- /dev/null -+++ b/ext/zip/tests/bug81420.zip -@@ -0,0 +1,2 @@ -+PK -+ -\ No newline at end of file -diff --git a/ext/dom/domimplementation.c b/ext/dom/domimplementation.c -index 28e35eb..f4d1358 100644 ---- a/ext/dom/domimplementation.c -+++ b/ext/dom/domimplementation.c -@@ -114,6 +114,11 @@ - pch2 = (xmlChar *) systemid; - } - -+ if (strstr(name, "%00")) { -+ php_error_docref(NULL, E_WARNING, "URI must not contain percent-encoded NUL bytes"); -+ RETURN_FALSE; -+ } -+ - uri = xmlParseURI(name); - if (uri != NULL && uri->opaque != NULL) { - localname = xmlStrdup((xmlChar *) uri->opaque); ---- /dev/null -+++ b/ext/dom/tests/bug79971_2.phpt -@@ -0,0 +1,20 @@ -+--TEST-- -+Bug #79971 (special character is breaking the path in xml function) -+--SKIPIF-- -+<?php -+if (!extension_loaded('dom')) die('skip dom extension not available'); -+?> -+--FILE-- -+<?php -+$imp = new DOMImplementation; -+if (PHP_OS_FAMILY === 'Windows') { -+ $path = '/' . str_replace('\\', '/', __DIR__); -+} else { -+ $path = __DIR__; -+} -+$uri = "file://$path/bug79971_2.xml"; -+var_dump($imp->createDocumentType("$uri%00foo")); -+?> -+--EXPECTF-- -+Warning: DOMImplementation::createDocumentType(): URI must not contain percent-encoded NUL bytes in %s on line %d -+bool(false) -diff --git a/ext/libxml/libxml.c b/ext/libxml/libxml.c -index c871cb8..da553d6 100644 ---- a/ext/libxml/libxml.c -+++ b/ext/libxml/libxml.c -@@ -308,6 +308,10 @@ - int isescaped=0; - xmlURI *uri; - -+ if (strstr(filename, "%00")) { -+ php_error_docref(NULL, E_WARNING, "URI must not contain percent-encoded NUL bytes"); -+ return NULL; -+ } - - uri = xmlParseURI(filename); - if (uri && (uri->scheme == NULL || -@@ -438,6 +442,11 @@ - if (URI == NULL) - return(NULL); - -+ if (strstr(URI, "%00")) { -+ php_error_docref(NULL, E_WARNING, "URI must not contain percent-encoded NUL bytes"); -+ return NULL; -+ } -+ - puri = xmlParseURI(URI); - if (puri != NULL) { - if (puri->scheme != NULL) ---- /dev/null -+++ b/ext/simplexml/tests/bug79971_1.phpt -@@ -0,0 +1,27 @@ -+--TEST-- -+Bug #79971 (special character is breaking the path in xml function) -+--SKIPIF-- -+<?php -+if (!extension_loaded('simplexml')) die('skip simplexml extension not available'); -+?> -+--FILE-- -+<?php -+if (PHP_OS_FAMILY === 'Windows') { -+ $path = '/' . str_replace('\\', '/', __DIR__); -+} else { -+ $path = __DIR__; -+} -+$uri = "file://$path/bug79971_1.xml"; -+var_dump(simplexml_load_file("$uri%00foo")); -+ -+$sxe = simplexml_load_file($uri); -+var_dump($sxe->asXML("$uri.out%00foo")); -+?> -+--EXPECTF-- -+Warning: simplexml_load_file(): URI must not contain percent-encoded NUL bytes in %s on line %d -+ -+Warning: simplexml_load_file(): I/O warning : failed to load external entity "%s/bug79971_1.xml%00foo" in %s on line %d -+bool(false) -+ -+Warning: SimpleXMLElement::asXML(): URI must not contain percent-encoded NUL bytes in %s on line %d -+bool(false) ---- /dev/null -+++ b/ext/simplexml/tests/bug79971_1.xml -@@ -0,0 +1,2 @@ -+<?xml version="1.0"?> -+<root></root> |