Sara Golemon
21525d0413
Fix potential segfault in dns_get_record()
...
If the remote sends us a packet with a malformed TXT record,
we could end up trying to over-consume the packet and wander
off into overruns.
2014-06-15 01:04:24 -07:00
Stanislav Malyshev
2b04d68972
Fix bug #66127 (Segmentation fault with ArrayObject unset)
2014-06-10 23:24:11 -07:00
Stanislav Malyshev
0235a8acdc
5.4.30 rc1
2014-06-10 21:17:37 -07:00
Remi Collet
6256b79a35
NEWS
2014-06-10 14:35:14 +02:00
Remi Collet
25b1dc917a
Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary chec
...
Upstream:
93e063ee37
Adapted for C standard.
2014-06-10 14:33:37 +02:00
Remi Collet
da5d40bae6
NEWS
2014-06-10 14:23:31 +02:00
Remi Collet
40ef6e07e0
Bug #67412 fileinfo: cdf_count_chain insufficient boundary check
...
Upstream:
40bade80cb
2014-06-10 14:22:04 +02:00
Remi Collet
2b33a41162
NEWS
2014-06-10 14:16:00 +02:00
Remi Collet
5c9f967999
Fixed Bug #67411 fileinfo: cdf_check_stream_offset insufficient boundary check
...
Upstream:
36fadd2984
2014-06-10 14:13:14 +02:00
Remi Collet
d02aa44090
NEWS
2014-06-10 14:04:27 +02:00
Remi Collet
e77659a8c8
Fixed Bug #67410 fileinfo: mconvert incorrect handling of truncated pascal string size
...
Upstream
27a14bc7ba
2014-06-10 14:02:36 +02:00
Remi Collet
949cab09f2
NEWS
2014-06-10 10:31:17 +02:00
Remi Collet
58c6a08e00
Fixed bug #67406 built-in web-server segfaults on startup
...
Reproduce on aarch64.
From select man page:
"select() may update the timeout argument to indicate how much time was left."
So "const" is not ok.
2014-06-10 10:28:34 +02:00
Stanislav Malyshev
62857998c5
Fixed bug #67399 (putenv with empty variable may lead to crash)
2014-06-08 23:09:09 -07:00
Matteo Beccati
5c8c57aa6c
Fixed DOM tests when using libxml2 versions patched against CVE-2014-0191
...
DOMDocument::substituteEntities needs to be set to true in order for
external entities to be parsed.
2014-06-09 07:05:23 +02:00
Stanislav Malyshev
9b5d56fd61
add news
2014-06-08 19:44:27 -07:00
Boro Sitnikovski
aebb23e4db
Bug 49898
...
__getCookies() method implementation
2014-06-08 19:36:18 -07:00
Stanislav Malyshev
e43270cb2a
fix order
2014-06-08 19:03:50 -07:00
Levi Morrison
e030efa4f6
Fix bug 666222
...
This also adds some smaller, isolated tests related to bug 66622.
Conflicts:
Zend/zend_vm_def.h
Zend/zend_vm_execute.h
2014-06-08 18:59:23 -07:00
Jefersson Nathan
33926b19d0
Fixed identation on file
2014-06-08 14:30:01 -07:00
Jefersson Nathan
e51eaaf665
Fix align indentation
2014-06-08 14:28:51 -07:00
Paul Oehler
76a7fd893b
Added support for parsing ssl certificates using GeneralizedTime format.
...
fix bug #65698
fix bug #66636
2014-06-08 14:17:58 -07:00
Jeff Welch
5fd7c2b01d
Remove superfluous echos.
2014-06-08 13:50:22 -07:00
Remi Collet
811f35d0ed
NEWS
2014-06-06 14:17:54 +02:00
Remi Collet
91bcadd85e
Fix bug #67390 insecure temporary file use in the configure script
2014-06-06 14:16:04 +02:00
Remi Collet
56c9e22c1f
drop exec perm on doc files
2014-06-05 17:45:22 +02:00
Remi Collet
127651e9ae
fix test for 5.4/5.5
2014-06-05 17:33:40 +02:00
Remi Collet
15d8c80ead
add test for previous fix
2014-06-05 14:00:00 +02:00
Remi Collet
3f47368738
NEWS
2014-06-05 13:45:25 +02:00
Remi Collet
1fe9f1e4f5
Fix regression introduce in fix for bug #67118
...
The fix was correct but break some code (at least in Horde)
This is a temporary workaround to fix regressioni in 5.4, 5.5 and 5.6
This make php_date_initialize more consistent
- on success return 1 + time initiliazed
- on failure return 0 + time = zero
which is check by DATE_CHECK_INITIALIZED by later method call
Will restore consistency with other date classes in master.
2014-06-05 13:39:46 +02:00
Stanislav Malyshev
e06c4f7fe5
update NEWS
2014-06-04 01:09:37 -07:00
Anatol Belski
20568e5028
Fixed regression introduced by patch for bug #67072
...
This applies to 5.4 and 5.5 only as a legacy fix.
2014-06-03 20:43:58 +02:00
Remi Collet
0817a2c767
(re)add cve number in NEWS, from 5.4.29
2014-06-03 11:28:07 +02:00
Remi Collet
21986f98db
NEWS
2014-06-03 11:08:46 +02:00
Remi Collet
4fcb9a9d1b
Fix bug #67326 fileinfo: cdf_read_short_sector insufficient boundary check
...
Upstream fix 6d209c1c48
.patch
Only revelant part applied
2014-06-03 11:05:00 +02:00
Xinchen Hui
38be99b739
Fixed bug #67359 (Segfault in recursiveDirectoryIterator)
2014-06-01 19:41:01 +08:00
Adam Harvey
b5d9983ff4
Check for zero-length keys in spl_array_skip_protected and don't skip them.
...
Fixes bug #67360 (Missing element after ArrayObject::getIterator).
2014-05-29 17:49:32 +00:00
Anatol Belski
d2765e4b8c
updated libmagic.patch for 5.4+
2014-05-27 22:36:12 +02:00
Stanislav Malyshev
76b06780d5
update NEWS
2014-05-27 11:28:53 -07:00
Stanislav Malyshev
091b7642c2
Fix bug #67249 : printf out-of-bounds read
2014-05-27 11:28:22 -07:00
Matteo Beccati
92d54f81d6
Escape non-printable characters in the junit XML output
...
XML doesn't allow most of the characters < 0x20 and binary output
breaks XML parsers. Such characters are not allowed as entities
either, so the generated entities are escaped in order to be printed
as text.
2014-05-27 12:03:38 +02:00
Matteo Beccati
1696166466
Fixed broken XML junit output due to escaping of CDATA sections
...
I've removed CDATA and used htmlspecialchars as the output might not be UTF-8 safe, as pointed out by ircmaxell in 26b37f1792
2014-05-27 11:04:48 +02:00
Anatol Belski
d184f07b3c
backport this piece from 5.6, related to the #66307 fix
2014-05-26 18:05:13 -07:00
Anatol Belski
15ee33eb21
Fixed bug #66307 Fileinfo crashes with powerpoint files
2014-05-26 18:04:27 -07:00
Stanislav Malyshev
4005f06df6
Fix bug #67328 (fileinfo: numerous file_printf calls resulting in performance degradation)
...
Upstream patch: b8acc83781
2014-05-26 18:01:17 -07:00
Stanislav Malyshev
57225f09ed
Fix bug #67327 : fileinfo: CDF infinite loop in nelements DoS
...
Upstream fix: f97486ef5d
2014-05-26 17:45:14 -07:00
Matteo Beccati
f9357b44f3
Fix broken Junit output with --disable-cgi
2014-05-25 00:07:52 +02:00
Adam Harvey
319611ffbd
Fix broken test caused by fdb2709
.
2014-05-23 15:07:19 +00:00
Adam Harvey
5d1bfd6fbf
Fix run-tests.php with Valgrind >= 3.10.0.
...
The version test that we had in run-tests.php assumed that the major and minor
version numbers were always single digits. This removes that assumption and
also uses version_compare() for the comparison instead of naively converting it
to an integer.
2014-05-22 22:37:08 +00:00
Adam Harvey
fdb2709dd2
Add microseconds to the serialised form of DateTime objects.
...
Fixes bug #67308 (Serialize of DateTime truncates fractions of second).
2014-05-21 14:55:52 -05:00