clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-10-01 06:46:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
70,959 Commits 494 Branches 1,367 Tags 800 MiB
84be568366
Commit Graph

7513 Commits

Author SHA1 Message Date
Stanislav Malyshev
84be568366 update news 2014-11-30 21:37:39 -08:00
Leigh
7e870c596d Bug fixes in light of failing bcrypt tests 
Conflicts:
	ext/standard/crypt.c
 2014-11-30 21:06:39 -08:00
Leigh
2d9d10fbbf Add tests from 1.3. Add missing tests. 
3 of the missing tests fail. // TODO
 2014-11-30 21:05:40 -08:00
Leigh
29f51e1ca9 Upgrade crypt_blowfish to version 1.3 2014-11-30 21:05:32 -08:00
Stanislav Malyshev
56754a7f9e Fixed bug #68044: Integer overflow in unserialize() (32-bits only) 2014-10-13 23:14:25 -07:00
Remi Collet
2fefae4771 Fixed Sec Bug #67717 segfault in dns_get_record CVE-2014-3597 
Incomplete fix for CVE-2014-4049

Check possible buffer overflow
- pass real buffer end to dn_expand calls
- check buffer len before each read
 2014-08-19 08:33:49 +02:00
Veres Lajos
3f42f2f5d1 typofixes 2014-08-17 15:44:02 +03:00
Stanislav Malyshev
eab42649ab fix test 2014-08-14 17:07:28 -07:00
Anatol Belski
b7cd099ae0 split the glob() test to test different basedir 2014-08-14 17:04:51 -07:00
Anatol Belski
ad492ca932 fixed glob() edge case on windows, ref bug #47358 2014-08-14 16:58:16 -07:00
Pierre Joye
481c4715d4 - fix bug #47358, glob returns error, should be empty array() 
Conflicts:
	ext/standard/dir.c
 2014-08-14 16:56:22 -07:00
Anatol Belski
ae74549239 backport the fix for bug #67739 2014-08-04 09:57:08 +02:00
Tjerk Meesters
da3add26cf Fixed bug #67693 - incorrect push to the empty array 2014-07-30 18:15:14 +08:00
Tjerk Meesters
4fc0d46ae7 Fix for bug #34407 - ucwords and title case 
Added support for ranges like trim() has
 2014-07-12 10:44:11 +08:00
Anatol Belski
03214a2aef Backported the patch from bug #67407 into 5.4 2014-07-08 09:52:35 +02:00
Nikita Popov
18989420b6 Add test for bug #67151 2014-07-02 22:39:54 +02:00
Nikita Popov
3cc6bd10ac Fix bug #67151: strtr with empty array crashes 2014-07-02 22:33:20 +02:00
Michael Wallner
34e686c556 fix integer overflow in {stream,file}_{get,put}_contents() 2014-07-02 09:53:03 +02:00
Stanislav Malyshev
3488cf6fd8 Merge branch 'PHP-5.4.30' into PHP-5.4 
* PHP-5.4.30:
  5.4.30
  Better fix for bug #67072 with more BC provisions
  Fix bug #67498 - phpinfo() Type Confusion Information Leak Vulnerability
  update CVE
  Fix bug #67492: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion
  Fix bug #67397 (Buffer overflow in locale_get_display_name->uloc_getDisplayName (libicu 4.8.1))
  Fix bug #67349: Locale::parseLocale Double Free
  add CVEs
  Fix potential segfault in dns_get_record()
  Fix bug #66127 (Segmentation fault with ArrayObject unset)
  5.4.30 rc1

Conflicts:
	configure.in
	main/php_version.h
 2014-06-24 10:23:36 -07:00
Stanislav Malyshev
6d97b4b2b3 Better fix for bug #67072 with more BC provisions 2014-06-23 22:16:25 -07:00
Stanislav Malyshev
fb0128af2a Fix bug #67498 - phpinfo() Type Confusion Information Leak Vulnerability 2014-06-23 00:22:59 -07:00
Stanislav Malyshev
c42d5cf5de Better fix for bug #67072 with more BC provisions 2014-06-21 21:29:11 -07:00
Lior Kaplan
6f3bcb0d6e Update copyright year for re2c generated files 2014-06-16 23:28:36 +03:00
Lior Kaplan
e667d23178 Update copyright year for re2c files as well 2014-06-16 23:26:50 +03:00
Sara Golemon
21525d0413 Fix potential segfault in dns_get_record() 
If the remote sends us a packet with a malformed TXT record,
we could end up trying to over-consume the packet and wander
off into overruns.
 2014-06-15 01:04:24 -07:00
Adam Harvey
b51f82f260 Follow 308 Permanent Redirect responses. 
Fixes bug #67430 (http:// wrapper doesn't follow 308 redirects).
 2014-06-12 18:12:53 -07:00
Adam Harvey
1b9cbab9a7 Keep 308-399 HTTP response codes when header('Location:') is called. 
Fixes bug #67428 (header('Location: foo') will override a 308-399 response
code).
 2014-06-12 17:35:05 -07:00
Sara Golemon
4f73394fdd Fix potential segfault in dns_get_record() 
If the remote sends us a packet with a malformed TXT record,
we could end up trying to over-consume the packet and wander
off into overruns.
 2014-06-11 13:37:04 -07:00
Stanislav Malyshev
62857998c5 Fixed bug #67399 (putenv with empty variable may lead to crash) 2014-06-08 23:09:09 -07:00
Anatol Belski
20568e5028 Fixed regression introduced by patch for bug #67072 
This applies to 5.4 and 5.5 only as a legacy fix.
 2014-06-03 20:43:58 +02:00
Stanislav Malyshev
091b7642c2 Fix bug #67249: printf out-of-bounds read 2014-05-27 11:28:22 -07:00
Stanislav Malyshev
0094fd0969 Merge branch 'bug67252' into PHP-5.4 
* bug67252:
  fix bug #67253: timelib_meridian_with_check out-of-bounds read
  Fix bug #67252: convert_uudecode out-of-bounds read
 2014-05-13 16:47:27 -07:00
Stanislav Malyshev
9103c9eb4f Merge branch 'bug67250' into PHP-5.4 
* bug67250:
  Fix bug #67250 (iptcparse out-of-bounds read)
 2014-05-13 16:43:10 -07:00
Stanislav Malyshev
1e2818b143 Fix bug #67252: convert_uudecode out-of-bounds read 2014-05-11 20:29:27 -07:00
Stanislav Malyshev
3e9cb6a4a5 Fix bug #67250 (iptcparse out-of-bounds read) 2014-05-11 19:09:19 -07:00
Stanislav Malyshev
03c703b8bd add a test case previously broken by a bad fix 2014-04-24 23:58:38 -07:00
Stanislav Malyshev
a328803803 Revert "Fixed bug #64604" 
This reverts commit b05c088a3a.
Breaks parsing urls where query has : in it, like: /foo/bar?baz=goo:boo
 2014-04-24 23:50:45 -07:00
Rouven Weßling
68283c9f4a Fix a compiler warning in php_rand.h 2014-04-20 16:35:36 -07:00
Boro Sitnikovski
a18cec1b86 Fix bug #65701: Do not use cache for file file copy 2014-04-20 15:22:44 -07:00
Anatol Belski
c2acdbdd3d Improved the fix for bug #67072, thanks Nikita 2014-04-18 15:13:32 +02:00
Anatol Belski
5328d42899 Fixed bug #67072 Echoing unserialized "SplFileObject" crash 
The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callback is
respected. This leads to the situation that even if a class has
disabled the serialization explicitly, user could still construct
a vulnerable string which would result bad things when trying
to unserialize.

This conserns also the classes implementing Serializable as well
as some core classes disabling serialize/unserialize callbacks
explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the
flow is first to call the unserialize callback (if available),
then call __wakeup. If the unserialize callback returns with no
success, no object is instantiated. This makes the scheme used
by internal classes effective, to disable unserialize just assign
zend_class_unserialize_deny as callback.
 2014-04-17 10:48:14 +02:00
Ingo Walz
b05c088a3a Fixed bug #64604 2014-04-13 18:37:40 -07:00
Stanislav Malyshev
3a2660b302 Fix windows build 2014-04-13 17:02:21 -07:00
Gabor Buella
1010200da5 Fixed bug #67024 - getimagesize should recognize BMP files with negative height 2014-04-13 15:17:04 -07:00
Bob Weinand
beda5093b4 Reverted to 5a0da281e5 
Discussion: http://news.php.net/php.cvs/76836
 2014-04-13 23:01:31 +02:00
Bob Weinand
f07e37c96d Forgot title in phpt for bug #67064 2014-04-13 19:34:17 +02:00
Bob Weinand
1a4a9eede5 Fix bug #67064 in a BC safe way 
You can use an optional parameter now when implementing the Countable interface
to get the $mode passed to count().
 2014-04-13 19:24:12 +02:00
Ferenc Kovacs
2c8aeda6dc abstract namespace for unix sockets is a linux only feature 2014-04-09 19:01:01 +02:00
Michael Wallner
7ab5c593f7 Fix bug #66182 exit in stream filter produces segfault 
Unfortunately, a segv caused by exit cannot be tested reliably.
 2014-04-03 09:07:35 +02:00
Michael Wallner
1ec83d44a1 Fixed bug #61019 (Out of memory on command stream_get_contents) 2014-04-02 15:36:39 +02:00