Merge pull request #1 from php/master

Pull from upstream

Author: johannac

.gitmodules

@@ -1,3 +1,3 @@
 [submodule "distributions"]
 	path = distributions
-	url = https://git.php.net/repository/web/php-distributions.git
+	url = git@git.php.net:/web/php-distributions.git

ChangeLog-5.php

@@ -7,6 +7,103 @@
 ?>
 
 <h1>PHP 5 ChangeLog</h1>
+<section class="version" id="5.6.26"><!-- {{{ 5.6.26 -->
+<h3>Version 5.6.26</h3>
+<b><?php release_date('15-Sep-2016'); ?></b>
+<ul><li>Core:
+<ul>
+  <li><?php bugfix(72907); ?> (null pointer deref, segfault in gc_remove_zval_from_buffer (zend_gc.c:260)).</li>
+</ul></li>
+<li>Dba:
+<ul>
+  <li><?php bugfix(71514); ?> (Bad dba_replace condition because of wrong API usage).</li>
+  <li><?php bugfix(70825); ?> (Cannot fetch multiple values with group in ini file).</li>
+</ul></li>
+<li>EXIF:
+<ul>
+  <li><?php bugfix(72926); ?> (Uninitialized Thumbail Data Leads To Memory Leakage in exif_process_IFD_in_TIFF).</li>
+</ul></li>
+<li>FTP:
+<ul>
+  <li><?php bugfix(70195); ?> (Cannot upload file using ftp_put to FTPES with require_ssl_reuse).</li>
+</ul></li>
+<li>GD:
+<ul>
+  <li><?php bugfix(66005); ?> (imagecopy does not support 1bit transparency on truecolor images).</li>
+  <li><?php bugfix(72913); ?> (imagecopy() loses single-color transparency on palette images).</li>
+  <li><?php bugfix(68716); ?> (possible resource leaks in _php_image_convert()).</li>
+</ul></li>
+<li>Intl:
+<ul>
+  <li><?php bugfix(73007); ?> (add locale length check). (CVE-2016-7416)</li>
+</ul></li>
+<li>JSON:
+<ul>
+  <li><?php bugfix(72787); ?> (json_decode reads out of bounds).</li>
+</ul></li>
+<li>mbstring:
+<ul>
+  <li><?php bugfix(66797); ?> (mb_substr only takes 32-bit signed integer).</li>
+  <li><?php bugfix(72910); ?> (Out of bounds heap read in mbc_to_code() / triggered by mb_ereg_match()).</li>
+</ul></li>
+<li>MSSQL:
+<ul>
+  <li><?php bugfix(72039); ?> (Use of uninitialised value on mssql_guid_string).</li>
+</ul></li>
+<li>Mysqlnd:
+<ul>
+  <li><?php bugfix(72293); ?> (Heap overflow in mysqlnd related to BIT fields). (CVE-2016-7412)</li>
+</ul></li>
+<li>PDO:
+<ul>
+  <li><?php bugfix(60665); ?> (call to empty() on NULL result using PDO::FETCH_LAZY returns false).</li>
+</ul></li>
+<li>PDO_pgsql:
+<ul>
+  <li>Implemented FR <?php bugl(72633); ?> (Postgres PDO lastInsertId() should work without specifying a sequence).</li>
+  <li><?php bugfix(72759); ?> (Regression in pgo_pgsql).</li>
+</ul></li>
+<li>Phar:
+<ul>
+  <li><?php bugfix(72928); ?> (Out of bound when verify signature of zip phar in phar_parse_zipfile). (CVE-2016-7414)</li>
+  <li><?php bugfix(73035); ?> (Out of bound when verify signature of tar phar in phar_parse_tarfile).</li>
+</ul></li>
+<li>SPL:
+<ul>
+  <li><?php bugfix(73029); ?> (Missing type check when unserializing SplArray). (CVE-2016-7417)</li>
+</ul></li>
+<li>Standard:
+<ul>
+  <li><?php bugfix(72823); ?> (strtr out-of-bound access).</li>
+  <li><?php bugfix(72278); ?> (getimagesize returning FALSE on valid jpg).</li>
+  <li><?php bugfix(65550); ?> (get_browser() incorrectly parses entries with "+" sign).</li>
+  <li><?php bugfix(71882); ?> (Negative ftruncate() on php://memory exhausts memory).</li>
+  <li><?php bugfix(73011); ?> (integer overflow in fgets cause heap corruption).</li>
+  <li><?php bugfix(73017); ?> (memory corruption in wordwrap function).</li>
+  <li><?php bugfix(73045); ?> (integer overflow in fgetcsv caused heap corruption).</li>
+  <li><?php bugfix(73052); ?> (Memory Corruption in During Deserialized-object Destruction). (CVE-2016-7411)</li>
+</ul></li>
+<li>Streams:
+<ul>
+  <li><?php bugfix(72853); ?> (stream_set_blocking doesn't work).</li>
+</ul></li>
+<li>Wddx:
+<ul>
+  <li><?php bugfix(72860); ?> (wddx_deserialize use-after-free). (CVE-2016-7413)</li>
+  <li><?php bugfix(73065); ?> (Out-Of-Bounds Read in php_wddx_push_element). (CVE-2016-7418)</li>
+</ul></li>
+<li>XML:
+<ul>
+  <li><?php bugfix(72085); ?> (SEGV on unknown address zif_xml_parse).</li>
+  <li><?php bugfix(72927); ?> (integer overflow in xml_utf8_encode).</li>
+</ul></li>
+<li>ZIP:
+<ul>
+  <li><?php bugfix(68302); ?> (impossible to compile php with zip support).</li>
+</ul></li>
+</ul>
+<!-- }}} --></section>
+
 <section class="version" id="5.6.25"><!-- {{{ 5.6.25 -->
 <h3>Version 5.6.25</h3>
 <b><?php release_date('18-Aug-2016'); ?></b>
@@ -17,8 +114,8 @@
   <li><?php bugfix(72581); ?> (previous property undefined in Exception after deserialization).</li>
   <li>Implemented FR <?php bugl(72614); ?> (Support "nmake test" on building extensions by phpize).</li>
   <li><?php bugfix(72641); ?> (phpize (on Windows) ignores PHP_PREFIX).</li>
-  <li><?php bugfix(72663); ?> (Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization).</li>
-  <li><?php bugfix(72681); ?> (PHP Session Data Injection Vulnerability).</li>
+  <li><?php bugfix(72663); ?> (Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization). (CVE-2016-7124)</li>
+  <li><?php bugfix(72681); ?> (PHP Session Data Injection Vulnerability). (CVE-2016-7125)</li>
 </ul></li>
 <li>Bz2:
 <ul>
@@ -45,7 +142,7 @@
 </ul></li>
 <li>EXIF:
 <ul>
-  <li><?php bugfix(72627); ?> (Memory Leakage In exif_process_IFD_in_TIFF).</li>
+  <li><?php bugfix(72627); ?> (Memory Leakage In exif_process_IFD_in_TIFF). (CVE-2016-7128)</li>
   <li><?php bugfix(72735); ?> (Samsung picture thumb not read (zero size)).</li>
 </ul></li>
 <li>Filter:
@@ -64,9 +161,9 @@
   <li><?php bugfix(70315); ?> (500 Server Error but page is fully rendered).</li>
   <li><?php bugfix(72596); ?> (imagetypes function won't advertise WEBP support).</li>
   <li><?php bugfix(72604); ?> (imagearc() ignores thickness for full arcs).</li>
-  <li><?php bugfix(72697); ?> (select_colors write out-of-bounds).</li>
+  <li><?php bugfix(72697); ?> (select_colors write out-of-bounds). (CVE-2016-7126)</li>
   <li><?php bugfix(72709); ?> (imagesetstyle() causes OOB read for empty $styles).</li>
-  <li><?php bugfix(72730); ?> (imagegammacorrect allows arbitrary write access).</li>
+  <li><?php bugfix(72730); ?> (imagegammacorrect allows arbitrary write access). (CVE-2016-7127)</li>
 </ul></li>
 <li>Intl:
 <ul>
@@ -125,10 +222,10 @@
 <li>Wddx:
 <ul>
   <li><?php bugfix(72142); ?> (WDDX Packet Injection Vulnerability in wddx_serialize_value()).</li>
-  <li><?php bugfix(72749); ?> (wddx_deserialize allows illegal memory access) (Stas)</li>
-  <li><?php bugfix(72750); ?> (wddx_deserialize null dereference).</li>
-  <li><?php bugfix(72790); ?> (wddx_deserialize null dereference with invalid xml).</li>
-  <li><?php bugfix(72799); ?> (wddx_deserialize null dereference in php_wddx_pop_element).</li>
+  <li><?php bugfix(72749); ?> (wddx_deserialize allows illegal memory access). (CVE-2016-7129)</li>
+  <li><?php bugfix(72750); ?> (wddx_deserialize null dereference). (CVE-2016-7130)</li>
+  <li><?php bugfix(72790); ?> (wddx_deserialize null dereference with invalid xml). (CVE-2016-7131)</li>
+  <li><?php bugfix(72799); ?> (wddx_deserialize null dereference in php_wddx_pop_element). (CVE-2016-7132)</li>
 </ul></li>
 </ul>
 <!-- }}} --></section>

ChangeLog-7.php

@@ -50,11 +50,11 @@
 <li>Intl:
 <ul>
   <li><?php bugfix(65732); ?> (grapheme_*() is not Unicode compliant on CR LF sequence).</li>
-  <li><?php bugfix(73007); ?> (add locale length check).</li>
+  <li><?php bugfix(73007); ?> (add locale length check). (CVE-2016-7416)</li>
 </ul></li>
 <li>Mysqlnd:
 <ul>
-  <li><?php bugfix(72293); ?> (Heap overflow in mysqlnd related to BIT fields).</li>
+  <li><?php bugfix(72293); ?> (Heap overflow in mysqlnd related to BIT fields). (CVE-2016-7412)</li>
 </ul></li>
 <li>OCI8:
 <ul>
@@ -82,7 +82,7 @@
 </ul></li>
 <li>Phar:
 <ul>
-  <li><?php bugfix(72928); ?> (Out of bound when verify signature of zip phar in phar_parse_zipfile).</li>
+  <li><?php bugfix(72928); ?> (Out of bound when verify signature of zip phar in phar_parse_zipfile). (CVE-2016-7414)</li>
   <li><?php bugfix(73035); ?> (Out of bound when verify signature of tar phar in phar_parse_tarfile).</li>
 </ul></li>
 <li>Reflection:
@@ -101,7 +101,7 @@
 </ul></li>
 <li>SPL:
 <ul>
-  <li><?php bugfix(73029); ?> (Missing type check when unserializing SplArray).</li>
+  <li><?php bugfix(73029); ?> (Missing type check when unserializing SplArray). (CVE-2016-7417)</li>
 </ul></li>
 <li>Standard:
 <ul>
@@ -123,16 +123,16 @@
 <ul>
   <li><?php bugfix(72858); ?> (shm_attach null dereference).</li>
 </ul></li>
+<li>Wddx:
+<ul>
+  <li><?php bugfix(72860); ?> (wddx_deserialize use-after-free). (CVE-2016-7413)</li>
+  <li><?php bugfix(73065); ?> (Out-Of-Bounds Read in php_wddx_push_element). (CVE-2016-7418)</li>
+</ul></li>
 <li>XML:
 <ul>
   <li><?php bugfix(72085); ?> (SEGV on unknown address zif_xml_parse).</li>
   <li><?php bugfix(72714); ?> (_xml_startElementHandler() segmentation fault).</li>
 </ul></li>
-<li>Wddx:
-<ul>
-  <li><?php bugfix(72860); ?> (wddx_deserialize use-after-free).</li>
-  <li><?php bugfix(73065); ?> (Out-Of-Bounds Read in php_wddx_push_element).</li>
-</ul></li>
 <li>ZIP:
 <ul>
   <li><?php bugfix(68302); ?> (impossible to compile php with zip support).</li>
@@ -155,10 +155,10 @@
   <li>Implemented FR <?php bugl(72614); ?> (Support "nmake test" on building extensions by phpize).</li>
   <li><?php bugfix(72641); ?> (phpize (on Windows) ignores PHP_PREFIX).</li>
   <li>Fixed potential segfault in object storage freeing in shutdown sequence.</li>
-  <li><?php bugfix(72663); ?> (Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization).</li>
-  <li><?php bugfix(72681); ?> (PHP Session Data Injection Vulnerability).</li>
+  <li><?php bugfix(72663); ?> (Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization). (CVE-2016-7124)</li>
+  <li><?php bugfix(72681); ?> (PHP Session Data Injection Vulnerability). (CVE-2016-7125)</li>
   <li><?php bugfix(72683); ?> (getmxrr broken).</li>
-  <li><?php bugfix(72742); ?> (memory allocator fails to realloc small block to large one).</li>
+  <li><?php bugfix(72742); ?> (memory allocator fails to realloc small block to large one). (CVE-2016-7133)</li>
 </ul></li>
 <li>Bz2:
 <ul>
@@ -177,7 +177,7 @@
 <ul>
   <li><?php bugfix(71709); ?> (curl_setopt segfault with empty CURLOPT_HTTPHEADER).</li>
   <li><?php bugfix(71929); ?> (CURLINFO_CERTINFO data parsing error).</li>
-  <li><?php bugfix(72674); ?> (Heap overflow in curl_escape).</li>
+  <li><?php bugfix(72674); ?> (Heap overflow in curl_escape). (CVE-2016-7134)</li>
 </ul></li>
 <li>DOM:
 <ul>
@@ -186,7 +186,7 @@
 <li>EXIF:
 <ul>
   <li><?php bugfix(72735); ?> (Samsung picture thumb not read (zero size)).</li>
-  <li><?php bugfix(72627); ?> (Memory Leakage In exif_process_IFD_in_TIFF).</li>
+  <li><?php bugfix(72627); ?> (Memory Leakage In exif_process_IFD_in_TIFF). (CVE-2016-7128)</li>
 </ul></li>
 <li>Filter:
 <ul>
@@ -204,8 +204,8 @@
   <li><?php bugfix(43828); ?> (broken transparency of imagearc for truecolor in blendingmode).</li>
   <li><?php bugfix(66555); ?> (Always false condition in ext/gd/libgd/gdkanji.c).</li>
   <li><?php bugfix(68712); ?> (suspicious if-else statements).</li>
-  <li><?php bugfix(72697); ?> (select_colors write out-of-bounds).</li>
-  <li><?php bugfix(72730); ?> (imagegammacorrect allows arbitrary write access).</li>
+  <li><?php bugfix(72697); ?> (select_colors write out-of-bounds). (CVE-2016-7126)</li>
+  <li><?php bugfix(72730); ?> (imagegammacorrect allows arbitrary write access). (CVE-2016-7127)</li>
 </ul></li>
 <li>Intl:
 <ul>
@@ -283,10 +283,10 @@
 <ul>
   <li><?php bugfix(72564); ?> (boolean always deserialized as "true").</li>
   <li><?php bugfix(72142); ?> (WDDX Packet Injection Vulnerability in wddx_serialize_value()).</li>
-  <li><?php bugfix(72749); ?> (wddx_deserialize allows illegal memory access) (Stas)</li>
-  <li><?php bugfix(72750); ?> (wddx_deserialize null dereference).</li>
-  <li><?php bugfix(72790); ?> (wddx_deserialize null dereference with invalid xml).</li>
-  <li><?php bugfix(72799); ?> (wddx_deserialize null dereference in php_wddx_pop_element).</li>
+  <li><?php bugfix(72749); ?> (wddx_deserialize allows illegal memory access). (CVE-2016-7129)</li>
+  <li><?php bugfix(72750); ?> (wddx_deserialize null dereference). (CVE-2016-7130)</li>
+  <li><?php bugfix(72790); ?> (wddx_deserialize null dereference with invalid xml). (CVE-2016-7131)</li>
+  <li><?php bugfix(72799); ?> (wddx_deserialize null dereference in php_wddx_pop_element). (CVE-2016-7132)</li>
 </ul></li>
 <li>Zip:
 <ul>

archive/archive.xml

@@ -9,6 +9,8 @@
     <uri>http://php.net/contact</uri>
     <email>[email protected]</email>
   </author>
+  <xi:include href="entries/2016-09-16-2.xml"/>
+  <xi:include href="entries/2016-09-16-1.xml"/>
   <xi:include href="entries/2016-09-15-1.xml"/>
   <xi:include href="entries/2016-09-09-1.xml"/>
   <xi:include href="entries/2016-09-06-1.xml"/>

archive/entries/2016-09-16-1.xml

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<entry xmlns="http://www.w3.org/2005/Atom">
+  <title>PHP 5.6.26 is released</title>
+  <id>http://php.net/archive/2016.php#id2016-09-16-1</id>
+  <published>2016-09-16T06:39:08+00:00</published>
+  <updated>2016-09-16T06:39:08+00:00</updated>
+  <category term="frontpage" label="PHP.net frontpage news"/>
+  <category term="releases" label="New PHP release"/>
+  <link href="http://php.net/index.php#id2016-09-16-1" rel="alternate" type="text/html"/>
+  <link href="http://php.net/archive/2016.php#id2016-09-16-1" rel="via" type="text/html"/>
+  <content type="xhtml">
+    <div xmlns="http://www.w3.org/1999/xhtml">
+     <p>The PHP development team announces the immediate availability of PHP
+     5.6.26. This is a security release. Several security bugs were fixed in
+     this release.
+
+     All PHP 5.6 users are encouraged to upgrade to this version.</p>
+
+     <p>For source downloads of PHP 5.6.26 please visit our <a href="http://www.php.net/downloads.php">downloads page</a>,
+     Windows source and binaries can be found on <a href="http://windows.php.net/download/">windows.php.net/download/</a>.
+     The list of changes is recorded in the <a href="http://www.php.net/ChangeLog-5.php#5.6.26">ChangeLog</a>.
+     </p>
+    </div>
+  </content>
+</entry>

archive/entries/2016-09-16-2.xml

@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="utf-8"?>
+<entry xmlns="http://www.w3.org/2005/Atom">
+  <title>PHP 7.1.0 Release Candidate 2 Released</title>
+  <id>http://php.net/archive/2016.php#id2016-09-16-2</id>
+  <published>2016-09-16T23:33:30+00:00</published>
+  <updated>2016-09-16T23:33:30+00:00</updated>
+  <category term="frontpage" label="PHP.net frontpage news"/>
+  <category term="releases" label="New PHP release"/>
+  <link href="http://php.net/index.php#id2016-09-16-2" rel="alternate" type="text/html"/>
+  <link href="http://php.net/archive/2016.php#id2016-09-16-2" rel="via" type="text/html"/>
+  <content type="xhtml">
+    <div xmlns="http://www.w3.org/1999/xhtml">
+     <p>
+       The PHP development team announces the immediate availability of PHP 7.1.0 Release Candidate 2. This release is the second release candidate for 7.1.0. All users of PHP are encouraged to test this version carefully, and report any bugs and incompatibilities in the bug tracking system.
+     </p>
+     
+     <p>
+       <strong>THIS IS A DEVELOPMENT PREVIEW - DO NOT USE IT IN PRODUCTION!</strong>
+     </p>
+     
+     <p>
+       For more information on the new features and other changes, you can read the <a href="https://github.com/php/php-src/blob/php-7.1.0RC2/NEWS">NEWS</a> file,
+       or the <a href="https://github.com/php/php-src/blob/php-7.1.0RC2/UPGRADING">UPGRADING</a> file for a complete list of upgrading notes. These files can also be found in the release archive.
+     </p>
+     
+     <p>
+       For source downloads of PHP 7.1.0 Release Candidate 2 please visit the <a href="https://downloads.php.net/~davey/">download</a> page, Windows sources and binaries can be found on <a href="http://windows.php.net/qa/">windows.php.net/qa/</a>.
+     </p>
+     
+     <p>
+       The third release candidate will be released on the 29th of September. You can also read the full list of planned releases on <a href="https://wiki.php.net/todo/php71">our wiki</a>.
+     </p>
+     
+     <p>
+       Thank you for helping us make PHP better.
+     </p>
+    </div>
+  </content>
+</entry>

distributions

@@ -401,6 +401,42 @@ $OLDRELEASES = array (
   ),
   5 => 
   array (
+    '5.6.25' => 
+    array (
+      'announcement' => 
+      array (
+        'English' => '/releases/5_6_25.php',
+      ),
+      'source' => 
+      array (
+        0 => 
+        array (
+          'filename' => 'php-5.6.25.tar.bz2',
+          'name' => 'PHP 5.6.25 (tar.bz2)',
+          'md5' => 'f63b9956c25f1ae0433015a80b44224c',
+          'sha256' => '58ce6032aced7f3e42ced492bd9820e5b3f2a3cd3ef71429aa92fd7b3eb18dde',
+          'date' => '18 Aug 2016',
+        ),
+        1 => 
+        array (
+          'filename' => 'php-5.6.25.tar.gz',
+          'name' => 'PHP 5.6.25 (tar.gz)',
+          'md5' => '75f90f5bd7d0076a0dcc5f3205ce260e',
+          'sha256' => '733f1c811d51c2d4031a0c058dc94d09d03858d781ca2eb2cce78853bc76db58',
+          'date' => '18 Aug 2016',
+        ),
+        2 => 
+        array (
+          'filename' => 'php-5.6.25.tar.xz',
+          'name' => 'PHP 5.6.25 (tar.xz)',
+          'md5' => '81cb8c0de0d0b714587edbd27a2a75bb',
+          'sha256' => '7535cd6e20040ccec4594cc386c6f15c3f2c88f24163294a31068cf7dfe7f644',
+          'date' => '18 Aug 2016',
+        ),
+      ),
+      'date' => '18 Aug 2016',
+      'museum' => false,
+    ),
     '5.6.24' => 
     array (
       'announcement' =>